RXSA-2023:0101
Important: kernel security and bug fix update
The kernel packages contain the Linux kernel, the core of any Linux operating system.
Security Fix(es):
* kernel: memory corruption in AX88179_178A based USB ethernet device. (CVE-2022-2964)
* kernel: i915: Incorrect GPU TLB flush can lead to random memory access (CVE-2022-4139)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
* Rocky Linux SIG Cloud8.4 - zfcp: fix missing auto port scan and thus missing target ports (BZ#2127849)
* vfio zero page mappings fail after 2M instances (BZ#2128515)
* ice: Driver Update up to 5.19 (BZ#2130992)
* atlantic: missing hybernate/resume fixes (BZ#2131935)
* Bluefield 2 DPU would crash and reboot due to a kernel panic (BZ#2134084)
* Fix issue that enables STABLE_WRITES by default and causes performance regressions (BZ#2135813)
* ice: Intel E810 PTP clock glitching (BZ#2136036)
* ice: configure link-down-on-close on and change interface mtu to 9000,the interface can't up (BZ#2136216)
* ice: dump additional CSRs for Tx hang debugging (BZ#2136513)
* ice,iavf: system panic during sriov sriov_test_cntvf_reboot testing (BZ#2137270)
* After upgrading to ocp4.11.1, our dpdk application using vlan strip offload is not working (BZ#2138157)
* i40e: orphaned-leaky memory when interacting with driver memory parameters (BZ#2138205)
* WARNING: CPU: 0 PID: 9637 at kernel/time/hrtimer.c:1309 hrtimer_start_range_ns+0x35d/0x400 (BZ#2138953)
* DELL EMC 8.6-RT: System is not booting into RT Kernel with perc12. (BZ#2139216)
* Lenovo 8.7: The VGA display shows no signal when install Rocky Linux SIG Cloud8.7 (BZ#2140152)
* Host Pod -> NodePort Service traffic (Host Backend - Same Node) Flow Iperf Cannot Pass Traffic (BZ#2141878)
* mlx5_core: mlx5_cmd_check messages scrolling with hardware offload enabled (BZ#2141957)
* net/ice: VIRTCHNL_OP_CONFIG_VSI_QUEUES command handling failure with in-tree driver (BZ#2142017)
* Rocky Linux SIG Cloud:8.6+ IBM Partner issue - Loopback driver with ABORT_TASKS causing hangs in scsi eh, this bug was cloned for Rocky Linux SIG Cloud8.6 and need this patch in 8.6+ (BZ#2144583)
* AMdCLIENT 8.8: The kernel command line parameter "nomodeset" not working properly (BZ#2145218)
* Path loss during Volume Ownership Change on Rocky Linux SIG Cloud 8.7 SAS (BZ#2147374)
* net/ice: OP_SET_RSS_HENA command not supported with in-tree driver (BZ#2148130)
* iavf panic: iavf 0000:ca:01.0: Failed to init adminq: -53 (BZ#2149081)
* Intel 8.8 iavf: Driver Update (bugfixes) (BZ#2149742)
* Azure Rocky Linux SIG Cloud-8 PCI: hv: Do not set PCI_COMMAND_MEMORY to reduce VM boot time (BZ#2150912)
* Rocky Linux SIG Cloud-8.7: System fails to boot with soft lockup while loading/unloading an unsigned (E) kernel module. (BZ#2152206)
Copyright 2024 Rocky Enterprise Software Foundation
Rocky Linux SIG Cloud 8
1
Important
An update is available for kernel.
This update affects Rocky Linux SIG Cloud 8.
A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list
The kernel packages contain the Linux kernel, the core of any Linux operating system.
Security Fix(es):
* kernel: memory corruption in AX88179_178A based USB ethernet device. (CVE-2022-2964)
* kernel: i915: Incorrect GPU TLB flush can lead to random memory access (CVE-2022-4139)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
* Rocky Linux SIG Cloud8.4 - zfcp: fix missing auto port scan and thus missing target ports (BZ#2127849)
* vfio zero page mappings fail after 2M instances (BZ#2128515)
* ice: Driver Update up to 5.19 (BZ#2130992)
* atlantic: missing hybernate/resume fixes (BZ#2131935)
* Bluefield 2 DPU would crash and reboot due to a kernel panic (BZ#2134084)
* Fix issue that enables STABLE_WRITES by default and causes performance regressions (BZ#2135813)
* ice: Intel E810 PTP clock glitching (BZ#2136036)
* ice: configure link-down-on-close on and change interface mtu to 9000,the interface can't up (BZ#2136216)
* ice: dump additional CSRs for Tx hang debugging (BZ#2136513)
* ice,iavf: system panic during sriov sriov_test_cntvf_reboot testing (BZ#2137270)
* After upgrading to ocp4.11.1, our dpdk application using vlan strip offload is not working (BZ#2138157)
* i40e: orphaned-leaky memory when interacting with driver memory parameters (BZ#2138205)
* WARNING: CPU: 0 PID: 9637 at kernel/time/hrtimer.c:1309 hrtimer_start_range_ns+0x35d/0x400 (BZ#2138953)
* DELL EMC 8.6-RT: System is not booting into RT Kernel with perc12. (BZ#2139216)
* Lenovo 8.7: The VGA display shows no signal when install Rocky Linux SIG Cloud8.7 (BZ#2140152)
* Host Pod -> NodePort Service traffic (Host Backend - Same Node) Flow Iperf Cannot Pass Traffic (BZ#2141878)
* mlx5_core: mlx5_cmd_check messages scrolling with hardware offload enabled (BZ#2141957)
* net/ice: VIRTCHNL_OP_CONFIG_VSI_QUEUES command handling failure with in-tree driver (BZ#2142017)
* Rocky Linux SIG Cloud:8.6+ IBM Partner issue - Loopback driver with ABORT_TASKS causing hangs in scsi eh, this bug was cloned for Rocky Linux SIG Cloud8.6 and need this patch in 8.6+ (BZ#2144583)
* AMdCLIENT 8.8: The kernel command line parameter "nomodeset" not working properly (BZ#2145218)
* Path loss during Volume Ownership Change on Rocky Linux SIG Cloud 8.7 SAS (BZ#2147374)
* net/ice: OP_SET_RSS_HENA command not supported with in-tree driver (BZ#2148130)
* iavf panic: iavf 0000:ca:01.0: Failed to init adminq: -53 (BZ#2149081)
* Intel 8.8 iavf: Driver Update (bugfixes) (BZ#2149742)
* Azure Rocky Linux SIG Cloud-8 PCI: hv: Do not set PCI_COMMAND_MEMORY to reduce VM boot time (BZ#2150912)
* Rocky Linux SIG Cloud-8.7: System fails to boot with soft lockup while loading/unloading an unsigned (E) kernel module. (BZ#2152206)
rocky-linux-8-sig-cloud-x86-64-cloud-kernel-rpms
bpftool-4.18.0-425.10.1el8_7.cloud.x86_64.rpm
2290d99dfed03401ef0e5cec03720d42430bad082d00f9923376a40c3dfea13e
kernel-4.18.0-425.10.1el8_7.cloud.x86_64.rpm
40427e453ec9c3f6d7bc02dbf501d5e2a52c9723263904763d31382a49957ae7
kernel-abi-stablelists-4.18.0-425.10.1el8_7.cloud.noarch.rpm
50c416ad2c551faf230e841de4f0bbfd0174d00986d0187e7dcc3cd46d79b891
kernel-core-4.18.0-425.10.1el8_7.cloud.x86_64.rpm
9ff8404906b11c7f852ac6d180eb8f4f80fc58b39a6393cd8124e6558a312712
kernel-cross-headers-4.18.0-425.10.1el8_7.cloud.x86_64.rpm
b7923c7209128b0c9e5500cc83baea92e48a5cd37c8f7a3788fd34469b323f08
kernel-debug-4.18.0-425.10.1el8_7.cloud.x86_64.rpm
5b5ccc555bcbc723216529b6c9874993c7fc9e874260463d9a9d5f095384ada7
kernel-debug-core-4.18.0-425.10.1el8_7.cloud.x86_64.rpm
8c6e63dbbf3323d04e3d196330c3c2ffafb16326d03c73dc3ff7a2e95798b78c
kernel-debug-devel-4.18.0-425.10.1el8_7.cloud.x86_64.rpm
4a348bd1064fa863a13c63f2469aa9aaebaeaf01a4fbcd9743a5919b90c469b2
kernel-debug-modules-4.18.0-425.10.1el8_7.cloud.x86_64.rpm
f98d592de3a08d1a42be511c36e7203218e3bb7081c18897130d2356184b596a
kernel-debug-modules-extra-4.18.0-425.10.1el8_7.cloud.x86_64.rpm
ab7a140cb69faa0bcc824de62c86e6b97c65a4a7ccfc601852178aa3eac25f76
kernel-devel-4.18.0-425.10.1el8_7.cloud.x86_64.rpm
c4fa65f613c36bc0b0cc7eab66e89862a6a16c644159c8f460bfe9d19d39d59d
kernel-doc-4.18.0-425.10.1el8_7.cloud.noarch.rpm
ac3d3acc02359dc75e64b53bd00c61b686c76a77fc5ee23ebec4767f663d07c6
kernel-headers-4.18.0-425.10.1el8_7.cloud.x86_64.rpm
623739bceef44b48e67d49de4bdc14c28d06bb25f87328ed7b473b871eedc32d
kernel-modules-4.18.0-425.10.1el8_7.cloud.x86_64.rpm
ed86dbc54b02c1c2720b7a673f02e393cba6ec9332f56821ecea6f6c7305b30f
kernel-modules-extra-4.18.0-425.10.1el8_7.cloud.x86_64.rpm
56887dedf57de9449026894cca296f119bd5422c2895515f55f0eada711a953b
kernel-tools-4.18.0-425.10.1el8_7.cloud.x86_64.rpm
60161579812c9bb1c80c8d0e0b78102eb873160a1bf019abf5f31a5748becb3c
kernel-tools-libs-4.18.0-425.10.1el8_7.cloud.x86_64.rpm
d53fd6ae91db7bf552a498fab53bf8054cb59550a5438d375521ce08780141de
kernel-tools-libs-devel-4.18.0-425.10.1el8_7.cloud.x86_64.rpm
12009e08bfe10277a2bdee843e5ddee072a72bbe6a55f5fef30147812e78b41d
perf-4.18.0-425.10.1el8_7.cloud.x86_64.rpm
efac762f9de14f714f0264d8232689ac430f2fc8bef7f9d629a57f03fe9d8a71
python3-perf-4.18.0-425.10.1el8_7.cloud.x86_64.rpm
59271d6965b70d57d996cd2030117b8b76bc4e2af988ddc8e2755c17ccc57a18
RXSA-2023:0832
Important: kernel security and bug fix update
The kernel packages contain the Linux kernel, the core of any Linux operating system.
Security Fix(es):
* kernel: mm/mremap.c use-after-free vulnerability (CVE-2022-41222)
* kernel: nfsd buffer overflow by RPC message over TCP with garbage data (CVE-2022-43945)
* kernel: an out-of-bounds vulnerability in i2c-ismt driver (CVE-2022-2873)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
* WARNING: CPU: 116 PID: 3440 at arch/x86/mm/extable.c:105 ex_handler_fprestore+0x3f/0x50 (BZ#2134586)
* Hardware error: RIP: copy_user_enhanced_fast_string+0xe (BZ#2137592)
* Cannot trigger kernel dump using NMI on SNO node running PAO and RT kernel (BZ#2139580)
* MEI support for Alder Lake-S (BZ#2141783)
* Host Pod -> Cluster IP Service traffic (Pod Backend - Different Node) Flow Iperf Cannot Connect (BZ#2141959)
* Rocky Linux SIG Cloud8.7: Xorg cannot display resolution higher than 1024x768 on system using ast graphics driver (BZ#2149287)
* Intel 8.7 Bug: OS doesn't boot when vmd and interrupt remapping are enabled (BZ#2149474)
* i40e,iavf: SR-IOV VF devices send GARP with wrong MAC address (BZ#2149745)
* Rocky Linux SIG Cloud8.4 - boot: Add secure boot trailer (BZ#2151530)
* error 524 from seccomp(2) when trying to load filter (BZ#2152138)
* Workqueue: WQ_MEM_RECLAIM iscsi_ctrl_1:98 __iscsi_unbind_session [scsi_transport_iscsi] (BZ#2152734)
* Connectivity issue with vDPA driver (BZ#2152912)
* High Load average due to cfs cpu throttling (BZ#2153108)
* The "kernel BUG at mm/usercopy.c:103!" from BZ 2041529 is back on rhel-8.5 (BZ#2153230)
* Rocky Linux SIG Cloud8: tick storm on nohz (isolated) CPU cores (BZ#2153653)
* kernel BUG: scheduling while atomic: crio/7295/0x00000002 (BZ#2154460)
* Azure Rocky Linux SIG Cloud 8 z-stream: Sometimes newly deployed VMs are not getting accelerated network during provisioning (BZ#2155272)
* Azure: VM Deployment Failures Patch Request (BZ#2155280)
* Azure vPCI Rocky Linux SIG Cloud-8: add the support of multi-MSI (BZ#2155289)
* MSFT MANA NET Patch Rocky Linux SIG Cloud-8: Fix race on per-CQ variable napi_iperf panic fix (BZ#2155437)
* GSS: OCP 4.10.30 node crash after ODF upgrade : unable to handle kernel NULL pointer dereference at 0000000000000000 : ceph_get_snap_realm+0x68/0xa0 [ceph] (BZ#2155797)
* Error in /usr/src/kernels/4.18.0-423.el8.x86_64/scripts/kernel-doc script causing irdma build to fail (BZ#2157905)
* Rocky Linux SIG Cloud8.8: Backport upstream patches to reduce memory cgroup memory consumption and OOM problem (BZ#2157922)
* The 'date' command shows wrong time in nested KVM s390x guest (BZ#2158813)
* ethtool -m results in an out-of-bounds slab write in the be2net driver (BZ#2160182)
* (Redhat OpenShift)Error downloading big ZIP files inside pod on power OCP and pod getting restarted (BZ#2160221)
* i40e/iavf: VF reset task fails "Never saw reset" with 5 second timeout per VF (BZ#2160460)
* iavf: It takes long time to create multiple VF interfaces and the VF interface names are not consistent (BZ#2163257)
Copyright 2024 Rocky Enterprise Software Foundation
Rocky Linux SIG Cloud 8
1
Important
An update is available for kernel.
This update affects Rocky Linux SIG Cloud 8.
A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list
The kernel packages contain the Linux kernel, the core of any Linux operating system.
Security Fix(es):
* kernel: mm/mremap.c use-after-free vulnerability (CVE-2022-41222)
* kernel: nfsd buffer overflow by RPC message over TCP with garbage data (CVE-2022-43945)
* kernel: an out-of-bounds vulnerability in i2c-ismt driver (CVE-2022-2873)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
* WARNING: CPU: 116 PID: 3440 at arch/x86/mm/extable.c:105 ex_handler_fprestore+0x3f/0x50 (BZ#2134586)
* Hardware error: RIP: copy_user_enhanced_fast_string+0xe (BZ#2137592)
* Cannot trigger kernel dump using NMI on SNO node running PAO and RT kernel (BZ#2139580)
* MEI support for Alder Lake-S (BZ#2141783)
* Host Pod -> Cluster IP Service traffic (Pod Backend - Different Node) Flow Iperf Cannot Connect (BZ#2141959)
* Rocky Linux SIG Cloud8.7: Xorg cannot display resolution higher than 1024x768 on system using ast graphics driver (BZ#2149287)
* Intel 8.7 Bug: OS doesn't boot when vmd and interrupt remapping are enabled (BZ#2149474)
* i40e,iavf: SR-IOV VF devices send GARP with wrong MAC address (BZ#2149745)
* Rocky Linux SIG Cloud8.4 - boot: Add secure boot trailer (BZ#2151530)
* error 524 from seccomp(2) when trying to load filter (BZ#2152138)
* Workqueue: WQ_MEM_RECLAIM iscsi_ctrl_1:98 __iscsi_unbind_session [scsi_transport_iscsi] (BZ#2152734)
* Connectivity issue with vDPA driver (BZ#2152912)
* High Load average due to cfs cpu throttling (BZ#2153108)
* The "kernel BUG at mm/usercopy.c:103!" from BZ 2041529 is back on rhel-8.5 (BZ#2153230)
* Rocky Linux SIG Cloud8: tick storm on nohz (isolated) CPU cores (BZ#2153653)
* kernel BUG: scheduling while atomic: crio/7295/0x00000002 (BZ#2154460)
* Azure Rocky Linux SIG Cloud 8 z-stream: Sometimes newly deployed VMs are not getting accelerated network during provisioning (BZ#2155272)
* Azure: VM Deployment Failures Patch Request (BZ#2155280)
* Azure vPCI Rocky Linux SIG Cloud-8: add the support of multi-MSI (BZ#2155289)
* MSFT MANA NET Patch Rocky Linux SIG Cloud-8: Fix race on per-CQ variable napi_iperf panic fix (BZ#2155437)
* GSS: OCP 4.10.30 node crash after ODF upgrade : unable to handle kernel NULL pointer dereference at 0000000000000000 : ceph_get_snap_realm+0x68/0xa0 [ceph] (BZ#2155797)
* Error in /usr/src/kernels/4.18.0-423.el8.x86_64/scripts/kernel-doc script causing irdma build to fail (BZ#2157905)
* Rocky Linux SIG Cloud8.8: Backport upstream patches to reduce memory cgroup memory consumption and OOM problem (BZ#2157922)
* The 'date' command shows wrong time in nested KVM s390x guest (BZ#2158813)
* ethtool -m results in an out-of-bounds slab write in the be2net driver (BZ#2160182)
* (Redhat OpenShift)Error downloading big ZIP files inside pod on power OCP and pod getting restarted (BZ#2160221)
* i40e/iavf: VF reset task fails "Never saw reset" with 5 second timeout per VF (BZ#2160460)
* iavf: It takes long time to create multiple VF interfaces and the VF interface names are not consistent (BZ#2163257)
rocky-linux-8-sig-cloud-x86-64-cloud-kernel-rpms
bpftool-4.18.0-425.13.1.el8_7.cloud.x86_64.rpm
68976251848484a8242e013244ff8088d266c6a643c54ffd57ad4c2eeb907e36
kernel-4.18.0-425.13.1.el8_7.cloud.x86_64.rpm
d84eaa6921838e02667ea7ff8d1880a6c5439f54108db1ce1cde6cda5694e80c
kernel-abi-stablelists-4.18.0-425.13.1.el8_7.cloud.noarch.rpm
66fb90df164cb6fdbe1d87d399e712063d52066910d4ca5898a9b3e4bdfabdae
kernel-core-4.18.0-425.13.1.el8_7.cloud.x86_64.rpm
f4d8a5af050276fb1fe58a87b206befe84480b84e784d21c4b70e50c3330d162
kernel-cross-headers-4.18.0-425.13.1.el8_7.cloud.x86_64.rpm
dca9274f96098dc0e1953ea6860969b21d1369350c2b4bb91d7145af0dadd056
kernel-debug-4.18.0-425.13.1.el8_7.cloud.x86_64.rpm
7e319bec5a24f8d10f0bbe99f794dc25fbb50bf7fbfb443891d66277a43d2650
kernel-debug-core-4.18.0-425.13.1.el8_7.cloud.x86_64.rpm
d5f4a5569b6ddd0f901a9703251cf8362fa5aa75b6dc5cfffdfb00e7b834dcb3
kernel-debug-devel-4.18.0-425.13.1.el8_7.cloud.x86_64.rpm
c5c2bbead03e72ab706763a8b956cb197f551cc59ae5d2eeab09bb66ec9d4f27
kernel-debug-modules-4.18.0-425.13.1.el8_7.cloud.x86_64.rpm
48cc2d3db12ec73c9fe763805f257df275ae79b5e6750f441fa8ffb27909db16
kernel-debug-modules-extra-4.18.0-425.13.1.el8_7.cloud.x86_64.rpm
9fa0b262b7d7853a21bf9d43915b16daed711e714c46880add634295d6eade53
kernel-devel-4.18.0-425.13.1.el8_7.cloud.x86_64.rpm
4ed5fe7f942f2745d3974b2f6988d98d105bb811a749c423aab406352a37d2f0
kernel-doc-4.18.0-425.13.1.el8_7.cloud.noarch.rpm
75fe2e90c86f423480752d00f5334f62225704a4e56389fd37db14af4a5d8806
kernel-headers-4.18.0-425.13.1.el8_7.cloud.x86_64.rpm
8cb657d169e68c5243453bda8b21bf7b4871eee51731d6e866559b9e4f8deb26
kernel-modules-4.18.0-425.13.1.el8_7.cloud.x86_64.rpm
bce529e68f845d2b889545f3b629b7b8081871a2e96041a6f49fdc45c50e61cb
kernel-modules-extra-4.18.0-425.13.1.el8_7.cloud.x86_64.rpm
1d42a94ca46edfdb167fb1ed39370278788436d791c6bd27b36916d08324b637
kernel-tools-4.18.0-425.13.1.el8_7.cloud.x86_64.rpm
2e4cfc1213267483cb4010017278be3b72a3cb363e58ff24ffeb6c027133543d
kernel-tools-libs-4.18.0-425.13.1.el8_7.cloud.x86_64.rpm
f915fb900e121c02ecc4b8dd5139bc5204f38c9fb6df84987698a5037e6f9fbc
kernel-tools-libs-devel-4.18.0-425.13.1.el8_7.cloud.x86_64.rpm
3520a20e45a2df58a483f4594faf18515cf1b4f22cdafab1da4060cc810705eb
perf-4.18.0-425.13.1.el8_7.cloud.x86_64.rpm
3935b7f32ffc57f776383449662b53a06204274527f9a4b40097c2c373fb84aa
python3-perf-4.18.0-425.13.1.el8_7.cloud.x86_64.rpm
81be8857589a671afd6fdbd6d6e8b452abbe68188022d6d43ed2544eeb1434a5
RXSA-2023:1566
Important: kernel security, bug fix, and enhancement update
The kernel packages contain the Linux kernel, the core of any Linux operating system.
Security Fix(es):
* kernel: stack overflow in do_proc_dointvec and proc_skip_spaces (CVE-2022-4378)
* ALSA: pcm: Move rwsem lock inside snd_ctl_elem_read to prevent UAF (CVE-2023-0266)
* kernel: FUSE filesystem low-privileged user privileges escalation (CVE-2023-0386)
* kernel: net: CPU soft lockup in TC mirred egress-to-ingress action (CVE-2022-4269)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
* kernel panic on reboot due to a bug in mei_wdt module (BZ#2139770)
* Rocky Linux SIG Cloud8: Practically limit "Dummy wait" workaround to old Intel systems (BZ#2142170)
* AMDSERVER 8.7: amdpstate driver incorrectly designed to load as default for Genoa (BZ#2151275)
* Rocky Linux SIG Cloud-8.8: Update RDMA core to Linux v6.0 (BZ#2161750)
* Kernel panic observed during VxFS module unload (BZ#2162763)
* Client not able to connect to rhel server: SYN is answered by chalange ACK and RST is ignored (BZ#2165587)
* Rocky Linux SIG Cloud8.4: s390/kexec: fix ipl report address for kdump (BZ#2166296)
* kvm-unit-test reports unhandled exception on AMD (BZ#2166362)
* Windows Server 2019 guest randomly pauses with "KVM: entry failed, hardware error 0x80000021" (BZ#2166368)
* Unable to get QinQ working with ConnectX-4 Lx in SR-IOV scenario (BZ#2166665)
* panic in fib6_rule_suppress+0x22 with custom xdp prog involved in (BZ#2167602)
* net/mlx5e: Fix use-after-free when reverting termination table (BZ#2167640)
* Rocky Linux SIG Cloud 8.7: EEH injection failed to recover on Mellanox adapter. (BZ#2167645)
* mlx5: lag and sriov fixes (BZ#2167647)
* Rocky Linux SIG Cloud8.4: dasd: fix no record found for raw_track_access (BZ#2167776)
* GSS: Set of fixes in ceph kernel module to prevent OCS node kernel crash - blocklist the kclient when receiving corrupted snap trace (BZ#2168896)
* Azure Rocky Linux SIG Cloud8 scsi: storvsc: Fix swiotlb bounce buffer leak in confidential VM (BZ#2170228)
* fast_isolate_freepages scans out of target zone (BZ#2170576)
* Backport Request for locking/rwsem commits (BZ#2170939)
* ipv6 traffic stop when an sriov vf have ipv6 address (BZ#2172550)
* Hyper-V Rocky Linux SIG Cloud8.8: Update MANA driver (BZ#2173103)
Enhancement(s):
* Intel 8.8 FEAT SPR CPU: AMX: Improve the init_fpstate setup code (BZ#2168384)
Copyright 2024 Rocky Enterprise Software Foundation
Rocky Linux SIG Cloud 8
1
Important
An update is available for kernel.
This update affects Rocky Linux SIG Cloud 8.
A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list
The kernel packages contain the Linux kernel, the core of any Linux operating system.
Security Fix(es):
* kernel: stack overflow in do_proc_dointvec and proc_skip_spaces (CVE-2022-4378)
* ALSA: pcm: Move rwsem lock inside snd_ctl_elem_read to prevent UAF (CVE-2023-0266)
* kernel: FUSE filesystem low-privileged user privileges escalation (CVE-2023-0386)
* kernel: net: CPU soft lockup in TC mirred egress-to-ingress action (CVE-2022-4269)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
* kernel panic on reboot due to a bug in mei_wdt module (BZ#2139770)
* Rocky Linux SIG Cloud8: Practically limit "Dummy wait" workaround to old Intel systems (BZ#2142170)
* AMDSERVER 8.7: amdpstate driver incorrectly designed to load as default for Genoa (BZ#2151275)
* Rocky Linux SIG Cloud-8.8: Update RDMA core to Linux v6.0 (BZ#2161750)
* Kernel panic observed during VxFS module unload (BZ#2162763)
* Client not able to connect to rhel server: SYN is answered by chalange ACK and RST is ignored (BZ#2165587)
* Rocky Linux SIG Cloud8.4: s390/kexec: fix ipl report address for kdump (BZ#2166296)
* kvm-unit-test reports unhandled exception on AMD (BZ#2166362)
* Windows Server 2019 guest randomly pauses with "KVM: entry failed, hardware error 0x80000021" (BZ#2166368)
* Unable to get QinQ working with ConnectX-4 Lx in SR-IOV scenario (BZ#2166665)
* panic in fib6_rule_suppress+0x22 with custom xdp prog involved in (BZ#2167602)
* net/mlx5e: Fix use-after-free when reverting termination table (BZ#2167640)
* Rocky Linux SIG Cloud 8.7: EEH injection failed to recover on Mellanox adapter. (BZ#2167645)
* mlx5: lag and sriov fixes (BZ#2167647)
* Rocky Linux SIG Cloud8.4: dasd: fix no record found for raw_track_access (BZ#2167776)
* GSS: Set of fixes in ceph kernel module to prevent OCS node kernel crash - blocklist the kclient when receiving corrupted snap trace (BZ#2168896)
* Azure Rocky Linux SIG Cloud8 scsi: storvsc: Fix swiotlb bounce buffer leak in confidential VM (BZ#2170228)
* fast_isolate_freepages scans out of target zone (BZ#2170576)
* Backport Request for locking/rwsem commits (BZ#2170939)
* ipv6 traffic stop when an sriov vf have ipv6 address (BZ#2172550)
* Hyper-V Rocky Linux SIG Cloud8.8: Update MANA driver (BZ#2173103)
Enhancement(s):
* Intel 8.8 FEAT SPR CPU: AMX: Improve the init_fpstate setup code (BZ#2168384)
rocky-linux-8-sig-cloud-x86-64-cloud-kernel-rpms
bpftool-4.18.0-425.19.2.el8_7.cloud.x86_64.rpm
ae90e1ade5d7d68191df2a7385f0e922f47f775d03602ff27fd26f76938f196a
kernel-4.18.0-425.19.2.el8_7.cloud.x86_64.rpm
df9b25b9ad8f6538188f43cc90700664e9f6ffca96feaecf2b544619fe8b8315
kernel-abi-stablelists-4.18.0-425.19.2.el8_7.cloud.noarch.rpm
466a32771b64200a453e50f38131dae8a096435039022816a9d8f402a1b30ec8
kernel-core-4.18.0-425.19.2.el8_7.cloud.x86_64.rpm
80872bde989f9fae7d98f1f236fe74f21421fc091b20dbc17b01628f788ec892
kernel-cross-headers-4.18.0-425.19.2.el8_7.cloud.x86_64.rpm
c376c1052864b5bdd4b0c2f652f629eb1b471acf573cc0485a1d414f0a67fa54
kernel-debug-4.18.0-425.19.2.el8_7.cloud.x86_64.rpm
a9fb93d81df501838b8c8cbd4707f5837e4b7b1d11fac8b48257cabe86f055b4
kernel-debug-core-4.18.0-425.19.2.el8_7.cloud.x86_64.rpm
eb17efb7990f417e9e59e03cfe8686d3dd9c6ff38a642420960d5d944c4ad9ee
kernel-debug-devel-4.18.0-425.19.2.el8_7.cloud.x86_64.rpm
51d0bb683f20d97f24a25196ec41b9dc4436a1c387298c7084fe4f3a90d0b171
kernel-debug-modules-4.18.0-425.19.2.el8_7.cloud.x86_64.rpm
7341cbfe55ef4ada1aaafa9968a9643a29211ed7f2c6f17c9285acde551d1817
kernel-debug-modules-extra-4.18.0-425.19.2.el8_7.cloud.x86_64.rpm
eb06fd6b23f16940b688d0ae6fca57cadbf0e81acfc765c9c86706e52c5788f4
kernel-devel-4.18.0-425.19.2.el8_7.cloud.x86_64.rpm
77ace6f6a9ead3ac2da0e630caec072e8586389785ffab80d03cee6480f468c3
kernel-doc-4.18.0-425.19.2.el8_7.cloud.noarch.rpm
dbfe4eb4caa91803a69ec1834ef80a82b53e35e0e4dc4fd4aaff5d6ef57c68f4
kernel-headers-4.18.0-425.19.2.el8_7.cloud.x86_64.rpm
04c50637e75e7a6e6f7c22c68108aa0def278761e6291434a5c7600882fe2054
kernel-modules-4.18.0-425.19.2.el8_7.cloud.x86_64.rpm
c117fc857b7a51881fe0c636b412b08914bc9686280f0d283f2a54c5e5296bd4
kernel-modules-extra-4.18.0-425.19.2.el8_7.cloud.x86_64.rpm
f6a9dc3d29b197a0dca4494bfe7fa47518a6824ae1efd84f88a89c30267e7335
kernel-tools-4.18.0-425.19.2.el8_7.cloud.x86_64.rpm
4b87809d111c645b89d5b7f45a8a6d60e077ef7fd9e4169460f69c4c80a3b1f0
kernel-tools-libs-4.18.0-425.19.2.el8_7.cloud.x86_64.rpm
615bcf3c82ec0cf34fe5f8f062944423d4a41da5257eaf70312efd624b8d91a0
kernel-tools-libs-devel-4.18.0-425.19.2.el8_7.cloud.x86_64.rpm
efcb21fa55dc2ccbb169015001c1958493a61abe986dcd6dc520333feb9c1d58
perf-4.18.0-425.19.2.el8_7.cloud.x86_64.rpm
38c14ad425778cc24f66d4a4e3e7f8150f4dfec094e7f542559b6c96de30542a
python3-perf-4.18.0-425.19.2.el8_7.cloud.x86_64.rpm
da46fb708f0a635c7d0f93884e48d3518df50e2f8abd960df25abf9a7c7b0824
RXSA-2024:1607
Important: kernel security, bug fix, and enhancement update
The kernel packages contain the Linux kernel, the core of any Linux operating system.
Security Fix(es):
* kernel: vmwgfx: NULL pointer dereference in vmw_cmd_dx_define_query (CVE-2022-38096)
* kernel: Out of boundary write in perf_read_group() as result of overflow a perf_event's read_size (CVE-2023-6931)
* kernel: GSM multiplexing race condition leads to privilege escalation (CVE-2023-6546,ZDI-CAN-20527)
* kernel: CIFS Filesystem Decryption Improper Input Validation Remote Code Execution Vulnerability in function receive_encrypted_standard of client (CVE-2024-0565)
* kernel: use-after-free in amdgpu_cs_wait_all_fences in drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c (CVE-2023-51042)
* kernel: ext4: kernel bug in ext4_write_inline_data_end() (CVE-2021-33631)
* kernel: nf_tables: use-after-free vulnerability in the nft_verdict_init() function (CVE-2024-1086)
Bug Fix(es):
* OCP 4.12 crashed due to use-after-free in libceph in rhel8 (JIRA:Rocky Linux SIG Cloud-21394)
* kernel: nf_tables: use-after-free vulnerability in the nft_verdict_init() function (JIRA:Rocky Linux SIG Cloud-24010)
* Screen floods with random colour suggesting something not initialised (JIRA:Rocky Linux SIG Cloud-21055)
* kernel: vmxgfx: NULL pointer dereference in vmw_cmd_dx_define_query (JIRA:Rocky Linux SIG Cloud-22766)
* tx-checksumming required for accessing port in OpenShift for Rocky Linux SIG Cloud 8.6 (JIRA:Rocky Linux SIG Cloud-20822)
* kernel: CIFS Filesystem Decryption Improper Input Validation Remote Code Execution Vulnerability in function receive_encrypted_standard of client (JIRA:Rocky Linux SIG Cloud-22077)
* kernel: Out of boundary write in perf_read_group() as result of overflow a perf_event's read_size (JIRA:Rocky Linux SIG Cloud-22930)
* rbd: don't move requests to the running list on errors [8.x] (JIRA:Rocky Linux SIG Cloud-24204)
* kernel: use-after-free in amdgpu_cs_wait_all_fences in drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c (JIRA:Rocky Linux SIG Cloud-24479)
* ceph: several cap and snap fixes (JIRA:Rocky Linux SIG Cloud-20909)
* [RHVH] Migration hangs between RHVH release bellow 4.5.1 and RHVH over or equal 4.5.2 release (JIRA:Rocky Linux SIG Cloud-23063)
* unable to access smsc95xx based interface unless you start outgoing traffic. (JIRA:Rocky Linux SIG Cloud-25719)
* [Rocky Linux SIG Cloud8] ] BUG bio-696 (Not tainted): Poison overwritten (JIRA:Rocky Linux SIG Cloud-26101)
* kernel: GSM multiplexing race condition leads to privilege escalation (JIRA:Rocky Linux SIG Cloud-19954)
* backport smartpqi: fix disable_managed_interrupts (JIRA:Rocky Linux SIG Cloud-26139)
* kernel: ext4: kernel bug in ext4_write_inline_data_end() (JIRA:Rocky Linux SIG Cloud-26331)
* ceph: always check dir caps asynchronously (JIRA:Rocky Linux SIG Cloud-27496)
Enhancement(s):
* [IBM 8.10 FEAT] Upgrade the qeth driver to latest from upstream, e.g. kernel 6.4 (JIRA:Rocky Linux SIG Cloud-25811)
Copyright 2024 Rocky Enterprise Software Foundation
Rocky Linux SIG Cloud 8
1
Important
An update is available for kernel.
This update affects Rocky Linux SIG Cloud 8.
A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list
The kernel packages contain the Linux kernel, the core of any Linux operating system.
Security Fix(es):
* kernel: vmwgfx: NULL pointer dereference in vmw_cmd_dx_define_query (CVE-2022-38096)
* kernel: Out of boundary write in perf_read_group() as result of overflow a perf_event's read_size (CVE-2023-6931)
* kernel: GSM multiplexing race condition leads to privilege escalation (CVE-2023-6546,ZDI-CAN-20527)
* kernel: CIFS Filesystem Decryption Improper Input Validation Remote Code Execution Vulnerability in function receive_encrypted_standard of client (CVE-2024-0565)
* kernel: use-after-free in amdgpu_cs_wait_all_fences in drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c (CVE-2023-51042)
* kernel: ext4: kernel bug in ext4_write_inline_data_end() (CVE-2021-33631)
* kernel: nf_tables: use-after-free vulnerability in the nft_verdict_init() function (CVE-2024-1086)
Bug Fix(es):
* OCP 4.12 crashed due to use-after-free in libceph in rhel8 (JIRA:Rocky Linux SIG Cloud-21394)
* kernel: nf_tables: use-after-free vulnerability in the nft_verdict_init() function (JIRA:Rocky Linux SIG Cloud-24010)
* Screen floods with random colour suggesting something not initialised (JIRA:Rocky Linux SIG Cloud-21055)
* kernel: vmxgfx: NULL pointer dereference in vmw_cmd_dx_define_query (JIRA:Rocky Linux SIG Cloud-22766)
* tx-checksumming required for accessing port in OpenShift for Rocky Linux SIG Cloud 8.6 (JIRA:Rocky Linux SIG Cloud-20822)
* kernel: CIFS Filesystem Decryption Improper Input Validation Remote Code Execution Vulnerability in function receive_encrypted_standard of client (JIRA:Rocky Linux SIG Cloud-22077)
* kernel: Out of boundary write in perf_read_group() as result of overflow a perf_event's read_size (JIRA:Rocky Linux SIG Cloud-22930)
* rbd: don't move requests to the running list on errors [8.x] (JIRA:Rocky Linux SIG Cloud-24204)
* kernel: use-after-free in amdgpu_cs_wait_all_fences in drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c (JIRA:Rocky Linux SIG Cloud-24479)
* ceph: several cap and snap fixes (JIRA:Rocky Linux SIG Cloud-20909)
* [RHVH] Migration hangs between RHVH release bellow 4.5.1 and RHVH over or equal 4.5.2 release (JIRA:Rocky Linux SIG Cloud-23063)
* unable to access smsc95xx based interface unless you start outgoing traffic. (JIRA:Rocky Linux SIG Cloud-25719)
* [Rocky Linux SIG Cloud8] ] BUG bio-696 (Not tainted): Poison overwritten (JIRA:Rocky Linux SIG Cloud-26101)
* kernel: GSM multiplexing race condition leads to privilege escalation (JIRA:Rocky Linux SIG Cloud-19954)
* backport smartpqi: fix disable_managed_interrupts (JIRA:Rocky Linux SIG Cloud-26139)
* kernel: ext4: kernel bug in ext4_write_inline_data_end() (JIRA:Rocky Linux SIG Cloud-26331)
* ceph: always check dir caps asynchronously (JIRA:Rocky Linux SIG Cloud-27496)
Enhancement(s):
* [IBM 8.10 FEAT] Upgrade the qeth driver to latest from upstream, e.g. kernel 6.4 (JIRA:Rocky Linux SIG Cloud-25811)
rocky-linux-8-sig-cloud-x86-64-cloud-kernel-rpms
bpftool-4.18.0-513.24.1.el8_9.cloud.0.1.x86_64.rpm
a5ad788dc0ede5dea048ce9e67b6f4b826ff31fd2ffc1ff74086c4521eab5c3c
kernel-4.18.0-513.24.1.el8_9.cloud.0.1.x86_64.rpm
db21e01494bf63ee0eebddab352754c9850da4df8a700e9f9046fae8f67785ff
kernel-abi-stablelists-4.18.0-513.24.1.el8_9.cloud.0.1.noarch.rpm
8bc5b437700afcb0a140b3ee5dadcdf21947d527a414c31b47d57ea9b6957db1
kernel-core-4.18.0-513.24.1.el8_9.cloud.0.1.x86_64.rpm
d2536a5ea1454163c129f3e0ac2c372666ce085946f22fa13ccd8332dc50388f
kernel-cross-headers-4.18.0-513.24.1.el8_9.cloud.0.1.x86_64.rpm
c4c4abf6c0b4fc0dcf71b3e583c4eb39775033d038f59a6bbd069f7df82561cd
kernel-debug-4.18.0-513.24.1.el8_9.cloud.0.1.x86_64.rpm
6baaf9dd2654c6bc0f933d287645a261101ecfcf956c2be345e34ec8a57c3606
kernel-debug-core-4.18.0-513.24.1.el8_9.cloud.0.1.x86_64.rpm
41558e7107e026347848ee8cf1fad523490a3b58ab1c0a8a28082771a961b379
kernel-debug-devel-4.18.0-513.24.1.el8_9.cloud.0.1.x86_64.rpm
f9189b82079f972771e8fb3a549c2cdfe3f985b8886d1e1c2185c33128915593
kernel-debug-modules-4.18.0-513.24.1.el8_9.cloud.0.1.x86_64.rpm
0e1ae7d5fcf49d7f0d98f77a713b221fa0414ba25f10f56e5412cb6b8e69574f
kernel-debug-modules-extra-4.18.0-513.24.1.el8_9.cloud.0.1.x86_64.rpm
bf50c56210acf32940452ad11e4b583703c91257e5cb51c1dbcf242c8d93a013
kernel-devel-4.18.0-513.24.1.el8_9.cloud.0.1.x86_64.rpm
4be318d710a4e6aae9195ae381eed542cad1e9e15d6d391a157948b3aa33ff8d
kernel-doc-4.18.0-513.24.1.el8_9.cloud.0.1.noarch.rpm
6119ca6b8155f66a028ea6eb315a8234f54aebb50711563f3d9e45924add3b2f
kernel-headers-4.18.0-513.24.1.el8_9.cloud.0.1.x86_64.rpm
3045f9856cfe5b55918814eb5edc5d5b74801e565807def31b668e426f894563
kernel-modules-4.18.0-513.24.1.el8_9.cloud.0.1.x86_64.rpm
2c46b2c2643db7b7912f44593a23dad79f2ec07b2ac183a10a547279be4d3c77
kernel-modules-extra-4.18.0-513.24.1.el8_9.cloud.0.1.x86_64.rpm
afad815b77cbb80dbe1c888a2cd131d712bc10ecaf3580cde08436260853ddab
kernel-tools-4.18.0-513.24.1.el8_9.cloud.0.1.x86_64.rpm
ca073395d36bccf977bb9c6c17f2740fd2a6c273decbcf1910b9642744a69f95
kernel-tools-libs-4.18.0-513.24.1.el8_9.cloud.0.1.x86_64.rpm
93c4efec29fa43138bd25914996e55e12735a511c10af87014bfae8bdf0d5534
kernel-tools-libs-devel-4.18.0-513.24.1.el8_9.cloud.0.1.x86_64.rpm
129dce66134e01591afb451724562e14a9084b77aaedf5fb80e2f00e7858fe71
perf-4.18.0-513.24.1.el8_9.cloud.0.1.x86_64.rpm
42309a4631288ea31a4791de046e315aecc3c4b39d73ffe4f6d75d076ee7f0ce
python3-perf-4.18.0-513.24.1.el8_9.cloud.0.1.x86_64.rpm
6f3d2934513aef0156a951cc1f0010d04e4bf4d714dd0346335b9df420ed7915
RXSA-2024:5101
Important: kernel security update
The kernel packages contain the Linux kernel, the core of any Linux operating system.
Security Fix(es):
* kernel: powerpc: Fix access beyond end of drmem array (CVE-2023-52451)
* kernel: efivarfs: force RO when remounting if SetVariable is not supported (CVE-2023-52463)
* kernel: tracing: Restructure trace_clock_global() to never block (CVE-2021-46939)
* kernel: ext4: avoid online resizing failures due to oversized flex bg (CVE-2023-52622)
* kernel: net/sched: flower: Fix chain template offload (CVE-2024-26669)
* kernel: stmmac: Clear variable when destroying workqueue (CVE-2024-26802)
* kernel: efi: runtime: Fix potential overflow of soft-reserved region size (CVE-2024-26843)
* kernel: quota: Fix potential NULL pointer dereference (CVE-2024-26878)
* kernel: TIPC message reassembly use-after-free remote code execution vulnerability (CVE-2024-36886)
* kernel: SUNRPC: fix a memleak in gss_import_v2_context (CVE-2023-52653)
* kernel: dmaengine/idxd: hardware erratum allows potential security problem with direct access by untrusted application (CVE-2024-21823)
* kernel: Revert "net/mlx5: Block entering switchdev mode with ns inconsistency" (CVE-2023-52658)
* kernel: ext4: fix corruption during on-line resize (CVE-2024-35807)
* kernel: x86/fpu: Keep xfd_state in sync with MSR_IA32_XFD (CVE-2024-35801)
* kernel: dyndbg: fix old BUG_ON in >control parser (CVE-2024-35947)
* kernel: net/sched: act_skbmod: prevent kernel-infoleak (CVE-2024-35893)
* kernel: x86/mce: Make sure to grab mce_sysfs_mutex in set_bank() (CVE-2024-35876)
* kernel: platform/x86: wmi: Fix opening of char device (CVE-2023-52864)
* kernel: tipc: Change nla_policy for bearer-related names to NLA_NUL_STRING (CVE-2023-52845)
* (CVE-2023-28746)
* (CVE-2023-52847)
* (CVE-2021-47548)
* (CVE-2024-36921)
* (CVE-2024-26921)
* (CVE-2021-47579)
* (CVE-2024-36927)
* (CVE-2024-39276)
* (CVE-2024-33621)
* (CVE-2024-27010)
* (CVE-2024-26960)
* (CVE-2024-38596)
* (CVE-2022-48743)
* (CVE-2024-26733)
* (CVE-2024-26586)
* (CVE-2024-26698)
* (CVE-2023-52619)
Bug Fix(es):
* Rocky Linux SIG Cloud8.6 - Spinlock statistics may show negative elapsed time and incorrectly formatted output (JIRA:Rocky Linux SIG Cloud-17678)
* [AWS][8.9]There are call traces found when booting debug-kernel for Amazon EC2 r8g.metal-24xl instance (JIRA:Rocky Linux SIG Cloud-23841)
* [rhel8] gfs2: Fix glock shrinker (JIRA:Rocky Linux SIG Cloud-32941)
* lan78xx: Microchip LAN7800 never comes up after unplug and replug (JIRA:Rocky Linux SIG Cloud-33437)
* [Hyper-V][Rocky Linux SIG Cloud-8.10.z] Update hv_netvsc driver to TOT (JIRA:Rocky Linux SIG Cloud-39074)
* Use-after-free on proc inode-i_sb triggered by fsnotify (JIRA:Rocky Linux SIG Cloud-40167)
* blk-cgroup: Properly propagate the iostat update up the hierarchy [rhel-8.10.z] (JIRA:Rocky Linux SIG Cloud-40939)
* (JIRA:Rocky Linux SIG Cloud-31798)
* (JIRA:Rocky Linux SIG Cloud-10263)
* (JIRA:Rocky Linux SIG Cloud-40901)
* (JIRA:Rocky Linux SIG Cloud-43547)
* (JIRA:Rocky Linux SIG Cloud-34876)
Enhancement(s):
* [RFE] Add module parameters 'soft_reboot_cmd' and 'soft_active_on_boot' for customizing softdog configuration (JIRA:Rocky Linux SIG Cloud-19723)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer the CVE page(s) listed in the References section.
Copyright 2024 Rocky Enterprise Software Foundation
Rocky Linux SIG Cloud 8
1
Important
An update is available for kernel.
This update affects Rocky Linux SIG Cloud 8.
A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list
The kernel packages contain the Linux kernel, the core of any Linux operating system.
Security Fix(es):
* kernel: powerpc: Fix access beyond end of drmem array (CVE-2023-52451)
* kernel: efivarfs: force RO when remounting if SetVariable is not supported (CVE-2023-52463)
* kernel: tracing: Restructure trace_clock_global() to never block (CVE-2021-46939)
* kernel: ext4: avoid online resizing failures due to oversized flex bg (CVE-2023-52622)
* kernel: net/sched: flower: Fix chain template offload (CVE-2024-26669)
* kernel: stmmac: Clear variable when destroying workqueue (CVE-2024-26802)
* kernel: efi: runtime: Fix potential overflow of soft-reserved region size (CVE-2024-26843)
* kernel: quota: Fix potential NULL pointer dereference (CVE-2024-26878)
* kernel: TIPC message reassembly use-after-free remote code execution vulnerability (CVE-2024-36886)
* kernel: SUNRPC: fix a memleak in gss_import_v2_context (CVE-2023-52653)
* kernel: dmaengine/idxd: hardware erratum allows potential security problem with direct access by untrusted application (CVE-2024-21823)
* kernel: Revert "net/mlx5: Block entering switchdev mode with ns inconsistency" (CVE-2023-52658)
* kernel: ext4: fix corruption during on-line resize (CVE-2024-35807)
* kernel: x86/fpu: Keep xfd_state in sync with MSR_IA32_XFD (CVE-2024-35801)
* kernel: dyndbg: fix old BUG_ON in >control parser (CVE-2024-35947)
* kernel: net/sched: act_skbmod: prevent kernel-infoleak (CVE-2024-35893)
* kernel: x86/mce: Make sure to grab mce_sysfs_mutex in set_bank() (CVE-2024-35876)
* kernel: platform/x86: wmi: Fix opening of char device (CVE-2023-52864)
* kernel: tipc: Change nla_policy for bearer-related names to NLA_NUL_STRING (CVE-2023-52845)
* (CVE-2023-28746)
* (CVE-2023-52847)
* (CVE-2021-47548)
* (CVE-2024-36921)
* (CVE-2024-26921)
* (CVE-2021-47579)
* (CVE-2024-36927)
* (CVE-2024-39276)
* (CVE-2024-33621)
* (CVE-2024-27010)
* (CVE-2024-26960)
* (CVE-2024-38596)
* (CVE-2022-48743)
* (CVE-2024-26733)
* (CVE-2024-26586)
* (CVE-2024-26698)
* (CVE-2023-52619)
Bug Fix(es):
* Rocky Linux SIG Cloud8.6 - Spinlock statistics may show negative elapsed time and incorrectly formatted output (JIRA:Rocky Linux SIG Cloud-17678)
* [AWS][8.9]There are call traces found when booting debug-kernel for Amazon EC2 r8g.metal-24xl instance (JIRA:Rocky Linux SIG Cloud-23841)
* [rhel8] gfs2: Fix glock shrinker (JIRA:Rocky Linux SIG Cloud-32941)
* lan78xx: Microchip LAN7800 never comes up after unplug and replug (JIRA:Rocky Linux SIG Cloud-33437)
* [Hyper-V][Rocky Linux SIG Cloud-8.10.z] Update hv_netvsc driver to TOT (JIRA:Rocky Linux SIG Cloud-39074)
* Use-after-free on proc inode-i_sb triggered by fsnotify (JIRA:Rocky Linux SIG Cloud-40167)
* blk-cgroup: Properly propagate the iostat update up the hierarchy [rhel-8.10.z] (JIRA:Rocky Linux SIG Cloud-40939)
* (JIRA:Rocky Linux SIG Cloud-31798)
* (JIRA:Rocky Linux SIG Cloud-10263)
* (JIRA:Rocky Linux SIG Cloud-40901)
* (JIRA:Rocky Linux SIG Cloud-43547)
* (JIRA:Rocky Linux SIG Cloud-34876)
Enhancement(s):
* [RFE] Add module parameters 'soft_reboot_cmd' and 'soft_active_on_boot' for customizing softdog configuration (JIRA:Rocky Linux SIG Cloud-19723)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer the CVE page(s) listed in the References section.
rocky-linux-8-sig-cloud-x86-64-cloud-kernel-rpms
bpftool-4.18.0-553.16.1.el8_10.cloud.0.1.x86_64.rpm
2331f99a254ffd5ca66d9a1ee97142b715c1e7e5400a6f57f6edf8399cb2424a
kernel-4.18.0-553.16.1.el8_10.cloud.0.1.x86_64.rpm
8dded6853c5c457b12deb58f0948d0713db7608bd45d85118abb773811d75bf0
kernel-abi-stablelists-4.18.0-553.16.1.el8_10.cloud.0.1.noarch.rpm
56aff6109b20464875e17e4e5bebb3fe2ce6b2a4d2e0f18b4f5d2d381be878d5
kernel-core-4.18.0-553.16.1.el8_10.cloud.0.1.x86_64.rpm
ce6010f464191b2d95950775a050381c40e8ddf7533795e724094e37dd41cfb6
kernel-cross-headers-4.18.0-553.16.1.el8_10.cloud.0.1.x86_64.rpm
e556c641f4b96ee5bd306fbffb504a0da37ce86e87306ac67c397a939ab4801a
kernel-debug-4.18.0-553.16.1.el8_10.cloud.0.1.x86_64.rpm
2bc5f50c2f677de438e6afc6db35a7df43969ef5da58ec2423ddcd4d36d53de3
kernel-debug-core-4.18.0-553.16.1.el8_10.cloud.0.1.x86_64.rpm
81d429a0c76c9916057f2aef6e01c9c44a0bc907ec00ab694037eed6d069bc7e
kernel-debug-devel-4.18.0-553.16.1.el8_10.cloud.0.1.x86_64.rpm
b0828c3eb54c8b35651aab0f321284afddf393a7331219f8b0d328d87d3cc63a
kernel-debug-modules-4.18.0-553.16.1.el8_10.cloud.0.1.x86_64.rpm
0a2eeeaee68d36b83c790e663d50fd0acb917b386c3f32b4e4e901ae4157b1c2
kernel-debug-modules-extra-4.18.0-553.16.1.el8_10.cloud.0.1.x86_64.rpm
068d7392afc06c71aadce1a52a1c7088f9c3ff7673429a7d37c14a8a5e705d86
kernel-devel-4.18.0-553.16.1.el8_10.cloud.0.1.x86_64.rpm
fd9b09149cba8704ed04052f29689b45a66d751510a3695449ade1bec8c12df1
kernel-doc-4.18.0-553.16.1.el8_10.cloud.0.1.noarch.rpm
1460b127896d33e9494e85599ac0e6f4202dc58ef611daefac54c30c4353556a
kernel-headers-4.18.0-553.16.1.el8_10.cloud.0.1.x86_64.rpm
027638acbbe4e2ba983951a4caf8f4b6e72475a765370f50934d8d53427a6d10
kernel-modules-4.18.0-553.16.1.el8_10.cloud.0.1.x86_64.rpm
6383ac753be0ec4e02cc3f875d3bdbfb68bbbab2b242739f33fbe13a3793c8fe
kernel-modules-extra-4.18.0-553.16.1.el8_10.cloud.0.1.x86_64.rpm
6cf46e6645ff8323e14137542e39ed4900d5d071dbf0ff86f90f3a7d3875cc7a
kernel-tools-4.18.0-553.16.1.el8_10.cloud.0.1.x86_64.rpm
dd4d3c2cf5bcae179f47ab94118c0bf2921d74f90fe4cc695deab7b2935e2ef0
kernel-tools-libs-4.18.0-553.16.1.el8_10.cloud.0.1.x86_64.rpm
449f6b98ba170d1b0650c2586da0135abd7be4cfa10af1b09acea2343889bd5b
kernel-tools-libs-devel-4.18.0-553.16.1.el8_10.cloud.0.1.x86_64.rpm
32aca181eca5b81f509a004f9a9337533cbf6690ea409b20ff7546b375431652
perf-4.18.0-553.16.1.el8_10.cloud.0.1.x86_64.rpm
5a2c1e6edfdcd211b3c8df0a0efa7d1982d5b473b8630cf27ee2d846730d0edc
python3-perf-4.18.0-553.16.1.el8_10.cloud.0.1.x86_64.rpm
1c3164ab1bdc67183d83eba0a41449a5e94ffdda687ab2b8dd39ead03e48b2db