netfilter: ipset: add the missing IP_SET_HASH_WITH_NET0 macro for

x86/CPU/AMD: Do not leak quotient data after a division by 0

nvmet-tcp: Fix a possible UAF in queue intialization setup

x86: KVM: SVM: always update the x2avic msr interception

netfilter: ipset: Fix race between IPSET_CMD_CREATE and IPSET_CMD_SWAP

net: sched: sch_qfq: Fix UAF in qfq_dequeue()

net: sched: sch_qfq: Fix UAF in qfq_dequeue() (adaptation)

igb: set max size RX buffer when store bad packet is enabled

igb: set max size RX buffer when store bad packet is enabled (adaptation)

igmp: limit igmpv3_newpack() packet size to IP_MAX_MTU

net/sched: sch_hfsc: Ensure inner classes have fsc curve

net/sched: sch_hfsc: upgrade 'rt' to 'sc' when it becomes a inner curve

An introduction of required changes through KernelCare could cause unavoidable problems to applications which use netfilter functionality.

netfilter: nf_tables: disallow rule removal from chain binding

Bluetooth: hci_event: Ignore NULL link key

Bluetooth: Reject connection with the device which has same BD_ADDR

RDMA/irdma: Prevent zero-length STAG registration

RDMA/irdma: Prevent zero-length STAG registration

ravb: Fix use-after-free issue in ravb_tx_timeout_work()

x86/sev: Disable MMIO emulation from user mode

x86/sev: Check IOBM for IOIO exceptions from user-space

x86/sev: Check for user-space IOIO pointing to kernel space

Patch already exists in 5.15 kernels.

netfilter: nf_tables: bail out on mismatching dynset and set expressions

netfilter: nf_tables: check if catch-all set element is active in next generation

netfilter: nf_tables: reject QUEUE/DROP verdict parameters

kpatch add alt asm definitions

x86/bugs: Change commas to semicolons in 'spectre_v2' sysfs file

x86/bhi: Add support for clearing branch history at syscall entry

tap: add missing verification for short frame

tun: add missing verification for short frame

filelock: fix potential use-after-free in posix_lock_inode

greybus: Fix use-after-free bug in gb_interface_release due

ptp: fix integer overflow in max_vclocks_store

net/dpaa2: Avoid explicit cpumask var allocation on stack

ata: libata-core: Fix double free on error

net: dsa: mv88e6xxx: Correct check for empty list

bpf: Avoid uninitialized value in BPF_CORE_READ_BITFIELD

tcp_metrics: validate source addr length

tcp_metrics: validate source addr length

net: ethernet: lantiq_etop: fix double free in detach

ipv6: annotate some data-races around sk->sk_prot

ipv6: Fix data races around sk->sk_prot.

tcp: Fix data races around icsk->icsk_af_ops.

net: sched: sch_multiq: fix possible OOB write in multiq_tune()

bonding: Fix out-of-bounds read in bond_option_arp_ip_targets_set()

jfs: xattr: fix buffer overflow for invalid xattr

dmaengine: idxd: Fix possible Use-After-Free in irq_process_work_list

netns: Make get_net_ns() handle zero refcount net

net/sched: Fix UAF when resolving a clash

drm/i915/gt: Fix potential UAF by revoke of fence registers

net/iucv: Avoid explicit cpumask var allocation on stack

nilfs2: add missing check for inode numbers on directory

wifi: mt76: replace skb_put with skb_put_zero

wifi: cfg80211: Lock wiphy in cfg80211_get_station

ima: Avoid blocking in RCU read-side critical section

scsi: qedi: Fix crash while reading debugfs

batman-adv: bypass empty buckets in batadv_purge_orig_ref()

Vendor reverted due to missing fixes a591d35c4023 and a47a7af9b511

netfilter: nf_tables: fully validate NFT_DATA_VALUE on store to data transfers

pinctrl: fix deadlock in create_pinctrl() when handling -EPROBE_DEFER

nilfs2: fix inode number range checks

orangefs: fix out-of-bounds fsid access

drm/amd/display: Add array index check for hdcp ddc access

VFIO: Add the SPR_DSA and SPR_IAX devices to the denylist

scsi: mpi3mr: Sanitise num_phys

vhost/scsi: null-ptr-dereference in vhost_scsi_get_req()

x86/fpu: Keep xfd_state in sync with MSR_IA32_XFD

net/mlx5e: Fix mlx5e_priv_init() cleanup flow

netfilter: iptables: Fix potential null-ptr-deref in ip6table_nat_table_init().

netfilter: iptables: Fix null-ptr-deref in iptable_nat_table_init().

mm: avoid leaving partial pfn mappings around in error case

Affects only boot __init stage, already booted kernels are not affected

netfilter: nft_set_rbtree: .deactivate fails if element has expired

netfilter: nf_tables: use timestamp to check for set element timeout

netfilter: nf_tables: use timestamp to check for set element timeout

Architecture is not supported

drm/amd/display: Check msg_id before processing transcation

drm/amdkfd: don't allow mapping the MMIO HDP page with large pages

tipc: Return non-zero value from tipc_udp_addr2str() on error

Patched function waits for external events, which may prevent patching/unpatching.

um: line: always fill *error_out in setup_one_line()

usb: dwc3: st: fix probed platform device ref count on probe error path

drm/amdgpu: Fix out-of-bounds write warning

CVE patch is for powerpc arch only

dev/parport: fix the array out-of-bounds risk

[PATCH 1/1] media: venus: fix use after free in vdec_close

[PATCH 1/1] jfs: Fix array-index-out-of-bounds in diFree

[PATCH 1/1] vhost/vsock: always initialize seqpacket_allow

[PATCH 1/1] vhost/vsock: always initialize seqpacket_allow

[PATCH 1/1] net: bridge: mcast: wait for previous gc cycles when removing port

[PATCH 1/1] ipv6: fix possible UAF in ip6_finish_output2()

[PATCH 1/1] ipv6: prevent UAF in ip6_send_skb()

[PATCH 1/1] binder: fix UAF caused by offsets overwrite

[PATCH 1/1] Squashfs: sanity check symbolic link size

[PATCH 1/1] HID: amd_sfh: free driver_data after destroying hid device

[PATCH] hwmon: (w83627ehf) Fix underflows seen when writing limit attributes

[PATCH 1/1] net/iucv: fix use after free in iucv_sock_close()

[PATCH 1/1] mISDN: Fix a use after free in hfcmulti_tx()

[PATCH 1/1] atm: idt77252: prevent use after free in dequeue_rx()

[PATCH] hwmon: (nct6775-core) Fix underflows seen when writing limit attributes

[PATCH] hwmon: (lm95234) Fix underflows seen when writing limit attributes

[PATCH 1/1] hwmon: (adc128d818) Fix underflows seen when writing limit attributes

[PATCH 1/1] ASoC: dapm: Fix UAF for snd_soc_pcm_runtime object

[PATCH] sch/netem: fix use after free in netem_dequeue

[PATCH 1/1] drm/amd/display: Check gpio_id before used as array index

module is not included

kcm: Serialise kcm_sendmsg() for the same socket.

[PATCH 1/1] net: dsa: bcm_sf2: Fix a possible memory leak in bcm_sf2_mdio_register()

[PATCH 1/1] drm/msm/dpu: cleanup FB if dpu_format_populate_layout fails

[PATCH 1/1] net: hns3: fix a deadlock problem when config TC during resetting

vfs: Don't evict inode under the inode lru traversing context

[PATCH 1/1] xhci: Fix Panther point NULL pointer deref at full-speed re-enumeration

[PATCH 1/1] mmc: mmc_test: Fix NULL dereference on allocation failure

[PATCH 1/1] gtp: fix a potential NULL pointer dereference

[PATCH 1/1] drm/amd/display: Skip wbscl_set_scaler_filter if filter is null

[PATCH 1/1] uio_hv_generic: Fix kernel NULL pointer dereference in hv_uio_rescind

[PATCH 1/1] rcu-tasks: Fix show_rcu_tasks_trace_gp_kthread buffer overflow

[PATCH 1/1] RDMA/iwcm: Fix a use-after-free related to destroying CM IDs

[PATCH 1/1] ipv6: prevent possible UAF in ip6_xmit()

[PATCH 1/1] scsi: aacraid: Fix double-free on probe failure

[PATCH 1/1] drm/amdgpu: fix mc_data out-of-bounds read warning

[PATCH 1/1] drm/amdgpu: Fix out-of-bounds read of df_v1_7_channel_number

ila: call nf_unregister_net_hooks() sooner

bna: adjust 'name' buf size of bna_tcb and bna_ccb structures

netfilter: flowtable: validate vlan header

netfilter: flowtable: validate vlan header

drm/amd/display: Add array index check for hdcp ddc access

[PATCH] sched/smt: Fix unbalance sched_smt_present dec/inc

[PATCH] sched/core: Fix unbalance set_rq_online/offline() in sched_cpu_deactivate()

ocfs2: cancel dqi_sync_work before freeing oinfo

wifi: ath11k: fix array out-of-bound access in SoC stats

tipc: guard against string buffer overrun

fbdev: pxafb: Fix possible use after free in pxafb_task()

ext4: drop ppath from ext4_ext_replay_update_ex() to avoid double-free

smb: client: fix OOBs when building SMB2_IOCTL request

wifi: iwlwifi: mvm: Fix response handling in iwl_mvm_send_recovery_cmd()

netfilter: Fix use-after-free in get_info()

nilfs2: fix kernel bug due to missing clearing of checked flag

Issue was backported and fixed in the same 5.15.0-303.168.3.el9uek, previous kernels are not affected

9p: add missing locking around taking dentry fid list

dma-buf: heaps: Fix off-by-one in CMA heap fault handler

netfilter: nf_reject_ipv6: fix nf_reject_ip6_tcphdr_put()

drivers: media: dvb-frontends/rtl2832: fix an out-of-bounds write error

aoe: fix the potential use-after-free problem in more places

ALSA: asihpi: Fix potential OOB array access

udf: fix uninit-value use in udf_get_fileshortad

bpf: Fix out-of-bounds write in trie_get_next_key()

net/sched: stop qdisc_tree_reduce_backlog on TC_H_ROOT

RDMA/rtrs-clt: Reset cid to con_num - 1 to stay in bounds

drm/amd/display: Fix index out of bounds in DCN30 color transformation

ext4: no need to continue when the number of entries is 1

ext4: fix slab-use-after-free in ext4_split_extent_at()

fbdev: sisfb: Fix strbuf array overflow

RDMA/bnxt_re: Add a check for memory allocation

tcp/dccp: Don't use timer_pending() in reqsk_queue_unlink().

net: sched: fix use-after-free in taprio_change()

platform/x86: panasonic-laptop: Fix SINF array out of bounds accesses

platform/x86: panasonic-laptop: Fix SINF array out of bounds accesses

RDMA/iwcm: Fix WARNING:at_kernel/workqueue.c:#check_flush_dependency

RDMA/iwcm: Fix WARNING:at_kernel/workqueue.c:#check_flush_dependency kpatch

ocfs2: add bounds checking to ocfs2_xattr_find_entry()

ext4: avoid use-after-free in ext4_ext_show_leaf()

ext4: aovid use-after-free in ext4_ext_insert_extent()

ext4: fix double brelse() the buffer of the extents path

parport: Proper fix for array out-of-bounds access

tracing: Consider the NULL character when validating the event length

drm/amd/display: Fix index out of bounds in degamma hardware format translation

drm/amd/display: Fix index out of bounds in DCN30 degamma hardware format translation

scsi: elx: libefc: Fix potential use after free in efc_nport_vport_del()

vhost_vdpa: assign irq bypass producer token correctly

The patch doesn't fix the vunlnerability

security/keys: fix slab-out-of-bounds in key_task_permission

NFSD: Async COPY result needs to return a write verifier

NFSD: Async COPY result needs to return a write verifier

NFSD: Limit the number of concurrent async COPY operations

NFSD: Limit the number of concurrent async COPY operations

NFSD: Initialize struct nfsd4_copy earlier

NFSD: Never decrement pending_async_copies on error

Patch affects __init

Complex adaptation required. Low impact CVE.

media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format

Patch affects initramfs

Out of scope: SuperH architecture isn't supported for current kernel

btrfs: ref-verify: fix use-after-free after invalid ref action

af_packet: avoid erroring out after sock_init_data() in packet_create()

xsk: fix OOB map writes when deleting elements

bpf: fix OOB devmap writes when deleting elements

vsock/virtio: Initialization of the dangling pointer occurring in vsk->trans

wifi: ath9k: add range check for conn_rsp_epid in htc_connect_service()

Architecture PARISC is not supported

tipc: Fix use-after-free of kernel socket in cleanup_bearer().

tipc: fix NULL deref in cleanup_bearer()

media: s5p-jpeg: prevent buffer overflows

USB: serial: io_edgeport: fix use after free in debug printk

ALSA: usb-audio: Fix out of bounds reads when finding clock sources

Irrelevant for x64 kernels

net: do not delay dst_entries_add() in dst_release()

ALSA: 6fire: Release resources at card release

ALSA: 6fire: Release resources at card release

netfilter: x_tables: fix LED ID check in led_tg_check()

ksmbd: fix Out-of-Bounds Read in ksmbd_vfs_stream_read

acpi: nfit: vmalloc-out-of-bounds Read in acpi_nfit_ctl

ocfs2: fix uninitialized value in ocfs2_file_read_iter()

bpf: Check validity of link->type in bpf_link_show_fdinfo()

usb: typec: fix potential out of bounds in ucsi_ccg_update_set_new_cam_cmd()

dm cache: fix out-of-bounds access to the dirty bitset when resizing

dm cache: optimize dirty bit checking with find_next_bit when resizing

dm cache: fix potential out-of-bounds access on the first resume

net: bridge: xmit: make sure we have at least eth header len bytes

netfilter: ipset: add missing range check in bitmap_ip_uadt

ubifs: authentication: Fix use-after-free in ubifs_tnc_end_commit

9p/xen: fix release of IRQ

net: ieee802154: do not leave a dangling sk pointer in ieee802154_create()

jfs: fix array-index-out-of-bounds in jfs_readdir

crypto: hisilicon/qm - inject error before stopping queue

ima: Fix use-after-free on a dentry's dname.name

ksmbd: fix Out-of-Bounds Write in ksmbd_vfs_stream_write

btrfs: rename and export __btrfs_cow_block()

btrfs: fix use-after-free when COWing tree bock and tracing is enabled

xen/netfront: fix crash when removing device

HID: core: zero-initialize the report buffer

net: wwan: iosm: Fix tainted pointer delete is case of region creation fail

jfs: fix shift-out-of-bounds in dbSplit

Out of scope: User-mode Linux isn't supported for current kernel

ALSA: us122l: Use snd_card_free_when_closed() at disconnection

ocfs2: uncache inode which has failed entering the group

NFSv4.0: Fix a use-after-free problem in the asynchronous open()

net/smc: fix LGR and link use-after-free issue

Bluetooth: L2CAP: do not leave dangling sk pointer on error in l2cap_sock_create()

Bluetooth: L2CAP: do not leave dangling sk pointer on error in l2cap_sock_create()

net: inet: do not leave a dangling sk pointer in inet_create()

net: inet6: do not leave a dangling sk pointer in inet6_create()

jfs: add a check to prevent array-index-out-of-bounds in dbAdjTree

fou: remove warn in gue_gro_receive on unsupported protocol

cifs: Fix buffer overflow when parsing NFS reparse points

driver core: bus: Fix double free in driver API bus_register()

usb: musb: sunxi: Fix accessing an released usb phy

Kernel is not affected

mm: resolve faulty mmap_region() error path behaviour

hv_sock: Initializing vsk->trans to NULL to prevent a dangling pointer

Bluetooth: fix use-after-free in device_for_each_child()

driver core: Introduce device_find_any_child() helper

jfs: array-index-out-of-bounds fix in dtReadFirst

net: af_can: do not leave a dangling sk pointer in can_create()

EDAC/igen6: Avoid segmentation fault on module unload

KVM: VMX: Bury Intel PT virtualization (guest/host mode) behind CONFIG_BROKEN

KVM: VMX: Bury Intel PT virtualization (guest/host mode) behind CONFIG_BROKEN

blk-cgroup: Fix UAF in blkcg_unpin_online()

scsi: sg: Fix slab-use-after-free read in sg_release()

gpiolib: cdev: Fix use after free in lineinfo_changed_notify

ipv6: avoid possible NULL deref in rt6_uncached_list_flush_dev()

net: fix data-races around sk->sk_forward_alloc

scsi: mpi3mr: Fix corrupt config pages PHY state is switched in sysfs

scsi: mpi3mr: Fix corrupt config pages PHY state is switched in sysfs

vp_vdpa: fix id_table array not null terminated error

vp_vdpa: fix id_table array not null terminated error

net/mlx5: DR, prevent potential error pointer dereference

sched/deadline: Fix warning in migrate_enable for boosted tasks

Postponed: complex analysis and adaptation required

kpatch add paravirt asm definitions