From d1ed60a731667ae3949f9eb56dc31343e3c3cee3 Mon Sep 17 00:00:00 2001 From: Denys Vlasenko Date: Sun, 14 Sep 2025 23:54:29 +0200 Subject: [PATCH] kernel-4.18.0-553.76.1.el8_10 * Sun Sep 14 2025 Denys Vlasenko [4.18.0-553.76.1.el8_10] - HID: core: Harden s32ton() against conversion to 0 bits (CKI Backport Bot) [RHEL-111027] {CVE-2025-38556} - HID: stop exporting hid_snto32() (CKI Backport Bot) [RHEL-111027] {CVE-2025-38556} - HID: simplify snto32() (CKI Backport Bot) [RHEL-111027] {CVE-2025-38556} - HID: core: fix shift-out-of-bounds in hid_report_raw_event (CKI Backport Bot) [RHEL-111027] {CVE-2025-38556} - use uniform permission checks for all mount propagation changes (Ian Kent) [RHEL-107299] {CVE-2025-38498} - do_change_type(): refuse to operate on unmounted/not ours mounts (Ian Kent) [RHEL-107299] {CVE-2025-38498} - xfs: make sure sb_fdblocks is non-negative (Pavel Reichl) [RHEL-104193] - vsock: Fix transport_* TOCTOU (CKI Backport Bot) [RHEL-105991] {CVE-2025-38461} Resolves: RHEL-104193, RHEL-105991, RHEL-107299, RHEL-111027 Signed-off-by: Denys Vlasenko --- kernel.spec | 14 ++++++++++++-- sources | 4 ++-- 2 files changed, 14 insertions(+), 4 deletions(-) diff --git a/kernel.spec b/kernel.spec index 77e2adb98..4b7eb7fb2 100644 --- a/kernel.spec +++ b/kernel.spec @@ -38,10 +38,10 @@ # define buildid .local %define specversion 4.18.0 -%define pkgrelease 553.75.1.el8_10 +%define pkgrelease 553.76.1.el8_10 # allow pkg_release to have configurable %%{?dist} tag -%define specrelease 553.75.1%{?dist} +%define specrelease 553.76.1%{?dist} %define pkg_release %{specrelease}%{?buildid} @@ -2705,6 +2705,16 @@ fi # # %changelog +* Sun Sep 14 2025 Denys Vlasenko [4.18.0-553.76.1.el8_10] +- HID: core: Harden s32ton() against conversion to 0 bits (CKI Backport Bot) [RHEL-111027] {CVE-2025-38556} +- HID: stop exporting hid_snto32() (CKI Backport Bot) [RHEL-111027] {CVE-2025-38556} +- HID: simplify snto32() (CKI Backport Bot) [RHEL-111027] {CVE-2025-38556} +- HID: core: fix shift-out-of-bounds in hid_report_raw_event (CKI Backport Bot) [RHEL-111027] {CVE-2025-38556} +- use uniform permission checks for all mount propagation changes (Ian Kent) [RHEL-107299] {CVE-2025-38498} +- do_change_type(): refuse to operate on unmounted/not ours mounts (Ian Kent) [RHEL-107299] {CVE-2025-38498} +- xfs: make sure sb_fdblocks is non-negative (Pavel Reichl) [RHEL-104193] +- vsock: Fix transport_* TOCTOU (CKI Backport Bot) [RHEL-105991] {CVE-2025-38461} + * Tue Sep 09 2025 Denys Vlasenko [4.18.0-553.75.1.el8_10] - Revert "module, async: async_synchronize_full() on module init iff async is used" (Herton R. Krzesinski) [RHEL-99812] - mm/page_alloc: make sure free_pcppages_bulk() bails when given count < 0 (Rafael Aquini) [RHEL-85453] diff --git a/sources b/sources index c76dc5ebd..df24ae488 100644 --- a/sources +++ b/sources @@ -1,3 +1,3 @@ -SHA512 (linux-4.18.0-553.75.1.el8_10.tar.xz) = 531b4819f7aeb91e47275280f7ea3005b5f10f8c4b6c6b300ba10c1c6d3fc2f09d3fb4cc33a2a32c7a76ef4101303d4d6ed683a43c602861a0930f5df4d54120 -SHA512 (kernel-abi-stablelists-4.18.0-553.tar.bz2) = 85e77a03de44e7c321561dc38618b0c5de584f791d4deb9f169b93add2d8dd8a1b1ec4097dbbeadb2e16950410ca17272c25db67013096e1f5873da772937468 +SHA512 (linux-4.18.0-553.76.1.el8_10.tar.xz) = 10ffdfe04397ac32569e61bcbb50abe44df23b8b0655317b10a427c92696083da83f6564a585f9a35f804825ae5c97eaa31fafd043db3b03ef436cf1ccaf72ff +SHA512 (kernel-abi-stablelists-4.18.0-553.tar.bz2) = 4f4ea07b1f282d6298f01a5ed3363e092e96162079759a6380e88441ded9ca48db210ef7cae32650ae29aa510fe181c3c9c0771f5cb9adac4cc263d942c87d26 SHA512 (kernel-kabi-dw-4.18.0-553.tar.bz2) = 79a9788af0c183f670166700354b6a188c176427a6230b8bfaa2cfdc6a4daa1418bbee98d80b7f6b3195043eeef1ffa6782d03b5a1733b65a90c22f66684941f