Important: kernel security and bug fix update

The kernel packages contain the Linux kernel, the core of any Linux operating system.

Security Fix(es):

• kernel: userspace applications can misuse the KVM API to cause a write of 16 bytes at an offset up to 32 GB from vcpu->run (CVE-2021-3501)

• kernel: nitro_enclaves stale file descriptors on failed usercopy (CVE-2021-3543)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

• OVS mistakenly using local IP as tun_dst for VXLAN packets (?) (BZ#1944667)

• Selinux: The task calling security_set_bools() deadlocks with itself when it later calls selinux_audit_rule_match(). (BZ#1945123)

• [mlx5] tc flower mpls match options does not work (BZ#1952061)

• mlx5: missing patches for ct.rel (BZ#1952062)

• CT HWOL: with OVN/OVS, intermittently, load balancer hairpin TCP packets get dropped for seconds in a row (BZ#1952065)

• [Lenovo 8.3 bug] Blackscreen after clicking on “Settings” icon from top-right corner. (BZ#1952900)

• Rocky Linux 8.x missing uio upstream fix. (BZ#1952952)

• Turbostat doesn’t show any measured data on AMD Milan (BZ#1952987)

• P620 no sound from front headset jack (BZ#1954545)

• Rocky Linux kernel 8.2 and higher are affected by data corruption bug in raid1 arrays using bitmaps. (BZ#1955188)

• [net/sched] connection failed with DNAT + SNAT by tc action ct (BZ#1956458)