Impact of OCPBUGS-33249 series:

Which 4.y.z to 4.y'.z' updates increase vulnerability?

• Upgrades to 4.15.0+, 4.14.14+, 4.13.36+, 4.12.54+ until a fixed kernel is provided
• Fix has shipped in 4.15.13, 4.14.25, 4.12.57 and will ship in 4.13.42 soon.

Which types of clusters?

• Clusters which mount Ceph volumes

What is the impact? Is it serious enough to warrant removing update recommendations?

• A kernel bug introduced in kernel-4.18.0-372.98.1.el8_6 and kernel-5.14.0-284.54.1.el9_2, which is used by the versions mentioned above in 4.12 and 4.13-4.15 respectively, may cause nodes which mount the ceph volume to crash

How involved is remediation?

• In 4.12 and later CoreOS layering allows you to build a customer RHCOS image which could install a kernel prior to the regression, please see https://docs.openshift.com/container-platform/4.12/post_installation_configuration/coreos-layering.html (or later versions which match your OCP cluster version)

Is this a regression?

• Yes, in the versions mentioned above and until a kernel fix has been integrated into future versions.