-
Wed Jul 09 2025 Craig Guiller <craig.guiller@oracle.com> - [4.18.0-553.60.1.0.1.el8_10.OL8]
- scsi: core: Restrict legal sdev_state transitions via sysfs (Uday Shankar) [Orabug: 37778230]
-
Wed Jul 09 2025 Craig Guiller <craig.guiller@oracle.com> - [4.18.0-553.60.1.el8_10.OL8]
- Update Oracle Linux certificates (Kevin Lyons)
- Disable signing for aarch64 (Ilya Okomin)
- Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237]
- Update x509.genkey [Orabug: 24817676]
- Conflict with shim-ia32 and shim-x64 <= 15.3-1.0.3
- Remove upstream reference during boot (Kevin Lyons) [Orabug: 34750652]
- Add new Oracle Linux Driver Signing (key 1) certificate [Orabug: 37985772]
-
Thu Jun 26 2025 Denys Vlasenko <dvlasenk@redhat.com> [4.18.0-553.60.1.el8_10]
- xfs: don't allocate COW extents when unsharing a hole (Brian Foster) [RHEL-83037]
- xfs: don't allocate into the data fork for an unshare request (Brian Foster) [RHEL-83037]
- s390/ism: add release function for struct device (Mete Durlu) [RHEL-97192]
- udf: Fix a slab-out-of-bounds write bug in udf_find_entry() (CKI Backport Bot) [RHEL-99113] {CVE-2022-49846}
-
Thu Jun 19 2025 Denys Vlasenko <dvlasenk@redhat.com> [4.18.0-553.59.1.el8_10]
- SUNRPC: Fix Oops in xs_tcp_send_request() when transport is disconnected (Olga Kornievskaia) [RHEL-83291]
- SUNRPC: Set TCP_CORK until the transmit queue is empty (Olga Kornievskaia) [RHEL-83291]
- tcp: add tcp_sock_set_cork (Olga Kornievskaia) [RHEL-83291]
- xfs: xfs_ail_push_all_sync() stalls when racing with updates (Brian Foster) [RHEL-88132]
- Bluetooth: Fix use after free in hci_send_acl (CKI Backport Bot) [RHEL-90428] {CVE-2022-49111}
- Bluetooth: MGMT: Fix failing to MGMT_OP_ADD_UUID/MGMT_OP_REMOVE_UUID (David Marlin) [RHEL-90468] {CVE-2022-49136}
- Bluetooth: hci_sync: add lock to protect HCI_UNREGISTER (David Marlin) [RHEL-90468] {CVE-2022-49136}
- Bluetooth: hci_sync: Only allow hci_cmd_sync_queue if running (David Marlin) [RHEL-90468] {CVE-2022-49136}
- Bluetooth: Cancel sync command before suspend and power off (David Marlin) [RHEL-90468] {CVE-2022-49136}
- Bluetooth: hci_sync: Fix queuing commands when HCI_UNREGISTER is set (CKI Backport Bot) [RHEL-90468] {CVE-2022-49136}
- fix backport of "filelock: Remove locks reliably when fcntl/close race is detected" (Scott Mayhew) [RHEL-89709]
- NFSv4: Allow FREE_STATEID to clean up delegations (Benjamin Coddington) [RHEL-86932]
- NFSv4.1: constify the stateid argument in nfs41_test_stateid() (Trond Myklebust) [RHEL-86932]
-
Thu Jun 12 2025 Denys Vlasenko <dvlasenk@redhat.com> [4.18.0-553.58.1.el8_10]
- ndisc: use RCU protection in ndisc_alloc_skb() (Xin Long) [RHEL-89535] {CVE-2025-21764}
- ipv6: use RCU protection in ip6_default_advmss() (Xin Long) [RHEL-89535] {CVE-2025-21765}
- net: add dev_net_rcu() helper (Xin Long) [RHEL-89535] {CVE-2025-21765}
- net: treat possible_net_t net pointer as an RCU one and add read_pnet_rcu() (Xin Long) [RHEL-89535]
- idpf: check error for register_netdev() on init (Michal Schmidt) [RHEL-71182] {CVE-2025-22116}
- idpf: avoid mailbox timeout delays during reset (Michal Schmidt) [RHEL-71182]
- idpf: fix a race in txq wakeup (Michal Schmidt) [RHEL-71182]
- idpf: fix idpf_vport_splitq_napi_poll() (Michal Schmidt) [RHEL-71182]
- idpf: fix null-ptr-deref in idpf_features_check (Michal Schmidt) [RHEL-71182]
- idpf: protect shutdown from reset (Michal Schmidt) [RHEL-71182]
- idpf: fix potential memory leak on kcalloc() failure (Michal Schmidt) [RHEL-71182]
- idpf: fix offloads support for encapsulated packets (Michal Schmidt) [RHEL-71182]
- idpf: fix adapter NULL pointer dereference on reboot (Michal Schmidt) [RHEL-71182] {CVE-2025-22065}
- idpf: fix checksums set in idpf_rx_rsc() (Michal Schmidt) [RHEL-71182] {CVE-2025-21890}
- idpf: fix handling rsc packet with a single segment (Michal Schmidt) [RHEL-71182]
- idpf: add more info during virtchnl transaction timeout/salt mismatch (Michal Schmidt) [RHEL-71182]
- idpf: convert workqueues to unbound (Michal Schmidt) [RHEL-71182] {CVE-2024-58057}
- idpf: Acquire the lock before accessing the xn->salt (Michal Schmidt) [RHEL-71182]
- idpf: fix transaction timeouts on reset (Michal Schmidt) [RHEL-71182]
- idpf: add read memory barrier when checking descriptor done bit (Michal Schmidt) [RHEL-71182]
- idpf: deinit virtchnl transaction manager after vport and vectors (Michal Schmidt) [RHEL-71182]
- idpf: use actual mbx receive payload length (Michal Schmidt) [RHEL-71182]
- idpf: call set_real_num_queues in idpf_open (Michal Schmidt) [RHEL-71182 RHEL-90849]
- idpf: fix idpf_vc_core_init error path (Michal Schmidt) [RHEL-68233 RHEL-71182 RHEL-90846] {CVE-2024-53064}
- idpf: avoid vport access in idpf_get_link_ksettings (Michal Schmidt) [RHEL-71182 RHEL-90846] {CVE-2024-50274}
- idpf: fix netdev Tx queue stop/wake (Michal Schmidt) [RHEL-71182]
- idpf: fix UAFs when destroying the queues (Michal Schmidt) [RHEL-71182] {CVE-2024-44932}
- idpf: fix memleak in vport interrupt configuration (Michal Schmidt) [RHEL-71182]
- idpf: fix memory leaks and crashes while performing a soft reset (Michal Schmidt) [RHEL-71182] {CVE-2024-44964}
- idpf: compile singleq code only under default-n CONFIG_IDPF_SINGLEQ (Michal Schmidt) [RHEL-71182]
- redhat/configs: set CONFIG_IDPF_SINGLEQ as disabled (Michal Schmidt) [RHEL-71182]
- idpf: merge singleq and splitq &net_device_ops (Michal Schmidt) [RHEL-71182]
- idpf: avoid bloating &idpf_q_vector with big %NR_CPUS (Michal Schmidt) [RHEL-71182]
- idpf: split &idpf_queue into 4 strictly-typed queue structures (Michal Schmidt) [RHEL-71182]
- idpf: remove legacy Page Pool Ethtool stats (Michal Schmidt) [RHEL-71182]
- net: remove gfp_mask from napi_alloc_skb() [idpf] (Michal Schmidt) [RHEL-71182]
- idpf: stop using macros for accessing queue descriptors (Michal Schmidt) [RHEL-71182]
- idpf: don't enable NAPI and interrupts prior to allocating Rx buffers (Michal Schmidt) [RHEL-71182]
- idpf: Interpret .set_channels() input differently (Michal Schmidt) [RHEL-71182]
- idpf: make virtchnl2.h self-contained (Michal Schmidt) [RHEL-71182]
- s390/pci: Serialize device addition and removal (Mete Durlu) [RHEL-95783]
- s390/pci: Allow re-add of a reserved but not yet removed device (Mete Durlu) [RHEL-95783]
- s390/pci: Prevent self deletion in disable_slot() (Mete Durlu) [RHEL-95783]
- s390/pci: Remove redundant bus removal and disable from zpci_release_device() (Mete Durlu) [RHEL-95783]
- s390/pci: Fix duplicate pci_dev_put() in disable_slot() when PF has child VFs (Mete Durlu) [RHEL-95783]
- s390/pci: Fix missing check for zpci_create_device() error return (Mete Durlu) [RHEL-95783]
- s390/pci: Fix potential double remove of hotplug slot (Mete Durlu) [RHEL-95783]
- s390/pci: remove hotplug slot when releasing the device (Mete Durlu) [RHEL-95783]
- s390/pci: introduce lock to synchronize state of zpci_dev's (Mete Durlu) [RHEL-95783]
- s390/pci: rename lock member in struct zpci_dev (Mete Durlu) [RHEL-95783]
-
Thu Jun 05 2025 Denys Vlasenko <dvlasenk@redhat.com> [4.18.0-553.57.1.el8_10]
- smb: client: fix warning in cifs_smb3_do_mount() (Paulo Alcantara) [RHEL-55825]
- cifs: fix double free race when mount fails in cifs_get_root() (Paulo Alcantara) [RHEL-55825] {CVE-2022-48919}
- security/keys: fix slab-out-of-bounds in key_task_permission (CKI Backport Bot) [RHEL-68090] {CVE-2024-50301}
-
Sun Jun 01 2025 Denys Vlasenko <dvlasenk@redhat.com> [4.18.0-553.56.1.el8_10]
- tools/power/x86_energy_perf_policy: Read energy_perf_bias from sysfs (David Arcari) [RHEL-86963]
- um: Fix out-of-bounds read in LDT setup (CKI Backport Bot) [RHEL-90261] {CVE-2022-49395}
-
Fri May 23 2025 Denys Vlasenko <dvlasenk@redhat.com> [4.18.0-553.55.1.el8_10]
- sched/fair: Fix CPU bandwidth limit bypass during CPU hotplug (Phil Auld) [RHEL-85171]
-
Thu May 15 2025 Denys Vlasenko <dvlasenk@redhat.com> [4.18.0-553.54.1.el8_10]
- ice: fix stats being updated by way too large values (CKI Backport Bot) [RHEL-70834]
- wifi: rtw89: Fix array index mistake in rtw89_sta_info_get_iter() (CKI Backport Bot) [RHEL-54802] {CVE-2024-43842}
- sched/rt: Fix race in push_rt_task (Phil Auld) [RHEL-84963]
-
Fri May 09 2025 Denys Vlasenko <dvlasenk@redhat.com> [4.18.0-553.53.1.el8_10]
- net/mlx5: Always stop health timer during driver removal (Michal Schmidt) [RHEL-47712] {CVE-2024-40906}
- net/mlx5: Split function_setup() to enable and open functions (Michal Schmidt) [RHEL-47712]
- net/mlx5e: SHAMPO, Fix invalid WQ linked list unlink (Michal Schmidt) [RHEL-57117] {CVE-2024-44970}
- net/mlx5e: SHAMPO, Fix incorrect page release (Michal Schmidt) [RHEL-57117] {CVE-2024-46717}
- s390/pci: Fix zpci_bus_is_isolated_vf() for non-VFs (Mete Durlu) [RHEL-88819]
- platform/x86: dell-wmi-sysman: Make init_bios_attributes() ACPI object parsing more robust (Jay Shin) [RHEL-88714]
- platform/x86: dell-wmi-sysman: Cleanup create_attributes_level_sysfs_files() (Jay Shin) [RHEL-88714]
- platform/x86: dell-wmi-sysman: Make sysman_init() return -ENODEV of the interfaces are not found (Jay Shin) [RHEL-88714]
- platform/x86: dell-wmi-sysman: Cleanup sysman_init() error-exit handling (Jay Shin) [RHEL-88714]
- platform/x86: dell-wmi-sysman: Fix release_attributes_data() getting called twice on init_bios_attributes() failure (Jay Shin) [RHEL-88714]
- platform/x86: dell-wmi-sysman: Make it safe to call exit_foo_attributes() multiple times (Jay Shin) [RHEL-88714]
- platform/x86: dell-wmi-sysman: Fix possible NULL pointer deref on exit (Jay Shin) [RHEL-88714]
- platform/x86: dell-wmi-sysman: Fix crash caused by calling kset_unregister twice (Jay Shin) [RHEL-88714]
- x86/kexec: Add EFI config table identity mapping for kexec kernel (Herton R. Krzesinski) [RHEL-71793]
- vsock: Orphan socket after transport release (Jay Shin) [RHEL-89099] {CVE-2025-21756}
- vsock: Keep the binding until socket destruction (Jay Shin) [RHEL-89099] {CVE-2025-21756}
- bpf, vsock: Invoke proto::close on close() (Jay Shin) [RHEL-89099] {CVE-2025-21756}