UBUNTU: SAUCE: net_sched: cls_route: remove from list when handle is 0

af_key: add __GFP_ZERO flag for compose_sadb_supported in function pfkey_register

block-map: add __GFP_ZERO flag for alloc_page in function

Fix lock_sock() blockage by memcpy_from_msg()

net: sched: fix use-after-free in tc_new_tfilter()

fix double dev_kfree_skb() in error path

net/packet: fix slab-out-of-bounds access in packet_recvmsg()

SUNRPC: Ensure we flush any closed sockets before

[PATCH] SUNRPC: Don't leak sockets in xs_local_connect()

net/sched: cls_u32: fix netns refcount changes in u32_change()

netfilter: nf_queue: do not allow packet truncation below transport header offset

ipv4: avoid using shared IP generator for connected sockets

ipv4: tcp: send zero IPID in SYNACK messages

vt: vt_ioctl: fix race in VT_RESIZEX

media: v4l: ioctl: Fix memory leak in video_usercopy

cifs: prevent bad output lengths in smb2_ioctl_query_info()

cifs: fix NULL ptr dereference in smb2_ioctl_query_info()

udf: Fix NULL ptr deref when converting from inline format

udf: Restore i_lenAlloc when inode expansion fails

Reinstate some of "swiotlb: rework "fix info leak with

ext4: verify dir block before splitting it

ext4: make variable "count" signed

ext4: avoid cycles in directory h-tree

psi: Fix uaf issue when psi trigger is destroyed while being polled (adaptation)

ALSA: pcm: Fix races among concurrent read/write and buffer changes

ALSA: pcm: Fix races among concurrent prepare and hw_params/hw_free calls

ALSA: pcm: Fix races among concurrent hw_params and hw_free calls

ALSA: pcm: Fix races among concurrent prealloc proc writes

ALSA: pcm: Fix races among concurrent hw_params and hw_free calls (adaptation)

openvswitch: fix OOB access in reserve_sfa_size()

Initialize registers to avoid stack leak into userspace.

Bail out in case userspace uses unsupported registers.

KVM: x86: avoid calling x86 emulator without a decoded

netfilter: nf_tables: sanitize nft_set_desc_concat_parse()

Out of scope as the patch is aarch64 related

NFSv4: Handle case where the lookup of a directory fails

netfilter: nf_tables: do not allow SET_ID to refer to another

netfilter: nf_tables: do not allow SET_ID to refer to another

HID: elo: fix memory leak in elo_probe

lockdown: also lock down previous kgdb use

drm/i915: fix TLB invalidation for Gen12 video and compute

net: usb: ax88179_178a: Fix out-of-bounds accesses in RX

i2c: ismt: prevent memory corruption in ismt_access()

mm/mremap: hold the rmap lock in write mode when moving page table

act_mirred: use the backlog for nested calls to

proc: avoid integer type confusion in get_proc_long

proc: proc_skip_spaces() shouldn't think it is working on C strings

ALSA: pcm: Move rwsem lock inside snd_ctl_elem_read to prevent UAF

ovl: fail on invalid uid/gid mapping at copy up

wifi: cfg80211: fix u8 overflow in cfg80211_update_notlisted_nontrans()

ath9k: fix use-after-free in ath9k_hif_usb_rx_cbMIME-Version: 1.0

media: em28xx: initialize refcount before kref_get

devlink: Fix use-after-free after a failed reload

ptrace: Check PTRACE_O_SUSPEND_SECCOMP permission on PTRACE_SEIZE

x86/elf: Disable automatic READ_IMPLIES_EXEC on 64-bit

igmp: Add ip_mc_list lock in ip_check_mc_rcu

af_key: Do not call xfrm_probe_algs in parallel

Bluetooth: L2CAP: Fix use-after-free caused by l2cap_reassemble_sdu

mm/hugetlb: fix races when looking up a CONT-PTE/PMD size hugetlb page

net/ulp: prevent ULP without clone op from entering the LISTEN status

wifi: cfg80211: fix BSS refcounting bugs

cifs: fix use-after-free caused by invalid pointer `hostname`

tcp/udp: Fix memory leak in ipv6_renew_options()

drm/i915/gvt: fix double free bug in split_2MB_gtt_entry

wifi: brcmfmac: Fix potential buffer overflow in brcmf_fweh_event_worker()

usb: mon: make mmapped memory read only

video: of_display_timing.h: include errno.h

fbcon: Disallow setting font bigger than screen size

fbcon: Prevent that screen size is smaller than font size

fbmem: Check virtual screen sizes in fb_set_var()

vt: drop old FONT ioctls

net: fix a concurrency bug in l2tp_tunnel_register()

l2tp: Serialize access to sk_user_data with sk_callback_lock

l2tp: Don't sleep and disable BH under writer-side sk_callback_lock

vt: use tty_insert_flip_string in respond_string

vt: keyboard, use tty_insert_flip_string in puts_queue

tty: drivers/tty/, stop using tty_schedule_flip()

tty: the rest, stop using tty_schedule_flip()

tty: drop tty_schedule_flip()

tty: extract tty_flip_buffer_commit() from tty_flip_buffer_push()

tty: use new tty_insert_flip_string_and_push_buffer() in pty_write()

tty: drop tty_schedule_flip()

drm/virtio: Fix error code in virtio_gpu_object_shmem_init()

netfilter: nf_tables: deactivate anonymous set from preparation phase

net: tls: fix possible race condition between do_tls_getsockopt_conf() and do_tls_setsockopt_conf()

Bluetooth: L2CAP: Fix accepting connection request

net/sched: tcindex: update imperfect hash filters

Complex adaptation is required, mainline retired tcindex.

xfs: verify buffer contents when we skip log replay

i2c: xgene-slimpro: Fix out-of-bounds bug in xgene_slimpro_i2c_xfer()

perf: Fix check before add_event_to_groups() in perf_group_detach()

netfilter: nft_set_pipapo: fix improper element removal

netfilter: nf_tables: incorrect error path handling with NFT_MSG_NEWRULE

ipvlan:Fix out-of-bounds caused by unclear skb->cb

net/sched: flower: fix possible OOB write in fl_set_geneve_opt()

hw: amd: Cross-Process Information Leak

net/sched: cls_fw: Fix improper refcount update leads to use-after-free

netfilter: nf_tables: prevent OOB access in nft_byteorder_eval

bluetooth: Perform careful capability checks in hci_sock_ioctl()

media: rc: Fix use-after-free bugs caused by ene_tx_irqsim()

Bluetooth: btsdio: fix use after free bug in btsdio_remove due to race condition

memstick: r592: Fix UAF bug in r592_remove due to race condition

kernel/relay.c: fix read_pos error when multiple readers

net/sched: cls_u32: Fix reference counter leak leading to overflow

net/sched: sch_qfq: account for stab overhead in qfq_enqueue

net/sched: cls_route: No longer copy tcf_result on update to avoid use-after-free

net/sched: cls_fw: No longer copy tcf_result on update to avoid use-after-free

net/sched: cls_u32: No longer copy tcf_result on update to avoid use-after-free

net: sched: sch_qfq: prevent slab-out-of-bounds in qfq_activate_agg

media: saa7134: fix use after free bug in saa7134_finidev due to race condition

media: dm1105: Fix use after free bug in dm1105_remove due to race condition

atlantic: Fix OOB read and write in hw_atl_utils_fw_rpc_wait

ext4: add EXT4_INODE_HAS_XATTR_SPACE macro in xattr.h

ext4: fix use-after-free in ext4_xattr_set_entry

seq_buf: Fix overflow in seq_buf_putmem_hex()

HID: betop: check shape of output reports

Complex adaptation required.

Bluetooth: L2CAP: Fix attempting to access uninitialized memory

KVM: nVMX: add missing consistency checks for CR0 and CR4

net: qcom/emac: Fix use after free bug in emac_remove due to race condition

This is a low priority CVE & the patch impacts many critical components of the networking subsystem & it requires multiple complex adaptations in those components to avoid losing existing connections on patch/unpatch.

hwmon: (xgene) Fix use after free bug in xgene_hwmon_remove due to race condition

fbcon: Check font dimension limits

Bluetooth: L2CAP: fix use-after-free in l2cap_conn_del()

can: usb_8dev: usb_8dev_start_xmit(): fix double dev_kfree_skb() in error path

sctp: fail if no bound addresses can be used for a given scope

xfrm: add NULL check in xfrm_update_ae_params

ovl: fix use after free in struct ovl_aio_req

ovl: fix use after free in struct ovl_aio_req

drm/vmwgfx: Remove rcu locks from user resources

drm/vmwgfx: Remove rcu locks from user resources

HID: asus: use spinlock to safely schedule workers

HID: asus: use spinlock to safely schedule workers

media: dvb-core: Fix kernel WARNING for blocking operation in wait_event*()

Medium severity vulnerability CVE requiring extremely complex adaptation (if at all possible)

Not possible to trigger in rhel8

media: dvb-usb: az6027: fix null-ptr-deref in az6027_i2c_xfer()

r8152: Rate limit overflow messages

prlimit: do_prlimit needs to have a speculation check

media: ttusb-dec: fix memory leak in ttusb_dec_exit_dvb()

net: sched: atm: dont intepret cls results when asked to drop

net: mpls: fix stale pointer if allocation fails during device rename

net: sched: atm: dont intepret cls results when asked to drop

media: usb: siano: Fix use after free bugs caused by do_submit_urb

media: usb: siano: Fix use after free bugs caused by do_submit_urb

net: sched: fix race condition in qdisc_graft()

gfs2: Don't deref jdesc in evict

tipc: fix an information leak in tipc_topsrv_kern_subscr

tipc: set con sock in tipc_conn_alloc

tipc: add an extra conn_get in tipc_conn_alloc

net/tls: tls_is_tx_ready() checked list_entry

mm: thp: fix wrong cache flush in remove_migration_pmd()

mm/thp: simplify copying of huge zero page pmd when fork

mm/userfaultfd: fix uffd-wp special cases for

bpf: Fix incorrect verifier pruning due to missing register precision taints

net: tun: fix bugs for oversize packet when napi frags enabled

cifs: Fix UAF in cifs_demultiplex_thread()

nvmet-tcp: Fix a possible UAF in queue intialization setup

media: dvbdev: remove double-unlock

media: dvbdev: Fix memleak in dvb_register_device

media: dvbdev: fix error logic at dvb_register_device()

media: dvbdev: adopts refcnt to avoid UAF

media: dvbdev: fix refcnt bug

media: dvbdev: adopts refcnt to avoid UAF (adaptation)

media: dvb-core: Fix use-after-free due to race at dvb_register_device()

media: dvb-core: Fix use-after-free due to race at dvb_register_device() (adaptation)

media: dvb_net: avoid speculation from net slot

media: dvb-core: Fix use-after-free due on race condition at dvb_net

media: dvb-core: Fix use-after-free due on race condition at dvb_net (adaptation)

media: dvb_ca_en50221: off by one in dvb_ca_en50221_io_do_ioctl()

media: dvb_ca_en50221: avoid speculation from CA slot

media: dvb_ca_en50221: fix a size write bug

media: dvb-core: Fix use-after-free due to race condition at dvb_ca_en50221

media: dvb-core: Fix use-after-free due to race condition at dvb_ca_en50221 (adaptation)

scsi: iscsi_tcp: Fix UAF during login when accessing the shost ipaddress

netfilter: ipset: add the missing IP_SET_HASH_WITH_NET0 macro for ip_set_hash_netportnet.c

af_unix: Fix null-ptr-deref in unix_stream_sendpage().

A low priority AMD Inception vulnerability that affects Zen3/Zen4 & relates to RetBleed fixes requiring microcode updates, we can't do much about it in KCare Infra.

drm/vmwgfx: Fix shader stage validation

net/sched: sch_hfsc: Ensure inner classes have fsc curve

net/sched: sch_hfsc: upgrade 'rt' to 'sc' when it becomes a inner curve

igb: set max size RX buffer when store bad packet is enabled

igb: set max size RX buffer when store bad packet is enabled

net: sched: sch_qfq: Fix UAF in qfq_dequeue()

net: sched: sch_qfq: Fix UAF in qfq_dequeue() (adaptation)

nfp: fix use-after-free in area_cache_get()

drivers: net: slip: fix NPD bug in sl_tx_timeout()

Fix double fget() in vhost_net_set_backend()

HID: check empty report_list in hid_validate_values()

smb: client: fix OOB in smbCalcSize()

smb: client: fix potential OOB in cifs_dump_detail()

smb: client: fix potential OOB in smb2_dump_detail()

x86/sev-es: Fix SEV-ES OUT/IN immediate opcode vc handling

x86/sev: Disable MMIO emulation from user mode

x86/sev: Check IOBM for IOIO exceptions from user-space

x86/sev: Check for user-space IOIO pointing to kernel space

Fix a kernel panic when host sends an invalid H2C PDU length

nvmet-tcp: fix a crash in nvmet_req_complete()

nvmet-tcp: remove boilerplate code

nvmet-tcp: Fix the H2C expected PDU len calculation

perf: Disallow mis-matched inherited group reads

perf: Disallow mis-matched inherited group reads (adaptation)

perf/core: Fix potential NULL deref

netfilter: nft_set_pipapo: skip inactive elements during set walk

Bluetooth: L2CAP: Fix use-after-free in l2cap_sock_ready_cb

net: tls, update curr on splice as well

smb: client: fix OOB in receive_encrypted_standard()

perf: Fix perf_event_validate_size()

perf: Fix perf_event_validate_size() lockdep splat

drm/amdgpu: Fix potential fence use-after-free v2

ext4: fix kernel BUG in 'ext4_write_inline_data_end()'

tty: n_gsm: fix the UAF caused by race condition in gsm_cleanup_mux

netfilter: nf_tables: reject QUEUE/DROP verdict parameters

drm/vmwgfx: Fix possible null pointer derefence with invalid contexts

x86/xen: Add xenpv_restore_regs_and_return_to_usermode()

kpatch add alt asm definitions

kpatch add paravirt asm definitions

Livepatching Retbleed may decrease kernel stability and performance. This vulnerability has medium security impact and applies to certain hardware environments only.

Livepatching Retbleed may decrease kernel stability and performance. This vulnerability has medium security impact and applies to certain hardware environments only.

Livepatching Retbleed may decrease the stability and performance of the kernel, while vulnerability has a medium security impact and only for a certain hardware environment.

Livepatching Retbleed may decrease kernel stability and performance. This vulnerability has medium security impact and applies to certain hardware environments only.

Livepatching Retbleed may decrease the stability and performance of the kernel, while vulnerability has a medium security impact and only for a certain hardware environment.