(RHSA-2023:1554) Important: kernel security, bug fix, and enhancement update

The kernel packages contain the Linux kernel, the core of any Linux operating system.

Security Fix(es):

• ALSA: pcm: Move rwsem lock inside snd_ctl_elem_read to prevent UAF (CVE-2023-0266)

• kernel: FUSE filesystem low-privileged user privileges escalation (CVE-2023-0386)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

• RHEL 8.7: please integrate “powerpc/64/kdump: Limit kdump base to 512MB” patch. (BZ#2154272)

• Redhat OpenShift: Error downloading big ZIP files inside pod on power OCP and pod getting restarted (BZ#2160222)

• RHEL8.4: s390/kexec: fix ipl report address for kdump (BZ#2166297)

• Unable to get QinQ working with ConnectX-4 Lx in SR-IOV scenario (BZ#2166666)

• mlx5: lag and sriov fixes (BZ#2167648)

• New algorithm limits needed in FIPS mode (BZ#2167771)

• RHEL8.4: dasd: fix no record found for raw_track_access (BZ#2167777)

• kernel panics if iwlwifi firmware can not be loaded (BZ#2169664)

• CSB.V bit never becomes valid for NX Gzip job during LPAR migration (BZ#2170855)

• Backport Request for locking/rwsem commits (BZ#2170940)

• ipv6 traffic stop when an sriov vf have ipv6 address (BZ#2172551)

• Hyper-V RHEL8.8: Update MANA driver (BZ#2173104)

• Disable 3DES in FIPS mode (BZ#2176523)

• Soft lockup occurred during __page_mapcount (BZ#2177139)

• Task hangs in blk_mq_get_tag while no tags are in use (BZ#2178225)

• Node locked up and not responsive due to potential rcu stall (BZ#2178273)

Enhancement(s):

• Intel 8.8 FEAT SPR CPU: AMX: Improve the init_fpstate setup code (BZ#2168385)