netfs, fscache: Prevent Oops in fscache_put_cache()

ext4: regenerate buddy after block freeing failed if under fc replay

vhost: use kzalloc() instead of kmalloc() followed by memset()

net: openvswitch: limit the number of recursions from action sets

ubi: Check for too small LEB size in VTBL code

bpf: Fix re-attachment branch in bpf_tracing_prog_attach

x86/fpu: Stop relying on userspace for info to fault in xsave buffer

tcp: make sure init the accept_queue's spinlocks once

media: cec: core: avoid recursive cec_claim_log_addrs kpatch

media: cec: core: avoid recursive cec_claim_log_addrs kpatch

i2c: Fix a potential use after free

of: fdt: fix off-by-one error in unflatten_dt_nodes()

media: pvrusb2: fix use after free on context disconnection

Out of scope as the patch is for powerpc arch only, x86_64 is not affected

EDAC/thunderx: Fix possible out-of-bounds string access

net: ip_tunnel: make sure to pull inner header in ip_tunnel_rcv()

md/raid5: fix atomicity violation in raid5_cache_count

bpf: Reject variable offset alu on PTR_TO_FLOW_KEYS

RDMA/mlx5: Fix fortify source warning while accessing Eth segment

hwmon: (w83791d) Fix NULL pointer dereference by removing unnecessary structure field

x86/fpu: Keep xfd_state in sync with MSR_IA32_XFD

x86/fpu: Keep xfd_state in sync with MSR_IA32_XFD

stm class: Fix a double free in stm_register_device()

net/mlx5: Discard command completions in internal error

USB: core: Fix deadlock in usb_deauthorize_interface()

Out of scope: not affected

drm/amdgpu/mes: fix use-after-free issue

usb: typec: tcpm: fix use-after-free case in tcpm_register_source_caps

USB: core: Fix deadlock in port "disable" sysfs attribute

USB: core: Fix deadlock in port "disable" sysfs attribute

USB: core: Fix deadlock in port "disable" sysfs attribute

net/mlx5: Always stop health timer during driver removal

firmware: cs_dsp: Fix overflow checking of wmfw header

firmware: cs_dsp: Fix overflow checking of wmfw header (adaptation)

filelock: fix potential use-after-free in posix_lock_inode

drm/i915/gt: Fix potential UAF by revoke of fence registers

scsi: mpi3mr: Sanitise num_phys

drm/amdgpu: Using uninitialized value *size when calling amdgpu_vce_cs_reloc

net/iucv: fix use after free in iucv_sock_close()

dev/parport: fix the array out-of-bounds risk

wifi: rtw89: Fix array index mistake in rtw89_sta_info_get_iter()

CVE patch is for powerpc arch only

CVE patch is for powerpc arch only

Out of scope: not affected

net/sched: taprio: proper TCA_TAPRIO_TC_ENTRY_INDEX check

net/sched: taprio: proper TCA_TAPRIO_TC_ENTRY_INDEX check kpatch

minmax: add umin(a, b) and umax(a, b)

swiotlb: Fix double-allocation of slots due to broken alignment handling

octeontx2-af: fix the double free in rvu_npc_freemem()

ALSA: hda: intel-sdw-acpi: fix usage of device_get_named_child_node()

drm/amdgpu: add error handle to avoid out-of-bounds

drm/amdgpu: Fix signedness bug in sdma_v4_0_process_trap_irq()

drm/drm_file: Fix pid refcounting race

Out of scope: not affected

CVE patch is for powerpc arch only

CVE patch is for powerpc arch only

CVE patch is for powerpc arch only

Out of scope as the patch is for powerpc arch only, x86_64 is not affected

include/linux/generic-radix-tree.h: replace kernel.h with the necessary inclusions

lib/generic-radix-tree.c: Don't overflow in peek()

can: isotp: isotp_sendmsg(): add result check for wait_event_interruptible()

can: isotp: isotp_sendmsg(): fix TX buffer concurrent access in isotp_sendmsg()

can: isotp: isotp_sendmsg(): fix TX buffer concurrent access in isotp_sendmsg()

can: isotp: fix error path in isotp_sendmsg() to unlock wait queue

usbnet: sanity check for maxpacket

nvmem: Fix shift-out-of-bound (UBSAN) with byte size cells

arm64/sme: Always exit sme_alloc() early with existing

hwmon: (lm90) Prevent integer overflow/underflow in hysteresis calculations

asix: fix uninit-value in asix_mdio_read()

netfilter: nft_set_pipapo: do not free live element

ACPI: processor_idle: Fix memory leak in acpi_processor_power_exit()

atl1c: Work around the DMA RX overflow issue

atl1c: Work around the DMA RX overflow issue

cachefiles: fix slab-use-after-free in cachefiles_withdraw_cookie()

cachefiles: fix slab-use-after-free in cachefiles_withdraw_cookie()

cachefiles: fix slab-use-after-free in fscache_withdraw_volume()

cachefiles: fix slab-use-after-free in fscache_withdraw_volume()

Bluetooth: btrtl: fix out of bounds memory access

Bluetooth: btrtl: fix out of bounds memory access

CVE patch is for AMD Inception vulnerability related to Speculative Return Stack Overflow (SRSO)

Input: powermate - fix use-after-free in powermate_config_complete

Bluetooth: Fix TOCTOU in HCI debugfs implementation

xsk: validate user input for XDP_{UMEM|COMPLETION}_FILL_RING

mlxsw: spectrum_acl_tcam: Fix memory leak during rehash

filelock: Remove locks reliably when fcntl/close race is detected

Bluetooth: rfcomm: Fix null-ptr-deref in rfcomm_check_security

Bluetooth: rfcomm: Fix null-ptr-deref in rfcomm_check_security

mm/swap: fix race when skipping swapcache

cxl/pci: Fix disabling memory if DVSEC CXL Range does not match a CFMWS window

drm/amd/display: fixed integer types and null check locations

ext4: avoid allocating blocks from corrupted group

ext4: avoid dividing by 0 in mb_update_avg_fragment_size()

mptcp: fix double-free on socket dismantle

iommufd: Fix protection fault in iommufd_test_syz_conv_iova

iommufd: Fix iopt_access_list_id overwrite bug

net: veth: clear GRO when clearing XDP even when down MIME-Version: 1.0

Out of scope: boot time issue

bpf: Guard stack limits against 32bit overflow

of: Fix double free in of_parse_phandle_with_args_map

ALSA: scarlett2: Add clamp() in scarlett2_mixer_ctl_put()

ALSA: scarlett2: Add missing error checks to *_ctl_get()

x86/mm: Ensure input to pfn_to_kaddr() is treated as a 64-bit type

net: atlantic: eliminate double free in error handling logic

drm/vmwgfx: fix a memleak in vmw_gmrid_man_get_node

ASoC: SOF: amd: Fix memory leak in amd_sof_acp_probe()

drm/tegra: rgb: Fix some error handling paths in tegra_dc_rgb_probe()

drm/tegra: rgb: Fix missing clk_put() in the error handling paths of tegra_dc_rgb_probe()

Do not support powerpc build with kasan sanitizer 4a7aee96200ad281a5cc4cf5c7a2e2a49d2b97b0

RDMA/qedr: Fix qedr_create_user_qp error flow

HID: i2c-hid-of: fix NULL-deref on failed power up

HID: i2c-hid-of: fix NULL-deref on failed power up

RDMA/srpt: Support specifying the srpt_service_guid

arp: Prevent overflow in arp_req_get().

md: Don't ignore suspended array in md_check_recovery()

net/sched: act_mirred: use the backlog for mirred ingress

md: Don't ignore read-only array in md_check_recovery()

vt_ioctl: fix array_index_nospec in vt_setactivate

thermal: core: Fix NULL pointer dereference in zone registration error path

ring-buffer: Do not attempt to read past "commit"

thermal/int340x_thermal: handle data_vault when the value is ZERO_SIZE_PTR

bpf: fix check for attempt to corrupt spilled pointer

mfd: syscon: Fix null pointer dereference in of_syscon_register()

Out of scope: not affected

platform/x86: think-lmi: Fix reference leak

drm/amdgpu: Fix possible NULL dereference in amdgpu_ras_query_error_status_helper()

virtio-blk: fix implicit overflow on virtio_max_dma_size

bonding: stop the device in bond_setup_by_slave()

smb: client: fix use-after-free in smb2_query_info_compound()

i2c: core: Run atomic i2c xfer when !preemptible

i2c: core: Fix atomic xfer check for non-preempt config

Bug doesn't hit as enum values are just shifted numbers

crypto: pcrypt - Fix hungtask for PADATA_RESET

scsi: ibmvfc: Remove BUG_ON in the case of an empty event pool

net/smc: avoid data corruption caused by decline

cpu/hotplug: Prevent self deadlock on CPU hot-unplug

cpu/hotplug: Don't offline the last non-isolated CPU

Bluetooth: btusb: Add date->evt_skb is NULL check

Input: synaptics-rmi4 - fix use after free in rmi_unregister_function()

perf: hisi: Fix use-after-free when register pmu fails

pstore/platform: Add check for kstrdup

can: dev: can_put_echo_skb(): don't crash kernel if can_priv::echo_skb is accessed out of bounds

nommu: kernel is not vulnerable. Commit 8220543("nommu: remove uses of VMA linked list") is absent

cachefiles: fix memory leak in cachefiles_add_cache()

geneve: make sure to pull inner header in geneve_rx()

hsr: Fix uninit-value access in hsr_get_node()

NFSv4.2: fix nfs4_listxattr kernel BUG at mm/usercopy.c:102

quota: Fix potential NULL pointer dereference

Bluetooth: hci_core: Fix possible buffer overflow

Current kernel is not vulnerable.

do_sys_name_to_handle(): use kzalloc() to fix kernel-infoleak

x86/sev-es: Allow copy_from_kernel_nofault() in earlier boot

x86/mm: Disallow vsyscall page read for copy_from_kernel_nofault()

drm/amdgpu: Reset IH OVERFLOW_CLEAR bit

tracing/trigger: Fix to return error if failed to alloc snapshot

Live-patching will introduce network performance degradation in the best case scenario, or even some more serious issues. N/A or Low cvss3 score from NVD or vendors.

drm/i915/gt: Reset queue_priority_hint on parking

drm/i915/bios: Tolerate devdata==NULL in intel_bios_encoder_supports_dp_dual_mode()

drm/i915/vma: Fix UAF on destroy against retire race

drm/vmwgfx: Create debugfs ttm_resource_manager entry only if needed

wireguard: netlink: access device through ctx instead of peer

wireguard: netlink: check for dangling peer via is_dead instead of empty list

net: esp: fix bad handling of pages from page_pool

nbd: fix uaf in nbd_open

nbd: fix uaf in nbd_open

Kernel is not vulnerable: commit f2d5dcb4 is absent.

wifi: rtw89: fix null pointer access when abort scan

wifi: rtw89: fix null pointer access when abort scan

dyndbg: fix old BUG_ON in >control parser

drm/client: Fully protect modes[] with dev->mode_config.mutex

net/mlx5e: Fix mlx5e_priv_init() cleanup flow

geneve: fix header validation in geneve[6]_xmit_skb

geneve: Fix incorrect inner network header offset when innerprotoinherit is set

bareudp: Pull inner IP header on xmit

vxlan: Pull inner IP header in vxlan_xmit_one()

keys: Fix overwrite of key expiration on instantiation

USB: core: Fix access violation during port device removal

mlxsw: spectrum_acl_tcam: Fix possible use-after-free during rehash

Not a bug for a real-life RHEL9 setup

EFI Firmware: CVE patch is for EFI firmware which runs at boot time.

Kernel is not affected

Kernel is not affected

CVE patch is for powerpc arch only

tcp: defer shutdown(SEND_SHUTDOWN) for TCP_SYN_RECV sockets

ASoC: SOF: Add some bounds checking to firmware data

tcp_metrics: validate source addr length

net: hsr: remove WARN_ONCE() in send_hsr_supervision_frame()

inet: read sk->sk_family once in inet_recv_error()

Boot time issue

KVM: arm64: Fix circular locking dependency

net: atlantic: Fix DMA mapping for PTP hwts ring

fs/proc: do_task_stat: move thread_group_cputime_adjusted() outside of lock_task_sighand()

fs/proc: do_task_stat: use sig->stats_lock to gather the threads/children stats

ext4: fix double-free of blocks due to wrong

drm/amd/display: Fix MST Null Ptr for RV

ppp_async: limit MRU to 64K

smb: client: fix potential deadlock when releasing mids

drm/amdkfd: Fix lock dependency warning with srcu

The patch for this CVE fixing vulnerability which was introduced in kernel v6.7

PM / devfreq: Synchronize devfreq_monitor_[start/stop]

drm/vmwgfx: Unmap the surface before resetting it on a plane state state

drm/vkms: Avoid reading beyond LUT array

drm/tegra: dsi: Add missing check for of_find_device_by_node

fbdev: Fix invalid page access after closing deferred I/O devices

CVE patch is for powerpc arch only

CVE patch is for powerpc arch only

Out of scope as the patch is for powerpc arch only

mmc: sdio: fix possible resource leaks in some error paths

net/usb: kalmia: Don't pass act_len in usb_bulk_msg error path

ASoC: Intel: sof_sdw_rt_sdca_jack_common: ctx->headset_codec_dev = NULL

calipso: fix memory leak in netlbl_calipso_add_pass()

ALSA: scarlett2: Add missing mutex lock around get meter levels

nfs: fix UAF in direct writes

nfs: fix UAF in direct writes

mm: swap: fix race between free_swap_and_cache() and swapoff()

usb: xhci: Add error handling in xhci_map_urb_for_dma

fat: fix uninitialized field in nostale filehandles

powercap: intel_rapl: Fix a NULL pointer dereference

nouveau: fix instmem race condition around ptr stores

mm/memory-failure: fix deadlock when hugetlb_optimize_vmemmap is enabled

Out of scope as the patch is for vmlinux init sections which are discarded after the boot

arm64: hibernate: Fix level3 translation fault in swsusp_save()

nbd: null check for nla_nest_start

Fix commit isn't present

pstore: inode: Only d_invalidate() is needed

clk: Fix clk_core_get NULL dereference

drm/amdgpu: Fix potential out-of-bounds access in 'amdgpu_discovery_reg_base_init()'

wifi: brcm80211: handle pmk_op allocation failure

ASoC: SOF: ipc4-pcm: Workaround for crashed firmware on system suspend

net: openvswitch: Fix Use-After-Free in ovs_ct_exit

Complex adaptation required. Network services prevents update because they can sleep in subflow_finish_connect() function.

wifi: nl80211: reject iftype change with mesh ID change

rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing back

md/md-bitmap: fix incorrect usage for sb_index

drm/amdgpu: fix deadlock while reading mqd from debugfs

cpumap: Zero-initialise xdp_rxq_info struct before running

ALSA: usb-audio: Stop parsing channels bits when all channels

genirq/cpuhotplug, x86/vector: Prevent vector leak during CPU offline

Kernel is not affected

Bug triggers in kdump kernel which we don't patch

ip6_tunnel: make sure to pull inner header in __ip6_tnl_rcv()

drm/amdgpu: fix use-after-free bug

drm/amd/display: Implement bounds check for stream encoder creation in DCN301

drm/amd/display: Add NULL test for 'timing generator' in 'dcn21_set_pipe()'

drm/amd/display: Fix 'panel_cntl' could be null in 'dcn21_set_backlight_level()'

tipc: Check the bearer type before calling tipc_udp_nl_bearer_add()

net/sched: flower: Fix chain template offload kpatch

Out of scope: not affected

KVM: x86/mmu: Write-protect L2 SPTEs in TDP MMU when clearing dirty status

tun: limit printing rate when illegal packet received by tun dev

netfilter: flowtable: incorrect pppoe tuple

x86/mm/pat: fix VM_PAT handling in COW mappings

smb: client: fix potential UAF in smb2_is_valid_lease_break()

smb: client: fix potential UAF in cifs_dump_full_key()

smb: client: fix potential UAF in smb2_is_valid_oplock_break()

smb: client: fix potential UAF in cifs_stats_proc_show()

of: module: prevent NULL pointer dereference in vsnprintf()

mm/secretmem: fix GUP-fast succeeding on secretmem folios

x86/mce: Make sure to grab mce_sysfs_mutex in set_bank()

ipv6: Fix infinite recursion in fib6_dump_done().

erspan: make sure erspan_base_hdr is present in skb->head

net/sched: fix lockdep splat in qdisc_tree_reduce_backlog()

mptcp: prevent BPF accessing lowat from a subflow socket.

netfilter: nf_tables: reject new basechain after table flag update

bpf: Fix verification of indirect var-off stack access

bpf: Protect against int overflow for stack access size

tls: get psock ref after taking rxlock to avoid leak

wifi: iwlwifi: mvm: rfi: fix potential response leaks

wifi: iwlwifi: mvm: pick the version of SESSION_PROTECTION_NOTIF

It is not possible to fix this vulnerability using kernel livepatching because it lies below the system call level.

Existing kernels aren't affected

Existing kernels aren't affected

soundwire: cadence: fix invalid PDI offset

ALSA: timer: Set lower bound of start tick time

af_unix: Fix data races around sk->sk_shutdown.

af_unix: Fix data races around sk->sk_shutdown.

af_unix: Fix data races in unix_release_sock/unix_stream_sendmsg

ext4: fix mb_cache_entry's e_refcnt leak in ext4_xattr_block_cache_find()

ALSA: Fix deadlocks with kctl removals at disconnection

dmaengine: idxd: Avoid unnecessary destruction of file_ida

ALSA: hda/cs_dsp_ctl: Use private_free for control cleanup

md: fix resync softlockup when bitmap size is less than array size

scsi: qedf: Make qedf_execute_tmf() non-preemptible

drm/nouveau: fix null pointer dereference in nouveau_connector_get_modes

ftruncate: pass a signed offset

pinctrl: fix deadlock in create_pinctrl() when handling -EPROBE_DEFER

wifi: cfg80211: restrict NL80211_ATTR_TXQ_QUANTUM values

wifi: cfg80211: restrict NL80211_ATTR_TXQ_QUANTUM values (Adaptation)

kernel version 5.14 not affected

kernel version 5.14 not affected

kernel version 5.14 not affected

bluetooth/hci: disallow setting handle bigger than HCI_CONN_HANDLE_MAX

netfilter: nf_tables: fully validate NFT_DATA_VALUE on store to data registers

clk: Get runtime PM before walking tree during disable_unused

clk: Get runtime PM before walking tree during disable_unused

mptcp: really cope with fastopen race

Get runtime PM before walking tree for clk_summaryatch-description:

nouveau: lock the client object tree

nouveau: lock the client object tree

Affects only boot __init stage, already booted kernels are not affected

None of the kernels is affected

net/mlx5e: fix a double-free in arfs_create_groups

mptcp: use OPTION_MPTCP_MPJ_SYNACK in subflow_finish_connect()

mlxsw: spectrum_acl_tcam: Fix possible use-after-free during activity update

wifi: mac80211: fix potential sta-link leak

irqchip/gic-v3-its: Prevent double free on error

io_uring: Fix release of pinned pages when __io_uaddr_map fails

smb: client: fix potential UAF in cifs_debug_files_proc_show()

smb: client: fix potential UAF in cifs_signal_cifsd_for_reconnect()

smb: client: fix potential UAF in smb2_is_network_name_deleted()

smb: client: fix potential UAF in is_valid_oplock_break()

net: bridge: switchdev: Skip MDB replays of deferred events on offload

Out of scope as the patch is for i.MX SoC

net: nexthop: Initialize all fields in dumped nexthops

mptcp: pm: Fix uaf in __timer_delete_sync

bpf: Fix overrunning reservations in ringbuf

bpf: Fix overrunning reservations in ringbuf

USB: serial: mos7840: fix crash on resume

USB: serial: mos7840: fix crash on resume

cxl/port: Fix use-after-free, permit out-of-order decoder shutdown

netfilter: nft_payload: sanitize offset and length before calling skb_checksum()

net/smc: fix illegal rmb_desc access in SMC-D connection dump

selinux,smack: don't bypass permissions check in inode_setsecctx hook

net: avoid potential underflow in qdisc_pkt_len_init() with UFO

RDMA/bnxt_re: Fix a bug while setting up Level-2 PBL pages

mptcp: cope racing subflow creation in mptcp_rcv_space_adjust

mlxsw: spectrum_ipip: Fix memory leak when changing remote IPv6 address

perf/aux: Fix AUX buffer serialization

perf/aux: Fix AUX buffer serialization (Adaptation)