vt: keyboard, simplify vt_kdgkbsent

vt: keyboard, extend func_buf_lock to readers

perf/core: Fix a memory leak in perf_event_parse_addr_filter()

vt: Disable KD_FONT_OP_COPY

xen/events: avoid removing an event channel while handling it

tty: make FONTX ioctl use the tty pointer they were actually passed

UBUNTU: SAUCE: target: fix XCOPY NAA identifier lookup

UBUNTU: SAUCE: target: fix XCOPY NAA identifier lookup (adaptation )

KCARE-12751: Removed this patch as it causes issue with new tcp connections

tty: Fix ->pgrp locking in tiocspgrp()

tty: Fix ->session locking

lib/syscall: fix syscall registers retrieval on 32-bit platforms

jfs: Fix array index bounds check in dbAdjTree

speakup: Do not let the line discipline be used several times

speakup: Reject setting the speakup line discipline outside of

xen-blkback: set ring->xenblkd to NULL after kthread_stop()

Input: sunkbd - avoid use-after-free in teardown paths

mwifiex: Fix possible buffer overflows in

nfsd4: readdirplus shouldn't return parent of export

net, sctp, filter: remap copy_from_user failure error

futex: Ensure the correct return value from futex_lock_pi()

futex: Simplify fixup_pi_state_owner()

futex: Handle faults correctly for PI futexes

sysfs: Add sysfs_emit and sysfs_emit_at to format sysfs output

scsi: iscsi: Restrict sessions and handles to admin capabilities

scsi: iscsi: Ensure sysfs attributes are limited to PAGE_SIZE

scsi: iscsi: Verify lengths on passthrough PDUs

bpf: Prohibit alu ops for pointer types not defining ptr_limit

bpf: Fix off-by-one for area size in creating mask to left

bpf: Simplify alu_limit masking for pointer arithmetic

bpf: Simplify alu_limit masking for pointer arithmetic

bpf: Fix 32 bit src register truncation on div/mod

bpf: Fix truncation handling for mod32 dst reg wrt zero

xen-blkback: don't "handle" error by BUG()

xen-netback: don't "handle" error by BUG()

xen-scsiback: don't "handle" error by BUG()

xen-blkback: fix error handling in xen_blkbk_map()

bpf, cgroup: Fix optlen WARN_ON_ONCE toctou

bpf, cgroup: Fix problematic bounds check

nbd: freeze the queue while we're adding connections

bpf, x86: Validate computation of branch displacements for x86-64

UBUNTU: SAUCE: shiftfs: free allocated memory in shiftfs_btrfs_ioctl_fd_replace() error paths

UBUNTU: SAUCE: shiftfs: handle copy_to_user() return values correctly

vfs: move cap_convert_nscap() call into vfs_setxattr()

media: v4l: ioctl: Fix memory leak in video_usercopy

netfilter: x_tables: Use correct memory barriers

usbip: fix stub_dev to check for stream socket

usbip: fix stub_dev usbip_sockfd_store() races leading to gpf

misc: fastrpc: restrict user apps from sending kernel RPC messages

staging: rtl8188eu: prevent ->ssid overflow in rtw_wx_set_scan()

Xen/gnttab: handle p2m update errors on a per-slot basis

drm/nouveau: bail out of nouveau_channel_new if channel init

fuse: fix bad inode

fuse: fix live lock in fuse_iget()

btrfs: fix race when cloning extent buffer during rewind of an old

net: qrtr: fix a kernel-infoleak in qrtr_recvmsg()

PCI: rpadlpar: Fix potential drc_name corruption in store functions

perf/x86/intel: Fix a crash caused by zero PEBS status

gianfar: fix jumbo packets+napi+rx overrun crash

dm ioctl: fix out of bounds array access when no devices

net: qrtr: fix a kernel-infoleak in qrtr_recvmsg()

xen-blkback: don't leak persistent grants from xen_blkbk_map()

firewire: nosy: Fix a use-after-free bug in nosy_ioctl()

gianfar: Handle error code at MAC address change

nfc: fix refcount leak in llcp_sock_bind()

nfc: fix refcount leak in llcp_sock_connect()

nfc: fix memory leak in llcp_sock_connect()

nfc: Avoid endless loops caused by repeated llcp_sock_connect()

bpf: Remove MTU check in __bpf_skb_max_len

net: mac802154: Fix general protection fault

netfilter: x_tables: fix compat match/target pad out-of-bound write

mac80211: assure all fragments are encrypted

ath10k: drop MPDU which has discard flag set by firmware for SDIO

mac80211: drop A-MSDUs on old ciphers

cfg80211: mitigate A-MSDU aggregation attacks

mac80211: properly handle A-MSDUs that start with an RFC 1042 header

mac80211: prevent mixed key and fragment cache attacks

mac80211: prevent mixed key and fragment cache attacks (adaptation)

mac80211: prevent attacks on TKIP/WEP as well

mac80211: extend protection against mixed key and fragment cache attacks

mac80211: do not accept/forward invalid EAPOL frames

ath10k: Fix TKIP Michael MIC verification for PCIe

ath10k: add CCMP PN replay protection for fragmented frames for PCIe

ath10k: drop fragments with multicast DA for SDIO

ath10k: drop fragments with multicast DA for PCIe

sctp: delay auto_asconf init until binding the first addr

net/nfc: fix use-after-free llcp_sock_bind/connect

bpf: Use correct permission flag for mixed signed bounds arithmetic

bpf: Ensure off_reg has no mixed signed bounds for all types

bpf: Move off_reg into sanitize_ptr_alu

bpf: Rework ptr_limit into alu_limit and add common error path

bpf: Improve verifier error messages for users

bpf: Move sanitize_val_alu out of op switch

bpf: Refactor and streamline bounds check into helper

bpf: Tighten speculative pointer arithmetic mask

bpf: Fix masking negation logic upon negative dst register

bpf: Fix leakage of uninitialized bpf stack under speculation

bluetooth: eliminate the potential race condition when removing the HCI controller

Bluetooth: verify AMP hci_chan before amp_destroy

Bluetooth: verify AMP hci_chan before amp_destroy

UBUNTU: SAUCE: can: bcm: delay release of struct bcm_op after synchronize_rcu

f2fs: fix to avoid out-of-bounds memory access

mac80211: add fragment cache to sta_info

bpf: Wrap aux data inside bpf_sanitize_info container

bpf: Fix mask direction swap upon off reg sign change

bpf: No need to simulate speculative domain for immediates

inet: use bigger hash table for IP ID generation

inet: use bigger hash table for IP ID generation (adaptation)

KVM: Stop looking for coalesced MMIO zones if the bus is destroyed

Bluetooth: SMP: Fail if remote and local public keys are identical

seq_file: Disallow extremely large seq buffer allocations

ixgbe: fix large MTU request from VF

pNFS/flexfiles: fix incorrect size check in decode_nfs_fh()

Bluetooth: use correct lock to prevent UAF of hdev object

nfc: fix NULL ptr dereference in llcp_sock_getname() after failed connect

can: bcm: fix infoleak in struct bcm_msg_head

Bluetooth: fix the erroneous flush_work() order

net: qrtr: fix OOB Read in qrtr_endpoint_post

KVM: SVM: Periodically schedule when unregistering regions on destroy

KVM: do not assume PTE is writable after follow_pfn

mm: unexport follow_pte_pmd

mm: simplify follow_pte{,pmd}

KVM: do not allow mapping valid but non-reference-counted pages

Input: joydev - prevent use of not validated data in JSIOCSBTNMAP

KVM: nSVM: always intercept VMLOAD/VMSAVE when nested (CVE-2021-3656)

KVM: nSVM: avoid picking up unsupported bits from L2 in int_ctl

KVM: nSVM: avoid picking up unsupported bits from L2 in int_ctl (adaptation)

virtio_console: Assure used length from device is limited

NFSv4: Initialise connection to the server in nfs4_alloc_client()

Out of scope as the patch is for powerpc arch only, x86_64 is not affected

usb: max-3421: Prevent corruption of freed memory

usb: max-3421: Prevent corruption of freed memory (adaptation)

tracing: Fix bug in rb_per_cpu_empty() that might cause deadloop.

bpf: Inherit expanded/patched seen count from old aux data

bpf: Do not mark insn as seen under speculative path verification

bpf: Fix leakage under speculation on mispredicted branches

ovl: prevent private clone if bind mount is not allowed

net: xilinx_emaclite: Do not print real IOMEM pointer

net: 6pack: fix slab-out-of-bounds in decode_data

fs: warn about impending deprecation of mandatory locks

ext4: fix race writing to an inline_data file while its xattrs are

KVM: X86: MMU: Use the correct inherited permissions to get shadow page

KVM: X86: MMU: Use the correct inherited permissions to get shadow page (adaptation)

ath: Use safer key clearing with key cache entries

ath9k: Clear key cache explicitly on disabling hardware

ath: Export ath_hw_keysetmac

ath: Modify ath_key_delete() to not need full key entry

ath9k: Postpone key cache entry deletion for TXQ frames reference it

ath9k: Postpone key cache entry deletion for TXQ frames reference it (adaptation)

ath: Export ath_hw_keysetmac (adaptation)

net: qrtr: fix another OOB Read in qrtr_endpoint_post

vt_kdsetmode: extend console locking

btrfs: fix NULL pointer dereference when deleting device by invalid id

memcg: enable accounting of ipc resources

f2fs: fix wrong total_sections check and fsmeta check

f2fs: fix to do sanity check on segment/section count

soc: aspeed: lpc-ctrl: Fix boundary check for mmap

RDMA/cma: Add missing locking to rdma_accept()

RDMA/ucma: Fix the locking of ctx->file

RDMA/ucma: Rework ucma_migrate_id() to avoid races with destroy

ext4: catch integer overflow in ext4_cache_extents

bpf: Introduce BPF nospec instruction for mitigating Spectre v4

bpf: Fix leakage due to insufficient speculative store bypass mitigation

bpf: Fix leakage due to insufficient speculative store bypass mitigation (kpatch adaptation)

sctp: validate chunk size in __rcv_asconf_lookup

sctp: add param size validation for SCTP_PARAM_SET_PRIMARY

net: hso: fix muxed tty registration

hso: fix bailout in error case of probe

usb: hso: fix error handling code of hso_create_net_device

usb: hso: remove the bailout parameter

crypto: ccp - fix resource leaks in ccp_run_aes_gcm_cmd()

ovl: fix missing negative dentry check in ovl_rename()

bpf: Fix integer overflow in prealloc_elems_and_freelist()

Out of scope as the patch is for powerpc arch only, x86_64 is not affected

nfc: nci: fix the UAF of rf_conn_info object

isdn: cpai: check ctr->cnr to avoid array index out of bound

Patch should be changed due to inline code in __sched()

UBUNTU: SAUCE: vfs: Out-of-bounds write of heap buffer in fs_context.c

UBUNTU: SAUCE: vfs: test that one given mount param is not larger than PAGE_SIZE

media: firewire: firedtv-avc: fix a buffer overflow in avc_ca_pmt()

Bluetooth: sco: Fix lock_sock() blockage by memcpy_from_msg()

xfs: map unwritten blocks in XFS_IOC_{ALLOC,FREE}SP just like

NFC: reorder the logic in nfc_{un,}register_device

NFC: reorganize the functions in nci_request

fget: check that the fd still exists after getting a ref to it

NFC: add NCI_UNREG flag to eliminate the race

atlantic: Fix OOB read and write in hw_atl_utils_fw_rpc_wait

nfc: fix potential NULL pointer deref in nfc_genl_dump_ses_done

USB: gadget: detect too-big endpoint 0 requests

USB: gadget: zero allocate endpoint 0 buffers

net/packet: rx_owner_map depends on pg_vec

UBUNTU: SAUCE: drm/vmwgfx: Fix stale file descriptors on failed usercopy

USB: gadget: bRequestType is a bitfield, not a enum

drm/i915: Flush TLBs before releasing backing store

drm/i915: Flush TLBs before releasing backing store (adaptation)

netfilter: nf_tables_offload: incorrect flow offload action array

netfilter: nf_tables_offload: incorrect flow offload action array (adaptation)

An introduction of required changes through KernelCare could cause unavoidable problems to applications which use unprivileged eBPF.

An introduction of required changes through KernelCare could cause unavoidable problems to applications which use unprivileged eBPF.

remote stack overflow in Linux kernel

lib/iov_iter: initialize "flags" in new pipe_buffer

netdevsim: Zero-initialize memory for new map's value in function nsim_bpf_map_alloc

mwifiex: Fix skb_over_panic in mwifiex_usb_recv()

phonet: refcount leak in pep_sock_accep

cgroup-v1: Require capabilities to set release_agent

s390 is unsupported

net: sched: fix use-after-free in tc_new_tfilter()

esp: Fix possible buffer overflow in ESP transformation

udf: Restore i_lenAlloc when inode expansion fails

udf: Fix NULL ptr deref when converting from inline format

NFSv4: Handle case where the lookup of a directory fails

NFSv4: nfs_atomic_open() can race when looking up a non-regular file

NFS: LOOKUP_DIRECTORY is also ok with symlinks

yam: fix a memory leak in yam_siocdevprivate()

[PATCH] nfc: st21nfca: Fix potential buffer overflows in

USB: gadget: validate endpoint index for xilinx udc

[PATCH] USB: gadget: validate interface OS descriptor requests

usb: gadget: rndis: check size of RNDIS_MSG_SET command

mmc: block: fix read single on recovery logic

netfilter: nf_tables: initialize registers in nft_do_chain()

drm/nouveau: Add a dedicated mutex for the clients list

drm/nouveau: clean up all clients on device removal

drm/nouveau: Add a dedicated mutex for the clients list (adaptation)

An introduction of required changes through KernelCare could cause unavoidable problems to applications which use unprivileged eBPF.

net: usb: ax88179_178a: Fix out-of-bounds accesses in RX fixup

moxart: fix potential use-after-free on remove path

memstick: rtsx_usb_ms: fix UAF

io_uring: fix fs->users overflow

ptrace: Check PTRACE_O_SUSPEND_SECCOMP permission on

net/sched: cls_u32: fix netns refcount changes in

Not affected without certain conditions - Secure Boot, configured kgdb/kdb. Complex adaptation

cgroup: Use open-time cgroup namespace for process migration perm checks

cgroup: Use open-time cgroup namespace for process migration perm checks(adaptation).

af_key: add __GFP_ZERO flag for compose_sadb_supported in function pfkey_register

fuse: use true,false for bool variable

fuse: fix pipe buffer lifetime for direct_io

fuse: fix pipe buffer lifetime for direct_io (kpatch adaptation)

KVM: x86/mmu: do compare-and-exchange of gPTE via the user

drivers: hamradio: 6pack: fix UAF bug caused by mod_timer()

net/x25: Fix null-ptr-deref caused by x25_disconnect

netfilter: nf_tables: disallow non-stateful expression in sets earlier

sctp: use init_tag from inithdr for ABORT chunk

sctp: fix the processing for INIT_ACK chunk

sctp: fix the processing for COOKIE_ECHO chunk

sctp: add vtag check in sctp_sf_violation

sctp: add vtag check in sctp_sf_do_8_5_1_E_sa

sctp: add vtag check in sctp_sf_ootb

sr9700: sanity check for packet length

usb: gadget: clear related members when goto fail

xen/xenbus: don't let xenbus_grant_ring() remove grants in error case

xen/grant-table: add gnttab_try_end_foreign_access()

xen/blkfront: don't use gnttab_query_foreign_access() for mapped status

xen/scsifront: don't use gnttab_query_foreign_access() for mapped status

xen/gntalloc: don't use gnttab_query_foreign_access()

xen: remove gnttab_query_foreign_access()

xen/9p: use alloc/free_pages_exact()

xen/pvcalls: use alloc/free_pages_exact()

xen/gnttab: fix gnttab_end_foreign_access() without page specified

xen/netfront: react properly to failing gnttab_end_foreign_access_ref()

xen/gnttab: fix gnttab_end_foreign_access() without page specified (adaptation)

xen/netfront: react properly to failing gnttab_end_foreign_access_ref() (adaptation)

llc: fix netdevice reference leaks in llc_ui_bind()

can: mcba_usb: mcba_usb_start_xmit(): fix double dev_kfree_skb in error path

can: ems_usb: ems_usb_start_xmit(): fix double dev_kfree_skb() in error path

x86/speculation/mmio: Add mitigation for Processor MMIO Stale Data

can: usb_8dev: usb_8dev_start_xmit(): fix double dev_kfree_skb() in

ax25: improve the incomplete fix to avoid UAF and NPD bugs

ax25: improve the incomplete fix to avoid UAF and NPD bugs

ax25: improve the incomplete fix to avoid UAF and NPD bugs

[PATCH] ax25: add refcount in ax25_dev to avoid UAF bugs

[PATCH] ax25: fix reference count leaks of ax25_dev

[PATCH] ax25: fix UAF bugs of net_device caused by rebinding

[PATCH] ax25: Fix refcount leaks caused by ax25_cb_del()

[PATCH] ax25: fix UAF bug in ax25_send_control()

[PATCH] ax25: fix NPD bug in ax25_disconnect

[PATCH] ax25: Fix NULL pointer dereferences in ax25 timers

[PATCH] ax25: Fix UAF bugs in ax25 timers

ax25: add refcount in ax25_dev to avoid UAF bugs (adaptation)

floppy: disable FDRAWCMD by default

floppy: disable FDRAWCMD by default (adaptation)

hamradio: defer 6pack kfree after unregister_netdev

hamradio: remove needs_free_netdev to avoid UAF

floppy: use a statically allocated error counter

floppy: use a statically allocated error counter (adaptation)

nfc: nfcmrvl: main: reorder destructive operations in

[PATCH] SUNRPC: Ensure we flush any closed sockets before

[PATCH] SUNRPC: Don't leak sockets in xs_local_connect()

[PATCH v4 1/2] ath9k: fix use-after-free in ath9k_hif_usb_rx_cb

nfc: replace improper check device_is_registered() in netlink related

NFC: netlink: fix sleep in atomic bug when firmware download timeout

ALSA: pcm: Fix races among concurrent hw_params and hw_free calls

ALSA: pcm: Fix races among concurrent read/write and buffer changes

ALSA: pcm: Fix races among concurrent prepare and hw_params/hw_free calls

ALSA: pcm: Fix races among concurrent prealloc proc writes

ALSA: pcm: Fix races among concurrent hw_params and hw_free calls (adaptation)

netfilter: nf_tables: stricter validation of element data

UBUNTU: SAUCE: net_sched: cls_route: remove from list when handle is 0

UBUNTU: SAUCE: netfilter: nf_tables: do not allow SET_ID to refer to another table

UBUNTU: SAUCE: netfilter: nf_tables: do not allow RULE_ID to refer to another table

vt: drop old FONT ioctls

Complex adaptation required. Low impact CVE.

fbcon: Disallow setting font bigger than screen size

fbcon: Prevent that screen size is smaller than font size

fbmem: Check virtual screen sizes in fb_set_var()

tcp: change source port randomizarion at connect() time

secure_seq: use the 64 bits of the siphash for port offset

tcp: use different parts of the port_offset for index and

tcp: increase source port perturb table to 2^16

tcp: increase source port perturb table to 2^16

tcp: change source port randomizarion at connect() time (adaptation)

perf: Fix sys_perf_event_open() race against self

dm verity: set DM_TARGET_IMMUTABLE feature flag

dm verity: set DM_TARGET_IMMUTABLE feature flag (adaptation)

netfilter: nf_queue: do not allow packet truncation below

HID: bigben: fix slab-out-of-bounds Write in bigben_probe

drm: mali-dp: potential dereference of null pointer

bpf: Verifer, adjust_scalar_min_max_vals to always call update_reg_bounds()

Complex adaptation required.

net: rose: fix UAF bugs caused by timer handler

net: rose: fix UAF bugs caused by timer handler (adaptation)

xen/blkfront: fix leaking data in shared pages

io_uring: disable polling pollfree files

io_uring: disable polling pollfree files (adaptation)

xen/netfront: fix leaking data in shared pages

xen/netfront: force data bouncing when backend is untrusted

xen/netfront: force data bouncing when backend is untrusted (adaptation)

xen/blkfront: force data bouncing when backend is untrusted

xen/blkfront: force data bouncing when backend is untrusted (adaptation)

Out of scope - ARM architecture.

xfrm: xfrm_policy: fix a possible double xfrm_pols_put() in

Bluetooth: L2CAP: Fix use-after-free caused by l2cap_chan_put

tty: extract tty_flip_buffer_commit() from tty_flip_buffer_push()

tty: use new tty_insert_flip_string_and_push_buffer() in pty_write()

io_uring/af_unix: defer registered files gc to io_uring release

io_uring/af_unix: defer registered files gc to io_uring release

UBUNTU: SAUCE: io_uring/af_unix: fix memleak during unix GC

wifi: cfg80211: fix u8 overflow in cfg80211_update_notlisted_nontrans()

wifi: cfg80211: fix BSS refcounting bugs

wifi: cfg80211: avoid nontransmitted BSS list corruption

scsi: stex: Properly zero out the passthrough command structure

[PATCH] af_key: Do not call xfrm_probe_algs in parallel

mm/mremap: hold the rmap lock in write mode when moving page table

ARM related CVE.

devlink: Fix use-after-free after a failed reload

atm: idt77252: fix use-after-free bugs caused by tst_timer

fs: fix UAF/GPF bug in nilfs_mdt_destroy

wifi: mac80211: don't parse mbssid in assoc response

wifi: mac80211: don't parse mbssid in assoc response

wifi: mac80211: fix MBSSID parsing use-after-free

adaptation

mm: Fix TLB flush for not-first PFNMAP mappings in unmap_region()

mm: Fix TLB flush for not-first PFNMAP mappings in unmap_region()

Livepatching Retbleed may decrease kernel stability and performance. This vulnerability has medium security impact and applies to certain hardware environments only.

Livepatching Retbleed may decrease the stability and performance of the kernel, while vulnerability has a medium security impact and only for a certain hardware environment.

Livepatching Retbleed may decrease the stability and performance of the kernel, while vulnerability has a medium security impact and only for a certain hardware environment.

KVM: add missing compat KVM_CLEAR_DIRTY_LOG

KVM: Add infrastructure and macro to mark VM as bugged

[PATCH] KVM: x86: Check lapic_in_kernel() before attempting to set a

KVM: x86: Avoid theoretical NULL pointer dereference in

KVM: x86: Check lapic_in_kernel() before attempting to set a ( adaptation )

r8152: Rate limit overflow messages

Bluetooth: L2CAP: Fix use-after-free caused by l2cap_reassemble_sdu

mISDN: fix use-after-free bugs in l1oip timer handlers

mISDN: fix use-after-free bugs in l1oip timer handlers (adaptation)

nilfs2: fix NULL pointer dereference at nilfs_bmap_lookup_at_level()

video: fbdev: i740fb: Error out if 'pixclock' equals zero

efi: capsule-loader: Fix use-after-free in efi_capsule_write

efi: capsule-loader: Fix use-after-free in efi_capsule_write (adaptation)

binder: fix UAF of ref->proc caused by race condition

netfilter: nf_conntrack_irc: Tighten matching on DCC message

ALSA: pcm: oss: Fix race at SNDCTL_DSP_SYNC

staging: rtl8712: fix use after free bugs

sch_sfb: Don't assume the skb is still around after enqueueing to child

sch_sfb: Also store skb len before calling child enqueue

pxa3xx-gcu: Fix integer overflow in pxa3xx_gcu_write

usb: mon: make mmapped memory read only

nilfs2: fix leak of nilfs_root in case of writer thread creation failure

USB: core: Prevent nested device-reset calls (adaptation)

USB: core: Prevent nested device-reset calls (adaptation)

Bluetooth: L2CAP: Fix accepting connection request for invalid SPSM

xen/netback: Ensure protocol headers don't fall in the non-linear area

Bluetooth: L2CAP: Fix l2cap_global_chan_by_psm

Bluetooth: L2CAP: Fix u8 overflow

NFSD: Cap rsize_bop result based on send buffer size

nilfs2: fix use-after-free bug of struct nilfs_root

binder: fix UAF of alloc->vma in race with munmap()

[PATCH] Bluetooth: L2CAP: Fix attempting to access uninitialized

[PATCH] Bluetooth: L2CAP: Fix attempting to access uninitialized

roccat: Fix use-after-free in roccat_read()

wifi: brcmfmac: Fix potential buffer overflow in

fbdev: smscufx: Fix use-after-free in ufx_ops_open()

nfp: fix use-after-free in area_cache_get()

ALSA: pcm: Move rwsem lock inside snd_ctl_elem_read to prevent UAF

drm/vmwgfx: Validate the box size for the snooped cursor

media: dvb-core: Fix UAF due to refcount races at releasing

net: sched: disallow noqueue for qdisc classes

ipv6: raw: Deduct extension header length in rawv6_push_pending_frames

net: sched: cbq: dont intepret cls results when asked to drop

net: sched: atm: dont intepret cls results when asked to drop

x86/bugs: Flush IBP in ib_prctl_set()

net/ulp: prevent ULP without clone op from entering the LISTEN status

misc: sgi-gru: fix use-after-free error in gru_set_context_option

mm/hugetlb: fix races when looking up a CONT-PTE/PMD size hugetlb page

kcm: avoid potential race in kcm_tx_work

ipv4: Handle attempt to delete multipath route when fib_info contains an nh reference

ipv4: Handle attempt to delete multipath route when fib_info contains an nh reference

proc: avoid integer type confusion in get_proc_long

proc: proc_skip_spaces() shouldn't think it is working on C strings

drm/i915: fix TLB invalidation for Gen12 video and compute engines

ipc: replace costly bailout check in sysvipc_find_ipc()

KVM: VMX: Execute IBPB on emulated VM-exit when guest has IBRS

USB: gadgetfs: Fix race between mounting and unmounting

USB: gadgetfs: Fix race between mounting and unmounting

wifi: rndis_wlan: Prevent buffer overflow in rndis_query_oid

USB: move snd_usb_pipe_sanity_check into the USB core

USB: add usb_control_msg_send() and usb_control_msg_recv()

net/sched: tcindex: update imperfect hash filters respecting rcu

HID: check empty report_list in hid_validate_values()

drm/amdkfd: Check for null pointer after calling kmemdup

l2tp: Serialize access to sk_user_data with sk_callback_lock

sctp: fail if no bound addresses can be used for a given scope

net: mpls: fix stale pointer if allocation fails during device rename

media: mceusb: Use new usb_control_msg_*() routines

prlimit: do_prlimit needs to have a speculation check

Complex adaptation is required, mainline retired tcindex.

Safety check failed for copy_from_user; zendesk:191568

net/tls: tls_is_tx_ready() checked list_entry

kvm: initialize all of the kvm_debugregs structure before sending it

rds: rds_rm_zerocopy_callback() use list_first_entry()

scsi: iscsi_tcp: Fix UAF during login when accessing the shost

netrom: Fix use-after-free caused by accept on already connected

[PATCH] media: rc: Fix use-after-free bugs caused by ene_tx_irqsim()

wifi: brcmfmac: slab-out-of-bounds read in brcmf_get_assoc_ies()

KVM: nVMX: add missing consistency checks for CR0 and CR4

net: sched: sch_qfq: prevent slab-out-of-bounds in qfq_activate_agg

netfilter: nf_tables: deactivate anonymous set from

net/sched: flower: fix possible OOB write in fl_set_geneve_opt()

ipvlan:Fix out-of-bounds caused by unclear skb->cb

netfilter: nf_tables: incorrect error path handling with NFT_MSG_NEWRULE

netfilter: nf_tables: prevent OOB access in nft_byteorder_eval

overlayfs: Skip permission checking for trusted.overlayfs.* xattrs

memstick: r592: Fix UAF bug in r592_remove due to race condition

btrfs: unset reloc control if transaction commit fails in prepare_to_relocate()

[PATCH] btrfs: fix race between quota disable and quota assign ioctls

cifs: fix NULL ptr dereference in smb2_ioctl_query_info()

net: sched: fix race condition in qdisc_graft()

[PATCH] i2c: xgene-slimpro: Fix out-of-bounds bug in

net: qcom/emac: Fix use after free bug in emac_remove due to race

power: supply: da9150: Fix use after free bug in

net: tls: fix possible race condition between

xfs: verify buffer contents when we skip log replay

netlink: limit recursion depth in policy validation

[PATCH] act_mirred: use the backlog for nested calls to mirred

hwmon: (xgene) Fix use after free bug in xgene_hwmon_remove due to

nfc: st-nci: Fix use after free bug in ndlc_remove due to race

ext4: verify dir block before splitting it

ext4: avoid cycles in directory h-tree

ext4: make variable "count" signed

ext4: check if directory block is within i_size

ext4: make sure ext4_append() always allocates new block

ext4: fix check for block being out of directory size

x86/speculation: Identify processors vulnerable to SMT RSB predictions

KVM: x86: Mitigate the cross-thread return address predictions bug

KVM: x86: Mitigate the cross-thread return address predictions bug (adaptation)

Complex adaptation required.

net/sched: cls_fw: Fix improper refcount update leads to

net/sched: sch_qfq: account for stab overhead in qfq_enqueue

net/sched: cls_u32: Fix reference counter leak leading to overflow

hw: amd: Cross-Process Information Leak

binder: fix UAF caused by faulty buffer cleanup

usb: gadget: udc: renesas_usb3: Fix use after free bug in

media: saa7134: fix use after free bug in saa7134_finidev due to race

bpf: Fix incorrect verifier pruning due to missing register precision

relayfs: fix out-of-bounds access in relay_file_read

media: dm1105: Fix use after free bug in dm1105_remove due to race condition

bluetooth: Perform careful capability checks in hci_sock_ioctl()

media: dvb-core: Fix kernel WARNING for blocking operation in wait_event*()

dm ioctl: fix nested locking in table_clear() to remove deadlock concern

Bluetooth: L2CAP: Fix use-after-free in l2cap_sock_ready_cb

net/sched: cls_route: No longer copy tcf_result on update to avoid

net/sched: cls_fw: No longer copy tcf_result on update to avoid

net/sched: cls_u32: No longer copy tcf_result on update to avoid

x86/CPU/AMD: Do not leak quotient data after a division by 0

This is a low priority CVE & the patch impacts many critical components of the networking subsystem & it requires multiple complex adaptations in those components to avoid losing existing connections on patch/unpatch.

The patch remove functionality.

[PATCH] nfc: llcp: simplify llcp_sock_connect() error paths

[PATCH] net: nfc: Fix use-after-free caused by nfc_llcp_find_local

gfs2: Don't deref jdesc in evict

af_unix: Fix null-ptr-deref in unix_stream_sendpage().

net/sched: sch_hfsc: Ensure inner classes have fsc curve

net: sched: sch_qfq: Fix UAF in qfq_dequeue()

net: sched: sch_qfq: Fix UAF in qfq_dequeue() (adaptation)

netfilter: ipset: add the missing IP_SET_HASH_WITH_NET0 macro for

igmp: limit igmpv3_newpack() packet size to IP_MAX_MTU

CVE was wrongly assigned to a bug that was deemed to be a non-security issue by the Linux kernel security team.

The patch removes functionality.

netfilter: ipset: Add schedule point in call_ad().

netfilter: ipset: Fix race between IPSET_CMD_CREATE and

xen/netback: Fix buffer overrun triggered by unusual packet

Bluetooth: hci_ldisc: check HCI_UART_PROTO_READY flag in

media: usb: siano: Fix use after free bugs caused by do_submit_urb (dependency)

media: usb: siano: Fix warning due to null work_func_t function

Medium severity vulnerability CVE requiring extremely complex adaptation (if at all possible)

xfrm: add NULL check in xfrm_update_ae_params

ubi: Refuse attaching if mtd's erasesize is 0

igb: set max size RX buffer when store bad packet is enabled

igb: set max size RX buffer when store bad packet is enabled (adaptation)

net/tls: do not free tls_rec on async operation in

netfilter: nfnetlink_osf: avoid OOB read

netfilter: xt_sctp: validate the flag_info count

netfilter: xt_u32: validate user space input

netfilter: xt_u32: validate user space input (adaptation)

perf: Disallow mis-matched inherited group reads

perf: Disallow mis-matched inherited group reads

nvmet-tcp: move send/recv error handling in the send/recv methods instead of call-sites

nvmet-tcp: Fix a possible UAF in queue intialization setup

ipv4: fix null-deref in ipv4_link_failure

net: xfrm: Fix xfrm_address_filter OOB read

Complex adaptation required.

netfilter: nf_tables: Reject tables of unsupported family

smb: client: fix OOB in smbCalcSize()

perf: Fix perf_event_validate_size()

perf: Fix perf_event_validate_size() lockdep splat

ipv4: igmp: fix refcnt uaf issue when receiving igmp query packet

ravb: Fix use-after-free issue in ravb_tx_timeout_work()

nfc: nci: fix possible NULL pointer dereference in send_acknowledge()

kobject: Fix slab-out-of-bounds in fill_kobj_path()

net: tls, update curr on splice as well

smb: client: fix OOB in receive_encrypted_standard()

ida: Fix crash in ida_free when the bitmap is empty

appletalk: Fix Use-After-Free in atalk_ioctl

usb: dwc3: dwc3-qcom: Add missing platform_device_put() in dwc3_qcom_acpi_register_core

Bluetooth: af_bluetooth: Fix Use-After-Free in bt_sock_recvmsg

f2fs: fix to do sanity check on inode type during garbage collection

An introduction of required changes through KernelCare could cause unavoidable problems to applications which use netfilter functionality.

nvmet: nul-terminate the NQNs passed in the connect command

net/rose: Fix Use-After-Free in rose_ioctl

atm: Fix Use-After-Free in do_vcc_ioctl

vhost: use kzalloc() instead of kmalloc() followed by memset()

netfilter: nf_tables: reject QUEUE/DROP verdict parameters

phy: tegra: xusb: Fix return value of tegra_xusb_find_port_node function

malidp: Fix NULL vs IS_ERR() checking

scsi: lpfc: Fix a possible data race in lpfc_unregister_fcf_rescan()

nvmet-tcp: add bounds check on Transfer Tag

nvmet-tcp: Fix a kernel panic when host sends an invalid H2C PDU length

drm/radeon: check the alloc_workqueue return value in radeon_crtc_init()

binder: fix race between mmput() and do_exit()

crypto: scomp - fix req->dst buffer overflow

net: qualcomm: rmnet: fix global oob in rmnet_policy

net: qualcomm: rmnet: fix global oob in rmnet_policy

ip6_tunnel: fix NEXTHDR_FRAGMENT handling in ip6_tnl_parse_tlv_enc_lim()

ipv6: remove max_size check inline with ipv4

ipv6: remove max_size check inline with ipv4

dm ioctl: log an error if the ioctl structure is corrupted

dm: limit the number of targets and parameter size area

apparmor: avoid crash when parsed profile name is empty

gfs2: Fix kernel NULL pointer dereference in gfs2_rgrp_dump

mtd: Fix gluebi NULL pointer dereference caused by ftl

f2fs: explicitly null-terminate the xattr list

drivers/amd/pm: fix a use-after-free in kv_parse_power_table

EDAC/thunderx: Fix possible out-of-bounds string access

netfilter: nf_tables: fix pointer math issue in nft_byteorder_eval()

Out of scope. Android related patch.

uio: free uio id after uio file node is freed

uio: Fix use-after-free in uio_unregister_device()

uio: Fix use-after-free in uio_open

f2fs: fix to avoid dirent corruption

media: pvrusb2: fix use after free on context disconnection

Out of scope as the patch is for powerpc arch only, x86_64 is not affected

xen-netback: don't produce zero-size SKB frags

bpf: Reject variable offset alu on PTR_TO_FLOW_KEYS

UBSAN: array-index-out-of-bounds in dtSplitRoot

jfs: fix uaf in jfs_evict_inode

Bluetooth: Add more enc key size check

FS:JFS:UBSAN:array-index-out-of-bounds in dbAdjTree

jfs: fix array-index-out-of-bounds in dbAdjTree

IB/ipoib: Fix mcast list locking

i2c: i801: Fix block process call transactions

powerpc/lib: Validate size for vector operations

jfs: fix array-index-out-of-bounds in diNewExt

s390/ptrace: handle setting of fpc register correctly

KVM: s390: fix setting of fpc register

llc: call sock_orphan() at release time

KVM: arm64: vgic-its: Avoid potential UAF in LPI translation

net: prevent mss overflow in skb_segment()

ceph: fix deadlock or deadcode of misusing dget()

powerpc/mm: Fix null-pointer dereference in pgtable_cache_add

SUNRPC: Fix a suspicious RCU usage warning

net/rds: Fix UBSAN: array-index-out-of-bounds in

phy: ti: phy-omap-usb2: Fix NULL pointer dereference for SRP

sched/membarrier: reduce the ability to hammer on

can: j1939: Fix UAF in j1939_sk_match_filter during

can: j1939: Fix UAF in j1939_sk_match_filter during (adaptation)

ext4: avoid online resizing failures due to oversized flex bg

ext4: avoid online resizing failures due to oversized flex bg

binder: signal epoll threads of self-work

net/smc: fix illegal rmb_desc access in SMC-D connection dump

llc: Drop support for ETH_P_TR_802_2.

llc: Drop support for ETH_P_TR_802_2 (adaptation)

llc: make llc_ui_sendmsg() more robust against bonding

tipc: Check the bearer type before calling

blk-mq: fix IO hang from sbitmap wakeup race

netfilter: nft_ct: sanitize layer 3 and 4 protocol number in

ppp_async: limit MRU to 64K

inet: read sk->sk_family once in inet_recv_error()

nilfs2: fix potential bug in end_buffer_async_write

nilfs2: fix hang in nilfs_lookup_dirty_data_buffers()

nilfs2: fix data corruption in dsync block recovery for small

iio: magnetometer: rm3100: add boundary check for the value

ext4: fix double-free of blocks due to wrong extents

mm/writeback: fix possible divide-by-zero in

jfs: fix slab-out-of-bounds Read in dtSearch

drm: Don't unref the same fb many times by mistake due to

wifi: brcmfmac: Fix use-after-free bug in

tomoyo: fix UAF write bug in tomoyo_write_control()

wifi: mac80211: fix potential key use-after-free

Complex adaptation required. Network services prevents update because sleeps in inet_csk_accept() function.

fs,hugetlb: fix NULL pointer dereference in

drm: bridge/panel: Cleanup connector on bridge detach

arp: Prevent overflow in arp_req_get().

afs: Increase buffer size in afs_update_volume_status()

ipv6: sr: fix possible use-after-free and null-ptr-deref

Unable to fix early initialization before enabling SMP d35652a5fc9944784f6f50a5c979518ff8dacf61

Do not support powerpc build with kasan sanitizer 4a7aee96200ad281a5cc4cf5c7a2e2a49d2b97b0

usb: cdns3: fix memory double free when handle zero packet

usb: cdns3: fixed memory use after free at

ARM: ep93xx: Add terminator to gpiod_lookup_table

gtp: fix use-after-free and null-ptr-deref in

dm-crypt: don't modify the data when using authenticated

fs/aio: Restrict kiocb_set_cancel_fn() to I/O submitted via

IB/hfi1: Fix sdma.h tx->num_descs off-by-one error

IB/hfi1: Fix sdma.h tx->num_descs off-by-one error

l2tp: pass correct message length to ip6_append_data

gtp: fix use-after-free and null-ptr-deref in gtp_newlink()

fbdev: savage: Error out if pixclock equals zero

wifi: mac80211: fix race condition on enabling fast-xmit

fbdev: sis: Error out if pixclock equals zero

ext4: avoid allocating blocks from corrupted group in

ext4: avoid allocating blocks from corrupted group in

btrfs: dev-replace: properly validate device names

dmaengine: fsl-qdma: init irq after reg initialization

dmaengine: fsl-qdma: fix SoC may hang on 16 byte unaligned

Bluetooth: Avoid potential use-after-free in hci_error_reset

wifi: nl80211: reject iftype change with mesh ID change

efi/capsule-loader: fix incorrect allocation size

ipv6: fix potential "struct net" leak in inet6_rtm_getaddr()

uio_hv_generic: Fix another memory leak in error handling

IB/hfi1: Fix a memleak in init_credit_return

scsi: target: core: Add TMF to tmr_list handling

net: ip_tunnel: prevent perpetual headroom growth

netlink: Fix kernel-infoleak-after-free in

cachefiles: fix memory leak in cachefiles_add_cache()

md/raid5: fix atomicity violation in raid5_cache_count

mlxsw: spectrum_acl_tcam: Fix stack corruption

net: ip_tunnel: make sure to pull inner header in ip_tunnel_rcv()

bpf: Fix hashtab overflow check on 32-bit arches

netfilter: nf_tables: Fix potential data-race in __nft_expr_type_get()

USB: core: Fix deadlock in usb_deauthorize_interface()

net/ipv6: avoid possible UAF in ip6_route_mpath_notify()

aoe: fix the potential use-after-free problem in aoecmd_cfg_pkts

af_unix: Do not use atomic ops for unix_sk(sk)->inflight.

af_unix: Fix garbage collector racing against connect()

Bluetooth: rfcomm: Fix null-ptr-deref in rfcomm_check_security

Bluetooth: rfcomm: Fix null-ptr-deref in rfcomm_check_security

cifs: fix underflow in parse_server_interfaces()

media: xc4000: Fix atomicity violation in

ACPI: processor_idle: Fix memory leak in

The patch fixes kernel building process.

octeontx2: CVE patch is outside the scope.

Bluetooth: Fix TOCTOU in HCI debugfs implementation

netfilter: nf_tables: disallow timeout for anonymous sets

mptcp: add sk_stop_timer_sync helper

tcp: properly terminate timers for kernel sockets

[PATCH] ALSA: sh: Don't build Dreamcast AICA sound driver

[PATCH] io_uring/af_unix: disable sending io_uring over sockets

[PATCH] io_uring/unix: drop usage of io_uring socket

[PATCH] io_uring/unix: drop usage of io_uring socket

[PATCH] io_uring: drop any code related to SCM_RIGHTS

[PATCH] io_uring: drop any code related to SCM_RIGHTS

[PATCH] wifi: ath10k: fix NULL pointer dereference in ath10k_wmi_tlv_op_pull_mgmt_tx_compl_ev()

[PATCH 1/1] wifi: b43: Stop/wake correct queue in DMA Tx path when QoS is disabled

[PATCH 1/1] drm/tegra: dsi: Add missing check for of_find_device_by_node

[PATCH 1/1] sysv: don't call sb_bread() with pointers_lock held

[PATCH 1/1] tty: n_gsm: require CAP_NET_ADMIN to attach N_GSM0710 ldisc

[PATCH 1/1] ubi: Check for too small LEB size in VTBL code

[PATCH] netfilter: nf_tables: disallow anonymous set with timeout

[PATCH] sr9800: Add check for usbnet_get_endpoints

stddef: Introduce DECLARE_FLEX_ARRAY() helper

RDMA/mlx5: Fix fortify source warning while accessing Eth segment

firmware: arm_scmi: Harden accesses to the reset domains

tty: n_gsm: fix possible out-of-bounds in gsm0_receive()

nilfs2: We cannot patch functions that sleep in kthread().

kdb: Fix buffer overflow during tab-complete

erofs: fix pcluster use-after-free on UP platforms

smb: client: fix potential OOBs in smb2_parse_contexts()

smb: client: fix use-after-free bug in cifs_debug_data_proc_show()

Live-patching will introduce network performance degradation in the best case scenario, or even some more serious issues. N/A or Low cvss3 score from NVD or vendors.

gfs2: Fix slab-use-after-free in gfs2_qd_dealloc

scsi: qla2xxx: Fix double free of fcport

ALSA: hda: intel-sdw-acpi: harden detection of controller

sh: push-switch: Reorder cleanup operations to avoid use-after-free bug

ipv6: prevent NULL dereference in ip6_output()

Bluetooth: Fix atomicity violation in {min, max}_key_size_set

i40e: Refactoring VF MAC filters counting to make more reliable

i40e: Fix MAC address setting for a VF via Host/VM

i40e: Do not allow untrusted VF to remove administratively set MAC

mmc: davinci: Don't strip remove function when driver is builtin

net: make get_net_ns return error if NET_NS is disabled

net: make get_net_ns return error if NET_NS is disabled kpatch

net: sched: sch_multiq: fix possible OOB write in

greybus: Fix use-after-free bug in gb_interface_release due

jfs: xattr: fix buffer overflow for invalid xattr

ata: libata-core: Fix double free on error

net/dpaa2: Avoid explicit cpumask var allocation on stack

net/iucv: Avoid explicit cpumask var allocation on stack

nilfs2: fix inode number range checks

nilfs2: add missing check for inode numbers on directory

net: dsa: mv88e6xxx: Correct check for empty list

bonding: Fix out-of-bounds read in

locks: fix KASAN: use-after-free in trace_event_raw_event_filelock_lock

filelock: fix potential use-after-free in posix_lock_inode

net: lantiq_etop: add blank line after declaration

net: ethernet: lantiq_etop: fix double free in detach

tcp_metrics: validate source addr length

tcp_metrics: validate source addr length kpatch

iio: chemical: bme680: Fix overflows in compensate()

drm/panel: ilitek-ili9881c: Fix warning with GPIO controllers

ASoC: fsl-asoc-card: set priv->pdev before using it

pinctrl: fix deadlock in create_pinctrl() when handling

gpio: davinci: Validate the obtained number of IRQs

x86: stop playing stack games in profile_pc()

ALSA: emux: improve patch ioctl data validation

drm/nouveau: fix null pointer dereference in

Revert "mm/writeback: fix possible divide-by-zero in

UBSAN warning fix, release kernels aren't affected.

ima: Fix use-after-free on a dentry's dname.name

scsi: ufs: core: Improve SCSI abort handling

scsi: pm80xx: Fix TMF task completion race condition

scsi: pm8001: Fix use-after-free for aborted TMF sas_task

drm/amdgpu: Using uninitialized value *size when calling amdgpu_vce_cs_reloc

scsi: f2fs: check validation of fault attrs in f2fs_build_fault_attr()

mISDN: Fix memory leak in dsp_pipeline_build()

watchdog: cpu5wdt.c: Fix use-after-free bug caused by cpu5wdt_trigger

mm: swap: fix race between free_swap_and_cache() and swapoff()

netem: fix return value if duplicate enqueue fails

netfilter: nft_set_rbtree: .deactivate fails if element has expired

netfilter: nf_tables: use timestamp to check for set element timeout

netfilter: nf_tables: use timestamp to check for set element timeout kpatch

media: venus: fix use after free in vdec_close

bna: adjust 'name' buf size of bna_tcb and bna_ccb structures

jfs: Fix array-index-out-of-bounds in diFree

ipv6: prevent UAF in ip6_send_skb()

atm: idt77252: prevent use after free in dequeue_rx()

Architecture is not supported

scsi: aacraid: Fix double-free on probe failure

VMCI: Fix use-after-free when removing resource in vmci_resource_remove()

parport: Standardize use of printmode

dev/parport: fix the array out-of-bounds risk

cpufreq: brcmstb-avs-cpufreq: ISO C90 forbids mixed declarations

netfilter: nft_limit: reject configurations that cause integer overflow

ip6_tunnel: make sure to pull inner header in __ip6_tnl_rcv()

filelock: Remove locks reliably when fcntl/close race is detected

media: pci: cx23885: check cx23885_vdev_init() return

wifi: iwlwifi: mvm: Fix a memory corruption issue

Kernel versions older than 5.4.0-200.220 not affected

misc: eeprom: at24: fix regulator underflow

misc: eeprom: at24: register nvmem only after eeprom is ready

eeprom: at24: fix memory corruption race condition

media: i2c: et8ek8: Don't strip remove function when driver is builtin

ax25: Fix reference count leak issues of ax25_dev

wifi: iwlwifi: mvm: check n_ssids before accessing the ssids

ocfs2: add bounds checking to ocfs2_check_dir_entry()

jfs: don’t walk off the end of ealist

filelock: Fix fcntl/close race recovery compat path

drm/amdgpu: Fix signedness bug in sdma_v4_0_process_trap_irq()

Bluetooth: hci_core: cancel all works upon hci_unregister_dev()

drm/vmwgfx: Fix shader stage validation

hfsplus: fix uninit-value in copy_name

tap: add missing verification for short frame

tun: add missing verification for short frame

gtp: pull network headers in gtp_dev_xmit()

drm/amdgpu: fix mc_data out-of-bounds read warning

drm/amdgpu: fix ucode out-of-bounds read warning

of/irq: Prevent device address out-of-bounds read in interrupt map walk

HID: cougar: fix slab-out-of-bounds Read in cougar_report_fixup

exec: Fix ToCToU between perm check and set-uid/gid usage

net: sched: fix possible refcount leak in tc_chain_tmplt_add()

net/sched: flower: Fix chain template offload

net/sched: flower: Fix chain template offload

Squashfs: sanity check symbolic link size

hwmon: (w83627ehf) Fix underflows seen when writing limit attributes

hwmon: (nct6775-core) Fix underflows seen when writing limit attributes

hwmon: (lm95234) Fix underflows seen when writing limit attributes

hwmon: (adc128d818) Fix underflows seen when writing limit attributes

ASoC: dapm: Fix UAF for snd_soc_pcm_runtime object