RDMA/hns: Fix NULL pointer derefernce in hns_roce_map_mr_sg()

usb: dwc3: fix fault at system suspend if device was already runtime suspended

mm: krealloc: Fix MTE false alarm in __do_krealloc

tcp: Fix use-after-free of nreq in reqsk_timer_handler().

drm/amdgpu: prevent NULL pointer dereference if ATIF is not supported

The patch doesn't fix the vunlnerability

macsec: Fix use-after-free while sending the offloading packet

security/keys: fix slab-out-of-bounds in key_task_permission

NFSD: Async COPY result needs to return a write verifier

NFSD: Async COPY result needs to return a write verifier

NFSD: Limit the number of concurrent async COPY operations

NFSD: Limit the number of concurrent async COPY operations

NFSD: Initialize struct nfsd4_copy earlier

NFSD: Never decrement pending_async_copies on error

Patch affects __init

Complex adaptation required. Low impact CVE.

media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format

Patch affects initramfs

Out of scope: SuperH architecture isn't supported for current kernel

btrfs: ref-verify: fix use-after-free after invalid ref action

af_packet: avoid erroring out after sock_init_data() in packet_create()

xsk: fix OOB map writes when deleting elements

bpf: fix OOB devmap writes when deleting elements

mlxsw: core_linecards: Fix double memory deallocation in case of invalid INI file

vsock/virtio: Initialization of the dangling pointer occurring in vsk->trans

wifi: ath9k: add range check for conn_rsp_epid in htc_connect_service()

Architecture PARISC is not supported

tipc: Fix use-after-free of kernel socket in cleanup_bearer().

tipc: fix NULL deref in cleanup_bearer()

media: s5p-jpeg: prevent buffer overflows

nfsd: cancel nfsd_shrinker_work using sync mode in nfs4_state_shutdown_net

USB: serial: io_edgeport: fix use after free in debug printk

ALSA: usb-audio: Fix out of bounds reads when finding clock sources

Irrelevant for x64 kernels

net: do not delay dst_entries_add() in dst_release()

ALSA: 6fire: Release resources at card release

ALSA: 6fire: Release resources at card release

netfilter: x_tables: fix LED ID check in led_tg_check()

ksmbd: fix Out-of-Bounds Read in ksmbd_vfs_stream_read

acpi: nfit: vmalloc-out-of-bounds Read in acpi_nfit_ctl

ocfs2: fix uninitialized value in ocfs2_file_read_iter()

bpf: Check validity of link->type in bpf_link_show_fdinfo()

usb: typec: fix potential out of bounds in ucsi_ccg_update_set_new_cam_cmd()

dm cache: fix out-of-bounds access to the dirty bitset when resizing

dm cache: optimize dirty bit checking with find_next_bit when resizing

dm cache: fix potential out-of-bounds access on the first resume

net: bridge: xmit: make sure we have at least eth header len bytes

ksmbd: fix slab-use-after-free in smb3_preauth_hash_rsp

netfilter: ipset: add missing range check in bitmap_ip_uadt

ubifs: authentication: Fix use-after-free in ubifs_tnc_end_commit

9p/xen: fix release of IRQ

net: ieee802154: do not leave a dangling sk pointer in ieee802154_create()

jfs: fix array-index-out-of-bounds in jfs_readdir

crypto: hisilicon/qm - inject error before stopping queue

ima: Fix use-after-free on a dentry's dname.name

ksmbd: fix Out-of-Bounds Write in ksmbd_vfs_stream_write

btrfs: rename and export __btrfs_cow_block()

btrfs: fix use-after-free when COWing tree bock and tracing is enabled

xen/netfront: fix crash when removing device

HID: core: zero-initialize the report buffer

net: wwan: iosm: Fix tainted pointer delete is case of region creation fail

btrfs: don't BUG_ON on ENOMEM from btrfs_lookup_extent_info() in walk_down_proc()

jfs: fix shift-out-of-bounds in dbSplit

Out of scope: User-mode Linux isn't supported for current kernel

ALSA: us122l: Use snd_card_free_when_closed() at disconnection

ocfs2: uncache inode which has failed entering the group

NFSv4.0: Fix a use-after-free problem in the asynchronous open()

net/smc: fix LGR and link use-after-free issue

Bluetooth: L2CAP: do not leave dangling sk pointer on error in l2cap_sock_create()

Bluetooth: L2CAP: do not leave dangling sk pointer on error in l2cap_sock_create()

net: inet: do not leave a dangling sk pointer in inet_create()

net: inet6: do not leave a dangling sk pointer in inet6_create()

jfs: add a check to prevent array-index-out-of-bounds in dbAdjTree

fou: remove warn in gue_gro_receive on unsupported protocol

net/mlx5: Always stop health timer during driver removal

cifs: Fix buffer overflow when parsing NFS reparse points

driver core: bus: Fix double free in driver API bus_register()

usb: musb: sunxi: Fix accessing an released usb phy

Kernel is not affected

mm: resolve faulty mmap_region() error path behaviour

hv_sock: Initializing vsk->trans to NULL to prevent a dangling pointer

Bluetooth: fix use-after-free in device_for_each_child()

driver core: Introduce device_find_any_child() helper

jfs: array-index-out-of-bounds fix in dtReadFirst

net: af_can: do not leave a dangling sk pointer in can_create()

EDAC/igen6: Avoid segmentation fault on module unload

KVM: VMX: Bury Intel PT virtualization (guest/host mode) behind CONFIG_BROKEN

KVM: VMX: Bury Intel PT virtualization (guest/host mode) behind CONFIG_BROKEN

io_uring: fix possible deadlock in io_register_iowq_max_workers()

sctp: properly validate chunk size in sctp_sf_ootb()

ubi: fastmap: Fix duplicate slab cache names while attaching

ASoC: stm32: spdifrx: fix dma channel release in stm32_spdifrx_remove

drm/dp_mst: Fix MST sideband message body length check

low-scored CVE which causes verification conflicts with freezable kthread and cifs reading routines.

netfilter: ipset: Hold module reference while requesting a module

EDAC/bluefield: Fix potential integer overflow

ALSA: caiaq: Use snd_card_free_when_closed() at disconnection

ALSA: caiaq: Use snd_card_free_when_closed() at disconnection

oel9-uek7 kernels are compiled without CONFIG_HFSPLUS_FS

tcp_bpf: Fix the sk_mem_uncharge logic in tcp_bpf_sendmsg

nilfs2: fix potential out-of-bounds memory access in nilfs_find_entry()

scsi: qedi: Fix a possible memory leak in qedi_alloc_and_init_sb()

net/mlx5e: Fix CT entry update leaks of modify header context

scsi: ufs: core: sysfs: Prevent div by zero

Out of scope: User-mode Linux isn't supported

NFSD: Prevent NULL dereference in nfsd4_process_cb_update()

media: v4l2-tpg: prevent the risk of a division by zero

nilfs2: fix null-ptr-deref in block_touch_buffer tracepoint

gpio: grgpio: Add NULL check in grgpio_probe

Rejected and is no longer a valid CVE

io_uring/rw: fix missing NOWAIT check for O_DIRECT start write

media: atomisp: Add check for rgby_data memory allocation failure

octeontx2-pf: handle otx2_mbox_get_rsp errors in otx2_ethtool.c

bpf: fix recursive lock when verdict program return SK_PASS

fbdev: sh7760fb: Fix a possible memory leak in sh7760fb_alloc_mem()

ALSA: pcm: Add sanity NULL check for the default mmap fault handler

rtc: check if __rtc_read_time was successful in rtc_timer_do_work()

net/ipv6: release expired exception dst cached in socket

ionic: Fix netdev notifier unregister on failure

crypto: caam - Fix the pointer passed to caam_qi_shutdown()

blk-cgroup: Fix UAF in blkcg_unpin_online()

scsi: sg: Fix slab-use-after-free read in sg_release()

crypto: qat/qat_4xxx - fix off by one in uof_get_name()

gpiolib: cdev: Fix use after free in lineinfo_changed_notify

vdpa/mlx5: Fix invalid mr resource destroy

ipv6: avoid possible NULL deref in rt6_uncached_list_flush_dev()

net: fix data-races around sk->sk_forward_alloc

scsi: mpi3mr: Fix corrupt config pages PHY state is switched in sysfs

vp_vdpa: fix id_table array not null terminated error

vp_vdpa: fix id_table array not null terminated error

PCI/MSI: Handle lack of irqdomain gracefully

net: usb: lan78xx: Fix double free issue with interrupt buffer allocation

netdevsim: use cond_resched() in nsim_dev_trap_report_work()

nvmet-auth: complete a request only after freeing the dhchap pointers

nvmet: always initialize cqe.result

bnxt_en: Fix possible memory leak in bnxt_rdma_aux_device_init()

bnxt_en: Adjust logging of firmware messages in case of released token in __hwrm_send()

bnxt_en: Fix receive ring space parameters when XDP is active

bnxt_en: Fix aggregation ID mask to prevent oops on 5760X chips

net/mlx5: DR, prevent potential error pointer dereference

nvmet-auth: assign dh_key to NULL after kfree_sensitive

scsi: lpfc: Handle mailbox timeouts in lpfc_get_sfp_info

bnxt_en: Fix double DMA unmapping for XDP_REDIRECT

sched/deadline: Fix warning in migrate_enable for boosted tasks

Patch meant for use with microcode update

Bluetooth: hci_event: Align BR/EDR JUST_WORKS paring with LE

ata: pata_pxa: Fix potential NULL pointer dereference in pxa_ata_probe()

tipc: fix memory leak in tipc_link_xmit

net: tls: explicitly disallow disconnect

net: ppp: Add bound checking for skb data on ppp_sync_txmung

Out of scope: not affected

mtd: inftlcore: Add error check for inftl_read_oob()

HSI: ssi_protocol: Fix use after free vulnerability in ssi_protocol Driver Due to Race Condition

wifi: wl1251: fix memory leak in wl1251_tx_work

phonet/pep: fix racy skb_queue_empty() use

Out of scope as the patch is for powerpc arch only, x86_64 is not affected

drm/amdgpu: fix usage slab after free

smb: client: fix potential UAF in cifs_dump_full_key()

CONFIG_SMB_SERVER is not enabled.

smb/server: fix potential null-ptr-deref of lease_ctx_info in smb2_open()

smb: client: fix potential UAF in cifs_debug_files_proc_show()

smb: client: fix potential UAF in cifs_stats_proc_show()

bpf: Check rcu_read_lock_trace_held() before calling bpf map helpers

blk-iocost: do not WARN if iocg was already offlined

ext4: fix timer use-after-free on failed mount

scsi: ufs: bsg: Set bsg_queue to NULL after removal

net: defer final 'struct net' free in netns dismantle

net: defer final 'struct net' free in netns dismantle

dm cache: fix flushing uninitialized delayed_work on cache_ctr error

cifs: avoid NULL pointer dereference in dbg call

USB: wdm: close race between wdm_open and wdm_wwan_port_stop

qibfs: fix _another_ leak

udmabuf: fix a buf size overflow issue during udmabuf creation

drm/amd/display: fix double free issue during amdgpu module unload

drm/nouveau: Fix WARN_ON in nouveau_fence_context_kill()

Out of scope: PA-RISC architecture isn't supported for current kernel

wifi: brcm80211: fmac: Add error handling for brcmf_usb_dl_writeimage()

tracing: Fix oob write in trace_seq_to_buffer()

net_sched: drr: Fix double list add in class with netem as child qdisc

net_sched: ets: Fix double list add in class with netem as child qdisc

net_sched: qfq: Fix double list add in class with netem as child qdisc

of: module: add buffer overflow check in of_modalias()

firmware: arm_scmi: Balance device refcount when destroying devices

netfilter: ipset: fix region locking in hash types

iio: imu: st_lsm6dsx: fix possible lockup in st_lsm6dsx_read_fifo

iio: imu: st_lsm6dsx: fix possible lockup in st_lsm6dsx_read_tagged_fifo

module: ensure that kobject_put() is safe for module type kobjects

usb: typec: ucsi: displayport: Fix NULL pointer access

RDMA/rxe: Fix slab-use-after-free Read in rxe_queue_cleanup bug

wifi: mt76: disable napi on driver removal

dmaengine: ti: k3-udma: Add missing locking

usb: typec: ucsi: displayport: Fix deadlock

usb: typec: fix potential array underflow in ucsi_ccg_sync_control()

usb: typec: fix potential array underflow in ucsi_ccg_sync_control()

sunrpc: handle SVC_GARBAGE during svc auth processing as auth error

net_sched: sch_sfq: don't allow 1 packet limit

net_sched: sch_sfq: move the limit validation

nvme: tcp: avoid race between queue_lock lock and destroy

perf: Fix perf_event_validate_size()

perf: Fix perf_event_validate_size() lockdep splat

net: pktgen: fix access outside of user given buffer in pktgen_thread_write()

smb: client: Fix use-after-free in cifs_fill_dirent

dm cache: prevent BUG_ON by blocking retries on failed device resumes

orangefs: Do not truncate file size

media: cx231xx: set device_caps for 417

wifi: rtw88: fix the 'para' buffer size to avoid reading out of bounds

posix-cpu-timers: fix race between handle_posix_cpu_timers() and posix_cpu_timer_del()

RDMA/iwcm: Fix use-after-free of work objects after cm_id destruction

kpatch add alt asm definitions

kpatch add paravirt asm definitions