From 1339c7506dc27f5c23561c6cce7a85f034eea514 Mon Sep 17 00:00:00 2001
From: AlmaLinux RelEng Bot <eabdullin@almalinux.org>
Date: Fri, 19 Jun 2026 13:42:03 -0400
Subject: [PATCH] import CS git kernel-4.18.0-553.136.1.el8_10

---
 .gitignore        |  2 +-
 .kernel.metadata  |  6 +++---
 SPECS/kernel.spec | 21 +++++++++++++++++++--
 3 files changed, 23 insertions(+), 6 deletions(-)

diff --git a/.gitignore b/.gitignore
index 030c2a7f4..4ef082578 100644
--- a/.gitignore
+++ b/.gitignore
@@ -2,7 +2,7 @@ SOURCES/centossecureboot201.cer
 SOURCES/centossecurebootca2.cer
 SOURCES/kernel-abi-stablelists-4.18.0-553.tar.bz2
 SOURCES/kernel-kabi-dw-4.18.0-553.tar.bz2
-SOURCES/linux-4.18.0-553.134.1.el8_10.tar.xz
+SOURCES/linux-4.18.0-553.136.1.el8_10.tar.xz
 SOURCES/redhatsecureboot302.cer
 SOURCES/redhatsecureboot303.cer
 SOURCES/redhatsecureboot501.cer
diff --git a/.kernel.metadata b/.kernel.metadata
index 78ab5e82f..1ce3a8751 100644
--- a/.kernel.metadata
+++ b/.kernel.metadata
@@ -1,8 +1,8 @@
 2ba40bf9138b48311e5aa1b737b7f0a8ad66066f SOURCES/centossecureboot201.cer
 bfdb3d7cffc43f579655af5155d50c08671d95e5 SOURCES/centossecurebootca2.cer
-555e8d28360ec2a118580350ee28c4cc847e1873 SOURCES/kernel-abi-stablelists-4.18.0-553.tar.bz2
-2cddcac3082705211d8cb9c0ee49b8122c5740a8 SOURCES/kernel-kabi-dw-4.18.0-553.tar.bz2
-2fed2ec6a633bdffed75a405cf3547ce40b5be24 SOURCES/linux-4.18.0-553.134.1.el8_10.tar.xz
+a5326803e0dbf4c80d7f51725008c49be53e103c SOURCES/kernel-abi-stablelists-4.18.0-553.tar.bz2
+cea2a2edb1e0c93be150cba27929ad19acf709c3 SOURCES/kernel-kabi-dw-4.18.0-553.tar.bz2
+8b8aeeb1d7548da0c52c160339589bcdd50ab930 SOURCES/linux-4.18.0-553.136.1.el8_10.tar.xz
 13e5cd3f856b472fde80a4deb75f4c18dfb5b255 SOURCES/redhatsecureboot302.cer
 e89890ca0ded2f9058651cc5fa838b78db2e6cc2 SOURCES/redhatsecureboot303.cer
 ba0b760e594ff668ee72ae348adf3e49b97f75fb SOURCES/redhatsecureboot501.cer
diff --git a/SPECS/kernel.spec b/SPECS/kernel.spec
index c2db6e69a..9f0c20f68 100644
--- a/SPECS/kernel.spec
+++ b/SPECS/kernel.spec
@@ -38,10 +38,10 @@
 # define buildid .local
 
 %define specversion 4.18.0
-%define pkgrelease 553.134.1.el8_10
+%define pkgrelease 553.136.1.el8_10
 
 # allow pkg_release to have configurable %%{?dist} tag
-%define specrelease 553.134.1%{?dist}
+%define specrelease 553.136.1%{?dist}
 
 %define pkg_release %{specrelease}%{?buildid}
 
@@ -2707,6 +2707,23 @@ fi
 #
 #
 %changelog
+* Thu Jun 18 2026 CKI KWF Bot <cki-ci-bot+kwf-gitlab-com@redhat.com> [4.18.0-553.136.1.el8_10]
+- net/sched: fix pedit partial COW leading to page cache corruption (Ivan Vecera) [RHEL-177582] {CVE-2026-46331}
+- net/sched: act_pedit: free pedit keys on bail from offset check (Ivan Vecera) [RHEL-177582] {CVE-2026-46331}
+- net/sched: act_pedit: rate limit datapath messages (Ivan Vecera) [RHEL-177582] {CVE-2026-46331}
+- net/sched: act_pedit: remove extra check for key type (Ivan Vecera) [RHEL-177582] {CVE-2026-46331}
+- net/sched: act_pedit: check static offsets a priori (Ivan Vecera) [RHEL-177582] {CVE-2026-46331}
+- nvmet-tcp: fix race between ICReq handling and queue teardown (Chris Leech) [RHEL-180103] {CVE-2026-46135}
+- net: mana: fix use-after-free in add_adev() error path (CKI Backport Bot) [RHEL-172764] {CVE-2026-43056}
+
+* Wed Jun 17 2026 CKI KWF Bot <cki-ci-bot+kwf-gitlab-com@redhat.com> [4.18.0-553.135.1.el8_10]
+- drm/amd/display: Do not skip unrelated mode changes in DSC validation (José Expósito) [RHEL-178825] {CVE-2026-31488}
+- sched/deadline: Fix missing ENQUEUE_REPLENISH during PI de-boosting (Juri Lelli) [RHEL-178520]
+- RDMA/mana_ib: Validate rx_hash_key_len to prevent buffer overflow (Gaurav Goklani) [RHEL-180089] {CVE-2026-46145}
+- ALSA: aloop: Fix peer runtime UAF during format-change stop (Jaroslav Kysela) [RHEL-179304] {CVE-2026-46090}
+- ALSA: usb-audio: Add sanity check for OOB writes at silencing (CKI Backport Bot) [RHEL-173939] {CVE-2026-43279}
+- net: bonding: fix use-after-free in bond_xmit_broadcast() (Xin Long) [RHEL-168063] {CVE-2026-31419}
+
 * Fri Jun 12 2026 CKI KWF Bot <cki-ci-bot+kwf-gitlab-com@redhat.com> [4.18.0-553.134.1.el8_10]
 - wifi: mac80211: remove station if connection prep fails (Jose Ignacio Tornos Martinez) [RHEL-180120] {CVE-2026-46125}
 - wifi: mac80211: drop stray 'static' from fast-RX rx_result (CKI Backport Bot) [RHEL-180058] {CVE-2026-46152}