USB: move snd_usb_pipe_sanity_check into the USB core

USB: add usb_control_msg_send() and usb_control_msg_recv()

net/sched: tcindex: update imperfect hash filters respecting rcu

HID: check empty report_list in hid_validate_values()

drm/amdkfd: Check for null pointer after calling kmemdup

l2tp: Serialize access to sk_user_data with sk_callback_lock

sctp: fail if no bound addresses can be used for a given scope

net: mpls: fix stale pointer if allocation fails during device rename

media: mceusb: Use new usb_control_msg_*() routines

prlimit: do_prlimit needs to have a speculation check

Complex adaptation is required, mainline retired tcindex.

Safety check failed for copy_from_user; zendesk:191568

net/tls: tls_is_tx_ready() checked list_entry

kvm: initialize all of the kvm_debugregs structure before sending it

rds: rds_rm_zerocopy_callback() use list_first_entry()

scsi: iscsi_tcp: Fix UAF during login when accessing the shost

netrom: Fix use-after-free caused by accept on already connected

[PATCH] media: rc: Fix use-after-free bugs caused by ene_tx_irqsim()

wifi: brcmfmac: slab-out-of-bounds read in brcmf_get_assoc_ies()

KVM: nVMX: add missing consistency checks for CR0 and CR4

net: sched: sch_qfq: prevent slab-out-of-bounds in qfq_activate_agg

netfilter: nf_tables: deactivate anonymous set from

net/sched: flower: fix possible OOB write in fl_set_geneve_opt()

ipvlan:Fix out-of-bounds caused by unclear skb->cb

netfilter: nf_tables: incorrect error path handling with NFT_MSG_NEWRULE

netfilter: nf_tables: prevent OOB access in nft_byteorder_eval

overlayfs: Skip permission checking for trusted.overlayfs.* xattrs

memstick: r592: Fix UAF bug in r592_remove due to race condition

btrfs: unset reloc control if transaction commit fails in prepare_to_relocate()

[PATCH] btrfs: fix race between quota disable and quota assign ioctls

cifs: fix NULL ptr dereference in smb2_ioctl_query_info()

net: sched: fix race condition in qdisc_graft()

[PATCH] i2c: xgene-slimpro: Fix out-of-bounds bug in

net: qcom/emac: Fix use after free bug in emac_remove due to race

power: supply: da9150: Fix use after free bug in

net: tls: fix possible race condition between

xfs: verify buffer contents when we skip log replay

netlink: limit recursion depth in policy validation

[PATCH] act_mirred: use the backlog for nested calls to mirred

hwmon: (xgene) Fix use after free bug in xgene_hwmon_remove due to

nfc: st-nci: Fix use after free bug in ndlc_remove due to race

ext4: check if directory block is within i_size

ext4: fix check for block being out of directory size

x86/speculation: Identify processors vulnerable to SMT RSB predictions

KVM: x86: Mitigate the cross-thread return address predictions bug

KVM: x86: Mitigate the cross-thread return address predictions bug (adaptation)

Complex adaptation required.

net/sched: cls_fw: Fix improper refcount update leads to

net/sched: sch_qfq: account for stab overhead in qfq_enqueue

net/sched: cls_u32: Fix reference counter leak leading to overflow

hw: amd: Cross-Process Information Leak

binder: fix UAF caused by faulty buffer cleanup

usb: gadget: udc: renesas_usb3: Fix use after free bug in

media: saa7134: fix use after free bug in saa7134_finidev due to race

bpf: Fix incorrect verifier pruning due to missing register precision

relayfs: fix out-of-bounds access in relay_file_read

media: dm1105: Fix use after free bug in dm1105_remove due to race condition

bluetooth: Perform careful capability checks in hci_sock_ioctl()

media: dvb-core: Fix kernel WARNING for blocking operation in wait_event*()

dm ioctl: fix nested locking in table_clear() to remove deadlock concern

Bluetooth: L2CAP: Fix use-after-free in l2cap_sock_ready_cb

net/sched: cls_route: No longer copy tcf_result on update to avoid

net/sched: cls_fw: No longer copy tcf_result on update to avoid

net/sched: cls_u32: No longer copy tcf_result on update to avoid

x86/CPU/AMD: Do not leak quotient data after a division by 0

This is a low priority CVE & the patch impacts many critical components of the networking subsystem & it requires multiple complex adaptations in those components to avoid losing existing connections on patch/unpatch.

The patch remove functionality.

[PATCH] nfc: llcp: simplify llcp_sock_connect() error paths

[PATCH] net: nfc: Fix use-after-free caused by nfc_llcp_find_local

gfs2: Don't deref jdesc in evict

bpf: Fix toctou on read-only map's constant scalar tracking

bpf: Fix toctou on read-only map's constant scalar tracking

af_unix: Fix null-ptr-deref in unix_stream_sendpage().

net/sched: sch_hfsc: Ensure inner classes have fsc curve

net: sched: sch_qfq: Fix UAF in qfq_dequeue()

net: sched: sch_qfq: Fix UAF in qfq_dequeue() (adaptation)

netfilter: ipset: add the missing IP_SET_HASH_WITH_NET0 macro for

igmp: limit igmpv3_newpack() packet size to IP_MAX_MTU

CVE was wrongly assigned to a bug that was deemed to be a non-security issue by the Linux kernel security team.

The patch removes functionality.

netfilter: ipset: Add schedule point in call_ad().

netfilter: ipset: Fix race between IPSET_CMD_CREATE and

xen/netback: Fix buffer overrun triggered by unusual packet

Bluetooth: hci_ldisc: check HCI_UART_PROTO_READY flag in

media: usb: siano: Fix use after free bugs caused by do_submit_urb (dependency)

media: usb: siano: Fix warning due to null work_func_t function

Medium severity vulnerability CVE requiring extremely complex adaptation (if at all possible)

xfrm: add NULL check in xfrm_update_ae_params

ubi: Refuse attaching if mtd's erasesize is 0

igb: set max size RX buffer when store bad packet is enabled

igb: set max size RX buffer when store bad packet is enabled (adaptation)

net/tls: do not free tls_rec on async operation in

netfilter: nfnetlink_osf: avoid OOB read

netfilter: xt_sctp: validate the flag_info count

netfilter: xt_u32: validate user space input

netfilter: xt_u32: validate user space input (adaptation)

perf: Disallow mis-matched inherited group reads

perf: Disallow mis-matched inherited group reads

nvmet-tcp: move send/recv error handling in the send/recv methods instead of call-sites

nvmet-tcp: Fix a possible UAF in queue intialization setup

ipv4: fix null-deref in ipv4_link_failure

net: xfrm: Fix xfrm_address_filter OOB read

Complex adaptation required.

netfilter: nf_tables: Reject tables of unsupported family

smb: client: fix OOB in smbCalcSize()

perf: Fix perf_event_validate_size()

perf: Fix perf_event_validate_size() lockdep splat

ipv4: igmp: fix refcnt uaf issue when receiving igmp query packet

ravb: Fix use-after-free issue in ravb_tx_timeout_work()

nfc: nci: fix possible NULL pointer dereference in send_acknowledge()

kobject: Fix slab-out-of-bounds in fill_kobj_path()

xen/events: replace evtchn_rwlock with RCU

net: tls, update curr on splice as well

smb: client: fix OOB in receive_encrypted_standard()

ida: Fix crash in ida_free when the bitmap is empty

appletalk: Fix Use-After-Free in atalk_ioctl

usb: dwc3: dwc3-qcom: Add missing platform_device_put() in dwc3_qcom_acpi_register_core

Bluetooth: af_bluetooth: Fix Use-After-Free in bt_sock_recvmsg

f2fs: fix to do sanity check on inode type during garbage collection

An introduction of required changes through KernelCare could cause unavoidable problems to applications which use netfilter functionality.

nvmet: nul-terminate the NQNs passed in the connect command

net/rose: Fix Use-After-Free in rose_ioctl

atm: Fix Use-After-Free in do_vcc_ioctl

vhost: use kzalloc() instead of kmalloc() followed by memset()

netfilter: nf_tables: reject QUEUE/DROP verdict parameters

phy: tegra: xusb: Fix return value of tegra_xusb_find_port_node function

malidp: Fix NULL vs IS_ERR() checking

scsi: lpfc: Fix a possible data race in lpfc_unregister_fcf_rescan()

nvmet-tcp: Fix a kernel panic when host sends an invalid H2C PDU length

drm/radeon: check the alloc_workqueue return value in radeon_crtc_init()

binder: fix race between mmput() and do_exit()

crypto: scomp - fix req->dst buffer overflow

net: qualcomm: rmnet: fix global oob in rmnet_policy

net: qualcomm: rmnet: fix global oob in rmnet_policy

ip6_tunnel: fix NEXTHDR_FRAGMENT handling in ip6_tnl_parse_tlv_enc_lim()

serial: 8250: omap: Don't skip resource freeing if pm_runtime_resume_and_get() failed

ipv6: remove max_size check inline with ipv4

ipv6: remove max_size check inline with ipv4

dm ioctl: log an error if the ioctl structure is corrupted

dm: limit the number of targets and parameter size area

apparmor: avoid crash when parsed profile name is empty

gfs2: Fix kernel NULL pointer dereference in gfs2_rgrp_dump

mtd: Fix gluebi NULL pointer dereference caused by ftl

f2fs: explicitly null-terminate the xattr list

drivers/amd/pm: fix a use-after-free in kv_parse_power_table

EDAC/thunderx: Fix possible out-of-bounds string access

netfilter: nf_tables: fix pointer math issue in nft_byteorder_eval()

Out of scope. Android related patch.

uio: Fix use-after-free in uio_open

f2fs: fix to avoid dirent corruption

media: pvrusb2: fix use after free on context disconnection

Out of scope as the patch is for powerpc arch only, x86_64 is not affected

xen-netback: don't produce zero-size SKB frags

bpf: Reject variable offset alu on PTR_TO_FLOW_KEYS

UBSAN: array-index-out-of-bounds in dtSplitRoot

jfs: fix uaf in jfs_evict_inode

Bluetooth: Add more enc key size check

FS:JFS:UBSAN:array-index-out-of-bounds in dbAdjTree

jfs: fix array-index-out-of-bounds in dbAdjTree

IB/ipoib: Fix mcast list locking

i2c: i801: Fix block process call transactions

powerpc/lib: Validate size for vector operations

jfs: fix array-index-out-of-bounds in diNewExt

s390/ptrace: handle setting of fpc register correctly

KVM: s390: fix setting of fpc register

llc: call sock_orphan() at release time

KVM: arm64: vgic-its: Avoid potential UAF in LPI translation

net: prevent mss overflow in skb_segment()

ceph: fix deadlock or deadcode of misusing dget()

powerpc/mm: Fix null-pointer dereference in pgtable_cache_add

SUNRPC: Fix a suspicious RCU usage warning

net/rds: Fix UBSAN: array-index-out-of-bounds in

phy: ti: phy-omap-usb2: Fix NULL pointer dereference for SRP

sched/membarrier: reduce the ability to hammer on

can: j1939: Fix UAF in j1939_sk_match_filter during

can: j1939: Fix UAF in j1939_sk_match_filter during (adaptation)

ext4: avoid online resizing failures due to oversized flex bg

ext4: avoid online resizing failures due to oversized flex bg

binder: signal epoll threads of self-work

net/smc: fix illegal rmb_desc access in SMC-D connection dump

llc: Drop support for ETH_P_TR_802_2.

llc: Drop support for ETH_P_TR_802_2 (adaptation)

llc: make llc_ui_sendmsg() more robust against bonding

tipc: Check the bearer type before calling

hwmon: (coretemp) Fix out-of-bounds memory access

blk-mq: fix IO hang from sbitmap wakeup race

netfilter: nft_ct: sanitize layer 3 and 4 protocol number in

ppp_async: limit MRU to 64K

inet: read sk->sk_family once in inet_recv_error()

nilfs2: fix potential bug in end_buffer_async_write

nilfs2: fix hang in nilfs_lookup_dirty_data_buffers()

nilfs2: fix data corruption in dsync block recovery for small

iio: magnetometer: rm3100: add boundary check for the value

ext4: fix double-free of blocks due to wrong extents

mm/writeback: fix possible divide-by-zero in

jfs: fix slab-out-of-bounds Read in dtSearch

drm: Don't unref the same fb many times by mistake due to

wifi: brcmfmac: Fix use-after-free bug in

tomoyo: fix UAF write bug in tomoyo_write_control()

wifi: mac80211: fix potential key use-after-free

Complex adaptation required. Network services prevents update because sleeps in inet_csk_accept() function.

fs,hugetlb: fix NULL pointer dereference in

drm: bridge/panel: Cleanup connector on bridge detach

arp: Prevent overflow in arp_req_get().

afs: Increase buffer size in afs_update_volume_status()

ipv6: sr: fix possible use-after-free and null-ptr-deref

Unable to fix early initialization before enabling SMP d35652a5fc9944784f6f50a5c979518ff8dacf61

Do not support powerpc build with kasan sanitizer 4a7aee96200ad281a5cc4cf5c7a2e2a49d2b97b0

usb: cdns3: fix memory double free when handle zero packet

usb: cdns3: fixed memory use after free at

ARM: ep93xx: Add terminator to gpiod_lookup_table

gtp: fix use-after-free and null-ptr-deref in

dm-crypt: don't modify the data when using authenticated

fs/aio: Restrict kiocb_set_cancel_fn() to I/O submitted via

IB/hfi1: Fix sdma.h tx->num_descs off-by-one error

IB/hfi1: Fix sdma.h tx->num_descs off-by-one error

l2tp: pass correct message length to ip6_append_data

gtp: fix use-after-free and null-ptr-deref in gtp_newlink()

fbdev: savage: Error out if pixclock equals zero

wifi: mac80211: fix race condition on enabling fast-xmit

fbdev: sis: Error out if pixclock equals zero

ext4: avoid allocating blocks from corrupted group in

ext4: avoid allocating blocks from corrupted group in

btrfs: dev-replace: properly validate device names

dmaengine: fsl-qdma: init irq after reg initialization

dmaengine: fsl-qdma: fix SoC may hang on 16 byte unaligned

Bluetooth: Avoid potential use-after-free in hci_error_reset

wifi: nl80211: reject iftype change with mesh ID change

efi/capsule-loader: fix incorrect allocation size

ipv6: fix potential "struct net" leak in inet6_rtm_getaddr()

uio_hv_generic: Fix another memory leak in error handling

IB/hfi1: Fix a memleak in init_credit_return

scsi: target: core: Add TMF to tmr_list handling

net: ip_tunnel: prevent perpetual headroom growth

netlink: Fix kernel-infoleak-after-free in

cachefiles: fix memory leak in cachefiles_add_cache()

md/raid5: fix atomicity violation in raid5_cache_count

mlxsw: spectrum_acl_tcam: Fix stack corruption

net: ip_tunnel: make sure to pull inner header in

bpf: Fix stackmap overflow check on 32-bit arches

bpf: Fix hashtab overflow check on 32-bit arches

netfilter: nf_tables: Fix potential data-race in __nft_expr_type_get()

USB: core: Fix deadlock in usb_deauthorize_interface()

net/ipv6: avoid possible UAF in ip6_route_mpath_notify()

aoe: fix the potential use-after-free problem in aoecmd_cfg_pkts

af_unix: Do not use atomic ops for unix_sk(sk)->inflight.

af_unix: Fix garbage collector racing against connect()

kpatch add alt asm definitions

kpatch add paravirt asm definitions