From 27a11f81614aa9c0cf2d5b7bafc116b926c721d3 Mon Sep 17 00:00:00 2001 From: Denys Vlasenko Date: Thu, 30 Oct 2025 11:06:15 +0100 Subject: [PATCH] kernel-rt-4.18.0-553.83.1.rt7.424.el8_10 * Thu Oct 30 2025 Denys Vlasenko [4.18.0-553.83.1.rt7.424.el8_10] - fs: fix UAF/GPF bug in nilfs_mdt_destroy (Abhi Das) [RHEL-116658] {CVE-2022-50367} - redhat/configs: Enable CONFIG_MITIGATION_VMSCAPE for x86_64 (Waiman Long) [RHEL-114285] - x86/vmscape: Add old Intel CPUs to affected list (Waiman Long) [RHEL-114285] {CVE-2025-40300} - x86/vmscape: Warn when STIBP is disabled with SMT (Waiman Long) [RHEL-114285] {CVE-2025-40300} - x86/bugs: Move cpu_bugs_smt_update() down (Waiman Long) [RHEL-114285] {CVE-2025-40300} - x86/vmscape: Enable the mitigation (Waiman Long) [RHEL-114285] {CVE-2025-40300} - x86/vmscape: Add conditional IBPB mitigation (Waiman Long) [RHEL-114285] {CVE-2025-40300} - x86/vmscape: Enumerate VMSCAPE bug (Waiman Long) [RHEL-114285] {CVE-2025-40300} - Documentation/hw-vuln: Add VMSCAPE documentation (Waiman Long) [RHEL-114285] {CVE-2025-40300} - i40e: fix Jumbo Frame support after iPXE boot (Mohammad Heib) [RHEL-121781] - i40e: Report MFS in decimal base instead of hex (Mohammad Heib) [RHEL-121781] - i40e: Fix unexpected MFS warning message (Mohammad Heib) [RHEL-121781] - bitfield: Add FIELD_MODIFY() helper (Mohammad Heib) [RHEL-121781] - bitops: Add non-atomic bitops for pointers (Mohammad Heib) [RHEL-121781] - qed/qede: Fix scheduling while atomic (CKI Backport Bot) [RHEL-9757] - fanotify: add watchdog for permission events (Miklos Szeredi) [RHEL-123215] - jiffies: Cast to unsigned long in secs_to_jiffies() conversion (Miklos Szeredi) [RHEL-123215] - jiffies: Define secs_to_jiffies() (Miklos Szeredi) [RHEL-123215] - s390/pci: Fix __pcilg_mio_inuser() inline assembly (Mete Durlu) [RHEL-105611] - mm: zswap: fix missing folio cleanup in writeback race path (Aristeu Rozanski) [RHEL-116239] {CVE-2023-53178} - mm: fix zswap writeback race condition (Aristeu Rozanski) [RHEL-116239] {CVE-2023-53178} Resolves: RHEL-105611, RHEL-114285, RHEL-116239, RHEL-116658, RHEL-121781, RHEL-123215, RHEL-9757 Signed-off-by: Denys Vlasenko --- kernel-rt-x86_64-debug.config | 1 + kernel-rt-x86_64.config | 1 + kernel.spec | 29 ++++++++++++++++++++++++++--- sources | 2 +- 4 files changed, 29 insertions(+), 4 deletions(-) diff --git a/kernel-rt-x86_64-debug.config b/kernel-rt-x86_64-debug.config index f12a012..0d19b93 100644 --- a/kernel-rt-x86_64-debug.config +++ b/kernel-rt-x86_64-debug.config @@ -4007,6 +4007,7 @@ CONFIG_MISDN_L1OIP=m CONFIG_MISDN_NETJET=m CONFIG_MISDN_SPEEDFAX=m CONFIG_MISDN_W6692=m +CONFIG_MITIGATION_VMSCAPE=y CONFIG_MLX4_EN=m CONFIG_MLX4_EN_DCB=y CONFIG_MLX4_INFINIBAND=m diff --git a/kernel-rt-x86_64.config b/kernel-rt-x86_64.config index d9f4382..680c377 100644 --- a/kernel-rt-x86_64.config +++ b/kernel-rt-x86_64.config @@ -4007,6 +4007,7 @@ CONFIG_MISDN_L1OIP=m CONFIG_MISDN_NETJET=m CONFIG_MISDN_SPEEDFAX=m CONFIG_MISDN_W6692=m +CONFIG_MITIGATION_VMSCAPE=y CONFIG_MLX4_EN=m CONFIG_MLX4_EN_DCB=y CONFIG_MLX4_INFINIBAND=m diff --git a/kernel.spec b/kernel.spec index 1968fbe..bc20cb0 100644 --- a/kernel.spec +++ b/kernel.spec @@ -38,10 +38,10 @@ # define buildid .local %define specversion 4.18.0 -%define pkgrelease 553.82.1.rt7.423.el8_10 +%define pkgrelease 553.83.1.rt7.424.el8_10 # allow pkg_release to have configurable %%{?dist} tag -%define specrelease 553.82.1.rt7.423%{?dist} +%define specrelease 553.83.1.rt7.424%{?dist} %define pkg_release %{specrelease}%{?buildid} @@ -148,7 +148,7 @@ # The preempt RT patch level %global rttag .rt7 # realtimeN -%global rtbuild .423 +%global rtbuild .424 %define with_doc 0 %define with_headers 0 %define with_cross_headers 0 @@ -2708,6 +2708,29 @@ fi # # %changelog +* Thu Oct 30 2025 Denys Vlasenko [4.18.0-553.83.1.rt7.424.el8_10] +- fs: fix UAF/GPF bug in nilfs_mdt_destroy (Abhi Das) [RHEL-116658] {CVE-2022-50367} +- redhat/configs: Enable CONFIG_MITIGATION_VMSCAPE for x86_64 (Waiman Long) [RHEL-114285] +- x86/vmscape: Add old Intel CPUs to affected list (Waiman Long) [RHEL-114285] {CVE-2025-40300} +- x86/vmscape: Warn when STIBP is disabled with SMT (Waiman Long) [RHEL-114285] {CVE-2025-40300} +- x86/bugs: Move cpu_bugs_smt_update() down (Waiman Long) [RHEL-114285] {CVE-2025-40300} +- x86/vmscape: Enable the mitigation (Waiman Long) [RHEL-114285] {CVE-2025-40300} +- x86/vmscape: Add conditional IBPB mitigation (Waiman Long) [RHEL-114285] {CVE-2025-40300} +- x86/vmscape: Enumerate VMSCAPE bug (Waiman Long) [RHEL-114285] {CVE-2025-40300} +- Documentation/hw-vuln: Add VMSCAPE documentation (Waiman Long) [RHEL-114285] {CVE-2025-40300} +- i40e: fix Jumbo Frame support after iPXE boot (Mohammad Heib) [RHEL-121781] +- i40e: Report MFS in decimal base instead of hex (Mohammad Heib) [RHEL-121781] +- i40e: Fix unexpected MFS warning message (Mohammad Heib) [RHEL-121781] +- bitfield: Add FIELD_MODIFY() helper (Mohammad Heib) [RHEL-121781] +- bitops: Add non-atomic bitops for pointers (Mohammad Heib) [RHEL-121781] +- qed/qede: Fix scheduling while atomic (CKI Backport Bot) [RHEL-9757] +- fanotify: add watchdog for permission events (Miklos Szeredi) [RHEL-123215] +- jiffies: Cast to unsigned long in secs_to_jiffies() conversion (Miklos Szeredi) [RHEL-123215] +- jiffies: Define secs_to_jiffies() (Miklos Szeredi) [RHEL-123215] +- s390/pci: Fix __pcilg_mio_inuser() inline assembly (Mete Durlu) [RHEL-105611] +- mm: zswap: fix missing folio cleanup in writeback race path (Aristeu Rozanski) [RHEL-116239] {CVE-2023-53178} +- mm: fix zswap writeback race condition (Aristeu Rozanski) [RHEL-116239] {CVE-2023-53178} + * Thu Oct 23 2025 Alexandra Hájková [4.18.0-553.82.1.rt7.423.el8_10] - smb: client: fix missing timestamp updates after utime(2) (Paulo Alcantara) [RHEL-109431] - cifs: fix leak of iface for primary channel (Paulo Alcantara) [RHEL-109546] diff --git a/sources b/sources index 9caee5c..6ff1a4a 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (linux-4.18.0-553.82.1.rt7.423.el8_10.tar.xz) = f8083bda49c02d8087375b2bf16fd3d91edf75b97a909c1287c27de63ae55d58bb7a6877e176da758c7eb68951870f96a20e26e7e53b07be230b2ccb461e05bf +SHA512 (linux-4.18.0-553.83.1.rt7.424.el8_10.tar.xz) = 4bba61701e0c9bd3d17dba1ee6b6491da6735b74c4ce08a216af57bbdf6e23aafd110dbbd3783a77b803e09bb595db928ee58ac70517d169a164f71558fc5e3b