rpms/kernel
8
2
Fork 6
Code Issues Pull Requests Releases Activity
145 Commits 38 Branches 465 Tags 1 GiB
c8s
Commit Graph

143 Commits

Author SHA1 Message Date
Denys Vlasenko
7c5844c6b9 kernel-4.18.0-553.63.1.el8_10 
* Thu Jul 17 2025 Denys Vlasenko <dvlasenk@redhat.com> [4.18.0-553.63.1.el8_10]
- tcp/dccp: Don't use timer_pending() in reqsk_queue_unlink(). (Guillaume Nault) [RHEL-66324] {CVE-2024-50154}
- net: ch9200: fix uninitialised access during mii_nway_restart (CKI Backport Bot) [RHEL-101200] {CVE-2025-38086}
- mm/swapfile: add cond_resched() in get_swap_pages() (Nico Pache) [RHEL-80401] {CVE-2023-52932}
- dlm: fix possible lkb_resource null dereference (Alexander Aring) [RHEL-64452]
- fs: dlm: handle -EINVAL as log_error() (Alexander Aring) [RHEL-64452]
- redhat/configs: enable CONFIG_RH_KABI_STABLE_ASM_OFFSETS (Čestmír Kalina) [RHEL-90099]
- kabi: freeze stablelist and stackprotector-related constants (Čestmír Kalina) [RHEL-90099]
- kabi: add redhat/kabi/asm-offsets (Čestmír Kalina) [RHEL-90099]
- kabi: add RH_KABI_ASSERT_EQ_CONST{,EXPR} (Čestmír Kalina) [RHEL-90099]
Resolves: RHEL-101200, RHEL-64452, RHEL-66324, RHEL-80401, RHEL-90099

Signed-off-by: Denys Vlasenko <dvlasenk@redhat.com>
 2025-07-17 07:51:38 +02:00
Denys Vlasenko
9bbeecc22b kernel-4.18.0-553.62.1.el8_10 
* Thu Jul 10 2025 Denys Vlasenko <dvlasenk@redhat.com> [4.18.0-553.62.1.el8_10]
- s390/virtio_ccw: Don't allocate/assign airqs for non-existing queues (David Hildenbrand) [RHEL-87557]
- mm/slab: make __free(kfree) accept error pointers (Mark Langsdorf) [RHEL-84410]
- driver core: fix potential NULL pointer dereference in dev_uevent() (Mark Langsdorf) [RHEL-84410]
- driver core: introduce device_set_driver() helper (Mark Langsdorf) [RHEL-84410]
- Revert "drivers: core: synchronize really_probe() and dev_uevent()" (Mark Langsdorf) [RHEL-84410]
- cleanup: Add conditional guard helper (Mark Langsdorf) [RHEL-84410]
- cleanup: Adjust scoped_guard() macros to avoid potential warning (Mark Langsdorf) [RHEL-84410]
- cleanup: Remove address space of returned pointer (Mark Langsdorf) [RHEL-84410]
- cleanup: Add usage and style documentation (Mark Langsdorf) [RHEL-84410]
- file: add take_fd() cleanup helper (Mark Langsdorf) [RHEL-84410]
- cleanup: Standardize the header guard define's name (Mark Langsdorf) [RHEL-84410]
- cleanup: Add conditional guard support (Mark Langsdorf) [RHEL-84410]
- cleanup: Make no_free_ptr() __must_check (Mark Langsdorf) [RHEL-84410]
- locking: Introduce __cleanup() based infrastructure (Mark Langsdorf) [RHEL-84410]
- misc/vmw_vmci: fix an infoleak in vmci_host_do_receive_datagram() (CKI Backport Bot) [RHEL-100343] {CVE-2022-49788}
- media: uvcvideo: Announce the user our deprecation intentions (Desnes Nunes) [RHEL-98760]
- media: uvcvideo: Allow changing noparam on the fly (Desnes Nunes) [RHEL-98760]
- media: uvcvideo: Invert default value for nodrop module param (Desnes Nunes) [RHEL-98760]
- media: uvcvideo: Propagate buf->error to userspace (Desnes Nunes) [RHEL-98760]
- media: uvcvideo: Flush the control cache when we get an event (Desnes Nunes) [RHEL-98760]
- media: uvcvideo: Annotate lock requirements for uvc_ctrl_set (Desnes Nunes) [RHEL-98760]
- media: uvcvideo: Remove dangling pointers (Desnes Nunes) [RHEL-98760] {CVE-2024-58002}
- media: uvcvideo: Remove redundant NULL assignment (Desnes Nunes) [RHEL-98760]
- media: uvcvideo: Only save async fh if success (Desnes Nunes) [RHEL-98760]
- media: uvcvideo: Refactor iterators (Desnes Nunes) [RHEL-98760]
- media: uvcvideo: Fix double free in error path (CKI Backport Bot) [RHEL-98788] {CVE-2024-57980}
- cifs: potential buffer overflow in handling symlinks (Paulo Alcantara) [RHEL-97074] {CVE-2022-49058}
- Race between reading mdstat and stopping an md device (Nigel Croxon) [RHEL-95723]
- fs/dcache: Control # of dentries in list_lru_node (Waiman Long) [RHEL-8578]
- fs/dcache: Add sysctl parameter dentry-fs-klimit to control # of dentries in filesystem (Waiman Long) [RHEL-8578]
- mm/list_lru: Make list_lru_add() return # if items in affected list_lru_node (Waiman Long) [RHEL-8578]
Resolves: RHEL-100343, RHEL-84410, RHEL-8578, RHEL-87557, RHEL-95723, RHEL-97074, RHEL-98760, RHEL-98788

Signed-off-by: Denys Vlasenko <dvlasenk@redhat.com>
 2025-07-10 12:51:31 +02:00
Denys Vlasenko
f71e20f23d kernel-4.18.0-553.61.1.el8_10 
* Thu Jul 03 2025 Denys Vlasenko <dvlasenk@redhat.com> [4.18.0-553.61.1.el8_10]
- s390: Add z17 elf platform (Christoph Schlameuss) [RHEL-100409]
- ext4: ignore xattrs past end (CKI Backport Bot) [RHEL-100375] {CVE-2025-37738}
- ext4: fix off-by-one error in do_split (CKI Backport Bot) [RHEL-100361] {CVE-2025-23150}
- net: atm: fix use after free in lec_send() (CKI Backport Bot) [RHEL-93119] {CVE-2025-22004}
- x86/microcode/AMD: Fix out-of-bounds on systems with CPU-less NUMA nodes (CKI Backport Bot) [RHEL-98980] {CVE-2025-21991}
Resolves: RHEL-100361, RHEL-100375, RHEL-100409, RHEL-93119, RHEL-98980

Signed-off-by: Denys Vlasenko <dvlasenk@redhat.com>
 2025-07-03 15:18:34 +02:00
Denys Vlasenko
31186c8d25 kernel-4.18.0-553.60.1.el8_10 
* Thu Jun 26 2025 Denys Vlasenko <dvlasenk@redhat.com> [4.18.0-553.60.1.el8_10]
- xfs: don't allocate COW extents when unsharing a hole (Brian Foster) [RHEL-83037]
- xfs: don't allocate into the data fork for an unshare request (Brian Foster) [RHEL-83037]
- s390/ism: add release function for struct device (Mete Durlu) [RHEL-97192]
- udf: Fix a slab-out-of-bounds write bug in udf_find_entry() (CKI Backport Bot) [RHEL-99113] {CVE-2022-49846}
Resolves: RHEL-83037, RHEL-97192, RHEL-99113

Signed-off-by: Denys Vlasenko <dvlasenk@redhat.com>
 2025-06-26 20:03:04 +02:00
Denys Vlasenko
b583b64b67 kernel-4.18.0-553.59.1.el8_10 
* Thu Jun 19 2025 Denys Vlasenko <dvlasenk@redhat.com> [4.18.0-553.59.1.el8_10]
- SUNRPC: Fix Oops in xs_tcp_send_request() when transport is disconnected (Olga Kornievskaia) [RHEL-83291]
- SUNRPC: Set TCP_CORK until the transmit queue is empty (Olga Kornievskaia) [RHEL-83291]
- tcp: add tcp_sock_set_cork (Olga Kornievskaia) [RHEL-83291]
- xfs: xfs_ail_push_all_sync() stalls when racing with updates (Brian Foster) [RHEL-88132]
- Bluetooth: Fix use after free in hci_send_acl (CKI Backport Bot) [RHEL-90428] {CVE-2022-49111}
- Bluetooth: MGMT: Fix failing to MGMT_OP_ADD_UUID/MGMT_OP_REMOVE_UUID (David Marlin) [RHEL-90468] {CVE-2022-49136}
- Bluetooth: hci_sync: add lock to protect HCI_UNREGISTER (David Marlin) [RHEL-90468] {CVE-2022-49136}
- Bluetooth: hci_sync: Only allow hci_cmd_sync_queue if running (David Marlin) [RHEL-90468] {CVE-2022-49136}
- Bluetooth: Cancel sync command before suspend and power off (David Marlin) [RHEL-90468] {CVE-2022-49136}
- Bluetooth: hci_sync: Fix queuing commands when HCI_UNREGISTER is set (CKI Backport Bot) [RHEL-90468] {CVE-2022-49136}
- fix backport of "filelock: Remove locks reliably when fcntl/close race is detected" (Scott Mayhew) [RHEL-89709]
- NFSv4: Allow FREE_STATEID to clean up delegations (Benjamin Coddington) [RHEL-86932]
- NFSv4.1: constify the stateid argument in nfs41_test_stateid() (Trond Myklebust) [RHEL-86932]
Resolves: RHEL-83291, RHEL-86932, RHEL-88132, RHEL-89709, RHEL-90428, RHEL-90468

Signed-off-by: Denys Vlasenko <dvlasenk@redhat.com>
 2025-06-19 14:46:29 +02:00
Denys Vlasenko
4367fad2b2 kernel-4.18.0-553.58.1.el8_10 
* Thu Jun 12 2025 Denys Vlasenko <dvlasenk@redhat.com> [4.18.0-553.58.1.el8_10]
- ndisc: use RCU protection in ndisc_alloc_skb() (Xin Long) [RHEL-89535] {CVE-2025-21764}
- ipv6: use RCU protection in ip6_default_advmss() (Xin Long) [RHEL-89535] {CVE-2025-21765}
- net: add dev_net_rcu() helper (Xin Long) [RHEL-89535] {CVE-2025-21765}
- net: treat possible_net_t net pointer as an RCU one and add read_pnet_rcu() (Xin Long) [RHEL-89535]
- idpf: check error for register_netdev() on init (Michal Schmidt) [RHEL-71182] {CVE-2025-22116}
- idpf: avoid mailbox timeout delays during reset (Michal Schmidt) [RHEL-71182]
- idpf: fix a race in txq wakeup (Michal Schmidt) [RHEL-71182]
- idpf: fix idpf_vport_splitq_napi_poll() (Michal Schmidt) [RHEL-71182]
- idpf: fix null-ptr-deref in idpf_features_check (Michal Schmidt) [RHEL-71182]
- idpf: protect shutdown from reset (Michal Schmidt) [RHEL-71182]
- idpf: fix potential memory leak on kcalloc() failure (Michal Schmidt) [RHEL-71182]
- idpf: fix offloads support for encapsulated packets (Michal Schmidt) [RHEL-71182]
- idpf: fix adapter NULL pointer dereference on reboot (Michal Schmidt) [RHEL-71182] {CVE-2025-22065}
- idpf: fix checksums set in idpf_rx_rsc() (Michal Schmidt) [RHEL-71182] {CVE-2025-21890}
- idpf: fix handling rsc packet with a single segment (Michal Schmidt) [RHEL-71182]
- idpf: add more info during virtchnl transaction timeout/salt mismatch (Michal Schmidt) [RHEL-71182]
- idpf: convert workqueues to unbound (Michal Schmidt) [RHEL-71182] {CVE-2024-58057}
- idpf: Acquire the lock before accessing the xn->salt (Michal Schmidt) [RHEL-71182]
- idpf: fix transaction timeouts on reset (Michal Schmidt) [RHEL-71182]
- idpf: add read memory barrier when checking descriptor done bit (Michal Schmidt) [RHEL-71182]
- idpf: deinit virtchnl transaction manager after vport and vectors (Michal Schmidt) [RHEL-71182]
- idpf: use actual mbx receive payload length (Michal Schmidt) [RHEL-71182]
- idpf: call set_real_num_queues in idpf_open (Michal Schmidt) [RHEL-71182 RHEL-90849]
- idpf: fix idpf_vc_core_init error path (Michal Schmidt) [RHEL-68233 RHEL-71182 RHEL-90846] {CVE-2024-53064}
- idpf: avoid vport access in idpf_get_link_ksettings (Michal Schmidt) [RHEL-71182 RHEL-90846] {CVE-2024-50274}
- idpf: fix netdev Tx queue stop/wake (Michal Schmidt) [RHEL-71182]
- idpf: fix UAFs when destroying the queues (Michal Schmidt) [RHEL-71182] {CVE-2024-44932}
- idpf: fix memleak in vport interrupt configuration (Michal Schmidt) [RHEL-71182]
- idpf: fix memory leaks and crashes while performing a soft reset (Michal Schmidt) [RHEL-71182] {CVE-2024-44964}
- idpf: compile singleq code only under default-n CONFIG_IDPF_SINGLEQ (Michal Schmidt) [RHEL-71182]
- redhat/configs: set CONFIG_IDPF_SINGLEQ as disabled (Michal Schmidt) [RHEL-71182]
- idpf: merge singleq and splitq &net_device_ops (Michal Schmidt) [RHEL-71182]
- idpf: avoid bloating &idpf_q_vector with big %%NR_CPUS (Michal Schmidt) [RHEL-71182]
- idpf: split &idpf_queue into 4 strictly-typed queue structures (Michal Schmidt) [RHEL-71182]
- idpf: remove legacy Page Pool Ethtool stats (Michal Schmidt) [RHEL-71182]
- net: remove gfp_mask from napi_alloc_skb() [idpf] (Michal Schmidt) [RHEL-71182]
- idpf: stop using macros for accessing queue descriptors (Michal Schmidt) [RHEL-71182]
- idpf: don't enable NAPI and interrupts prior to allocating Rx buffers (Michal Schmidt) [RHEL-71182]
- idpf: Interpret .set_channels() input differently (Michal Schmidt) [RHEL-71182]
- idpf: make virtchnl2.h self-contained (Michal Schmidt) [RHEL-71182]
- s390/pci: Serialize device addition and removal (Mete Durlu) [RHEL-95783]
- s390/pci: Allow re-add of a reserved but not yet removed device (Mete Durlu) [RHEL-95783]
- s390/pci: Prevent self deletion in disable_slot() (Mete Durlu) [RHEL-95783]
- s390/pci: Remove redundant bus removal and disable from zpci_release_device() (Mete Durlu) [RHEL-95783]
- s390/pci: Fix duplicate pci_dev_put() in disable_slot() when PF has child VFs (Mete Durlu) [RHEL-95783]
- s390/pci: Fix missing check for zpci_create_device() error return (Mete Durlu) [RHEL-95783]
- s390/pci: Fix potential double remove of hotplug slot (Mete Durlu) [RHEL-95783]
- s390/pci: remove hotplug slot when releasing the device (Mete Durlu) [RHEL-95783]
- s390/pci: introduce lock to synchronize state of zpci_dev's (Mete Durlu) [RHEL-95783]
- s390/pci: rename lock member in struct zpci_dev (Mete Durlu) [RHEL-95783]
Resolves: RHEL-68233, RHEL-71182, RHEL-89535, RHEL-90846, RHEL-90849, RHEL-95783

Signed-off-by: Denys Vlasenko <dvlasenk@redhat.com>
 2025-06-12 15:51:23 +02:00
Denys Vlasenko
d31aa9e052 kernel-4.18.0-553.57.1.el8_10 
* Thu Jun 05 2025 Denys Vlasenko <dvlasenk@redhat.com> [4.18.0-553.57.1.el8_10]
- smb: client: fix warning in cifs_smb3_do_mount() (Paulo Alcantara) [RHEL-55825]
- cifs: fix double free race when mount fails in cifs_get_root() (Paulo Alcantara) [RHEL-55825] {CVE-2022-48919}
- security/keys: fix slab-out-of-bounds in key_task_permission (CKI Backport Bot) [RHEL-68090] {CVE-2024-50301}
Resolves: RHEL-55825, RHEL-68090

Signed-off-by: Denys Vlasenko <dvlasenk@redhat.com>
 2025-06-05 17:30:46 +02:00
Denys Vlasenko
703d08c751 kernel-4.18.0-553.56.1.el8_10 
* Sun Jun 01 2025 Denys Vlasenko <dvlasenk@redhat.com> [4.18.0-553.56.1.el8_10]
- tools/power/x86_energy_perf_policy: Read energy_perf_bias from sysfs (David Arcari) [RHEL-86963]
- um: Fix out-of-bounds read in LDT setup (CKI Backport Bot) [RHEL-90261] {CVE-2022-49395}
Resolves: RHEL-86963, RHEL-90261

Signed-off-by: Denys Vlasenko <dvlasenk@redhat.com>
 2025-06-01 13:38:31 +02:00
Denys Vlasenko
3f6d0cd6ca kernel-4.18.0-553.55.1.el8_10 
* Fri May 23 2025 Denys Vlasenko <dvlasenk@redhat.com> [4.18.0-553.55.1.el8_10]
- sched/fair: Fix CPU bandwidth limit bypass during CPU hotplug (Phil Auld) [RHEL-85171]
Resolves: RHEL-85171

Signed-off-by: Denys Vlasenko <dvlasenk@redhat.com>
 2025-05-23 12:25:13 +02:00
Denys Vlasenko
c7383990f0 kernel-4.18.0-553.54.1.el8_10 
* Thu May 15 2025 Denys Vlasenko <dvlasenk@redhat.com> [4.18.0-553.54.1.el8_10]
- ice: fix stats being updated by way too large values (CKI Backport Bot) [RHEL-70834]
- wifi: rtw89: Fix array index mistake in rtw89_sta_info_get_iter() (CKI Backport Bot) [RHEL-54802] {CVE-2024-43842}
- sched/rt: Fix race in push_rt_task (Phil Auld) [RHEL-84963]
Resolves: RHEL-54802, RHEL-70834, RHEL-84963

Signed-off-by: Denys Vlasenko <dvlasenk@redhat.com>
 2025-05-15 22:11:12 +02:00
Denys Vlasenko
f560842934 kernel-4.18.0-553.53.1.el8_10 
* Fri May 09 2025 Denys Vlasenko <dvlasenk@redhat.com> [4.18.0-553.53.1.el8_10]
- net/mlx5: Always stop health timer during driver removal (Michal Schmidt) [RHEL-47712] {CVE-2024-40906}
- net/mlx5: Split function_setup() to enable and open functions (Michal Schmidt) [RHEL-47712]
- net/mlx5e: SHAMPO, Fix invalid WQ linked list unlink (Michal Schmidt) [RHEL-57117] {CVE-2024-44970}
- net/mlx5e: SHAMPO, Fix incorrect page release (Michal Schmidt) [RHEL-57117] {CVE-2024-46717}
- s390/pci: Fix zpci_bus_is_isolated_vf() for non-VFs (Mete Durlu) [RHEL-88819]
- platform/x86: dell-wmi-sysman: Make init_bios_attributes() ACPI object parsing more robust (Jay Shin) [RHEL-88714]
- platform/x86: dell-wmi-sysman: Cleanup create_attributes_level_sysfs_files() (Jay Shin) [RHEL-88714]
- platform/x86: dell-wmi-sysman: Make sysman_init() return -ENODEV of the interfaces are not found (Jay Shin) [RHEL-88714]
- platform/x86: dell-wmi-sysman: Cleanup sysman_init() error-exit handling (Jay Shin) [RHEL-88714]
- platform/x86: dell-wmi-sysman: Fix release_attributes_data() getting called twice on init_bios_attributes() failure (Jay Shin) [RHEL-88714]
- platform/x86: dell-wmi-sysman: Make it safe to call exit_foo_attributes() multiple times (Jay Shin) [RHEL-88714]
- platform/x86: dell-wmi-sysman: Fix possible NULL pointer deref on exit (Jay Shin) [RHEL-88714]
- platform/x86: dell-wmi-sysman: Fix crash caused by calling kset_unregister twice (Jay Shin) [RHEL-88714]
- x86/kexec: Add EFI config table identity mapping for kexec kernel (Herton R. Krzesinski) [RHEL-71793]
- vsock: Orphan socket after transport release (Jay Shin) [RHEL-89099] {CVE-2025-21756}
- vsock: Keep the binding until socket destruction (Jay Shin) [RHEL-89099] {CVE-2025-21756}
- bpf, vsock: Invoke proto::close on close() (Jay Shin) [RHEL-89099] {CVE-2025-21756}
Resolves: RHEL-47712, RHEL-57117, RHEL-71793, RHEL-88714, RHEL-88819, RHEL-89099

Signed-off-by: Denys Vlasenko <dvlasenk@redhat.com>
 2025-05-09 12:12:43 +02:00
Denys Vlasenko
fe4eb7a627 kernel-4.18.0-553.52.1.el8_10 
* Thu May 01 2025 Denys Vlasenko <dvlasenk@redhat.com> [4.18.0-553.52.1.el8_10.gfd1b]
- netfilter: ipset: add missing range check in bitmap_ip_uadt (Florian Westphal) [RHEL-70268] {CVE-2024-53141}
- NFS: Extend rdirplus mount option with "force|none" (Benjamin Coddington) [RHEL-16285]
- idpf: trigger SW interrupt when exiting wb_on_itr mode (Michal Schmidt) [RHEL-73266]
- idpf: add support for SW triggered interrupts (Michal Schmidt) [RHEL-73266]
- idpf: fix VF dynamic interrupt ctl register initialization (Michal Schmidt) [RHEL-73266]
- idpf: enable WB_ON_ITR (Michal Schmidt) [RHEL-73266]
- redhat: require recent enough linux-firmware for qed (Denys Vlasenko) [RHEL-6342]
- gfs2: deallocate inodes in gfs2_create_inode (Andreas Gruenbacher) [RHEL-7875]
- gfs2: Move GIF_ALLOC_FAILED check out of gfs2_ea_dealloc (Andreas Gruenbacher) [RHEL-7875]
- gfs2: Move gfs2_dinode_dealloc (Andreas Gruenbacher) [RHEL-7875]
- gfs2: Don't reread inodes unnecessarily (Andreas Gruenbacher) [RHEL-7875]
- gfs2: gfs2_create_inode error handling fix (Andreas Gruenbacher) [RHEL-7875]
- gfs2: No longer use 'extern' in function declarations (Andreas Gruenbacher) [RHEL-7875]
- hwmon: (coretemp) fix pci device refcount leak in nv1a_ram_new() (CKI Backport Bot) [RHEL-63668] {CVE-2022-49011}
Resolves: RHEL-16285, RHEL-6342, RHEL-63668, RHEL-70268, RHEL-73266, RHEL-7875

Signed-off-by: Denys Vlasenko <dvlasenk@redhat.com>
 2025-05-01 20:24:40 +02:00
Denys Vlasenko
2d0622f4fb kernel-4.18.0-553.51.1.el8_10 
* Thu Apr 24 2025 Denys Vlasenko <dvlasenk@redhat.com> [4.18.0-553.51.1.el8_10]
- x86/xen: use the whole RCX when picking the right hypercall function (Vitaly Kuznetsov) [RHEL-87072]
- Revert "usb: xhci: prevent potential failure in handle_tx_event() for Transfer events without TRB" (Desnes Nunes) [RHEL-87280]
Resolves: RHEL-87072, RHEL-87280

Signed-off-by: Denys Vlasenko <dvlasenk@redhat.com>
 2025-04-24 09:44:44 +02:00
Denys Vlasenko
2f9bef1e11 kernel-4.18.0-553.50.1.el8_10 
* Thu Apr 10 2025 Denys Vlasenko <dvlasenk@redhat.com> [4.18.0-553.50.1.el8_10]
- perf debug: Set debug_peo_args and redirect_to_stderr variable to correct values in perf_quiet_option() (Michael Petlan) [RHEL-82119]
- ALSA: usb-audio: Fix out of bounds reads when finding clock sources (Jarod Wilson) [RHEL-86737] {CVE-2024-53150}
- scsi: storvsc: Set correct data length for sending SCSI command without payload (Cathy Avery) [RHEL-83052]
- ice: fold ice_ptp_read_time into ice_ptp_gettimex64 (Michal Schmidt) [RHEL-85852]
- ice: avoid the PTP hardware semaphore in gettimex64 path (Michal Schmidt) [RHEL-85852]
- ice: add ice_adapter for shared data across PFs on the same NIC (Michal Schmidt) [RHEL-85852]
Resolves: RHEL-82119, RHEL-83052, RHEL-85852, RHEL-86737

Signed-off-by: Denys Vlasenko <dvlasenk@redhat.com>
 2025-04-10 20:29:56 +02:00
Denys Vlasenko
f5164060a6 kernel-4.18.0-553.49.1.el8_10 
* Thu Apr 03 2025 Denys Vlasenko <dvlasenk@redhat.com> [4.18.0-553.49.1.el8_10]
- net/mlx5: Fix error path in multi-packet WQE transmit (CKI Backport Bot) [RHEL-84244]
- redhat: drop Y issues from changelog (Jan Stancek)
- md/md-bitmap: fix writing non bitmap changes local to RHEL (Nigel Croxon) [RHEL-80673]
- md/md-bitmap: fix writing non bitmap pages (Nigel Croxon) [RHEL-80673]
- md-bitmap: use %%pD to print the file name in md_bitmap_file_kick (Nigel Croxon) [RHEL-80673]
- md-bitmap: initialize variables at declaration time in md_bitmap_file_unmap (Nigel Croxon) [RHEL-80673]
- md-bitmap: set BITMAP_WRITE_ERROR in write_sb_page (Nigel Croxon) [RHEL-80673]
- raid1: update discard granularity when adding new disk (Nigel Croxon) [RHEL-71499]
- x86/xen: remove hypercall page (Vitaly Kuznetsov) [RHEL-70666] {CVE-2024-53241}
- x86/xen: use new hypercall functions instead of hypercall page (Vitaly Kuznetsov) [RHEL-70666] {CVE-2024-53241}
Resolves: RHEL-70666, RHEL-71499, RHEL-80673, RHEL-84244

Signed-off-by: Denys Vlasenko <dvlasenk@redhat.com>
 2025-04-03 14:48:52 +02:00
Denys Vlasenko
54d265fe14 kernel-4.18.0-553.48.1.el8_10 
* Thu Mar 27 2025 Denys Vlasenko <dvlasenk@redhat.com> [4.18.0-553.48.1.el8_10]
- rhel-8.10: gate kernel on kernel-qe tests results not cki ones (Bruno Goncalves)
- gfs2: skip if we cannot defer delete (Andreas Gruenbacher) [RHEL-76208]
- gfs2: remove redundant warnings (Andreas Gruenbacher) [RHEL-76208]
- gfs2: minor evict fix (Andreas Gruenbacher) [RHEL-76208]
- gfs2: Prevent inode creation race (2) (Andreas Gruenbacher) [RHEL-76208]
- gfs2: Fix additional unlikely request cancelation race (Andreas Gruenbacher) [RHEL-76208]
- gfs2: Fix request cancelation bug (Andreas Gruenbacher) [RHEL-76208]
- gfs2: Check for empty queue in run_queue (Andreas Gruenbacher) [RHEL-76208]
- gfs2: Remove more dead code in add_to_queue (Andreas Gruenbacher) [RHEL-76208]
- gfs2: remove dead code in add_to_queue (Su Hui) [RHEL-76208]
- gfs2: Remove LM_FLAG_PRIORITY flag (Andreas Gruenbacher) [RHEL-76208]
- gfs2: Replace GIF_DEFER_DELETE with GLF_DEFER_DELETE (Andreas Gruenbacher) [RHEL-76208]
- gfs2: Add GLF_PENDING_REPLY flag (Andreas Gruenbacher) [RHEL-76208]
- gfs2: Remove and replace gfs2_glock_queue_work (Andreas Gruenbacher) [RHEL-76208]
- gfs2: do_xmote fixes (Andreas Gruenbacher) [RHEL-76208]
- gfs2: Clear flags when withdraw prevents xmote (Bob Peterson) [RHEL-76208]
- gfs2: fix a deadlock on withdraw-during-mount (Bob Peterson) [RHEL-76208]
- gfs2: gfs2_evict_inode clarification (Andreas Gruenbacher) [RHEL-76208]
- gfs2: Remove misleading comments in gfs2_evict_inode (Andreas Gruenbacher) [RHEL-76208]
Resolves: RHEL-76208

Signed-off-by: Denys Vlasenko <dvlasenk@redhat.com>
 2025-03-27 17:35:51 +01:00
Denys Vlasenko
4929d01ec9 kernel-4.18.0-553.47.1.el8_10 
* Thu Mar 20 2025 Denys Vlasenko <dvlasenk@redhat.com> [4.18.0-553.47.1.el8_10]
- nfs: don't invalidate dentries on transient errors (Scott Mayhew) [RHEL-78136]
- ethtool: runtime-resume netdev parent before ethtool ioctl ops (John J Coleman) [RHEL-78156]
- bpf: Use raw_spinlock_t in ringbuf (Viktor Malik) [RHEL-79911] {CVE-2024-50138}
Resolves: RHEL-78136, RHEL-78156, RHEL-79911

Signed-off-by: Denys Vlasenko <dvlasenk@redhat.com>
 2025-03-20 12:24:56 +01:00
Denys Vlasenko
eb88741227 kernel-4.18.0-553.46.1.el8_10 
* Thu Mar 13 2025 Denys Vlasenko <dvlasenk@redhat.com> [4.18.0-553.46.1.el8_10]
- s390/pci: Fix handling of isolated VFs (Mete Durlu) [RHEL-81934]
- s390/pci: Pull search for parent PF out of zpci_iov_setup_virtfn() (Mete Durlu) [RHEL-81934]
- s390/pci: Fix SR-IOV for PFs initially in standby (Mete Durlu) [RHEL-81934]
- x86/mm: Fix VDSO and VVAR placement on 5-level paging machines (Herton R. Krzesinski) [RHEL-62832]
- arm64: cacheinfo: Avoid out-of-bounds write to cacheinfo array (CKI Backport Bot) [RHEL-82720] {CVE-2025-21785}
- nouveau/fence: handle cross device fences properly (Dave Airlie) [RHEL-80085]
Resolves: RHEL-62832, RHEL-80085, RHEL-81934, RHEL-82720

Signed-off-by: Denys Vlasenko <dvlasenk@redhat.com>
 2025-03-13 13:47:44 +01:00
Denys Vlasenko
eab0fccabb kernel-4.18.0-553.45.1.el8_10 
* Thu Mar 06 2025 Denys Vlasenko <dvlasenk@redhat.com> [4.18.0-553.45.1.el8_10]
- gve: trigger RX NAPI instead of TX NAPI in gve_xsk_wakeup (Joshua Washington) [RHEL-73269]
- gve: process XSK TX descriptors as part of RX NAPI (Joshua Washington) [RHEL-73269]
- gve: guard XSK operations on the existence of queues (Joshua Washington) [RHEL-73269]
- gve: guard XDP xmit NDO on existence of xdp queues (Joshua Washington) [RHEL-73269]
- gve: Fix an edge case for TSO skb validity check (Joshua Washington) [RHEL-73269]
- gve: Fix XDP TX completion handling when counters overflow (Joshua Washington) [RHEL-73269]
- gve: Clear napi->skb before dev_kfree_skb_any() (Joshua Washington) [RHEL-73269] {CVE-2024-40937}
- gve: ignore nonrelevant GSO type bits when processing TSO headers (Joshua Washington) [RHEL-73269]
- can: bcm: Fix UAF in bcm_proc_show() (CKI Backport Bot) [RHEL-80733] {CVE-2023-52922}
- gfs2: glock holder GL_NOPID fix (Andreas Gruenbacher) [RHEL-80694]
- gfs2: Decode missing glock flags in tracepoints (Andreas Gruenbacher) [RHEL-80694]
- net/smc: support ipv4 mapped ipv6 addr client for smc-r v2 (Mete Durlu) [RHEL-79810]
- net: smc: fix spurious error message from __sock_release() (Mete Durlu) [RHEL-79812]
Resolves: RHEL-73269, RHEL-79810, RHEL-79812, RHEL-80694, RHEL-80733

Signed-off-by: Denys Vlasenko <dvlasenk@redhat.com>
 2025-03-06 13:36:24 +01:00
Denys Vlasenko
963ce53533 kernel-4.18.0-553.44.1.el8_10 
* Wed Mar 05 2025 Denys Vlasenko <dvlasenk@redhat.com> [4.18.0-553.44.1.el8_10]
- HID: core: zero-initialize the report buffer (CKI Backport Bot) [RHEL-81825] {CVE-2024-50302}
- ALSA: usb-audio: Fix a DMA to stack memory bug (Jaroslav Kysela) [RHEL-81786]
- ALSA: usb-audio: Fix for sampling rates support for Mbox3 (Jaroslav Kysela) [RHEL-81786]
- ALSA: usb-audio: Fix potential out-of-bound accesses for Extigy and Mbox devices (Jaroslav Kysela) [RHEL-81786] {CVE-2024-53197}
- ALSA: usb-audio: Add sampling rates support for Mbox3 (Jaroslav Kysela) [RHEL-81786]
Resolves: RHEL-81786, RHEL-81825

Signed-off-by: Denys Vlasenko <dvlasenk@redhat.com>
 2025-03-05 14:45:29 +01:00
Denys Vlasenko
66454330fa kernel-4.18.0-553.43.1.el8_10 
* Thu Feb 27 2025 Denys Vlasenko <dvlasenk@redhat.com> [4.18.0-553.43.1.el8_10]
- s390/module: fix loading modules with a lot of relocations (Mete Durlu) [RHEL-78999]
- s390/module: Use s390_kernel_write() for late relocations (Mete Durlu) [RHEL-78999]
- locking/atomic: Make test_and_*_bit() ordered on failure (Herton R. Krzesinski) [RHEL-69894]
- pps: Fix a use-after-free (Michal Schmidt) [RHEL-77971]
- KVM: s390: Change virtual to physical address access in diag 0x258 handler (Thomas Huth) [RHEL-68323 RHEL-65229]
- KVM: s390: gaccess: Check if guest address is in memslot (Thomas Huth) [RHEL-68323 RHEL-65229]
- KVM: s390: Fix SORTL and DFLTCC instruction format error in __insn32_query (Thomas Huth) [RHEL-68323 RHEL-65229]
- s390/uv: Panic for set and remove shared access UVC errors (Thomas Huth) [RHEL-68323 RHEL-65229]
- KVM: s390: vsie: Use virt_to_phys for crypto control block (Thomas Huth) [RHEL-68323 RHEL-65229]
- KVM: s390: vsie: Use virt_to_phys for facility control block (Thomas Huth) [RHEL-68323 RHEL-65229]
- scsi: megaraid_sas: Fix for a potential deadlock (Tomas Henzl) [RHEL-21984] {CVE-2024-57807}
- net/mlx5: Reload auxiliary devices in pci error handlers (Benjamin Poirier) [RHEL-78756]
- net/mlx5: Suspend auxiliary devices only in case of PCI device suspend (Benjamin Poirier) [RHEL-78756]
Resolves: RHEL-21984, RHEL-68323, RHEL-69894, RHEL-77971, RHEL-78756, RHEL-78999

Signed-off-by: Denys Vlasenko <dvlasenk@redhat.com>
 2025-02-27 05:46:24 +01:00
Denys Vlasenko
058d4019aa kernel-4.18.0-553.42.1.el8_10 
* Thu Feb 20 2025 Denys Vlasenko <dvlasenk@redhat.com> [4.18.0-553.42.1.el8_10]
- net: skb: exclude the single page frag cache for too small alloc (Paolo Abeni) [RHEL-66261]
- NFSD: Reset cb_seq_status after NFS4ERR_DELAY (Olga Kornievskaia) [RHEL-79458]
- mm: vmscan: account for free pages to prevent infinite Loop in throttle_direct_reclaim() (Seiji Nishikawa) [RHEL-64950]
- scsi: st: Don't set pos_unknown just after device recognition (John Meneghini) [RHEL-78415]
- ovl: fix use inode directly in rcu-walk mode (Miklos Szeredi) [RHEL-76161]
- RDMA/cxgb4: Fix RDMA_CM_EVENT_UNREACHABLE error for iWARP (Kamal Heib) [RHEL-75826]
Resolves: RHEL-64950, RHEL-66261, RHEL-75826, RHEL-76161, RHEL-78415, RHEL-79458

Signed-off-by: Denys Vlasenko <dvlasenk@redhat.com>
 2025-02-20 10:11:55 +01:00
Denys Vlasenko
e859b990ed kernel-4.18.0-553.41.1.el8_10 
* Fri Feb 14 2025 Denys Vlasenko <dvlasenk@redhat.com> [4.18.0-553.41.1.el8_10]
- virtio-net: correctly enable callback during start_xmit (Laurent Vivier) [RHEL-72886]
- dm snapshot: fix lockup in dm_exception_table_exit (Benjamin Marzinski) [RHEL-76230 RHEL-34599]
Resolves: RHEL-72886, RHEL-76230

Signed-off-by: Denys Vlasenko <dvlasenk@redhat.com>
 2025-02-14 22:11:14 +01:00
Denys Vlasenko
e322ab635f kernel-4.18.0-553.40.1.el8_10 
* Thu Feb 06 2025 Denys Vlasenko <dvlasenk@redhat.com> [4.18.0-553.40.1.el8_10]
- media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format (Desnes Nunes) [RHEL-69571] {CVE-2024-53104}
Resolves: RHEL-69571

Signed-off-by: Denys Vlasenko <dvlasenk@redhat.com>
 2025-02-06 19:19:16 +01:00
Denys Vlasenko
af82d120c4 kernel-4.18.0-553.39.1.el8_10 
* Fri Jan 31 2025 Denys Vlasenko <dvlasenk@redhat.com> [4.18.0-553.39.1.el8_10]
- gfs2: Truncate address space when flipping GFS2_DIF_JDATA flag (Andreas Gruenbacher) [RHEL-73915]
Resolves: RHEL-73915

Signed-off-by: Denys Vlasenko <dvlasenk@redhat.com>
 2025-01-31 01:35:35 +01:00
Denys Vlasenko
43750cbf65 kernel-4.18.0-553.38.1.el8_10 
* Thu Jan 23 2025 Denys Vlasenko <dvlasenk@redhat.com> [4.18.0-553.38.1.el8_10]
- net: usb: lan78xx: add Allied Telesis AT29M2-AF (Jose Ignacio Tornos Martinez) [RHEL-70891]
- s390/pci: Allow allocation of more than 1 MSI interrupt (Mete Durlu) [RHEL-74385]
- s390/pci: Refactor arch_setup_msi_irqs() (Mete Durlu) [RHEL-74385]
- s390/pci: Fix leak of struct zpci_dev when zpci_add_device() fails (Mete Durlu) [RHEL-71451]
- s390/pci: Ignore RID for isolated VFs (Mete Durlu) [RHEL-71451]
- s390/pci: Use topology ID for multi-function devices (Mete Durlu) [RHEL-71451]
- s390/pci: Sort PCI functions prior to creating virtual busses (Mete Durlu) [RHEL-71451]
- s390/iucv: MSG_PEEK causes memory leak in iucv_sock_destruct() (Mete Durlu) [RHEL-74387]
- s390/pci: Handle PCI error codes other than 0x3a (Mete Durlu) [RHEL-74383]
Resolves: RHEL-70891, RHEL-71451, RHEL-74383, RHEL-74385, RHEL-74387

Signed-off-by: Denys Vlasenko <dvlasenk@redhat.com>
 2025-01-23 16:29:46 +01:00
Denys Vlasenko
e8c4db5bf6 kernel-4.18.0-553.37.1.el8_10 
* Fri Jan 17 2025 Denys Vlasenko <dvlasenk@redhat.com> [4.18.0-553.37.1.el8_10]
- arm64/sve: Discard stale CPU state when handling SVE traps (Mark Salter) [RHEL-71535] {CVE-2024-50275}
- scsi: core: Handle devices which return an unusually large VPD page count (Ewan D. Milne) [RHEL-34275]
- scsi: core: Fix unremoved procfs host directory regression (Ewan D. Milne) [RHEL-34275]
- scsi: core: Consult supported VPD page list prior to fetching page (Ewan D. Milne) [RHEL-34275]
- NFSv4: Fix dropped lock for racing OPEN and delegation return (Benjamin Coddington) [RHEL-73889]
Resolves: RHEL-34275, RHEL-71535, RHEL-73889

Signed-off-by: Denys Vlasenko <dvlasenk@redhat.com>
 2025-01-17 12:34:15 +01:00
Denys Vlasenko
97669d9aa8 kernel-4.18.0-553.36.1.el8_10 
* Thu Jan 09 2025 Denys Vlasenko <dvlasenk@redhat.com> [4.18.0-553.36.1.el8_10]
- cpufreq: intel_pstate: Support Emerald Rapids OOB mode (David Arcari) [RHEL-59649]
- scsi: st: New session only when Unit Attention for new tape (John Meneghini) [RHEL-28790]
- scsi: st: Add MTIOCGET and MTLOAD to ioctls allowed after device reset (John Meneghini) [RHEL-28790]
- scsi: st: Don't modify unknown block number in MTIOCGET (John Meneghini) [RHEL-28790]
- Reapply "scsi: st: Add third party poweron reset handling" (John Meneghini) [RHEL-28790]
Resolves: RHEL-28790, RHEL-59649

Signed-off-by: Denys Vlasenko <dvlasenk@redhat.com>
 2025-01-09 18:09:16 +01:00
Denys Vlasenko
c972678cfc kernel-4.18.0-553.35.1.el8_10 
* Thu Jan 02 2025 Denys Vlasenko <dvlasenk@redhat.com> [4.18.0-553.35.1.el8_10]
- samples: pktgen: allow to specify destination port (Hangbin Liu) [RHEL-56480]
- samples: pktgen: add some helper functions for port parsing (Hangbin Liu) [RHEL-56480]
- scsi: storvsc: Do not flag MAINTENANCE_IN return of SRB_STATUS_DATA_OVERRUN as an error (Cathy Avery) [RHEL-71396]
- scsi: storvsc: Handle additional SRB status values (Cathy Avery) [RHEL-71396]
Resolves: RHEL-56480, RHEL-71396

Signed-off-by: Denys Vlasenko <dvlasenk@redhat.com>
 2025-01-02 14:56:42 +01:00
Denys Vlasenko
b8fa01287a kernel-4.18.0-553.34.1.el8_10 
* Thu Dec 12 2024 Denys Vlasenko <dvlasenk@redhat.com> [4.18.0-553.34.1.el8_10]
- mptcp: cope racing subflow creation in mptcp_rcv_space_adjust (Davide Caratti) [RHEL-69667] {CVE-2024-53122}
- NFS: nfs_async_write_reschedule_io must not recurse into the writeback code (Benjamin Coddington) [RHEL-68647]
- xfs: fix sparse inode limits on runt AG (Pavel Reichl) [RHEL-62924]
- KVM: SVM: Get source vCPUs from source VM for SEV-ES intrahost migration (Maxim Levitsky) [RHEL-67974]
- x86/cpu/intel: Detect TME keyid bits before setting MTRR mask registers (Vitaly Kuznetsov) [RHEL-65362]
- dlm: fix recovery of middle conversions (Alexander Aring) [RHEL-64860]
- i40e: fix race condition by adding filter's intermediate sync state (Michal Schmidt) [RHEL-68271] {CVE-2024-53088}
- i40e: fix i40e_count_filters() to count only active/new filters (Michal Schmidt) [RHEL-68271] {CVE-2024-53088}
Resolves: RHEL-62924, RHEL-64860, RHEL-65362, RHEL-67974, RHEL-68271, RHEL-68647, RHEL-69667

Signed-off-by: Denys Vlasenko <dvlasenk@redhat.com>
 2024-12-12 21:06:03 +01:00
Denys Vlasenko
7d691c59f4 kernel-4.18.0-553.33.1.el8_10 
* Fri Dec 06 2024 Denys Vlasenko <dvlasenk@redhat.com> [4.18.0-553.33.1.el8_10]
- Revert "scsi: lpfc: Fix mbuf pool resource detected as busy at driver unload" This patch is dependent on the mbox refactor patch that was not added to rh8. (Dick Kennedy) [RHEL-64073]
- drm/i915: Fix HPD polling, reenabling the output poll work as needed (Lyude Paul) [RHEL-62796]
- drm: Add an HPD poll helper to reschedule the poll work (Lyude Paul) [RHEL-62796]
Resolves: RHEL-62796, RHEL-64073

Signed-off-by: Denys Vlasenko <dvlasenk@redhat.com>
 2024-12-06 12:40:59 +01:00
Denys Vlasenko
6e91e28ffa kernel-4.18.0-553.32.1.el8_10 
* Fri Nov 29 2024 Denys Vlasenko <dvlasenk@redhat.com> [4.18.0-553.32.1.el8_10]
- irqchip/gic-v4: Correctly deal with set_affinity on lazily-mapped VPEs (Charles Mirabile) [RHEL-66965] {CVE-2024-50192}
- irqchip/gic-v4: Don't allow a VMOVP on a dying VPE (Charles Mirabile) [RHEL-66965] {CVE-2024-50192}
- blk-rq-qos: fix crash on rq_qos_wait vs. rq_qos_wake_function race (Ming Lei) [RHEL-65158] {CVE-2024-50082}
- gfs2: fix double destroy_workqueue error (Andreas Gruenbacher) [RHEL-62869]
- Revert "GFS2: Don't add all glocks to the lru" (Andreas Gruenbacher) [RHEL-62869]
- gfs2: Use list_move_tail instead of list_del/list_add_tail (Andreas Gruenbacher) [RHEL-62869]
- gfs2: Revise glock reference counting model (Andreas Gruenbacher) [RHEL-62869]
- gfs2: Switch to a per-filesystem glock workqueue (Andreas Gruenbacher) [RHEL-62869]
- gfs2: Report when glocks cannot be freed for a long time (Andreas Gruenbacher) [RHEL-62869]
- gfs2: gfs2_glock_get cleanup (Andreas Gruenbacher) [RHEL-62869]
- gfs2: Invert the GLF_INITIAL flag (Andreas Gruenbacher) [RHEL-62869]
- gfs2: Rename handle_callback to request_demote (Andreas Gruenbacher) [RHEL-62869]
- gfs2: Rename GLF_FROZEN to GLF_HAVE_FROZEN_REPLY (Andreas Gruenbacher) [RHEL-62869]
- gfs2: Rename GLF_REPLY_PENDING to GLF_HAVE_REPLY (Andreas Gruenbacher) [RHEL-62869]
- gfs2: Rename GLF_FREEING to GLF_UNLOCKED (Andreas Gruenbacher) [RHEL-62869]
- gfs2: Remove useless return statement in run_queue (Andreas Gruenbacher) [RHEL-62869]
- gfs2: Remove unnecessary function prototype (Andreas Gruenbacher) [RHEL-62869]
- gfs2: finish_xmote cleanup (Andreas Gruenbacher) [RHEL-62869]
- gfs2: Replace gfs2_glock_queue_put with gfs2_glock_put_async (Andreas Gruenbacher) [RHEL-62869]
- KVM: selftests: memslot_perf_test: increase guest sync timeout (Maxim Levitsky) [RHEL-19080]
- vsock/virtio: Initialization of the dangling pointer occurring in vsk->trans (Jon Maloy) [RHEL-68025] {CVE-2024-50264}
- md/raid5: Wait sync io to finish before changing group cnt (Nigel Croxon) [RHEL-58585]
Resolves: RHEL-19080, RHEL-58585, RHEL-62869, RHEL-65158, RHEL-66965, RHEL-68025

Signed-off-by: Denys Vlasenko <dvlasenk@redhat.com>
 2024-11-29 14:35:37 +01:00
Denys Vlasenko
14ee20d83a kernel-4.18.0-553.31.1.el8_10 
* Fri Nov 22 2024 Denys Vlasenko <dvlasenk@redhat.com> [4.18.0-553.31.1.el8_10]
- xfrm: fix one more kernel-infoleak in algo dumping (Sabrina Dubroca) [RHEL-65955] {CVE-2024-50110}
- netfilter: nf_reject_ipv6: fix potential crash in nf_send_reset6() (Florian Westphal) [RHEL-66862] {CVE-2024-50256}
- netfilter: nf_reject: Fix build warning when CONFIG_BRIDGE_NETFILTER=n (Florian Westphal) [RHEL-66862]
- netfilter: nf_reject_ipv6: fix nf_reject_ip6_tcphdr_put() (Florian Westphal) [RHEL-66862]
- cifs: fix return of uninitialized rc in dfs_cache_update_tgthint() (Paulo Alcantara) [RHEL-7988]
- cifs: handle cache lookup errors different than -ENOENT (Paulo Alcantara) [RHEL-7988]
- cifs: don't take exclusive lock for updating target hints (Paulo Alcantara) [RHEL-7988]
- cifs: avoid re-lookups in dfs_cache_find() (Paulo Alcantara) [RHEL-7988]
- cifs: fix potential deadlock in cache_refresh_path() (Paulo Alcantara) [RHEL-7988]
- cifs: don't refresh cached referrals from unactive mounts (Paulo Alcantara) [RHEL-7988]
- cifs: return ENOENT for DFS lookup_cache_entry() (Paulo Alcantara) [RHEL-7988]
- selinux,smack: don't bypass permissions check in inode_setsecctx hook (Ondrej Mosnacek) [RHEL-66104] {CVE-2024-46695}
- gfs2: Prevent inode creation race (Andreas Gruenbacher) [RHEL-67823]
- gfs2: Only defer deletes when we have an iopen glock (Andreas Gruenbacher) [RHEL-67823]
- arm64: probes: Remove broken LDR (literal) uprobe support (Mark Salter) [RHEL-66042] {CVE-2024-50099}
- net: avoid potential underflow in qdisc_pkt_len_init() with UFO (Davide Caratti) [RHEL-65399] {CVE-2024-49949}
- xfrm: validate new SA's prefixlen using SA family when sel.family is unset (Sabrina Dubroca) [RHEL-66457] {CVE-2024-50142}
Resolves: RHEL-65399, RHEL-65955, RHEL-66042, RHEL-66104, RHEL-66457, RHEL-66862, RHEL-67823, RHEL-7988

Signed-off-by: Denys Vlasenko <dvlasenk@redhat.com>
 2024-11-22 09:48:19 +01:00
Denys Vlasenko
a897b12c37 kernel-4.18.0-553.30.1.el8_10 
* Fri Nov 15 2024 Denys Vlasenko <dvlasenk@redhat.com> [4.18.0-553.30.1.el8_10]
- media: edia: dvbdev: fix a use-after-free (Kate Hsuan) [RHEL-35763] {CVE-2024-27043}
- blk-mq: fix missing blk_account_io_done() in error path (Ming Lei) [RHEL-61200]
- rbd: don't assume rbd_is_lock_owner() for exclusive mappings (Ilya Dryomov) [RHEL-52684]
- rbd: don't assume RBD_LOCK_STATE_LOCKED for exclusive mappings (Ilya Dryomov) [RHEL-52684]
- rbd: rename RBD_LOCK_STATE_RELEASING and releasing_wait (Ilya Dryomov) [RHEL-52684]
- smb: client: use actual path when queryfs (Paulo Alcantara) [RHEL-60363]
- cifs: Fix uninitialized memory reads for oparms.mode (Paulo Alcantara) [RHEL-60363]
- cifs: Fix uninitialized memory read for smb311 posix symlink create (Paulo Alcantara) [RHEL-60363]
- cifs: convert the path to utf16 in smb2_query_info_compound (Paulo Alcantara) [RHEL-60363]
- autofs: fix thinko in validate_dev_ioctl() (Ian Kent) [RHEL-62168]
- autofs: add per dentry expire timeout (Ian Kent) [RHEL-62168]
- bpf: Add BPF_PROG_TYPE_CGROUP_SKB attach type enforcement in BPF_LINK_CREATE (Viktor Malik) [RHEL-44167] {CVE-2024-38564}
Resolves: RHEL-35763, RHEL-44167, RHEL-52684, RHEL-60363, RHEL-61200, RHEL-62168

Signed-off-by: Denys Vlasenko <dvlasenk@redhat.com>
 2024-11-15 00:45:33 +01:00
Denys Vlasenko
8c16665a51 kernel-4.18.0-553.29.1.el8_10 
* Thu Nov 07 2024 Denys Vlasenko <dvlasenk@redhat.com> [4.18.0-553.29.1.el8_10]
- Bluetooth: l2cap: fix null-ptr-deref in l2cap_chan_timeout (cki-backport-bot) [RHEL-36372] {CVE-2024-27399}
- mptcp: pm: Fix uaf in __timer_delete_sync (Guillaume Nault) [RHEL-60614] {CVE-2024-46858}
- cifs: fix dfs link failover in cifs_tree_connect() (Paulo Alcantara) [RHEL-8002]
Resolves: RHEL-36372, RHEL-60614, RHEL-8002

Signed-off-by: Denys Vlasenko <dvlasenk@redhat.com>
 2024-11-07 09:24:32 +01:00
Denys Vlasenko
24ba219b96 kernel-4.18.0-553.28.1.el8_10 
* Thu Oct 31 2024 Denys Vlasenko <dvlasenk@redhat.com> [4.18.0-553.28.1.el8_10]
- s390/mm: Add cond_resched() to cmm_alloc/free_pages() (Mete Durlu) [RHEL-61702]
- smb: client: fix deadlock in smb2_find_smb_tcon() (Paulo Alcantara) [RHEL-61400]
- smb: client: fix potential deadlock when releasing mids (Paulo Alcantara) [RHEL-61400]
- cifs: remove useless DeleteMidQEntry() (Paulo Alcantara) [RHEL-61400]
- Bluetooth: af_bluetooth: Fix deadlock (CKI Backport Bot) [RHEL-58991]
- gitlab-ci: provide consistent kcidb_tree_name (Michael Hofmann)
- x86/mm/ident_map: Use gbpages only where full GB page should be mapped. (Nico Pache) [RHEL-26709]
- audit: Send netlink ACK before setting connection in auditd_set (Richard Guy Briggs) [RHEL-14004]
- KVM: selftests: x86: Fix test failure on arch lbr capable platforms (Maxim Levitsky) [RHEL-23999]
- raid1: fix use-after-free for original bio in raid1_write_request() (Nigel Croxon) [RHEL-55263]
Resolves: RHEL-14004, RHEL-23999, RHEL-26709, RHEL-55263, RHEL-58991, RHEL-61400, RHEL-61702

Signed-off-by: Denys Vlasenko <dvlasenk@redhat.com>
 2024-10-31 15:02:54 +01:00
Denys Vlasenko
8ced754fdf kernel-4.18.0-553.27.1.el8_10 
* Thu Oct 17 2024 Denys Vlasenko <dvlasenk@redhat.com> [4.18.0-553.27.1.el8_10]
- lib/generic-radix-tree.c: Fix rare race in __genradix_ptr_alloc() (Waiman Long) [RHEL-62139] {CVE-2024-47668}
- bonding: fix xfrm real_dev null pointer dereference (Hangbin Liu) [RHEL-57239] {CVE-2024-44989}
- bonding: fix null pointer deref in bond_ipsec_offload_ok (Hangbin Liu) [RHEL-57233] {CVE-2024-44990}
- bpf: Fix overrunning reservations in ringbuf (Viktor Malik) [RHEL-49414] {CVE-2024-41009}
- xprtrdma: fix pointer derefs in error cases of rpcrdma_ep_create (CKI Backport Bot) [RHEL-49309] {CVE-2022-48773}
- tty: tty_io: update timestamps on all device nodes (Aristeu Rozanski) [RHEL-55257]
- tty: use 64-bit timstamp (Aristeu Rozanski) [RHEL-55257]
- ELF: fix kernel.randomize_va_space double read (Rafael Aquini) [RHEL-60669] {CVE-2024-46826}
- xfrm: set dst dev to blackhole_netdev instead of loopback_dev in ifdown (Xin Long) [RHEL-58100]
- loopback: fix lockdep splat (Xin Long) [RHEL-58100]
- blackhole_netdev: use blackhole_netdev to invalidate dst entries (Xin Long) [RHEL-58100]
- loopback: create blackhole net device similar to loopack. (Xin Long) [RHEL-58100]
Resolves: RHEL-49309, RHEL-49414, RHEL-55257, RHEL-57233, RHEL-57239, RHEL-58100, RHEL-60669, RHEL-62139

Signed-off-by: Denys Vlasenko <dvlasenk@redhat.com>
 2024-10-17 19:16:21 +02:00
Denys Vlasenko
7d0d16faa1 kernel-4.18.0-553.26.1.el8_10 
* Wed Oct 09 2024 Denys Vlasenko <dvlasenk@redhat.com> [4.18.0-553.26.1.el8_10]
- nouveau: lock the client object tree. (Abdiel Janulgue) [RHEL-35118] {CVE-2024-27062}
- cifs: fix deadlock between reconnect and lease break (Paulo Alcantara) [RHEL-58037]
- ACPI: PAD: fix crash in exit_round_robin() (Mark Langsdorf) [RHEL-56156]
- gfs2: Randomize GLF_VERIFY_DELETE work delay (Andreas Gruenbacher) [RHEL-35757]
- gfs2: Use mod_delayed_work in gfs2_queue_try_to_evict (Andreas Gruenbacher) [RHEL-35757]
- gfs2: Update to the evict / remote delete documentation (Andreas Gruenbacher) [RHEL-35757]
- gfs2: Clean up delete work processing (Andreas Gruenbacher) [RHEL-35757]
- gfs2: Return enum evict_behavior from gfs2_upgrade_iopen_glock (Andreas Gruenbacher) [RHEL-35757]
- gfs2: Rename dinode_demise to evict_behavior (Andreas Gruenbacher) [RHEL-35757]
- gfs2: Rename GIF_{DEFERRED -> DEFER}_DELETE (Andreas Gruenbacher) [RHEL-35757]
- gfs2: Faster gfs2_upgrade_iopen_glock wakeups (Andreas Gruenbacher) [RHEL-35757]
- gfs2: Fix unlinked inode cleanup (Andreas Gruenbacher) [RHEL-35757]
- gfs2: Initialize gl_no_formal_ino earlier (Andreas Gruenbacher) [RHEL-35757]
- gfs2: Rename GLF_VERIFY_EVICT to GLF_VERIFY_DELETE (Andreas Gruenbacher) [RHEL-35757]
- gfs2: make timeout values more explicit (Wolfram Sang) [RHEL-35757]
- gfs2: Simplify function gfs2_upgrade_iopen_glock (Andreas Gruenbacher) [RHEL-35757]
- gfs2: Rename SDF_DEACTIVATING to SDF_KILL (Andreas Gruenbacher) [RHEL-35757]
- gfs2: Cease delete work during unmount (Bob Peterson) [RHEL-35757]
- gfs2: Improve gfs2_upgrade_iopen_glock comment (Andreas Gruenbacher) [RHEL-35757]
- gfs2: nit: gfs2_drop_inode shouldn't return bool (Bob Peterson) [RHEL-35757]
- dmaengine: fix NULL pointer in channel unregistration function (Jerry Snitselaar) [RHEL-28867] {CVE-2023-52492}
- dma-direct: Leak pages on dma_set_decrypted() failure (Jerry Snitselaar) [RHEL-37335] {CVE-2024-35939}
- nfsd: fix delegation_blocked() to block correctly for at least 30 seconds (Olga Kornievskaia) [RHEL-41075]
- NFSv4: Always ask for type with READDIR (Benjamin Coddington) [RHEL-39397]
- cifs: get rid of unneeded conditional in cifs_get_num_sgs() (Paulo Alcantara) [RHEL-60251]
- cifs: Get rid of unneeded conditional in the smb2_get_aead_req() (Paulo Alcantara) [RHEL-60251]
- cifs: Remove duplicated include in cifsglob.h (Paulo Alcantara) [RHEL-60251]
- cifs: fix oops during encryption (Paulo Alcantara) [RHEL-60251]
Resolves: RHEL-28867, RHEL-35118, RHEL-35757, RHEL-37335, RHEL-39397, RHEL-41075, RHEL-56156, RHEL-58037, RHEL-60251

Signed-off-by: Denys Vlasenko <dvlasenk@redhat.com>
 2024-10-09 22:52:14 +02:00
Denys Vlasenko
ba7d5425aa kernel-4.18.0-553.25.1.el8_10 
* Wed Oct 02 2024 Denys Vlasenko <dvlasenk@redhat.com> [4.18.0-553.25.1.el8_10]
- cifs: modefromsids must add an ACE for authenticated users (Paulo Alcantara) [RHEL-56052]
- cifs: do not use uninitialized data in the owner/group sid (Paulo Alcantara) [RHEL-56052]
- cifs: fix set of group SID via NTSD xattrs (Paulo Alcantara) [RHEL-56052]
- smb3: correct smb3 ACL security descriptor (Paulo Alcantara) [RHEL-56052]
- smb3: fix possible access to uninitialized pointer to DACL (Paulo Alcantara) [RHEL-56052]
- cifs: remove two cases where rc is set unnecessarily in sid_to_id (Paulo Alcantara) [RHEL-56052]
- cifs: Fix chmod with modefromsid when an older ACE already exists. (Paulo Alcantara) [RHEL-56052]
- cifs: update new ACE pointer after populate_new_aces. (Paulo Alcantara) [RHEL-56052]
- cifs: If a corrupted DACL is returned by the server, bail out. (Paulo Alcantara) [RHEL-56052]
- cifs: cleanup a few le16 vs. le32 uses in cifsacl.c (Paulo Alcantara) [RHEL-56052]
- cifs: Change SIDs in ACEs while transferring file ownership. (Paulo Alcantara) [RHEL-56052]
- cifs: Retain old ACEs when converting between mode bits and ACL. (Paulo Alcantara) [RHEL-56052]
- cifs: Fix cifsacl ACE mask for group and others. (Paulo Alcantara) [RHEL-56052]
- Add SMB 2 support for getting and setting SACLs (Paulo Alcantara) [RHEL-56052]
- SMB3: Add support for getting and setting SACLs (Paulo Alcantara) [RHEL-56052]
- cifs: Enable sticky bit with cifsacl mount option. (Paulo Alcantara) [RHEL-56052]
- cifs: Fix unix perm bits to cifsacl conversion for "other" bits. (Paulo Alcantara) [RHEL-56052]
- drm/i915/gt: Fix potential UAF by revoke of fence registers (Mika Penttilä) [RHEL-53633] {CVE-2024-41092}
- scsi: lpfc: Validate hdwq pointers before dereferencing in reset/errata paths (Dick Kennedy) [RHEL-27224]
- kobject_uevent: Fix OOB access within zap_modalias_env() (Rafael Aquini) [RHEL-55000] {CVE-2024-42292}
- gfs2: Fix NULL pointer dereference in gfs2_log_flush (Andrew Price) [RHEL-51553] {CVE-2024-42079}
- of: module: add buffer overflow check in of_modalias() (Charles Mirabile) [RHEL-44267] {CVE-2024-38541}
Resolves: RHEL-27224, RHEL-44267, RHEL-51553, RHEL-53633, RHEL-55000, RHEL-56052

Signed-off-by: Denys Vlasenko <dvlasenk@redhat.com>
 2024-10-02 11:16:18 +02:00
Denys Vlasenko
13be37371f kernel-4.18.0-553.24.1.el8_10 
* Wed Sep 25 2024 Denys Vlasenko <dvlasenk@redhat.com> [4.18.0-553.24.1.el8_10]
- cifs: do not set WorkstationName in NTLMSSP auth blob (Paulo Alcantara) [RHEL-56729]
- padata: Fix possible divide-by-0 panic in padata_mt_helper() (Steve Best) [RHEL-56162] {CVE-2024-43889}
- i40e: Fix wrong check for I40E_TXR_FLAGS_WB_ON_ITR (CKI Backport Bot) [RHEL-57000]
- sctp: Fix null-ptr-deref in reuseport_add_sock(). (Xin Long) [RHEL-56234] {CVE-2024-44935}
- net/mlx5e: Fix netif state handling (Michal Schmidt) [RHEL-43864] {CVE-2024-38608}
- net/mlx5e: Add wrapping for auxiliary_driver ops and remove unused args (Michal Schmidt) [RHEL-43864] {CVE-2024-38608}
- r8169: Fix possible ring buffer corruption on fragmented Tx packets. (cki-backport-bot) [RHEL-44031] {CVE-2024-38586}
- netfilter: flowtable: initialise extack before use (Florian Westphal) [RHEL-58542] {CVE-2024-45018}
- memcg: protect concurrent access to mem_cgroup_idr (Rafael Aquini) [RHEL-56252] {CVE-2024-43892}
- memcontrol: ensure memcg acquired by id is properly set up (Rafael Aquini) [RHEL-56252] {CVE-2024-43892}
- mm: memcontrol: fix cannot alloc the maximum memcg ID (Rafael Aquini) [RHEL-56252] {CVE-2024-43892}
- mm/memcg: minor cleanup for MEM_CGROUP_ID_MAX (Rafael Aquini) [RHEL-56252] {CVE-2024-43892}
- ice: Add netif_device_attach/detach into PF reset flow (CKI Backport Bot) [RHEL-23676]
Resolves: RHEL-23676, RHEL-43864, RHEL-44031, RHEL-56162, RHEL-56234, RHEL-56252, RHEL-56729, RHEL-57000, RHEL-58542

Signed-off-by: Denys Vlasenko <dvlasenk@redhat.com>
 2024-09-25 16:48:13 +02:00
Denys Vlasenko
67fea34b5b kernel-4.18.0-553.23.1.el8_10 
* Thu Sep 19 2024 Denys Vlasenko <dvlasenk@redhat.com> [4.18.0-553.23.1.el8_10]
- ethtool: check device is present when getting link settings (Jamie Bainbridge) [RHEL-57002]
- netfilter: nft_set_pipapo: do not free live element (Phil Sutter) [RHEL-34221] {CVE-2024-26924}
- netfilter: nf_tables: missing iterator type in lookup walk (Phil Sutter) [RHEL-35033] {CVE-2024-27017}
- netfilter: nft_set_pipapo: walk over current view on netlink dump (Phil Sutter) [RHEL-35033] {CVE-2024-27017}
- netfilter: nftables: add helper function to flush set elements (Phil Sutter) [RHEL-35033] {CVE-2024-27017}
- netfilter: nf_tables: prefer nft_chain_validate (Phil Sutter) [RHEL-51040] {CVE-2024-41042}
- netfilter: nf_tables: fully validate NFT_DATA_VALUE on store to data registers (Phil Sutter) [RHEL-51516] {CVE-2024-42070}
- netfilter: nf_tables: Fix potential data-race in __nft_flowtable_type_get() (Phil Sutter) [RHEL-43003] {CVE-2024-35898}
- netfilter: ipset: Fix suspicious rcu_dereference_protected() (Phil Sutter) [RHEL-47606] {CVE-2024-39503}
- netfilter: ipset: Fix race between namespace cleanup and gc in the list:set type (Phil Sutter) [RHEL-47606] {CVE-2024-39503}
- netfilter: ipset: Add list flush to cancel_gc (Phil Sutter) [RHEL-47606] {CVE-2024-39503}
- netfilter: nf_conntrack_h323: Add protection for bmp length out of range (Phil Sutter) [RHEL-42680] {CVE-2024-26851}
- netfilter: bridge: replace physindev with physinif in nf_bridge_info (Florian Westphal) [RHEL-37038 RHEL-37039] {CVE-2024-35839}
- netfilter: propagate net to nf_bridge_get_physindev (Florian Westphal) [RHEL-37038 RHEL-37039] {CVE-2024-35839}
- netfilter: nfnetlink_log: use proper helper for fetching physinif (Florian Westphal) [RHEL-37038 RHEL-37039] {CVE-2024-35839}
- netfilter: nf_queue: remove excess nf_bridge variable (Florian Westphal) [RHEL-37038 RHEL-37039] {CVE-2024-35839}
- dev/parport: fix the array out-of-bounds risk (Steve Best) [RHEL-54985] {CVE-2024-42301}
- KVM: Always flush async #PF workqueue when vCPU is being destroyed (Sean Christopherson) [RHEL-35100] {CVE-2024-26976}
- bnxt_re: avoid shift undefined behavior in bnxt_qplib_alloc_init_hwq (Kamal Heib) [RHEL-44279] {CVE-2024-38540}
- tipc: Return non-zero value from tipc_udp_addr2str() on error (Xin Long) [RHEL-55069] {CVE-2024-42284}
- Bluetooth: Fix TOCTOU in HCI debugfs implementation (CKI Backport Bot) [RHEL-26831] {CVE-2024-24857}
- drm/i915/dpt: Make DPT object unshrinkable (CKI Backport Bot) [RHEL-47856] {CVE-2024-40924}
- tipc: force a dst refcount before doing decryption (Xin Long) [RHEL-48363] {CVE-2024-40983}
- block: initialize integrity buffer to zero before writing it to media (Ming Lei) [RHEL-54763] {CVE-2024-43854}
- gso: do not skip outer ip header in case of ipip and net_failover (CKI Backport Bot) [RHEL-55790] {CVE-2022-48936}
- drm/amdgpu: avoid using null object of framebuffer (CKI Backport Bot) [RHEL-51405] {CVE-2024-41093}
- ipv6: prevent possible NULL deref in fib6_nh_init() (Guillaume Nault) [RHEL-48170] {CVE-2024-40961}
- mlxsw: spectrum_acl_erp: Fix object nesting warning (CKI Backport Bot) [RHEL-55568] {CVE-2024-43880}
- ibmvnic: Add tx check to prevent skb leak (CKI Backport Bot) [RHEL-51249] {CVE-2024-41066}
- ibmvnic: rename local variable index to bufidx (CKI Backport Bot) [RHEL-51249] {CVE-2024-41066}
- netfilter: bridge: replace physindev with physinif in nf_bridge_info (Florian Westphal) [RHEL-37038 RHEL-37039] {CVE-2024-35839}
- netfilter: propagate net to nf_bridge_get_physindev (Florian Westphal) [RHEL-37038 RHEL-37039] {CVE-2024-35839}
- netfilter: nfnetlink_log: use proper helper for fetching physinif (Florian Westphal) [RHEL-37038 RHEL-37039] {CVE-2024-35839}
- netfilter: nf_queue: remove excess nf_bridge variable (Florian Westphal) [RHEL-37038 RHEL-37039] {CVE-2024-35839}
- USB: serial: mos7840: fix crash on resume (CKI Backport Bot) [RHEL-53680] {CVE-2024-42244}
- ACPICA: Revert "ACPICA: avoid Info: mapping multiple BARs. Your kernel is fine." (CKI Backport Bot) [RHEL-48381] {CVE-2024-40984}
Resolves: RHEL-26831, RHEL-34221, RHEL-35033, RHEL-35100, RHEL-37038, RHEL-37039, RHEL-42680, RHEL-43003, RHEL-44279, RHEL-47606, RHEL-47856, RHEL-48170, RHEL-48363, RHEL-48381, RHEL-51040, RHEL-51249, RHEL-51405, RHEL-51516, RHEL-53680, RHEL-54763, RHEL-54985, RHEL-55069, RHEL-55568, RHEL-55790, RHEL-57002

Signed-off-by: Denys Vlasenko <dvlasenk@redhat.com>
 2024-09-19 02:25:52 +02:00
Denys Vlasenko
1238d03c7f kernel-4.18.0-553.22.1.el8_10 
* Wed Sep 11 2024 Denys Vlasenko <dvlasenk@redhat.com> [4.18.0-553.22.1.el8_10]
- wifi: mac80211: Avoid address calculations via out of bounds array indexing (Michal Schmidt) [RHEL-51278] {CVE-2024-41071}
Resolves: RHEL-51278

Signed-off-by: Denys Vlasenko <dvlasenk@redhat.com>
 2024-09-11 19:04:16 +02:00
Denys Vlasenko
96cfee15d2 kernel-4.18.0-553.21.1.el8_10 
* Wed Sep 04 2024 Denys Vlasenko <dvlasenk@redhat.com> [4.18.0-553.21.1.el8_10]
- s390/dasd: fix error recovery leading to data corruption on ESE devices (Mete Durlu) [RHEL-55874]
- protect the fetch of ->fd[fd] in do_dup2() from mispredictions (CKI Backport Bot) [RHEL-55123] {CVE-2024-42265}
- net: openvswitch: fix overwriting ct original tuple for ICMPv6 (cki-backport-bot) [RHEL-44207] {CVE-2024-38558}
- mlxsw: thermal: Fix out-of-bounds memory accesses (CKI Backport Bot) [RHEL-38375] {CVE-2021-47441}
- USB: class: cdc-wdm: Fix CPU lockup caused by excessive log messages (CKI Backport Bot) [RHEL-47552] {CVE-2024-40904}
- ipvs: properly dereference pe in ip_vs_add_service (Phil Sutter) [RHEL-54903] {CVE-2024-42322}
- net, sunrpc: Remap EPERM in case of connection failure in xs_tcp_setup_socket (CKI Backport Bot) [RHEL-53702] {CVE-2024-42246}
- drm/amdgpu: change vm->task_info handling (Michel Dänzer) [RHEL-49379] {CVE-2024-41008}
- drm/amdgpu: Fix signedness bug in sdma_v4_0_process_trap_irq() (Michel Dänzer) [RHEL-45036] {CVE-2024-39471}
- drm/amdgpu: add error handle to avoid out-of-bounds (Michel Dänzer) [RHEL-45036] {CVE-2024-39471}
- drm/amdgpu: Using uninitialized value *size when calling amdgpu_vce_cs_reloc (Michel Dänzer) [RHEL-52845] {CVE-2024-42228}
Resolves: RHEL-38375, RHEL-44207, RHEL-45036, RHEL-47552, RHEL-49379, RHEL-52845, RHEL-53702, RHEL-54903, RHEL-55123, RHEL-55874

Signed-off-by: Denys Vlasenko <dvlasenk@redhat.com>
 2024-09-04 17:17:50 +02:00
Denys Vlasenko
de4004ba64 kernel-4.18.0-553.20.1.el8_10 
* Thu Aug 29 2024 Denys Vlasenko <dvlasenk@redhat.com> [4.18.0-553.20.1.el8_10]
- KVM: arm64: Disassociate vcpus from redistributor region on teardown (Shaoqin Huang) [RHEL-48417] {CVE-2024-40989}
- devres: Fix memory leakage caused by driver API devm_free_percpu() (CKI Backport Bot) [RHEL-55597] {CVE-2024-43871}
- phy: ti: phy-omap-usb2: Fix NULL pointer dereference for SRP (Izabela Bakollari) [RHEL-26680] {CVE-2024-26600}
- nvmet-fc: avoid deadlock on delete association path (Maurizio Lombardi) [RHEL-31618] {CVE-2024-26769}
- nvmet-fc: release reference on target port (Maurizio Lombardi) [RHEL-31618] {CVE-2024-26769}
- ACPI: LPIT: Avoid u32 multiplication overflow (Mark Langsdorf) [RHEL-37062] {CVE-2023-52683}
- sched/deadline: Fix task_struct reference leak (Phil Auld) [RHEL-50904] {CVE-2024-41023}
- nfsd: fix crash on LOCKT on reexported NFSv3 (Benjamin Coddington) [RHEL-31515]
- mlxsw: spectrum_acl_tcam: Fix NULL pointer dereference in error path (CKI Backport Bot) [RHEL-26570] {CVE-2024-26595}
- mlxsw: spectrum_acl_tcam: Move devlink param to TCAM code (Ivan Vecera) [RHEL-26570] {CVE-2024-26595}
- ACPI: extlog: fix NULL pointer dereference check (Mark Langsdorf) [RHEL-29110] {CVE-2023-52605}
- ACPI: processor_idle: Fix memory leak in acpi_processor_power_exit() (Mark Langsdorf) [RHEL-33198] {CVE-2024-26894}
- mm: prevent derefencing NULL ptr in pfn_section_valid() (Audra Mitchell) [RHEL-51132] {CVE-2024-41055}
- mm, kmsan: fix infinite recursion due to RCU critical section (Audra Mitchell) [RHEL-51132] {CVE-2024-41055}
- cipso: make cipso_v4_skbuff_delattr() fully remove the CIPSO options (Ondrej Mosnacek) [RHEL-30904]
- cipso: fix total option length computation (Ondrej Mosnacek) [RHEL-30904]
- ext4: do not create EA inode under buffer lock (Carlos Maiolino) [RHEL-48271] {CVE-2024-40972}
- ext4: fold quota accounting into ext4_xattr_inode_lookup_create() (Carlos Maiolino) [RHEL-48271] {CVE-2024-40972}
- ext4: check the return value of ext4_xattr_inode_dec_ref() (Carlos Maiolino) [RHEL-48271] {CVE-2024-40972}
- ext4: fix uninitialized ratelimit_state->lock access in __ext4_fill_super() (Carlos Maiolino) [RHEL-48507] {CVE-2024-40998}
- ext4: remove duplicate definition of ext4_xattr_ibody_inline_set() (Carlos Maiolino) [RHEL-48271] {CVE-2024-40972}
Resolves: RHEL-26570, RHEL-26680, RHEL-29110, RHEL-30904, RHEL-31515, RHEL-31618, RHEL-33198, RHEL-37062, RHEL-48271, RHEL-48417, RHEL-48507, RHEL-50904, RHEL-51132, RHEL-55597

Signed-off-by: Denys Vlasenko <dvlasenk@redhat.com>
 2024-08-29 16:34:01 +02:00
Denys Vlasenko
4c931425b4 kernel-4.18.0-553.19.1.el8_10 
* Thu Aug 22 2024 Denys Vlasenko <dvlasenk@redhat.com> [4.18.0-553.19.1.el8_10]
- drm/i915/vma: Fix UAF on destroy against retire race (Mika Penttilä) [RHEL-35222] {CVE-2024-26939}
- RHEL-48620 (Kenneth Yin) [RHEL-48620]
- net: ice: Fix potential NULL pointer dereference in ice_bridge_setlink() (CKI Backport Bot) [RHEL-42721] {CVE-2024-26855}
- net: usb: asix: do not force pause frames support (Ken Cox) [RHEL-28108] {CVE-2021-47101}
- net: asix: fix "can't send until first packet is send" issue (Ken Cox) [RHEL-28108] {CVE-2021-47101}
- net: asix: fix modprobe "sysfs: cannot create duplicate filename" (Ken Cox) [RHEL-28108] {CVE-2021-47101}
- net: asix: add proper error handling of usb read errors (Ken Cox) [RHEL-28108] {CVE-2021-47101}
- asix: fix wrong return value in asix_check_host_enable() (Ken Cox) [RHEL-28108] {CVE-2021-47101}
- asix: fix uninit-value in asix_mdio_read() (Ken Cox) [RHEL-28108] {CVE-2021-47101}
- net: usb: asix: ax88772: fix boolconv.cocci warnings (Ken Cox) [RHEL-28108] {CVE-2021-47101}
- net: usb: asix: do not call phy_disconnect() for ax88178 (Ken Cox) [RHEL-28108] {CVE-2021-47101}
- net: usb: asix: ax88772: move embedded PHY detection as early as possible (Ken Cox) [RHEL-28108] {CVE-2021-47101}
- net: asix: fix uninit value bugs (Ken Cox) [RHEL-28108] {CVE-2021-47101}
- net: usb: asix: ax88772: add missing stop (Ken Cox) [RHEL-28108] {CVE-2021-47101}
- net: usb: asix: ax88772: suspend PHY on driver probe (Ken Cox) [RHEL-28108] {CVE-2021-47101}
- net: usb: asix: ax88772: manage PHY PM from MAC (Ken Cox) [RHEL-28108] {CVE-2021-47101}
- net: usb: asix: ax88772: Fix less than zero comparison of a u16 (Ken Cox) [RHEL-28108] {CVE-2021-47101}
- net: usb: asix: Fix less than zero comparison of a u16 (Ken Cox) [RHEL-28108] {CVE-2021-47101}
- net: usb: asix: add error handling for asix_mdio_* functions (Ken Cox) [RHEL-28108] {CVE-2021-47101}
- net: usb: asix: ax88772: add phylib support (Ken Cox) [RHEL-28108] {CVE-2021-47101}
- net: usb: asix: refactor asix_read_phy_addr() and handle errors on return (Ken Cox) [RHEL-28108] {CVE-2021-47101}
- SUNRPC: always free ctxt when freeing deferred request (Jay Shin) [RHEL-40936]
- SUNRPC: double free xprt_ctxt while still in use (Jay Shin) [RHEL-40936]
- SUNRPC: Remove svc_rqst::rq_xprt_hlen (Jay Shin) [RHEL-40936]
- SUNRPC: Remove dead code in svc_tcp_release_rqst() (Jay Shin) [RHEL-40936]
- x86/bugs: Extend VMware Retbleed workaround to Nehalem & earlier CPUs (Waiman Long) [RHEL-48646]
- wifi: iwlwifi: read txq->read_ptr under lock (Jose Ignacio Tornos Martinez) [RHEL-39797] {CVE-2024-36922}
- scsi: bnx2fc: Remove spin_lock_bh while releasing resources after upload (John Meneghini) [RHEL-39908] {CVE-2024-36919}
- nbd: always initialize struct msghdr completely (Ming Lei) [RHEL-29498] {CVE-2024-26638}
- block: don't call rq_qos_ops->done_bio if the bio isn't tracked (Ming Lei) [RHEL-42151] {CVE-2021-47412}
- nvmet: fix a possible leak when destroy a ctrl during qp establishment (Maurizio Lombardi) [RHEL-52013] {CVE-2024-42152}
- ipv6: prevent NULL dereference in ip6_output() (Sabrina Dubroca) [RHEL-39912] {CVE-2024-36901}
- ppp: reject claimed-as-LCP but actually malformed packets (Guillaume Nault) [RHEL-51052] {CVE-2024-41044}
- leds: trigger: Unregister sysfs attributes before calling deactivate() (CKI Backport Bot) [RHEL-54834] {CVE-2024-43830}
- crypto: bcm - Fix pointer arithmetic (cki-backport-bot) [RHEL-44108] {CVE-2024-38579}
- scsi: qedf: Ensure the copied buf is NUL terminated (John Meneghini) [RHEL-44195] {CVE-2024-38559}
- x86/bhi: Avoid warning in #DB handler due to BHI mitigation (Waiman Long) [RHEL-53657] {CVE-2024-42240}
- scsi: mpt3sas: Avoid test/set_bit() operating in non-allocated memory (CKI Backport Bot) [RHEL-47529] {CVE-2024-40901}
- ipv6: fib6_rules: avoid possible NULL dereference in fib6_rule_action() (CKI Backport Bot) [RHEL-39843] {CVE-2024-36902}
- net: usb: ax88179_178a: improve link status logs (Jose Ignacio Tornos Martinez) [RHEL-45167]
- net: usb: ax88179_178a: improve reset check (Jose Ignacio Tornos Martinez) [RHEL-45167]
- net: usb: ax88179_178a: fix link status when link is set to down/up (Jose Ignacio Tornos Martinez) [RHEL-45167]
- net: usb: ax88179_178a: avoid writing the mac address before first reading (Jose Ignacio Tornos Martinez) [RHEL-45167]
- KVM: arm64: vgic-v2: Check for non-NULL vCPU in vgic_v2_parse_attr() (Shaoqin Huang) [RHEL-40837] {CVE-2024-36953}
- KVM: arm64: vgic-v2: Use cpuid from userspace as vcpu_id (Shaoqin Huang) [RHEL-40837] {CVE-2024-36953}
- media: cec: cec-api: add locking in cec_release() (Kate Hsuan) [RHEL-22559] {CVE-2024-23848}
- media: cec: core: avoid confusing "transmit timed out" message (Kate Hsuan) [RHEL-22559] {CVE-2024-23848}
- media: cec: core: avoid recursive cec_claim_log_addrs (Kate Hsuan) [RHEL-22559] {CVE-2024-23848}
- media: cec: cec-adap: always cancel work in cec_transmit_msg_fh (Kate Hsuan) [RHEL-22559] {CVE-2024-23848}
- media: cec: core: remove length check of Timer Status (Kate Hsuan) [RHEL-22559] {CVE-2024-23848}
- media: cec: core: count low-drive, error and arb-lost conditions (Kate Hsuan) [RHEL-22559] {CVE-2024-23848}
- media: cec: core: add note about *_from_edid() function usage in drm (Kate Hsuan) [RHEL-22559] {CVE-2024-23848}
- media: cec: core: add adap_unconfigured() callback (Kate Hsuan) [RHEL-22559] {CVE-2024-23848}
- media: cec: core: add adap_nb_transmit_canceled() callback (Kate Hsuan) [RHEL-22559] {CVE-2024-23848}
- media: cec: core: don't set last_initiator if tx in progress (Kate Hsuan) [RHEL-22559] {CVE-2024-23848}
- media: cec: core: disable adapter in cec_devnode_unregister (Kate Hsuan) [RHEL-22559] {CVE-2024-23848}
- media: cec: core: not all messages were passed on when monitoring (Kate Hsuan) [RHEL-22559] {CVE-2024-23848}
- media: cec: add support for Absolute Volume Control (Kate Hsuan) [RHEL-22559] {CVE-2024-23848}
- media: cec-adap.c: log when claiming LA fails unexpectedly (Kate Hsuan) [RHEL-22559] {CVE-2024-23848}
- media: cec-adap.c: drop activate_cnt, use state info instead (Kate Hsuan) [RHEL-22559] {CVE-2024-23848}
- media: cec-adap.c: reconfigure if the PA changes during configuration (Kate Hsuan) [RHEL-22559] {CVE-2024-23848}
- media: cec-adap.c: fix is_configuring state (Kate Hsuan) [RHEL-22559] {CVE-2024-23848}
- media: cec-adap.c: stop trying LAs on CEC_TX_STATUS_TIMEOUT (Kate Hsuan) [RHEL-22559] {CVE-2024-23848}
- media: cec-adap.c: don't unconfigure if already unconfigured (Kate Hsuan) [RHEL-22559] {CVE-2024-23848}
- media: cec: add optional adap_configured callback (Kate Hsuan) [RHEL-22559] {CVE-2024-23848}
- media: cec: add xfer_timeout_ms field (Kate Hsuan) [RHEL-22559] {CVE-2024-23848}
- media: cec: use call_op and check for !unregistered (Kate Hsuan) [RHEL-22559] {CVE-2024-23848}
- media: cec-pin: fix interrupt en/disable handling (Kate Hsuan) [RHEL-22559] {CVE-2024-23848}
- media: cec-pin: drop unused 'enabled' field from struct cec_pin (Kate Hsuan) [RHEL-22559] {CVE-2024-23848}
- media: cec-pin: fix off-by-one SFT check (Kate Hsuan) [RHEL-22559] {CVE-2024-23848}
- media: cec-pin: rename timer overrun variables (Kate Hsuan) [RHEL-22559] {CVE-2024-23848}
- media: cec: correctly pass on reply results (Kate Hsuan) [RHEL-22559] {CVE-2024-23848}
- media: cec: abort if the current transmit was canceled (Kate Hsuan) [RHEL-22559] {CVE-2024-23848}
- media: cec: call enable_adap on s_log_addrs (Kate Hsuan) [RHEL-22559] {CVE-2024-23848}
- media: media/cec.h: document cec_adapter fields (Kate Hsuan) [RHEL-22559] {CVE-2024-23848}
- media: cec: fix a deadlock situation (Kate Hsuan) [RHEL-22559] {CVE-2024-23848}
- media: cec: safely unhook lists in cec_data (Kate Hsuan) [RHEL-22559] {CVE-2024-23848}
- media: cec: copy sequence field for the reply (Kate Hsuan) [RHEL-22559] {CVE-2024-23848}
- media: cec: fix trivial style warnings (Kate Hsuan) [RHEL-22559] {CVE-2024-23848}
- media: cec-adap.c: add 'unregistered' checks (Kate Hsuan) [RHEL-22559] {CVE-2024-23848}
- media: cec-adap.c: don't use flush_scheduled_work() (Kate Hsuan) [RHEL-22559] {CVE-2024-23848}
- media: Use fallthrough pseudo-keyword (Kate Hsuan) [RHEL-22559] {CVE-2024-23848}
- media: cec: remove unused waitq and phys_addrs fields (Kate Hsuan) [RHEL-22559] {CVE-2024-23848}
- media: cec: silence shift wrapping warning in __cec_s_log_addrs() (Kate Hsuan) [RHEL-22559] {CVE-2024-23848}
- media: cec: move the core to a separate directory (Kate Hsuan) [RHEL-22559] {CVE-2024-23848}
- net/iucv: Avoid explicit cpumask var allocation on stack (CKI Backport Bot) [RHEL-51631] {CVE-2024-42094}
- scsi: lpfc: Handle mailbox timeouts in lpfc_get_sfp_info (Dick Kennedy) [RHEL-40400]
- KVM: selftests: Make hyperv_clock require TSC based system clocksource (Vitaly Kuznetsov) [RHEL-19027]
- KVM: selftests: Run clocksource dependent tests with hyperv_clocksource_tsc_page too (Vitaly Kuznetsov) [RHEL-19027]
- KVM: selftests: Use generic sys_clocksource_is_tsc() in vmx_nested_tsc_scaling_test (Vitaly Kuznetsov) [RHEL-19027]
- KVM: selftests: Generalize check_clocksource() from kvm_clock_test (Vitaly Kuznetsov) [RHEL-19027]
- firmware: cs_dsp: Return error if block header overflows file (CKI Backport Bot) [RHEL-53646] {CVE-2024-42238}
- firmware: cs_dsp: Validate payload length before processing block (CKI Backport Bot) [RHEL-53638] {CVE-2024-42237}
- mm, slub: fix potential memoryleak in kmem_cache_open() (Waiman Long) [RHEL-38404] {CVE-2021-47466}
- slub: don't panic for memcg kmem cache creation failure (Waiman Long) [RHEL-38404] {CVE-2021-47466}
- wifi: ath11k: fix htt pktlog locking (Jose Ignacio Tornos Martinez) [RHEL-38317] {CVE-2023-52800}
- wifi: ath11k: fix dfs radar event locking (Jose Ignacio Tornos Martinez) [RHEL-38165] {CVE-2023-52798}
- lib/generic-radix-tree.c: Don't overflow in peek() (Waiman Long) [RHEL-37737] {CVE-2021-47432}
- include/linux/generic-radix-tree.h: replace kernel.h with the necessary inclusions (Waiman Long) [RHEL-37737] {CVE-2021-47432}
- EDAC/i10nm: Skip the absent memory controllers (Aristeu Rozanski) [RHEL-43236]
- scsi: libfc: Fix potential NULL pointer dereference in fc_lport_ptp_setup() (John Meneghini) [RHEL-38197] {CVE-2023-52809}
- gfs2: Fix potential glock use-after-free on unmount (Andreas Gruenbacher) [RHEL-44149] {CVE-2024-38570}
- gfs2: simplify gdlm_put_lock with out_free label (Andreas Gruenbacher) [RHEL-44149] {CVE-2024-38570}
- gfs2: Remove ill-placed consistency check (Andreas Gruenbacher) [RHEL-44149] {CVE-2024-38570}
- nvme-fc: do not wait in vain when unloading module (Ewan D. Milne) [RHEL-33083] {CVE-2024-26846}
- HID: hid-thrustmaster: fix OOB read in thrustmaster_interrupts (CKI Backport Bot) [RHEL-49698] {CVE-2022-48866}
- scsi: qedf: Set qed_slowpath_params to zero before use (John Meneghini) [RHEL-9797]
- scsi: qedf: Wait for stag work during unload (John Meneghini) [RHEL-9797]
- scsi: qedf: Don't process stag work during unload and recovery (John Meneghini) [RHEL-9797]
- Revert "mm/writeback: fix possible divide-by-zero in wb_dirty_limits(), again" (Audra Mitchell) [RHEL-42625] {CVE-2024-26720}
- mm: avoid overflows in dirty throttling logic (Audra Mitchell) [RHEL-51840] {CVE-2024-42131}
- mm/writeback: fix possible divide-by-zero in wb_dirty_limits(), again (Audra Mitchell) [RHEL-42625] {CVE-2024-26720}
- ACPI: fix NULL pointer dereference (Mark Langsdorf) [RHEL-37897] {CVE-2021-47289}
Resolves: RHEL-19027, RHEL-22559, RHEL-28108, RHEL-29498, RHEL-33083, RHEL-35222, RHEL-37737, RHEL-37897, RHEL-38165, RHEL-38197, RHEL-38317, RHEL-38404, RHEL-39797, RHEL-39843, RHEL-39908, RHEL-39912, RHEL-40400, RHEL-40837, RHEL-40936, RHEL-42151, RHEL-42625, RHEL-42721, RHEL-43236, RHEL-44108, RHEL-44149, RHEL-44195, RHEL-45167, RHEL-47529, RHEL-48620, RHEL-48646, RHEL-49698, RHEL-51052, RHEL-51631, RHEL-51840, RHEL-52013, RHEL-53638, RHEL-53646, RHEL-53657, RHEL-54834, RHEL-9797

Signed-off-by: Denys Vlasenko <dvlasenk@redhat.com>
 2024-08-22 11:08:48 +02:00
Denys Vlasenko
0488193495 kernel-4.18.0-553.18.1.el8_10 
* Fri Aug 16 2024 Denys Vlasenko <dvlasenk@redhat.com> [4.18.0-553.18.1.el8_10]
- scsi: mpi3mr: Avoid memcpy field-spanning write WARNING (Ewan D. Milne) [RHEL-39805] {CVE-2024-36920}
- tun: limit printing rate when illegal packet received by tun dev (Jon Maloy) [RHEL-35046] {CVE-2024-27013}
- drm/amdgpu/debugfs: fix error code when smc register accessors are NULL (Michel Dänzer) [RHEL-38210] {CVE-2023-52817}
- drm/amdgpu: Fix a null pointer access when the smc_rreg pointer is NULL (Michel Dänzer) [RHEL-38210] {CVE-2023-52817}
- drm/amdgpu/mes: fix use-after-free issue (Michel Dänzer) [RHEL-44043] {CVE-2024-38581}
- drm/amdgpu: Fix the null pointer when load rlc firmware (Michel Dänzer) [RHEL-30603] {CVE-2024-26649}
- drm/amdgpu: Fix potential out-of-bounds access in 'amdgpu_discovery_reg_base_init()' (Michel Dänzer) [RHEL-35160] {CVE-2024-27042}
- net/sched: Fix UAF when resolving a clash (Xin Long) [RHEL-51014] {CVE-2024-41040}
- tcp_metrics: validate source addr length (Guillaume Nault) [RHEL-52025] {CVE-2024-42154}
- NFSv4/pnfs: Fix a use-after-free bug in open (Benjamin Coddington) [RHEL-35508]
- NFSv4: Don't hold the layoutget locks across multiple RPC calls (Benjamin Coddington) [RHEL-35508]
- scsi: qedf: Make qedf_execute_tmf() non-preemptible (John Meneghini) [RHEL-51799] {CVE-2024-42124}
- Input: elantech - fix stack out of bound access in elantech_change_report_id() (CKI Backport Bot) [RHEL-41938] {CVE-2021-47097}
- HID: logitech-hidpp: Fix kernel crash on receiver USB disconnect (CKI Backport Bot) [RHEL-28982] {CVE-2023-52478}
- drm/radeon: fix UBSAN warning in kv_dpm.c (CKI Backport Bot) [RHEL-48399] {CVE-2024-40988}
- usb: core: Don't hold the device lock while sleeping in do_proc_control() (Desnes Nunes) [RHEL-43646] {CVE-2021-47582}
- USB: core: Make do_proc_control() and do_proc_bulk() killable (Desnes Nunes) [RHEL-43646] {CVE-2021-47582}
- scsi: qedi: Fix crash while reading debugfs attribute (CKI Backport Bot) [RHEL-48327] {CVE-2024-40978}
- wifi: mt76: mt7921s: fix potential hung tasks during chip recovery (CKI Backport Bot) [RHEL-48309] {CVE-2024-40977}
- net: tcp: accept old ack during closing (Jamie Bainbridge) [RHEL-52433]
- wifi: iwlwifi: mvm: don't read past the mfuart notifcation (CKI Backport Bot) [RHEL-48016] {CVE-2024-40941}
- net/iucv: fix use after free in iucv_sock_close() (Mete Durlu) [RHEL-53988]
- wifi: iwlwifi: mvm: check n_ssids before accessing the ssids (CKI Backport Bot) [RHEL-47908] {CVE-2024-40929}
- Input: aiptek - properly check endpoint type (Benjamin Tissoires) [RHEL-48963] {CVE-2022-48836}
- Input: aiptek - use descriptors of current altsetting (Benjamin Tissoires) [RHEL-48963] {CVE-2022-48836}
- Input: aiptek - fix endpoint sanity check (Benjamin Tissoires) [RHEL-48963] {CVE-2022-48836}
- usb: xhci: prevent potential failure in handle_tx_event() for Transfer events without TRB (CKI Backport Bot) [RHEL-52373] {CVE-2024-42226}
- wifi: mt76: replace skb_put with skb_put_zero (CKI Backport Bot) [RHEL-52366] {CVE-2024-42225}
- wifi: mac80211: Fix deadlock in ieee80211_sta_ps_deliver_wakeup() (CKI Backport Bot) [RHEL-47776] {CVE-2024-40912}
- wifi: cfg80211: Lock wiphy in cfg80211_get_station (CKI Backport Bot) [RHEL-47758] {CVE-2024-40911}
- VMCI: Use struct_size() in kmalloc() (Steve Best) [RHEL-37325] {CVE-2024-35944}
- VMCI: Fix possible memcpy() run-time warning in vmci_datagram_invoke_guest_handler() (Steve Best) [RHEL-37325] {CVE-2024-35944}
- VMCI: Fix memcpy() run-time warning in dg_dispatch_as_host() (Steve Best) [RHEL-37325] {CVE-2024-35944}
- wifi: cfg80211: restrict NL80211_ATTR_TXQ_QUANTUM values (Jose Ignacio Tornos Martinez) [RHEL-51761] {CVE-2024-42114}
- usb: atm: cxacru: fix endpoint checking in cxacru_bind() (CKI Backport Bot) [RHEL-51442] {CVE-2024-41097}
- nfs: handle error of rpc_proc_register() in init_nfs_fs() (Scott Mayhew) [RHEL-39904] {CVE-2024-36939}
- drm/radeon: check bo_va->bo is non-NULL before using it (CKI Backport Bot) [RHEL-51184] {CVE-2024-41060}
- udp: Set SOCK_RCU_FREE earlier in udp_lib_get_port(). (CKI Backport Bot) [RHEL-51027] {CVE-2024-41041}
- USB: core: Fix duplicate endpoint bug by clearing reserved bits in the descriptor (CKI Backport Bot) [RHEL-50961] {CVE-2024-41035}
- tcp: Fix shift-out-of-bounds in dctcp_update_alpha(). (CKI Backport Bot) [RHEL-44408] {CVE-2024-37356}
- tcp: avoid too many retransmit packets (Florian Westphal) [RHEL-48627] {CVE-2024-41007}
- tcp: use signed arithmetic in tcp_rtx_probe0_timed_out() (Florian Westphal) [RHEL-48627]
- net: tcp: fix unexcepted socket die when snd_wnd is 0 (Florian Westphal) [RHEL-48627]
- tcp: refactor tcp_retransmit_timer() (Florian Westphal) [RHEL-48627]
- tcp: exit if nothing to retransmit on RTO timeout (Florian Westphal) [RHEL-48627]
- netfilter: nf_tables: Reject tables of unsupported family (Florian Westphal) [RHEL-21418] {CVE-2023-6040}
Resolves: RHEL-21418, RHEL-28982, RHEL-30603, RHEL-35046, RHEL-35160, RHEL-35508, RHEL-37325, RHEL-38210, RHEL-39805, RHEL-39904, RHEL-41938, RHEL-43646, RHEL-44043, RHEL-44408, RHEL-47758, RHEL-47776, RHEL-47908, RHEL-48016, RHEL-48309, RHEL-48327, RHEL-48399, RHEL-48627, RHEL-48963, RHEL-50961, RHEL-51014, RHEL-51027, RHEL-51184, RHEL-51442, RHEL-51761, RHEL-51799, RHEL-52025, RHEL-52366, RHEL-52373, RHEL-52433, RHEL-53988

Signed-off-by: Denys Vlasenko <dvlasenk@redhat.com>
 2024-08-16 15:54:03 +02:00
Denys Vlasenko
8f964f1def kernel-4.18.0-553.17.1.el8_10 
* Wed Aug 07 2024 Denys Vlasenko <dvlasenk@redhat.com> [4.18.0-553.17.1.el8_10]
- kyber: fix out of bounds access when preempted (Ming Lei) [RHEL-27258] {CVE-2021-46984}
- vfs: don't mod negative dentry count when on shrinker list (Brian Foster) [RHEL-35874]
- fs/dcache: Re-use value stored to dentry->d_flags instead of re-reading (Brian Foster) [RHEL-35874]
- fbmem: Do not delete the mode that is still in use (CKI Backport Bot) [RHEL-37796] {CVE-2021-47338}
- netpoll: Fix race condition in netpoll_owner_active (CKI Backport Bot) [RHEL-49361] {CVE-2024-41005}
- firmware: arm_scpi: Fix string overflow in SCPI genpd driver (Mark Salter) [RHEL-43702] {CVE-2021-47609}
- ipv6: prevent possible NULL dereference in rt6_probe() (Guillaume Nault) [RHEL-48149] {CVE-2024-40960}
- HID: i2c-hid-of: fix NULL-deref on failed power up (CKI Backport Bot) [RHEL-31598] {CVE-2024-26717}
- cpufreq: amd-pstate: fix memory leak on CPU EPP exit (CKI Backport Bot) [RHEL-48489] {CVE-2024-40997}
- x86/mm/pat: fix VM_PAT handling in COW mappings (Chris von Recklinghausen) [RHEL-37258] {CVE-2024-35877}
- PCI/PM: Drain runtime-idle callbacks before driver removal (Myron Stowe) [RHEL-42937] {CVE-2024-35809}
- PCI: Drop pci_device_remove() test of pci_dev->driver (Myron Stowe) [RHEL-42937] {CVE-2024-35809}
- drm/radeon: check the alloc_workqueue return value in radeon_crtc_init() (Mika Penttilä) [RHEL-26909] {CVE-2023-52470}
- USB: core: Fix hang in usb_kill_urb by adding memory barriers (Desnes Nunes) [RHEL-43979] {CVE-2022-48760}
- cifs: fix bad fids sent over wire (Paulo Alcantara) [RHEL-52517]
- smb3: add additional null check in SMB311_posix_mkdir (Paulo Alcantara) [RHEL-52517]
- smb3: add additional null check in SMB2_tcon (Paulo Alcantara) [RHEL-52517]
- smb3: add additional null check in SMB2_open (Paulo Alcantara) [RHEL-52517]
- smb3: add additional null check in SMB2_ioctl (Paulo Alcantara) [RHEL-52517]
- selftests: forwarding: devlink_lib: Wait for udev events after reloading (Mark Langsdorf) [RHEL-47642] {CVE-2024-39501}
- drivers: core: synchronize really_probe() and dev_uevent() (Mark Langsdorf) [RHEL-47642] {CVE-2024-39501}
- udp: do not accept non-tunnel GSO skbs landing in a tunnel (Xin Long) [RHEL-42997] {CVE-2024-35884}
- filelock: Remove locks reliably when fcntl/close race is detected (Bill O'Donnell) [RHEL-50170] {CVE-2024-41012}
- Input: add bounds checking to input_set_capability() (Benjamin Tissoires) [RHEL-21413] {CVE-2022-48619}
- xfrm6: check ip6_dst_idev() return value in xfrm6_get_saddr() (CKI Backport Bot) [RHEL-48130] {CVE-2024-40959}
- blk-cgroup: fix list corruption from reorder of WRITE ->lqueued (Ming Lei) [RHEL-33695]
- blk-cgroup: fix list corruption from resetting io stat (Ming Lei) [RHEL-33695]
- net: do not leave a dangling sk pointer, when socket creation fails (CKI Backport Bot) [RHEL-48060] {CVE-2024-40954}
- perf/x86/lbr: Filter vsyscall addresses (Michael Petlan) [RHEL-28991] {CVE-2023-52476}
- vmci: prevent speculation leaks by sanitizing event in event_deliver() (CKI Backport Bot) [RHEL-47678] {CVE-2024-39499}
- serial: core: fix transmit-buffer reset and memleak (Steve Best) [RHEL-38731] {CVE-2021-47527}
- powerpc/pseries: Whitelist dtl slub object for copying to userspace (Mamatha Inamdar) [RHEL-51236] {CVE-2024-41065}
- powerpc/eeh: avoid possible crash when edev->pdev changes (Mamatha Inamdar) [RHEL-51220] {CVE-2024-41064}
- x86: stop playing stack games in profile_pc() (Steve Best) [RHEL-51643] {CVE-2024-42096}
- mptcp: ensure snd_una is properly initialized on connect (Florian Westphal) [RHEL-47933 RHEL-47934] {CVE-2024-40931}
- liquidio: Adjust a NULL pointer handling path in lio_vf_rep_copy_packet (CKI Backport Bot) [RHEL-47492] {CVE-2024-39506}
- tun: add missing verification for short frame (Patrick Talbert) [RHEL-50194] {CVE-2024-41091}
- tap: add missing verification for short frame (Patrick Talbert) [RHEL-50279] {CVE-2024-41090}
- usb-storage: alauda: Check whether the media is initialized (Desnes Nunes) [RHEL-43708] {CVE-2024-38619}
- usb-storage: alauda: Fix uninit-value in alauda_check_media() (Desnes Nunes) [RHEL-43708] {CVE-2024-38619}
- hwmon: (w83793) Fix NULL pointer dereference by removing unnecessary structure field (Steve Best) [RHEL-37723] {CVE-2021-47384}
- block: fix that util can be greater than 100%% (Ming Lei) [RHEL-23074]
- block: support to account io_ticks precisely (Ming Lei) [RHEL-23074]
- watchdog: Fix possible use-after-free by calling del_timer_sync() (Steve Best) [RHEL-38795] {CVE-2021-47321}
- hwmon: (w83792d) Fix NULL pointer dereference by removing unnecessary structure field (Steve Best) [RHEL-37719] {CVE-2021-47385}
- mlxsw: spectrum: Protect driver from buggy firmware (CKI Backport Bot) [RHEL-42245] {CVE-2021-47560}
- mlxsw: Verify the accessed index doesn't exceed the array length (CKI Backport Bot) [RHEL-42245] {CVE-2021-47560}
- dm: call the resume method on internal suspend (Benjamin Marzinski) [RHEL-41835] {CVE-2024-26880}
- tty: Fix out-of-bound vmalloc access in imageblit (Steve Best) [RHEL-37727] {CVE-2021-47383}
- hwmon: (w83791d) Fix NULL pointer dereference by removing unnecessary structure field (Steve Best) [RHEL-37715] {CVE-2021-47386}
- hwmon: (mlxreg-fan) Return non-zero value when fan current state is enforced from sysfs (Steve Best) [RHEL-37710] {CVE-2021-47393}
- nvmem: Fix shift-out-of-bound (UBSAN) with byte size cells (Steve Best) [RHEL-38436] {CVE-2021-47497}
- driver core: auxiliary bus: Fix memory leak when driver_register() fail (Steve Best) [RHEL-37901] {CVE-2021-47287}
- phylib: fix potential use-after-free (cki-backport-bot) [RHEL-43764] {CVE-2022-48754}
- ptp: Fix possible memory leak in ptp_clock_register() (Hangbin Liu) [RHEL-38424] {CVE-2021-47455}
- NFSv4: Fix memory leak in nfs4_set_security_label (CKI Backport Bot) [RHEL-51315] {CVE-2024-41076}
- pinctrl: fix deadlock in create_pinctrl() when handling -EPROBE_DEFER (CKI Backport Bot) [RHEL-51618] {CVE-2024-42090}
- ftruncate: pass a signed offset (CKI Backport Bot) [RHEL-51598] {CVE-2024-42084}
- af_unix: Fix garbage collector racing against connect() (Felix Maurer) [RHEL-34225] {CVE-2024-26923}
- virtio-net: Add validation for used length (Laurent Vivier) [RHEL-42080] {CVE-2021-47352}
- net: fix possible store tearing in neigh_periodic_work() (Antoine Tenart) [RHEL-42359] {CVE-2023-52522}
- tunnels: fix out of bounds access when building IPv6 PMTU error (Antoine Tenart) [RHEL-41823] {CVE-2024-26665}
- vt_ioctl: fix array_index_nospec in vt_setactivate (John W. Linville) [RHEL-49141] {CVE-2022-48804}
- Input: synaptics-rmi4 - fix use after free in rmi_unregister_function() (CKI Backport Bot) [RHEL-38302] {CVE-2023-52840}
- netns: Make get_net_ns() handle zero refcount net (Antoine Tenart) [RHEL-48105] {CVE-2024-40958}
- tracing: Ensure visibility when inserting an element into tracing_map (Michael Petlan) [RHEL-30457] {CVE-2024-26645}
- KVM: s390: fix LPSWEY handling (CKI Backport Bot) [RHEL-50072]
- firmware: cs_dsp: Use strnlen() on name fields in V1 wmfw files (CKI Backport Bot) [RHEL-51144] {CVE-2024-41056}
- SUNRPC: Fix a race to wake a sync task (Benjamin Coddington) [RHEL-11843]
- firmware: cs_dsp: Fix overflow checking of wmfw header (CKI Backport Bot) [RHEL-50999] {CVE-2024-41039}
- firmware: cs_dsp: Prevent buffer overrun when processing V2 alg headers (CKI Backport Bot) [RHEL-50987] {CVE-2024-41038}
- net/sched: act_api: fix possible infinite loop in tcf_idr_check_alloc() (Xin Long) [RHEL-48471] {CVE-2024-40995}
- net: fix out-of-bounds access in ops_init (Xin Long) [RHEL-43185] {CVE-2024-36883}
- x86/mce/therm_throt: Undo thermal polling properly on CPU offline (Steve Best) [RHEL-45310]
- x86/mce/therm_throt: Do not access uninitialized therm_work (Steve Best) [RHEL-45310]
- x86/mce/therm_throt: Mark throttle_active_work() as __maybe_unused (Steve Best) [RHEL-45310]
- x86/mce/therm_throt: Mask out read-only and reserved MSR bits (Steve Best) [RHEL-45310]
- x86/mce/therm_throt: Optimize notifications of thermal throttle (Steve Best) [RHEL-45310]
- jiffies: add utility function to calculate delta in ms (Steve Best) [RHEL-45310]
- x86/mce: Lower throttling MCE messages' priority to warning (Steve Best) [RHEL-45310]
- dmaengine: idxd: Fix oops during rmmod on single-CPU platforms (Eder Zulian) [RHEL-37361] {CVE-2024-35989}
- xfs: don't walk off the end of a directory data block (CKI Backport Bot) [RHEL-50879] {CVE-2024-41013}
- xfs: add bounds checking to xlog_recover_process_data (CKI Backport Bot) [RHEL-50856] {CVE-2024-41014}
- dm-crypt: limit the size of encryption requests (Benjamin Marzinski) [RHEL-29330]
- netfilter: flowtable: remove nf_ct_l4proto_find() call (Florian Westphal) [RHEL-49589]
Resolves: RHEL-11843, RHEL-21413, RHEL-23074, RHEL-26909, RHEL-27258, RHEL-28991, RHEL-29330, RHEL-30457, RHEL-31598, RHEL-33695, RHEL-34225, RHEL-35874, RHEL-37258, RHEL-37361, RHEL-37710, RHEL-37715, RHEL-37719, RHEL-37723, RHEL-37727, RHEL-37796, RHEL-37901, RHEL-38302, RHEL-38424, RHEL-38436, RHEL-38731, RHEL-38795, RHEL-41823, RHEL-41835, RHEL-42080, RHEL-42245, RHEL-42359, RHEL-42937, RHEL-42997, RHEL-43185, RHEL-43702, RHEL-43708, RHEL-43764, RHEL-43979, RHEL-45310, RHEL-47492, RHEL-47642, RHEL-47678, RHEL-47933, RHEL-47934, RHEL-48060, RHEL-48105, RHEL-48130, RHEL-48149, RHEL-48471, RHEL-48489, RHEL-49141, RHEL-49361, RHEL-49589, RHEL-50072, RHEL-50170, RHEL-50194, RHEL-50279, RHEL-50856, RHEL-50879, RHEL-50987, RHEL-50999, RHEL-51144, RHEL-51220, RHEL-51236, RHEL-51315, RHEL-51598, RHEL-51618, RHEL-51643, RHEL-52517

Signed-off-by: Denys Vlasenko <dvlasenk@redhat.com>
 2024-08-07 22:36:06 +02:00
Denys Vlasenko
898019bf59 kernel-4.18.0-553.16.1.el8_10 
* Thu Aug 01 2024 Denys Vlasenko <dvlasenk@redhat.com> [4.18.0-553.16.1.el8_10]
- x86/bhi: Fix incorrect CLEAR_BRANCH_HISTORY position in entry_INT80_compat (Waiman Long) [RHEL-50648]
Resolves: RHEL-50648

Signed-off-by: Denys Vlasenko <dvlasenk@redhat.com>
 2024-08-01 07:05:38 +02:00
Denys Vlasenko
d93604b637 kernel-4.18.0-553.15.1.el8_10 
* Fri Jul 26 2024 Denys Vlasenko <dvlasenk@redhat.com> [4.18.0-553.15.1.el8_10]
- Revert "scsi: st: Add third party poweron reset handling" (John Meneghini) [RHEL-44613]
- ionic: fix use after netif_napi_del() (CKI Backport Bot) [RHEL-47624] {CVE-2024-39502}
- ionic: clean interrupt before enabling queue to avoid credit race (CKI Backport Bot) [RHEL-47624] {CVE-2024-39502}
- net/sunrpc: fix reference count leaks in rpc_sysfs_xprt_state_change (CKI Backport Bot) [RHEL-49321] {CVE-2021-47624}
- xhci: Handle TD clearing for multiple streams case (CKI Backport Bot) [RHEL-47882] {CVE-2024-40927}
- net: openvswitch: Fix Use-After-Free in ovs_ct_exit (cki-backport-bot) [RHEL-36362] {CVE-2024-27395}
- net: bridge: mst: fix suspicious rcu usage in br_mst_set_state (Ivan Vecera) [RHEL-43721] {CVE-2024-36979}
- net: bridge: mst: pass vlan group directly to br_mst_vlan_set_state (Ivan Vecera) [RHEL-43721] {CVE-2024-36979}
- net: bridge: mst: fix vlan use-after-free (cki-backport-bot) [RHEL-43721] {CVE-2024-36979}
- irqchip/gic-v3-its: Prevent double free on error (Charles Mirabile) [RHEL-37022] {CVE-2024-35847}
- irqchip/gic-v3-its: Fix potential VPE leak on error (Charles Mirabile) [RHEL-37744] {CVE-2021-47373}
- i2c: mlxbf: prevent stack overflow in mlxbf_i2c_smbus_start_transaction() (Charles Mirabile) [RHEL-34735] {CVE-2022-48632}
- iommu/dma: fix zeroing of bounce buffer padding used by untrusted devices (Eder Zulian) [RHEL-36954] {CVE-2024-35814}
- swiotlb: remove alloc_size argument to swiotlb_tbl_map_single() (Eder Zulian) [RHEL-36954] {CVE-2024-35814}
- swiotlb: fix swiotlb_bounce() to do partial sync's correctly (Eder Zulian) [RHEL-36954] {CVE-2024-35814}
- swiotlb: extend buffer pre-padding to alloc_align_mask if necessary (Eder Zulian) [RHEL-36954] {CVE-2024-35814}
- swiotlb: Reinstate page-alignment for mappings >= PAGE_SIZE (Eder Zulian) [RHEL-36954] {CVE-2024-35814}
- swiotlb: Fix alignment checks when both allocation and DMA masks are present (Eder Zulian) [RHEL-36954] {CVE-2024-35814}
- swiotlb: Fix double-allocation of slots due to broken alignment handling (Eder Zulian) [RHEL-36954] {CVE-2024-35814}
- genirq/cpuhotplug, x86/vector: Prevent vector leak during CPU offline (cki-backport-bot) [RHEL-44441] {CVE-2024-31076}
Resolves: RHEL-34735, RHEL-36362, RHEL-36954, RHEL-37022, RHEL-37744, RHEL-43721, RHEL-44441, RHEL-44613, RHEL-47624, RHEL-47882, RHEL-49321

Signed-off-by: Denys Vlasenko <dvlasenk@redhat.com>
 2024-07-26 23:53:52 +02:00
Denys Vlasenko
de236294fb kernel-4.18.0-553.14.1.el8_10 
* Thu Jul 25 2024 Denys Vlasenko <dvlasenk@redhat.com> [4.18.0-553.14.1.el8_10]
- s390/qeth: Fix kernel panic after setting hsuid (Mete Durlu) [RHEL-49754]
- perf/core: Protect event sibling list locking against interrupt inversion (Daniel Vacek) [RHEL-31798]
- vt: fix unicode buffer corruption when deleting characters (Steve Best) [RHEL-36936] {CVE-2024-35823}
- cifs: translate network errors on send to -ECONNABORTED (Paulo Alcantara) [RHEL-36754]
- xfs: don't block in busy flushing when freeing extents (Brian Foster) [RHEL-7984]
- xfs: allow extent free intents to be retried (Brian Foster) [RHEL-7984]
- xfs: pass alloc flags through to xfs_extent_busy_flush() (Brian Foster) [RHEL-7984]
- xfs: use deferred frees for btree block freeing (Brian Foster) [RHEL-7984]
- xfs: fix bounds check in xfs_defer_agfl_block() (Brian Foster) [RHEL-7984]
- xfs: validate block number being freed before adding to xefi (Brian Foster) [RHEL-7984]
- xfs: rename xfs_bmap_add_free to xfs_free_extent_later (Brian Foster) [RHEL-7984]
- usb: typec: altmodes/displayport: create sysfs nodes as driver's default device attribute group (Desnes Nunes) [RHEL-36803] {CVE-2024-35790}
- stm class: Fix a double free in stm_register_device() (Steve Best) [RHEL-44514] {CVE-2024-38627}
- s390/qeth: Fix potential loss of L3-IP@ in case of network issues (Mete Durlu) [RHEL-49755]
- tls: fix missing memory barrier in tls_init (cki-backport-bot) [RHEL-44471] {CVE-2024-36489}
- xfs: fix log recovery buffer allocation for the legacy h_size fixup (Bill O'Donnell) [RHEL-46473] {CVE-2024-39472}
- fs/proc: do_task_stat: use sig->stats_lock to gather the threads/children stats (Brian Foster) [RHEL-31562] {CVE-2024-26686}
- fs/proc: do_task_stat: move thread_group_cputime_adjusted() outside of lock_task_sighand() (Brian Foster) [RHEL-31562] {CVE-2024-26686}
- fs/proc: do_task_stat: use __for_each_thread() (Brian Foster) [RHEL-31562] {CVE-2024-26686}
- exit: Use the correct exit_code in /proc/<pid>/stat (Brian Foster) [RHEL-31562] {CVE-2024-26686}
- scsi: ibmvfc: Remove BUG_ON in the case of an empty event pool (Ewan D. Milne) [RHEL-38283] {CVE-2023-52811}
- scsi: qla2xxx: Fix double free of fcport (Ewan D. Milne) [RHEL-39549] {CVE-2024-26929}
- scsi: qla2xxx: Fix double free of the ha->vp_map pointer (Ewan D. Milne) [RHEL-39549] {CVE-2024-26930}
- scsi: qla2xxx: Fix command flush on cable pull (Ewan D. Milne) [RHEL-39549] {CVE-2024-26931}
Resolves: RHEL-31562, RHEL-31798, RHEL-36754, RHEL-36803, RHEL-36936, RHEL-38283, RHEL-39549, RHEL-44471, RHEL-44514, RHEL-46473, RHEL-49754, RHEL-49755, RHEL-7984

Signed-off-by: Denys Vlasenko <dvlasenk@redhat.com>
 2024-07-25 01:29:55 +02:00