scsi: qla2xxx: Complete command early within lock

ALSA: line6: Fix racy access to midibuf

tun: add missing verification for short frame

tap: add missing verification for short frame

KVM: PPC: Book3S HV: Prevent UAF in kvm_spapr_tce_attach_iommu_group()

dev/parport: fix the array out-of-bounds risk

hfsplus: fix uninit-value in copy_name

media: venus: fix use after free in vdec_close

RDMA/iwcm: Fix a use-after-free related to destroying CM IDs

jfs: Fix array-index-out-of-bounds in diFree

tipc: Return non-zero value from tipc_udp_addr2str() on error

mISDN: Fix a use after free in hfcmulti_tx()

net/iucv: fix use after free in iucv_sock_close()

exec: Fix ToCToU between perm check and set-uid/gid usage

VMCI: Fix use-after-free when removing resource in vmci_resource_remove()

wifi: cfg80211: wext: add extra SIOCSIWSCAN data check

f2fs: fix to don't dirty inode for readonly filesystem

kobject_uevent: Fix OOB access within zap_modalias_env()

dma: fix call order in dmam_free_coherent

mm: avoid overflows in dirty throttling logic

drm/nouveau: prime: fix refcount underflow

s390 arch not supported.

drm/client: fix null pointer dereference in drm_client_modeset_probe

tracing: Fix overflow in get_free_elt()

netfilter: ctnetlink: use helper function to calculate expect ID

scsi: qla2xxx: During vport delete send async logout explicitly

mlxsw: spectrum_acl_erp: Fix object nesting warning

mlxsw: spectrum_acl_erp: Fix object nesting warning

lib: objagg: Fix general protection fault

protect the fetch of ->fd[fd] in do_dup2() from mispredictions

net: nexthop: Initialize all fields in dumped nexthops

Out of scope as the patch is for s390 arch only, x86_64 is not affected

leds: trigger: Unregister sysfs attributes before calling deactivate()

ocfs2: add bounds checking to ocfs2_check_dir_entry()

scsi: qla2xxx: validate nvme_local_port correctly

ext4: check dot and dotdot of dx_root before making dir indexed

udf: Avoid using corrupted block bitmap buffer

drm/amd/display: Check for NULL pointer

drm/gma500: fix null pointer dereference in psb_intel_lvds_get_modes

serial: core: check uartclk for zero to avoid divide by zero

drm/amdgpu: Fix the null pointer dereference to ras_manager

This CVE was introduced and fixed in the same kernel verison

devres: Fix memory leakage caused by driver API devm_free_percpu()

usb: vhci-hcd: Do not drop references before new references are gained

sctp: Fix null-ptr-deref in reuseport_add_sock().

x86/mtrr: Check if fixed MTRRs exist before saving them

scsi: qla2xxx: Fix for possible memory corruption

drm/qxl: Add check for drm_cvt_mode

net: usb: qmi_wwan: fix memory leak for not ip packets

md/raid5: avoid BUG_ON() while continue reshape after reassembling

usb: gadget: core: Check for unset descriptor

x86/mm: Fix pti_clone_pgtable() alignment assumption

remoteproc: imx_rproc: Skip over memory region when node value is NULL

nilfs2: handle inconsistent state in nilfs_btnode_create_block()

ext4: make sure the first directory block is not a hole

jfs: don't walk off the end of ealist

drm/gma500: fix null pointer dereference in cdv_intel_lvds_get_modes

netfilter: nf_tables: prefer nft_chain_validate

bpf: Fix a segment issue when downgrading gso_size

wifi: cfg80211: handle 2x996 RU allocation in cfg80211_calculate_bitrate_he()

bna: adjust 'name' buf size of bna_tcb and bna_ccb structures

ila: block BH in ila_output()

CVE patch is for powerpc arch only

CVE patch is for powerpc arch only

Bluetooth: hci_core: cancel all works upon hci_unregister_dev()

hfs: fix to initialize fields of hfs_inode_info after hfs_alloc_inode()

nvme-pci: add missing condition check for existence of mapped data

drm/i915/gem: Fix Virtual Memory mapping boundaries calculation

wifi: virt_wifi: avoid reporting connection success with wrong SSID

wifi: virt_wifi: avoid reporting connection success with wrong SSID

irqchip/imx-irqsteer: Handle runtime power management correctly

netfilter: nf_tables: use timestamp to check for set element timeout

netfilter: nf_tables: use timestamp to check for set element timeout

mm: clarify a confusing comment for remap_pfn_range()

mm: fix ambiguous comments for better code readability

mm/memory.c: make remap_pfn_range() reject unaligned addr

mm: add remap_pfn_range_notrack

mm: avoid leaving partial pfn mappings around in error case

binder: fix UAF caused by offsets overwrite

atm: idt77252: prevent use after free in dequeue_rx()

gtp: pull network headers in gtp_dev_xmit()

drm/amdgpu: Using uninitialized value *size when calling amdgpu_vce_cs_reloc

usb: dwc3: st: fix probed platform device ref count on probe error path

scsi: aacraid: Fix double-free on probe failure

drm/amd/display: Check gpio_id before used as array index

drm/amdgpu: fix ucode out-of-bounds read warning

drm/amdgpu: fix mc_data out-of-bounds read warning

ila: call nf_unregister_net_hooks() sooner

hwmon: (w83627ehf) Fix underflows seen when writing limit attributes

HID: cougar: fix slab-out-of-bounds Read in cougar_report_fixup

of/irq: Prevent device address out-of-bounds read in interrupt map walk

nilfs2 module is not included

module is not included

Architecture is not supported

Architecture um is not supported

nilfs2: fix missing cleanup on rollforward recovery error

kcm: Serialise kcm_sendmsg() for the same socket.

net: dsa: mv88e6xxx: Fix out-of-bound access

usb: dwc3: core: Prevent USB core invalid event buffer address access

cgroup/cpuset: Prevent UAF in proc_cpuset_show()

Input: MT - limit max slots

fix bitmap corruption on close_range() with CLOSE_RANGE_UNSHARE

drm/amd/display: Skip wbscl_set_scaler_filter if filter is null

usb: typec: ucsi: Fix null pointer dereference in trace

PCI: keystone: Add workaround for Errata #i2037 (AM65x SR 1.0)

ipv6: prevent UAF in ip6_send_skb()

drm/amdkfd: don't allow mapping the MMIO HDP page with large pages

sch/netem: fix use after free in netem_dequeue

ASoC: dapm: Fix UAF for snd_soc_pcm_runtime object

hwmon: (adc128d818) Fix underflows seen when writing limit attributes

hwmon: (lm95234) Fix underflows seen when writing limit attributes

hwmon: (nct6775-core) Fix underflows seen when writing limit attributes

Squashfs: sanity check symbolic link size

sched: sch_cake: fix bulk flow accounting logic for host fairness

xhci: Fix Panther point NULL pointer deref at full-speed re-enumeration

mm/hugetlb: fix DEBUG_LOCKS_WARN_ON(1) when dissolve_free_hugetlb_folio()

netem: fix return value if duplicate enqueue fails

drm/amd/display: Stop amdgpu_dm initialize when stream nums greater than 6

drm/amd/display: Check num_valid_sets before accessing reader_wm_sets[]

block: initialize integrity buffer to zero before writing it to media

tcp_bpf: fix return value of tcp_bpf_sendmsg()

btrfs: clean up our handling of refs == 0 in snapshot delete

lib/generic-radix-tree.c: Fix rare race in __genradix_ptr_alloc()

staging: iio: frequency: ad9834: Validate frequency parameter value

ethtool: check device is present when getting link settings

wifi: mwifiex: Do not return unused priv in mwifiex_get_priv_by_id()

arm64: acpi: Harden get_cpu_for_acpi_id() against missing CPU entry

ocfs2: reserve space for inline xattr before attaching reflink tree

Bluetooth: MGMT: Add error handling to pair_device()

ata: libata-core: Fix null pointer dereference on error

virtio_net: Fix napi_skb_cache_put warning

Bluetooth: hci_ldisc: check HCI_UART_PROTO_READY flag in HCIUARTGETPROTO

mmc: mmc_test: Fix NULL dereference on allocation failure

gtp: fix a potential NULL pointer dereference

pinctrl: single: fix potential NULL dereference in pcs_get_function()

uio_hv_generic: Fix kernel NULL pointer dereference in hv_uio_rescind

Input: uinput - reject requests with unreasonable number of slots

Complex adaptation required. Low impact CVE.

Out of scope: CVE patch is for PCI Hotplug Driver for PowerPC PowerNV platform

can: bcm: Remove proc entry when dev is unregistered.

rtmutex: Drop rt_mutex::wait_lock before scheduling

vfs: Don't evict inode under the inode lru traversing context

nfc: pn533: Add poll mod list filling check

nilfs2: protect references to superblock parameters exposed in sysfs

fuse: Initialize beyond-EOF page contents before setting uptodate

Patches a function that is sleepable due to a call to vfs_poll

net: hns3: fix a deadlock problem when config TC during resetting

apparmor: fix possible NULL pointer dereference

nilfs2: fix state management in error path of log writing function

udf: Avoid excessive partition lengths

nvmet-tcp: fix kernel crash if commands allocation fails

wireguard: netlink: check for dangling peer via is_dead instead of empty list

bpf: Fix DEVMAP_HASH overflow check on 32-bit arches

netfilter: nf_reject_ipv6: fix nf_reject_ip6_tcphdr_put()

ASoC: meson: axg-card: fix 'use-after-free'

tipc: guard against string buffer overrun

fbdev: pxafb: Fix possible use after free in pxafb_task()

ext4: fix double brelse() the buffer of the extents path

parport: Proper fix for array out-of-bounds access

bpf: Fix out-of-bounds write in trie_get_next_key()

drm/amd/display: Fix index out of bounds in degamma hardware format translation

ext4: avoid OOB when system.data xattr changes underneath the filesystem

firmware_loader: Block path traversal

ext4: no need to continue when the number of entries is 1

ext4: aovid use-after-free in ext4_ext_insert_extent()

fbdev: sisfb: Fix strbuf array overflow

udf: fix uninit-value use in udf_get_fileshortad

tracing: Consider the NULL character when validating the event length

spi: nxp-fspi: fix the KASAN report out-of-bounds bug

net: sched: fix use-after-free in taprio_change()

ocfs2: add bounds checking to ocfs2_xattr_find_entry()

drivers: media: dvb-frontends/rtl2832: fix an out-of-bounds write error

drivers: media: dvb-frontends/rtl2830: fix an out-of-bounds write error

ALSA: asihpi: Fix potential OOB array access

ocfs2: cancel dqi_sync_work before freeing oinfo

smb: client: fix OOBs when building SMB2_IOCTL request

wifi: iwlwifi: mvm: Fix response handling in iwl_mvm_send_recovery_cmd()

net/sched: stop qdisc_tree_reduce_backlog on TC_H_ROOT

nilfs2: fix kernel bug due to missing clearing of checked flag

net: ethernet: lantiq_etop: fix memory disclosure

jfs: fix out-of-bounds in dbNextAG() and diAlloc()

jfs: Fix uninit-value access of new_ea in ea_buffer

ACPI: sysfs: validate return type of _STR method

slip: make slhc_remember() more robust against malicious packets

ppp: fix ppp_async_encode() illegal access

nilfs2: fix potential oob read in nilfs_btree_check_delete()

net: dpaa: Pad packets to ETH_ZLEN

wifi: iwlegacy: Clear stale interrupts before resuming device

media: venus: fix use after free bug in venus_remove due to race condition

Vendor reverted in d1aa0c04294 as it causes deadlocks

jfs: Fix uaf in dbFreeBits

ntb: ntb_hw_switchtec: Fix use after free vulnerability in switchtec_ntb_remove due to race condition

net: seeq: Fix use after free vulnerability in ether3 Driver Due to Race Condition

aoe: fix the potential use-after-free problem in more places

RDMA/iwcm: Fix WARNING:at_kernel/workqueue.c:#check_flush_dependency

RDMA/iwcm: Fix WARNING:at_kernel/workqueue.c:#check_flush_dependency kpatch

nfsd: return -EINVAL when namelen is 0

nfsd: enforce upper limit for namelen in __cld_pipe_inprogress_downcall()

netfilter: nft_payload: sanitize offset and length before calling skb_checksum()

gpio: prevent potential speculation leaks in gpio_device_get_desc()

can: bcm: Clear bo->bcm_proc_read after remove_proc_entry().

nfsd: call cache_put if xdr_reserve_space returns NULL

i2c: stm32f7: Do not prepare/unprepare clock during runtime suspend/resume

drm/amd: Guard against bad data for ATIF ACPI method

drm/amdgpu: prevent NULL pointer dereference if ATIF is not supported

ocfs2: fix possible null-ptr-deref in ocfs2_set_buffer_uptodate

ocfs2: fix null-ptr-deref when journal load failed.

ext4: fix i_data_sem unlock order in ext4_ind_migrate()

ocfs2: strict bound check before memcmp in ocfs2_xattr_find_entry()

RDMA/cxgb4: Added NULL check for lookup_atid

resource: fix region_intersects() vs add_memory_driver_managed()

drm: omapdrm: Add missing check for alloc_ordered_workqueue

wifi: ath9k_htc: Use __skb_set_length() for resetting urb before resubmit

netfilter: nf_tables: prevent nf_skb_duplicated corruption

wifi: mwifiex: Fix memcpy() field-spanning write warning in mwifiex_cmd_802_11_scan_ext()

ocfs2: pass u64 to ocfs2_truncate_inline maybe overflow

staging: iio: frequency: ad9832: fix division by zero in ad9832_calc_freqreg()

be2net: fix potential memory leak in be_xmit()

net: systemport: fix potential memory leak in bcm_sysport_xmit()

posix-clock: Fix missing timespec64 check in pc_clock_settime()

posix-clock: posix-clock: Fix unbalanced locking in pc_clock_settime()

igb: Do not bring the device up after non-fatal error

Live-patching will introduce network performance degradation in the best case scenario, or even some more serious issues. N/A or Low cvss3 score from NVD or vendors.

btrfs: wait for fixup workers before stopping cleaner kthread during umount

blk-rq-qos: fix crash on rq_qos_wait vs. rq_qos_wake_function race

xfrm: validate new SA's prefixlen using SA family when sel.family is unset

nilfs2: fix potential deadlock with newly created symlinks

net/sched: accept TCA_STAB only for root qdisc

net/sched: accept TCA_STAB only for root qdisc

wifi: iwlwifi: mvm: don't wait for tx queues if firmware is dead

tpm: Clean up TPM space after command failure

PCI: keystone: Fix if-statement expression in ks_pcie_quirk()

ceph: remove the incorrect Fw reference check when dirtying pages

net: add more sanity checks to qdisc_pkt_len_init()

jfs: check if leafidx greater than num leaves per dmap tree

ocfs2: remove unreasonable unlock in ocfs2_read_blocks

mm/swapfile: skip HugeTLB pages for unuse_vma

drm/amd/display: Check stream before comparing them

nilfs2: propagate directory read errors from nilfs_find_entry()

nilfs2: fix potential null-ptr-deref in nilfs_btree_insert()

net: avoid potential underflow in qdisc_pkt_len_init() with UFO

ACPICA: check null return of ACPI_ALLOCATE_ZEROED() in acpi_db_convert_to_package()

ACPI: battery: Fix possible crash when unregistering a battery hook

netfilter: br_netfilter: fix panic with metadata_dst skb

nouveau/dmem: Fix vulnerability in migrate_to_ram upon copy error

KVM: Fix a data race on last_boosted_vcpu in kvm_vcpu_on_spin()

Out of scope as the patch is for arm64 arch only, x86_64 not affected

Current kernel is not vulnerable.

Affects only boot __init stage, already booted kernels are not affected

sctp: set sk_state back to CLOSED if autobind fails in sctp_listen_start

sctp: ensure sk_state is set to CLOSED if hashing fails in sctp_listen_start

net: Fix an unsafe loop on the list

nilfs2: fix kernel bug due to missing clearing of buffer delay flag

net/sun3_82586: fix potential memory leak in sun3_82586_send_packet()

wifi: ath10k: Fix memory leak in management tx

USB: usbtmc: prevent kernel-usb-infoleak

drm/amd/display: Initialize get_bytes_per_element's default to 1

Bluetooth: RFCOMM: FIX possible deadlock in rfcomm_sk_state_change

Kernel is not vulnerable

crypto: aead,cipher - zeroize key buffer after use

btrfs: fix a NULL pointer dereference when failed to start a new trasacntion

virtio_pmem: Check device status before requesting flush

Bluetooth: bnep: fix wild-memory-access in proto_unregister

Bluetooth: bnep: fix wild-memory-access in proto_unregister kpatch

Out of scope as the patch is for arm64 arch only, x86_64 not affected

drm/vboxvideo: Replace fake VLA at end of vbva_mouse_pointer_shape with real VLA

vfs: fix race between evice_inodes() and find_inode()&iput()

tcp: check skb is non-NULL in tcp_rto_delta_us()

wifi: wilc1000: fix potential RCU dereference issue in wilc_parse_join_bss_param

wifi: mac80211: use two-phase skb reclamation in ieee80211_do_stop()

f2fs: Require FMODE_WRITE for atomic write ioctls

ALSA: firewire-lib: Avoid division by zero in apply_constraint_to_size()

wifi: mac80211: do not pass a stopped vif to the driver in .get_txpower

This CVE was rejected and fix reverted.

arm64: probes: Remove broken LDR (literal) uprobe support

sock_map: Add a cond_resched() in sock_hash_free()

jbd2: stop waiting for space when jbd2_cleanup_journal_tail() returns error

net/ipv6: release expired exception dst cached in socket

x86/xen: Add xenpv_restore_regs_and_return_to_usermode()

kpatch add alt asm definitions

kpatch add paravirt asm definitions

Restrict access to pagemap/kpageflags/kpagecount

net: bridge: xmit: make sure we have at least eth header len bytes

dm cache: fix out-of-bounds access to the dirty bitset when resizing

dm cache: optimize dirty bit checking with find_next_bit when resizing

dm cache: fix potential out-of-bounds access on the first resume

security/keys: fix slab-out-of-bounds in key_task_permission

ALSA: usb-audio: Fix out of bounds reads when finding clock sources

netfilter: x_tables: fix LED ID check in led_tg_check()

ocfs2: fix uninitialized value in ocfs2_file_read_iter()

media: s5p-jpeg: prevent buffer overflows

media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format

usb: musb: sunxi: Fix accessing an released usb phy

USB: serial: io_edgeport: fix use after free in debug printk

hv_sock: Initializing vsk->trans to NULL to prevent a dangling pointer

vsock/virtio: Initialization of the dangling pointer occurring in vsk->trans

cifs: Fix buffer overflow when parsing NFS reparse points

netfilter: ipset: add missing range check in bitmap_ip_uadt

Kernel is not affected

wifi: ath9k: add range check for conn_rsp_epid in htc_connect_service()

NFSv4.0: Fix a use-after-free problem in the asynchronous open()

9p/xen: fix release of IRQ

Out of scope: SuperH architecture isn't supported for current kernel

tipc: Fix use-after-free of kernel socket in cleanup_bearer().

tipc: fix NULL deref in cleanup_bearer()

af_packet: avoid erroring out after sock_init_data() in packet_create()

Bluetooth: L2CAP: do not leave dangling sk pointer on error in l2cap_sock_create()

Bluetooth: L2CAP: handle NULL sock pointer in l2cap_sock_alloc

net: inet: do not leave a dangling sk pointer in inet_create()

bpf: fix OOB devmap writes when deleting elements

Patch affects initramfs

scsi: bfa: Fix use-after-free in bfad_im_module_exit()

ubifs: authentication: Fix use-after-free in ubifs_tnc_end_commit

net: af_can: do not leave a dangling sk pointer in can_create()

jfs: fix array-index-out-of-bounds in jfs_readdir

jfs: add a check to prevent array-index-out-of-bounds in dbAdjTree

jfs: array-index-out-of-bounds fix in dtReadFirst

net: ieee802154: do not leave a dangling sk pointer in ieee802154_create()

net: inet6: do not leave a dangling sk pointer in inet6_create()

btrfs: ref-verify: fix use-after-free after invalid ref action

ALSA: 6fire: Release resources at card release

ALSA: 6fire: Release resources at card release

xen/netfront: fix crash when removing device

HID: core: zero-initialize the report buffer

fs: Fix uninitialized value issue in from_kuid and from_kgid

nilfs2: fix null-ptr-deref in block_touch_buffer tracepoint

media: v4l2-tpg: prevent the risk of a division by zero

media: cx24116: prevent overflows on SNR calculus

btrfs: reinitialize delayed ref list after deleting it from the list

sctp: properly validate chunk size in sctp_sf_ootb()

net: hns3: fix kernel crash when uninstalling driver

media: dvbdev: prevent the risk of out of memory access

nfs: Fix KMSAN warning in decode_getfattr_attrs()

ocfs2: uncache inode which has failed entering the group

nilfs2: fix null-ptr-deref in block_dirty_buffer tracepoint

NFSD: Prevent NULL dereference in nfsd4_process_cb_update()

nfsd: restore callback functionality for NFSv4.0

ad7780: fix division by zero in ad7780_write_raw()

usb: gadget: u_serial: Fix the issue that gs_start_io crashed due to accessing null pointer

nfsd: make sure exp active before svc_export_show

media: platform: allegro-dvt: Fix possible memory leak in allocate_buffers_internal()

media: ts2020: fix null-ptr-deref in ts2020_probe()

tcp_bpf: Fix the sk_mem_uncharge logic in tcp_bpf_sendmsg

HID: wacom: fix when get product name maybe null pointer

ocfs2: free inode when ocfs2_get_init_inode() fails

firmware: arm_scpi: Check the DVFS OPP count returned by the firmware

ubi: fastmap: Fix duplicate slab cache names while attaching

Out of scope: User-mode Linux isn't supported for current kernel

comedi: Flush partial mappings in error case

Out of scope: User-mode Linux isn't supported for current kernel

vfio/pci: Properly hide first-in-list PCIe extended capability

f2fs: fix f2fs_bug_on when uninstalling filesystem call f2fs_evict_inode.

jfs: fix shift-out-of-bounds in dbSplit

sunrpc: clear XPRT_SOCK_UPD_TIMEOUT when reset transport

scsi: qedi: Fix a possible memory leak in qedi_alloc_and_init_sb()

KVM: VMX: Bury Intel PT virtualization (guest/host mode) behind CONFIG_BROKEN

KVM: VMX: Bury Intel PT virtualization (guest/host mode) behind CONFIG_BROKEN

scsi: qedf: Fix a possible memory leak in qedf_alloc_and_init_sb()

netfilter: ipset: Hold module reference while requesting a module

rtc: check if __rtc_read_time was successful in rtc_timer_do_work()

Out of scope: User-mode Linux isn't supported

Out of scope: User-mode Linux isn't supported

xen: Fix the issue of resource not being properly released in xenbus_dev_probe()

fbdev: sh7760fb: Fix a possible memory leak in sh7760fb_alloc_mem()

ALSA: us122l: Use snd_card_free_when_closed() at disconnection