kernel-5.14.0-162.12.1.el9_1

The kernel packages contain the Linux kernel, the core of any Linux operating system.

Security Fix(es):

* kernel: watch queue race condition can lead to privilege escalation (CVE-2022-2959)
* kernel: memory corruption in AX88179_178A based USB ethernet device. (CVE-2022-2964)
* kernel: i915: Incorrect GPU TLB flush can lead to random memory access (CVE-2022-4139)
* kernel: nfsd buffer overflow by RPC message over TCP with garbage data (CVE-2022-43945)
* kernel: i2c: unbounded length leads to buffer overflow in ismt_access() (CVE-2022-3077)
* kernel: Unprivileged users may use PTRACE_SEIZE to set PTRACE_O_SUSPEND_SECCOMP option (CVE-2022-30594)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

* Intel 9.2: Important iavf bug fixes
* vfio zero page mappings fail after 2M instances
* nvme-tcp automatic reconnect fails intermittently during EMC powerstore NDU operation
* ice: Driver Update to 5.19
* WARNING: CPU: 116 PID: 3440 at arch/x86/mm/extable.c:105 ex_handler_fprestore+0x3f/0x50
* drm: duplicated call of drm_privacy_screen_register_notifier() in drm_connector_register()
* updating the appid field through sysfs is returning an -EINVAL error
* DELL EMC: System is not booting into RT Kernel with perc12.
* No signal showed in the VGA monitor when installing MIRACLE LINUX 9 in the legacy bios mode
* Practically limit "Dummy wait" workaround to old Intel systems
* ppc64le: unexpected oom panic when there's enough memory left in zswap test
* fatal error: error in backend: Branch target out of insn range
* AMdCLIENT: The kernel command line parameter "nomodeset" not working properly
* Azure: PCI: hv: Do not set PCI_COMMAND_MEMORY to reduce VM boot time
* Azure z-stream: Sometimes newly deployed VMs are not getting accelerated network during provisioning
* DELL 9.0 RT - On PE R760 system, call traces are observed dmesg when system is running stress

CVE-2022-2959
A race condition was found in the Linux kernel's watch queue due to a missing lock in pipe_resize_ring(). The specific flaw exists within the handling of pipe buffers. The issue results from the lack of proper locking when performing operations on an object. This flaw allows a local user to crash the system or escalate their privileges on the system.
CVE-2022-2964
A flaw was found in the Linux kernel’s driver for the ASIX AX88179_178A-based USB 2.0/3.0 Gigabit Ethernet Devices. The vulnerability contains multiple out-of-bounds reads and possible out-of-bounds writes.
CVE-2022-30594
The Linux kernel before 5.17.2 mishandles seccomp permissions. The PTRACE_SEIZE code path allows attackers to bypass intended restrictions on setting the PT_SUSPEND_SECCOMP flag.
CVE-2022-3077
A buffer overflow vulnerability was found in the Linux kernel Intel’s iSMT SMBus host controller driver in the way it handled the I2C_SMBUS_BLOCK_PROC_CALL case (via the ioctl I2C_SMBUS) with malicious input data. This flaw could allow a local user to crash the system.
CVE-2022-4139
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2022-43945
The Linux kernel NFSD implementation prior to versions 5.19.17 and 6.0.2 are vulnerable to buffer overflow. NFSD tracks the number of pages held by each NFSD thread by combining the receive and send buffers of a remote procedure call (RPC) into a single array of pages. A client can force the send buffer to shrink by sending an RPC message over TCP with garbage data added at the end of the message. The RPC message with garbage data is still correctly formed according to the specification and is passed forward to handlers. Vulnerable code in NFSD is not expecting the oversized request and writes beyond the allocated buffer space. CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H