remote stack overflow in Linux kernel

lib/iov_iter: initialize "flags" in new pipe_buffer

netdevsim: Zero-initialize memory for new map's value in function nsim_bpf_map_alloc

mwifiex: Fix skb_over_panic in mwifiex_usb_recv()

phonet: refcount leak in pep_sock_accep

rds: memory leak in __rds_conn_create()

cgroup-v1: Require capabilities to set release_agent

s390 is unsupported

net: sched: fix use-after-free in tc_new_tfilter()

esp: Fix possible buffer overflow in ESP transformation

udf: Restore i_lenAlloc when inode expansion fails

udf: Fix NULL ptr deref when converting from inline format

NFSv4: Handle case where the lookup of a directory fails

NFSv4: nfs_atomic_open() can race when looking up a non-regular file

NFS: LOOKUP_DIRECTORY is also ok with symlinks

yam: fix a memory leak in yam_siocdevprivate()

[PATCH] nfc: st21nfca: Fix potential buffer overflows in

USB: gadget: validate endpoint index for xilinx udc

[PATCH] USB: gadget: validate interface OS descriptor requests

usb: gadget: rndis: check size of RNDIS_MSG_SET command

mmc: block: fix read single on recovery logic

netfilter: nf_tables: initialize registers in nft_do_chain()

drm/nouveau: Add a dedicated mutex for the clients list

drm/nouveau: clean up all clients on device removal

drm/nouveau: Add a dedicated mutex for the clients list (adaptation)

An introduction of required changes through KernelCare could cause unavoidable problems to applications which use unprivileged eBPF.

net: usb: ax88179_178a: Fix out-of-bounds accesses in RX fixup

moxart: fix potential use-after-free on remove path

io_uring: fix fs->users overflow

ptrace: Check PTRACE_O_SUSPEND_SECCOMP permission on

net/sched: cls_u32: fix netns refcount changes in

Not affected without certain conditions - Secure Boot, configured kgdb/kdb. Complex adaptation

cgroup: Use open-time cgroup namespace for process migration perm checks

cgroup: Use open-time cgroup namespace for process migration perm checks(adaptation).

af_key: add __GFP_ZERO flag for compose_sadb_supported in function pfkey_register

fuse: use true,false for bool variable

fuse: fix pipe buffer lifetime for direct_io

fuse: fix pipe buffer lifetime for direct_io (kpatch adaptation)

KVM: x86/mmu: do compare-and-exchange of gPTE via the user

drivers: hamradio: 6pack: fix UAF bug caused by mod_timer()

net/x25: Fix null-ptr-deref caused by x25_disconnect

netfilter: nf_tables: disallow non-stateful expression in sets earlier

sr9700: sanity check for packet length

gadget: don't release an existing dev->buf

xen/xenbus: don't let xenbus_grant_ring() remove grants in error case

xen/grant-table: add gnttab_try_end_foreign_access()

xen/blkfront: don't use gnttab_query_foreign_access() for mapped status

xen/scsifront: don't use gnttab_query_foreign_access() for mapped status

xen/gntalloc: don't use gnttab_query_foreign_access()

xen: remove gnttab_query_foreign_access()

xen/9p: use alloc/free_pages_exact()

xen/pvcalls: use alloc/free_pages_exact()

xen/gnttab: fix gnttab_end_foreign_access() without page specified

xen/netfront: react properly to failing gnttab_end_foreign_access_ref()

xen/gnttab: fix gnttab_end_foreign_access() without page specified (adaptation)

xen/netfront: react properly to failing gnttab_end_foreign_access_ref() (adaptation)

llc: fix netdevice reference leaks in llc_ui_bind()

can: mcba_usb: mcba_usb_start_xmit(): fix double dev_kfree_skb in error path

can: ems_usb: ems_usb_start_xmit(): fix double dev_kfree_skb() in error path

x86/speculation/mmio: Add mitigation for Processor MMIO Stale Data

can: usb_8dev: usb_8dev_start_xmit(): fix double dev_kfree_skb() in

ax25: improve the incomplete fix to avoid UAF and NPD bugs

ax25: improve the incomplete fix to avoid UAF and NPD bugs

ax25: improve the incomplete fix to avoid UAF and NPD bugs

[PATCH] ax25: add refcount in ax25_dev to avoid UAF bugs

[PATCH] ax25: fix reference count leaks of ax25_dev

[PATCH] ax25: fix UAF bugs of net_device caused by rebinding

[PATCH] ax25: Fix refcount leaks caused by ax25_cb_del()

[PATCH] ax25: fix UAF bug in ax25_send_control()

[PATCH] ax25: fix NPD bug in ax25_disconnect

[PATCH] ax25: Fix NULL pointer dereferences in ax25 timers

[PATCH] ax25: Fix UAF bugs in ax25 timers

ax25: add refcount in ax25_dev to avoid UAF bugs (adaptation)

floppy: disable FDRAWCMD by default

floppy: disable FDRAWCMD by default (adaptation)

hamradio: defer 6pack kfree after unregister_netdev

hamradio: remove needs_free_netdev to avoid UAF

floppy: use a statically allocated error counter

floppy: use a statically allocated error counter (adaptation)

nfc: nfcmrvl: main: reorder destructive operations in

[PATCH] SUNRPC: Ensure we flush any closed sockets before

[PATCH] SUNRPC: Don't leak sockets in xs_local_connect()

[PATCH v4 1/2] ath9k: fix use-after-free in ath9k_hif_usb_rx_cb

nfc: replace improper check device_is_registered() in netlink related

NFC: netlink: fix sleep in atomic bug when firmware download timeout

ALSA: pcm: Fix races among concurrent hw_params and hw_free calls

ALSA: pcm: Fix races among concurrent read/write and buffer changes

ALSA: pcm: Fix races among concurrent prepare and hw_params/hw_free calls

ALSA: pcm: Fix races among concurrent prealloc proc writes

ALSA: pcm: Fix races among concurrent hw_params and hw_free calls (adaptation)

netfilter: nf_tables: stricter validation of element data

UBUNTU: SAUCE: net_sched: cls_route: remove from list when handle is 0

UBUNTU: SAUCE: netfilter: nf_tables: do not allow SET_ID to refer to another table

UBUNTU: SAUCE: netfilter: nf_tables: do not allow RULE_ID to refer to another table

vt: drop old FONT ioctls

Complex adaptation required. Low impact CVE.

fbcon: Disallow setting font bigger than screen size

fbcon: Prevent that screen size is smaller than font size

fbmem: Check virtual screen sizes in fb_set_var()

tcp: change source port randomizarion at connect() time

secure_seq: use the 64 bits of the siphash for port offset

tcp: use different parts of the port_offset for index and

tcp: increase source port perturb table to 2^16

tcp: increase source port perturb table to 2^16

tcp: change source port randomizarion at connect() time (adaptation)

perf: Fix sys_perf_event_open() race against self

dm verity: set DM_TARGET_IMMUTABLE feature flag

dm verity: set DM_TARGET_IMMUTABLE feature flag (adaptation)

netfilter: nf_queue: do not allow packet truncation below

HID: bigben: fix slab-out-of-bounds Write in bigben_probe

drm: mali-dp: potential dereference of null pointer

bpf: Verifer, adjust_scalar_min_max_vals to always call update_reg_bounds()

Complex adaptation required.

net: rose: fix UAF bugs caused by timer handler

net: rose: fix UAF bugs caused by timer handler (adaptation)

xen/blkfront: fix leaking data in shared pages

io_uring: disable polling pollfree files

io_uring: disable polling pollfree files (adaptation)

xen/netfront: fix leaking data in shared pages

xen/netfront: force data bouncing when backend is untrusted

xen/netfront: force data bouncing when backend is untrusted (adaptation)

xen/blkfront: force data bouncing when backend is untrusted

xen/blkfront: force data bouncing when backend is untrusted (adaptation)

Out of scope - ARM architecture.

xfrm: xfrm_policy: fix a possible double xfrm_pols_put() in

Bluetooth: L2CAP: Fix use-after-free caused by l2cap_chan_put

tty: extract tty_flip_buffer_commit() from tty_flip_buffer_push()

tty: use new tty_insert_flip_string_and_push_buffer() in pty_write()

io_uring/af_unix: defer registered files gc to io_uring release

io_uring/af_unix: defer registered files gc to io_uring release

UBUNTU: SAUCE: io_uring/af_unix: fix memleak during unix GC

wifi: cfg80211: fix u8 overflow in cfg80211_update_notlisted_nontrans()

wifi: cfg80211: fix BSS refcounting bugs

wifi: cfg80211: avoid nontransmitted BSS list corruption

scsi: stex: Properly zero out the passthrough command structure

[PATCH] af_key: Do not call xfrm_probe_algs in parallel

mm/mremap: hold the rmap lock in write mode when moving page table

ARM related CVE.

devlink: Fix use-after-free after a failed reload

atm: idt77252: fix use-after-free bugs caused by tst_timer

fs: fix UAF/GPF bug in nilfs_mdt_destroy

wifi: mac80211: don't parse mbssid in assoc response

wifi: mac80211: don't parse mbssid in assoc response

wifi: mac80211: fix MBSSID parsing use-after-free

adaptation

mm: Fix TLB flush for not-first PFNMAP mappings in unmap_region()

mm: Fix TLB flush for not-first PFNMAP mappings in unmap_region()

Livepatching Retbleed may decrease kernel stability and performance. This vulnerability has medium security impact and applies to certain hardware environments only.

Livepatching Retbleed may decrease the stability and performance of the kernel, while vulnerability has a medium security impact and only for a certain hardware environment.

Livepatching Retbleed may decrease the stability and performance of the kernel, while vulnerability has a medium security impact and only for a certain hardware environment.

KVM: Add infrastructure and macro to mark VM as bugged

[PATCH] KVM: x86: Check lapic_in_kernel() before attempting to set a

KVM: x86: Avoid theoretical NULL pointer dereference in

KVM: x86: Check lapic_in_kernel() before attempting to set a ( adaptation )

r8152: Rate limit overflow messages

Bluetooth: L2CAP: Fix use-after-free caused by l2cap_reassemble_sdu

mISDN: fix use-after-free bugs in l1oip timer handlers

mISDN: fix use-after-free bugs in l1oip timer handlers (adaptation)

nilfs2: fix NULL pointer dereference at nilfs_bmap_lookup_at_level()

video: fbdev: i740fb: Error out if 'pixclock' equals zero

efi: capsule-loader: Fix use-after-free in efi_capsule_write

efi: capsule-loader: Fix use-after-free in efi_capsule_write (adaptation)

binder: fix UAF of ref->proc caused by race condition

netfilter: nf_conntrack_irc: Tighten matching on DCC message

ALSA: pcm: oss: Fix race at SNDCTL_DSP_SYNC

staging: rtl8712: fix use after free bugs

sch_sfb: Don't assume the skb is still around after enqueueing to child

sch_sfb: Also store skb len before calling child enqueue

pxa3xx-gcu: Fix integer overflow in pxa3xx_gcu_write

usb: mon: make mmapped memory read only

nilfs2: fix leak of nilfs_root in case of writer thread creation failure

Bluetooth: L2CAP: Fix accepting connection request for invalid SPSM

xen/netback: Ensure protocol headers don't fall in the non-linear area

Bluetooth: L2CAP: Fix l2cap_global_chan_by_psm

Bluetooth: L2CAP: Fix u8 overflow

NFSD: Cap rsize_bop result based on send buffer size

nilfs2: fix use-after-free bug of struct nilfs_root

binder: fix UAF of alloc->vma in race with munmap()

[PATCH] Bluetooth: L2CAP: Fix attempting to access uninitialized

[PATCH] Bluetooth: L2CAP: Fix attempting to access uninitialized

roccat: Fix use-after-free in roccat_read()

wifi: brcmfmac: Fix potential buffer overflow in

fbdev: smscufx: Fix use-after-free in ufx_ops_open()

nfp: fix use-after-free in area_cache_get()

ALSA: pcm: Move rwsem lock inside snd_ctl_elem_read to prevent UAF

drm/vmwgfx: Validate the box size for the snooped cursor

media: dvb-core: Fix UAF due to refcount races at releasing

net: sched: disallow noqueue for qdisc classes

ipv6: raw: Deduct extension header length in rawv6_push_pending_frames

net: sched: cbq: dont intepret cls results when asked to drop

net: sched: atm: dont intepret cls results when asked to drop

x86/bugs: Flush IBP in ib_prctl_set()

net/ulp: prevent ULP without clone op from entering the LISTEN status

misc: sgi-gru: fix use-after-free error in gru_set_context_option

nvme: ensure subsystem reset is single threaded

mm/hugetlb: fix races when looking up a CONT-PTE/PMD size hugetlb page

kcm: avoid potential race in kcm_tx_work

ipv4: Handle attempt to delete multipath route when fib_info contains an nh reference

ipv4: Handle attempt to delete multipath route when fib_info contains an nh reference

proc: avoid integer type confusion in get_proc_long

proc: proc_skip_spaces() shouldn't think it is working on C strings

drm/i915: fix TLB invalidation for Gen12 video and compute engines

ipc: replace costly bailout check in sysvipc_find_ipc()

KVM: VMX: Execute IBPB on emulated VM-exit when guest has IBRS

USB: gadgetfs: Fix race between mounting and unmounting

wifi: rndis_wlan: Prevent buffer overflow in rndis_query_oid

can: af_can: fix NULL pointer dereference in can_rcv_filter

USB: move snd_usb_pipe_sanity_check into the USB core

USB: add usb_control_msg_send() and usb_control_msg_recv()

net/sched: tcindex: update imperfect hash filters respecting rcu

HID: check empty report_list in hid_validate_values()

drm/amdkfd: Check for null pointer after calling kmemdup

l2tp: Serialize access to sk_user_data with sk_callback_lock

sctp: fail if no bound addresses can be used for a given scope

net: mpls: fix stale pointer if allocation fails during device rename

media: mceusb: Use new usb_control_msg_*() routines

prlimit: do_prlimit needs to have a speculation check

Complex adaptation is required, mainline retired tcindex.

Safety check failed for copy_from_user; zendesk:191568

net/tls: tls_is_tx_ready() checked list_entry

kvm: initialize all of the kvm_debugregs structure before sending it

rds: rds_rm_zerocopy_callback() use list_first_entry()

scsi: iscsi_tcp: Fix UAF during login when accessing the shost

netrom: Fix use-after-free caused by accept on already connected

[PATCH] media: rc: Fix use-after-free bugs caused by ene_tx_irqsim()

wifi: brcmfmac: slab-out-of-bounds read in brcmf_get_assoc_ies()

KVM: nVMX: add missing consistency checks for CR0 and CR4

net: sched: sch_qfq: prevent slab-out-of-bounds in qfq_activate_agg

netfilter: nf_tables: deactivate anonymous set from

net/sched: flower: fix possible OOB write in fl_set_geneve_opt()

ipvlan:Fix out-of-bounds caused by unclear skb->cb

netfilter: nf_tables: incorrect error path handling with NFT_MSG_NEWRULE

netfilter: nf_tables: prevent OOB access in nft_byteorder_eval

overlayfs: Skip permission checking for trusted.overlayfs.* xattrs

memstick: r592: Fix UAF bug in r592_remove due to race condition

btrfs: unset reloc control if transaction commit fails in prepare_to_relocate()

[PATCH] btrfs: fix race between quota disable and quota assign ioctls

cifs: fix NULL ptr dereference in smb2_ioctl_query_info()

net: sched: fix race condition in qdisc_graft()

[PATCH] i2c: xgene-slimpro: Fix out-of-bounds bug in

net: qcom/emac: Fix use after free bug in emac_remove due to race

power: supply: da9150: Fix use after free bug in

net: tls: fix possible race condition between

xfs: verify buffer contents when we skip log replay

netlink: limit recursion depth in policy validation

[PATCH] act_mirred: use the backlog for nested calls to mirred

hwmon: (xgene) Fix use after free bug in xgene_hwmon_remove due to

nfc: st-nci: Fix use after free bug in ndlc_remove due to race

ext4: verify dir block before splitting it

ext4: avoid cycles in directory h-tree

ext4: make variable "count" signed

ext4: check if directory block is within i_size

ext4: make sure ext4_append() always allocates new block

ext4: fix check for block being out of directory size

x86/speculation: Identify processors vulnerable to SMT RSB predictions

KVM: x86: Mitigate the cross-thread return address predictions bug

KVM: x86: Mitigate the cross-thread return address predictions bug (adaptation)

Complex adaptation required.

net/sched: cls_fw: Fix improper refcount update leads to

net/sched: sch_qfq: account for stab overhead in qfq_enqueue

net/sched: cls_u32: Fix reference counter leak leading to overflow

hw: amd: Cross-Process Information Leak

binder: fix UAF caused by faulty buffer cleanup

usb: gadget: udc: renesas_usb3: Fix use after free bug in

media: saa7134: fix use after free bug in saa7134_finidev due to race

bpf: Fix incorrect verifier pruning due to missing register precision

relayfs: fix out-of-bounds access in relay_file_read

media: dm1105: Fix use after free bug in dm1105_remove due to race condition

bluetooth: Perform careful capability checks in hci_sock_ioctl()

media: dvb-core: Fix kernel WARNING for blocking operation in wait_event*()

dm ioctl: fix nested locking in table_clear() to remove deadlock concern

Bluetooth: L2CAP: Fix use-after-free in l2cap_sock_ready_cb

net/sched: cls_route: No longer copy tcf_result on update to avoid

net/sched: cls_fw: No longer copy tcf_result on update to avoid

net/sched: cls_u32: No longer copy tcf_result on update to avoid

x86/CPU/AMD: Do not leak quotient data after a division by 0

This is a low priority CVE & the patch impacts many critical components of the networking subsystem & it requires multiple complex adaptations in those components to avoid losing existing connections on patch/unpatch.

The patch remove functionality.

[PATCH] nfc: llcp: simplify llcp_sock_connect() error paths

[PATCH] net: nfc: Fix use-after-free caused by nfc_llcp_find_local

gfs2: Don't deref jdesc in evict

bpf: Fix toctou on read-only map's constant scalar tracking

bpf: Fix toctou on read-only map's constant scalar tracking

af_unix: Fix null-ptr-deref in unix_stream_sendpage().

net/sched: sch_hfsc: Ensure inner classes have fsc curve

net: sched: sch_qfq: Fix UAF in qfq_dequeue()

net: sched: sch_qfq: Fix UAF in qfq_dequeue() (adaptation)

netfilter: ipset: add the missing IP_SET_HASH_WITH_NET0 macro for

igmp: limit igmpv3_newpack() packet size to IP_MAX_MTU

CVE was wrongly assigned to a bug that was deemed to be a non-security issue by the Linux kernel security team.

The patch removes functionality.

netfilter: ipset: Add schedule point in call_ad().

netfilter: ipset: Fix race between IPSET_CMD_CREATE and

xen/netback: Fix buffer overrun triggered by unusual packet

Bluetooth: hci_ldisc: check HCI_UART_PROTO_READY flag in

media: usb: siano: Fix use after free bugs caused by do_submit_urb (dependency)

media: usb: siano: Fix warning due to null work_func_t function

Medium severity vulnerability CVE requiring extremely complex adaptation (if at all possible)

xfrm: add NULL check in xfrm_update_ae_params

ubi: Refuse attaching if mtd's erasesize is 0

igb: set max size RX buffer when store bad packet is enabled

igb: set max size RX buffer when store bad packet is enabled (adaptation)

net/tls: do not free tls_rec on async operation in

netfilter: nfnetlink_osf: avoid OOB read

netfilter: xt_sctp: validate the flag_info count

netfilter: xt_u32: validate user space input

netfilter: xt_u32: validate user space input (adaptation)

perf: Disallow mis-matched inherited group reads

perf: Disallow mis-matched inherited group reads

nvmet-tcp: move send/recv error handling in the send/recv methods instead of call-sites

nvmet-tcp: Fix a possible UAF in queue intialization setup

ipv4: fix null-deref in ipv4_link_failure

net: xfrm: Fix xfrm_address_filter OOB read

Complex adaptation required.

netfilter: nf_tables: Reject tables of unsupported family

smb: client: fix OOB in smbCalcSize()

perf: Fix perf_event_validate_size()

perf: Fix perf_event_validate_size() lockdep splat

ipv4: igmp: fix refcnt uaf issue when receiving igmp query packet

ravb: Fix use-after-free issue in ravb_tx_timeout_work()

nfc: nci: fix possible NULL pointer dereference in send_acknowledge()

kobject: Fix slab-out-of-bounds in fill_kobj_path()

xen/events: replace evtchn_rwlock with RCU

net: tls, update curr on splice as well

smb: client: fix OOB in receive_encrypted_standard()

ida: Fix crash in ida_free when the bitmap is empty

appletalk: Fix Use-After-Free in atalk_ioctl

usb: dwc3: dwc3-qcom: Add missing platform_device_put() in dwc3_qcom_acpi_register_core

Bluetooth: af_bluetooth: Fix Use-After-Free in bt_sock_recvmsg

f2fs: fix to do sanity check on inode type during garbage collection

An introduction of required changes through KernelCare could cause unavoidable problems to applications which use netfilter functionality.

nvmet: nul-terminate the NQNs passed in the connect command

net/rose: Fix Use-After-Free in rose_ioctl

atm: Fix Use-After-Free in do_vcc_ioctl

vhost: use kzalloc() instead of kmalloc() followed by memset()

netfilter: nf_tables: reject QUEUE/DROP verdict parameters

phy: tegra: xusb: Fix return value of tegra_xusb_find_port_node function

malidp: Fix NULL vs IS_ERR() checking

scsi: lpfc: Fix a possible data race in lpfc_unregister_fcf_rescan()

nvmet-tcp: add bounds check on Transfer Tag

nvmet-tcp: Fix a kernel panic when host sends an invalid H2C PDU length

drm/radeon: check the alloc_workqueue return value in radeon_crtc_init()

binder: fix race between mmput() and do_exit()

crypto: scomp - fix req->dst buffer overflow

net: qualcomm: rmnet: fix global oob in rmnet_policy

net: qualcomm: rmnet: fix global oob in rmnet_policy

ip6_tunnel: fix NEXTHDR_FRAGMENT handling in ip6_tnl_parse_tlv_enc_lim()

ipv6: remove max_size check inline with ipv4

ipv6: remove max_size check inline with ipv4

dm ioctl: log an error if the ioctl structure is corrupted

dm: limit the number of targets and parameter size area

apparmor: avoid crash when parsed profile name is empty

gfs2: Fix kernel NULL pointer dereference in gfs2_rgrp_dump

mtd: Fix gluebi NULL pointer dereference caused by ftl

f2fs: explicitly null-terminate the xattr list

drivers/amd/pm: fix a use-after-free in kv_parse_power_table

EDAC/thunderx: Fix possible out-of-bounds string access

netfilter: nf_tables: fix pointer math issue in nft_byteorder_eval()

Out of scope. Android related patch.

uio: Fix use-after-free in uio_open

f2fs: fix to avoid dirent corruption

media: pvrusb2: fix use after free on context disconnection

Out of scope as the patch is for powerpc arch only, x86_64 is not affected

xen-netback: don't produce zero-size SKB frags

bpf: Reject variable offset alu on PTR_TO_FLOW_KEYS

UBSAN: array-index-out-of-bounds in dtSplitRoot

jfs: fix uaf in jfs_evict_inode

Bluetooth: Add more enc key size check

FS:JFS:UBSAN:array-index-out-of-bounds in dbAdjTree

jfs: fix array-index-out-of-bounds in dbAdjTree

IB/ipoib: Fix mcast list locking

i2c: i801: Fix block process call transactions

powerpc/lib: Validate size for vector operations

jfs: fix array-index-out-of-bounds in diNewExt

s390/ptrace: handle setting of fpc register correctly

KVM: s390: fix setting of fpc register

llc: call sock_orphan() at release time

KVM: arm64: vgic-its: Avoid potential UAF in LPI translation

net: prevent mss overflow in skb_segment()

ceph: fix deadlock or deadcode of misusing dget()

powerpc/mm: Fix null-pointer dereference in pgtable_cache_add

SUNRPC: Fix a suspicious RCU usage warning

net/rds: Fix UBSAN: array-index-out-of-bounds in

phy: ti: phy-omap-usb2: Fix NULL pointer dereference for SRP

sched/membarrier: reduce the ability to hammer on

can: j1939: Fix UAF in j1939_sk_match_filter during

can: j1939: Fix UAF in j1939_sk_match_filter during (adaptation)

ext4: avoid online resizing failures due to oversized flex bg

ext4: avoid online resizing failures due to oversized flex bg

binder: signal epoll threads of self-work

net/smc: fix illegal rmb_desc access in SMC-D connection dump

llc: Drop support for ETH_P_TR_802_2.

llc: Drop support for ETH_P_TR_802_2 (adaptation)

llc: make llc_ui_sendmsg() more robust against bonding

tipc: Check the bearer type before calling

blk-mq: fix IO hang from sbitmap wakeup race

netfilter: nft_ct: sanitize layer 3 and 4 protocol number in

ppp_async: limit MRU to 64K

inet: read sk->sk_family once in inet_recv_error()

nilfs2: fix potential bug in end_buffer_async_write

nilfs2: fix hang in nilfs_lookup_dirty_data_buffers()

nilfs2: fix data corruption in dsync block recovery for small

iio: magnetometer: rm3100: add boundary check for the value

ext4: fix double-free of blocks due to wrong extents

mm/writeback: fix possible divide-by-zero in

jfs: fix slab-out-of-bounds Read in dtSearch

drm: Don't unref the same fb many times by mistake due to

wifi: brcmfmac: Fix use-after-free bug in

tomoyo: fix UAF write bug in tomoyo_write_control()

wifi: mac80211: fix potential key use-after-free

Complex adaptation required. Network services prevents update because sleeps in inet_csk_accept() function.

fs,hugetlb: fix NULL pointer dereference in

drm: bridge/panel: Cleanup connector on bridge detach

arp: Prevent overflow in arp_req_get().

afs: Increase buffer size in afs_update_volume_status()

ipv6: sr: fix possible use-after-free and null-ptr-deref

Unable to fix early initialization before enabling SMP d35652a5fc9944784f6f50a5c979518ff8dacf61

Do not support powerpc build with kasan sanitizer 4a7aee96200ad281a5cc4cf5c7a2e2a49d2b97b0

usb: cdns3: fix memory double free when handle zero packet

usb: cdns3: fixed memory use after free at

ARM: ep93xx: Add terminator to gpiod_lookup_table

gtp: fix use-after-free and null-ptr-deref in

dm-crypt: don't modify the data when using authenticated

fs/aio: Restrict kiocb_set_cancel_fn() to I/O submitted via

IB/hfi1: Fix sdma.h tx->num_descs off-by-one error

IB/hfi1: Fix sdma.h tx->num_descs off-by-one error

l2tp: pass correct message length to ip6_append_data

gtp: fix use-after-free and null-ptr-deref in gtp_newlink()

fbdev: savage: Error out if pixclock equals zero

wifi: mac80211: fix race condition on enabling fast-xmit

fbdev: sis: Error out if pixclock equals zero

ext4: avoid allocating blocks from corrupted group in

ext4: avoid allocating blocks from corrupted group in

btrfs: dev-replace: properly validate device names

dmaengine: fsl-qdma: init irq after reg initialization

dmaengine: fsl-qdma: fix SoC may hang on 16 byte unaligned

Bluetooth: Avoid potential use-after-free in hci_error_reset

wifi: nl80211: reject iftype change with mesh ID change

efi/capsule-loader: fix incorrect allocation size

ipv6: fix potential "struct net" leak in inet6_rtm_getaddr()

uio_hv_generic: Fix another memory leak in error handling

IB/hfi1: Fix a memleak in init_credit_return

scsi: target: core: Add TMF to tmr_list handling

net: ip_tunnel: prevent perpetual headroom growth

netlink: Fix kernel-infoleak-after-free in

cachefiles: fix memory leak in cachefiles_add_cache()

md/raid5: fix atomicity violation in raid5_cache_count

mlxsw: spectrum_acl_tcam: Fix stack corruption

net: ip_tunnel: make sure to pull inner header in ip_tunnel_rcv()

bpf: Fix stackmap overflow check on 32-bit arches

bpf: Fix hashtab overflow check on 32-bit arches

netfilter: nf_tables: Fix potential data-race in __nft_expr_type_get()

USB: core: Fix deadlock in usb_deauthorize_interface()

net/ipv6: avoid possible UAF in ip6_route_mpath_notify()

aoe: fix the potential use-after-free problem in aoecmd_cfg_pkts

af_unix: Do not use atomic ops for unix_sk(sk)->inflight.

af_unix: Fix garbage collector racing against connect()

netfilter: nf_tables: release batch on table validation from abort path

Bluetooth: rfcomm: Fix null-ptr-deref in rfcomm_check_security

Bluetooth: rfcomm: Fix null-ptr-deref in rfcomm_check_security

cifs: fix underflow in parse_server_interfaces()

media: xc4000: Fix atomicity violation in

ACPI: processor_idle: Fix memory leak in

The patch fixes kernel building process.

octeontx2: CVE patch is outside the scope.

Bluetooth: Fix TOCTOU in HCI debugfs implementation

netfilter: nf_tables: disallow timeout for anonymous sets

mptcp: add sk_stop_timer_sync helper

tcp: properly terminate timers for kernel sockets

[PATCH] ALSA: sh: Don't build Dreamcast AICA sound driver

[PATCH] io_uring/af_unix: disable sending io_uring over sockets

[PATCH] io_uring/unix: drop usage of io_uring socket

[PATCH] io_uring/unix: drop usage of io_uring socket

[PATCH] io_uring: drop any code related to SCM_RIGHTS

[PATCH] io_uring: drop any code related to SCM_RIGHTS

[PATCH] wifi: ath10k: fix NULL pointer dereference in ath10k_wmi_tlv_op_pull_mgmt_tx_compl_ev()

[PATCH 1/1] wifi: b43: Stop/wake correct queue in DMA Tx path when QoS is disabled

[PATCH 1/1] drm/tegra: dsi: Add missing check for of_find_device_by_node

[PATCH 1/1] sysv: don't call sb_bread() with pointers_lock held

[PATCH 1/1] tty: n_gsm: require CAP_NET_ADMIN to attach N_GSM0710 ldisc

[PATCH 1/1] ubi: Check for too small LEB size in VTBL code

[PATCH] netfilter: nf_tables: disallow anonymous set with timeout

[PATCH] sr9800: Add check for usbnet_get_endpoints

stddef: Introduce DECLARE_FLEX_ARRAY() helper

RDMA/mlx5: Fix fortify source warning while accessing Eth segment

firmware: arm_scmi: Harden accesses to the reset domains

tty: n_gsm: fix possible out-of-bounds in gsm0_receive()

nilfs2: We cannot patch functions that sleep in kthread().

net: fix __dst_negative_advice() race

kdb: Fix buffer overflow during tab-complete

erofs: fix pcluster use-after-free on UP platforms

smb: client: fix potential OOBs in smb2_parse_contexts()

smb: client: fix use-after-free bug in cifs_debug_data_proc_show()

Live-patching will introduce network performance degradation in the best case scenario, or even some more serious issues. N/A or Low cvss3 score from NVD or vendors.

gfs2: Fix slab-use-after-free in gfs2_qd_dealloc

scsi: qla2xxx: Fix double free of fcport

ALSA: hda: intel-sdw-acpi: harden detection of controller

sh: push-switch: Reorder cleanup operations to avoid use-after-free bug

ipv6: prevent NULL dereference in ip6_output()

Bluetooth: Fix atomicity violation in {min, max}_key_size_set

i40e: Refactoring VF MAC filters counting to make more reliable

i40e: Fix MAC address setting for a VF via Host/VM

i40e: Do not allow untrusted VF to remove administratively set MAC

mmc: davinci: Don't strip remove function when driver is builtin

netns: Make get_net_ns() handle zero refcount net

net: sched: sch_multiq: fix possible OOB write in

greybus: Fix use-after-free bug in gb_interface_release due

jfs: xattr: fix buffer overflow for invalid xattr

ata: libata-core: Fix double free on error

net/dpaa2: Avoid explicit cpumask var allocation on stack

net/iucv: Avoid explicit cpumask var allocation on stack

nilfs2: fix inode number range checks

nilfs2: add missing check for inode numbers on directory

net: dsa: mv88e6xxx: Correct check for empty list

bonding: Fix out-of-bounds read in

locks: fix KASAN: use-after-free in trace_event_raw_event_filelock_lock

filelock: fix potential use-after-free in posix_lock_inode

net: lantiq_etop: add blank line after declaration

net: ethernet: lantiq_etop: fix double free in detach

tcp_metrics: validate source addr length

tcp_metrics: validate source addr length kpatch

iio: chemical: bme680: Fix overflows in compensate()

drm/panel: ilitek-ili9881c: Fix warning with GPIO controllers

ASoC: fsl-asoc-card: set priv->pdev before using it

pinctrl: fix deadlock in create_pinctrl() when handling

gpio: davinci: Validate the obtained number of IRQs

x86: stop playing stack games in profile_pc()

ALSA: emux: improve patch ioctl data validation

drm/nouveau: fix null pointer dereference in

Revert "mm/writeback: fix possible divide-by-zero in

UBSAN warning fix, release kernels aren't affected.

ima: Fix use-after-free on a dentry's dname.name

scsi: ufs: core: Improve SCSI abort handling

scsi: pm80xx: Fix TMF task completion race condition

scsi: pm8001: Fix use-after-free for aborted TMF sas_task

drm/amdgpu: Using uninitialized value *size when calling amdgpu_vce_cs_reloc

scsi: f2fs: check validation of fault attrs in f2fs_build_fault_attr()

mISDN: Fix memory leak in dsp_pipeline_build()

watchdog: cpu5wdt.c: Fix use-after-free bug caused by cpu5wdt_trigger

mm: swap: fix race between free_swap_and_cache() and swapoff()

netem: fix return value if duplicate enqueue fails

netfilter: nft_set_rbtree: .deactivate fails if element has expired

netfilter: nf_tables: use timestamp to check for set element timeout

netfilter: nf_tables: use timestamp to check for set element timeout kpatch

media: venus: fix use after free in vdec_close

bna: adjust 'name' buf size of bna_tcb and bna_ccb structures

jfs: Fix array-index-out-of-bounds in diFree

ipv6: prevent UAF in ip6_send_skb()

atm: idt77252: prevent use after free in dequeue_rx()

Architecture is not supported

scsi: aacraid: Fix double-free on probe failure

VMCI: Fix use-after-free when removing resource in vmci_resource_remove()

parport: Standardize use of printmode

dev/parport: fix the array out-of-bounds risk

cpufreq: brcmstb-avs-cpufreq: ISO C90 forbids mixed declarations

netfilter: nft_limit: reject configurations that cause integer overflow

ip6_tunnel: make sure to pull inner header in __ip6_tnl_rcv()

filelock: Remove locks reliably when fcntl/close race is detected

media: pci: cx23885: check cx23885_vdev_init() return

wifi: iwlwifi: mvm: Fix a memory corruption issue

Kernel versions older than 5.4.0-200.220 not affected

misc: eeprom: at24: fix regulator underflow

misc: eeprom: at24: register nvmem only after eeprom is ready

eeprom: at24: fix memory corruption race condition

media: i2c: et8ek8: Don't strip remove function when driver is builtin

ax25: Fix reference count leak issues of ax25_dev

wifi: iwlwifi: mvm: check n_ssids before accessing the ssids

ocfs2: add bounds checking to ocfs2_check_dir_entry()

jfs: don’t walk off the end of ealist

filelock: Fix fcntl/close race recovery compat path

drm/amdgpu: Fix signedness bug in sdma_v4_0_process_trap_irq()

Bluetooth: hci_core: cancel all works upon hci_unregister_dev()

drm/vmwgfx: Fix shader stage validation

hfsplus: fix uninit-value in copy_name

tap: add missing verification for short frame

tun: add missing verification for short frame

gtp: pull network headers in gtp_dev_xmit()

drm/amdgpu: fix mc_data out-of-bounds read warning

drm/amdgpu: fix ucode out-of-bounds read warning

of/irq: Prevent device address out-of-bounds read in interrupt map walk

HID: cougar: fix slab-out-of-bounds Read in cougar_report_fixup

exec: Fix ToCToU between perm check and set-uid/gid usage

net: sched: fix possible refcount leak in tc_chain_tmplt_add()

net/sched: flower: Fix chain template offload

net/sched: flower: Fix chain template offload

Squashfs: sanity check symbolic link size

hwmon: (w83627ehf) Fix underflows seen when writing limit attributes

hwmon: (nct6775-core) Fix underflows seen when writing limit attributes

hwmon: (lm95234) Fix underflows seen when writing limit attributes

hwmon: (adc128d818) Fix underflows seen when writing limit attributes

ASoC: dapm: Fix UAF for snd_soc_pcm_runtime object

sch/netem: fix use after free in netem_dequeue

drm/amd/display: Check gpio_id before used as array index

Architecture um is not supported

ila: call nf_unregister_net_hooks() sooner

bpf: Fix DEVMAP_HASH overflow check on 32-bit arches

tipc: Return non-zero value from tipc_udp_addr2str() on error

mISDN: Fix a use after free in hfcmulti_tx()

net/iucv: fix use after free in iucv_sock_close()

drm/amdkfd: don't allow mapping the MMIO HDP page with large pages

wifi: mac80211: Avoid address calculations via out of bounds array indexing

nvme: avoid double free special payload

smack: tcp: ipv4, fix incorrect labeling

CVE patch is for powerpc arch only

netfilter: nf_tables: prefer nft_chain_validate

KVM: x86/mmu: make apf token non-zero to fix bug

net: bridge: xmit: make sure we have at least eth header len bytes

f2fs: fix to do sanity check on F2FS_INLINE_DATA flag in inode during GC

drm/amdgpu: Fix out-of-bounds read of df_v1_7_channel_number

fou: remove warn in gue_gro_receive on unsupported protocol

RDMA/rxe: Return CQE error if invalid lkey was supplied

i40e: Fix NULL pointer dereference in i40e_dbg_dump_desc

CDC-NCM: avoid overflow in sanity checking

erofs: fix lz4 inplace decompression

s390 architecture is not supported

ARM: 9359/1: flush: check if the folio is reserved for no-mapping addresses

Affects only __init function for a built-in component, so patching will have no effect

Out of scope: s390 is not supported

KVM: arm64: vgic-v2: Check for non-NULL vCPU in vgic_v2_parse_attr()

bpf, skmsg: Fix NULL pointer dereference in sk_psock_skb_ingress_enqueue

drm/panfrost: Fix the error path in panfrost_mmu_map_fault_addr()

bpf: Take return from set_memory_ro() into account with bpf_prog_lock_ro()

ext4: no need to continue when the number of entries is 1

net/sched: stop qdisc_tree_reduce_backlog on TC_H_ROOT

vsock/virtio: Initialization of the dangling pointer occurring in vsk->trans

Bluetooth: SCO: Fix not validating setsockopt user input

Bluetooth: RFCOMM: Fix not validating setsockopt user input

Bluetooth: L2CAP: Fix not validating setsockopt user input

Bluetooth: hci_sock: Fix not validating setsockopt user input

Not patching the function that can remain on the stack for a while (i.e. if the socket is not non-blocking AND no signal is delivered)

scsi: lpfc: Move NPIV's transport unregistration to after resource clean up

drm/panel: fix a possible null pointer dereference

eth: sungem: remove .ndo_poll_controller to avoid deadlocks

Patches a network driver available only for Motorola ColdFire and Freescale i.MX platforms that are not among the platforms our clients are using

memcg: protect concurrent access to mem_cgroup_idr

drm/vmwgfx: Fix possible null pointer derefence with invalid contexts

The patched function (asix_check_host_enable) does not exist for Ubuntu Focal's kernel (only for HWE)

xprtrdma: Fix cwnd update ordering

hv_sock: Initializing vsk->trans to NULL to prevent a dangling pointer

netfilter: ipset: add missing range check in bitmap_ip_uadt

io_uring: remove extra check in __io_commit_cqring

io_uring: dont kill fasync under completion_lock

io_uring: ensure IOPOLL locks around deferred work

Out of scope, i.MX SoC is not supported

net: sched: fix ordering of qlen adjustment

firmware_loader: Block path traversal

ext4: fix double brelse() the buffer of the extents path

ext4: aovid use-after-free in ext4_ext_insert_extent()

drm/amd/display: Fix index out of bounds in degamma hardware format translation

fbdev: pxafb: Fix possible use after free in pxafb_task()

ocfs2: cancel dqi_sync_work before freeing oinfo

aoe: fix the potential use-after-free problem in more places

tipc: guard against string buffer overrun

ALSA: asihpi: Fix potential OOB array access

parport: Proper fix for array out-of-bounds access

rcu: Upgrade rcu_swap_protected() to rcu_replace_pointer()

net: sched: fix use-after-free in taprio_change()

tracing: Consider the NULL character when validating the event length

udf: fix uninit-value use in udf_get_fileshortad

smb: client: fix OOBs when building SMB2_IOCTL request

fbdev: sisfb: Fix strbuf array overflow

nilfs2: fix kernel bug due to missing clearing of checked flag

bpf: Fix out-of-bounds write in trie_get_next_key()

USB: serial: io_edgeport: fix use after free in debug printk

usb: musb: sunxi: Fix accessing an released usb phy

netfilter: nf_reject_ipv6: fix nf_reject_ip6_tcphdr_put()

ASoC: meson: axg-card: fix 'use-after-free'

spi: nxp-fspi: fix the KASAN report out-of-bounds bug

ocfs2: add bounds checking to ocfs2_xattr_find_entry()

drivers: media: dvb-frontends/rtl2830: fix an out-of-bounds write error

drivers: media: dvb-frontends/rtl2832: fix an out-of-bounds write error

ext4: return error on ext4_find_inline_entry

ext4: avoid OOB when system.data xattr changes underneath the filesystem

Postponed: complex analysis and adaptation required

wifi: iwlwifi: mvm: Fix response handling in iwl_mvm_send_recovery_cmd()

Kernel is not affected

drm/amd/pm: fix the Out-of-bounds read warning

net: dpaa: Pad packets to ETH_ZLEN

netfilter: complete validation of user input for expected length

media: s5p-jpeg: prevent buffer overflows

nilfs2: fix potential oob read in nilfs_btree_check_delete()

net: ethernet: lantiq_etop: fix memory disclosure

jfs: fix array-index-out-of-bounds in diAlloc

jfs: fix divide error in dbNextAG

jfs: fix out-of-bounds in dbNextAG() and diAlloc()

security/keys: fix slab-out-of-bounds in key_task_permission

net: seeq: Fix use after free vulnerability in ether3 Driver Due to Race Condition

jfs: Fix uaf in dbFreeBits

jfs: Fix uninit-value access of new_ea in ea_buffer

media: venus: fix use after free bug in venus_remove due to race condition

ntb: ntb_hw_switchtec: Fix use after free vulnerability in switchtec_ntb_remove due to race condition

ppp: fix ppp_async_encode() illegal access

slip: make slhc_remember() more robust against malicious packets

wifi: iwlegacy: Clear stale interrupts before resuming device

dm cache: fix out-of-bounds access to the dirty bitset when resizing

dm cache: optimize dirty bit checking with find_next_bit when resizing

dm cache: fix potential out-of-bounds access on the first resume

RDMA/iwcm: Fix WARNING:at_kernel/workqueue.c:#check_flush_dependency

RDMA/iwcm: Fix WARNING:at_kernel/workqueue.c:#check_flush_dependency

ax25: fix use-after-free bugs caused by ax25_ds_del_timer

ocfs2: fix uninitialized value in ocfs2_file_read_iter()

netfilter: x_tables: fix LED ID check in led_tg_check()

iio: pressure: zpa2326: fix information leak in triggered buffer

iio: dummy: iio_simply_dummy_buffer: fix information leak in triggered buffer

iio: light: vcnl4035: fix information leak in triggered buffer

iio: imu: kmx61: fix information leak in triggered buffer

iio: adc: ti-ads8688: fix information leak in triggered buffer

ALSA: 6fire: Release resources at card release

ALSA: 6fire: Release resources at card release

media: xc2028: avoid use-after-free in load_firmware_cb()

net/xen-netback: prevent UAF in xenvif_flush_hash()

cifs: Fix buffer overflow when parsing NFS reparse points

spi: mpc52xx: Add cancel_work_sync before module remove

Patch affects initramfs

wifi: ath9k: add range check for conn_rsp_epid in htc_connect_service()

Out of scope: SuperH architecture isn't supported for current kernel

ubifs: authentication: Fix use-after-free in ubifs_tnc_end_commit

af_packet: avoid erroring out after sock_init_data() in packet_create()

Bluetooth: L2CAP: do not leave dangling sk pointer on error in l2cap_sock_create()

Bluetooth: L2CAP: handle NULL sock pointer in l2cap_sock_alloc

net: af_can: do not leave a dangling sk pointer in can_create()

net: ieee802154: do not leave a dangling sk pointer in ieee802154_create()

net: inet: do not leave a dangling sk pointer in inet_create()

net: inet6: do not leave a dangling sk pointer in inet6_create()

jfs: array-index-out-of-bounds fix in dtReadFirst

bpf: fix OOB devmap writes when deleting elements

xsk: fix OOB map writes when deleting elements

nilfs2: fix potential out-of-bounds memory access in nilfs_find_entry()

EDAC/bluefield: Fix potential integer overflow

firmware: arm_scpi: Check the DVFS OPP count returned by the firmware

vfio/pci: Properly hide first-in-list PCIe extended capability

ALSA: usb-audio: Fix potential out-of-bound accesses for Extigy and Mbox devices

ALSA: usb-audio: Fix a DMA to stack memory bug

comedi: Flush partial mappings in error case

Out of scope: User-mode Linux isn't supported

Out of scope: User-mode Linux isn't supported for current kernel

Out of scope: User-mode Linux isn't supported for current kernel

ubi: fastmap: Fix duplicate slab cache names while attaching

xen: Fix the issue of resource not being properly released in xenbus_dev_probe()

ocfs2: uncache inode which has failed entering the group

KVM: VMX: Bury Intel PT virtualization (guest/host mode) behind CONFIG_BROKEN

KVM: VMX: Bury Intel PT virtualization (guest/host mode) behind CONFIG_BROKEN

Out of scope: SuperH arch not supported.

i3c: Use i3cdev->desc->info instead of calling i3c_device_get_info() to avoid deadlock

ipv6: avoid possible NULL deref in rt6_uncached_list_flush_dev()

[PATCH] jfs: Fix shift-out-of-bounds in dbDiscardAG

ext4: fix slab-use-after-free in ext4_split_extent_at()

[PATCH] igb: Fix potential invalid memory access in igb_init_module()

Out of scope: not affected

net/mlx5: fs, lock FTE when checking if active

nilfs2: fix null-ptr-deref in block_dirty_buffer tracepoint

NFSD: Prevent a potential integer overflow

um: Fix potential integer overflow during physmem setup

net: fix data-races around sk->sk_forward_alloc

nilfs2: fix null-ptr-deref in block_touch_buffer tracepoint

hfsplus: don't query the device logical block size multiple times

hfsplus: don't query the device logical block size multiple times

[PATCH] netlink: terminate outstanding dump on socket close

[PATCH] netlink: terminate outstanding dump on socket close

9p/xen: fix release of IRQ

9p/xen: fix release of IRQ

jffs2: Prevent rtime decompress memory corruption

ALSA: usb-audio: Fix out of bounds reads when finding clock sources

ila: serialize calls to nf_register_net_hooks()

scsi: scsi_debug: Fix out-of-bound read in resp_report_tgtpgs()

ocfs2: fix slab-use-after-free due to dangling pointer dqi_priv

scsi: sg: Fix slab-use-after-free read in sg_release()

vfio/platform: check the bounds of read/write syscalls

tipc: Fix use-after-free of kernel socket in cleanup_bearer().

net/ipv6: release expired exception dst cached in socket

smb: client: fix potential UAF in cifs_debug_files_proc_show()

smb: client: fix potential UAF in smb2_is_valid_lease_break()

net: defer final 'struct net' free in netns dismantle

net: defer final 'struct net' free in netns dismantle

net: sched: Disallow replacing of child qdisc from one parent to another

ext4: fix memory leak in ext4_fill_super

drm/amdgpu: Reset IH OVERFLOW_CLEAR bit

net: ena: Fix incorrect descriptor free behavior

ELF: fix kernel.randomize_va_space double read

netfilter: nf_reject_ipv6: fix potential crash in nf_send_reset6()

pfifo_tail_enqueue: Drop new packet when sch->limit == 0

NFSD: Force all NFSv4.2 COPY requests to be synchronous

netfilter: allow exp not to be removed in nf_ct_find_expectation

ceph: prevent use-after-free in encode_cap_msg()

net: atlantic: eliminate double free in error handling logic

usb: gadget: f_ncm: Fix UAF ncm object at re-bind after usb ep transport error

rtc: pcf85063: fix potential OOB write in PCF85063 NVMEM read

The DM9000 chip is available on ARM32 and MIPS architectures, which KernelCare does not support.

media: uvcvideo: Fix double free in error path

usb: gadget: f_tcm: Don't free command immediately

media: uvcvideo: Remove dangling pointers

media: uvcvideo: Remove dangling pointers

Complex adaptation required

PPS for embedded GPS devices. Irrelevant for servers.

driver core: bus: Fix double free in driver API bus_register()