(RHSA-2023:1202) Important: kernel security, bug fix, and enhancement update

The kernel packages contain the Linux kernel, the core of any Linux operating system.

Security Fix(es):

• kernel: use-after-free caused by l2cap_reassemble_sdu() in net/bluetooth/l2cap_core.c (CVE-2022-3564)

• kernel: stack overflow in do_proc_dointvec and proc_skip_spaces (CVE-2022-4378)

• kernel: use-after-free in __nfs42_ssc_open() in fs/nfs/nfs4file.c leading to remote Denial of Service attack (CVE-2022-4379)

• kernel: Netfilter integer overflow vulnerability in nft_payload_copy_vlan (CVE-2023-0179)

• ALSA: pcm: Move rwsem lock inside snd_ctl_elem_read to prevent UAF (CVE-2023-0266)

• kernel: net: CPU soft lockup in TC mirred egress-to-ingress action (CVE-2022-4269)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

• RHEL9:[P10] With Guest Secure Boot and lockdown enabled, DLPAR operations can’t be done (Rainier) (BZ#2107480)

• [RHEL 9.0] LTP Test failure and crash at fork14 on Sapphire Rapids Platinum 8280+ (BZ#2133084)

• RHEL9.0 - boot: Add secure boot trailer (BZ#2151529)

• ‘date’ command shows wrong time in nested KVM s390x guest (BZ#2158816)

• Kernel FIPS-140-3 requirements - part 3 - AES-XTS (BZ#2160176)

• RHEL 9.0.0 soft quota cannot exceed more the 5 warns which breaks timer functionality (BZ#2164263)

• In FIPS mode, the kernel should reject SHA-224, SHA-384, SHA-512-224, and SHA-512-256 as hashes for hash-based DRBGs, or provide an indicator after 2023-05-16 (BZ#2165131)

• [RHEL 9] FIPS: deadlock between PID 1 and “modprobe crypto-jitterentropy_rng” at boot, preventing system to boot. (BZ#2167762)

Enhancement(s):

• [Intel 9.2 FEAT] [SPR] CPU: AMX: Improve the init_fpstate setup code (BZ#2168383)