KVM: coalesced_mmio: add bounds checking

host: make sure log_num < in_num

x86: kvm: Do not release the page inside mmu_set_spte() (CVE-2018-12207 prerequirement)

CVE-2018-12207 prerequirement - code cleanup and simplification

x86: kvm: change kvm_mmu_page_get_gfn BUG_ON to WARN_ON (CVE-2018-12207 prerequirement)

x86: kvm: vmx,svm: always run with EFER.NXE=1 when shadow paging is active (CVE-2018-12207 prerequirement)

kvm: Convert kvm_lock to a mutex (CVE-2018-12207 prerequirement)

kvm: mmu: ITLB_MULTIHIT mitigation (adaptation)

ext4: add more paranoia checking in ext4_expand_extra_isize handling

crypto: user - fix memory leak in crypto_report

KVM: x86: fix out-of-bounds write in KVM_GET_EMULATED_CPUID

cifs: Fix lease buffer length error

dccp: Fix memleak in __feat_register_sp

kvm: nVMX: fixed L2 guest possible tricking the L0 hypervisor to access sensitive L1 resources

vt: selection, close sel_buffer race

vhost: Check docket sk_family instead of call getname

block, bfq: fix use-after-free in bfq_idle_slice_timer_body

signal: Extend exec_id to 64bits

signal: Extend exec_id to 64bits

netlabel: fixed possible NULL pointer dereference issue while importing some category bitmap into SELinux

selinux: properly handle multiple messages in selinux_netlink_send()

net: ipv6_stub: use ip6_dst_lookup_flow instead of ip6_dst_lookup

kpatch adaptation for CVE-2020-1749

blktrace: Protect q->blk_trace with RCU

blktrace: Protect q->blk_trace with RCU

ext4: avoid declaring fs inconsistent due to invalid file handles (dependency for CVE-2019-19319)

ext4: protect journal inode's blocks using block_validity

ext4: don't perform block validity checks on the journal inode

ext4: protect journal inode's blocks using block_validity

ext4: protect journal inode's blocks using block_validity

scsi: sg: add sg_remove_request in sg_write

x86/speculation: Prevent rogue cross-process SSBD shutdown

x86/speculation: Change misspelled STIPB to STIBP

x86/speculation: Avoid force-disabling IBPB based on STIBP and enhanced IBRS.

x86/speculation: PR_SPEC_FORCE_DISABLE enforcement for indirect branches.

x86/speculation: Avoid force-disabling IBPB based on STIBP and enhanced IBRS. (kpatch adaptation)

N/A

x86/speculation: Add Special Register Buffer Data Sampling (SRBDS) mitigation

include/linux/relay.h: fix percpu annotation in struct rchan

mm: Fix mremap not considering huge pmd devmap

fs/binfmt_elf.c: allocate initialized memory in fill_thread_core_info()

fix possible deadlock with mutex within SCSI libsas (adaptation)

xfs: set format back to extents if xfs_bmap_extents_to_btree

net: phy: mdio-bcm-unimac: fix potential NULL dereference in unimac_mdio_probe()

crypto: ccp - Release all allocated memory if sha type is invalid

media: rc: prevent memory leak in cx23888_ir_probe

iio: imu: adis16400: fix memory leak

ath9k_htc: release allocated buffer if timed out

ath9k: release allocated buffer if timed out

f2fs: check if file namelen exceeds max value

xfs: add agf freeblocks verify in xfs_agf_verify

btrfs: merge btrfs_find_device and find_device

net/packet: fix overflow in tpacket_rcv

ext4: fix potential negative array index in do_split()

Fix for missing check in vgacon scrollback handling

netfilter: ctnetlink: add a range check for l3/l4 protonum

nfs: Fix getxattr kernel panic and memory overflow

mm/hugetlb: fix a race between hugetlb sysctl handlers

fbcon: remove soft scrollback code

fbcon: remove soft scrollback code (adaptation)

rbd: require global CAP_SYS_ADMIN for mapping and unmapping

hdlc_ppp: add range checks in ppp_cp_parse_cr()

geneve: add transport ports in route lookup for geneve

[net] Bluetooth: L2CAP: Fix calling sk_filter on non-socket based channel

[net] Bluetooth: A2MP: Fix not initializing all members

icmp: randomize the global rate limiter

blktrace: ensure our debugfs dir exists

Blktrace: bail out early if block debugfs is not configured

blktrace: fix debugfs use after free

perf/core: Fix race in the perf_mmap_close() function

vt: keyboard, simplify vt_kdgkbsent

vt: keyboard, extend func_buf_lock to readers

tty: make FONTX ioctl use the tty pointer they were actually passed

Input: sunkbd - avoid use-after-free in teardown paths

powercap: make attributes only readable by root

powercap: make attributes only readable by root (adaptation)

perf/core: Fix a memory leak in perf_event_parse_addr_filter()

vt: Disable KD_FONT_OP_COPY

speakup: Do not let the line discipline be used several times

xen/events: avoid removing an event channel while handling it

btrfs: inode: Verify inode mode to avoid NULL pointer dereference

jfs: Fix array index bounds check in dbAdjTree

limit size of watch_events dom0 queue.

handle xenwatch_thread patching.

xen-blkback: set ring->xenblkd to NULL after kthread_stop()

tty: Fix ->pgrp locking in tiocspgrp()

tty: Fix ->session locking

[PATCH] tracing: Fix race in trace_open and buffer resize call

UBUNTU: SAUCE: target: fix XCOPY NAA identifier lookup

UBUNTU: SAUCE: target: fix XCOPY NAA identifier lookup (adaptation )

nfsd4: readdirplus shouldn't return parent of export

futex: Ensure the correct return value from futex_lock_pi

futex: Simplify fixup_pi_state_owner

futex: Replace pointless printk in fixup_owner

futex: Provide and use pi_state_update_owner

futex: Handle faults correctly for PI futexes

nbd: freeze the queue while we're adding connections

Xen/x86: don't bail early from clear_foreign_p2m_mapping()

Xen/x86: also check kernel mapping in set_foreign_p2m_mapping()

Xen/gntdev: correct dev_bus_addr handling in gntdev_map_grant_pages()

Xen/gntdev: correct error checking in gntdev_map_grant_pages()

xen-blkback: don't "handle" error by BUG()

xen-netback: don't "handle" error by BUG()

xen-scsiback: don't "handle" error by BUG()

xen-blkback: fix error handling in xen_blkbk_map()

xen-blkback: fix error handling in xen_blkbk_map()

Xen/gnttab: handle p2m update errors on a per-slot basis

xen-netback: respect gnttab_map_refs()'s return value

scsi: iscsi: Restrict sessions and handles to admin capabilities

sysfs: Add sysfs_emit and sysfs_emit_at to format sysfs output

scsi: iscsi: Ensure sysfs attributes are limited to PAGE_SIZE

scsi: iscsi: Verify lengths on passthrough PDUs

bpf: Prohibit alu ops for pointer types not defining ptr_limit

bpf: Fix off-by-one for area size in creating mask to left

bpf: Simplify alu_limit masking for pointer arithmetic

bpf: Add sanity check for upper ptr_limit

bpf, x86: Validate computation of branch displacements for x86-64

nfc: fix memory leak in llcp_sock_bind() (dependency)

nfc: fix refcount leak in llcp_sock_bind()

nfc: fix refcount leak in llcp_sock_connect()

nfc: fix memory leak in llcp_sock_connect()

staging: rtl8188eu: prevent ->ssid overflow in rtw_wx_set_scan()

PCI: rpadlpar: Fix potential drc_name corruption in store functions

btrfs: fix race when cloning extent buffer during rewind of an old

usbip: fix stub_dev to check for stream socket

usbip: fix stub_dev usbip_sockfd_store() races leading to gpf

net: qrtr: fix a kernel-infoleak in qrtr_recvmsg()

firewire: nosy: Fix a use-after-free bug in nosy_ioctl()

netfilter: x_tables: fix compat match/target pad out-of-bound write

gup: document and work around "COW can break either way" issue

bpf: Fix masking negation logic upon negative dst register

sctp: delay auto_asconf init until binding the first addr

bpf: Move off_reg into sanitize_ptr_alu

bpf: Fix backport of "bpf: restrict unknown scalars of mixed signed bounds for unprivileged"

bpf: Ensure off_reg has no mixed signed bounds for all types

bpf: Rework ptr_limit into alu_limit and add common error path

bpf: Refactor and streamline bounds check into helper

bpf: Refactor and streamline bounds check into helper

bpf: Move sanitize_val_alu out of op switch

bpf: Tighten speculative pointer arithmetic mask

bpf: Wrap aux data inside bpf_sanitize_info container

bpf: Fix mask direction swap upon off reg sign change

netfilter: x_tables: Use correct memory barriers.

race condition for removal of the HCI controller.

Bluetooth: verify AMP hci_chan before amp_destroy

Bluetooth: verify AMP hci_chan before amp_destroy (kcare adaptation)

Bluetooth: fix the erroneous flush_work() order

Bluetooth: SMP: Fail if remote and local public keys are identical

Bluetooth: use correct lock to prevent UAF of hdev object

Predictor logic is absent in 4.14.

sctp: validate from_addr_param return

sctp: add size validation when walking chunks

sctp: fix return value check in __sctp_rcv_asconf_lookup

sctp: validate chunk size in __rcv_asconf_lookup

sctp: add param size validation for SCTP_PARAM_SET_PRIMARY

Not easily portable to 4.14.

Not easily portable to 4.14.

KVM: do not allow mapping valid but non-reference-counted pages

ovl: fix missing negative dentry check in ovl_rename()

usb: hso: fix error handling code of hso_create_net_device

bpf: Fix integer overflow in prealloc_elems_and_freelist()

Don't support MIPS arch

crypto: ccp - fix resource leaks in ccp_run_aes_gcm_cmd()

Bluetooth: sco: Fix lock_sock() blockage by memcpy_from_msg()

use init_tag from inithdr for ABORT chunk

fix the processing for COOKIE_ECHO chunk

sctp: add vtag check in sctp_sf_violation

sctp: add vtag check in sctp_sf_do_8_5_1_E_sa

sctp: add vtag check in sctp_sf_ootb

hugetlbfs: flush TLBs correctly after huge_pmd_unshare

fget: check that the fd still exists after getting a ref to it (dependency patch for CVE-2021-4083)

fget: check that the fd still exists after getting a ref to it

xfs: map unwritten blocks in XFS_IOC_{ALLOC,FREE}SP just like fallocate

cgroup-v1: Require capabilities to set release_agent

xen/netback: fix rx queue stall detection

xen/netback: don't queue unlimited number of packages

xen/netback: fix rx queue stall detection (adaptation)

tee: handle lookup of shm with reference count 0

tee: handle lookup of shm with reference count 0 (kpatch adaptation)

An introduction of required changes through KernelCare could cause unavoidable problems to applications which use unprivileged eBPF.

An introduction of required changes through KernelCare could cause unavoidable problems to applications which use unprivileged eBPF.

fuse: fix bad inode

NFSv4: Initialise connection to the server in nfs4_alloc_client()

bpf: fix truncated jump targets on heavy expansions

Not backported to 4.14.

drm/i915: Flush TLBs before releasing backing store

drm/i915: Flush TLBs before releasing backing store (kpatch adaptation)

NFSv4: Handle case where the lookup of a directory fails

tipc: improve size validations for received domain records

udf: Restore i_lenAlloc when inode expansion fails

udf: Fix NULL ptr deref when converting from inline format

lib/iov_iter: initialize "flags" in new pipe_buffer

An introduction of required changes through KernelCare could cause unavoidable problems to applications which use unprivileged eBPF.

Initialize registers to avoid stack leak into userspace.

Bail out in case userspace uses unsupported registers.

nfc: st21nfca: Fix potential buffer overflows in EVT_TRANSACTION

esp: Fix possible buffer overflow in ESP transformation

llc: fix netdevice reference leaks in llc_ui_bind()

xprtrdma: fix incorrect header size calculations

block-map: add __GFP_ZERO flag for alloc_page in function

ext4: verify dir block before splitting it

ext4: make variable "count" signed

ext4: avoid cycles in directory h-tree

perturb functionality missing in kernels earlier than 4.14.285-215.501.amzn2

secure_seq: use the 64 bits of the siphash for port offset

Out of scope - related to PowerPC 32-bit.

Duplicate of CVE-2022-32250

netfilter: nf_tables: disallow non-stateful expression in

xen/blkfront: fix leaking data in shared pages

net: Rename and export copy_skb_header

xen/netfront: fix leaking data in shared pages

xen/netfront: force data bouncing when backend is untrusted

xen/netfront: force data bouncing when backend is untrusted (adaptation)

xen/blkfront: force data bouncing when backend is untrusted

xen/blkfront: force data bouncing when backend is untrusted (adaptation)

Out of scope - ARM architecture.

net: rose: fix UAF bugs caused by timer handler

net: rose: fix UAF bugs caused by timer handler (adaptation)

fbcon: Disallow setting font bigger than screen size

xfrm: xfrm_policy: fix a possible double xfrm_pols_put() in

x86: Clear .brk area at early boot

N/A

[PATCH v4 1/2] ath9k: fix use-after-free in ath9k_hif_usb_rx_cb

KVM: x86: Forbid VMM to set SYNIC/STIMER MSRs when SynIC wasn't activated

KVM: x86: Check lapic_in_kernel() before attempting to set a SynIC irq

KVM: x86: Avoid theoretical NULL pointer dereference in kvm_irq_delivery_to_apic_fast()

KVM: Add infrastructure and macro to mark VM as bugged

KVM: x86: Check lapic_in_kernel() before attempting to set a SynIC irq (adaptation)

UBUNTU: SAUCE: net_sched: cls_route: remove from list when handle is 0

Livepatching Retbleed may decrease the stability and performance of the kernel, while vulnerability has a medium security impact and only for a certain hardware environment.

Livepatching Retbleed may decrease the stability and performance of the kernel, while vulnerability has a medium security impact and only for a certain hardware environment.

netfilter: nf_queue: do not allow packet truncation below transport header offset

r8152: Rate limit overflow messages

nilfs2: fix NULL pointer dereference at nilfs_bmap_lookup_at_level()

nilfs2: fix leak of nilfs_root in case of writer thread creation failure

nilfs2: fix leak of nilfs_root in case of writer thread creation failure

video: fbdev: pxa3xx-gcu: Fix integer overflow in pxa3xx_gcu_write

scsi: stex: Properly zero out the passthrough command structure

media: v4l2-mem2mem: Apply DST_QUEUE_OFF_BASE on MMAP buffers across

Bluetooth: L2CAP: Fix use-after-free caused by l2cap_reassemble_sdu

xen/netback: Ensure protocol headers don't fall in the non-linear area

Bluetooth: L2CAP: Fix u8 overflow

net: sched: disallow noqueue for qdisc classes

ipv6: raw: Deduct extension header length in rawv6_push_pending_frames

net: sched: atm: dont intepret cls results when asked to drop

HID: check empty report_list in hid_validate_values()

net/x25: Fix null-ptr-deref caused by x25_disconnect

Check PTRACE_O_SUSPEND_SECCOMP permission on PTRACE_SEIZE

Reinstate some of "swiotlb: rework "fix info leak with DMA_FROM_DEVICE""

perf: Fix sys_perf_event_open() race against self

net/sched: cls_u32: fix netns refcount changes in u32_change()

fuse: fix pipe buffer lifetime for direct_io

fuse: fix pipe buffer lifetime for direct_io (kpatch adaptation)

af_key: add __GFP_ZERO flag for compose_sadb_supported in function pfkey_register

fix double dev_kfree_skb in error path

fix double dev_kfree_skb() in error path

bpf: Verifer, adjust_scalar_min_max_vals to always call update_reg_bounds()

tty: extract tty_flip_buffer_commit() from tty_flip_buffer_push()

tty: use new tty_insert_flip_string_and_push_buffer() in pty_write()

netfilter: nf_conntrack_irc: Fix forged IP logic

efi: capsule-loader: Fix use-after-free in efi_capsule_write

efi: capsule-loader: Fix use-after-free in efi_capsule_write (adaptation)

af_key: Do not call xfrm_probe_algs in parallel

net: mpls: fix stale pointer if allocation fails during device rename

Complex adaptation is required, mainline retired tcindex.

prlimit: do_prlimit needs to have a speculation check

scsi: iscsi_tcp: Fix UAF during login when accessing the shost ipaddress

USB: ene_usb6250: Allocate enough memory for full object

Fix double fget() in vhost_net_set_backend()

bluetooth: Perform careful capability checks in hci_sock_ioctl()

bluetooth: Add cmd validity checks at the start of hci_sock_ioctl()

xfs: verify buffer contents when we skip log replay

net: sched: cbq: dont intepret cls results when asked to drop

net: qcom/emac: Fix use after free bug in emac_remove due to race condition

i2c: xgene-slimpro: Fix out-of-bounds bug in xgene_slimpro_i2c_xfer()

ext4: add EXT4_INODE_HAS_XATTR_SPACE macro in xattr.h

ext4: fix use-after-free in ext4_xattr_set_entry

net: sched: sch_qfq: prevent slab-out-of-bounds in qfq_activate_agg

netfilter: nf_tables: split set destruction in deactivate and destroy phase

netfilter: nft_hash: fix nft_hash_deactivate

netfilter: nf_tables: bogus EBUSY when deleting set after flush

netfilter: nf_tables: deactivate anonymous set from preparation phase

netfilter: nf_tables: split set destruction in deactivate and destroy phase (adaptation)

netfilter: nf_tables: bogus EBUSY when deleting set after flush (Revert)

netfilter: nf_tables: split set destruction in deactivate and destroy phase

netfilter: nf_tables: split set destruction in deactivate and destroy phase

net: tls: fix possible race condition between

ipvlan:Fix out-of-bounds caused by unclear skb->cb

ext4: avoid a potential slab-out-of-bounds in ext4_group_desc_csum

Re: Possible deadlock detected in Linux 6.2.0 in

netfilter: nf_tables: do not allow RULE_ID to refer to another chain

netfilter: nf_tables: do not allow RULE_ID to refer to another chain

netfilter: nf_tables: do not allow RULE_ID to refer to another chain

netfilter: nf_tables: stricter validation of element data

btrfs: unset reloc control if transaction commit fails in prepare_to_relocate()

btrfs: unset reloc control if transaction commit fails in prepare_to_relocate()

netfilter: nf_tables: incorrect error path handling with NFT_MSG_NEWRULE

netfilter: nf_tables: prevent OOB access in nft_byteorder_eval

net/sched: cls_u32: Fix reference counter leak leading to overflow

net/sched: sch_qfq: account for stab overhead in qfq_enqueue

net/sched: cls_fw: Fix improper refcount update leads to use-after-free

A low priority AMD Inception vulnerability that affects Zen3/Zen4 & relates to RetBleed fixes requiring microcode updates, we can't do much about it in KCare Infra.

gfs2: Don't deref jdesc in evict

This is a low priority CVE & the patch impacts many critical components of the networking subsystem & it requires multiple complex adaptations in those components to avoid losing existing connections on patch/unpatch.

net/sched: cls_route: No longer copy tcf_result on update to avoid

net/sched: cls_u32: No longer copy tcf_result on update to avoid

xfrm: add NULL check in xfrm_update_ae_params

af_unix: Fix null-ptr-deref in unix_stream_sendpage().

net/sched: sch_hfsc: Ensure inner classes have fsc curve

net: sched: sch_qfq: Fix UAF in qfq_dequeue()

net: sched: sch_qfq: Fix UAF in qfq_dequeue() (adaptation)

The patch removes functionality.

An introduction of required changes through KernelCare could cause unavoidable problems to applications which use netfilter functionality.

netfilter: ipset: add the missing IP_SET_HASH_WITH_NET0 macro for ip_set_hash_netportnet.c

fs/jfs: Add a mutex named txEnd_lmLogClose_mutex to prevent a race condition between txEnd and lmLogClose functions

perf: Disallow mis-matched inherited group reads (adaptation)

perf: Disallow mis-matched inherited group reads (adaptation)

vc_screen: move load of struct vc_data pointer in vcs_read() to avoid UAF

drm/qxl: fix UAF on handle creation

ipv4: igmp: fix refcnt uaf issue when receiving igmp query packet

smb: client: fix OOB in smbCalcSize()

netfilter: nf_tables: Reject tables of unsupported family

tty: n_gsm: fix the UAF caused by race condition in gsm_cleanup_mux

perf: Fix perf_event_validate_size()

netfilter: nf_tables: reject QUEUE/DROP verdict parameters

net/rds: Fix UBSAN: array-index-out-of-bounds in rds_cmsg_recv

dm: limit the number of targets and parameter size area

Complex adaptation is required, vendor retired ATA over Ethernet driver.

ext4: fix corruption during on-line resize

sched/membarrier: reduce the ability to hammer on

llc: call sock_orphan() at release time

aoe: fix the potential use-after-free problem in

EDAC/thunderx: Fix possible out-of-bounds string access

drm: Don't unref the same fb many times by mistake due to deadlock

calipso: fix memory leak in netlbl_calipso_add_pass()

netfilter: nf_tables: fix pointer math issue in nft_byteorder_eval()

xen-netback: don't produce zero-size SKB frags

netfilter: nftables: exthdr: fix 4-byte stack OOB write

sched/rt: pick_next_rt_entity(): check list_entry

PCI/PM: Drain runtime-idle callbacks before driver removal

netfilter: nf_tables: disallow anonymous set with timeout

ubi: Check for too small LEB size in VTBL code

netfilter: nf_tables: disallow timeout for anonymous sets

x86/kvm: Disable kvmclock on all CPUs on shutdown

KVM: nVMX: add missing consistency checks for CR0 and CR4

kdb: Fix buffer overflow during tab-complete

virtio: delete vq in vp_find_vqs_msix() when request_irq() fails

netfilter: nfnetlink_queue: acquire rcu_read_lock() in

ipvlan: Dont Use skb->sk in ipvlan_process_v{4,6}_outbound

net: fix __dst_negative_advice() race

netfilter: nf_tables: fully validate NFT_DATA_VALUE on store to data registers

pinctrl: fix deadlock in create_pinctrl() when handling -EPROBE_DEFER

net: relax socket state check at accept time.

filelock: Fix fcntl/close race recovery compat path

USB: core: Fix duplicate endpoint bug by clearing

hfsplus: fix uninit-value in copy_name

fou: Fix null-ptr-deref in GRO.

ima: Fix use-after-free on a dentry's dname.name

driver core: Cast to (void *) with __force for __percpu pointer

devres: Fix memory leakage caused by driver API devm_free_percpu()

netfilter: ctnetlink: use helper function to calculate expect ID

ipv6: prevent UAF in ip6_send_skb()

sch/netem: fix use after free in netem_dequeue

nilfs2: fix use-after-free of nilfs_root in dirtying inodes via iput

nilfs2: fix missing cleanup on rollforward recovery error

hwmon: (adc128d818) Fix underflows seen when writing limit attributes

hwmon: (lm95234) Fix underflows seen when writing limit attributes

hwmon: (nct6775-core) Fix underflows seen when writing limit attributes

hwmon: (w83627ehf) Fix underflows seen when writing limit attributes

btrfs: clean up our handling of refs == 0 in snapshot delete

PCI: Add missing bridge lock to pci_bus_lock()

Input: uinput - reject requests with unreasonable number of slots

Squashfs: sanity check symbolic link size

of/irq: Prevent device address out-of-bounds read in interrupt map walk

VMCI: Fix use-after-free when removing resource in vmci_resource_remove()

nilfs2: protect references to superblock parameters exposed in sysfs

rtmutex: Drop rt_mutex::wait_lock before scheduling

low-scored CVE which inevitably will cause verification conflicts with freezable kthread and cifs reading routines.

x86/xen: Add xenpv_restore_regs_and_return_to_usermode()

N/A

N/A

Restrict access to pagemap/kpageflags/kpagecount

vmx_vcpu_run wrapper

x86/CPU/AMD: Do not leak quotient data after a division by 0

tcp/udp: Fix memory leak in ipv6_renew_options()

Bluetooth: L2CAP: Fix accepting connection request for invalid SPSM

Bluetooth: L2CAP: Fix l2cap_global_chan_by_psm

KVM: nSVM: avoid picking up unsupported bits from L2 in int_ctl

KVM: nSVM: avoid picking up unsupported bits from L2 in int_ctl (adaptation)

KVM: nSVM: always intercept VMLOAD/VMSAVE when nested (CVE-2021-3656)

ovl: prevent private clone if bind mount is not allowed (CVE-2021-3732)

vt_kdsetmode: extend console locking (CVE-2021-3753)

KVM: X86: MMU: Use the correct inherited permissions to get shadow page

KVM: X86: MMU: Use the correct inherited permissions to get shadow page (adaptation)

ext4: fix race writing to an inline_data file while its xattrs are changing