From 0288fcf005df5338d2ebc0d5ec6a5ff65631d6f7 Mon Sep 17 00:00:00 2001 From: Denys Vlasenko Date: Fri, 7 Jun 2024 02:46:57 +0200 Subject: [PATCH] kernel-rt-4.18.0-553.7.1.rt7.348.el8_10 * Fri Jun 07 2024 Denys Vlasenko [4.18.0-553.7.1.rt7.348.el8_10] - [rt] build kernel-rt-4.18.0-553.7.1.rt7.348.el8_10 [RHEL-34640] - net: qcom/emac: fix UAF in emac_remove (Ken Cox) [RHEL-37834] {CVE-2021-47311} - perf/core: Bail out early if the request AUX area is out of bound (Michael Petlan) [RHEL-38268] {CVE-2023-52835} - crypto: pcrypt - Fix hungtask for PADATA_RESET (Herbert Xu) [RHEL-38171] {CVE-2023-52813} - drm/amdgpu: fix use-after-free bug (Jocelyn Falempe) [RHEL-31240] {CVE-2024-26656} - mlxsw: spectrum_acl_tcam: Fix possible use-after-free during rehash (Ivan Vecera) [RHEL-37008] {CVE-2024-35854} - mlxsw: spectrum_acl_tcam: Fix possible use-after-free during activity update (Ivan Vecera) [RHEL-37004] {CVE-2024-35855} - mlxsw: spectrum_acl_tcam: Fix memory leak during rehash (Ivan Vecera) [RHEL-37012] {CVE-2024-35853} - mlxsw: spectrum_acl_tcam: Fix memory leak when canceling rehash work (Ivan Vecera) [RHEL-37016] {CVE-2024-35852} - mlxsw: spectrum_acl_tcam: Fix warning during rehash (Ivan Vecera) [RHEL-37480] {CVE-2024-36007} - can: peak_pci: peak_pci_remove(): fix UAF (Jose Ignacio Tornos Martinez) [RHEL-38419] {CVE-2021-47456} - usbnet: fix error return code in usbnet_probe() (Jose Ignacio Tornos Martinez) [RHEL-38440] {CVE-2021-47495} - usbnet: sanity check for maxpacket (Jose Ignacio Tornos Martinez) [RHEL-38440] {CVE-2021-47495} - net/mlx5e: fix a double-free in arfs_create_groups (Kamal Heib) [RHEL-36920] {CVE-2024-35835} - can: dev: can_put_echo_skb(): don't crash kernel if can_priv::echo_skb is accessed out of bounds (Jose Ignacio Tornos Martinez) [RHEL-38220] {CVE-2023-52878} - net: cdc_eem: fix tx fixup skb leak (Jose Ignacio Tornos Martinez) [RHEL-38080] {CVE-2021-47236} - net/usb: kalmia: Don't pass act_len in usb_bulk_msg error path (Jose Ignacio Tornos Martinez) [RHEL-38113] {CVE-2023-52703} - usb: typec: tcpm: Fix NULL pointer dereference in tcpm_pd_svdm() (Desnes Nunes) [RHEL-38248] {CVE-2023-52877} - usb: config: fix iteration issue in 'usb_get_bos_descriptor()' (Desnes Nunes) [RHEL-38240] {CVE-2023-52781} - gro: fix ownership transfer (Xin Long) [RHEL-37226] {CVE-2024-35890} - tipc: fix kernel warning when sending SYN message (Xin Long) [RHEL-38109] {CVE-2023-52700} - erspan: make sure erspan_base_hdr is present in skb->head (Xin Long) [RHEL-37230] {CVE-2024-35888} - scsi: mpi3mr: Use proper format specifier in mpi3mr_sas_port_add() (Bryan Gurney) [RHEL-17366] - scsi: mpi3mr: Sanitise num_phys (Bryan Gurney) [RHEL-17366] - netfilter: nf_tables: use timestamp to check for set element timeout (Phil Sutter) [RHEL-38023] {CVE-2024-27397} - net/ipv6: SKB symmetric hash should incorporate transport ports (Sabrina Dubroca) [RHEL-32061] - crypto: s390/aes - Fix buffer overread in CTR mode (Herbert Xu) [RHEL-37089] {CVE-2023-52669} - net: Save and restore msg_namelen in sock_sendmsg (Jamie Bainbridge) [RHEL-35893] - net: prevent address rewrite in kernel_bind() (Jamie Bainbridge) [RHEL-35893] - net: prevent rewrite of msg_name in sock_sendmsg() (Jamie Bainbridge) [RHEL-35893] - net: replace calls to sock->ops->connect() with kernel_connect() (Jamie Bainbridge) [RHEL-35893] - net: Avoid address overwrite in kernel_connect (Jamie Bainbridge) [RHEL-35893] - wifi: iwlwifi: dbg-tlv: ensure NUL termination (Jose Ignacio Tornos Martinez) [RHEL-37026] {CVE-2024-35845} - wifi: mac80211: fix potential sta-link leak (Jose Ignacio Tornos Martinez) [RHEL-36916] {CVE-2024-35838} - wifi: nl80211: reject iftype change with mesh ID change (Jose Ignacio Tornos Martinez) [RHEL-36884] {CVE-2024-27410} - wifi: mac80211: check/clear fast rx for non-4addr sta VLAN changes (Jose Ignacio Tornos Martinez) [RHEL-36807] {CVE-2024-35789} - Bluetooth: Avoid potential use-after-free in hci_error_reset (David Marlin) [RHEL-31826] {CVE-2024-26801} - tls: disable async encrypt/decrypt (Sabrina Dubroca) [RHEL-26362 RHEL-26409 RHEL-26420] {CVE-2024-26585 CVE-2024-26583 CVE-2024-26584} - Squashfs: check the inode number is not the invalid value of zero (Phillip Lougher) [RHEL-35096] {CVE-2024-26982} - ipc/mqueue, msg, sem: avoid relying on a stack reference past its expiry (Rafael Aquini) [RHEL-27782] {CVE-2021-47069} - ipc/msg.c: update and document memory barriers (Rafael Aquini) [RHEL-27782] {CVE-2021-47069} - ipc/sem.c: document and update memory barriers (Rafael Aquini) [RHEL-27782] {CVE-2021-47069} - ipc/mqueue.c: update/document memory barriers (Rafael Aquini) [RHEL-27782] {CVE-2021-47069} - ipc/mqueue.c: remove duplicated code (Rafael Aquini) [RHEL-27782] {CVE-2021-47069} - net/mlx5e: Fix operation precedence bug in port timestamping napi_poll context (Kamal Heib) [RHEL-30582] {CVE-2023-52626} - Revert "ACPI: bus: Rework system-level device notification handling" (Prarit Bhargava) [RHEL-21486] - hwrng: core - Fix page fault dead lock on mmap-ed hwrng (Prarit Bhargava) [RHEL-29485] {CVE-2023-52615} Resolves: RHEL-34640, RHEL-38422, RHEL-29486, RHEL-38110, RHEL-26414, RHEL-38221, RHEL-37027, RHEL-37231, RHEL-36921, RHEL-31827, RHEL-38827, RHEL-38269, RHEL-37017, RHEL-34047, RHEL-36917, RHEL-37013, RHEL-38172, RHEL-26364, RHEL-34017, RHEL-26425, RHEL-37481, RHEL-33947, RHEL-37009, RHEL-38441, RHEL-35097, RHEL-27783, RHEL-36885, RHEL-37005, RHEL-38420, RHEL-37227, RHEL-38081, RHEL-38249, RHEL-36808, RHEL-38241 Signed-off-by: Denys Vlasenko --- kernel.spec | 55 ++++++++++++++++++++++++++++++++++++++++++++++++++--- sources | 2 +- 2 files changed, 53 insertions(+), 4 deletions(-) diff --git a/kernel.spec b/kernel.spec index 57c9fbc..1ce2933 100644 --- a/kernel.spec +++ b/kernel.spec @@ -38,10 +38,10 @@ # define buildid .local %define specversion 4.18.0 -%define pkgrelease 553.6.1.rt7.347.el8_10 +%define pkgrelease 553.7.1.rt7.348.el8_10 # allow pkg_release to have configurable %%{?dist} tag -%define specrelease 553.6.1.rt7.347%{?dist} +%define specrelease 553.7.1.rt7.348%{?dist} %define pkg_release %{specrelease}%{?buildid} @@ -148,7 +148,7 @@ # The preempt RT patch level %global rttag .rt7 # realtimeN -%global rtbuild .347 +%global rtbuild .348 %define with_doc 0 %define with_headers 0 %define with_cross_headers 0 @@ -2699,6 +2699,55 @@ fi # # %changelog +* Fri Jun 07 2024 Denys Vlasenko [4.18.0-553.7.1.rt7.348.el8_10] +- [rt] build kernel-rt-4.18.0-553.7.1.rt7.348.el8_10 [RHEL-34640] +- net: qcom/emac: fix UAF in emac_remove (Ken Cox) [RHEL-37834] {CVE-2021-47311} +- perf/core: Bail out early if the request AUX area is out of bound (Michael Petlan) [RHEL-38268] {CVE-2023-52835} +- crypto: pcrypt - Fix hungtask for PADATA_RESET (Herbert Xu) [RHEL-38171] {CVE-2023-52813} +- drm/amdgpu: fix use-after-free bug (Jocelyn Falempe) [RHEL-31240] {CVE-2024-26656} +- mlxsw: spectrum_acl_tcam: Fix possible use-after-free during rehash (Ivan Vecera) [RHEL-37008] {CVE-2024-35854} +- mlxsw: spectrum_acl_tcam: Fix possible use-after-free during activity update (Ivan Vecera) [RHEL-37004] {CVE-2024-35855} +- mlxsw: spectrum_acl_tcam: Fix memory leak during rehash (Ivan Vecera) [RHEL-37012] {CVE-2024-35853} +- mlxsw: spectrum_acl_tcam: Fix memory leak when canceling rehash work (Ivan Vecera) [RHEL-37016] {CVE-2024-35852} +- mlxsw: spectrum_acl_tcam: Fix warning during rehash (Ivan Vecera) [RHEL-37480] {CVE-2024-36007} +- can: peak_pci: peak_pci_remove(): fix UAF (Jose Ignacio Tornos Martinez) [RHEL-38419] {CVE-2021-47456} +- usbnet: fix error return code in usbnet_probe() (Jose Ignacio Tornos Martinez) [RHEL-38440] {CVE-2021-47495} +- usbnet: sanity check for maxpacket (Jose Ignacio Tornos Martinez) [RHEL-38440] {CVE-2021-47495} +- net/mlx5e: fix a double-free in arfs_create_groups (Kamal Heib) [RHEL-36920] {CVE-2024-35835} +- can: dev: can_put_echo_skb(): don't crash kernel if can_priv::echo_skb is accessed out of bounds (Jose Ignacio Tornos Martinez) [RHEL-38220] {CVE-2023-52878} +- net: cdc_eem: fix tx fixup skb leak (Jose Ignacio Tornos Martinez) [RHEL-38080] {CVE-2021-47236} +- net/usb: kalmia: Don't pass act_len in usb_bulk_msg error path (Jose Ignacio Tornos Martinez) [RHEL-38113] {CVE-2023-52703} +- usb: typec: tcpm: Fix NULL pointer dereference in tcpm_pd_svdm() (Desnes Nunes) [RHEL-38248] {CVE-2023-52877} +- usb: config: fix iteration issue in 'usb_get_bos_descriptor()' (Desnes Nunes) [RHEL-38240] {CVE-2023-52781} +- gro: fix ownership transfer (Xin Long) [RHEL-37226] {CVE-2024-35890} +- tipc: fix kernel warning when sending SYN message (Xin Long) [RHEL-38109] {CVE-2023-52700} +- erspan: make sure erspan_base_hdr is present in skb->head (Xin Long) [RHEL-37230] {CVE-2024-35888} +- scsi: mpi3mr: Use proper format specifier in mpi3mr_sas_port_add() (Bryan Gurney) [RHEL-17366] +- scsi: mpi3mr: Sanitise num_phys (Bryan Gurney) [RHEL-17366] +- netfilter: nf_tables: use timestamp to check for set element timeout (Phil Sutter) [RHEL-38023] {CVE-2024-27397} +- net/ipv6: SKB symmetric hash should incorporate transport ports (Sabrina Dubroca) [RHEL-32061] +- crypto: s390/aes - Fix buffer overread in CTR mode (Herbert Xu) [RHEL-37089] {CVE-2023-52669} +- net: Save and restore msg_namelen in sock_sendmsg (Jamie Bainbridge) [RHEL-35893] +- net: prevent address rewrite in kernel_bind() (Jamie Bainbridge) [RHEL-35893] +- net: prevent rewrite of msg_name in sock_sendmsg() (Jamie Bainbridge) [RHEL-35893] +- net: replace calls to sock->ops->connect() with kernel_connect() (Jamie Bainbridge) [RHEL-35893] +- net: Avoid address overwrite in kernel_connect (Jamie Bainbridge) [RHEL-35893] +- wifi: iwlwifi: dbg-tlv: ensure NUL termination (Jose Ignacio Tornos Martinez) [RHEL-37026] {CVE-2024-35845} +- wifi: mac80211: fix potential sta-link leak (Jose Ignacio Tornos Martinez) [RHEL-36916] {CVE-2024-35838} +- wifi: nl80211: reject iftype change with mesh ID change (Jose Ignacio Tornos Martinez) [RHEL-36884] {CVE-2024-27410} +- wifi: mac80211: check/clear fast rx for non-4addr sta VLAN changes (Jose Ignacio Tornos Martinez) [RHEL-36807] {CVE-2024-35789} +- Bluetooth: Avoid potential use-after-free in hci_error_reset (David Marlin) [RHEL-31826] {CVE-2024-26801} +- tls: disable async encrypt/decrypt (Sabrina Dubroca) [RHEL-26362 RHEL-26409 RHEL-26420] {CVE-2024-26585 CVE-2024-26583 CVE-2024-26584} +- Squashfs: check the inode number is not the invalid value of zero (Phillip Lougher) [RHEL-35096] {CVE-2024-26982} +- ipc/mqueue, msg, sem: avoid relying on a stack reference past its expiry (Rafael Aquini) [RHEL-27782] {CVE-2021-47069} +- ipc/msg.c: update and document memory barriers (Rafael Aquini) [RHEL-27782] {CVE-2021-47069} +- ipc/sem.c: document and update memory barriers (Rafael Aquini) [RHEL-27782] {CVE-2021-47069} +- ipc/mqueue.c: update/document memory barriers (Rafael Aquini) [RHEL-27782] {CVE-2021-47069} +- ipc/mqueue.c: remove duplicated code (Rafael Aquini) [RHEL-27782] {CVE-2021-47069} +- net/mlx5e: Fix operation precedence bug in port timestamping napi_poll context (Kamal Heib) [RHEL-30582] {CVE-2023-52626} +- Revert "ACPI: bus: Rework system-level device notification handling" (Prarit Bhargava) [RHEL-21486] +- hwrng: core - Fix page fault dead lock on mmap-ed hwrng (Prarit Bhargava) [RHEL-29485] {CVE-2023-52615} + * Thu May 30 2024 Denys Vlasenko [4.18.0-553.6.1.rt7.347.el8_10] - [rt] build kernel-rt-4.18.0-553.6.1.rt7.347.el8_10 [RHEL-34640] - cxgb4: Properly lock TX queue for the selftest. (John B. Wyatt IV) [RHEL-8779] diff --git a/sources b/sources index 6030f2a..c20e28f 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (linux-4.18.0-553.6.1.rt7.347.el8_10.tar.xz) = a234062ef4a4fd3db3bb13fb8f53905191bc44b44da4cd4df21ef4b75b7bad80ed997a18de555e32ea76f2d51a023a195e280c9427f65d0ba1a2f27566b81971 +SHA512 (linux-4.18.0-553.7.1.rt7.348.el8_10.tar.xz) = f4e7970ca85a012a77fb5fb7716dda9fa901d3a191842c145b42efbcb4716b7bbce825b4df4bb4a02225f01d1adf24999ac4c0eabde87fd76bcb8ee002b717ee