[ol8_baseos_latest] kernel-debug-core-4.18.0-513.18.1.el8_9.x86_64

Name:	kernel-debug-core
Version:	4.18.0
Release:	513.18.1.el8_9
Architecture:	x86_64
Group:	System Environment/Kernel
Size:	119654773
License:	GPLv2 and Redistributable, no modification permitted
RPM:	kernel-debug-core-4.18.0-513.18.1.el8_9.x86_64.rpm
Source RPM:	kernel-4.18.0-513.18.1.el8_9.src.rpm
Build Date:	Wed Mar 06 2024
Build Host:	build-ol8-x86_64.oracle.com
Vendor:	Oracle America
URL:	http://www.kernel.org/
Summary:	The Linux kernel compiled with extra debugging enabled
Description:	The kernel package contains the Linux kernel (vmlinuz), the core of any Linux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc. This variant of the kernel has numerous debugging options enabled. It should only be installed when trying to gather additional information on kernel bugs, as some of these options impact performance noticably.

Changelog (Show File list) (Show related packages)

Tue Mar 05 2024 Alan Steinberg <alan.steinberg@oracle.com> [4.18.0-513.18.1.el8_9.OL8]

- Update Oracle Linux certificates (Kevin Lyons)
- Disable signing for aarch64 (Ilya Okomin)
- Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237]
- Update x509.genkey [Orabug: 24817676]
- Conflict with shim-ia32 and shim-x64 <= 15.3-1.0.3
- Remove upstream reference during boot (Kevin Lyons) [Orabug: 34750652]
- Drop not needed patch

Thu Feb 01 2024 Patrick Talbert <ptalbert@redhat.com> [4.18.0-513.18.1.el8_9]

- net: tls, update curr on splice as well (Sabrina Dubroca) [RHEL-22091 RHEL-19065] {CVE-2024-0646}
- smb: client: fix potential OOB in smb2_dump_detail() (Scott Mayhew) [RHEL-21672 RHEL-19144] {CVE-2023-6610}
- smb: client: fix potential OOB in cifs_dump_detail() (Scott Mayhew) [RHEL-21672 RHEL-19144] {CVE-2023-6610}
- nvmet-tcp: Fix the H2C expected PDU len calculation (Maurizio Lombardi) [RHEL-22299 RHEL-22637 RHEL-22641 RHEL-19155 RHEL-19161 RHEL-19167] {CVE-2023-6535 CVE-2023-6356 CVE-2023-6536}
- nvmet-tcp: remove boilerplate code (Maurizio Lombardi) [RHEL-22299 RHEL-22637 RHEL-22641 RHEL-19155 RHEL-19161 RHEL-19167] {CVE-2023-6535 CVE-2023-6356 CVE-2023-6536}
- nvmet-tcp: fix a crash in nvmet_req_complete() (Maurizio Lombardi) [RHEL-22299 RHEL-22637 RHEL-22641 RHEL-19155 RHEL-19161 RHEL-19167] {CVE-2023-6535 CVE-2023-6356 CVE-2023-6536}
- nvmet-tcp: Fix a kernel panic when host sends an invalid H2C PDU length (Maurizio Lombardi) [RHEL-22299 RHEL-22637 RHEL-22641 RHEL-19155 RHEL-19161 RHEL-19167] {CVE-2023-6535 CVE-2023-6356 CVE-2023-6536}
- net-sysfs: add check for netdevice being present to speed_show (Michal Schmidt) [RHEL-20924 RHEL-16007]
- netfilter: nft_set_pipapo: skip inactive elements during set walk (Florian Westphal) [RHEL-20698 RHEL-19721] {CVE-2023-6817}

Thu Jan 25 2024 Patrick Talbert <ptalbert@redhat.com> [4.18.0-513.17.1.el8_9]

- redhat: rewrite genlog and support Y- tags (Jan Stancek)
- smb: client: fix OOB in smbCalcSize() (Scott Mayhew) [RHEL-21662 RHEL-18990] {CVE-2023-6606}
- s390/qeth: Don't call dev_close/dev_open (DOWN/UP) (Tobias Huschle) [RHEL-17884 RHEL-2410]
- blk-mq: use quiesced elevator switch when reinitializing queues (Ming Lei) [RHEL-21785 RHEL-19944]
- lib/group_cpus.c: avoid acquiring cpu hotplug lock in group_cpus_evenly (Ming Lei) [RHEL-20232 RHEL-8128]

Thu Jan 18 2024 Patrick Talbert <ptalbert@redhat.com> [4.18.0-513.16.1.el8_9]

- tracing/timerlat: Add user-space interface (Chris White) [RHEL-20362 RHEL-15142]
- tracing/osnoise: Skip running osnoise if all instances are off (Chris White) [RHEL-20362 RHEL-15142]
- tracing/osnoise: Switch from PF_NO_SETAFFINITY to migrate_disable (Chris White) [RHEL-20362 RHEL-15142]
- tracing/timerlat: Always wakeup the timerlat thread (Chris White) [RHEL-20362 RHEL-15142]
- tracing/osnoise: Fix notify new tracing_max_latency (Chris White) [RHEL-20362 RHEL-15142]
- tracing/timerlat: Notify new max thread latency (Chris White) [RHEL-20362 RHEL-15142]
- trace/osnoise: make use of the helper function kthread_run_on_cpu() (Chris White) [RHEL-20362 RHEL-15142]
- kthread: add the helper function kthread_run_on_cpu() (Chris White) [RHEL-20362 RHEL-15142]
- x86/apic: Mark _all_ legacy interrupts when IO/APIC is missing (Prarit Bhargava) [RHEL-7238 RHEL-4244]
- HID: check empty report_list in hid_validate_values() (Desnes Nunes) [RHEL-19274 RHEL-19237] {CVE-2023-1073}
- s390/dasd: print copy pair message only for the correct error (Tobias Huschle) [RHEL-9444 RHEL-2831]
- blk-mq: don't count completed flush data request as inflight in case of quiesce (Ming Lei) [RHEL-19111 RHEL-18055]

Thu Jan 11 2024 Patrick Talbert <ptalbert@redhat.com> [4.18.0-513.15.1.el8_9]

- IB/ipoib: Fix mcast list locking (Daniel Vacek) [RHEL-19699 RHEL-19244]
- RDMA/IPoIB: Fix error code return in ipoib_mcast_join (Daniel Vacek) [RHEL-19699 RHEL-19244]
- x86/sev: Check for user-space IOIO pointing to kernel space (Wander Lairson Costa) [RHEL-18014 RHEL-14978] {CVE-2023-46813}
- x86/sev: Check IOBM for IOIO exceptions from user-space (Wander Lairson Costa) [RHEL-18014 RHEL-14978] {CVE-2023-46813}
- x86/sev: Disable MMIO emulation from user mode (Wander Lairson Costa) [RHEL-18014 RHEL-14978] {CVE-2023-46813}
- x86/sev-es: Fix SEV-ES OUT/IN immediate opcode vc handling (Wander Lairson Costa) [RHEL-18014 RHEL-14978] {CVE-2023-46813}

Thu Jan 04 2024 Patrick Talbert <ptalbert@redhat.com> [4.18.0-513.14.1.el8_9]

- nfp: fix use-after-free in area_cache_get() (Ricardo Robaina) [RHEL-19452 RHEL-6567] {CVE-2022-3545}
- Bluetooth: L2CAP: Fix use-after-free in l2cap_sock_ready_cb (David Marlin) [RHEL-18999 RHEL-1231] {CVE-2023-40283}
- md/raid5: release batch_last before waiting for another stripe_head (Nigel Croxon) [RHEL-12284 RHEL-9875]

Thu Dec 21 2023 Patrick Talbert <ptalbert@redhat.com> [4.18.0-513.13.1.el8_9]

- Fix double fget() in vhost_net_set_backend() (Jon Maloy) [RHEL-13212 RHEL-7162] {CVE-2023-1838}
- can: af_can: fix NULL pointer dereference in can_rcv_filter (Ricardo Robaina) [RHEL-19462 RHEL-6429] {CVE-2023-2166}
- RDMA/core: Update CMA destination address on rdma_resolve_addr (Kamal Heib) [RHEL-19328 RHEL-1032] {CVE-2023-2176}
- RDMA/core: Refactor rdma_bind_addr (Kamal Heib) [RHEL-19328 RHEL-1032] {CVE-2023-2176}
- net: fix net device address assign type (Michal Schmidt) [RHEL-17296 RHEL-6383]
- net: add check for current MAC address in dev_set_mac_address (Michal Schmidt) [RHEL-17296 RHEL-6383]
- perf/core: Fix potential NULL deref (Wander Lairson Costa) [RHEL-18004 RHEL-14982] {CVE-2023-5717}
- perf: Disallow mis-matched inherited group reads (Wander Lairson Costa) [RHEL-18004 RHEL-14982] {CVE-2023-5717}
- drivers: net: slip: fix NPD bug in sl_tx_timeout() (Michal Schmidt) [RHEL-18583 RHEL-6655] {CVE-2022-41858}

Thu Dec 14 2023 Patrick Talbert <ptalbert@redhat.com> [4.18.0-513.12.1.el8_9]

- net/sched: sch_hfsc: upgrade 'rt' to 'sc' when it becomes a inner curve (Davide Caratti) [RHEL-16858 RHEL-14032] {CVE-2023-4623}
- net/sched: sch_hfsc: Ensure inner classes have fsc curve (Davide Caratti) [RHEL-16858 RHEL-14032] {CVE-2023-4623}
- net: sched: sch_qfq: Use non-work-conserving warning handler (Davide Caratti) [RHEL-14423 RHEL-14032] {CVE-2023-4921}
- net: sched: sch_qfq: Fix UAF in qfq_dequeue() (Davide Caratti) [RHEL-14423 RHEL-14032] {CVE-2023-4921}
- net/tls: Remove the context from the list in tls_device_down (Jay Shin) [RHEL-17813 RHEL-17301]
- tls: Fix context leak on tls_device_down (Jay Shin) [RHEL-17813 RHEL-17301]
- igb: set max size RX buffer when store bad packet is enabled (Wander Lairson Costa) [RHEL-15187 RHEL-15188] {CVE-2023-45871}

Thu Dec 07 2023 Patrick Talbert <ptalbert@redhat.com> [4.18.0-513.11.1.el8_9]

- redhat: fix to be able to build with rpm 4.19.0 (Denys Vlasenko)
- blk-mq: enforce op-specific segment limits in blk_insert_cloned_request (Ming Lei) [RHEL-14718 RHEL-14504]
- KVM: x86: Add SBPB support (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569}
- KVM: x86: Add IBPB_BRTYPE support (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569}
- x86/retpoline: Document some thunk handling aspects (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569}
- x86/srso: Remove unnecessary semicolon (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569}
- x86/rethunk: Use SYM_CODE_START[_LOCAL]_NOALIGN macros (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569}
- x86/srso: Disentangle rethunk-dependent options (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569}
- x86/srso: Move retbleed IBPB check into existing 'has_microcode' code block (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569}
- x86/bugs: Remove default case for fully switched enums (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569}
- x86/srso: Remove 'pred_cmd' label (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569}
- x86/srso: Unexport untraining functions (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569}
- x86/srso: Improve i-cache locality for alias mitigation (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569}
- x86/srso: Fix vulnerability reporting for missing microcode (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569}
- x86/srso: Print mitigation for retbleed IBPB case (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569}
- x86/srso: Print actual mitigation if requested mitigation isn't possible (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569}
- x86/srso: Fix SBPB enablement for (possible) future fixed HW (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569}
- x86/alternatives: Remove faulty optimization (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569}
- x86/srso: Fix SBPB enablement for spec_rstack_overflow=off (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569}
- x86/srso: Don't probe microcode in a guest (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569}
- x86/srso: Set CPUID feature bits independently of bug or mitigation status (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569}
- x86/srso: Fix srso_show_state() side effect (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569}
- x86/cpu: Fix amd_check_microcode() declaration (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569}
- x86/CPU/AMD: Remove amd_get_topology_early() (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569}
- x86/srso: Correct the mitigation status when SMT is disabled (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569}
- x86/srso: Explain the untraining sequences a bit more (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569}
- x86/cpu/kvm: Provide UNTRAIN_RET_VM (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569}
- x86/cpu: Cleanup the untrain mess (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569}
- x86/cpu: Rename srso_(.*)_alias to srso_alias_\1 (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569}
- x86/cpu: Rename original retbleed methods (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569}
- x86/cpu: Clean up SRSO return thunk mess (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569}
- x86/alternative: Make custom return thunk unconditional (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569}
- objtool/x86: Fix SRSO mess (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569}
- x86/cpu: Fix up srso_safe_ret() and __x86_return_thunk() (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569}
- x86/cpu: Fix __x86_return_thunk symbol type (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569}
- x86/retpoline,kprobes: Fix position of thunk sections with CONFIG_LTO_CLANG (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569}
- x86/srso: Disable the mitigation on unaffected configurations (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569}
- x86/CPU/AMD: Fix the DIV(0) initial fix attempt (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569}
- x86/retpoline: Don't clobber RFLAGS during srso_safe_ret() (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569}
- x86/cpu/amd: Enable Zenbleed fix for AMD Custom APU 0405 (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569}
- driver core: cpu: Fix the fallback cpu_show_gds() name (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569}
- x86: Move gds_ucode_mitigated() declaration to header (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569}
- x86/speculation: Add cpu_show_gds() prototype (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569}
- driver core: cpu: Make cpu_show_not_affected() static (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569}
- x86/srso: Fix build breakage with the LLVM linker (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569}
- Documentation/srso: Document IBPB aspect and fix formatting (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569}
- driver core: cpu: Unify redundant silly stubs (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569}
- x86/CPU/AMD: Do not leak quotient data after a division by 0 (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569}
- x86/srso: Tie SBPB bit setting to microcode patch detection (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569}
- x86/srso: Add a forgotten NOENDBR annotation (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569}
- x86/srso: Fix return thunks in generated code (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569}
- x86/srso: Add IBPB on VMEXIT (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569}
- x86/srso: Add IBPB (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569}
- x86/srso: Add SRSO_NO support (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569}
- x86/srso: Add IBPB_BRTYPE support (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569}
- x86/srso: Add a Speculative RAS Overflow mitigation (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569}
- x86/retbleed: Add __x86_return_thunk alignment checks (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569}
- x86/retbleed: Fix return thunk alignment (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569}
- x86/alternative: Optimize returns patching (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569}
- x86/microcode/AMD: Load late on both threads too (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569}
- x86/returnthunk: Allow different return thunks (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569}
- x86: Sanitize linker script (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569}
- objtool: Fix .return_sites generation (Waiman Long) [RHEL-14115 RHEL-9298] {CVE-2023-20569}
- drm/amdgpu: Fix possible null pointer dereference (Jocelyn Falempe) [RHEL-14509 RHEL-14510] {CVE-2023-5633}
- drm/amdgpu: Fix possible null pointer dereference (Jocelyn Falempe) [RHEL-14509 RHEL-14510] {CVE-2023-5633}
- drm/vmwgfx: Keep a gem reference to user bos in surfaces (Jocelyn Falempe) [RHEL-14509 RHEL-14510] {CVE-2023-5633}
- drm/vmwgfx: fix typo of sizeof argument (Jocelyn Falempe) [RHEL-14509 RHEL-14510] {CVE-2023-5633}
- drm/vmwgfx: Fix possible invalid drm gem put calls (Jocelyn Falempe) [RHEL-14509 RHEL-14510] {CVE-2023-5633}
- drm/vmwgfx: Fix shader stage validation (Jocelyn Falempe) [RHEL-14509 RHEL-14510] {CVE-2023-5633}
- drm/vmwgfx: remove unused vmw_overlay function (Jocelyn Falempe) [RHEL-14509 RHEL-14510] {CVE-2023-5633}
- drm/vmwgfx: Fix Legacy Display Unit atomic drm support (Jocelyn Falempe) [RHEL-14509 RHEL-14510] {CVE-2023-5633}
- drm/vmwgfx: Print errors when running on broken/unsupported configs (Jocelyn Falempe) [RHEL-14509 RHEL-14510] {CVE-2023-5633}
- drm/vmwgfx: Drop mksstat_init_record fn as currently unused (Jocelyn Falempe) [RHEL-14509 RHEL-14510] {CVE-2023-5633}
- drm/vmwgfx: Fix src/dst_pitch confusion (Jocelyn Falempe) [RHEL-14509 RHEL-14510] {CVE-2023-5633}
- drm/vmwgfx: Replace one-element array with flexible-array member (Jocelyn Falempe) [RHEL-14509 RHEL-14510] {CVE-2023-5633}
- drm/vmwgfx: Do not drop the reference to the handle too soon (Jocelyn Falempe) [RHEL-14509 RHEL-14510] {CVE-2023-5633}
- drm/vmwgfx: Stop accessing buffer objects which failed init (Jocelyn Falempe) [RHEL-14509 RHEL-14510] {CVE-2023-5633}
- drm/vmwgfx: Make the driver work without the dummy resources (Jocelyn Falempe) [RHEL-14509 RHEL-14510] {CVE-2023-5633}
- drm/vmwgfx: Stop using raw ttm_buffer_object's (Jocelyn Falempe) [RHEL-14509 RHEL-14510] {CVE-2023-5633}
- drm/vmwgfx: Abstract placement selection (Jocelyn Falempe) [RHEL-14509 RHEL-14510] {CVE-2023-5633}
- drm/vmwgfx: Rename dummy to is_iomem (Jocelyn Falempe) [RHEL-14509 RHEL-14510] {CVE-2023-5633}
- drm/vmwgfx: Cleanup the vmw bo usage in the cursor paths (Jocelyn Falempe) [RHEL-14509 RHEL-14510] {CVE-2023-5633}
- drm/vmwgfx: Simplify fb pinning (Jocelyn Falempe) [RHEL-14509 RHEL-14510] {CVE-2023-5633}
- drm/vmwgfx: Rename vmw_buffer_object to vmw_bo (Jocelyn Falempe) [RHEL-14509 RHEL-14510] {CVE-2023-5633}
- drm/vmwgfx: Remove the duplicate bo_free function (Jocelyn Falempe) [RHEL-14509 RHEL-14510] {CVE-2023-5633}
- drm/vmwgfx: Use the common gem mmap instead of the custom code (Jocelyn Falempe) [RHEL-14509 RHEL-14510] {CVE-2023-5633}
- drm/radeon: handle NULL bo->resource in move callback (Jocelyn Falempe) [RHEL-14509 RHEL-14510] {CVE-2023-5633}
- drm/qxl: handle NULL bo->resource in move callback (Jocelyn Falempe) [RHEL-14509 RHEL-14510] {CVE-2023-5633}
- drm/gem-vram: handle NULL bo->resource in move callback (Jocelyn Falempe) [RHEL-14509 RHEL-14510] {CVE-2023-5633}
- drm/ttm: prevent moving of pinned BOs (Jocelyn Falempe) [RHEL-14509 RHEL-14510] {CVE-2023-5633}
- drm/ttm: stop allocating a dummy resource for pipelined gutting (Jocelyn Falempe) [RHEL-14509 RHEL-14510] {CVE-2023-5633}
- drm/ttm: stop allocating dummy resources during BO creation (Jocelyn Falempe) [RHEL-14509 RHEL-14510] {CVE-2023-5633}
- drm/ttm: clear the ttm_tt when bo->resource is NULL (Jocelyn Falempe) [RHEL-14509 RHEL-14510] {CVE-2023-5633}
- drm/i915/ttm: audit remaining bo->resource (Jocelyn Falempe) [RHEL-14509 RHEL-14510] {CVE-2023-5633}
- Revert "drm/vmwgfx: Stop accessing buffer objects which failed init" (Jocelyn Falempe) [RHEL-14509 RHEL-14510] {CVE-2023-5633}
- Revert "drm/vmwgfx: Do not drop the reference to the handle too soon" (Jocelyn Falempe) [RHEL-14509 RHEL-14510] {CVE-2023-5633}
- Revert "drm/vmwgfx: Fix Legacy Display Unit atomic drm support" (Jocelyn Falempe) [RHEL-14509 RHEL-14510] {CVE-2023-5633}

Fri Nov 24 2023 Patrick Talbert <ptalbert@redhat.com> [4.18.0-513.10.1.el8_9]

- pNFS/filelayout: treat GETDEVICEINFO errors as layout failure (Scott Mayhew) [RHEL-16407 RHEL-4969]
- scsi: iscsi_tcp: Fix UAF during login when accessing the shost ipaddress (Chris Leech) [RHEL-12082 RHEL-8992] {CVE-2023-2162}
- scsi: iscsi_tcp: Fix UAF during logout when accessing the shost ipaddress (Chris Leech) [RHEL-12082 RHEL-8992] {CVE-2023-2162}
- KVM: x86/mmu: Fix an sign-extension bug with mmu_seq that hangs vCPUs (Peter Xu) [RHEL-15121 RHEL-7210]
- netfilter: conntrack: Fix gre tunneling over ipv6 (Florian Westphal) [RHEL-15259 RHEL-12497]
- netfilter: ipset: add the missing IP_SET_HASH_WITH_NET0 macro for ip_set_hash_netportnet.c (Florian Westphal) [RHEL-8443 RHEL-8444] {CVE-2023-42753}
- tcp: enforce receive buffer memory limits by allowing the tcp window to shrink (Felix Maurer) [RHEL-15096 RHEL-15023]
- redhat: change builder image to rhel-8.9 (Michael Hofmann)
- net: openvswitch: add support for l4 symmetric hashing (Antoine Tenart) [RHEL-12746 RHEL-10498]
- af_unix: Fix null-ptr-deref in unix_stream_sendpage(). (Guillaume Nault) [RHEL-16388 RHEL-2574] {CVE-2023-4622}