- [5.14.0-162.22.2.el9_1.OL9] - Update Oracle Linux certificates - Disable signing for aarch64 - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list [Orabug: 29539237] - Update x509.genkey [Orabug: 24817676] - Conflict with shim-ia32 and shim-x64 lt;= 15.3-1.0.5] - Remove nmap references from kernel [Orabug: 34313944] - Remove upstream reference during boot [Orabug: 34729535] [5.14.0-162.22.2.el9_1] - tun: avoid double free in tun_free_netdev [2156373] {CVE-2022-4744} [5.14.0-162.22.1.el9_1] - ALSA: pcm: Move rwsem lock inside snd_ctl_elem_read to prevent UAF [2163390 2125540] {CVE-2023-0266} [5.14.0-162.21.1.el9_1] - s390/boot: add secure boot trailer [2151528 2141966] - s390/kexec: fix ipl report address for kdump [2166903 2161327] - s390/qeth: cache link_info for ethtool [2166304 2110436] - scsi: zfcp: Fix missing auto port scan and thus missing target ports [2127880 2121088] [5.14.0-162.20.1.el9_1] - cgroup/cpuset: remove unreachable code [2161105 1946801] - kselftest/cgroup: Add cpuset v2 partition root state test [2161105 1946801] - cgroup/cpuset: Update description of cpuset.cpus.partition in cgroup-v2.rst [2161105 1946801] - cgroup/cpuset: Make partition invalid if cpumask change violates exclusivity rule [2161105 1946801] - cgroup/cpuset: Relocate a code block in validate_change [2161105 1946801] - cgroup/cpuset: Show invalid partition reason string [2161105 1946801] - cgroup/cpuset: Add a new isolated cpus.partition type [2161105 1946801] - cgroup/cpuset: Relax constraints to partition amp; cpus changes [2161105 1946801] - cgroup/cpuset: Allow no-task partition to have empty cpuset.cpus.effective [2161105 1946801] - cgroup/cpuset: Miscellaneous cleanups amp; add helper functions [2161105 1946801] - cgroup/cpuset: Enable update_tasks_cpumask on top_cpuset [2161105 1946801] - cpuset: convert "allowed" in __cpuset_node_allowed to be boolean [2161105 1946801] - cgroup/cpuset: Remove cpus_allowed/mems_allowed setup in cpuset_init_smp [2161105 1946801] - cgroup: cleanup comments [2161105 1946801] - act_mirred: use the backlog for nested calls to mirred ingress [2164655 2150278] {CVE-2022-4269} - net/sched: act_mirred: better wording on protection against excessive stack growth [2164655 2150278] {CVE-2022-4269} - scsi: storvsc: Fix swiotlb bounce buffer leak in confidential VM [2170227 2150660] [5.14.0-162.19.1.el9_1] - sched/core: Use kfree_rcu in do_set_cpus_allowed [2160614 2143847] - sched/core: Fix use-after-free bug in dup_user_cpus_ptr [2160614 2143847] - sched: Always clear user_cpus_ptr in do_set_cpus_allowed [2143766 2107354] - sched: Enforce user requested affinity [2143766 2107354] - sched: Always preserve the user requested cpumask [2143766 2107354] - sched: Introduce affinity_context [2143766 2107354] - sched: Add __releases annotations to affine_move_task [2143766 2107354] - x86/fpu: Fix copy_xstate_to_uabi to copy init states correctly [2168382 2122851] - x86/fpu: Exclude dynamic states from init_fpstate [2168382 2122851] - x86/fpu: Fix the init_fpstate size check with the actual size [2168382 2122851] - x86/fpu: Configure init_fpstate attributes orderly [2168382 2122851] - x86/fpu/xstate: Fix the ARCH_REQ_XCOMP_PERM implementation [2168382 2122851]