[netdrv] brcmfmac: add subtype check for event handling in data path

[usb] check usb_get_extra_descriptor for proper size

[usb] hso: Fix OOB memory access in hso_probe/hso_get_config_data

[x86] insn-eval: Fix use-after-free access to LDT entry

[net] bluetooth: hidp: fix buffer overflow

[block] floppy: fix out-of-bounds read in copy_buffer

[sound] ALSA: info: Fix racy addition/deletion of nodes

[sound] ALSA: core: Fix card races between register and disconnect

[sound] ALSA: line6: Fix write on zero-sized buffer

[sound] ALSA: line6: Fix memory leak at line6_init_pcm() error path

[net] tun: call dev_get_valid_name() before register_netdevice()

[net] tun: allow positive return values on dev_get_valid_name() call

[fs] dcache: allow word-at-a-time name hashing with big-endian CPUs

[lib] siphash: add cryptographically secure PRF

[net] inet: switch IP ID generator to siphash

[security] KEYS: Strip trailing spaces

[security] KEYS: remove unnecessary get/put of explicit dest_keyring

[security] KEYS: add missing permission check for request_key() destination

[drm] drm/edid: Fix a missing-check bug in drm_load_edid_firmware()

binfmt_elf: switch to new creds when switching to new mm

[kernel] perf/core: Fix perf_event_open() vs. execve() race

[net] sysfs: Fix mem leak in netdev_register_kobject

cfg80211: add and use strongly typed element iteration macros

ieee80211: fix for_each_element_extid()

cfg80211: Use const more consistently in for_each_element macros

[net] mac80211: Do not send Layer 2 Update frame before authorization

[net] nl80211: validate beacon head

[media] cx24116: fix a buffer overflow when checking userspace params

scsi: qedi: remove memset/memcpy to nfunc and use func instead

netlabel: cope with NULL catmap

tracing: Fix possible double free on failure of allocating trace buffer

blktrace: fix dereference after null check

x86/speculation: Add Special Register Buffer Data Sampling (SRBDS) mitigation

vfio: access to disabled MMIO space of some devices may lead to DoS scenario

vfio: access to disabled MMIO space of some devices may lead to DoS scenario

mm: Fix mremap not considering huge pmd devmap

HID: hiddev: avoid opening a disconnected device

mwifiex: Fix possible buffer overflows in mwifiex_cmd_append_vsie_tlv()

mwifiex: Fix possible buffer overflows in mwifiex_ret_wmm_get_status()

mac80211: drop robust management frames from unknown TA

mac80211: handle deauthentication/disassociation from TDLS peer

kernel: memory corruption in Voice over IP nf_conntrack_h323 module

KVM: fix overflow of zero page refcount with ksm running

floppy: check FDC index for errors before assigning it

mwifiex: Fix mem leak in mwifiex_tm_cmd

vgacon: Fix a UAF in vgacon_invert_region

ipv6: constify ip6_dst_lookup_{flow|tail}() sock arguments

net: ipv6: add net argument to ip6_dst_lookup_flow

net: ipv6_stub: use ip6_dst_lookup_flow instead of ip6_dst_lookup

net: ipv6_stub: ip6_dst_lookup_flow (adaptation)

KVM: nVMX: Don't emulate instructions in guest mode

KVM: nVMX: Refactor IO bitmap checks into helper function

KVM: nVMX: Check IO instruction VM-exit conditions

KVM: VMX: check descriptor table exits on instruction emulation

KVM: x86: clear stale x86_emulate_ctxt->intercept value

vhost: Check docket sk_family instead of call getname

mm: mempolicy: require at least one nodeid for MPOL_PREFERRED

Input: add safety guards to input_set_keycode

Incorrect version of patch were initially used. Work on correct fix is in progress.

fs/binfmt_elf.c: allocate initialized memory in fill_thread_core_info

signal: Extend exec_id to 64bits

signal: Extend exec_id to 64bits (adaptation)

scsi: sg: add sg_remove_request in sg_write

nfs: Correct an nfs page array calculation error

selinux: properly handle multiple messages in selinux_netlink_send

ipmi: Fix memory leak in __ipmi_bmc_register

crypto: ccp - Release all allocated memory

mISDN: enforce CAP_NET_RAW for raw sockets

ieee802154: enforce CAP_NET_RAW for raw sockets

net: sit: fix memory leak in sit_init_net()

scsi: qla2xxx: fix a potential NULL pointer dereference

fjes: Handle workqueue allocation failure.

Bluetooth: hci_ldisc: Postpone HCI_UART_PROTO_READY bit set in hci_uart_set_proto()

scsi: libsas: delete sas port if expander discover failed

media: usb:zr364xx:Fix KASAN:null-ptr-deref Read in zr364xx_vidioc_querycap

scsi: libsas: fix a race condition when smp task timeout

fs/proc/proc_sysctl.c: fix NULL pointer dereference in put_links

fs/proc/proc_sysctl.c: Fix a NULL pointer dereference

can: peak_usb: fix slab info leak

ext4: work around deleting a file with i_nlink == 0 safely

KVM: x86: fix out-of-bounds write in KVM_GET_EMULATED_CPUID (CVE-2019-19332)

i2c: core-smbus: prevent stack corruption on read I2C_BLOCK_DATA

Input: ff-memless - kill timer in destroy()

iwlwifi: dbg_ini: fix memory leak in alloc_sgtable

rtlwifi: prevent memory leak in rtl_usb_probe

crypto: user - fix memory leak in crypto_report

media: v4l: event: Prevent freeing event subscriptions while accessed

media: v4l: event: Prevent freeing event subscriptions while accessed (adaptation)

ext4: validate the debug_want_extra_isize mount option at parse time

ext4: forbid i_extra_isize not divisible by 4

ext4: add more paranoia checking in ext4_expand_extra_isize handling

ext4: fix support for inode sizes > 1024 bytes

USB: adutux: fix use-after-free on disconnect

usb: cdc-acm: make sure a refcount is taken early enough

USB: core: Fix races in character device registration and deregistraion

Bluetooth: L2CAP: Fix calling sk_filter on non-socket based channel

Bluetooth: A2MP: Fix not initializing all members

net-sysfs: call dev_hold if kobject_init_and_add success

net-sysfs: Call dev_hold always in netdev_queue_add_kobject

net-sysfs: Call dev_hold always in rx_queue_add_kobject

Fix for missing check in vgacon scrollback handling

net/flow_dissector: switch to siphash

net/flow_dissector: switch to siphash (adaptation)

crypto: authenc - fix parsing key with misaligned rta_len

ext4: fix potential negative array index in do_split()

nfsd: apply umask on fs without ACL support

nfs: Fix getxattr kernel panic and memory overflow

hdlc_ppp: add range checks in ppp_cp_parse_cr()

block: Fix use-after-free in blkdev_get()

nfsd: fix incorrect umasks

nfsd: fix incorrect umasks (adaptation)

icmp: randomize the global rate limiter

HID: Fix assumption that devices have inputs

pinctrl: Delete an error message

pinctrl: devicetree: Avoid taking direct reference to device name string

perf/core: Fix race in the perf_mmap_close() function

netfilter: ctnetlink: add a range check for l3/l4 protonum

geneve: add transport ports in route lookup for geneve

tty/vt: fix write/write race in ioctl(KDSKBSENT) handler

tty: keyboard, do not speculate on func_table index

vt: keyboard, simplify vt_kdgkbsent

vt: keyboard, extend func_buf_lock to readers

vt: keyboard, rename i to kb_func in vt_do_kdgkb_ioctl

vt: keyboard, reorder user buffer handling in vt_do_kdgkb_ioctl

scsi: target: Fix XCOPY NAA identifier lookup

scsi: target: Fix XCOPY NAA identifier lookup

tty: Fix ->pgrp locking in tiocspgrp()

drm/i915: Fix use-after-free when destroying GEM context

af_unix: fix struct pid memory leak

af_unix: fix struct pid memory leak (adaptation)

scsi: iscsi: Restrict sessions and handles to admin capabilities

sysfs: Add sysfs_emit and sysfs_emit_at to format sysfs output (CVE-2021-27365 dependency)

scsi: iscsi: Ensure sysfs attributes are limited to PAGE_SIZE

scsi: iscsi: Verify lengths on passthrough PDUs

futex: Replace pointless printk in fixup_owner()

futex: Provide and use pi_state_update_owner()

futex: Handle faults correctly for PI futexes

bpf: fix sanitation of alu op with pointer / scalar type from different paths

bpf: Prohibit alu ops for pointer types not defining ptr_limit

bpf: Fix off-by-one for area size in creating mask to left

bpf: Simplify alu_limit masking for pointer arithmetic

bpf: Add sanity check for upper ptr_limit

vt: selection, close sel_buffer race

Mitigation is made with intel firmware update, el8 kernels also need 'i915.enable_guc' specified in cmdline to be affected

Mitigation is made with intel firmware update, el-kernels also need 'i915.enable_guc' specified in cmdline to be affected

Mitigation is made with intel firmware update, el-kernels also need 'i915.enable_guc' specified in cmdline to be affected

seq_file: Disallow extremely large seq buffer allocations

media: xirlink_cit: add missing descriptor sanity checks

cipso,calipso: resolve a number of problems with the DOI refcounts

net: mac802154: Fix general protection fault

Bluetooth: verify AMP hci_chan before amp_destroy

Bluetooth: verify AMP hci_chan before amp_destroy (kcare adaptation)

Out of scope as the patch is for powerpc arch only, x86_64 is not affected

netfilter: x_tables: fix compat match/target pad out-of-bound write

bpf, x86: Validate computation of branch displacements for x86-64

netfilter: x_tables: Use correct memory barriers.

bluetooth: eliminate the potential race condition when removing the

net_sched: cls_route: remove the right filter from hashtable

KVM: nSVM: avoid picking up unsupported bits from L2 in int_ctl

KVM: nSVM: avoid picking up unsupported bits from L2 in int_ctl (adaptation)

KVM: nSVM: always intercept VMLOAD/VMSAVE when nested

Out of scope as the patch is for powerpc arch only, x86_64 is not affected

RDMA/cma: Add missing locking to rdma_accept()

RDMA/ucma: Fix the locking of ctx->file

RDMA/ucma: Fix locking for ctx->events_reported

RDMA/ucma: Rework ucma_migrate_id() to avoid races with destroy

perf/core: Fix a memory leak in perf_event_parse_addr_filter()

firewire: firedtv-avc: potential buffer overflow

media: firewire: firedtv-avc: fix a buffer overflow

[media] firewire: don't break long lines

media: firewire: firedtv-avc: fix a buffer overflow

fuse: fix bad inode

HID: core: Sanitize event code and type when mapping input

do_epoll_ctl(): clean the failure exits up a bit

af_unix: fix garbage collect vs MSG_PEEK

af_unix: fix garbage collect vs MSG_PEEK (adaptation)

Bluetooth: fix the erroneous flush_work() order

Bluetooth: use correct lock to prevent UAF of hdev object

xfs: map unwritten blocks in XFS_IOC_{ALLOC,FREE}SP just like

drm/vmwgfx: Fix stale file descriptors on failed usercopy

drm/i915: Flush TLBs before releasing backing store

RDMA/cma: Do not change route.addr.src_addr.ss_family

Initialize registers to avoid stack leak into userspace.

Bail out in case userspace uses unsupported registers.

cgroup-v1: Require capabilities to set release_agent

perf: Fix sys_perf_event_open() race against self

netfilter: nf_tables: disallow non-stateful expression in

Not affected without certain conditions - Secure Boot, configured kgdb/kdb. Complex adaptation

x86/speculation/mmio: Add mitigation for Processor MMIO Stale Data

net_sched: cls_route: remove from list when handle is 0

Livepatching Retbleed may decrease kernel stability and performance. This vulnerability has medium security impact and applies to certain hardware environments only.

Livepatching Retbleed may decrease kernel stability and performance. This vulnerability has medium security impact and applies to certain hardware environments only.

Livepatching Retbleed may decrease the stability and performance of the kernel, while vulnerability has a medium security impact and only for a certain hardware environment.

Livepatching Retbleed may decrease kernel stability and performance. This vulnerability has medium security impact and applies to certain hardware environments only.

Livepatching Retbleed may decrease the stability and performance of the kernel, while vulnerability has a medium security impact and only for a certain hardware environment.

net: usb: ax88179_178a: fix packet alignment padding

ax88179_178a: Merge memcpy + le32_to_cpus to get_unaligned_le32

net: usb: Merge cpu_to_le32s + memcpy to put_unaligned_le32

net: usb: ax88179_178a: Fix out-of-bounds accesses in RX fixup

net: usb: ax88179_178a: Fix packet receiving

An introduction of required changes through KernelCare could cause unavoidable problems to applications which use unprivileged eBPF.

proc: avoid integer type confusion in get_proc_long

proc: proc_skip_spaces() shouldn't think it is working on C strings

usb: mon: make mmapped memory read only

Bluetooth: L2CAP: Fix use-after-free caused by l2cap_reassemble_sdu

net/sched: flower: fix possible OOB write in fl_set_geneve_opt()

hw: amd: Cross-Process Information Leak

netfilter: nf_tables: deactivate anonymous set from preparation phase

netfilter: nf_tables: deactivate anonymous set from preparation phase (adaptation)

netfilter: nf_tables: do not allow SET_ID to refer to another table

netfilter: nf_tables: skip deactivated anonymous sets during lookups

netfilter: nf_tables: prevent OOB access in nft_byteorder_eval

Smart Patch for net/sched: cls_u32: Fix reference counter leak leading to overflow

Smart Patch for net/sched/cls_u32.c

net/sched: cls_fw: No longer copy tcf_result on update to avoid use-after-free

net/sched: cls_route: No longer copy tcf_result on update to avoid use-after-free

net/sched: cls_fw: Fix improper refcount update leads to use-after-free

net/sched: sch_qfq: account for stab overhead in qfq_enqueue

Complex adaptation required.

revert of: netfilter: ipset: actually allow allowable CIDR 0 in hash:net, port, net

Bluetooth: L2CAP: Fix accepting connection request for invalid SPSM

Bluetooth: L2CAP: Fix l2cap_global_chan_by_psm

net: sched: sch_qfq: Fix UAF in qfq_dequeue()

net: sched: sch_qfq: Fix UAF in qfq_dequeue() (adaptation)

fbcon driver was updated and patched in the same kernel 3.10.0-1160.111.1.el7. Older versions don't contain vulnerabilities b07db3958485 and d443d9386472

igb: set max size RX buffer when store bad packet is enabled

igb: set max size RX buffer when store bad packet is enabled (adaptation)

netfilter: nf_tables: reject QUEUE/DROP verdict parameters

sched/membarrier: reduce the ability to hammer on sys_membarrier

[PATCH 1681/1699] af_unix: Fix null-ptr-deref in

[PATCH 1658/1699] net/sched: sch_hfsc: Ensure inner classes have fsc

[PATCH 1659/1699] net/sched: sch_hfsc: upgrade 'rt' to 'sc' when it

[PATCH 1686/1699] bluetooth: Perform careful capability checks in

[PATCH 1689/1699] bluetooth: Add cmd validity checks at the start of

[PATCH 1696/1699] vt: vt_ioctl: fix race in VT_RESIZEX

[PATCH 1643/1699] RDMA/i40iw: Prevent zero-length STAG registration

RDMA/irdma: Prevent zero-length STAG registration (adaptation)

Restrict access to pagemap/kpageflags/kpagecount