Impact statement for the  OCPBUGS-45639 series:

Which 4.y.z to 4.y'.z' updates increase vulnerability?

• Updates into 4.16.25, 4.16.26, 4.17.7, and 4.17.8

Which types of clusters?

• Clusters using the numaresources operator, which you can detect in PromQL with csv_succeeded{name=~"numaresources-operator[.].*"}

What is the impact? Is it serious enough to warrant removing update recommendations?

• Critical pods in the numa resources operator crashloop backoff due to selinux changes

How involved is remediation?

• If the update as a z-stream update that could be rolled back after consulting with support
• No other known remediation short of updating to a fixed version

Is this a regression?

• Yes it is