kernel-4.18.0-240.15.1.el8

The kernel packages contain the Linux kernel, the core of any Linux operating
system.

Security Fix(es):

* kernel: net: bluetooth: heap buffer overflow when processing extended
advertising report events (CVE-2020-24490)

* kernel: Asianux only CVE-2020-12351 regression (CVE-2020-25661)

* kernel: Asianux only CVE-2020-12352 regression (CVE-2020-25662)

* kernel: information exposure in drivers/char/random.c and
kernel/time/timer.c (CVE-2020-16166)

* kernel: Local buffer overflow in ctnetlink_parse_tuple_filter in
net/netfilter/nf_conntrack_netlink.c (CVE-2020-25211)

* kernel: locking issue in drivers/tty/tty_jobctrl.c can lead to an
use-after-free (CVE-2020-29661)

* kernel: performance counters race condition use-after-free (CVE-2020-14351)

* kernel: ICMP rate limiting can be used for DNS poisoning attack
(CVE-2020-25705)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE page(s)
listed in the References section.

Bug Fix(es):

* Backport upstream OVS performance patch fix

* Sleeping or scheduling after sched_cpu_dying() led to "scheduling while
atomic" and BUG at kernel/cpu.c:907!

* [conntrack] udp packet reverse NAT occasionally fail when race condition
request combination with the DNAT load balancing rules

* Unexpected fragmentation needed error, OpenShift 4, OVS, VXLAN, GSO, Azure

* Unable to attach VLAN-based logical networks to a bond

* NFS server with krb5p fails in FIPS mode: context_derive_keys_new: Error 22
deriving initiator_seal key

* XFS: reflinked file data corruption

* [HPE 8.3 Bug] Kdump bootup failure caused by an amd iommu commit for
BetaOS on DL325Gen10

* dm: fix bio splitting and its bio completion order for regular IO

* geneve: add transport ports in route lookup for geneve

* HRTICK not armed in specific cases with SCHED_DEADLINE

* PM/swap Speed up hibernation by batching requests

* ibmveth is producing TX errors over VXLAN when large send (TSO) is
enabled (-> related to Asianux bug 1816254 - OCP 4.3 - Authentication
clusteroperator is in unknown state on POWER 9 servers")

* mm/gup: fix gup_fast with dynamic page table folding)

* [Azure]TX/RX packets stop increasing after hibernation/resume in VM
with CX4 VF NIC

* [Azure]VM hangs after hibernation/resume if the VM has SRIOV NIC and
has been deallocated

* [Azure] hv_irq_unmask() failed: 0x5 after resume from hibernation in NV6
size

* block layer: update to upstream v5.8

* [Regression] zstream - Undetected Data corruption in MPI workloads
that use VSX for reductions on POWER9 DD2.1 systems

* Incorrect system time reported through the CPU Accounting statistics

* debug kernel reports BUG: sleeping function called from invalid context at
mm/slab.h:496 in aws t4g instances

* ARO: excessive pod memory allocation causes node lockup

* Final fixes + drop alpha_support flag requirement for Tigerlake

* OVS complains Invalid Argument on TCP packets going into conntrack

* BUG: using smp_processor_id() in preemptible [00000000] code:
handler106/3082

* Icelake performance - add intel_idle: Customize IceLake server support to

* [mlx5] IPV6 TOS rewrite flows are not getting offloaded in HW

*SAS - multipathd fails to re-establish paths during controller
random reset

* hangs on dbginfo.sh execution, crash dump generated
(mm-)

* Win10 guest automatic reboot after migration in Win10 and WSL2 on AMD hosts

* block, dm: fix IO splitting for stacked devices

* Failed to hotplug scsi-hd disks

* PCI quirk needed to prevent GPU hang

* various patches to stabilize the OPAL error log processing and the
powernv dump processing (ESS)

* pmtu not working with tunnels as bridge ports and br_netfilter loaded

* [ThinkPad X13/T14/T14s AMD]: Kdump failed

* NFSv4 client improperly handles interrupted slots

* NFSv4.1 client ignores ERR_DELAY during LOCK recovery, could lead to data
corruption

* [Regression] [kernel 148.el8] cpu (sys) time regression in SAP
HANA 2.0 benchmark benchInsertSubSelectPerformance

* kernel-rt: kernel BUG at kernel/sched/deadline.c:1462!

* SEV VM hang at efi_mokvar_sysfs_init+0xa9/0x19d during boot

* C6gn support requires "Ensure dirty bit is preserved across pte_wrprotect"
patch

* [Lenovo 8.3 & 8.4 Bug] [Regression] No response from keyboard and mouse when
boot from tboot kernel

* Kernel crash with krb5p

* Need additional backports for FIPS 800-90A DRBG entropy seeding
source

* [Hyper-V] Request to included a commit that adds a timeout to
vmbus_wait_for_unload

* Host becomes unresponsive during stress-ng --cyclic test rcu: INFO:
rcu_preempt detected stalls on CPUs/tasks:

* Backport upstream RCU patches up to v5.6

* Missing mm backport to fix regression introduced by another mm backport

* [Hyper-V]video: hyperv_fb: Fix the cache type when mapping the VRAM
Edit

* ionic 0000:39:00.0 ens2: IONIC_CMD_Q_INIT (40) failed: IONIC_RC_ERROR (-5)

* [certification] mlx5_core depends on tls triggering TAINT_TECH_PREVIEW even
if no ConnectX-6 card is present

* kvm [AMD] - system crash observed while powering on virtual machine
with attached VF interfaces.

Enhancement(s):

* [Mellanox 8.4 FEAT] mlx5: Add messages when VF-LAG fails to start

CVE(s):

CVE-2020-24490
** RESERVED ** This candidate has been reserved by an organization or individual
that will use it when announcing a new security problem. When the candidate has
been publicized, the details for this candidate will be provided.
CVE-2020-25661
** RESERVED ** This candidate has been reserved by an organization or individual
that will use it when announcing a new security problem. When the candidate has
been publicized, the details for this candidate will be provided.
CVE-2020-25662
** RESERVED ** This candidate has been reserved by an organization or individual
that will use it when announcing a new security problem. When the candidate has
been publicized, the details for this candidate will be provided.
CVE-2020-16166
The Linux kernel through 5.7.11 allows remote attackers to make observations
that help to obtain sensitive information about the internal state of the
network RNG, aka CID-f227e3ec3b5c. This is related to drivers/char/random.c and
kernel/time/timer.c.
CVE-2020-25211
In the Linux kernel through 5.8.7, local attackers able to inject conntrack
netlink configuration could overflow a local buffer, causing crashes or
triggering use of incorrect protocol numbers in ctnetlink_parse_tuple_filter in
net/netfilter/nf_conntrack_netlink.c, aka CID-1cc5ef91d2ff.
CVE-2020-14351
A flaw was found in the Linux kernel. A use-after-free memory flaw was found in
the perf subsystem allowing a local attacker with permission to monitor perf
events to corrupt memory and possibly escalate privileges. The highest threat
from this vulnerability is to data confidentiality and integrity as well as
system availability.
CVE-2020-25705
A flaw in the way reply ICMP packets are limited in the Linux kernel
functionality was found that allows to quickly scan open UDP ports. This flaw
allows an off-path remote user to effectively bypassing source port UDP
randomization. The highest threat from this vulnerability is to confidentiality
and possibly integrity, because software that relies on UDP source port
randomization are indirectly affected as well. Kernel versions before 5.10 may
be vulnerable to this issue.
CVE-2020-29661
A locking issue was discovered in the tty subsystem of the Linux kernel through
5.9.13. drivers/tty/tty_jobctrl.c allows a use-after-free attack against
TIOCSPGRP, aka CID-54ffccbf053b.