[3.10.0-1160.OL7] - Oracle Linux certificates - Oracle Linux RHCK Module Signing Key was compiled into kernel - Update x509.genkey [Orabug: 24817676] - Conflict with shim-ia32 and shim-x64 [3.10.0-1160] - [kernel] modsign: Add nomokvarconfig kernel parameter [1867857] - [firmware] modsign: Add support for loading certs from the EFI MOK config table [1867857] - [kernel] modsign: Move import of MokListRT certs to separate routine [1867857] - [kernel] modsign: Avoid spurious error message after last MokListRTn [1867857] [3.10.0-1159] - [kernel] modsign: Import certificates from optional MokListRT [1862840] - [crypto] crypto/pefile: Support multiple signatures in verify_pefile_signature [1862840] - [crypto] crypto/pefile: Tolerate other pefile signatures after first [1862840] [3.10.0-1158] - [redhat] switch secureboot kernel image signing to release keys [] [3.10.0-1157] - [fs] signal: Dont send signals to tasks that dont exist [1856166] [3.10.0-1156] - [fs] gfs2: Fix regression due to unwanted gfs2_qa_put [1798713] - [include] signal: Unfairly acquire tasklist_lock in send_sigio if irq disabled [1838799] - [fs] signal: Dont take tasklist_lock if PID type is PIDTYPE_PID [1838799] - [vfio] vfio/pci: Fix SR-IOV VF handling with MMIO blocking [1820632] {CVE-2020-12888} [3.10.0-1155] - [x86] Revert "x86: respect memory size limiting via mem= parameter" [1851576] - [mm] Revert "mm/memory_hotplug.c: only respect mem= parameter during boot stage" [1851576] - [fs] nfsd: only WARN once on unmapped errors [1850430] - [powerpc] pci/of: Fix OF flags parsing for 64bit BARs [1840114] - [fs] cifs: fix NULL dereference in match_prepath [1759852] [3.10.0-1154] - [fs] gfs2: move privileged user check to gfs2_quota_lock_check [1798713] - [fs] gfs2: Fix problems regarding gfs2_qa_get and _put [1798713] - [fs] gfs2: dont call quota_unhold if quotas are not locked [1798713] - [fs] gfs2: Remove unnecessary gfs2_qa_{get, put} pairs [1798713] - [fs] gfs2: Split gfs2_rsqa_delete into gfs2_rs_delete and gfs2_qa_put [1798713] - [fs] gfs2: Change inode qa_data to allow multiple users [1798713] - [fs] gfs2: eliminate gfs2_rsqa_alloc in favor of gfs2_qa_alloc [1798713] - [fs] gfs2: Switch to list_{first,last}_entry [1798713] - [fs] gfs2: Clean up inode initialization and teardown [1798713] - [fs] gfs2: Minor gfs2_alloc_inode cleanup [1798713] - [fs] gfs2: Fix busy-on-umount in gfs2_atomic_open [1812558] [3.10.0-1153] - [x86] mm: Fix mremap not considering huge pmd devmap [1843437] {CVE-2020-10757} - [mm] mm, dax: check for pmd_none after split_huge_pmd [1843437] {CVE-2020-10757} - [mm] mm: mremap: streamline move_page_tabless move_huge_pmd corner case [1843437] {CVE-2020-10757} - [mm] mm: mremap: validate input before taking lock [1843437] {CVE-2020-10757} - [wireless] mwifiex: Fix possible buffer overflows in mwifiex_ret_wmm_get_status [1844070] {CVE-2020-12654} - [wireless] mwifiex: Fix possible buffer overflows in mwifiex_cmd_append_vsie_tlv [1844026] {CVE-2020-12653} - [net] netfilter: nf_conntrack_h323: lost .data_len definition for Q.931/ipv6 [1845428] [3.10.0-1152] - [nvmem] nvmem: properly handle returned value nvmem_reg_read [1844409] - [mailbox] PCC: fix dereference of ERR_PTR [1844409] - [kernel] futex: Unlock hb-