(RHSA-2022:5626) Important: kernel security and bug fix update

The kernel packages contain the Linux kernel, the core of any Linux operating system.

Security Fix(es):

• kernel: Small table perturb size in the TCP source port generation algorithm can lead to information leak (CVE-2022-1012)

• kernel: race condition in perf_event_open leads to privilege escalation (CVE-2022-1729)

• kernel: a use-after-free write in the netfilter subsystem can lead to privilege escalation to root (CVE-2022-32250)

• kernel: cgroup: Use open-time creds and namespace for migration perm checks (CVE-2021-4197)

• kernel: Race condition in races in sk_peer_pid and sk_peer_cred accesses (CVE-2021-4203)

• kernel: the copy-on-write implementation can grant unintended write access because of a race condition in a THP mapcount check (CVE-2020-29368)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

• Failed to reboot after crash trigger (BZ#2060747)

• conntrack entries linger around after test (BZ#2066357)

• Enable nested virtualization (BZ#2079070)

• slub corruption during LPM of hnv interface (BZ#2081251)

• sleeping function called from invalid context at kernel/locking/spinlock_rt.c:35 (BZ#2082091)

• Backport request of “genirq: use rcu in kstat_irqs_usr()” (BZ#2083309)

• ethtool -L may cause system to hang (BZ#2083323)

• For isolated CPUs (with nohz_full enabled for isolated CPUs) CPU utilization statistics are not getting reflected continuously (BZ#2084139)

• Affinity broken due to vector space exhaustion (BZ#2084647)

• kernel memory leak while freeing nested actions (BZ#2086597)

• sync rhel-8.6 with upstream 5.13 through 5.16 fixes and improvements (BZ#2088037)

• Kernel panic possibly when cleaning namespace on pod deletion (BZ#2089539)

• Softirq hrtimers are being placed on the per-CPU softirq clocks on isolcpu’s. (BZ#2090485)

• fix missed wake-ups in rq_qos_throttle try two (BZ#2092076)

• NFS4 client experiencing IO outages while sending duplicate SYNs and erroneous RSTs during connection reestablishment (BZ#2094334)

• using __this_cpu_read() in preemptible [00000000] code: kworker/u66:1/937154 (BZ#2095775)

• Need some changes in RHEL8.x kernels. (BZ#2096932)