kernel: kvm: pv_eoi guest updates with interrupts disabled

kernel: kvm: missing check in kvm_set_memory_region()

kernel: veth: double-free flaw in case of congestion

kernel: fs: filp leak on ro filesystem

Kernel: udf: information leak on export

Kernel: sa_restorer information leak

kernel: ext3: format string issues

Kernel: net: oops from tcp_collapse() when using splice(2)

kernel: Information leak in the Data Center Bridging (DCB) component

kernel: Information leak in the Data Center Bridging (DCB) component

kernel: b43: format string leaking into error msgs

Kernel: atm: update msg_namelen in vcc_recvmsg()

Kernel: Bluetooth: possible info leak in bt_sock_recvmsg()

Kernel: Bluetooth: RFCOMM - missing msg_namelen update in rfcomm_sock_recvmsg

Kernel: tracing: NULL pointer dereference

Kernel: tracing: NULL pointer dereference

Kernel: tracing: NULL pointer dereference

Kernel: tracing: NULL pointer dereference

Kernel: Bluetooth: HCI & L2CAP information leaks

Kernel: Bluetooth: HCI & L2CAP information leaks

Kernel: perf/x86: offcore_rsp valid mask for SNB/IVB

Kernel: perf/x86: offcore_rsp valid mask for SNB/IVB

kernel: sctp: duplicate cookie handling NULL pointer dereference

Kernel: ipv6: using ipv4 vs ipv6 structure during routing lookup in sendmsg

Kernel: net: af_key: initialize satype in key_notify_policy_flush

Kernel: net: panic while pushing pending data out of a IPv6 socket with UDP_CORK

kernel: dm: dm-snapshot data leak

Kernel: signal: information leak in tkill/tgkill

Kernel: net: memory corruption with UDP_CORK and UFO

Kernel: llc: information leak via getsockname

Kernel: Bluetooth: RFCOMM - information leak

Kernel: Bluetooth: RFCOMM - information leak

kernel: handling of IPv6 temporary addresses

kernel: handling of IPv6 temporary addresses

Kernel: information leak in fs/compat_ioctl.c VIDEO_SET_SPU_PALETTE

Kernel: tg3: buffer overflow in VPD firmware parsing

Kernel: information leak in cdrom driver

kernel: block: passing disk names as format strings

Kernel: net: information leak in AF_KEY notify

Kernel: HID: memory corruption flaw

Kernel: HID: zeroplus: heap overflow flaw

Kernel: HID: zeroplus: heap overflow flaw

Kernel: llc: Fix missing msg_namelen update in llc_ui_recvmsg

kernel: ansi_cprng: off by one error in non-block size request

Kernel: net: IPv6: panic when UFO=On for an interface

kernel: nfs: missing check for buffer length in __nfs4_get_acl_uncached

Kernel: HID: pantherlord: heap overflow flaw

kernel: kvm: memory leak when memory slot is moved with assigned device

kernel: kvm: memory leak when memory slot is moved with assigned device

Kernel: net: memory corruption with UDP_CORK and UFO

kvm: division by zero in apic_get_tmcct()

kvm: cross page vapic_addr access

netfilter: nf_conntrack_dccp: fix skb_header_pointer API usages

Add x86_match_cpu missed on earlier rhel6 kernels.

inet: prevent leakage of uninitialized memory to user in recv syscalls

inet: fix addr_len/msg->msg_namelen assignment in recv_error functions

kernel: exec/ptrace: get_dumpable() incorrect tests

Kernel: qeth: buffer overflow in snmp ioctl

ipvs: Add boundary check on ioctl arguments

ipv6: fix leaking uninitialized port number of offender sockaddr

usb: cdc-wdm: Fix race between autosuspend and reading from the device

usb: cdc-wdm: fix buffer overflow

net: fix memory information leaks in recv protocol handlers

selinux: handle TCP SYN-ACK packets correctly in selinux_ip_output()

selinux: handle TCP SYN-ACK packets correctly in selinux_ip_postroute()

selinux: look for IPsec labels on both inbound and outbound packets

selinux: process labeled IPsec TCP SYN-ACK packets properly in selinux_ip_postroute()

selinux: fix broken peer recv check

vhost: validate vhost_get_vq_desc return value

net: sctp: fix sctp_sf_do_5_1D_ce to verify if peer is AUTH capable

aacraid: missing capable() check in compat ioctl

vhost: fix total length when packets are too short

net: guard tcp_set_keepalive() to tcp sockets

futex: Forbid uaddr == uaddr2 in futex_requeue(..., requeue_pi=1)

futex: Validate atomic acquisition in futex_lock_pi_atomic()

futex: Always cleanup owner tid in unlock_pi

futex: Make lookup_pi_state more robust

kernel: ptrace,x86: force IRET path after a ptrace_stop()

n_tty: Fix n_tty_write crash when echoing in raw mode

filter: prevent nla extensions to peek beyond the end of the message

floppy: ignore kernel-only members in FDRAWCMD ioctl input

floppy: don't write kernel-only members to FDRAWCMD ioctl output

fs: slab corruption due to the invalid last component type during do_filp_open()

libertas: potential oops in debugfs

SELinux: Fix kernel BUG on empty security contexts.

Fixed a critical vulnerability in the legacy simfs container filesystem (ploop is not affected)

NULL pointer dereference in disk quota subsystem.

Use-after-free in checkpoint-restore mount failure handling.

net: l2tp: don't fall back on UDP [get|set]sockopt()

SCTP: Fix auth_capable inheritence on INIT collision

ipv4: current group_info should be put after using.

rds: prevent dereference of a NULL device in rds_ib_laddr_check

rds: prevent dereference of a NULL device in rds_iw_laddr_check

ath9k: protect tid->sched check

mac80211: fix AP powersave TX vs. wakeup race

auditsc: audit_krule mask accesses need bounds checking

sctp: Fix sk_ack_backlog wrap-around problem

x86_64, traps: Stop using IST for #SS

x86_64, traps: Stop using IST for #SS

kernel: pipe: iovec overrun leading to memory corruption

vm: add vm_iomap_memory() helper function

vm: convert fb_mmap to vm_iomap_memory() helper

mm: try_to_unmap_cluster() should lock_page() before mlocking

lib/lzo: Update LZO compression to current upstream version

lzo: properly check for overruns

KVM: x86: Improve thread safety in pit

kvm/vmx: handle invept and invvpid vm exits gracefully

kvm/vmx: handle invept and invvpid vm exits gracefully

USB: whiteheat: Added bounds checking for bulk command response

net: sctp: fix skb_over_panic when receiving malformed ASCONF chunks

net: sctp: fix panic on duplicate ASCONF chunks

net: sctp: fix remote memory pressure from excessive queueing

net: sctp: fix skb_over_panic when receiving malformed ASCONF chunks

udf: Avoid infinite loop when processing indirect ICBs

isofs: Fix unbounded recursion when processing relocated directories

ALSA: control: Make sure that id->index does not overflow

ALSA: control: ALSA: control: Handle numid overflow

kernel: infiniband: uverbs: unprotected physical memory access

kernel: splice: lack of generic write checks

netfilter: conntrack: disable generic tracking for known protocols

security: selinux: Permit bounded transitions under NO_NEW_PRIVS or NOSUID

kvm: vmx: invalid host cr4 handling across vm entries

sctp: fix slab corruption from use after free on INIT collisions

kvm: vmx: invalid host cr4 handling across vm entries

kernel: insufficient syscall number validation in perf and ftrace subsystems

KEYS: close race between key lookup and freeing

isofs: Fix unchecked printing of ER records

ttusb-dec: buffer overflow in ioctl

x86_64, switch_to(): Load TLS descriptors before switching DS and ES

isofs: Fix infinite looping over CE entries

Forbid to create a symlink or hardlink if user is not the owner of the targeted file

Forbid to create a symlink or hardlink if user is not the owner of the targeted file

kernel: net: incorrect processing of checksums in UDP implementation

TTY: drop driver reference in tty_open fail path

ipv4: Missing sk_nulls_node_init() in ping_unhash().

ASLR: fix stack randomization on 64-bit systems

x86/asm/entry/64: Remove a bogus 'ret_from_fork' optimization

x86/asm/entry/64: Remove a bogus 'ret_from_fork' optimization

ipv6: Don't reduce hop limit for an interface

mm: add !pte_present() check on existing hugetlb_entry callbacks

eCryptfs: Remove buggy and unnecessary write in file name decode

fs: take i_mutex during prepare_binprm for set[ug]id executables

HID: fix a couple of off-by-ones

kernel: x86: espfix(64) bypass via set_thread_area and CLONE_SETTLS

kernel: x86: espfix(64) bypass via set_thread_area and CLONE_SETTLS

kernel: x86: espfix(64) bypass via set_thread_area and CLONE_SETTLS

kernel: x86: espfix(64) bypass via set_thread_area and CLONE_SETTLS

mac80211: fix fragmentation code, particularly for encryption

kernel: kvm: insufficient sysenter emulation when invoked from 16-bit code

VFS: fix symlink protection relative path issue

RDS: verify the underlying transport exists before creating a connection

Complete earlier incomplete fix to CVE-2015-6937

keys: Fix race between key destruction and finding a keyring by name

keys: Fix crash when attempt to garbage collect an uninstantiated keyring

keys: Don't permit request_key() to construct a new keyring

virt: guest to host DoS by triggering an infinite loop in microcode

svm: unconditionally intercept DB

CVE-2015-5307 and CVE-2015-8104 kpatch adaptation

Fix pipe buffer state corruption.

net: add validation for the socket syscall protocol argument

netfilter: x_tables: deal with bogus nextoffset values

netfilter: x_tables: validate e->target_offset early

netfilter: x_tables: make sure e->next_offset covers remaining blob size

netfilter: x_tables: check for bogus target offset

IB/security: Restrict use of the write() interface

mm: remove gup_flags FOLL_WRITE games from __get_user_pages()

net: Fix use after free in the recvmmsg exit path

dccp: fix freeing skb too early for IPV6_RECVPKTINFO

tty: n_hdlc: get rid of racy n_hdlc.tbuf

x86/mm: Add barriers and document switch_mm()-vs-flush synchronization

ALSA: usb-audio: avoid freeing umidi object twice

aacraid: Check size values after double-fetch from user

posix_acl: Clear SGID bit when setting file permissions

net: ping: check minimum size on ICMP header length

sg_write()/bsg_write() is not fit to be called under KERNEL_DS

ipv6: stop sending PTB packets for MTU < 1280

KEYS: Fix short sprintf buffer in /proc/keys show function

udp: properly support MSG_PEEK with truncated buffers

nfsd: stricter decoding of write-like NFSv2/v3 ops

mm: enlarge stack guard gap

fix ipset list shrinking for no reason

fs/binfmt_elf.c: fix bug in loading of PIE binaries

dccp: fix use-after-free (CVE-2017-8824)

Disable modification of LDT by userspace processes.

kvm: inject #UD if instruction emulation fails and exit to userspace

kvm: inject #UD if instruction emulation fails and exit to userspace (KernelCare adoptation)

kvm: x86: Don't report guest userspace emulation error to userspace

x86, kvm: Clear paravirt_enabled on KVM guests for espfix32's benefit

x86, kvm: Clear paravirt_enabled on KVM guests for espfix32's benefit

ext4: make orphan functions be no-op in no-journal mode

ext4: avoid hang when mounting non-journal filesystems with orphan list

KEYS: potential uninitialized variable

HID: hiddev: validate num_values for HIDIOCGUSAGES, HIDIOCSUSAGES commands

proc: prevent stacking filesystems on top

tcp: fix use after free in tcp_xmit_retransmit_queue()

KEYS: Fix handling of stored error in a negatively instantiated user key

[kernel] audit: fix a double fetch in audit_log_single_execve_arg()

[net] sctp: validate chunk len before actually using it

block: fix use-after-free in seq file

keyctl_set_reqkey_keyring() leaks thread keyrings

tcp: avoid infinite loop in tcp_splice_read()

net/packet: fix overflow in check for tp_reserve

net-packet: fix race in packet_set_ring on PACKET_RESERVE

udp: consistently apply ufo or fragmentation

Bluetooth: Properly check L2CAP config option output buffer length

KEYS: fix dereferencing NULL payload with nonzero length

tcp: initialize rcv_mss to TCP_MIN_MSS instead of 0

kcpti: adjust context

add kernel page table isolation feature(aka KAISER)

kcpti: undo context adjustment

kcpti: remove trace IDT mapping

kcpti: check present flag when removing global pte flag

kcpti: ignore AMD processors

kcpti: apply patch to Xen PV domains

ipsec: Fix aborted xfrm policy dump crash (kpatch adaptation)

spectre: prevent speculative execution

[x86] msr: add 64bit _on_cpu access functions

[kernel] bitops: Introduce BIT_ULL

[x86] microcode: Share native MSR accessing variants

[x86] cpuid: Cleanup cpuid_regs definitions

[x86] cpuid: Provide get_scattered_cpuid_leaf()

[x86] feature: Enable the x86 feature to control Speculation

[x86] feature: Report presence of IBPB and IBRS control

[x86] cpu/AMD: Control indirect branch predictor when SPEC_CTRL not available

[x86] [kvm] Pad RSB on VM transition

[kvm] x86: clear registers on VM exit

[kvm] vmx: Set IBPB when running a different VCPU

[kvm] vmx: add MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD

[kvm] vmx: add MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD

[kvm] svm: add MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD

[kvm] x86: add SPEC_CTRL to MSR and CPUID lists

[x86] enter: MACROS to set/clear IBRS and set IBPB

[x86] spec_ctrl: use per-cpu knob instead of ALTERNATIVES for ibpb and ibrs

[x86] enter: Use IBRS on syscall and interrupts

[x86] spec_ctrl: save IBRS MSR value in save_paranoid for NMI

[x86] spec_ctrl: implement spec ctrl C methods

[x86] idle: Disable IBRS entering idle and enable it on wakeup

[x86] idle: Disable IBRS when offlining cpu and re-enable

[x86] mm: Set IBPB upon context switch

[x86] mm: Only set IBPB when the new thread cannot ptrace

[x86] entry: Stuff RSB for entry to kernel for non-SMEP platform

[x86] entry: Remove STUFF_RSB in error and interrupt code

[x86] spec_ctrl: move stuff_RSB in spec_ctrl.h

[x86] KVM/spec_ctrl: allow IBRS to stay enabled in host userland

[x86] Remove __cpuinitdata from some data & function

[x86] spec_ctrl: consolidate the spec control boot detection

[x86] spec_ctrl: add debugfs ibrs_enabled ibpb_enabled

[x86] spec_ctrl: rescan cpuid after a late microcode update

[x86] syscall: Clear unused extra registers on 32-bit compatible syscall entrance

[x86] spec_ctrl: add noibrs noibpb boot options

[x86] spec_ctrl: Prevent unwanted speculation without IBRS

[x86] spec_ctrl: reload spec_ctrl cpuid in all microcode load paths

[x86] entry: Fix 32-bit program crash with 64-bit kernel on AMD boxes

[x86] entry: Add back STUFF_RSB to interrupt and error paths

[x86] spec_ctrl: ibrs_enabled() is expected to return > 1

[x86] spec_ctrl: always initialize save_reg in ENABLE_IBRS_SAVE_AND_CLOBBER

[x86] spec_ctrl: allow the IBP disable feature to be toggled at runtime

[x86] spec_ctrl: use IBRS_ENABLED instead of 1

[x86] spec_ctrl: set IBRS during CPU init if in ibrs_enabled == 2

[x86] spec_ctrl: cleanup s/flush/sync/ naming when sending IPIs

[x86] spec_ctrl: introduce SPEC_CTRL_PCP_ONLY_IBPB

[x86] spec_ctrl: introduce ibpb_enabled = 2 for IBPB instead of IBRS

[x86] spec_ctrl: undo speculation barrier for ibrs_enabled and noibrs_cmdline

[x86] spec_ctrl: use enum when setting ibrs/ibpb_enabled

[x86] spec_ctrl: remove irqs_disabled() check from intel_idle()

[x86] spec_ctrl: allow use_ibp_disable only if both SPEC_CTRL and IBPB_SUPPORT are missing

[x86] spec_ctrl: set IBRS during resume from RAM if ibrs_enabled is 2

[x86] spec_ctrl: skip IBRS/CR3 restore when paranoid exception returns to userland

[x86] spec_ctrl: disable ibrs while in intel_idle()

[x86] spec_ctrl: skip CAP_SYS_PTRACE check to skip audit

[x86] spec_ctrl: Eliminate redundnat FEATURE Not Present messages

[x86] spec_ctrl: svm: spec_ctrl at vmexit needs per-cpu areas functional

ping - implement proper locking

dccp/tcp - do not inherit mc_list from parent

sctp - do not inherit ipv6_{mc|ac|fl}_list from parent

ipv6/dccp - do not inherit ipv6_mc_list from parent

ALSA: seq: Fix racy pool initializations

prevents spectre v1 by sanitizing pointers from user-space and syscall numbers, \

addresses CVE-2018-3693 for 32bit processes.

Spectre v4 (store by-passing) mitigation.

[x86] spec_ctrl: show added cpuid flags in /proc/cpuinfo after late microcode update

make AIO use the proper rw_verify_area() area helpers

mpi - Fix NULL ptr dereference in mpi_powm()

mm - tighten x86 /dev/mem with zeroing reads

fix unbalanced page refcounting in bio_map_user_iov

more bio_map_user_iov() leak fixes

mm - teach truncate_inode_pages_range() to handle non page aligned ranges

dm: fix race between dm_get_from_kobject() and __dm_destroy()

dccp - check sk for closed state in dccp_sendmsg()

sctp - verify size of a new chunk in _sctp_make_chunk()

nfsd: check for oversized NFSv2/v3 arguments

netfilter: xt_TCPMSS: add more sanity tests on tcph->doff

fix for use-after-free bug via crafted system calls in mm/mempolicy.c:do_get_mempolicy()

x86/entry/64: Don't use IST entry for #BP stack

x86/entry/64: Don't use IST entry for #BP stack (kpatch adaptation)

mqueue: fix a use-after-free in sys_mq_notify()

ipv6: Prevent overrun when parsing v6 header options

ipv6: Check ip6_find_1stfragopt() return value properly.

ipv6: xfrm: Handle errors reported by xfrm6_find_1stfragopt()

ipv6: avoid overflow of offset in ip6_find_1stfragopt

bluetooth: Prevent stack info leak from the EFS element.

media: v4l2-compat-ioctl32.c: refactor compat ioctl32 logic

media: v4l2-compat-ioctl32.c: refactor compat ioctl32 logic fixup

Add disable SMT knob

Setup L1TF bug bit

Add ability to flush l1d cache on vmexit

ext4: use __GFP_NOFAIL in ext4_free_blocks()

ext4: handle the rest of ext4_mb_load_buddy() ENOMEM errors

[sound] alsa: seq: Fix use-after-free at creating a port

[sound] alsa: pcm: prevent UAF in snd_pcm_info (CVE-2017-0861)

[kvm] VMX: Fix host GDT.LIMIT corruption (CVE-2018-10301)

[kvm] VMX: Fix host GDT.LIMIT corruption (CVE-2018-10301) (kpatch adaptation)

[net] tcp: avoid collapses in tcp_prune_queue() if possible

[net] tcp: detect malicious patterns in tcp_collapse_ofo_queue()

posix-timer: Properly check sigevent->sigev_notify

eCryptFS: allocate open requests on stack

eCryptFS: forbid opening files without mmap handler

firewire: net: guard against rx buffer overflows

Limit arg stack to at most 75% of _STK_LIM

binfmt_elf: switch to new creds when switching to new mm

tcp: enhance tcp collapsing

tcp: avoid order-1 allocations on wifi and tx path

tcp: enhance tcp_collapse_retrans() with skb_shift()

tcp: limit payload size of sacked skbs

tcp: enhance tcp collapsing

tcp: tcp_fragment() should apply sane memory limits

tcp: enforce tcp_min_snd_mss in tcp_mtu_probing()

kpatch adaptation - sysctl handle for minimal MSS

tcp: limit payload size of sacked skbs

ALSA: rawmidi: Change resized buffers atomically

zombieload mitigation

map kpatch code that patch .entry.text section code

ALSA: rawmidi: Change resized buffers atomically

idr: fix backtrack logic in idr_remove_all

idr: fix top layer handling

tcp: check skb tailroom before collapsing

[crypto] salsa20 - fix blkcipher_walk API usage

[mm] mincore.c: make mincore() more conservative

[fs] proc: restrict kernel stack dumps to root

[x86] x86/speculation: Prepare entry code for Spectre v1 swapgs mitigations

host: make sure log_num < in_num

scsi: megaraid_sas: return error when create DMA pool failed

net: Set sk_prot_creator when cloning sockets to the right proto

mISDN: enforce CAP_NET_RAW for raw sockets

cfg80211: wext: avoid copying malformed SSIDs

kvm: mmu: ITLB_MULTIHIT mitigation (adaptation)

KVM: MMIO: Lock coalesced device when checking for available entry

KVM: coalesced_mmio: add bounds checking

KEYS: Change the name of the dead type to ".dead" to prevent user access

KEYS: Change the name of the dead type to ".dead" to prevent user access (kpatch adaptation)

netfilter: x_tables: fix compat match/target pad out-of-bound write

keys: prevent KEYCTL_READ on negative key

x86/speculation: Add Special Register Buffer Data Sampling (SRBDS) mitigation

kernel: Null pointer dereference in search_keyring

prevent page refcount overflow

tty: Fix ->pgrp locking in tiocspgrp()

af_unix: fix struct pid memory leak

futex: Handle faults correctly for PI futexes

futex: Provide and use pi_state_update_owner()

RDMA/ucma: Put a lock around every call to the rdma_cm layer

RDMA/ucma: Put a lock around every call to the rdma_cm layer (adaptation)

RDMA/cma: Add missing locking to rdma_accept()

RDMA/ucma: Fix the locking of ctx->file

RDMA/ucma: Rework ucma_migrate_id() to avoid races with destroy

bluetooth: eliminate the potential race condition

epoll: Keep a reference on files added to the check list

af_unix: fix garbage collect vs MSG_PEEK

af_unix: fix garbage collect vs MSG_PEEK (adaptation)

xfs: map unwritten blocks in XFS_IOC_{ALLOC,FREE}SP just like

cgroup-v1: Require capabilities to set release_agent

KVM: do not allow mapping valid but non-reference-counted pages

mm: mempolicy: require at least one nodeid for MPOL_PREFERRED

vhost: Check docket sk_family instead of call getname

Restrict access to pagemap/kpageflags/kpagecount

vmx_vcpu_run wrapper