(RHSA-2023:7370) Important: kernel security, bug fix, and enhancement update

The kernel packages contain the Linux kernel, the core of any Linux operating system.

Security Fix(es):

• kernel: tun: bugs for oversize packet when napi frags enabled in tun_napi_alloc_frags (CVE-2023-3812)

• kernel: net/sched: multiple vulnerabilities (CVE-2023-3609, CVE-2023-4128, CVE-2023-4206, CVE-2023-4207, CVE-2023-4208)

• kernel: use after free in nvmet_tcp_free_crypto in NVMe (CVE-2023-5178)

• kernel: netfilter: potential slab-out-of-bound access due to integer underflow (CVE-2023-42753)

• kernel: AMD: Cross-Thread Return Address Predictions (CVE-2022-27672)

• hw: Intel: Gather Data Sampling (GDS) side channel vulnerability (CVE-2022-40982)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

• RHEL9.0.z - kdump service failed to start when 32TB lpar is activated with desired_memory 100gb and max memory 32TB. (BZ#2192539)

• RHEL 9.0 - system hang during 6th EEH (BZ#2192561)

• RHEL9.0 - kernel: fix __clear_user() inline assembly constraints (BZ#2192599)

• LPAR is crashed by Phyp when doing DLPAR CPU operations (BZ#2193372)

• RHEL 9.2 - Wrong numa_node is assigned to vpmem device (BZ#2212450)

• Rhel9.2 - drmgr command is failing (BZ#2213789)

• [Intel 9.2] IOMMU: QAT Device Address Translation Issue with Invalidation Completion Ordering (BZ#2221161)

• [RHEL9.3] intel_pstate may provide incorrect scaling values for hybrid capable systems with E-cores disabled (BZ#2221268)

• [DELL SFSS] NVMe-TCP: kernel panic during connect/delete_controller tests (BZ#2227780)

• LPM of RHEL client lpar got failed with error HSCLA2CF in 19th loops (BZ#2230270)

• rbd: exclusive lock blocklisting and osd_request_timeout handling fixes (BZ#2231460)

• openvswitch needs a stable hash in the kernel module (BZ#2232136)

• [Intel 9.3] iavf: Driver Update (BZ#2232387)

• [openvswitch] Add drop reasons to openvswitch (BZ#2233104)

• [RHEL9] Percpu counter usage is gradually getting increasing during podman container recreation (BZ#2233214)

• enable conntrack clash resolution for GRE (BZ#2233799)

• [Hyper-V][RHEL-9] hv_storvsc driver logging excessive storvsc_log events for storvsc_on_io_completion() (BZ#2234834)

• [e1000e] Intel 219-LM need to disable TSO to increase the speed (BZ#2235668)

• Update lpfc 14.2.0.12 for RHEL 9.3 Inbox with 6 bug fixes from 14.2.0.14 (BZ#2235785)

• backport ‘Revert “softirq: Let ksoftirqd do its job”’ from upstream (BZ#2236415)

• NAT sport clash in OCP causing 1 second TCP connection establishment delay (BZ#2236513)

• RHEL9.2 RC build - LTP test via SLS suite fails with a crash after running for 19hrs (BZ#2236699)

• Container CPU affinity not set properly on Openshift using RHEL 9.2 (BZ#2236859)

• NFSv4.0 client hangs when server reboot while client had outstanding lock request to the server (BZ#2237841)

• VMs deployed with RT workloads getting interrupted - vmstat_update (BZ#2238026)

• core: backports from upstream (BZ#2238027)

• SCSI updates for RHEL 9.3 (BZ#2238410)

• Regression of 3b8cc6298724 (“blk-cgroup: Optimize blkcg_rstat_flush()”) (BZ#2238721)

• NOHZ_FULL, and CFS quota co-existance (BZ#2240227)

• Kernel doesn’t boot on AWS SEV-SNP enabled instances (BZ#2241202)

• RHEL 9.2 crash issue when creating SR-IOV VFs from E810 in switchdev mode (BZ#2241879)

Enhancement(s):

• [Intel 9.3 FEAT] [EMR] power: Add EMR support to intel_rapl and intel_idle drivers (BZ#2230167, BZ#2230168)

• [Intel 9.3 FEAT] [EMR] power: intel-speed-select tool support for EMR (BZ#2230170)

• [Intel 9.3 FEAT] [EMR] RAS: Add EDAC support for EMR (BZ#2230172)

• [RHEL 9.3 FEAT] update turbostat to upstream 6.3 (BZ#2230174)

• [Lenovo 9.3 FEAT] drivers/nvme - Update to the latest upstream (BZ#2231219)

• [Intel 9.4 FEAT] [EMR] Support intel-uncore-frequency driver (BZ#2239450)

• ice: Enable DPLL support (BZ#2242556)