Fix lock_sock() blockage by memcpy_from_msg()

net: sched: fix use-after-free in tc_new_tfilter()

fix double dev_kfree_skb() in error path

net/packet: fix slab-out-of-bounds access in packet_recvmsg()

SUNRPC: Ensure we flush any closed sockets before

[PATCH] SUNRPC: Don't leak sockets in xs_local_connect()

net/sched: cls_u32: fix netns refcount changes in u32_change()

netfilter: nf_queue: do not allow packet truncation below transport header offset

ipv4: avoid using shared IP generator for connected sockets

ipv4: tcp: send zero IPID in SYNACK messages

vt: vt_ioctl: fix race in VT_RESIZEX

media: v4l: ioctl: Fix memory leak in video_usercopy

cifs: prevent bad output lengths in smb2_ioctl_query_info()

cifs: fix NULL ptr dereference in smb2_ioctl_query_info()

udf: Fix NULL ptr deref when converting from inline format

udf: Restore i_lenAlloc when inode expansion fails

Reinstate some of "swiotlb: rework "fix info leak with

ext4: verify dir block before splitting it

ext4: make variable "count" signed

ext4: avoid cycles in directory h-tree

psi: Fix uaf issue when psi trigger is destroyed while being polled (adaptation)

ALSA: pcm: Fix races among concurrent read/write and buffer changes

ALSA: pcm: Fix races among concurrent prepare and hw_params/hw_free calls

ALSA: pcm: Fix races among concurrent hw_params and hw_free calls

ALSA: pcm: Fix races among concurrent prealloc proc writes

ALSA: pcm: Fix races among concurrent hw_params and hw_free calls (adaptation)

openvswitch: fix OOB access in reserve_sfa_size()

Initialize registers to avoid stack leak into userspace.

Bail out in case userspace uses unsupported registers.

KVM: x86: avoid calling x86 emulator without a decoded

netfilter: nf_tables: sanitize nft_set_desc_concat_parse()

Out of scope as the patch is aarch64 related

NFSv4: Handle case where the lookup of a directory fails

netfilter: nf_tables: do not allow SET_ID to refer to another

netfilter: nf_tables: do not allow SET_ID to refer to another

HID: elo: fix memory leak in elo_probe

lockdown: also lock down previous kgdb use

drm/i915: fix TLB invalidation for Gen12 video and compute

net: usb: ax88179_178a: Fix out-of-bounds accesses in RX

i2c: ismt: prevent memory corruption in ismt_access()

mm/mremap: hold the rmap lock in write mode when moving page table

act_mirred: use the backlog for nested calls to

proc: avoid integer type confusion in get_proc_long

proc: proc_skip_spaces() shouldn't think it is working on C strings

ALSA: pcm: Move rwsem lock inside snd_ctl_elem_read to prevent UAF

ovl: fail on invalid uid/gid mapping at copy up

wifi: cfg80211: fix u8 overflow in cfg80211_update_notlisted_nontrans()

ath9k: fix use-after-free in ath9k_hif_usb_rx_cbMIME-Version: 1.0

media: em28xx: initialize refcount before kref_get

devlink: Fix use-after-free after a failed reload

ptrace: Check PTRACE_O_SUSPEND_SECCOMP permission on PTRACE_SEIZE

x86/elf: Disable automatic READ_IMPLIES_EXEC on 64-bit

igmp: Add ip_mc_list lock in ip_check_mc_rcu

af_key: Do not call xfrm_probe_algs in parallel

Bluetooth: L2CAP: Fix use-after-free caused by l2cap_reassemble_sdu

mm/hugetlb: fix races when looking up a CONT-PTE/PMD size hugetlb page

net/ulp: prevent ULP without clone op from entering the LISTEN status

wifi: cfg80211: fix BSS refcounting bugs

cifs: fix use-after-free caused by invalid pointer `hostname`

tcp/udp: Fix memory leak in ipv6_renew_options()

drm/i915/gvt: fix double free bug in split_2MB_gtt_entry

wifi: brcmfmac: Fix potential buffer overflow in brcmf_fweh_event_worker()

usb: mon: make mmapped memory read only

video: of_display_timing.h: include errno.h

fbcon: Disallow setting font bigger than screen size

fbcon: Prevent that screen size is smaller than font size

fbmem: Check virtual screen sizes in fb_set_var()

vt: drop old FONT ioctls

net: fix a concurrency bug in l2tp_tunnel_register()

l2tp: Serialize access to sk_user_data with sk_callback_lock

l2tp: Don't sleep and disable BH under writer-side sk_callback_lock

vt: use tty_insert_flip_string in respond_string

vt: keyboard, use tty_insert_flip_string in puts_queue

tty: drivers/tty/, stop using tty_schedule_flip()

tty: the rest, stop using tty_schedule_flip()

tty: drop tty_schedule_flip()

tty: extract tty_flip_buffer_commit() from tty_flip_buffer_push()

tty: use new tty_insert_flip_string_and_push_buffer() in pty_write()

tty: drop tty_schedule_flip()

drm/virtio: Fix error code in virtio_gpu_object_shmem_init()

netfilter: nf_tables: deactivate anonymous set from preparation phase

net: tls: fix possible race condition between do_tls_getsockopt_conf() and do_tls_setsockopt_conf()

Bluetooth: L2CAP: Fix accepting connection request

net/sched: tcindex: update imperfect hash filters

Complex adaptation is required, mainline retired tcindex.

xfs: verify buffer contents when we skip log replay

i2c: xgene-slimpro: Fix out-of-bounds bug in xgene_slimpro_i2c_xfer()

perf: Fix check before add_event_to_groups() in perf_group_detach()

netfilter: nft_set_pipapo: fix improper element removal

netfilter: nf_tables: incorrect error path handling with NFT_MSG_NEWRULE

ipvlan:Fix out-of-bounds caused by unclear skb->cb

net/sched: flower: fix possible OOB write in fl_set_geneve_opt()

hw: amd: Cross-Process Information Leak

net/sched: cls_fw: Fix improper refcount update leads to use-after-free

netfilter: nf_tables: prevent OOB access in nft_byteorder_eval

bluetooth: Perform careful capability checks in hci_sock_ioctl()

media: rc: Fix use-after-free bugs caused by ene_tx_irqsim()

Bluetooth: btsdio: fix use after free bug in btsdio_remove due to race condition

memstick: r592: Fix UAF bug in r592_remove due to race condition

kernel/relay.c: fix read_pos error when multiple readers

net/sched: cls_u32: Fix reference counter leak leading to overflow

net/sched: sch_qfq: account for stab overhead in qfq_enqueue

net/sched: cls_route: No longer copy tcf_result on update to avoid use-after-free

net/sched: cls_fw: No longer copy tcf_result on update to avoid use-after-free

net/sched: cls_u32: No longer copy tcf_result on update to avoid use-after-free

net: sched: sch_qfq: prevent slab-out-of-bounds in qfq_activate_agg

media: saa7134: fix use after free bug in saa7134_finidev due to race condition

media: dm1105: Fix use after free bug in dm1105_remove due to race condition

atlantic: Fix OOB read and write in hw_atl_utils_fw_rpc_wait

ext4: add EXT4_INODE_HAS_XATTR_SPACE macro in xattr.h

ext4: fix use-after-free in ext4_xattr_set_entry

seq_buf: Fix overflow in seq_buf_putmem_hex()

HID: betop: check shape of output reports

Complex adaptation required.

Bluetooth: L2CAP: Fix attempting to access uninitialized memory

KVM: nVMX: add missing consistency checks for CR0 and CR4

net: qcom/emac: Fix use after free bug in emac_remove due to race condition

This is a low priority CVE & the patch impacts many critical components of the networking subsystem & it requires multiple complex adaptations in those components to avoid losing existing connections on patch/unpatch.

hwmon: (xgene) Fix use after free bug in xgene_hwmon_remove due to race condition

fbcon: Check font dimension limits

Bluetooth: L2CAP: fix use-after-free in l2cap_conn_del()

can: usb_8dev: usb_8dev_start_xmit(): fix double dev_kfree_skb() in error path

sctp: fail if no bound addresses can be used for a given scope

xfrm: add NULL check in xfrm_update_ae_params

x86/speculation: Allow enabling STIBP with legacy IBRS

x86/speculation: Allow enabling STIBP with legacy IBRS

ovl: fix use after free in struct ovl_aio_req

ovl: fix use after free in struct ovl_aio_req

drm/vmwgfx: Remove rcu locks from user resources

drm/vmwgfx: Remove rcu locks from user resources

HID: asus: use spinlock to safely schedule workers

HID: asus: use spinlock to safely schedule workers

media: dvb-core: Fix kernel WARNING for blocking operation in wait_event*()

Medium severity vulnerability CVE requiring extremely complex adaptation (if at all possible)

Not possible to trigger in rhel8

media: dvb-usb: az6027: fix null-ptr-deref in az6027_i2c_xfer()

r8152: Rate limit overflow messages

prlimit: do_prlimit needs to have a speculation check

media: ttusb-dec: fix memory leak in ttusb_dec_exit_dvb()

net: sched: atm: dont intepret cls results when asked to drop

net: mpls: fix stale pointer if allocation fails during device rename

net: sched: atm: dont intepret cls results when asked to drop

media: usb: siano: Fix use after free bugs caused by do_submit_urb

media: usb: siano: Fix use after free bugs caused by do_submit_urb

net: sched: fix race condition in qdisc_graft()

gfs2: Don't deref jdesc in evict

tipc: fix an information leak in tipc_topsrv_kern_subscr

tipc: set con sock in tipc_conn_alloc

tipc: add an extra conn_get in tipc_conn_alloc

net/tls: tls_is_tx_ready() checked list_entry

mm: thp: fix wrong cache flush in remove_migration_pmd()

mm/thp: simplify copying of huge zero page pmd when fork

mm/userfaultfd: fix uffd-wp special cases for

bpf: Fix incorrect verifier pruning due to missing register precision taints

net: tun: fix bugs for oversize packet when napi frags enabled

cifs: Fix UAF in cifs_demultiplex_thread()

nvmet-tcp: Fix a possible UAF in queue intialization setup

media: dvbdev: remove double-unlock

media: dvbdev: Fix memleak in dvb_register_device

media: dvbdev: fix error logic at dvb_register_device()

media: dvbdev: adopts refcnt to avoid UAF

media: dvbdev: fix refcnt bug

media: dvbdev: adopts refcnt to avoid UAF (adaptation)

media: dvb-core: Fix use-after-free due to race at dvb_register_device()

media: dvb-core: Fix use-after-free due to race at dvb_register_device() (adaptation)

media: dvb_net: avoid speculation from net slot

media: dvb-core: Fix use-after-free due on race condition at dvb_net

media: dvb-core: Fix use-after-free due on race condition at dvb_net (adaptation)

media: dvb_ca_en50221: off by one in dvb_ca_en50221_io_do_ioctl()

media: dvb_ca_en50221: avoid speculation from CA slot

media: dvb_ca_en50221: fix a size write bug

media: dvb-core: Fix use-after-free due to race condition at dvb_ca_en50221

media: dvb-core: Fix use-after-free due to race condition at dvb_ca_en50221 (adaptation)

scsi: iscsi_tcp: Fix UAF during login when accessing the shost ipaddress

netfilter: ipset: add the missing IP_SET_HASH_WITH_NET0 macro for ip_set_hash_netportnet.c

af_unix: Fix null-ptr-deref in unix_stream_sendpage().

A low priority AMD Inception vulnerability that affects Zen3/Zen4 & relates to RetBleed fixes requiring microcode updates, we can't do much about it in KCare Infra.

drm/vmwgfx: Fix shader stage validation

net/sched: sch_hfsc: Ensure inner classes have fsc curve

net/sched: sch_hfsc: upgrade 'rt' to 'sc' when it becomes a inner curve

igb: set max size RX buffer when store bad packet is enabled

igb: set max size RX buffer when store bad packet is enabled

net: sched: sch_qfq: Fix UAF in qfq_dequeue()

net: sched: sch_qfq: Fix UAF in qfq_dequeue() (adaptation)

nfp: fix use-after-free in area_cache_get()

drivers: net: slip: fix NPD bug in sl_tx_timeout()

Fix double fget() in vhost_net_set_backend()

HID: check empty report_list in hid_validate_values()

smb: client: fix OOB in smbCalcSize()

smb: client: fix potential OOB in cifs_dump_detail()

smb: client: fix potential OOB in smb2_dump_detail()

x86/sev-es: Fix SEV-ES OUT/IN immediate opcode vc handling

x86/sev: Disable MMIO emulation from user mode

x86/sev: Check IOBM for IOIO exceptions from user-space

x86/sev: Check for user-space IOIO pointing to kernel space

Fix a kernel panic when host sends an invalid H2C PDU length

nvmet-tcp: fix a crash in nvmet_req_complete()

nvmet-tcp: remove boilerplate code

nvmet-tcp: Fix the H2C expected PDU len calculation

perf: Disallow mis-matched inherited group reads

perf: Disallow mis-matched inherited group reads (adaptation)

perf/core: Fix potential NULL deref

netfilter: nft_set_pipapo: skip inactive elements during set walk

Bluetooth: L2CAP: Fix use-after-free in l2cap_sock_ready_cb

net: tls, update curr on splice as well

smb: client: fix OOB in receive_encrypted_standard()

perf: Fix perf_event_validate_size()

perf: Fix perf_event_validate_size() lockdep splat

drm/amdgpu: Fix potential fence use-after-free v2

ext4: fix kernel BUG in 'ext4_write_inline_data_end()'

tty: n_gsm: fix the UAF caused by race condition in gsm_cleanup_mux

netfilter: nf_tables: reject QUEUE/DROP verdict parameters

drm/vmwgfx: Fix possible null pointer derefence with invalid contexts

An introduction of required changes through KernelCare could cause unavoidable problems to applications which use netfilter functionality.

net/tls: do not free tls_rec on async operation in bpf_exec_tx_verdict()

ipv4: igmp: fix refcnt uaf issue when receiving igmp query packet

Bluetooth: Fix double free in hci_conn_cleanup

fs,hugetlb: fix NULL pointer dereference in hugetlbs_fill_super

ida: Fix crash in ida_free when the bitmap is empty

drm/qxl: fix UAF on handle creation

UBUNTU: SAUCE: bpf: prevent helper argument PTR_TO_ALLOC_MEM to have offset other than 0

x86/sev: Harden #VC instruction emulation somewhat

Bluetooth: af_bluetooth: Fix Use-After-Free in

Bluetooth: Add more enc key size check

Input: gtco - bounds check collection indent level

The patch for this CVE already present in kernel-5.14.0-362.24.1.el9_3 version. The kernel-5.14.0-362.18.1.el9_3 version and below are not vulnerable because they don't have commit 5f68718b34a5 (netfilter: nf_tables: GC transaction API to avoid race with control plane) which introduced the vulnerability.

netfilter: nfnetlink_osf: avoid OOB read

netfilter: xt_sctp: validate the flag_info count

Complex adaptation required to add timer_shutdown_sync() in timers subsystem.

fbcon: Fix error paths in set_con2fb_map

fbcon: set_con2fb_map needs to set con2fb_map!

net/sched: cls_rsvp: always try to match inside the linear part of skb

netfilter: nf_tables: bail out on mismatching

kobject: Remove docstring reference to kset

kobject: modify kobject_get_path() to take a const

kobject: Fix slab-out-of-bounds in fill_kobj_path()

net: add a route cache full diagnostic message

net/dst: use a smaller percpu_counter batch for dst entries accounting

ipv6: remove max_size check inline with ipv4

ipv6: Remove extra counter pull before gc

media: technisat-usb2: break out of loop at end of

RDMA/irdma: Prevent zero-length STAG registration

atm: Fix Use-After-Free in do_vcc_ioctl

smb: client: fix potential OOBs in

smb: client: fix parsing of SMB3.1.1 POSIX create

mISDN: fix use-after-free bugs in l1oip timer

verify struct l1oip layout

Bluetooth: L2CAP: Fix u8 overflow

Complex adaptation required. Requires changes a lot of constants

Complex adaptation required.

team: fix null-ptr-deref when team device type is changed

team: fix null-ptr-deref when team device type is changed

vc_screen: move load of struct vc_data pointer in vcs_read() to avoid UAF

vc_screen: don't clobber return value in vcs_read

gfs2: Fix kernel NULL pointer dereference in gfs2_rgrp_dump

sched/membarrier: reduce the ability to hammer on sys_membarrier

ipv4: fix null-deref in ipv4_link_failure

The modified structure mem_section_usage is used only during bootup time. As we patch the changes after booting they will have no effect. Therefore we cannot patch this CVE.

net/core: Fix ETH_P_1588 flow dissector

netfilter: nf_tables: disallow timeout for anonymous sets

blk-mq: fix IO hang from sbitmap wakeup race

tty: keyboard, do not speculate on func_table index

tty/vt: fix write/write race in ioctl(KDSKBSENT)

vt: keyboard, simplify vt_kdgkbsent

vt: keyboard, extend func_buf_lock to readers

vt: keyboard, rename i to kb_func in vt_do_kdgkb_ioctl

vt: keyboard, reorder user buffer handling in vt_do_kdgkb_ioctl

vt_kdsetmode: extend console locking

Bluetooth: hci_ldisc: check HCI_UART_PROTO_READY flag in HCIUARTGETPROTO

net: xfrm: Fix xfrm_address_filter OOB read

nvmet: nul-terminate the NQNs passed in the connect command

kvm: initialize all of the kvm_debugregs structure before sending it to userspace

i2c: i801: Don't generate an interrupt on bus reset

media: dvbdev: Fix memory leak in dvb_media_device_free()

net: usb: fix memory leak in smsc75xx_bind

net: usb: fix possible use-after-free in

crypto: akcipher - default implementations for request callbacks

crypto: testmgr - split akcipher tests by a key type

crypto: akcipher - Disable signing and decryption

platform/x86: think-lmi: Fix reference leak

wifi: iwlwifi: fix a memory corruption

net/sched: act_ct: fix skb leak and crash on ooo frags

Out of scope as the patch is for s390 arch only, x86_64 is not affected

Out of scope as the patch is for powerpc arch only, x86_64 is not affected

Out of scope as the patch is for powerpc arch only, x86_64 is not affected

x86 xen add xenpv restore regs and return to usermode

kpatch add alt asm definitions

kpatch add paravirt asm definitions