Import from CS git

.gitignore

@@ -2,7 +2,7 @@ SOURCES/centossecureboot201.cer
 SOURCES/centossecurebootca2.cer
 SOURCES/kernel-abi-stablelists-4.18.0-553.tar.bz2
 SOURCES/kernel-kabi-dw-4.18.0-553.tar.bz2
-SOURCES/linux-4.18.0-553.97.1.el8_10.tar.xz
+SOURCES/linux-4.18.0-553.100.1.el8_10.tar.xz
 SOURCES/redhatsecureboot302.cer
 SOURCES/redhatsecureboot303.cer
 SOURCES/redhatsecureboot501.cer

.kernel.metadata

@@ -1,8 +1,8 @@
 2ba40bf9138b48311e5aa1b737b7f0a8ad66066f SOURCES/centossecureboot201.cer
 bfdb3d7cffc43f579655af5155d50c08671d95e5 SOURCES/centossecurebootca2.cer
-644b9751348181b6b25fbdead1d3c55476792f89 SOURCES/kernel-abi-stablelists-4.18.0-553.tar.bz2
-c60d37259ea1c43fc63a111bdb45b519397724ec SOURCES/kernel-kabi-dw-4.18.0-553.tar.bz2
-3059bf9db8686f0aa563b6eed63823eb1ee3a2f2 SOURCES/linux-4.18.0-553.97.1.el8_10.tar.xz
+79e22564d660dee59663ae619e43477438a48cbc SOURCES/kernel-abi-stablelists-4.18.0-553.tar.bz2
+bff09f1298e46ba53dee5cc0bb90a25d3e421ec5 SOURCES/kernel-kabi-dw-4.18.0-553.tar.bz2
+c1b8e51ed8e8d4f915aa6ac77057275c5bc47ad7 SOURCES/linux-4.18.0-553.100.1.el8_10.tar.xz
 13e5cd3f856b472fde80a4deb75f4c18dfb5b255 SOURCES/redhatsecureboot302.cer
 e89890ca0ded2f9058651cc5fa838b78db2e6cc2 SOURCES/redhatsecureboot303.cer
 ba0b760e594ff668ee72ae348adf3e49b97f75fb SOURCES/redhatsecureboot501.cer

SPECS/kernel.spec

@@ -38,10 +38,10 @@
 # define buildid .local
 
 %define specversion 4.18.0
-%define pkgrelease 553.97.1.el8_10
+%define pkgrelease 553.100.1.el8_10
 
 # allow pkg_release to have configurable %%{?dist} tag
-%define specrelease 553.97.1%{?dist}
+%define specrelease 553.100.1%{?dist}
 
 %define pkg_release %{specrelease}%{?buildid}
 
@@ -2705,6 +2705,28 @@ fi
 #
 #
 %changelog
+* Tue Jan 27 2026 CKI KWF Bot <cki-ci-bot+kwf-gitlab-com@redhat.com> [4.18.0-553.100.1.el8_10]
+- IB/hfi1: Fix sdma.h tx->num_descs off-by-one error (Kamal Heib) [RHEL-138396] {CVE-2024-26766}
+
+* Sat Jan 24 2026 CKI KWF Bot <cki-ci-bot+kwf-gitlab-com@redhat.com> [4.18.0-553.99.1.el8_10]
+- fbdev: bitblit: bound-check glyph index in bit_putcs* (Jocelyn Falempe) [RHEL-136937] {CVE-2025-40322}
+- atm: clip: Fix infinite recursive call of clip_push(). (Guillaume Nault) [RHEL-137591] {CVE-2025-38459}
+- squashfs: fix memory leak in squashfs_fill_super (Abhi Das) [RHEL-138010] {CVE-2025-38415}
+- Squashfs: check return result of sb_min_blocksize (CKI Backport Bot) [RHEL-138010] {CVE-2025-38415}
+- usb: core: config: Prevent OOB read in SS endpoint companion parsing (CKI Backport Bot) [RHEL-137362] {CVE-2025-39760}
+- RDMA/rxe: Fix slab-use-after-free Read in rxe_queue_cleanup bug (CKI Backport Bot) [RHEL-137058] {CVE-2025-38024}
+
+* Thu Jan 22 2026 CKI KWF Bot <cki-ci-bot+kwf-gitlab-com@redhat.com> [4.18.0-553.98.1.el8_10]
+- vfs: use READ_ONCE() to access ->i_link (Jay Shin) [RHEL-141790]
+- fold generic_readlink() into its only caller (Jay Shin) [RHEL-141790]
+- fs/proc: fix uaf in proc_readdir_de() (Pavel Reichl) [RHEL-137093] {CVE-2025-40271}
+- Backport 'create an empty changelog file when changing its name' (Alexandra Hájková)
+- mptcp: fix race condition in mptcp_schedule_work() (Paolo Abeni) [RHEL-134443] {CVE-2025-40258}
+- mptcp: use mptcp_schedule_work instead of open-coding it (Paolo Abeni) [RHEL-134443]
+- tcp: fix a signed-integer-overflow bug in tcp_add_backlog() (Guillaume Nault) [RHEL-137976] {CVE-2022-50865}
+- tcp: minor optimization in tcp_add_backlog() (Guillaume Nault) [RHEL-137976] {CVE-2022-50865}
+- RDMA/core: Fix "KASAN: slab-use-after-free Read in ib_register_device" problem (Kamal Heib) [RHEL-134347] {CVE-2025-38022}
+
 * Tue Jan 20 2026 CKI KWF Bot <cki-ci-bot+kwf-gitlab-com@redhat.com> [4.18.0-553.97.1.el8_10]
 - ASoC: Intel: bytcr_rt5640: Fix invalid quirk input mapping (CKI Backport Bot) [RHEL-129107] {CVE-2025-40154}