icmp: randomize the global rate limiter

HID: Fix assumption that devices have inputs

pinctrl: Delete an error message

pinctrl: devicetree: Avoid taking direct reference to device name string

perf/core: Fix race in the perf_mmap_close() function

netfilter: ctnetlink: add a range check for l3/l4 protonum

geneve: add transport ports in route lookup for geneve

tty/vt: fix write/write race in ioctl(KDSKBSENT) handler

tty: keyboard, do not speculate on func_table index

vt: keyboard, simplify vt_kdgkbsent

vt: keyboard, extend func_buf_lock to readers

vt: keyboard, rename i to kb_func in vt_do_kdgkb_ioctl

vt: keyboard, reorder user buffer handling in vt_do_kdgkb_ioctl

scsi: target: Fix XCOPY NAA identifier lookup

scsi: target: Fix XCOPY NAA identifier lookup

tty: Fix ->pgrp locking in tiocspgrp()

drm/i915: Fix use-after-free when destroying GEM context

af_unix: fix struct pid memory leak

af_unix: fix struct pid memory leak (adaptation)

scsi: iscsi: Restrict sessions and handles to admin capabilities

sysfs: Add sysfs_emit and sysfs_emit_at to format sysfs output (CVE-2021-27365 dependency)

scsi: iscsi: Ensure sysfs attributes are limited to PAGE_SIZE

scsi: iscsi: Verify lengths on passthrough PDUs

futex: Replace pointless printk in fixup_owner()

futex: Provide and use pi_state_update_owner()

futex: Handle faults correctly for PI futexes

bpf: fix sanitation of alu op with pointer / scalar type from different paths

bpf: Prohibit alu ops for pointer types not defining ptr_limit

bpf: Fix off-by-one for area size in creating mask to left

bpf: Simplify alu_limit masking for pointer arithmetic

bpf: Add sanity check for upper ptr_limit

vt: selection, close sel_buffer race

Mitigation is made with intel firmware update, el8 kernels also need 'i915.enable_guc' specified in cmdline to be affected

Mitigation is made with intel firmware update, el-kernels also need 'i915.enable_guc' specified in cmdline to be affected

Mitigation is made with intel firmware update, el-kernels also need 'i915.enable_guc' specified in cmdline to be affected

seq_file: Disallow extremely large seq buffer allocations

media: xirlink_cit: add missing descriptor sanity checks

cipso,calipso: resolve a number of problems with the DOI refcounts

net: mac802154: Fix general protection fault

Bluetooth: verify AMP hci_chan before amp_destroy

Bluetooth: verify AMP hci_chan before amp_destroy (kcare adaptation)

Out of scope as the patch is for powerpc arch only, x86_64 is not affected

netfilter: x_tables: fix compat match/target pad out-of-bound write

bpf, x86: Validate computation of branch displacements for x86-64

netfilter: x_tables: Use correct memory barriers.

bluetooth: eliminate the potential race condition when removing the

net_sched: cls_route: remove the right filter from hashtable

KVM: nSVM: avoid picking up unsupported bits from L2 in int_ctl

KVM: nSVM: avoid picking up unsupported bits from L2 in int_ctl (adaptation)

KVM: nSVM: always intercept VMLOAD/VMSAVE when nested

Out of scope as the patch is for powerpc arch only, x86_64 is not affected

RDMA/cma: Add missing locking to rdma_accept()

RDMA/ucma: Fix the locking of ctx->file

RDMA/ucma: Fix locking for ctx->events_reported

RDMA/ucma: Rework ucma_migrate_id() to avoid races with destroy

perf/core: Fix a memory leak in perf_event_parse_addr_filter()

firewire: firedtv-avc: potential buffer overflow

media: firewire: firedtv-avc: fix a buffer overflow

[media] firewire: don't break long lines

media: firewire: firedtv-avc: fix a buffer overflow

fuse: fix bad inode

HID: core: Sanitize event code and type when mapping input

do_epoll_ctl(): clean the failure exits up a bit

af_unix: fix garbage collect vs MSG_PEEK

af_unix: fix garbage collect vs MSG_PEEK (adaptation)

Bluetooth: fix the erroneous flush_work() order

Bluetooth: use correct lock to prevent UAF of hdev object

xfs: map unwritten blocks in XFS_IOC_{ALLOC,FREE}SP just like

drm/vmwgfx: Fix stale file descriptors on failed usercopy

drm/i915: Flush TLBs before releasing backing store

RDMA/cma: Do not change route.addr.src_addr.ss_family

Initialize registers to avoid stack leak into userspace.

Bail out in case userspace uses unsupported registers.

cgroup-v1: Require capabilities to set release_agent

perf: Fix sys_perf_event_open() race against self

netfilter: nf_tables: disallow non-stateful expression in

Not affected without certain conditions - Secure Boot, configured kgdb/kdb. Complex adaptation

x86/speculation/mmio: Add mitigation for Processor MMIO Stale Data

net_sched: cls_route: remove from list when handle is 0

Livepatching Retbleed may decrease kernel stability and performance. This vulnerability has medium security impact and applies to certain hardware environments only.

Livepatching Retbleed may decrease kernel stability and performance. This vulnerability has medium security impact and applies to certain hardware environments only.

Livepatching Retbleed may decrease the stability and performance of the kernel, while vulnerability has a medium security impact and only for a certain hardware environment.

Livepatching Retbleed may decrease kernel stability and performance. This vulnerability has medium security impact and applies to certain hardware environments only.

Livepatching Retbleed may decrease the stability and performance of the kernel, while vulnerability has a medium security impact and only for a certain hardware environment.

net: usb: ax88179_178a: fix packet alignment padding

ax88179_178a: Merge memcpy + le32_to_cpus to get_unaligned_le32

net: usb: Merge cpu_to_le32s + memcpy to put_unaligned_le32

net: usb: ax88179_178a: Fix out-of-bounds accesses in RX fixup

net: usb: ax88179_178a: Fix packet receiving

An introduction of required changes through KernelCare could cause unavoidable problems to applications which use unprivileged eBPF.

proc: avoid integer type confusion in get_proc_long

proc: proc_skip_spaces() shouldn't think it is working on C strings

usb: mon: make mmapped memory read only

Bluetooth: L2CAP: Fix use-after-free caused by l2cap_reassemble_sdu

net/sched: flower: fix possible OOB write in fl_set_geneve_opt()

hw: amd: Cross-Process Information Leak

netfilter: nf_tables: deactivate anonymous set from preparation phase

netfilter: nf_tables: deactivate anonymous set from preparation phase (adaptation)

netfilter: nf_tables: do not allow SET_ID to refer to another table

netfilter: nf_tables: skip deactivated anonymous sets during lookups

netfilter: nf_tables: prevent OOB access in nft_byteorder_eval

Smart Patch for net/sched: cls_u32: Fix reference counter leak leading to overflow

Smart Patch for net/sched/cls_u32.c

net/sched: cls_fw: No longer copy tcf_result on update to avoid use-after-free

net/sched: cls_route: No longer copy tcf_result on update to avoid use-after-free

net/sched: cls_fw: Fix improper refcount update leads to use-after-free

net/sched: sch_qfq: account for stab overhead in qfq_enqueue

Complex adaptation required.

net/sched: sch_qfq: prevent slab-out-of-bounds in qfq_activate_agg

revert of: netfilter: ipset: actually allow allowable CIDR 0 in hash:net, port, net

Bluetooth: L2CAP: Fix accepting connection request for invalid SPSM

Bluetooth: L2CAP: Fix l2cap_global_chan_by_psm

net: sched: sch_qfq: Fix UAF in qfq_dequeue()

net: sched: sch_qfq: Fix UAF in qfq_dequeue() (adaptation)

fbcon driver was updated and patched in the same kernel 3.10.0-1160.111.1.el7. Older versions don't contain vulnerabilities b07db3958485 and d443d9386472

igb: set max size RX buffer when store bad packet is enabled

igb: set max size RX buffer when store bad packet is enabled (adaptation)

netfilter: nf_tables: reject QUEUE/DROP verdict parameters

sched/membarrier: reduce the ability to hammer on sys_membarrier

[PATCH 1681/1699] af_unix: Fix null-ptr-deref in

[PATCH 1658/1699] net/sched: sch_hfsc: Ensure inner classes have fsc

[PATCH 1659/1699] net/sched: sch_hfsc: upgrade 'rt' to 'sc' when it

[PATCH 1686/1699] bluetooth: Perform careful capability checks in

[PATCH 1689/1699] bluetooth: Add cmd validity checks at the start of

[PATCH 1696/1699] vt: vt_ioctl: fix race in VT_RESIZEX

[PATCH 1643/1699] RDMA/i40iw: Prevent zero-length STAG registration

RDMA/irdma: Prevent zero-length STAG registration (adaptation)

net: fix __dst_negative_advice() race

fuse: fix pipe buffer lifetime for direct_io

fuse: fix pipe buffer lifetime for direct_io

wifi: mac80211: Avoid address calculations via out of bounds array indexing

N/A

x86/bhi: Add support for clearing branch history at syscall entry

media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format

can: bcm: Fix UAF in bcm_proc_show()

HID: core: zero-initialize the report buffer

ALSA: usb-audio: Fix potential out-of-bound accesses for Extigy and Mbox devices

ALSA: usb-audio: Fix a DMA to stack memory bug

ALSA: usb-audio: Fix out of bounds reads when finding clock sources

netfilter: ipset: add missing range check in bitmap_ip_uadt

Restrict access to pagemap/kpageflags/kpagecount