From 6d43a57074bbdeec052dddfb6573e0b2845b5e8e Mon Sep 17 00:00:00 2001
From: Denys Vlasenko <dvlasenk@redhat.com>
Date: Fri, 28 Jun 2024 15:48:57 +0200
Subject: [PATCH] kernel-4.18.0-553.10.1.el8_10
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

* Fri Jun 28 2024 Denys Vlasenko <dvlasenk@redhat.com> [4.18.0-553.10.1.el8_10]
- SUNRPC: Fix RPC client cleaned up the freed pipefs dentries (Scott Mayhew) [RHEL-38264] {CVE-2023-52803}
- scsi: qla2xxx: Fix off by one in qla_edif_app_getstats() (Ewan D. Milne) [RHEL-39717] {CVE-2024-36025}
- tcp: add sanity checks to rx zerocopy (Guillaume Nault) [RHEL-29494] {CVE-2024-26640}
- SUNRPC: fix some memleaks in gssx_dec_option_array (Scott Mayhew) [RHEL-35209] {CVE-2024-27388}
- wifi: nl80211: don't free NULL coalescing rule (Jose Ignacio Tornos Martinez) [RHEL-39752] {CVE-2024-36941}
- nfs: fix UAF in direct writes (Scott Mayhew) [RHEL-34975] {CVE-2024-26958}
- NFSv4.2: fix nfs4_listxattr kernel BUG at mm/usercopy.c:102 (Scott Mayhew) [RHEL-33228] {CVE-2024-26870}
- drm/amd/pm: Fix error of MACO flag setting code (Michel Dänzer) [RHEL-15928]
- scsi: aacraid: fix io hangs and improve performance (John Meneghini) [RHEL-23913]
- block: prevent division by zero in blk_rq_stat_sum() (Ming Lei) [RHEL-37279] {CVE-2024-35925}
- block: fix overflow in blk_ioctl_discard() (Ming Lei) [RHEL-39811] {CVE-2024-36917}
- virtio-blk: fix implicit overflow on virtio_max_dma_size (Ming Lei) [RHEL-38131] {CVE-2023-52762}
- nbd: null check for nla_nest_start (Ming Lei) [RHEL-35176] {CVE-2024-27025}
- isdn: mISDN: netjet: Fix crash in nj_probe: (Ken Cox) [RHEL-38444] {CVE-2021-47284}
- isdn: mISDN: Fix sleeping function called from invalid context (Ken Cox) [RHEL-38400] {CVE-2021-47468}
- net/smc: avoid data corruption caused by decline (Tobias Huschle) [RHEL-38234] {CVE-2023-52775}
- ubi: Check for too small LEB size in VTBL code (David Arcari) [RHEL-25092] {CVE-2024-25739}
- i2c: core: Fix atomic xfer check for non-preempt config (Steve Best) [RHEL-38313] {CVE-2023-52791}
- i2c: core: Run atomic i2c xfer when !preemptible (Steve Best) [RHEL-38313] {CVE-2023-52791}
- firewire: ohci: mask bus reset interrupts between ISR and bottom half (Steve Best) [RHEL-39902] {CVE-2024-36950}
- ipv6: init the accept_queue's spinlocks in inet6_create (Guillaume Nault) [RHEL-28899] {CVE-2024-26614}
- tcp: make sure init the accept_queue's spinlocks once (Guillaume Nault) [RHEL-28899] {CVE-2024-26614}
- tty: n_gsm: fix possible out-of-bounds in gsm0_receive() (Steve Best) [RHEL-39352] {CVE-2024-36016}
- mlxsw: spectrum_acl_tcam: Fix incorrect list API usage (Ivan Vecera) [RHEL-37484] {CVE-2024-36006}
- pwm: Fix double shift bug (Steve Best) [RHEL-38278] {CVE-2023-52756}
- mmc: sdio: fix possible resource leaks in some error paths (Steve Best) [RHEL-38149] {CVE-2023-52730}
- of: unittest: Fix compile in the non-dynamic case (Steve Best) [RHEL-37070] {CVE-2023-52679}
- of: unittest: Fix of_count_phandle_with_args() expected value message (Steve Best) [RHEL-37070] {CVE-2023-52679}
- of: Fix double free in of_parse_phandle_with_args_map (Steve Best) [RHEL-37070] {CVE-2023-52679}
- pinctrl: core: delete incorrect free in pinctrl_enable() (Steve Best) [RHEL-39756] {CVE-2024-36940}
- pinctrl: core: fix possible memory leak in pinctrl_enable() (Steve Best) [RHEL-39756] {CVE-2024-36940}
- media: gspca: cpia1: shift-out-of-bounds in set_flicker (Desnes Nunes) [RHEL-38331] {CVE-2023-52764}
- tipc: fix a possible memleak in tipc_buf_append (Xin Long) [RHEL-39881] {CVE-2024-36954}
- cifs: fix mid leak during reconnection after timeout threshold (Paulo Alcantara) [RHEL-36222]
- cifs: Fix use-after-free in rdata->read_into_pages() (Paulo Alcantara) [RHEL-36222]
- cifs: Fix pages leak when writedata alloc failed in cifs_write_from_iter() (Paulo Alcantara) [RHEL-36222]
- cifs: Fix pages array leak when writedata alloc failed in cifs_writedata_alloc() (Paulo Alcantara) [RHEL-36222]
- cifs: destage dirty pages before re-reading them for cache=none (Paulo Alcantara) [RHEL-36222]
- cifs: destage any unwritten data to the server before calling copychunk_write (Paulo Alcantara) [RHEL-36222]
- Adjust cifssb maximum read size (Paulo Alcantara) [RHEL-36222]
- cifs: make locking consistent around the server session status (Paulo Alcantara) [RHEL-36222]
- cifs: fix credit accounting for extra channel (Paulo Alcantara) [RHEL-36222]
- smb3: prevent races updating CurrentMid (Paulo Alcantara) [RHEL-36222]
- cifs: fix missing spinlock around update to ses->status (Paulo Alcantara) [RHEL-36222]
- cifs: use echo_interval even when connection not ready. (Paulo Alcantara) [RHEL-36222]
- cifs: detect dead connections only when echoes are enabled. (Paulo Alcantara) [RHEL-36222]
- cifs: Fix preauth hash corruption (Paulo Alcantara) [RHEL-36222]
- cifs: do not send close in compound create+close requests (Paulo Alcantara) [RHEL-36222]
- cifs: ask for more credit on async read/write code paths (Paulo Alcantara) [RHEL-36222]
- cifs: use discard iterator to discard unneeded network data more efficiently (Paulo Alcantara) [RHEL-36222]
- cifs: Fix in error types returned for out-of-credit situations. (Paulo Alcantara) [RHEL-36222]
- smb3: fix crediting for compounding when only one request in flight (Paulo Alcantara) [RHEL-36222]
- cifs: New optype for session operations. (Paulo Alcantara) [RHEL-36222]
- mm/gup: do not return 0 from pin_user_pages_fast() for bad args (Paulo Alcantara) [RHEL-36222]
- wifi: brcmfmac: pcie: handle randbuf allocation failure (Jose Ignacio Tornos Martinez) [RHEL-44124] {CVE-2024-38575}
- tcp: Use refcount_inc_not_zero() in tcp_twsk_unique(). (Guillaume Nault) [RHEL-39835] {CVE-2024-36904}
- wifi: mac80211: don't return unset power in ieee80211_get_tx_power() (Jose Ignacio Tornos Martinez) [RHEL-38159] {CVE-2023-52832}
- wifi: ath11k: fix gtk offload status event locking (Jose Ignacio Tornos Martinez) [RHEL-38155] {CVE-2023-52777}
- net: ieee802154: fix null deref in parse dev addr (Steve Best) [RHEL-38012] {CVE-2021-47257}
- mm/hugetlb: fix missing hugetlb_lock for resv uncharge (Rafael Aquini) [RHEL-37465] {CVE-2024-36000}
- x86/xen: Add some null pointer checking to smp.c (Vitaly Kuznetsov) [RHEL-33258] {CVE-2024-26908}
- x86/xen: Fix memory leak in xen_smp_intr_init{_pv}() (Vitaly Kuznetsov) [RHEL-33258] {CVE-2024-26908}
- wifi: cfg80211: check A-MSDU format more carefully (Jose Ignacio Tornos Martinez) [RHEL-37343] {CVE-2024-35937}
- wifi: rtw89: fix null pointer access when abort scan (Jose Ignacio Tornos Martinez) [RHEL-37355] {CVE-2024-35946}
- atl1c: Work around the DMA RX overflow issue (Ken Cox) [RHEL-38287] {CVE-2023-52834}
- wifi: ath11k: decrease MHI channel buffer length to 8KB (Jose Ignacio Tornos Martinez) [RHEL-37339] {CVE-2024-35938}
- wifi: iwlwifi: mvm: rfi: fix potential response leaks (Jose Ignacio Tornos Martinez) [RHEL-37163] {CVE-2024-35912}
- USB: core: Fix access violation during port device removal (Desnes Nunes) [RHEL-39853] {CVE-2024-36896}
- scsi: lpfc: Fix possible memory leak in lpfc_rcv_padisc() (Ewan D. Milne) [RHEL-37123] {CVE-2024-35930}
- netfilter: nf_tables: honor table dormant flag from netdev release event path (Phil Sutter) [RHEL-37450] {CVE-2024-36005}
- wifi: iwlwifi: mvm: don't set the MFP flag for the GTK (Jose Ignacio Tornos Martinez) [RHEL-36898] {CVE-2024-27434}
- wifi: iwlwifi: mvm: Fix key flags for IGTK on AP interface (Jose Ignacio Tornos Martinez) [RHEL-36898] {CVE-2024-27434}
- misc: lis3lv02d_i2c: Fix regulators getting en-/dis-abled twice on suspend/resume (Steve Best) [RHEL-36932] {CVE-2024-35824}
Resolves: RHEL-15928, RHEL-23913, RHEL-25092, RHEL-28899, RHEL-29494, RHEL-33228, RHEL-33258, RHEL-34975, RHEL-35176, RHEL-35209, RHEL-36222, RHEL-36898, RHEL-36932, RHEL-37070, RHEL-37123, RHEL-37163, RHEL-37279, RHEL-37339, RHEL-37343, RHEL-37355, RHEL-37450, RHEL-37465, RHEL-37484, RHEL-38012, RHEL-38131, RHEL-38149, RHEL-38155, RHEL-38159, RHEL-38234, RHEL-38264, RHEL-38278, RHEL-38287, RHEL-38313, RHEL-38331, RHEL-38400, RHEL-38444, RHEL-39352, RHEL-39717, RHEL-39752, RHEL-39756, RHEL-39811, RHEL-39835, RHEL-39853, RHEL-39881, RHEL-39902, RHEL-44124

Signed-off-by: Denys Vlasenko <dvlasenk@redhat.com>
---
 kernel.spec | 79 +++++++++++++++++++++++++++++++++++++++++++++++++++--
 sources     |  4 +--
 2 files changed, 79 insertions(+), 4 deletions(-)

diff --git a/kernel.spec b/kernel.spec
index 8afa0c643..af21b9766 100644
--- a/kernel.spec
+++ b/kernel.spec
@@ -38,10 +38,10 @@
 # define buildid .local
 
 %define specversion 4.18.0
-%define pkgrelease 553.9.1.el8_10
+%define pkgrelease 553.10.1.el8_10
 
 # allow pkg_release to have configurable %%{?dist} tag
-%define specrelease 553.9.1%{?dist}
+%define specrelease 553.10.1%{?dist}
 
 %define pkg_release %{specrelease}%{?buildid}
 
@@ -2696,6 +2696,81 @@ fi
 #
 #
 %changelog
+* Fri Jun 28 2024 Denys Vlasenko <dvlasenk@redhat.com> [4.18.0-553.10.1.el8_10]
+- SUNRPC: Fix RPC client cleaned up the freed pipefs dentries (Scott Mayhew) [RHEL-38264] {CVE-2023-52803}
+- scsi: qla2xxx: Fix off by one in qla_edif_app_getstats() (Ewan D. Milne) [RHEL-39717] {CVE-2024-36025}
+- tcp: add sanity checks to rx zerocopy (Guillaume Nault) [RHEL-29494] {CVE-2024-26640}
+- SUNRPC: fix some memleaks in gssx_dec_option_array (Scott Mayhew) [RHEL-35209] {CVE-2024-27388}
+- wifi: nl80211: don't free NULL coalescing rule (Jose Ignacio Tornos Martinez) [RHEL-39752] {CVE-2024-36941}
+- nfs: fix UAF in direct writes (Scott Mayhew) [RHEL-34975] {CVE-2024-26958}
+- NFSv4.2: fix nfs4_listxattr kernel BUG at mm/usercopy.c:102 (Scott Mayhew) [RHEL-33228] {CVE-2024-26870}
+- drm/amd/pm: Fix error of MACO flag setting code (Michel Dänzer) [RHEL-15928]
+- scsi: aacraid: fix io hangs and improve performance (John Meneghini) [RHEL-23913]
+- block: prevent division by zero in blk_rq_stat_sum() (Ming Lei) [RHEL-37279] {CVE-2024-35925}
+- block: fix overflow in blk_ioctl_discard() (Ming Lei) [RHEL-39811] {CVE-2024-36917}
+- virtio-blk: fix implicit overflow on virtio_max_dma_size (Ming Lei) [RHEL-38131] {CVE-2023-52762}
+- nbd: null check for nla_nest_start (Ming Lei) [RHEL-35176] {CVE-2024-27025}
+- isdn: mISDN: netjet: Fix crash in nj_probe: (Ken Cox) [RHEL-38444] {CVE-2021-47284}
+- isdn: mISDN: Fix sleeping function called from invalid context (Ken Cox) [RHEL-38400] {CVE-2021-47468}
+- net/smc: avoid data corruption caused by decline (Tobias Huschle) [RHEL-38234] {CVE-2023-52775}
+- ubi: Check for too small LEB size in VTBL code (David Arcari) [RHEL-25092] {CVE-2024-25739}
+- i2c: core: Fix atomic xfer check for non-preempt config (Steve Best) [RHEL-38313] {CVE-2023-52791}
+- i2c: core: Run atomic i2c xfer when !preemptible (Steve Best) [RHEL-38313] {CVE-2023-52791}
+- firewire: ohci: mask bus reset interrupts between ISR and bottom half (Steve Best) [RHEL-39902] {CVE-2024-36950}
+- ipv6: init the accept_queue's spinlocks in inet6_create (Guillaume Nault) [RHEL-28899] {CVE-2024-26614}
+- tcp: make sure init the accept_queue's spinlocks once (Guillaume Nault) [RHEL-28899] {CVE-2024-26614}
+- tty: n_gsm: fix possible out-of-bounds in gsm0_receive() (Steve Best) [RHEL-39352] {CVE-2024-36016}
+- mlxsw: spectrum_acl_tcam: Fix incorrect list API usage (Ivan Vecera) [RHEL-37484] {CVE-2024-36006}
+- pwm: Fix double shift bug (Steve Best) [RHEL-38278] {CVE-2023-52756}
+- mmc: sdio: fix possible resource leaks in some error paths (Steve Best) [RHEL-38149] {CVE-2023-52730}
+- of: unittest: Fix compile in the non-dynamic case (Steve Best) [RHEL-37070] {CVE-2023-52679}
+- of: unittest: Fix of_count_phandle_with_args() expected value message (Steve Best) [RHEL-37070] {CVE-2023-52679}
+- of: Fix double free in of_parse_phandle_with_args_map (Steve Best) [RHEL-37070] {CVE-2023-52679}
+- pinctrl: core: delete incorrect free in pinctrl_enable() (Steve Best) [RHEL-39756] {CVE-2024-36940}
+- pinctrl: core: fix possible memory leak in pinctrl_enable() (Steve Best) [RHEL-39756] {CVE-2024-36940}
+- media: gspca: cpia1: shift-out-of-bounds in set_flicker (Desnes Nunes) [RHEL-38331] {CVE-2023-52764}
+- tipc: fix a possible memleak in tipc_buf_append (Xin Long) [RHEL-39881] {CVE-2024-36954}
+- cifs: fix mid leak during reconnection after timeout threshold (Paulo Alcantara) [RHEL-36222]
+- cifs: Fix use-after-free in rdata->read_into_pages() (Paulo Alcantara) [RHEL-36222]
+- cifs: Fix pages leak when writedata alloc failed in cifs_write_from_iter() (Paulo Alcantara) [RHEL-36222]
+- cifs: Fix pages array leak when writedata alloc failed in cifs_writedata_alloc() (Paulo Alcantara) [RHEL-36222]
+- cifs: destage dirty pages before re-reading them for cache=none (Paulo Alcantara) [RHEL-36222]
+- cifs: destage any unwritten data to the server before calling copychunk_write (Paulo Alcantara) [RHEL-36222]
+- Adjust cifssb maximum read size (Paulo Alcantara) [RHEL-36222]
+- cifs: make locking consistent around the server session status (Paulo Alcantara) [RHEL-36222]
+- cifs: fix credit accounting for extra channel (Paulo Alcantara) [RHEL-36222]
+- smb3: prevent races updating CurrentMid (Paulo Alcantara) [RHEL-36222]
+- cifs: fix missing spinlock around update to ses->status (Paulo Alcantara) [RHEL-36222]
+- cifs: use echo_interval even when connection not ready. (Paulo Alcantara) [RHEL-36222]
+- cifs: detect dead connections only when echoes are enabled. (Paulo Alcantara) [RHEL-36222]
+- cifs: Fix preauth hash corruption (Paulo Alcantara) [RHEL-36222]
+- cifs: do not send close in compound create+close requests (Paulo Alcantara) [RHEL-36222]
+- cifs: ask for more credit on async read/write code paths (Paulo Alcantara) [RHEL-36222]
+- cifs: use discard iterator to discard unneeded network data more efficiently (Paulo Alcantara) [RHEL-36222]
+- cifs: Fix in error types returned for out-of-credit situations. (Paulo Alcantara) [RHEL-36222]
+- smb3: fix crediting for compounding when only one request in flight (Paulo Alcantara) [RHEL-36222]
+- cifs: New optype for session operations. (Paulo Alcantara) [RHEL-36222]
+- mm/gup: do not return 0 from pin_user_pages_fast() for bad args (Paulo Alcantara) [RHEL-36222]
+- wifi: brcmfmac: pcie: handle randbuf allocation failure (Jose Ignacio Tornos Martinez) [RHEL-44124] {CVE-2024-38575}
+- tcp: Use refcount_inc_not_zero() in tcp_twsk_unique(). (Guillaume Nault) [RHEL-39835] {CVE-2024-36904}
+- wifi: mac80211: don't return unset power in ieee80211_get_tx_power() (Jose Ignacio Tornos Martinez) [RHEL-38159] {CVE-2023-52832}
+- wifi: ath11k: fix gtk offload status event locking (Jose Ignacio Tornos Martinez) [RHEL-38155] {CVE-2023-52777}
+- net: ieee802154: fix null deref in parse dev addr (Steve Best) [RHEL-38012] {CVE-2021-47257}
+- mm/hugetlb: fix missing hugetlb_lock for resv uncharge (Rafael Aquini) [RHEL-37465] {CVE-2024-36000}
+- x86/xen: Add some null pointer checking to smp.c (Vitaly Kuznetsov) [RHEL-33258] {CVE-2024-26908}
+- x86/xen: Fix memory leak in xen_smp_intr_init{_pv}() (Vitaly Kuznetsov) [RHEL-33258] {CVE-2024-26908}
+- wifi: cfg80211: check A-MSDU format more carefully (Jose Ignacio Tornos Martinez) [RHEL-37343] {CVE-2024-35937}
+- wifi: rtw89: fix null pointer access when abort scan (Jose Ignacio Tornos Martinez) [RHEL-37355] {CVE-2024-35946}
+- atl1c: Work around the DMA RX overflow issue (Ken Cox) [RHEL-38287] {CVE-2023-52834}
+- wifi: ath11k: decrease MHI channel buffer length to 8KB (Jose Ignacio Tornos Martinez) [RHEL-37339] {CVE-2024-35938}
+- wifi: iwlwifi: mvm: rfi: fix potential response leaks (Jose Ignacio Tornos Martinez) [RHEL-37163] {CVE-2024-35912}
+- USB: core: Fix access violation during port device removal (Desnes Nunes) [RHEL-39853] {CVE-2024-36896}
+- scsi: lpfc: Fix possible memory leak in lpfc_rcv_padisc() (Ewan D. Milne) [RHEL-37123] {CVE-2024-35930}
+- netfilter: nf_tables: honor table dormant flag from netdev release event path (Phil Sutter) [RHEL-37450] {CVE-2024-36005}
+- wifi: iwlwifi: mvm: don't set the MFP flag for the GTK (Jose Ignacio Tornos Martinez) [RHEL-36898] {CVE-2024-27434}
+- wifi: iwlwifi: mvm: Fix key flags for IGTK on AP interface (Jose Ignacio Tornos Martinez) [RHEL-36898] {CVE-2024-27434}
+- misc: lis3lv02d_i2c: Fix regulators getting en-/dis-abled twice on suspend/resume (Steve Best) [RHEL-36932] {CVE-2024-35824}
+
 * Fri Jun 21 2024 Denys Vlasenko <dvlasenk@redhat.com> [4.18.0-553.9.1.el8_10]
 - x86/mce: Make sure to grab mce_sysfs_mutex in set_bank() (Steve Best) [RHEL-37262] {CVE-2024-35876}
 - net/sched: flower: Fix chain template offload (Xin Long) [RHEL-31313] {CVE-2024-26669}
diff --git a/sources b/sources
index 492fdba01..d6bafac0b 100644
--- a/sources
+++ b/sources
@@ -1,3 +1,3 @@
-SHA512 (linux-4.18.0-553.9.1.el8_10.tar.xz) = f896972bd0d328c8a8f01e8de18417c65fbcb85c5cf1b291dc2cdb75bed19da61e2b2b3dcae3538329d644a687ac853543cda6a9035afba71dd4b8b18845d2f9
-SHA512 (kernel-abi-stablelists-4.18.0-553.tar.bz2) = 14fd0d823e040b8b76834ab7737b4b955015a8e8fef943f799516d5efe3eb3350333590071e8855382a28638397d87b9222fb49f240ecf42974ba39bff460ebe
+SHA512 (linux-4.18.0-553.10.1.el8_10.tar.xz) = 6b12c5cb6e7ea2147023892e847c092b39800f15468b118641d34aed38b9e65284091d9938e5be37f25d71e1263026700970ceda06ebb10a48f4bfb1af4d0e6f
+SHA512 (kernel-abi-stablelists-4.18.0-553.tar.bz2) = 864378ecd12e02c035b33241415b81584fcec9f692c5ca4ce5a07ad26b48c7225bd36d5585426113b9e11170722fcb3422a61240c204f423ff64235bfa9e9ac6
 SHA512 (kernel-kabi-dw-4.18.0-553.tar.bz2) = 8a671ed3c9b7f4b25fd4e594b62bc4a26474cb705d3ed22ca376618b3c7962fc72ace1ffd02c9c3a192d9d2c449d38228809542d7f16ebad16f8127020eb2faf