diff --git a/.gitignore b/.gitignore index c70d6e14f..156b82f49 100644 --- a/.gitignore +++ b/.gitignore @@ -2,7 +2,7 @@ SOURCES/centossecureboot201.cer SOURCES/centossecurebootca2.cer SOURCES/kernel-abi-stablelists-4.18.0-553.tar.bz2 SOURCES/kernel-kabi-dw-4.18.0-553.tar.bz2 -SOURCES/linux-4.18.0-553.8.1.el8_10.tar.xz +SOURCES/linux-4.18.0-553.12.1.el8_10.tar.xz SOURCES/redhatsecureboot302.cer SOURCES/redhatsecureboot303.cer SOURCES/redhatsecureboot501.cer diff --git a/.kernel.metadata b/.kernel.metadata index 47c4030a9..72a058dec 100644 --- a/.kernel.metadata +++ b/.kernel.metadata @@ -1,8 +1,8 @@ 2ba40bf9138b48311e5aa1b737b7f0a8ad66066f SOURCES/centossecureboot201.cer bfdb3d7cffc43f579655af5155d50c08671d95e5 SOURCES/centossecurebootca2.cer -91a36a891738d6332f8714b97d6ea8269b7ab5cf SOURCES/kernel-abi-stablelists-4.18.0-553.tar.bz2 +a144e8b0f1cbb3f59aadd57e2370681cb73deb5d SOURCES/kernel-abi-stablelists-4.18.0-553.tar.bz2 618f2302d26295e300718d59e8551a0cdfc98022 SOURCES/kernel-kabi-dw-4.18.0-553.tar.bz2 -368acce60b9bbb25b1dfe956713aa1119a0fa64e SOURCES/linux-4.18.0-553.8.1.el8_10.tar.xz +f59ddc178de4176fecd813f5496d29f5faabe9f2 SOURCES/linux-4.18.0-553.12.1.el8_10.tar.xz 13e5cd3f856b472fde80a4deb75f4c18dfb5b255 SOURCES/redhatsecureboot302.cer e89890ca0ded2f9058651cc5fa838b78db2e6cc2 SOURCES/redhatsecureboot303.cer ba0b760e594ff668ee72ae348adf3e49b97f75fb SOURCES/redhatsecureboot501.cer diff --git a/SPECS/kernel.spec b/SPECS/kernel.spec index f3d3b1162..6aa8844c1 100644 --- a/SPECS/kernel.spec +++ b/SPECS/kernel.spec @@ -38,10 +38,10 @@ # define buildid .local %define specversion 4.18.0 -%define pkgrelease 553.8.1.el8_10 +%define pkgrelease 553.12.1.el8_10 # allow pkg_release to have configurable %%{?dist} tag -%define specrelease 553.8.1%{?dist} +%define specrelease 553.12.1%{?dist} %define pkg_release %{specrelease}%{?buildid} @@ -2696,6 +2696,279 @@ fi # # %changelog +* Wed Jul 10 2024 Denys Vlasenko [4.18.0-553.12.1.el8_10] +- net: bridge: xmit: make sure we have at least eth header len bytes (cki-backport-bot) [RHEL-44291] {CVE-2024-38538} +- drivers/amd/pm: fix a use-after-free in kv_parse_power_table (Michel Dänzer) [RHEL-26893] {CVE-2023-52469} +- SUNRPC: Fix a suspicious RCU usage warning (Scott Mayhew) [RHEL-30503] {CVE-2023-52623} +- ice: Fix some null pointer dereference issues in ice_ptp.c (Petr Oros) [RHEL-26901] {CVE-2023-52471} +- xfs: fix internal error from AGFL exhaustion (Pavel Reichl) [RHEL-45581] +- sched/psi: Fix use-after-free in ep_remove_wait_queue() (Phil Auld) [RHEL-38117] {CVE-2023-52707} +- wait: add wake_up_pollfree() (Phil Auld) [RHEL-38117] +- net/ipv6: avoid possible UAF in ip6_route_mpath_notify() (Hangbin Liu) [RHEL-33269] {CVE-2024-26852} +- net: bridge: switchdev: Skip MDB replays of deferred events on offload (Ivan Vecera) [RHEL-33117] {CVE-2024-26837} +- ext4: avoid allocating blocks from corrupted group in ext4_mb_find_by_goal() (Pavel Reichl) [RHEL-31700] {CVE-2024-26772} +- ext4: avoid allocating blocks from corrupted group in ext4_mb_try_best_found() (Pavel Reichl) [RHEL-31688] {CVE-2024-26773} +- ext4: fix double-free of blocks due to wrong extents moved_len (Pavel Reichl) [RHEL-31612] {CVE-2024-26704} +- vxlan: Pull inner IP header in vxlan_xmit_one(). (Guillaume Nault) [RHEL-31389] +- geneve: Fix incorrect inner network header offset when innerprotoinherit is set (Guillaume Nault) [RHEL-31389] +- vxlan: Pull inner IP header in vxlan_rcv(). (Guillaume Nault) [RHEL-31389] +- geneve: fix header validation in geneve[6]_xmit_skb (Guillaume Nault) [RHEL-31389] +- geneve: make sure to pull inner header in geneve_rx() (Guillaume Nault) [RHEL-31389] +- net: geneve: modify IP header check in geneve6_xmit_skb and geneve_xmit_skb (Guillaume Nault) [RHEL-31389] +- net: geneve: check skb is large enough for IPv4/IPv6 header (Guillaume Nault) [RHEL-31389] +- net/smc: fix neighbour and rtable leak in smc_ib_find_route() (Tobias Huschle) [RHEL-39744] {CVE-2024-36945} +- igb: Fix string truncation warnings in igb_set_fw_version (Corinna Vinschen) [RHEL-38452] {CVE-2024-36010} +- bonding: stop the device in bond_setup_by_slave() (Hangbin Liu) [RHEL-38327] {CVE-2023-52784} +- i40e: fix vf may be used uninitialized in this function warning (Kamal Heib) [RHEL-39702] {CVE-2024-36020} +- powerpc/64: Fix the definition of the fixmap area (Mamatha Inamdar) [RHEL-27191] {CVE-2021-47018} +- powerpc/mm/hash64: Add a variable to track the end of IO mapping (Mamatha Inamdar) [RHEL-27191] {CVE-2021-47018} +- nsh: Restore skb->{protocol,data,mac_header} for outer header in nsh_gso_segment(). (Xin Long) [RHEL-39770] {CVE-2024-36933} +- net: nsh: Use correct mac_offset to unwind gso skb in nsh_gso_segment() (Xin Long) [RHEL-39770] +- net: core: reject skb_copy(_expand) for fraglist GSO skbs (Xin Long) [RHEL-39779] {CVE-2024-36929} +- tcp: properly terminate timers for kernel sockets (Guillaume Nault) [RHEL-37171] {CVE-2024-35910} +- net: relax socket state check at accept time. (Florian Westphal) [RHEL-39831] +- tcp: defer shutdown(SEND_SHUTDOWN) for TCP_SYN_RECV sockets (Florian Westphal) [RHEL-39831] {CVE-2024-36905} +- tcp: remove redundant check on tskb (Florian Westphal) [RHEL-39831] +- drm/ast: Fix soft lockup (cki-backport-bot) [RHEL-37438] {CVE-2024-35952} +- null_blk: Fix return value of nullb_device_power_store() (Ming Lei) [RHEL-39341] +- null_blk: fix null-ptr-dereference while configuring 'power' and 'submit_queues' (Ming Lei) [RHEL-39341] +- null_blk: fix return value from null_add_dev() (Ming Lei) [RHEL-39341] + +* Wed Jul 03 2024 Denys Vlasenko [4.18.0-553.11.1.el8_10] +- x86/bugs: Reverse instruction order of CLEAR_CPU_BUFFERS (Waiman Long) [RHEL-42121] +- Revert "x86/bugs: Use fixed addressing for VERW operand" (Waiman Long) [RHEL-42121] +- KVM/x86: Export RFDS_NO and RFDS_CLEAR to guests (Waiman Long) [RHEL-42121] +- x86/rfds: Mitigate Register File Data Sampling (RFDS) (Waiman Long) [RHEL-42121] +- Documentation/hw-vuln: Add documentation for RFDS (Waiman Long) [RHEL-42121] +- x86/mmio: Disable KVM mitigation when X86_FEATURE_CLEAR_CPU_BUF is set (Waiman Long) [RHEL-42121] +- x86/bugs: Use fixed addressing for VERW operand (Waiman Long) [RHEL-42121] +- KVM/VMX: Use BT+JNC, i.e. EFLAGS.CF to select VMRESUME vs. VMLAUNCH (Waiman Long) [RHEL-42121] +- x86/bugs: Use ALTERNATIVE() instead of mds_user_clear static key (Waiman Long) [RHEL-42121] +- x86/entry_32: Add VERW just before userspace transition (Waiman Long) [RHEL-42121] +- x86/entry_64: Add VERW just before userspace transition (Waiman Long) [RHEL-42121] +- x86/bugs: Add asm helpers for executing VERW (Waiman Long) [RHEL-42121] +- x86/cpu: Fix Gracemont uarch (Waiman Long) [RHEL-42121] +- Documentation/hw-vuln: Unify filename specification in index (Waiman Long) [RHEL-42121] +- KVM: VMX: Access @flags as a 32-bit value in __vmx_vcpu_run() (Waiman Long) [RHEL-42121] +- x86/asm: Add _ASM_RIP() macro for x86-64 (%%rip) suffix (Waiman Long) [RHEL-42121] +- x86/asm: Have the __ASM_FORM macros handle commas in arguments (Waiman Long) [RHEL-42121] +- x86/asm: Allow to pass macros to __ASM_FORM() (Waiman Long) [RHEL-42121] +- wifi: iwlwifi: mvm: guard against invalid STA ID on removal (Jose Ignacio Tornos Martinez) [RHEL-39801] {CVE-2024-36921} +- ipv6: Fix potential uninit-value access in __ip6_make_skb() (Antoine Tenart) [RHEL-39784] +- ipv4: Fix uninit-value access in __ip_make_skb() (Antoine Tenart) [RHEL-39784] {CVE-2024-36927} +- perf mmap: Lazily initialize zstd streams to save memory when not using it (Michael Petlan) [RHEL-34876] +- perf tools: Fix spelling mistake "commpressor" -> "compressor" (Michael Petlan) [RHEL-34876] +- perf record: Introduce data transferred and compressed stats (Michael Petlan) [RHEL-34876] +- perf record: Introduce compressor at mmap buffer object (Michael Petlan) [RHEL-34876] +- perf record: Introduce bytes written stats (Michael Petlan) [RHEL-34876] +- perf record: Introduce data file at mmap buffer object (Michael Petlan) [RHEL-34876] +- perf record: Start threads in the beginning of trace streaming (Alexey Bayduraev) [RHEL-34876] +- perf record: Stop threads in the end of trace streaming (Michael Petlan) [RHEL-34876] +- perf record: Introduce thread local variable (Michael Petlan) [RHEL-34876] +- perf record: Introduce function to propagate control commands (Michael Petlan) [RHEL-34876] +- perf record: Introduce thread specific data array (Michael Petlan) [RHEL-34876] +- tools lib: Introduce fdarray duplicate function (Michael Petlan) [RHEL-34876] +- perf record: Introduce thread affinity and mmap masks (Michael Petlan) [RHEL-34876] +- gfs2: Be more careful with the quota sync generation (Andreas Gruenbacher) [RHEL-40901] +- gfs2: Get rid of some unnecessary quota locking (Andreas Gruenbacher) [RHEL-40901] +- gfs2: Add some missing quota locking (Andreas Gruenbacher) [RHEL-40901] +- gfs2: Fold qd_fish into gfs2_quota_sync (Andreas Gruenbacher) [RHEL-40901] +- gfs2: quota need_sync cleanup (Andreas Gruenbacher) [RHEL-40901] +- gfs2: Fix and clean up function do_qc (Andreas Gruenbacher) [RHEL-40901] +- gfs2: Revert "Add quota_change type" (Andreas Gruenbacher) [RHEL-40901] +- gfs2: Revert "ignore negated quota changes" (Andreas Gruenbacher) [RHEL-40901] +- gfs2: qd_check_sync cleanups (Andreas Gruenbacher) [RHEL-40901] +- gfs2: Check quota consistency on mount (Andreas Gruenbacher) [RHEL-40901] +- gfs2: Minor gfs2_quota_init error path cleanup (Andreas Gruenbacher) [RHEL-40901] +- gfs2: fix kernel BUG in gfs2_quota_cleanup (Edward Adam Davis) [RHEL-40901] +- gfs2: Clean up quota.c:print_message (Andreas Gruenbacher) [RHEL-40901] +- gfs2: Clean up gfs2_alloc_parms initializers (Andreas Gruenbacher) [RHEL-40901] +- gfs2: Two quota=account mode fixes (Andreas Gruenbacher) [RHEL-40901] +- gfs2: Remove useless assignment (Bob Peterson) [RHEL-40901] +- gfs2: simplify slot_get (Bob Peterson) [RHEL-40901] +- gfs2: Simplify qd2offset (Bob Peterson) [RHEL-40901] +- gfs2: Remove quota allocation info from quota file (Bob Peterson) [RHEL-40901] +- gfs2: use constant for array size (Bob Peterson) [RHEL-40901] +- gfs2: Set qd_sync_gen in do_sync (Bob Peterson) [RHEL-40901] +- gfs2: Remove useless err set (Bob Peterson) [RHEL-40901] +- gfs2: Small gfs2_quota_lock cleanup (Bob Peterson) [RHEL-40901] +- gfs2: move qdsb_put and reduce redundancy (Bob Peterson) [RHEL-40901] +- gfs2: Don't try to sync non-changes (Bob Peterson) [RHEL-40901] +- gfs2: Simplify function need_sync (Bob Peterson) [RHEL-40901] +- gfs2: remove unneeded pg_oflow variable (Bob Peterson) [RHEL-40901] +- gfs2: remove unneeded variable done (Bob Peterson) [RHEL-40901] +- gfs2: pass sdp to gfs2_write_buf_to_page (Bob Peterson) [RHEL-40901] +- gfs2: pass sdp in to gfs2_write_disk_quota (Bob Peterson) [RHEL-40901] +- gfs2: Pass sdp to gfs2_adjust_quota (Bob Peterson) [RHEL-40901] +- gfs2: remove dead code for quota writes (Bob Peterson) [RHEL-40901] +- gfs2: Use qd_sbd more consequently (Bob Peterson) [RHEL-40901] +- gfs2: replace 'found' with dedicated list iterator variable (Jakob Koschel) [RHEL-40901] +- gfs2: Some whitespace cleanups (Andreas Gruenbacher) [RHEL-40901] +- gfs2: Fix gfs2_qa_get imbalance in gfs2_quota_hold (Bob Peterson) [RHEL-40901] +- af_unix: Fix data races in unix_release_sock/unix_stream_sendmsg (Guillaume Nault) [RHEL-43961] {CVE-2024-38596} +- af_unix: Fix data-races around sk->sk_shutdown. (Guillaume Nault) [RHEL-43961] {CVE-2024-38596} +- af_unix: Fix data races around sk->sk_shutdown. (Guillaume Nault) [RHEL-43961] {CVE-2024-38596} +- perf/core: Fix event sibling list locking (Daniel Vacek) [RHEL-31798] +- media: bttv: fix use after free error due to btv->timeout timer (Kate Hsuan) [RHEL-38256] {CVE-2023-52847} +- arp: Prevent overflow in arp_req_get(). (Antoine Tenart) [RHEL-31706] {CVE-2024-26733} +- Bluetooth: btusb: Add a new PID/VID 0489/e0c8 for MT7921 (David Marlin) [RHEL-10263] +- mm: swap: fix race between free_swap_and_cache() and swapoff() (Waiman Long) [RHEL-34971] {CVE-2024-26960} +- swap: comments get_swap_device() with usage rule (Waiman Long) [RHEL-34971] {CVE-2024-26960} +- mm/swapfile.c: __swap_entry_free() always free 1 entry (Waiman Long) [RHEL-34971] {CVE-2024-26960} +- mm/swapfile.c: call free_swap_slot() in __swap_entry_free() (Waiman Long) [RHEL-34971] {CVE-2024-26960} +- mm/swapfile.c: use __try_to_reclaim_swap() in free_swap_and_cache() (Waiman Long) [RHEL-34971] {CVE-2024-26960} +- net: amd-xgbe: Fix skb data length underflow (Ken Cox) [RHEL-43788] {CVE-2022-48743} +- ovl: fix warning in ovl_create_real() (cki-backport-bot) [RHEL-43652] {CVE-2021-47579} +- net/sched: initialize noop_qdisc owner (Davide Caratti) [RHEL-35056] +- net/sched: Fix mirred deadlock on device recursion (Davide Caratti) [RHEL-35056] {CVE-2024-27010} +- ext4: fix mb_cache_entry's e_refcnt leak in ext4_xattr_block_cache_find() (Pavel Reichl) [RHEL-45029] {CVE-2024-39276} +- ethernet: hisilicon: hns: hns_dsaf_misc: fix a possible array overflow in hns_dsaf_ge_srst_by_port() (Ken Cox) [RHEL-38713] {CVE-2021-47548} +- ipvlan: Dont Use skb->sk in ipvlan_process_v{4,6}_outbound (Hangbin Liu) [RHEL-44396] {CVE-2024-33621} +- mlxsw: spectrum_acl_tcam: Fix stack corruption (Ivan Vecera) [RHEL-26462] {CVE-2024-26586} +- inet: inet_defrag: prevent sk release while still in use (Antoine Tenart) [RHEL-33398] {CVE-2024-26921} +- skb_expand_head() adjust skb->truesize incorrectly (Antoine Tenart) [RHEL-33398] +- nvmet: fix ns enable/disable possible hang (Ming Lei) [RHEL-43547] + +* Fri Jun 28 2024 Denys Vlasenko [4.18.0-553.10.1.el8_10] +- SUNRPC: Fix RPC client cleaned up the freed pipefs dentries (Scott Mayhew) [RHEL-38264] {CVE-2023-52803} +- scsi: qla2xxx: Fix off by one in qla_edif_app_getstats() (Ewan D. Milne) [RHEL-39717] {CVE-2024-36025} +- tcp: add sanity checks to rx zerocopy (Guillaume Nault) [RHEL-29494] {CVE-2024-26640} +- SUNRPC: fix some memleaks in gssx_dec_option_array (Scott Mayhew) [RHEL-35209] {CVE-2024-27388} +- wifi: nl80211: don't free NULL coalescing rule (Jose Ignacio Tornos Martinez) [RHEL-39752] {CVE-2024-36941} +- nfs: fix UAF in direct writes (Scott Mayhew) [RHEL-34975] {CVE-2024-26958} +- NFSv4.2: fix nfs4_listxattr kernel BUG at mm/usercopy.c:102 (Scott Mayhew) [RHEL-33228] {CVE-2024-26870} +- drm/amd/pm: Fix error of MACO flag setting code (Michel Dänzer) [RHEL-15928] +- scsi: aacraid: fix io hangs and improve performance (John Meneghini) [RHEL-23913] +- block: prevent division by zero in blk_rq_stat_sum() (Ming Lei) [RHEL-37279] {CVE-2024-35925} +- block: fix overflow in blk_ioctl_discard() (Ming Lei) [RHEL-39811] {CVE-2024-36917} +- virtio-blk: fix implicit overflow on virtio_max_dma_size (Ming Lei) [RHEL-38131] {CVE-2023-52762} +- nbd: null check for nla_nest_start (Ming Lei) [RHEL-35176] {CVE-2024-27025} +- isdn: mISDN: netjet: Fix crash in nj_probe: (Ken Cox) [RHEL-38444] {CVE-2021-47284} +- isdn: mISDN: Fix sleeping function called from invalid context (Ken Cox) [RHEL-38400] {CVE-2021-47468} +- net/smc: avoid data corruption caused by decline (Tobias Huschle) [RHEL-38234] {CVE-2023-52775} +- ubi: Check for too small LEB size in VTBL code (David Arcari) [RHEL-25092] {CVE-2024-25739} +- i2c: core: Fix atomic xfer check for non-preempt config (Steve Best) [RHEL-38313] {CVE-2023-52791} +- i2c: core: Run atomic i2c xfer when !preemptible (Steve Best) [RHEL-38313] {CVE-2023-52791} +- firewire: ohci: mask bus reset interrupts between ISR and bottom half (Steve Best) [RHEL-39902] {CVE-2024-36950} +- ipv6: init the accept_queue's spinlocks in inet6_create (Guillaume Nault) [RHEL-28899] {CVE-2024-26614} +- tcp: make sure init the accept_queue's spinlocks once (Guillaume Nault) [RHEL-28899] {CVE-2024-26614} +- tty: n_gsm: fix possible out-of-bounds in gsm0_receive() (Steve Best) [RHEL-39352] {CVE-2024-36016} +- mlxsw: spectrum_acl_tcam: Fix incorrect list API usage (Ivan Vecera) [RHEL-37484] {CVE-2024-36006} +- pwm: Fix double shift bug (Steve Best) [RHEL-38278] {CVE-2023-52756} +- mmc: sdio: fix possible resource leaks in some error paths (Steve Best) [RHEL-38149] {CVE-2023-52730} +- of: unittest: Fix compile in the non-dynamic case (Steve Best) [RHEL-37070] {CVE-2023-52679} +- of: unittest: Fix of_count_phandle_with_args() expected value message (Steve Best) [RHEL-37070] {CVE-2023-52679} +- of: Fix double free in of_parse_phandle_with_args_map (Steve Best) [RHEL-37070] {CVE-2023-52679} +- pinctrl: core: delete incorrect free in pinctrl_enable() (Steve Best) [RHEL-39756] {CVE-2024-36940} +- pinctrl: core: fix possible memory leak in pinctrl_enable() (Steve Best) [RHEL-39756] {CVE-2024-36940} +- media: gspca: cpia1: shift-out-of-bounds in set_flicker (Desnes Nunes) [RHEL-38331] {CVE-2023-52764} +- tipc: fix a possible memleak in tipc_buf_append (Xin Long) [RHEL-39881] {CVE-2024-36954} +- cifs: fix mid leak during reconnection after timeout threshold (Paulo Alcantara) [RHEL-36222] +- cifs: Fix use-after-free in rdata->read_into_pages() (Paulo Alcantara) [RHEL-36222] +- cifs: Fix pages leak when writedata alloc failed in cifs_write_from_iter() (Paulo Alcantara) [RHEL-36222] +- cifs: Fix pages array leak when writedata alloc failed in cifs_writedata_alloc() (Paulo Alcantara) [RHEL-36222] +- cifs: destage dirty pages before re-reading them for cache=none (Paulo Alcantara) [RHEL-36222] +- cifs: destage any unwritten data to the server before calling copychunk_write (Paulo Alcantara) [RHEL-36222] +- Adjust cifssb maximum read size (Paulo Alcantara) [RHEL-36222] +- cifs: make locking consistent around the server session status (Paulo Alcantara) [RHEL-36222] +- cifs: fix credit accounting for extra channel (Paulo Alcantara) [RHEL-36222] +- smb3: prevent races updating CurrentMid (Paulo Alcantara) [RHEL-36222] +- cifs: fix missing spinlock around update to ses->status (Paulo Alcantara) [RHEL-36222] +- cifs: use echo_interval even when connection not ready. (Paulo Alcantara) [RHEL-36222] +- cifs: detect dead connections only when echoes are enabled. (Paulo Alcantara) [RHEL-36222] +- cifs: Fix preauth hash corruption (Paulo Alcantara) [RHEL-36222] +- cifs: do not send close in compound create+close requests (Paulo Alcantara) [RHEL-36222] +- cifs: ask for more credit on async read/write code paths (Paulo Alcantara) [RHEL-36222] +- cifs: use discard iterator to discard unneeded network data more efficiently (Paulo Alcantara) [RHEL-36222] +- cifs: Fix in error types returned for out-of-credit situations. (Paulo Alcantara) [RHEL-36222] +- smb3: fix crediting for compounding when only one request in flight (Paulo Alcantara) [RHEL-36222] +- cifs: New optype for session operations. (Paulo Alcantara) [RHEL-36222] +- mm/gup: do not return 0 from pin_user_pages_fast() for bad args (Paulo Alcantara) [RHEL-36222] +- wifi: brcmfmac: pcie: handle randbuf allocation failure (Jose Ignacio Tornos Martinez) [RHEL-44124] {CVE-2024-38575} +- tcp: Use refcount_inc_not_zero() in tcp_twsk_unique(). (Guillaume Nault) [RHEL-39835] {CVE-2024-36904} +- wifi: mac80211: don't return unset power in ieee80211_get_tx_power() (Jose Ignacio Tornos Martinez) [RHEL-38159] {CVE-2023-52832} +- wifi: ath11k: fix gtk offload status event locking (Jose Ignacio Tornos Martinez) [RHEL-38155] {CVE-2023-52777} +- net: ieee802154: fix null deref in parse dev addr (Steve Best) [RHEL-38012] {CVE-2021-47257} +- mm/hugetlb: fix missing hugetlb_lock for resv uncharge (Rafael Aquini) [RHEL-37465] {CVE-2024-36000} +- x86/xen: Add some null pointer checking to smp.c (Vitaly Kuznetsov) [RHEL-33258] {CVE-2024-26908} +- x86/xen: Fix memory leak in xen_smp_intr_init{_pv}() (Vitaly Kuznetsov) [RHEL-33258] {CVE-2024-26908} +- wifi: cfg80211: check A-MSDU format more carefully (Jose Ignacio Tornos Martinez) [RHEL-37343] {CVE-2024-35937} +- wifi: rtw89: fix null pointer access when abort scan (Jose Ignacio Tornos Martinez) [RHEL-37355] {CVE-2024-35946} +- atl1c: Work around the DMA RX overflow issue (Ken Cox) [RHEL-38287] {CVE-2023-52834} +- wifi: ath11k: decrease MHI channel buffer length to 8KB (Jose Ignacio Tornos Martinez) [RHEL-37339] {CVE-2024-35938} +- wifi: iwlwifi: mvm: rfi: fix potential response leaks (Jose Ignacio Tornos Martinez) [RHEL-37163] {CVE-2024-35912} +- USB: core: Fix access violation during port device removal (Desnes Nunes) [RHEL-39853] {CVE-2024-36896} +- scsi: lpfc: Fix possible memory leak in lpfc_rcv_padisc() (Ewan D. Milne) [RHEL-37123] {CVE-2024-35930} +- netfilter: nf_tables: honor table dormant flag from netdev release event path (Phil Sutter) [RHEL-37450] {CVE-2024-36005} +- wifi: iwlwifi: mvm: don't set the MFP flag for the GTK (Jose Ignacio Tornos Martinez) [RHEL-36898] {CVE-2024-27434} +- wifi: iwlwifi: mvm: Fix key flags for IGTK on AP interface (Jose Ignacio Tornos Martinez) [RHEL-36898] {CVE-2024-27434} +- misc: lis3lv02d_i2c: Fix regulators getting en-/dis-abled twice on suspend/resume (Steve Best) [RHEL-36932] {CVE-2024-35824} + +* Fri Jun 21 2024 Denys Vlasenko [4.18.0-553.9.1.el8_10] +- x86/mce: Make sure to grab mce_sysfs_mutex in set_bank() (Steve Best) [RHEL-37262] {CVE-2024-35876} +- net/sched: flower: Fix chain template offload (Xin Long) [RHEL-31313] {CVE-2024-26669} +- SUNRPC: fix a memleak in gss_import_v2_context (Scott Mayhew) [RHEL-35195] {CVE-2023-52653} +- efivarfs: force RO when remounting if SetVariable is not supported (Pavel Reichl) [RHEL-26564] {CVE-2023-52463} +- dmaengine: idxd: add a write() method for applications to submit work (Jerry Snitselaar) [RHEL-35826] {CVE-2024-21823} +- dmaengine: idxd: add a new security check to deal with a hardware erratum (Jerry Snitselaar) [RHEL-35826] {CVE-2024-21823} +- VFIO: Add the SPR_DSA and SPR_IAX devices to the denylist (Jerry Snitselaar) [RHEL-35826] {CVE-2024-21823} +- quota: Fix potential NULL pointer dereference (Pavel Reichl) [RHEL-33219] {CVE-2024-26878} +- locking/lockdep: Fix overflow in presentation of average lock-time (Čestmír Kalina) [RHEL-17678] +- blk-cgroup: Properly propagate the iostat update up the hierarchy (Ming Lei) [RHEL-40939] +- proc: Use new_inode not new_inode_pseudo (Ian Kent) [RHEL-40167] +- stmmac: Clear variable when destroying workqueue (Izabela Bakollari) [RHEL-31822] {CVE-2024-26802} +- powerpc/pseries/memhp: Fix access beyond end of drmem array (Mamatha Inamdar) [RHEL-26495] {CVE-2023-52451} +- platform/x86: wmi: Fix opening of char device (David Arcari) [RHEL-38258] {CVE-2023-52864} +- Revert "net/mlx5: Block entering switchdev mode with ns inconsistency" (Kamal Heib) [RHEL-36908] {CVE-2023-52658} +- hv_netvsc: Register VF in netvsc_probe if NET_DEVICE_REGISTER missed (Cathy Avery) [RHEL-39074] +- hv_netvsc: Fix race condition between netvsc_probe and netvsc_remove (Cathy Avery) [RHEL-39074] +- hv_netvsc: Calculate correct ring size when PAGE_SIZE is not 4 Kbytes (Cathy Avery) [RHEL-39074] +- hv_netvsc: remove duplicated including of slab.h (Cathy Avery) [RHEL-39074] +- hv_netvsc: rndis_filter needs to select NLS (Cathy Avery) [RHEL-39074] +- hv_netvsc: Mark VF as slave before exposing it to user-mode (Cathy Avery) [RHEL-39074] +- hv_netvsc: Fix race of register_netdevice_notifier and VF register (Cathy Avery) [RHEL-39074] +- hv_netvsc: fix race of netvsc and VF register_netdevice (Cathy Avery) [RHEL-39074] +- hv_netvsc: fix netvsc_send_completion to avoid multiple message length checks (Cathy Avery) [RHEL-39074] +- hv_netvsc: Allocate rx indirection table size dynamically (Cathy Avery) [RHEL-39074] +- net: hv_netvsc: Fix a warning triggered by memcpy in rndis_filter (Cathy Avery) [RHEL-39074] +- gfs2: Fix lru_count accounting (Andreas Gruenbacher) [RHEL-32941] +- gfs2: Fix "Make glock lru list scanning safer" (Andreas Gruenbacher) [RHEL-32941] +- gfs2: Fix "ignore unlock failures after withdraw" (Andreas Gruenbacher) [RHEL-32941] +- gfs2: Don't set GLF_LOCK in gfs2_dispose_glock_lru (Andreas Gruenbacher) [RHEL-32941] +- gfs2: Don't forget to complete delayed withdraw (Andreas Gruenbacher) [RHEL-32941] +- gfs2: Delay withdraw from atomic context (Andreas Gruenbacher) [RHEL-32941] +- gfs2: trivial clean up of gfs2_ail_error (Andreas Gruenbacher) [RHEL-32941] +- ext4: fix corruption during on-line resize (Carlos Maiolino) [RHEL-36974] {CVE-2024-35807} +- ext4: correct offset of gdb backup in non meta_bg group to update_backups (Carlos Maiolino) [RHEL-36974] +- ext4: avoid online resizing failures due to oversized flex bg (Carlos Maiolino) [RHEL-30507] {CVE-2023-52622} +- ext4: use time_is_before_jiffies() instead of open coding it (Carlos Maiolino) [RHEL-30507] +- ext4: unify the type of flexbg_size to unsigned int (Carlos Maiolino) [RHEL-30507] +- ext4: remove unnecessary check from alloc_flex_gd() (Carlos Maiolino) [RHEL-30507] +- tracing: Do no increment trace_clock_global() by one (Jerome Marchand) [RHEL-27107] {CVE-2021-46939} +- tracing: Restructure trace_clock_global() to never block (Jerome Marchand) [RHEL-27107] {CVE-2021-46939} +- net/sched: act_skbmod: prevent kernel-infoleak (Xin Long) [RHEL-37220] {CVE-2024-35893} +- tipc: Change nla_policy for bearer-related names to NLA_NUL_STRING (Xin Long) [RHEL-38307] {CVE-2023-52845} +- redhat: remove the merge subtrees script (Derek Barbosa) +- redhat: rhdocs: delete .get_maintainer.conf (Derek Barbosa) +- redhat: rhdocs: Remove the rhdocs directory (Derek Barbosa) +- dyndbg: fix old BUG_ON in >control parser (Waiman Long) [RHEL-37111] {CVE-2024-35947} +- dyndbg: let query-modname override actual module name (Waiman Long) [RHEL-37111] +- dyndbg: make dyndbg a known cli param (Waiman Long) [RHEL-37111] +- lan78xx: Fix exception on link speed change (Jamie Bainbridge) [RHEL-33437] +- net: usb: lan78xx: don't modify phy_device state concurrently (Jamie Bainbridge) [RHEL-33437] +- efi: runtime: Fix potential overflow of soft-reserved region size (Lenny Szubowicz) [RHEL-33096] {CVE-2024-26843} +- perf/arm-cmn: Fail DTC counter allocation correctly (Michael Petlan) [RHEL-23841] +- perf/arm-cmn: Rework DTC counters (again) (Michael Petlan) [RHEL-23841] +- perf/arm-cmn: Fix DTC domain detection (Michael Petlan) [RHEL-23841] +- perf/arm-cmn: Revamp model detection (Michael Petlan) [RHEL-23841] +- perf/arm-cmn: Fix port detection for CMN-700 (Michael Petlan) [RHEL-23841] +- perf/arm-cmn: Move overlapping wp_combine field (Michael Petlan) [RHEL-23841] +- Partially revert "perf/arm-cmn: Optimise DTC counter accesses" (Michael Petlan) [RHEL-23841] +- drivers/perf: Compile with gnu99 standard (Michael Petlan) [RHEL-23841] +- x86/fpu: Keep xfd_state in sync with MSR_IA32_XFD (Steve Best) [RHEL-36994] {CVE-2024-35801} +- watchdog: softdog: Add options 'soft_reboot_cmd' and 'soft_active_on_boot' (Waiman Long) [RHEL-19723] +- tipc: fix UAF in error path (Xin Long) [RHEL-34278] {CVE-2024-36886} + * Fri Jun 14 2024 Denys Vlasenko [4.18.0-553.8.1.el8_10] - udf: Fix NULL pointer dereference in udf_symlink function (Pavel Reichl) [RHEL-37769] {CVE-2021-47353} - net: ti: fix UAF in tlan_remove_one (Jose Ignacio Tornos Martinez) [RHEL-38940] {CVE-2021-47310}