From 752d663b71e18af6468f6406589d1b3e28fc04d8 Mon Sep 17 00:00:00 2001 From: CKI KWF Bot Date: Thu, 2 Jul 2026 00:26:26 +0000 Subject: [PATCH] kernel-rt-4.18.0-553.140.1.rt7.481.el8_10 * Thu Jul 02 2026 CKI KWF Bot [4.18.0-553.140.1.rt7.481.el8_10] - Enable workaround for ARM64 ERRATUM 4118414 (Mark Salter) [RHEL-183619] {CVE-2025-10263} - arm64: errata: Mitigate TLBI errata on Microsoft Azure Cobalt 100 CPU (Mark Salter) [RHEL-183619] {CVE-2025-10263} - arm64: errata: Mitigate TLBI errata on NVIDIA Olympus CPU (Mark Salter) [RHEL-183619] {CVE-2025-10263} - arm64: errata: Mitigate TLBI errata on various Arm CPUs (Mark Salter) [RHEL-183619] {CVE-2025-10263} - arm64: Add part number for Arm Cortex-A78AE (Mark Salter) [RHEL-183619] {CVE-2025-10263} - arm64: Subscribe Microsoft Azure Cobalt 100 to ARM Neoverse N2 errata (Mark Salter) [RHEL-183619] {CVE-2025-10263} - arm64: cputype: Add NVIDIA Olympus definitions (Mark Salter) [RHEL-183619] {CVE-2025-10263} - arm64: cputype: Add C1-Premium definitions (Mark Salter) [RHEL-183619] {CVE-2025-10263} - arm64: cputype: Add C1-Ultra definitions (Mark Salter) [RHEL-183619] {CVE-2025-10263} - arm64: cputype: Add C1-Pro definitions (Mark Salter) [RHEL-183619] {CVE-2025-10263} - arm64: cputype: Add Cortex-A720AE definitions (Mark Salter) [RHEL-183619] {CVE-2025-10263} - arm64: cputype: Add Neoverse-N3 definitions (Mark Salter) [RHEL-183619] {CVE-2025-10263} - arm64: cputype: Add Cortex-A725 definitions (Mark Salter) [RHEL-183619] {CVE-2025-10263} - arm64: cputype: Add Cortex-A720 definitions (Mark Salter) [RHEL-183619] {CVE-2025-10263} - arm64: Add Cortex-715 CPU part definition (Mark Salter) [RHEL-183619] {CVE-2025-10263} - arm64: cputype: Add Neoverse-V3AE definitions (Mark Salter) [RHEL-183619] {CVE-2025-10263} - arm64: cputype: Add MIDR_CORTEX_A76AE (Mark Salter) [RHEL-183619] {CVE-2025-10263} - arm64: cputype: Add Cortex-X1C definitions (Mark Salter) [RHEL-183619] {CVE-2025-10263} - arm64: cputype: Add Cortex-X925 definitions (Mark Salter) [RHEL-183619] {CVE-2025-10263} - arm64: cputype: Add Cortex-X3 definitions (Mark Salter) [RHEL-183619] {CVE-2025-10263} - arm64: cputype: Add Neoverse-V3 definitions (Mark Salter) [RHEL-183619] {CVE-2025-10263} - arm64: cputype: Add Cortex-X4 definitions (Mark Salter) [RHEL-183619] {CVE-2025-10263} - arm64: Add Neoverse-V2 part (Mark Salter) [RHEL-183619] {CVE-2025-10263} - tcp: fix potential race in tcp_v6_syn_recv_sock() (Antoine Tenart) [RHEL-174237] {CVE-2026-43198} - procfs: fix missing RCU protection when reading real_parent in do_task_stat() (CKI Backport Bot) [RHEL-181898] {CVE-2026-46259} - drm/gem: Fix inconsistent plane dimension calculation in drm_gem_fb_init_with_funcs() (CKI Backport Bot) [RHEL-179907] {CVE-2026-46209} - sctp: revalidate list cursor after sctp_sendmsg_to_asoc() in SCTP_SENDALL (CKI Backport Bot) [RHEL-179857] {CVE-2026-46227} - netfilter: nfnetlink_cthelper: fix OOB read in nfnl_cthelper_dump_table() (CKI Backport Bot) [RHEL-179736] {CVE-2026-43450} - vfs: validate inode i_link before use in get_link() (Ian Kent) [RHEL-152759] Resolves: RHEL-152759, RHEL-174237, RHEL-179736, RHEL-179857, RHEL-179907, RHEL-181898, RHEL-183619 Signed-off-by: CKI KWF Bot --- kernel-rt-aarch64-debug.config | 1 + kernel-rt-aarch64.config | 1 + kernel.spec | 37 +++++++++++++++++++++++++++++++--- sources | 2 +- 4 files changed, 37 insertions(+), 4 deletions(-) diff --git a/kernel-rt-aarch64-debug.config b/kernel-rt-aarch64-debug.config index 63cf1c3..4b28efd 100644 --- a/kernel-rt-aarch64-debug.config +++ b/kernel-rt-aarch64-debug.config @@ -2532,6 +2532,7 @@ CONFIG_ARM64_CRYPTO=y CONFIG_ARM64_E0PD=y CONFIG_ARM64_ERRATUM_1024718=y CONFIG_ARM64_ERRATUM_1542419=y +CONFIG_ARM64_ERRATUM_4118414=y CONFIG_ARM64_ERRATUM_819472=y CONFIG_ARM64_ERRATUM_824069=y CONFIG_ARM64_ERRATUM_826319=y diff --git a/kernel-rt-aarch64.config b/kernel-rt-aarch64.config index e5c1ae9..d0fd1c7 100644 --- a/kernel-rt-aarch64.config +++ b/kernel-rt-aarch64.config @@ -2604,6 +2604,7 @@ CONFIG_ARM64_CRYPTO=y CONFIG_ARM64_E0PD=y CONFIG_ARM64_ERRATUM_1024718=y CONFIG_ARM64_ERRATUM_1542419=y +CONFIG_ARM64_ERRATUM_4118414=y CONFIG_ARM64_ERRATUM_819472=y CONFIG_ARM64_ERRATUM_824069=y CONFIG_ARM64_ERRATUM_826319=y diff --git a/kernel.spec b/kernel.spec index d131ae9..2e76f95 100644 --- a/kernel.spec +++ b/kernel.spec @@ -49,10 +49,10 @@ # define buildid .local %define specversion 4.18.0 -%define pkgrelease 553.139.1.rt7.480.el8_10 +%define pkgrelease 553.140.1.rt7.481.el8_10 # allow pkg_release to have configurable %%{?dist} tag -%define specrelease 553.139.1.rt7.480%{?dist} +%define specrelease 553.140.1.rt7.481%{?dist} %define pkg_release %{specrelease}%{?buildid} @@ -159,7 +159,7 @@ # The preempt RT patch level %global rttag .rt7 # realtimeN -%global rtbuild .480 +%global rtbuild .481 %define with_doc 0 %define with_headers 0 %define with_cross_headers 0 @@ -2726,6 +2726,37 @@ fi # # %changelog +* Thu Jul 02 2026 CKI KWF Bot [4.18.0-553.140.1.rt7.481.el8_10] +- Enable workaround for ARM64 ERRATUM 4118414 (Mark Salter) [RHEL-183619] {CVE-2025-10263} +- arm64: errata: Mitigate TLBI errata on Microsoft Azure Cobalt 100 CPU (Mark Salter) [RHEL-183619] {CVE-2025-10263} +- arm64: errata: Mitigate TLBI errata on NVIDIA Olympus CPU (Mark Salter) [RHEL-183619] {CVE-2025-10263} +- arm64: errata: Mitigate TLBI errata on various Arm CPUs (Mark Salter) [RHEL-183619] {CVE-2025-10263} +- arm64: Add part number for Arm Cortex-A78AE (Mark Salter) [RHEL-183619] {CVE-2025-10263} +- arm64: Subscribe Microsoft Azure Cobalt 100 to ARM Neoverse N2 errata (Mark Salter) [RHEL-183619] {CVE-2025-10263} +- arm64: cputype: Add NVIDIA Olympus definitions (Mark Salter) [RHEL-183619] {CVE-2025-10263} +- arm64: cputype: Add C1-Premium definitions (Mark Salter) [RHEL-183619] {CVE-2025-10263} +- arm64: cputype: Add C1-Ultra definitions (Mark Salter) [RHEL-183619] {CVE-2025-10263} +- arm64: cputype: Add C1-Pro definitions (Mark Salter) [RHEL-183619] {CVE-2025-10263} +- arm64: cputype: Add Cortex-A720AE definitions (Mark Salter) [RHEL-183619] {CVE-2025-10263} +- arm64: cputype: Add Neoverse-N3 definitions (Mark Salter) [RHEL-183619] {CVE-2025-10263} +- arm64: cputype: Add Cortex-A725 definitions (Mark Salter) [RHEL-183619] {CVE-2025-10263} +- arm64: cputype: Add Cortex-A720 definitions (Mark Salter) [RHEL-183619] {CVE-2025-10263} +- arm64: Add Cortex-715 CPU part definition (Mark Salter) [RHEL-183619] {CVE-2025-10263} +- arm64: cputype: Add Neoverse-V3AE definitions (Mark Salter) [RHEL-183619] {CVE-2025-10263} +- arm64: cputype: Add MIDR_CORTEX_A76AE (Mark Salter) [RHEL-183619] {CVE-2025-10263} +- arm64: cputype: Add Cortex-X1C definitions (Mark Salter) [RHEL-183619] {CVE-2025-10263} +- arm64: cputype: Add Cortex-X925 definitions (Mark Salter) [RHEL-183619] {CVE-2025-10263} +- arm64: cputype: Add Cortex-X3 definitions (Mark Salter) [RHEL-183619] {CVE-2025-10263} +- arm64: cputype: Add Neoverse-V3 definitions (Mark Salter) [RHEL-183619] {CVE-2025-10263} +- arm64: cputype: Add Cortex-X4 definitions (Mark Salter) [RHEL-183619] {CVE-2025-10263} +- arm64: Add Neoverse-V2 part (Mark Salter) [RHEL-183619] {CVE-2025-10263} +- tcp: fix potential race in tcp_v6_syn_recv_sock() (Antoine Tenart) [RHEL-174237] {CVE-2026-43198} +- procfs: fix missing RCU protection when reading real_parent in do_task_stat() (CKI Backport Bot) [RHEL-181898] {CVE-2026-46259} +- drm/gem: Fix inconsistent plane dimension calculation in drm_gem_fb_init_with_funcs() (CKI Backport Bot) [RHEL-179907] {CVE-2026-46209} +- sctp: revalidate list cursor after sctp_sendmsg_to_asoc() in SCTP_SENDALL (CKI Backport Bot) [RHEL-179857] {CVE-2026-46227} +- netfilter: nfnetlink_cthelper: fix OOB read in nfnl_cthelper_dump_table() (CKI Backport Bot) [RHEL-179736] {CVE-2026-43450} +- vfs: validate inode i_link before use in get_link() (Ian Kent) [RHEL-152759] + * Mon Jun 29 2026 CKI KWF Bot [4.18.0-553.139.1.rt7.480.el8_10] - NFS: improve "Server wrote zero bytes" error (Olga Kornievskaia) [RHEL-147665] diff --git a/sources b/sources index a7cb11b..ed6c98f 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (linux-4.18.0-553.139.1.rt7.480.el8_10.tar.xz) = a31ed8ac570e8e3966252e7e49fa881f1294256f16de5a874c551697539eada980fa373a4c6c6e97c5af8168868d65c4c588c7ae32403f29f0be0e9916b1ac5e +SHA512 (linux-4.18.0-553.140.1.rt7.481.el8_10.tar.xz) = 4b0372568734859cafb18d005b72118e13b5ac23a998386dd3fd8cb0a26a2089d8de7cb7e6154e7fd0ea17a201a75749d7b68f1938f4d316aa81730585560fc7