From 55f324b8aaa821c52de827548f9374f7847799dd Mon Sep 17 00:00:00 2001 From: AlmaLinux RelEng Bot Date: Fri, 19 Jun 2026 13:43:49 -0400 Subject: [PATCH] import CS git kernel-rt-4.18.0-553.136.1.rt7.477.el8_10 --- .gitignore | 2 +- .kernel-rt.metadata | 2 +- SPECS/kernel.spec | 23 ++++++++++++++++++++--- 3 files changed, 22 insertions(+), 5 deletions(-) diff --git a/.gitignore b/.gitignore index 867106c..4448589 100644 --- a/.gitignore +++ b/.gitignore @@ -1,6 +1,6 @@ SOURCES/centossecureboot201.cer SOURCES/centossecurebootca2.cer -SOURCES/linux-4.18.0-553.134.1.rt7.475.el8_10.tar.xz +SOURCES/linux-4.18.0-553.136.1.rt7.477.el8_10.tar.xz SOURCES/redhatsecureboot302.cer SOURCES/redhatsecureboot303.cer SOURCES/redhatsecureboot501.cer diff --git a/.kernel-rt.metadata b/.kernel-rt.metadata index 8d8b2ff..6c6cc34 100644 --- a/.kernel-rt.metadata +++ b/.kernel-rt.metadata @@ -1,6 +1,6 @@ 2ba40bf9138b48311e5aa1b737b7f0a8ad66066f SOURCES/centossecureboot201.cer bfdb3d7cffc43f579655af5155d50c08671d95e5 SOURCES/centossecurebootca2.cer -3a8e561f114357abb10b351a5ca206e12831fcd4 SOURCES/linux-4.18.0-553.134.1.rt7.475.el8_10.tar.xz +c8be70777398cdad66a6e44efe31a3b0bac574e7 SOURCES/linux-4.18.0-553.136.1.rt7.477.el8_10.tar.xz 13e5cd3f856b472fde80a4deb75f4c18dfb5b255 SOURCES/redhatsecureboot302.cer e89890ca0ded2f9058651cc5fa838b78db2e6cc2 SOURCES/redhatsecureboot303.cer ba0b760e594ff668ee72ae348adf3e49b97f75fb SOURCES/redhatsecureboot501.cer diff --git a/SPECS/kernel.spec b/SPECS/kernel.spec index f6cedd7..6700d16 100644 --- a/SPECS/kernel.spec +++ b/SPECS/kernel.spec @@ -38,10 +38,10 @@ # define buildid .local %define specversion 4.18.0 -%define pkgrelease 553.134.1.rt7.475.el8_10 +%define pkgrelease 553.136.1.rt7.477.el8_10 # allow pkg_release to have configurable %%{?dist} tag -%define specrelease 553.134.1.rt7.475%{?dist} +%define specrelease 553.136.1.rt7.477%{?dist} %define pkg_release %{specrelease}%{?buildid} @@ -148,7 +148,7 @@ # The preempt RT patch level %global rttag .rt7 # realtimeN -%global rtbuild .475 +%global rtbuild .477 %define with_doc 0 %define with_headers 0 %define with_cross_headers 0 @@ -2710,6 +2710,23 @@ fi # # %changelog +* Thu Jun 18 2026 CKI KWF Bot [4.18.0-553.136.1.rt7.477.el8_10] +- net/sched: fix pedit partial COW leading to page cache corruption (Ivan Vecera) [RHEL-177582] {CVE-2026-46331} +- net/sched: act_pedit: free pedit keys on bail from offset check (Ivan Vecera) [RHEL-177582] {CVE-2026-46331} +- net/sched: act_pedit: rate limit datapath messages (Ivan Vecera) [RHEL-177582] {CVE-2026-46331} +- net/sched: act_pedit: remove extra check for key type (Ivan Vecera) [RHEL-177582] {CVE-2026-46331} +- net/sched: act_pedit: check static offsets a priori (Ivan Vecera) [RHEL-177582] {CVE-2026-46331} +- nvmet-tcp: fix race between ICReq handling and queue teardown (Chris Leech) [RHEL-180103] {CVE-2026-46135} +- net: mana: fix use-after-free in add_adev() error path (CKI Backport Bot) [RHEL-172764] {CVE-2026-43056} + +* Wed Jun 17 2026 CKI KWF Bot [4.18.0-553.135.1.rt7.476.el8_10] +- drm/amd/display: Do not skip unrelated mode changes in DSC validation (José Expósito) [RHEL-178825] {CVE-2026-31488} +- sched/deadline: Fix missing ENQUEUE_REPLENISH during PI de-boosting (Juri Lelli) [RHEL-178520] +- RDMA/mana_ib: Validate rx_hash_key_len to prevent buffer overflow (Gaurav Goklani) [RHEL-180089] {CVE-2026-46145} +- ALSA: aloop: Fix peer runtime UAF during format-change stop (Jaroslav Kysela) [RHEL-179304] {CVE-2026-46090} +- ALSA: usb-audio: Add sanity check for OOB writes at silencing (CKI Backport Bot) [RHEL-173939] {CVE-2026-43279} +- net: bonding: fix use-after-free in bond_xmit_broadcast() (Xin Long) [RHEL-168063] {CVE-2026-31419} + * Fri Jun 12 2026 CKI KWF Bot [4.18.0-553.134.1.rt7.475.el8_10] - wifi: mac80211: remove station if connection prep fails (Jose Ignacio Tornos Martinez) [RHEL-180120] {CVE-2026-46125} - wifi: mac80211: drop stray 'static' from fast-RX rx_result (CKI Backport Bot) [RHEL-180058] {CVE-2026-46152}