Release Info

- netfilter: nf_tables: disallow rule addition to bound chain via NFTA_RULE_CHAIN_ID {CVE-2023-4147} - net/sched: cls_fw: Fix improper refcount update leads to use-after-free {CVE-2023-3776} - netfilter: nft_set_pipapo: fix improper element removal {CVE-2023-4004} - x86/cpu/amd: Add a Zenbleed fix {CVE-2023-20593} - x86/cpu/amd: Move the errata checking functionality up {CVE-2023-20593} - x86/microcode/core: Return an error only when necessary {CVE-2023-20593} - x86/microcode/AMD: Fix mixed steppings support {CVE-2023-20593} - x86/microcode/AMD: Add a @cpu parameter to the reloading functions {CVE-2023-20593} - x86/microcode/amd: Remove load_microcode_amd()'s bsp parameter {CVE-2023-20593} - x86/amd: Cache debug register values in percpu variables {CVE-2023-20593} - x86/microcode: Adjust late loading result reporting message {CVE-2023-20593} - x86/microcode: Check CPU capabilities after late microcode update correctly {CVE-2023-20593} - x86/microcode: Add a parameter to microcode_check() to store CPU capabilities - x86/microcode/AMD: Rename a couple of functions - x86/microcode/AMD: Track patch allocation size explicitly - x86/microcode: Print previous version of microcode after reload - x86/cpu: Load microcode during restore_processor_state() - x86/pm: Add enumeration check before spec MSRs save/restore setup {CVE-2023-1637} - x86/tsx: Add a feature bit for TSX control MSR support {CVE-2023-1637} - x86/cpu: Restore AMD's DE_CFG MSR after resume {CVE-2023-1637} - x86/pm: Fix false positive kmemleak report in msr_build_context() {CVE-2023-1637} - x86/speculation: Restore speculation related MSRs during S3 resume {CVE-2023-1637} - x86/pm: Save the MSR validity status at context setup {CVE-2023-1637} - netfilter: nf_tables: prevent OOB access in nft_byteorder_eval {CVE-2023-35001} - netfilter: nf_tables: do not ignore genmask when looking up chain by id {CVE-2023-31248} - netfilter: nf_tables: unbind non-anonymous set if rule construction fails {CVE-2023-3390} - netfilter: nf_tables: add NFT_TRANS_PREPARE_ERROR to deal with bound set/chain {CVE-2023-3390} - netfilter: nf_tables: fix chain binding transaction logic {CVE-2023-3390} - netfilter: nf_tables: incorrect error path handling with NFT_MSG_NEWRULE {CVE-2023-3390} - netfilter: nf_tables: validate catch-all set elements {CVE-2023-3390} - ipvlan:Fix out-of-bounds caused by unclear skb->cb {CVE-2023-3090} - net/sched: flower: fix possible OOB write in fl_set_geneve_opt() {CVE-2023-35788} - x86/speculation: Allow enabling STIBP with legacy IBRS {CVE-2023-1998} - prlimit: do_prlimit needs to have a speculation check {CVE-2023-0458} - KVM: x86/mmu: Fix race condition in direct_page_fault {CVE-2022-45869} - i2c: xgene-slimpro: Fix out-of-bounds bug in xgene_slimpro_i2c_xfer() {CVE-2023-2194} - perf: Fix check before add_event_to_groups() in perf_group_detach() {CVE-2023-2235} - bluetooth: Perform careful capability checks in hci_sock_ioctl() {CVE-2023-2002} - net: tls: fix possible race condition between do_tls_getsockopt_conf() and do_tls_setsockopt_conf() {CVE-2023-28466} - xfs: verify buffer contents when we skip log replay {CVE-2023-2124}

Update command: dnf update kernel*

bpftool-7.0.0-284.11.1.el9_2.tuxcare.5.els1.x86_64.rpm kernel-5.14.0-284.11.1.el9_2.tuxcare.5.els1.x86_64.rpm kernel-abi-stablelists-5.14.0-284.11.1.el9_2.tuxcare.5.els1.noarch.rpm kernel-core-5.14.0-284.11.1.el9_2.tuxcare.5.els1.x86_64.rpm kernel-cross-headers-5.14.0-284.11.1.el9_2.tuxcare.5.els1.x86_64.rpm kernel-debug-5.14.0-284.11.1.el9_2.tuxcare.5.els1.x86_64.rpm kernel-debug-core-5.14.0-284.11.1.el9_2.tuxcare.5.els1.x86_64.rpm kernel-debug-devel-5.14.0-284.11.1.el9_2.tuxcare.5.els1.x86_64.rpm kernel-debug-devel-matched-5.14.0-284.11.1.el9_2.tuxcare.5.els1.x86_64.rpm kernel-debug-modules-5.14.0-284.11.1.el9_2.tuxcare.5.els1.x86_64.rpm kernel-debug-modules-core-5.14.0-284.11.1.el9_2.tuxcare.5.els1.x86_64.rpm kernel-debug-modules-extra-5.14.0-284.11.1.el9_2.tuxcare.5.els1.x86_64.rpm kernel-debug-modules-internal-5.14.0-284.11.1.el9_2.tuxcare.5.els1.x86_64.rpm kernel-debug-modules-partner-5.14.0-284.11.1.el9_2.tuxcare.5.els1.x86_64.rpm kernel-debug-uki-virt-5.14.0-284.11.1.el9_2.tuxcare.5.els1.x86_64.rpm kernel-devel-5.14.0-284.11.1.el9_2.tuxcare.5.els1.x86_64.rpm kernel-devel-matched-5.14.0-284.11.1.el9_2.tuxcare.5.els1.x86_64.rpm kernel-doc-5.14.0-284.11.1.el9_2.tuxcare.5.els1.noarch.rpm kernel-headers-5.14.0-284.11.1.el9_2.tuxcare.5.els1.x86_64.rpm kernel-ipaclones-internal-5.14.0-284.11.1.el9_2.tuxcare.5.els1.x86_64.rpm kernel-modules-5.14.0-284.11.1.el9_2.tuxcare.5.els1.x86_64.rpm kernel-modules-core-5.14.0-284.11.1.el9_2.tuxcare.5.els1.x86_64.rpm kernel-modules-extra-5.14.0-284.11.1.el9_2.tuxcare.5.els1.x86_64.rpm kernel-modules-internal-5.14.0-284.11.1.el9_2.tuxcare.5.els1.x86_64.rpm kernel-modules-partner-5.14.0-284.11.1.el9_2.tuxcare.5.els1.x86_64.rpm kernel-selftests-internal-5.14.0-284.11.1.el9_2.tuxcare.5.els1.x86_64.rpm kernel-tools-5.14.0-284.11.1.el9_2.tuxcare.5.els1.x86_64.rpm kernel-tools-libs-5.14.0-284.11.1.el9_2.tuxcare.5.els1.x86_64.rpm kernel-tools-libs-devel-5.14.0-284.11.1.el9_2.tuxcare.5.els1.x86_64.rpm kernel-uki-virt-5.14.0-284.11.1.el9_2.tuxcare.5.els1.x86_64.rpm perf-5.14.0-284.11.1.el9_2.tuxcare.5.els1.x86_64.rpm python3-perf-5.14.0-284.11.1.el9_2.tuxcare.5.els1.x86_64.rpm rtla-5.14.0-284.11.1.el9_2.tuxcare.5.els1.x86_64.rpm