From 7df0fc7890ea689e3038f6fba20ade34db1e400e Mon Sep 17 00:00:00 2001 From: AlmaLinux RelEng Bot Date: Fri, 10 Jul 2026 05:29:01 -0400 Subject: [PATCH] import CS git kernel-4.18.0-553.142.1.el8 --- .gitignore | 2 +- .kernel.metadata | 6 +++--- SPECS/kernel.spec | 21 +++++++++++++++++++-- 3 files changed, 23 insertions(+), 6 deletions(-) diff --git a/.gitignore b/.gitignore index ef3528f..8390076 100644 --- a/.gitignore +++ b/.gitignore @@ -2,7 +2,7 @@ SOURCES/centossecureboot201.cer SOURCES/centossecurebootca2.cer SOURCES/kernel-abi-stablelists-4.18.0-553.tar.bz2 SOURCES/kernel-kabi-dw-4.18.0-553.tar.bz2 -SOURCES/linux-4.18.0-553.141.1.el8_10.tar.xz +SOURCES/linux-4.18.0-553.142.1.el8_10.tar.xz SOURCES/redhatsecureboot302.cer SOURCES/redhatsecureboot303.cer SOURCES/redhatsecureboot501.cer diff --git a/.kernel.metadata b/.kernel.metadata index 3c37faf..8410306 100644 --- a/.kernel.metadata +++ b/.kernel.metadata @@ -1,8 +1,8 @@ 2ba40bf9138b48311e5aa1b737b7f0a8ad66066f SOURCES/centossecureboot201.cer bfdb3d7cffc43f579655af5155d50c08671d95e5 SOURCES/centossecurebootca2.cer -b12153343bad031150dc9c92557af63c70ef1e3e SOURCES/kernel-abi-stablelists-4.18.0-553.tar.bz2 -4666492294e0a539b4742a36a0decce037a98ae8 SOURCES/kernel-kabi-dw-4.18.0-553.tar.bz2 -89adbd2446bc7348a1a88c3a43ebc8b4170c647a SOURCES/linux-4.18.0-553.141.1.el8_10.tar.xz +d227744f8f27ffe24ddf01f2b2f8a3150e224eb7 SOURCES/kernel-abi-stablelists-4.18.0-553.tar.bz2 +4197e5ba25bc6aa545681aa0e0aab6a452d84c2b SOURCES/kernel-kabi-dw-4.18.0-553.tar.bz2 +beac04d02081adb2e25068b02fc17522a799908f SOURCES/linux-4.18.0-553.142.1.el8_10.tar.xz 13e5cd3f856b472fde80a4deb75f4c18dfb5b255 SOURCES/redhatsecureboot302.cer e89890ca0ded2f9058651cc5fa838b78db2e6cc2 SOURCES/redhatsecureboot303.cer ba0b760e594ff668ee72ae348adf3e49b97f75fb SOURCES/redhatsecureboot501.cer diff --git a/SPECS/kernel.spec b/SPECS/kernel.spec index cc58971..0668dd9 100644 --- a/SPECS/kernel.spec +++ b/SPECS/kernel.spec @@ -49,10 +49,10 @@ # define buildid .local %define specversion 4.18.0 -%define pkgrelease 553.141.1.el8_10 +%define pkgrelease 553.142.1.el8_10 # allow pkg_release to have configurable %%{?dist} tag -%define specrelease 553.141.1%{?dist} +%define specrelease 553.142.1%{?dist} %define pkg_release %{specrelease}%{?buildid} @@ -2723,6 +2723,23 @@ fi # # %changelog +* Thu Jul 09 2026 CKI KWF Bot [4.18.0-553.142.1.el8_10] +- KVM: x86: Fix shadow paging use-after-free due to unexpected role (Paolo Bonzini) [RHEL-192411] {CVE-2026-53359} +- KVM: x86: Fix shadow paging use-after-free due to unexpected GFN (Aidan Wallace) [RHEL-186618] {CVE-2026-46113} +- KVM: x86/mmu: pull call to drop_large_spte() into __link_shadow_page() (Paolo Bonzini) [RHEL-186618] +- KVM: x86/mmu: Always pass 0 for @quadrant when gptes are 8 bytes (Aidan Wallace) [RHEL-186618] +- KVM: x86/mmu: Derive shadow MMU page role from parent (Aidan Wallace) [RHEL-186618] +- KVM: x86/mmu: Stop passing "direct" to mmu_alloc_root() (Aidan Wallace) [RHEL-186618] +- KVM: x86/mmu: Use a bool for direct (Aidan Wallace) [RHEL-186618] +- netfilter: bridge: make ebt_snat ARP rewrite writable (CKI Backport Bot) [RHEL-182341] +- net/sched: ets: Always remove class from active list before deleting in ets_qdisc_change (CKI Backport Bot) [RHEL-182996] {CVE-2025-71066} +- iommu/vt-d: track SVA mm for kernel page table flush notification (Jerry Snitselaar) [RHEL-150534] {CVE-2025-71089} +- iommu/amd: track SVA mm for kernel page table flush notification (Jerry Snitselaar) [RHEL-150534] {CVE-2025-71089} +- x86/mm: flush IOMMU before freeing kernel page table pages (Jerry Snitselaar) [RHEL-150534] {CVE-2025-71089} +- iommu/sva: add kernel page table IOTLB flush notification (Jerry Snitselaar) [RHEL-150534] {CVE-2025-71089} +- iommu/vt-d: Fix incorrect cache invalidation for mm notification (Jerry Snitselaar) [RHEL-150534] {CVE-2025-71089} +- net: atm: fix crash due to unvalidated vcc pointer in sigd_send() (CKI Backport Bot) [RHEL-167045] {CVE-2026-31411} + * Mon Jul 06 2026 CKI KWF Bot [4.18.0-553.141.1.el8_10] - fs/smb/client: fix out-of-bounds read in cifs_sanitize_prepath (CKI Backport Bot) [RHEL-189506] {CVE-2026-43112}