From 84890a2465da72ff8c62857c4c11b5bfbb64fd80 Mon Sep 17 00:00:00 2001 From: Denys Vlasenko Date: Mon, 28 Jul 2025 23:48:27 +0200 Subject: [PATCH] kernel-4.18.0-553.66.1.el8_10 * Mon Jul 28 2025 Denys Vlasenko [4.18.0-553.66.1.el8_10] - net_sched: hfsc: Address reentrant enqueue adding class to eltree twice (Xin Long) [RHEL-105415] {CVE-2025-38001} - sch_hfsc: Fix qlen accounting bug when using peek in hfsc_enqueue() (Xin Long) [RHEL-105415] {CVE-2025-38000} - net_sched: hfsc: Fix a UAF vulnerability in class with netem as child qdisc (CKI Backport Bot) [RHEL-105415] {CVE-2025-37890} - sch_hfsc: make hfsc_qlen_notify() idempotent (Xin Long) [RHEL-105415] - crypto: algif_hash - fix double free in hash_accept (CKI Backport Bot) [RHEL-102223] {CVE-2025-38079} - Revert "smb: client: fix TCP timers deadlock after rmmod" (Paulo Alcantara) [RHEL-100698] {CVE-2025-22077} - Revert "smb: client: Fix netns refcount imbalance causing leaks and use-after-free" (Paulo Alcantara) [RHEL-100698] - smb: client: Fix netns refcount imbalance causing leaks and use-after-free (Paulo Alcantara) [RHEL-100698] - smb: client: fix TCP timers deadlock after rmmod (Paulo Alcantara) [RHEL-100698] {CVE-2024-54680} - smb: client: Fix use-after-free of network namespace. (Paulo Alcantara) [RHEL-100698] {CVE-2024-53095} - smb: client: fix warning in generic_ip_connect() (Paulo Alcantara) [RHEL-100698] - net: tipc: fix refcount warning in tipc_aead_encrypt (Xin Long) [RHEL-103079] - net/tipc: fix slab-use-after-free Read in tipc_aead_encrypt_done (CKI Backport Bot) [RHEL-103079] {CVE-2025-38052} - memstick: rtsx_usb_ms: Fix slab-use-after-free in rtsx_usb_ms_drv_remove (CKI Backport Bot) [RHEL-99013] {CVE-2025-22020} - HID: intel-ish-hid: Fix use-after-free issue in ishtp_hid_remove() (CKI Backport Bot) [RHEL-98837] {CVE-2025-21928} Resolves: RHEL-100698, RHEL-102223, RHEL-103079, RHEL-105415, RHEL-98837, RHEL-99013 Signed-off-by: Denys Vlasenko --- kernel.spec | 21 +++++++++++++++++++-- sources | 4 ++-- 2 files changed, 21 insertions(+), 4 deletions(-) diff --git a/kernel.spec b/kernel.spec index 255df406f..38a067dcb 100644 --- a/kernel.spec +++ b/kernel.spec @@ -38,10 +38,10 @@ # define buildid .local %define specversion 4.18.0 -%define pkgrelease 553.65.1.el8_10 +%define pkgrelease 553.66.1.el8_10 # allow pkg_release to have configurable %%{?dist} tag -%define specrelease 553.65.1%{?dist} +%define specrelease 553.66.1%{?dist} %define pkg_release %{specrelease}%{?buildid} @@ -2705,6 +2705,23 @@ fi # # %changelog +* Mon Jul 28 2025 Denys Vlasenko [4.18.0-553.66.1.el8_10] +- net_sched: hfsc: Address reentrant enqueue adding class to eltree twice (Xin Long) [RHEL-105415] {CVE-2025-38001} +- sch_hfsc: Fix qlen accounting bug when using peek in hfsc_enqueue() (Xin Long) [RHEL-105415] {CVE-2025-38000} +- net_sched: hfsc: Fix a UAF vulnerability in class with netem as child qdisc (CKI Backport Bot) [RHEL-105415] {CVE-2025-37890} +- sch_hfsc: make hfsc_qlen_notify() idempotent (Xin Long) [RHEL-105415] +- crypto: algif_hash - fix double free in hash_accept (CKI Backport Bot) [RHEL-102223] {CVE-2025-38079} +- Revert "smb: client: fix TCP timers deadlock after rmmod" (Paulo Alcantara) [RHEL-100698] {CVE-2025-22077} +- Revert "smb: client: Fix netns refcount imbalance causing leaks and use-after-free" (Paulo Alcantara) [RHEL-100698] +- smb: client: Fix netns refcount imbalance causing leaks and use-after-free (Paulo Alcantara) [RHEL-100698] +- smb: client: fix TCP timers deadlock after rmmod (Paulo Alcantara) [RHEL-100698] {CVE-2024-54680} +- smb: client: Fix use-after-free of network namespace. (Paulo Alcantara) [RHEL-100698] {CVE-2024-53095} +- smb: client: fix warning in generic_ip_connect() (Paulo Alcantara) [RHEL-100698] +- net: tipc: fix refcount warning in tipc_aead_encrypt (Xin Long) [RHEL-103079] +- net/tipc: fix slab-use-after-free Read in tipc_aead_encrypt_done (CKI Backport Bot) [RHEL-103079] {CVE-2025-38052} +- memstick: rtsx_usb_ms: Fix slab-use-after-free in rtsx_usb_ms_drv_remove (CKI Backport Bot) [RHEL-99013] {CVE-2025-22020} +- HID: intel-ish-hid: Fix use-after-free issue in ishtp_hid_remove() (CKI Backport Bot) [RHEL-98837] {CVE-2025-21928} + * Thu Jul 24 2025 Denys Vlasenko [4.18.0-553.65.1.el8_10] - x86/alternatives: avoid mapping FIX_TEXT_POKE1 page when it is not required (Rafael Aquini) [RHEL-95422] - ext4: avoid resizing to a partial cluster size (CKI Backport Bot) [RHEL-101423] {CVE-2022-50020} diff --git a/sources b/sources index 87a1991f6..270e17f3e 100644 --- a/sources +++ b/sources @@ -1,3 +1,3 @@ -SHA512 (linux-4.18.0-553.65.1.el8_10.tar.xz) = 0be0afd9484e731fe858d09f4c4d09ecce5d92b8f94767471a3934389b265b3871d11027edf0b7cce9d18551d4b213192aa1324ccb3f1497504bc7697ab2be6b -SHA512 (kernel-abi-stablelists-4.18.0-553.tar.bz2) = 77d5be114f321f413afc96f86cee2841b836f8d07f124319f6128cc175f98eff8e30fcb3f7420d73b669bd1917ad4cffc2f38ade57f39a58cd6ec23be410ddb1 +SHA512 (linux-4.18.0-553.66.1.el8_10.tar.xz) = 27b9ccb4b8f0e9eaf0bd97909ec3d67a27d08ab06a13d4758efdd01a095c26342290a0de97e2bdb16f5ebbdcdc54549a9acd7665717cdaa36e790eff2f523aa8 +SHA512 (kernel-abi-stablelists-4.18.0-553.tar.bz2) = a5310b621b14e38c616d690f2aa348bf3ba880f556bf871787d6ccb1563ec2214f11dd729b03850a1a6994611698e62cb1185cbef2787f46a29eb5441ce365b9 SHA512 (kernel-kabi-dw-4.18.0-553.tar.bz2) = 79a9788af0c183f670166700354b6a188c176427a6230b8bfaa2cfdc6a4daa1418bbee98d80b7f6b3195043eeef1ffa6782d03b5a1733b65a90c22f66684941f