(RHSA-2021:3363) Important: kernel security, bug fix, and enhancement update

The kernel packages contain the Linux kernel, the core of any Linux operating system.

Security Fix(es):

• kernel: race condition in net/can/bcm.c leads to local privilege escalation (CVE-2021-3609)

• kernel: Improper handling of VM_IO|VM_PFNMAP vmas in KVM can bypass RO checks (CVE-2021-22543)

• kernel: out-of-bounds write in xt_compat_target_from_user() in net/netfilter/x_tables.c (CVE-2021-22555)

• kernel: race condition for removal of the HCI controller (CVE-2021-32399)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

• [Regression] RHEL8.2 - ISST-LTE:pVM:diapvmlp83:sum:memory DLPAR fails to add memory on multiple trials[mm/memory_hotplug.c:1163] (mm-) (BZ#1930169)

• Every server is displaying the same power levels for all of our i40e 25G interfaces. 10G interfaces seem to be correct. Ethtool version is 5.0 (BZ#1967100)

• s390/uv: Fix handling of length extensions (BZ#1975657)

• RHEL 8.3 using FCOE via a FastLinQ QL45000 card will not manually scan in LUN from Target_id’s over 8 (BZ#1976265)

• Backport “tick/nohz: Conditionally restart tick on idle exit” to RHEL 8.5 (BZ#1978711)

• rhel8.3: phase 2 netfilter backports from upstream (BZ#1980323)

• xfrm: backports from upstream (BZ#1981841)

Enhancement(s):

• [8.2.z] Incorrect parsing of ACPI HMAT table reports incorrect kernel WARNING taint (BZ#1943702)

• Only selected patches from [IBM 8.4 FEAT] ibmvnic: Backport FW950 and assorted bug fixes (BZ#1980795)