[5.14.0-427.18.1.el9_4.OL9] - Disable UKI signing [Orabug: 36571828] - Update Oracle Linux certificates - Disable signing for aarch64 - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list [Orabug: 29539237] - Update x509.genkey [Orabug: 24817676] - Conflict with shim-ia32 and shim-x64 lt;= 15.3-1.0.5] - Remove upstream reference during boot [Orabug: 34729535] - Add Oracle Linux IMA certificates [5.14.0-427.18.1.el9_4] - netfilter: nf_tables: disallow anonymous set with timeout flag [RHEL-32971 RHEL-30082] {CVE-2024-26642} - netfilter: nf_tables: mark set as dead when unbinding anonymous set with timeout [RHEL-33070 RHEL-30078] {CVE-2024-26643} - netfilter: nft_ct: fix l3num expectations with inet pseudo family [RHEL-32963 RHEL-31345] {CVE-2024-26673} - netfilter: nft_ct: sanitize layer 3 and 4 protocol number in custom expectations [RHEL-32963 RHEL-31345] {CVE-2024-26673} - arm64: tlb: Fix TLBI RANGE operand [RHEL-33412 RHEL-26259] - arm64/mm: Modify range-based tlbi to decrement scale [RHEL-33412 RHEL-26259] - rh_messages.h: mark mlx5 on Bluefield-3 as unmaintained [RHEL-35878 RHEL-33061] - net: ip_tunnel: prevent perpetual headroom growth [RHEL-33934 RHEL-31816] {CVE-2024-26804} - gitlab-ci: use zstream builder container image - selftests: net: gro fwd: update vxlan GRO test expectations [RHEL-30910 RHEL-19729] - udp: prevent local UDP tunnel packets from being GROed [RHEL-30910 RHEL-19729] - udp: do not transition UDP GRO fraglist partial checksums to unnecessary [RHEL-30910 RHEL-19729] - gro: fix ownership transfer [RHEL-30910 RHEL-19729] - udp: do not accept non-tunnel GSO skbs landing in a tunnel [RHEL-30910 RHEL-19729] - bpf, tcx: Get rid of tcx_link_const [RHEL-33062 RHEL-28590] - selftests/bpf: Add additional mprog query test coverage [RHEL-33062 RHEL-28590] - selftests/bpf: Make seen_tc* variable tests more robust [RHEL-33062 RHEL-28590] - selftests/bpf: Test query on empty mprog and pass revision into attach [RHEL-33062 RHEL-28590] - selftests/bpf: Adapt assert_mprog_count to always expect 0 count [RHEL-33062 RHEL-28590] - selftests/bpf: Test bpf_mprog query API via libbpf and raw syscall [RHEL-33062 RHEL-28590] - selftest/bpf: Add various selftests for program limits [RHEL-33062 RHEL-28590] - bpf: Refuse unused attributes in bpf_prog_{attach,detach} [RHEL-33062 RHEL-28590] - bpf: Handle bpf_mprog_query with NULL entry [RHEL-33062 RHEL-28590] - net: Fix skb consume leak in sch_handle_egress [RHEL-33062 RHEL-28590] - selftests/bpf: Add various more tcx test cases [RHEL-33062 RHEL-28590] - selftests/bpf: Add test for detachment on empty mprog entry [RHEL-33062 RHEL-28590] - tcx: Fix splat during dev unregister [RHEL-33062 RHEL-28590] - tcx: Fix splat in ingress_destroy upon tcx_entry_free [RHEL-33062 RHEL-28590] - selftests/bpf: Add mprog API tests for BPF tcx links [RHEL-33062 RHEL-28590] - selftests/bpf: Add mprog API tests for BPF tcx opts [RHEL-33062 RHEL-28590] - bpf: Add fd-based tcx multi-prog infra with link support [RHEL-33062 RHEL-28590] - bpftool: Implement link show support for tcx [RHEL-33062 RHEL-23643] - bpftool: Extend net dump with tcx progs [RHEL-33062 RHEL-23643] - bpf: fix precision backtracking instruction iteration [RHEL-35230 RHEL-23643] [5.14.0-427.17.1.el9_4] - ceph: switch to use cap_delay_lock for the unlink delay list [RHEL-33003 RHEL-32997] - ceph: remove useless session parameter for check_caps [RHEL-33003 RHEL-19813] - ceph: flush the dirty caps immediatelly when quota is approaching [RHEL-33003 RHEL-19813] - vhost: Add smp_rmb in vhost_enable_notify [RHEL-31839 RHEL-26104] - vhost: Add smp_rmb in vhost_vq_avail_empty [RHEL-31839 RHEL-26104] - iommu/vt-d: Support enforce_cache_coherency only for empty domains [RHEL-32793 RHEL-31083] - iommu/vt-d: Add MTL to quirk list to skip TE disabling [RHEL-32793 RHEL-31083] - iommu/vt-d: Make context clearing consistent with context mapping [RHEL-32793 RHEL-31083] - iommu/vt-d: Disable PCI ATS in legacy passthrough mode [RHEL-32793 RHEL-31083] - iommu/vt-d: Omit devTLB invalidation requests when TES=0 [RHEL-32793 RHEL-31083] - PCI/MSI: Prevent MSI hardware interrupt number truncation [RHEL-33656 RHEL-21453]