RXSA-2023:0334
Important: kernel security and bug fix update
The kernel packages contain the Linux kernel, the core of any Linux operating system.
Security Fix(es):
* kernel: watch queue race condition can lead to privilege escalation (CVE-2022-2959)
* kernel: memory corruption in AX88179_178A based USB ethernet device. (CVE-2022-2964)
* kernel: i915: Incorrect GPU TLB flush can lead to random memory access (CVE-2022-4139)
* kernel: nfsd buffer overflow by RPC message over TCP with garbage data (CVE-2022-43945)
* kernel: i2c: unbounded length leads to buffer overflow in ismt_access() (CVE-2022-3077)
* kernel: Unprivileged users may use PTRACE_SEIZE to set PTRACE_O_SUSPEND_SECCOMP option (CVE-2022-30594)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
* Intel 9.2: Important iavf bug fixes (BZ#2127884)
* vfio zero page mappings fail after 2M instances (BZ#2128514)
* nvme-tcp automatic reconnect fails intermittently during EMC powerstore NDU operation (BZ#2131359)
* ice: Driver Update to 5.19 (BZ#2132070)
* WARNING: CPU: 116 PID: 3440 at arch/x86/mm/extable.c:105 ex_handler_fprestore+0x3f/0x50 (BZ#2134588)
* drm: duplicated call of drm_privacy_screen_register_notifier() in drm_connector_register() (BZ#2134619)
* updating the appid field through sysfs is returning an -EINVAL error (BZ#2136914)
* DELL EMC: System is not booting into RT Kernel with perc12. (BZ#2139213)
* No signal showed in the VGA monitor when installing Rocky Linux SIG Cloud9 in the legacy bios mode (BZ#2140153)
* Practically limit "Dummy wait" workaround to old Intel systems (BZ#2142168)
* ppc64le: unexpected oom panic when there's enough memory left in zswap test (BZ#2143976)
* fatal error: error in backend: Branch target out of insn range (BZ#2144902)
* AMdCLIENT: The kernel command line parameter "nomodeset" not working properly (BZ#2145217)
* Azure: PCI: hv: Do not set PCI_COMMAND_MEMORY to reduce VM boot time (BZ#2150910)
* Azure z-stream: Sometimes newly deployed VMs are not getting accelerated network during provisioning (BZ#2151605)
* DELL 9.0 RT - On PE R760 system, call traces are observed dmesg when system is running stress (BZ#2154407)
Copyright 2023 Rocky Enterprise Software Foundation
Rocky Linux SIG Cloud 9
1
Important
An update is available for kernel.
This update affects Rocky Linux SIG Cloud 9.
A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list
The kernel packages contain the Linux kernel, the core of any Linux operating system.
Security Fix(es):
* kernel: watch queue race condition can lead to privilege escalation (CVE-2022-2959)
* kernel: memory corruption in AX88179_178A based USB ethernet device. (CVE-2022-2964)
* kernel: i915: Incorrect GPU TLB flush can lead to random memory access (CVE-2022-4139)
* kernel: nfsd buffer overflow by RPC message over TCP with garbage data (CVE-2022-43945)
* kernel: i2c: unbounded length leads to buffer overflow in ismt_access() (CVE-2022-3077)
* kernel: Unprivileged users may use PTRACE_SEIZE to set PTRACE_O_SUSPEND_SECCOMP option (CVE-2022-30594)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
* Intel 9.2: Important iavf bug fixes (BZ#2127884)
* vfio zero page mappings fail after 2M instances (BZ#2128514)
* nvme-tcp automatic reconnect fails intermittently during EMC powerstore NDU operation (BZ#2131359)
* ice: Driver Update to 5.19 (BZ#2132070)
* WARNING: CPU: 116 PID: 3440 at arch/x86/mm/extable.c:105 ex_handler_fprestore+0x3f/0x50 (BZ#2134588)
* drm: duplicated call of drm_privacy_screen_register_notifier() in drm_connector_register() (BZ#2134619)
* updating the appid field through sysfs is returning an -EINVAL error (BZ#2136914)
* DELL EMC: System is not booting into RT Kernel with perc12. (BZ#2139213)
* No signal showed in the VGA monitor when installing Rocky Linux SIG Cloud9 in the legacy bios mode (BZ#2140153)
* Practically limit "Dummy wait" workaround to old Intel systems (BZ#2142168)
* ppc64le: unexpected oom panic when there's enough memory left in zswap test (BZ#2143976)
* fatal error: error in backend: Branch target out of insn range (BZ#2144902)
* AMdCLIENT: The kernel command line parameter "nomodeset" not working properly (BZ#2145217)
* Azure: PCI: hv: Do not set PCI_COMMAND_MEMORY to reduce VM boot time (BZ#2150910)
* Azure z-stream: Sometimes newly deployed VMs are not getting accelerated network during provisioning (BZ#2151605)
* DELL 9.0 RT - On PE R760 system, call traces are observed dmesg when system is running stress (BZ#2154407)
rocky-linux-9-sig-cloud-x86-64-cloud-kernel-rpms
bpftool-5.14.0-162.12.1.el9_1.cloud.0.1.x86_64.rpm
c5c71d1a7a28354fdce1d50fa1a0a0dd03a01f5333f54c0cb5c771c913a9673c
kernel-5.14.0-162.12.1.el9_1.cloud.0.1.x86_64.rpm
261412fa68127c5f544ae9fab069908eeffccf8e45284bbc33016632ebbf1418
kernel-abi-stablelists-5.14.0-162.12.1.el9_1.cloud.0.1.noarch.rpm
7d125f0361e0211faa3702c9cc9cb98f6c92bd56ec193d4dbc5a4d913eb1a3fa
kernel-core-5.14.0-162.12.1.el9_1.cloud.0.1.x86_64.rpm
9139c1b7651d48c7149ee5b591386f9a2a89a75ee1732ce932c75f78549430ec
kernel-cross-headers-5.14.0-162.12.1.el9_1.cloud.0.1.x86_64.rpm
f21403201337062e81e6fdc5df3087ffc27ff64494423c69267eb5a747d7347f
kernel-debug-5.14.0-162.12.1.el9_1.cloud.0.1.x86_64.rpm
c7550ae753ac053f2d927371a53f1808657decc6ea038d210b991f69097d39a1
kernel-debug-core-5.14.0-162.12.1.el9_1.cloud.0.1.x86_64.rpm
d421808ffd867bace45e9ffd87038cddb43021130d3bca6f63fdfab5d99985d6
kernel-debug-devel-5.14.0-162.12.1.el9_1.cloud.0.1.x86_64.rpm
ab04cfe75adca91f1d811e2f0cdf7e22fdc5f688c1289d4d28f68ee4d6028a66
kernel-debug-devel-matched-5.14.0-162.12.1.el9_1.cloud.0.1.x86_64.rpm
4b3f44095ab5d39d3fb13fad57f7b8e64144795433bcc80a04b0a919b1de2aa2
kernel-debug-modules-5.14.0-162.12.1.el9_1.cloud.0.1.x86_64.rpm
60eb2b208474d3a02a2ff21e9963f845a87025445b258e0ae8e5a9d059b18254
kernel-debug-modules-extra-5.14.0-162.12.1.el9_1.cloud.0.1.x86_64.rpm
e8a3fa2e00572a857d02724771c5c02a0d4051677b509ac238af7443480c5397
kernel-devel-5.14.0-162.12.1.el9_1.cloud.0.1.x86_64.rpm
9bb96476683e3555065807ff70d9d3c48a0fa21235b1ce6e12ed1371f85cb721
kernel-devel-matched-5.14.0-162.12.1.el9_1.cloud.0.1.x86_64.rpm
672856352c1867aaa68bb2c41bd09a5d95c05b23565bc39a60c112389c12b9b1
kernel-doc-5.14.0-162.12.1.el9_1.cloud.0.1.noarch.rpm
6f5c9063dbf11a75fe42bab60b2f726c99c2ef358f4375ad0daccd67613836e9
kernel-headers-5.14.0-162.12.1.el9_1.cloud.0.1.x86_64.rpm
36d284d87b30792fdea97d4aa5c7078a11e54407ce034ef992cb73980d74b376
kernel-modules-5.14.0-162.12.1.el9_1.cloud.0.1.x86_64.rpm
770c929f208cf323dbc1b54a318c6cb267bf69c3d8c33a0d7a2c87175b6ab2c1
kernel-modules-extra-5.14.0-162.12.1.el9_1.cloud.0.1.x86_64.rpm
d24bbf0aea49a256ffa9f56d903738ca49d851d204a9323996aa1df3428b6887
kernel-tools-5.14.0-162.12.1.el9_1.cloud.0.1.x86_64.rpm
e01ed9d63e4f5d4b68b33ade96b01e97d6e948be62cbbcc94b2a8e0676567faa
kernel-tools-libs-5.14.0-162.12.1.el9_1.cloud.0.1.x86_64.rpm
730c095e026094d1e81c5b42fa77e03c55eba7a875b0e3ba41ecc39af56828f9
kernel-tools-libs-devel-5.14.0-162.12.1.el9_1.cloud.0.1.x86_64.rpm
aaedb5b495b99718240889ff2e81ecd7d738106d64b1df4708da86a7c44f137f
perf-5.14.0-162.12.1.el9_1.cloud.0.1.x86_64.rpm
f98fa290ed5410e8c78db78d37a3fcce13a0e093255d227520f79d7256de9297
python3-perf-5.14.0-162.12.1.el9_1.cloud.0.1.x86_64.rpm
1843f9c168a873f4e7daf4ec20102723ebe2058957f0584f63ac6281943707d5
RXSA-2023:0951
Important: kernel security and bug fix update
The kernel packages contain the Linux kernel, the core of any Linux operating system.
Security Fix(es):
* kernel: use-after-free caused by l2cap_reassemble_sdu() in net/bluetooth/l2cap_core.c (CVE-2022-3564)
* kernel: stack overflow in do_proc_dointvec and proc_skip_spaces (CVE-2022-4378)
* kernel: use-after-free in __nfs42_ssc_open() in fs/nfs/nfs4file.c leading to remote Denial of Service attack (CVE-2022-4379)
* kernel: Netfilter integer overflow vulnerability in nft_payload_copy_vlan (CVE-2023-0179)
* kernel: an out-of-bounds vulnerability in i2c-ismt driver (CVE-2022-2873)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
* Rocky Linux SIG Cloud 9.0: LTP Test failure and crash at fork14 on Sapphire Rapids Platinum 8280+ (BZ#2133083)
* Rocky Linux SIG Cloud 9.1 Extending NMI watchdog's timer during LPM (BZ#2140085)
* AMDSERVER 9.1: amdpstate driver incorrectly designed to load as default for Genoa (BZ#2151274)
* qla2xxx NVMe-FC: WARNING: CPU: 0 PID: 124072 at drivers/scsi/qla2xxx/qla_init.c:70 qla2xxx_rel_done_warning+0x25/0x30 [qla2xxx] (BZ#2152178)
* Regression: Kernel panic on Lenovo T480 with AH40 USB-C docking station (BZ#2153277)
* Scheduler Update (rhel9.2) (BZ#2153792)
* Rocky Linux SIG Cloud9.1, Nx_Gzip: nr_total_credits is not decremented when processing units are reduced by dlpar in shared mode. (FW1030 / DLPAR) (BZ#2154305)
* MSFT, MANA, NET Patch Rocky Linux SIG Cloud-9: Fix race on per-CQ variable napi_iperf panic fix (BZ#2155145)
* Azure vPCI Rocky Linux SIG Cloud-9 add the support of multi-MSI (BZ#2155459)
* Azure Rocky Linux SIG Cloud-9: VM Deployment Failures Patch Request (BZ#2155930)
* The 'date' command shows wrong time in nested KVM s390x guest (BZ#2158815)
* Rocky Linux SIG Cloud-9.2: Update NVMe driver to sync with upstream v6.0 (BZ#2161344)
* CEE cephfs: Rocky Linux SIG Cloud9 cephfs client crashing with RIP: 0010:netfs_rreq_unlock+0xef/0x380 [netfs] (BZ#2161418)
* block layer: update with upstream v6.0 (BZ#2162535)
Copyright 2023 Rocky Enterprise Software Foundation
Rocky Linux SIG Cloud 9
1
Important
An update is available for kernel.
This update affects Rocky Linux SIG Cloud 9.
A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list
The kernel packages contain the Linux kernel, the core of any Linux operating system.
Security Fix(es):
* kernel: use-after-free caused by l2cap_reassemble_sdu() in net/bluetooth/l2cap_core.c (CVE-2022-3564)
* kernel: stack overflow in do_proc_dointvec and proc_skip_spaces (CVE-2022-4378)
* kernel: use-after-free in __nfs42_ssc_open() in fs/nfs/nfs4file.c leading to remote Denial of Service attack (CVE-2022-4379)
* kernel: Netfilter integer overflow vulnerability in nft_payload_copy_vlan (CVE-2023-0179)
* kernel: an out-of-bounds vulnerability in i2c-ismt driver (CVE-2022-2873)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
* Rocky Linux SIG Cloud 9.0: LTP Test failure and crash at fork14 on Sapphire Rapids Platinum 8280+ (BZ#2133083)
* Rocky Linux SIG Cloud 9.1 Extending NMI watchdog's timer during LPM (BZ#2140085)
* AMDSERVER 9.1: amdpstate driver incorrectly designed to load as default for Genoa (BZ#2151274)
* qla2xxx NVMe-FC: WARNING: CPU: 0 PID: 124072 at drivers/scsi/qla2xxx/qla_init.c:70 qla2xxx_rel_done_warning+0x25/0x30 [qla2xxx] (BZ#2152178)
* Regression: Kernel panic on Lenovo T480 with AH40 USB-C docking station (BZ#2153277)
* Scheduler Update (rhel9.2) (BZ#2153792)
* Rocky Linux SIG Cloud9.1, Nx_Gzip: nr_total_credits is not decremented when processing units are reduced by dlpar in shared mode. (FW1030 / DLPAR) (BZ#2154305)
* MSFT, MANA, NET Patch Rocky Linux SIG Cloud-9: Fix race on per-CQ variable napi_iperf panic fix (BZ#2155145)
* Azure vPCI Rocky Linux SIG Cloud-9 add the support of multi-MSI (BZ#2155459)
* Azure Rocky Linux SIG Cloud-9: VM Deployment Failures Patch Request (BZ#2155930)
* The 'date' command shows wrong time in nested KVM s390x guest (BZ#2158815)
* Rocky Linux SIG Cloud-9.2: Update NVMe driver to sync with upstream v6.0 (BZ#2161344)
* CEE cephfs: Rocky Linux SIG Cloud9 cephfs client crashing with RIP: 0010:netfs_rreq_unlock+0xef/0x380 [netfs] (BZ#2161418)
* block layer: update with upstream v6.0 (BZ#2162535)
rocky-linux-9-sig-cloud-x86-64-cloud-kernel-rpms
bpftool-5.14.0-162.18.1.el9_1.cloud.x86_64.rpm
2a13577f990e6837875a00a5c44a501c93c7b5ec303c51e51fcbd77e81694d43
kernel-5.14.0-162.18.1.el9_1.cloud.x86_64.rpm
d0fc4844b545216ab30cb2493c9150a45b9af150dcfc4bec22e62e9ede10c2b2
kernel-abi-stablelists-5.14.0-162.18.1.el9_1.cloud.noarch.rpm
6d651c9e8c0c7e3e5e8e554019824808af818c196187ef92527231e5a95847cb
kernel-core-5.14.0-162.18.1.el9_1.cloud.x86_64.rpm
eb7bf0eebe8c208a2b9b7a21cbf2f9d28bb789a6d97e2549e57b6c4f30f02027
kernel-cross-headers-5.14.0-162.18.1.el9_1.cloud.x86_64.rpm
ab9a2030d03b3ce5f3dab0e853fd06454b0d91936e1de7066a21c822f6a7e1ef
kernel-debug-5.14.0-162.18.1.el9_1.cloud.x86_64.rpm
0bbd81ee7944801a24ddbfdbde409c544b9bd1324abd48dde7692238baa630d3
kernel-debug-core-5.14.0-162.18.1.el9_1.cloud.x86_64.rpm
c474836dc2f3aabac1387634dcb107397909f7539ac3772cde495e1e926cc6b0
kernel-debug-devel-5.14.0-162.18.1.el9_1.cloud.x86_64.rpm
eead46ca35ea6c0ac8680669854e0dff953bd578ecc8c349f10913015c7b93c2
kernel-debug-devel-matched-5.14.0-162.18.1.el9_1.cloud.x86_64.rpm
f7f9182951fbdd82fd8664beed356f33f092b2d5dc297f52af4d09f5886b7ea1
kernel-debug-modules-5.14.0-162.18.1.el9_1.cloud.x86_64.rpm
f72fdbefbd9a76fbc6bd457779c4673df7c2b4cb76ac39534bac2c9357ae455f
kernel-debug-modules-extra-5.14.0-162.18.1.el9_1.cloud.x86_64.rpm
54305dfa0829408d43dc7e6f1592d0ec84dfbc892d7678b04b01d34deb9d6a33
kernel-devel-5.14.0-162.18.1.el9_1.cloud.x86_64.rpm
55b45ac9d50a12ff55dacb9cc5a87abfc2fc4fcd5451157e9af192d0f568ddc9
kernel-devel-matched-5.14.0-162.18.1.el9_1.cloud.x86_64.rpm
4491465f8ed9b977b0f8fbb7f432d788fffc658af6b4f4734ba17d1adc7464e6
kernel-doc-5.14.0-162.18.1.el9_1.cloud.noarch.rpm
76525ebe57cbdc9d27923428193192082f6b8d3ee560cb46f39cee46beade212
kernel-headers-5.14.0-162.18.1.el9_1.cloud.x86_64.rpm
36fa0e6ab4be5dafc29b7ec08cc43f5ec123ae8ed58070252a124b474a4bde15
kernel-modules-5.14.0-162.18.1.el9_1.cloud.x86_64.rpm
460caac9b9a7b244b3f83d3ebcccda98c101e0e571f9e618bd375a0e67658559
kernel-modules-extra-5.14.0-162.18.1.el9_1.cloud.x86_64.rpm
a979e6edb47ac27edfc901a08f906f58914a2ad8d4a50ee25df1e59acf8111d3
kernel-tools-5.14.0-162.18.1.el9_1.cloud.x86_64.rpm
4bce181c715ca4b378cfb1b57da23280c71ed8830cde45a39262b893952a8645
kernel-tools-libs-5.14.0-162.18.1.el9_1.cloud.x86_64.rpm
5b2f0297b9148001dad77d0d4d2ab9ab1793e72e0e790610ead1560c59df96df
kernel-tools-libs-devel-5.14.0-162.18.1.el9_1.cloud.x86_64.rpm
9d5ed978da4a9f71529b4d020fd65d1cb18e27107611b23d17be12189e485c3e
perf-5.14.0-162.18.1.el9_1.cloud.x86_64.rpm
bee15ef59e1e19a6c34c36a3c41daa2efd227847caddf78a9bf5cf92ac3b960d
python3-perf-5.14.0-162.18.1.el9_1.cloud.x86_64.rpm
56262401f58ab4eb87780b7f45f509016a31adf2ceddb029e65b6cfc374bb3a9