denial of service (memory exhaustion)

NULL pointer dereference in ext4fs driver

memory leak in the drivers/net/wireless/mac80211_hwsim.c:hwsim_new_radio_nl() function

incorrect bounds check

denial of service via a crafted ext4 image

denial of service (NULL pointer dereference and system crash) via a crafted ext4 image

denial of service

obtain sensitive information from kernel memory via adjtimex

random: fix crng_ready() test

random: use a different mixing algorithm for add_device_randomness()

floppy: Do not copy a kernel pointer to user

USB: gadget: f_midi: fixing a possible double-free in f_midi

usb: dwc3: gadget: never call ->complete() from ->ep_queue()

denial of service

denial of service (stack-based buffer overflow)

OOPS may occur for a corrupted xfs image

privileges escalating

ext4: clear i_data in ext4_inode_info when removing inline data

video: uvesafb: Fix integer overflow in allocation

mm, oom: fix concurrent munlock and oom reaper unmap, v3

mm, oom: fix concurrent munlock and oom reaper unmap, v3

scsi: sg: allocate with __GFP_ZERO in sg_build_indirect()

xfs: set format back to extents if xfs_bmap_extents_to_btree

ext4: correctly handle a zero-length xattr with a non-zero

ext4: add validity checks for bitmap block numbers

random: set up the NUMA crng instances after the CRNG is fully initialized

random: fix possible sleeping allocation from irq context

proc: do not access cmdline nor environ from file-backed

ext4: do not allow external inodes for inline data

ext4: bubble errors from ext4_find_inline_data_nolock() up to

socket: close race condition between sock_close()

jfs: Fix inconsistency between memory allocation and ea_buf->max_size

kvm: nVMX: Enforce cpl=0 for VMX instructions

usbip: usbip_host: fix NULL-ptr deref and use-after-free errors

usbip: usbip_host: fix NULL-ptr deref and use-after-free errors

usbip: usbip_host: fix NULL-ptr deref and use-after-free errors

usbip: usbip_host: fix NULL-ptr deref and use-after-free errors

ARM: amba: Fix race condition with driver_override

ARM: amba: Don't read past the end of sysfs "driver_override" buffer

acpi: acpica: fix acpi operand cache leak in nseval.c

vhost: fix info leak due to uninitialized memory

NFC: llcp: Limit size of SDP URI

x86/paravirt: Fix spectre-v2 mitigations for paravirt guests

kvm: x86: use correct privilege level for sgdt/sidt/fxsave/fxrstor access

The irda_bind() function allocates memory for self->ias_obj without checking to see if the socket is already bound

irda: Only insert new objects into the global database via setsockopt

x86/speculation: Protect against userspace-userspace spectreRSB

xfs: enhance dinode verifier

xfs: enhance dinode verifier

xfs: More robust inode extent count validation

scsi: target: iscsi: Use hex2bin instead of a re-implementation

scsi: target: iscsi: Use bin2hex instead of a re-implementation

mm: rollback 6b4ebc3a9078

scsi: sg: mitigate read/write abuse

xen-netback: fix input validation in xenvif_set_hash_mapping()

cdrom: Fix info leak/OOB read in cdrom_ioctl_drive_status

Bluetooth: hidp: buffer overflow in hidp_process_report

infiniband: fix a possible use-after-free bug

ALSA: rawmidi: Change resized buffers atomically

USB: yurex: fix out-of-bounds uaccess in read handler

userns: also map extents in the reverse map to kernel IDs

overlayfs: ensure mounter privileges when reading directories

posix-timers: Sanitize overrun handling

posix-timers: Sanitize overrun handling

bpf: 32-bit RSH verification must truncate input before the ALU op

xfs: don't fail when converting shortform attr to long form

cdrom: fix improper type cast, which can leat to information leak.

ext4: only look at the bg_flags field if it is valid

ext4: verify the depth of extent tree in ext4_find_extent()

xt4: always check block group bounds in ext4_init_block_bitmap()

ext4: make sure bitmaps and the inode table don't overlap with bg descriptors

xt4: add corruption check in ext4_xattr_set_entry()

ext4: always verify the magic number in xattr blocks

ext4: add more inode number paranoia checks

ext4: never move the system.data xattr out of the inode body

ext4: avoid running out of journal credits when appending to an inline file

jbd2: don't mark block as modified if the handle is out of credits

KVM: Fix UAF in nested posted interrupt processing

proc: restrict kernel stack dumps to root

mremap: properly flush TLB before releasing the page

KVM: X86: Fix scan ioapic use-before-initialization

HID: debug: check length before copy_to_user()

crypto: user - fix leaking uninitialized memory to userspace

scsi: libsas: fix a race condition when smp task timeout

nfsd: COPY and CLONE operations require the saved filehandle to be set

userfaultfd: use ENOENT instead of EFAULT if the atomic copy user fails

userfaultfd: shmem: UFFDIO_COPY: set the page dirty if VM_WRITE is not set

userfaultfd: shmem/hugetlbfs: only allow to register VM_MAYWRITE vmas

userfaultfd: shmem: add i_size checks

userfaultfd: shmem: UFFDIO_COPY: set the page dirty if VM_WRITE is not set

crypto set sk to NULL when af_alg_release

ALSA: usb-audio: Fix UAF decrement if card has no live interfaces in card.c

Bluetooth: Verify that l2cap_get_conf_opt provides large

Bluetooth: Check L2CAP option sizes returned from

kvm: fix kvm_ioctl_create_device() reference counting

KVM: nVMX: unconditionally cancel preemption timer in free_nested

KVM: x86: work around leak of uninitialized stack contents

exec: Fix mem leak in kernel_read_file

mm: enforce min addr even if capable() in expand_downwards()

x86/entry/64: Remove %ebx handling from error_entry/exit

bpf: prevent out of bounds speculation on pointer arithmetic

srcu: Lock srcu_data structure in srcu_gp_start() (ubuntu bug LP: #1802021)

mds clear cpu buffers

sunrpc: use SVC_NET() in svcauth_gss_* functions

sunrpc: use-after-free in svc_process_common()

CVE-2018-16884 kpatch adaptation

vfio/type1: Limit DMA mappings per container

sctp: implement memory accounting on rx path

sctp: implement memory accounting on tx path

brcmfmac: assure SSID length from firmware is limited

brcmfmac: add subtype check for event handling in data path

UBUNTU: SAUCE: tcp: limit payload size of sacked skbs

UBUNTU: SAUCE: tcp: tcp_fragment() should apply sane memory limits

tcp: add tcp_min_snd_mss sysctl

tcp: enforce tcp_min_snd_mss in tcp_mtu_probing()

Bluetooth: hidp: fix buffer overflow

ext4: zero out the unused memory region in the extent tree block

net: rds: force to destroy connection if t_sock is NULL in rds_tcp_kill_sock().

drm/i915/gvt: Fix mmap range check

alarmtimer: Prevent overflow for relative nanosleep

validate cached inodes are free when allocated in xfs

fix to do sanity check with {sit,nat}_ver_bitmap_bytesize

f2fs: fix to do sanity check with user_block_count

f2fs: introduce sanity_check_inode() (dependency for CVE-2018-13098)

do sanity check with extra_attr feature in f2fs

f2fs: fix to do sanity check with reserved blkaddr of inline inode

f2fs: fix to do sanity check with secs_per_zone

btrfs: relocation: Only remove reloc rb_trees if reloc control has been initialized

btrfs: Check that each block group has corresponding chunk at mount time

btrfs: validate type when reading a chunk

btrfs: tree-checker: Detect invalid and empty essential trees

btrfs: tree-checker: Verify block_group_item

f2fs: fix to do sanity check with cp_pack_start_sum

do sanity check with i_extra_isize in f2fs

f2fs: check_nid_range() refactoring (dependency for CVE-2018-14616)

f2fs: fix to do sanity check with block address in main area v2

hfsplus: fix NULL dereference in hfsplus_lookup()

mm: cleancache: fix corruption on missed inode invalidation

USB: check usb_get_extra_descriptor for proper size

net/appletalk: fix minor pointer leak to userspace in SIOCFINDIPDDPRT

fixed possible use-after-free in block/blk-core.c

validate public key in crypto/ecc.c (adaptation)

fix heap overflow in mwifiex_uap_parse_tail_ies()

Spectre v1 swapgs mitigations

fix NULL pointer dereference in net/nfc

fix use-after-free in drivers/net/phy/mdio_bus.c

fixed possible NULL pointer dereference in net/nfc/netlink.c

fix use-after-free access to LDT entry

fix ->ptracer_cred handling for PTRACE_TRACEME

media: em28xx: Fix use-after-free when disconnecting

fixed possible OOB-read with improper input validation in drivers/media/usb/uvc/uvc_driver.c

fixed possible memory corruption in mwifiex kernel module

RDMA/ucma: check fd type in ucma_migrate_id()

Bluetooth: Align minimum encryption key size for LE and BR/EDR connections

Bluetooth: Fix regression with minimum encryption key size alignment

Bluetooth: Fix faulty expression for minimum encryption key size check

introduce vhost_exceeds_weight() (adaptation for CVE-2019-3900 dependency)

fix possible infinite loop in drivers/vhost/net.c (adaptation)

add weight support to drivers/vhost/vsock.c (adaptation)

add weight support to drivers/vhost/scsi.c (adaptation)

HID: debug: fix the ring buffer implementation

can: gw: ensure DLC boundaries after CAN frame modification

ALSA: line6: Fix write on zero-sized buffer

p54usb: Fix race between disconnect and firmware loading

media: usb: siano: Fix general protection fault in smsusb

media: cpia2_usb: first wake up, then free in disconnect

ALSA: core: Fix card races between register and disconnect

ALSA: info: Fix racy addition/deletion of nodes

USB: rio500: refuse more than one device at a time

media: radio-raremono: change devm_k*alloc to k*alloc

USB: gadget: f_hid: fix deadlock in f_hidg_write()

scsi: qedi: remove memset/memcpy to nfunc and use func instead

floppy: fix div-by-zero in setup_format_params

floppy: fix out-of-bounds read in copy_buffer

Input: gtco - bounds check collection indent level

scsi: megaraid_sas: return error when create DMA pool failed

coredump: fix race condition between mmget_not_zero()/get_task_mm() and core dumping

fs: prevent page refcount overflow in pipe_buf_get

mm: add 'try_get_page()' helper function

mm: prevent get_user_pages() from overflowing page refcount

mm: make page ref count overflow check tighter and more explicit

Bluetooth: hci_uart: check for missing tty operations

sched/fair: Fix infinite loop in update_blocked_averages() by reverting a9e7f6544b9c

USB: hso: Fix OOB memory access in hso_probe/hso_get_config_data

inet: switch IP ID generator to siphash

net-sysfs: Fix mem leak in netdev_register_kobject

fm10k: Fix a potential NULL pointer dereference

genetlink: Fix a memory leak on error path

xfrm: policy: Fix out-of-bound array accesses in __xfrm_policy_unlink

scsi: libsas: delete sas port if expander discover failed

9p: use inode->i_lock to protect i_size_write() under 32-bit

Change mincore() to count "mapped" pages rather than "cached" pages

update ballooning to not consume all dom0's VA

net: sit: fix memory leak in sit_init_net()

net: hsr: fix memory leak in hsr_dev_finalize()

xfs: clear sb->s_fs_info on mount failure

tty: mark Siemens R3964 line discipline as BROKEN

f2fs: sanity check of xattr entry size

f2fs: fix to avoid accessing xattr across the boundary

kvm: fix vhost_net log overflow

xfs: fix missing ILOCK unlock when xfs_setattr_nonsize fails due to EDQUOT

cifs: Fix lease buffer length error

rsi: add fix for crash during assertions

mwifiex: Fix three heap overflow at parsing element in

mwifiex: Fix three heap overflow at parsing element in

mwifiex: Fix three heap overflow at parsing element in

KVM: coalesced_mmio: add bounds checking

ALSA: usb-audio: Fix an OOB bug in parse_audio_mixer_unit

ALSA: usb-audio: Fix an OOB bug in parse_audio_mixer_unit

media: technisat-usb2: break out of loop at end of buffer

mm, oom: remove sleep from under oom_lock

make 'user_access_begin()' do 'access_ok()'

x86: kvm: Do not release the page inside mmu_set_spte() (CVE-2018-12207 prerequirement)

CVE-2018-12207 prerequirement - code cleanup and simplification

x86: kvm: change kvm_mmu_page_get_gfn BUG_ON to WARN_ON (CVE-2018-12207 prerequirement)

x86: kvm: vmx,svm: always run with EFER.NXE=1 when shadow paging is active (CVE-2018-12207 prerequirement)

kvm: Convert kvm_lock to a mutex (CVE-2018-12207 prerequirement)

kvm: mmu: ITLB_MULTIHIT mitigation (adaptation)

ath6kl: fix a NULL-ptr-deref bug in ath6kl_usb_alloc_urb_from_pipe()

ax25: enforce CAP_NET_RAW for raw sockets

ieee802154: enforce CAP_NET_RAW for raw sockets

appletalk: enforce CAP_NET_RAW for raw sockets

mISDN: enforce CAP_NET_RAW for raw sockets

nfc: enforce CAP_NET_RAW for raw sockets

rtlwifi: enforce CAP_NET_RAW for raw sockets

drm/i915/gtt: Add read only pages to gen8_pte_encode

drm/i915/gtt: Read-only pages for insert_entries on bdw+

drm/i915/gtt: Disable read-only support under GVT

drm/i915: Prevent writing into a read-only object via a GGTT mmap

drm/i915/cmdparser: Check reg_table_count before derefencing.

drm/i915/cmdparser: Do not check past the cmd length

drm/i915: Silence smatch for cmdparser

drm/i915: Move engine->needs_cmd_parser to engine->flags

drm/i915: Rename gen7 cmdparser tables

drm/i915: Disable Secure Batches for gen6+

drm/i915: Remove Master tables from cmdparser

drm/i915: Add support for mandatory cmdparsing

drm/i915: Support ro ppgtt mapped cmdparser shadow buffers

drm/i915: Allow parsing of unsized batches

drm/i915: Add gen9 BCS cmdparsing

drm/i915/cmdparser: Use explicit goto for error paths

Add support for backward jumps

drm/i915/cmdparser: Ignore Length operands during command matching

drm/i915: Lower RM timeout to avoid DSI hard hangs

drm/i915/gen8+: Add RC6 CTX corruption WA

drm/i915/cmdparser: Fix jump whitelist clearing

x86/speculation/taa: Add mitigation for TSX Async Abort

nl80211: fixed buffer overflow when handling beacon settings (CVE-2019-16746 helper functions)

nl80211: fixed buffer overflow when handling beacon settings

fixed possible DoS in drivers/infiniband/hw/cxgb4/mem.c via directly calling dma_map_single() from a stack variable

fixed buffer overflow in cfg80211_mgd_wext_giwessid() in net/wireless/wext-sme.c which does not reject a long SSID IE

fixed possible DoS via memory leak in the adis_update_scan_mode() in drivers/iio/imu/adis_buffer.c

fixed possible DoS via memory leak in the sdma_init() in drivers/infiniband/hw/hfi1/sdma.c

fixed possible DoS via memory leak in the ca8210_probe() in drivers/net/ieee802154/ca8210.c

mwifiex: fix possible heap overflow in mwifiex_process_country_ie()

Heap Overflow in add_ie_rates() function of Marvell Wifi Driver in Linux kernel

fix a heap overflow in Marvell WiFi driver

Start checking alloc_workqueue() return value in fjes driver.

scsi: qla2xxx: fix a potential NULL pointer dereference

net/mlx5: prevent memory leak in mlx5_fpga_conn_create_cq

can: gs_usb: gs_can_open(): prevent memory leak

drm/amd/display: memory leak

Input: ff-memless - kill timer in destroy()

can: mcba_usb: fix use-after-free on disconnect

can: peak_usb: fix slab info leak

[sound] ALSA: timer: Fix incorrectly assigned timer instance

[sound] ALSA: timer: Fix incorrectly assigned timer instance

net/flow_dissector: switch to siphash

net/flow_dissector: switch to siphash

UBUNTU: SAUCE: drm/i915: Fix use-after-free when destroying GEM context

drm/i915/gen9: Clear residual context state on context switch

pinctrl: devicetree: Avoid taking direct reference to device name string.

KVM: x86: fix out-of-bounds write in KVM_GET_EMULATED_CPUID (CVE-2019-19332)

appletalk: Fix potential NULL pointer dereference in unregister_snap_client

appletalk: Set error code if register_snap_client failed

ext4: fix use-after-free race with debug_want_extra_isize

cfg80211/mac80211: make ieee80211_send_layer2_update a public function

ext4: add more paranoia checking in ext4_expand_extra_isize handling

ath10k: fix memory leak

drm/amd/display: prevent memory leak

rtlwifi: prevent memory leak in rtl_usb_probe

rsi: release skb if rsi_prepare_beacon fails

mwifiex: pcie: Fix memory leak in mwifiex_pcie_init_evt_ring

media: usb: fix memory leak in af9005_identify_state

btrfs: refactor btrfs_find_device() take fs_devices as argument

btrfs: merge btrfs_find_device and find_device

media: rcar_drif: fix a memory disclosure

media: vivid: Fix wrong locking that causes race conditions on streaming stop

ath10k: Fix a NULL-ptr-deref bug in ath10k_usb_alloc_urb_from_pipe

mac80211: fix station inactive_time shortly after boot

mac80211: Do not send Layer 2 Update frame before authorization

dccp: Fix memleak in __feat_register_sp

scsi: libsas: stop discovering if oob mode is disconnected

crypto: user - fix memory leak in crypto_report

libertas: fix a potential NULL pointer dereference

drm/amdkfd: fix a potential NULL pointer dereference (v2)

media: b2c2-flexcop-usb: add sanity checking

net: icmp: fix data-race in cmp_global_allow()

HID: hid-input: clear unmapped usages.

rtl8xxxu: prevent leaking urb

scsi: bfa: release allocated memory in case of error

iwlwifi: dbg_ini: fix memory leak in alloc_sgtable

mwifiex: pcie: Fix memory leak in mwifiex_pcie_alloc_cmdrsp_buf

wimax: i2400: fix memory leak

media: usb:zr364xx:Fix KASAN:null-ptr-deref Read in zr364xx_vidioc_querycap

ipmi: Fix memory leak in __ipmi_bmc_register

kvm: nVMX: fixed L2 guest possible tricking the L0 hypervisor to access sensitive L1 resources

drm/i915: Restore sane defaults for KMS on GEM error load (CVE-2020-8832 dependency)

drm/i915: Use same test for eviction and submitting kernel context

drm/i915: Define an engine class enum for the uABI

drm/i915: Define an engine class enum for the uABI (adaptation)

drm/i915: Force the switch to the i915->kernel_context

drm/i915: Move GT powersaving init to i915_gem_init()

drm/i915: Move intel_init_clock_gating() to i915_gem_init()

drm/i915: Inline intel_modeset_gem_init()

drm/i915: Mark the context state as dirty/written

drm/i915: Record the default hw state after reset upon load

drm/i915: Record the default hw state after reset upon load (adaptation)

staging: most: net: fix buffer overflow.

media: uvcvideo: Avoid cyclic entity chains due to malformed USB descriptors.

mm: slub: add missing TID bump in kmem_cache_alloc_bulk()

cfg80211: add missing policy for NL80211_ATTR_STATUS_CODE

cfg80211: add missing policy for NL80211_ATTR_STATUS_CODE (adaptation)

audit: fix error handling in audit_data_to_entry().

iwlwifi: pcie: fix rb_allocator workqueue allocation

tracing/blktrace: Fix to allow setting same value

blktrace: Protect q->blk_trace with RCU

blktrace: fix dereference after null check

vhost: Check docket sk_family instead of call getname

media: ov519: add missing endpoint sanity checks

media: stv06xx: add missing descriptor sanity checks

media: xirlink_cit: add missing descriptor sanity checks

vt: selection, handle pending signals in paste_selection

vt: selection, close sel_buffer race

floppy: check FDC index for errors before assigning it

blk-mq: sync the update nr_hw_queues with blk_mq_queue_tag_busy_iter.

blk-mq: Allow blocking queue tag iter callbacks.

stack-based out-of-bounds write

CAN: zero scl_bump properly

block, bfq: fix use-after-free in bfq_idle_slice_timer_body

fs/namespace.c: fix mountpoint reference counter race

USB: core: Fix free-while-in-use bug in the USB S-Glibrary

propagate_one(): mnt_set_mountpoint() needs mount_lock

net: ipv6_stub: use ip6_dst_lookup_flow instead of ip6_dst_lookup

net: ipv6_stub: use ip6_dst_lookup_flow instead of ip6_dst_lookup (kpatch adaptation)

f2fs: fix to avoid memory leakage in f2fs_listxattr

selinux: properly handle multiple messages in selinux_netlink_send()

x86/speculation: Add Special Register Buffer Data Sampling (SRBDS) mitigation

btrfs: inode: Verify inode mode to avoid NULL pointer dereference

include/linux/relay.h: fix percpu annotation in struct rchan

btrfs: sink flush_fn to extent_write_cache_pages

btrfs: extent_io: Move the BUG_ON() in flush_write_bio() one level up

btrfs: Don't submit any btree write bio if the fs has errors

btrfs: fix reading stale metadata blocks after degraded raid1 mounts

btrfs: Always try all copies when reading extent buffers

btrfs: Correctly free extent buffer in case btree_read_extent_buffer_pages fails

btrfs: Validate child tree block's level and first key

btrfs: Detect unbalanced tree with empty leaf before crashing btree operations

UBUNTU: SAUCE: nbd_genl_status: null check for nla_nest_start

scsi: sg: add sg_remove_request in sg_write

netlabel: fixed possible NULL pointer dereference issue while importing some category bitmap into SELinux

USB: gadget: fix illegal array access in binding with UDC

mm: Fix mremap not considering huge pmd devmap

UBUNTU: SAUCE: acpi: disallow loading configfs acpi tables when locked down

aufs: bugfix, IMA i_readcount

aufs: do not call i_readcount_inc

usb: usbtest: fix missing kfree(dev->buf) in usbtest_disconnect

bcache: fix potential deadlock problem in btree_gc_coalesce

xfs: add agf freeblocks verify in xfs_agf_verify

sunrpc: svcauth_gss_register_pseudoflavor must reject duplicate registrations

sunrpc: clean up properly in gss_mech_unregister

sunrpc: clean up properly in gss_mech_unregister (adaptation )

media: go7007: fix a miss of snd_card_free

vt: keyboard: avoid signed integer overflow in k_ascii

bcache: fix potential deadlock problem in btree_gc_coalesce

cgroup: fix cgroup_sk_alloc() for sk_clone_lock()

cgroup: Fix sock_cgroup_data on big-endian.

cgroup: add missing skcd->no_refcnt check in cgroup_sk_clone()

nfsd: apply umask on fs without ACL support

net/packet: fix overflow in tpacket_rcv

f2fs: check memory boundary by insane namelen

f2fs: check if file namelen exceeds max value

vfio: access to disabled MMIO space of some devices may lead to DoS scenario

vfio: access to disabled MMIO space of some devices may lead to DoS scenario

random32: update the net random state on interrupt and activity

crypto: ccp - Release all allocated memory if sha type is invalid

media: rc: prevent memory leak in cx23888_ir_probe

iio: imu: adis16400: fix memory leak

drm/amdgpu: fix multiple memory leaks in acp_hw_init

ath9k_htc: release allocated buffer if timed out

ath9k: release allocated buffer if timed out

ext4: fix potential negative array index in do_split()

nfs: Fix getxattr kernel panic and memory overflow

net/nfc/rawsock.c: add CAP_NET_RAW check.

btrfs only search for left_info if there is no right_info

ovl: pass correct flags for opening real directory

ovl: switch to mounter creds in readdir

ovl: verify permissions in ovl_path_open()

Bluetooth: L2CAP: Fix calling sk_filter on non-socket based

Bluetooth: L2CAP: Fix calling sk_filter on non-socket based

Bluetooth: A2MP: Fix not initializing all members

powercap: make attributes only readable by root

powercap: make attributes only readable by root (adaptation)

netfilter: ctnetlink: add a range check for l3/l4 protonum

perf/core: Fix race in the perf_mmap_close() function

rbd: require global CAP_SYS_ADMIN for mapping and unmapping

mm/hugetlb: fix a race between hugetlb sysctl handlers

fbcon: remove soft scrollback code

fbcon: remove now unusued 'softback_lines' cursor() argument

fbcon: remove soft scrollback code (adaptation)

block: allow for_each_bvec to support zero len bvec

hdlc_ppp: add range checks in ppp_cp_parse_cr()

geneve: add transport ports in route lookup for geneve

fbcon: Fix global-out-of-bounds read in fbcon_get_font()

fbcon: Fix global-out-of-bounds read in fbcon_get_font()

HID: hid-input: fix stylus battery reporting.

tty/vt: fix write/write race in ioctl(KDSKBSENT) handler

vt: keyboard, simplify vt_kdgkbsent

vt: keyboard, extend func_buf_lock to readers

xen: fix GCC warning and remove duplicate EVTCHN_ROW/EVTCHN_COL usage

xen/events: avoid removing an event channel while handling it

binder: fix UAF when releasing todo list

vt: Disable KD_FONT_OP_COPY

Blktrace: bail out early if block debugfs is not configured

blktrace: fix debugfs use after free

blktrace: ensure our debugfs dir exists

tty: make FONTX ioctl use the tty pointer they were actually passed

media: usbtv: Fix refcounting mixup

Bluetooth: Consolidate encryption handling in hci_encrypt_cfm

Bluetooth: Fix update of connection state in `hci_encrypt_cfm`

Bluetooth: Disconnect if E0 is used for Level 4

RDMA/ucma: Fix locking for ctx->events_reported

icmp: randomize the global rate limiter

UBUNTU: SAUCE: target: fix XCOPY NAA identifier lookup

UBUNTU: SAUCE: target: fix XCOPY NAA identifier lookup (adaptation )

perf/core: Fix a memory leak in perf_event_parse_addr_filter()

mm/userfaultfd: do not access vma->vm_mm after calling

tty: Fix ->pgrp locking in tiocspgrp()

tty: Fix ->session locking

gup: document and work around "COW can break either way" issue

speakup: Do not let the line discipline be used several times

speakup: Reject setting the speakup line discipline outside of

jfs: Fix array index bounds check in dbAdjTree

xen-blkback: set ring->xenblkd to NULL after kthread_stop()

Input: sunkbd - avoid use-after-free in teardown paths

limit size of watch_events dom0 queue.

handle xenwatch_thread patching.

mwifiex: Fix possible buffer overflows in

nfsd4: readdirplus shouldn't return parent of export

futex: Ensure the correct return value from futex_lock_pi()

futex: Simplify fixup_pi_state_owner()

futex: Handle faults correctly for PI futexes

sysfs: Add sysfs_emit and sysfs_emit_at to format sysfs output

scsi: iscsi: Restrict sessions and handles to admin capabilities

scsi: iscsi: Ensure sysfs attributes are limited to PAGE_SIZE

scsi: iscsi: Verify lengths on passthrough PDUs

bpf: Prohibit alu ops for pointer types not defining ptr_limit

bpf: Fix off-by-one for area size in creating mask to left

nbd: freeze the queue while we're adding connections

bpf, x86: Validate computation of branch displacements for x86-64

xattr: break delegations in {set,remove}xattr

vfs: move cap_convert_nscap() call into vfs_setxattr()

xen-blkback: don't "handle" error by BUG()

xen-netback: don't "handle" error by BUG()

xen-scsiback: don't "handle" error by BUG()

xen-blkback: don't leak persistent grants from xen_blkbk_map()

xen-blkback: fix error handling in xen_blkbk_map()

usbip: fix stub_dev usbip_sockfd_store() races leading to gpf

gianfar: fix jumbo packets+napi+rx overrun crash

gianfar: fix jumbo packets+napi+rx overrun crash

xen-blkback: don't leak persistent grants from xen_blkbk_map()

netfilter: x_tables: Use correct memory barriers.

drm/ttm/nouveau: don't call tt destroy callback on alloc failure.

Xen/gnttab: handle p2m update errors on a per-slot basis

cipso,calipso: resolve a number of problems with the DOI refcounts

staging: rtl8188eu: prevent ->ssid overflow in rtw_wx_set_scan()

net: qrtr: fix error return code of qrtr_sendmsg()

btrfs: fix race when cloning extent buffer during rewind of an old

net: qrtr: Fix an out of bounds read qrtr_endpoint_post()

net/qrtr: fix __netdev_alloc_skb call

PCI: rpadlpar: Fix potential drc_name corruption in store functions

perf/x86/intel: Fix a crash caused by zero PEBS status

dm ioctl: fix out of bounds array access when no devices

net: qrtr: fix a kernel-infoleak in qrtr_recvmsg()

firewire: nosy: Fix a use-after-free bug in nosy_ioctl()

net: mac802154: Fix general protection fault

ext4: fix extent_status fragmentation for plain files

ext4: avoid arithemetic overflow that can trigger a BUG

ext4: catch integer overflow in ext4_cache_extents

nfc: fix memory leak in llcp_sock_bind() (dependency)

nfc: fix refcount leak in llcp_sock_bind()

nfc: fix refcount leak in llcp_sock_connect()

nfc: fix memory leak in llcp_sock_connect()

nfc: Avoid endless loops caused by repeated llcp_sock_connect()

netfilter: x_tables: fix compat match/target pad out-of-bound write

UBUNTU: SAUCE: can: bcm: delay release of struct bcm_op after synchronize_rcu

sctp: delay auto_asconf init until binding the first addr

UBUNTU: SAUCE: bpf: Do not use ax register in interpreter on div/mod

bpf: fix subprog verifier bypass by div/mod by 0 exception

UBUNTU: SAUCE: bpf: Fix 32-bit register truncation on div/mod instruction

seq_file: Disallow extremely large seq buffer allocations

Bluetooth: verify AMP hci_chan before amp_destroy

Bluetooth: verify AMP hci_chan before amp_destroy (kcare adaptation)

Bluetooth: SMP: Fail if remote and local public keys are identical

net/nfc: fix use-after-free llcp_sock_bind/connect

mac80211: assure all fragments are encrypted

mac80211: do not accept/forward invalid EAPOL frames

bluetooth: eliminate the potential race condition when removing the HCI controller

bpf: Fix masking negation logic upon negative dst register

bpf: improve verifier branch analysis

bpf: do not restore dst_reg when cur_state is freed

bpf: Simplify alu_limit masking for pointer arithmetic

bpf: Add sanity check for upper ptr_limit

bpf: extend is_branch_taken to registers

bpf: Move off_reg into sanitize_ptr_alu

bpf: Ensure off_reg has no mixed signed bounds for all types

bpf: Rework ptr_limit into alu_limit and add common error path

bpf: Improve verifier error messages for users

bpf: Refactor and streamline bounds check into helper

bpf: Move sanitize_val_alu out of op switch

bpf: Tighten speculative pointer arithmetic mask

bpf: Fix leakage of uninitialized bpf stack under speculation

bpf: Wrap aux data inside bpf_sanitize_info container

mac80211: extend protection against mixed key and fragment cache attacks

mac80211: extend protection against mixed key and fragment cache attacks

mac80211: prevent mixed key and fragment cache attacks (adaptation)

mac80211: prevent attacks on TKIP/WEP as well

mac80211: extend protection against mixed key and fragment cache attacks

Bluetooth: use correct lock to prevent UAF of hdev object

nfc: fix NULL ptr dereference in llcp_sock_getname() after failed

Bluetooth: fix the erroneous flush_work() order

can: bcm: fix infoleak in struct bcm_msg_head

Input: joydev - prevent use of not validated data in JSIOCSBTNMAP

virtio_console: Assure used length from device is limited

KVM: nSVM: always intercept VMLOAD/VMSAVE when nested (CVE-2021-3656)

KVM: nSVM: avoid picking up unsupported bits from L2 in int_ctl

KVM: nSVM: avoid picking up unsupported bits from L2 in int_ctl (adaptation)

net: qrtr: fix OOB Read in qrtr_endpoint_post

usb: max-3421: Prevent corruption of freed memory

usb: max-3421: Prevent corruption of freed memory (adaptation)

tracing: Fix bug in rb_per_cpu_empty() that might cause deadloop.

ovl: prevent private clone if bind mount is not allowed

net: xilinx_emaclite: Do not print real IOMEM pointer

KVM: X86: MMU: Use the correct inherited permissions to get shadow page

KVM: X86: MMU: Use the correct inherited permissions to get shadow page (adaptation)

ath: Use safer key clearing with key cache entries

ath9k: Clear key cache explicitly on disabling hardware

ath: Export ath_hw_keysetmac

ath: Modify ath_key_delete() to not need full key entry

ath9k: Postpone key cache entry deletion for TXQ frames reference it

ath9k: Postpone key cache entry deletion for TXQ frames reference it (adaptation)

ath: Export ath_hw_keysetmac (adaptation)

ext4: fix race writing to an inline_data file while its xattrs are changing

net: 6pack: fix slab-out-of-bounds in decode_data

vt_kdsetmode: extend console locking

net: qrtr: fix another OOB Read in qrtr_endpoint_post

soc: aspeed: lpc-ctrl: Fix boundary check for mmap

memcg: enable accounting of ipc resources

f2fs: fix wrong total_sections check and fsmeta check

f2fs: fix to do sanity check on segment/section count

NFSv4: Initialise connection to the server in nfs4_alloc_client()

sctp: validate chunk size in __rcv_asconf_lookup

sctp: add param size validation for SCTP_PARAM_SET_PRIMARY

fuse: fix bad inode

fuse: fix live lock in fuse_iget()

RDMA/cma: Add missing locking to rdma_accept()

RDMA/ucma: Fix the locking of ctx->file

RDMA/ucma: Rework ucma_migrate_id() to avoid races with destroy

net: hso: fix muxed tty registration

hso: fix bailout in error case of probe

usb: hso: fix error handling code of hso_create_net_device

usb: hso: remove the bailout parameter

crypto: ccp/gcm - use const time tag comparison.

crypto: ccp - Validate buffer lengths for copy operations

crypto: ccp - fix resource leaks in ccp_run_aes_gcm_cmd()

vmx_vcpu_run wrapper

Restrict access to pagemap/kpageflags/kpagecount

Add disable SMT knob

Setup L1TF bug bit

vmx l1d flush

Revert "net: increase fragment memory usage limits"

Revert "net: increase fragment memory usage limits"