From 0328dbb6f9b7cd033245de9bb2e57c5edcab5d60 Mon Sep 17 00:00:00 2001 From: eabdullin Date: Wed, 5 Nov 2025 12:23:28 +0300 Subject: [PATCH] Update to kernel-5.14.0-611.2.1.el9_7 : --- .gitignore | 6 +- .kernel.metadata | 6 +- SOURCES/Makefile.rhelver | 4 +- SOURCES/kernel-x86_64-debug-rhel.config | 1 + SOURCES/kernel-x86_64-rhel.config | 1 + SOURCES/kernel-x86_64-rt-debug-rhel.config | 1 + SOURCES/kernel-x86_64-rt-rhel.config | 1 + SOURCES/kernel.changelog | 73 ++++++++++++++++++++ SOURCES/uki_addons.json | 50 +++++++------- SPECS/kernel.spec | 80 ++++++++++++++++++++-- 10 files changed, 186 insertions(+), 37 deletions(-) diff --git a/.gitignore b/.gitignore index 359fed9b1..e29a261d7 100644 --- a/.gitignore +++ b/.gitignore @@ -1,6 +1,6 @@ -SOURCES/kernel-abi-stablelists-5.14.0-611.el9.tar.bz2 -SOURCES/kernel-kabi-dw-5.14.0-611.el9.tar.bz2 -SOURCES/linux-5.14.0-611.el9.tar.xz +SOURCES/kernel-abi-stablelists-5.14.0-611.2.1.el9_7.tar.bz2 +SOURCES/kernel-kabi-dw-5.14.0-611.2.1.el9_7.tar.bz2 +SOURCES/linux-5.14.0-611.2.1.el9_7.tar.xz SOURCES/nvidiagpuoot001.x509 SOURCES/rheldup3.x509 SOURCES/rhelima.x509 diff --git a/.kernel.metadata b/.kernel.metadata index ab22c3b15..4bc40c44a 100644 --- a/.kernel.metadata +++ b/.kernel.metadata @@ -1,6 +1,6 @@ -d407d5c7636490afac1a41b4771dfdd126d0c905 SOURCES/kernel-abi-stablelists-5.14.0-611.el9.tar.bz2 -991185ce1e7ca8aa78060496d6726c8f1f54a909 SOURCES/kernel-kabi-dw-5.14.0-611.el9.tar.bz2 -f05498a995e3c141f3f8ff49a86db5934a71d233 SOURCES/linux-5.14.0-611.el9.tar.xz +86f62566399d64a3ffdda34b9eb636014320edc7 SOURCES/kernel-abi-stablelists-5.14.0-611.2.1.el9_7.tar.bz2 +6ea2696c664fd340564b1b7c0cd5013080b72ba3 SOURCES/kernel-kabi-dw-5.14.0-611.2.1.el9_7.tar.bz2 +42d084a96e3690af2f70035840681934b5ae1e7c SOURCES/linux-5.14.0-611.2.1.el9_7.tar.xz 4fff8080e88afffc06d8ef5004db8d53bb21237f SOURCES/nvidiagpuoot001.x509 95b9b811c7b0a6c98b2eafc4e7d6d24f2cb63289 SOURCES/rheldup3.x509 99e571f9de4188f3b5fdf1f84ff73f6cc4bb6a0e SOURCES/rhelima.x509 diff --git a/SOURCES/Makefile.rhelver b/SOURCES/Makefile.rhelver index d37798d99..03a72bcac 100644 --- a/SOURCES/Makefile.rhelver +++ b/SOURCES/Makefile.rhelver @@ -12,7 +12,7 @@ RHEL_MINOR = 7 # # Use this spot to avoid future merge conflicts. # Do not trim this comment. -RHEL_RELEASE = 611 +RHEL_RELEASE = 611.2.1 # # ZSTREAM @@ -34,7 +34,7 @@ RHEL_RELEASE = 611 # (when you give RHDISTGIT_BRANCH on the command line, in which case the Z # number will be incremented instead of the Y). # -ZSTREAM ?= no +ZSTREAM ?= yes # # Early y+1 numbering diff --git a/SOURCES/kernel-x86_64-debug-rhel.config b/SOURCES/kernel-x86_64-debug-rhel.config index 6cd189d8e..76f6a97f9 100644 --- a/SOURCES/kernel-x86_64-debug-rhel.config +++ b/SOURCES/kernel-x86_64-debug-rhel.config @@ -3393,6 +3393,7 @@ CONFIG_MITIGATION_SRBDS=y CONFIG_MITIGATION_SRSO=y CONFIG_MITIGATION_SSB=y CONFIG_MITIGATION_TAA=y +CONFIG_MITIGATION_TSA=y CONFIG_MITIGATION_UNRET_ENTRY=y # CONFIG_MK8 is not set # CONFIG_MLX4_CORE_GEN2 is not set diff --git a/SOURCES/kernel-x86_64-rhel.config b/SOURCES/kernel-x86_64-rhel.config index 4898071cf..6496b5a01 100644 --- a/SOURCES/kernel-x86_64-rhel.config +++ b/SOURCES/kernel-x86_64-rhel.config @@ -3373,6 +3373,7 @@ CONFIG_MITIGATION_SRBDS=y CONFIG_MITIGATION_SRSO=y CONFIG_MITIGATION_SSB=y CONFIG_MITIGATION_TAA=y +CONFIG_MITIGATION_TSA=y CONFIG_MITIGATION_UNRET_ENTRY=y # CONFIG_MK8 is not set # CONFIG_MLX4_CORE_GEN2 is not set diff --git a/SOURCES/kernel-x86_64-rt-debug-rhel.config b/SOURCES/kernel-x86_64-rt-debug-rhel.config index 2c8a61900..b9d15bb6a 100644 --- a/SOURCES/kernel-x86_64-rt-debug-rhel.config +++ b/SOURCES/kernel-x86_64-rt-debug-rhel.config @@ -3452,6 +3452,7 @@ CONFIG_MITIGATION_SRBDS=y CONFIG_MITIGATION_SRSO=y CONFIG_MITIGATION_SSB=y CONFIG_MITIGATION_TAA=y +CONFIG_MITIGATION_TSA=y CONFIG_MITIGATION_UNRET_ENTRY=y # CONFIG_MK8 is not set # CONFIG_MLX4_CORE_GEN2 is not set diff --git a/SOURCES/kernel-x86_64-rt-rhel.config b/SOURCES/kernel-x86_64-rt-rhel.config index abf2820f7..beed93514 100644 --- a/SOURCES/kernel-x86_64-rt-rhel.config +++ b/SOURCES/kernel-x86_64-rt-rhel.config @@ -3432,6 +3432,7 @@ CONFIG_MITIGATION_SRBDS=y CONFIG_MITIGATION_SRSO=y CONFIG_MITIGATION_SSB=y CONFIG_MITIGATION_TAA=y +CONFIG_MITIGATION_TSA=y CONFIG_MITIGATION_UNRET_ENTRY=y # CONFIG_MK8 is not set # CONFIG_MLX4_CORE_GEN2 is not set diff --git a/SOURCES/kernel.changelog b/SOURCES/kernel.changelog index f635c834d..bdab4bf8a 100644 --- a/SOURCES/kernel.changelog +++ b/SOURCES/kernel.changelog @@ -1,3 +1,76 @@ +* Wed Sep 17 2025 Augusto Caringi [5.14.0-611.2.1.el9_7] +- netfilter: nf_conntrack: fix crash due to removal of uninitialised entry (Florian Westphal) [RHEL-106430] {CVE-2025-38472} +- s390/sclp: Fix SCCB present check (CKI Backport Bot) [RHEL-113557] {CVE-2025-39694} +- ipv6: mcast: Delay put pmc->idev in mld_del_delrec() (Hangbin Liu) [RHEL-111150] {CVE-2025-38550} +- devlink: add reserved fields to devlink_*_ops (Petr Oros) [RHEL-111906] +- ixgbe: prevent from unwanted interface name changes (CKI Backport Bot) [RHEL-109607] +- devlink: let driver opt out of automatic phys_port_name generation (CKI Backport Bot) [RHEL-109607] +- xfrm: interface: fix use-after-free after changing collect_md xfrm interface (CKI Backport Bot) [RHEL-109528] {CVE-2025-38500} +- dpll: add reserved fields to dpll_device_ops and dpll_pin_ops structs (Ivan Vecera) [RHEL-111904] +- ice: use fixed adapter index for E825C embedded devices (Michal Schmidt) [RHEL-104010] +- net: openvswitch: remove misbehaving actions length check (Aaron Conole) [RHEL-83440] +- irdma: free iwdev->rf after removing MSI-X (Kamal Heib) [RHEL-103278 RHEL-95816] +- sctp: linearize cloned gso packets in sctp_rcv (CKI Backport Bot) [RHEL-113332] {CVE-2025-38718} +- net: usb: smsc75xx: Move packet length check to prevent kernel panic in skb_pull (CKI Backport Bot) [RHEL-112247] {CVE-2023-53125} +- net: usb: smsc75xx: Limit packet length to skb->len (CKI Backport Bot) [RHEL-112247] {CVE-2023-53125} +- cpufreq: Move endif to the end of Kconfig file (Mark Langsdorf) [RHEL-112816] +- cpufreq: Move CPPC configs to common Kconfig and add RISC-V (Mark Langsdorf) [RHEL-112816] +- HID: core: Harden s32ton() against conversion to 0 bits (Benjamin Tissoires) [RHEL-111034] {CVE-2025-38556} +- HID: stop exporting hid_snto32() (Benjamin Tissoires) [RHEL-111034] {CVE-2025-38556} +- HID: simplify snto32() (Benjamin Tissoires) [RHEL-111034] {CVE-2025-38556} +Resolves: RHEL-103278, RHEL-104010, RHEL-106430, RHEL-109528, RHEL-109607, RHEL-111034, RHEL-111150, RHEL-111904, RHEL-111906, RHEL-112247, RHEL-112816, RHEL-113332, RHEL-113557, RHEL-83440, RHEL-95816 + +* Sat Sep 06 2025 CKI KWF Bot [5.14.0-611.1.1.el9_7] +- redhat: set defaults for RHEL 9.7 (Augusto Caringi) +- posix-cpu-timers: fix race between handle_posix_cpu_timers() and posix_cpu_timer_del() (CKI Backport Bot) [RHEL-112783] {CVE-2025-38352} +- fs: export anon_inode_make_secure_inode() and fix secretmem LSM bypass (Audra Mitchell) [RHEL-110312] {CVE-2025-38396} +- idpf: convert control queue mutex to a spinlock (Michal Schmidt) [RHEL-106051] {CVE-2025-38392} +- redhat/configs: Enable CONFIG_MITIGATION_TSA for x86 (Waiman Long) [RHEL-83897] +- x86/process: Move the buffer clearing before MONITOR (Waiman Long) [RHEL-83897 RHEL-83906] {CVE-2024-36357 CVE-2024-36350} +- x86/microcode/AMD: Add TSA microcode SHAs (Waiman Long) [RHEL-83897 RHEL-83906] {CVE-2024-36357 CVE-2024-36350} +- KVM: SVM: Advertise TSA CPUID bits to guests (Waiman Long) [RHEL-83897 RHEL-83906] {CVE-2024-36357 CVE-2024-36350} +- x86/bugs: Add a Transient Scheduler Attacks mitigation (Waiman Long) [RHEL-83897 RHEL-83906] {CVE-2024-36357 CVE-2024-36350} +- x86/bugs: Rename MDS machinery to something more generic (Waiman Long) [RHEL-83897 RHEL-83906] {CVE-2024-36357 CVE-2024-36350} +- x86/idle: Use MONITOR and MWAIT mnemonics in (Waiman Long) [RHEL-83897] +- x86/idle: Remove .s output beautifying delimiters from simpler asm() templates (Waiman Long) [RHEL-83897] +- x86/idle: Standardize argument types for MONITOR{,X} and MWAIT{,X} instruction wrappers on 'u32' (Waiman Long) [RHEL-83897] +- x86/idle: Remove MFENCEs for X86_BUG_CLFLUSH_MONITOR in mwait_idle_with_hints() and prefer_mwait_c1_over_halt() (Waiman Long) [RHEL-83897] +- x86/bugs: Rename mmio_stale_data_clear to cpu_buf_vm_clear (Waiman Long) [RHEL-83897] +- x86/microcode: Consolidate the loader enablement checking (Waiman Long) [RHEL-83897] +- x86/microcode/AMD: Fix __apply_microcode_amd()'s return value (Waiman Long) [RHEL-83897] {CVE-2025-22047} +- x86/microcode/AMD: Add some forgotten models to the SHA check (Waiman Long) [RHEL-83897] +- x86/microcode/AMD: Load only SHA256-checksummed patches (Waiman Long) [RHEL-83897] +- x86/microcode/AMD: Add get_patch_level() (Waiman Long) [RHEL-83897] +- x86/microcode/AMD: Get rid of the _load_microcode_amd() forward declaration (Waiman Long) [RHEL-83897] +- x86/microcode/AMD: Merge early_apply_microcode() into its single callsite (Waiman Long) [RHEL-83897] +- x86/microcode/AMD: Remove unused save_microcode_in_initrd_amd() declarations (Waiman Long) [RHEL-83897] +- x86/microcode/AMD: Remove ugly linebreak in __verify_patch_section() signature (Waiman Long) [RHEL-83897] +- x86/cpu: Introduce new microcode matching helper (Waiman Long) [RHEL-83897] +- x86/microcode/AMD: Remove ret local var in early_apply_microcode() (Waiman Long) [RHEL-83897] +- x86/microcode/AMD: Have __apply_microcode_amd() return bool (Waiman Long) [RHEL-83897] +- x86/microcode/AMD: Return bool from find_blobs_in_containers() (Waiman Long) [RHEL-83897] +- x86/microcode/AMD: Flush patch buffer mapping after application (Waiman Long) [RHEL-83897] +- x86/CPU/AMD: Terminate the erratum_1386_microcode array (Waiman Long) [RHEL-83897] {CVE-2024-56721} +- x86/mm: Carve out INVLPG inline asm for use by others (Waiman Long) [RHEL-83897] +- x86/cpu: Fix formatting of cpuid_bits[] in scattered.c (Waiman Long) [RHEL-83897] +- x86/cpufeatures: Add X86_FEATURE_AMD_WORKLOAD_CLASS feature bit (Waiman Long) [RHEL-83897] +- x86/microcode/AMD: Split load_microcode_amd() (Waiman Long) [RHEL-83897] +- x86/microcode/AMD: Pay attention to the stepping dynamically (Waiman Long) [RHEL-83897] +- x86/bugs: Use code segment selector for VERW operand (Waiman Long) [RHEL-83897] {CVE-2024-50072} +- x86/microcode/AMD: Fix a -Wsometimes-uninitialized clang false positive (Waiman Long) [RHEL-83897] +- x86/microcode/AMD: Use the family,model,stepping encoded in the patch ID (Waiman Long) [RHEL-83897] +- x86/CPU/AMD: Improve the erratum 1386 workaround (Waiman Long) [RHEL-83897] +- x86: Add a comment about the "magic" behind shadow sti before mwait (Waiman Long) [RHEL-83897] +- x86/bugs: Revert "Reverse instruction order of CLEAR_CPU_BUFFERS" (Waiman Long) [RHEL-83897] +- scsi: mpt3sas: Fix a fw_event memory leak (Tomas Henzl) [RHEL-108656] +- Revert "drm/gem-dma: Use dma_buf from GEM object instance" (Robert Foss) [RHEL-106696] +- Revert "drm/gem-framebuffer: Use dma_buf from GEM object instance" (Robert Foss) [RHEL-106696] +- Revert "drm/prime: Use dma_buf from GEM object instance" (Robert Foss) [RHEL-106696] +- drm/framebuffer: Acquire internal references on GEM handles (Robert Foss) [RHEL-106696] +- drm/gem: Acquire references on GEM handles for framebuffers (CKI Backport Bot) [RHEL-106696] {CVE-2025-38449} +- Revert "e1000e: change k1 configuration on MTP and later platforms" (Michal Schmidt) [RHEL-110519] +Resolves: RHEL-106051, RHEL-106696, RHEL-108656, RHEL-110312, RHEL-110519, RHEL-112783, RHEL-83897, RHEL-83906 + * Fri Aug 22 2025 Jarod Wilson [5.14.0-611.el9] - HID: wacom: fix crash in wacom_aes_battery_handler() (Benjamin Tissoires) [RHEL-102058] - HID: wacom: fix kobject reference count leak (Benjamin Tissoires) [RHEL-102058] diff --git a/SOURCES/uki_addons.json b/SOURCES/uki_addons.json index f36e43056..791549346 100644 --- a/SOURCES/uki_addons.json +++ b/SOURCES/uki_addons.json @@ -1,48 +1,48 @@ { "virt": { + "common": { + "fips-disable.addon": [ + "fips=0\n" + ], + "fips-enable.addon": [ + "fips=1\n" + ] + }, "rhel": { "aarch64": { "crashkernel-default.addon": [ "crashkernel=1G-4G:256M,4G-64G:320M,64G-:576M\n" ] } - }, - "common": { - "fips-enable.addon": [ - "fips=1\n" - ], - "fips-disable.addon": [ - "fips=0\n" - ] } }, "common": { - "crashkernel-192M.addon": [ - "crashkernel=192M\n" - ], - "crashkernel-default.addon": [ - "crashkernel=1G-4G:192M,4G-64G:256M,64G-:512M\n" - ], - "systemd-volatile-overlay.addon": [ - "systemd.volatile=overlay" - ], - "crashkernel-512M.addon": [ - "crashkernel=512M\n" - ], - "crashkernel-256M.addon": [ - "crashkernel=256M\n" - ], "crashkernel-1536M.addon": [ "crashkernel=1536M\n" ], - "debug.addon": [ - "debug\n" + "crashkernel-192M.addon": [ + "crashkernel=192M\n" ], "crashkernel-1G.addon": [ "crashkernel=1G\n" ], + "crashkernel-256M.addon": [ + "crashkernel=256M\n" + ], "crashkernel-2G.addon": [ "crashkernel=2G\n" + ], + "crashkernel-512M.addon": [ + "crashkernel=512M\n" + ], + "crashkernel-default.addon": [ + "crashkernel=1G-4G:192M,4G-64G:256M,64G-:512M\n" + ], + "debug.addon": [ + "debug\n" + ], + "systemd-volatile-overlay.addon": [ + "systemd.volatile=overlay" ] } } \ No newline at end of file diff --git a/SPECS/kernel.spec b/SPECS/kernel.spec index 8b0ef1cd4..ba3ba4057 100755 --- a/SPECS/kernel.spec +++ b/SPECS/kernel.spec @@ -165,15 +165,15 @@ Summary: The Linux kernel # define buildid .local %define specversion 5.14.0 %define patchversion 5.14 -%define pkgrelease 611 +%define pkgrelease 611.2.1 %define kversion 5 -%define tarfile_release 5.14.0-611.el9 +%define tarfile_release 5.14.0-611.2.1.el9_7 # This is needed to do merge window version magic %define patchlevel 14 # This allows pkg_release to have configurable %%{?dist} tag -%define specrelease 611%{?buildid}%{?dist} +%define specrelease 611.2.1%{?buildid}%{?dist} # This defines the kabi tarball version -%define kabiversion 5.14.0-611.el9 +%define kabiversion 5.14.0-611.2.1.el9_7 # # End of genspec.sh variables @@ -185,6 +185,7 @@ Summary: The Linux kernel # should not be exported to RPM provides %global __provides_exclude_from ^%{_libexecdir}/kselftests +%define _with_kabidupchk 1 # The following build options are enabled by default, but may become disabled # by later architecture-specific checks. These can also be disabled by using # --without in the rpmbuild command, or by forcing these values to 0. @@ -3684,6 +3685,77 @@ fi # # %changelog +* Wed Sep 17 2025 Augusto Caringi [5.14.0-611.2.1.el9_7] +- netfilter: nf_conntrack: fix crash due to removal of uninitialised entry (Florian Westphal) [RHEL-106430] {CVE-2025-38472} +- s390/sclp: Fix SCCB present check (CKI Backport Bot) [RHEL-113557] {CVE-2025-39694} +- ipv6: mcast: Delay put pmc->idev in mld_del_delrec() (Hangbin Liu) [RHEL-111150] {CVE-2025-38550} +- devlink: add reserved fields to devlink_*_ops (Petr Oros) [RHEL-111906] +- ixgbe: prevent from unwanted interface name changes (CKI Backport Bot) [RHEL-109607] +- devlink: let driver opt out of automatic phys_port_name generation (CKI Backport Bot) [RHEL-109607] +- xfrm: interface: fix use-after-free after changing collect_md xfrm interface (CKI Backport Bot) [RHEL-109528] {CVE-2025-38500} +- dpll: add reserved fields to dpll_device_ops and dpll_pin_ops structs (Ivan Vecera) [RHEL-111904] +- ice: use fixed adapter index for E825C embedded devices (Michal Schmidt) [RHEL-104010] +- net: openvswitch: remove misbehaving actions length check (Aaron Conole) [RHEL-83440] +- irdma: free iwdev->rf after removing MSI-X (Kamal Heib) [RHEL-103278 RHEL-95816] +- sctp: linearize cloned gso packets in sctp_rcv (CKI Backport Bot) [RHEL-113332] {CVE-2025-38718} +- net: usb: smsc75xx: Move packet length check to prevent kernel panic in skb_pull (CKI Backport Bot) [RHEL-112247] {CVE-2023-53125} +- net: usb: smsc75xx: Limit packet length to skb->len (CKI Backport Bot) [RHEL-112247] {CVE-2023-53125} +- cpufreq: Move endif to the end of Kconfig file (Mark Langsdorf) [RHEL-112816] +- cpufreq: Move CPPC configs to common Kconfig and add RISC-V (Mark Langsdorf) [RHEL-112816] +- HID: core: Harden s32ton() against conversion to 0 bits (Benjamin Tissoires) [RHEL-111034] {CVE-2025-38556} +- HID: stop exporting hid_snto32() (Benjamin Tissoires) [RHEL-111034] {CVE-2025-38556} +- HID: simplify snto32() (Benjamin Tissoires) [RHEL-111034] {CVE-2025-38556} + +* Sat Sep 06 2025 CKI KWF Bot [5.14.0-611.1.1.el9_7] +- redhat: set defaults for RHEL 9.7 (Augusto Caringi) +- posix-cpu-timers: fix race between handle_posix_cpu_timers() and posix_cpu_timer_del() (CKI Backport Bot) [RHEL-112783] {CVE-2025-38352} +- fs: export anon_inode_make_secure_inode() and fix secretmem LSM bypass (Audra Mitchell) [RHEL-110312] {CVE-2025-38396} +- idpf: convert control queue mutex to a spinlock (Michal Schmidt) [RHEL-106051] {CVE-2025-38392} +- redhat/configs: Enable CONFIG_MITIGATION_TSA for x86 (Waiman Long) [RHEL-83897] +- x86/process: Move the buffer clearing before MONITOR (Waiman Long) [RHEL-83897 RHEL-83906] {CVE-2024-36357 CVE-2024-36350} +- x86/microcode/AMD: Add TSA microcode SHAs (Waiman Long) [RHEL-83897 RHEL-83906] {CVE-2024-36357 CVE-2024-36350} +- KVM: SVM: Advertise TSA CPUID bits to guests (Waiman Long) [RHEL-83897 RHEL-83906] {CVE-2024-36357 CVE-2024-36350} +- x86/bugs: Add a Transient Scheduler Attacks mitigation (Waiman Long) [RHEL-83897 RHEL-83906] {CVE-2024-36357 CVE-2024-36350} +- x86/bugs: Rename MDS machinery to something more generic (Waiman Long) [RHEL-83897 RHEL-83906] {CVE-2024-36357 CVE-2024-36350} +- x86/idle: Use MONITOR and MWAIT mnemonics in (Waiman Long) [RHEL-83897] +- x86/idle: Remove .s output beautifying delimiters from simpler asm() templates (Waiman Long) [RHEL-83897] +- x86/idle: Standardize argument types for MONITOR{,X} and MWAIT{,X} instruction wrappers on 'u32' (Waiman Long) [RHEL-83897] +- x86/idle: Remove MFENCEs for X86_BUG_CLFLUSH_MONITOR in mwait_idle_with_hints() and prefer_mwait_c1_over_halt() (Waiman Long) [RHEL-83897] +- x86/bugs: Rename mmio_stale_data_clear to cpu_buf_vm_clear (Waiman Long) [RHEL-83897] +- x86/microcode: Consolidate the loader enablement checking (Waiman Long) [RHEL-83897] +- x86/microcode/AMD: Fix __apply_microcode_amd()'s return value (Waiman Long) [RHEL-83897] {CVE-2025-22047} +- x86/microcode/AMD: Add some forgotten models to the SHA check (Waiman Long) [RHEL-83897] +- x86/microcode/AMD: Load only SHA256-checksummed patches (Waiman Long) [RHEL-83897] +- x86/microcode/AMD: Add get_patch_level() (Waiman Long) [RHEL-83897] +- x86/microcode/AMD: Get rid of the _load_microcode_amd() forward declaration (Waiman Long) [RHEL-83897] +- x86/microcode/AMD: Merge early_apply_microcode() into its single callsite (Waiman Long) [RHEL-83897] +- x86/microcode/AMD: Remove unused save_microcode_in_initrd_amd() declarations (Waiman Long) [RHEL-83897] +- x86/microcode/AMD: Remove ugly linebreak in __verify_patch_section() signature (Waiman Long) [RHEL-83897] +- x86/cpu: Introduce new microcode matching helper (Waiman Long) [RHEL-83897] +- x86/microcode/AMD: Remove ret local var in early_apply_microcode() (Waiman Long) [RHEL-83897] +- x86/microcode/AMD: Have __apply_microcode_amd() return bool (Waiman Long) [RHEL-83897] +- x86/microcode/AMD: Return bool from find_blobs_in_containers() (Waiman Long) [RHEL-83897] +- x86/microcode/AMD: Flush patch buffer mapping after application (Waiman Long) [RHEL-83897] +- x86/CPU/AMD: Terminate the erratum_1386_microcode array (Waiman Long) [RHEL-83897] {CVE-2024-56721} +- x86/mm: Carve out INVLPG inline asm for use by others (Waiman Long) [RHEL-83897] +- x86/cpu: Fix formatting of cpuid_bits[] in scattered.c (Waiman Long) [RHEL-83897] +- x86/cpufeatures: Add X86_FEATURE_AMD_WORKLOAD_CLASS feature bit (Waiman Long) [RHEL-83897] +- x86/microcode/AMD: Split load_microcode_amd() (Waiman Long) [RHEL-83897] +- x86/microcode/AMD: Pay attention to the stepping dynamically (Waiman Long) [RHEL-83897] +- x86/bugs: Use code segment selector for VERW operand (Waiman Long) [RHEL-83897] {CVE-2024-50072} +- x86/microcode/AMD: Fix a -Wsometimes-uninitialized clang false positive (Waiman Long) [RHEL-83897] +- x86/microcode/AMD: Use the family,model,stepping encoded in the patch ID (Waiman Long) [RHEL-83897] +- x86/CPU/AMD: Improve the erratum 1386 workaround (Waiman Long) [RHEL-83897] +- x86: Add a comment about the "magic" behind shadow sti before mwait (Waiman Long) [RHEL-83897] +- x86/bugs: Revert "Reverse instruction order of CLEAR_CPU_BUFFERS" (Waiman Long) [RHEL-83897] +- scsi: mpt3sas: Fix a fw_event memory leak (Tomas Henzl) [RHEL-108656] +- Revert "drm/gem-dma: Use dma_buf from GEM object instance" (Robert Foss) [RHEL-106696] +- Revert "drm/gem-framebuffer: Use dma_buf from GEM object instance" (Robert Foss) [RHEL-106696] +- Revert "drm/prime: Use dma_buf from GEM object instance" (Robert Foss) [RHEL-106696] +- drm/framebuffer: Acquire internal references on GEM handles (Robert Foss) [RHEL-106696] +- drm/gem: Acquire references on GEM handles for framebuffers (CKI Backport Bot) [RHEL-106696] {CVE-2025-38449} +- Revert "e1000e: change k1 configuration on MTP and later platforms" (Michal Schmidt) [RHEL-110519] + * Fri Aug 22 2025 Jarod Wilson [5.14.0-611.el9] - HID: wacom: fix crash in wacom_aes_battery_handler() (Benjamin Tissoires) [RHEL-102058] - HID: wacom: fix kobject reference count leak (Benjamin Tissoires) [RHEL-102058]