nfsd: stricter decoding of write-like NFSv2/v3 ops

net/packet: fix overflow in check for priv area size

net/packet: fix overflow in check for tp_frame_nr

net/packet: fix overflow in check for tp_reserve

ipv4: try to cache dst_entries which would cause a redirect

net: validate the range we feed to iov_iter_init() in sys_sendto/sys_recvfrom

udf: Verify i_size when loading inode

udf: Check length of extended attributes and allocation descriptors

udf: Remove repeated loads blocksize

HID: hid-cypress: validate length of report

nfsd: check for oversized NFSv2/v3 arguments

posix_acl: Clear SGID bit when setting file permissions

ipv6: fix out of bound writes in __ip6_append_data()

KEYS: Disallow keyrings beginning with '.' to be joined as session keyrings

xfs: fix two memory leaks in xfs_attr_list.c error paths

l2tp: fix racy SOCK_ZAPPED flag check in l2tp_ip{,6}_bind()

xen: fix bio vec merging

Bluetooth: Properly check L2CAP config option output buffer length

packet: fix tp_reserve race in packet_set_ring

ipv6: avoid overflow of offset in ip6_find_1stfragopt

ipv6/dccp: do not inherit ipv6_mc_list from parent

mqueue: fix a use-after-free in sys_mq_notify()

net: tcp: fix 0 divide in __tcp_select_window()

rxrpc: Fix several cases where a padded len isn't checked in ticket decode

uwb: properly check kthread_run return value

ALSA: usb-audio: Check out-of-bounds access by corrupted buffer descriptor

USB: fix out-of-bounds in usb_set_configuration

USB: core: fix out-of-bounds access bug in usb_get_bos_descriptor()

dccp: fix use-after-free (CVE-2017-8824)

ALSA: pcm: prevent UAF in snd_pcm_info

KEYS: don't let add_key() update an uninstantiated key

RDS: Heap OOB write in rds_message_alloc_sgs()

N/A

HID: usbhid: fix out-of-bounds bug

cdc_ether driver: fix possible division by zero exception

Sanitize 'move_pages()' permission checks

media: imon: Fix null-ptr-deref in imon_probe

usb: usbtest: fix NULL pointer dereference

netfilter: ebtables: CONFIG_COMPAT: don't trust userland offsets

etfilter: nfnetlink_cthelper: Add missing permission checks

bluetooth: Validate socket address length in sco_sock_bind()

xfrm: policy: check policy direction value

dm: fix race between dm_get_from_kobject() and __dm_destroy()

mm/mempolicy.c: fix error handling in set_mempolicy and mbind

kernel/exit.c: avoid undefined behaviour when calling wait4()

kernel/signal.c: avoid undefined behaviour in kill_something_info

dccp: check sk for closed state in dccp_sendmsg()

sctp: verify size of a new chunk in _sctp_make_chunk()

drm: udl: Properly check framebuffer mmap offsets

MDS CPU Side-channel Attacks mitigation

binfmt_elf: switch to new creds when switching to new mm

fix NULL pointer dereference via crafted endpoint value for wacom input devices (adaptation like in aiptek, RHBUG - 1283377)

net: qmi_wwan: fix divide by 0 on bad descriptors

KEYS: encrypted: fix buffer overread in valid_master_desc()

USB: hso: Fix OOB memory access in hso_probe/hso_get_config_data

fix buffer overflow in bluetooth hidp ioctl

[net] tcp: pass previous skb to tcp_shifted_skb()

[net] tcp: limit payload size of sacked skbs

[net] tcp: tcp_fragment() should apply sane memory limits

[net] tcp: add tcp_min_snd_mss sysctl

[net] tcp: enforce tcp_min_snd_mss in tcp_mtu_probing()

fix possible NULL pointer dereference via an ioctl (TUNSETIFF) with a dev name containing a / character

vmx_vcpu_run wrapper

Input: gtco - bounds check collection indent level

[x86] x86/speculation: Prepare entry code for Spectre v1 swapgs mitigations

ext4: fix data corruption caused by unaligned direct AIO

floppy: fix out-of-bounds read in copy_buffer

cx24116: fix a buffer overflow when checking userspace params

tcp: purge write queue in tcp_connect_init()

partially fix bypass of the "start time" protection mechanism while fork() (polkit should be updated >0.115)

USB: check usb_get_extra_descriptor for proper size

scsi: sg: fixup infoleak when using SG_GET_REQUEST_TABLE

usb: misc: legousbtower: Fix NULL pointer deference

floppy: fix div-by-zero in setup_format_params

i2c: core-smbus: prevent stack corruption on read I2C_BLOCK_DATA

media: dvb: usb: fix use after free in dvb_usb_device_exit

media: cpia2_usb: first wake up, then free in disconnect

media: usb: zr364xx: fixed NULL pointer dereference in zr364xx_vidioc_querycap()

USB: sisusbvga: fix oops in error path of sisusb_probe

net: sit: fix memory leak in sit_init_net()

ieee802154: enforce CAP_NET_RAW for raw sockets

mISDN: enforce CAP_NET_RAW for raw sockets

fixed memory leak in drivers/scsi/libsas/sas_expander.c

media: b2c2-flexcop-usb: add sanity checking

add function ptr_to_id() in order not to leak kernel layout info

net: qlogic: Fix memory leak in ql_alloc_large_buffers