macsec: Fix use-after-free while sending the offloading packet

security/keys: fix slab-out-of-bounds in key_task_permission

NFSD: Async COPY result needs to return a write verifier

NFSD: Async COPY result needs to return a write verifier

NFSD: Limit the number of concurrent async COPY operations

NFSD: Limit the number of concurrent async COPY operations

NFSD: Initialize struct nfsd4_copy earlier

NFSD: Never decrement pending_async_copies on error

Patch affects __init

Complex adaptation required. Low impact CVE.

media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format

Patch affects initramfs

Out of scope: SuperH architecture isn't supported for current kernel

btrfs: ref-verify: fix use-after-free after invalid ref action

af_packet: avoid erroring out after sock_init_data() in packet_create()

xsk: fix OOB map writes when deleting elements

bpf: fix OOB devmap writes when deleting elements

mlxsw: core_linecards: Fix double memory deallocation in case of invalid INI file

vsock/virtio: Initialization of the dangling pointer occurring in vsk->trans

wifi: ath9k: add range check for conn_rsp_epid in htc_connect_service()

Architecture PARISC is not supported

tipc: Fix use-after-free of kernel socket in cleanup_bearer().

tipc: fix NULL deref in cleanup_bearer()

media: s5p-jpeg: prevent buffer overflows

nfsd: cancel nfsd_shrinker_work using sync mode in nfs4_state_shutdown_net

USB: serial: io_edgeport: fix use after free in debug printk

ALSA: usb-audio: Fix out of bounds reads when finding clock sources

Irrelevant for x64 kernels

net: do not delay dst_entries_add() in dst_release()

ALSA: 6fire: Release resources at card release

ALSA: 6fire: Release resources at card release

netfilter: x_tables: fix LED ID check in led_tg_check()

ksmbd: fix Out-of-Bounds Read in ksmbd_vfs_stream_read

acpi: nfit: vmalloc-out-of-bounds Read in acpi_nfit_ctl

ocfs2: fix uninitialized value in ocfs2_file_read_iter()

bpf: Check validity of link->type in bpf_link_show_fdinfo()

usb: typec: fix potential out of bounds in ucsi_ccg_update_set_new_cam_cmd()

dm cache: fix out-of-bounds access to the dirty bitset when resizing

dm cache: optimize dirty bit checking with find_next_bit when resizing

dm cache: fix potential out-of-bounds access on the first resume

net: bridge: xmit: make sure we have at least eth header len bytes

ksmbd: fix slab-use-after-free in smb3_preauth_hash_rsp

netfilter: ipset: add missing range check in bitmap_ip_uadt

ubifs: authentication: Fix use-after-free in ubifs_tnc_end_commit

9p/xen: fix release of IRQ

net: ieee802154: do not leave a dangling sk pointer in ieee802154_create()

jfs: fix array-index-out-of-bounds in jfs_readdir

crypto: hisilicon/qm - inject error before stopping queue

ima: Fix use-after-free on a dentry's dname.name

ksmbd: fix Out-of-Bounds Write in ksmbd_vfs_stream_write

btrfs: rename and export __btrfs_cow_block()

btrfs: fix use-after-free when COWing tree bock and tracing is enabled

xen/netfront: fix crash when removing device

HID: core: zero-initialize the report buffer

net: wwan: iosm: Fix tainted pointer delete is case of region creation fail

btrfs: don't BUG_ON on ENOMEM from btrfs_lookup_extent_info() in walk_down_proc()

jfs: fix shift-out-of-bounds in dbSplit

Out of scope: User-mode Linux isn't supported for current kernel

ALSA: us122l: Use snd_card_free_when_closed() at disconnection

ocfs2: uncache inode which has failed entering the group

NFSv4.0: Fix a use-after-free problem in the asynchronous open()

net/smc: fix LGR and link use-after-free issue

Bluetooth: L2CAP: do not leave dangling sk pointer on error in l2cap_sock_create()

Bluetooth: L2CAP: do not leave dangling sk pointer on error in l2cap_sock_create()

net: inet: do not leave a dangling sk pointer in inet_create()

net: inet6: do not leave a dangling sk pointer in inet6_create()

jfs: add a check to prevent array-index-out-of-bounds in dbAdjTree

fou: remove warn in gue_gro_receive on unsupported protocol

net/mlx5: Always stop health timer during driver removal

cifs: Fix buffer overflow when parsing NFS reparse points

driver core: bus: Fix double free in driver API bus_register()

usb: musb: sunxi: Fix accessing an released usb phy

Kernel is not affected

mm: resolve faulty mmap_region() error path behaviour

hv_sock: Initializing vsk->trans to NULL to prevent a dangling pointer

Bluetooth: fix use-after-free in device_for_each_child()

driver core: Introduce device_find_any_child() helper

jfs: array-index-out-of-bounds fix in dtReadFirst

net: af_can: do not leave a dangling sk pointer in can_create()

EDAC/igen6: Avoid segmentation fault on module unload

KVM: VMX: Bury Intel PT virtualization (guest/host mode) behind CONFIG_BROKEN

KVM: VMX: Bury Intel PT virtualization (guest/host mode) behind CONFIG_BROKEN

io_uring: fix possible deadlock in io_register_iowq_max_workers()

sctp: properly validate chunk size in sctp_sf_ootb()

ubi: fastmap: Fix duplicate slab cache names while attaching

ASoC: stm32: spdifrx: fix dma channel release in stm32_spdifrx_remove

drm/dp_mst: Fix MST sideband message body length check

low-scored CVE which causes verification conflicts with freezable kthread and cifs reading routines.

netfilter: ipset: Hold module reference while requesting a module

EDAC/bluefield: Fix potential integer overflow

ALSA: caiaq: Use snd_card_free_when_closed() at disconnection

ALSA: caiaq: Use snd_card_free_when_closed() at disconnection

oel9-uek7 kernels are compiled without CONFIG_HFSPLUS_FS

tcp_bpf: Fix the sk_mem_uncharge logic in tcp_bpf_sendmsg

nilfs2: fix potential out-of-bounds memory access in nilfs_find_entry()

scsi: qedi: Fix a possible memory leak in qedi_alloc_and_init_sb()

net/mlx5e: Fix CT entry update leaks of modify header context

scsi: ufs: core: sysfs: Prevent div by zero

Out of scope: User-mode Linux isn't supported

NFSD: Prevent NULL dereference in nfsd4_process_cb_update()

media: v4l2-tpg: prevent the risk of a division by zero

nilfs2: fix null-ptr-deref in block_touch_buffer tracepoint

blk-cgroup: Fix UAF in blkcg_unpin_online()

scsi: sg: Fix slab-use-after-free read in sg_release()

crypto: qat/qat_4xxx - fix off by one in uof_get_name()

gpiolib: cdev: Fix use after free in lineinfo_changed_notify

vdpa/mlx5: Fix invalid mr resource destroy

ipv6: avoid possible NULL deref in rt6_uncached_list_flush_dev()

net: fix data-races around sk->sk_forward_alloc

scsi: mpi3mr: Fix corrupt config pages PHY state is switched in sysfs

vp_vdpa: fix id_table array not null terminated error

vp_vdpa: fix id_table array not null terminated error

PCI/MSI: Handle lack of irqdomain gracefully

net: usb: lan78xx: Fix double free issue with interrupt buffer allocation

netdevsim: use cond_resched() in nsim_dev_trap_report_work()

nvmet-auth: complete a request only after freeing the dhchap pointers

nvmet: always initialize cqe.result

bnxt_en: Fix possible memory leak in bnxt_rdma_aux_device_init()

bnxt_en: Adjust logging of firmware messages in case of released token in __hwrm_send()

bnxt_en: Fix receive ring space parameters when XDP is active

bnxt_en: Fix aggregation ID mask to prevent oops on 5760X chips

net/mlx5: DR, prevent potential error pointer dereference

nvmet-auth: assign dh_key to NULL after kfree_sensitive

scsi: lpfc: Handle mailbox timeouts in lpfc_get_sfp_info

bnxt_en: Fix double DMA unmapping for XDP_REDIRECT

sched/deadline: Fix warning in migrate_enable for boosted tasks

Postponed: complex analysis and adaptation required

Bluetooth: hci_event: Align BR/EDR JUST_WORKS paring with LE

kpatch add alt asm definitions

kpatch add paravirt asm definitions