io_uring: always use original task when preparing req identity

Not affected without certain conditions - Secure Boot, configured kgdb/kdb. Complex adaptation

af_key: add __GFP_ZERO flag for compose_sadb_supported in function pfkey_register

ALSA: pcm: Fix races among concurrent hw_params and hw_free calls

ALSA: pcm: Fix races among concurrent read/write and buffer changes

ALSA: pcm: Fix races among concurrent prepare and hw_params/hw_free calls

ALSA: pcm: Fix races among concurrent prealloc proc writes

ALSA: pcm: Fix races among concurrent hw_params and hw_free calls (adaptation)

xen/xenbus: don't let xenbus_grant_ring() remove grants in error case

xen/grant-table: add gnttab_try_end_foreign_access()

xen/netfront: don't use gnttab_query_foreign_access() for mapped status

xen/scsifront: don't use gnttab_query_foreign_access() for mapped status

xen/gntalloc: don't use gnttab_query_foreign_access()

xen: remove gnttab_query_foreign_access()

xen/9p: use alloc/free_pages_exact()

xen/gnttab: fix gnttab_end_foreign_access() without page specified

xen/netfront: react properly to failing gnttab_end_foreign_access_ref()

xen/gnttab: fix gnttab_end_foreign_access() without page specified (adaptation)

xen/netfront: react properly to failing gnttab_end_foreign_access_ref() (adaptation)

cgroup: Use open-time credentials for process migraton perm checks

x86/speculation/mmio: Add mitigation for Processor MMIO Stale Data

Kernel lockdown bypass when UEFI secure boot is disabled / unavailable and IMA appraisal is enabled.

net_sched: cls_route: remove from list when handle is 0

KVM: Add infrastructure and macro to mark VM as bugged

KVM: Add infrastructure and macro to mark VM as bugged (adaptation)

KVM: Add infrastructure and macro to mark VM as bugged

KVM: x86: Check lapic_in_kernel() before attempting to set a SynIC irq

KVM: x86: Avoid theoretical NULL pointer dereference in kvm_irq_delivery_to_apic_fast()

Livepatching Retbleed may decrease kernel stability and performance. This vulnerability has medium security impact and applies to certain hardware environments only.

Livepatching Retbleed may decrease kernel stability and performance. This vulnerability has medium security impact and applies to certain hardware environments only.

Livepatching Retbleed may decrease kernel stability and performance. This vulnerability has medium security impact and applies to certain hardware environments only.

rds: copy_from_user only once per rds_sendmsg system call

ipc: replace costly bailout check in sysvipc_find_ipc()

drm: add a locked version of drm_is_current_master

drm: add a locked version of drm_is_current_master

drm: add a locked version of drm_is_current_master

drm: add a locked version of drm_is_current_master (adaptation)

netfilter: nf_tables: do not allow SET_ID to refer to another

netfilter: nf_tables: do not allow SET_ID to refer to another

scsi: target: Fix WRITE_SAME No Data Buffer crash

lockdown: also lock down previous kgdb use

af_key: Do not call xfrm_probe_algs in parallel

mISDN: fix use-after-free bugs in l1oip timer handlers

mISDN: fix use-after-free bugs in l1oip timer handlers (adaptation)

io_uring/af_unix: defer registered files gc to io_uring release

io_uring/af_unix: defer registered files gc to io_uring release (adaptation)

proc: avoid integer type confusion in get_proc_long

proc: proc_skip_spaces() shouldn't think it is working on C strings

Bluetooth: L2CAP: Fix attempting to access uninitialized memory

drm/i915/gt: Serialize TLB invalidates with GT resets

drm/i915: fix TLB invalidation for Gen12 video and compute engines

Bluetooth: L2CAP: Fix accepting connection request for invalid SPSM

media: dvb-core: Fix UAF due to refcount races at releasing

i2c: ismt: Fix an out-of-bounds bug in ismt_access()

Bluetooth: L2CAP: Fix u8 overflow

net: sched: atm: dont intepret cls results when asked to drop

net: sched: cbq: dont intepret cls results when asked to drop

ipv6: raw: Deduct extension header length in rawv6_push_pending_frames

net: sched: disallow noqueue for qdisc classes

media: dvbdev: adopts refcnt to avoid UAF

media: dvbdev: fix refcnt bug

media: dvbdev: adopts refcnt to avoid UAF (adaptation)

drm/amdkfd: Check for null pointer after calling kmemdup

KVM: VMX: Execute IBPB on emulated VM-exit when guest has IBRS

net: fix a concurrency bug in l2tp_tunnel_register()

l2tp: Serialize access to sk_user_data with sk_callback_lock

l2tp: Don't sleep and disable BH under writer-side sk_callback_lock

wifi: rndis_wlan: Prevent buffer overflow in rndis_query_oid

x86/speculation: Identify processors vulnerable to SMT RSB predictions

KVM: x86: Mitigate the cross-thread return address predictions bug

KVM: x86: Mitigate the cross-thread return address predictions bug (adaptation)

netfilter: nf_tables: deactivate anonymous set from preparation phase

KVM: nVMX: add missing consistency checks for CR0 and CR4

netfilter: nf_tables: stricter validation of element data

KVM: x86: do not report a vCPU as preempted outside instruction boundaries (adaptation)

Complex adaptation required.

rds: Fix lack of reentrancy for connection reset with dst addr zero

netfilter: ipset: add the missing IP_SET_HASH_WITH_NET0 macro for ip_set_hash_netportnet.c

A low priority AMD Inception vulnerability that affects Zen3/Zen4 & relates to RetBleed fixes requiring microcode updates, we can't do much about it in KCare Infra.

x86/CPU/AMD: Do not leak quotient data after a division by 0

Bluetooth: btsdio: fix use after free bug in btsdio_remove due to race condition

nvmet-tcp: Fix a possible UAF in queue intialization setup

kobject: Fix slab-out-of-bounds in fill_kobj_path()

An introduction of required changes through KernelCare could cause unavoidable problems to applications which use netfilter functionality.

x86/xen: Add xenpv_restore_regs_and_return_to_usermode()

kpatch add alt asm definitions

kpatch add paravirt asm definitions

Restrict access to pagemap/kpageflags/kpagecount

KVM: x86: avoid calling x86 emulator without a decoded

perf: Fix sys_perf_event_open() race against self