Xen/gnttab: handle p2m update errors on a per-slot basis

fuse: fix bad inode

fuse: fix live lock in fuse_iget()

perf/x86/intel: Fix a crash caused by zero PEBS status

btrfs: fix race when cloning extent buffer during rewind of an old

xen-blkback: don't leak persistent grants from xen_blkbk_map()

vhost-vdpa: fix use-after-free of v->config_ctx

vhost-vdpa: set v->config_ctx to NULL if eventfd_ctx_fdget()

netfilter: x_tables: Use correct memory barriers

bpf, x86: Validate computation of branch displacements for x86-64

dm ioctl: fix out of bounds array access when no devices

sctp: delay auto_asconf init until binding the first addr

scsi: target: Fix XCOPY NAA identifier lookup

scsi: target: Fix XCOPY NAA identifier lookup (kpatch adaptation)

KVM: SVM: avoid infinite loop on NPF from bad address

netfilter: x_tables: fix compat match/target pad out-of-bound write

nfc: fix refcount leak in llcp_sock_bind()

nfc: fix refcount leak in llcp_sock_connect()

nfc: fix memory leak in llcp_sock_connect()

bpf: Move off_reg into sanitize_ptr_alu

bpf: Ensure off_reg has no mixed signed bounds for all types

bpf: Rework ptr_limit into alu_limit and add common error path

bpf: Improve verifier error messages for users

bpf: Refactor and streamline bounds check into helper

bpf: Move sanitize_val_alu out of op switch

bpf: Tighten speculative pointer arithmetic mask

The patch is reverted in the upstream by 01bfe5e8e4 as introducing a deadlock

bpf: Fix masking negation logic upon negative dst register

bluetooth: eliminate the potential race condition when removing the HCI controller

Bluetooth: verify AMP hci_chan before amp_destroy

Bluetooth: verify AMP hci_chan before amp_destroy (kcare adaptation)

cipso,calipso: resolve a number of problems with the DOI refcounts

net: mac802154: Fix general protection fault

seq_file: Disallow extremely large seq buffer allocations

net/mlx4: Fix EEPROM dump support

net/nfc: fix use-after-free llcp_sock_bind/connect

mac80211: assure all fragments are encrypted

ath10k: add CCMP PN replay protection for fragmented frames

ath10k: drop fragments with multicast DA for PCIe

ath10k: drop fragments with multicast DA for SDIO

ath10k: Fix TKIP Michael MIC verification for PCIe

ath10k: drop MPDU which has discard flag set by firmware for SDIO

mac80211: drop A-MSDUs on old ciphers

cfg80211: mitigate A-MSDU aggregation attacks

mac80211: properly handle A-MSDUs that start with an RFC 1042 header

mac80211: prevent mixed key and fragment cache attacks

mac80211: prevent mixed key and fragment cache attacks (adaptation)

mac80211: prevent attacks on TKIP/WEP as well

mac80211: extend protection against mixed key and fragment cache attacks

mac80211: add fragment cache to sta_info

Bluetooth: fix the erroneous flush_work() order

KVM: nSVM: always intercept VMLOAD/VMSAVE when nested

KVM: nSVM: avoid picking up unsupported bits from L2 in int_ctl

KVM: nSVM: avoid picking up unsupported bits from L2 in int_ctl (adaptation)

KVM: SVM: Periodically schedule when unregistering regions on destroy

KVM: do not allow mapping valid but non-reference-counted pages

Bluetooth: use correct lock to prevent UAF of hdev object

UBUNTU: SAUCE: can: bcm: delay release of struct bcm_op after synchronize_rcu

Already included in ELSA-2021-9420

btrfs: fix NULL pointer dereference when deleting device by invalid id

hso: fix bailout in error case of probe

usb: hso: fix error handling code of hso_create_net_device

KVM: X86: MMU: Use the correct inherited permissions to get shadow page

KVM: X86: MMU: Use the correct inherited permissions to get shadow page (adaptation)

net: qrtr: fix another OOB Read in qrtr_endpoint_post

ext4: fix race writing to an inline_data file while its xattrs are changing

Patch already exists in 5.4.y kernels.

dccp: don't duplicate ccid when cloning dccp sock

crypto: ccp - fix resource leaks in ccp_run_aes_gcm_cmd()

bpf: Fix integer overflow in prealloc_elems_and_freelist()

af_unix: fix garbage collect vs MSG_PEEK

af_unix: fix garbage collect vs MSG_PEEK (adaptation)

fget: check that the fd still exists after getting a ref to it

xfs: map unwritten blocks in XFS_IOC_{ALLOC,FREE}SP just like

vfs: fs_context: fix up param length parsing in legacy_parse_param

UBUNTU: SAUCE: vfs: test that one given mount param is not larger than PAGE_SIZE

cgroup-v1: Require capabilities to set release_agent

Bluetooth: sco: Fix lock_sock() blockage by memcpy_from_msg()

netfilter: nf_tables_offload: incorrect flow offload action array size

lib/iov_iter: initialize "flags" in new pipe_buffer

KVM: x86: nSVM: don't copy virt_ext from vmcb12

drm/i915: Flush TLBs before releasing backing store

drm/i915: Flush TLBs before releasing backing store (adaptation)

USB: gadget: zero allocate endpoint 0 buffers

USB: gadget: detect too-big endpoint 0 requests

USB: gadget: bRequestType is a bitfield, not a enum

tipc: improve size validations for received domain records

Out of scope as the patch is aarch64 related

An introduction of required changes through KernelCare could cause unavoidable problems to applications which use unprivileged eBPF.

UBUNTU: SAUCE: drm/vmwgfx: Fix stale file descriptors on failed usercopy

net/packet: rx_owner_map depends on pg_vec

NFSv4: Handle case where the lookup of a directory fails

udf: Fix NULL ptr deref when converting from inline format

udf: Restore i_lenAlloc when inode expansion fails

ipv4: avoid using shared IP generator for connected sockets

ipv4: tcp: send zero IPID in SYNACK messages

sr9700: sanity check for packet length

An introduction of required changes through KernelCare could cause unavoidable problems to applications which use unprivileged eBPF.

netfilter: nf_tables: initialize registers in nft_do_chain()

KVM: x86/mmu: do compare-and-exchange of gPTE via the user

phonet: refcount leak in pep_sock_accep

net: sched: fix use-after-free in tc_new_tfilter()

esp: Fix possible buffer overflow in ESP transformation

Not affected without certain conditions - Secure Boot, configured kgdb/kdb. Complex adaptation

af_key: add __GFP_ZERO flag for compose_sadb_supported in function pfkey_register

ALSA: pcm: Fix races among concurrent hw_params and hw_free calls

ALSA: pcm: Fix races among concurrent read/write and buffer changes

ALSA: pcm: Fix races among concurrent prepare and hw_params/hw_free calls

ALSA: pcm: Fix races among concurrent prealloc proc writes

ALSA: pcm: Fix races among concurrent hw_params and hw_free calls (adaptation)

xen/xenbus: don't let xenbus_grant_ring() remove grants in error case

xen/grant-table: add gnttab_try_end_foreign_access()

xen/netfront: don't use gnttab_query_foreign_access() for mapped status

xen/scsifront: don't use gnttab_query_foreign_access() for mapped status

xen/gntalloc: don't use gnttab_query_foreign_access()

xen: remove gnttab_query_foreign_access()

xen/9p: use alloc/free_pages_exact()

xen/gnttab: fix gnttab_end_foreign_access() without page specified

xen/netfront: react properly to failing gnttab_end_foreign_access_ref()

xen/gnttab: fix gnttab_end_foreign_access() without page specified (adaptation)

xen/netfront: react properly to failing gnttab_end_foreign_access_ref() (adaptation)

cgroup: Use open-time credentials for process migraton perm checks

x86/speculation/mmio: Add mitigation for Processor MMIO Stale Data

Kernel lockdown bypass when UEFI secure boot is disabled / unavailable and IMA appraisal is enabled.

net_sched: cls_route: remove from list when handle is 0

KVM: Add infrastructure and macro to mark VM as bugged

KVM: Add infrastructure and macro to mark VM as bugged (adaptation)

KVM: Add infrastructure and macro to mark VM as bugged

KVM: x86: Check lapic_in_kernel() before attempting to set a SynIC irq

KVM: x86: Avoid theoretical NULL pointer dereference in kvm_irq_delivery_to_apic_fast()

Livepatching Retbleed may decrease kernel stability and performance. This vulnerability has medium security impact and applies to certain hardware environments only.

Livepatching Retbleed may decrease kernel stability and performance. This vulnerability has medium security impact and applies to certain hardware environments only.

Livepatching Retbleed may decrease kernel stability and performance. This vulnerability has medium security impact and applies to certain hardware environments only.

rds: copy_from_user only once per rds_sendmsg system call

ipc: replace costly bailout check in sysvipc_find_ipc()

drm: add a locked version of drm_is_current_master

drm: add a locked version of drm_is_current_master

drm: add a locked version of drm_is_current_master

drm: add a locked version of drm_is_current_master (adaptation)

netfilter: nf_tables: do not allow SET_ID to refer to another

netfilter: nf_tables: do not allow SET_ID to refer to another

scsi: target: Fix protect handling in WRITE SAME(32)

scsi: target: Fix WRITE_SAME No Data Buffer crash

lockdown: also lock down previous kgdb use

af_key: Do not call xfrm_probe_algs in parallel

mISDN: fix use-after-free bugs in l1oip timer handlers

mISDN: fix use-after-free bugs in l1oip timer handlers (adaptation)

io_uring/af_unix: defer registered files gc to io_uring release

io_uring/af_unix: defer registered files gc to io_uring release (adaptation)

proc: avoid integer type confusion in get_proc_long

proc: proc_skip_spaces() shouldn't think it is working on C strings

Bluetooth: L2CAP: Fix attempting to access uninitialized memory

drm/i915/gt: Serialize TLB invalidates with GT resets

drm/i915: fix TLB invalidation for Gen12 video and compute engines

Bluetooth: L2CAP: Fix accepting connection request for invalid SPSM

media: dvb-core: Fix UAF due to refcount races at releasing

i2c: ismt: Fix an out-of-bounds bug in ismt_access()

Bluetooth: L2CAP: Fix u8 overflow

net: sched: atm: dont intepret cls results when asked to drop

net: sched: cbq: dont intepret cls results when asked to drop

ipv6: raw: Deduct extension header length in rawv6_push_pending_frames

net: sched: disallow noqueue for qdisc classes

media: dvbdev: adopts refcnt to avoid UAF

media: dvbdev: fix refcnt bug

media: dvbdev: adopts refcnt to avoid UAF (adaptation)

drm/amdkfd: Check for null pointer after calling kmemdup

KVM: VMX: Execute IBPB on emulated VM-exit when guest has IBRS

net: fix a concurrency bug in l2tp_tunnel_register()

l2tp: Serialize access to sk_user_data with sk_callback_lock

l2tp: Don't sleep and disable BH under writer-side sk_callback_lock

wifi: rndis_wlan: Prevent buffer overflow in rndis_query_oid

x86/speculation: Identify processors vulnerable to SMT RSB predictions

KVM: x86: Mitigate the cross-thread return address predictions bug

KVM: x86: Mitigate the cross-thread return address predictions bug (adaptation)

netfilter: nf_tables: deactivate anonymous set from preparation phase

KVM: nVMX: add missing consistency checks for CR0 and CR4

netfilter: nf_tables: stricter validation of element data

KVM: x86: do not report a vCPU as preempted outside instruction boundaries (adaptation)

Complex adaptation required.

rds: Fix lack of reentrancy for connection reset with dst addr zero

netfilter: ipset: add the missing IP_SET_HASH_WITH_NET0 macro for ip_set_hash_netportnet.c

A low priority AMD Inception vulnerability that affects Zen3/Zen4 & relates to RetBleed fixes requiring microcode updates, we can't do much about it in KCare Infra.

x86/CPU/AMD: Do not leak quotient data after a division by 0

Bluetooth: btsdio: fix use after free bug in btsdio_remove due to race condition

nvmet-tcp: Fix a possible UAF in queue intialization setup

kobject: Fix slab-out-of-bounds in fill_kobj_path()

An introduction of required changes through KernelCare could cause unavoidable problems to applications which use netfilter functionality.

netfilter: nf_tables: reject QUEUE/DROP verdict parameters

vhost: use kzalloc() instead of kmalloc() followed by memset()

netfilter: nf_tables: fix pointer math issue in nft_byteorder_eval()

kpatch add alt asm definitions

kpatch add alternative2 asm definition

x86/bhi: Add support for clearing branch history at syscall entry

tap: add missing verification for short frame

tun: add missing verification for short frame

net: fix __dst_negative_advice() race

nilfs2: We cannot patch functions that sleep in kthread().

ppdev: Add an error check in register_device

nilfs2: fix potential hang in nilfs_detach_log_writer()

kdb: Fix buffer overflow during tab-complete

ipv6: sr: fix invalid unregister error path

tty: n_gsm: fix possible out-of-bounds in gsm0_receive()

crypto: bcm - Fix pointer arithmetic

jffs2: prevent xattr node from overflowing the eraseblock

USB: core: Add routines for endpoint checks in old drivers

wifi: carl9170: add a proper sanity check for endpoints

drm/mediatek: Add 0 size check to mtk_drm_gem_obj

drm/arm/malidp: fix a possible null pointer dereference

serial: max3100: Update uart_driver_registered on driver

netfilter: nfnetlink_queue: acquire rcu_read_lock() in instance_destroy_rcu()

enic: Validate length of nl attributes in enic_set_vf_port

Out of scope as the patch is for s390 arch only, x86_64, arm64 is not affected

xsk: validate user input for XDP_{UMEM|COMPLETION}_FILL_RING

drm/amd/display: Fix potential index out of bounds in color transformation function

scsi: bfa: Ensure the copied buf is NUL terminated

af_unix: Fix data races in unix_release_sock/unix_stream_sendmsg

greybus: lights: check return of get_channel_from_mode

virtio: delete vq in vp_find_vqs_msix() when request_irq() fails

ALSA: timer: Set lower bound of start tick time

tcp: Fix shift-out-of-bounds in dctcp_update_alpha().

tcp: Fix shift-out-of-bounds in dctcp_update_alpha().

wifi: ar5523: enable proper endpoint verification

ecryptfs: Fix buffer size for tag 66 packet

ring-buffer: Fix a race between readers and resize checks

serial: max3100: Lock port->lock when calling

ext4: fix mb_cache_entry's e_refcnt leak in

f2fs: fix to do sanity check on i_xattr_nid in

drm/amdgpu: add error handle to avoid out-of-bounds

Out of scope: ARM64 architecture issue

ipvlan: Dont Use skb->sk in ipvlan_process_v{4,6}_outbound

SUNRPC: Fix gss_free_in_token_pages()

SUNRPC: Fix loop termination condition in gss_free_in_token_pages()

netfilter: tproxy: bail out if IP has been disabled on the device

net: openvswitch: fix overwriting ct original tuple for ICMPv6

scsi: qedf: Ensure the copied buf is NUL terminated

soundwire: Skipped as code which CVE fixes doesn't exists in older releaes

net/9p: fix uninit-value in p9_client_rpc()

cpufreq: exit() callback is optional

Out of scope as the patch is for m68k arch only, x86_64, arm64 is not affected

netrom: fix possible dead-lock in nr_rt_ioctl()

stm class: Fix a double free in stm_register_device()

Out of scope: User-mode Linux isn't supported for current kernel

media: stk1160: fix bounds checking in stk1160_copy_video()

ipv6: sr: fix memleak in seg6_hmac_init_algo

dma-buf/sw-sync: don't enable IRQ from sync_print_obj()

netns: Make get_net_ns() handle zero refcount net

filelock: fix potential use-after-free in posix_lock_inode

netfilter: nftables: exthdr: fix 4-byte stack OOB write

net/iucv: Avoid explicit cpumask var allocation on stack

bonding: Fix out-of-bounds read in

net: ethernet: lantiq_etop: fix double free in detach

nilfs2: add missing check for inode numbers on directory

ipv6: annotate some data-races around sk->sk_prot

ipv6: Fix data races around sk->sk_prot.

tcp: Fix data races around icsk->icsk_af_ops.

nilfs2: fix nilfs_empty_dir() misjudgment and long loop on I/O errors

vmci: prevent speculation leaks by sanitizing event in event_deliver()

liquidio: Adjust a NULL pointer handling path in lio_vf_rep_copy_packet

USB: class: cdc-wdm: Fix CPU lockup caused by excessive log messages

drm/exynos/vidi: fix memory leak in .get_modes()

ipv6: prevent possible NULL dereference in rt6_probe()

drm/radeon: fix UBSAN warning in kv_dpm.c

USB: core: Fix duplicate endpoint bug by clearing reserved bits in the descriptor

usb: atm: cxacru: fix endpoint checking in cxacru_bind()

net: can: j1939: Initialize unused data in j1939_send_one()

ocfs2: fix races between hole punching and AIO+DIO

net/sched: act_api: fix possible infinite loop in tcf_idr_check_alloc()

ppp: reject claimed-as-LCP but actually malformed packets

ASoC: fsl-asoc-card: set priv->pdev before using it

net: tcp: fix unexcepted socket die when snd_wnd is 0

tcp: use signed arithmetic in tcp_rtx_probe0_timed_out()

tcp: avoid too many retransmit packets

x86: stop playing stack games in profile_pc()

scsi: qedi: Fix crash while reading debugfs attribute

inet_diag: Initialize pad field in struct inet_diag_req_v2

drm/amdgpu: fix UBSAN warning in kv_dpm.c

USB composite function controllers related patch

net/sched: taprio: always validate TCA_TAPRIO_ATTR_PRIOMAP

drivers: core: synchronize really_probe() and dev_uevent()

driver core: Fix uevent_show() vs driver detach race

ARM related patch

xfrm6: check ip6_dst_idev() return value in xfrm6_get_saddr()

nilfs2 related patch

udp: Set SOCK_RCU_FREE earlier in udp_lib_get_port().

ALSA: emux: improve patch ioctl data validation

nilfs2 related patch

media: dvb-frontends: tda10048: Fix integer overflow

iommu: Return right value in iommu_sva_bind_device()

drm/amdgpu: Fix signedness bug in sdma_v4_0_process_trap_irq()

drm/nouveau/dispnv04: fix null pointer dereference in nv17_tv_get_ld_modes

drm/panel: ilitek-ili9881c: Fix warning with GPIO controllers that sleep

drm/nouveau: fix null pointer dereference in nouveau_connector_get_modes

drm/amd/display: Skip finding free audio for unknown engine_id

nilfs2 is not enabled

HID: core: remove unnecessary WARN_ON() in implement()

usb-storage: alauda: Fix uninit-value in alauda_check_media()

usb-storage: alauda: Check whether the media is initialized

usb-storage: alauda: Check whether the media is initialized (Adaptation)

scsi: mpt3sas: Avoid test/set_bit() operating in non-allocated memory

wifi: mac80211: Fix deadlock in ieee80211_sta_ps_deliver_wakeup()

wifi: iwlwifi: mvm: don't read past the mfuart notifcation

wifi: mac80211: mesh: Fix leak of mesh_preq_queue objects

MIPS related CVE.

netfilter: ipset: Fix suspicious rcu_dereference_protected()

ftruncate: pass a signed offset

drm/lima: fix shared irq handling on driver remove

s390 architecture related CVE.

ipv6: fix possible race in __fib6_drop_pcpu_from()

netfilter: nf_tables: fully validate NFT_DATA_VALUE on store

Out of scope as the patch is for MIPS arch only, x86_64 is not affected

Out of scope as the patch is for powerpc arch only, x86_64 is not affected

IB/core: Implement a limit on UMAD receive List

IB/core: Implement a limit on UMAD receive List (adaptation)

SUNRPC: Fix RPC client cleaned up the freed pipefs dentries kpatch

net: sched: sch_multiq: fix possible OOB write in multiq_tune()

jfs: xattr: fix buffer overflow for invalid xattr

greybus: Fix use-after-free bug in gb_interface_release due to race condition.

net/dpaa2: Avoid explicit cpumask var allocation on stack

ata: libata-core: Fix double free on error

net: dsa: mv88e6xxx: Correct check for empty list

tcp_metrics: validate source addr length

tcp_metrics: validate source addr length

bnx2x: Fix multiple UBSAN array-index-out-of-bounds

ipv6: prevent possible NULL deref in fib6_nh_init()

batman-adv: bypass empty buckets in batadv_purge_orig_ref()

drm/nouveau/dispnv04: fix null pointer dereference in

gpio: davinci: Validate the obtained number of IRQs

jffs2: Fix potential illegal address access in

Patches a sleepable function, there is a small but non-zero risk of livepatching failure

netrom: Fix a memory leak in nr_heartbeat_expiry()

usb: gadget: configfs: Prevent OOB read/write in

pinctrl: fix deadlock in create_pinctrl() when handling

iio: chemical: bme680: Fix overflows in compensate()

scsi: qedf: Make qedf_execute_tmf() non-preemptible

orangefs: fix out-of-bounds fsid access

Patches a sleepable function, there is a small but non-zero risk of livepatching failure

drop_monitor: replace spin_lock by raw_spin_lock

i2c: pnx: Fix potential deadlock warning from

i2c: pnx: Fix potential deadlock warning from

libceph: fix race between delayed_work() and ceph_monc_stop()

vhost/scsi: null-ptr-dereference in vhost_scsi_get_req()

ALSA: line6: Fix racy access to midibuf

KVM: PPC: Book3S HV: Prevent UAF in kvm_spapr_tce_attach_iommu_group()

dev/parport: fix the array out-of-bounds risk

hfsplus: fix uninit-value in copy_name

media: venus: fix use after free in vdec_close

RDMA/iwcm: Fix a use-after-free related to destroying CM IDs

jfs: Fix array-index-out-of-bounds in diFree

tipc: Return non-zero value from tipc_udp_addr2str() on error

mISDN: Fix a use after free in hfcmulti_tx()

net/iucv: fix use after free in iucv_sock_close()

exec: Fix ToCToU between perm check and set-uid/gid usage

VMCI: Fix use-after-free when removing resource in vmci_resource_remove()

wifi: cfg80211: wext: add extra SIOCSIWSCAN data check

f2fs: fix to don't dirty inode for readonly filesystem

kobject_uevent: Fix OOB access within zap_modalias_env()

dma: fix call order in dmam_free_coherent

mm: avoid overflows in dirty throttling logic

drm/nouveau: prime: fix refcount underflow

s390 arch not supported.

drm/client: fix null pointer dereference in drm_client_modeset_probe

tracing: Fix overflow in get_free_elt()

netfilter: ctnetlink: use helper function to calculate expect ID

scsi: qla2xxx: During vport delete send async logout explicitly

mlxsw: spectrum_acl_erp: Fix object nesting warning

mlxsw: spectrum_acl_erp: Fix object nesting warning

lib: objagg: Fix general protection fault

protect the fetch of ->fd[fd] in do_dup2() from mispredictions

net: nexthop: Initialize all fields in dumped nexthops

Out of scope as the patch is for s390 arch only, x86_64 is not affected

leds: trigger: Unregister sysfs attributes before calling deactivate()

ocfs2: add bounds checking to ocfs2_check_dir_entry()

scsi: qla2xxx: validate nvme_local_port correctly

ext4: check dot and dotdot of dx_root before making dir indexed

drm/amd/display: Check for NULL pointer

drm/gma500: fix null pointer dereference in psb_intel_lvds_get_modes

serial: core: check uartclk for zero to avoid divide by zero

drm/amdgpu: Fix the null pointer dereference to ras_manager

This CVE was introduced and fixed in the same kernel verison

devres: Fix memory leakage caused by driver API devm_free_percpu()

usb: vhci-hcd: Do not drop references before new references are gained

sctp: Fix null-ptr-deref in reuseport_add_sock().

x86/mtrr: Check if fixed MTRRs exist before saving them

scsi: qla2xxx: Fix for possible memory corruption

drm/qxl: Add check for drm_cvt_mode

net: usb: qmi_wwan: fix memory leak for not ip packets

md/raid5: avoid BUG_ON() while continue reshape after reassembling

usb: gadget: core: Check for unset descriptor

x86/mm: Fix pti_clone_pgtable() alignment assumption

remoteproc: imx_rproc: Skip over memory region when node value is NULL

nilfs2: handle inconsistent state in nilfs_btnode_create_block()

ext4: make sure the first directory block is not a hole

jfs: don't walk off the end of ealist

drm/gma500: fix null pointer dereference in cdv_intel_lvds_get_modes

netfilter: nf_tables: prefer nft_chain_validate

bpf: Fix a segment issue when downgrading gso_size

wifi: cfg80211: handle 2x996 RU allocation in cfg80211_calculate_bitrate_he()

bna: adjust 'name' buf size of bna_tcb and bna_ccb structures

ila: block BH in ila_output()

CVE patch is for powerpc arch only

CVE patch is for powerpc arch only

Bluetooth: hci_core: cancel all works upon hci_unregister_dev()

hfs: fix to initialize fields of hfs_inode_info after hfs_alloc_inode()

nvme-pci: add missing condition check for existence of mapped data

drm/i915/gem: Fix Virtual Memory mapping boundaries calculation

wifi: virt_wifi: avoid reporting connection success with wrong SSID

wifi: virt_wifi: avoid reporting connection success with wrong SSID

irqchip/imx-irqsteer: Handle runtime power management correctly

mm: clarify a confusing comment for remap_pfn_range()

mm: fix ambiguous comments for better code readability

mm/memory.c: make remap_pfn_range() reject unaligned addr

mm: add remap_pfn_range_notrack

mm: avoid leaving partial pfn mappings around in error case

binder: fix UAF caused by offsets overwrite

atm: idt77252: prevent use after free in dequeue_rx()

gtp: pull network headers in gtp_dev_xmit()

drm/amdgpu: Using uninitialized value *size when calling amdgpu_vce_cs_reloc

usb: dwc3: st: fix probed platform device ref count on probe error path

scsi: aacraid: Fix double-free on probe failure

drm/amd/display: Check gpio_id before used as array index

drm/amdgpu: fix ucode out-of-bounds read warning

drm/amdgpu: fix mc_data out-of-bounds read warning

ila: call nf_unregister_net_hooks() sooner

hwmon: (w83627ehf) Fix underflows seen when writing limit attributes

HID: cougar: fix slab-out-of-bounds Read in cougar_report_fixup

of/irq: Prevent device address out-of-bounds read in interrupt map walk

nilfs2 module is not included

module is not included

Architecture is not supported

Architecture um is not supported

nilfs2: fix missing cleanup on rollforward recovery error

kcm: Serialise kcm_sendmsg() for the same socket.

net: dsa: mv88e6xxx: Fix out-of-bound access

usb: dwc3: core: Prevent USB core invalid event buffer address access

cgroup/cpuset: Prevent UAF in proc_cpuset_show()

Input: MT - limit max slots

fix bitmap corruption on close_range() with CLOSE_RANGE_UNSHARE

drm/amd/display: Skip wbscl_set_scaler_filter if filter is null

usb: typec: ucsi: Fix null pointer dereference in trace

PCI: keystone: Add workaround for Errata #i2037 (AM65x SR 1.0)

ipv6: prevent UAF in ip6_send_skb()

drm/amdkfd: don't allow mapping the MMIO HDP page with large pages

sch/netem: fix use after free in netem_dequeue

ASoC: dapm: Fix UAF for snd_soc_pcm_runtime object

hwmon: (adc128d818) Fix underflows seen when writing limit attributes

hwmon: (lm95234) Fix underflows seen when writing limit attributes

hwmon: (nct6775-core) Fix underflows seen when writing limit attributes

Squashfs: sanity check symbolic link size

sched: sch_cake: fix bulk flow accounting logic for host fairness

xhci: Fix Panther point NULL pointer deref at full-speed re-enumeration

netem: fix return value if duplicate enqueue fails

drm/amd/display: Stop amdgpu_dm initialize when stream nums greater than 6

drm/amd/display: Check num_valid_sets before accessing reader_wm_sets[]

block: initialize integrity buffer to zero before writing it to media

tcp_bpf: fix return value of tcp_bpf_sendmsg()

btrfs: clean up our handling of refs == 0 in snapshot delete

lib/generic-radix-tree.c: Fix rare race in __genradix_ptr_alloc()

staging: iio: frequency: ad9834: Validate frequency parameter value

ethtool: check device is present when getting link settings

wifi: mwifiex: Do not return unused priv in mwifiex_get_priv_by_id()

arm64: acpi: Harden get_cpu_for_acpi_id() against missing CPU entry

ocfs2: reserve space for inline xattr before attaching reflink tree

Bluetooth: MGMT: Add error handling to pair_device()

ata: libata-core: Fix null pointer dereference on error

virtio_net: Fix napi_skb_cache_put warning

Bluetooth: hci_ldisc: check HCI_UART_PROTO_READY flag in HCIUARTGETPROTO

mmc: mmc_test: Fix NULL dereference on allocation failure

gtp: fix a potential NULL pointer dereference

pinctrl: single: fix potential NULL dereference in pcs_get_function()

uio_hv_generic: Fix kernel NULL pointer dereference in hv_uio_rescind

Input: uinput - reject requests with unreasonable number of slots

Complex adaptation required. Low impact CVE.

Out of scope: CVE patch is for PCI Hotplug Driver for PowerPC PowerNV platform

can: bcm: Remove proc entry when dev is unregistered.

rtmutex: Drop rt_mutex::wait_lock before scheduling

vfs: Don't evict inode under the inode lru traversing context

nfc: pn533: Add poll mod list filling check

nilfs2: protect references to superblock parameters exposed in sysfs

fuse: Initialize beyond-EOF page contents before setting uptodate

Patches a function that is sleepable due to a call to vfs_poll

net: hns3: fix a deadlock problem when config TC during resetting

apparmor: fix possible NULL pointer dereference

nilfs2: fix state management in error path of log writing function

udf: Avoid excessive partition lengths

nvmet-tcp: fix kernel crash if commands allocation fails

wireguard: netlink: check for dangling peer via is_dead instead of empty list

bpf: Fix DEVMAP_HASH overflow check on 32-bit arches

netfilter: nf_reject_ipv6: fix nf_reject_ip6_tcphdr_put()

ASoC: meson: axg-card: fix 'use-after-free'

tipc: guard against string buffer overrun

fbdev: pxafb: Fix possible use after free in pxafb_task()

ext4: fix double brelse() the buffer of the extents path

parport: Proper fix for array out-of-bounds access

bpf: Fix out-of-bounds write in trie_get_next_key()

drm/amd/display: Fix index out of bounds in degamma hardware format translation

ext4: avoid OOB when system.data xattr changes underneath the filesystem

firmware_loader: Block path traversal

ext4: no need to continue when the number of entries is 1

ext4: aovid use-after-free in ext4_ext_insert_extent()

fbdev: sisfb: Fix strbuf array overflow

udf: fix uninit-value use in udf_get_fileshortad

tracing: Consider the NULL character when validating the event length

spi: nxp-fspi: fix the KASAN report out-of-bounds bug

net: sched: fix use-after-free in taprio_change()

ocfs2: add bounds checking to ocfs2_xattr_find_entry()

drivers: media: dvb-frontends/rtl2832: fix an out-of-bounds write error

drivers: media: dvb-frontends/rtl2830: fix an out-of-bounds write error

ALSA: asihpi: Fix potential OOB array access

ocfs2: cancel dqi_sync_work before freeing oinfo

smb: client: fix OOBs when building SMB2_IOCTL request

wifi: iwlwifi: mvm: Fix response handling in iwl_mvm_send_recovery_cmd()

net/sched: stop qdisc_tree_reduce_backlog on TC_H_ROOT

nilfs2: fix kernel bug due to missing clearing of checked flag

net: ethernet: lantiq_etop: fix memory disclosure

jfs: fix divide error in dbNextAG

jfs: fix out-of-bounds in dbNextAG() and diAlloc()

jfs: Fix uninit-value access of new_ea in ea_buffer

ACPI: sysfs: validate return type of _STR method

slip: make slhc_remember() more robust against malicious packets

ppp: fix ppp_async_encode() illegal access

nilfs2: fix potential oob read in nilfs_btree_check_delete()

net: dpaa: Pad packets to ETH_ZLEN

wifi: iwlegacy: Clear stale interrupts before resuming device

media: venus: fix use after free bug in venus_remove due to race condition

Vendor reverted in d1aa0c04294 as it causes deadlocks

jfs: Fix uaf in dbFreeBits

ntb: ntb_hw_switchtec: Fix use after free vulnerability in switchtec_ntb_remove due to race condition

net: seeq: Fix use after free vulnerability in ether3 Driver Due to Race Condition

aoe: fix the potential use-after-free problem in aoecmd_cfg_pkts

aoe: fix the potential use-after-free problem in more places

RDMA/iwcm: Fix WARNING:at_kernel/workqueue.c:#check_flush_dependency

RDMA/iwcm: Fix WARNING:at_kernel/workqueue.c:#check_flush_dependency kpatch

nfsd: return -EINVAL when namelen is 0

nfsd: enforce upper limit for namelen in __cld_pipe_inprogress_downcall()

netfilter: nft_payload: sanitize offset and length before calling skb_checksum()

gpio: prevent potential speculation leaks in gpio_device_get_desc()

can: bcm: Clear bo->bcm_proc_read after remove_proc_entry().

nfsd: call cache_put if xdr_reserve_space returns NULL

i2c: stm32f7: Do not prepare/unprepare clock during runtime suspend/resume

drm/amd: Guard against bad data for ATIF ACPI method

drm/amdgpu: prevent NULL pointer dereference if ATIF is not supported

ocfs2: fix possible null-ptr-deref in ocfs2_set_buffer_uptodate

ocfs2: fix null-ptr-deref when journal load failed.

ext4: fix i_data_sem unlock order in ext4_ind_migrate()

ocfs2: strict bound check before memcmp in ocfs2_xattr_find_entry()

RDMA/cxgb4: Added NULL check for lookup_atid

resource: fix region_intersects() vs add_memory_driver_managed()

drm: omapdrm: Add missing check for alloc_ordered_workqueue

wifi: ath9k_htc: Use __skb_set_length() for resetting urb before resubmit

netfilter: nf_tables: prevent nf_skb_duplicated corruption

wifi: mwifiex: Fix memcpy() field-spanning write warning in mwifiex_cmd_802_11_scan_ext()

ocfs2: pass u64 to ocfs2_truncate_inline maybe overflow

staging: iio: frequency: ad9832: fix division by zero in ad9832_calc_freqreg()

be2net: fix potential memory leak in be_xmit()

net: systemport: fix potential memory leak in bcm_sysport_xmit()

posix-clock: Fix missing timespec64 check in pc_clock_settime()

posix-clock: posix-clock: Fix unbalanced locking in pc_clock_settime()

Live-patching will introduce network performance degradation in the best case scenario, or even some more serious issues. N/A or Low cvss3 score from NVD or vendors.

btrfs: wait for fixup workers before stopping cleaner kthread during umount

blk-rq-qos: fix crash on rq_qos_wait vs. rq_qos_wake_function race

xfrm: validate new SA's prefixlen using SA family when sel.family is unset

nilfs2: fix potential deadlock with newly created symlinks

net/sched: accept TCA_STAB only for root qdisc

net/sched: accept TCA_STAB only for root qdisc

wifi: iwlwifi: mvm: don't wait for tx queues if firmware is dead

tpm: Clean up TPM space after command failure

PCI: keystone: Fix if-statement expression in ks_pcie_quirk()

ceph: remove the incorrect Fw reference check when dirtying pages

net: add more sanity checks to qdisc_pkt_len_init()

jfs: fix array-index-out-of-bounds in dbFindLeaf

jfs: check if leafidx greater than num leaves per dmap tree

ocfs2: remove unreasonable unlock in ocfs2_read_blocks

mm/swapfile: skip HugeTLB pages for unuse_vma

drm/amd/display: Check stream before comparing them

nilfs2: propagate directory read errors from nilfs_find_entry()

nilfs2: fix potential null-ptr-deref in nilfs_btree_insert()

ACPICA: check null return of ACPI_ALLOCATE_ZEROED() in acpi_db_convert_to_package()

ACPI: battery: Fix possible crash when unregistering a battery hook

netfilter: br_netfilter: fix panic with metadata_dst skb

nouveau/dmem: Fix vulnerability in migrate_to_ram upon copy error

KVM: Fix a data race on last_boosted_vcpu in kvm_vcpu_on_spin()

Out of scope as the patch is for arm64 arch only, x86_64 not affected

Current kernel is not vulnerable.

Affects only boot __init stage, already booted kernels are not affected

sctp: set sk_state back to CLOSED if autobind fails in sctp_listen_start

sctp: ensure sk_state is set to CLOSED if hashing fails in sctp_listen_start

net: Fix an unsafe loop on the list

nilfs2: fix kernel bug due to missing clearing of buffer delay flag

net/sun3_82586: fix potential memory leak in sun3_82586_send_packet()

wifi: ath10k: Fix memory leak in management tx

USB: usbtmc: prevent kernel-usb-infoleak

drm/amd/display: Initialize get_bytes_per_element's default to 1

Bluetooth: RFCOMM: FIX possible deadlock in rfcomm_sk_state_change

Kernel is not vulnerable

crypto: aead,cipher - zeroize key buffer after use

btrfs: fix a NULL pointer dereference when failed to start a new trasacntion

virtio_pmem: Check device status before requesting flush

Bluetooth: bnep: fix wild-memory-access in proto_unregister

Bluetooth: bnep: fix wild-memory-access in proto_unregister kpatch

Out of scope as the patch is for arm64 arch only, x86_64 not affected

drm/vboxvideo: Replace fake VLA at end of vbva_mouse_pointer_shape with real VLA

vfs: fix race between evice_inodes() and find_inode()&iput()

tcp: check skb is non-NULL in tcp_rto_delta_us()

wifi: wilc1000: fix declarations ordering

wifi: wilc1000: fix RCU usage in connect path

wifi: wilc1000: fix ies_len type in connect path

wifi: wilc1000: fix potential RCU dereference issue in wilc_parse_join_bss_param

wifi: mac80211: use two-phase skb reclamation in ieee80211_do_stop()

f2fs: Require FMODE_WRITE for atomic write ioctls

ALSA: firewire-lib: Avoid division by zero in apply_constraint_to_size()

wifi: mac80211: do not pass a stopped vif to the driver in .get_txpower

This CVE was rejected and fix reverted.

arm64: probes: Remove broken LDR (literal) uprobe support

sock_map: Add a cond_resched() in sock_hash_free()

jbd2: stop waiting for space when jbd2_cleanup_journal_tail() returns error

r8169: add tally counter fields added with RTL8125

r8169: add tally counter fields added with RTL8125

x86/xen: Add xenpv_restore_regs_and_return_to_usermode()

kpatch add paravirt asm definitions

Restrict access to pagemap/kpageflags/kpagecount

net: bridge: xmit: make sure we have at least eth header len bytes

dm cache: fix out-of-bounds access to the dirty bitset when resizing

dm cache: optimize dirty bit checking with find_next_bit when resizing

dm cache: fix potential out-of-bounds access on the first resume

security/keys: fix slab-out-of-bounds in key_task_permission

ALSA: usb-audio: Fix out of bounds reads when finding clock sources

netfilter: x_tables: fix LED ID check in led_tg_check()

ocfs2: fix uninitialized value in ocfs2_file_read_iter()

media: s5p-jpeg: prevent buffer overflows

media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format

usb: musb: sunxi: Fix accessing an released usb phy

USB: serial: io_edgeport: fix use after free in debug printk

hv_sock: Initializing vsk->trans to NULL to prevent a dangling pointer

vsock/virtio: Initialization of the dangling pointer occurring in vsk->trans

cifs: Fix buffer overflow when parsing NFS reparse points

netfilter: ipset: add missing range check in bitmap_ip_uadt

Kernel is not affected

wifi: ath9k: add range check for conn_rsp_epid in htc_connect_service()

NFSv4.0: Fix a use-after-free problem in the asynchronous open()

9p/xen: fix release of IRQ

Out of scope: SuperH architecture isn't supported for current kernel

af_packet: avoid erroring out after sock_init_data() in packet_create()

Bluetooth: L2CAP: do not leave dangling sk pointer on error in l2cap_sock_create()

Bluetooth: L2CAP: handle NULL sock pointer in l2cap_sock_alloc

net: inet: do not leave a dangling sk pointer in inet_create()

bpf: fix OOB devmap writes when deleting elements

Patch affects initramfs

scsi: bfa: Fix use-after-free in bfad_im_module_exit()

ubifs: authentication: Fix use-after-free in ubifs_tnc_end_commit

net: af_can: do not leave a dangling sk pointer in can_create()

jfs: fix array-index-out-of-bounds in jfs_readdir

jfs: add a check to prevent array-index-out-of-bounds in dbAdjTree

jfs: array-index-out-of-bounds fix in dtReadFirst

net: ieee802154: do not leave a dangling sk pointer in ieee802154_create()

net: inet6: do not leave a dangling sk pointer in inet6_create()

btrfs: ref-verify: fix use-after-free after invalid ref action

ALSA: 6fire: Release resources at card release

ALSA: 6fire: Release resources at card release

xen/netfront: fix crash when removing device

HID: core: zero-initialize the report buffer

fs: Fix uninitialized value issue in from_kuid and from_kgid

nilfs2: fix null-ptr-deref in block_touch_buffer tracepoint

media: v4l2-tpg: prevent the risk of a division by zero

media: cx24116: prevent overflows on SNR calculus

btrfs: reinitialize delayed ref list after deleting it from the list

sctp: properly validate chunk size in sctp_sf_ootb()

media: dvbdev: prevent the risk of out of memory access

nfs: Fix KMSAN warning in decode_getfattr_attrs()

ocfs2: uncache inode which has failed entering the group

nilfs2: fix null-ptr-deref in block_dirty_buffer tracepoint

nfsd: under NFSv4.1, fix double svc_xprt_put on rpc_create failure

NFSD: Prevent NULL dereference in nfsd4_process_cb_update()

nfsd: restore callback functionality for NFSv4.0

ad7780: fix division by zero in ad7780_write_raw()

usb: gadget: u_serial: Fix the issue that gs_start_io crashed due to accessing null pointer

nfsd: make sure exp active before svc_export_show

media: platform: allegro-dvt: Fix possible memory leak in allocate_buffers_internal()

media: ts2020: fix null-ptr-deref in ts2020_probe()

bpf, sockmap: Fix more uncharged while msg has more_data

bpf, sockmap: Fix the sk->sk_forward_alloc warning of sk_stream_kill_queues

tcp_bpf: Fix the sk_mem_uncharge logic in tcp_bpf_sendmsg

HID: wacom: fix when get product name maybe null pointer

ocfs2: free inode when ocfs2_get_init_inode() fails

firmware: arm_scpi: Check the DVFS OPP count returned by the firmware

ubi: fastmap: Fix duplicate slab cache names while attaching

Out of scope: User-mode Linux isn't supported for current kernel

comedi: Flush partial mappings in error case

Out of scope: User-mode Linux isn't supported for current kernel

vfio/pci: Properly hide first-in-list PCIe extended capability

f2fs: fix f2fs_bug_on when uninstalling filesystem call f2fs_evict_inode.

jfs: fix shift-out-of-bounds in dbSplit

sunrpc: clear XPRT_SOCK_UPD_TIMEOUT when reset transport

scsi: qedi: Fix a possible memory leak in qedi_alloc_and_init_sb()

scsi: qedf: Fix a possible memory leak in qedf_alloc_and_init_sb()

netfilter: ipset: Hold module reference while requesting a module

rtc: check if __rtc_read_time was successful in rtc_timer_do_work()

Out of scope: User-mode Linux isn't supported

Out of scope: User-mode Linux isn't supported

xen: Fix the issue of resource not being properly released in xenbus_dev_probe()

fbdev: sh7760fb: Fix a possible memory leak in sh7760fb_alloc_mem()

ALSA: us122l: Use snd_card_free_when_closed() at disconnection

hfsplus: don't query the device logical block size multiple times

SUNRPC: make sure cache entry active before cache_show

ALSA: usb-audio: Fix potential out-of-bound accesses for Extigy and Mbox devices

NFSD: Prevent a potential integer overflow

media: i2c: tc358743: Fix crash in the probe error path when using polling

ftrace: Fix regression with module command in stack_trace_filter

gpio: grgpio: Add NULL check in grgpio_probe

wifi: brcmfmac: Fix oops due to NULL pointer dereference in brcmf_sdiod_sglist_rw()

ovl: Filter invalid inodes with missing lookup function

media: wl128x: Fix atomicity violation in fmc_send_cmd()

leds: class: Protect brightness_show() with led_cdev->led_access mutex

drm/amdgpu: set the right AMDGPU sg segment limitation

dccp: Fix memory leak in dccp_feat_change_recv

crypto: bcm - add error check in the ahash_hmac_init function

EDAC/bluefield: Fix potential integer overflow

i3c: master: Fix miss free init_dyn_addr at i3c_master_put_i3c_addrs()

soc: qcom: geni-se: fix array underflow in geni_se_clk_tbl_get()

net: lapb: increase LAPB_HEADER_LEN

The patch only fixes warning, no functional changes.

mfd: intel_soc_pmic_bxtwc: Use IRQ domain for TMU device

mfd: intel_soc_pmic_bxtwc: Use IRQ domain for USB Type-C device

ftrace: Fix possible use-after-free issue in ftrace_location()

ftrace: Fix possible use-after-free issue in ftrace_location()

ftrace: Fix possible use-after-free issue in ftrace_location()

net: sched: fix ordering of qlen adjustment

media: dvb-frontends: dib3000mb: fix uninit-value in dib3000_write_reg

dmaengine: at_xdmac: avoid null_prt_deref in at_xdmac_prep_dma_memset

ocfs2: fix slab-use-after-free due to dangling pointer dqi_priv

ima: Fix use-after-free on a dentry's dname.name

net: core: reject skb_copy(_expand) for fraglist GSO skbs

net/mlx5: Discard command completions in internal error

drm/amd/display: Assign normalized_pix_clk when color depth = 14

scsi: qla1280: Fix kernel oops when debug level > 2

iscsi_ibft: Fix UBSAN shift-out-of-bounds warning in ibft_attr_show_nic()

net: atm: fix use after free in lec_send()

objtool, media: dib8000: Prevent divide-by-zero in dib8000_set_dds()

Bluetooth: Fix error code in chan_alloc_skb_cb()

ipv6: Fix memleak of nhc_pcpu_rth_output in fib_check_nh_v6_gw().

drm/radeon: fix uninitialized size issue in radeon_vce_cs_parse()

atm: Fix NULL pointer dereference

netfilter: socket: Lookup orig tuple for IPv6 SNAT

thermal: int340x: Add NULL check for adev

RDMA/mlx5: Fix mlx5_poll_one() cur_qp update flow

ocfs2: validate l_tree_depth to avoid out-of-bounds access

Out of scope: PowerPC architecture isn't supported for current kernel

Out of scope: PowerPC architecture isn't supported for current kernel

netlabel: Fix NULL pointer exception caused by CALIPSO on IPv4 sockets

net_sched: skbprio: Remove overly strict queue assertions

Low score CVE with no well understood impact.

netfilter: nf_conncount: Fully initialize struct nf_conncount_tuple in insert_tree()

memstick: rtsx_usb_ms: Fix slab-use-after-free in rtsx_usb_ms_drv_remove

perf: Fix sys_perf_event_open() race against self