Impact statement for the OCPBUGS-63680 series:

Which 4.y.z to 4.y'.z' updates increase vulnerability?

Updates to the following affected versions increase the vulnerbility:

• 4.16.47 through 4.16.50 (fixed in 4.16.51)
• 4.17.40 through 4.17.42  (fixed in 4.17.43)
• 4.18.24 through 4.18.26 (fixed in 4.18.27)

Updates between affected releases (e.g. 4.18.24 to 4.18.25) do not increase the exposure.

Which types of clusters?

All OpenShift clusters as the cause comes from the OS kernel.

What is the impact? Is it serious enough to warrant removing update recommendations?

• OCP nodes get rebooted continuously due to kernel panic by loading of third party modules.

How involved is remediation?

• In order to avoid this issue, we need to upgrade to OCP version including the fix.

Is this a regression?

• Yes.