net: fix __dst_negative_advice() race

fuse: fix pipe buffer lifetime for direct_io

fuse: fix pipe buffer lifetime for direct_io

wifi: mac80211: Avoid address calculations via out of bounds array indexing

x86/bhi: Add support for clearing branch history at syscall entry

media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format

can: bcm: Fix UAF in bcm_proc_show()

HID: core: zero-initialize the report buffer

ALSA: usb-audio: Fix potential out-of-bound accesses for Extigy and Mbox devices

ALSA: usb-audio: Fix a DMA to stack memory bug

ALSA: usb-audio: Fix out of bounds reads when finding clock sources

netfilter: ipset: add missing range check in bitmap_ip_uadt

net: atm: fix use after free in lec_send()

net: atlantic: fix aq_vec index out of range error

HID: intel-ish-hid: Fix use-after-free issue in ishtp_hid_remove()

media: uvcvideo: Fix double free in error path

misc/vmw_vmci: fix an infoleak in vmci_host_do_receive_datagram()

ext4: fix off-by-one error in do_split

drivers:md:fix a potential use-after-free bug

sch_hfsc: make hfsc_qlen_notify() idempotent

ext4: avoid resizing to a partial cluster size

Change signature of qdisc_tree_reduce_backlog() to use ints

net/sched: Always pass notifications when child class becomes empty

sch_cbq: make cbq_qlen_notify() idempotent

sch_htb: make htb_deactivate() idempotent

codel: remove sch->q.qlen check before qdisc_tree_reduce_backlog()

sch_qfq: make qfq_qlen_notify() idempotent

sch_drr: make drr_qlen_notify() idempotent

sch_htb: make htb_qlen_notify() idempotent

sch_hfsc: Fix qlen accounting bug when using peek in hfsc_enqueue()

crypto: algif_hash - fix double free in hash_accept

scsi: lpfc: Use memcpy() for BIOS version

posix-cpu-timers: fix race between handle_posix_cpu_timers() and posix_cpu_timer_del()

net: usb: smsc75xx: Limit packet length to skb->len

net: usb: smsc75xx: Move packet length check to prevent kernel panic in skb_pull

net/sched: sch_qfq: Fix race condition on qfq_aggregate

nALSA: usb-audio: Fix an out-of-bounds bug in __snd_usb_parse_audio_interface()

i40e: fix MMIO write access to an invalid page in i40e_clear_hw

ALSA: bcd2000: Fix a UAF bug on the error path of probing

md-raid10: fix KASAN warning

net_sched: hfsc: Fix a UAF vulnerability in class handling

HID: core: Harden s32ton() against conversion to 0 bits

crypto: seqiv - Handle EBUSY correctly

Out of scope: not affected

This CVE has been rejected or withdrawn by its CVE Numbering Authority as per NVD website

HID: core: detect and skip invalid inputs to snto32()

HID: core: fix shift-out-of-bounds in hid_report_raw_event

Out of scope: not affected

Bluetooth: L2CAP: Fix use-after-free

wifi: brcmfmac: fix use-after-free bug in brcmf_netdev_start_xmit()

sctp: linearize cloned gso packets in sctp_rcv

ip6mr: Fix skb_under_panic in ip6mr_cache_report()

cifs: fix oops during encryption

fs: fix UAF/GPF bug in nilfs_mdt_destroy

NFSD: Protect against send buffer overflow in NFSv2 READ

Bug isn't present in RHEL7 kernel.

scsi: qla2xxx: Wait for io return on terminate rport

tcp: Clear tcp_sk(sk)->fastopen_rsk in tcp_disconnect()

mm: fix zswap writeback race condition

ALSA: usb-audio: Validate UAC3 power domain descriptors, too

ALSA: usb-audio: Validate UAC3 power domain descriptors, too

ALSA: usb-audio: Validate UAC3 cluster segment descriptors

Bluetooth: L2CAP: fix bad unlock balance in l2cap_disconnect_rsp

net: sched: sfb: fix null pointer access issue when sfb_init() fails

ext4: fix undefined behavior in bit shift for ext4_check_flag_values

net_sched: hfsc: Fix a potential UAF in hfsc_dequeue() too

ipv6: Fix out-of-bounds access in ipv6_find_tlv()

libceph: fix potential use-after-free in have_mon_and_osd_map()

scsi: ses: Fix possible desc_ptr out-of-bounds accesses

i40e: fix idx validation in config queues msg

CVE rejected

vsock: Ignore signal/timeout on connect() if already established

Restrict access to pagemap/kpageflags/kpagecount