RXSA-2023:0334
Important: kernel security and bug fix update
The kernel packages contain the Linux kernel, the core of any Linux operating system.
Security Fix(es):
* kernel: watch queue race condition can lead to privilege escalation (CVE-2022-2959)
* kernel: memory corruption in AX88179_178A based USB ethernet device. (CVE-2022-2964)
* kernel: i915: Incorrect GPU TLB flush can lead to random memory access (CVE-2022-4139)
* kernel: nfsd buffer overflow by RPC message over TCP with garbage data (CVE-2022-43945)
* kernel: i2c: unbounded length leads to buffer overflow in ismt_access() (CVE-2022-3077)
* kernel: Unprivileged users may use PTRACE_SEIZE to set PTRACE_O_SUSPEND_SECCOMP option (CVE-2022-30594)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
* Intel 9.2: Important iavf bug fixes (BZ#2127884)
* vfio zero page mappings fail after 2M instances (BZ#2128514)
* nvme-tcp automatic reconnect fails intermittently during EMC powerstore NDU operation (BZ#2131359)
* ice: Driver Update to 5.19 (BZ#2132070)
* WARNING: CPU: 116 PID: 3440 at arch/x86/mm/extable.c:105 ex_handler_fprestore+0x3f/0x50 (BZ#2134588)
* drm: duplicated call of drm_privacy_screen_register_notifier() in drm_connector_register() (BZ#2134619)
* updating the appid field through sysfs is returning an -EINVAL error (BZ#2136914)
* DELL EMC: System is not booting into RT Kernel with perc12. (BZ#2139213)
* No signal showed in the VGA monitor when installing Rocky Linux SIG Cloud9 in the legacy bios mode (BZ#2140153)
* Practically limit "Dummy wait" workaround to old Intel systems (BZ#2142168)
* ppc64le: unexpected oom panic when there's enough memory left in zswap test (BZ#2143976)
* fatal error: error in backend: Branch target out of insn range (BZ#2144902)
* AMdCLIENT: The kernel command line parameter "nomodeset" not working properly (BZ#2145217)
* Azure: PCI: hv: Do not set PCI_COMMAND_MEMORY to reduce VM boot time (BZ#2150910)
* Azure z-stream: Sometimes newly deployed VMs are not getting accelerated network during provisioning (BZ#2151605)
* DELL 9.0 RT - On PE R760 system, call traces are observed dmesg when system is running stress (BZ#2154407)
Copyright 2023 Rocky Enterprise Software Foundation
Rocky Linux SIG Cloud 9
1
Important
An update is available for kernel.
This update affects Rocky Linux SIG Cloud 9.
A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list
The kernel packages contain the Linux kernel, the core of any Linux operating system.
Security Fix(es):
* kernel: watch queue race condition can lead to privilege escalation (CVE-2022-2959)
* kernel: memory corruption in AX88179_178A based USB ethernet device. (CVE-2022-2964)
* kernel: i915: Incorrect GPU TLB flush can lead to random memory access (CVE-2022-4139)
* kernel: nfsd buffer overflow by RPC message over TCP with garbage data (CVE-2022-43945)
* kernel: i2c: unbounded length leads to buffer overflow in ismt_access() (CVE-2022-3077)
* kernel: Unprivileged users may use PTRACE_SEIZE to set PTRACE_O_SUSPEND_SECCOMP option (CVE-2022-30594)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
* Intel 9.2: Important iavf bug fixes (BZ#2127884)
* vfio zero page mappings fail after 2M instances (BZ#2128514)
* nvme-tcp automatic reconnect fails intermittently during EMC powerstore NDU operation (BZ#2131359)
* ice: Driver Update to 5.19 (BZ#2132070)
* WARNING: CPU: 116 PID: 3440 at arch/x86/mm/extable.c:105 ex_handler_fprestore+0x3f/0x50 (BZ#2134588)
* drm: duplicated call of drm_privacy_screen_register_notifier() in drm_connector_register() (BZ#2134619)
* updating the appid field through sysfs is returning an -EINVAL error (BZ#2136914)
* DELL EMC: System is not booting into RT Kernel with perc12. (BZ#2139213)
* No signal showed in the VGA monitor when installing Rocky Linux SIG Cloud9 in the legacy bios mode (BZ#2140153)
* Practically limit "Dummy wait" workaround to old Intel systems (BZ#2142168)
* ppc64le: unexpected oom panic when there's enough memory left in zswap test (BZ#2143976)
* fatal error: error in backend: Branch target out of insn range (BZ#2144902)
* AMdCLIENT: The kernel command line parameter "nomodeset" not working properly (BZ#2145217)
* Azure: PCI: hv: Do not set PCI_COMMAND_MEMORY to reduce VM boot time (BZ#2150910)
* Azure z-stream: Sometimes newly deployed VMs are not getting accelerated network during provisioning (BZ#2151605)
* DELL 9.0 RT - On PE R760 system, call traces are observed dmesg when system is running stress (BZ#2154407)
rocky-linux-9-sig-cloud-aarch64-cloud-kernel-rpms
bpftool-5.14.0-162.12.1.el9_1.cloud.0.1.aarch64.rpm
bb0d33a3f542792d3cda476130bcffc042bb8c68ff57c974afdeaeaa3b2d7232
kernel-5.14.0-162.12.1.el9_1.cloud.0.1.aarch64.rpm
209cca4e7cbe7957d4206a16878c698d80df00805f820264fda693e2ca07d4fe
kernel-abi-stablelists-5.14.0-162.12.1.el9_1.cloud.0.1.noarch.rpm
7d125f0361e0211faa3702c9cc9cb98f6c92bd56ec193d4dbc5a4d913eb1a3fa
kernel-core-5.14.0-162.12.1.el9_1.cloud.0.1.aarch64.rpm
fdbaeca6c200df8ff15cdbf5d98bd90f467102ed78c7a17566243a1d5bfeb590
kernel-cross-headers-5.14.0-162.12.1.el9_1.cloud.0.1.aarch64.rpm
7fc3ddfbead7161d4384379a88975e68291bc3e026f44f06d8ddd12ffa63c8d8
kernel-debug-5.14.0-162.12.1.el9_1.cloud.0.1.aarch64.rpm
e17ac2ebb3ed213590e6b4b8dae700ff3dece4c2e798fcaf0b31307e036964c2
kernel-debug-core-5.14.0-162.12.1.el9_1.cloud.0.1.aarch64.rpm
5594c1c63d60e968846aa5ec888b761ce4dd2501be76d55f2cd76efa54eb9d04
kernel-debug-devel-5.14.0-162.12.1.el9_1.cloud.0.1.aarch64.rpm
941910192b66bd4c5d14e63dcee687f92a792096fd4e41363ec3f2e4e1bf8566
kernel-debug-devel-matched-5.14.0-162.12.1.el9_1.cloud.0.1.aarch64.rpm
02d0dfa3c02d2a632d91c07d467eed17fa5e69424b8dc74290c656b1afd1c4d8
kernel-debug-modules-5.14.0-162.12.1.el9_1.cloud.0.1.aarch64.rpm
f665ca4569ae94fe3095b7e36671b91a6e9078b761697d5bc377cb995e4e5fa7
kernel-debug-modules-extra-5.14.0-162.12.1.el9_1.cloud.0.1.aarch64.rpm
b0b8559e43ddf709e8787efd189ea2564de732c055108cf297dcf2dc4e06159f
kernel-devel-5.14.0-162.12.1.el9_1.cloud.0.1.aarch64.rpm
82ab31b77e294f735c28cdbf3bc12c6795cc3f4ac7bc933f3cd85dc350749ac6
kernel-devel-matched-5.14.0-162.12.1.el9_1.cloud.0.1.aarch64.rpm
c08073ea3cbdd2aa010110a8bb14c8fd5aeee47968e53c7348266d737deac4ad
kernel-doc-5.14.0-162.12.1.el9_1.cloud.0.1.noarch.rpm
6f5c9063dbf11a75fe42bab60b2f726c99c2ef358f4375ad0daccd67613836e9
kernel-headers-5.14.0-162.12.1.el9_1.cloud.0.1.aarch64.rpm
eaf6d387504e3d09389a0178d7fbab9da9dc3df86aa5e5e91867b1f79f665041
kernel-modules-5.14.0-162.12.1.el9_1.cloud.0.1.aarch64.rpm
8a111e38946f474031f6105f35d7e31731211184a1586c6e58b43cc654662ae1
kernel-modules-extra-5.14.0-162.12.1.el9_1.cloud.0.1.aarch64.rpm
2f9d5e41054861d8f2bdc204dba0694f04a828ae86ea6e39858ceca07b1879dc
kernel-tools-5.14.0-162.12.1.el9_1.cloud.0.1.aarch64.rpm
d93cd6a20c662d34b5016fcb4c3b19a90bb47bea1d73bfaa54c5fd426a6574d1
kernel-tools-libs-5.14.0-162.12.1.el9_1.cloud.0.1.aarch64.rpm
ddeb5f7dae41302b349d5906eae3882762ed47b8a6d1a61a77dd205a059b9b9d
kernel-tools-libs-devel-5.14.0-162.12.1.el9_1.cloud.0.1.aarch64.rpm
ff9ea1824909004aa2820a1b5151c453eab47dcfc42c79612bc70073008b6141
perf-5.14.0-162.12.1.el9_1.cloud.0.1.aarch64.rpm
8a2bf2ec5fd3296c50c80e7f4c7dff562350c921cb201276d37446d43cc013a7
python3-perf-5.14.0-162.12.1.el9_1.cloud.0.1.aarch64.rpm
58f181729f9a8ea3b1480c320664848506637e15bc1a358ef26a49e0fe33dc8f
RXSA-2023:0951
Important: kernel security and bug fix update
The kernel packages contain the Linux kernel, the core of any Linux operating system.
Security Fix(es):
* kernel: use-after-free caused by l2cap_reassemble_sdu() in net/bluetooth/l2cap_core.c (CVE-2022-3564)
* kernel: stack overflow in do_proc_dointvec and proc_skip_spaces (CVE-2022-4378)
* kernel: use-after-free in __nfs42_ssc_open() in fs/nfs/nfs4file.c leading to remote Denial of Service attack (CVE-2022-4379)
* kernel: Netfilter integer overflow vulnerability in nft_payload_copy_vlan (CVE-2023-0179)
* kernel: an out-of-bounds vulnerability in i2c-ismt driver (CVE-2022-2873)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
* Rocky Linux SIG Cloud 9.0: LTP Test failure and crash at fork14 on Sapphire Rapids Platinum 8280+ (BZ#2133083)
* Rocky Linux SIG Cloud 9.1 Extending NMI watchdog's timer during LPM (BZ#2140085)
* AMDSERVER 9.1: amdpstate driver incorrectly designed to load as default for Genoa (BZ#2151274)
* qla2xxx NVMe-FC: WARNING: CPU: 0 PID: 124072 at drivers/scsi/qla2xxx/qla_init.c:70 qla2xxx_rel_done_warning+0x25/0x30 [qla2xxx] (BZ#2152178)
* Regression: Kernel panic on Lenovo T480 with AH40 USB-C docking station (BZ#2153277)
* Scheduler Update (rhel9.2) (BZ#2153792)
* Rocky Linux SIG Cloud9.1, Nx_Gzip: nr_total_credits is not decremented when processing units are reduced by dlpar in shared mode. (FW1030 / DLPAR) (BZ#2154305)
* MSFT, MANA, NET Patch Rocky Linux SIG Cloud-9: Fix race on per-CQ variable napi_iperf panic fix (BZ#2155145)
* Azure vPCI Rocky Linux SIG Cloud-9 add the support of multi-MSI (BZ#2155459)
* Azure Rocky Linux SIG Cloud-9: VM Deployment Failures Patch Request (BZ#2155930)
* The 'date' command shows wrong time in nested KVM s390x guest (BZ#2158815)
* Rocky Linux SIG Cloud-9.2: Update NVMe driver to sync with upstream v6.0 (BZ#2161344)
* CEE cephfs: Rocky Linux SIG Cloud9 cephfs client crashing with RIP: 0010:netfs_rreq_unlock+0xef/0x380 [netfs] (BZ#2161418)
* block layer: update with upstream v6.0 (BZ#2162535)
Copyright 2023 Rocky Enterprise Software Foundation
Rocky Linux SIG Cloud 9
1
Important
An update is available for kernel.
This update affects Rocky Linux SIG Cloud 9.
A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list
The kernel packages contain the Linux kernel, the core of any Linux operating system.
Security Fix(es):
* kernel: use-after-free caused by l2cap_reassemble_sdu() in net/bluetooth/l2cap_core.c (CVE-2022-3564)
* kernel: stack overflow in do_proc_dointvec and proc_skip_spaces (CVE-2022-4378)
* kernel: use-after-free in __nfs42_ssc_open() in fs/nfs/nfs4file.c leading to remote Denial of Service attack (CVE-2022-4379)
* kernel: Netfilter integer overflow vulnerability in nft_payload_copy_vlan (CVE-2023-0179)
* kernel: an out-of-bounds vulnerability in i2c-ismt driver (CVE-2022-2873)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
* Rocky Linux SIG Cloud 9.0: LTP Test failure and crash at fork14 on Sapphire Rapids Platinum 8280+ (BZ#2133083)
* Rocky Linux SIG Cloud 9.1 Extending NMI watchdog's timer during LPM (BZ#2140085)
* AMDSERVER 9.1: amdpstate driver incorrectly designed to load as default for Genoa (BZ#2151274)
* qla2xxx NVMe-FC: WARNING: CPU: 0 PID: 124072 at drivers/scsi/qla2xxx/qla_init.c:70 qla2xxx_rel_done_warning+0x25/0x30 [qla2xxx] (BZ#2152178)
* Regression: Kernel panic on Lenovo T480 with AH40 USB-C docking station (BZ#2153277)
* Scheduler Update (rhel9.2) (BZ#2153792)
* Rocky Linux SIG Cloud9.1, Nx_Gzip: nr_total_credits is not decremented when processing units are reduced by dlpar in shared mode. (FW1030 / DLPAR) (BZ#2154305)
* MSFT, MANA, NET Patch Rocky Linux SIG Cloud-9: Fix race on per-CQ variable napi_iperf panic fix (BZ#2155145)
* Azure vPCI Rocky Linux SIG Cloud-9 add the support of multi-MSI (BZ#2155459)
* Azure Rocky Linux SIG Cloud-9: VM Deployment Failures Patch Request (BZ#2155930)
* The 'date' command shows wrong time in nested KVM s390x guest (BZ#2158815)
* Rocky Linux SIG Cloud-9.2: Update NVMe driver to sync with upstream v6.0 (BZ#2161344)
* CEE cephfs: Rocky Linux SIG Cloud9 cephfs client crashing with RIP: 0010:netfs_rreq_unlock+0xef/0x380 [netfs] (BZ#2161418)
* block layer: update with upstream v6.0 (BZ#2162535)
rocky-linux-9-sig-cloud-aarch64-cloud-kernel-rpms
bpftool-5.14.0-162.18.1.el9_1.cloud.aarch64.rpm
55304b11f58474e76cf15bd7b54279a67bc2be5317d77459a4bf8914d818d021
kernel-5.14.0-162.18.1.el9_1.cloud.aarch64.rpm
3234b52849610ff2e854c8c4719210c687817d3a1b4c42e7ad169a13bf6be78a
kernel-abi-stablelists-5.14.0-162.18.1.el9_1.cloud.noarch.rpm
6d651c9e8c0c7e3e5e8e554019824808af818c196187ef92527231e5a95847cb
kernel-core-5.14.0-162.18.1.el9_1.cloud.aarch64.rpm
b9613fb7ad3154c37e248429edefb9d4e6842ed7074ed2a86f3b24f1fd716c12
kernel-cross-headers-5.14.0-162.18.1.el9_1.cloud.aarch64.rpm
fc2eb957cd1058ba03bba8c1e66c1b0760f6c34fd1794085415e2b31e9b121e1
kernel-debug-5.14.0-162.18.1.el9_1.cloud.aarch64.rpm
bccbb458aeebcca3afbe2064898ccbfc324362bd1a56c11fb89e2f44d543530a
kernel-debug-core-5.14.0-162.18.1.el9_1.cloud.aarch64.rpm
507dd8a4dc761abaa9cb15a5602c2122106e7c7c77b00d66ea3f1c6d144e03d8
kernel-debug-devel-5.14.0-162.18.1.el9_1.cloud.aarch64.rpm
4387eee9f2310a222a82b480b677d02d089b797413b9caf008c77761a58b5a4e
kernel-debug-devel-matched-5.14.0-162.18.1.el9_1.cloud.aarch64.rpm
f722b8e05019f018fcb5fa3355a2d094a119ed19b1f7093d149f2fb1340ad27a
kernel-debug-modules-5.14.0-162.18.1.el9_1.cloud.aarch64.rpm
25872cfee23501c8f3d2ec44b3adf2c2d9b957f453eb624a622928ac24174f6c
kernel-debug-modules-extra-5.14.0-162.18.1.el9_1.cloud.aarch64.rpm
4b4a23353dfd7f3ff870170fd76fe13ac5d9cd211986b7b30bc330b89cfce124
kernel-devel-5.14.0-162.18.1.el9_1.cloud.aarch64.rpm
5a624dce3d0671f7c891b147d943551f733441995b402a3f0e83de6a4bc52aad
kernel-devel-matched-5.14.0-162.18.1.el9_1.cloud.aarch64.rpm
f125117c459bb02cc47e5d85faeea59f5b74dd67086551313a0b1550dd8cf2b7
kernel-doc-5.14.0-162.18.1.el9_1.cloud.noarch.rpm
76525ebe57cbdc9d27923428193192082f6b8d3ee560cb46f39cee46beade212
kernel-headers-5.14.0-162.18.1.el9_1.cloud.aarch64.rpm
9dd791c2950c02472394e6e717f4a77badfe6c48d80529bec09deac0f0199443
kernel-modules-5.14.0-162.18.1.el9_1.cloud.aarch64.rpm
70f7c39c59b5cedef1ea4ff595a86ab07807ac7a40f41030f8abe5faf42f22fb
kernel-modules-extra-5.14.0-162.18.1.el9_1.cloud.aarch64.rpm
c164fe5c08507d01a3ef745a1de6976bc926dcb4935e4745d5f2ff4ea3e7654f
kernel-tools-5.14.0-162.18.1.el9_1.cloud.aarch64.rpm
b64e20161d86179de3286e64641fc306bcac75b36d5c24eeccfd21020a565beb
kernel-tools-libs-5.14.0-162.18.1.el9_1.cloud.aarch64.rpm
8e129cbba2dcaf66acd9688f5e14e8ea9b1611a32fffb730c7f564020e13a2d3
kernel-tools-libs-devel-5.14.0-162.18.1.el9_1.cloud.aarch64.rpm
a535df8f319e456fc07cbee5b1d552d7c77ba09cf29cb2439577ed7f7c430964
perf-5.14.0-162.18.1.el9_1.cloud.aarch64.rpm
17fa939e6c815ce330bffb759b22d214a236ad707ec8eb464e81227848592969
python3-perf-5.14.0-162.18.1.el9_1.cloud.aarch64.rpm
5e70dfa08a74891fa42602b0bdcdeaee68b392983ea39f73dbdba6a9ee9aedf6