Xen/x86: don't bail early from clear_foreign_p2m_mapping()

Xen/x86: also check kernel mapping in set_foreign_p2m_mapping()

Xen/gntdev: correct dev_bus_addr handling in gntdev_map_grant_pages()

Xen/gntdev: correct error checking in gntdev_map_grant_pages()

xen-blkback: don't "handle" error by BUG()

xen-netback: don't "handle" error by BUG()

xen-scsiback: don't "handle" error by BUG()

xen-blkback: fix error handling in xen_blkbk_map()

ovl: pass correct flags for opening real directory

ovl: switch to mounter creds in readdir

ovl: verify permissions in ovl_path_open()

futex: Ensure the correct return value from futex_lock_pi

futex: Simplify fixup_pi_state_owner

futex: Replace pointless printk in fixup_owner

futex: Provide and use pi_state_update_owner

futex: Handle faults correctly for PI futexes

nbd: freeze the queue while we're adding connections

scsi: iscsi: Restrict sessions and handles to admin

scsi: iscsi: Verify lengths on passthrough PDUs

scsi: iscsi: Ensure sysfs attributes are limited to PAGE_SIZE

sysfs: Add sysfs_emit and sysfs_emit_at to format sysfs (dependency)

Xen/gnttab: handle p2m update errors on a per-slot basis

bpf: Prohibit alu ops for pointer types not defining ptr_limit

bpf: Fix off-by-one for area size in creating mask to left

bpf: Simplify alu_limit masking for pointer arithmetic

bpf: Add sanity check for upper ptr_limit

ext4: handle error of ext4_setup_system_zone() on remount

perf/x86/intel: Fix a crash caused by zero PEBS status

btrfs: fix race when cloning extent buffer during rewind of an old

netfilter: x_tables: make xt_replace_table wait until old

netfilter: x_tables: Use correct memory barriers.

xen-blkback: don't leak persistent grants from xen_blkbk_map()

bpf, x86: Validate computation of branch displacements for x86-64

IBM Power9 is unsupported

dm ioctl: fix out of bounds array access when no devices

netfilter: x_tables: fix compat match/target pad out-of-bound write

sctp: delay auto_asconf init until binding the first addr

race condition for removal of the HCI controller.

Bluetooth: verify AMP hci_chan before amp_destroy

Bluetooth: verify AMP hci_chan before amp_destroy (kcare adaptation)

net: mac802154: Fix general protection fault

cipso,calipso: resolve a number of problems with the DOI refcounts

seq_file: Disallow extremely large seq buffer allocations

net/mlx4: Fix EEPROM dump support

Out of scope as the patch is for NFC/Android

Out of scope as the patch is for NFC/Android

Out of scope as the patch is for NFC/Android

KVM: nSVM: do not change host intercepts while nested VM is running (CVE-2021-3656 dependency)

KVM: nSVM: always intercept VMLOAD/VMSAVE when nested

KVM: nSVM: avoid picking up unsupported bits from L2 in int_ctl

KVM: nSVM: avoid picking up unsupported bits from L2 in int_ctl (adaptation)

can: bcm: fix infoleak in struct bcm_msg_head

Input: joydev - prevent use of not validated data in JSIOCSBTNMAP

Out of scope as the patch is for NFC/Android

mac80211: assure all fragments are encrypted

mac80211: add fragment cache to sta_info

mac80211: prevent mixed key and fragment cache attacks

mac80211: prevent mixed key and fragment cache attacks

mac80211: prevent mixed key and fragment cache attacks

mac80211: prevent mixed key and fragment cache attacks

mac80211: prevent mixed key and fragment cache attacks

cfg80211: mitigate A-MSDU aggregation attacks

can: bcm: delay release of struct bcm_op after synchronize_rcu

KVM: do not allow mapping valid but non-reference-counted pages

Bluetooth: fix the erroneous flush_work() order

Bluetooth: use correct lock to prevent UAF of hdev object

sctp: validate from_addr_param return

sctp: add size validation when walking chunks

virtio_console: Assure used length from device is limited

tracing: Fix bug in rb_per_cpu_empty() that might cause deadloop.

ext4: fix race writing to an inline_data file while its

fuse: fix bad inode

fuse: fix live lock in fuse_iget()

af_unix: fix garbage collect vs MSG_PEEK

af_unix: fix garbage collect vs MSG_PEEK (adaptation)

fs: add fget_many() and fput_many() (dependency)

fget: check that the fd still exists after getting a ref to

xfs: map unwritten blocks in XFS_IOC_{ALLOC,FREE}SP just like

cgroup-v1: Require capabilities to set release_agent

Initialize registers to avoid stack leak into userspace.

lib/iov_iter: initialize "flags" in new pipe_buffer

lib/timerqueue: Rely on rbtree semantics for next timer

lib/timerqueue: Rely on rbtree semantics for next timer (adaptation)

hugetlbfs: flush TLBs correctly after huge_pmd_unshare

btrfs: unlock newly allocated extent buffer after error

drm/i915: Flush TLBs before releasing backing store

drm/i915: Flush TLBs before releasing backing store (kpatch adaptation)

stale file descriptors on failed usercopy

NFSv4: Handle case where the lookup of a directory fails

tipc: improve size validations for received domain records

udf: Restore i_lenAlloc when inode expansion fails

udf: Fix NULL ptr deref when converting from inline format

ipv4: avoid using shared IP generator for connected sockets

sr9700: sanity check for packet length

An introduction of required changes through KernelCare could cause unavoidable problems to applications which use unprivileged eBPF.

esp: Fix possible buffer overflow in ESP transformation

NFSv4: Initialise connection to the server in nfs4_alloc_client()

Not affected without certain conditions - Secure Boot, configured kgdb/kdb. Complex adaptation

memstick: rtsx_usb_ms: fix UAF

xen/grant-table: add gnttab_try_end_foreign_access()

xen/xenbus: Fix granting of vmalloc'd memory

xen/xenbus: don't let xenbus_grant_ring() remove grants in error case

xen/scsifront: don't use gnttab_query_foreign_access() for mapped status

xen/gntalloc: don't use gnttab_query_foreign_access()

xen/9p: use alloc/free_pages_exact()

ALSA: pcm: Fix races among concurrent read/write and buffer changes

ALSA: pcm: Fix races among concurrent prealloc proc writes

ALSA: pcm: Fix races among concurrent prepare and

ALSA: pcm: Fix races among concurrent hw_params and hw_free

N/A

x86/speculation/mmio: Add mitigation for Processor MMIO Stale Data

floppy: use a statically allocated error counter

floppy: use a statically allocated error counter (kpatch adaptation)

net_sched: cls_route: remove from list when handle is 0

rds: copy_from_user only once per rds_sendmsg system call

scsi: target: Fix protect handling in WRITE SAME(32)

scsi: target: Fix WRITE_SAME No Data Buffer crash

af_key: Do not call xfrm_probe_algs in parallel

media: em28xx: initialize refcount before kref_get

proc: avoid integer type confusion in get_proc_long

proc: proc_skip_spaces() shouldn't think it is working on C strings

scsi: stex: Properly zero out the passthrough command structure

mISDN: fix use-after-free bugs in l1oip timer handlers

mISDN: fix use-after-free bugs in l1oip timer handlers (adaptation)

ALSA: pcm: oss: Fix race at SNDCTL_DSP_SYNC

tcp/udp: Fix memory leak in ipv6_renew_options()

Bluetooth: L2CAP: fix use-after-free in l2cap_conn_del()

Bluetooth: L2CAP: Fix attempting to access uninitialized memory

Bluetooth: L2CAP: Fix l2cap_global_chan_by_psm

Bluetooth: L2CAP: Fix accepting connection request for invalid SPSM

ipv6: raw: Deduct extension header length in rawv6_push_pending_frames

i2c: ismt: Fix an out-of-bounds bug in ismt_access()

nfp: fix use-after-free in area_cache_get()

net: sched: atm: dont intepret cls results when asked to drop

media: dvb-core: Fix UAF due to refcount races at releasing

Bluetooth: L2CAP: Fix u8 overflow

net: sched: disallow noqueue for qdisc classes

wifi: rndis_wlan: Prevent buffer overflow in rndis_query_oid

hv_netvsc: Add check for kvmalloc_array

vc_screen: move load of struct vc_data pointer in vcs_read() to avoid UAF

rds: Fix lack of reentrancy for connection reset with dst addr zero

netfilter: ipset: add the missing IP_SET_HASH_WITH_NET0 macro for ip_set_hash_netportnet.c

net/sched: sch_hfsc: Ensure inner classes have fsc curve

Livepatching Retbleed may decrease kernel stability and performance. This vulnerability has medium security impact and applies to certain hardware environments only.

Livepatching Retbleed may decrease the stability and performance of the kernel, while vulnerability has a medium security impact and only for a certain hardware environment.

net: sched: fix race condition in qdisc_graft()

sched/rt: pick_next_rt_entity(): check list_entry

kobject: Fix slab-out-of-bounds in fill_kobj_path()

RDMA/irdma: Prevent zero-length STAG registration

netfilter: nf_tables: Reject tables of unsupported family

netfilter: nf_tables: reject QUEUE/DROP verdict parameters

net/mlx5e: drop shorter ethernet frames

stm class: Fix a double free in stm_register_device()

kdb: Fix buffer overflow during tab-complete

nilfs2: We cannot patch functions that sleep in kthread().

vhost/scsi: null-ptr-dereference in vhost_scsi_get_req()

net: ethernet: lantiq_etop: fix double free in detach

tcp: defer shutdown(SEND_SHUTDOWN) for TCP_SYN_RECV sockets

jfs: xattr: fix buffer overflow for invalid xattr

net/iucv: Avoid explicit cpumask var allocation on stack

net: dsa: mv88e6xxx: Correct check for empty list

tcp_metrics: validate source addr length

tcp_metrics: validate source addr length

bonding: Fix out-of-bounds read in bond_option_arp_ip_targets_set()

nilfs2: fix inode number range checks

nilfs2: add missing check for inode numbers on directory entries

VMCI: Fix use-after-free when removing resource in vmci_resource_remove()

ipv6: annotate some data-races around sk->sk_prot

ipv6: Fix data races around sk->sk_prot.

tcp: Fix data races around icsk->icsk_af_ops

nilfs2: fix nilfs_empty_dir() misjudgment and long loop on I/O errors

USB composite function controllers related patch

USB: class: cdc-wdm: Fix CPU lockup caused by excessive log messages

HID: core: remove unnecessary WARN_ON() in implement()

usb-storage: alauda: Fix uninit-value in alauda_check_media()

usb-storage: alauda: Check whether the media is initialized

usb-storage: alauda: Check whether the media is initialized

SUNRPC: Fix RPC client cleaned up the freed pipefs dentries

media: dvb-frontends: tda10048: Fix integer overflow

s390 architecture related CVE.

ppp: ensure minimum packet size in ppp_write()

ppp: reject claimed-as-LCP but actually malformed packets

USB: core: Fix duplicate endpoint bug by clearing reserved bits in the descriptor

nilfs2 is not enabled

drm/radeon: fix UBSAN warning in kv_dpm.c

usb: atm: cxacru: fix endpoint checking in cxacru_bind()

x86: stop playing stack games in profile_pc()

drm/exynos/vidi: fix memory leak in .get_modes()

drivers: core: synchronize really_probe() and dev_uevent()

nilfs2 related patch

drm/nouveau/dispnv04: fix null pointer dereference in nv17_tv_get_hd_modes

ila: block BH in ila_output()

wifi: cfg80211: wext: add extra SIOCSIWSCAN data check

Out of scope as the patch is for s390 arch only, x86_64 is not affected

Bluetooth: hci_core: cancel all works upon hci_unregister_dev()

hfsplus: fix uninit-value in copy_name

ocfs2: add bounds checking to ocfs2_check_dir_entry()

jfs: don't walk off the end of ealist

exec: Fix ToCToU between perm check and set-uid/gid usage

net/iucv: fix use after free in iucv_sock_close()

media: venus: fix use after free in vdec_close

bna: adjust 'name' buf size of bna_tcb and bna_ccb structures

jfs: Fix array-index-out-of-bounds in diFree

scsi: aacraid: Fix double-free on probe failure

usb: dwc3: st: fix probed platform device ref count on probe error path

Squashfs: sanity check symbolic link size

hwmon: (w83627ehf) Fix underflows seen when writing limit attributes

RDMA/iwcm: Fix a use-after-free related to destroying CM IDs

RDMA/iwcm: Fix WARNING:at_kernel/workqueue.c:#check_flush_dependency

RDMA/iwcm: Fix WARNING:at_kernel/workqueue.c:#check_flush_dependency

USB: core: Add routines for endpoint checks in old drivers

usb: atm: cxacru: fix a flaw in existing endpoint checks

x86/xen: Add xenpv_restore_regs_and_return_to_usermode()

Restrict access to pagemap/kpageflags/kpagecount

N/A

perf: Fix sys_perf_event_open() race against self