[5.14.0-162.12.1.el9_1.OL9] - Update Oracle Linux certificates - Disable signing for aarch64 - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list [Orabug: 29539237] - Update x509.genkey [Orabug: 24817676] - Conflict with shim-ia32 and shim-x64 15.3-1.0.5] - Remove nmap references from kernel [Orabug: 34313944] - Remove upstream reference during boot [Orabug: 34729535] [5.14.0-162.12.1.el9_1] - x86/fpu: Drop fpregs lock before inheriting FPU permissions [2154407 2153181] - hv_netvsc: Fix race between VF offering and VF association message from host [2151605 2149277] - PCI: hv: Do not set PCI_COMMAND_MEMORY to reduce VM boot time [2150910 2092794] [5.14.0-162.11.1.el9_1] - drm/i915: fix TLB invalidation for Gen12 video and compute engines [2148152 2148153] {CVE-2022-4139} - memcg: prohibit unconditional exceeding the limit of dying tasks [2143976 2120352] - mm, oom: do not trigger out_of_memory from the #PF [2143976 2139747] - mm, oom: pagefault_out_of_memory: don"t force global OOM for dying tasks [2143976 2120352] - pipe: Fix missing lock in pipe_resize_ring [2141631 2141632] {CVE-2022-2959} - net: usb: ax88179_178a: Fix packet receiving [2142722 2142723] {CVE-2022-2964} - net: usb: ax88179_178a: Fix out-of-bounds accesses in RX fixup [2142722 2142723] {CVE-2022-2964} - NFSD: Protect against send buffer overflow in NFSv3 READ [2141769 2141770] {CVE-2022-43945} - NFSD: Protect against send buffer overflow in NFSv2 READ [2141769 2141770] {CVE-2022-43945} - NFSD: Protect against send buffer overflow in NFSv3 READDIR [2141769 2141770] {CVE-2022-43945} - NFSD: Protect against send buffer overflow in NFSv2 READDIR [2141769 2141770] {CVE-2022-43945} - SUNRPC: Fix svcxdr_init_encode"s buflen calculation [2141769 2141770] {CVE-2022-43945} - SUNRPC: Fix svcxdr_init_decode"s end-of-buffer calculation [2141769 2141770] {CVE-2022-43945} [5.14.0-162.10.1.el9_1] - ice: Fix crash by keep old cfg when update TCs more than queues [2132070 2131953] - ice: Fix tunnel checksum offload with fragmented traffic [2132070 2131953] - ice: handle E822 generic device ID in PLDM header [2132070 2131953] - ice: ethtool: Prohibit improper channel config for DCB [2132070 2131953] - ice: ethtool: advertise 1000M speeds properly [2132070 2131953] - ice: Fix switchdev rules book keeping [2132070 2131953] - ice: fix access-beyond-end in the switch code [2132070 2131953] - eth: ice: silence the GCC 12 array-bounds warning [2132070 2131953] - ice: Expose RSS indirection tables for queue groups via ethtool [2132070 2131953] - Revert ice: Hide bus-info in ethtool for PRs in switchdev mode [2132070 2131953] - ice: remove period on argument description in ice_for_each_vf [2132070 2131953] - ice: add a function comment for ice_cfg_mac_antispoof [2132070 2131953] - ice: fix wording in comment for ice_reset_vf [2132070 2131953] - ice: remove return value comment for ice_reset_all_vfs [2132070 2131953] - ice: always check VF VSI pointer values [2132070 2131953] - ice: add newline to dev_dbg in ice_vf_fdir_dump_info [2132070 2131953] - ice: get switch id on switchdev devices [2132070 2131953] - ice: return ENOSPC when exceeding ICE_MAX_CHAIN_WORDS [2132070 2131953] - ice: introduce common helper for retrieving VSI by vsi_num [2132070 2131953] - ice: use min_t to make code cleaner in ice_gnss [2132070 2131953] - ice, xsk: Avoid refilling single Rx descriptors [2132070 2131953] - ice, xsk: Diversify return values from xsk_wakeup call paths [2132070 2131953] - ice, xsk: Terminate Rx side of NAPI when XSK Rx queue gets full [2132070 2131953] - ice, xsk: Decorate ICE_XDP_REDIR with likely [2132070 2131953] - ice: Add mpls+tso support [2132070 2131953] - ice: switch: convert packet template match code to rodata [2132070 2131953] - ice: switch: use convenience macros to declare dummy pkt templates [2132070 2131953] - ice: switch: use a struct to pass packet template params [2132070 2131953] - ice: switch: unobscurify bitops loop in ice_fill_adv_dummy_packet [2132070 2131953] - ice: switch: add and use u16[] aliases to ice_adv_lkup_elem::{h, m}_u [2132070 2131953] - ice: Support GTP-U and GTP-C offload in switchdev [2132070 2131953] - Documentation/admin-guide: Document nomodeset kernel parameter [2145217 2143841] - drm: Move nomodeset kernel parameter to the DRM subsystem [2145217 2143841] - selftests/bpf: Limit unroll_count for pyperf600 test [2144902 2139836] - nvme-fc: fix the fc_appid_store return value [2136914 2113035] - ACPI: processor idle: Practically limit Dummy wait workaround to old Intel systems [2142168 2130652] - CI: Drop c9s CI parts - CI: Use GA builder container [5.14.0-162.9.1.el9_1] - CI: Remove deprecated variable - drm: fix duplicated code in drm_connector_register [2134619 2132575] - drm/mgag200: Fix PLL setup for G200_SE_A rev [2140153 1960467] - scsi: mpi3mr: Schedule IRQ kthreads only on non-RT kernels [2139213 2136223] [5.14.0-162.8.1.el9_1] - redhat: fix the branch we pull from the documentation tree - nvme-tcp: handle number of queue changes [2131359 2112025] - nvmet: expose max queues to configfs [2131359 2112025] - nvme-fabrics: parse nvme connect Linux error codes [2131359 2112025] - vfio/type1: Unpin zero pages [2128514 2121855] - ptrace: Check PTRACE_O_SUSPEND_SECCOMP permission on PTRACE_SEIZE [2127881 2121271] {CVE-2022-30594} [5.14.0-162.7.1.el9_1] - i2c: ismt: prevent memory corruption in ismt_access [2127532 2125582] {CVE-2022-3077} - x86/fpu: Prevent FPU state corruption [2134588 2131667] - iavf: Fix reset error handling [2127884 2119712] - iavf: Fix NULL pointer dereference in iavf_get_link_ksettings [2127884 2119712] - iavf: Fix missing state logs [2127884 2119712]