Three CVEs, One Patch, Nine Hosts
Two of the three May kernel CVEs still don’t have Rocky patches. Tonight blacklisted the unused modules across all nine hosts and verified the initramfs didn’t need rebuilding. Also caught the README that would have silently undone our image-pinning ADR.