diff --git a/SOURCES/Makefile.common b/SOURCES/Makefile.common
index 6214c5a..2051ee3 100644
--- a/SOURCES/Makefile.common
+++ b/SOURCES/Makefile.common
@@ -9,7 +9,7 @@ RPMVERSION:=3.10.0
 # marker is git tag which we base off of for exporting patches
 MARKER:=v3.10
 PREBUILD:=
-BUILD:=1062.4.1
+BUILD:=1062.4.2
 DIST:=.el7
 SPECFILE:=kernel.spec
 RPM:=$(REDHAT)/rpm
diff --git a/SOURCES/kernel-3.10.0-i686.config b/SOURCES/kernel-3.10.0-i686.config
index 33b42aa..05ab439 100644
--- a/SOURCES/kernel-3.10.0-i686.config
+++ b/SOURCES/kernel-3.10.0-i686.config
@@ -554,6 +554,9 @@ CONFIG_X86_PAT=y
 CONFIG_ARCH_USES_PG_UNCACHED=y
 CONFIG_ARCH_RANDOM=y
 CONFIG_X86_SMAP=y
+# CONFIG_X86_INTEL_TSX_MODE_OFF is not set
+CONFIG_X86_INTEL_TSX_MODE_ON=y
+# CONFIG_X86_INTEL_TSX_MODE_AUTO is not set
 CONFIG_EFI=y
 CONFIG_EFI_STUB=y
 CONFIG_EFI_SECURE_BOOT_SECURELEVEL=y
diff --git a/SOURCES/kernel-3.10.0-x86_64.config b/SOURCES/kernel-3.10.0-x86_64.config
index ea6dbb8..8b63101 100644
--- a/SOURCES/kernel-3.10.0-x86_64.config
+++ b/SOURCES/kernel-3.10.0-x86_64.config
@@ -581,6 +581,9 @@ CONFIG_X86_PAT=y
 CONFIG_ARCH_USES_PG_UNCACHED=y
 CONFIG_ARCH_RANDOM=y
 CONFIG_X86_SMAP=y
+# CONFIG_X86_INTEL_TSX_MODE_OFF is not set
+CONFIG_X86_INTEL_TSX_MODE_ON=y
+# CONFIG_X86_INTEL_TSX_MODE_AUTO is not set
 CONFIG_EFI=y
 CONFIG_EFI_STUB=y
 CONFIG_EFI_SECURE_BOOT_SECURELEVEL=y
diff --git a/SPECS/kernel-plus.spec b/SPECS/kernel-plus.spec
index 6a53acc..0800406 100644
--- a/SPECS/kernel-plus.spec
+++ b/SPECS/kernel-plus.spec
@@ -14,10 +14,10 @@ Summary: The Linux kernel
 %global distro_build 1062
 
 %define rpmversion 3.10.0
-%define pkgrelease 1062.4.1.el7
+%define pkgrelease 1062.4.2.el7
 
 # allow pkg_release to have configurable %%{?dist} tag
-%define specrelease 1062.4.1%{?dist}
+%define specrelease 1062.4.2%{?dist}
 
 %define pkg_release %{specrelease}%{?buildid}
 
@@ -522,6 +522,7 @@ Patch1305: patch-cxgb4-tv64-uninit.patch
 Patch1307: patch-i686-nfp-2.patch
 #Patch1308: patch-i686-v7_7.patch
 Patch1308: patch-i686-v7_7.2.patch
+Patch1309: bmap-bug16610.patch
 
 # end of i686 mods
 
@@ -992,6 +993,7 @@ ApplyOptionalPatch patch-cxgb4-tv64-uninit.patch
 ApplyOptionalPatch patch-i686-nfp-2.patch
 #ApplyOptionalPatch patch-i686-v7_7.patch
 ApplyOptionalPatch patch-i686-v7_7.2.patch
+ApplyOptionalPatch bmap-bug16610.patch
 %endif
 
 ### plus mod
@@ -2039,7 +2041,7 @@ fi
 %kernel_variant_files %{with_kdump} kdump
 
 %changelog
-* Tue Oct 15 2019 Akemi Yagi <toracat@centos.org> [3.10.0-1062.4.1.el7.centos.plus]
+* Tue Nov 12 2019 Akemi Yagi <toracat@centos.org> [3.10.0-1062.4.2.el7.centos.plus]
 - Apply debranding changes
 - Roll in i686 mods
    addmissing.patch  [puias]
@@ -2059,6 +2061,7 @@ fi
    more 686 mods for 7.5 (-862.11.6) [pgreco, bug#15174]
    Patches updated for 7.6 [kabe, bug#15428]
    Patches for 7.7 [pgreco, bug#16324]
+   Patch bmap [pgreco bug#16610]
 - Modify config file for x86_64 with extra features turned on including
   some network adapters, BusLogic, ReiserFS, TOMOYO
 - Add in a patch that allows non-LogiTech remote to work [bug#5780]
@@ -2095,6 +2098,45 @@ fi
 - Apply a patch for acpi issue [bug#16315]
 - Apply a patch to fix ICMP redirects [bug#16521] 
 
+* Tue Nov 05 2019 Bruno Meneguele <bmeneg@redhat.com> [3.10.0-1062.4.2.el7]
+- [drm] drm/i915: Lower RM timeout to avoid DSI hard hangs (Dave Airlie) [1756815 1756816] {CVE-2019-0154}
+- [drm] drm/i915/gen8+: Add RC6 CTX corruption WA (Dave Airlie) [1756815 1756816] {CVE-2019-0154}
+- [drm] drm/i915/cmdparser: Ignore Length operands during command matching (Dave Airlie) [1756882 1756883] {CVE-2019-0155}
+- [drm] drm/i915/cmdparser: Add support for backward jumps (Dave Airlie) [1756882 1756883] {CVE-2019-0155}
+- [drm] drm/i915/cmdparser: Use explicit goto for error paths (Dave Airlie) [1756882 1756883] {CVE-2019-0155}
+- [drm] drm/i915: Add gen9 BCS cmdparsing (Dave Airlie) [1756882 1756883] {CVE-2019-0155}
+- [drm] drm/i915: Allow parsing of unsized batches (Dave Airlie) [1756882 1756883] {CVE-2019-0155}
+- [drm] drm/i915: Support ro ppgtt mapped cmdparser shadow buffers (Dave Airlie) [1756882 1756883] {CVE-2019-0155}
+- [drm] drm/i915: Add support for mandatory cmdparsing (Dave Airlie) [1756882 1756883] {CVE-2019-0155}
+- [drm] drm/i915: Remove Master tables from cmdparser (Dave Airlie) [1756882 1756883] {CVE-2019-0155}
+- [drm] drm/i915: Disable Secure Batches for gen6+ (Dave Airlie) [1756882 1756883] {CVE-2019-0155}
+- [drm] drm/i915: Rename gen7 cmdparser tables (Dave Airlie) [1756882 1756883] {CVE-2019-0155}
+- [x86] tsx: Add config options to set tsx=on|off|auto (Waiman Long) [1766539 1766540] {CVE-2019-11135}
+- [documentation] x86/speculation/taa: Add documentation for TSX Async Abort (Waiman Long) [1766539 1766540] {CVE-2019-11135}
+- [x86] tsx: Add "auto" option to the tsx= cmdline parameter (Waiman Long) [1766539 1766540] {CVE-2019-11135}
+- [x86] speculation/taa: Add sysfs reporting for TSX Async Abort (Waiman Long) [1766539 1766540] {CVE-2019-11135}
+- [x86] speculation/taa: Add mitigation for TSX Async Abort (Waiman Long) [1766539 1766540] {CVE-2019-11135}
+- [x86] cpu: Add a "tsx=" cmdline option with TSX disabled by default (Waiman Long) [1766539 1766540] {CVE-2019-11135}
+- [x86] cpu: Add a helper function x86_read_arch_cap_msr() (Waiman Long) [1766539 1766540] {CVE-2019-11135}
+- [x86] msr: Add the IA32_TSX_CTRL MSR (Waiman Long) [1766539 1766540] {CVE-2019-11135}
+- [documentation] documentation: Add ITLB_MULTIHIT documentation (Paolo Bonzini) [1733009 1690343] {CVE-2018-12207}
+- [x86] kvm: x86: mmu: Recovery of shattered NX large pages (Paolo Bonzini) [1733009 1690343] {CVE-2018-12207}
+- [virt] kvm: Add helper function for creating VM worker threads (Paolo Bonzini) [1733009 1690343] {CVE-2018-12207}
+- [x86] kvm: mmu: ITLB_MULTIHIT mitigation (Paolo Bonzini) [1733009 1690343] {CVE-2018-12207}
+- [kernel] cpu/speculation: Uninline and export CPU mitigations helpers (Paolo Bonzini) [1733009 1690343] {CVE-2018-12207}
+- [x86] cpu: Add Tremont to the cpu vulnerability whitelist (Paolo Bonzini) [1733009 1690343] {CVE-2018-12207}
+- [x86] Add ITLB_MULTIHIT bug infrastructure (Paolo Bonzini) [1733009 1690343] {CVE-2018-12207}
+- [x86] kvm: vmx, svm: always run with EFER.NXE=1 when shadow paging is active (Paolo Bonzini) [1733009 1690343] {CVE-2018-12207}
+- [x86] kvm: x86: add tracepoints around __direct_map and FNAME(fetch) (Paolo Bonzini) [1733009 1690343] {CVE-2018-12207}
+- [x86] kvm: x86: change kvm_mmu_page_get_gfn BUG_ON to WARN_ON (Paolo Bonzini) [1733009 1690343] {CVE-2018-12207}
+- [x86] kvm: x86: remove now unneeded hugepage gfn adjustment (Paolo Bonzini) [1733009 1690343] {CVE-2018-12207}
+- [x86] kvm: x86: make FNAME(fetch) and __direct_map more similar (Paolo Bonzini) [1733009 1690343] {CVE-2018-12207}
+- [x86] kvm: mmu: Do not release the page inside mmu_set_spte() (Paolo Bonzini) [1733009 1690343] {CVE-2018-12207}
+- [x86] kvm: x86: mmu: Remove unused parameter of __direct_map() (Paolo Bonzini) [1733009 1690343] {CVE-2018-12207}
+- [virt] kvm: Convert kvm_lock to a mutex (Paolo Bonzini) [1733009 1690343] {CVE-2018-12207}
+- [x86] kvm: mmu: drop vcpu param in gpte_access (Paolo Bonzini) [1733009 1690343] {CVE-2018-12207}
+- [virt] kvm: x86, powerpc: do not allow clearing largepages debugfs entry (Paolo Bonzini) [1733009 1690343] {CVE-2018-12207}
+
 * Wed Sep 25 2019 Bruno Meneguele <bmeneg@redhat.com> [3.10.0-1062.4.1.el7]
 - [vhost] vhost: make sure log_num < in_num (Eugenio Perez) [1750879 1750880] {CVE-2019-14835}