kernel-4.18.0-553.13.1.el8_10

* Fri Jul 19 2024 Denys Vlasenko <dvlasenk@redhat.com> [4.18.0-553.13.1.el8_10]
- redhat: remove handling of deleted rhdocs/ directory from genspec.sh (Denys Vlasenko)
- x86/bugs: Fix BHI retpoline check (Waiman Long) [RHEL-28202] {CVE-2024-2201}
- x86/bugs: Replace CONFIG_SPECTRE_BHI_{ON,OFF} with CONFIG_MITIGATION_SPECTRE_BHI (Waiman Long) [RHEL-28202] {CVE-2024-2201}
- x86/bugs: Remove CONFIG_BHI_MITIGATION_AUTO and spectre_bhi=auto (Waiman Long) [RHEL-28202] {CVE-2024-2201}
- x86/bugs: Clarify that syscall hardening isn't a BHI mitigation (Waiman Long) [RHEL-28202] {CVE-2024-2201}
- x86/bugs: Fix BHI handling of RRSBA (Waiman Long) [RHEL-28202] {CVE-2024-2201}
- x86/bugs: Rename various 'ia32_cap' variables to 'x86_arch_cap_msr' (Waiman Long) [RHEL-28202] {CVE-2024-2201}
- x86/bugs: Cache the value of MSR_IA32_ARCH_CAPABILITIES (Waiman Long) [RHEL-28202] {CVE-2024-2201}
- x86/bugs: Fix BHI documentation (Waiman Long) [RHEL-28202] {CVE-2024-2201}
- x86/bugs: Fix return type of spectre_bhi_state() (Waiman Long) [RHEL-28202] {CVE-2024-2201}
- x86/bugs: Make CONFIG_SPECTRE_BHI_ON the default (Waiman Long) [RHEL-28202] {CVE-2024-2201}
- x86/bhi: Mitigate KVM by default (Waiman Long) [RHEL-28202] {CVE-2024-2201}
- x86/bhi: Add BHI mitigation knob (Waiman Long) [RHEL-28202] {CVE-2024-2201}
- x86/bhi: Enumerate Branch History Injection (BHI) bug (Waiman Long) [RHEL-28202] {CVE-2024-2201}
- x86/bhi: Define SPEC_CTRL_BHI_DIS_S (Waiman Long) [RHEL-28202] {CVE-2024-2201}
- x86/bhi: Add support for clearing branch history at syscall entry (Waiman Long) [RHEL-28202] {CVE-2024-2201}
- x86/bugs: Change commas to semicolons in 'spectre_v2' sysfs file (Waiman Long) [RHEL-28202]
- perf/x86/amd/lbr: Use freeze based on availability (Waiman Long) [RHEL-28202]
- Documentation/kernel-parameters: Add spec_rstack_overflow to mitigations=off (Waiman Long) [RHEL-28202]
- KVM: x86: Advertise CPUID.(EAX=7,ECX=2):EDX[5:0] to userspace (Waiman Long) [RHEL-28202]
- x86/bugs: Reset speculation control settings on init (Waiman Long) [RHEL-28202]
- KVM: x86: Update KVM-only leaf handling to allow for 100%% KVM-only leafs (Waiman Long) [RHEL-28202]
- KVM: x86: Hide IA32_PLATFORM_DCA_CAP[31:0] from the guest (Waiman Long) [RHEL-28202]
- mptcp: ensure snd_nxt is properly initialized on connect (Davide Caratti) [RHEL-39865] {CVE-2024-36889}
- powerpc/pseries: Enforce hcall result buffer validity and size (Mamatha Inamdar) [RHEL-48291] {CVE-2024-40974}
- wifi: mac80211: fix potential key use-after-free (Jose Ignacio Tornos Martinez) [RHEL-28007] {CVE-2023-52530}
- cppc_cpufreq: Fix possible null pointer dereference (Mark Langsdorf) [RHEL-44137] {CVE-2024-38573}
- net/sched: act_mirred: use the backlog for mirred ingress (Davide Caratti) [RHEL-31718] {CVE-2024-26740}
- vfio/pci: Lock external INTx masking ops (Alex Williamson) [RHEL-31922] {CVE-2024-26810}
- net: sched: sch_multiq: fix possible OOB write in multiq_tune() (Davide Caratti) [RHEL-43464] {CVE-2024-36978}
- tcp: fix tcp_init_transfer() to not reset icsk_ca_initialized (Guillaume Nault) [RHEL-37850] {CVE-2021-47304}
- pstore/ram: Fix crash when setting number of cpus to an odd number (Lenny Szubowicz) [RHEL-29471] {CVE-2023-52619}
- drm/vmwgfx: fix a memleak in vmw_gmrid_man_get_node (Jocelyn Falempe) [RHEL-37101] {CVE-2023-52662}
- drm/vmwgfx: Fix the lifetime of the bo cursor memory (Jocelyn Falempe) [RHEL-36962] {CVE-2024-35810}
- drm/vmwgfx: Create debugfs ttm_resource_manager entry only if needed (Jocelyn Falempe) [RHEL-34987] {CVE-2024-26940}
- drm/vmwgfx: Unmap the surface before resetting it on a plane state (Jocelyn Falempe) [RHEL-35217] {CVE-2023-52648}
- drm/vmwgfx: Fix invalid reads in fence signaled events (Jocelyn Falempe) [RHEL-40010] {CVE-2024-36960}
- block: Fix wrong offset in bio_truncate() (Ming Lei) [RHEL-43782] {CVE-2022-48747}
- bonding: Fix out-of-bounds read in bond_option_arp_ip_targets_set() (CKI Backport Bot) [RHEL-46913] {CVE-2024-39487}
- net: fix __dst_negative_advice() race (Xin Long) [RHEL-41183] {CVE-2024-36971}
- igc: avoid returning frame twice in XDP_REDIRECT (Corinna Vinschen) [RHEL-33264] {CVE-2024-26853}
- mac802154: fix llsec key resources release in mac802154_llsec_key_del (Steve Best) [RHEL-34967] {CVE-2024-26961}
- cpufreq: exit() callback is optional (Mark Langsdorf) [RHEL-43840] {CVE-2024-38615}
- cifs: prevent infinite recursion in CIFSGetDFSRefer() (Paulo Alcantara) [RHEL-34672]
- cifs: lock chan_lock outside match_session (Paulo Alcantara) [RHEL-34672]
- smb3: workaround negprot bug in some Samba servers (Paulo Alcantara) [RHEL-34672]
- smb3: use netname when available on secondary channels (Paulo Alcantara) [RHEL-34672]
- smb3: fix empty netname context on secondary channels (Paulo Alcantara) [RHEL-34672]
- cifs: populate empty hostnames for extra channels (Paulo Alcantara) [RHEL-34672]
- cifs: always iterate smb sessions using primary channel (Paulo Alcantara) [RHEL-34672]
- cifs: Fix connections leak when tlink setup failed (Paulo Alcantara) [RHEL-34672]
- cifs: Fix memory leak when build ntlmssp negotiate blob failed (Paulo Alcantara) [RHEL-34672]
- cifs: always initialize struct msghdr smb_msg completely (Paulo Alcantara) [RHEL-34672]
- cifs: don't send down the destination address to sendmsg for a SOCK_STREAM (Paulo Alcantara) [RHEL-34672]
- cifs: revalidate mapping when doing direct writes (Paulo Alcantara) [RHEL-34672]
- cifs: skip extra NULL byte in filenames (Paulo Alcantara) [RHEL-34672]
- cifs: list_for_each() -> list_for_each_entry() (Paulo Alcantara) [RHEL-34672]
- smb2: small refactor in smb2_check_message() (Paulo Alcantara) [RHEL-34672]
- cifs: Fix crash on unload of cifs_arc4.ko (Paulo Alcantara) [RHEL-34672]
- cifs: remove check of list iterator against head past the loop body (Paulo Alcantara) [RHEL-34672]
- cifs: fix reconnect on smb3 mount types (Paulo Alcantara) [RHEL-34672]
- cifs: fix uninitialized pointer in error case in dfs_cache_get_tgt_share (Paulo Alcantara) [RHEL-34672]
- cifs: skip trailing separators of prefix paths (Paulo Alcantara) [RHEL-34672]
- cifs: fix ntlmssp on old servers (Paulo Alcantara) [RHEL-34672]
- cifs: fix NULL ptr dereference in refresh_mounts() (Paulo Alcantara) [RHEL-34672]
- cifs: do not skip link targets when an I/O fails (Paulo Alcantara) [RHEL-34672]
- cifs: fix confusing unneeded warning message on smb2.1 and earlier (Paulo Alcantara) [RHEL-34672]
- smb3: fix snapshot mount option (Paulo Alcantara) [RHEL-34672]
- cifs: fix workstation_name for multiuser mounts (Paulo Alcantara) [RHEL-34672]
- cifs: alloc_path_with_tree_prefix: do not append sep. if the path is empty (Paulo Alcantara) [RHEL-34672]
- cifs: free ntlmsspblob allocated in negotiate (Paulo Alcantara) [RHEL-34672]
- cifs: avoid use of dstaddr as key for fscache client cookie (Paulo Alcantara) [RHEL-34672]
- cifs: add server conn_id to fscache client cookie (Paulo Alcantara) [RHEL-34672]
- cifs: fix missed refcounting of ipc tcon (Paulo Alcantara) [RHEL-34672]
- smb2: clarify rc initialization in smb2_reconnect (Paulo Alcantara) [RHEL-34672]
- cifs: populate server_hostname for extra channels (Paulo Alcantara) [RHEL-34672]
- cifs: nosharesock should be set on new server (Paulo Alcantara) [RHEL-34672]
- cifs: introduce cifs_ses_mark_for_reconnect() helper (Paulo Alcantara) [RHEL-34672]
- cifs: protect srv_count with cifs_tcp_ses_lock (Paulo Alcantara) [RHEL-34672]
- cifs: move debug print out of spinlock (Paulo Alcantara) [RHEL-34672]
- cifs: do not duplicate fscache cookie for secondary channels (Paulo Alcantara) [RHEL-34672]
- cifs: connect individual channel servers to primary channel server (Paulo Alcantara) [RHEL-34672]
- cifs: protect session channel fields with chan_lock (Paulo Alcantara) [RHEL-34672]
- cifs: do not negotiate session if session already exists (Paulo Alcantara) [RHEL-34672]
- smb3: do not setup the fscache_super_cookie until fsinfo initialized (Paulo Alcantara) [RHEL-34672]
- cifs: fix potential use-after-free bugs (Paulo Alcantara) [RHEL-34672]
- cifs: release lock earlier in dequeue_mid error case (Paulo Alcantara) [RHEL-34672]
- smb3: remove trivial dfs compile warning (Paulo Alcantara) [RHEL-34672]
- cifs: support nested dfs links over reconnect (Paulo Alcantara) [RHEL-34672]
- cifs: for compound requests, use open handle if possible (Paulo Alcantara) [RHEL-34672]
- cifs: split out dfs code from cifs_reconnect() (Paulo Alcantara) [RHEL-34672]
- cifs: convert list_for_each to entry variant (Paulo Alcantara) [RHEL-34672]
- cifs: introduce new helper for cifs_reconnect() (Paulo Alcantara) [RHEL-34672]
- cifs: fix print of hdr_flags in dfscache_proc_show() (Paulo Alcantara) [RHEL-34672]
- cifs: send workstation name during ntlmssp session setup (Paulo Alcantara) [RHEL-34672]
- cifs: nosharesock should not share socket with future sessions (Paulo Alcantara) [RHEL-34672]
- smb3: add dynamic trace points for socket connection (Paulo Alcantara) [RHEL-34672]
- cifs: Move SMB2_Create definitions to the shared area (Paulo Alcantara) [RHEL-34672]
- cifs: Move more definitions into the shared area (Paulo Alcantara) [RHEL-34672]
- cifs: move NEGOTIATE_PROTOCOL definitions out into the common area (Paulo Alcantara) [RHEL-34672]
- cifs: Create a new shared file holding smb2 pdu definitions (Paulo Alcantara) [RHEL-34672]
- cifs: fix incorrect check for null pointer in header_assemble (Paulo Alcantara) [RHEL-34672]
- smb3: correct server pointer dereferencing check to be more consistent (Paulo Alcantara) [RHEL-34672]
- cifs: Deal with some warnings from W=1 (Paulo Alcantara) [RHEL-34672]
- cifs: fix a sign extension bug (Paulo Alcantara) [RHEL-34672]
- cifs: fix incorrect kernel doc comments (Paulo Alcantara) [RHEL-34672]
- cifs: remove pathname for file from SPDX header (Paulo Alcantara) [RHEL-34672]
- cifs: move SMB FSCTL definitions to common code (Paulo Alcantara) [RHEL-34672]
- cifs: rename cifs_common to smbfs_common (Paulo Alcantara) [RHEL-34672]
- cifs: update FSCTL definitions (Paulo Alcantara) [RHEL-34672]
- cifs: cifs_md4 convert to SPDX identifier (Paulo Alcantara) [RHEL-34672]
- cifs: create a MD4 module and switch cifs.ko to use it (Paulo Alcantara) [RHEL-34672]
- cifs: fork arc4 and create a separate module for it for cifs and other users (Paulo Alcantara) [RHEL-34672]
- smb3: fix posix extensions mount option (Paulo Alcantara) [RHEL-34672]
- cifs: fix wrong release in sess_alloc_buffer() failed path (Paulo Alcantara) [RHEL-34672]
- CIFS: Fix a potencially linear read overflow (Paulo Alcantara) [RHEL-34672]
- cifs: use the correct max-length for dentry_path_raw() (Paulo Alcantara) [RHEL-34672]
- cifs: create sd context must be a multiple of 8 (Paulo Alcantara) [RHEL-34672]
- cifs: do not share tcp sessions of dfs connections (Paulo Alcantara) [RHEL-34672]
- cifs: added WARN_ON for all the count decrements (Paulo Alcantara) [RHEL-34672]
- cifs: fix missing null session check in mount (Paulo Alcantara) [RHEL-34672]
- cifs: handle reconnect of tcon when there is no cached dfs referral (Paulo Alcantara) [RHEL-34672]
- cifs: fix the out of range assignment to bit fields in parse_server_interfaces (Paulo Alcantara) [RHEL-34672]
- smb3: fix typo in header file (Paulo Alcantara) [RHEL-34672]
- SMB3.1.1: Add support for negotiating signing algorithm (Paulo Alcantara) [RHEL-34672]
- cifs: prevent NULL deref in cifs_compose_mount_options() (Paulo Alcantara) [RHEL-34672]
- cifs: fix NULL dereference in smb2_check_message() (Paulo Alcantara) [RHEL-34672]
- smbdirect: missing rc checks while waiting for rdma events (Paulo Alcantara) [RHEL-34672]
- cifs: Avoid field over-reading memcpy() (Paulo Alcantara) [RHEL-34672]
- smb311: remove dead code for non compounded posix query info (Paulo Alcantara) [RHEL-34672]
- cifs: fix SMB1 error path in cifs_get_file_info_unix (Paulo Alcantara) [RHEL-34672]
- smb3: fix uninitialized value for port in witness protocol move (Paulo Alcantara) [RHEL-34672]
- cifs: fix unneeded null check (Paulo Alcantara) [RHEL-34672]
- cifs: use SPDX-Licence-Identifier (Paulo Alcantara) [RHEL-34672]
- cifs: convert list_for_each to entry variant in cifs_debug.c (Paulo Alcantara) [RHEL-34672]
- cifs: convert list_for_each to entry variant in smb2misc.c (Paulo Alcantara) [RHEL-34672]
- cifs: missed ref-counting smb session in find (Paulo Alcantara) [RHEL-34672]
- cifs: do not share tcp servers with dfs mounts (Paulo Alcantara) [RHEL-34672]
- cifs: set a minimum of 2 minutes for refreshing dfs cache (Paulo Alcantara) [RHEL-34672]
- cifs: Remove unused inline function is_sysvol_or_netlogon() (Paulo Alcantara) [RHEL-34672]
- cifs: remove duplicated prototype (Paulo Alcantara) [RHEL-34672]
- cifs: fix ipv6 formating in cifs_ses_add_channel (Paulo Alcantara) [RHEL-34672]
- cifs: fix string declarations and assignments in tracepoints (Paulo Alcantara) [RHEL-34672]
- cifs: fix memory leak in smb2_copychunk_range (Paulo Alcantara) [RHEL-34672]
- SMB3: incorrect file id in requests compounded with open (Paulo Alcantara) [RHEL-34672]
- smb3: if max_channels set to more than one channel request multichannel (Paulo Alcantara) [RHEL-34672]
- smb3: do not attempt multichannel to server which does not support it (Paulo Alcantara) [RHEL-34672]
- smb3: when mounting with multichannel include it in requested capabilities (Paulo Alcantara) [RHEL-34672]
- cifs: simplify SWN code with dummy funcs instead of ifdefs (Paulo Alcantara) [RHEL-34672]
- cifs: log mount errors using cifs_errorf() (Paulo Alcantara) [RHEL-34672]
- cifs: switch build_path_from_dentry() to using dentry_path_raw() (Paulo Alcantara) [RHEL-34672]
- cifs: fix out-of-bound memory access when calling smb3_notify() at mount point (Paulo Alcantara) [RHEL-34672]
- cifs: allocate buffer in the caller of build_path_from_dentry() (Paulo Alcantara) [RHEL-34672]
- cifs: make build_path_from_dentry() return const char * (Paulo Alcantara) [RHEL-34672]
- cifs: remove old dead code (Paulo Alcantara) [RHEL-34672]
- fs: cifs: Remove repeated struct declaration (Paulo Alcantara) [RHEL-34672]
- cifs: have cifs_fattr_to_inode() refuse to change type on live inode (Paulo Alcantara) [RHEL-34672]
- cifs: have ->mkdir() handle race with another client sanely (Paulo Alcantara) [RHEL-34672]
- do_cifs_create(): don't set ->i_mode of something we had not created (Paulo Alcantara) [RHEL-34672]
- cifs: Silently ignore unknown oplock break handle (Paulo Alcantara) [RHEL-34672]
- cifs: change noisy error message to FYI (Paulo Alcantara) [RHEL-34672]
- cifs: print MIDs in decimal notation (Paulo Alcantara) [RHEL-34672]
- cifs: minor simplification to smb2_is_network_name_deleted (Paulo Alcantara) [RHEL-34672]
- TCON Reconnect during STATUS_NETWORK_NAME_DELETED (Paulo Alcantara) [RHEL-34672]
- cifs: clarify hostname vs ip address in /proc/fs/cifs/DebugData (Paulo Alcantara) [RHEL-34672]
- cifs: change confusing field serverName (to ip_addr) (Paulo Alcantara) [RHEL-34672]
- cifs: Reformat DebugData and index connections by conn_id. (Paulo Alcantara) [RHEL-34672]
- cifs: Identify a connection by a conn_id. (Paulo Alcantara) [RHEL-34672]
- smb3: negotiate current dialect (SMB3.1.1) when version 3 or greater requested (Paulo Alcantara) [RHEL-34672]
- smb3: Fix out-of-bounds bug in SMB2_negotiate() (Paulo Alcantara) [RHEL-34672]
- fs/cifs: Simplify bool comparison. (Paulo Alcantara) [RHEL-34672]
- fs/cifs: Assign boolean values to a bool variable (Paulo Alcantara) [RHEL-34672]
- cifs: Avoid error pointer dereference (Paulo Alcantara) [RHEL-34672]
- cifs: Re-indent cifs_swn_reconnect() (Paulo Alcantara) [RHEL-34672]
- cifs: Unlock on errors in cifs_swn_reconnect() (Paulo Alcantara) [RHEL-34672]
- cifs: Delete a stray unlock in cifs_swn_reconnect() (Paulo Alcantara) [RHEL-34672]
- cifs: Tracepoints and logs for tracing credit changes. (Paulo Alcantara) [RHEL-34672]
- cifs: Fix some error pointers handling detected by static checker (Paulo Alcantara) [RHEL-34672]
- smb3: remind users that witness protocol is experimental (Paulo Alcantara) [RHEL-34672]
- SMB3.1.1: do not log warning message if server doesn't populate salt (Paulo Alcantara) [RHEL-34672]
- SMB3.1.1: update comments clarifying SPNEGO info in negprot response (Paulo Alcantara) [RHEL-34672]
- SMB3.1.1: remove confusing mount warning when no SPNEGO info on negprot rsp (Paulo Alcantara) [RHEL-34672]
- SMB3: avoid confusing warning message on mount to Azure (Paulo Alcantara) [RHEL-34672]
- md/raid5: fix deadlock that raid5d() wait for itself to clear MD_SB_CHANGE_PENDING (Nigel Croxon) [RHEL-46662] {CVE-2024-39476}
- net: fix information leakage in /proc/net/ptype (Hangbin Liu) [RHEL-44000] {CVE-2022-48757}
- usb: typec: ucsi: Limit read size on v1.2 (Desnes Nunes) [RHEL-37286] {CVE-2024-35924}
- minmax: relax check to allow comparison between unsigned arguments and signed constants (Desnes Nunes) [RHEL-37286]
- minmax: allow comparisons of 'int' against 'unsigned char/short' (Desnes Nunes) [RHEL-37286]
- minmax: allow min()/max()/clamp() if the arguments have the same signedness. (Desnes Nunes) [RHEL-37286]
- minmax: add umin(a, b) and umax(a, b) (Desnes Nunes) [RHEL-37286]
- minmax: fix header inclusions (Desnes Nunes) [RHEL-37286]
- minmax: clamp more efficiently by avoiding extra comparison (Desnes Nunes) [RHEL-37286]
- minmax: sanity check constant bounds when clamping (Desnes Nunes) [RHEL-37286]
- tracing: Define the is_signed_type() macro once (Desnes Nunes) [RHEL-37286]
- linux/bits.h: fix compilation error with GENMASK (Desnes Nunes) [RHEL-37286]
- x86/apic: Mask IOAPIC entries when disabling the local APIC (Lenny Szubowicz) [RHEL-18077]
- userfaultfd: fix a race between writeprotect and exit_mmap() (Rafael Aquini) [RHEL-38410] {CVE-2021-47461}
- mm: khugepaged: skip huge page collapse for special files (Waiman Long) [RHEL-38446] {CVE-2021-47491}
- cachefiles: fix memory leak in cachefiles_add_cache() (Andrey Albershteyn) [RHEL-33109] {CVE-2024-26840}
- drm/amd/display: Implement bounds check for stream encoder creation in DCN301 (Michel Dänzer) [RHEL-31429] {CVE-2024-26660}
- net/mlx5: Discard command completions in internal error (Kamal Heib) [RHEL-44231] {CVE-2024-38555}
- drm: Don't unref the same fb many times by mistake due to deadlock handling (CKI Backport Bot) [RHEL-29011] {CVE-2023-52486}
- md: fix resync softlockup when bitmap size is less than array size (Nigel Croxon) [RHEL-43942] {CVE-2024-38598}
- rtnetlink: Correct nested IFLA_VF_VLAN_LIST attribute validation (Davide Caratti) [RHEL-39712] {CVE-2024-36017}
- netfilter: nf_tables: discard table flag update with pending basechain deletion (Phil Sutter) [RHEL-37205] {CVE-2024-35897}
- netfilter: nf_tables: reject table flag and netdev basechain updates (Phil Sutter) [RHEL-37205]
- scsi: lpfc: Release hbalock before calling lpfc_worker_wake_up() (Ewan D. Milne) [RHEL-40172] {CVE-2024-36924}
- scsi: lpfc: Move NPIV's transport unregistration to after resource clean up (Ewan D. Milne) [RHEL-40172] {CVE-2024-36952}
- netfilter: nf_tables: fix memleak in map from abort path (Phil Sutter) [RHEL-35052] {CVE-2024-27011}
- netfilter: nf_tables: reject new basechain after table flag update (Phil Sutter) [RHEL-37193] {CVE-2024-35900}
- netfilter: nf_tables: flush pending destroy work before exit_net release (Phil Sutter) [RHEL-37197] {CVE-2024-35899}
- netfilter: complete validation of user input (Phil Sutter) [RHEL-37210]
- netfilter: validate user input for expected length (Phil Sutter) [RHEL-37210] {CVE-2024-35896}
- netfilter: tproxy: bail out if IP has been disabled on the device (Phil Sutter) [RHEL-44363] {CVE-2024-36270}
- netfilter: nfnetlink_queue: acquire rcu_read_lock() in instance_destroy_rcu() (Phil Sutter) [RHEL-44532] {CVE-2024-36286}
- netfilter: nf_tables: do not compare internal table flags on updates (Phil Sutter) [RHEL-35114] {CVE-2024-27065}
- netfilter: nf_tables: Fix potential data-race in __nft_obj_type_get() (Phil Sutter) [RHEL-35028] {CVE-2024-27019}
- netfilter: nf_tables: Fix potential data-race in __nft_expr_type_get() (Phil Sutter) [RHEL-35024] {CVE-2024-27020}
- netfilter: nf_tables: __nft_expr_type_get() selects specific family type (Phil Sutter) [RHEL-35024]
- netfilter: conntrack: serialize hash resizes and cleanups (Phil Sutter) [RHEL-37703] {CVE-2021-47408}
- netfilter: nf_tables: release mutex after nft_gc_seq_end from abort path (Phil Sutter) [RHEL-34217] {CVE-2024-26925}
- netfilter: nf_tables: release batch on table validation from abort path (Phil Sutter) [RHEL-34217]
- ipvlan: add ipvlan_route_v6_outbound() helper (Davide Caratti) [RHEL-38319] {CVE-2023-52796}
Resolves: RHEL-18077, RHEL-28007, RHEL-28202, RHEL-29011, RHEL-29471, RHEL-31429, RHEL-31718, RHEL-31922, RHEL-33109, RHEL-33264, RHEL-34217, RHEL-34672, RHEL-34967, RHEL-34987, RHEL-35024, RHEL-35028, RHEL-35052, RHEL-35114, RHEL-35217, RHEL-36962, RHEL-37101, RHEL-37193, RHEL-37197, RHEL-37205, RHEL-37210, RHEL-37286, RHEL-37703, RHEL-37850, RHEL-38319, RHEL-38410, RHEL-38446, RHEL-39712, RHEL-39865, RHEL-40010, RHEL-40172, RHEL-41183, RHEL-43464, RHEL-43782, RHEL-43840, RHEL-43942, RHEL-44000, RHEL-44137, RHEL-44231, RHEL-44363, RHEL-44532, RHEL-46662, RHEL-46913, RHEL-48291

Signed-off-by: Denys Vlasenko <dvlasenk@redhat.com>
This commit is contained in:
Denys Vlasenko 2024-07-19 01:21:11 +02:00
parent 9dbacbed09
commit 2e13fa6bef
2 changed files with 229 additions and 4 deletions

View File

@ -38,10 +38,10 @@
# define buildid .local # define buildid .local
%define specversion 4.18.0 %define specversion 4.18.0
%define pkgrelease 553.12.1.el8_10 %define pkgrelease 553.13.1.el8_10
# allow pkg_release to have configurable %%{?dist} tag # allow pkg_release to have configurable %%{?dist} tag
%define specrelease 553.12.1%{?dist} %define specrelease 553.13.1%{?dist}
%define pkg_release %{specrelease}%{?buildid} %define pkg_release %{specrelease}%{?buildid}
@ -2696,6 +2696,231 @@ fi
# #
# #
%changelog %changelog
* Fri Jul 19 2024 Denys Vlasenko <dvlasenk@redhat.com> [4.18.0-553.13.1.el8_10]
- redhat: remove handling of deleted rhdocs/ directory from genspec.sh (Denys Vlasenko)
- x86/bugs: Fix BHI retpoline check (Waiman Long) [RHEL-28202] {CVE-2024-2201}
- x86/bugs: Replace CONFIG_SPECTRE_BHI_{ON,OFF} with CONFIG_MITIGATION_SPECTRE_BHI (Waiman Long) [RHEL-28202] {CVE-2024-2201}
- x86/bugs: Remove CONFIG_BHI_MITIGATION_AUTO and spectre_bhi=auto (Waiman Long) [RHEL-28202] {CVE-2024-2201}
- x86/bugs: Clarify that syscall hardening isn't a BHI mitigation (Waiman Long) [RHEL-28202] {CVE-2024-2201}
- x86/bugs: Fix BHI handling of RRSBA (Waiman Long) [RHEL-28202] {CVE-2024-2201}
- x86/bugs: Rename various 'ia32_cap' variables to 'x86_arch_cap_msr' (Waiman Long) [RHEL-28202] {CVE-2024-2201}
- x86/bugs: Cache the value of MSR_IA32_ARCH_CAPABILITIES (Waiman Long) [RHEL-28202] {CVE-2024-2201}
- x86/bugs: Fix BHI documentation (Waiman Long) [RHEL-28202] {CVE-2024-2201}
- x86/bugs: Fix return type of spectre_bhi_state() (Waiman Long) [RHEL-28202] {CVE-2024-2201}
- x86/bugs: Make CONFIG_SPECTRE_BHI_ON the default (Waiman Long) [RHEL-28202] {CVE-2024-2201}
- x86/bhi: Mitigate KVM by default (Waiman Long) [RHEL-28202] {CVE-2024-2201}
- x86/bhi: Add BHI mitigation knob (Waiman Long) [RHEL-28202] {CVE-2024-2201}
- x86/bhi: Enumerate Branch History Injection (BHI) bug (Waiman Long) [RHEL-28202] {CVE-2024-2201}
- x86/bhi: Define SPEC_CTRL_BHI_DIS_S (Waiman Long) [RHEL-28202] {CVE-2024-2201}
- x86/bhi: Add support for clearing branch history at syscall entry (Waiman Long) [RHEL-28202] {CVE-2024-2201}
- x86/bugs: Change commas to semicolons in 'spectre_v2' sysfs file (Waiman Long) [RHEL-28202]
- perf/x86/amd/lbr: Use freeze based on availability (Waiman Long) [RHEL-28202]
- Documentation/kernel-parameters: Add spec_rstack_overflow to mitigations=off (Waiman Long) [RHEL-28202]
- KVM: x86: Advertise CPUID.(EAX=7,ECX=2):EDX[5:0] to userspace (Waiman Long) [RHEL-28202]
- x86/bugs: Reset speculation control settings on init (Waiman Long) [RHEL-28202]
- KVM: x86: Update KVM-only leaf handling to allow for 100%% KVM-only leafs (Waiman Long) [RHEL-28202]
- KVM: x86: Hide IA32_PLATFORM_DCA_CAP[31:0] from the guest (Waiman Long) [RHEL-28202]
- mptcp: ensure snd_nxt is properly initialized on connect (Davide Caratti) [RHEL-39865] {CVE-2024-36889}
- powerpc/pseries: Enforce hcall result buffer validity and size (Mamatha Inamdar) [RHEL-48291] {CVE-2024-40974}
- wifi: mac80211: fix potential key use-after-free (Jose Ignacio Tornos Martinez) [RHEL-28007] {CVE-2023-52530}
- cppc_cpufreq: Fix possible null pointer dereference (Mark Langsdorf) [RHEL-44137] {CVE-2024-38573}
- net/sched: act_mirred: use the backlog for mirred ingress (Davide Caratti) [RHEL-31718] {CVE-2024-26740}
- vfio/pci: Lock external INTx masking ops (Alex Williamson) [RHEL-31922] {CVE-2024-26810}
- net: sched: sch_multiq: fix possible OOB write in multiq_tune() (Davide Caratti) [RHEL-43464] {CVE-2024-36978}
- tcp: fix tcp_init_transfer() to not reset icsk_ca_initialized (Guillaume Nault) [RHEL-37850] {CVE-2021-47304}
- pstore/ram: Fix crash when setting number of cpus to an odd number (Lenny Szubowicz) [RHEL-29471] {CVE-2023-52619}
- drm/vmwgfx: fix a memleak in vmw_gmrid_man_get_node (Jocelyn Falempe) [RHEL-37101] {CVE-2023-52662}
- drm/vmwgfx: Fix the lifetime of the bo cursor memory (Jocelyn Falempe) [RHEL-36962] {CVE-2024-35810}
- drm/vmwgfx: Create debugfs ttm_resource_manager entry only if needed (Jocelyn Falempe) [RHEL-34987] {CVE-2024-26940}
- drm/vmwgfx: Unmap the surface before resetting it on a plane state (Jocelyn Falempe) [RHEL-35217] {CVE-2023-52648}
- drm/vmwgfx: Fix invalid reads in fence signaled events (Jocelyn Falempe) [RHEL-40010] {CVE-2024-36960}
- block: Fix wrong offset in bio_truncate() (Ming Lei) [RHEL-43782] {CVE-2022-48747}
- bonding: Fix out-of-bounds read in bond_option_arp_ip_targets_set() (CKI Backport Bot) [RHEL-46913] {CVE-2024-39487}
- net: fix __dst_negative_advice() race (Xin Long) [RHEL-41183] {CVE-2024-36971}
- igc: avoid returning frame twice in XDP_REDIRECT (Corinna Vinschen) [RHEL-33264] {CVE-2024-26853}
- mac802154: fix llsec key resources release in mac802154_llsec_key_del (Steve Best) [RHEL-34967] {CVE-2024-26961}
- cpufreq: exit() callback is optional (Mark Langsdorf) [RHEL-43840] {CVE-2024-38615}
- cifs: prevent infinite recursion in CIFSGetDFSRefer() (Paulo Alcantara) [RHEL-34672]
- cifs: lock chan_lock outside match_session (Paulo Alcantara) [RHEL-34672]
- smb3: workaround negprot bug in some Samba servers (Paulo Alcantara) [RHEL-34672]
- smb3: use netname when available on secondary channels (Paulo Alcantara) [RHEL-34672]
- smb3: fix empty netname context on secondary channels (Paulo Alcantara) [RHEL-34672]
- cifs: populate empty hostnames for extra channels (Paulo Alcantara) [RHEL-34672]
- cifs: always iterate smb sessions using primary channel (Paulo Alcantara) [RHEL-34672]
- cifs: Fix connections leak when tlink setup failed (Paulo Alcantara) [RHEL-34672]
- cifs: Fix memory leak when build ntlmssp negotiate blob failed (Paulo Alcantara) [RHEL-34672]
- cifs: always initialize struct msghdr smb_msg completely (Paulo Alcantara) [RHEL-34672]
- cifs: don't send down the destination address to sendmsg for a SOCK_STREAM (Paulo Alcantara) [RHEL-34672]
- cifs: revalidate mapping when doing direct writes (Paulo Alcantara) [RHEL-34672]
- cifs: skip extra NULL byte in filenames (Paulo Alcantara) [RHEL-34672]
- cifs: list_for_each() -> list_for_each_entry() (Paulo Alcantara) [RHEL-34672]
- smb2: small refactor in smb2_check_message() (Paulo Alcantara) [RHEL-34672]
- cifs: Fix crash on unload of cifs_arc4.ko (Paulo Alcantara) [RHEL-34672]
- cifs: remove check of list iterator against head past the loop body (Paulo Alcantara) [RHEL-34672]
- cifs: fix reconnect on smb3 mount types (Paulo Alcantara) [RHEL-34672]
- cifs: fix uninitialized pointer in error case in dfs_cache_get_tgt_share (Paulo Alcantara) [RHEL-34672]
- cifs: skip trailing separators of prefix paths (Paulo Alcantara) [RHEL-34672]
- cifs: fix ntlmssp on old servers (Paulo Alcantara) [RHEL-34672]
- cifs: fix NULL ptr dereference in refresh_mounts() (Paulo Alcantara) [RHEL-34672]
- cifs: do not skip link targets when an I/O fails (Paulo Alcantara) [RHEL-34672]
- cifs: fix confusing unneeded warning message on smb2.1 and earlier (Paulo Alcantara) [RHEL-34672]
- smb3: fix snapshot mount option (Paulo Alcantara) [RHEL-34672]
- cifs: fix workstation_name for multiuser mounts (Paulo Alcantara) [RHEL-34672]
- cifs: alloc_path_with_tree_prefix: do not append sep. if the path is empty (Paulo Alcantara) [RHEL-34672]
- cifs: free ntlmsspblob allocated in negotiate (Paulo Alcantara) [RHEL-34672]
- cifs: avoid use of dstaddr as key for fscache client cookie (Paulo Alcantara) [RHEL-34672]
- cifs: add server conn_id to fscache client cookie (Paulo Alcantara) [RHEL-34672]
- cifs: fix missed refcounting of ipc tcon (Paulo Alcantara) [RHEL-34672]
- smb2: clarify rc initialization in smb2_reconnect (Paulo Alcantara) [RHEL-34672]
- cifs: populate server_hostname for extra channels (Paulo Alcantara) [RHEL-34672]
- cifs: nosharesock should be set on new server (Paulo Alcantara) [RHEL-34672]
- cifs: introduce cifs_ses_mark_for_reconnect() helper (Paulo Alcantara) [RHEL-34672]
- cifs: protect srv_count with cifs_tcp_ses_lock (Paulo Alcantara) [RHEL-34672]
- cifs: move debug print out of spinlock (Paulo Alcantara) [RHEL-34672]
- cifs: do not duplicate fscache cookie for secondary channels (Paulo Alcantara) [RHEL-34672]
- cifs: connect individual channel servers to primary channel server (Paulo Alcantara) [RHEL-34672]
- cifs: protect session channel fields with chan_lock (Paulo Alcantara) [RHEL-34672]
- cifs: do not negotiate session if session already exists (Paulo Alcantara) [RHEL-34672]
- smb3: do not setup the fscache_super_cookie until fsinfo initialized (Paulo Alcantara) [RHEL-34672]
- cifs: fix potential use-after-free bugs (Paulo Alcantara) [RHEL-34672]
- cifs: release lock earlier in dequeue_mid error case (Paulo Alcantara) [RHEL-34672]
- smb3: remove trivial dfs compile warning (Paulo Alcantara) [RHEL-34672]
- cifs: support nested dfs links over reconnect (Paulo Alcantara) [RHEL-34672]
- cifs: for compound requests, use open handle if possible (Paulo Alcantara) [RHEL-34672]
- cifs: split out dfs code from cifs_reconnect() (Paulo Alcantara) [RHEL-34672]
- cifs: convert list_for_each to entry variant (Paulo Alcantara) [RHEL-34672]
- cifs: introduce new helper for cifs_reconnect() (Paulo Alcantara) [RHEL-34672]
- cifs: fix print of hdr_flags in dfscache_proc_show() (Paulo Alcantara) [RHEL-34672]
- cifs: send workstation name during ntlmssp session setup (Paulo Alcantara) [RHEL-34672]
- cifs: nosharesock should not share socket with future sessions (Paulo Alcantara) [RHEL-34672]
- smb3: add dynamic trace points for socket connection (Paulo Alcantara) [RHEL-34672]
- cifs: Move SMB2_Create definitions to the shared area (Paulo Alcantara) [RHEL-34672]
- cifs: Move more definitions into the shared area (Paulo Alcantara) [RHEL-34672]
- cifs: move NEGOTIATE_PROTOCOL definitions out into the common area (Paulo Alcantara) [RHEL-34672]
- cifs: Create a new shared file holding smb2 pdu definitions (Paulo Alcantara) [RHEL-34672]
- cifs: fix incorrect check for null pointer in header_assemble (Paulo Alcantara) [RHEL-34672]
- smb3: correct server pointer dereferencing check to be more consistent (Paulo Alcantara) [RHEL-34672]
- cifs: Deal with some warnings from W=1 (Paulo Alcantara) [RHEL-34672]
- cifs: fix a sign extension bug (Paulo Alcantara) [RHEL-34672]
- cifs: fix incorrect kernel doc comments (Paulo Alcantara) [RHEL-34672]
- cifs: remove pathname for file from SPDX header (Paulo Alcantara) [RHEL-34672]
- cifs: move SMB FSCTL definitions to common code (Paulo Alcantara) [RHEL-34672]
- cifs: rename cifs_common to smbfs_common (Paulo Alcantara) [RHEL-34672]
- cifs: update FSCTL definitions (Paulo Alcantara) [RHEL-34672]
- cifs: cifs_md4 convert to SPDX identifier (Paulo Alcantara) [RHEL-34672]
- cifs: create a MD4 module and switch cifs.ko to use it (Paulo Alcantara) [RHEL-34672]
- cifs: fork arc4 and create a separate module for it for cifs and other users (Paulo Alcantara) [RHEL-34672]
- smb3: fix posix extensions mount option (Paulo Alcantara) [RHEL-34672]
- cifs: fix wrong release in sess_alloc_buffer() failed path (Paulo Alcantara) [RHEL-34672]
- CIFS: Fix a potencially linear read overflow (Paulo Alcantara) [RHEL-34672]
- cifs: use the correct max-length for dentry_path_raw() (Paulo Alcantara) [RHEL-34672]
- cifs: create sd context must be a multiple of 8 (Paulo Alcantara) [RHEL-34672]
- cifs: do not share tcp sessions of dfs connections (Paulo Alcantara) [RHEL-34672]
- cifs: added WARN_ON for all the count decrements (Paulo Alcantara) [RHEL-34672]
- cifs: fix missing null session check in mount (Paulo Alcantara) [RHEL-34672]
- cifs: handle reconnect of tcon when there is no cached dfs referral (Paulo Alcantara) [RHEL-34672]
- cifs: fix the out of range assignment to bit fields in parse_server_interfaces (Paulo Alcantara) [RHEL-34672]
- smb3: fix typo in header file (Paulo Alcantara) [RHEL-34672]
- SMB3.1.1: Add support for negotiating signing algorithm (Paulo Alcantara) [RHEL-34672]
- cifs: prevent NULL deref in cifs_compose_mount_options() (Paulo Alcantara) [RHEL-34672]
- cifs: fix NULL dereference in smb2_check_message() (Paulo Alcantara) [RHEL-34672]
- smbdirect: missing rc checks while waiting for rdma events (Paulo Alcantara) [RHEL-34672]
- cifs: Avoid field over-reading memcpy() (Paulo Alcantara) [RHEL-34672]
- smb311: remove dead code for non compounded posix query info (Paulo Alcantara) [RHEL-34672]
- cifs: fix SMB1 error path in cifs_get_file_info_unix (Paulo Alcantara) [RHEL-34672]
- smb3: fix uninitialized value for port in witness protocol move (Paulo Alcantara) [RHEL-34672]
- cifs: fix unneeded null check (Paulo Alcantara) [RHEL-34672]
- cifs: use SPDX-Licence-Identifier (Paulo Alcantara) [RHEL-34672]
- cifs: convert list_for_each to entry variant in cifs_debug.c (Paulo Alcantara) [RHEL-34672]
- cifs: convert list_for_each to entry variant in smb2misc.c (Paulo Alcantara) [RHEL-34672]
- cifs: missed ref-counting smb session in find (Paulo Alcantara) [RHEL-34672]
- cifs: do not share tcp servers with dfs mounts (Paulo Alcantara) [RHEL-34672]
- cifs: set a minimum of 2 minutes for refreshing dfs cache (Paulo Alcantara) [RHEL-34672]
- cifs: Remove unused inline function is_sysvol_or_netlogon() (Paulo Alcantara) [RHEL-34672]
- cifs: remove duplicated prototype (Paulo Alcantara) [RHEL-34672]
- cifs: fix ipv6 formating in cifs_ses_add_channel (Paulo Alcantara) [RHEL-34672]
- cifs: fix string declarations and assignments in tracepoints (Paulo Alcantara) [RHEL-34672]
- cifs: fix memory leak in smb2_copychunk_range (Paulo Alcantara) [RHEL-34672]
- SMB3: incorrect file id in requests compounded with open (Paulo Alcantara) [RHEL-34672]
- smb3: if max_channels set to more than one channel request multichannel (Paulo Alcantara) [RHEL-34672]
- smb3: do not attempt multichannel to server which does not support it (Paulo Alcantara) [RHEL-34672]
- smb3: when mounting with multichannel include it in requested capabilities (Paulo Alcantara) [RHEL-34672]
- cifs: simplify SWN code with dummy funcs instead of ifdefs (Paulo Alcantara) [RHEL-34672]
- cifs: log mount errors using cifs_errorf() (Paulo Alcantara) [RHEL-34672]
- cifs: switch build_path_from_dentry() to using dentry_path_raw() (Paulo Alcantara) [RHEL-34672]
- cifs: fix out-of-bound memory access when calling smb3_notify() at mount point (Paulo Alcantara) [RHEL-34672]
- cifs: allocate buffer in the caller of build_path_from_dentry() (Paulo Alcantara) [RHEL-34672]
- cifs: make build_path_from_dentry() return const char * (Paulo Alcantara) [RHEL-34672]
- cifs: remove old dead code (Paulo Alcantara) [RHEL-34672]
- fs: cifs: Remove repeated struct declaration (Paulo Alcantara) [RHEL-34672]
- cifs: have cifs_fattr_to_inode() refuse to change type on live inode (Paulo Alcantara) [RHEL-34672]
- cifs: have ->mkdir() handle race with another client sanely (Paulo Alcantara) [RHEL-34672]
- do_cifs_create(): don't set ->i_mode of something we had not created (Paulo Alcantara) [RHEL-34672]
- cifs: Silently ignore unknown oplock break handle (Paulo Alcantara) [RHEL-34672]
- cifs: change noisy error message to FYI (Paulo Alcantara) [RHEL-34672]
- cifs: print MIDs in decimal notation (Paulo Alcantara) [RHEL-34672]
- cifs: minor simplification to smb2_is_network_name_deleted (Paulo Alcantara) [RHEL-34672]
- TCON Reconnect during STATUS_NETWORK_NAME_DELETED (Paulo Alcantara) [RHEL-34672]
- cifs: clarify hostname vs ip address in /proc/fs/cifs/DebugData (Paulo Alcantara) [RHEL-34672]
- cifs: change confusing field serverName (to ip_addr) (Paulo Alcantara) [RHEL-34672]
- cifs: Reformat DebugData and index connections by conn_id. (Paulo Alcantara) [RHEL-34672]
- cifs: Identify a connection by a conn_id. (Paulo Alcantara) [RHEL-34672]
- smb3: negotiate current dialect (SMB3.1.1) when version 3 or greater requested (Paulo Alcantara) [RHEL-34672]
- smb3: Fix out-of-bounds bug in SMB2_negotiate() (Paulo Alcantara) [RHEL-34672]
- fs/cifs: Simplify bool comparison. (Paulo Alcantara) [RHEL-34672]
- fs/cifs: Assign boolean values to a bool variable (Paulo Alcantara) [RHEL-34672]
- cifs: Avoid error pointer dereference (Paulo Alcantara) [RHEL-34672]
- cifs: Re-indent cifs_swn_reconnect() (Paulo Alcantara) [RHEL-34672]
- cifs: Unlock on errors in cifs_swn_reconnect() (Paulo Alcantara) [RHEL-34672]
- cifs: Delete a stray unlock in cifs_swn_reconnect() (Paulo Alcantara) [RHEL-34672]
- cifs: Tracepoints and logs for tracing credit changes. (Paulo Alcantara) [RHEL-34672]
- cifs: Fix some error pointers handling detected by static checker (Paulo Alcantara) [RHEL-34672]
- smb3: remind users that witness protocol is experimental (Paulo Alcantara) [RHEL-34672]
- SMB3.1.1: do not log warning message if server doesn't populate salt (Paulo Alcantara) [RHEL-34672]
- SMB3.1.1: update comments clarifying SPNEGO info in negprot response (Paulo Alcantara) [RHEL-34672]
- SMB3.1.1: remove confusing mount warning when no SPNEGO info on negprot rsp (Paulo Alcantara) [RHEL-34672]
- SMB3: avoid confusing warning message on mount to Azure (Paulo Alcantara) [RHEL-34672]
- md/raid5: fix deadlock that raid5d() wait for itself to clear MD_SB_CHANGE_PENDING (Nigel Croxon) [RHEL-46662] {CVE-2024-39476}
- net: fix information leakage in /proc/net/ptype (Hangbin Liu) [RHEL-44000] {CVE-2022-48757}
- usb: typec: ucsi: Limit read size on v1.2 (Desnes Nunes) [RHEL-37286] {CVE-2024-35924}
- minmax: relax check to allow comparison between unsigned arguments and signed constants (Desnes Nunes) [RHEL-37286]
- minmax: allow comparisons of 'int' against 'unsigned char/short' (Desnes Nunes) [RHEL-37286]
- minmax: allow min()/max()/clamp() if the arguments have the same signedness. (Desnes Nunes) [RHEL-37286]
- minmax: add umin(a, b) and umax(a, b) (Desnes Nunes) [RHEL-37286]
- minmax: fix header inclusions (Desnes Nunes) [RHEL-37286]
- minmax: clamp more efficiently by avoiding extra comparison (Desnes Nunes) [RHEL-37286]
- minmax: sanity check constant bounds when clamping (Desnes Nunes) [RHEL-37286]
- tracing: Define the is_signed_type() macro once (Desnes Nunes) [RHEL-37286]
- linux/bits.h: fix compilation error with GENMASK (Desnes Nunes) [RHEL-37286]
- x86/apic: Mask IOAPIC entries when disabling the local APIC (Lenny Szubowicz) [RHEL-18077]
- userfaultfd: fix a race between writeprotect and exit_mmap() (Rafael Aquini) [RHEL-38410] {CVE-2021-47461}
- mm: khugepaged: skip huge page collapse for special files (Waiman Long) [RHEL-38446] {CVE-2021-47491}
- cachefiles: fix memory leak in cachefiles_add_cache() (Andrey Albershteyn) [RHEL-33109] {CVE-2024-26840}
- drm/amd/display: Implement bounds check for stream encoder creation in DCN301 (Michel Dänzer) [RHEL-31429] {CVE-2024-26660}
- net/mlx5: Discard command completions in internal error (Kamal Heib) [RHEL-44231] {CVE-2024-38555}
- drm: Don't unref the same fb many times by mistake due to deadlock handling (CKI Backport Bot) [RHEL-29011] {CVE-2023-52486}
- md: fix resync softlockup when bitmap size is less than array size (Nigel Croxon) [RHEL-43942] {CVE-2024-38598}
- rtnetlink: Correct nested IFLA_VF_VLAN_LIST attribute validation (Davide Caratti) [RHEL-39712] {CVE-2024-36017}
- netfilter: nf_tables: discard table flag update with pending basechain deletion (Phil Sutter) [RHEL-37205] {CVE-2024-35897}
- netfilter: nf_tables: reject table flag and netdev basechain updates (Phil Sutter) [RHEL-37205]
- scsi: lpfc: Release hbalock before calling lpfc_worker_wake_up() (Ewan D. Milne) [RHEL-40172] {CVE-2024-36924}
- scsi: lpfc: Move NPIV's transport unregistration to after resource clean up (Ewan D. Milne) [RHEL-40172] {CVE-2024-36952}
- netfilter: nf_tables: fix memleak in map from abort path (Phil Sutter) [RHEL-35052] {CVE-2024-27011}
- netfilter: nf_tables: reject new basechain after table flag update (Phil Sutter) [RHEL-37193] {CVE-2024-35900}
- netfilter: nf_tables: flush pending destroy work before exit_net release (Phil Sutter) [RHEL-37197] {CVE-2024-35899}
- netfilter: complete validation of user input (Phil Sutter) [RHEL-37210]
- netfilter: validate user input for expected length (Phil Sutter) [RHEL-37210] {CVE-2024-35896}
- netfilter: tproxy: bail out if IP has been disabled on the device (Phil Sutter) [RHEL-44363] {CVE-2024-36270}
- netfilter: nfnetlink_queue: acquire rcu_read_lock() in instance_destroy_rcu() (Phil Sutter) [RHEL-44532] {CVE-2024-36286}
- netfilter: nf_tables: do not compare internal table flags on updates (Phil Sutter) [RHEL-35114] {CVE-2024-27065}
- netfilter: nf_tables: Fix potential data-race in __nft_obj_type_get() (Phil Sutter) [RHEL-35028] {CVE-2024-27019}
- netfilter: nf_tables: Fix potential data-race in __nft_expr_type_get() (Phil Sutter) [RHEL-35024] {CVE-2024-27020}
- netfilter: nf_tables: __nft_expr_type_get() selects specific family type (Phil Sutter) [RHEL-35024]
- netfilter: conntrack: serialize hash resizes and cleanups (Phil Sutter) [RHEL-37703] {CVE-2021-47408}
- netfilter: nf_tables: release mutex after nft_gc_seq_end from abort path (Phil Sutter) [RHEL-34217] {CVE-2024-26925}
- netfilter: nf_tables: release batch on table validation from abort path (Phil Sutter) [RHEL-34217]
- ipvlan: add ipvlan_route_v6_outbound() helper (Davide Caratti) [RHEL-38319] {CVE-2023-52796}
* Wed Jul 10 2024 Denys Vlasenko <dvlasenk@redhat.com> [4.18.0-553.12.1.el8_10] * Wed Jul 10 2024 Denys Vlasenko <dvlasenk@redhat.com> [4.18.0-553.12.1.el8_10]
- net: bridge: xmit: make sure we have at least eth header len bytes (cki-backport-bot) [RHEL-44291] {CVE-2024-38538} - net: bridge: xmit: make sure we have at least eth header len bytes (cki-backport-bot) [RHEL-44291] {CVE-2024-38538}
- drivers/amd/pm: fix a use-after-free in kv_parse_power_table (Michel Dänzer) [RHEL-26893] {CVE-2023-52469} - drivers/amd/pm: fix a use-after-free in kv_parse_power_table (Michel Dänzer) [RHEL-26893] {CVE-2023-52469}

View File

@ -1,3 +1,3 @@
SHA512 (linux-4.18.0-553.12.1.el8_10.tar.xz) = fa47e2bd7ad7de31de104da323502d38802cb1c511306c39b50294b6f69c00e03869c5563e81dfa87fdc965ad30461a0354d3dc298eedcc1a190cd5d19ff592e SHA512 (linux-4.18.0-553.13.1.el8_10.tar.xz) = ffcb496319a03044b9163cce35d10adfc518ae85207e6af38e201420c3feafc31f7c3378de48cbf571c98133c2397d4af265631a5768fbbb638d9ebb2b90e149
SHA512 (kernel-abi-stablelists-4.18.0-553.tar.bz2) = 5f014a83a2073516b73962702012820a4f7ce4686b52040a631064af73b13874bc695577027f39b500daf76545a2cffbd9ff5dad00fcecbcf0733a5c819abe8e SHA512 (kernel-abi-stablelists-4.18.0-553.tar.bz2) = eb0056434ad3c28fd3e29899c2b731f63473db6662fd8e76e7b795007b0646cb1f30c1ac7c208bceb981f8cb2a0a65af8be512c667c03a7917f8c224048d47d0
SHA512 (kernel-kabi-dw-4.18.0-553.tar.bz2) = 8a671ed3c9b7f4b25fd4e594b62bc4a26474cb705d3ed22ca376618b3c7962fc72ace1ffd02c9c3a192d9d2c449d38228809542d7f16ebad16f8127020eb2faf SHA512 (kernel-kabi-dw-4.18.0-553.tar.bz2) = 8a671ed3c9b7f4b25fd4e594b62bc4a26474cb705d3ed22ca376618b3c7962fc72ace1ffd02c9c3a192d9d2c449d38228809542d7f16ebad16f8127020eb2faf