netfilter: flowtable: initialise extack before use

netpoll: Fix race condition in netpoll_owner_active

af_unix: Fix garbage collector racing against connect()

xfs: don't walk off the end of a directory data block

xfs: add bounds checking to xlog_recover_process_data

net/sched: act_api: fix possible infinite loop in tcf_idr_check_alloc()

block: initialize integrity buffer to zero before writing it to media

ipv6: prevent possible NULL dereference in rt6_probe()

ext4: fold quota accounting into ext4_xattr_inode_lookup_create()

ext4: do not create EA inode under buffer lock

ext4: turn quotas off if mount failed after enabling quotas

ext4: fix uninitialized ratelimit_state->lock access in __ext4_fill_super()

wifi: mt76: mt7921s: fix potential hung tasks during chip recovery

tty: Fix out-of-bound vmalloc access in imageblit

tcp: add sanity checks to rx zerocopy

mptcp: fix data re-injection from stale subflow

scsi: core: Fix unremoved procfs host directory regression

mac802154: fix llsec key resources release in mac802154_llsec_key_del

mac802154: fix llsec key resources release in mac802154_llsec_key_del

net/sched: taprio: extend minimum interval restriction to entire cycle too

xfs: fix log recovery buffer allocation for the

netfilter: nft_inner: validate mandatory meta and payload

netfilter: nft_inner: validate mandatory meta and payload

USB: class: cdc-wdm: Fix CPU lockup caused by excessive log messages

mptcp: ensure snd_una is properly initialized on connect

kpatch add alt asm definitions

x86/bugs: Change commas to semicolons in 'spectre_v2' sysfs file

x86/bugs: x86/bhi: Add support for clearing branch history at syscall entry

i2c: Fix a potential use after free

of: fdt: fix off-by-one error in unflatten_dt_nodes()

media: pvrusb2: fix use after free on context disconnection

Out of scope as the patch is for powerpc arch only, x86_64 is not affected

EDAC/thunderx: Fix possible out-of-bounds string access

net: ip_tunnel: make sure to pull inner header in ip_tunnel_rcv()

md/raid5: fix atomicity violation in raid5_cache_count

bpf: Reject variable offset alu on PTR_TO_FLOW_KEYS

RDMA/mlx5: Fix fortify source warning while accessing Eth segment

hwmon: (w83791d) Fix NULL pointer dereference by removing unnecessary structure field

x86/fpu: Keep xfd_state in sync with MSR_IA32_XFD

x86/fpu: Keep xfd_state in sync with MSR_IA32_XFD

stm class: Fix a double free in stm_register_device()

net/mlx5: Discard command completions in internal error

USB: core: Fix deadlock in usb_deauthorize_interface()

Out of scope: not affected

drm/amdgpu/mes: fix use-after-free issue

usb: typec: tcpm: fix use-after-free case in tcpm_register_source_caps

USB: core: Fix deadlock in port "disable" sysfs attribute

USB: core: Fix deadlock in port "disable" sysfs attribute

USB: core: Fix deadlock in port "disable" sysfs attribute

net/mlx5: Always stop health timer during driver removal

firmware: cs_dsp: Fix overflow checking of wmfw header

firmware: cs_dsp: Fix overflow checking of wmfw header (adaptation)

filelock: fix potential use-after-free in posix_lock_inode

drm/i915/gt: Fix potential UAF by revoke of fence registers

scsi: mpi3mr: Sanitise num_phys

drm/amdgpu: Using uninitialized value *size when calling amdgpu_vce_cs_reloc

net/iucv: fix use after free in iucv_sock_close()

dev/parport: fix the array out-of-bounds risk

wifi: rtw89: Fix array index mistake in rtw89_sta_info_get_iter()

CVE patch is for powerpc arch only

CVE patch is for powerpc arch only

Out of scope: not affected

net/sched: taprio: proper TCA_TAPRIO_TC_ENTRY_INDEX check

net/sched: taprio: proper TCA_TAPRIO_TC_ENTRY_INDEX check kpatch

minmax: add umin(a, b) and umax(a, b)

swiotlb: Fix double-allocation of slots due to broken alignment handling

octeontx2-af: fix the double free in rvu_npc_freemem()

ALSA: hda: intel-sdw-acpi: fix usage of device_get_named_child_node()

drm/amdgpu: add error handle to avoid out-of-bounds

drm/amdgpu: Fix signedness bug in sdma_v4_0_process_trap_irq()

drm/drm_file: Fix pid refcounting race

Out of scope: not affected

CVE patch is for powerpc arch only

CVE patch is for powerpc arch only

CVE patch is for powerpc arch only

Out of scope as the patch is for powerpc arch only, x86_64 is not affected

include/linux/generic-radix-tree.h: replace kernel.h with the necessary inclusions

lib/generic-radix-tree.c: Don't overflow in peek()

can: isotp: isotp_sendmsg(): add result check for wait_event_interruptible()

can: isotp: isotp_sendmsg(): fix TX buffer concurrent access in isotp_sendmsg()

can: isotp: isotp_sendmsg(): fix TX buffer concurrent access in isotp_sendmsg()

can: isotp: fix error path in isotp_sendmsg() to unlock wait queue

usbnet: sanity check for maxpacket

nvmem: Fix shift-out-of-bound (UBSAN) with byte size cells

arm64/sme: Always exit sme_alloc() early with existing

hwmon: (lm90) Prevent integer overflow/underflow in hysteresis calculations

asix: fix uninit-value in asix_mdio_read()

netfilter: nft_set_pipapo: do not free live element

ACPI: processor_idle: Fix memory leak in acpi_processor_power_exit()

keys: Fix overwrite of key expiration on instantiation

USB: core: Fix access violation during port device removal

mlxsw: spectrum_acl_tcam: Fix possible use-after-free during rehash

Not a bug for a real-life RHEL9 setup

EFI Firmware: CVE patch is for EFI firmware which runs at boot time.

Kernel is not affected

Kernel is not affected

CVE patch is for powerpc arch only

tcp: defer shutdown(SEND_SHUTDOWN) for TCP_SYN_RECV sockets

ASoC: SOF: Add some bounds checking to firmware data

tcp_metrics: validate source addr length

cachefiles: fix slab-use-after-free in cachefiles_withdraw_cookie()

cachefiles: fix slab-use-after-free in cachefiles_withdraw_cookie()

cachefiles: fix slab-use-after-free in fscache_withdraw_volume()

cachefiles: fix slab-use-after-free in fscache_withdraw_volume()

Bluetooth: btrtl: fix out of bounds memory access

Bluetooth: btrtl: fix out of bounds memory access

CVE patch is for AMD Inception vulnerability related to Speculative Return Stack Overflow (SRSO)

Input: powermate - fix use-after-free in powermate_config_complete

Bluetooth: Fix TOCTOU in HCI debugfs implementation

xsk: validate user input for XDP_{UMEM|COMPLETION}_FILL_RING

mlxsw: spectrum_acl_tcam: Fix memory leak during rehash

filelock: Remove locks reliably when fcntl/close race is detected

Bluetooth: rfcomm: Fix null-ptr-deref in rfcomm_check_security

Bluetooth: rfcomm: Fix null-ptr-deref in rfcomm_check_security

mm/swap: fix race when skipping swapcache

cxl/pci: Fix disabling memory if DVSEC CXL Range does not match a CFMWS window

drm/amd/display: fixed integer types and null check locations

ext4: avoid allocating blocks from corrupted group

ext4: avoid dividing by 0 in mb_update_avg_fragment_size()

mptcp: fix double-free on socket dismantle

iommufd: Fix protection fault in iommufd_test_syz_conv_iova

iommufd: Fix iopt_access_list_id overwrite bug

net: veth: clear GRO when clearing XDP even when down MIME-Version: 1.0

Out of scope: boot time issue

bpf: Guard stack limits against 32bit overflow

of: Fix double free in of_parse_phandle_with_args_map

ALSA: scarlett2: Add clamp() in scarlett2_mixer_ctl_put()

ALSA: scarlett2: Add missing error checks to *_ctl_get()

x86/mm: Ensure input to pfn_to_kaddr() is treated as a 64-bit type

net: atlantic: eliminate double free in error handling logic

drm/vmwgfx: fix a memleak in vmw_gmrid_man_get_node

ASoC: SOF: amd: Fix memory leak in amd_sof_acp_probe()

drm/tegra: rgb: Fix some error handling paths in tegra_dc_rgb_probe()

drm/tegra: rgb: Fix missing clk_put() in the error handling paths of tegra_dc_rgb_probe()

Do not support powerpc build with kasan sanitizer 4a7aee96200ad281a5cc4cf5c7a2e2a49d2b97b0

RDMA/qedr: Fix qedr_create_user_qp error flow

HID: i2c-hid-of: fix NULL-deref on failed power up

HID: i2c-hid-of: fix NULL-deref on failed power up

RDMA/srpt: Support specifying the srpt_service_guid

arp: Prevent overflow in arp_req_get().

md: Don't ignore suspended array in md_check_recovery()

net/sched: act_mirred: use the backlog for mirred ingress

md: Don't ignore read-only array in md_check_recovery()

net: nexthop: Initialize all fields in dumped nexthops

mptcp: pm: Fix uaf in __timer_delete_sync

bpf: Fix overrunning reservations in ringbuf

bpf: Fix overrunning reservations in ringbuf

USB: serial: mos7840: fix crash on resume

USB: serial: mos7840: fix crash on resume