[ol8_MODRHCK] kernel-debug-devel-4.18.0-553.82.1.0.1.el8_10.x86_64

Name:	kernel-debug-devel
Version:	4.18.0
Release:	553.82.1.0.1.el8_10
Architecture:	x86_64
Group:	System Environment/Kernel
Size:	56579656
License:	GPLv2 and Redistributable, no modification permitted
RPM:	kernel-debug-devel-4.18.0-553.82.1.0.1.el8_10.x86_64.rpm
Source RPM:	kernel-4.18.0-553.82.1.0.1.el8_10.src.rpm
Build Date:	Tue Nov 04 2025
Build Host:	build-ol8-x86_64.oracle.com
Vendor:	Oracle America
URL:	http://www.kernel.org/
Summary:	Development package for building kernel modules to match the debug kernel
Description:	This package provides kernel headers and makefiles sufficient to build modules against the debug kernel package.

Changelog (Show File list) (Show related packages)

Mon Nov 03 2025 Alan Steinberg <alan.steinberg@oracle.com> [4.18.0-553.82.1.0.1.el8_10.OL8]

- scsi: core: Restrict legal sdev_state transitions via sysfs (Uday Shankar) [Orabug: 37778230]

Mon Nov 03 2025 Alan Steinberg <alan.steinberg@oracle.com> [4.18.0-553.82.1.el8_10.OL8]

- Update Oracle Linux certificates (Kevin Lyons)
- Disable signing for aarch64 (Ilya Okomin)
- Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237]
- Update x509.genkey [Orabug: 24817676]
- Conflict with shim-ia32 and shim-x64 <= 15.3-1.0.3
- Remove upstream reference during boot (Kevin Lyons) [Orabug: 34750652]
- Add new Oracle Linux Driver Signing (key 1) certificate [Orabug: 37985772]

Thu Oct 23 2025 Alexandra Hájková <ahajkova@redhat.com> [4.18.0-553.82.1.el8_10]

- smb: client: fix missing timestamp updates after utime(2) (Paulo Alcantara) [RHEL-109431]
- cifs: fix leak of iface for primary channel (Paulo Alcantara) [RHEL-109546]
- cifs: reset iface weights when we cannot find a candidate (Paulo Alcantara) [RHEL-109546]
- cifs: deal with the channel loading lag while picking channels (Paulo Alcantara) [RHEL-109546]
- smb3: missing lock when picking channel (Paulo Alcantara) [RHEL-109546] {CVE-2024-35999}
- smb: client: fix potential deadlock when reconnecting channels (Paulo Alcantara) [RHEL-109546] {CVE-2025-38244}
- cifs: update dstaddr whenever channel iface is updated (Paulo Alcantara) [RHEL-109546]
- smb: client: fix oops due to unset link speed (Paulo Alcantara) [RHEL-109546] {CVE-2025-21725}
- smb: client: fix use-after-free of signing key (Paulo Alcantara) [RHEL-109546] {CVE-2024-53179}
- smb: client: fix UAF in smb2_reconnect_server() (Paulo Alcantara) [RHEL-109546] {CVE-2024-35870}
- cifs: failure to add channel on iface should bump up weight (Paulo Alcantara) [RHEL-109546]
- cifs: update iface_last_update on each query-and-update (Paulo Alcantara) [RHEL-109546]
- cifs: do not depend on release_iface for maintaining iface_list (Paulo Alcantara) [RHEL-109546]
- cifs: cifs_chan_is_iface_active should be called with chan_lock held (Paulo Alcantara) [RHEL-109546]
- cifs: account for primary channel in the interface list (Paulo Alcantara) [RHEL-109546]
- cifs: distribute channels across interfaces based on speed (Paulo Alcantara) [RHEL-109546]
- cifs: handle cases where a channel is closed (Paulo Alcantara) [RHEL-109546]
- cifs: force interface update before a fresh session setup (Paulo Alcantara) [RHEL-109546]
- cifs: do not reset chan_max if multichannel is not supported at mount (Paulo Alcantara) [RHEL-109546]
- cifs: reconnect helper should set reconnect for the right channel (Paulo Alcantara) [RHEL-109546]
- smb: client: fix use-after-free bug in cifs_debug_data_proc_show() (Paulo Alcantara) [RHEL-109546] {CVE-2023-52752}
- cifs: print last update time for interface list (Paulo Alcantara) [RHEL-109546]
- cifs: fix session state transition to avoid use-after-free issue (Paulo Alcantara) [RHEL-109546]
- cifs: log session id when a matching ses is not found (Paulo Alcantara) [RHEL-109546]
- cifs: fix session state check in smb2_find_smb_ses (Paulo Alcantara) [RHEL-109546]
- cifs: fix session state check in reconnect to avoid use-after-free issue (Paulo Alcantara) [RHEL-109546]
- cifs: do all necessary checks for credits within or before locking (Paulo Alcantara) [RHEL-109546]
- cifs: fix potential use-after-free bugs in TCP_Server_Info::hostname (Paulo Alcantara) [RHEL-109546]
- cifs: print smb3_fs_context::source when mounting (Paulo Alcantara) [RHEL-109546]
- cifs: protect session status check in smb2_reconnect() (Paulo Alcantara) [RHEL-109546]
- cifs: missing lock when updating session status (Paulo Alcantara) [RHEL-109546]
- cifs: refcount only the selected iface during interface update (Paulo Alcantara) [RHEL-109546]
- cifs: double lock in cifs_reconnect_tcon() (Paulo Alcantara) [RHEL-109546]
- cifs: get rid of dead check in smb2_reconnect() (Paulo Alcantara) [RHEL-109546]
- cifs: avoid races in parallel reconnects in smb1 (Paulo Alcantara) [RHEL-109546]
- cifs: fix missing unload_nls() in smb2_reconnect() (Paulo Alcantara) [RHEL-109546]
- cifs: avoid race conditions with parallel reconnects (Paulo Alcantara) [RHEL-109546]
- cifs: empty interface list when server doesn't support query interfaces (Paulo Alcantara) [RHEL-109546]
- cifs: do not poll server interfaces too regularly (Paulo Alcantara) [RHEL-109546]
- cifs: generate signkey for the channel that's reconnecting (Paulo Alcantara) [RHEL-109546]
- cifs: Move the in_send statistic to __smb_send_rqst() (Paulo Alcantara) [RHEL-109546]
- cifs: prevent data race in cifs_reconnect_tcon() (Paulo Alcantara) [RHEL-109546]
- cifs: reuse cifs_match_ipaddr for comparison of dstaddr too (Paulo Alcantara) [RHEL-109546]
- cifs: match even the scope id for ipv6 addresses (Paulo Alcantara) [RHEL-109546]
- cifs: update ip_addr for ses only for primary chan setup (Paulo Alcantara) [RHEL-109546]
- cifs: use tcon allocation functions even for dummy tcon (Paulo Alcantara) [RHEL-109546]
- cifs: use the least loaded channel for sending requests (Paulo Alcantara) [RHEL-109546]
- cifs: get rid of dns resolve worker (Paulo Alcantara) [RHEL-109546]
- cifs: prevent data race in smb2_reconnect() (Paulo Alcantara) [RHEL-109546]
- cifs: do not query ifaces on smb1 mounts (Paulo Alcantara) [RHEL-109546]
- cifs: fix interface count calculation during refresh (Paulo Alcantara) [RHEL-109546]
- cifs: protect access of TCP_Server_Info::{dstaddr,hostname} (Paulo Alcantara) [RHEL-109546]
- cifs: fix race in assemble_neg_contexts() (Paulo Alcantara) [RHEL-109546]
- cifs: set correct status of tcon ipc when reconnecting (Paulo Alcantara) [RHEL-109546]
- cifs: set correct ipc status after initial tree connect (Paulo Alcantara) [RHEL-109546]
- cifs: set correct tcon status after initial tree connect (Paulo Alcantara) [RHEL-109546]
- cifs: Use after free in debug code (Paulo Alcantara) [RHEL-109546]
- cifs: avoid unnecessary iteration of tcp sessions (Paulo Alcantara) [RHEL-109546]
- smb3: interface count displayed incorrectly (Paulo Alcantara) [RHEL-109546]
- cifs: Fix xid leak in cifs_ses_add_channel() (Paulo Alcantara) [RHEL-109546]
- smb3: clarify multichannel warning (Paulo Alcantara) [RHEL-109546]
- smb3: do not log confusing message when server returns no network interfaces (Paulo Alcantara) [RHEL-109546]
- cifs: return correct error in ->calc_signature() (Paulo Alcantara) [RHEL-109546]
- cifs: add missing spinlock around tcon refcount (Paulo Alcantara) [RHEL-109546]
- cifs: fix small mempool leak in SMB2_negotiate() (Paulo Alcantara) [RHEL-109546] {CVE-2022-49938}
- cifs: remove useless parameter 'is_fsctl' from SMB2_ioctl() (Paulo Alcantara) [RHEL-109546]
- cifs: remove unused server parameter from calc_smb_size() (Paulo Alcantara) [RHEL-109546]
- smb3: limit noisy error (Paulo Alcantara) [RHEL-109546]
- cifs: alloc_mid function should be marked as static (Paulo Alcantara) [RHEL-109546]
- cifs: remove "cifs_" prefix from init/destroy mids functions (Paulo Alcantara) [RHEL-109546]
- cifs: fix wrong unlock before return from cifs_tree_connect() (Paulo Alcantara) [RHEL-109546]
- cifs: avoid use of global locks for high contention data (Paulo Alcantara) [RHEL-109546]
- cifs: remove remaining build warnings (Paulo Alcantara) [RHEL-109546]
- cifs: remove minor build warning (Paulo Alcantara) [RHEL-109546]
- cifs: remove some camelCase and also some static build warnings (Paulo Alcantara) [RHEL-109546]
- cifs: remove unnecessary (void*) conversions. (Paulo Alcantara) [RHEL-109546]
- cifs: remove unnecessary type castings (Paulo Alcantara) [RHEL-109546]
- cifs: remove redundant initialization to variable mnt_sign_enabled (Paulo Alcantara) [RHEL-109546]
- smb3: check xattr value length earlier (Paulo Alcantara) [RHEL-109546]
- cifs: remove unnecessary locking of chan_lock while freeing session (Paulo Alcantara) [RHEL-109546]
- cifs: fix race condition with delayed threads (Paulo Alcantara) [RHEL-109546]
- cifs: update cifs_ses::ip_addr after failover (Paulo Alcantara) [RHEL-109546]
- cifs: avoid deadlocks while updating iface (Paulo Alcantara) [RHEL-109546]
- cifs: periodically query network interfaces from server (Paulo Alcantara) [RHEL-109546]
- cifs: during reconnect, update interface if necessary (Paulo Alcantara) [RHEL-109546]
- cifs: change iface_list from array to sorted linked list (Paulo Alcantara) [RHEL-109546]
- cifs: when a channel is not found for server, log its connection id (Paulo Alcantara) [RHEL-109546]
- cifs: fix potential deadlock in direct reclaim (Paulo Alcantara) [RHEL-109546]
- cifs: return errors during session setup during reconnects (Paulo Alcantara) [RHEL-109546]
- cifs: remove repeated debug message on cifs_put_smb_ses() (Paulo Alcantara) [RHEL-109546]
- cifs: avoid parallel session setups on same channel (Paulo Alcantara) [RHEL-109546]
- cifs: use new enum for ses_status (Paulo Alcantara) [RHEL-109546]
- cifs: fix incorrect use of list iterator after the loop (Paulo Alcantara) [RHEL-109546]
- cifs: do not use tcpStatus after negotiate completes (Paulo Alcantara) [RHEL-109546]
- cifs: use correct lock type in cifs_reconnect() (Paulo Alcantara) [RHEL-109546]
- cifs: Use kzalloc instead of kmalloc/memset (Paulo Alcantara) [RHEL-109546]
- cifs: force new session setup and tcon for dfs (Paulo Alcantara) [RHEL-109546]
- cifs: fix potential race with cifsd thread (Paulo Alcantara) [RHEL-109546]
- smb3: cleanup and clarify status of tree connections (Paulo Alcantara) [RHEL-109546]
- cifs: use a different reconnect helper for non-cifsd threads (Paulo Alcantara) [RHEL-109546]
- smb3: fix incorrect session setup check for multiuser mounts (Paulo Alcantara) [RHEL-109546]
- cifs: mark sessions for reconnection in helper function (Paulo Alcantara) [RHEL-109546]
- cifs: call helper functions for marking channels for reconnect (Paulo Alcantara) [RHEL-109546]
- cifs: call cifs_reconnect when a connection is marked (Paulo Alcantara) [RHEL-109546]
- cifs: unlock chan_lock before calling cifs_put_tcp_session (Paulo Alcantara) [RHEL-109546]
- cifs: cifs_ses_mark_for_reconnect should also update reconnect bits (Paulo Alcantara) [RHEL-109546]
- cifs: update tcpStatus during negotiate and sess setup (Paulo Alcantara) [RHEL-109546]
- cifs: make status checks in version independent callers (Paulo Alcantara) [RHEL-109546]
- cifs: remove repeated state change in dfs tree connect (Paulo Alcantara) [RHEL-109546]
- cifs: fix the cifs_reconnect path for DFS (Paulo Alcantara) [RHEL-109546]
- cifs: remove unused variable ses_selected (Paulo Alcantara) [RHEL-109546]
- cifs: protect all accesses to chan_* with chan_lock (Paulo Alcantara) [RHEL-109546]
- cifs: fix the connection state transitions with multichannel (Paulo Alcantara) [RHEL-109546]
- cifs: check reconnects for channels of active tcons too (Paulo Alcantara) [RHEL-109546]
- cifs: avoid race during socket reconnect between send and recv (Paulo Alcantara) [RHEL-109546]
- cifs: maintain a state machine for tcp/smb/tcon sessions (Paulo Alcantara) [RHEL-109546]
- cifs: fix hang on cifs_get_next_mid() (Paulo Alcantara) [RHEL-109546]
- cifs: take cifs_tcp_ses_lock for status checks (Paulo Alcantara) [RHEL-109546]
- cifs: reconnect only the connection and not smb session where possible (Paulo Alcantara) [RHEL-109546]
- cifs: add WARN_ON for when chan_count goes below minimum (Paulo Alcantara) [RHEL-109546]
- cifs: adjust DebugData to use chans_need_reconnect for conn status (Paulo Alcantara) [RHEL-109546]
- cifs: use the chans_need_reconnect bitmap for reconnect status (Paulo Alcantara) [RHEL-109546]
- cifs: track individual channel status using chans_need_reconnect (Paulo Alcantara) [RHEL-109546]
- cifs: Adjust key sizes and key generation routines for AES256 encryption (Paulo Alcantara) [RHEL-109546]
- cifs: fix allocation size on newly created files (Paulo Alcantara) [RHEL-109546]
- veth: try harder when allocating queue memory (Davide Caratti) [RHEL-92515]
- net: enable memcg accounting for veth queues (Davide Caratti) [RHEL-92515]
- gfs2: No more gfs2_find_jhead caching (Andreas Gruenbacher) [RHEL-92461]
- gfs2: Clean up revokes on normal withdraws (Bob Peterson) [RHEL-92461]
- gfs2: Get rid of duplicate log head lookup (Andreas Gruenbacher) [RHEL-92461]
- gfs2: Improve gfs2_make_fs_rw error handling (Andreas Gruenbacher) [RHEL-92461]
- gfs2: Simplify clean_journal (Andreas Gruenbacher) [RHEL-92461]
- gfs2: Simplify gfs2_log_pointers_init (Andreas Gruenbacher) [RHEL-92461]
- gfs2: Fix glock recursion in freeze_go_xmote_bh (Bob Peterson) [RHEL-92461]
- gfs2: Move gfs2_log_pointers_init (Andreas Gruenbacher) [RHEL-92461]
- mm: hugetlb: conditionally disable tlb_remove_table_sync_one() in huge_pmd_unshare() (Rafael Aquini) [RHEL-120391]
- kernel: extend rh_waived to cope better with the CVE mitigations case (Rafael Aquini) [RHEL-120391]
- Add support to rh_waived cmdline boot parameter (Rafael Aquini) [RHEL-120391]
- wifi: cfg80211: fix use-after-free in cmp_bss() (CKI Backport Bot) [RHEL-117792] {CVE-2025-39864}
- ext4: prevent stale extent cache entries caused by concurrent I/O writeback (Brian Foster) [RHEL-50745]
- ext4: ext4: unify EXT4_EX_NOCACHE|NOFAIL flags in ext4_ext_remove_space() (Brian Foster) [RHEL-50745]
- ext4: check the extent status again before inserting delalloc block (Brian Foster) [RHEL-50745]
- ext4: factor out a common helper to query extent map (Brian Foster) [RHEL-50745]
- ext4: convert to exclusive lock while inserting delalloc extents (Brian Foster) [RHEL-50745]
- ext4: refactor ext4_da_map_blocks() (Brian Foster) [RHEL-50745]
- wifi: mac80211: check S1G action frame size (Jose Ignacio Tornos Martinez) [RHEL-116069] {CVE-2023-53257}
- wifi: mwifiex: Fix oob check condition in mwifiex_process_rx_packet (Jose Ignacio Tornos Martinez) [RHEL-115516] {CVE-2023-53226}
- wifi: mwifiex: Fix missed return in oob checks failed path (Jose Ignacio Tornos Martinez) [RHEL-115516] {CVE-2023-53226}
- wifi: mwifiex: Fix OOB and integer underflow when rx packets (Jose Ignacio Tornos Martinez) [RHEL-115516] {CVE-2023-53226}

Thu Oct 16 2025 Alexandra Hájková <ahajkova@redhat.com> [4.18.0-553.81.1.el8_10]

- Bluetooth: L2CAP: Fix user-after-free (CKI Backport Bot) [RHEL-117369] {CVE-2022-50386}
- Bluetooth: Fix potential use-after-free when clear keys (CKI Backport Bot) [RHEL-117193] {CVE-2023-53386}
- efivarfs: Fix slab-out-of-bounds in efivarfs_d_compare (CKI Backport Bot) [RHEL-117924] {CVE-2025-39817}
- scsi: lpfc: Fix buffer free/clear order in deferred receive path (CKI Backport Bot) [RHEL-117707] {CVE-2025-39841}
- mm, meminit: recalculate pcpu batch and high limits after init completes (Audra Mitchell) [RHEL-108920]
- Bluetooth: L2CAP: fix "bad unlock balance" in l2cap_disconnect_rsp (CKI Backport Bot) [RHEL-118478] {CVE-2023-53297}
- net/mlx5: Stop waiting for PCI if pci channel is offline (CKI Backport Bot) [RHEL-114111]
- mm/shmem: fix potential dead loop in shmem_unuse() (Rafael Aquini) [RHEL-104909]
- mm/gup: fix wrongly calculated returned value in fault_in_safe_writeable() (Rafael Aquini) [RHEL-104909]
- mm: fix apply_to_existing_page_range() (Rafael Aquini) [RHEL-104909]
- arm64: mm: Correct the update of max_pfn (Rafael Aquini) [RHEL-104909]
- mm, percpu: do not consider sleepable allocations atomic (Rafael Aquini) [RHEL-104909]
- mm/hugetlb: wait for hugetlb folios to be freed (Rafael Aquini) [RHEL-104909]
- x86/mm: Fix flush_tlb_range() when used for zapping normal PMDs (Rafael Aquini) [RHEL-104909]
- x86/mm/pat: cpa-test: fix length for CPA_ARRAY test (Rafael Aquini) [RHEL-104909]
- arm64: Fix KASAN random tag seed initialization (Rafael Aquini) [RHEL-104909]
- mm/numa_balancing: teach mpol_to_str about the balancing mode (Rafael Aquini) [RHEL-104909]
- s390/mm: Fix clearing storage keys for huge pages (Rafael Aquini) [RHEL-104909]
- s390/mm: Fix storage key clearing for guest huge pages (Rafael Aquini) [RHEL-104909]
- mm/slub, kunit: Use inverted data to corrupt kmem cache (Rafael Aquini) [RHEL-104909]
- mm: memcg: use larger batches for proactive reclaim (Rafael Aquini) [RHEL-104909]
- mm: memcg: don't periodically flush stats when memcg is disabled (Rafael Aquini) [RHEL-104909]
- mm: writeback: ratelimit stat flush from mem_cgroup_wb_stats (Rafael Aquini) [RHEL-104909]
- mm: memcontrol: don't throttle dying tasks on memory.high (Rafael Aquini) [RHEL-104909]
- arm64: mm: Always make sw-dirty PTEs hw-dirty in pte_modify (Rafael Aquini) [RHEL-104909]
- arm64/mm: Set only the PTE_DIRTY bit while preserving the HW dirty state (Rafael Aquini) [RHEL-104909]
- base/node.c: initialize the accessor list before registering (Rafael Aquini) [RHEL-104909]
- mm: hugetlb: eliminate memory-less nodes handling (Rafael Aquini) [RHEL-104909]
- mm: hugetlb: simplify per-node sysfs creation and removal (Rafael Aquini) [RHEL-104909]
- powerpc/pseries: fix potential memory leak in init_cpu_associativity() (Rafael Aquini) [RHEL-104909]
- writeback, cgroup: switch inodes with dirty timestamps to release dying cgwbs (Rafael Aquini) [RHEL-104909]
- vfs: fix readahead(2) on block devices (Rafael Aquini) [RHEL-104909]
- mm/page_alloc: correct start page when guard page debug is enabled (Rafael Aquini) [RHEL-104909]
- mm/memory_hotplug: use pfn math in place of direct struct page manipulation (Rafael Aquini) [RHEL-104909]
- mm/cma: use nth_page() in place of direct struct page manipulation (Rafael Aquini) [RHEL-104909]
- slab: kmalloc_size_roundup() must not return 0 for non-zero size (Rafael Aquini) [RHEL-104909]
- mm: memcontrol: fix GFP_NOFS recursion in memory.high enforcement (Rafael Aquini) [RHEL-104909]
- mm/vmalloc: add a safer version of find_vm_area() for debug (Rafael Aquini) [RHEL-104909]
- mm/vmalloc: extend __find_vmap_area() with one more argument (Rafael Aquini) [RHEL-104909]
- mm: memory-failure: fix unexpected return value in soft_offline_page() (Rafael Aquini) [RHEL-104909]
- mm: memory-failure: kill soft_offline_free_page() (Rafael Aquini) [RHEL-104909]
- radix tree: remove unused variable (Rafael Aquini) [RHEL-104909]
- mm: add a call to flush_cache_vmap() in vmap_pfn() (Rafael Aquini) [RHEL-104909]
- tmpfs: verify {g,u}id mount options correctly (Rafael Aquini) [RHEL-104909]
- powerpc/mm/altmap: Fix altmap boundary check (Rafael Aquini) [RHEL-104909]
- powerpc/mm/dax: Fix the condition when checking if altmap vmemap can cross-boundary (Rafael Aquini) [RHEL-104909]
- writeback: fix dereferencing NULL mapping->host on writeback_page_template (Rafael Aquini) [RHEL-104909]
- x86/mm: Avoid using set_pgd() outside of real PGD pages (Rafael Aquini) [RHEL-104909]
- mm: vmalloc must set pte via arch code (Rafael Aquini) [RHEL-104909]
- mm: zswap: shrink until can accept (Rafael Aquini) [RHEL-104909]
- mm, compaction: finish pageblocks on complete migration failure (Rafael Aquini) [RHEL-104909]
- mm, compaction: finish scanning the current pageblock if requested (Rafael Aquini) [RHEL-104909]
- mm, compaction: check if a page has been captured before draining PCP pages (Rafael Aquini) [RHEL-104909]
- mm, compaction: rename compact_control->rescan to finish_pageblock (Rafael Aquini) [RHEL-104909]
- mm/compaction: move compaction_suitable's comment to right place (Rafael Aquini) [RHEL-104909]
- mm/compaction: rename 'start_pfn' to 'iteration_start_pfn' in compact_zone() (Rafael Aquini) [RHEL-104909]
- mm: memcg: fix NULL pointer in mem_cgroup_track_foreign_dirty_slowpath() (Rafael Aquini) [RHEL-104909]
- Revert "mm/compaction: fix set skip in fast_find_migrateblock" (Rafael Aquini) [RHEL-104909]
- mm/page_reporting: replace rcu_access_pointer() with rcu_dereference_protected() (Rafael Aquini) [RHEL-104909]
- mm/compaction: fix set skip in fast_find_migrateblock (Rafael Aquini) [RHEL-104909]
- memregion: Fix memregion_free() fallback definition (Rafael Aquini) [RHEL-104909]
- s390/extable: fix exception table sorting (Rafael Aquini) [RHEL-104909]
- shmem: shmem_writepage() split unlikely i915 THP (Rafael Aquini) [RHEL-104909]
- huge tmpfs: decide stat.st_blksize by shmem_is_huge() (Rafael Aquini) [RHEL-104909]
- huge tmpfs: shmem_is_huge(vma, inode, index) (Rafael Aquini) [RHEL-104909]
- huge tmpfs: SGP_NOALLOC to stop collapse_file() on race (Rafael Aquini) [RHEL-104909]
- huge tmpfs: move shmem_huge_enabled() upwards (Rafael Aquini) [RHEL-104909]
- huge tmpfs: remove shrinklist addition from shmem_setattr() (Rafael Aquini) [RHEL-104909]
- mm,shmem,thp: limit shmem THP allocations to requested zones (Rafael Aquini) [RHEL-104909]
- mm,thp,shm: limit gfp mask to no more than specified (Rafael Aquini) [RHEL-104909]
- mm,thp,shmem: limit shmem THP alloc gfp_mask (Rafael Aquini) [RHEL-104909]
- mm/swap: optimise get_shadow_from_swap_cache (Rafael Aquini) [RHEL-104909]
- mm/shmem: use pagevec_lookup in shmem_unlock_mapping (Rafael Aquini) [RHEL-104909]
- mm: make pagecache tagged lookups return only head pages (Rafael Aquini) [RHEL-104909]
- mm: fix madvise WILLNEED performance problem (Rafael Aquini) [RHEL-104909]
- mm: pagemap.h: fix two kernel-doc markups (Rafael Aquini) [RHEL-104909]
- mm: add find_lock_head (Rafael Aquini) [RHEL-104909]
- mm/shmem: return head page from find_lock_entry (Rafael Aquini) [RHEL-104909]
- mm: convert find_get_entry to return the head page (Rafael Aquini) [RHEL-104909]
- i915: use find_lock_page instead of find_lock_entry (Rafael Aquini) [RHEL-104909]
- proc: optimise smaps for shmem entries (Rafael Aquini) [RHEL-104909]
- mm: optimise madvise WILLNEED (Rafael Aquini) [RHEL-104909]
- mm: use find_get_incore_page in memcontrol (Rafael Aquini) [RHEL-104909]
- mm: factor find_get_incore_page out of mincore_page (Rafael Aquini) [RHEL-104909]
- mm/shmem: fix build without THP (Rafael Aquini) [RHEL-104909]
- mm: huge tmpfs: try to split_huge_page() when punching hole (Rafael Aquini) [RHEL-104909]
- mm/shmem.c: clean code by removing unnecessary assignment (Rafael Aquini) [RHEL-104909]
- mm/shmem.c: distribute switch variables for initialization (Rafael Aquini) [RHEL-104909]
- include/linux/pagemap.h: optimise find_subpage for !THP (Rafael Aquini) [RHEL-104909]
- mm/filemap.c: unexport find_get_entry (Rafael Aquini) [RHEL-104909]
- include/linux/pagemap.h: rename arguments to find_subpage (Rafael Aquini) [RHEL-104909]
- powerpc/mm: drop #ifdef CONFIG_MMU in is_ioremap_addr() (Rafael Aquini) [RHEL-104909]
- powerpc: remove the __kernel_io_end export (Rafael Aquini) [RHEL-104909]
- mm/shmem: make find_get_pages_range() work for huge page (Rafael Aquini) [RHEL-104909]
- wifi: cfg80211: sme: cap SSID length in __cfg80211_connect_result() (CKI Backport Bot) [RHEL-117577] {CVE-2025-39849}
- dlm: move to rinfo for all middle conversion cases (Alexander Aring) [RHEL-110032]

Thu Oct 09 2025 Alexandra Hájková <ahajkova@redhat.com> [4.18.0-553.80.1.el8_10]

- block: remove some blk_mq_hw_ctx debugfs entries (Ricardo Robaina) [RHEL-8816]
- blk-mq: Remove the hctx 'run' debugfs attribute (Ricardo Robaina) [RHEL-8816]
- block: remove debugfs blk_mq_ctx dispatched/merged/completed attributes (Ricardo Robaina) [RHEL-8816]
- ALSA: hda/ca0132: Fix buffer overflow in add_tuning_control (CKI Backport Bot) [RHEL-114840] {CVE-2025-39751}
- crypto: seqiv - Handle EBUSY correctly (CKI Backport Bot) [RHEL-117228] {CVE-2023-53373}
- ALSA: usb-audio: Validate UAC3 power domain descriptors, too (Jaroslav Kysela) [RHEL-114681] {CVE-2025-38729}
- ALSA: usb-audio: Fix size validation in convert_chmap_v3() (Jaroslav Kysela) [RHEL-114681]
- ALSA: usb-audio: Validate UAC3 cluster segment descriptors (Jaroslav Kysela) [RHEL-114681] {CVE-2025-39757}

Thu Oct 02 2025 Alexandra Hájková <ahajkova@redhat.com> [4.18.0-553.79.1.el8_10]

- Bluetooth: L2CAP: Fix use-after-free (CKI Backport Bot) [RHEL-116277] {CVE-2023-53305}
- KVM: SVM: Don't BUG if userspace injects an interrupt with GIF=0 (CKI Backport Bot) [RHEL-109748] {CVE-2022-50228}

Thu Sep 25 2025 Denys Vlasenko <dvlasenk@redhat.com> [4.18.0-553.78.1.el8_10]

- mm/migrate: set swap entry values of THP tail pages properly. (Luiz Capitulino) [RHEL-101302]
- smb: client: fix use-after-free in cifs_oplock_break (Paulo Alcantara) [RHEL-111190] {CVE-2025-38527}
- NFS: Fix filehandle bounds checking in nfs_fh_to_dentry() (CKI Backport Bot) [RHEL-113603] {CVE-2025-39730}

Thu Sep 18 2025 Denys Vlasenko <dvlasenk@redhat.com> [4.18.0-553.77.1.el8_10]

- net_sched: hfsc: Fix a potential UAF in hfsc_dequeue() too (CKI Backport Bot) [RHEL-109847] {CVE-2025-37797}
- net_sched: hfsc: Fix a UAF vulnerability in class handling (CKI Backport Bot) [RHEL-109847] {CVE-2025-37797}
- net: openvswitch: Fix the dead loop of MPLS parse (Aaron Conole) [RHEL-95609]
- sctp: linearize cloned gso packets in sctp_rcv (CKI Backport Bot) [RHEL-113329] {CVE-2025-38718}
- firmware: arm_scpi: Ensure scpi_info is not assigned if the probe fails (Charles Mirabile) [RHEL-109394] {CVE-2022-50087}
- nfsd: don't ignore the return code of svc_proc_register() (Olga Kornievskaia) [RHEL-111639] {CVE-2025-22026}

Sun Sep 14 2025 Denys Vlasenko <dvlasenk@redhat.com> [4.18.0-553.76.1.el8_10]

- HID: core: Harden s32ton() against conversion to 0 bits (CKI Backport Bot) [RHEL-111027] {CVE-2025-38556}
- HID: stop exporting hid_snto32() (CKI Backport Bot) [RHEL-111027] {CVE-2025-38556}
- HID: simplify snto32() (CKI Backport Bot) [RHEL-111027] {CVE-2025-38556}
- HID: core: fix shift-out-of-bounds in hid_report_raw_event (CKI Backport Bot) [RHEL-111027] {CVE-2025-38556}
- use uniform permission checks for all mount propagation changes (Ian Kent) [RHEL-107299] {CVE-2025-38498}
- do_change_type(): refuse to operate on unmounted/not ours mounts (Ian Kent) [RHEL-107299] {CVE-2025-38498}
- xfs: make sure sb_fdblocks is non-negative (Pavel Reichl) [RHEL-104193]
- vsock: Fix transport_* TOCTOU (CKI Backport Bot) [RHEL-105991] {CVE-2025-38461}

Tue Sep 09 2025 Denys Vlasenko <dvlasenk@redhat.com> [4.18.0-553.75.1.el8_10]

- Revert "module, async: async_synchronize_full() on module init iff async is used" (Herton R. Krzesinski) [RHEL-99812]
- mm/page_alloc: make sure free_pcppages_bulk() bails when given count < 0 (Rafael Aquini) [RHEL-85453]
- sch_cbq: make cbq_qlen_notify() idempotent (Ivan Vecera) [RHEL-93376]
- net/sched: ets: use old 'nbands' while purging unused classes (Ivan Vecera) [RHEL-107541] {CVE-2025-38350}
- net_sched: sch_ets: implement lockless ets_dump() (Ivan Vecera) [RHEL-107541] {CVE-2025-38350}
- net/sched: Always pass notifications when child class becomes empty (Ivan Vecera) [RHEL-93376] {CVE-2025-38350}
- net_sched: ets: fix a race in ets_qdisc_change() (Ivan Vecera) [RHEL-107541] {CVE-2025-38107}
- sch_htb: make htb_deactivate() idempotent (Ivan Vecera) [RHEL-93376] {CVE-2025-37953}
- codel: remove sch->q.qlen check before qdisc_tree_reduce_backlog() (Ivan Vecera) [RHEL-93376] {CVE-2025-37798}
- sch_qfq: make qfq_qlen_notify() idempotent (Ivan Vecera) [RHEL-93376] {CVE-2025-38350}
- sch_drr: make drr_qlen_notify() idempotent (Ivan Vecera) [RHEL-93376] {CVE-2025-38350}
- sch_htb: make htb_qlen_notify() idempotent (Ivan Vecera) [RHEL-93376] {CVE-2025-37932}
- idpf: convert control queue mutex to a spinlock (CKI Backport Bot) [RHEL-106049] {CVE-2025-38392}
- drm/framebuffer: Acquire internal references on GEM handles (Anusha Srivatsa) [RHEL-106684] {CVE-2025-38449}
- drm/gem: Acquire references on GEM handles for framebuffers (Anusha Srivatsa) [RHEL-106684] {CVE-2025-38449}
- tracing: Disable interrupt or preemption before acquiring arch_spinlock_t (partial) (Luis Claudio R. Goncalves) [RHEL-95713]
- vmxnet3: disable rx data ring on dma allocation failure (Michal Schmidt) [RHEL-106160]
- xfs: fix error returns from xfs_bmapi_write (Carlos Maiolino) [RHEL-93655]
- xfs: handle nimaps=0 from xfs_bmapi_write in xfs_alloc_file_space (Carlos Maiolino) [RHEL-93655]
- net: usb: smsc75xx: Move packet length check to prevent kernel panic in skb_pull (CKI Backport Bot) [RHEL-112239] {CVE-2023-53125}
- net: usb: smsc75xx: Limit packet length to skb->len (CKI Backport Bot) [RHEL-112239] {CVE-2023-53125}
- PCI: Support BAR sizes up to 8TB (Myron Stowe) [RHEL-106671]