diff --git a/kernel.spec b/kernel.spec index 671ca3e..cae0e8c 100644 --- a/kernel.spec +++ b/kernel.spec @@ -49,10 +49,10 @@ # define buildid .local %define specversion 4.18.0 -%define pkgrelease 553.141.1.rt7.482.el8_10 +%define pkgrelease 553.142.1.rt7.483.el8_10 # allow pkg_release to have configurable %%{?dist} tag -%define specrelease 553.141.1.rt7.482%{?dist} +%define specrelease 553.142.1.rt7.483%{?dist} %define pkg_release %{specrelease}%{?buildid} @@ -159,7 +159,7 @@ # The preempt RT patch level %global rttag .rt7 # realtimeN -%global rtbuild .482 +%global rtbuild .483 %define with_doc 0 %define with_headers 0 %define with_cross_headers 0 @@ -2726,6 +2726,23 @@ fi # # %changelog +* Thu Jul 09 2026 CKI KWF Bot [4.18.0-553.142.1.rt7.483.el8_10] +- KVM: x86: Fix shadow paging use-after-free due to unexpected role (Paolo Bonzini) [RHEL-192411] {CVE-2026-53359} +- KVM: x86: Fix shadow paging use-after-free due to unexpected GFN (Aidan Wallace) [RHEL-186618] {CVE-2026-46113} +- KVM: x86/mmu: pull call to drop_large_spte() into __link_shadow_page() (Paolo Bonzini) [RHEL-186618] +- KVM: x86/mmu: Always pass 0 for @quadrant when gptes are 8 bytes (Aidan Wallace) [RHEL-186618] +- KVM: x86/mmu: Derive shadow MMU page role from parent (Aidan Wallace) [RHEL-186618] +- KVM: x86/mmu: Stop passing "direct" to mmu_alloc_root() (Aidan Wallace) [RHEL-186618] +- KVM: x86/mmu: Use a bool for direct (Aidan Wallace) [RHEL-186618] +- netfilter: bridge: make ebt_snat ARP rewrite writable (CKI Backport Bot) [RHEL-182341] +- net/sched: ets: Always remove class from active list before deleting in ets_qdisc_change (CKI Backport Bot) [RHEL-182996] {CVE-2025-71066} +- iommu/vt-d: track SVA mm for kernel page table flush notification (Jerry Snitselaar) [RHEL-150534] {CVE-2025-71089} +- iommu/amd: track SVA mm for kernel page table flush notification (Jerry Snitselaar) [RHEL-150534] {CVE-2025-71089} +- x86/mm: flush IOMMU before freeing kernel page table pages (Jerry Snitselaar) [RHEL-150534] {CVE-2025-71089} +- iommu/sva: add kernel page table IOTLB flush notification (Jerry Snitselaar) [RHEL-150534] {CVE-2025-71089} +- iommu/vt-d: Fix incorrect cache invalidation for mm notification (Jerry Snitselaar) [RHEL-150534] {CVE-2025-71089} +- net: atm: fix crash due to unvalidated vcc pointer in sigd_send() (CKI Backport Bot) [RHEL-167045] {CVE-2026-31411} + * Mon Jul 06 2026 CKI KWF Bot [4.18.0-553.141.1.rt7.482.el8_10] - fs/smb/client: fix out-of-bounds read in cifs_sanitize_prepath (CKI Backport Bot) [RHEL-189506] {CVE-2026-43112} diff --git a/sources b/sources index 0183b09..fbacedd 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (linux-4.18.0-553.141.1.rt7.482.el8_10.tar.xz) = e7b8eefb78a50b0065bf68b2a81ca379ea79e11917280eab54ad2f8d4283fd2c7de3bd9923c9d5d84046c86f2fe944b0bca3014a046231aee026f5372fb15e5d +SHA512 (linux-4.18.0-553.142.1.rt7.483.el8_10.tar.xz) = 69de0811619a52a86d6222078c28dc66588df50dbd68d01ed6a2fa7ac0e9842d36c62ce5605bf07b10d5d8859e93ac935921024ae896b4079a1e0aef2b4e11ff