kernel security and bug fix update

An update is available for kernel.
This update affects Rocky Linux SIG Cloud 8.
A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list
The kernel packages contain the Linux kernel, the core of any Linux operating system.

Security Fix(es):

• kernel: mm/mremap.c use-after-free vulnerability (CVE-2022-41222)

• kernel: nfsd buffer overflow by RPC message over TCP with garbage data (CVE-2022-43945)

• kernel: an out-of-bounds vulnerability in i2c-ismt driver (CVE-2022-2873)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

• WARNING: CPU: 116 PID: 3440 at arch/x86/mm/extable.c:105 ex_handler_fprestore+0x3f/0x50 (BZ#2134586)

• Hardware error: RIP: copy_user_enhanced_fast_string+0xe (BZ#2137592)

• Cannot trigger kernel dump using NMI on SNO node running PAO and RT kernel (BZ#2139580)

• MEI support for Alder Lake-S (BZ#2141783)

• Host Pod -> Cluster IP Service traffic (Pod Backend - Different Node) Flow Iperf Cannot Connect (BZ#2141959)

• Rocky Linux SIG Cloud8.7: Xorg cannot display resolution higher than 1024x768 on system using ast graphics driver (BZ#2149287)

• Intel 8.7 Bug: OS doesn’t boot when vmd and interrupt remapping are enabled (BZ#2149474)

• i40e,iavf: SR-IOV VF devices send GARP with wrong MAC address (BZ#2149745)

• Rocky Linux SIG Cloud8.4 - boot: Add secure boot trailer (BZ#2151530)

• error 524 from seccomp(2) when trying to load filter (BZ#2152138)

• Workqueue: WQ_MEM_RECLAIM iscsi_ctrl_1:98 __iscsi_unbind_session [scsi_transport_iscsi] (BZ#2152734)

• Connectivity issue with vDPA driver (BZ#2152912)

• High Load average due to cfs cpu throttling (BZ#2153108)

• The “kernel BUG at mm/usercopy.c:103!” from BZ 2041529 is back on rhel-8.5 (BZ#2153230)

• Rocky Linux SIG Cloud8: tick storm on nohz (isolated) CPU cores (BZ#2153653)

• kernel BUG: scheduling while atomic: crio/7295/0x00000002 (BZ#2154460)

• Azure Rocky Linux SIG Cloud 8 z-stream: Sometimes newly deployed VMs are not getting accelerated network during provisioning (BZ#2155272)

• Azure: VM Deployment Failures Patch Request (BZ#2155280)

• Azure vPCI Rocky Linux SIG Cloud-8: add the support of multi-MSI (BZ#2155289)

• MSFT MANA NET Patch Rocky Linux SIG Cloud-8: Fix race on per-CQ variable napi_iperf panic fix (BZ#2155437)

• GSS: OCP 4.10.30 node crash after ODF upgrade : unable to handle kernel NULL pointer dereference at 0000000000000000 : ceph_get_snap_realm+0x68/0xa0 [ceph] (BZ#2155797)

• Error in /usr/src/kernels/4.18.0-423.el8.x86_64/scripts/kernel-doc script causing irdma build to fail (BZ#2157905)

• Rocky Linux SIG Cloud8.8: Backport upstream patches to reduce memory cgroup memory consumption and OOM problem (BZ#2157922)

• The ‘date’ command shows wrong time in nested KVM s390x guest (BZ#2158813)

• ethtool -m results in an out-of-bounds slab write in the be2net driver (BZ#2160182)

• (Redhat OpenShift)Error downloading big ZIP files inside pod on power OCP and pod getting restarted (BZ#2160221)

• i40e/iavf: VF reset task fails “Never saw reset” with 5 second timeout per VF (BZ#2160460)

• iavf: It takes long time to create multiple VF interfaces and the VF interface names are not consistent (BZ#2163257)