hpsa: bring back deprecated PCI ids #CFHack #CFHack2024

mptsas: bring back deprecated PCI ids #CFHack #CFHack2024

megaraid_sas: bring back deprecated PCI ids #CFHack #CFHack2024

qla2xxx: bring back deprecated PCI ids #CFHack #CFHack2024

qla4xxx: bring back deprecated PCI ids

lpfc: bring back deprecated PCI ids

be2iscsi: bring back deprecated PCI ids

kernel/rh_messages.h: enable all disabled pci devices by moving to unmaintained

NFSD: fix hang in nfsd4_shutdown_callback

Use AlmaLinux OS secure boot cert

Debrand for AlmaLinux OS

Add KVM support for ppc64le

.gitignore

@@ -1,6 +1,6 @@
-SOURCES/kernel-abi-stablelists-5.14.0-570.33.2.el9_6.tar.bz2
-SOURCES/kernel-kabi-dw-5.14.0-570.33.2.el9_6.tar.bz2
-SOURCES/linux-5.14.0-570.33.2.el9_6.tar.xz
+SOURCES/kernel-abi-stablelists-5.14.0-570.35.1.el9_6.tar.bz2
+SOURCES/kernel-kabi-dw-5.14.0-570.35.1.el9_6.tar.bz2
+SOURCES/linux-5.14.0-570.35.1.el9_6.tar.xz
 SOURCES/nvidiagpuoot001.x509
 SOURCES/olima1.x509
 SOURCES/olimaca1.x509

.kernel.metadata

@@ -1,6 +1,6 @@
-58402abc63536547eb5b848f47c3c64506c89ff5 SOURCES/kernel-abi-stablelists-5.14.0-570.33.2.el9_6.tar.bz2
-19e7ef500d46ec8035398bb502754bb8c90746fd SOURCES/kernel-kabi-dw-5.14.0-570.33.2.el9_6.tar.bz2
-a6687d9b646b1ac427076752030d6def87b325dc SOURCES/linux-5.14.0-570.33.2.el9_6.tar.xz
+388a133bdc2cfabec6da5725ef350e5575ad317f SOURCES/kernel-abi-stablelists-5.14.0-570.35.1.el9_6.tar.bz2
+4c2ef2f85f218a64e9a4241f9a0e94d338ccb504 SOURCES/kernel-kabi-dw-5.14.0-570.35.1.el9_6.tar.bz2
+f9bc597a25f0336f3ddba76d8baefa36cd08b402 SOURCES/linux-5.14.0-570.35.1.el9_6.tar.xz
 4fff8080e88afffc06d8ef5004db8d53bb21237f SOURCES/nvidiagpuoot001.x509
 706ae01dd14efa38f0f565a3706acac19c78df02 SOURCES/olima1.x509
 6e3f0d61414c0b50f48dc2d4c3b3cd024e1c3a43 SOURCES/olimaca1.x509

SOURCES/Makefile.rhelver

@@ -12,7 +12,7 @@ RHEL_MINOR = 6
 #
 # Use this spot to avoid future merge conflicts.
 # Do not trim this comment.
-RHEL_RELEASE = 570.33.2
+RHEL_RELEASE = 570.35.1
 
 #
 # ZSTREAM

SOURCES/kernel-x86_64-debug-rhel.config

@@ -3356,6 +3356,7 @@ CONFIG_MITIGATION_CALL_DEPTH_TRACKING=y
 # CONFIG_MITIGATION_GDS_FORCE is not set
 CONFIG_MITIGATION_IBPB_ENTRY=y
 CONFIG_MITIGATION_IBRS_ENTRY=y
+CONFIG_MITIGATION_ITS=y
 CONFIG_MITIGATION_PAGE_TABLE_ISOLATION=y
 CONFIG_MITIGATION_RETHUNK=y
 CONFIG_MITIGATION_RETPOLINE=y

SOURCES/kernel-x86_64-rhel.config

@@ -3336,6 +3336,7 @@ CONFIG_MITIGATION_CALL_DEPTH_TRACKING=y
 # CONFIG_MITIGATION_GDS_FORCE is not set
 CONFIG_MITIGATION_IBPB_ENTRY=y
 CONFIG_MITIGATION_IBRS_ENTRY=y
+CONFIG_MITIGATION_ITS=y
 CONFIG_MITIGATION_PAGE_TABLE_ISOLATION=y
 CONFIG_MITIGATION_RETHUNK=y
 CONFIG_MITIGATION_RETPOLINE=y

SOURCES/kernel-x86_64-rt-debug-rhel.config

@@ -3414,6 +3414,7 @@ CONFIG_MITIGATION_CALL_DEPTH_TRACKING=y
 # CONFIG_MITIGATION_GDS_FORCE is not set
 CONFIG_MITIGATION_IBPB_ENTRY=y
 CONFIG_MITIGATION_IBRS_ENTRY=y
+CONFIG_MITIGATION_ITS=y
 CONFIG_MITIGATION_PAGE_TABLE_ISOLATION=y
 CONFIG_MITIGATION_RETHUNK=y
 CONFIG_MITIGATION_RETPOLINE=y

SOURCES/kernel-x86_64-rt-rhel.config

@@ -3394,6 +3394,7 @@ CONFIG_MITIGATION_CALL_DEPTH_TRACKING=y
 # CONFIG_MITIGATION_GDS_FORCE is not set
 CONFIG_MITIGATION_IBPB_ENTRY=y
 CONFIG_MITIGATION_IBRS_ENTRY=y
+CONFIG_MITIGATION_ITS=y
 CONFIG_MITIGATION_PAGE_TABLE_ISOLATION=y
 CONFIG_MITIGATION_RETHUNK=y
 CONFIG_MITIGATION_RETPOLINE=y

SOURCES/kernel.changelog

@@ -1,11 +1,77 @@
-* Thu Aug 07 2025 Patrick Talbert <ptalbert@redhat.com> [5.14.0-570.33.2.el9_6]
+* Sat Aug 09 2025 Patrick Talbert <ptalbert@redhat.com> [5.14.0-570.35.1.el9_6]
+- s390/dasd: Remove DMA alignment (CKI Backport Bot) [RHEL-91593]
+- s390/cpumf: Update CPU Measurement facility extended counter set support (CKI Backport Bot) [RHEL-103066]
+- s390/topology: Improve topology detection (CKI Backport Bot) [RHEL-92100]
+- s390/pai: export number of sysfs attribute files (CKI Backport Bot) [RHEL-87178]
+- s390/pai: fix attr_event_free upper limit for pai device drivers (CKI Backport Bot) [RHEL-87178]
+- powerpc/64s/radix/kfence: map __kfence_pool at page granularity (Mamatha Inamdar) [RHEL-92081]
+- wifi: rtw88: fix the 'para' buffer size to avoid reading out of bounds (CKI Backport Bot) [RHEL-103151] {CVE-2025-38159}
+- redhat: Mark kernel incompatible with xdp-tools<1.5.4 (Felix Maurer) [RHEL-101008]
+- bpf, test_run: Fix use-after-free issue in eth_skb_pkt_type() (CKI Backport Bot) [RHEL-101008] {CVE-2025-21867}
+- arm64: proton-pack: Add new CPUs 'k' values for branch mitigation (Waiman Long) [RHEL-100603]
+- arm64: bpf: Only mitigate cBPF programs loaded by unprivileged users (Waiman Long) [RHEL-100603] {CVE-2025-37963}
+- arm64: bpf: Add BHB mitigation to the epilogue for cBPF programs (Waiman Long) [RHEL-100603] {CVE-2025-37948}
+- arm64: proton-pack: Expose whether the branchy loop k value (Waiman Long) [RHEL-100603]
+- arm64: proton-pack: Expose whether the platform is mitigated by firmware (Waiman Long) [RHEL-100603]
+- arm64: insn: Add support for encoding DSB (Waiman Long) [RHEL-100603]
+- redhat/configs: Enable CONFIG_MITIGATION_ITS for x86 (Waiman Long) [RHEL-100603]
+- selftest/x86/bugs: Add selftests for ITS (Waiman Long) [RHEL-100603 RHEL-92182] {CVE-2024-28956}
+- x86/ibt: Keep IBT disabled during alternative patching (Waiman Long) [RHEL-100603 RHEL-92182] {CVE-2024-28956}
+- x86/its: Align RETs in BHB clear sequence to avoid thunking (Waiman Long) [RHEL-100603 RHEL-92182] {CVE-2024-28956}
+- x86/its: Add support for RSB stuffing mitigation (Waiman Long) [RHEL-100603 RHEL-92182] {CVE-2024-28956}
+- x86/its: Add "vmexit" option to skip mitigation on some CPUs (Waiman Long) [RHEL-100603 RHEL-92182] {CVE-2024-28956}
+- x86/its: Enable Indirect Target Selection mitigation (Waiman Long) [RHEL-100603 RHEL-92182] {CVE-2024-28956}
+- x86/its: Add support for ITS-safe return thunk (Waiman Long) [RHEL-100603 RHEL-92182] {CVE-2024-28956}
+- x86/its: Add support for ITS-safe indirect thunk (Waiman Long) [RHEL-100603 RHEL-92182] {CVE-2024-28956}
+- x86/its: Enumerate Indirect Target Selection (ITS) bug (Waiman Long) [RHEL-100603 RHEL-92182] {CVE-2024-28956}
+- Documentation: x86/bugs/its: Add ITS documentation (Waiman Long) [RHEL-100603 RHEL-92182] {CVE-2024-28956}
+- x86/bhi: Do not set BHI_DIS_S in 32-bit mode (Waiman Long) [RHEL-100603]
+- x86/bpf: Add IBHF call at end of classic BPF (Waiman Long) [RHEL-100603]
+- x86/bpf: Call branch history clearing sequence on exit (Waiman Long) [RHEL-100603]
+- arm64: errata: Assume that unknown CPUs _are_ vulnerable to Spectre BHB (Waiman Long) [RHEL-100603]
+- arm64: errata: Add QCOM_KRYO_4XX_GOLD to the spectre_bhb_k24_list (Waiman Long) [RHEL-100603]
+- x86/rfds: Exclude P-only parts from the RFDS affected list (Waiman Long) [RHEL-100603]
+- x86/cpu: Update x86_match_cpu() to also use cpu-type (Waiman Long) [RHEL-100603]
+- x86/cpu: Add cpu_type to struct x86_cpu_id (Waiman Long) [RHEL-100603]
+- x86/cpu: Shorten CPU matching macro (Waiman Long) [RHEL-100603]
+- x86/cpu: Fix the description of X86_MATCH_VFM_STEPS() (Waiman Long) [RHEL-100603]
+- selftests: Warn about skipped tests in result summary (Waiman Long) [RHEL-100603]
+- x86/cpu: Fix typo in x86_match_cpu()'s doc (Waiman Long) [RHEL-100603]
+- x86/cpu: Expose only stepping min/max interface (Waiman Long) [RHEL-100603]
+- x86/cpu: Add CPU type to struct cpuinfo_topology (Waiman Long) [RHEL-100603]
+- x86/cpufeatures: Add X86_FEATURE_AMD_HETEROGENEOUS_CORES (Waiman Long) [RHEL-100603]
+- x86/cpufeatures: Rename X86_FEATURE_FAST_CPPC to have AMD prefix (Waiman Long) [RHEL-100603]
+- tools/include: Sync x86 headers with the kernel sources (Waiman Long) [RHEL-100603]
+- selftests: ksft: Fix finished() helper exit code on skipped tests (Waiman Long) [RHEL-100603]
+- kselftest: Move ksft helper module to common directory (Waiman Long) [RHEL-100603]
+- platform/x86/intel/ifs: Switch to new Intel CPU model defines (Waiman Long) [RHEL-100603]
+- x86/platform/atom: Switch to new Intel CPU model defines (Waiman Long) [RHEL-100603]
+- cpufreq: Switch to new Intel CPU model defines (Waiman Long) [RHEL-100603]
+- x86/bugs: Add 'spectre_bhi=vmexit' cmdline option (Waiman Long) [RHEL-100603]
+- EDAC/skx: Switch to new Intel CPU model defines (Waiman Long) [RHEL-100603]
+- EDAC/i10nm: Switch to new Intel CPU model defines (Waiman Long) [RHEL-100603]
+- x86/cpu: Fix x86_match_cpu() to match just X86_VENDOR_INTEL (Waiman Long) [RHEL-100603]
+- x86/aperfmperf: Switch to new Intel CPU model defines (Waiman Long) [RHEL-100603]
+- x86/apic: Switch to new Intel CPU model defines (Waiman Long) [RHEL-100603]
+- x86/bugs: Switch to new Intel CPU model defines (Waiman Long) [RHEL-100603]
+- EDAC/i10nm: Add Intel Grand Ridge micro-server support (Waiman Long) [RHEL-100603]
 - Revert "sch_htb: make htb_qlen_notify() idempotent" (Patrick Talbert) [RHEL-108138]
 - Revert "sch_drr: make drr_qlen_notify() idempotent" (Patrick Talbert) [RHEL-108138]
 - Revert "sch_qfq: make qfq_qlen_notify() idempotent" (Patrick Talbert) [RHEL-108138]
 - Revert "codel: remove sch->q.qlen check before qdisc_tree_reduce_backlog()" (Patrick Talbert) [RHEL-108138]
 - Revert "sch_htb: make htb_deactivate() idempotent" (Patrick Talbert) [RHEL-108138]
 - Revert "net/sched: Always pass notifications when child class becomes empty" (Patrick Talbert) [RHEL-108138]
-Resolves: RHEL-108138
+Resolves: RHEL-100603, RHEL-101008, RHEL-103066, RHEL-103151, RHEL-108138, RHEL-87178, RHEL-91593, RHEL-92081, RHEL-92100, RHEL-92182
+
+* Wed Aug 06 2025 CKI KWF Bot <cki-ci-bot+kwf-gitlab-com@redhat.com> [5.14.0-570.34.1.el9_6]
+- i2c/designware: Fix an initialization issue (CKI Backport Bot) [RHEL-106625] {CVE-2025-38380}
+- tls: always refresh the queue when reading sock (CKI Backport Bot) [RHEL-106081] {CVE-2025-38471}
+- net: fix udp gso skb_segment after pull from frag_list (Guillaume Nault) [RHEL-103028] {CVE-2025-38124}
+- mm/hugetlb: fix huge_pmd_unshare() vs GUP-fast race (Rafael Aquini) [RHEL-101246] {CVE-2025-38085}
+- mm/hugetlb: unshare page tables during VMA split, not before (Rafael Aquini) [RHEL-101282] {CVE-2025-38084}
+- mm: fix copy_vma() error handling for hugetlb mappings (Rafael Aquini) [RHEL-101282]
+- Bluetooth: hci_core: Fix use-after-free in vhci_flush() (CKI Backport Bot) [RHEL-103256] {CVE-2025-38250}
+Resolves: RHEL-101246, RHEL-101282, RHEL-103028, RHEL-103256, RHEL-106081, RHEL-106625
 
 * Sat Aug 02 2025 CKI KWF Bot <cki-ci-bot+kwf-gitlab-com@redhat.com> [5.14.0-570.33.1.el9_6]
 - net/sched: Always pass notifications when child class becomes empty (CKI Backport Bot) [RHEL-93387] {CVE-2025-38350}

SPECS/kernel.spec

@@ -165,15 +165,15 @@ Summary: The Linux kernel
 # define buildid .local
 %define specversion 5.14.0
 %define patchversion 5.14
-%define pkgrelease 570.33.2
+%define pkgrelease 570.35.1
 %define kversion 5
-%define tarfile_release 5.14.0-570.33.2.el9_6
+%define tarfile_release 5.14.0-570.35.1.el9_6
 # This is needed to do merge window version magic
 %define patchlevel 14
 # This allows pkg_release to have configurable %%{?dist} tag
-%define specrelease 570.33.2%{?buildid}%{?dist}
+%define specrelease 570.35.1%{?buildid}%{?dist}
 # This defines the kabi tarball version
-%define kabiversion 5.14.0-570.33.2.el9_6
+%define kabiversion 5.14.0-570.35.1.el9_6
 
 #
 # End of genspec.sh variables
@@ -1005,6 +1005,7 @@ Recommends: linux-firmware\
 Requires(preun): systemd >= 200\
 Conflicts: xfsprogs < 4.3.0-1\
 Conflicts: xorg-x11-drv-vmmouse < 13.0.99\
+Conflicts: xdp-tools < 1.5.4\
 %{expand:%%{?kernel%{?1:_%{1}}_conflicts:Conflicts: %%{kernel%{?1:_%{1}}_conflicts}}}\
 %{expand:%%{?kernel%{?1:_%{1}}_obsoletes:Obsoletes: %%{kernel%{?1:_%{1}}_obsoletes}}}\
 %{expand:%%{?kernel%{?1:_%{1}}_provides:Provides: %%{kernel%{?1:_%{1}}_provides}}}\
@@ -3865,7 +3866,7 @@ fi
 #
 #
 %changelog
-* Thu Aug 14 2025 Andrew Lukoshko <alukoshko@almalinux.org> - 5.14.0-570.33.2
+* Thu Aug 21 2025 Andrew Lukoshko <alukoshko@almalinux.org> - 5.14.0-570.35.1
 - hpsa: bring back deprecated PCI ids #CFHack #CFHack2024
 - mptsas: bring back deprecated PCI ids #CFHack #CFHack2024
 - megaraid_sas: bring back deprecated PCI ids #CFHack #CFHack2024
@@ -3877,12 +3878,68 @@ fi
   unmaintained
 - NFSD: fix hang in nfsd4_shutdown_callback
 
-* Thu Aug 14 2025 Eduard Abdullin <eabdullin@almalinux.org> - 5.14.0-570.33.2
+* Thu Aug 21 2025 Eduard Abdullin <eabdullin@almalinux.org> - 5.14.0-570.35.1
 - Use AlmaLinux OS secure boot cert
 - Debrand for AlmaLinux OS
 - Add KVM support for ppc64le
 
-* Thu Aug 07 2025 Patrick Talbert <ptalbert@redhat.com> [5.14.0-570.33.2.el9_6]
+* Sat Aug 09 2025 Patrick Talbert <ptalbert@redhat.com> [5.14.0-570.35.1.el9_6]
+- s390/dasd: Remove DMA alignment (CKI Backport Bot) [RHEL-91593]
+- s390/cpumf: Update CPU Measurement facility extended counter set support (CKI Backport Bot) [RHEL-103066]
+- s390/topology: Improve topology detection (CKI Backport Bot) [RHEL-92100]
+- s390/pai: export number of sysfs attribute files (CKI Backport Bot) [RHEL-87178]
+- s390/pai: fix attr_event_free upper limit for pai device drivers (CKI Backport Bot) [RHEL-87178]
+- powerpc/64s/radix/kfence: map __kfence_pool at page granularity (Mamatha Inamdar) [RHEL-92081]
+- wifi: rtw88: fix the 'para' buffer size to avoid reading out of bounds (CKI Backport Bot) [RHEL-103151] {CVE-2025-38159}
+- redhat: Mark kernel incompatible with xdp-tools<1.5.4 (Felix Maurer) [RHEL-101008]
+- bpf, test_run: Fix use-after-free issue in eth_skb_pkt_type() (CKI Backport Bot) [RHEL-101008] {CVE-2025-21867}
+- arm64: proton-pack: Add new CPUs 'k' values for branch mitigation (Waiman Long) [RHEL-100603]
+- arm64: bpf: Only mitigate cBPF programs loaded by unprivileged users (Waiman Long) [RHEL-100603] {CVE-2025-37963}
+- arm64: bpf: Add BHB mitigation to the epilogue for cBPF programs (Waiman Long) [RHEL-100603] {CVE-2025-37948}
+- arm64: proton-pack: Expose whether the branchy loop k value (Waiman Long) [RHEL-100603]
+- arm64: proton-pack: Expose whether the platform is mitigated by firmware (Waiman Long) [RHEL-100603]
+- arm64: insn: Add support for encoding DSB (Waiman Long) [RHEL-100603]
+- redhat/configs: Enable CONFIG_MITIGATION_ITS for x86 (Waiman Long) [RHEL-100603]
+- selftest/x86/bugs: Add selftests for ITS (Waiman Long) [RHEL-100603 RHEL-92182] {CVE-2024-28956}
+- x86/ibt: Keep IBT disabled during alternative patching (Waiman Long) [RHEL-100603 RHEL-92182] {CVE-2024-28956}
+- x86/its: Align RETs in BHB clear sequence to avoid thunking (Waiman Long) [RHEL-100603 RHEL-92182] {CVE-2024-28956}
+- x86/its: Add support for RSB stuffing mitigation (Waiman Long) [RHEL-100603 RHEL-92182] {CVE-2024-28956}
+- x86/its: Add "vmexit" option to skip mitigation on some CPUs (Waiman Long) [RHEL-100603 RHEL-92182] {CVE-2024-28956}
+- x86/its: Enable Indirect Target Selection mitigation (Waiman Long) [RHEL-100603 RHEL-92182] {CVE-2024-28956}
+- x86/its: Add support for ITS-safe return thunk (Waiman Long) [RHEL-100603 RHEL-92182] {CVE-2024-28956}
+- x86/its: Add support for ITS-safe indirect thunk (Waiman Long) [RHEL-100603 RHEL-92182] {CVE-2024-28956}
+- x86/its: Enumerate Indirect Target Selection (ITS) bug (Waiman Long) [RHEL-100603 RHEL-92182] {CVE-2024-28956}
+- Documentation: x86/bugs/its: Add ITS documentation (Waiman Long) [RHEL-100603 RHEL-92182] {CVE-2024-28956}
+- x86/bhi: Do not set BHI_DIS_S in 32-bit mode (Waiman Long) [RHEL-100603]
+- x86/bpf: Add IBHF call at end of classic BPF (Waiman Long) [RHEL-100603]
+- x86/bpf: Call branch history clearing sequence on exit (Waiman Long) [RHEL-100603]
+- arm64: errata: Assume that unknown CPUs _are_ vulnerable to Spectre BHB (Waiman Long) [RHEL-100603]
+- arm64: errata: Add QCOM_KRYO_4XX_GOLD to the spectre_bhb_k24_list (Waiman Long) [RHEL-100603]
+- x86/rfds: Exclude P-only parts from the RFDS affected list (Waiman Long) [RHEL-100603]
+- x86/cpu: Update x86_match_cpu() to also use cpu-type (Waiman Long) [RHEL-100603]
+- x86/cpu: Add cpu_type to struct x86_cpu_id (Waiman Long) [RHEL-100603]
+- x86/cpu: Shorten CPU matching macro (Waiman Long) [RHEL-100603]
+- x86/cpu: Fix the description of X86_MATCH_VFM_STEPS() (Waiman Long) [RHEL-100603]
+- selftests: Warn about skipped tests in result summary (Waiman Long) [RHEL-100603]
+- x86/cpu: Fix typo in x86_match_cpu()'s doc (Waiman Long) [RHEL-100603]
+- x86/cpu: Expose only stepping min/max interface (Waiman Long) [RHEL-100603]
+- x86/cpu: Add CPU type to struct cpuinfo_topology (Waiman Long) [RHEL-100603]
+- x86/cpufeatures: Add X86_FEATURE_AMD_HETEROGENEOUS_CORES (Waiman Long) [RHEL-100603]
+- x86/cpufeatures: Rename X86_FEATURE_FAST_CPPC to have AMD prefix (Waiman Long) [RHEL-100603]
+- tools/include: Sync x86 headers with the kernel sources (Waiman Long) [RHEL-100603]
+- selftests: ksft: Fix finished() helper exit code on skipped tests (Waiman Long) [RHEL-100603]
+- kselftest: Move ksft helper module to common directory (Waiman Long) [RHEL-100603]
+- platform/x86/intel/ifs: Switch to new Intel CPU model defines (Waiman Long) [RHEL-100603]
+- x86/platform/atom: Switch to new Intel CPU model defines (Waiman Long) [RHEL-100603]
+- cpufreq: Switch to new Intel CPU model defines (Waiman Long) [RHEL-100603]
+- x86/bugs: Add 'spectre_bhi=vmexit' cmdline option (Waiman Long) [RHEL-100603]
+- EDAC/skx: Switch to new Intel CPU model defines (Waiman Long) [RHEL-100603]
+- EDAC/i10nm: Switch to new Intel CPU model defines (Waiman Long) [RHEL-100603]
+- x86/cpu: Fix x86_match_cpu() to match just X86_VENDOR_INTEL (Waiman Long) [RHEL-100603]
+- x86/aperfmperf: Switch to new Intel CPU model defines (Waiman Long) [RHEL-100603]
+- x86/apic: Switch to new Intel CPU model defines (Waiman Long) [RHEL-100603]
+- x86/bugs: Switch to new Intel CPU model defines (Waiman Long) [RHEL-100603]
+- EDAC/i10nm: Add Intel Grand Ridge micro-server support (Waiman Long) [RHEL-100603]
 - Revert "sch_htb: make htb_qlen_notify() idempotent" (Patrick Talbert) [RHEL-108138]
 - Revert "sch_drr: make drr_qlen_notify() idempotent" (Patrick Talbert) [RHEL-108138]
 - Revert "sch_qfq: make qfq_qlen_notify() idempotent" (Patrick Talbert) [RHEL-108138]
@@ -3890,6 +3947,15 @@ fi
 - Revert "sch_htb: make htb_deactivate() idempotent" (Patrick Talbert) [RHEL-108138]
 - Revert "net/sched: Always pass notifications when child class becomes empty" (Patrick Talbert) [RHEL-108138]
 
+* Wed Aug 06 2025 CKI KWF Bot <cki-ci-bot+kwf-gitlab-com@redhat.com> [5.14.0-570.34.1.el9_6]
+- i2c/designware: Fix an initialization issue (CKI Backport Bot) [RHEL-106625] {CVE-2025-38380}
+- tls: always refresh the queue when reading sock (CKI Backport Bot) [RHEL-106081] {CVE-2025-38471}
+- net: fix udp gso skb_segment after pull from frag_list (Guillaume Nault) [RHEL-103028] {CVE-2025-38124}
+- mm/hugetlb: fix huge_pmd_unshare() vs GUP-fast race (Rafael Aquini) [RHEL-101246] {CVE-2025-38085}
+- mm/hugetlb: unshare page tables during VMA split, not before (Rafael Aquini) [RHEL-101282] {CVE-2025-38084}
+- mm: fix copy_vma() error handling for hugetlb mappings (Rafael Aquini) [RHEL-101282]
+- Bluetooth: hci_core: Fix use-after-free in vhci_flush() (CKI Backport Bot) [RHEL-103256] {CVE-2025-38250}
+
 * Sat Aug 02 2025 CKI KWF Bot <cki-ci-bot+kwf-gitlab-com@redhat.com> [5.14.0-570.33.1.el9_6]
 - net/sched: Always pass notifications when child class becomes empty (CKI Backport Bot) [RHEL-93387] {CVE-2025-38350}
 - sch_htb: make htb_deactivate() idempotent (CKI Backport Bot) [RHEL-93387] {CVE-2025-38350}