selinux: properly handle multiple messages in selinux_netlink_send()

net: ipv6_stub: use ip6_dst_lookup_flow instead of ip6_dst_lookup

kpatch adaptation for CVE-2020-1749

blktrace: Protect q->blk_trace with RCU

blktrace: Protect q->blk_trace with RCU

ext4: avoid declaring fs inconsistent due to invalid file handles (dependency for CVE-2019-19319)

ext4: protect journal inode's blocks using block_validity

ext4: don't perform block validity checks on the journal inode

ext4: protect journal inode's blocks using block_validity

ext4: protect journal inode's blocks using block_validity

scsi: sg: add sg_remove_request in sg_write

x86/speculation: Prevent rogue cross-process SSBD shutdown

x86/speculation: Change misspelled STIPB to STIBP

x86/speculation: Avoid force-disabling IBPB based on STIBP and enhanced IBRS.

x86/speculation: PR_SPEC_FORCE_DISABLE enforcement for indirect branches.

x86/speculation: Avoid force-disabling IBPB based on STIBP and enhanced IBRS. (kpatch adaptation)

N/A

x86/speculation: Add Special Register Buffer Data Sampling (SRBDS) mitigation

make 'user_access_begin()' do 'access_ok()'

include/linux/relay.h: fix percpu annotation in struct rchan

mm: Fix mremap not considering huge pmd devmap

fs/binfmt_elf.c: allocate initialized memory in fill_thread_core_info()

fix possible deadlock with mutex within SCSI libsas (adaptation)

xfs: set format back to extents if xfs_bmap_extents_to_btree

net: phy: mdio-bcm-unimac: fix potential NULL dereference in unimac_mdio_probe()

crypto: ccp - Release all allocated memory if sha type is invalid

media: rc: prevent memory leak in cx23888_ir_probe

iio: imu: adis16400: fix memory leak

ath9k_htc: release allocated buffer if timed out

ath9k: release allocated buffer if timed out

x86/kvm: Be careful not to clear KVM_VCPU_FLUSH_TLB bit

x86/kvm: Be careful not to clear KVM_VCPU_FLUSH_TLB bit

f2fs: check if file namelen exceeds max value

xfs: add agf freeblocks verify in xfs_agf_verify

btrfs: merge btrfs_find_device and find_device

net/packet: fix overflow in tpacket_rcv

ext4: fix potential negative array index in do_split()

Fix for missing check in vgacon scrollback handling

netfilter: ctnetlink: add a range check for l3/l4 protonum

nfs: Fix getxattr kernel panic and memory overflow

mm/hugetlb: fix a race between hugetlb sysctl handlers

fbcon: remove soft scrollback code

fbcon: remove soft scrollback code (adaptation)

rbd: require global CAP_SYS_ADMIN for mapping and unmapping

hdlc_ppp: add range checks in ppp_cp_parse_cr()

geneve: add transport ports in route lookup for geneve

[net] Bluetooth: L2CAP: Fix calling sk_filter on non-socket based channel

[net] Bluetooth: A2MP: Fix not initializing all members

icmp: randomize the global rate limiter

blktrace: ensure our debugfs dir exists

Blktrace: bail out early if block debugfs is not configured

blktrace: fix debugfs use after free

perf/core: Fix race in the perf_mmap_close() function

vt: keyboard, simplify vt_kdgkbsent

vt: keyboard, extend func_buf_lock to readers

tty: make FONTX ioctl use the tty pointer they were actually passed

Input: sunkbd - avoid use-after-free in teardown paths

powercap: make attributes only readable by root

powercap: make attributes only readable by root (adaptation)

perf/core: Fix a memory leak in perf_event_parse_addr_filter()

vt: Disable KD_FONT_OP_COPY

speakup: Do not let the line discipline be used several times

xen/events: avoid removing an event channel while handling it

btrfs: inode: Verify inode mode to avoid NULL pointer dereference

jfs: Fix array index bounds check in dbAdjTree

limit size of watch_events dom0 queue.

handle xenwatch_thread patching.

xen-blkback: set ring->xenblkd to NULL after kthread_stop()

tty: Fix ->pgrp locking in tiocspgrp()

tty: Fix ->session locking

[PATCH] tracing: Fix race in trace_open and buffer resize call

UBUNTU: SAUCE: target: fix XCOPY NAA identifier lookup

UBUNTU: SAUCE: target: fix XCOPY NAA identifier lookup (adaptation )

nfsd4: readdirplus shouldn't return parent of export

futex: Ensure the correct return value from futex_lock_pi

futex: Simplify fixup_pi_state_owner

futex: Replace pointless printk in fixup_owner

futex: Provide and use pi_state_update_owner

futex: Handle faults correctly for PI futexes

nbd: freeze the queue while we're adding connections

Xen/x86: don't bail early from clear_foreign_p2m_mapping()

Xen/x86: also check kernel mapping in set_foreign_p2m_mapping()

Xen/gntdev: correct dev_bus_addr handling in gntdev_map_grant_pages()

Xen/gntdev: correct error checking in gntdev_map_grant_pages()

xen-blkback: don't "handle" error by BUG()

xen-netback: don't "handle" error by BUG()

xen-scsiback: don't "handle" error by BUG()

xen-blkback: fix error handling in xen_blkbk_map()

Xen/gnttab: handle p2m update errors on a per-slot basis

xen-netback: respect gnttab_map_refs()'s return value

scsi: iscsi: Restrict sessions and handles to admin capabilities

sysfs: Add sysfs_emit and sysfs_emit_at to format sysfs output

scsi: iscsi: Ensure sysfs attributes are limited to PAGE_SIZE

scsi: iscsi: Verify lengths on passthrough PDUs

bpf: Prohibit alu ops for pointer types not defining ptr_limit

bpf: Fix off-by-one for area size in creating mask to left

bpf: Simplify alu_limit masking for pointer arithmetic

bpf: Add sanity check for upper ptr_limit

bpf, x86: Validate computation of branch displacements for x86-64

nfc: fix refcount leak in llcp_sock_bind()

nfc: fix refcount leak in llcp_sock_connect()

nfc: fix memory leak in llcp_sock_connect()

staging: rtl8188eu: prevent ->ssid overflow in rtw_wx_set_scan()

PCI: rpadlpar: Fix potential drc_name corruption in store functions

btrfs: fix race when cloning extent buffer during rewind of an old

usbip: fix stub_dev to check for stream socket

usbip: fix stub_dev usbip_sockfd_store() races leading to gpf

net: qrtr: fix a kernel-infoleak in qrtr_recvmsg()

firewire: nosy: Fix a use-after-free bug in nosy_ioctl()

netfilter: x_tables: fix compat match/target pad out-of-bound write

gup: document and work around "COW can break either way" issue

bpf: Fix masking negation logic upon negative dst register

sctp: delay auto_asconf init until binding the first addr

bpf: Move off_reg into sanitize_ptr_alu

bpf: Fix backport of "bpf: restrict unknown scalars of mixed signed bounds for unprivileged"

bpf: Ensure off_reg has no mixed signed bounds for all types

bpf: Rework ptr_limit into alu_limit and add common error path

bpf: Refactor and streamline bounds check into helper

bpf: Refactor and streamline bounds check into helper

bpf: Move sanitize_val_alu out of op switch

bpf: Tighten speculative pointer arithmetic mask

bpf: Wrap aux data inside bpf_sanitize_info container

bpf: Fix mask direction swap upon off reg sign change

netfilter: x_tables: Use correct memory barriers.

race condition for removal of the HCI controller.

Bluetooth: verify AMP hci_chan before amp_destroy

Bluetooth: verify AMP hci_chan before amp_destroy (kcare adaptation)

Bluetooth: fix the erroneous flush_work() order

Bluetooth: SMP: Fail if remote and local public keys are identical

Bluetooth: use correct lock to prevent UAF of hdev object

Predictor logic is absent in 4.14.

seq_file: Disallow extremely large seq buffer allocations

sctp: validate from_addr_param return

sctp: add size validation when walking chunks

sctp: fix return value check in __sctp_rcv_asconf_lookup

sctp: validate chunk size in __rcv_asconf_lookup

sctp: add param size validation for SCTP_PARAM_SET_PRIMARY

Not easily portable to 4.14.

Not easily portable to 4.14.

KVM: do not allow mapping valid but non-reference-counted pages

ovl: fix missing negative dentry check in ovl_rename()

usb: hso: fix error handling code of hso_create_net_device

bpf: Fix integer overflow in prealloc_elems_and_freelist()

Don't support MIPS arch

crypto: ccp - fix resource leaks in ccp_run_aes_gcm_cmd()

Bluetooth: sco: Fix lock_sock() blockage by memcpy_from_msg()

use init_tag from inithdr for ABORT chunk

fix the processing for COOKIE_ECHO chunk

sctp: add vtag check in sctp_sf_violation

sctp: add vtag check in sctp_sf_do_8_5_1_E_sa

sctp: add vtag check in sctp_sf_ootb

hugetlbfs: flush TLBs correctly after huge_pmd_unshare

fget: check that the fd still exists after getting a ref to it (dependency patch for CVE-2021-4083)

fget: check that the fd still exists after getting a ref to it

xfs: map unwritten blocks in XFS_IOC_{ALLOC,FREE}SP just like fallocate

cgroup-v1: Require capabilities to set release_agent

xen/netback: fix rx queue stall detection

xen/netback: don't queue unlimited number of packages

xen/netback: fix rx queue stall detection (adaptation)

tee: handle lookup of shm with reference count 0

tee: handle lookup of shm with reference count 0 (kpatch adaptation)

An introduction of required changes through KernelCare could cause unavoidable problems to applications which use unprivileged eBPF.

An introduction of required changes through KernelCare could cause unavoidable problems to applications which use unprivileged eBPF.

fuse: fix bad inode

NFSv4: Initialise connection to the server in nfs4_alloc_client()

bpf: fix truncated jump targets on heavy expansions

Not backported to 4.14.

drm/i915: Flush TLBs before releasing backing store

drm/i915: Flush TLBs before releasing backing store (kpatch adaptation)

NFSv4: Handle case where the lookup of a directory fails

tipc: improve size validations for received domain records

udf: Restore i_lenAlloc when inode expansion fails

udf: Fix NULL ptr deref when converting from inline format

lib/iov_iter: initialize "flags" in new pipe_buffer

An introduction of required changes through KernelCare could cause unavoidable problems to applications which use unprivileged eBPF.

Initialize registers to avoid stack leak into userspace.

Bail out in case userspace uses unsupported registers.

nfc: st21nfca: Fix potential buffer overflows in EVT_TRANSACTION

esp: Fix possible buffer overflow in ESP transformation

llc: fix netdevice reference leaks in llc_ui_bind()

xprtrdma: fix incorrect header size calculations

block-map: add __GFP_ZERO flag for alloc_page in function

ext4: verify dir block before splitting it

ext4: make variable "count" signed

ext4: avoid cycles in directory h-tree

perturb functionality missing in kernels earlier than 4.14.285-215.501.amzn2

secure_seq: use the 64 bits of the siphash for port offset

Out of scope - related to PowerPC 32-bit.

Duplicate of CVE-2022-32250

netfilter: nf_tables: disallow non-stateful expression in

xen/blkfront: fix leaking data in shared pages

net: Rename and export copy_skb_header

xen/netfront: fix leaking data in shared pages

xen/netfront: force data bouncing when backend is untrusted

xen/netfront: force data bouncing when backend is untrusted (adaptation)

xen/blkfront: force data bouncing when backend is untrusted

xen/blkfront: force data bouncing when backend is untrusted (adaptation)

Out of scope - ARM architecture.

net: rose: fix UAF bugs caused by timer handler

net: rose: fix UAF bugs caused by timer handler (adaptation)

fbcon: Disallow setting font bigger than screen size

xfrm: xfrm_policy: fix a possible double xfrm_pols_put() in

x86: Clear .brk area at early boot

N/A

[PATCH v4 1/2] ath9k: fix use-after-free in ath9k_hif_usb_rx_cb

KVM: x86: Forbid VMM to set SYNIC/STIMER MSRs when SynIC wasn't activated

KVM: x86: Check lapic_in_kernel() before attempting to set a SynIC irq

KVM: x86: Avoid theoretical NULL pointer dereference in kvm_irq_delivery_to_apic_fast()

KVM: Add infrastructure and macro to mark VM as bugged

KVM: x86: Check lapic_in_kernel() before attempting to set a SynIC irq (adaptation)

UBUNTU: SAUCE: net_sched: cls_route: remove from list when handle is 0

Livepatching Retbleed may decrease the stability and performance of the kernel, while vulnerability has a medium security impact and only for a certain hardware environment.

Livepatching Retbleed may decrease the stability and performance of the kernel, while vulnerability has a medium security impact and only for a certain hardware environment.

netfilter: nf_queue: do not allow packet truncation below transport header offset

r8152: Rate limit overflow messages

nilfs2: fix NULL pointer dereference at nilfs_bmap_lookup_at_level()

nilfs2: fix leak of nilfs_root in case of writer thread creation failure

nilfs2: fix leak of nilfs_root in case of writer thread creation failure

video: fbdev: pxa3xx-gcu: Fix integer overflow in pxa3xx_gcu_write

scsi: stex: Properly zero out the passthrough command structure

media: v4l2-mem2mem: Apply DST_QUEUE_OFF_BASE on MMAP buffers across

Bluetooth: L2CAP: Fix use-after-free caused by l2cap_reassemble_sdu

xen/netback: Ensure protocol headers don't fall in the non-linear area

Bluetooth: L2CAP: Fix u8 overflow

net: sched: disallow noqueue for qdisc classes

ipv6: raw: Deduct extension header length in rawv6_push_pending_frames

net: sched: atm: dont intepret cls results when asked to drop

net/x25: Fix null-ptr-deref caused by x25_disconnect

Check PTRACE_O_SUSPEND_SECCOMP permission on PTRACE_SEIZE

Reinstate some of "swiotlb: rework "fix info leak with DMA_FROM_DEVICE""

perf: Fix sys_perf_event_open() race against self

net/sched: cls_u32: fix netns refcount changes in u32_change()

fuse: fix pipe buffer lifetime for direct_io

fuse: fix pipe buffer lifetime for direct_io (kpatch adaptation)

af_key: add __GFP_ZERO flag for compose_sadb_supported in function pfkey_register

fix double dev_kfree_skb in error path

fix double dev_kfree_skb() in error path

bpf: Verifer, adjust_scalar_min_max_vals to always call update_reg_bounds()

tty: extract tty_flip_buffer_commit() from tty_flip_buffer_push()

tty: use new tty_insert_flip_string_and_push_buffer() in pty_write()

netfilter: nf_conntrack_irc: Fix forged IP logic

efi: capsule-loader: Fix use-after-free in efi_capsule_write

efi: capsule-loader: Fix use-after-free in efi_capsule_write (adaptation)

af_key: Do not call xfrm_probe_algs in parallel

net: mpls: fix stale pointer if allocation fails during device rename

Complex adaptation is required, mainline retired tcindex.

prlimit: do_prlimit needs to have a speculation check

scsi: iscsi_tcp: Fix UAF during login when accessing the shost ipaddress

Fix double fget() in vhost_net_set_backend()

bluetooth: Perform careful capability checks in hci_sock_ioctl()

bluetooth: Add cmd validity checks at the start of hci_sock_ioctl()

xfs: verify buffer contents when we skip log replay

net: sched: cbq: dont intepret cls results when asked to drop

net: qcom/emac: Fix use after free bug in emac_remove due to race condition

i2c: xgene-slimpro: Fix out-of-bounds bug in xgene_slimpro_i2c_xfer()

ext4: add EXT4_INODE_HAS_XATTR_SPACE macro in xattr.h

ext4: fix use-after-free in ext4_xattr_set_entry

net: sched: sch_qfq: prevent slab-out-of-bounds in qfq_activate_agg

netfilter: nf_tables: split set destruction in deactivate and destroy phase

netfilter: nft_hash: fix nft_hash_deactivate

netfilter: nf_tables: bogus EBUSY when deleting set after flush

netfilter: nf_tables: deactivate anonymous set from preparation phase

netfilter: nf_tables: split set destruction in deactivate and destroy phase (adaptation)

netfilter: nf_tables: bogus EBUSY when deleting set after flush (Revert)

netfilter: nf_tables: split set destruction in deactivate and destroy phase

netfilter: nf_tables: split set destruction in deactivate and destroy phase

x86/xen: Add xenpv_restore_regs_and_return_to_usermode()

N/A

N/A

Restrict access to pagemap/kpageflags/kpagecount

vmx_vcpu_run wrapper

tcp/udp: Fix memory leak in ipv6_renew_options()

Bluetooth: L2CAP: Fix accepting connection request for invalid SPSM

Bluetooth: L2CAP: Fix l2cap_global_chan_by_psm

KVM: nSVM: avoid picking up unsupported bits from L2 in int_ctl

KVM: nSVM: avoid picking up unsupported bits from L2 in int_ctl (adaptation)

KVM: nSVM: always intercept VMLOAD/VMSAVE when nested (CVE-2021-3656)

ovl: prevent private clone if bind mount is not allowed (CVE-2021-3732)

vt_kdsetmode: extend console locking (CVE-2021-3753)

KVM: X86: MMU: Use the correct inherited permissions to get shadow page

KVM: X86: MMU: Use the correct inherited permissions to get shadow page (adaptation)

ext4: fix race writing to an inline_data file while its xattrs are changing