Out of scope as the patch is for powerpc arch only, x86_64 is not affected

sunrpc: Avoid a KASAN slab-out-of-bounds bug in

KVM: nSVM: avoid picking up unsupported bits from L2 in int_ctl

KVM: nSVM: always intercept VMLOAD/VMSAVE when nested

RDMA/cma: Add missing locking to rdma_accept()

RDMA/ucma: Fix the locking of ctx->file

RDMA/ucma: Fix locking for ctx->events_reported

RDMA/ucma: Rework ucma_migrate_id() to avoid races with destroy

HID: make arrays usage and value to be the same

bpf, ringbuf: Deny reserve of buffers larger than ringbuf

net, sctp, filter: remap copy_from_user failure error

tty: Fix ->session locking

nbd: freeze the queue while we're adding connections

dm ioctl: fix out of bounds array access when no devices

fuse: fix live lock in fuse_iget()

pinctrl: devicetree: Avoid taking direct reference to device name string

mwifiex: Fix possible buffer overflows in mwifiex_cmd_802_11_ad_hoc_start

cipso,calipso: resolve a number of problems with the DOI refcounts

KVM: Destroy I/O bus devices on unregister failure _after_ sync'ing SRCU

KVM: Stop looking for coalesced MMIO zones if the bus is destroyed

sctp: delay auto_asconf init until binding the first addr

tipc: better validate user input in tipc_nl_retrieve_key()

bpf: Fix propagation of 32-bit signed bounds from 64-bit bounds

bpf: Fix propagation of 32 bit unsigned bounds from 64 bit bounds

Bluetooth: use correct lock to prevent UAF of hdev object

Revert "netfilter: x_tables: Switch synchronization to RCU"

netfilter: x_tables: Use correct memory barriers.

Bluetooth: fix the erroneous flush_work() order

Bluetooth: SMP: Fail if remote and local public keys are identical

mm: thp: make the THP mapcount atomic against __split_huge_pmd_locked()

mm: thp: fix MADV_REMOVE deadlock on shmem THP

perf/x86/intel: Fix a crash caused by zero PEBS status

bpf, cgroup: Fix optlen WARN_ON_ONCE toctou

bpf, cgroup: Fix problematic bounds check

bpf: Fix 32 bit src register truncation on div/mod

bpf: Fix truncation handling for mod32 dst reg wrt zero

Bluetooth: Fix slab-out-of-bounds read in hci_extended_inquiry_result_evt()

netfilter: nf_tables: fix flowtable list del corruption

bpf: Prohibit alu ops for pointer types not defining ptr_limit

bpf: Fix off-by-one for area size in creating mask to left

bpf: Simplify alu_limit masking for pointer arithmetic

bpf: Add sanity check for upper ptr_limit

bpf: Use correct permission flag for mixed signed bounds arithmetic

bpf: Move off_reg into sanitize_ptr_alu

bpf: Ensure off_reg has no mixed signed bounds for all types

bpf: Rework ptr_limit into alu_limit and add common error path

bpf: Improve verifier error messages for users

bpf: Refactor and streamline bounds check into helper

bpf: Move sanitize_val_alu out of op switch

bpf: Tighten speculative pointer arithmetic mask

bpf: Fix masking negation logic upon negative dst register

bpf: Fix leakage of uninitialized bpf stack under speculation

bpf: Wrap aux data inside bpf_sanitize_info container

bpf: Fix mask direction swap upon off reg sign change

bpf: No need to simulate speculative domain for immediates

tracing: Fix bug in rb_per_cpu_empty() that might cause deadloop.

net: mac802154: Fix general protection fault

mac80211: assure all fragments are encrypted

mac80211: prevent mixed key and fragment cache attacks

mac80211: properly handle A-MSDUs that start with an RFC 1042 header

cfg80211: mitigate A-MSDU aggregation attacks

mac80211: drop A-MSDUs on old ciphers

mac80211: check defrag PN against current frame

mac80211: prevent attacks on TKIP/WEP as well

mac80211: do not accept/forward invalid EAPOL frames

mac80211: extend protection against mixed key and fragment cache attacks

ath10k: add CCMP PN replay protection for fragmented frames for PCIe

ath10k: drop fragments with multicast DA for PCIe

ath10k: drop fragments with multicast DA for SDIO

ath10k: drop MPDU which has discard flag set by firmware for SDIO

ath10k: Fix TKIP Michael MIC verification for PCIe

ath10k: Validate first subframe of A-MSDU before processing the list

ath11k: Clear the fragment cache during key install

ath11k: Drop multicast fragments

mac80211: prevent mixed key and fragment cache attacks (kpatch adaptation)

mac80211: add fragment cache to sta_info

mac80211: prevent attacks on TKIP/WEP as well (kpatch adaptation)

ovl: prevent private clone if bind mount is not allowed

ixgbe: fix large MTU request from VF

Already included.

Out of scope as the patch is for powerpc arch only, x86_64 is not affected

tipc: fix size validations for the MSG_CRYPTO type

lib/timerqueue: Rely on rbtree semantics for next timer

lib/timerqueue: Rely on rbtree semantics for next timer (adaptation)

ovl: fix missing negative dentry check in ovl_rename()

xfs: map unwritten blocks in XFS_IOC_{ALLOC,FREE}SP just like

vfs: fs_context: fix up param length parsing in legacy_parse_param

UBUNTU: SAUCE: vfs: test that one given mount param is not larger than PAGE_SIZE

drm/i915: Flush TLBs before releasing backing store

drm/i915: Flush TLBs before releasing backing store (kpatch adaptation)

tipc: improve size validations for received domain records

lib/iov_iter: initialize "flags" in new pipe_buffer

af_unix: fix garbage collect vs MSG_PEEK

af_unix: fix garbage collect vs MSG_PEEK (adaptation)

cgroup: verify that source is a string

drm/vmwgfx: Fix stale file descriptors on failed usercopy

cgroup-v1: Require capabilities to set release_agent

KVM: s390: Return error on SIDA memop on normal guest

netfilter: nf_tables_offload: incorrect flow offload action array size

bpf, x86: Validate computation of branch displacements for x86-64

bpf, x86: Validate computation of branch displacements for x86-32

bpf: Fix integer overflow in prealloc_elems_and_freelist()

xfs: fix up non-directory creation in SGID directories

ipv6: use siphash in rt6_exception_hash()

ipv6: make exception cache less predictible

ipv6: use siphash in rt6_exception_hash() (kpatch adaptation)

vt: keyboard: avoid signed integer overflow in k_ascii

vt: keyboard: avoid signed integer overflow in k_ascii (kpatch adaptation)

pNFS/flexfiles: fix incorrect size check in decode_nfs_fh()

net: qrtr: fix another OOB Read in qrtr_endpoint_post

Bluetooth: fix use-after-free error in lock_sock_nested()

ipv4: use siphash instead of Jenkins in fnhe_hashfun()

ipv4: make exception cache less predictible

ipv4: use siphash instead of Jenkins in fnhe_hashfun() (kpatch adaptation)

fget: check that the fd still exists after getting a ref to it

netfilter: nat: force port remap to prevent shadowing well-known ports

ipv6: use prandom_u32() for ID generation

cgroup: unify attach permission checking

cgroup/cgroup.c: replace 'of->kn->priv' with of_cft()

cgroup: cgroup.{procs,threads} factor out common parts

cgroup: Use open-time credentials for process migraton perm checks

cgroup: Use open-time cgroup namespace for process migration perm checks

tee: handle lookup of shm with reference count 0

Input: joydev - prevent potential read overflow in ioctl

fuse: use true,false for bool variable

fuse: fix pipe buffer lifetime for direct_io

fuse: fix pipe buffer lifetime for direct_io (kpatch adaptation)

bpf: Remove MTU check in __bpf_skb_max_len

IBM Power9 is unsupported

media: uvcvideo: Avoid cyclic entity chains due to malformed USB descriptors.

drm/nouveau: Add a dedicated mutex for the clients list

drm/nouveau: use drm_dev_unplug() during device removal

drm/nouveau: clean up all clients on device removal

drm/nouveau: Add a dedicated mutex for the clients list (adaptation)

ipc: replace costly bailout check in sysvipc_find_ipc()

crypto: ccp - fix resource leaks in ccp_run_aes_gcm_cmd()

memcg: enable accounting of ipc resources

use init_tag from inithdr for ABORT chunk

fix the processing for COOKIE_ECHO chunk

sctp: add vtag check in sctp_sf_violation

sctp: add vtag check in sctp_sf_do_8_5_1_E_sa

sctp: add vtag check in sctp_sf_ootb

hugetlbfs: flush TLBs correctly after huge_pmd_unshare

ARM related CVE

An introduction of required changes through KernelCare could cause unavoidable problems to applications which use unprivileged eBPF.

Out of scope as the patch is for powerpc arch only, x86_64 is not affected

An introduction of required changes through KernelCare could cause unavoidable problems to applications which use unprivileged eBPF.

An introduction of required changes through KernelCare could cause unavoidable problems to applications which use unprivileged eBPF.

hso: fix bailout in error case of probe

usb: hso: fix error handling code of hso_create_net_device

media: firewire: firedtv-avc: fix a buffer overflow in avc_ca_pmt()

isdn: cpai: check ctr->cnr to avoid array index out of bound

mwifiex: Fix skb_over_panic in mwifiex_usb_recv()

account stream padding length for reconf chunk

bonding: fix null dereference in bond_ipsec_add_sa()

af_unix: fix races in sk_peer_pid and sk_peer_cred accesses

af_unix: fix races in sk_peer_pid and sk_peer_cred accesses (adaptation)

inet: use bigger hash table for IP ID generation

inet: use bigger hash table for IP ID generation (adaptation)

fbcon: Fix global-out-of-bounds read in fbcon_get_font()

fbcon: Fix global-out-of-bounds read in fbcon_get_font()

esp: Fix possible buffer overflow in ESP transformation

sock: remove one redundant SKB_FRAG_PAGE_ORDER macro (CVE-2022-27666 dependency)

perf: Fix sys_perf_event_open() race against self

netfilter: nf_tables: disallow non-stateful expression in sets earlier

secure_seq: use the 64 bits of the siphash for port offset

x86/speculation/mmio: Add mitigation for Processor MMIO Stale Data

UBUNTU: SAUCE: net_sched: cls_route: remove from list when handle is 0

af_key: add __GFP_ZERO flag for compose_sadb_supported in function pfkey_register

block-map: add __GFP_ZERO flag for alloc_page in function

Fix lock_sock() blockage by memcpy_from_msg()

net: sched: fix use-after-free in tc_new_tfilter()

fix double dev_kfree_skb() in error path

net/packet: fix slab-out-of-bounds access in packet_recvmsg()

SUNRPC: Ensure we flush any closed sockets before

[PATCH] SUNRPC: Don't leak sockets in xs_local_connect()

net/sched: cls_u32: fix netns refcount changes in u32_change()

netfilter: nf_queue: do not allow packet truncation below transport header offset

ipv4: avoid using shared IP generator for connected sockets

ipv4: tcp: send zero IPID in SYNACK messages

vt: vt_ioctl: fix race in VT_RESIZEX

media: v4l: ioctl: Fix memory leak in video_usercopy

cifs: prevent bad output lengths in smb2_ioctl_query_info()

cifs: fix NULL ptr dereference in smb2_ioctl_query_info()

udf: Fix NULL ptr deref when converting from inline format

udf: Restore i_lenAlloc when inode expansion fails

Reinstate some of "swiotlb: rework "fix info leak with

ext4: verify dir block before splitting it

ext4: make variable "count" signed

ext4: avoid cycles in directory h-tree

psi: Fix uaf issue when psi trigger is destroyed while being polled (adaptation)

ALSA: pcm: Fix races among concurrent read/write and buffer changes

ALSA: pcm: Fix races among concurrent prepare and hw_params/hw_free calls

ALSA: pcm: Fix races among concurrent hw_params and hw_free calls

ALSA: pcm: Fix races among concurrent prealloc proc writes

ALSA: pcm: Fix races among concurrent hw_params and hw_free calls (adaptation)

openvswitch: fix OOB access in reserve_sfa_size()

Initialize registers to avoid stack leak into userspace.

Bail out in case userspace uses unsupported registers.

KVM: x86: avoid calling x86 emulator without a decoded

netfilter: nf_tables: sanitize nft_set_desc_concat_parse()

Out of scope as the patch is aarch64 related

NFSv4: Handle case where the lookup of a directory fails

netfilter: nf_tables: do not allow SET_ID to refer to another

netfilter: nf_tables: do not allow SET_ID to refer to another

lockdown: also lock down previous kgdb use

drm/i915: fix TLB invalidation for Gen12 video and compute

net: usb: ax88179_178a: Fix out-of-bounds accesses in RX

net: usb: ax88179_178a: Fix out-of-bounds accesses in RX

net: usb: ax88179_178a: Fix out-of-bounds accesses in RX

net: usb: ax88179_178a: Fix out-of-bounds accesses in RX

i2c: ismt: prevent memory corruption in ismt_access()

act_mirred: use the backlog for nested calls to

proc: avoid integer type confusion in get_proc_long

proc: proc_skip_spaces() shouldn't think it is working on C strings

ALSA: pcm: Move rwsem lock inside snd_ctl_elem_read to prevent UAF

ovl: fail on invalid uid/gid mapping at copy up

x86/xen: Add xenpv_restore_regs_and_return_to_usermode()

Livepatching Retbleed may decrease kernel stability and performance. This vulnerability has medium security impact and applies to certain hardware environments only.

Livepatching Retbleed may decrease kernel stability and performance. This vulnerability has medium security impact and applies to certain hardware environments only.

Livepatching Retbleed may decrease the stability and performance of the kernel, while vulnerability has a medium security impact and only for a certain hardware environment.

Livepatching Retbleed may decrease kernel stability and performance. This vulnerability has medium security impact and applies to certain hardware environments only.

Livepatching Retbleed may decrease the stability and performance of the kernel, while vulnerability has a medium security impact and only for a certain hardware environment.