x86/speculation: Prevent rogue cross-process SSBD shutdown

x86/speculation: Change misspelled STIPB to STIBP

x86/speculation: Avoid force-disabling IBPB based on STIBP and enhanced IBRS.

x86/speculation: PR_SPEC_FORCE_DISABLE enforcement for indirect branches.

x86/speculation: Avoid force-disabling IBPB based on STIBP and enhanced IBRS. (kpatch adaptation)

N/A

x86/speculation: Add Special Register Buffer Data Sampling (SRBDS) mitigation

include/linux/relay.h: fix percpu annotation in struct rchan

mm: Fix mremap not considering huge pmd devmap

fs/binfmt_elf.c: allocate initialized memory in fill_thread_core_info()

fix possible deadlock with mutex within SCSI libsas (adaptation)

xfs: set format back to extents if xfs_bmap_extents_to_btree

net: phy: mdio-bcm-unimac: fix potential NULL dereference in unimac_mdio_probe()

crypto: ccp - Release all allocated memory if sha type is invalid

media: rc: prevent memory leak in cx23888_ir_probe

iio: imu: adis16400: fix memory leak

ath9k_htc: release allocated buffer if timed out

ath9k: release allocated buffer if timed out

x86/kvm: Be careful not to clear KVM_VCPU_FLUSH_TLB bit

x86/kvm: Be careful not to clear KVM_VCPU_FLUSH_TLB bit

f2fs: check if file namelen exceeds max value

xfs: add agf freeblocks verify in xfs_agf_verify

btrfs: merge btrfs_find_device and find_device

net/packet: fix overflow in tpacket_rcv

ext4: fix potential negative array index in do_split()

Fix for missing check in vgacon scrollback handling

netfilter: ctnetlink: add a range check for l3/l4 protonum

nfs: Fix getxattr kernel panic and memory overflow

mm/hugetlb: fix a race between hugetlb sysctl handlers

fbcon: remove soft scrollback code

fbcon: remove soft scrollback code (adaptation)

rbd: require global CAP_SYS_ADMIN for mapping and unmapping

hdlc_ppp: add range checks in ppp_cp_parse_cr()

geneve: add transport ports in route lookup for geneve

[net] Bluetooth: L2CAP: Fix calling sk_filter on non-socket based channel

[net] Bluetooth: A2MP: Fix not initializing all members

icmp: randomize the global rate limiter

blktrace: ensure our debugfs dir exists

Blktrace: bail out early if block debugfs is not configured

blktrace: fix debugfs use after free

perf/core: Fix race in the perf_mmap_close() function

vt: keyboard, simplify vt_kdgkbsent

vt: keyboard, extend func_buf_lock to readers

tty: make FONTX ioctl use the tty pointer they were actually passed

Input: sunkbd - avoid use-after-free in teardown paths

powercap: make attributes only readable by root

powercap: make attributes only readable by root (adaptation)

perf/core: Fix a memory leak in perf_event_parse_addr_filter()

vt: Disable KD_FONT_OP_COPY

speakup: Do not let the line discipline be used several times

xen/events: avoid removing an event channel while handling it

btrfs: inode: Verify inode mode to avoid NULL pointer dereference

jfs: Fix array index bounds check in dbAdjTree

limit size of watch_events dom0 queue.

handle xenwatch_thread patching.

xen-blkback: set ring->xenblkd to NULL after kthread_stop()

tty: Fix ->pgrp locking in tiocspgrp()

tty: Fix ->session locking

[PATCH] tracing: Fix race in trace_open and buffer resize call

UBUNTU: SAUCE: target: fix XCOPY NAA identifier lookup

UBUNTU: SAUCE: target: fix XCOPY NAA identifier lookup (adaptation )

nfsd4: readdirplus shouldn't return parent of export

futex: Ensure the correct return value from futex_lock_pi

futex: Simplify fixup_pi_state_owner

futex: Replace pointless printk in fixup_owner

futex: Provide and use pi_state_update_owner

futex: Handle faults correctly for PI futexes

nbd: freeze the queue while we're adding connections

Xen/x86: don't bail early from clear_foreign_p2m_mapping()

Xen/x86: also check kernel mapping in set_foreign_p2m_mapping()

Xen/gntdev: correct dev_bus_addr handling in gntdev_map_grant_pages()

Xen/gntdev: correct error checking in gntdev_map_grant_pages()

xen-blkback: don't "handle" error by BUG()

xen-netback: don't "handle" error by BUG()

xen-scsiback: don't "handle" error by BUG()

xen-blkback: fix error handling in xen_blkbk_map()

Xen/gnttab: handle p2m update errors on a per-slot basis

xen-netback: respect gnttab_map_refs()'s return value

scsi: iscsi: Restrict sessions and handles to admin capabilities

sysfs: Add sysfs_emit and sysfs_emit_at to format sysfs output

scsi: iscsi: Ensure sysfs attributes are limited to PAGE_SIZE

scsi: iscsi: Verify lengths on passthrough PDUs

bpf: Prohibit alu ops for pointer types not defining ptr_limit

bpf: Fix off-by-one for area size in creating mask to left

bpf: Simplify alu_limit masking for pointer arithmetic

bpf: Add sanity check for upper ptr_limit

bpf, x86: Validate computation of branch displacements for x86-64

nfc: fix refcount leak in llcp_sock_bind()

nfc: fix refcount leak in llcp_sock_connect()

nfc: fix memory leak in llcp_sock_connect()

staging: rtl8188eu: prevent ->ssid overflow in rtw_wx_set_scan()

PCI: rpadlpar: Fix potential drc_name corruption in store functions

btrfs: fix race when cloning extent buffer during rewind of an old

usbip: fix stub_dev to check for stream socket

usbip: fix stub_dev usbip_sockfd_store() races leading to gpf

net: qrtr: fix a kernel-infoleak in qrtr_recvmsg()

firewire: nosy: Fix a use-after-free bug in nosy_ioctl()

netfilter: x_tables: fix compat match/target pad out-of-bound write

gup: document and work around "COW can break either way" issue

bpf: Fix masking negation logic upon negative dst register

sctp: delay auto_asconf init until binding the first addr

bpf: Move off_reg into sanitize_ptr_alu

bpf: Fix backport of "bpf: restrict unknown scalars of mixed signed bounds for unprivileged"

bpf: Ensure off_reg has no mixed signed bounds for all types

bpf: Rework ptr_limit into alu_limit and add common error path

bpf: Refactor and streamline bounds check into helper

bpf: Refactor and streamline bounds check into helper

bpf: Move sanitize_val_alu out of op switch

bpf: Tighten speculative pointer arithmetic mask

bpf: Wrap aux data inside bpf_sanitize_info container

bpf: Fix mask direction swap upon off reg sign change

netfilter: x_tables: Use correct memory barriers.

race condition for removal of the HCI controller.

Bluetooth: verify AMP hci_chan before amp_destroy

Bluetooth: verify AMP hci_chan before amp_destroy (kcare adaptation)

Bluetooth: fix the erroneous flush_work() order

Bluetooth: SMP: Fail if remote and local public keys are identical

Bluetooth: use correct lock to prevent UAF of hdev object

Predictor logic is absent in 4.14.

sctp: validate from_addr_param return

sctp: add size validation when walking chunks

sctp: fix return value check in __sctp_rcv_asconf_lookup

sctp: validate chunk size in __rcv_asconf_lookup

sctp: add param size validation for SCTP_PARAM_SET_PRIMARY

Not easily portable to 4.14.

Not easily portable to 4.14.

KVM: do not allow mapping valid but non-reference-counted pages

ovl: fix missing negative dentry check in ovl_rename()

usb: hso: fix error handling code of hso_create_net_device

bpf: Fix integer overflow in prealloc_elems_and_freelist()

Don't support MIPS arch

crypto: ccp - fix resource leaks in ccp_run_aes_gcm_cmd()

Bluetooth: sco: Fix lock_sock() blockage by memcpy_from_msg()

use init_tag from inithdr for ABORT chunk

fix the processing for COOKIE_ECHO chunk

sctp: add vtag check in sctp_sf_violation

sctp: add vtag check in sctp_sf_do_8_5_1_E_sa

sctp: add vtag check in sctp_sf_ootb

hugetlbfs: flush TLBs correctly after huge_pmd_unshare

fget: check that the fd still exists after getting a ref to it (dependency patch for CVE-2021-4083)

fget: check that the fd still exists after getting a ref to it

xfs: map unwritten blocks in XFS_IOC_{ALLOC,FREE}SP just like fallocate

cgroup-v1: Require capabilities to set release_agent

xen/netback: fix rx queue stall detection

xen/netback: don't queue unlimited number of packages

xen/netback: fix rx queue stall detection (adaptation)

tee: handle lookup of shm with reference count 0

tee: handle lookup of shm with reference count 0 (kpatch adaptation)

An introduction of required changes through KernelCare could cause unavoidable problems to applications which use unprivileged eBPF.

An introduction of required changes through KernelCare could cause unavoidable problems to applications which use unprivileged eBPF.

fuse: fix bad inode

NFSv4: Initialise connection to the server in nfs4_alloc_client()

bpf: fix truncated jump targets on heavy expansions

Not backported to 4.14.

drm/i915: Flush TLBs before releasing backing store

drm/i915: Flush TLBs before releasing backing store (kpatch adaptation)

NFSv4: Handle case where the lookup of a directory fails

tipc: improve size validations for received domain records

udf: Restore i_lenAlloc when inode expansion fails

udf: Fix NULL ptr deref when converting from inline format

lib/iov_iter: initialize "flags" in new pipe_buffer

An introduction of required changes through KernelCare could cause unavoidable problems to applications which use unprivileged eBPF.

Initialize registers to avoid stack leak into userspace.

Bail out in case userspace uses unsupported registers.

nfc: st21nfca: Fix potential buffer overflows in EVT_TRANSACTION

esp: Fix possible buffer overflow in ESP transformation

llc: fix netdevice reference leaks in llc_ui_bind()

xprtrdma: fix incorrect header size calculations

block-map: add __GFP_ZERO flag for alloc_page in function

ext4: verify dir block before splitting it

ext4: make variable "count" signed

ext4: avoid cycles in directory h-tree

perturb functionality missing in kernels earlier than 4.14.285-215.501.amzn2

secure_seq: use the 64 bits of the siphash for port offset

Out of scope - related to PowerPC 32-bit.

Duplicate of CVE-2022-32250

netfilter: nf_tables: disallow non-stateful expression in

xen/blkfront: fix leaking data in shared pages

net: Rename and export copy_skb_header

xen/netfront: fix leaking data in shared pages

xen/netfront: force data bouncing when backend is untrusted

xen/netfront: force data bouncing when backend is untrusted (adaptation)

xen/blkfront: force data bouncing when backend is untrusted

xen/blkfront: force data bouncing when backend is untrusted (adaptation)

Out of scope - ARM architecture.

net: rose: fix UAF bugs caused by timer handler

net: rose: fix UAF bugs caused by timer handler (adaptation)

mm/slub: add missing TID updates on slab deactivation

usbnet: fix memory leak in error case

icmp: Fix data-races around sysctl.

tcp: Fix a data-race around sysctl_tcp_probe_threshold.

igmp: Fix data-races around sysctl_igmp_llm_reports.

mm/mempolicy: fix uninit-value in mpol_rebind_policy()

Affects only boot __init stage, already booted kernels are not affected

Already fixed in the existing kernels.

Already fixed in the existing kernels.

fbcon: Disallow setting font bigger than screen size

xfrm: xfrm_policy: fix a possible double xfrm_pols_put() in

x86: Clear .brk area at early boot

N/A

[PATCH v4 1/2] ath9k: fix use-after-free in ath9k_hif_usb_rx_cb

KVM: x86: Forbid VMM to set SYNIC/STIMER MSRs when SynIC wasn't activated

KVM: x86: Check lapic_in_kernel() before attempting to set a SynIC irq

KVM: x86: Avoid theoretical NULL pointer dereference in kvm_irq_delivery_to_apic_fast()

KVM: Add infrastructure and macro to mark VM as bugged

KVM: x86: Check lapic_in_kernel() before attempting to set a SynIC irq (adaptation)

UBUNTU: SAUCE: net_sched: cls_route: remove from list when handle is 0

Livepatching Retbleed may decrease the stability and performance of the kernel, while vulnerability has a medium security impact and only for a certain hardware environment.

Livepatching Retbleed may decrease the stability and performance of the kernel, while vulnerability has a medium security impact and only for a certain hardware environment.

netfilter: nf_queue: do not allow packet truncation below transport header offset

r8152: Rate limit overflow messages

nilfs2: fix NULL pointer dereference at nilfs_bmap_lookup_at_level()

nilfs2: fix leak of nilfs_root in case of writer thread creation failure

nilfs2: fix leak of nilfs_root in case of writer thread creation failure

video: fbdev: pxa3xx-gcu: Fix integer overflow in pxa3xx_gcu_write

scsi: stex: Properly zero out the passthrough command structure

media: v4l2-mem2mem: Apply DST_QUEUE_OFF_BASE on MMAP buffers across

Bluetooth: L2CAP: Fix use-after-free caused by l2cap_reassemble_sdu

xen/netback: Ensure protocol headers don't fall in the non-linear area

Bluetooth: L2CAP: Fix u8 overflow

net: sched: disallow noqueue for qdisc classes

ipv6: raw: Deduct extension header length in rawv6_push_pending_frames

net: sched: atm: dont intepret cls results when asked to drop

dmaengine: Fix double increment of client_count in dma_chan_get()

HID: check empty report_list in hid_validate_values()

net/x25: Fix null-ptr-deref caused by x25_disconnect

Check PTRACE_O_SUSPEND_SECCOMP permission on PTRACE_SEIZE

Reinstate some of "swiotlb: rework "fix info leak with DMA_FROM_DEVICE""

perf: Fix sys_perf_event_open() race against self

net/sched: cls_u32: fix netns refcount changes in u32_change()

fuse: fix pipe buffer lifetime for direct_io

fuse: fix pipe buffer lifetime for direct_io (kpatch adaptation)

af_key: add __GFP_ZERO flag for compose_sadb_supported in function pfkey_register

fix double dev_kfree_skb in error path

fix double dev_kfree_skb() in error path

bpf: Verifer, adjust_scalar_min_max_vals to always call update_reg_bounds()

tty: extract tty_flip_buffer_commit() from tty_flip_buffer_push()

tty: use new tty_insert_flip_string_and_push_buffer() in pty_write()

netfilter: nf_conntrack_irc: Fix forged IP logic

efi: capsule-loader: Fix use-after-free in efi_capsule_write

efi: capsule-loader: Fix use-after-free in efi_capsule_write (adaptation)

af_key: Do not call xfrm_probe_algs in parallel

net: mpls: fix stale pointer if allocation fails during device rename

Complex adaptation is required, mainline retired tcindex.

prlimit: do_prlimit needs to have a speculation check

scsi: iscsi_tcp: Fix UAF during login when accessing the shost ipaddress

USB: ene_usb6250: Allocate enough memory for full object

Fix double fget() in vhost_net_set_backend()

bluetooth: Perform careful capability checks in hci_sock_ioctl()

bluetooth: Add cmd validity checks at the start of hci_sock_ioctl()

xfs: verify buffer contents when we skip log replay

net: sched: cbq: dont intepret cls results when asked to drop

net: qcom/emac: Fix use after free bug in emac_remove due to race condition

i2c: xgene-slimpro: Fix out-of-bounds bug in xgene_slimpro_i2c_xfer()

ext4: add EXT4_INODE_HAS_XATTR_SPACE macro in xattr.h

ext4: fix use-after-free in ext4_xattr_set_entry

net: sched: sch_qfq: prevent slab-out-of-bounds in qfq_activate_agg

netfilter: nf_tables: split set destruction in deactivate and destroy phase

netfilter: nft_hash: fix nft_hash_deactivate

netfilter: nf_tables: bogus EBUSY when deleting set after flush

netfilter: nf_tables: deactivate anonymous set from preparation phase

netfilter: nf_tables: split set destruction in deactivate and destroy phase (adaptation)

netfilter: nf_tables: bogus EBUSY when deleting set after flush (Revert)

netfilter: nf_tables: split set destruction in deactivate and destroy phase

netfilter: nf_tables: split set destruction in deactivate and destroy phase

net: tls: fix possible race condition between

ipvlan:Fix out-of-bounds caused by unclear skb->cb

ext4: avoid a potential slab-out-of-bounds in ext4_group_desc_csum

Re: Possible deadlock detected in Linux 6.2.0 in

netfilter: nf_tables: do not allow RULE_ID to refer to another chain

netfilter: nf_tables: do not allow RULE_ID to refer to another chain

netfilter: nf_tables: do not allow RULE_ID to refer to another chain

netfilter: nf_tables: stricter validation of element data

btrfs: unset reloc control if transaction commit fails in prepare_to_relocate()

btrfs: unset reloc control if transaction commit fails in prepare_to_relocate()

netfilter: nf_tables: incorrect error path handling with NFT_MSG_NEWRULE

netfilter: nf_tables: prevent OOB access in nft_byteorder_eval

net/sched: cls_u32: Fix reference counter leak leading to overflow

net/sched: sch_qfq: account for stab overhead in qfq_enqueue

net/sched: cls_fw: Fix improper refcount update leads to use-after-free

A low priority AMD Inception vulnerability that affects Zen3/Zen4 & relates to RetBleed fixes requiring microcode updates, we can't do much about it in KCare Infra.

gfs2: Don't deref jdesc in evict

This is a low priority CVE & the patch impacts many critical components of the networking subsystem & it requires multiple complex adaptations in those components to avoid losing existing connections on patch/unpatch.

net/sched: cls_route: No longer copy tcf_result on update to avoid

net/sched: cls_u32: No longer copy tcf_result on update to avoid

xfrm: add NULL check in xfrm_update_ae_params

af_unix: Fix null-ptr-deref in unix_stream_sendpage().

net/sched: sch_hfsc: Ensure inner classes have fsc curve

net: sched: sch_qfq: Fix UAF in qfq_dequeue()

net: sched: sch_qfq: Fix UAF in qfq_dequeue() (adaptation)

The patch removes functionality.

An introduction of required changes through KernelCare could cause unavoidable problems to applications which use netfilter functionality.

netfilter: ipset: add the missing IP_SET_HASH_WITH_NET0 macro for ip_set_hash_netportnet.c

fs/jfs: Add a mutex named txEnd_lmLogClose_mutex to prevent a race condition between txEnd and lmLogClose functions

perf: Disallow mis-matched inherited group reads (adaptation)

perf: Disallow mis-matched inherited group reads (adaptation)

thermal: core: prevent potential string overflow

drm/radeon: possible buffer overflow

llc: verify mac len before reading mac header

tipc: Change nla_policy for bearer-related names to NLA_NUL_STRING

tipc: Change nla_policy for bearer-related names to NLA_NUL_STRING

vc_screen: move load of struct vc_data pointer in vcs_read() to avoid UAF

drm/qxl: fix UAF on handle creation

ipv4: igmp: fix refcnt uaf issue when receiving igmp query packet

smb: client: fix OOB in smbCalcSize()

netfilter: nf_tables: Reject tables of unsupported family

tty: n_gsm: fix the UAF caused by race condition in gsm_cleanup_mux

perf: Fix perf_event_validate_size()

netfilter: nf_tables: reject QUEUE/DROP verdict parameters

net/rds: Fix UBSAN: array-index-out-of-bounds in rds_cmsg_recv

dm: limit the number of targets and parameter size area

Complex adaptation is required, vendor retired ATA over Ethernet driver.

ext4: fix corruption during on-line resize

sched/membarrier: reduce the ability to hammer on

llc: call sock_orphan() at release time

aoe: fix the potential use-after-free problem in

EDAC/thunderx: Fix possible out-of-bounds string access

drm: Don't unref the same fb many times by mistake due to deadlock

calipso: fix memory leak in netlbl_calipso_add_pass()

netfilter: nf_tables: fix pointer math issue in nft_byteorder_eval()

xen-netback: don't produce zero-size SKB frags

netfilter: nftables: exthdr: fix 4-byte stack OOB write

sched/rt: pick_next_rt_entity(): check list_entry

PCI/PM: Drain runtime-idle callbacks before driver removal

netfilter: nf_tables: disallow anonymous set with timeout

ubi: Check for too small LEB size in VTBL code

netfilter: nf_tables: disallow timeout for anonymous sets

x86/kvm: Disable kvmclock on all CPUs on shutdown

KVM: nVMX: add missing consistency checks for CR0 and CR4

kdb: Fix buffer overflow during tab-complete

virtio: delete vq in vp_find_vqs_msix() when request_irq() fails

netfilter: nfnetlink_queue: acquire rcu_read_lock() in

ipvlan: Dont Use skb->sk in ipvlan_process_v{4,6}_outbound

net: fix __dst_negative_advice() race

netfilter: nf_tables: fully validate NFT_DATA_VALUE on store to data registers

pinctrl: fix deadlock in create_pinctrl() when handling -EPROBE_DEFER

net: relax socket state check at accept time.

filelock: Fix fcntl/close race recovery compat path

USB: core: Fix duplicate endpoint bug by clearing

hfsplus: fix uninit-value in copy_name

bonding: Fix out-of-bounds read in bond_option_arp_ip_targets_set()

nilfs2: add missing check for inode numbers on directory entries

bnx2x: Fix multiple UBSAN array-index-out-of-bounds

fou: Fix null-ptr-deref in GRO.

ima: Fix use-after-free on a dentry's dname.name

netfilter: ctnetlink: use helper function to calculate expect ID

RDMA/iwcm: Fix a use-after-free related to destroying CM IDs

tipc: Return non-zero value from tipc_udp_addr2str() on error

driver core: Cast to (void *) with __force for __percpu pointer

devres: Fix memory leakage caused by driver API devm_free_percpu()

exec: Fix ToCToU between perm check and set-uid/gid usage

ipv6: prevent UAF in ip6_send_skb()

sch/netem: fix use after free in netem_dequeue

nilfs2: fix use-after-free of nilfs_root in dirtying inodes via iput

nilfs2: fix missing cleanup on rollforward recovery error

hwmon: (adc128d818) Fix underflows seen when writing limit attributes

hwmon: (lm95234) Fix underflows seen when writing limit attributes

hwmon: (nct6775-core) Fix underflows seen when writing limit attributes

hwmon: (w83627ehf) Fix underflows seen when writing limit attributes

btrfs: clean up our handling of refs == 0 in snapshot delete

PCI: Add missing bridge lock to pci_bus_lock()

Input: uinput - reject requests with unreasonable number of slots

Squashfs: sanity check symbolic link size

of/irq: Prevent device address out-of-bounds read in interrupt map walk

VMCI: Fix use-after-free when removing resource in vmci_resource_remove()

nilfs2: protect references to superblock parameters exposed in sysfs

rtmutex: Drop rt_mutex::wait_lock before scheduling

low-scored CVE which inevitably will cause verification conflicts with freezable kthread and cifs reading routines.

firmware_loader: Block path traversal

net/xen-netback: prevent UAF in xenvif_flush_hash()

uprobe: avoid out-of-bounds memory access of fetching args

net/ipv6: avoid possible UAF in ip6_route_mpath_notify()

nilfs2: fix kernel bug due to missing clearing of checked flag

ext4: return error on ext4_find_inline_entry

ext4: avoid OOB when system.data xattr changes underneath the filesystem

ext4: fix bug on in ext4_es_cache_extent as ext4_split_extent_at failed

ext4: avoid ext4_error()'s caused by ENOMEM in the truncate path

ext4: fix slab-use-after-free in ext4_split_extent_at()

ACPI: sysfs: validate return type of _STR method

driver core: bus: Fix double free in driver API bus_register()

dm cache: fix out-of-bounds access to the dirty bitset when resizing

ppp: fix ppp_async_encode() illegal access

udf: fix uninit-value use in udf_get_fileshortad

scsi: sg: Fix slab-use-after-free read in sg_release()

tipc: guard against string buffer overrun

tipc: fix use-after-free in tipc_bcast_get_mode

tipc: wait and exit until all work queues are done

tipc: wait and exit until all work queues are done

tipc: Fix use-after-free of kernel socket in cleanup_bearer().

ext4: fix timer use-after-free on failed mount

pfifo_tail_enqueue: Drop new packet when sch->limit == 0

HID: core: zero-initialize the report buffer

net/sched: stop qdisc_tree_reduce_backlog on TC_H_ROOT

net: defer final 'struct net' free in netns dismantle

net: defer final 'struct net' free in netns dismantle

btrfs: fix use-after-free when attempting to join an aborted transaction

nbd: don't allow reconnect after disconnect

block, bfq: don't move oom_bfqq

macsec: fix UAF bug for real_dev

macsec: fix UAF bug for real_dev

block: Fix handling of offline queues in blk_mq_alloc_request_hctx()

ext4: aovid use-after-free in ext4_ext_insert_extent()

hv_sock: Initializing vsk->trans to NULL to prevent a dangling pointer

PPS for embedded GPS devices. Irrelevant for servers.

slip: make slhc_remember() more robust against malicious packets

netfilter: x_tables: fix LED ID check in led_tg_check()

geneve: Fix use-after-free in geneve_find_dev().

geneve: Suppress list corruption splat in geneve_exit_net().

scsi: iscsi_tcp: Fix UAF during logout when accessing the shost ipaddress

mm: call the security_mmap_file() LSM hook in remap_file_pages()

mm: split critical region in remap_file_pages() and invoke LSMs in between

ext4: fix double brelse() the buffer of the extents path

vrf: use RCU protection in l3mdev_l3_out()

nfsd: clear acl_access/acl_default after releasing them

dm cache: fix potential out-of-bounds access on the first resume

security/keys: fix slab-out-of-bounds in key_task_permission

net: do not delay dst_entries_add() in dst_release()

vlan: enforce underlying device type

blk-throttle: Set BIO_THROTTLED when bio has been throttled

btrfs: do not clean up repair bio if submit fails

bfq: Update cgroup information before merging bio

net: atm: fix use after free in lec_send()

nilfs2: do not force clear folio if buffer is referenced

KVM: Explicitly verify target vCPU is online in kvm_get_vcpu()

NFSv4.0: Fix a use-after-free problem in the asynchronous open()

RDMA/iwcm: Fix WARNING:at_kernel/workqueue.c:#check_flush_dependency

RDMA/iwcm: Fix WARNING:at_kernel/workqueue.c:#check_flush_dependency kpatch

x86/xen: Add xenpv_restore_regs_and_return_to_usermode()

N/A

N/A

Restrict access to pagemap/kpageflags/kpagecount

vmx_vcpu_run wrapper

x86/CPU/AMD: Do not leak quotient data after a division by 0

tcp/udp: Fix memory leak in ipv6_renew_options()

Bluetooth: L2CAP: Fix accepting connection request for invalid SPSM

Bluetooth: L2CAP: Fix l2cap_global_chan_by_psm

KVM: nSVM: avoid picking up unsupported bits from L2 in int_ctl

KVM: nSVM: avoid picking up unsupported bits from L2 in int_ctl (adaptation)

KVM: nSVM: always intercept VMLOAD/VMSAVE when nested (CVE-2021-3656)

ovl: prevent private clone if bind mount is not allowed (CVE-2021-3732)

vt_kdsetmode: extend console locking (CVE-2021-3753)

KVM: X86: MMU: Use the correct inherited permissions to get shadow page

KVM: X86: MMU: Use the correct inherited permissions to get shadow page (adaptation)

ext4: fix race writing to an inline_data file while its xattrs are changing