From d93604b63784c1b0002110cabe16e030b04eadb7 Mon Sep 17 00:00:00 2001 From: Denys Vlasenko Date: Fri, 26 Jul 2024 23:53:52 +0200 Subject: [PATCH] kernel-4.18.0-553.15.1.el8_10 * Fri Jul 26 2024 Denys Vlasenko [4.18.0-553.15.1.el8_10] - Revert "scsi: st: Add third party poweron reset handling" (John Meneghini) [RHEL-44613] - ionic: fix use after netif_napi_del() (CKI Backport Bot) [RHEL-47624] {CVE-2024-39502} - ionic: clean interrupt before enabling queue to avoid credit race (CKI Backport Bot) [RHEL-47624] {CVE-2024-39502} - net/sunrpc: fix reference count leaks in rpc_sysfs_xprt_state_change (CKI Backport Bot) [RHEL-49321] {CVE-2021-47624} - xhci: Handle TD clearing for multiple streams case (CKI Backport Bot) [RHEL-47882] {CVE-2024-40927} - net: openvswitch: Fix Use-After-Free in ovs_ct_exit (cki-backport-bot) [RHEL-36362] {CVE-2024-27395} - net: bridge: mst: fix suspicious rcu usage in br_mst_set_state (Ivan Vecera) [RHEL-43721] {CVE-2024-36979} - net: bridge: mst: pass vlan group directly to br_mst_vlan_set_state (Ivan Vecera) [RHEL-43721] {CVE-2024-36979} - net: bridge: mst: fix vlan use-after-free (cki-backport-bot) [RHEL-43721] {CVE-2024-36979} - irqchip/gic-v3-its: Prevent double free on error (Charles Mirabile) [RHEL-37022] {CVE-2024-35847} - irqchip/gic-v3-its: Fix potential VPE leak on error (Charles Mirabile) [RHEL-37744] {CVE-2021-47373} - i2c: mlxbf: prevent stack overflow in mlxbf_i2c_smbus_start_transaction() (Charles Mirabile) [RHEL-34735] {CVE-2022-48632} - iommu/dma: fix zeroing of bounce buffer padding used by untrusted devices (Eder Zulian) [RHEL-36954] {CVE-2024-35814} - swiotlb: remove alloc_size argument to swiotlb_tbl_map_single() (Eder Zulian) [RHEL-36954] {CVE-2024-35814} - swiotlb: fix swiotlb_bounce() to do partial sync's correctly (Eder Zulian) [RHEL-36954] {CVE-2024-35814} - swiotlb: extend buffer pre-padding to alloc_align_mask if necessary (Eder Zulian) [RHEL-36954] {CVE-2024-35814} - swiotlb: Reinstate page-alignment for mappings >= PAGE_SIZE (Eder Zulian) [RHEL-36954] {CVE-2024-35814} - swiotlb: Fix alignment checks when both allocation and DMA masks are present (Eder Zulian) [RHEL-36954] {CVE-2024-35814} - swiotlb: Fix double-allocation of slots due to broken alignment handling (Eder Zulian) [RHEL-36954] {CVE-2024-35814} - genirq/cpuhotplug, x86/vector: Prevent vector leak during CPU offline (cki-backport-bot) [RHEL-44441] {CVE-2024-31076} Resolves: RHEL-34735, RHEL-36362, RHEL-36954, RHEL-37022, RHEL-37744, RHEL-43721, RHEL-44441, RHEL-44613, RHEL-47624, RHEL-47882, RHEL-49321 Signed-off-by: Denys Vlasenko --- kernel.spec | 26 ++++++++++++++++++++++++-- sources | 4 ++-- 2 files changed, 26 insertions(+), 4 deletions(-) diff --git a/kernel.spec b/kernel.spec index 43497865d..a367dd381 100644 --- a/kernel.spec +++ b/kernel.spec @@ -38,10 +38,10 @@ # define buildid .local %define specversion 4.18.0 -%define pkgrelease 553.14.1.el8_10 +%define pkgrelease 553.15.1.el8_10 # allow pkg_release to have configurable %%{?dist} tag -%define specrelease 553.14.1%{?dist} +%define specrelease 553.15.1%{?dist} %define pkg_release %{specrelease}%{?buildid} @@ -2696,6 +2696,28 @@ fi # # %changelog +* Fri Jul 26 2024 Denys Vlasenko [4.18.0-553.15.1.el8_10] +- Revert "scsi: st: Add third party poweron reset handling" (John Meneghini) [RHEL-44613] +- ionic: fix use after netif_napi_del() (CKI Backport Bot) [RHEL-47624] {CVE-2024-39502} +- ionic: clean interrupt before enabling queue to avoid credit race (CKI Backport Bot) [RHEL-47624] {CVE-2024-39502} +- net/sunrpc: fix reference count leaks in rpc_sysfs_xprt_state_change (CKI Backport Bot) [RHEL-49321] {CVE-2021-47624} +- xhci: Handle TD clearing for multiple streams case (CKI Backport Bot) [RHEL-47882] {CVE-2024-40927} +- net: openvswitch: Fix Use-After-Free in ovs_ct_exit (cki-backport-bot) [RHEL-36362] {CVE-2024-27395} +- net: bridge: mst: fix suspicious rcu usage in br_mst_set_state (Ivan Vecera) [RHEL-43721] {CVE-2024-36979} +- net: bridge: mst: pass vlan group directly to br_mst_vlan_set_state (Ivan Vecera) [RHEL-43721] {CVE-2024-36979} +- net: bridge: mst: fix vlan use-after-free (cki-backport-bot) [RHEL-43721] {CVE-2024-36979} +- irqchip/gic-v3-its: Prevent double free on error (Charles Mirabile) [RHEL-37022] {CVE-2024-35847} +- irqchip/gic-v3-its: Fix potential VPE leak on error (Charles Mirabile) [RHEL-37744] {CVE-2021-47373} +- i2c: mlxbf: prevent stack overflow in mlxbf_i2c_smbus_start_transaction() (Charles Mirabile) [RHEL-34735] {CVE-2022-48632} +- iommu/dma: fix zeroing of bounce buffer padding used by untrusted devices (Eder Zulian) [RHEL-36954] {CVE-2024-35814} +- swiotlb: remove alloc_size argument to swiotlb_tbl_map_single() (Eder Zulian) [RHEL-36954] {CVE-2024-35814} +- swiotlb: fix swiotlb_bounce() to do partial sync's correctly (Eder Zulian) [RHEL-36954] {CVE-2024-35814} +- swiotlb: extend buffer pre-padding to alloc_align_mask if necessary (Eder Zulian) [RHEL-36954] {CVE-2024-35814} +- swiotlb: Reinstate page-alignment for mappings >= PAGE_SIZE (Eder Zulian) [RHEL-36954] {CVE-2024-35814} +- swiotlb: Fix alignment checks when both allocation and DMA masks are present (Eder Zulian) [RHEL-36954] {CVE-2024-35814} +- swiotlb: Fix double-allocation of slots due to broken alignment handling (Eder Zulian) [RHEL-36954] {CVE-2024-35814} +- genirq/cpuhotplug, x86/vector: Prevent vector leak during CPU offline (cki-backport-bot) [RHEL-44441] {CVE-2024-31076} + * Thu Jul 25 2024 Denys Vlasenko [4.18.0-553.14.1.el8_10] - s390/qeth: Fix kernel panic after setting hsuid (Mete Durlu) [RHEL-49754] - perf/core: Protect event sibling list locking against interrupt inversion (Daniel Vacek) [RHEL-31798] diff --git a/sources b/sources index b8f5e7747..4a5ab99e4 100644 --- a/sources +++ b/sources @@ -1,3 +1,3 @@ -SHA512 (linux-4.18.0-553.14.1.el8_10.tar.xz) = c885fd0eb4bdaaeea96da55ea11f06aec03072f1bc3d80a6d740de569a93ab17988ae715de14f61ae48ffb7566ea942ecba76ad66b8a82cb1cd78a707679fa38 -SHA512 (kernel-abi-stablelists-4.18.0-553.tar.bz2) = 8f4a3261844da6900fd66b0790b8b878c3c0fa2b9e2fc7f13ba557b7ee6eb0446a4480c5060d7c218b9c3f9ef45dc90efede78aafb78ce0587a7d2177efbc261 +SHA512 (linux-4.18.0-553.15.1.el8_10.tar.xz) = ea31abdc0abc1a613153fb6e38aecd2b742152d905898584350b26d1b813ef305f7810c75b58c256200689531a0757991612cac7b6d081c2db54314beec33d69 +SHA512 (kernel-abi-stablelists-4.18.0-553.tar.bz2) = 4fb6cf96f434273396fbb0ec457fde819ee387b09a2c7458cffd8874c803ebef9a314b73644dd72c8cd5c16a169fecee99a880a0e96ccd37760ce6a0926c2286 SHA512 (kernel-kabi-dw-4.18.0-553.tar.bz2) = 8a671ed3c9b7f4b25fd4e594b62bc4a26474cb705d3ed22ca376618b3c7962fc72ace1ffd02c9c3a192d9d2c449d38228809542d7f16ebad16f8127020eb2faf