RedHat Enterprise Linux 8: RHSA-2020-4286-01 Important Kernel Update

The kernel packages contain the Linux kernel, the core of any Linux operating system.
Security Fix(es):
* kernel: net: bluetooth: type confusion while processing AMP packets (CVE-2020-12351)
* kernel: net: bluetooth: information leak when processing certain AMP packets (CVE-2020-12352)
* kernel: metadata validator in XFS may cause an inode with a valid, user-creatable extended attribute to be flagged as corrupt (CVE-2020-14385)
* kernel: memory corruption in net/packet/af_packet.c leads to elevation of privilege (CVE-2020-14386)
* kernel: kernel: buffer over write in vgacon_scroll (CVE-2020-14331)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
* [mlx5] stale ethtool steering rules remain after moving back to legacy mode (BZ#1857777)
* 50% cpu in masked_flow_update with pop to pod TCP_RR (BZ#1859216)
* take into account GSO and fragmented packets in execute_check_pkt_len action (BZ#1860169)
* RHEL8.1 - scsi: ibmvfc: Avoid loss of all paths during SVC node reboot (BZ#1866371)
* RHEL8.3 Pre-Beta - smc: SMC connections hang with later-level implementations (BZ#1866390)
* Incorrect pinning of IRQ threads on isolated CPUs by drivers that use cpumask_local_spread() (BZ#1867174)
* [RHEL8] Fixes for DEADLINE scheduler class (BZ#1867612)
* RHEL8.1 - s390/pci: Fix unexpected write combine on resource (BZ#1869276)
* dm multipath: fix spurious failures during IO completion [EIOP-8345] (BZ#1869386)
* IO on virtio-scsi hangs when running cpu hotplug test (BZ#1869779)
* store_rps_map doesn't accept an empty bitmask, which is required for disabling RPS on a queue (BZ#1870181)
* Memory registration cache data corruption possible, fix requires backporting (BZ#1872424)
* fix another case of wait list corruption for PSM/sdma (BZ#1872766)
* [RHEL-8] Segmentation fault (core dumped) when fi_bw -e msg -v -T 1 -p "verbs" (BZ#1872771)
* fix mounting and inode number handling on s390x (BZ#1875787)
* failure to enter nohz_full mode for non SCHED_FIFO tasks (BZ#1877417)
* Secure boot key is not loaded with kernel-4.18.0-232.el8.x86_64 / shim-x64-15-15 (BZ#1877528)
* [RHEL-8.3] Kdump failed to start when secure boot enabled: kexec_file_load failed: Required key not available (BZ#1877530)
* [RHEL-8.3] Kdump/kexec kernel panicked on EFI boot: general protection fault: 0000 [#1] SMP PTI (BZ#1879988)
* Sleeping or scheduling after sched_cpu_dying() led to "scheduling while atomic" and BUG at kernel/cpu.c:907! (BZ#1880081)
* [conntrack] udp packet reverse NAT occasionally fail when race condition request combination with the DNAT load balancing rules (BZ#1882095)
* [Regression] RHEL8.3 Beta - Do not initiate shutdown for EPOW_SHUTDOWN_ON_UPS event (BZ#1882243)