(RHSA-2022:8809) Important: kernel security and bug fix update

The kernel packages contain the Linux kernel, the core of any Linux operating system.

Security Fix(es):

• kernel: KVM: cmpxchg_gpte can write to pfns outside the userspace region (CVE-2022-1158)

• kernel: openvswitch: integer underflow leads to out-of-bounds write in reserve_sfa_size() (CVE-2022-2639)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

• x86/intel: processors require energy_perf_bias setting (BZ#2102103)

• System crashes due to list_add double add at iwl_mvm_mac_wake_tx_queue+0x71 (BZ#2112264)

• Fix SCHED_WARN_ON deadlock (BZ#2125422)

• Starting VMs on a KVM-host with EL8.6-kernel sometimes produces timejumps into the future for other already running guest-VMs [rhel.8] (BZ#2125671)

• RHEL8.4 - zfcp: fix missing auto port scan and thus missing target ports (BZ#2127850)

• vfio zero page mappings fail after 2M instances (BZ#2128516)

• The kernel needs to offer a way to reseed the Crypto DRBG and atomically extract random numbers from it (BZ#2129728)

• ice: Driver Update up to 5.19 (BZ#2130993)

• virtio-net: support XDP when not more queues (BZ#2131740)

• VMs hang after migration (BZ#2131756)

• Update NVME subsystem with bug fixes and minor changes (BZ#2132555)

• [HPE BUG] Premature swapping with swappiness=0 while there’s still plenty of pagecache to be reclaimed. (BZ#2133831)

• nf_conntrack causing nfs to stall (BZ#2134089)

• Fix issue that enables STABLE_WRITES by default and causes performance regressions (BZ#2135814)

• [ice] Intel E810 PTP clock glitching (BZ#2136037)

• ice: arp replies not making it to switch (BZ#2136043)

• [ice]configure link-down-on-close on and change interface mtu to 9000,the interface can’t up (BZ#2136217)

• ice: dump additional CSRs for Tx hang debugging (BZ#2136514)

• crypto/testmgr.c should not list dh, ecdh as .fips_allowed = 1 (BZ#2136525)

• FIPS module identification via name and version (BZ#2136540)

• FIPS self-tests for RSA pkcs7 signature verification (BZ#2137316)

• After upgrading to ocp4.11.1, our dpdk application using vlan strip offload is not working (BZ#2138158)

• WARNING: CPU: 0 PID: 9637 at kernel/time/hrtimer.c:1309 hrtimer_start_range_ns+0x35d/0x400 (BZ#2138954)

• [DELL EMC 8.6-RT BUG] System is not booting into RT Kernel with perc12. (BZ#2139217)

• Cannot trigger kernel dump using NMI on SNO node running PAO and RT kernel (BZ#2139581)

• Laser bias information can’t be shown by ethtool on rhel8.6 (BZ#2139638)

• Nested KVM is not working on RHEL 8.6 with hardware error 0x7 (BZ#2140144)