netfilter: nf_tables: reject QUEUE/DROP verdict parameters

vhost: use kzalloc() instead of kmalloc() followed by memset()

netfilter: nf_tables: fix pointer math issue in nft_byteorder_eval()

kpatch: entry: add asm headers

kpatch add alt asm definitions

kpatch add alternative2 asm definition

x86/bhi: Add support for clearing branch history at syscall entry

tap: add missing verification for short frame

tun: add missing verification for short frame

net: fix __dst_negative_advice() race

nilfs2: We cannot patch functions that sleep in kthread().

ppdev: Add an error check in register_device

nilfs2: fix potential hang in nilfs_detach_log_writer()

kdb: Fix buffer overflow during tab-complete

ipv6: sr: fix invalid unregister error path

tty: n_gsm: fix possible out-of-bounds in gsm0_receive()

md: fix resync softlockup when bitmap size is less than array

crypto: bcm - Fix pointer arithmetic

jffs2: prevent xattr node from overflowing the eraseblock

wifi: carl9170: add a proper sanity check for endpoints

drm/mediatek: Add 0 size check to mtk_drm_gem_obj

drm/arm/malidp: fix a possible null pointer dereference

serial: max3100: Update uart_driver_registered on driver

netfilter: nfnetlink_queue: acquire rcu_read_lock() in instance_destroy_rcu()

enic: Validate length of nl attributes in enic_set_vf_port

Out of scope as the patch is for s390 arch only, x86_64, arm64 is not affected

xsk: validate user input for XDP_{UMEM|COMPLETION}_FILL_RING

drm/amd/display: Fix potential index out of bounds in color transformation function

scsi: bfa: Ensure the copied buf is NUL terminated

af_unix: Fix data races in unix_release_sock/unix_stream_sendmsg

greybus: lights: check return of get_channel_from_mode

virtio: delete vq in vp_find_vqs_msix() when request_irq() fails

ALSA: timer: Set lower bound of start tick time

netfilter: ipset: Fix race between namespace cleanup and gc

netfilter: ipset: Fix race between namespace cleanup and gc

tcp: Fix shift-out-of-bounds in dctcp_update_alpha().

tcp: Fix shift-out-of-bounds in dctcp_update_alpha().

wifi: ar5523: enable proper endpoint verification

ecryptfs: Fix buffer size for tag 66 packet

ring-buffer: Fix a race between readers and resize checks

serial: max3100: Lock port->lock when calling

ext4: fix mb_cache_entry's e_refcnt leak in

f2fs: fix to do sanity check on i_xattr_nid in

drm/amdgpu: add error handle to avoid out-of-bounds

ARM related CVE.

ipvlan: Dont Use skb->sk in ipvlan_process_v{4,6}_outbound

SUNRPC: Fix gss_free_in_token_pages()

SUNRPC: Fix loop termination condition in gss_free_in_token_pages()

netfilter: tproxy: bail out if IP has been disabled on the device

net: openvswitch: fix overwriting ct original tuple for ICMPv6

scsi: qedf: Ensure the copied buf is NUL terminated

soundwire: Skipped as code which CVE fixes doesn't exists in older releaes

net/9p: fix uninit-value in p9_client_rpc()

cpufreq: exit() callback is optional

Out of scope as the patch is for m68k arch only, x86_64, arm64 is not affected

netrom: fix possible dead-lock in nr_rt_ioctl()

stm class: Fix a double free in stm_register_device()

User Mode Linux patch

media: stk1160: fix bounds checking in stk1160_copy_video()

ipv6: sr: fix memleak in seg6_hmac_init_algo

dma-buf/sw-sync: don't enable IRQ from sync_print_obj()

x86/xen: Add xenpv_restore_regs_and_return_to_usermode()

kpatch add paravirt asm definitions

Restrict access to pagemap/kpageflags/kpagecount