sysfs: Add sysfs_emit and sysfs_emit_at to format sysfs output

scsi: iscsi: Restrict sessions and handles to admin capabilities

scsi: iscsi: Ensure sysfs attributes are limited to PAGE_SIZE

scsi: iscsi: Verify lengths on passthrough PDUs

bpf: Prohibit alu ops for pointer types not defining ptr_limit

bpf: Fix off-by-one for area size in creating mask to left

bpf: Simplify alu_limit masking for pointer arithmetic

bpf: Simplify alu_limit masking for pointer arithmetic

bpf: Fix 32 bit src register truncation on div/mod

bpf: Fix truncation handling for mod32 dst reg wrt zero

xen-blkback: don't "handle" error by BUG()

xen-netback: don't "handle" error by BUG()

xen-scsiback: don't "handle" error by BUG()

xen-blkback: fix error handling in xen_blkbk_map()

bpf, cgroup: Fix optlen WARN_ON_ONCE toctou

bpf, cgroup: Fix problematic bounds check

nbd: freeze the queue while we're adding connections

bpf, x86: Validate computation of branch displacements for x86-64

UBUNTU: SAUCE: shiftfs: free allocated memory in shiftfs_btrfs_ioctl_fd_replace() error paths

UBUNTU: SAUCE: shiftfs: handle copy_to_user() return values correctly

vfs: move cap_convert_nscap() call into vfs_setxattr()

media: v4l: ioctl: Fix memory leak in video_usercopy

Revert "netfilter: x_tables: Switch synchronization to RCU"

netfilter: x_tables: Use correct memory barriers

usbip: fix stub_dev to check for stream socket

usbip: fix stub_dev usbip_sockfd_store() races leading to gpf

misc: fastrpc: restrict user apps from sending kernel RPC messages

staging: rtl8188eu: prevent ->ssid overflow in rtw_wx_set_scan()

Xen/gnttab: handle p2m update errors on a per-slot basis

drm/nouveau: bail out of nouveau_channel_new if channel init

fuse: fix live lock in fuse_iget()

btrfs: fix race when cloning extent buffer during rewind of an old

net: qrtr: fix a kernel-infoleak in qrtr_recvmsg()

PCI: rpadlpar: Fix potential drc_name corruption in store functions

perf/x86/intel: Fix a crash caused by zero PEBS status

gianfar: fix jumbo packets+napi+rx overrun crash

dm ioctl: fix out of bounds array access when no devices

net: qrtr: fix a kernel-infoleak in qrtr_recvmsg()

xen-blkback: don't leak persistent grants from xen_blkbk_map()

firewire: nosy: Fix a use-after-free bug in nosy_ioctl()

gianfar: Handle error code at MAC address change

nfc: fix refcount leak in llcp_sock_bind()

nfc: fix refcount leak in llcp_sock_connect()

nfc: fix memory leak in llcp_sock_connect()

nfc: Avoid endless loops caused by repeated llcp_sock_connect()

bpf: Remove MTU check in __bpf_skb_max_len

net: mac802154: Fix general protection fault

netfilter: x_tables: fix compat match/target pad out-of-bound write

mac80211: assure all fragments are encrypted

ath10k: drop MPDU which has discard flag set by firmware for SDIO

mac80211: drop A-MSDUs on old ciphers

cfg80211: mitigate A-MSDU aggregation attacks

mac80211: properly handle A-MSDUs that start with an RFC 1042 header

mac80211: prevent mixed key and fragment cache attacks

mac80211: prevent mixed key and fragment cache attacks (adaptation)

mac80211: prevent attacks on TKIP/WEP as well

mac80211: extend protection against mixed key and fragment cache attacks

mac80211: do not accept/forward invalid EAPOL frames

ath10k: Fix TKIP Michael MIC verification for PCIe

ath10k: add CCMP PN replay protection for fragmented frames for PCIe

ath10k: drop fragments with multicast DA for SDIO

ath10k: drop fragments with multicast DA for PCIe

sctp: delay auto_asconf init until binding the first addr

net/nfc: fix use-after-free llcp_sock_bind/connect

bpf: Use correct permission flag for mixed signed bounds arithmetic

bpf: Ensure off_reg has no mixed signed bounds for all types

bpf: Move off_reg into sanitize_ptr_alu

bpf: Rework ptr_limit into alu_limit and add common error path

bpf: Improve verifier error messages for users

bpf: Move sanitize_val_alu out of op switch

bpf: Refactor and streamline bounds check into helper

bpf: Tighten speculative pointer arithmetic mask

bpf: Fix masking negation logic upon negative dst register

bpf: Fix leakage of uninitialized bpf stack under speculation

bluetooth: eliminate the potential race condition when removing the HCI controller

Bluetooth: verify AMP hci_chan before amp_destroy

Bluetooth: verify AMP hci_chan before amp_destroy

UBUNTU: SAUCE: can: bcm: delay release of struct bcm_op after synchronize_rcu

f2fs: fix to avoid out-of-bounds memory access

mac80211: add fragment cache to sta_info

bpf: Wrap aux data inside bpf_sanitize_info container

bpf: Fix mask direction swap upon off reg sign change

bpf: No need to simulate speculative domain for immediates

inet: use bigger hash table for IP ID generation

inet: use bigger hash table for IP ID generation (adaptation)

KVM: Stop looking for coalesced MMIO zones if the bus is destroyed

Bluetooth: SMP: Fail if remote and local public keys are identical

seq_file: Disallow extremely large seq buffer allocations

ixgbe: fix large MTU request from VF

pNFS/flexfiles: fix incorrect size check in decode_nfs_fh()

Bluetooth: use correct lock to prevent UAF of hdev object

nfc: fix NULL ptr dereference in llcp_sock_getname() after failed connect

can: bcm: fix infoleak in struct bcm_msg_head

Bluetooth: fix the erroneous flush_work() order

net: qrtr: fix OOB Read in qrtr_endpoint_post

KVM: SVM: Periodically schedule when unregistering regions on destroy

KVM: do not assume PTE is writable after follow_pfn

mm: unexport follow_pte_pmd

mm: simplify follow_pte{,pmd}

KVM: do not allow mapping valid but non-reference-counted pages

Input: joydev - prevent use of not validated data in JSIOCSBTNMAP

KVM: nSVM: always intercept VMLOAD/VMSAVE when nested (CVE-2021-3656)

KVM: nSVM: avoid picking up unsupported bits from L2 in int_ctl

KVM: nSVM: avoid picking up unsupported bits from L2 in int_ctl (adaptation)

virtio_console: Assure used length from device is limited

NFSv4: Initialise connection to the server in nfs4_alloc_client()

Out of scope as the patch is for powerpc arch only, x86_64 is not affected

usb: max-3421: Prevent corruption of freed memory

usb: max-3421: Prevent corruption of freed memory (adaptation)

tracing: Fix bug in rb_per_cpu_empty() that might cause deadloop.

bpf: Inherit expanded/patched seen count from old aux data

bpf: Do not mark insn as seen under speculative path verification

bpf: Fix leakage under speculation on mispredicted branches

ovl: prevent private clone if bind mount is not allowed

net: xilinx_emaclite: Do not print real IOMEM pointer

net: 6pack: fix slab-out-of-bounds in decode_data

fs: warn about impending deprecation of mandatory locks

ext4: fix race writing to an inline_data file while its xattrs are

KVM: X86: MMU: Use the correct inherited permissions to get shadow page

KVM: X86: MMU: Use the correct inherited permissions to get shadow page (adaptation)

ath: Use safer key clearing with key cache entries

ath9k: Clear key cache explicitly on disabling hardware

ath: Export ath_hw_keysetmac

ath: Modify ath_key_delete() to not need full key entry

ath9k: Postpone key cache entry deletion for TXQ frames reference it

ath9k: Postpone key cache entry deletion for TXQ frames reference it (adaptation)

ath: Export ath_hw_keysetmac (adaptation)

net: qrtr: fix another OOB Read in qrtr_endpoint_post

vt_kdsetmode: extend console locking

btrfs: fix NULL pointer dereference when deleting device by invalid id

memcg: enable accounting of ipc resources

f2fs: fix wrong total_sections check and fsmeta check

f2fs: fix to do sanity check on segment/section count

soc: aspeed: lpc-ctrl: Fix boundary check for mmap

RDMA/cma: Add missing locking to rdma_accept()

RDMA/ucma: Fix the locking of ctx->file

RDMA/ucma: Rework ucma_migrate_id() to avoid races with destroy

ext4: catch integer overflow in ext4_cache_extents

bpf: Introduce BPF nospec instruction for mitigating Spectre v4

bpf: Fix leakage due to insufficient speculative store bypass mitigation

bpf: Fix leakage due to insufficient speculative store bypass mitigation (kpatch adaptation)

sctp: validate chunk size in __rcv_asconf_lookup

sctp: add param size validation for SCTP_PARAM_SET_PRIMARY

net: hso: fix muxed tty registration

hso: fix bailout in error case of probe

usb: hso: fix error handling code of hso_create_net_device

usb: hso: remove the bailout parameter

crypto: ccp - fix resource leaks in ccp_run_aes_gcm_cmd()

ovl: fix missing negative dentry check in ovl_rename()

bpf: Fix integer overflow in prealloc_elems_and_freelist()

Out of scope as the patch is for powerpc arch only, x86_64 is not affected

nfc: nci: fix the UAF of rf_conn_info object

isdn: cpai: check ctr->cnr to avoid array index out of bound

Patch should be changed due to inline code in __sched()

UBUNTU: SAUCE: vfs: Out-of-bounds write of heap buffer in fs_context.c

UBUNTU: SAUCE: vfs: test that one given mount param is not larger than PAGE_SIZE

media: firewire: firedtv-avc: fix a buffer overflow in avc_ca_pmt()

Bluetooth: sco: Fix lock_sock() blockage by memcpy_from_msg()

xfs: map unwritten blocks in XFS_IOC_{ALLOC,FREE}SP just like

NFC: reorder the logic in nfc_{un,}register_device

NFC: reorganize the functions in nci_request

fget: check that the fd still exists after getting a ref to it

NFC: add NCI_UNREG flag to eliminate the race

atlantic: Fix OOB read and write in hw_atl_utils_fw_rpc_wait

nfc: fix potential NULL pointer deref in nfc_genl_dump_ses_done

USB: gadget: detect too-big endpoint 0 requests

USB: gadget: zero allocate endpoint 0 buffers

net/packet: rx_owner_map depends on pg_vec

UBUNTU: SAUCE: drm/vmwgfx: Fix stale file descriptors on failed usercopy

USB: gadget: bRequestType is a bitfield, not a enum

drm/i915: Flush TLBs before releasing backing store

drm/i915: Flush TLBs before releasing backing store (adaptation)

netfilter: nf_tables_offload: incorrect flow offload action array

netfilter: nf_tables_offload: incorrect flow offload action array (adaptation)

An introduction of required changes through KernelCare could cause unavoidable problems to applications which use unprivileged eBPF.

An introduction of required changes through KernelCare could cause unavoidable problems to applications which use unprivileged eBPF.

remote stack overflow in Linux kernel

lib/iov_iter: initialize "flags" in new pipe_buffer

netdevsim: Zero-initialize memory for new map's value in function nsim_bpf_map_alloc

mwifiex: Fix skb_over_panic in mwifiex_usb_recv()

phonet: refcount leak in pep_sock_accep

cgroup-v1: Require capabilities to set release_agent

s390 is unsupported

net: sched: fix use-after-free in tc_new_tfilter()

esp: Fix possible buffer overflow in ESP transformation

udf: Restore i_lenAlloc when inode expansion fails

udf: Fix NULL ptr deref when converting from inline format

NFSv4: Handle case where the lookup of a directory fails

NFSv4: nfs_atomic_open() can race when looking up a non-regular file

NFS: LOOKUP_DIRECTORY is also ok with symlinks

yam: fix a memory leak in yam_siocdevprivate()

[PATCH] nfc: st21nfca: Fix potential buffer overflows in

USB: gadget: validate endpoint index for xilinx udc

[PATCH] USB: gadget: validate interface OS descriptor requests

usb: gadget: rndis: check size of RNDIS_MSG_SET command

mmc: block: fix read single on recovery logic

netfilter: nf_tables: initialize registers in nft_do_chain()

drm/nouveau: Add a dedicated mutex for the clients list

drm/nouveau: clean up all clients on device removal

drm/nouveau: Add a dedicated mutex for the clients list (adaptation)

An introduction of required changes through KernelCare could cause unavoidable problems to applications which use unprivileged eBPF.

net: usb: ax88179_178a: Fix out-of-bounds accesses in RX fixup

moxart: fix potential use-after-free on remove path

memstick: rtsx_usb_ms: fix UAF

io_uring: fix fs->users overflow

ptrace: Check PTRACE_O_SUSPEND_SECCOMP permission on

net/sched: cls_u32: fix netns refcount changes in

Not affected without certain conditions - Secure Boot, configured kgdb/kdb. Complex adaptation

cgroup: Use open-time cgroup namespace for process migration perm checks

cgroup: Use open-time cgroup namespace for process migration perm checks(adaptation).

af_key: add __GFP_ZERO flag for compose_sadb_supported in function pfkey_register

fuse: use true,false for bool variable

fuse: fix pipe buffer lifetime for direct_io

fuse: fix pipe buffer lifetime for direct_io (kpatch adaptation)

KVM: x86/mmu: do compare-and-exchange of gPTE via the user

drivers: hamradio: 6pack: fix UAF bug caused by mod_timer()

net/x25: Fix null-ptr-deref caused by x25_disconnect

netfilter: nf_tables: disallow non-stateful expression in sets earlier

sctp: use init_tag from inithdr for ABORT chunk

sctp: fix the processing for INIT_ACK chunk

sctp: fix the processing for COOKIE_ECHO chunk

sctp: add vtag check in sctp_sf_violation

sctp: add vtag check in sctp_sf_do_8_5_1_E_sa

sctp: add vtag check in sctp_sf_ootb

sr9700: sanity check for packet length

usb: gadget: clear related members when goto fail

xen/xenbus: don't let xenbus_grant_ring() remove grants in error case

xen/grant-table: add gnttab_try_end_foreign_access()

xen/blkfront: don't use gnttab_query_foreign_access() for mapped status

xen/scsifront: don't use gnttab_query_foreign_access() for mapped status

xen/gntalloc: don't use gnttab_query_foreign_access()

xen: remove gnttab_query_foreign_access()

xen/9p: use alloc/free_pages_exact()

xen/pvcalls: use alloc/free_pages_exact()

xen/gnttab: fix gnttab_end_foreign_access() without page specified

xen/netfront: react properly to failing gnttab_end_foreign_access_ref()

xen/gnttab: fix gnttab_end_foreign_access() without page specified (adaptation)

xen/netfront: react properly to failing gnttab_end_foreign_access_ref() (adaptation)

llc: fix netdevice reference leaks in llc_ui_bind()

can: mcba_usb: mcba_usb_start_xmit(): fix double dev_kfree_skb in error path

can: ems_usb: ems_usb_start_xmit(): fix double dev_kfree_skb() in error path

x86/speculation/mmio: Add mitigation for Processor MMIO Stale Data

can: usb_8dev: usb_8dev_start_xmit(): fix double dev_kfree_skb() in

ax25: improve the incomplete fix to avoid UAF and NPD bugs

ax25: improve the incomplete fix to avoid UAF and NPD bugs

ax25: improve the incomplete fix to avoid UAF and NPD bugs

[PATCH] ax25: add refcount in ax25_dev to avoid UAF bugs

[PATCH] ax25: fix reference count leaks of ax25_dev

[PATCH] ax25: fix UAF bugs of net_device caused by rebinding

[PATCH] ax25: Fix refcount leaks caused by ax25_cb_del()

[PATCH] ax25: fix UAF bug in ax25_send_control()

[PATCH] ax25: fix NPD bug in ax25_disconnect

[PATCH] ax25: Fix NULL pointer dereferences in ax25 timers

[PATCH] ax25: Fix UAF bugs in ax25 timers

ax25: add refcount in ax25_dev to avoid UAF bugs (adaptation)

floppy: disable FDRAWCMD by default

floppy: disable FDRAWCMD by default (adaptation)

hamradio: defer 6pack kfree after unregister_netdev

hamradio: remove needs_free_netdev to avoid UAF

floppy: use a statically allocated error counter

floppy: use a statically allocated error counter (adaptation)

nfc: nfcmrvl: main: reorder destructive operations in

[PATCH] SUNRPC: Ensure we flush any closed sockets before

[PATCH] SUNRPC: Don't leak sockets in xs_local_connect()

[PATCH v4 1/2] ath9k: fix use-after-free in ath9k_hif_usb_rx_cb

nfc: replace improper check device_is_registered() in netlink related

NFC: netlink: fix sleep in atomic bug when firmware download timeout

ALSA: pcm: Fix races among concurrent hw_params and hw_free calls

ALSA: pcm: Fix races among concurrent read/write and buffer changes

ALSA: pcm: Fix races among concurrent prepare and hw_params/hw_free calls

ALSA: pcm: Fix races among concurrent prealloc proc writes

ALSA: pcm: Fix races among concurrent hw_params and hw_free calls (adaptation)

netfilter: nf_tables: stricter validation of element data

UBUNTU: SAUCE: net_sched: cls_route: remove from list when handle is 0

UBUNTU: SAUCE: netfilter: nf_tables: do not allow SET_ID to refer to another table

UBUNTU: SAUCE: netfilter: nf_tables: do not allow RULE_ID to refer to another table

vt: drop old FONT ioctls

Complex adaptation required. Low impact CVE.

fbcon: Disallow setting font bigger than screen size

fbcon: Prevent that screen size is smaller than font size

fbmem: Check virtual screen sizes in fb_set_var()

tcp: change source port randomizarion at connect() time

secure_seq: use the 64 bits of the siphash for port offset

tcp: use different parts of the port_offset for index and

tcp: increase source port perturb table to 2^16

tcp: increase source port perturb table to 2^16

tcp: change source port randomizarion at connect() time (adaptation)

perf: Fix sys_perf_event_open() race against self

dm verity: set DM_TARGET_IMMUTABLE feature flag

dm verity: set DM_TARGET_IMMUTABLE feature flag (adaptation)

netfilter: nf_queue: do not allow packet truncation below

HID: bigben: fix slab-out-of-bounds Write in bigben_probe

drm: mali-dp: potential dereference of null pointer

bpf: Verifer, adjust_scalar_min_max_vals to always call update_reg_bounds()

Complex adaptation required.

net: rose: fix UAF bugs caused by timer handler

net: rose: fix UAF bugs caused by timer handler (adaptation)

xen/blkfront: fix leaking data in shared pages

io_uring: disable polling pollfree files

io_uring: disable polling pollfree files (adaptation)

xen/netfront: fix leaking data in shared pages

xen/netfront: force data bouncing when backend is untrusted

xen/netfront: force data bouncing when backend is untrusted (adaptation)

xen/blkfront: force data bouncing when backend is untrusted

xen/blkfront: force data bouncing when backend is untrusted (adaptation)

Out of scope - ARM architecture.

xfrm: xfrm_policy: fix a possible double xfrm_pols_put() in

Bluetooth: L2CAP: Fix use-after-free caused by l2cap_chan_put

tty: extract tty_flip_buffer_commit() from tty_flip_buffer_push()

tty: use new tty_insert_flip_string_and_push_buffer() in pty_write()

io_uring/af_unix: defer registered files gc to io_uring release

io_uring/af_unix: defer registered files gc to io_uring release

UBUNTU: SAUCE: io_uring/af_unix: fix memleak during unix GC

wifi: cfg80211: fix u8 overflow in cfg80211_update_notlisted_nontrans()

wifi: cfg80211: fix BSS refcounting bugs

wifi: cfg80211: avoid nontransmitted BSS list corruption

scsi: stex: Properly zero out the passthrough command structure

[PATCH] af_key: Do not call xfrm_probe_algs in parallel

mm/mremap: hold the rmap lock in write mode when moving page table

ARM related CVE.

devlink: Fix use-after-free after a failed reload

atm: idt77252: fix use-after-free bugs caused by tst_timer

fs: fix UAF/GPF bug in nilfs_mdt_destroy

wifi: mac80211: don't parse mbssid in assoc response

wifi: mac80211: don't parse mbssid in assoc response

wifi: mac80211: fix MBSSID parsing use-after-free

adaptation

mm: Fix TLB flush for not-first PFNMAP mappings in unmap_region()

mm: Fix TLB flush for not-first PFNMAP mappings in unmap_region()

Livepatching Retbleed may decrease kernel stability and performance. This vulnerability has medium security impact and applies to certain hardware environments only.

Livepatching Retbleed may decrease the stability and performance of the kernel, while vulnerability has a medium security impact and only for a certain hardware environment.

Livepatching Retbleed may decrease the stability and performance of the kernel, while vulnerability has a medium security impact and only for a certain hardware environment.

KVM: add missing compat KVM_CLEAR_DIRTY_LOG

KVM: Add infrastructure and macro to mark VM as bugged

[PATCH] KVM: x86: Check lapic_in_kernel() before attempting to set a

KVM: x86: Avoid theoretical NULL pointer dereference in

KVM: x86: Check lapic_in_kernel() before attempting to set a ( adaptation )

r8152: Rate limit overflow messages

Bluetooth: L2CAP: Fix use-after-free caused by l2cap_reassemble_sdu

mISDN: fix use-after-free bugs in l1oip timer handlers

mISDN: fix use-after-free bugs in l1oip timer handlers (adaptation)

nilfs2: fix NULL pointer dereference at nilfs_bmap_lookup_at_level()

video: fbdev: i740fb: Error out if 'pixclock' equals zero

efi: capsule-loader: Fix use-after-free in efi_capsule_write

efi: capsule-loader: Fix use-after-free in efi_capsule_write (adaptation)

binder: fix UAF of ref->proc caused by race condition

netfilter: nf_conntrack_irc: Tighten matching on DCC message

ALSA: pcm: oss: Fix race at SNDCTL_DSP_SYNC

staging: rtl8712: fix use after free bugs

sch_sfb: Don't assume the skb is still around after enqueueing to child

sch_sfb: Also store skb len before calling child enqueue

pxa3xx-gcu: Fix integer overflow in pxa3xx_gcu_write

usb: mon: make mmapped memory read only

nilfs2: fix leak of nilfs_root in case of writer thread creation failure

USB: core: Prevent nested device-reset calls (adaptation)

USB: core: Prevent nested device-reset calls (adaptation)

Bluetooth: L2CAP: Fix accepting connection request for invalid SPSM

xen/netback: Ensure protocol headers don't fall in the non-linear area

Bluetooth: L2CAP: Fix l2cap_global_chan_by_psm

Bluetooth: L2CAP: Fix u8 overflow

NFSD: Cap rsize_bop result based on send buffer size

nilfs2: fix use-after-free bug of struct nilfs_root

binder: fix UAF of alloc->vma in race with munmap()

[PATCH] Bluetooth: L2CAP: Fix attempting to access uninitialized

[PATCH] Bluetooth: L2CAP: Fix attempting to access uninitialized

roccat: Fix use-after-free in roccat_read()

wifi: brcmfmac: Fix potential buffer overflow in

fbdev: smscufx: Fix use-after-free in ufx_ops_open()

nfp: fix use-after-free in area_cache_get()

ALSA: pcm: Move rwsem lock inside snd_ctl_elem_read to prevent UAF

drm/vmwgfx: Validate the box size for the snooped cursor

media: dvb-core: Fix UAF due to refcount races at releasing

net: sched: disallow noqueue for qdisc classes

ipv6: raw: Deduct extension header length in rawv6_push_pending_frames

net: sched: cbq: dont intepret cls results when asked to drop

net: sched: atm: dont intepret cls results when asked to drop

x86/bugs: Flush IBP in ib_prctl_set()

net/ulp: prevent ULP without clone op from entering the LISTEN status

misc: sgi-gru: fix use-after-free error in gru_set_context_option

mm/hugetlb: fix races when looking up a CONT-PTE/PMD size hugetlb page

kcm: avoid potential race in kcm_tx_work

ipv4: Handle attempt to delete multipath route when fib_info contains an nh reference

ipv4: Handle attempt to delete multipath route when fib_info contains an nh reference

proc: avoid integer type confusion in get_proc_long

proc: proc_skip_spaces() shouldn't think it is working on C strings

drm/i915: fix TLB invalidation for Gen12 video and compute engines

ipc: replace costly bailout check in sysvipc_find_ipc()

KVM: VMX: Execute IBPB on emulated VM-exit when guest has IBRS

USB: gadgetfs: Fix race between mounting and unmounting

wifi: rndis_wlan: Prevent buffer overflow in rndis_query_oid

USB: move snd_usb_pipe_sanity_check into the USB core

USB: add usb_control_msg_send() and usb_control_msg_recv()

net/sched: tcindex: update imperfect hash filters respecting rcu

HID: check empty report_list in hid_validate_values()

drm/amdkfd: Check for null pointer after calling kmemdup

l2tp: Serialize access to sk_user_data with sk_callback_lock

sctp: fail if no bound addresses can be used for a given scope

net: mpls: fix stale pointer if allocation fails during device rename

media: mceusb: Use new usb_control_msg_*() routines

prlimit: do_prlimit needs to have a speculation check

Complex adaptation is required, mainline retired tcindex.

Safety check failed for copy_from_user; zendesk:191568

net/tls: tls_is_tx_ready() checked list_entry

kvm: initialize all of the kvm_debugregs structure before sending it

rds: rds_rm_zerocopy_callback() use list_first_entry()

scsi: iscsi_tcp: Fix UAF during login when accessing the shost

netrom: Fix use-after-free caused by accept on already connected

[PATCH] media: rc: Fix use-after-free bugs caused by ene_tx_irqsim()

wifi: brcmfmac: slab-out-of-bounds read in brcmf_get_assoc_ies()

KVM: nVMX: add missing consistency checks for CR0 and CR4

net: sched: sch_qfq: prevent slab-out-of-bounds in qfq_activate_agg

netfilter: nf_tables: deactivate anonymous set from

net/sched: flower: fix possible OOB write in fl_set_geneve_opt()

ipvlan:Fix out-of-bounds caused by unclear skb->cb

netfilter: nf_tables: incorrect error path handling with NFT_MSG_NEWRULE

netfilter: nf_tables: prevent OOB access in nft_byteorder_eval

overlayfs: Skip permission checking for trusted.overlayfs.* xattrs

memstick: r592: Fix UAF bug in r592_remove due to race condition

btrfs: unset reloc control if transaction commit fails in prepare_to_relocate()

[PATCH] btrfs: fix race between quota disable and quota assign ioctls

cifs: fix NULL ptr dereference in smb2_ioctl_query_info()

net: sched: fix race condition in qdisc_graft()

[PATCH] i2c: xgene-slimpro: Fix out-of-bounds bug in

net: qcom/emac: Fix use after free bug in emac_remove due to race

power: supply: da9150: Fix use after free bug in

net: tls: fix possible race condition between

xfs: verify buffer contents when we skip log replay

netlink: limit recursion depth in policy validation

[PATCH] act_mirred: use the backlog for nested calls to mirred

hwmon: (xgene) Fix use after free bug in xgene_hwmon_remove due to

nfc: st-nci: Fix use after free bug in ndlc_remove due to race

ext4: verify dir block before splitting it

ext4: avoid cycles in directory h-tree

ext4: make variable "count" signed

ext4: check if directory block is within i_size

ext4: make sure ext4_append() always allocates new block

ext4: fix check for block being out of directory size

x86/speculation: Identify processors vulnerable to SMT RSB predictions

KVM: x86: Mitigate the cross-thread return address predictions bug

KVM: x86: Mitigate the cross-thread return address predictions bug (adaptation)

Complex adaptation required.

net/sched: cls_fw: Fix improper refcount update leads to

net/sched: sch_qfq: account for stab overhead in qfq_enqueue

net/sched: cls_u32: Fix reference counter leak leading to overflow

hw: amd: Cross-Process Information Leak

binder: fix UAF caused by faulty buffer cleanup

usb: gadget: udc: renesas_usb3: Fix use after free bug in

media: saa7134: fix use after free bug in saa7134_finidev due to race

bpf: Fix incorrect verifier pruning due to missing register precision

relayfs: fix out-of-bounds access in relay_file_read

media: dm1105: Fix use after free bug in dm1105_remove due to race condition

bluetooth: Perform careful capability checks in hci_sock_ioctl()

media: dvb-core: Fix kernel WARNING for blocking operation in wait_event*()

dm ioctl: fix nested locking in table_clear() to remove deadlock concern

Bluetooth: L2CAP: Fix use-after-free in l2cap_sock_ready_cb

net/sched: cls_route: No longer copy tcf_result on update to avoid

net/sched: cls_fw: No longer copy tcf_result on update to avoid

net/sched: cls_u32: No longer copy tcf_result on update to avoid

x86/CPU/AMD: Do not leak quotient data after a division by 0

This is a low priority CVE & the patch impacts many critical components of the networking subsystem & it requires multiple complex adaptations in those components to avoid losing existing connections on patch/unpatch.

The patch remove functionality.

[PATCH] nfc: llcp: simplify llcp_sock_connect() error paths

[PATCH] net: nfc: Fix use-after-free caused by nfc_llcp_find_local

gfs2: Don't deref jdesc in evict

af_unix: Fix null-ptr-deref in unix_stream_sendpage().

net/sched: sch_hfsc: Ensure inner classes have fsc curve

net: sched: sch_qfq: Fix UAF in qfq_dequeue()

net: sched: sch_qfq: Fix UAF in qfq_dequeue() (adaptation)

netfilter: ipset: add the missing IP_SET_HASH_WITH_NET0 macro for

igmp: limit igmpv3_newpack() packet size to IP_MAX_MTU

CVE was wrongly assigned to a bug that was deemed to be a non-security issue by the Linux kernel security team.

The patch removes functionality.

netfilter: ipset: Add schedule point in call_ad().

netfilter: ipset: Fix race between IPSET_CMD_CREATE and

xen/netback: Fix buffer overrun triggered by unusual packet

Bluetooth: hci_ldisc: check HCI_UART_PROTO_READY flag in

media: usb: siano: Fix use after free bugs caused by do_submit_urb (dependency)

media: usb: siano: Fix warning due to null work_func_t function

Medium severity vulnerability CVE requiring extremely complex adaptation (if at all possible)

xfrm: add NULL check in xfrm_update_ae_params

ubi: Refuse attaching if mtd's erasesize is 0

igb: set max size RX buffer when store bad packet is enabled

igb: set max size RX buffer when store bad packet is enabled (adaptation)

net/tls: do not free tls_rec on async operation in

netfilter: nfnetlink_osf: avoid OOB read

netfilter: xt_sctp: validate the flag_info count

netfilter: xt_u32: validate user space input

netfilter: xt_u32: validate user space input (adaptation)

perf: Disallow mis-matched inherited group reads

perf: Disallow mis-matched inherited group reads

nvmet-tcp: move send/recv error handling in the send/recv methods instead of call-sites

nvmet-tcp: Fix a possible UAF in queue intialization setup

ipv4: fix null-deref in ipv4_link_failure

net: xfrm: Fix xfrm_address_filter OOB read

Complex adaptation required.

netfilter: nf_tables: Reject tables of unsupported family

smb: client: fix OOB in smbCalcSize()

perf: Fix perf_event_validate_size()

perf: Fix perf_event_validate_size() lockdep splat

ipv4: igmp: fix refcnt uaf issue when receiving igmp query packet

ravb: Fix use-after-free issue in ravb_tx_timeout_work()

nfc: nci: fix possible NULL pointer dereference in send_acknowledge()

kobject: Fix slab-out-of-bounds in fill_kobj_path()

xen/events: replace evtchn_rwlock with RCU

net: tls, update curr on splice as well

smb: client: fix OOB in receive_encrypted_standard()

ida: Fix crash in ida_free when the bitmap is empty

appletalk: Fix Use-After-Free in atalk_ioctl

usb: dwc3: dwc3-qcom: Add missing platform_device_put() in dwc3_qcom_acpi_register_core

Bluetooth: af_bluetooth: Fix Use-After-Free in bt_sock_recvmsg

f2fs: fix to do sanity check on inode type during garbage collection

An introduction of required changes through KernelCare could cause unavoidable problems to applications which use netfilter functionality.

nvmet: nul-terminate the NQNs passed in the connect command

net/rose: Fix Use-After-Free in rose_ioctl

atm: Fix Use-After-Free in do_vcc_ioctl

vhost: use kzalloc() instead of kmalloc() followed by memset()

netfilter: nf_tables: reject QUEUE/DROP verdict parameters

phy: tegra: xusb: Fix return value of tegra_xusb_find_port_node function

malidp: Fix NULL vs IS_ERR() checking

scsi: lpfc: Fix a possible data race in lpfc_unregister_fcf_rescan()

nvmet-tcp: add bounds check on Transfer Tag

nvmet-tcp: Fix a kernel panic when host sends an invalid H2C PDU length

drm/radeon: check the alloc_workqueue return value in radeon_crtc_init()

binder: fix race between mmput() and do_exit()

crypto: scomp - fix req->dst buffer overflow

net: qualcomm: rmnet: fix global oob in rmnet_policy

net: qualcomm: rmnet: fix global oob in rmnet_policy

ip6_tunnel: fix NEXTHDR_FRAGMENT handling in ip6_tnl_parse_tlv_enc_lim()

ipv6: remove max_size check inline with ipv4

ipv6: remove max_size check inline with ipv4

dm ioctl: log an error if the ioctl structure is corrupted

dm: limit the number of targets and parameter size area

apparmor: avoid crash when parsed profile name is empty

gfs2: Fix kernel NULL pointer dereference in gfs2_rgrp_dump

mtd: Fix gluebi NULL pointer dereference caused by ftl

f2fs: explicitly null-terminate the xattr list

drivers/amd/pm: fix a use-after-free in kv_parse_power_table

EDAC/thunderx: Fix possible out-of-bounds string access

netfilter: nf_tables: fix pointer math issue in nft_byteorder_eval()

Out of scope. Android related patch.

uio: Fix use-after-free in uio_open

f2fs: fix to avoid dirent corruption

media: pvrusb2: fix use after free on context disconnection

Out of scope as the patch is for powerpc arch only, x86_64 is not affected

xen-netback: don't produce zero-size SKB frags

bpf: Reject variable offset alu on PTR_TO_FLOW_KEYS

UBSAN: array-index-out-of-bounds in dtSplitRoot

jfs: fix uaf in jfs_evict_inode

Bluetooth: Add more enc key size check

FS:JFS:UBSAN:array-index-out-of-bounds in dbAdjTree

jfs: fix array-index-out-of-bounds in dbAdjTree

IB/ipoib: Fix mcast list locking

i2c: i801: Fix block process call transactions

powerpc/lib: Validate size for vector operations

jfs: fix array-index-out-of-bounds in diNewExt

s390/ptrace: handle setting of fpc register correctly

KVM: s390: fix setting of fpc register

llc: call sock_orphan() at release time

KVM: arm64: vgic-its: Avoid potential UAF in LPI translation

net: prevent mss overflow in skb_segment()

ceph: fix deadlock or deadcode of misusing dget()

powerpc/mm: Fix null-pointer dereference in pgtable_cache_add

SUNRPC: Fix a suspicious RCU usage warning

net/rds: Fix UBSAN: array-index-out-of-bounds in

phy: ti: phy-omap-usb2: Fix NULL pointer dereference for SRP

sched/membarrier: reduce the ability to hammer on

can: j1939: Fix UAF in j1939_sk_match_filter during

can: j1939: Fix UAF in j1939_sk_match_filter during (adaptation)

ext4: avoid online resizing failures due to oversized flex bg

ext4: avoid online resizing failures due to oversized flex bg

binder: signal epoll threads of self-work

net/smc: fix illegal rmb_desc access in SMC-D connection dump

llc: Drop support for ETH_P_TR_802_2.

llc: Drop support for ETH_P_TR_802_2 (adaptation)

llc: make llc_ui_sendmsg() more robust against bonding

tipc: Check the bearer type before calling

blk-mq: fix IO hang from sbitmap wakeup race

netfilter: nft_ct: sanitize layer 3 and 4 protocol number in

ppp_async: limit MRU to 64K

inet: read sk->sk_family once in inet_recv_error()

nilfs2: fix potential bug in end_buffer_async_write

nilfs2: fix hang in nilfs_lookup_dirty_data_buffers()

nilfs2: fix data corruption in dsync block recovery for small

iio: magnetometer: rm3100: add boundary check for the value

ext4: fix double-free of blocks due to wrong extents

mm/writeback: fix possible divide-by-zero in

jfs: fix slab-out-of-bounds Read in dtSearch

drm: Don't unref the same fb many times by mistake due to

wifi: brcmfmac: Fix use-after-free bug in

tomoyo: fix UAF write bug in tomoyo_write_control()

wifi: mac80211: fix potential key use-after-free

Complex adaptation required. Network services prevents update because sleeps in inet_csk_accept() function.

fs,hugetlb: fix NULL pointer dereference in

drm: bridge/panel: Cleanup connector on bridge detach

arp: Prevent overflow in arp_req_get().

afs: Increase buffer size in afs_update_volume_status()

ipv6: sr: fix possible use-after-free and null-ptr-deref

Unable to fix early initialization before enabling SMP d35652a5fc9944784f6f50a5c979518ff8dacf61

Do not support powerpc build with kasan sanitizer 4a7aee96200ad281a5cc4cf5c7a2e2a49d2b97b0

usb: cdns3: fix memory double free when handle zero packet

usb: cdns3: fixed memory use after free at

ARM: ep93xx: Add terminator to gpiod_lookup_table

gtp: fix use-after-free and null-ptr-deref in

dm-crypt: don't modify the data when using authenticated

fs/aio: Restrict kiocb_set_cancel_fn() to I/O submitted via

IB/hfi1: Fix sdma.h tx->num_descs off-by-one error

IB/hfi1: Fix sdma.h tx->num_descs off-by-one error

l2tp: pass correct message length to ip6_append_data

gtp: fix use-after-free and null-ptr-deref in gtp_newlink()

fbdev: savage: Error out if pixclock equals zero

wifi: mac80211: fix race condition on enabling fast-xmit

fbdev: sis: Error out if pixclock equals zero

ext4: avoid allocating blocks from corrupted group in

ext4: avoid allocating blocks from corrupted group in

btrfs: dev-replace: properly validate device names

dmaengine: fsl-qdma: init irq after reg initialization

dmaengine: fsl-qdma: fix SoC may hang on 16 byte unaligned

kpatch add alt asm definitions

kpatch add paravirt asm definitions