The kernel packages contain the Linux kernel, the core of any Linux operating system. The following packages have been upgraded to a later upstream version: kernel . Security Fix: * kernel: improper initialization of the flags member of the new pipe_buffer * kernel: Use After Free in unix_gc which could result in a local privilege escalation * kernel: local privilege escalation by exploiting the fsconfig syscall parameter leads to container breakout * kernel: possible privileges escalation due to missing TLB flush * kernel: remote stack overflow via kernel panic on systems using TIPC may lead to DoS * kernel: cgroups v1 release_agent feature may allow privilege escalation * kernel: missing check in ioctl allows kernel memory read/write * kernel: failing usercopy allows for use-after-free exploitation For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in the References section. Bug Fix: * Intel QAT Kernel power up fix * RHEL8.4 seeing scsi_dma_map failed with mpt3sas driver and affecting performance * [Lenovo 8.4 bug] audio_HDMI certification failed on RHEL 8.4GA * [RHEL-8.5][4.18.0-323.el8.ppc64le][POWER8/9/10] security_flavor mode is not set back to zero post online migration * iommu/amd: Fix unable to handle page fault due to AVIC * [Lenovo 8.4 bug]The VGA display shows no signal when install RHEL8.4 in the legacy BIOS mode. * Double free of kmalloc-64 cache struct ib_port pkey_group from module ib_core . * Bus error with huge pages enabled * RHEL8 - kvm: floating interrupts may get stuck * Data corruption on small files served by httpd, which is backed by cifs-mount * Add a net/mlx5 patch for Hardware Offload Fix * Windows guest random Bsod when "hv-tlbflush" enlightenment is enabled * DNS lookup failures when run two times in a row * net/sched: Fix ct zone matching for invalid conntrack state * Kernel 4.18.0-348.2.1 secpath_cache memory leak involving strongswan tunnel * OCP node XFS metadata corruption after numerous reboots * Broadcom bnxt_re: RDMA stats are not incrementing * ice: bug fix series for 8.6 * panic while looking up a symlink due to NULL i_op get_link * ceph omnibus backport for RHEL-8.6.0 * SCTP peel-off with SELinux and containers in OCP * Selinux is not allowing SCTP connection setup between inter pod communication in enforcing mode * dnf fails with fsync over local repository present on CIFS mount point