dev/parport: fix the array out-of-bounds risk

ipv6: prevent possible NULL deref in fib6_nh_init()

tipc: Return non-zero value from tipc_udp_addr2str() on error

drm/i915/gt: Fix potential UAF by revoke of fence registers

of: module: add buffer overflow check in of_modalias()

nouveau: lock the client object tree

nouveau: lock the client object tree

KVM: Always flush async #PF workqueue when vCPU is being destroyed

KVM: Always flush async #PF workqueue when vCPU is being destroyed

net/mlx5e: Add wrapping for auxiliary_driver op and remove unused args

net/mlx5e: Fix netif state handling

bnxt_re: avoid shift undefined behavior in bnxt_qplib_alloc_init_hwq

r8169: Fix possible ring buffer corruption on fragmented Tx packets.

tipc: force a dst refcount before doing decryption

drm/i915/dpt: Make DPT object unshrinkable

ACPICA: Revert "ACPICA: avoid Info: mapping multiple BARs. Your kernel is fine."

netfilter: nf_tables: prefer nft_chain_validate

ELF: fix kernel.randomize_va_space double read

bpf: Fix overrunning reservations in ringbuf

bpf: Fix overrunning reservations in ringbuf (adaptation)

sctp: Fix null-ptr-deref in reuseport_add_sock().

netfilter: flowtable: initialise extack before use

dmaengine: fix NULL pointer in channel unregistration function

bonding: fix null pointer deref in bond_ipsec_offload_ok

lib/generic-radix-tree.c: Fix rare race in __genradix_ptr_alloc()

bonding: fix xfrm real_dev null pointer dereference

ibmvnic: rename local variable index to bufidx

ibmvnic: Add tx check to prevent skb leak

drm/amdgpu: avoid using null object of framebuffer

netfilter: nf_tables: fully validate NFT_DATA_VALUE on store to data registers

gfs2: Fix NULL pointer dereference in gfs2_log_flush

USB: serial: mos7840: fix crash on resume

USB: serial: mos7840: fix crash on resume kpatch

kobject_uevent: Fix OOB access within zap_modalias_env()

block: initialize integrity buffer to zero before writing it to media

mlxsw: spectrum_acl_erp: Fix object nesting warning

mlxsw: spectrum_acl_erp: Fix object nesting warning kpatch

Out of scope: This CVE modified the __init function which won't be available to patch as it is used during bootup time.

netfilter: nft_set_pipapo: do not free live element

netfilter: nf_tables: Fix potential data-race in __nft_flowtable_type_get()

xprtrdma: fix pointer derefs in error cases of rpcrdma_ep_create

dma-direct: Leak pages on dma_set_decrypted() failure

mm/memcg: minor cleanup for MEM_CGROUP_ID_MAX

mm: memcontrol: fix cannot alloc the maximum memcg ID

memcontrol: ensure memcg acquired by id is properly set up

memcg: protect concurrent access to mem_cgroup_idr

memcg: protect concurrent access to mem_cgroup_idr

Live-patching will introduce network performance degradation in the best case scenario, or even some more serious issues. N/A or Low cvss3 score from NVD or vendors.

Bluetooth: Fix TOCTOU in HCI debugfs implementation

netfilter: nf_conntrack_h323: Add protection for bmp length out of

gso: do not skip outer ip header in case of ipip and net_failover

netfilter: nftables: add helper function to flush set elements

netfilter: nft_set_pipapo: walk over current view on netlink dump

netfilter: nf_tables: missing iterator type in lookup walk

netfilter: nft_set_pipapo: walk over current view on netlink dump

Bluetooth: l2cap: fix null-ptr-deref in l2cap_chan_timeout

bpf: Add BPF_PROG_TYPE_CGROUP_SKB attach type enforcement in BPF_LINK_CREATE

mptcp: pm: Fix uaf in __timer_delete_sync

media: edia: dvbdev: fix a use-after-free

vsock/virtio: Initialization of the dangling pointer occurring in vsk->trans

blk-rq-qos: fix crash on rq_qos_wait vs. rq_qos_wake_function race

netfilter: nf_reject_ipv6: fix potential crash in nf_send_reset6()

selinux,smack: don't bypass permissions check in inode_setsecctx hook

net: avoid potential underflow in qdisc_pkt_len_init() with UFO

xfrm: validate new SA's prefixlen using SA family when sel.family is unset

xfrm: fix one more kernel-infoleak in algo dumping

arm64: Low-score CVE requiring adaptation that is hard to implement; targets very rare hardware

i40e: fix i40e_count_filters() to count only active/new filters

i40e: fix race condition by adding filter's intermediate sync state

i40e: fix race condition by adding filter's intermediate sync state

mptcp: cope racing subflow creation in mptcp_rcv_space_adjust

scsi: core: Fix unremoved procfs host directory regression

media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format

HID: core: zero-initialize the report buffer

ALSA: usb-audio: Fix potential out-of-bound accesses for Extigy and Mbox devices

scsi: megaraid_sas: Fix for a potential deadlock

PPS for embedded GPS devices. Irrelevant for servers.

can: bcm: Fix UAF in bcm_proc_show()

Out of scope: ARM64 architecture isn't supported for current kernel

ALSA: usb-audio: Fix out of bounds reads when finding clock sources

netfilter: ipset: add missing range check in bitmap_ip_uadt

hwmon: (coretemp) fix pci device refcount leak in nv1a_ram_new()

net/mlx5: Always stop health timer during driver removal

net/mlx5e: SHAMPO, Fix invalid WQ linked list unlink

vsock: Keep the binding until socket destruction

vsock: Orphan socket after transport release

wifi: rtw89: Fix array index mistake in rtw89_sta_info_get_iter()

Out of scope: User-mode Linux isn't supported for current kernel

cifs: fix double free race when mount fails in cifs_get_root()

security/keys: fix slab-out-of-bounds in key_task_permission

idpf: fix idpf_vc_core_init error path

ndisc: use RCU protection in ndisc_alloc_skb()

Bluetooth: Fix use after free in hci_send_acl

udf: Fix a slab-out-of-bounds write bug in udf_find_entry()

cifs: potential buffer overflow in handling symlinks

media: uvcvideo: Fix double free in error path

x86/microcode/AMD: Fix out-of-bounds on systems with CPU-less NUMA nodes

net: atm: fix use after free in lec_send()

misc/vmw_vmci: fix an infoleak in vmci_host_do_receive_datagram()

ext4: fix off-by-one error in do_split

ext4: ignore xattrs past end

media: uvcvideo: Remove dangling pointers

media: uvcvideo: Remove dangling pointers

media: uvcvideo: Remove dangling pointers

media: uvcvideo: Remove dangling pointers

tcp/dccp: Don't use timer_pending() in reqsk_queue_unlink().

net: ch9200: fix uninitialised access during mii_nway_restart

sched/fair: Fix potential memory corruption in child_cfs_rq_on_list

wifi: iwlwifi: limit printed string from FW file

ftrace: Fix NULL pointer dereference in is_ftrace_trampoline when ftrace is dead

HID: intel-ish-hid: Fix use-after-free issue in ishtp_hid_remove()

memstick: rtsx_usb_ms: Fix slab-use-after-free in rtsx_usb_ms_drv_remove

ext4: avoid resizing to a partial cluster size

crypto: algif_hash - fix double free in hash_accept

net_sched: hfsc: Fix a UAF vulnerability in class with netem as child qdisc

sch_hfsc: Fix qlen accounting bug when using peek in hfsc_enqueue()

net_sched: hfsc: Address reentrant enqueue adding class to eltree twice

Complex adaptation required. Low impact CVE

can: peak_usb: fix use after free bugs

padata: fix UAF in padata_reorder

ipv6: mcast: extend RCU protection in igmp6_send()

ipv6: mcast: extend RCU protection in igmp6_send()

wifi: rtw88: fix the 'para' buffer size to avoid reading out of bounds

net/ipv6: release expired exception dst cached in socket

Complex adaptation required. High risk of regression.

drm/vkms: Fix use after free and double free on init error

drm/vkms: Fix use after free and double free on init error

net_sched: ets: Fix double list add in class with netem as child qdisc

i2c/designware: Fix an initialization issue

Bluetooth: hci_core: Fix use-after-free in vhci_flush()

udp: Fix memory accounting leak.

i40e: fix MMIO write access to an invalid page in i40e_clear_hw

net/sched: sch_qfq: Fix race condition on qfq_aggregate

net/sched: sch_qfq: Fix race condition on qfq_aggregate

tipc: Fix use-after-free in tipc_conn_close().

RDMA/iwcm: Fix a use-after-free related to destroying CM IDs

RDMA/iwcm: Fix use-after-free of work objects after cm_id destruction

scsi: lpfc: Use memcpy() for BIOS version

bpf: Don't use tnum_range on array range checking for poke descriptors

posix-cpu-timers: fix race between handle_posix_cpu_timers() and posix_cpu_timer_del()

net: usb: smsc75xx: Limit packet length to skb->len

net: usb: smsc75xx: Move packet length check to prevent kernel panic in skb_pull

sch_qfq: make qfq_qlen_notify() idempotent

sch_cbq: make cbq_qlen_notify() idempotent

sch_htb: make htb_qlen_notify() idempotent

sch_htb: make htb_deactivate() idempotent

sch_hfsc: make hfsc_qlen_notify() idempotent

sch_ets: make est_qlen_notify() idempotent

sch_drr: make drr_qlen_notify() idempotent

net/sched: Always pass notifications when child class becomes empty

requires a very complex adaptation

idpf: convert control queue mutex to a spinlock

vsock: Fix transport_* TOCTOU

vsock: Fix transport_* TOCTOU

use uniform permission checks for all mount propagation changes

HID: core: Harden s32ton() against conversion to 0 bits

HID: core: fix shift-out-of-bounds in hid_report_raw_event

sctp: linearize cloned gso packets in sctp_rcv

Out of scope: not affected

net_sched: hfsc: Fix a UAF vulnerability in class handling

Out of scope: not affected

NFS: Fix filehandle bounds checking in nfs_fh_to_dentry()

smb: client: fix use-after-free in cifs_oplock_break

Bluetooth: L2CAP: Fix use-after-free

KVM: SVM: Don't BUG if userspace injects an interrupt with GIF=0

crypto: seqiv - Handle EBUSY correctly

This CVE has been rejected or withdrawn by its CVE Numbering Authority as per NVD website

ALSA: usb-audio: Validate UAC3 cluster segment descriptors

ALSA: usb-audio: Validate UAC3 cluster segment descriptors

Bluetooth: L2CAP: fix "bad unlock balance" in l2cap_disconnect_rsp

efivarfs: Fix slab-out-of-bounds in efivarfs_d_compare

scsi: lpfc: Fix buffer free/clear order in deferred receive path

wifi: cfg80211: sme: cap SSID length in __cfg80211_connect_result()

Bluetooth: Fix potential use-after-free when clear keys

wifi: cfg80211: fix use-after-free in cmp_bss()

wifi: mwifiex: Fix OOB and integer underflow when rx packets

wifi: mwifiex: Fix missed return in oob checks failed path

wifi: mwifiex: Fix OOB and integer underflow when rx packets

wifi: mac80211: check S1G action frame size

fs: fix UAF/GPF bug in nilfs_mdt_destroy

mm: fix zswap writeback race condition

mm: zswap: fix missing folio cleanup in writeback race path

vsock/virtio: Validate length in packet header before skb_put()

NFS: Fix a race when updating an existing write

i40e: fix idx validation in config queues msg

nbd: fix incomplete validation of ioctl arg

smb: client: fix race with concurrent opens in rename(2)

nfsd: handle get_client_locked() failure in nfsd4_setclientid_confirm()

e1000e: fix heap overflow in e1000_set_eeprom

mm/memory-failure: fix VM_BUG_ON_PAGE(PagePoisoned(page)) when unpoison memory

tcp: Clear tcp_sk(sk)->fastopen_rsk in tcp_disconnect().

tcp: Don't call reqsk_fastopen_remove() in tcp_conn_request().

RDMA/rxe: Fix mr->map double free

mm: kmem: fix a NULL pointer dereference in obj_stock_flush_required()

RDMA/rxe: Fix incomplete state save in rxe_requester

sctp: avoid NULL dereference when chunk data buffer is missing

libceph: fix potential use-after-free in have_mon_and_osd_map()

libceph: fix potential use-after-free in have_mon_and_osd_map()

media: rc: fix races with imon_disconnect()

Complex adaptation required.

drm/sched: Fix potential double free in drm_sched_job_add_resv_dependencies

net: atlantic: fix fragment overflow handling in RX path

smb: client: Fix use-after-free in cifs_fill_dirent

smb: client: let recv_done verify data_offset, data_length and remaining_data_length

vsock: Ignore signal/timeout on connect() if already established

drm/vmwgfx: Validate command header size against SVGA_CMD_MAX_DATASIZE

Bluetooth: hci_event: call disconnect callback before deleting conn

ASoC: Intel: bytcr_rt5640: Fix invalid quirk input mapping

tcp: fix a signed-integer-overflow bug in tcp_add_backlog()

Squashfs: check return result of sb_min_blocksize

squashfs: fix memory leak in squashfs_fill_super

Squashfs: check return result of sb_min_blocksize

IB/hfi1: Fix sdma.h tx->num_descs off-by-one error

RDMA/core: Fix "KASAN: slab-use-after-free Read in ib_register_device" problem

RDMA/rxe: Fix slab-use-after-free Read in rxe_queue_cleanup bug

atm: clip: Fix infinite recursive call of clip_push().

usb: core: config: Prevent OOB read in SS endpoint companion parsing

mptcp: fix race condition in mptcp_schedule_work()

fs/proc: fix uaf in proc_readdir_de()

fbdev: bitblit: bound-check glyph index in bit_putcs*

ext4: fix use-after-free in ext4_orphan_cleanup

vsock/vmci: Clear the vmci transport packet properly when initializing it

ALSA: usb-audio: Fix potential overflow of PCM transfer buffer

NFSv4/pNFS: Clear NFS_INO_LAYOUTCOMMIT in pnfs_mark_layout_stateid_invalid

nvme-tcp: fix NULL pointer dereferences in nvmet_tcp_build_pdu_iovec

net: dst: add four helpers to annotate data-races around dst->dev

net: Add locking to protect skb->dev access in ip_output

net: gain ipv4 mtu when mtu is not locked

ipv4: use RCU protection in __ip_rt_update_pmtu()

net: dst: introduce dst->dev_rcu

ipv6: use RCU in ip6_output()

ipv6: use RCU in ip6_xmit()

net: use dst_dev_rcu() in sk_setup_caps()

ipv4: add RCU protection to ip4_dst_hoplimit()

ipv4: use RCU protection in ip_dst_mtu_maybe_forward()

net: use dst_dev_rcu() in sk_setup_caps()

smc: Use __sk_dst_get() and dst_dev_rcu() in smc_clc_prfx_match().

fbdev: Add bounds checking in bit_putcs to fix vmalloc-out-of-bounds

Bluetooth: hci_event: Ignore multiple conn complete events

Bluetooth: hci_event: Fix checking for invalid handle on error status

Bluetooth: hci_sync: Cleanup hci_conn if it cannot be aborted

Bluetooth: hci_sync: Fix UAF on hci_abort_conn_sync

Bluetooth: hci_sync: Fix UAF in hci_disconnect_all_sync

smc: Fix use-after-free in __pnet_find_base_ndev().

mlxsw: spectrum_mr: Fix use-after-free when updating multicast route stats

page_pool: Fix use-after-free in page_pool_recycle_in_ring

net/sched: Enforce that teql can only be used as root qdisc

bridge: mcast: Fix use-after-free during router port configuration

migrate: correct lock ordering for hugetlb file folios

ipv6: BUG() in pskb_expand_head() as part of calipso_skbuff_setattr()

macvlan: fix possible UAF in macvlan_forward_source()

x86 xen add xenpv restore regs and return to usermode

kpatch add alt asm definitions