Xen/x86: don't bail early from clear_foreign_p2m_mapping()

Xen/x86: also check kernel mapping in set_foreign_p2m_mapping()

Xen/gntdev: correct dev_bus_addr handling in gntdev_map_grant_pages()

Xen/gntdev: correct error checking in gntdev_map_grant_pages()

xen-blkback: don't "handle" error by BUG()

xen-netback: don't "handle" error by BUG()

xen-scsiback: don't "handle" error by BUG()

xen-blkback: fix error handling in xen_blkbk_map()

HID: hid-input: clear unmapped usages.

scsi: iscsi: Restrict sessions and handles to admin

scsi: iscsi: Verify lengths on passthrough PDUs

sysfs: Add sysfs_emit and sysfs_emit_at to format sysfs (dependency)

scsi: iscsi: Ensure sysfs attributes are limited to PAGE_SIZE

Bluetooth: btsdio: fix use after free bug in btsdio_remove due to unfinished work

ixgbe: fix large MTU request from VF

igmp: limit igmpv3_newpack() packet size to IP_MAX_MTU

sched/rt: pick_next_rt_entity(): check list_entry

net: sched: sch_qfq: Fix UAF in qfq_dequeue()

net: sched: sch_qfq: Fix UAF in qfq_dequeue()

netfilter: ctnetlink: fix possible refcount leak in ctnetlink_create_conntrack()

Input: add bounds checking to input_set_capability()

ext4: improve error recovery code paths in __ext4_remount()

Bluetooth: cmtp: fix file refcount when cmtp_attach_device fails

atm: Fix Use-After-Free in do_vcc_ioctl

[PATCH] KEYS: fix keyctl_set_reqkey_keyring() to not leak thread

[PATCH] KEYS: prevent creating a different user's keyrings

media: imon: Fix null-ptr-deref in imon_probe

futex: Remove unnecessary warning from get_futex_key

scsi: sg: add sg_remove_request in sg_write

fbcon: remove soft scrollback code

fbcon: remove soft scrollback code (adaptation)

media: v4l: ioctl: Fix memory leak in video_usercopy

mwifiex: Fix skb_over_panic in mwifiex_usb_recv()

inet: use bigger hash table for IP ID generation

inet: use bigger hash table for IP ID generation (adaptation)

ext4: fix kernel infoleak via ext4_extent_header

ext4: verify dir block before splitting it

[PATCH] af_key: Do not call xfrm_probe_algs in parallel (modified for old kernels)

CVE-2022-2964 dependancy

net: usb: ax88179_178a: Fix out-of-bounds accesses in RX fixup

xfrm: xfrm_policy: fix a possible double xfrm_pols_put() in

dm verity: set DM_TARGET_IMMUTABLE feature flag

dm verity: set DM_TARGET_IMMUTABLE feature flag (adaptation)

audit: fix error handling in audit_data_to_entry()

epoll: Keep a reference on files added to the check list

do_epoll_ctl(): clean the failure exits up a bit

HID: core: Sanitize event code and type when mapping input

fork: fix copy_process(CLONE_PARENT) race with the exiting

Xen/gnttab: handle p2m update errors on a per-slot basis

floppy: fix lock_fdc() signal handling

n_tty: Fix stall at n_tty_receive_char_special().

btrfs: fix race when cloning extent buffer during rewind of an old root

netfilter: x_tables: make xt_replace_table wait until old

netfilter: x_tables: Use correct memory barriers.

xen-blkback: don't leak persistent grants from xen_blkbk_map()

[net] Bluetooth: A2MP: Fix not initializing all members

dm ioctl: fix out of bounds array access when no devices

Bluetooth: verify AMP hci_chan before amp_destroy

Bluetooth: verify AMP hci_chan before amp_destroy (kcare adaptation)

Bluetooth: Fix slab-out-of-bounds read in

media: v4l: event: Prevent freeing event subscriptions while accessed

media: v4l: event: Prevent freeing event subscriptions while accessed (adaptation)

media: v4l: event: Add subscription to list before calling

Omitting for now: Android Pixel C USB monitor driver

kobject: Export kobject_get_unless_zero()

[fs] chardev: Avoid potential use-after-free in 'chrdev_open()'

cfg80211: add missing policy for NL80211_ATTR_STATUS_CODE

cfg80211: add missing policy for NL80211_ATTR_STATUS_CODE (adaptation)

can: bcm: fix infoleak in struct bcm_msg_head

UBUNTU: SAUCE: can: bcm: delay release of struct bcm_op after synchronize_rcu

l2tp: Correctly return -EBADF from pppol2tp_getname.

net: l2tp: Make l2tp_ip6 namespace aware

l2tp: fix race in l2tp_recv_common()

l2tp: ensure session can't get removed during

l2tp: fix duplicate session creation

l2tp: Refactor the codes with existing macros instead of literal number

l2tp: ensure sessions are freed after their PPPOL2TP socket

l2tp: fix race between l2tp_session_delete() and l2tp_tunnel_closeall()

l2tp: fix race between l2tp_session_delete() and l2tp_tunnel_closeall() (adaptation)

vgacon: remove software scrollback support (adaptation)

net/mlx4_en: ethtool, Remove unsupported SFP EEPROM high

net/mlx4: Fix EEPROM dump support

bluetooth: eliminate the potential race condition when

seq_file: Disallow extremely large seq buffer allocations

netfilter: x_tables: fix compat match/target pad out-of-bound write

btrfs only search for left_info if there is no right_info

cfg80211: wext: avoid copying malformed SSIDs

fs/namespace.c: fix mountpoint reference counter race

HID: make arrays usage and value to be the same

sctp: validate from_addr_param return

virtio_console: Assure used length from device is limited

ext4: fix race writing to an inline_data file while its

net_sched: cls_route: remove the right filter from hashtable

vhost-net: set packet weight of tx polling to 2 * vq size

vhost_net: use packet weight for rx handler, too

vhost_net: introduce vhost_exceeds_weight()

vhost: introduce vhost_exceeds_weight()

vhost_net: fix possible infinite loop

vhost: introduce vhost_exceeds_weight() (adaptation)

mac80211: assure all fragments are encrypted

mac80211: add fragment cache to sta_info (adaptation)

mac80211: prevent mixed key and fragment cache attacks

mac80211: prevent mixed key and fragment cache attacks (adaptation)

mac80211: properly handle A-MSDUs that start with an RFC 1042

cfg80211: mitigate A-MSDU aggregation attacks

mac80211: drop A-MSDUs on old ciphers

mac80211: check defrag PN against current frame

mac80211: prevent attacks on TKIP/WEP as well

mac80211: do not accept/forward invalid EAPOL frames

mac80211: extend protection against mixed key and fragment

perf/core: Fix perf_event_open() vs. execve() race

ath9k: release allocated buffer if timed out

rtlwifi: prevent memory leak in rtl_usb_probe

l2tp: pass tunnel pointer to ->session_create()

ocfs2: subsystem.su_mutex is required while accessing the

bcache: fix potential deadlock problem in btree_gc_coalesce

bnx2x: disable GSO where gso_size is too big for hardware

net: create skb_gso_validate_mac_len()

btrfs: inode: Verify inode mode to avoid NULL pointer dereference

btrfs: fix return value mixup in btrfs_get_extent

Bluetooth: fix the erroneous flush_work() order

ovl: prevent private clone if bind mount is not allowed

fix regression in "epoll: Keep a reference on files added to the

af_unix: fix garbage collect vs MSG_PEEK

af_unix: fix garbage collect vs MSG_PEEK (adaptation)

xfs: map unwritten blocks in XFS_IOC_{ALLOC,FREE}SP just like

Bluetooth: Add bt_dev logging macros

Bluetooth: use constant time memory comparison for secret

Bluetooth: SMP: Fail if remote and local public keys are

vt_kdsetmode: extend console locking (CVE-2021-3753)

ovl: fix missing negative dentry check in ovl_rename()

drm/i915: Reduce locking in execlist command submission

drm/i915: Flush TLBs before releasing backing store

drm/i915: Flush TLBs before releasing backing store (kpatch adaptation)

sctp: use init_tag from inithdr for ABORT chunk

sctp: add vtag check in sctp_sf_violation

route: also update fnhe_genid when updating a route cache

ipv4: make exception cache less predictible

ipv4: avoid using shared IP generator for connected sockets

sr9700: sanity check for packet length

Bluetooth: use correct lock to prevent UAF of hdev object

hugetlbfs: flush TLBs correctly after huge_pmd_unshare

phonet: refcount leak in pep_sock_accep

pNFS/flexfiles: fix incorrect size check in decode_nfs_fh()

btrfs: unlock newly allocated extent buffer after error

udf: Fix NULL ptr deref when converting from inline format

udf: Restore i_lenAlloc when inode expansion fails

Initialize registers to avoid stack leak into userspace.

quota: check block number when reading the block in quota

quota: correct error number in free_dqentry()

af_unix: fix races in sk_peer_pid and sk_peer_cred accesses

af_unix: fix races in sk_peer_pid and sk_peer_cred accesses (adaptation)

Not affected without certain conditions - Secure Boot, configured kgdb/kdb. Complex adaptation

fix double dev_kfree_skb() in error path

can: usb_8dev: usb_8dev_start_xmit(): fix double dev_kfree_skb() in

floppy: use a statically allocated error counter

floppy: use a statically allocated error counter (kpatch adaptation)

cgroup-v1: Require capabilities to set release_agent

netfilter: nf_tables: disallow non-stateful expression in

floppy: disable FDRAWCMD by default

floppy: disable FDRAWCMD by default (adaptation)

UBUNTU: SAUCE: net_sched: cls_route: remove from list when handle is 0

mm: enforce min addr even if capable() in expand_downwards()

ip: constify ip_build_and_send_pkt() socket argument

inet: constify ip_dont_fragment() arguments

ipv4: Cache net in ip_build_and_send_pkt and ip_queue_xmit

ipv4: tcp: send zero IPID in SYNACK messages

vt: vt_ioctl: fix VT_DISALLOCATE freeing in-use virtual console

vt: vt_ioctl: fix VT_DISALLOCATE freeing in-use virtual console (adaptation)

VT_RESIZEX: get rid of field-by-field copyin

vt: vt_ioctl: fix race in VT_RESIZEX

fbcon: Disallow setting font bigger than screen size

fuse: fix pipe buffer lifetime for direct_io

fuse: fix pipe buffer lifetime for direct_io (kpatch adaptation)

vt: drop old FONT ioctls

ipv4: igmp: guard against silly MTU values

usb: mon: make mmapped memory read only

sch_sfb: keep backlog updated with qlen

sch_sfb: Don't assume the skb is still around after enqueueing to child

sch_sfb: Also store skb len before calling child enqueue

netfilter: nf_conntrack_irc: Fix forged IP logic

r8152: Rate limit overflow messages

HID: roccat: Fix use-after-free in roccat_read()

proc: proc_skip_spaces() shouldn't think it is working on C strings

vsock: Fix memory leak in vsock_connect()

netfilter: nf_conntrack_irc: Tighten matching on DCC message

mISDN: fix use-after-free bugs in l1oip timer handlers

mISDN: fix use-after-free bugs in l1oip timer handlers (adaptation)

scsi: stex: Properly zero out the passthrough command structure

btrfs: Don't submit any btree write bio if the fs has errors

drm/ttm/nouveau: don't call tt destroy callback on alloc failure.

packet: in recvmsg msg_name return at least sizeof sockaddr_ll

net/packet: fix slab-out-of-bounds access in packet_recvmsg()

tcp/udp: Fix memory leak in ipv6_renew_options().

Bluetooth: remove unneeded variable in l2cap_stream_rx

Bluetooth: L2CAP: Fix use-after-free caused by l2cap_reassemble_sdu

Bluetooth: L2CAP: Introduce proper defines for PSM ranges

Bluetooth: L2CAP: Fix accepting connection request for invalid SPSM

Bluetooth: L2CAP: Fix attempting to access uninitialized memory

wifi: brcmfmac: Fix potential buffer overflow in

USB: core: Prevent nested device-reset calls

USB: core: Prevent nested device-reset calls (adaptation)

i2c: ismt: Fix an out-of-bounds bug in ismt_access()

drivers: net: slip: fix NPD bug in sl_tx_timeout()

Bluetooth: L2CAP: Fix u8 overflow

net: sched: atm: dont intepret cls results when asked to drop

ipv6: raw: Deduct extension header length in rawv6_push_pending_frames

mm/mincore.c: make mincore() more conservative

HID: check empty report_list in hid_validate_values()

netfilter: nf_tables: fix null deref due to zeroed list head

sctp: fail if no bound addresses can be used for a given scope

media: uvcvideo: Avoid cyclic entity chains due to malformed USB descriptors

prlimit: do_prlimit needs to have a speculation check

net: sched: sch_qfq: prevent slab-out-of-bounds in qfq_activate_agg

xirc2ps_cs: Fix use after free bug in xirc2ps_detach

net: sched: cbq: dont intepret cls results when asked to drop

media: dvb-usb: az6027: fix null-ptr-deref in az6027_i2c_xfer()

scsi: iscsi_tcp: Fix UAF during login when accessing the shost ipaddress

nvme: restrict management ioctls to admin

staging: rtl8712: fix use after free bugs

staging: rtl8712: fix use after free bugs

kvm: initialize all of the kvm_debugregs structure before sending it to userspace

wifi: rndis_wlan: Prevent buffer overflow in rndis_query_oid

net: mpls: fix stale pointer if allocation fails during device rename

seq_buf: Fix overflow in seq_buf_putmem_hex()

ext4: avoid a potential slab-out-of-bounds in ext4_group_desc_csum

ath9k: fix use-after-free in ath9k_hif_usb_rx_cb

igmp: Add ip_mc_list lock in ip_check_mc_rcu

media: rc: Fix use-after-free bugs caused by ene_tx_irqsim()

fix nested locking in table_clear() to remove deadlock concern

firewire: fix potential uaf in outbound_phy_packet_callback()

misc: sgi-gru: fix use-after-free error in gru_set_context_option, gru_fault and gru_handle_user_call_os

rds: Fix lack of reentrancy for connection reset with dst addr zero

ipvlan:Fix out-of-bounds caused by unclear skb->cb

wifi: brcmfmac: slab-out-of-bounds read in brcmf_get_assoc_ies()

media: dm1105: Fix use after free bug in dm1105_remove due to race condition

memstick: r592: Fix UAF bug in r592_remove due to race condition

fbcon: Check font dimension limits

media: dvb_frontend: fix locking issues at dvb_frontend_get_event()

media: dvb-core: Fix kernel WARNING for blocking operation in wait_event*()

media: dvb-core: Fix UAF due to refcount races at releasing

net/sched: cls_route: No longer copy tcf_result on update to avoid use-after-free

net/sched: sch_qfq: account for stab overhead in qfq_enqueue

xfrm: add NULL check in xfrm_update_ae_params

net: vmxnet3: fix possible NULL pointer dereference in vmxnet3_rq_cleanup()

net: vmxnet3: fix possible use-after-free bugs in vmxnet3_rq_alloc_rx_buf()

net/sched: cls_fw: Fix improper refcount update leads to use-after-free

netfilter: nf_tables: prevent OOB access in nft_byteorder_eval

ext4: fix use-after-free in ext4_xattr_set_entry

ext4: add EXT4_INODE_HAS_XATTR_SPACE macro in xattr.h

netfilter: nf_tables: stricter validation of element data

netfilter: nf_tables: reject QUEUE/DROP verdict parameters

kobject: Fix slab-out-of-bounds in fill_kobj_path()

net: xfrm: Fix xfrm_address_filter OOB read

netfilter: nf_tables: validate registers coming from userspace

netfilter: nf_tables: validate registers coming from userspace

vc_screen: move load of struct vc_data pointer in vcs_read() to avoid UAF

xfrm: fix crash in XFRM_MSG_GETSA netlink handler