[ol8_baseos_latest] kernel-4.18.0-348.23.1.el8_5.x86_64

Name:	kernel
Version:	4.18.0
Release:	348.23.1.el8_5
Architecture:	x86_64
Group:	System Environment/Kernel
Size:	0
License:	GPLv2 and Redistributable, no modification permitted
RPM:	kernel-4.18.0-348.23.1.el8_5.x86_64.rpm
Source RPM:	kernel-4.18.0-348.23.1.el8_5.src.rpm
Build Date:	Wed Apr 27 2022
Build Host:	build-ol8-x86_64.oracle.com
Vendor:	Oracle America
URL:	http://www.kernel.org/
Summary:	The Linux kernel, based on version 4.18.0, heavily modified with backports
Description:	This is the package which provides the Linux kernel for Red Hat Enterprise Linux. It is based on upstream Linux at version 4.18.0 and maintains kABI compatibility of a set of approved symbols, however it is heavily modified with backports and fixes pulled from newer upstream Linux kernel releases. This means this is not a 4.18.0 kernel anymore: it includes several components which come from newer upstream linux versions, while maintaining a well tested and stable core. Some of the components/backports that may be pulled in are: changes like updates to the core kernel (eg.: scheduler, cgroups, memory management, security fixes and features), updates to block layer, supported filesystems, major driver updates for supported hardware in Red Hat Enterprise Linux, enhancements for enterprise customers, etc.

Changelog (Show File list) (Show related packages)

Tue Apr 26 2022 Alan Steinberg <alan.steinberg@oracle.com> [4.18.0-348.23.1.el8_5.OL8]

- Update Oracle Linux certificates (Kevin Lyons)
- Disable signing for aarch64 (Ilya Okomin)
- Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237]
- Update x509.genkey [Orabug: 24817676]
- Conflict with shim-ia32 and shim-x64 <= 15-11.0.5.el8

Tue Apr 12 2022 Bruno Meneguele <bmeneg@redhat.com> [4.18.0-348.23.1.el8_5]

- gfs2: dequeue iopen holder in gfs2_inode_lookup error (Bob Peterson) [2069750 2061665]

Tue Apr 05 2022 Bruno Meneguele <bmeneg@redhat.com> [4.18.0-348.22.1.el8_5]

- scsi: lpfc: Fix non-recovery of remote ports following an unsolicited LOGO (Dick Kennedy) [2058193 2027558]
- cifs: check all path components in resolved dfs target (Ronnie Sahlberg) [2056329 2030880]
- RDMA/cma: Do not change route.addr.src_addr.ss_family (Kamal Heib) [2032073 2032074] {CVE-2021-4028}

Tue Mar 22 2022 Bruno Meneguele <bmeneg@redhat.com> [4.18.0-348.21.1.el8_5]

- netfilter: nf_queue: handle socket prefetch (Florian Westphal) [2061446 2009786]
- netfilter: nf_queue: fix possible use-after-free (Florian Westphal) [2061446 2009786]
- selftests: netfilter: add nfqueue TCP_NEW_SYN_RECV socket race test (Florian Westphal) [2061446 2009786]
- netfilter: nf_queue: don't assume sk is full socket (Florian Westphal) [2061446 2009786]
- netfilter: nf_tables_offload: incorrect flow offload action array size (Florian Westphal) [2056867 2056728] {CVE-2022-25636}
- netfilter: nftables_offload: KASAN slab-out-of-bounds Read in nft_flow_rule_create (Florian Westphal) [2056867 2056728] {CVE-2022-25636}

Tue Mar 08 2022 Bruno Meneguele <bmeneg@redhat.com> [4.18.0-348.20.1.el8_5]

- lib/iov_iter: initialize "flags" in new pipe_buffer (Jan Stancek) [2060874 2060875] {CVE-2022-0847}

Mon Feb 28 2022 Bruno Meneguele <bmeneg@redhat.com> [4.18.0-348.19.1.el8_5]

- tipc: improve size validations for received domain records (Xin Long) [2048970 2048971] {CVE-2022-0435}
- smb3: do not error on fsync when readonly (Ronnie Sahlberg) [2055824 2037811]
- security: implement sctp_assoc_established hook in selinux (Ondrej Mosnacek) [2054112 2054117 2015525 2048251]
- security: add sctp_assoc_established hook (Ondrej Mosnacek) [2054112 2054117 2015525 2048251]
- security: call security_sctp_assoc_request in sctp_sf_do_5_1D_ce (Ondrej Mosnacek) [2054112 2054117 2015525 2048251]
- security: pass asoc to sctp_assoc_request and sctp_sk_clone (Bruno Meneguele) [2054112 2054117 2015525 2048251]
- net: sctp: Fix some typos (Ondrej Mosnacek) [2054112 2054117 2015525 2048251]
- RDMA/bnxt_re: Fix stats counters (Selvin Xavier) [2049684 2001893]
- net: check skb sec_path when re-initializing slow_gro in gro_list_prepare (Xin Long) [2047427 2030476]
- cpufreq: intel_pstate: Add Icelake servers support in no-HWP mode (David Arcari) [2036888 2003695]

Tue Feb 22 2022 Bruno Meneguele <bmeneg@redhat.com> [4.18.0-348.18.1.el8_5]

- selftests: kvm: Check whether SIDA memop fails for normal guests (Thomas Huth) [2050806 2050807] {CVE-2022-0516}
- KVM: s390: Return error on SIDA memop on normal guest (Thomas Huth) [2050806 2050807] {CVE-2022-0516}
- iommu/amd: Remove iommu_init_ga() (Jerry Snitselaar) [2030854 1998265]
- iommu/amd: Relocate GAMSup check to early_enable_iommus (Jerry Snitselaar) [2030854 1998265]

Tue Feb 15 2022 Bruno Meneguele <bmeneg@redhat.com> [4.18.0-348.17.1.el8_5]

- vfs: check dentry is still valid in get_link() (Ian Kent) [2052558 2014846]
- xfs: don't expose internal symlink metadata buffers to the vfs (Brian Foster) [2052558 2014846]
- CI: Use appropriate zstream builder (Veronika Kabatova)
- CI: Enable baseline realtime checks (Veronika Kabatova)
- CI: Rename pipelines to include release names (Veronika Kabatova)
- cgroup-v1: Require capabilities to set release_agent (Waiman Long) [2052166 2052167] {CVE-2022-0492}
- ice: Remove boolean vlan_promisc flag from function (Jonathan Toppins) [2051951 2030400]
- ceph: put the requests/sessions when it fails to alloc memory (Jeffrey Layton) [2053725 2017796]
- ceph: fix off by one bugs in unsafe_request_wait() (Jeffrey Layton) [2053725 2017796]
- ceph: flush the mdlog before waiting on unsafe reqs (Jeffrey Layton) [2053725 2017796]
- ceph: flush mdlog before umounting (Jeffrey Layton) [2053725 2017796]
- ceph: make iterate_sessions a global symbol (Jeffrey Layton) [2053725 2017796]
- ceph: make ceph_create_session_msg a global symbol (Jeffrey Layton) [2053725 2017796]
- xfs: check sb_meta_uuid for dabuf buffer recovery (Bill O'Donnell) [2049292 2020764]
- drm/i915: Flush TLBs before releasing backing store (Patrick Talbert) [2044328 2044329] {CVE-2022-0330}
- hugetlb: fix hugetlb cgroup refcounting during vma split (Waiman Long) [2039015 2032811]
- hugetlb_cgroup: fix imbalanced css_get and css_put pair for shared mappings (Waiman Long) [2039015 2032811]
- mm/hugetlb: change hugetlb_reserve_pages() to type bool (Waiman Long) [2039015 2032811]
- hugetlb: fix an error code in hugetlb_reserve_pages() (Waiman Long) [2039015 2032811]
- hugetlb_cgroup: fix offline of hugetlb cgroup with reservations (Waiman Long) [2039015 2032811]
- hugetlb_cgroup: fix reservation accounting (Waiman Long) [2039015 2032811]
- mm/hugetlb: narrow the hugetlb_lock protection area during preparing huge page (Waiman Long) [2039015 2032811]
- mm/hugetlb: a page from buddy is not on any list (Waiman Long) [2039015 2032811]
- mm/hugetlb: not necessary to coalesce regions recursively (Waiman Long) [2039015 2032811]
- selftests/vm/write_to_hugetlbfs.c: fix unused variable warning (Waiman Long) [2039015 2032811]
- hugetlb_cgroup: add hugetlb_cgroup reservation tests (Waiman Long) [2039015 2032811]
- hugetlb: support file_region coalescing again (Waiman Long) [2039015 2032811]
- hugetlb_cgroup: support noreserve mappings (Waiman Long) [2039015 2032811]
- hugetlb_cgroup: add accounting for shared mappings (Waiman Long) [2039015 2032811]
- hugetlb: disable region_add file_region coalescing (Waiman Long) [2039015 2032811]
- hugetlb_cgroup: add reservation accounting for private mappings (Waiman Long) [2039015 2032811]
- mm/hugetlb_cgroup: fix hugetlb_cgroup migration (Waiman Long) [2039015 2032811]
- hugetlb_cgroup: add interface for charge/uncharge hugetlb reservations (Waiman Long) [2039015 2032811]
- hugetlb_cgroup: add hugetlb_cgroup reservation counter (Waiman Long) [2039015 2032811]
- hugetlb: remove duplicated code (Waiman Long) [2039015 2032811]
- hugetlb: region_chg provides only cache entry (Waiman Long) [2039015 2032811]
- hugetlbfs: always use address space in inode for resv_map pointer (Waiman Long) [2039015 2032811]
- hugetlbfs: fix potential over/underflow setting node specific nr_hugepages (Waiman Long) [2039015 2032811]
- hugetlb: allow to free gigantic pages regardless of the configuration (Waiman Long) [2039015 2032811]
- powerpc/pseries: Fix update of LPAR security flavor after LPM (Steve Best) [2027448 1997294]

Tue Feb 08 2022 Bruno Meneguele <bmeneg@redhat.com> [4.18.0-348.16.1.el8_5]

- drm/vmwgfx: Fix stale file descriptors on failed usercopy (Dave Airlie) [2047601 2047602] {CVE-2022-22942}
- net: openvswitch: Fix ct_state nat flags for conns arriving from tc (Marcelo Ricardo Leitner) [2043548 2040334]
- net: openvswitch: Fix matching zone id for invalid conns arriving from tc (Marcelo Ricardo Leitner) [2043550 2040452]
- net/sched: flow_dissector: Fix matching on zone id for invalid conns (Marcelo Ricardo Leitner) [2043550 2040452]
- net/sched: Extend qdisc control block with tc control block (Marcelo Ricardo Leitner) [2043550 2040452]

Tue Feb 01 2022 Bruno Meneguele <bmeneg@redhat.com> [4.18.0-348.15.1.el8_5]

- net/mlx5: DR, Use FW API when updating FW-owned flow table (Michal Schmidt) [2042663 2042651]
- KVM: x86: Wait for IPIs to be delivered when handling Hyper-V TLB flush hypercall (Vitaly Kuznetsov) [2043237 1868572]
- drm/mgag200: Select clock in PLL update functions (Bruno Meneguele) [2034949 1953926]
- drm/i915: Fix HAS_LSPCON macro for platforms between GEN9 and GEN10 (Bruno Meneguele) [2027335 2005586]
- crypto: qat - power up 4xxx device (Vladis Dronov) [2016437 1960307]
- RDMA/core: Fix a double free in add_port error flow (Kamal Heib) [2038724 2008555]
- powerpc/iommu: Report the correct most efficient DMA mask for PCI devices (Steve Best) [2018928 2007425]
- powerpc/dma: Fix dma_map_ops::get_required_mask (Steve Best) [2018928 2007425]