[kernel] audit: fix a double fetch in audit_log_single_execve_arg()

[net] sctp: validate chunk len before actually using it

x86/mm: Add barriers and document switch_mm()-vs-flush synchronization

ALSA: usb-audio: avoid freeing umidi object twice

aacraid: Check size values after double-fetch from user

posix_acl: Clear SGID bit when setting file permissions

net: ping: check minimum size on ICMP header length

sg_write()/bsg_write() is not fit to be called under KERNEL_DS

ipv6: stop sending PTB packets for MTU < 1280

KEYS: Fix short sprintf buffer in /proc/keys show function

tty: n_hdlc: get rid of racy n_hdlc.tbuf

udp: properly support MSG_PEEK with truncated buffers

block: fix use-after-free in seq file

tcp: avoid infinite loop in tcp_splice_read()

mm: enlarge stack guard gap

nfsd: stricter decoding of write-like NFSv2/v3 ops

Bluetooth: Properly check L2CAP config option output buffer length

fs/binfmt_elf.c: fix bug in loading of PIE binaries

netdv: brcmfmac: fix possible buffer overflow in brcmf_cfg80211_mgmt_tx()

net/packet: fix overflow in check for tp_reserve

net-packet: fix race in packet_set_ring on PACKET_RESERVE

udp: consistently apply ufo or fragmentation

tcp: initialize rcv_mss to TCP_MIN_MSS instead of 0

firewire: net: guard against rx buffer overflows

add kernel page table isolation feature(aka KAISER)

kcpti: check present flag when removing global pte flag

kcpti: ignore AMD processors

kcpti: apply patch to Xen PV domains

ipsec: Fix aborted xfrm policy dump crash (kpatch adaptation)

spectre: prevent speculative execution

N/A

N/A

ipv6: Prevent overrun when parsing v6 header options

ipv6: Check ip6_find_1stfragopt() return value properly.

ipv6: xfrm: Handle errors reported by xfrm6_find_1stfragopt()

gre: fix a possible skb leak

ipv6: Fix leak in ipv6_gso_segment().

ipv6: avoid overflow of offset in ip6_find_1stfragopt

ipv6: accept 64k - 1 packet length in ip6_find_1stfragopt()

mqueue: fix a use-after-free in sys_mq_notify()

N/A

[x86] microcode: Share native MSR accessing variants

[x86] cpuid: Cleanup cpuid_regs definitions

[x86] cpuid: Provide get_scattered_cpuid_leaf()

[x86] feature: Enable the x86 feature to control Speculation

[x86] feature: Report presence of IBPB and IBRS control

[x86] cpu/AMD: Control indirect branch predictor when SPEC_CTRL not available

[x86] [kvm] Pad RSB on VM transition

[kvm] x86: clear registers on VM exit

[kvm] vmx: Set IBPB when running a different VCPU

[kvm] vmx: add MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD

[kvm] vmx: add MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD

[kvm] svm: add MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD

[kvm] x86: add SPEC_CTRL to MSR and CPUID lists

[x86] enter: MACROS to set/clear IBRS and set IBPB

[x86] spec_ctrl: use per-cpu knob instead of ALTERNATIVES for ibpb and ibrs

[x86] spec_ctrl: swap rdx with rsi for nmi nesting detection

[x86] enter: Use IBRS on syscall and interrupts

[x86] spec_ctrl: save IBRS MSR value in save_paranoid for NMI

[x86] spec_ctrl: implement spec ctrl C methods

[x86] idle: Disable IBRS entering idle and enable it on wakeup

[x86] idle: Disable IBRS when offlining cpu and re-enable

[x86] mm: Set IBPB upon context switch

[x86] mm: Only set IBPB when the new thread cannot ptrace

[x86] entry: Stuff RSB for entry to kernel for non-SMEP platform

[x86] entry: Remove STUFF_RSB in error and interrupt code

[x86] spec_ctrl: move stuff_RSB in spec_ctrl.h

[x86] KVM/spec_ctrl: allow IBRS to stay enabled in host userland

[x86] Remove __cpuinitdata from some data & function

[x86] spec_ctrl: consolidate the spec control boot detection

[x86] spec_ctrl: add debugfs ibrs_enabled ibpb_enabled

[x86] spec_ctrl: rescan cpuid after a late microcode update

[x86] syscall: Clear unused extra registers on 32-bit compatible syscall entrance

[x86] spec_ctrl: add noibrs noibpb boot options

[x86] spec_ctrl: Prevent unwanted speculation without IBRS

[x86] spec_ctrl: reload spec_ctrl cpuid in all microcode load paths

[x86] entry: Fix 32-bit program crash with 64-bit kernel on AMD boxes

[x86] entry: Add back STUFF_RSB to interrupt and error paths

[x86] spec_ctrl: ibrs_enabled() is expected to return > 1

[x86] spec_ctrl: always initialize save_reg in ENABLE_IBRS_SAVE_AND_CLOBBER

[x86] spec_ctrl: allow the IBP disable feature to be toggled at runtime

[x86] spec_ctrl: use IBRS_ENABLED instead of 1

[x86] spec_ctrl: set IBRS during CPU init if in ibrs_enabled == 2

[x86] spec_ctrl: cleanup s/flush/sync/ naming when sending IPIs

[x86] spec_ctrl: introduce SPEC_CTRL_PCP_ONLY_IBPB

[x86] spec_ctrl: introduce ibpb_enabled = 2 for IBPB instead of IBRS

[x86] spec_ctrl: undo speculation barrier for ibrs_enabled and noibrs_cmdline

[x86] spec_ctrl: use enum when setting ibrs/ibpb_enabled

[x86] spec_ctrl: remove irqs_disabled() check from intel_idle()

[x86] spec_ctrl: allow use_ibp_disable only if both SPEC_CTRL and IBPB_SUPPORT are missing

[x86] spec_ctrl: set IBRS during resume from RAM if ibrs_enabled is 2

[x86] spec_ctrl: skip IBRS/CR3 restore when paranoid exception returns to userland

[x86] spec_ctrl: disable ibrs while in intel_idle()

[x86] spec_ctrl: skip CAP_SYS_PTRACE check to skip audit

[x86] spec_ctrl: enable IBRS and stuff_RSB before calling NMI C code

[x86] spec_ctrl: Eliminate redundnat FEATURE Not Present messages

[x86] spec_ctrl: svm: spec_ctrl at vmexit needs per-cpu areas functional

[x86] spec_ctrl: show added cpuid flags in /proc/cpuinfo after late microcode update

N/A

N/A

nfsd: check for oversized NFSv2/v3 arguments

netfilter: xt_TCPMSS: add more sanity tests on tcph->doff

bluetooth: Prevent stack info leak from the EFS element.

media: v4l2-compat-ioctl32.c: refactor compat ioctl32 logic

media: v4l2-compat-ioctl32.c: refactor compat ioctl32 logic fixup

Spectre v4 (store by-passing) mitigation.

make AIO use the proper rw_verify_area() area helpers

mpi - Fix NULL ptr dereference in mpi_powm()

ping - implement proper locking

mm - tighten x86 /dev/mem with zeroing reads

dccp/tcp - do not inherit mc_list from parent

sctp - do not inherit ipv6_{mc|ac|fl}_list from parent

ipv6/dccp - do not inherit ipv6_mc_list from parent

fix unbalanced page refcounting in bio_map_user_iov

more bio_map_user_iov() leak fixes

mm - teach truncate_inode_pages_range() to handle non page aligned ranges

dm: fix race between dm_get_from_kobject() and __dm_destroy()

dccp - check sk for closed state in dccp_sendmsg()

sctp - verify size of a new chunk in _sctp_make_chunk()

ALSA: seq: Fix racy pool initializations

fix for use-after-free bug via crafted system calls in mm/mempolicy.c:do_get_mempolicy()

x86/entry/64: Don't use IST entry for #BP stack

x86/entry/64: Don't use IST entry for #BP stack (kpatch adaptation)

prevents spectre v1 by sanitizing pointers from user-space and syscall numbers, \

addresses CVE-2018-3693 for 32bit processes.

Add disable SMT knob

Setup L1TF bug bit

Add ability to flush l1d cache on vmexit

[sound] alsa: seq: Fix use-after-free at creating a port

[sound] alsa: pcm: prevent UAF in snd_pcm_info (CVE-2017-0861)

[kvm] VMX: Fix host GDT.LIMIT corruption (CVE-2018-10301)

[kvm] VMX: Fix host GDT.LIMIT corruption (CVE-2018-10301) (kpatch adaptation)

[net] tcp: avoid collapses in tcp_prune_queue() if possible

[net] tcp: detect malicious patterns in tcp_collapse_ofo_queue()

Limit arg stack to at most 75% of _STK_LIM

Revert "net: increase fragment memory usage limits"

Revert "net: increase fragment memory usage limits"

RDS: verify the underlying transport exists before creating a connection

Complete earlier incomplete fix to CVE-2015-6937

KEYS: Fix handling of stored error in a negatively instantiated user key

keyctl_set_reqkey_keyring() leaks thread keyrings

KEYS: fix dereferencing NULL payload with nonzero length

dccp: fix use-after-free (CVE-2017-8824)

ALSA: rawmidi: Change resized buffers atomically

ALSA: rawmidi: Change resized buffers atomically

binfmt_elf: switch to new creds when switching to new mm

zombieload mitigation

tcp: limit payload size of sacked skbs

tcp: tcp_fragment() should apply sane memory limits

tcp: enforce tcp_min_snd_mss in tcp_mtu_probing()

kpatch adaptation - sysctl handle for minimal MSS

tcp: limit payload size of sacked skbs

idr: fix backtrack logic in idr_remove_all

idr: fix top layer handling

[net] tcp: pass previous skb to tcp_shifted_skb()

[crypto] salsa20 - fix blkcipher_walk API usage

[mm] mincore.c: make mincore() more conservative

[fs] proc: restrict kernel stack dumps to root

[x86] x86/speculation: Prepare entry code for Spectre v1 swapgs mitigations

map kpatch code that patch .entry.text section code

net: Set sk_prot_creator when cloning sockets to the right proto

scsi: megaraid_sas: return error when create DMA pool failed

host: make sure log_num < in_num

kvm: mmu: ITLB_MULTIHIT mitigation (adaptation)

fixed possible memory corruption or privilege escalation for i915 gpu [1/13]

fixed possible memory corruption or privilege escalation for i915 gpu [2/13] (kcare adaptation)

fixed possible memory corruption or privilege escalation for i915 gpu [3/13]

fixed possible memory corruption or privilege escalation for i915 gpu [4/13]

fixed possible memory corruption or privilege escalation for i915 gpu [5/13]

fixed possible memory corruption or privilege escalation for i915 gpu [6/13] (kcare adaptation)

N/A

fixed possible memory corruption or privilege escalation for i915 gpu [7/13] (kcare adaptation)

fixed possible memory corruption or privilege escalation for i915 gpu [8/13]

fixed possible memory corruption or privilege escalation for i915 gpu [9/13]

fixed possible memory corruption or privilege escalation for i915 gpu [10/13] (kcare adaptation)

fixed possible memory corruption or privilege escalation for i915 gpu [11/13] (kcare adaptation)

fixed possible memory corruption or privilege escalation for i915 gpu [12/13] (kcare adaptation)

fixed possible hw level crash if MMIO registers were read while the i915 GPU was in a low-power state [1/2] (kcare adaptation)

fixed possible hw level crash if MMIO registers were read while the i915 GPU was in a low-power state [2/2]

introduce vhost_exceeds_weight() (adaptation for CVE-2019-3900 dependency)

fix possible infinite loop in drivers/vhost/net.c (adaptation)

fixed possible memory corruption or privilege escalation for i915 gpu [13/13]

KVM: MMIO: Lock coalesced device when checking for available entry

KVM: coalesced_mmio: add bounds checking

mISDN: enforce CAP_NET_RAW for raw sockets

cfg80211: wext: avoid copying malformed SSIDs

netlabel: cope with NULL catmap

keys: prevent KEYCTL_READ on negative key

x86/speculation: Add Special Register Buffer Data Sampling (SRBDS) mitigation

mm: mempolicy: require at least one nodeid for MPOL_PREFERRED

vhost: Check docket sk_family instead of call getname

more overflows in marvell wifi driver

kernel: Null pointer dereference in search_keyring

prevent page refcount overflow

Out of scope as the patch is for x86_32 arch only, x86_64 is not affected

sysfs: Add sysfs_emit and sysfs_emit_at to format sysfs output

scsi: iscsi: Restrict sessions and handles to admin capabilities

scsi: iscsi: Verify lengths on passthrough PDU

scsi: iscsi: Ensure sysfs attributes are limited to PAGE_SIZE

tty: Fix ->pgrp locking in tiocspgrp()

af_unix: fix struct pid memory leak

netfilter: x_tables: fix compat match/target pad out-of-bound write

Mitigation is made with intel firmware update, el8 kernels also need 'i915.enable_guc' specified in cmdline to be affected

futex: Handle faults correctly for PI futexes

futex: Provide and use pi_state_update_owner()

Input: joydev - use memdup_user() to duplicate memory from user-space

Input: joydev - fix possible ERR_PTR() dereferencing

Input: joydev - prevent potential read overflow in ioctl

Input: joydev - prevent use of not validated data in JSIOCSBTNMAP ioctl

PCI: rpadlpar: Fix potential drc_name corruption in store functions

nfsd: make local functions static

nfsd: make local functions static

nfsd: fix compose_entry_fh() failure exits

nfsd4: readdirplus shouldn't return parent of export

net: xilinx_emaclite: Do not print real IOMEM pointer

hso: fix a use after free condition

bluetooth: eliminate the potential race condition

Bluetooth: use correct lock to prevent UAF of hdev object

virtio_console: Assure used length from device is limited

can: bcm: fix infoleak in struct bcm_msg_head

RDMA/ucma: Put a lock around every call to the rdma_cm layer

RDMA/ucma: Put a lock around every call to the rdma_cm layer (adaptation)

RDMA/cma: Add missing locking to rdma_accept()

RDMA/ucma: Fix the locking of ctx->file

RDMA/ucma: Rework ucma_migrate_id() to avoid races with destroy

epoll: Keep a reference on files added to the check list

af_unix: fix garbage collect vs MSG_PEEK

af_unix: fix garbage collect vs MSG_PEEK (adaptation)

xfs: map unwritten blocks in XFS_IOC_{ALLOC,FREE}SP just like

cgroup-v1: Require capabilities to set release_agent

cgroup-v1: Require capabilities to set release_agent (adaptation)

KVM: do not allow mapping valid but non-reference-counted pages

An introduction of required changes through KernelCare could cause unavoidable problems to applications which use unprivileged eBPF.

proc: avoid integer type confusion in get_proc_long

proc: proc_skip_spaces() shouldn't think it is working on C strings

net/sched: sch_qfq: account for stab overhead in qfq_enqueue

net/sched: cls_fw: Fix improper refcount update leads to use-after-free

net: sched: sch_qfq: Fix UAF in qfq_dequeue()

net: sched: sch_qfq: prevent slab-out-of-bounds in

media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format

Restrict access to pagemap/kpageflags/kpagecount

N/A

vmx_vcpu_run wrapper

N/A