Important: kernel security, bug fix, and enhancement update

The kernel packages contain the Linux kernel, the core of any Linux operating system.

Security Fix(es):

• kernel: locking issue in drivers/tty/tty_jobctrl.c can lead to an use-after-free (CVE-2020-29661)

• kernel: performance counters race condition use-after-free (CVE-2020-14351)

• kernel: ICMP rate limiting can be used for DNS poisoning attack (CVE-2020-25705)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

• Final fixes + drop alpha_support flag requirement for Tigerlake (BZ#1882620)

• OVS complains Invalid Argument on TCP packets going into conntrack (BZ#1892744)

• BUG: using smp_processor_id() in preemptible [00000000] code: handler106/3082 (BZ#1893281)

• Icelake performance - add intel_idle: Customize IceLake server support to AlmaLinux-8 (BZ#1897183)

• [mlx5] IPV6 TOS rewrite flows are not getting offloaded in HW (BZ#1897688)

• AlmaLinux 8.3 SAS - multipathd fails to re-establish paths during controller random reset (BZ#1900112)

• AlmaLinux8.3 Beta - AlmaLinux8.3 hangs on dbginfo.sh execution, crash dump generated (mm-) (BZ#1903019)

• Win10 guest automatic reboot after migration in Win10 and WSL2 on AMD hosts (BZ#1905084)

• block, dm: fix IO splitting for stacked devices (BZ#1905136)

• Failed to hotplug scsi-hd disks (BZ#1905214)

• PCI quirk needed to prevent GPU hang (BZ#1906516)

• AlmaLinux8.2 - various patches to stabilize the OPAL error log processing and the powernv dump processing (ESS) (BZ#1907301)

• pmtu not working with tunnels as bridge ports and br_netfilter loaded (BZ#1907576)

• [ThinkPad X13/T14/T14s AMD]: Kdump failed (BZ#1907775)

• NFSv4 client improperly handles interrupted slots (BZ#1908312)

• NFSv4.1 client ignores ERR_DELAY during LOCK recovery, could lead to data corruption (BZ#1908313)

• [Regression] AlmaLinux8.2 - [kernel 148.el8] cpu (sys) time regression in SAP HANA 2.0 benchmark benchInsertSubSelectPerformance (BZ#1908519)

• AlmaLinux8: kernel-rt: kernel BUG at kernel/sched/deadline.c:1462! (BZ#1908731)

• SEV VM hang at efi_mokvar_sysfs_init+0xa9/0x19d during boot (BZ#1909243)

• C6gn support requires “Ensure dirty bit is preserved across pte_wrprotect” patch (BZ#1909577)

• [Lenovo 8.3 & 8.4 Bug] [Regression] No response from keyboard and mouse when boot from tboot kernel (BZ#1911555)

• Kernel crash with krb5p (BZ#1912478)

• [AlmaLinux8] Need additional backports for FIPS 800-90A DRBG entropy seeding source (BZ#1912872)

• [Hyper-V][AlmaLinux-8] Request to included a commit that adds a timeout to vmbus_wait_for_unload (BZ#1913528)

• Host becomes unresponsive during stress-ng --cyclic test rcu: INFO: rcu_preempt detected stalls on CPUs/tasks: (BZ#1913964)

• AlmaLinux8.4: Backport upstream RCU patches up to v5.6 (BZ#1915638)

• Missing mm backport to fix regression introduced by another mm backport (BZ#1915814)

• [Hyper-V][AlmaLinux-8]video: hyperv_fb: Fix the cache type when mapping the VRAM Edit (BZ#1917711)

• ionic 0000:39:00.0 ens2: IONIC_CMD_Q_INIT (40) failed: IONIC_RC_ERROR (-5) (BZ#1918372)

• [certification] mlx5_core depends on tls triggering TAINT_TECH_PREVIEW even if no ConnectX-6 card is present (BZ#1918743)

• kvm-almalinux8.3 [AMD] - system crash observed while powering on virtual machine with attached VF interfaces. (BZ#1919885)

Enhancement(s):

• [Mellanox 8.4 FEAT] mlx5: Add messages when VF-LAG fails to start (BZ#1892344)