(RHSA-2020:4286) Important: kernel security and bug fix update

The kernel packages contain the Linux kernel, the core of any Linux operating system.

Security Fix(es):

• kernel: net: bluetooth: type confusion while processing AMP packets (CVE-2020-12351)

• kernel: net: bluetooth: information leak when processing certain AMP packets (CVE-2020-12352)

• kernel: metadata validator in XFS may cause an inode with a valid, user-creatable extended attribute to be flagged as corrupt (CVE-2020-14385)

• kernel: memory corruption in net/packet/af_packet.c leads to elevation of privilege (CVE-2020-14386)

• kernel: kernel: buffer over write in vgacon_scroll (CVE-2020-14331)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

• [mlx5] stale ethtool steering rules remain after moving back to legacy mode (BZ#1857777)

• 50% cpu in masked_flow_update with pop to pod TCP_RR (BZ#1859216)

• take into account GSO and fragmented packets in execute_check_pkt_len action (BZ#1860169)

• RHEL8.1 - scsi: ibmvfc: Avoid loss of all paths during SVC node reboot (BZ#1866371)

• RHEL8.3 Pre-Beta - smc: SMC connections hang with later-level implementations (BZ#1866390)

• Incorrect pinning of IRQ threads on isolated CPUs by drivers that use cpumask_local_spread() (BZ#1867174)

• [RHEL8] Fixes for DEADLINE scheduler class (BZ#1867612)

• RHEL8.1 - s390/pci: Fix unexpected write combine on resource (BZ#1869276)

• dm multipath: fix spurious failures during IO completion [EIOP-8345] (BZ#1869386)

• IO on virtio-scsi hangs when running cpu hotplug test (BZ#1869779)

• store_rps_map doesn’t accept an empty bitmask, which is required for disabling RPS on a queue (BZ#1870181)

• Memory registration cache data corruption possible, fix requires backporting (BZ#1872424)

• fix another case of wait list corruption for PSM/sdma (BZ#1872766)

• [RHEL-8] Segmentation fault (core dumped) when fi_bw -e msg -v -T 1 -p “verbs” (BZ#1872771)

• fix mounting and inode number handling on s390x (BZ#1875787)

• failure to enter nohz_full mode for non SCHED_FIFO tasks (BZ#1877417)

• Secure boot key is not loaded with kernel-4.18.0-232.el8.x86_64 / shim-x64-15-15 (BZ#1877528)

• [RHEL-8.3] Kdump failed to start when secure boot enabled: kexec_file_load failed: Required key not available (BZ#1877530)

• [RHEL-8.3] Kdump/kexec kernel panicked on EFI boot: general protection fault: 0000 [#1] SMP PTI (BZ#1879988)

• Sleeping or scheduling after sched_cpu_dying() led to “scheduling while atomic” and BUG at kernel/cpu.c:907! (BZ#1880081)

• [conntrack] udp packet reverse NAT occasionally fail when race condition request combination with the DNAT load balancing rules (BZ#1882095)

• [Regression] RHEL8.3 Beta - Do not initiate shutdown for EPOW_SHUTDOWN_ON_UPS event (BZ#1882243)