RHSA-2021:3327: Important: kernel security and bug fix update

The kernel packages contain the Linux kernel, the core of any Linux operating system.<br>Security Fix(es):<br><li> kernel: out-of-bounds write in xtcompattargetfromuser() in net/netfilter/xtables.c (CVE-2021-22555)</li> <li> kernel: race condition for removal of the HCI controller (CVE-2021-32399)</li> <li> kernel: powerpc: RTAS calls can be used to compromise kernel integrity (CVE-2020-27777)</li> <li> kernel: Local privilege escalation due to incorrect BPF JIT branch displacement computation (CVE-2021-29154)</li> <li> kernel: lack a full memory barrier upon the assignment of a new table value in net/netfilter/xtables.c and include/linux/netfilter/xtables.h may lead to DoS (CVE-2021-29650)</li> For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.<br>Bug Fix(es):<br><li> SAN Switch rebooted and caused (?) OpenStack compute node to reboot (BZ#1897576)</li> <li> sysfs: cannot create duplicate filename '/class/mdiobus/ixgbe-8100 (BZ#1915449)</li> <li> XFS: read-only recovery does not update free space accounting in superblock (BZ#1921551)</li> <li> The memcgparams field of kmemcache struct contains an old slab address that is to small for the current size of memcglimitedgroupsarraysize. (BZ#1951810)</li> <li> Backport of upstream patch "net: Update windowclamp if SOCKRCVBUF is set " into rhel-7 (BZ#1962196)</li> <li> Kernel panic in initcqfragbuf (BZ#1962499)</li> <li> futex: futexrequeue can potentially free the pistate structure twice (BZ#1966856)</li> <li> bepoll lockup doing ifenslave when netconsole using bond (BZ#1971744)</li> <li> OCP4.7 nodes panic at BUGON in nfnatsetupinfo() (BZ#1972970)</li>