kernel-3.10.0-1160.45.1.el7

The kernel packages contain the Linux kernel, the core of any Linux operating system.

Security Fix(es):

* kernel: Improper handling of VM_IO|VM_PFNMAP vmas in KVM can bypass RO checks (CVE-2021-22543)
* kernel: powerpc: KVM guest OS users can cause host OS memory corruption (CVE-2021-37576)
* kernel: SVM nested virtualization issue in KVM (AVIC support) (CVE-2021-3653)
* kernel: SVM nested virtualization issue in KVM (VMLOAD/VMSAVE) (CVE-2021-3656)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

* Kernel panic due to double fault with DLM reporting for socket error "sk_err=32/0"
* "MFW indication via attention" message getting logged frequently after every 5 minutes
* lpfc fails to discovery in pt2pt with "2754 PRLI failure DID:0000EF Status:x9/x91e00, data: x0"
* pcpu_get_vm_areas using most memory from VmallocUsed
* [qedf driver] Racing condition between qedf_cleanup_fcport and releasing command after timeout
* [Azure] Asianux reports GPU/IB topology incorrectly on some Azure SKUs
* [stable guest ABI]Hot add CPU after migration cause guest hang
* i40e driver crash at RIP: i40e_config_vf_promiscuous_mode+0x165
* [nfs] Performance issue since commit 5a4f6f11951e
* [kernel] Indefinite waiting for RCU callback while removing cgroup

CVE-2021-22543
An issue was discovered in Linux: KVM through Improper handling of VM_IO|VM_PFNMAP vmas in KVM can bypass RO checks and can lead to pages being freed while still accessible by the VMM and guest. This allows users with the ability to start and control a VM to read/write random pages of memory and can result in local privilege escalation.
CVE-2021-3653
A flaw was found in the KVM's AMD code for supporting SVM nested virtualization. The flaw occurs when processing the VMCB (virtual machine control block) provided by the L1 guest to spawn/handle a nested guest (L2). Due to improper validation of the "int_ctl" field, this issue could allow a malicious L1 to enable AVIC support (Advanced Virtual Interrupt Controller) for the L2 guest. As a result, the L2 guest would be allowed to read/write physical pages of the host, resulting in a crash of the entire system, leak of sensitive data or potential guest-to-host escape. This flaw affects Linux kernel versions prior to 5.14-rc7.
CVE-2021-3656
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2021-37576
arch/powerpc/kvm/book3s_rtas.c in the Linux kernel through 5.13.5 on the powerpc platform allows KVM guest OS users to cause host OS memory corruption via rtas_args.nargs, aka CID-f62f3c20647e.