kernel-rt-4.18.0-553.83.1.rt7.424.el8_10

* Thu Oct 30 2025 Denys Vlasenko <dvlasenk@redhat.com> [4.18.0-553.83.1.rt7.424.el8_10]
- fs: fix UAF/GPF bug in nilfs_mdt_destroy (Abhi Das) [RHEL-116658] {CVE-2022-50367}
- redhat/configs: Enable CONFIG_MITIGATION_VMSCAPE for x86_64 (Waiman Long) [RHEL-114285]
- x86/vmscape: Add old Intel CPUs to affected list (Waiman Long) [RHEL-114285] {CVE-2025-40300}
- x86/vmscape: Warn when STIBP is disabled with SMT (Waiman Long) [RHEL-114285] {CVE-2025-40300}
- x86/bugs: Move cpu_bugs_smt_update() down (Waiman Long) [RHEL-114285] {CVE-2025-40300}
- x86/vmscape: Enable the mitigation (Waiman Long) [RHEL-114285] {CVE-2025-40300}
- x86/vmscape: Add conditional IBPB mitigation (Waiman Long) [RHEL-114285] {CVE-2025-40300}
- x86/vmscape: Enumerate VMSCAPE bug (Waiman Long) [RHEL-114285] {CVE-2025-40300}
- Documentation/hw-vuln: Add VMSCAPE documentation (Waiman Long) [RHEL-114285] {CVE-2025-40300}
- i40e: fix Jumbo Frame support after iPXE boot (Mohammad Heib) [RHEL-121781]
- i40e: Report MFS in decimal base instead of hex (Mohammad Heib) [RHEL-121781]
- i40e: Fix unexpected MFS warning message (Mohammad Heib) [RHEL-121781]
- bitfield: Add FIELD_MODIFY() helper (Mohammad Heib) [RHEL-121781]
- bitops: Add non-atomic bitops for pointers (Mohammad Heib) [RHEL-121781]
- qed/qede: Fix scheduling while atomic (CKI Backport Bot) [RHEL-9757]
- fanotify: add watchdog for permission events (Miklos Szeredi) [RHEL-123215]
- jiffies: Cast to unsigned long in secs_to_jiffies() conversion (Miklos Szeredi) [RHEL-123215]
- jiffies: Define secs_to_jiffies() (Miklos Szeredi) [RHEL-123215]
- s390/pci: Fix __pcilg_mio_inuser() inline assembly (Mete Durlu) [RHEL-105611]
- mm: zswap: fix missing folio cleanup in writeback race path (Aristeu Rozanski) [RHEL-116239] {CVE-2023-53178}
- mm: fix zswap writeback race condition (Aristeu Rozanski) [RHEL-116239] {CVE-2023-53178}
Resolves: RHEL-105611, RHEL-114285, RHEL-116239, RHEL-116658, RHEL-121781, RHEL-123215, RHEL-9757

Signed-off-by: Denys Vlasenko <dvlasenk@redhat.com>

kernel-rt-x86_64-debug.config

@@ -4007,6 +4007,7 @@ CONFIG_MISDN_L1OIP=m
 CONFIG_MISDN_NETJET=m
 CONFIG_MISDN_SPEEDFAX=m
 CONFIG_MISDN_W6692=m
+CONFIG_MITIGATION_VMSCAPE=y
 CONFIG_MLX4_EN=m
 CONFIG_MLX4_EN_DCB=y
 CONFIG_MLX4_INFINIBAND=m

kernel-rt-x86_64.config

@@ -4007,6 +4007,7 @@ CONFIG_MISDN_L1OIP=m
 CONFIG_MISDN_NETJET=m
 CONFIG_MISDN_SPEEDFAX=m
 CONFIG_MISDN_W6692=m
+CONFIG_MITIGATION_VMSCAPE=y
 CONFIG_MLX4_EN=m
 CONFIG_MLX4_EN_DCB=y
 CONFIG_MLX4_INFINIBAND=m

kernel.spec

@@ -38,10 +38,10 @@
 # define buildid .local
 
 %define specversion 4.18.0
-%define pkgrelease 553.82.1.rt7.423.el8_10
+%define pkgrelease 553.83.1.rt7.424.el8_10
 
 # allow pkg_release to have configurable %%{?dist} tag
-%define specrelease 553.82.1.rt7.423%{?dist}
+%define specrelease 553.83.1.rt7.424%{?dist}
 
 %define pkg_release %{specrelease}%{?buildid}
 
@@ -148,7 +148,7 @@
 # The preempt RT patch level
 %global rttag .rt7
 # realtimeN
-%global rtbuild .423
+%global rtbuild .424
 %define with_doc 0
 %define with_headers 0
 %define with_cross_headers 0
@@ -2708,6 +2708,29 @@ fi
 #
 #
 %changelog
+* Thu Oct 30 2025 Denys Vlasenko <dvlasenk@redhat.com> [4.18.0-553.83.1.rt7.424.el8_10]
+- fs: fix UAF/GPF bug in nilfs_mdt_destroy (Abhi Das) [RHEL-116658] {CVE-2022-50367}
+- redhat/configs: Enable CONFIG_MITIGATION_VMSCAPE for x86_64 (Waiman Long) [RHEL-114285]
+- x86/vmscape: Add old Intel CPUs to affected list (Waiman Long) [RHEL-114285] {CVE-2025-40300}
+- x86/vmscape: Warn when STIBP is disabled with SMT (Waiman Long) [RHEL-114285] {CVE-2025-40300}
+- x86/bugs: Move cpu_bugs_smt_update() down (Waiman Long) [RHEL-114285] {CVE-2025-40300}
+- x86/vmscape: Enable the mitigation (Waiman Long) [RHEL-114285] {CVE-2025-40300}
+- x86/vmscape: Add conditional IBPB mitigation (Waiman Long) [RHEL-114285] {CVE-2025-40300}
+- x86/vmscape: Enumerate VMSCAPE bug (Waiman Long) [RHEL-114285] {CVE-2025-40300}
+- Documentation/hw-vuln: Add VMSCAPE documentation (Waiman Long) [RHEL-114285] {CVE-2025-40300}
+- i40e: fix Jumbo Frame support after iPXE boot (Mohammad Heib) [RHEL-121781]
+- i40e: Report MFS in decimal base instead of hex (Mohammad Heib) [RHEL-121781]
+- i40e: Fix unexpected MFS warning message (Mohammad Heib) [RHEL-121781]
+- bitfield: Add FIELD_MODIFY() helper (Mohammad Heib) [RHEL-121781]
+- bitops: Add non-atomic bitops for pointers (Mohammad Heib) [RHEL-121781]
+- qed/qede: Fix scheduling while atomic (CKI Backport Bot) [RHEL-9757]
+- fanotify: add watchdog for permission events (Miklos Szeredi) [RHEL-123215]
+- jiffies: Cast to unsigned long in secs_to_jiffies() conversion (Miklos Szeredi) [RHEL-123215]
+- jiffies: Define secs_to_jiffies() (Miklos Szeredi) [RHEL-123215]
+- s390/pci: Fix __pcilg_mio_inuser() inline assembly (Mete Durlu) [RHEL-105611]
+- mm: zswap: fix missing folio cleanup in writeback race path (Aristeu Rozanski) [RHEL-116239] {CVE-2023-53178}
+- mm: fix zswap writeback race condition (Aristeu Rozanski) [RHEL-116239] {CVE-2023-53178}
+
 * Thu Oct 23 2025 Alexandra Hájková <ahajkova@redhat.com> [4.18.0-553.82.1.rt7.423.el8_10]
 - smb: client: fix missing timestamp updates after utime(2) (Paulo Alcantara) [RHEL-109431]
 - cifs: fix leak of iface for primary channel (Paulo Alcantara) [RHEL-109546]

sources

@@ -1 +1 @@
-SHA512 (linux-4.18.0-553.82.1.rt7.423.el8_10.tar.xz) = f8083bda49c02d8087375b2bf16fd3d91edf75b97a909c1287c27de63ae55d58bb7a6877e176da758c7eb68951870f96a20e26e7e53b07be230b2ccb461e05bf
+SHA512 (linux-4.18.0-553.83.1.rt7.424.el8_10.tar.xz) = 4bba61701e0c9bd3d17dba1ee6b6491da6735b74c4ce08a216af57bbdf6e23aafd110dbbd3783a77b803e09bb595db928ee58ac70517d169a164f71558fc5e3b