nvmet-tcp: Fix a possible UAF in queue intialization setup

kobject: Fix slab-out-of-bounds in fill_kobj_path()

An introduction of required changes through KernelCare could cause unavoidable problems to applications which use netfilter functionality.

netfilter: nf_tables: reject QUEUE/DROP verdict parameters

vhost: use kzalloc() instead of kmalloc() followed by memset()

netfilter: nf_tables: fix pointer math issue in nft_byteorder_eval()

kpatch: entry: add asm headers

kpatch add alt asm definitions

kpatch add alternative2 asm definition

x86/bhi: Add support for clearing branch history at syscall entry

tap: add missing verification for short frame

tun: add missing verification for short frame

net: fix __dst_negative_advice() race

nilfs2: We cannot patch functions that sleep in kthread().

ppdev: Add an error check in register_device

nilfs2: fix potential hang in nilfs_detach_log_writer()

kdb: Fix buffer overflow during tab-complete

ipv6: sr: fix invalid unregister error path

tty: n_gsm: fix possible out-of-bounds in gsm0_receive()

md: fix resync softlockup when bitmap size is less than array

crypto: bcm - Fix pointer arithmetic

jffs2: prevent xattr node from overflowing the eraseblock

wifi: carl9170: add a proper sanity check for endpoints

drm/mediatek: Add 0 size check to mtk_drm_gem_obj

drm/arm/malidp: fix a possible null pointer dereference

serial: max3100: Update uart_driver_registered on driver

netfilter: nfnetlink_queue: acquire rcu_read_lock() in instance_destroy_rcu()

enic: Validate length of nl attributes in enic_set_vf_port

Out of scope as the patch is for s390 arch only, x86_64, arm64 is not affected

xsk: validate user input for XDP_{UMEM|COMPLETION}_FILL_RING

drm/amd/display: Fix potential index out of bounds in color transformation function

scsi: bfa: Ensure the copied buf is NUL terminated

af_unix: Fix data races in unix_release_sock/unix_stream_sendmsg

greybus: lights: check return of get_channel_from_mode

virtio: delete vq in vp_find_vqs_msix() when request_irq() fails

ALSA: timer: Set lower bound of start tick time

tcp: Fix shift-out-of-bounds in dctcp_update_alpha().

tcp: Fix shift-out-of-bounds in dctcp_update_alpha().

wifi: ar5523: enable proper endpoint verification

ecryptfs: Fix buffer size for tag 66 packet

ring-buffer: Fix a race between readers and resize checks

serial: max3100: Lock port->lock when calling

ext4: fix mb_cache_entry's e_refcnt leak in

f2fs: fix to do sanity check on i_xattr_nid in

drm/amdgpu: add error handle to avoid out-of-bounds

Out of scope: ARM64 architecture issue

ipvlan: Dont Use skb->sk in ipvlan_process_v{4,6}_outbound

SUNRPC: Fix gss_free_in_token_pages()

SUNRPC: Fix loop termination condition in gss_free_in_token_pages()

netfilter: tproxy: bail out if IP has been disabled on the device

net: openvswitch: fix overwriting ct original tuple for ICMPv6

scsi: qedf: Ensure the copied buf is NUL terminated

soundwire: Skipped as code which CVE fixes doesn't exists in older releaes

net/9p: fix uninit-value in p9_client_rpc()

cpufreq: exit() callback is optional

Out of scope as the patch is for m68k arch only, x86_64, arm64 is not affected

netrom: fix possible dead-lock in nr_rt_ioctl()

stm class: Fix a double free in stm_register_device()

Out of scope: User-mode Linux isn't supported for current kernel

media: stk1160: fix bounds checking in stk1160_copy_video()

ipv6: sr: fix memleak in seg6_hmac_init_algo

dma-buf/sw-sync: don't enable IRQ from sync_print_obj()

netns: Make get_net_ns() handle zero refcount net

filelock: fix potential use-after-free in posix_lock_inode

netfilter: nftables: exthdr: fix 4-byte stack OOB write

net/iucv: Avoid explicit cpumask var allocation on stack

bonding: Fix out-of-bounds read in

net: ethernet: lantiq_etop: fix double free in detach

nilfs2: add missing check for inode numbers on directory

ipv6: annotate some data-races around sk->sk_prot

ipv6: Fix data races around sk->sk_prot.

tcp: Fix data races around icsk->icsk_af_ops.

nilfs2: fix nilfs_empty_dir() misjudgment and long loop on I/O errors

vmci: prevent speculation leaks by sanitizing event in event_deliver()

liquidio: Adjust a NULL pointer handling path in lio_vf_rep_copy_packet

USB: class: cdc-wdm: Fix CPU lockup caused by excessive log messages

drm/exynos/vidi: fix memory leak in .get_modes()

ipv6: prevent possible NULL dereference in rt6_probe()

drm/radeon: fix UBSAN warning in kv_dpm.c

USB: core: Fix duplicate endpoint bug by clearing reserved bits in the descriptor

usb: atm: cxacru: fix endpoint checking in cxacru_bind()

net: can: j1939: Initialize unused data in j1939_send_one()

ocfs2: fix races between hole punching and AIO+DIO

net/sched: act_api: fix possible infinite loop in tcf_idr_check_alloc()

ppp: reject claimed-as-LCP but actually malformed packets

ASoC: fsl-asoc-card: set priv->pdev before using it

net: tcp: fix unexcepted socket die when snd_wnd is 0

tcp: use signed arithmetic in tcp_rtx_probe0_timed_out()

tcp: avoid too many retransmit packets

x86: stop playing stack games in profile_pc()

scsi: qedi: Fix crash while reading debugfs attribute

inet_diag: Initialize pad field in struct inet_diag_req_v2

drm/amdgpu: fix UBSAN warning in kv_dpm.c

USB composite function controllers related patch

net/sched: taprio: always validate TCA_TAPRIO_ATTR_PRIOMAP

drivers: core: synchronize really_probe() and dev_uevent()

driver core: Fix uevent_show() vs driver detach race

ARM related patch

xfrm6: check ip6_dst_idev() return value in xfrm6_get_saddr()

nilfs2 related patch

udp: Set SOCK_RCU_FREE earlier in udp_lib_get_port().

ALSA: emux: improve patch ioctl data validation

nilfs2 related patch

media: dvb-frontends: tda10048: Fix integer overflow

HID: logitech-dj: Fix memory leak in

iommu: Return right value in iommu_sva_bind_device()

drm/amdgpu: Fix signedness bug in sdma_v4_0_process_trap_irq()

drm/nouveau/dispnv04: fix null pointer dereference in nv17_tv_get_ld_modes

drm/panel: ilitek-ili9881c: Fix warning with GPIO controllers that sleep

drm/nouveau: fix null pointer dereference in nouveau_connector_get_modes

drm/amd/display: Skip finding free audio for unknown engine_id

nilfs2 is not enabled

HID: core: remove unnecessary WARN_ON() in implement()

usb-storage: alauda: Check whether the media is initialized

usb-storage: alauda: Check whether the media is initialized (Adaptation)

scsi: mpt3sas: Avoid test/set_bit() operating in non-allocated memory

wifi: mac80211: Fix deadlock in ieee80211_sta_ps_deliver_wakeup()

wifi: iwlwifi: mvm: don't read past the mfuart notifcation

wifi: mac80211: mesh: Fix leak of mesh_preq_queue objects

MIPS related CVE.

netfilter: ipset: Fix suspicious rcu_dereference_protected()

ftruncate: pass a signed offset

drm/lima: fix shared irq handling on driver remove

s390 architecture related CVE.

ipv6: fix possible race in __fib6_drop_pcpu_from()

netfilter: nf_tables: fully validate NFT_DATA_VALUE on store

Out of scope as the patch is for MIPS arch only, x86_64 is not affected

Out of scope as the patch is for powerpc arch only, x86_64 is not affected

IB/core: Implement a limit on UMAD receive List

IB/core: Implement a limit on UMAD receive List (adaptation)

SUNRPC: Fix RPC client cleaned up the freed pipefs dentries kpatch

net: sched: sch_multiq: fix possible OOB write in multiq_tune()

jfs: xattr: fix buffer overflow for invalid xattr

greybus: Fix use-after-free bug in gb_interface_release due to race condition.

net/dpaa2: Avoid explicit cpumask var allocation on stack

ata: libata-core: Fix double free on error

net: dsa: mv88e6xxx: Correct check for empty list

tcp_metrics: validate source addr length

tcp_metrics: validate source addr length

bnx2x: Fix multiple UBSAN array-index-out-of-bounds

ipv6: prevent possible NULL deref in fib6_nh_init()

batman-adv: bypass empty buckets in batadv_purge_orig_ref()

drm/nouveau/dispnv04: fix null pointer dereference in

gpio: davinci: Validate the obtained number of IRQs

jffs2: Fix potential illegal address access in

Patches a sleepable function, there is a small but non-zero risk of livepatching failure

netrom: Fix a memory leak in nr_heartbeat_expiry()

usb: gadget: configfs: Prevent OOB read/write in

pinctrl: fix deadlock in create_pinctrl() when handling

iio: chemical: bme680: Fix overflows in compensate()

scsi: qedf: Make qedf_execute_tmf() non-preemptible

orangefs: fix out-of-bounds fsid access

Patches a sleepable function, there is a small but non-zero risk of livepatching failure

drop_monitor: replace spin_lock by raw_spin_lock

i2c: pnx: Fix potential deadlock warning from

i2c: pnx: Fix potential deadlock warning from

libceph: fix race between delayed_work() and ceph_monc_stop()

vhost/scsi: null-ptr-dereference in vhost_scsi_get_req()

scsi: qla2xxx: Complete command early within lock

ALSA: line6: Fix racy access to midibuf

KVM: PPC: Book3S HV: Prevent UAF in kvm_spapr_tce_attach_iommu_group()

dev/parport: fix the array out-of-bounds risk

hfsplus: fix uninit-value in copy_name

media: venus: fix use after free in vdec_close

RDMA/iwcm: Fix a use-after-free related to destroying CM IDs

jfs: Fix array-index-out-of-bounds in diFree

tipc: Return non-zero value from tipc_udp_addr2str() on error

mISDN: Fix a use after free in hfcmulti_tx()

net/iucv: fix use after free in iucv_sock_close()

exec: Fix ToCToU between perm check and set-uid/gid usage

VMCI: Fix use-after-free when removing resource in vmci_resource_remove()

wifi: cfg80211: wext: add extra SIOCSIWSCAN data check

f2fs: fix to don't dirty inode for readonly filesystem

kobject_uevent: Fix OOB access within zap_modalias_env()

dma: fix call order in dmam_free_coherent

mm: avoid overflows in dirty throttling logic

drm/nouveau: prime: fix refcount underflow

s390 arch not supported.

drm/client: fix null pointer dereference in drm_client_modeset_probe

tracing: Fix overflow in get_free_elt()

netfilter: ctnetlink: use helper function to calculate expect ID

scsi: qla2xxx: During vport delete send async logout explicitly

mlxsw: spectrum_acl_erp: Fix object nesting warning

mlxsw: spectrum_acl_erp: Fix object nesting warning

lib: objagg: Fix general protection fault

protect the fetch of ->fd[fd] in do_dup2() from mispredictions

net: nexthop: Initialize all fields in dumped nexthops

Out of scope as the patch is for s390 arch only, x86_64 is not affected

leds: trigger: Unregister sysfs attributes before calling deactivate()

ocfs2: add bounds checking to ocfs2_check_dir_entry()

scsi: qla2xxx: validate nvme_local_port correctly

ext4: check dot and dotdot of dx_root before making dir indexed

drm/amd/display: Check for NULL pointer

drm/gma500: fix null pointer dereference in psb_intel_lvds_get_modes

serial: core: check uartclk for zero to avoid divide by zero

drm/amdgpu: Fix the null pointer dereference to ras_manager

This CVE was introduced and fixed in the same kernel verison

devres: Fix memory leakage caused by driver API devm_free_percpu()

usb: vhci-hcd: Do not drop references before new references are gained

sctp: Fix null-ptr-deref in reuseport_add_sock().

x86/mtrr: Check if fixed MTRRs exist before saving them

scsi: qla2xxx: Fix for possible memory corruption

drm/qxl: Add check for drm_cvt_mode

net: usb: qmi_wwan: fix memory leak for not ip packets

md/raid5: avoid BUG_ON() while continue reshape after reassembling

usb: gadget: core: Check for unset descriptor

x86/mm: Fix pti_clone_pgtable() alignment assumption

remoteproc: imx_rproc: Skip over memory region when node value is NULL

nilfs2: handle inconsistent state in nilfs_btnode_create_block()

ext4: make sure the first directory block is not a hole

jfs: don't walk off the end of ealist

drm/gma500: fix null pointer dereference in cdv_intel_lvds_get_modes

netfilter: nf_tables: prefer nft_chain_validate

bpf: Fix a segment issue when downgrading gso_size

wifi: cfg80211: handle 2x996 RU allocation in cfg80211_calculate_bitrate_he()

bna: adjust 'name' buf size of bna_tcb and bna_ccb structures

ila: block BH in ila_output()

CVE patch is for powerpc arch only

CVE patch is for powerpc arch only

Bluetooth: hci_core: cancel all works upon hci_unregister_dev()

hfs: fix to initialize fields of hfs_inode_info after hfs_alloc_inode()

nvme-pci: add missing condition check for existence of mapped data

drm/i915/gem: Fix Virtual Memory mapping boundaries calculation

wifi: virt_wifi: avoid reporting connection success with wrong SSID

wifi: virt_wifi: avoid reporting connection success with wrong SSID

irqchip/imx-irqsteer: Handle runtime power management correctly

netfilter: nf_tables: use timestamp to check for set element timeout

netfilter: nf_tables: use timestamp to check for set element timeout

mm: clarify a confusing comment for remap_pfn_range()

mm: fix ambiguous comments for better code readability

mm/memory.c: make remap_pfn_range() reject unaligned addr

mm: add remap_pfn_range_notrack

mm: avoid leaving partial pfn mappings around in error case

binder: fix UAF caused by offsets overwrite

atm: idt77252: prevent use after free in dequeue_rx()

gtp: pull network headers in gtp_dev_xmit()

drm/amdgpu: Using uninitialized value *size when calling amdgpu_vce_cs_reloc

usb: dwc3: st: fix probed platform device ref count on probe error path

scsi: aacraid: Fix double-free on probe failure

drm/amd/display: Check gpio_id before used as array index

drm/amdgpu: fix ucode out-of-bounds read warning

drm/amdgpu: fix mc_data out-of-bounds read warning

ila: call nf_unregister_net_hooks() sooner

hwmon: (w83627ehf) Fix underflows seen when writing limit attributes

HID: cougar: fix slab-out-of-bounds Read in cougar_report_fixup

of/irq: Prevent device address out-of-bounds read in interrupt map walk

nilfs2 module is not included

module is not included

Architecture is not supported

Architecture um is not supported

nilfs2: fix missing cleanup on rollforward recovery error

kcm: Serialise kcm_sendmsg() for the same socket.

net: dsa: mv88e6xxx: Fix out-of-bound access

usb: dwc3: core: Prevent USB core invalid event buffer address access

cgroup/cpuset: Prevent UAF in proc_cpuset_show()

Input: MT - limit max slots

fix bitmap corruption on close_range() with CLOSE_RANGE_UNSHARE

drm/amd/display: Skip wbscl_set_scaler_filter if filter is null

usb: typec: ucsi: Fix null pointer dereference in trace

PCI: keystone: Add workaround for Errata #i2037 (AM65x SR 1.0)

ipv6: prevent UAF in ip6_send_skb()

drm/amdkfd: don't allow mapping the MMIO HDP page with large pages

sch/netem: fix use after free in netem_dequeue

ASoC: dapm: Fix UAF for snd_soc_pcm_runtime object

hwmon: (adc128d818) Fix underflows seen when writing limit attributes

hwmon: (lm95234) Fix underflows seen when writing limit attributes

hwmon: (nct6775-core) Fix underflows seen when writing limit attributes

Squashfs: sanity check symbolic link size

sched: sch_cake: fix bulk flow accounting logic for host fairness

xhci: Fix Panther point NULL pointer deref at full-speed re-enumeration

netem: fix return value if duplicate enqueue fails

drm/amd/display: Stop amdgpu_dm initialize when stream nums greater than 6

drm/amd/display: Check num_valid_sets before accessing reader_wm_sets[]

block: initialize integrity buffer to zero before writing it to media

tcp_bpf: fix return value of tcp_bpf_sendmsg()

btrfs: clean up our handling of refs == 0 in snapshot delete

lib/generic-radix-tree.c: Fix rare race in __genradix_ptr_alloc()

staging: iio: frequency: ad9834: Validate frequency parameter value

ethtool: check device is present when getting link settings

wifi: mwifiex: Do not return unused priv in mwifiex_get_priv_by_id()

arm64: acpi: Harden get_cpu_for_acpi_id() against missing CPU entry

ocfs2: reserve space for inline xattr before attaching reflink tree

Bluetooth: MGMT: Add error handling to pair_device()

ata: libata-core: Fix null pointer dereference on error

virtio_net: Fix napi_skb_cache_put warning

Bluetooth: hci_ldisc: check HCI_UART_PROTO_READY flag in HCIUARTGETPROTO

mmc: mmc_test: Fix NULL dereference on allocation failure

gtp: fix a potential NULL pointer dereference

pinctrl: single: fix potential NULL dereference in pcs_get_function()

uio_hv_generic: Fix kernel NULL pointer dereference in hv_uio_rescind

Input: uinput - reject requests with unreasonable number of slots

Complex adaptation required. Low impact CVE.

Out of scope: CVE patch is for PCI Hotplug Driver for PowerPC PowerNV platform

can: bcm: Remove proc entry when dev is unregistered.

rtmutex: Drop rt_mutex::wait_lock before scheduling

vfs: Don't evict inode under the inode lru traversing context

nfc: pn533: Add poll mod list filling check

nilfs2: protect references to superblock parameters exposed in sysfs

fuse: Initialize beyond-EOF page contents before setting uptodate

Patches a function that is sleepable due to a call to vfs_poll

net: hns3: fix a deadlock problem when config TC during resetting

apparmor: fix possible NULL pointer dereference

nilfs2: fix state management in error path of log writing function

udf: Avoid excessive partition lengths

nvmet-tcp: fix kernel crash if commands allocation fails

wireguard: netlink: check for dangling peer via is_dead instead of empty list

bpf: Fix DEVMAP_HASH overflow check on 32-bit arches

netfilter: nf_reject_ipv6: fix nf_reject_ip6_tcphdr_put()

ASoC: meson: axg-card: fix 'use-after-free'

tipc: guard against string buffer overrun

fbdev: pxafb: Fix possible use after free in pxafb_task()

ext4: fix double brelse() the buffer of the extents path

parport: Proper fix for array out-of-bounds access

bpf: Fix out-of-bounds write in trie_get_next_key()

drm/amd/display: Fix index out of bounds in degamma hardware format translation

ext4: avoid OOB when system.data xattr changes underneath the filesystem

firmware_loader: Block path traversal

ext4: no need to continue when the number of entries is 1

ext4: aovid use-after-free in ext4_ext_insert_extent()

fbdev: sisfb: Fix strbuf array overflow

udf: fix uninit-value use in udf_get_fileshortad

tracing: Consider the NULL character when validating the event length

spi: nxp-fspi: fix the KASAN report out-of-bounds bug

net: sched: fix use-after-free in taprio_change()

ocfs2: add bounds checking to ocfs2_xattr_find_entry()

drivers: media: dvb-frontends/rtl2832: fix an out-of-bounds write error

drivers: media: dvb-frontends/rtl2830: fix an out-of-bounds write error

ALSA: asihpi: Fix potential OOB array access

ocfs2: cancel dqi_sync_work before freeing oinfo

smb: client: fix OOBs when building SMB2_IOCTL request

wifi: iwlwifi: mvm: Fix response handling in iwl_mvm_send_recovery_cmd()

net/sched: stop qdisc_tree_reduce_backlog on TC_H_ROOT

nilfs2: fix kernel bug due to missing clearing of checked flag

net: ethernet: lantiq_etop: fix memory disclosure

jfs: fix out-of-bounds in dbNextAG() and diAlloc()

jfs: Fix uninit-value access of new_ea in ea_buffer

ACPI: sysfs: validate return type of _STR method

slip: make slhc_remember() more robust against malicious packets

ppp: fix ppp_async_encode() illegal access

nilfs2: fix potential oob read in nilfs_btree_check_delete()

net: dpaa: Pad packets to ETH_ZLEN

wifi: iwlegacy: Clear stale interrupts before resuming device

media: venus: fix use after free bug in venus_remove due to race condition

Vendor reverted in d1aa0c04294 as it causes deadlocks

jfs: Fix uaf in dbFreeBits

ntb: ntb_hw_switchtec: Fix use after free vulnerability in switchtec_ntb_remove due to race condition

net: seeq: Fix use after free vulnerability in ether3 Driver Due to Race Condition

aoe: fix the potential use-after-free problem in aoecmd_cfg_pkts

aoe: fix the potential use-after-free problem in more places

RDMA/iwcm: Fix WARNING:at_kernel/workqueue.c:#check_flush_dependency

RDMA/iwcm: Fix WARNING:at_kernel/workqueue.c:#check_flush_dependency kpatch

nfsd: return -EINVAL when namelen is 0

nfsd: enforce upper limit for namelen in __cld_pipe_inprogress_downcall()

netfilter: nft_payload: sanitize offset and length before calling skb_checksum()

gpio: prevent potential speculation leaks in gpio_device_get_desc()

can: bcm: Clear bo->bcm_proc_read after remove_proc_entry().

nfsd: call cache_put if xdr_reserve_space returns NULL

i2c: stm32f7: Do not prepare/unprepare clock during runtime suspend/resume

drm/amd: Guard against bad data for ATIF ACPI method

drm/amdgpu: prevent NULL pointer dereference if ATIF is not supported

ocfs2: fix possible null-ptr-deref in ocfs2_set_buffer_uptodate

ocfs2: fix null-ptr-deref when journal load failed.

ext4: fix i_data_sem unlock order in ext4_ind_migrate()

ocfs2: strict bound check before memcmp in ocfs2_xattr_find_entry()

RDMA/cxgb4: Added NULL check for lookup_atid

resource: fix region_intersects() vs add_memory_driver_managed()

drm: omapdrm: Add missing check for alloc_ordered_workqueue

wifi: ath9k_htc: Use __skb_set_length() for resetting urb before resubmit

netfilter: nf_tables: prevent nf_skb_duplicated corruption

wifi: mwifiex: Fix memcpy() field-spanning write warning in mwifiex_cmd_802_11_scan_ext()

ocfs2: pass u64 to ocfs2_truncate_inline maybe overflow

staging: iio: frequency: ad9832: fix division by zero in ad9832_calc_freqreg()

be2net: fix potential memory leak in be_xmit()

net: systemport: fix potential memory leak in bcm_sysport_xmit()

posix-clock: Fix missing timespec64 check in pc_clock_settime()

posix-clock: posix-clock: Fix unbalanced locking in pc_clock_settime()

igb: Do not bring the device up after non-fatal error

Live-patching will introduce network performance degradation in the best case scenario, or even some more serious issues. N/A or Low cvss3 score from NVD or vendors.

btrfs: wait for fixup workers before stopping cleaner kthread during umount

blk-rq-qos: fix crash on rq_qos_wait vs. rq_qos_wake_function race

xfrm: validate new SA's prefixlen using SA family when sel.family is unset

nilfs2: fix potential deadlock with newly created symlinks

net/sched: accept TCA_STAB only for root qdisc

net/sched: accept TCA_STAB only for root qdisc

wifi: iwlwifi: mvm: don't wait for tx queues if firmware is dead

tpm: Clean up TPM space after command failure

PCI: keystone: Fix if-statement expression in ks_pcie_quirk()

ceph: remove the incorrect Fw reference check when dirtying pages

net: add more sanity checks to qdisc_pkt_len_init()

jfs: fix array-index-out-of-bounds in dbFindLeaf

jfs: check if leafidx greater than num leaves per dmap tree

ocfs2: remove unreasonable unlock in ocfs2_read_blocks

mm/swapfile: skip HugeTLB pages for unuse_vma

drm/amd/display: Check stream before comparing them

nilfs2: propagate directory read errors from nilfs_find_entry()

nilfs2: fix potential null-ptr-deref in nilfs_btree_insert()

net: avoid potential underflow in qdisc_pkt_len_init() with UFO

ACPICA: check null return of ACPI_ALLOCATE_ZEROED() in acpi_db_convert_to_package()

ACPI: battery: Fix possible crash when unregistering a battery hook

netfilter: br_netfilter: fix panic with metadata_dst skb

nouveau/dmem: Fix vulnerability in migrate_to_ram upon copy error

KVM: Fix a data race on last_boosted_vcpu in kvm_vcpu_on_spin()

Out of scope as the patch is for arm64 arch only, x86_64 not affected

Current kernel is not vulnerable.

Affects only boot __init stage, already booted kernels are not affected

sctp: set sk_state back to CLOSED if autobind fails in sctp_listen_start

sctp: ensure sk_state is set to CLOSED if hashing fails in sctp_listen_start

net: Fix an unsafe loop on the list

nilfs2: fix kernel bug due to missing clearing of buffer delay flag

net/sun3_82586: fix potential memory leak in sun3_82586_send_packet()

wifi: ath10k: Fix memory leak in management tx

USB: usbtmc: prevent kernel-usb-infoleak

drm/amd/display: Initialize get_bytes_per_element's default to 1

Bluetooth: RFCOMM: FIX possible deadlock in rfcomm_sk_state_change

Kernel is not vulnerable

crypto: aead,cipher - zeroize key buffer after use

btrfs: fix a NULL pointer dereference when failed to start a new trasacntion

virtio_pmem: Check device status before requesting flush

Bluetooth: bnep: fix wild-memory-access in proto_unregister

Bluetooth: bnep: fix wild-memory-access in proto_unregister kpatch

Out of scope as the patch is for arm64 arch only, x86_64 not affected

drm/vboxvideo: Replace fake VLA at end of vbva_mouse_pointer_shape with real VLA

vfs: fix race between evice_inodes() and find_inode()&iput()

tcp: check skb is non-NULL in tcp_rto_delta_us()

wifi: wilc1000: fix declarations ordering

wifi: wilc1000: fix RCU usage in connect path

wifi: wilc1000: fix ies_len type in connect path

wifi: wilc1000: fix potential RCU dereference issue in wilc_parse_join_bss_param

wifi: mac80211: use two-phase skb reclamation in ieee80211_do_stop()

f2fs: Require FMODE_WRITE for atomic write ioctls

ALSA: firewire-lib: Avoid division by zero in apply_constraint_to_size()

wifi: mac80211: do not pass a stopped vif to the driver in .get_txpower

This CVE was rejected and fix reverted.

arm64: probes: Remove broken LDR (literal) uprobe support

sock_map: Add a cond_resched() in sock_hash_free()

jbd2: stop waiting for space when jbd2_cleanup_journal_tail() returns error

r8169: add tally counter fields added with RTL8125

r8169: add tally counter fields added with RTL8125

x86/xen: Add xenpv_restore_regs_and_return_to_usermode()

kpatch add paravirt asm definitions

Restrict access to pagemap/kpageflags/kpagecount

net: bridge: xmit: make sure we have at least eth header len bytes

dm cache: fix out-of-bounds access to the dirty bitset when resizing

dm cache: optimize dirty bit checking with find_next_bit when resizing

dm cache: fix potential out-of-bounds access on the first resume

security/keys: fix slab-out-of-bounds in key_task_permission

ALSA: usb-audio: Fix out of bounds reads when finding clock sources

netfilter: x_tables: fix LED ID check in led_tg_check()

ocfs2: fix uninitialized value in ocfs2_file_read_iter()

media: s5p-jpeg: prevent buffer overflows

media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format

usb: musb: sunxi: Fix accessing an released usb phy

USB: serial: io_edgeport: fix use after free in debug printk

hv_sock: Initializing vsk->trans to NULL to prevent a dangling pointer

vsock/virtio: Initialization of the dangling pointer occurring in vsk->trans

cifs: Fix buffer overflow when parsing NFS reparse points

netfilter: ipset: add missing range check in bitmap_ip_uadt

Kernel is not affected

wifi: ath9k: add range check for conn_rsp_epid in htc_connect_service()

NFSv4.0: Fix a use-after-free problem in the asynchronous open()

9p/xen: fix release of IRQ

Out of scope: SuperH architecture isn't supported for current kernel

tipc: Fix use-after-free of kernel socket in cleanup_bearer().

tipc: fix NULL deref in cleanup_bearer()

af_packet: avoid erroring out after sock_init_data() in packet_create()

Bluetooth: L2CAP: do not leave dangling sk pointer on error in l2cap_sock_create()

Bluetooth: L2CAP: handle NULL sock pointer in l2cap_sock_alloc

net: inet: do not leave a dangling sk pointer in inet_create()

bpf: fix OOB devmap writes when deleting elements

Patch affects initramfs

scsi: bfa: Fix use-after-free in bfad_im_module_exit()

ubifs: authentication: Fix use-after-free in ubifs_tnc_end_commit

net: af_can: do not leave a dangling sk pointer in can_create()

jfs: fix array-index-out-of-bounds in jfs_readdir

jfs: add a check to prevent array-index-out-of-bounds in dbAdjTree

jfs: array-index-out-of-bounds fix in dtReadFirst

net: ieee802154: do not leave a dangling sk pointer in ieee802154_create()

net: inet6: do not leave a dangling sk pointer in inet6_create()

btrfs: ref-verify: fix use-after-free after invalid ref action

ALSA: 6fire: Release resources at card release

ALSA: 6fire: Release resources at card release

xen/netfront: fix crash when removing device

HID: core: zero-initialize the report buffer

fs: Fix uninitialized value issue in from_kuid and from_kgid

nilfs2: fix null-ptr-deref in block_touch_buffer tracepoint

media: v4l2-tpg: prevent the risk of a division by zero

media: cx24116: prevent overflows on SNR calculus

btrfs: reinitialize delayed ref list after deleting it from the list

sctp: properly validate chunk size in sctp_sf_ootb()

net: hns3: fix kernel crash when uninstalling driver

media: dvbdev: prevent the risk of out of memory access

nfs: Fix KMSAN warning in decode_getfattr_attrs()

ocfs2: uncache inode which has failed entering the group

nilfs2: fix null-ptr-deref in block_dirty_buffer tracepoint

NFSD: Prevent NULL dereference in nfsd4_process_cb_update()

nfsd: restore callback functionality for NFSv4.0

ad7780: fix division by zero in ad7780_write_raw()

usb: gadget: u_serial: Fix the issue that gs_start_io crashed due to accessing null pointer

nfsd: make sure exp active before svc_export_show

media: platform: allegro-dvt: Fix possible memory leak in allocate_buffers_internal()

media: ts2020: fix null-ptr-deref in ts2020_probe()

tcp_bpf: Fix the sk_mem_uncharge logic in tcp_bpf_sendmsg

HID: wacom: fix when get product name maybe null pointer

ocfs2: free inode when ocfs2_get_init_inode() fails

firmware: arm_scpi: Check the DVFS OPP count returned by the firmware

ubi: fastmap: Fix duplicate slab cache names while attaching

Out of scope: User-mode Linux isn't supported for current kernel

comedi: Flush partial mappings in error case

Out of scope: User-mode Linux isn't supported for current kernel

vfio/pci: Properly hide first-in-list PCIe extended capability

f2fs: fix f2fs_bug_on when uninstalling filesystem call f2fs_evict_inode.

jfs: fix shift-out-of-bounds in dbSplit

sunrpc: clear XPRT_SOCK_UPD_TIMEOUT when reset transport

scsi: qedi: Fix a possible memory leak in qedi_alloc_and_init_sb()

KVM: VMX: Bury Intel PT virtualization (guest/host mode) behind CONFIG_BROKEN

KVM: VMX: Bury Intel PT virtualization (guest/host mode) behind CONFIG_BROKEN

scsi: qedf: Fix a possible memory leak in qedf_alloc_and_init_sb()

netfilter: ipset: Hold module reference while requesting a module

rtc: check if __rtc_read_time was successful in rtc_timer_do_work()

Out of scope: User-mode Linux isn't supported

Out of scope: User-mode Linux isn't supported

xen: Fix the issue of resource not being properly released in xenbus_dev_probe()

fbdev: sh7760fb: Fix a possible memory leak in sh7760fb_alloc_mem()

ALSA: us122l: Use snd_card_free_when_closed() at disconnection

hfsplus: don't query the device logical block size multiple times

SUNRPC: make sure cache entry active before cache_show

ALSA: usb-audio: Fix potential out-of-bound accesses for Extigy and Mbox devices

NFSD: Prevent a potential integer overflow

media: i2c: tc358743: Fix crash in the probe error path when using polling

ftrace: Fix regression with module command in stack_trace_filter

gpio: grgpio: Add NULL check in grgpio_probe

wifi: brcmfmac: Fix oops due to NULL pointer dereference in brcmf_sdiod_sglist_rw()

ovl: Filter invalid inodes with missing lookup function

media: wl128x: Fix atomicity violation in fmc_send_cmd()

leds: class: Protect brightness_show() with led_cdev->led_access mutex

drm/amdgpu: set the right AMDGPU sg segment limitation

dccp: Fix memory leak in dccp_feat_change_recv

crypto: bcm - add error check in the ahash_hmac_init function

EDAC/bluefield: Fix potential integer overflow

i3c: master: Fix miss free init_dyn_addr at i3c_master_put_i3c_addrs()

soc: qcom: geni-se: fix array underflow in geni_se_clk_tbl_get()

net: lapb: increase LAPB_HEADER_LEN

The patch only fixes warning, no functional changes.

mfd: intel_soc_pmic_bxtwc: Use IRQ domain for TMU device

mfd: intel_soc_pmic_bxtwc: Use IRQ domain for USB Type-C device

ftrace: Fix possible use-after-free issue in ftrace_location()

ipv6: fix possible UAF in ip6_finish_output2()

net: sched: fix ordering of qlen adjustment

media: dvb-frontends: dib3000mb: fix uninit-value in dib3000_write_reg

dmaengine: at_xdmac: avoid null_prt_deref in at_xdmac_prep_dma_memset

io_uring/rw: fix missing NOWAIT check for O_DIRECT start write

ocfs2: fix slab-use-after-free due to dangling pointer dqi_priv

ima: Fix use-after-free on a dentry's dname.name

net: core: reject skb_copy(_expand) for fraglist GSO skbs

net: mana: Fix TX CQE error handling

net/mlx5e: fix a potential double-free in fs_any_create_groups

net/mlx5: Discard command completions in internal error

drm/amd/display: Assign normalized_pix_clk when color depth = 14

scsi: qla1280: Fix kernel oops when debug level > 2

x86/microcode/AMD: Fix out-of-bounds on systems with CPU-less NUMA nodes

iscsi_ibft: Fix UBSAN shift-out-of-bounds warning in ibft_attr_show_nic()

net: atm: fix use after free in lec_send()

tracing: Fix use-after-free in print_graph_function_flags during tracer switching

objtool, media: dib8000: Prevent divide-by-zero in dib8000_set_dds()

Bluetooth: Fix error code in chan_alloc_skb_cb()

ipv6: Fix memleak of nhc_pcpu_rth_output in fib_check_nh_v6_gw().

drm/radeon: fix uninitialized size issue in radeon_vce_cs_parse()

atm: Fix NULL pointer dereference

netfilter: socket: Lookup orig tuple for IPv6 SNAT

thermal: int340x: Add NULL check for adev

PCI/ASPM: Fix link state exit during switch upstream function removal

RDMA/mlx5: Fix mlx5_poll_one() cur_qp update flow

ocfs2: validate l_tree_depth to avoid out-of-bounds access

Out of scope: PowerPC architecture isn't supported for current kernel

Out of scope: PowerPC architecture isn't supported for current kernel

netlabel: Fix NULL pointer exception caused by CALIPSO on IPv4 sockets

net_sched: skbprio: Remove overly strict queue assertions

Low score CVE with no well understood impact.

net/mlx5: Fix error path in multi-packet WQE transmit

net/mlx5e: Fix NULL deref in mlx5e_tir_builder_alloc()

netfilter: nf_conncount: Fully initialize struct nf_conncount_tuple in insert_tree()

memstick: rtsx_usb_ms: Fix slab-use-after-free in rtsx_usb_ms_drv_remove