scsi: iscsi_tcp: Fix UAF during login when accessing the shost ipaddress

netfilter: ipset: add the missing IP_SET_HASH_WITH_NET0 macro for ip_set_hash_netportnet.c

af_unix: Fix null-ptr-deref in unix_stream_sendpage().

A low priority AMD Inception vulnerability that affects Zen3/Zen4 & relates to RetBleed fixes requiring microcode updates, we can't do much about it in KCare Infra.

drm/vmwgfx: Fix possible invalid drm gem put calls

drm/vmwgfx: Keep a gem reference to user bos in surfaces

drm/vmwgfx: Fix shader stage validation

net/sched: sch_hfsc: Ensure inner classes have fsc curve

net/sched: sch_hfsc: upgrade 'rt' to 'sc' when it becomes a inner curve

igb: set max size RX buffer when store bad packet is enabled

igb: set max size RX buffer when store bad packet is enabled

net: sched: sch_qfq: Fix UAF in qfq_dequeue()

net: sched: sch_qfq: Fix UAF in qfq_dequeue() (adaptation)

nfp: fix use-after-free in area_cache_get()

can: af_can: fix NULL pointer dereference in can_rcv_filter

drivers: net: slip: fix NPD bug in sl_tx_timeout()

Fix double fget() in vhost_net_set_backend()

HID: check empty report_list in hid_validate_values()

smb: client: fix OOB in smbCalcSize()

smb: client: fix potential OOB in cifs_dump_detail()

smb: client: fix potential OOB in smb2_dump_detail()

x86/sev-es: Fix SEV-ES OUT/IN immediate opcode vc handling

x86/sev: Disable MMIO emulation from user mode

x86/sev: Check IOBM for IOIO exceptions from user-space

x86/sev: Check for user-space IOIO pointing to kernel space

Fix a kernel panic when host sends an invalid H2C PDU length

nvmet-tcp: fix a crash in nvmet_req_complete()

nvmet-tcp: remove boilerplate code

nvmet-tcp: Fix the H2C expected PDU len calculation

perf: Disallow mis-matched inherited group reads

perf: Disallow mis-matched inherited group reads (adaptation)

perf/core: Fix potential NULL deref

netfilter: nft_set_pipapo: skip inactive elements during set walk

Bluetooth: L2CAP: Fix use-after-free in l2cap_sock_ready_cb

net: tls, update curr on splice as well

RDMA/core: Refactor rdma_bind_addr

RDMA/core: Update CMA destination address on rdma_resolve_addr

smb: client: fix OOB in receive_encrypted_standard()

perf: Fix perf_event_validate_size()

perf: Fix perf_event_validate_size() lockdep splat

drm/amdgpu: Fix potential fence use-after-free v2

ext4: fix kernel BUG in 'ext4_write_inline_data_end()'

tty: n_gsm: fix the UAF caused by race condition in gsm_cleanup_mux

netfilter: nf_tables: reject QUEUE/DROP verdict parameters

drm/vmwgfx: Fix possible null pointer derefence with invalid contexts

An introduction of required changes through KernelCare could cause unavoidable problems to applications which use netfilter functionality.

net/tls: do not free tls_rec on async operation in bpf_exec_tx_verdict()

ipv4: igmp: fix refcnt uaf issue when receiving igmp query packet

Bluetooth: Fix double free in hci_conn_cleanup

fs,hugetlb: fix NULL pointer dereference in hugetlbs_fill_super

ida: Fix crash in ida_free when the bitmap is empty

drm/qxl: fix UAF on handle creation

UBUNTU: SAUCE: bpf: prevent helper argument PTR_TO_ALLOC_MEM to have offset other than 0

x86/sev: Harden #VC instruction emulation somewhat

Bluetooth: af_bluetooth: Fix Use-After-Free in

Bluetooth: Add more enc key size check

Input: gtco - bounds check collection indent level

The patch for this CVE already present in kernel-5.14.0-362.24.1.el9_3 version. The kernel-5.14.0-362.18.1.el9_3 version and below are not vulnerable because they don't have commit 5f68718b34a5 (netfilter: nf_tables: GC transaction API to avoid race with control plane) which introduced the vulnerability.

x86 xen add xenpv restore regs and return to usermode

kpatch add alt asm definitions

kpatch add paravirt asm definitions