gfs2: Don't deref jdesc in evict

This is a low priority CVE & the patch impacts many critical components of the networking subsystem & it requires multiple complex adaptations in those components to avoid losing existing connections on patch/unpatch.

net/sched: cls_route: No longer copy tcf_result on update to avoid

net/sched: cls_u32: No longer copy tcf_result on update to avoid

xen/netback: Fix buffer overrun triggered by unusual packet

xfrm: add NULL check in xfrm_update_ae_params

af_unix: Fix null-ptr-deref in unix_stream_sendpage().

net/sched: sch_hfsc: Ensure inner classes have fsc curve

net: sched: sch_qfq: Fix UAF in qfq_dequeue()

net: sched: sch_qfq: Fix UAF in qfq_dequeue() (adaptation)

The patch removes functionality.

An introduction of required changes through KernelCare could cause unavoidable problems to applications which use netfilter functionality.

netfilter: ipset: add the missing IP_SET_HASH_WITH_NET0 macro for ip_set_hash_netportnet.c

xen/events: replace evtchn_rwlock with RCU

xen/events: replace evtchn_rwlock with RCU (adaptation)

fs/jfs: Add a mutex named txEnd_lmLogClose_mutex to prevent a race condition between txEnd and lmLogClose functions

perf: Disallow mis-matched inherited group reads (adaptation)

perf: Disallow mis-matched inherited group reads (adaptation)

vc_screen: move load of struct vc_data pointer in vcs_read() to avoid UAF

drm/qxl: fix UAF on handle creation

ipv4: igmp: fix refcnt uaf issue when receiving igmp query packet

smb: client: fix OOB in smbCalcSize()

netfilter: nf_tables: Reject tables of unsupported family

tty: n_gsm: fix the UAF caused by race condition in gsm_cleanup_mux

perf: Fix perf_event_validate_size()

netfilter: nf_tables: reject QUEUE/DROP verdict parameters

net/rds: Fix UBSAN: array-index-out-of-bounds in rds_cmsg_recv

dm: limit the number of targets and parameter size area

Complex adaptation is required, vendor retired ATA over Ethernet driver.

sched/membarrier: reduce the ability to hammer on

llc: call sock_orphan() at release time

aoe: fix the potential use-after-free problem in

EDAC/thunderx: Fix possible out-of-bounds string access

drm: Don't unref the same fb many times by mistake due to deadlock

calipso: fix memory leak in netlbl_calipso_add_pass()

netfilter: nf_tables: fix pointer math issue in nft_byteorder_eval()

xen-netback: don't produce zero-size SKB frags

netfilter: nftables: exthdr: fix 4-byte stack OOB write

sched/rt: pick_next_rt_entity(): check list_entry

PCI/PM: Drain runtime-idle callbacks before driver removal

netfilter: nf_tables: disallow anonymous set with timeout

ubi: Check for too small LEB size in VTBL code

netfilter: nf_tables: disallow timeout for anonymous sets

x86/kvm: Disable kvmclock on all CPUs on shutdown

KVM: nVMX: add missing consistency checks for CR0 and CR4

kdb: Fix buffer overflow during tab-complete

virtio: delete vq in vp_find_vqs_msix() when request_irq() fails

netfilter: nfnetlink_queue: acquire rcu_read_lock() in

ipvlan: Dont Use skb->sk in ipvlan_process_v{4,6}_outbound

net: fix __dst_negative_advice() race

netfilter: nf_tables: fully validate NFT_DATA_VALUE on store to data registers

pinctrl: fix deadlock in create_pinctrl() when handling -EPROBE_DEFER

ima: Fix use-after-free on a dentry's dname.name

x86/xen: Add xenpv_restore_regs_and_return_to_usermode()

N/A

N/A

Restrict access to pagemap/kpageflags/kpagecount

vmx_vcpu_run wrapper

x86/CPU/AMD: Do not leak quotient data after a division by 0