From 0b8c8dc8b68c4ba18471737a739d290d2805868d Mon Sep 17 00:00:00 2001
From: Augusto Caringi <acaringi@redhat.com>
Date: Wed, 21 May 2025 19:11:47 -0300
Subject: [PATCH] kernel-5.14.0-587.el9

* Wed May 21 2025 Augusto Caringi <acaringi@redhat.com> [5.14.0-587.el9]
- af_unix: Set sk->sk_state under unix_state_lock() for truly disconencted peer. (Davide Caratti) [RHEL-84598]
- net/af_packet: check len when min_header_len equals to 0 (Davide Caratti) [RHEL-84598]
- af_packet: fix vlan_get_protocol_dgram() vs MSG_PEEK (Davide Caratti) [RHEL-84598] {CVE-2024-57901}
- af_packet: fix vlan_get_tci() vs MSG_PEEK (Davide Caratti) [RHEL-84598] {CVE-2024-57902}
- af_packet: Handle outgoing VLAN packets without hardware offloading (Davide Caratti) [RHEL-84598]
- perf trace: Add missing perf_tool__init() (Anubhav Shelat) [RHEL-83634]
- scsi: iscsi: Fix missing scsi_host_put() in error path (Chris Leech) [RHEL-90552]
- scsi: iscsi: Fix redundant response for ISCSI_UEVENT_GET_HOST_STATS request (Chris Leech) [RHEL-90552]
- scsi: iscsi: Remove unused iscsi_create_session() (Chris Leech) [RHEL-90552]
- scsi: qedi: Use kthread_create_on_cpu() (Chris Leech) [RHEL-90552]
- scsi: bnx2i: Use kthread_create_on_cpu() (Chris Leech) [RHEL-90552]
- scsi: qedi: Fix a possible memory leak in qedi_alloc_and_init_sb() (Chris Leech) [RHEL-90552]
- Revert "mm: kmemleak: alloc gray object for reserved region with direct map" (Luiz Capitulino) [RHEL-75156]
- cifs: Fix integer overflow while processing closetimeo mount option (CKI Backport Bot) [RHEL-87899] {CVE-2025-21962}
- cifs: Fix integer overflow while processing acregmax mount option (CKI Backport Bot) [RHEL-87920] {CVE-2025-21964}
- net: fix geneve_opt length integer overflow (CKI Backport Bot) [RHEL-87973] {CVE-2025-22055}
- RDMA/core: Silence oversized kvmalloc() warning (Kamal Heib) [RHEL-75591]
- RDMA/cma: Fix workqueue crash in cma_netevent_work_handler (Kamal Heib) [RHEL-75591]
- RDMA/ucaps: Avoid format-security warning (Kamal Heib) [RHEL-75591]
- IB/mad: Check available slots before posting receive WRs (Kamal Heib) [RHEL-75591]
- RDMA/core: Pass port to counter bind/unbind operations (Kamal Heib) [RHEL-75591]
- RDMA/core: Add support to optional-counters binding configuration (Kamal Heib) [RHEL-75591]
- RDMA/core: Create and destroy rdma_counter using rdma_zalloc_drv_obj() (Kamal Heib) [RHEL-75591]
- RDMA/core: Fix use-after-free when rename device name (Kamal Heib) [RHEL-75591]
- RDMA/uverbs: Propagate errors from rdma_lookup_get_uobject() (Kamal Heib) [RHEL-75591]
- docs: infiniband: document the UCAP API (Kamal Heib) [RHEL-75591]
- RDMA/uverbs: Add support for UCAPs in context creation (Kamal Heib) [RHEL-75591]
- RDMA/uverbs: Introduce UCAP (User CAPabilities) API (Kamal Heib) [RHEL-75591]
- RDMA/core: Fixes infiniband sysctl bounds (Kamal Heib) [RHEL-75591]
- RDMA/core: Don't expose hw_counters outside of init net namespace (Kamal Heib) [RHEL-75591]
- RDMA/core: Fix best page size finding when it can cross SG entries (Kamal Heib) [RHEL-75591]
- IB/iser: fix typos in iscsi_iser.c comments (Kamal Heib) [RHEL-75591]
- RDMA/core: Use ib_port_state_to_str() for IB state sysfs (Kamal Heib) [RHEL-75591]
- IB/cache: Add log messages for IB device state changes (Kamal Heib) [RHEL-75591]
- ext4: avoid writing unitialized memory to disk in EA inodes (Brian Foster) [RHEL-86510]
- ext4: don't track ranges in fast_commit if inode has inlined data (Brian Foster) [RHEL-86510]
- ext4: fix possible tid_t sequence overflows (Brian Foster) [RHEL-86510]
- ext4: use ext4_update_inode_fsync_trans() helper in inode creation (Brian Foster) [RHEL-86510]
- ext4: use memtostr_pad() for s_volume_name (Brian Foster) [RHEL-86510]
- ext4: warn if delalloc counters are not zero on inactive (Brian Foster) [RHEL-86510]
- ext4: check the extent status again before inserting delalloc block (Brian Foster) [RHEL-86510]
- ext4: factor out a common helper to query extent map (Brian Foster) [RHEL-86510]
- ext4: correct the hole length returned by ext4_map_blocks() (Brian Foster) [RHEL-86510]
- ext4: convert to exclusive lock while inserting delalloc extents (Brian Foster) [RHEL-86510]
- ext4: refactor ext4_da_map_blocks() (Brian Foster) [RHEL-86510]
- ext4: propagate errors from ext4_sb_bread() in ext4_xattr_block_cache_find() (Brian Foster) [RHEL-86510]
- jbd2: remove redundant assignement to variable err (Brian Foster) [RHEL-86510]
- ext4: remove the redundant folio_wait_stable() (Brian Foster) [RHEL-86510]
- ext4: fix potential unnitialized variable (Brian Foster) [RHEL-86510]
- ext4: remove block_device_ejected() (Brian Foster) [RHEL-86510]
- ext4: keep "prefetch_grp" and "nr" consistent (Brian Foster) [RHEL-86510]
- ext4: replace deprecated strncpy with alternatives (Brian Foster) [RHEL-86510]
- ext4: clean up s_mb_rb_lock to fix build warnings with C=1 (Brian Foster) [RHEL-86510]
- ext4: set the type of max_zeroout to unsigned int to avoid overflow (Brian Foster) [RHEL-86510]
- ext4: set type of ac_groups_linear_remaining to __u32 to avoid overflow (Brian Foster) [RHEL-86510]
- ext4: refactor out ext4_generic_attr_show() (Brian Foster) [RHEL-86510]
- ext4: refactor out ext4_generic_attr_store() (Brian Foster) [RHEL-86510]
- ext4: avoid overflow when setting values via sysfs (Brian Foster) [RHEL-86510]
- ext4: avoid excessive credit estimate in ext4_tmpfile() (Brian Foster) [RHEL-86510]
- ext4: remove unneeded if checks before kfree (Brian Foster) [RHEL-86510]
- ext4: set FMODE_CAN_ODIRECT instead of a dummy direct_IO method (Brian Foster) [RHEL-86510]
- security/keys: fix slab-out-of-bounds in key_task_permission (CKI Backport Bot) [RHEL-83380] {CVE-2024-50301}
- tracing/histograms: Fix memory leak problem (CKI Backport Bot) [RHEL-81008] {CVE-2022-49648}
- iommu/arm-smmu-v3: Fix pgsize_bit for sva domains (Marcin Juszkiewicz) [RHEL-92493]
- redhat: add test_klp_kprobe to mod-internal.list (Denis Aleksandrov) [RHEL-90828]
- vfio/pci: Align huge faults to order (Alex Williamson) [RHEL-89689]
- misc: sgi-gru: fix use-after-free error in gru_set_context_option, gru_fault and gru_handle_user_call_os (David Arcari) [RHEL-87253] {CVE-2022-3424}
- x86/uaccess: Improve performance by aligning writes to 8 bytes in copy_user_generic(), on non-FSRM/ERMS CPUs (Herton R. Krzesinski) [RHEL-74389]
- x86: bring back rep movsq for user access on CPUs without ERMS (Herton R. Krzesinski) [RHEL-74389]
- io_uring: prevent opcode speculation (CKI Backport Bot) [RHEL-83230] {CVE-2025-21863}
Resolves: RHEL-74389, RHEL-75156, RHEL-75591, RHEL-81008, RHEL-83230, RHEL-83380, RHEL-83634, RHEL-84598, RHEL-86510, RHEL-87253, RHEL-87899, RHEL-87920, RHEL-87973, RHEL-89689, RHEL-90552, RHEL-90828, RHEL-92493

Signed-off-by: Augusto Caringi <acaringi@redhat.com>
---
 Makefile.rhelver  |  2 +-
 kernel.changelog  | 73 ++++++++++++++++++++++++++++++++++++++++++
 kernel.spec       | 80 ++++++++++++++++++++++++++++++++++++++++++++---
 mod-internal.list |  1 +
 sources           |  6 ++--
 5 files changed, 154 insertions(+), 8 deletions(-)

diff --git a/Makefile.rhelver b/Makefile.rhelver
index e1dc80161..58cb6e53f 100644
--- a/Makefile.rhelver
+++ b/Makefile.rhelver
@@ -12,7 +12,7 @@ RHEL_MINOR = 7
 #
 # Use this spot to avoid future merge conflicts.
 # Do not trim this comment.
-RHEL_RELEASE = 586
+RHEL_RELEASE = 587
 
 #
 # ZSTREAM
diff --git a/kernel.changelog b/kernel.changelog
index b630f88d5..c8d082a75 100644
--- a/kernel.changelog
+++ b/kernel.changelog
@@ -1,3 +1,76 @@
+* Wed May 21 2025 Augusto Caringi <acaringi@redhat.com> [5.14.0-587.el9]
+- af_unix: Set sk->sk_state under unix_state_lock() for truly disconencted peer. (Davide Caratti) [RHEL-84598]
+- net/af_packet: check len when min_header_len equals to 0 (Davide Caratti) [RHEL-84598]
+- af_packet: fix vlan_get_protocol_dgram() vs MSG_PEEK (Davide Caratti) [RHEL-84598] {CVE-2024-57901}
+- af_packet: fix vlan_get_tci() vs MSG_PEEK (Davide Caratti) [RHEL-84598] {CVE-2024-57902}
+- af_packet: Handle outgoing VLAN packets without hardware offloading (Davide Caratti) [RHEL-84598]
+- perf trace: Add missing perf_tool__init() (Anubhav Shelat) [RHEL-83634]
+- scsi: iscsi: Fix missing scsi_host_put() in error path (Chris Leech) [RHEL-90552]
+- scsi: iscsi: Fix redundant response for ISCSI_UEVENT_GET_HOST_STATS request (Chris Leech) [RHEL-90552]
+- scsi: iscsi: Remove unused iscsi_create_session() (Chris Leech) [RHEL-90552]
+- scsi: qedi: Use kthread_create_on_cpu() (Chris Leech) [RHEL-90552]
+- scsi: bnx2i: Use kthread_create_on_cpu() (Chris Leech) [RHEL-90552]
+- scsi: qedi: Fix a possible memory leak in qedi_alloc_and_init_sb() (Chris Leech) [RHEL-90552]
+- Revert "mm: kmemleak: alloc gray object for reserved region with direct map" (Luiz Capitulino) [RHEL-75156]
+- cifs: Fix integer overflow while processing closetimeo mount option (CKI Backport Bot) [RHEL-87899] {CVE-2025-21962}
+- cifs: Fix integer overflow while processing acregmax mount option (CKI Backport Bot) [RHEL-87920] {CVE-2025-21964}
+- net: fix geneve_opt length integer overflow (CKI Backport Bot) [RHEL-87973] {CVE-2025-22055}
+- RDMA/core: Silence oversized kvmalloc() warning (Kamal Heib) [RHEL-75591]
+- RDMA/cma: Fix workqueue crash in cma_netevent_work_handler (Kamal Heib) [RHEL-75591]
+- RDMA/ucaps: Avoid format-security warning (Kamal Heib) [RHEL-75591]
+- IB/mad: Check available slots before posting receive WRs (Kamal Heib) [RHEL-75591]
+- RDMA/core: Pass port to counter bind/unbind operations (Kamal Heib) [RHEL-75591]
+- RDMA/core: Add support to optional-counters binding configuration (Kamal Heib) [RHEL-75591]
+- RDMA/core: Create and destroy rdma_counter using rdma_zalloc_drv_obj() (Kamal Heib) [RHEL-75591]
+- RDMA/core: Fix use-after-free when rename device name (Kamal Heib) [RHEL-75591]
+- RDMA/uverbs: Propagate errors from rdma_lookup_get_uobject() (Kamal Heib) [RHEL-75591]
+- docs: infiniband: document the UCAP API (Kamal Heib) [RHEL-75591]
+- RDMA/uverbs: Add support for UCAPs in context creation (Kamal Heib) [RHEL-75591]
+- RDMA/uverbs: Introduce UCAP (User CAPabilities) API (Kamal Heib) [RHEL-75591]
+- RDMA/core: Fixes infiniband sysctl bounds (Kamal Heib) [RHEL-75591]
+- RDMA/core: Don't expose hw_counters outside of init net namespace (Kamal Heib) [RHEL-75591]
+- RDMA/core: Fix best page size finding when it can cross SG entries (Kamal Heib) [RHEL-75591]
+- IB/iser: fix typos in iscsi_iser.c comments (Kamal Heib) [RHEL-75591]
+- RDMA/core: Use ib_port_state_to_str() for IB state sysfs (Kamal Heib) [RHEL-75591]
+- IB/cache: Add log messages for IB device state changes (Kamal Heib) [RHEL-75591]
+- ext4: avoid writing unitialized memory to disk in EA inodes (Brian Foster) [RHEL-86510]
+- ext4: don't track ranges in fast_commit if inode has inlined data (Brian Foster) [RHEL-86510]
+- ext4: fix possible tid_t sequence overflows (Brian Foster) [RHEL-86510]
+- ext4: use ext4_update_inode_fsync_trans() helper in inode creation (Brian Foster) [RHEL-86510]
+- ext4: use memtostr_pad() for s_volume_name (Brian Foster) [RHEL-86510]
+- ext4: warn if delalloc counters are not zero on inactive (Brian Foster) [RHEL-86510]
+- ext4: check the extent status again before inserting delalloc block (Brian Foster) [RHEL-86510]
+- ext4: factor out a common helper to query extent map (Brian Foster) [RHEL-86510]
+- ext4: correct the hole length returned by ext4_map_blocks() (Brian Foster) [RHEL-86510]
+- ext4: convert to exclusive lock while inserting delalloc extents (Brian Foster) [RHEL-86510]
+- ext4: refactor ext4_da_map_blocks() (Brian Foster) [RHEL-86510]
+- ext4: propagate errors from ext4_sb_bread() in ext4_xattr_block_cache_find() (Brian Foster) [RHEL-86510]
+- jbd2: remove redundant assignement to variable err (Brian Foster) [RHEL-86510]
+- ext4: remove the redundant folio_wait_stable() (Brian Foster) [RHEL-86510]
+- ext4: fix potential unnitialized variable (Brian Foster) [RHEL-86510]
+- ext4: remove block_device_ejected() (Brian Foster) [RHEL-86510]
+- ext4: keep "prefetch_grp" and "nr" consistent (Brian Foster) [RHEL-86510]
+- ext4: replace deprecated strncpy with alternatives (Brian Foster) [RHEL-86510]
+- ext4: clean up s_mb_rb_lock to fix build warnings with C=1 (Brian Foster) [RHEL-86510]
+- ext4: set the type of max_zeroout to unsigned int to avoid overflow (Brian Foster) [RHEL-86510]
+- ext4: set type of ac_groups_linear_remaining to __u32 to avoid overflow (Brian Foster) [RHEL-86510]
+- ext4: refactor out ext4_generic_attr_show() (Brian Foster) [RHEL-86510]
+- ext4: refactor out ext4_generic_attr_store() (Brian Foster) [RHEL-86510]
+- ext4: avoid overflow when setting values via sysfs (Brian Foster) [RHEL-86510]
+- ext4: avoid excessive credit estimate in ext4_tmpfile() (Brian Foster) [RHEL-86510]
+- ext4: remove unneeded if checks before kfree (Brian Foster) [RHEL-86510]
+- ext4: set FMODE_CAN_ODIRECT instead of a dummy direct_IO method (Brian Foster) [RHEL-86510]
+- security/keys: fix slab-out-of-bounds in key_task_permission (CKI Backport Bot) [RHEL-83380] {CVE-2024-50301}
+- tracing/histograms: Fix memory leak problem (CKI Backport Bot) [RHEL-81008] {CVE-2022-49648}
+- iommu/arm-smmu-v3: Fix pgsize_bit for sva domains (Marcin Juszkiewicz) [RHEL-92493]
+- redhat: add test_klp_kprobe to mod-internal.list (Denis Aleksandrov) [RHEL-90828]
+- vfio/pci: Align huge faults to order (Alex Williamson) [RHEL-89689]
+- misc: sgi-gru: fix use-after-free error in gru_set_context_option, gru_fault and gru_handle_user_call_os (David Arcari) [RHEL-87253] {CVE-2022-3424}
+- x86/uaccess: Improve performance by aligning writes to 8 bytes in copy_user_generic(), on non-FSRM/ERMS CPUs (Herton R. Krzesinski) [RHEL-74389]
+- x86: bring back rep movsq for user access on CPUs without ERMS (Herton R. Krzesinski) [RHEL-74389]
+- io_uring: prevent opcode speculation (CKI Backport Bot) [RHEL-83230] {CVE-2025-21863}
+Resolves: RHEL-74389, RHEL-75156, RHEL-75591, RHEL-81008, RHEL-83230, RHEL-83380, RHEL-83634, RHEL-84598, RHEL-86510, RHEL-87253, RHEL-87899, RHEL-87920, RHEL-87973, RHEL-89689, RHEL-90552, RHEL-90828, RHEL-92493
+
 * Mon May 19 2025 Augusto Caringi <acaringi@redhat.com> [5.14.0-586.el9]
 - net: introduce per netns packet chains (Paolo Abeni) [RHEL-88921]
 - nvme: enable CONFIG_NVME_KEYRING (Maurizio Lombardi) [RHEL-72531]
diff --git a/kernel.spec b/kernel.spec
index 13cdf961c..ef4ed8311 100755
--- a/kernel.spec
+++ b/kernel.spec
@@ -165,15 +165,15 @@ Summary: The Linux kernel
 # define buildid .local
 %define specversion 5.14.0
 %define patchversion 5.14
-%define pkgrelease 586
+%define pkgrelease 587
 %define kversion 5
-%define tarfile_release 5.14.0-586.el9
+%define tarfile_release 5.14.0-587.el9
 # This is needed to do merge window version magic
 %define patchlevel 14
 # This allows pkg_release to have configurable %%{?dist} tag
-%define specrelease 586%{?buildid}%{?dist}
+%define specrelease 587%{?buildid}%{?dist}
 # This defines the kabi tarball version
-%define kabiversion 5.14.0-586.el9
+%define kabiversion 5.14.0-587.el9
 
 #
 # End of genspec.sh variables
@@ -3666,6 +3666,78 @@ fi
 #
 #
 %changelog
+* Wed May 21 2025 Augusto Caringi <acaringi@redhat.com> [5.14.0-587.el9]
+- af_unix: Set sk->sk_state under unix_state_lock() for truly disconencted peer. (Davide Caratti) [RHEL-84598]
+- net/af_packet: check len when min_header_len equals to 0 (Davide Caratti) [RHEL-84598]
+- af_packet: fix vlan_get_protocol_dgram() vs MSG_PEEK (Davide Caratti) [RHEL-84598] {CVE-2024-57901}
+- af_packet: fix vlan_get_tci() vs MSG_PEEK (Davide Caratti) [RHEL-84598] {CVE-2024-57902}
+- af_packet: Handle outgoing VLAN packets without hardware offloading (Davide Caratti) [RHEL-84598]
+- perf trace: Add missing perf_tool__init() (Anubhav Shelat) [RHEL-83634]
+- scsi: iscsi: Fix missing scsi_host_put() in error path (Chris Leech) [RHEL-90552]
+- scsi: iscsi: Fix redundant response for ISCSI_UEVENT_GET_HOST_STATS request (Chris Leech) [RHEL-90552]
+- scsi: iscsi: Remove unused iscsi_create_session() (Chris Leech) [RHEL-90552]
+- scsi: qedi: Use kthread_create_on_cpu() (Chris Leech) [RHEL-90552]
+- scsi: bnx2i: Use kthread_create_on_cpu() (Chris Leech) [RHEL-90552]
+- scsi: qedi: Fix a possible memory leak in qedi_alloc_and_init_sb() (Chris Leech) [RHEL-90552]
+- Revert "mm: kmemleak: alloc gray object for reserved region with direct map" (Luiz Capitulino) [RHEL-75156]
+- cifs: Fix integer overflow while processing closetimeo mount option (CKI Backport Bot) [RHEL-87899] {CVE-2025-21962}
+- cifs: Fix integer overflow while processing acregmax mount option (CKI Backport Bot) [RHEL-87920] {CVE-2025-21964}
+- net: fix geneve_opt length integer overflow (CKI Backport Bot) [RHEL-87973] {CVE-2025-22055}
+- RDMA/core: Silence oversized kvmalloc() warning (Kamal Heib) [RHEL-75591]
+- RDMA/cma: Fix workqueue crash in cma_netevent_work_handler (Kamal Heib) [RHEL-75591]
+- RDMA/ucaps: Avoid format-security warning (Kamal Heib) [RHEL-75591]
+- IB/mad: Check available slots before posting receive WRs (Kamal Heib) [RHEL-75591]
+- RDMA/core: Pass port to counter bind/unbind operations (Kamal Heib) [RHEL-75591]
+- RDMA/core: Add support to optional-counters binding configuration (Kamal Heib) [RHEL-75591]
+- RDMA/core: Create and destroy rdma_counter using rdma_zalloc_drv_obj() (Kamal Heib) [RHEL-75591]
+- RDMA/core: Fix use-after-free when rename device name (Kamal Heib) [RHEL-75591]
+- RDMA/uverbs: Propagate errors from rdma_lookup_get_uobject() (Kamal Heib) [RHEL-75591]
+- docs: infiniband: document the UCAP API (Kamal Heib) [RHEL-75591]
+- RDMA/uverbs: Add support for UCAPs in context creation (Kamal Heib) [RHEL-75591]
+- RDMA/uverbs: Introduce UCAP (User CAPabilities) API (Kamal Heib) [RHEL-75591]
+- RDMA/core: Fixes infiniband sysctl bounds (Kamal Heib) [RHEL-75591]
+- RDMA/core: Don't expose hw_counters outside of init net namespace (Kamal Heib) [RHEL-75591]
+- RDMA/core: Fix best page size finding when it can cross SG entries (Kamal Heib) [RHEL-75591]
+- IB/iser: fix typos in iscsi_iser.c comments (Kamal Heib) [RHEL-75591]
+- RDMA/core: Use ib_port_state_to_str() for IB state sysfs (Kamal Heib) [RHEL-75591]
+- IB/cache: Add log messages for IB device state changes (Kamal Heib) [RHEL-75591]
+- ext4: avoid writing unitialized memory to disk in EA inodes (Brian Foster) [RHEL-86510]
+- ext4: don't track ranges in fast_commit if inode has inlined data (Brian Foster) [RHEL-86510]
+- ext4: fix possible tid_t sequence overflows (Brian Foster) [RHEL-86510]
+- ext4: use ext4_update_inode_fsync_trans() helper in inode creation (Brian Foster) [RHEL-86510]
+- ext4: use memtostr_pad() for s_volume_name (Brian Foster) [RHEL-86510]
+- ext4: warn if delalloc counters are not zero on inactive (Brian Foster) [RHEL-86510]
+- ext4: check the extent status again before inserting delalloc block (Brian Foster) [RHEL-86510]
+- ext4: factor out a common helper to query extent map (Brian Foster) [RHEL-86510]
+- ext4: correct the hole length returned by ext4_map_blocks() (Brian Foster) [RHEL-86510]
+- ext4: convert to exclusive lock while inserting delalloc extents (Brian Foster) [RHEL-86510]
+- ext4: refactor ext4_da_map_blocks() (Brian Foster) [RHEL-86510]
+- ext4: propagate errors from ext4_sb_bread() in ext4_xattr_block_cache_find() (Brian Foster) [RHEL-86510]
+- jbd2: remove redundant assignement to variable err (Brian Foster) [RHEL-86510]
+- ext4: remove the redundant folio_wait_stable() (Brian Foster) [RHEL-86510]
+- ext4: fix potential unnitialized variable (Brian Foster) [RHEL-86510]
+- ext4: remove block_device_ejected() (Brian Foster) [RHEL-86510]
+- ext4: keep "prefetch_grp" and "nr" consistent (Brian Foster) [RHEL-86510]
+- ext4: replace deprecated strncpy with alternatives (Brian Foster) [RHEL-86510]
+- ext4: clean up s_mb_rb_lock to fix build warnings with C=1 (Brian Foster) [RHEL-86510]
+- ext4: set the type of max_zeroout to unsigned int to avoid overflow (Brian Foster) [RHEL-86510]
+- ext4: set type of ac_groups_linear_remaining to __u32 to avoid overflow (Brian Foster) [RHEL-86510]
+- ext4: refactor out ext4_generic_attr_show() (Brian Foster) [RHEL-86510]
+- ext4: refactor out ext4_generic_attr_store() (Brian Foster) [RHEL-86510]
+- ext4: avoid overflow when setting values via sysfs (Brian Foster) [RHEL-86510]
+- ext4: avoid excessive credit estimate in ext4_tmpfile() (Brian Foster) [RHEL-86510]
+- ext4: remove unneeded if checks before kfree (Brian Foster) [RHEL-86510]
+- ext4: set FMODE_CAN_ODIRECT instead of a dummy direct_IO method (Brian Foster) [RHEL-86510]
+- security/keys: fix slab-out-of-bounds in key_task_permission (CKI Backport Bot) [RHEL-83380] {CVE-2024-50301}
+- tracing/histograms: Fix memory leak problem (CKI Backport Bot) [RHEL-81008] {CVE-2022-49648}
+- iommu/arm-smmu-v3: Fix pgsize_bit for sva domains (Marcin Juszkiewicz) [RHEL-92493]
+- redhat: add test_klp_kprobe to mod-internal.list (Denis Aleksandrov) [RHEL-90828]
+- vfio/pci: Align huge faults to order (Alex Williamson) [RHEL-89689]
+- misc: sgi-gru: fix use-after-free error in gru_set_context_option, gru_fault and gru_handle_user_call_os (David Arcari) [RHEL-87253] {CVE-2022-3424}
+- x86/uaccess: Improve performance by aligning writes to 8 bytes in copy_user_generic(), on non-FSRM/ERMS CPUs (Herton R. Krzesinski) [RHEL-74389]
+- x86: bring back rep movsq for user access on CPUs without ERMS (Herton R. Krzesinski) [RHEL-74389]
+- io_uring: prevent opcode speculation (CKI Backport Bot) [RHEL-83230] {CVE-2025-21863}
+
 * Mon May 19 2025 Augusto Caringi <acaringi@redhat.com> [5.14.0-586.el9]
 - net: introduce per netns packet chains (Paolo Abeni) [RHEL-88921]
 - nvme: enable CONFIG_NVME_KEYRING (Maurizio Lombardi) [RHEL-72531]
diff --git a/mod-internal.list b/mod-internal.list
index 8c747ae3d..8d861e386 100644
--- a/mod-internal.list
+++ b/mod-internal.list
@@ -38,6 +38,7 @@ test_klp_callbacks_demo
 test_klp_callbacks_demo2
 test_klp_callbacks_busy
 test_klp_callbacks_mod
+test_klp_kprobe
 test_klp_livepatch
 test_klp_shadow_vars
 test_klp_syscall
diff --git a/sources b/sources
index a47dc8ad8..d2a7e3ae6 100644
--- a/sources
+++ b/sources
@@ -1,3 +1,3 @@
-SHA512 (linux-5.14.0-586.el9.tar.xz) = 23b3e692608a5a5ee43183bc783b509d80217e3c4b737cb104edc144eb3be6e6ef73ca67fb23313cb7f253bad011f1c608f8a5e51efe0da5e3d9c83d0f04d147
-SHA512 (kernel-abi-stablelists-5.14.0-586.el9.tar.bz2) = 20e18a50e2c93710fd6dbbf9c8a8b8787f15fa43eeff7d8b226795d464d73194d54418f318d45a2b1c70f73c617eb2bc0eb1c1885f8c54d8aef39a65fd7a6620
-SHA512 (kernel-kabi-dw-5.14.0-586.el9.tar.bz2) = fdc1585f269b6aef07f21b0772899224a158799e77cc1d8cd4b143fc4d1aeaf3c0165be543c3f28c3cd4879160bdb7c16ad3382183d896136650e204fa50fe27
+SHA512 (linux-5.14.0-587.el9.tar.xz) = b556092785b559089de65b2169d179111272b5a02d880f1c3c8705425398da94f634faecc26c504d53768cc5159ec25dc02da6723cd89624e1ddab892df29c31
+SHA512 (kernel-abi-stablelists-5.14.0-587.el9.tar.bz2) = 8ad7da9a96f37288aeed0562eb2656373cd3c2a632c9f0bca305dff2d1828f2db6ff848d8480ee713ee6f9ab232a3e88712f676950e0dba5c14c2b4167ebb1c3
+SHA512 (kernel-kabi-dw-5.14.0-587.el9.tar.bz2) = fdc1585f269b6aef07f21b0772899224a158799e77cc1d8cd4b143fc4d1aeaf3c0165be543c3f28c3cd4879160bdb7c16ad3382183d896136650e204fa50fe27