[4.18.0-240.22.1.el8_3.OL8] - Update Oracle Linux certificates - Disable signing for aarch64 - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list [Orabug: 29539237] - Update x509.genkey [Orabug: 24817676] - Conflict with shim-ia32 and shim-x64 less than or equal 15-11.0.5.el8 [4.18.0-240.22.1.el8_3] - futex: Handle faults correctly for PI futexes [1924633 1924635] {CVE-2021-3347} - futex: Simplify fixup_pi_state_owner [1924633 1924635] {CVE-2021-3347} - futex: Use pi_state_update_owner in put_pi_state [1924633 1924635] {CVE-2021-3347} - futex: Provide and use pi_state_update_owner [1924633 1924635] {CVE-2021-3347} - rtmutex: Remove unused argument from rt_mutex_proxy_unlock [1924633 1924635] {CVE-2021-3347} - futex: Replace pointless printk in fixup_owner [1924633 1924635] {CVE-2021-3347} - futex: Ensure the correct return value from futex_lock_pi [1924633 1924635] {CVE-2021-3347} - futex: Don"t enable IRQs unconditionally in put_pi_state [1924633 1924635] {CVE-2021-3347} - futex: Fix incorrect should_fail_futex handling [1924633 1924635] {CVE-2021-3347} - futex: Consistently use fshared as boolean [1924633 1924635] {CVE-2021-3347} - futex: Remove needless goto"s [1924633 1924635] {CVE-2021-3347} - futex: Remove put_futex_key [1924633 1924635] {CVE-2021-3347} - scsi: iscsi: Verify lengths on passthrough PDUs [1930832 1930833] {CVE-2021-27364} - scsi: iscsi: Ensure sysfs attributes are limited to PAGE_SIZE [1930855 1930856] {CVE-2021-27365} - scsi: iscsi: Restrict sessions and handles to admin capabilities [1940423 1930809] {CVE-2021-27363} [4.18.0-240.21.1.el8_3] - KVM: x86: Allow guests to see MSR_IA32_TSX_CTRL even if tsx=off [1939013 1912448] - gfs2: Fix deadlock between gfs2_{create_inode, inode_lookup} and delete_work_func [1937109 1903190] - gfs2: Don"t call cancel_delayed_work_sync from within delete work function [1937109 1903190] - gfs2: Only access gl_delete for iopen glocks [1937109 1903190] - gfs2: Don"t sleep during glock hash walk [1937109 1903190] - [netdrv] net/mlx5e: Add missing set of destination vport flags in termtbl create [1924689 1851700] - [tools] tools arch x86: Sync asm/cpufeatures.h with the kernel sources [1929740 1916478] - [x86] x86/cpu/amd: Call init_amd_zn om Family 19h processors too [1929740 1916478] [4.18.0-240.20.1.el8_3] - fix regression in epoll: Keep a reference on files added to the check list [1920775 1920776] {CVE-2020-0466} - do_epoll_ctl: clean the failure exits up a bit [1920775 1920776] {CVE-2020-0466} - epoll: Keep a reference on files added to the check list [1920775 1920776] {CVE-2020-0466} - [kernel] sched/features: Distinguish between NORMAL and DEADLINE hrtick [1930735 1912118] - [kernel] sched/features: Fix hrtick reprogramming [1930735 1912118] - iommu/vt-d: Don"t dereference iommu_device if IOMMU_API is not built [1932199 1887216] - iommu/vt-d: Gracefully handle DMAR units with no supported address widths [1932199 1887216] - iommu/vt-d: Skip TE disabling on quirky gfx dedicated iommu [1932199 1887216] - net/vmw_vsock: fix NULL pointer dereference [1925599 1925600] {CVE-2021-26708} - net/vmw_vsock: improve locking in vsock_connect_timeout [1925599 1925600] {CVE-2021-26708} - vsock: fix locking in vsock_shutdown [1925599 1925600] {CVE-2021-26708} - vsock: fix the race conditions in multi-transport support [1925599 1925600] {CVE-2021-26708} - [base] mm: don"t panic when links can"t be created in sysfs [1930168 1890171] - mm: don"t rely on system state to detect hot-plug operations [1930168 1890171] - mm: replace memmap_context by meminit_context [1930168 1890171] - [tools] kvm: nvmx: check for invalid hdr.vmx.flags [1923281 1904128] - [x86] kvm: nvmx: check for required but missing VMCS12 in KVM_SET_NESTED_STATE [1923281 1904128] - [tools] selftests: kvm: do not set guest mode flag [1923281 1904128] - [x86] kvm: x86: fix CPUID entries returned by KVM_GET_CPUID2 ioctl [1923281 1904128] - [x86] kvm: svm: Fix offset computation bug in __sev_dbg_decrypt [1923281 1904128] - [x86] kvm: nvmx: Sync unsync"d vmcs02 state to vmcs12 on migration [1923281 1904128] - [x86] kvm: x86: get smi pending status correctly [1923281 1904128] - [x86] kvm: x86/pmu: Fix HW_REF_CPU_CYCLES event pseudo-encoding in intel_arch_events[] [1923281 1904128] - [x86] kvm: x86/pmu: Fix UBSAN shift-out-of-bounds warning in intel_pmu_refresh [1923281 1904128] - [x86] kvm: x86: Add more protection against undefined behavior in rsvd_bits [1923281 1904128] - [documentation] kvm: Forbid the use of tagged userspace addresses for memslots [1923281 1904128] - [x86] kvm: x86: allow KVM_REQ_GET_NESTED_STATE_PAGES outside guest mode for VMX [1923281 1904128] - [x86] kvm: nsvm: cancel KVM_REQ_GET_NESTED_STATE_PAGES on nested vmexit [1923281 1904128] - [x86] kvm: nsvm: mark vmcb as dirty when forcingly leaving the guest mode [1923281 1904128] - [x86] kvm: nsvm: correctly restore nested_run_pending on migration [1923281 1904128] - [x86] kvm: x86: fix shift out of bounds reported by UBSAN [1923281 1904128] - [x86] kvm: x86: reinstate vendor-agnostic check on SPEC_CTRL cpuid bits [1923281 1904128] - [target] scsi: target: Fix XCOPY NAA identifier lookup [1900462 1900463] {CVE-2020-28374} - scsi: qla2xxx: Fix mailbox Ch erroneous error [1924222 1894578] - [net] fix iteration for sctp transport seq_files [1927521 1916824] - [scsi] scsi: lpfc: Fix initial FLOGI failure due to BBSCN not supported [1927921 1887549] - [mm] mm, oom: remove oom_lock from oom_reaper [1929738 1873759] [4.18.0-240.19.1.el8_3] - audit: trigger accompanying records when no rules present [1907520 1896480] - revert: 1320a4052ea1 [1907520 1896480] - audit: issue CWD record to accompany LSM_AUDIT_DATA_* records [1907520 1896480] - audit: remove unused !CONFIG_AUDITSYSCALL __audit_inode* stubs [1907520 1896480] - redhat: use tags from git notes for zstream to generate changelog [4.18.0-240.18.1.el8_3] - [scsi] scsi: fnic: Do not call "scsi_done" for unhandled commands [1925186 1870397] - [target] scsi: target: iscsi: Fix cmd abort fabric stop race [1918354 1908215] - [target] scsi: target: Modify core_tmr_abort_task [1918363 1880395] - [s390] s390/crypto: add arch_get_random_long support [1915816 1904274] [4.18.0-240.17.1.el8_3] - [mm] mm/slub: fix panic in slab_alloc_node [1925511 1921056] - [s390] s390/early: improve machine detection [1925508 1896307] - [infiniband] RDMA/umem: Prevent small pages from being returned by ib_umem_find_best_pgsz [1924691 1903992] [4.18.0-240.16.1.el8_3] - [netdrv] net/mlx5e: Fix using wrong stats_grps in mlx5e_update_ndo_stats [1921060 1870593] - [net] tcp: Fix potential use-after-free due to double kfree [1915529 1915164] - [net] tcp: fix race condition when creating child sockets from syncookies [1915529 1915164] - [x86] kvm: ioapic: break infinite recursion on lazy EOI [1906438 1882793]