kernel-rt-4.18.0-553.8.1.rt7.349.el8_10

* Fri Jun 14 2024 Denys Vlasenko <dvlasenk@redhat.com> [4.18.0-553.8.1.rt7.349.el8_10]
- [rt] build kernel-rt-4.18.0-553.8.1.rt7.349.el8_10 [RHEL-40882]
- udf: Fix NULL pointer dereference in udf_symlink function (Pavel Reichl) [RHEL-37769] {CVE-2021-47353}
- net: ti: fix UAF in tlan_remove_one (Jose Ignacio Tornos Martinez) [RHEL-38940] {CVE-2021-47310}
- ARM: footbridge: fix PCI interrupt mapping (Myron Stowe) [RHEL-26971] {CVE-2021-46909}
- i40e: Do not use WQ_MEM_RECLAIM flag for workqueue (Kamal Heib) [RHEL-37454] {CVE-2024-36004}
- net/mlx5e: Fix mlx5e_priv_init() cleanup flow (Kamal Heib) [RHEL-37424] {CVE-2024-35959}
- net/mlx5: Properly link new fs rules into the tree (Kamal Heib) [RHEL-37420] {CVE-2024-35960}
- net/mlx5e: fix a potential double-free in fs_any_create_groups (Kamal Heib) [RHEL-37091] {CVE-2023-52667}
- net: ena: Fix incorrect descriptor free behavior (Kamal Heib) [RHEL-37428] {CVE-2024-35958}
- mISDN: hfcpci: Fix use-after-free bug in hfcpci_softirq (Jose Ignacio Tornos Martinez) [RHEL-37763] {CVE-2021-47356}
- mISDN: fix possible use-after-free in HFC_cleanup() (Jose Ignacio Tornos Martinez) [RHEL-37763] {CVE-2021-47356}
- crypto: qat - Fix ADF_DEV_RESET_SYNC memory leak (Vladis Dronov) [RHEL-35106] {CVE-2024-26974}
- crypto: qat - implement dh fallback for primes > 4K (Vladis Dronov) [RHEL-35106]
- crypto: qat - avoid division by zero (Vladis Dronov) [RHEL-35106]
- crypto: qat - resolve race condition during AER recovery (Vladis Dronov) [RHEL-35106] {CVE-2024-26974}
- crypto: qat - use kcalloc_node() instead of kzalloc_node() (Vladis Dronov) [RHEL-35106]
- [rt] Enable CONFIG_DRM_MGAG200_DISABLE_WRITECOMBINE (Jocelyn Falempe) [RHEL-36172]
- drm/mgag200: Add an option to disable Write-Combine (Jocelyn Falempe) [RHEL-36172]
- drm/mgag200: Fix caching setup for remapped video memory (Jocelyn Falempe) [RHEL-36172]
- Revert "drm/mgag200: Add a workaround for low-latency" (Jocelyn Falempe) [RHEL-36172]
- mptcp: fix data re-injection from stale subflow (Davide Caratti) [RHEL-33133] {CVE-2024-26826}
- ipv6: sr: fix incorrect unregister order (Hangbin Liu) [RHEL-31730]
- ipv6: sr: fix possible use-after-free and null-ptr-deref (Hangbin Liu) [RHEL-31730] {CVE-2024-26735}
- net/bnx2x: Prevent access to a freed page in page_pool (Michal Schmidt) [RHEL-14195 RHEL-33243] {CVE-2024-26859}
- bnx2x: new flag for track HW resource allocation (Michal Schmidt) [RHEL-14195 RHEL-33243]
- bnx2x: fix page fault following EEH recovery (Michal Schmidt) [RHEL-14195 RHEL-33243]
- x86: KVM: SVM: always update the x2avic msr interception (Maxim Levitsky) [RHEL-15495] {CVE-2023-5090}
- EDAC/thunderx: Fix possible out-of-bounds string access (Aristeu Rozanski) [RHEL-26573] {CVE-2023-52464}
Resolves: RHEL-40882, RHEL-38941, RHEL-26972, RHEL-15493, RHEL-33244, RHEL-38952, RHEL-39215, RHEL-33965, RHEL-38970, RHEL-26580, RHEL-37764, RHEL-37770, RHEL-35107, RHEL-33134, RHEL-37455, RHEL-37425

Signed-off-by: Denys Vlasenko <dvlasenk@redhat.com>

kernel-rt-x86_64-debug.config

@@ -2939,7 +2939,7 @@ CONFIG_DRM_I915_GVT_KVMGT=m
 CONFIG_DRM_I915_USERPTR=y
 CONFIG_DRM_LOAD_EDID_FIRMWARE=y
 CONFIG_DRM_MGAG200=m
-CONFIG_DRM_MGAG200_IOBURST_WORKAROUND=y
+CONFIG_DRM_MGAG200_DISABLE_WRITECOMBINE=y
 CONFIG_DRM_NOUVEAU=m
 CONFIG_DRM_NOUVEAU_BACKLIGHT=y
 CONFIG_DRM_QXL=m

kernel-rt-x86_64.config

@@ -2968,7 +2968,7 @@ CONFIG_DRM_I915_GVT_KVMGT=m
 CONFIG_DRM_I915_USERPTR=y
 CONFIG_DRM_LOAD_EDID_FIRMWARE=y
 CONFIG_DRM_MGAG200=m
-CONFIG_DRM_MGAG200_IOBURST_WORKAROUND=y
+CONFIG_DRM_MGAG200_DISABLE_WRITECOMBINE=y
 CONFIG_DRM_NOUVEAU=m
 CONFIG_DRM_NOUVEAU_BACKLIGHT=y
 CONFIG_DRM_QXL=m

kernel.spec

@@ -38,10 +38,10 @@
 # define buildid .local
 
 %define specversion 4.18.0
-%define pkgrelease 553.7.1.rt7.348.el8_10
+%define pkgrelease 553.8.1.rt7.349.el8_10
 
 # allow pkg_release to have configurable %%{?dist} tag
-%define specrelease 553.7.1.rt7.348%{?dist}
+%define specrelease 553.8.1.rt7.349%{?dist}
 
 %define pkg_release %{specrelease}%{?buildid}
 
@@ -148,7 +148,7 @@
 # The preempt RT patch level
 %global rttag .rt7
 # realtimeN
-%global rtbuild .348
+%global rtbuild .349
 %define with_doc 0
 %define with_headers 0
 %define with_cross_headers 0
@@ -2699,6 +2699,36 @@ fi
 #
 #
 %changelog
+* Fri Jun 14 2024 Denys Vlasenko <dvlasenk@redhat.com> [4.18.0-553.8.1.rt7.349.el8_10]
+- [rt] build kernel-rt-4.18.0-553.8.1.rt7.349.el8_10 [RHEL-40882]
+- udf: Fix NULL pointer dereference in udf_symlink function (Pavel Reichl) [RHEL-37769] {CVE-2021-47353}
+- net: ti: fix UAF in tlan_remove_one (Jose Ignacio Tornos Martinez) [RHEL-38940] {CVE-2021-47310}
+- ARM: footbridge: fix PCI interrupt mapping (Myron Stowe) [RHEL-26971] {CVE-2021-46909}
+- i40e: Do not use WQ_MEM_RECLAIM flag for workqueue (Kamal Heib) [RHEL-37454] {CVE-2024-36004}
+- net/mlx5e: Fix mlx5e_priv_init() cleanup flow (Kamal Heib) [RHEL-37424] {CVE-2024-35959}
+- net/mlx5: Properly link new fs rules into the tree (Kamal Heib) [RHEL-37420] {CVE-2024-35960}
+- net/mlx5e: fix a potential double-free in fs_any_create_groups (Kamal Heib) [RHEL-37091] {CVE-2023-52667}
+- net: ena: Fix incorrect descriptor free behavior (Kamal Heib) [RHEL-37428] {CVE-2024-35958}
+- mISDN: hfcpci: Fix use-after-free bug in hfcpci_softirq (Jose Ignacio Tornos Martinez) [RHEL-37763] {CVE-2021-47356}
+- mISDN: fix possible use-after-free in HFC_cleanup() (Jose Ignacio Tornos Martinez) [RHEL-37763] {CVE-2021-47356}
+- crypto: qat - Fix ADF_DEV_RESET_SYNC memory leak (Vladis Dronov) [RHEL-35106] {CVE-2024-26974}
+- crypto: qat - implement dh fallback for primes > 4K (Vladis Dronov) [RHEL-35106]
+- crypto: qat - avoid division by zero (Vladis Dronov) [RHEL-35106]
+- crypto: qat - resolve race condition during AER recovery (Vladis Dronov) [RHEL-35106] {CVE-2024-26974}
+- crypto: qat - use kcalloc_node() instead of kzalloc_node() (Vladis Dronov) [RHEL-35106]
+- [rt] Enable CONFIG_DRM_MGAG200_DISABLE_WRITECOMBINE (Jocelyn Falempe) [RHEL-36172]
+- drm/mgag200: Add an option to disable Write-Combine (Jocelyn Falempe) [RHEL-36172]
+- drm/mgag200: Fix caching setup for remapped video memory (Jocelyn Falempe) [RHEL-36172]
+- Revert "drm/mgag200: Add a workaround for low-latency" (Jocelyn Falempe) [RHEL-36172]
+- mptcp: fix data re-injection from stale subflow (Davide Caratti) [RHEL-33133] {CVE-2024-26826}
+- ipv6: sr: fix incorrect unregister order (Hangbin Liu) [RHEL-31730]
+- ipv6: sr: fix possible use-after-free and null-ptr-deref (Hangbin Liu) [RHEL-31730] {CVE-2024-26735}
+- net/bnx2x: Prevent access to a freed page in page_pool (Michal Schmidt) [RHEL-14195 RHEL-33243] {CVE-2024-26859}
+- bnx2x: new flag for track HW resource allocation (Michal Schmidt) [RHEL-14195 RHEL-33243]
+- bnx2x: fix page fault following EEH recovery (Michal Schmidt) [RHEL-14195 RHEL-33243]
+- x86: KVM: SVM: always update the x2avic msr interception (Maxim Levitsky) [RHEL-15495] {CVE-2023-5090}
+- EDAC/thunderx: Fix possible out-of-bounds string access (Aristeu Rozanski) [RHEL-26573] {CVE-2023-52464}
+
 * Fri Jun 07 2024 Denys Vlasenko <dvlasenk@redhat.com> [4.18.0-553.7.1.rt7.348.el8_10]
 - [rt] build kernel-rt-4.18.0-553.7.1.rt7.348.el8_10 [RHEL-34640]
 - net: qcom/emac: fix UAF in emac_remove (Ken Cox) [RHEL-37834] {CVE-2021-47311}

sources

@@ -1 +1 @@
-SHA512 (linux-4.18.0-553.7.1.rt7.348.el8_10.tar.xz) = f4e7970ca85a012a77fb5fb7716dda9fa901d3a191842c145b42efbcb4716b7bbce825b4df4bb4a02225f01d1adf24999ac4c0eabde87fd76bcb8ee002b717ee
+SHA512 (linux-4.18.0-553.8.1.rt7.349.el8_10.tar.xz) = 896faa7711c760dd8f517d72189370b31f8538121980c38a315e323f4d687edfc2e436caa67ad7d828084697617fcc91cdf0bd79138bb6fff3b0ff83f529f50a