diff --git a/COPYING-6.12.0-124.20.1.el10_1 b/COPYING-6.12.0-124.21.1.el10_1 similarity index 100% rename from COPYING-6.12.0-124.20.1.el10_1 rename to COPYING-6.12.0-124.21.1.el10_1 diff --git a/Makefile.rhelver b/Makefile.rhelver index ed5527efd4413..76c6c89c691f0 100644 --- a/Makefile.rhelver +++ b/Makefile.rhelver @@ -12,7 +12,7 @@ RHEL_MINOR = 1 # # Use this spot to avoid future merge conflicts. # Do not trim this comment. -RHEL_RELEASE = 124.20.1 +RHEL_RELEASE = 124.21.1 # # RHEL_REBASE_NUM diff --git a/ciq/ciq_backports/kernel-6.12.0-124.21.1.el10_1/c28f922c.failed b/ciq/ciq_backports/kernel-6.12.0-124.21.1.el10_1/c28f922c.failed new file mode 100644 index 0000000000000..8c8c5cf3e6cad --- /dev/null +++ b/ciq/ciq_backports/kernel-6.12.0-124.21.1.el10_1/c28f922c.failed @@ -0,0 +1,89 @@ +clone_private_mnt(): make sure that caller has CAP_SYS_ADMIN in the right userns + +jira KERNEL-386 +cve CVE-2025-38499 +Rebuild_History Non-Buildable kernel-6.12.0-124.21.1.el10_1 +Rebuild_CHGLOG: - CVE-2025-38499 kernel: clone_private_mnt(): make sure that caller has CAP_SYS_ADMIN in the right userns (Abhi Das) [RHEL-129282] {CVE-2025-38499} +Rebuild_FUZZ: 87.43% +commit-author Al Viro +commit c28f922c9dcee0e4876a2c095939d77fe7e15116 +Empty-Commit: Cherry-Pick Conflicts during history rebuild. +Will be included in final tarball splat. Ref for failed cherry-pick at: +ciq/ciq_backports/kernel-6.12.0-124.21.1.el10_1/c28f922c.failed + +What we want is to verify there is that clone won't expose something +hidden by a mount we wouldn't be able to undo. "Wouldn't be able to undo" +may be a result of MNT_LOCKED on a child, but it may also come from +lacking admin rights in the userns of the namespace mount belongs to. + +clone_private_mnt() checks the former, but not the latter. + +There's a number of rather confusing CAP_SYS_ADMIN checks in various +userns during the mount, especially with the new mount API; they serve +different purposes and in case of clone_private_mnt() they usually, +but not always end up covering the missing check mentioned above. + + Reviewed-by: Christian Brauner + Reported-by: "Orlando, Noah" +Fixes: 427215d85e8d ("ovl: prevent private clone if bind mount is not allowed") + Signed-off-by: Al Viro +(cherry picked from commit c28f922c9dcee0e4876a2c095939d77fe7e15116) + Signed-off-by: Jonathan Maple + +# Conflicts: +# fs/namespace.c +diff --cc fs/namespace.c +index da767032a0a1,1c54c16c7bab..000000000000 +--- a/fs/namespace.c ++++ b/fs/namespace.c +@@@ -2254,21 -2488,37 +2254,33 @@@ struct vfsmount *clone_private_mount(co + struct mount *old_mnt = real_mount(path->mnt); + struct mount *new_mnt; + + - guard(rwsem_read)(&namespace_sem); + - + + down_read(&namespace_sem); + if (IS_MNT_UNBINDABLE(old_mnt)) + - return ERR_PTR(-EINVAL); + + goto invalid; + + - /* + - * Make sure the source mount is acceptable. + - * Anything mounted in our mount namespace is allowed. + - * Otherwise, it must be the root of an anonymous mount + - * namespace, and we need to make sure no namespace + - * loops get created. + - */ + - if (!check_mnt(old_mnt)) { + - if (!is_mounted(&old_mnt->mnt) || + - !is_anon_ns(old_mnt->mnt_ns) || + - mnt_has_parent(old_mnt)) + - return ERR_PTR(-EINVAL); + + if (!check_mnt(old_mnt)) + + goto invalid; + +++<<<<<<< HEAD + + if (has_locked_children(old_mnt, path->dentry)) + + goto invalid; +++======= ++ if (!check_for_nsfs_mounts(old_mnt)) ++ return ERR_PTR(-EINVAL); ++ } ++ ++ if (!ns_capable(old_mnt->mnt_ns->user_ns, CAP_SYS_ADMIN)) ++ return ERR_PTR(-EPERM); ++ ++ if (__has_locked_children(old_mnt, path->dentry)) ++ return ERR_PTR(-EINVAL); +++>>>>>>> c28f922c9dce (clone_private_mnt(): make sure that caller has CAP_SYS_ADMIN in the right userns) + + new_mnt = clone_mnt(old_mnt, path->dentry, CL_PRIVATE); + + up_read(&namespace_sem); + + + if (IS_ERR(new_mnt)) + - return ERR_PTR(-EINVAL); + + return ERR_CAST(new_mnt); + + /* Longterm mount to be removed by kern_unmount*() */ + new_mnt->mnt_ns = MNT_NS_INTERNAL; +* Unmerged path fs/namespace.c diff --git a/ciq/ciq_backports/kernel-6.12.0-124.21.1.el10_1/rebuild.details.txt b/ciq/ciq_backports/kernel-6.12.0-124.21.1.el10_1/rebuild.details.txt new file mode 100644 index 0000000000000..9083520dd50ab --- /dev/null +++ b/ciq/ciq_backports/kernel-6.12.0-124.21.1.el10_1/rebuild.details.txt @@ -0,0 +1,20 @@ +Rebuild_History BUILDABLE +Rebuilding Kernel from rpm changelog with Fuzz Limit: 87.50% +Number of commits in upstream range v6.12~1..kernel-mainline: 79692 +Number of commits in rpm: 5 +Number of commits matched with upstream: 2 (40.00%) +Number of commits in upstream but not in rpm: 79690 +Number of commits NOT found in upstream: 3 (60.00%) + +Rebuilding Kernel on Branch rocky10_1_rebuild_kernel-6.12.0-124.21.1.el10_1 for kernel-6.12.0-124.21.1.el10_1 +Clean Cherry Picks: 1 (50.00%) +Empty Cherry Picks: 1 (50.00%) +_______________________________ + +__EMPTY COMMITS__________________________ +c28f922c9dcee0e4876a2c095939d77fe7e15116 clone_private_mnt(): make sure that caller has CAP_SYS_ADMIN in the right userns + +__CHANGES NOT IN UPSTREAM________________ +Porting to Rocky Linux 10, debranding and Rocky Linux branding' +Add partial riscv64 support for build root' +Provide basic VisionFive 2 support' diff --git a/configs/kernel-6.12.0-aarch64-64k-debug.config b/configs/kernel-6.12.0-aarch64-64k-debug.config index 976f7ddcc1fa1..89c63ec931d57 100644 --- a/configs/kernel-6.12.0-aarch64-64k-debug.config +++ b/configs/kernel-6.12.0-aarch64-64k-debug.config @@ -12,8 +12,8 @@ CONFIG_AS_VERSION=25000 CONFIG_LD_IS_BFD=y CONFIG_LD_VERSION=25000 CONFIG_LLD_VERSION=0 -CONFIG_RUSTC_VERSION=0 -CONFIG_RUSTC_LLVM_VERSION=0 +CONFIG_RUSTC_VERSION=107600 +CONFIG_RUSTC_LLVM_VERSION=170006 CONFIG_CC_CAN_LINK=y CONFIG_CC_CAN_LINK_STATIC=y CONFIG_CC_HAS_ASM_GOTO_OUTPUT=y diff --git a/configs/kernel-6.12.0-aarch64-64k.config b/configs/kernel-6.12.0-aarch64-64k.config index fc1423961a733..2c31913a36ffd 100644 --- a/configs/kernel-6.12.0-aarch64-64k.config +++ b/configs/kernel-6.12.0-aarch64-64k.config @@ -12,8 +12,8 @@ CONFIG_AS_VERSION=25000 CONFIG_LD_IS_BFD=y CONFIG_LD_VERSION=25000 CONFIG_LLD_VERSION=0 -CONFIG_RUSTC_VERSION=0 -CONFIG_RUSTC_LLVM_VERSION=0 +CONFIG_RUSTC_VERSION=107600 +CONFIG_RUSTC_LLVM_VERSION=170006 CONFIG_CC_CAN_LINK=y CONFIG_CC_CAN_LINK_STATIC=y CONFIG_CC_HAS_ASM_GOTO_OUTPUT=y diff --git a/configs/kernel-6.12.0-aarch64-debug.config b/configs/kernel-6.12.0-aarch64-debug.config index eba77102fc2a5..897ec5ee1ca2a 100644 --- a/configs/kernel-6.12.0-aarch64-debug.config +++ b/configs/kernel-6.12.0-aarch64-debug.config @@ -12,8 +12,8 @@ CONFIG_AS_VERSION=25000 CONFIG_LD_IS_BFD=y CONFIG_LD_VERSION=25000 CONFIG_LLD_VERSION=0 -CONFIG_RUSTC_VERSION=0 -CONFIG_RUSTC_LLVM_VERSION=0 +CONFIG_RUSTC_VERSION=107600 +CONFIG_RUSTC_LLVM_VERSION=170006 CONFIG_CC_CAN_LINK=y CONFIG_CC_CAN_LINK_STATIC=y CONFIG_CC_HAS_ASM_GOTO_OUTPUT=y diff --git a/configs/kernel-6.12.0-aarch64-rt-64k-debug.config b/configs/kernel-6.12.0-aarch64-rt-64k-debug.config index 36a9ea924e736..f9a446a620d3b 100644 --- a/configs/kernel-6.12.0-aarch64-rt-64k-debug.config +++ b/configs/kernel-6.12.0-aarch64-rt-64k-debug.config @@ -12,8 +12,8 @@ CONFIG_AS_VERSION=25000 CONFIG_LD_IS_BFD=y CONFIG_LD_VERSION=25000 CONFIG_LLD_VERSION=0 -CONFIG_RUSTC_VERSION=0 -CONFIG_RUSTC_LLVM_VERSION=0 +CONFIG_RUSTC_VERSION=107600 +CONFIG_RUSTC_LLVM_VERSION=170006 CONFIG_CC_CAN_LINK=y CONFIG_CC_CAN_LINK_STATIC=y CONFIG_CC_HAS_ASM_GOTO_OUTPUT=y diff --git a/configs/kernel-6.12.0-aarch64-rt-64k.config b/configs/kernel-6.12.0-aarch64-rt-64k.config index a94f969fd853d..da134a98df4b9 100644 --- a/configs/kernel-6.12.0-aarch64-rt-64k.config +++ b/configs/kernel-6.12.0-aarch64-rt-64k.config @@ -12,8 +12,8 @@ CONFIG_AS_VERSION=25000 CONFIG_LD_IS_BFD=y CONFIG_LD_VERSION=25000 CONFIG_LLD_VERSION=0 -CONFIG_RUSTC_VERSION=0 -CONFIG_RUSTC_LLVM_VERSION=0 +CONFIG_RUSTC_VERSION=107600 +CONFIG_RUSTC_LLVM_VERSION=170006 CONFIG_CC_CAN_LINK=y CONFIG_CC_CAN_LINK_STATIC=y CONFIG_CC_HAS_ASM_GOTO_OUTPUT=y diff --git a/configs/kernel-6.12.0-aarch64-rt-debug.config b/configs/kernel-6.12.0-aarch64-rt-debug.config index a8003d73aed0e..a54e5e6e98e19 100644 --- a/configs/kernel-6.12.0-aarch64-rt-debug.config +++ b/configs/kernel-6.12.0-aarch64-rt-debug.config @@ -12,8 +12,8 @@ CONFIG_AS_VERSION=25000 CONFIG_LD_IS_BFD=y CONFIG_LD_VERSION=25000 CONFIG_LLD_VERSION=0 -CONFIG_RUSTC_VERSION=0 -CONFIG_RUSTC_LLVM_VERSION=0 +CONFIG_RUSTC_VERSION=107600 +CONFIG_RUSTC_LLVM_VERSION=170006 CONFIG_CC_CAN_LINK=y CONFIG_CC_CAN_LINK_STATIC=y CONFIG_CC_HAS_ASM_GOTO_OUTPUT=y diff --git a/configs/kernel-6.12.0-aarch64-rt.config b/configs/kernel-6.12.0-aarch64-rt.config index dc5ad05892136..1cd5fe06c54cf 100644 --- a/configs/kernel-6.12.0-aarch64-rt.config +++ b/configs/kernel-6.12.0-aarch64-rt.config @@ -12,8 +12,8 @@ CONFIG_AS_VERSION=25000 CONFIG_LD_IS_BFD=y CONFIG_LD_VERSION=25000 CONFIG_LLD_VERSION=0 -CONFIG_RUSTC_VERSION=0 -CONFIG_RUSTC_LLVM_VERSION=0 +CONFIG_RUSTC_VERSION=107600 +CONFIG_RUSTC_LLVM_VERSION=170006 CONFIG_CC_CAN_LINK=y CONFIG_CC_CAN_LINK_STATIC=y CONFIG_CC_HAS_ASM_GOTO_OUTPUT=y diff --git a/configs/kernel-6.12.0-aarch64.config b/configs/kernel-6.12.0-aarch64.config index 2d579b0dbaeef..d128a41b44560 100644 --- a/configs/kernel-6.12.0-aarch64.config +++ b/configs/kernel-6.12.0-aarch64.config @@ -12,8 +12,8 @@ CONFIG_AS_VERSION=25000 CONFIG_LD_IS_BFD=y CONFIG_LD_VERSION=25000 CONFIG_LLD_VERSION=0 -CONFIG_RUSTC_VERSION=0 -CONFIG_RUSTC_LLVM_VERSION=0 +CONFIG_RUSTC_VERSION=107600 +CONFIG_RUSTC_LLVM_VERSION=170006 CONFIG_CC_CAN_LINK=y CONFIG_CC_CAN_LINK_STATIC=y CONFIG_CC_HAS_ASM_GOTO_OUTPUT=y diff --git a/configs/kernel-6.12.0-ppc64le-debug.config b/configs/kernel-6.12.0-ppc64le-debug.config index ce940a7303a4f..ccfa3eca8218d 100644 --- a/configs/kernel-6.12.0-ppc64le-debug.config +++ b/configs/kernel-6.12.0-ppc64le-debug.config @@ -12,8 +12,8 @@ CONFIG_AS_VERSION=25000 CONFIG_LD_IS_BFD=y CONFIG_LD_VERSION=25000 CONFIG_LLD_VERSION=0 -CONFIG_RUSTC_VERSION=0 -CONFIG_RUSTC_LLVM_VERSION=0 +CONFIG_RUSTC_VERSION=107600 +CONFIG_RUSTC_LLVM_VERSION=170006 CONFIG_CC_CAN_LINK=y CONFIG_CC_CAN_LINK_STATIC=y CONFIG_CC_HAS_ASM_GOTO_OUTPUT=y diff --git a/configs/kernel-6.12.0-ppc64le.config b/configs/kernel-6.12.0-ppc64le.config index ec814991e2f15..bd9863680037a 100644 --- a/configs/kernel-6.12.0-ppc64le.config +++ b/configs/kernel-6.12.0-ppc64le.config @@ -12,8 +12,8 @@ CONFIG_AS_VERSION=25000 CONFIG_LD_IS_BFD=y CONFIG_LD_VERSION=25000 CONFIG_LLD_VERSION=0 -CONFIG_RUSTC_VERSION=0 -CONFIG_RUSTC_LLVM_VERSION=0 +CONFIG_RUSTC_VERSION=107600 +CONFIG_RUSTC_LLVM_VERSION=170006 CONFIG_CC_CAN_LINK=y CONFIG_CC_CAN_LINK_STATIC=y CONFIG_CC_HAS_ASM_GOTO_OUTPUT=y diff --git a/configs/kernel-6.12.0-riscv64-debug.config b/configs/kernel-6.12.0-riscv64-debug.config index f674761392764..7e32eee0b294c 100644 --- a/configs/kernel-6.12.0-riscv64-debug.config +++ b/configs/kernel-6.12.0-riscv64-debug.config @@ -12,8 +12,8 @@ CONFIG_AS_VERSION=25000 CONFIG_LD_IS_BFD=y CONFIG_LD_VERSION=25000 CONFIG_LLD_VERSION=0 -CONFIG_RUSTC_VERSION=0 -CONFIG_RUSTC_LLVM_VERSION=0 +CONFIG_RUSTC_VERSION=107600 +CONFIG_RUSTC_LLVM_VERSION=170006 CONFIG_CC_CAN_LINK=y CONFIG_CC_CAN_LINK_STATIC=y CONFIG_CC_HAS_ASM_GOTO_OUTPUT=y diff --git a/configs/kernel-6.12.0-riscv64.config b/configs/kernel-6.12.0-riscv64.config index 71b88b3cf4fd4..48594fde160c2 100644 --- a/configs/kernel-6.12.0-riscv64.config +++ b/configs/kernel-6.12.0-riscv64.config @@ -12,8 +12,8 @@ CONFIG_AS_VERSION=25000 CONFIG_LD_IS_BFD=y CONFIG_LD_VERSION=25000 CONFIG_LLD_VERSION=0 -CONFIG_RUSTC_VERSION=0 -CONFIG_RUSTC_LLVM_VERSION=0 +CONFIG_RUSTC_VERSION=107600 +CONFIG_RUSTC_LLVM_VERSION=170006 CONFIG_CC_CAN_LINK=y CONFIG_CC_CAN_LINK_STATIC=y CONFIG_CC_HAS_ASM_GOTO_OUTPUT=y diff --git a/configs/kernel-6.12.0-s390x-debug.config b/configs/kernel-6.12.0-s390x-debug.config index 6c5d8bc4344aa..d68176a104b7a 100644 --- a/configs/kernel-6.12.0-s390x-debug.config +++ b/configs/kernel-6.12.0-s390x-debug.config @@ -12,8 +12,8 @@ CONFIG_AS_VERSION=25000 CONFIG_LD_IS_BFD=y CONFIG_LD_VERSION=25000 CONFIG_LLD_VERSION=0 -CONFIG_RUSTC_VERSION=0 -CONFIG_RUSTC_LLVM_VERSION=0 +CONFIG_RUSTC_VERSION=107600 +CONFIG_RUSTC_LLVM_VERSION=170006 CONFIG_CC_CAN_LINK=y CONFIG_CC_CAN_LINK_STATIC=y CONFIG_CC_HAS_ASM_GOTO_OUTPUT=y diff --git a/configs/kernel-6.12.0-s390x-zfcpdump.config b/configs/kernel-6.12.0-s390x-zfcpdump.config index 1a49ef6c638bf..dedb67d608ad3 100644 --- a/configs/kernel-6.12.0-s390x-zfcpdump.config +++ b/configs/kernel-6.12.0-s390x-zfcpdump.config @@ -12,8 +12,8 @@ CONFIG_AS_VERSION=25000 CONFIG_LD_IS_BFD=y CONFIG_LD_VERSION=25000 CONFIG_LLD_VERSION=0 -CONFIG_RUSTC_VERSION=0 -CONFIG_RUSTC_LLVM_VERSION=0 +CONFIG_RUSTC_VERSION=107600 +CONFIG_RUSTC_LLVM_VERSION=170006 CONFIG_CC_CAN_LINK=y CONFIG_CC_CAN_LINK_STATIC=y CONFIG_CC_HAS_ASM_GOTO_OUTPUT=y diff --git a/configs/kernel-6.12.0-s390x.config b/configs/kernel-6.12.0-s390x.config index 1323e612ec7e5..8d435b5d4830a 100644 --- a/configs/kernel-6.12.0-s390x.config +++ b/configs/kernel-6.12.0-s390x.config @@ -12,8 +12,8 @@ CONFIG_AS_VERSION=25000 CONFIG_LD_IS_BFD=y CONFIG_LD_VERSION=25000 CONFIG_LLD_VERSION=0 -CONFIG_RUSTC_VERSION=0 -CONFIG_RUSTC_LLVM_VERSION=0 +CONFIG_RUSTC_VERSION=107600 +CONFIG_RUSTC_LLVM_VERSION=170006 CONFIG_CC_CAN_LINK=y CONFIG_CC_CAN_LINK_STATIC=y CONFIG_CC_HAS_ASM_GOTO_OUTPUT=y diff --git a/configs/kernel-6.12.0-x86_64-debug.config b/configs/kernel-6.12.0-x86_64-debug.config index fa3044c4ab3ba..94d09a557b775 100644 --- a/configs/kernel-6.12.0-x86_64-debug.config +++ b/configs/kernel-6.12.0-x86_64-debug.config @@ -12,8 +12,8 @@ CONFIG_AS_VERSION=25000 CONFIG_LD_IS_BFD=y CONFIG_LD_VERSION=25000 CONFIG_LLD_VERSION=0 -CONFIG_RUSTC_VERSION=0 -CONFIG_RUSTC_LLVM_VERSION=0 +CONFIG_RUSTC_VERSION=107600 +CONFIG_RUSTC_LLVM_VERSION=170006 CONFIG_CC_CAN_LINK=y CONFIG_CC_CAN_LINK_STATIC=y CONFIG_CC_HAS_ASM_GOTO_OUTPUT=y diff --git a/configs/kernel-6.12.0-x86_64-rt-debug.config b/configs/kernel-6.12.0-x86_64-rt-debug.config index 4df603849d15e..ebf9dd7915a3b 100644 --- a/configs/kernel-6.12.0-x86_64-rt-debug.config +++ b/configs/kernel-6.12.0-x86_64-rt-debug.config @@ -12,8 +12,8 @@ CONFIG_AS_VERSION=25000 CONFIG_LD_IS_BFD=y CONFIG_LD_VERSION=25000 CONFIG_LLD_VERSION=0 -CONFIG_RUSTC_VERSION=0 -CONFIG_RUSTC_LLVM_VERSION=0 +CONFIG_RUSTC_VERSION=107600 +CONFIG_RUSTC_LLVM_VERSION=170006 CONFIG_CC_CAN_LINK=y CONFIG_CC_CAN_LINK_STATIC=y CONFIG_CC_HAS_ASM_GOTO_OUTPUT=y diff --git a/configs/kernel-6.12.0-x86_64-rt.config b/configs/kernel-6.12.0-x86_64-rt.config index b01bf080db1b3..ce4a536a71663 100644 --- a/configs/kernel-6.12.0-x86_64-rt.config +++ b/configs/kernel-6.12.0-x86_64-rt.config @@ -12,8 +12,8 @@ CONFIG_AS_VERSION=25000 CONFIG_LD_IS_BFD=y CONFIG_LD_VERSION=25000 CONFIG_LLD_VERSION=0 -CONFIG_RUSTC_VERSION=0 -CONFIG_RUSTC_LLVM_VERSION=0 +CONFIG_RUSTC_VERSION=107600 +CONFIG_RUSTC_LLVM_VERSION=170006 CONFIG_CC_CAN_LINK=y CONFIG_CC_CAN_LINK_STATIC=y CONFIG_CC_HAS_ASM_GOTO_OUTPUT=y diff --git a/configs/kernel-6.12.0-x86_64.config b/configs/kernel-6.12.0-x86_64.config index c3fa4c155bd38..00afa86d9d1ea 100644 --- a/configs/kernel-6.12.0-x86_64.config +++ b/configs/kernel-6.12.0-x86_64.config @@ -12,8 +12,8 @@ CONFIG_AS_VERSION=25000 CONFIG_LD_IS_BFD=y CONFIG_LD_VERSION=25000 CONFIG_LLD_VERSION=0 -CONFIG_RUSTC_VERSION=0 -CONFIG_RUSTC_LLVM_VERSION=0 +CONFIG_RUSTC_VERSION=107600 +CONFIG_RUSTC_LLVM_VERSION=170006 CONFIG_CC_CAN_LINK=y CONFIG_CC_CAN_LINK_STATIC=y CONFIG_CC_HAS_ASM_GOTO_OUTPUT=y diff --git a/drivers/net/tun.c b/drivers/net/tun.c index 4e8dfd9c1f11f..52e016a479fc0 100644 --- a/drivers/net/tun.c +++ b/drivers/net/tun.c @@ -1932,6 +1932,9 @@ static ssize_t tun_get_user(struct tun_struct *tun, struct tun_file *tfile, local_bh_enable(); goto unlock_frags; } + + if (frags && skb != tfile->napi.skb) + tfile->napi.skb = skb; } rcu_read_unlock(); local_bh_enable(); diff --git a/fs/namespace.c b/fs/namespace.c index da767032a0a15..64f9006f8c33d 100644 --- a/fs/namespace.c +++ b/fs/namespace.c @@ -2261,6 +2261,11 @@ struct vfsmount *clone_private_mount(const struct path *path) if (!check_mnt(old_mnt)) goto invalid; + if (!ns_capable(old_mnt->mnt_ns->user_ns, CAP_SYS_ADMIN)) { + up_read(&namespace_sem); + return ERR_PTR(-EPERM); + } + if (has_locked_children(old_mnt, path->dentry)) goto invalid; diff --git a/redhat/kernel.changelog-10.1 b/redhat/kernel.changelog-10.1 index eb2430030351a..7ed7bbb6f1876 100644 --- a/redhat/kernel.changelog-10.1 +++ b/redhat/kernel.changelog-10.1 @@ -1,3 +1,8 @@ +* Thu Dec 04 2025 CKI KWF Bot [6.12.0-124.21.1.el10_1] +- CVE-2025-38499 kernel: clone_private_mnt(): make sure that caller has CAP_SYS_ADMIN in the right userns (Abhi Das) [RHEL-129282] {CVE-2025-38499} +- net: tun: Update napi->skb after XDP process (CKI Backport Bot) [RHEL-122247] {CVE-2025-39984} +Resolves: RHEL-122247, RHEL-129282 + * Tue Dec 02 2025 CKI KWF Bot [6.12.0-124.20.1.el10_1] - iommu/vt-d: Disallow dirty tracking if incoherent page walk (CKI Backport Bot) [RHEL-125482] {CVE-2025-40058} - net/mlx5: fs, fix UAF in flow counter release (Michal Schmidt) [RHEL-124432] {CVE-2025-39979} diff --git a/uki-addons.sbat b/uki-addons.sbat index 71dacae523c7f..c2e69fc9886de 100644 --- a/uki-addons.sbat +++ b/uki-addons.sbat @@ -1,3 +1,3 @@ sbat,1,SBAT Version,sbat,1,https://github.com/rhboot/shim/blob/main/SBAT.md -kernel-uki-virt-addons.rhel,1,Red Hat,kernel-uki-virt-addons,6.12.0-124.20.1.el10_1.x86_64,mailto:secalert@redhat.com -kernel-uki-virt-addons.rocky,1,RESF,kernel-uki-virt-addons,6.12.0-124.20.1.el10_1.x86_64,mailto:security@rockylinux.org +kernel-uki-virt-addons.rhel,1,Red Hat,kernel-uki-virt-addons,6.12.0-124.21.1.el10_1.x86_64,mailto:secalert@redhat.com +kernel-uki-virt-addons.rocky,1,RESF,kernel-uki-virt-addons,6.12.0-124.21.1.el10_1.x86_64,mailto:security@rockylinux.org diff --git a/uki.sbat b/uki.sbat index ee0183d4f9901..6f92800210469 100644 --- a/uki.sbat +++ b/uki.sbat @@ -1,3 +1,3 @@ sbat,1,SBAT Version,sbat,1,https://github.com/rhboot/shim/blob/main/SBAT.md -kernel-uki-virt.rhel,1,Red Hat,kernel-uki-virt,6.12.0-124.20.1.el10_1.x86_64,mailto:secalert@redhat.com -kernel-uki-virt.rocky,1,RESF,kernel-uki-virt,6.12.0-124.20.1.el10_1.x86_64,mailto:security@rockylinux.org +kernel-uki-virt.rhel,1,Red Hat,kernel-uki-virt,6.12.0-124.21.1.el10_1.x86_64,mailto:secalert@redhat.com +kernel-uki-virt.rocky,1,RESF,kernel-uki-virt,6.12.0-124.21.1.el10_1.x86_64,mailto:security@rockylinux.org