(RHSA-2023:4137) Important: kernel security and bug fix update

The kernel packages contain the Linux kernel, the core of any Linux operating system.

Security Fix(es):

• kernel: use-after-free in l2cap_connect and l2cap_le_connect_req in net/bluetooth/l2cap_core.c (CVE-2022-42896)

• kernel: use-after-free vulnerability in the perf_group_detach function of the Linux Kernel Performance Events (CVE-2023-2235)

• kernel: uninitialized registers on stack in nft_do_chain can cause kernel pointer leakage to UM (CVE-2022-1016)

• kernel: use-after-free related to leaf anon_vma double reuse (CVE-2022-42703)

• Kernel: bluetooth: Unauthorized management command execution (CVE-2023-2002)

• kernel: OOB access in the Linux kernel’s XFS subsystem (CVE-2023-2124)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

• Backport kernel audit enhancements and fixes from v5.13-rc1 to v5.16-rc6 (BZ#2098210)

• INTEL 9.0 BUG VROC: RAID rebuild doesn’t start after removing drive during FIO (BZ#2174890)

• HPEMC RHEL 9 BUG: acpi-cpufreq: Skip initializtion if a cpufreq driver exists (BZ#2186564)

• RHEL9.3: Update locking code to upstream 6.1 and further fixes (BZ#2187517)

• block layer: update with upstream v6.0 (BZ#2196175)

• rhel-9: Invalid character detected by rpminspect in Documentation/translations/zh_CN/process/magic-number.rst (BZ#2208244)

• Trouble getting callstacks when signal has interrupted clock_gettime (BZ#2210076)