[4.18.0-513.18.1.el8_9.OL8] - Update Oracle Linux certificates - Disable signing for aarch64 - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list [Orabug: 29539237] - Update x509.genkey [Orabug: 24817676] - Conflict with shim-ia32 and shim-x64 = 15.3-1.0.3 - Remove upstream reference during boot [Orabug: 34750652] - Drop not needed patch [4.18.0-513.18.1.el8_9] - net: tls, update curr on splice as well [RHEL-22091 RHEL-19065] {CVE-2024-0646} - smb: client: fix potential OOB in smb2_dump_detail [RHEL-21672 RHEL-19144] {CVE-2023-6610} - smb: client: fix potential OOB in cifs_dump_detail [RHEL-21672 RHEL-19144] {CVE-2023-6610} - nvmet-tcp: Fix the H2C expected PDU len calculation [RHEL-22299 RHEL-22637 RHEL-22641 RHEL-19155 RHEL-19161 RHEL-19167] {CVE-2023-6535 CVE-2023-6356 CVE-2023-6536} - nvmet-tcp: remove boilerplate code [RHEL-22299 RHEL-22637 RHEL-22641 RHEL-19155 RHEL-19161 RHEL-19167] {CVE-2023-6535 CVE-2023-6356 CVE-2023-6536} - nvmet-tcp: fix a crash in nvmet_req_complete [RHEL-22299 RHEL-22637 RHEL-22641 RHEL-19155 RHEL-19161 RHEL-19167] {CVE-2023-6535 CVE-2023-6356 CVE-2023-6536} - nvmet-tcp: Fix a kernel panic when host sends an invalid H2C PDU length [RHEL-22299 RHEL-22637 RHEL-22641 RHEL-19155 RHEL-19161 RHEL-19167] {CVE-2023-6535 CVE-2023-6356 CVE-2023-6536} - net-sysfs: add check for netdevice being present to speed_show [RHEL-20924 RHEL-16007] - netfilter: nft_set_pipapo: skip inactive elements during set walk [RHEL-20698 RHEL-19721] {CVE-2023-6817} [4.18.0-513.17.1.el8_9] - redhat: rewrite genlog and support Y- tags - smb: client: fix OOB in smbCalcSize [RHEL-21662 RHEL-18990] {CVE-2023-6606} - s390/qeth: Don"t call dev_close/dev_open [RHEL-17884 RHEL-2410] - blk-mq: use quiesced elevator switch when reinitializing queues [RHEL-21785 RHEL-19944] - lib/group_cpus.c: avoid acquiring cpu hotplug lock in group_cpus_evenly [RHEL-20232 RHEL-8128] [4.18.0-513.16.1.el8_9] - tracing/timerlat: Add user-space interface [RHEL-20362 RHEL-15142] - tracing/osnoise: Skip running osnoise if all instances are off [RHEL-20362 RHEL-15142] - tracing/osnoise: Switch from PF_NO_SETAFFINITY to migrate_disable [RHEL-20362 RHEL-15142] - tracing/timerlat: Always wakeup the timerlat thread [RHEL-20362 RHEL-15142] - tracing/osnoise: Fix notify new tracing_max_latency [RHEL-20362 RHEL-15142] - tracing/timerlat: Notify new max thread latency [RHEL-20362 RHEL-15142] - trace/osnoise: make use of the helper function kthread_run_on_cpu [RHEL-20362 RHEL-15142] - kthread: add the helper function kthread_run_on_cpu [RHEL-20362 RHEL-15142] - x86/apic: Mark _all_ legacy interrupts when IO/APIC is missing [RHEL-7238 RHEL-4244] - HID: check empty report_list in hid_validate_values [RHEL-19274 RHEL-19237] {CVE-2023-1073} - s390/dasd: print copy pair message only for the correct error [RHEL-9444 RHEL-2831] - blk-mq: don"t count completed flush data request as inflight in case of quiesce [RHEL-19111 RHEL-18055] [4.18.0-513.15.1.el8_9] - IB/ipoib: Fix mcast list locking [RHEL-19699 RHEL-19244] - RDMA/IPoIB: Fix error code return in ipoib_mcast_join [RHEL-19699 RHEL-19244] - x86/sev: Check for user-space IOIO pointing to kernel space [RHEL-18014 RHEL-14978] {CVE-2023-46813} - x86/sev: Check IOBM for IOIO exceptions from user-space [RHEL-18014 RHEL-14978] {CVE-2023-46813} - x86/sev: Disable MMIO emulation from user mode [RHEL-18014 RHEL-14978] {CVE-2023-46813} - x86/sev-es: Fix SEV-ES OUT/IN immediate opcode vc handling [RHEL-18014 RHEL-14978] {CVE-2023-46813}