net/sched: sch_hfsc: Ensure inner classes have fsc curve

net/sched: sch_hfsc: upgrade 'rt' to 'sc' when it becomes a inner curve

igb: set max size RX buffer when store bad packet is enabled

igb: set max size RX buffer when store bad packet is enabled

net: sched: sch_qfq: Fix UAF in qfq_dequeue()

net: sched: sch_qfq: Fix UAF in qfq_dequeue() (adaptation)

nfp: fix use-after-free in area_cache_get()

can: af_can: fix NULL pointer dereference in can_rcv_filter

drivers: net: slip: fix NPD bug in sl_tx_timeout()

Fix double fget() in vhost_net_set_backend()

HID: check empty report_list in hid_validate_values()

smb: client: fix OOB in smbCalcSize()

smb: client: fix potential OOB in cifs_dump_detail()

smb: client: fix potential OOB in smb2_dump_detail()

x86/sev-es: Fix SEV-ES OUT/IN immediate opcode vc handling

x86/sev: Disable MMIO emulation from user mode

x86/sev: Check IOBM for IOIO exceptions from user-space

x86/sev: Check for user-space IOIO pointing to kernel space

Fix a kernel panic when host sends an invalid H2C PDU length

nvmet-tcp: fix a crash in nvmet_req_complete()

nvmet-tcp: remove boilerplate code

nvmet-tcp: Fix the H2C expected PDU len calculation

perf: Disallow mis-matched inherited group reads

perf: Disallow mis-matched inherited group reads (adaptation)

perf/core: Fix potential NULL deref

netfilter: nft_set_pipapo: skip inactive elements during set walk

Bluetooth: L2CAP: Fix use-after-free in l2cap_sock_ready_cb

net: tls, update curr on splice as well

RDMA/core: Refactor rdma_bind_addr

RDMA/core: Update CMA destination address on rdma_resolve_addr

smb: client: fix OOB in receive_encrypted_standard()

perf: Fix perf_event_validate_size()

perf: Fix perf_event_validate_size() lockdep splat

drm/amdgpu: Fix potential fence use-after-free v2

ext4: fix kernel BUG in 'ext4_write_inline_data_end()'

tty: n_gsm: fix the UAF caused by race condition in gsm_cleanup_mux

netfilter: nf_tables: reject QUEUE/DROP verdict parameters

drm/vmwgfx: Fix possible null pointer derefence with invalid contexts

An introduction of required changes through KernelCare could cause unavoidable problems to applications which use netfilter functionality.

net/tls: do not free tls_rec on async operation in bpf_exec_tx_verdict()

ipv4: igmp: fix refcnt uaf issue when receiving igmp query packet

Bluetooth: Fix double free in hci_conn_cleanup

fs,hugetlb: fix NULL pointer dereference in hugetlbs_fill_super

ida: Fix crash in ida_free when the bitmap is empty

drm/qxl: fix UAF on handle creation

UBUNTU: SAUCE: bpf: prevent helper argument PTR_TO_ALLOC_MEM to have offset other than 0

x86/sev: Harden #VC instruction emulation somewhat

Bluetooth: af_bluetooth: Fix Use-After-Free in

Bluetooth: Add more enc key size check

Input: gtco - bounds check collection indent level

The patch for this CVE already present in kernel-5.14.0-362.24.1.el9_3 version. The kernel-5.14.0-362.18.1.el9_3 version and below are not vulnerable because they don't have commit 5f68718b34a5 (netfilter: nf_tables: GC transaction API to avoid race with control plane) which introduced the vulnerability.

netfilter: nfnetlink_osf: avoid OOB read

netfilter: xt_sctp: validate the flag_info count

cxgb4: fix use after free bugs caused by circular

fbcon: Fix error paths in set_con2fb_map

fbcon: set_con2fb_map needs to set con2fb_map!

net/sched: cls_rsvp: always try to match inside the linear part of skb

netfilter: nf_tables: bail out on mismatching

kobject: Remove docstring reference to kset

kobject: Fix slab-out-of-bounds in fill_kobj_path()

net: add a route cache full diagnostic message

net/dst: use a smaller percpu_counter batch for dst entries accounting

ipv6: remove max_size check inline with ipv4

ipv6: Remove extra counter pull before gc

media: technisat-usb2: break out of loop at end of

RDMA/irdma: Prevent zero-length STAG registration

atm: Fix Use-After-Free in do_vcc_ioctl

smb: client: fix potential OOBs in

smb: client: fix parsing of SMB3.1.1 POSIX create

mISDN: fix use-after-free bugs in l1oip timer

verify struct l1oip layout

Bluetooth: L2CAP: Fix u8 overflow

Complex adaptation required. Requires changes a lot of constants

Complex adaptation required.

team: fix null-ptr-deref when team device type is changed

team: fix null-ptr-deref when team device type is changed

vc_screen: move load of struct vc_data pointer in vcs_read() to avoid UAF

vc_screen: don't clobber return value in vcs_read

gfs2: Fix kernel NULL pointer dereference in gfs2_rgrp_dump

sched/membarrier: reduce the ability to hammer on sys_membarrier

ipv4: fix null-deref in ipv4_link_failure

The modified structure mem_section_usage is used only during bootup time. As we patch the changes after booting they will have no effect. Therefore we cannot patch this CVE.

CVE has been marked as REJECTED on the NVD website.

net/core: Fix ETH_P_1588 flow dissector

netfilter: nf_tables: disallow timeout for anonymous sets

blk-mq: fix IO hang from sbitmap wakeup race

tty: keyboard, do not speculate on func_table index

tty/vt: fix write/write race in ioctl(KDSKBSENT)

vt: keyboard, simplify vt_kdgkbsent

vt: keyboard, extend func_buf_lock to readers

vt: keyboard, rename i to kb_func in vt_do_kdgkb_ioctl

vt: keyboard, reorder user buffer handling in vt_do_kdgkb_ioctl

vt_kdsetmode: extend console locking

Bluetooth: hci_ldisc: check HCI_UART_PROTO_READY flag in HCIUARTGETPROTO

USB: core: Unite old scheme and new scheme descriptor reads

USB: core: Change usb_get_device_descriptor() API

USB: core: Fix race by not overwriting udev->descriptor in hub_port_init()

USB: core: Fix oversight in SuperSpeed initialization

net: xfrm: Fix xfrm_address_filter OOB read

nvmet: nul-terminate the NQNs passed in the connect command

kvm: initialize all of the kvm_debugregs structure before sending it to userspace

netfilter: xt_u32: validate user space input

netfilter: xt_u32: validate user space input

i2c: i801: Don't generate an interrupt on bus reset

media: dvbdev: Fix memory leak in dvb_media_device_free()

net: usb: fix memory leak in smsc75xx_bind

net: usb: fix possible use-after-free in

crypto: akcipher - default implementations for request callbacks

crypto: testmgr - split akcipher tests by a key type

crypto: akcipher - Disable signing and decryption

platform/x86: think-lmi: Fix reference leak

wifi: iwlwifi: fix a memory corruption

net/sched: act_ct: fix skb leak and crash on ooo frags

Out of scope as the patch is for s390 arch only, x86_64 is not affected

Out of scope as the patch is for powerpc arch only, x86_64 is not affected

Out of scope as the patch is for powerpc arch only, x86_64 is not affected

uio: Fix use-after-free in uio_open

i2c: i801: Fix block process call transactions

i2c: Fix a potential use after free

media: pvrusb2: fix use after free on context disconnection

md/raid5: fix atomicity violation in raid5_cache_count

CVE patch is for powerpc arch only

This CVE modifies the functions which won't be available or doesn't make sense to patch as they are used during bootup time or init. Therefore we cannot patch this CVE.

tty: tty_buffer: Fix the softlockup issue in flush_to_ldisc

vt: fix memory overlapping when deleting chars in the buffer

usb: hub: Guard against accesses to uninitialized BOS descriptors

RDMA/siw: Fix connection failure handling

net: usb: smsc75xx: Fix uninit-value access in __smsc75xx_read_reg

wifi: ath9k: Fix potential array-index-out-of-bounds read in ath9k_htc_txstatus()

wifi: rt2x00: restart beacon queue when hardware reset

RDMA/srpt: Do not register event handler until srpt device is fully setup

wifi: mt76: mt7921e: fix use-after-free in free_irq()

The given kernel version isn't vulnerable.

mtd: properly check all write ioctls for permissions

mtd: require write permissions for locking and badblock ioctls

WiFi - Complex adaptation required.

wifi: rtl8xxxu: add cancel_work_sync() for c2hcmd_work

RDMA/qedr: Fix qedr_create_user_qp error flow

wifi: mac80211: fix race condition on enabling

do_sys_name_to_handle(): use kzalloc() to fix

usb: ulpi: Fix debugfs directory leak

USB: core: Add hub_get() and hub_put() routines

USB: core: Fix deadlock in port "disable" sysfs attribute

USB: core: Fix deadlock in

USB: core: Add hub_get() and hub_put() routines

fat: fix uninitialized field in nostale filehandles

fs: sysfs: Fix reference leak in sysfs_break_active_protection()

vhost: use kzalloc() instead of kmalloc() followed by memset()

x86/fpu: Stop relying on userspace for info to

net/smc: fix illegal rmb_desc access in SMC-D connection dum

netfilter: nf_tables: disallow anonymous set with timeout flag

The given kernel version isn't vulnerable (Netfilter).

hwmon: (coretemp) Fix out-of-bounds memory access

wifi: iwlwifi: mvm: fix a crash when we run out of stations

wifi: iwlwifi: fix double-free bug

USB: usb-storage: Prevent divide-by-0 error in

net:emac/emac-mac: Fix a use after free in

i2c: validate user data in compat ioctl

xhci: process isoc TD properly when there was a

xhci: process isoc TD properly when there was a transaction error mid TD kpatch

xhci: handle isoc Babble and Buffer Overrun events

net/mlx5e: Prevent deadlock while disabling aRFS

net/mlx5e: Prevent deadlock while disabling aRFS

wifi: iwlwifi: mvm: ensure offloading TID queue exists

wifi: brcm80211: handle pmk_op allocation failure

No sense in patching an early boot function; inventing a runtime-wise patch is not impossible but isn't worth the effort for 4.4 score CVE

net: add atomic_long_t to net_device_stats fields

net: bridge: use DEV_STATS_INC()

net: Fix unwanted sign extension in netdev_stats_to_stats64()

net: add atomic_long_t to net_device_stats fields

RDMA/srpt: Support specifying the srpt_service_guid

CVE patch is for s390 arch only

CVE patch is for powerpc arch only

CVE patch is for powerpc arch only

net/usb: kalmia: Don't pass act_len in usb_bulk_msg error path

crypto: pcrypt - Fix hungtask for PADATA_RESET

tipc: fix kernel warning when sending SYN message

perf/core: Bail out early if the request AUX area is out of bound

usb: config: fix iteration issue in 'usb_get_bos_descriptor()'

usb: typec: tcpm: Fix NULL pointer dereference in tcpm_pd_svdm()

net/mlx5e: fix a potential double-free in fs_any_create_groups

can: dev: can_put_echo_skb(): don't crash kernel if can_priv::echo_skb is accessed out of bounds

EDAC/thunderx: Fix possible out-of-bounds string access

RDMA/mlx5: Fix fortify source warning while accessing Eth segment

x86: KVM: SVM: always update the x2avic msr interception

netfilter: Complex adaptation required.

mm/damon/vaddr-test: fix memory leak in

net/mlx5e: Fix mlx5e_priv_init() cleanup flow

platform/x86: dell-smbios-wmi: Fix oops on rmmod

net/mlx5: Properly link new fs rules into the tree

i40e: Do not use WQ_MEM_RECLAIM flag for workqueue

net: ena: Fix incorrect descriptor free behavior

tls: disable async encrypt/decrypt

net/bnx2x: Prevent access to a freed page in

Bluetooth: Reject connection with the device which

Bluetooth: hci_event: Fix coding style

Bluetooth: avoid memcmp() out of bounds warning

Bluetooth: hci_event: Ignore NULL link key

Bluetooth: hci_event: Fix using memcmp when

hwrng: core - Fix page fault dead lock on mmap-ed

mlxsw: spectrum_acl_tcam: Fix warning during rehash

ipc/mqueue.c: remove duplicated code

ipc/mqueue.c: update/document memory barriers

ipc/msg.c: update and document memory barriers

ipc/sem.c: document and update memory barriers

ipc/mqueue, msg, sem: avoid relying on a stack reference past its expiry

net: cdc_eem: fix tx fixup skb leak

udf: Fix NULL pointer dereference in udf_symlink function

net: qcom/emac: fix UAF in emac_remove

net: ti: fix UAF in tlan_remove_one

mISDN: fix possible use-after-free in HFC_cleanup()

mISDN: hfcpci: Fix use-after-free bug in hfcpci_softirq

can: peak_pci: peak_pci_remove(): fix UAF

ovl: fix leaked dentry

usbnet: sanity check for maxpacket

usbnet: fix error return code in usbnet_probe()

net/mlx5e: fix a double-free in arfs_create_groups

wifi: mac80211: check/clear fast rx for non-4addr

wifi: iwlwifi: dbg-tlv: ensure NUL termination

wifi: mac80211: fix potential sta-link leak

mlxsw: spectrum_acl_tcam: Fix memory leak when

mlxsw: spectrum_acl_tcam: Fix memory leak during

mlxsw: spectrum_acl_tcam: Fix possible

mlxsw: spectrum_acl_tcam: Fix possible use-after-free during activity update

erspan: make sure erspan_base_hdr is present in

gro: fix ownership transfer

CVE patch is for arch/arm which is not supported.

drm/amdgpu: fix use-after-free bug

ppp_async: limit MRU to 64K

ipv6: sr: fix possible use-after-free and

Bluetooth: Avoid potential use-after-free in

net: ip_tunnel: prevent perpetual headroom growth

mptcp: fix data re-injection from stale subflow

x86/mm: Complex adaptation required to prevent BPF abuse.

crypto: qat - resolve race condition during AER

crypto: qat - Fix ADF_DEV_RESET_SYNC memory leak

Squashfs: check the inode number is not the invalid

wifi: nl80211: reject iftype change with mesh ID

swap: fix do_swap_page() race with swapoff

mm/swap: fix race when skipping swapcache

tcp: do not accept ACK of bytes we never sent

Live-patching will introduce network performance degradation in the best case scenario, or even some more serious issues. N/A or Low cvss3 score from NVD or vendors.

Out of scope as the patch is for powerpc arch only, x86_64 is not affected

RFDS: Medium score vulnerability affecting only Intel Atom CPUs, mitigated via microcode update.

drivers/amd/pm: fix a use-after-free in kv_parse_power_table

net: fix __dst_negative_advice() race

wifi: mac80211: fix potential key use-after-free

net/ipv6: avoid possible UAF in ip6_route_mpath_notify()

netfilter: nf_tables: Fix potential data-race in __nft_expr_type_get()

mlxsw: spectrum_acl_tcam: Fix stack corruption

pwm: Fix double shift bug

of: Fix double free in of_parse_phandle_with_args_map

mmc: sdio: fix possible resource leaks in some error paths

bonding: stop the device in bond_setup_by_slave()

Revert "net/mlx5: Block entering switchdev mode with ns inconsistency"

Revert "net/mlx5: Block entering switchdev mode with ns inconsistency"

net/smc: avoid data corruption caused by decline

drm/vmwgfx: fix a memleak in vmw_gmrid_man_get_node

media: gspca: cpia1: shift-out-of-bounds in set_flicker

wait: add wake_up_pollfree()

sched/psi: Fix use-after-free in ep_remove_wait_queue()

virtio-blk: fix implicit overflow on virtio_max_dma_size

tracing: Restructure trace_clock_global() to never

tracing: Do no increment trace_clock_global() by

net: ieee802154: fix null deref in parse dev addr

isdn: mISDN: netjet: Fix crash in nj_probe:

wifi: ath11k: fix gtk offload status event locking

media: bttv: fix use after free error due to

EFI Firmware: CVE patch is for EFI firmware which runs at boot time.

tcp_close is sleepable and called from kthread, which may prevent patching and unpatchng.

wifi: cfg80211: check A-MSDU format more carefully

irqchip/gic-v3-its: Fix potential VPE leak on error

isdn: mISDN: Fix sleeping function called from invalid context

ethernet: hisilicon: hns: hns_dsaf_misc: fix a possible array overflow in hns_dsaf_ge_srst_by_port()

ovl: fix warning in ovl_create_real()

tcp: fix tcp_init_transfer() to not reset icsk_ca_initialized

netfilter: conntrack: serialize hash resizes and cleanups

userfaultfd: fix a race between writeprotect and exit_mmap()

mm: khugepaged: skip huge page collapse for special files

net/sunrpc: fix reference count leaks in rpc_sysfs_xprt_state_change

i2c: mlxbf: prevent stack overflow in mlxbf_i2c_smbus_start_transaction()

netfilter: nf_tables: fix memleak in map from abort

netfilter: nf_tables: Fix potential data-race in

nbd: null check for nla_nest_start

SUNRPC: fix some memleaks in gssx_dec_option_array

Fixed function is sleepy and called from a kthread, which may prevent patching/unpatching.

wifi: iwlwifi: mvm: Fix key flags for IGTK on AP

wifi: iwlwifi: mvm: don't set the MFP flag for the

genirq/cpuhotplug, x86/vector: Prevent vector leak

ipvlan: Dont Use skb->sk in

misc: lis3lv02d_i2c: Fix regulators getting

vt: fix unicode buffer corruption when deleting

irqchip/gic-v3-its: Prevent double free on error

net/sched: act_skbmod: prevent kernel-infoleak

x86/fpu: Keep xfd_state in sync with MSR_IA32_XFD

ext4: fix corruption during on-line resize

netfilter: validate user input for expected length

drm/vmwgfx: Fix the lifetime of the bo cursor

block: prevent division by zero in blk_rq_stat_sum()

scsi: lpfc: Fix possible memory leak in lpfc_rcv_padisc()

dyndbg: fix old BUG_ON in >control parser

drm/ast: Fix soft lockup

usb: typec: ucsi: Limit read size on v1.2

wifi: iwlwifi: mvm: rfi: fix potential response leaks

wifi: rtw89: fix null pointer access when abort scan

netfilter: nf_tables: flush pending destroy work before exit_net release

wifi:ath11k, low score CVE that needs complex adaptation but decreasing MHI Bus' buf-len isn't a typical security fix.

SUNRPC: fix a memleak in gss_import_v2_context

net: amd-xgbe: Fix skb data length underflow

block: Fix wrong offset in bio_truncate()

net: fix information leakage in /proc/net/ptype

Complex adaptation required. Issue can be reproduced with special UEFI implementation only.

pstore/ram: Fix crash when setting number of cpus

SUNRPC: Fix a suspicious RCU usage warning

swiotlb: Fix double-allocation of slots due to broken alignment handling

net: bridge: switchdev: Skip MDB replays of

cachefiles: fix memory leak in

NFSv4.2: fix nfs4_listxattr kernel BUG at

quota: Fix potential NULL pointer dereference

drm/vmwgfx: Create debugfs ttm_resource_manager

nfs: fix UAF in direct writes

mm/hugetlb: fix missing hugetlb_lock for resv

netfilter: nf_tables: honor table dormant flag from

mlxsw: spectrum_acl_tcam: Fix incorrect list API

rtnetlink: Correct nested IFLA_VF_VLAN_LIST

i40e: fix vf may be used uninitialized in this

scsi: qla2xxx: Fix off by one in

netfilter: tproxy: bail out if IP has been disabled

netfilter: nfnetlink_queue: acquire rcu_read_lock()

drm/amd/display: Implement bounds check for stream encoder creation in DCN301

exit: Use the correct exit_code in /proc/<pid>/stat

fs/proc: do_task_stat: use __for_each_thread()

fs/proc: do_task_stat: move

fs/proc: do_task_stat: use sig->stats_lock to

hv_netvsc: Fix race condition between netvsc_probe and netvsc_remove

ext4: fix double-free of blocks due to wrong

arp: Prevent overflow in arp_req_get().

net/sched: act_mirred: use the backlog for mirred ingress

ext4: avoid allocating blocks from corrupted group in ext4_mb_find_by_goal()

ext4: avoid allocating blocks from corrupted group in ext4_mb_try_best_found()

stmmac: Clear variable when destroying workqueue

VFIO: Add the SPR_DSA and SPR_IAX devices to the

tty: n_gsm: fix possible out-of-bounds in gsm0_receive()

USB: core: Fix access violation during port device removal

cppc_cpufreq: Fix possible null pointer dereference

tipc: fix UAF in error path

tcp: defer shutdown(SEND_SHUTDOWN) for TCP_SYN_RECV sockets

i2c: core: Fix atomic xfer check for non-preempt

wifi: mac80211: don't return unset power in ieee80211_get_tx_power()

platform/x86: wmi: Fix opening of char device

ubi: Check for too small LEB size in VTBL code

tcp: add sanity checks to rx zerocopy

ipvlan: add ipvlan_route_v6_outbound() helper

PowerPC: Unsupported.

ext4: avoid online resizing failures due to

ext4: avoid online resizing failures due to

tcp: Use refcount_inc_not_zero() in tcp_twsk_unique()

block: fix overflow in blk_ioctl_discard()

tls: fix missing memory barrier in tls_init

net: core: reject skb_copy(_expand) for fraglist GSO skbs

mptcp: ensure snd_nxt is properly initialized on connect

wifi: iwlwifi: mvm: guard against invalid STA ID on removal

net/sched: flower: Fix chain template offload

tipc: fix a possible memleak in tipc_buf_append

wifi: nl80211: don't free NULL coalescing rule

net: nsh: Use correct mac_offset to unwind gso skb in nsh_gso_segment()

nsh: Restore skb->{protocol,data,mac_header} for outer header in nsh_gso_segment().

firewire: ohci: mask bus reset interrupts between ISR and bottom half

pinctrl: core: fix possible memory leak in pinctrl_enable()

pinctrl: core: delete incorrect free in pinctrl_enable()

drm/vmwgfx: Fix invalid reads in fence signaled events

net: sched: sch_multiq: fix possible OOB write in multiq_tune()

net: bridge: xmit: make sure we have at least eth header len bytes

net/smc: fix neighbour and rtable leak in smc_ib_find_route()

net: bridge: mst: fix vlan use-after-free

net: bridge: mst: pass vlan group directly to br_mst_vlan_set_state

net: bridge: mst: fix suspicious rcu usage in br_mst_set_state

Out of scope as the patch is for powerpc arch only, x86_64 is not affected

drm: Don't unref the same fb many times by mistake due to deadlock handling

ionic: clean interrupt before enabling queue to avoid credit race

ionic: fix use after netif_napi_del()

Out of scope as the patch is for powerpc arch only, x86_64 is not affected

vfio/pci: Lock external INTx masking ops

igc: avoid returning frame twice in XDP_REDIRECT

Complex adaptation required. Network services prevents update because sleeps in inet_csk_accept() function.

x86/xen: Fix memory leak in

x86/xen: Add some null pointer checking to smp.c

x86/mce: Make sure to grab mce_sysfs_mutex in set_bank()

atl1c: Work around the DMA RX overflow issue

atl1c: Work around the DMA RX overflow issue

x86/bugs: Change commas to semicolons in 'spectre_v2' sysfs file

x86/bhi: Add support for clearing branch history at syscall entry

mm: swap: fix race between free_swap_and_cache()

net/mlx5: Discard command completions in internal

wifi: brcmfmac: pcie: handle randbuf allocation

af_unix: Fix data races in

af_unix: Fix data-races around sk->sk_shutdown.

stm class: Fix a double free in

ext4: fix mb_cache_entry's e_refcnt leak in

xfs: fix log recovery buffer allocation for the

md/raid5: fix deadlock that raid5d() wait for

md/raid5: remove pr_debug() in raid5d()

bonding: Fix out-of-bounds read in

cpufreq: exit() callback is optional

xhci: Handle TD clearing for multiple streams case

tipc: Change nla_policy for bearer-related names to

tipc: Change nla_policy for bearer-related names to

SUNRPC: Fix RPC client cleaned up the freed pipefs

mac802154: fix llsec key resources release in mac802154_llsec_key_del

mac802154: fix llsec key resources release in mac802154_llsec_key_del

net/sched: Fix mirred deadlock on device recursion

net/sched: Fix mirred deadlock on device recursion (Adaptation)

usb: typec: altmodes/displayport: create sysfs kpatch

tcp: properly terminate timers for kernel sockets

ftruncate: pass a signed offset

crypto: bcm - Fix pointer arithmetic

scsi: qedf: Ensure the copied buf is NUL terminated

usb: atm: cxacru: fix endpoint checking in cxacru_bind()

drivers: core: synchronize really_probe() and dev_uevent()

af_unix: Fix garbage collector racing against connect()

net/iucv: Avoid explicit cpumask var allocation on stack

net: openvswitch: fix overwriting ct original tuple for ICMPv6

pinctrl: fix deadlock in create_pinctrl() when handling -EPROBE_DEFER

USB: class: cdc-wdm: Fix CPU lockup caused by excessive log messages

vmci: prevent speculation leaks by sanitizing event in event_deliver()

liquidio: Adjust a NULL pointer handling path in lio_vf_rep_copy_packet

drm/amdgpu: Using uninitialized value *size when calling amdgpu_vce_cs_reloc

tcp: Fix shift-out-of-bounds in dctcp_update_alpha().

tcp: Fix shift-out-of-bounds in dctcp_update_alpha(). (Adaptation)

x86: stop playing stack games in profile_pc()

mm: avoid overflows in dirty throttling logic

scsi: qedf: Make qedf_execute_tmf() non-preemptible

NFSv4: Fix memory leak in nfs4_set_security_label

scsi: mpt3sas: Avoid test/set_bit() operating in non-allocated memory

usb-storage: alauda: Fix uninit-value in alauda_check_media()

usb-storage: alauda: Check whether the media is initialized

usb-storage: alauda: Check whether the media is initialized (Adaptation)

hwmon: (w83793) Fix NULL pointer dereference by removing unnecessary structure field

hwmon: (w83792d) Fix NULL pointer dereference by removing unnecessary structure field

hwmon: (w83791d) Fix NULL pointer dereference by removing unnecessary structure field

hwmon: Fix NULL pointer dereference by removing unnecessary structure field

tap: add missing verification for short frame

tun: add missing verification for short frame

mlxsw: thermal: Fix out-of-bounds memory accesses

drm/amdgpu: add error handle to avoid out-of-bounds

drm/amdgpu: Fix signedness bug in sdma_v4_0_process_trap_irq()

nvmet: fix a possible leak when destroy a ctrl during qp establishment

nvmet-fc: release reference on target port

nvmet-fc: avoid deadlock on delete association path

wifi: cfg80211: restrict NL80211_ATTR_TXQ_QUANTUM values

wifi: cfg80211: restrict NL80211_ATTR_TXQ_QUANTUM values (Adaptation)

wifi: mt76: replace skb_put with skb_put_zero

net/sched: Fix UAF when resolving a clash

HID: hid-thrustmaster: fix OOB read in thrustmaster_interrupts

wifi: ath11k: fix htt pktlog locking

Out of scope: boot time issue

net: fix possible store tearing in neigh_periodic_work()

perf/x86/lbr: Filter vsyscall addresses

phy: ti: phy-omap-usb2: Fix NULL pointer dereference for SRP

wifi: ath11k: fix dfs radar event locking

scsi: libfc: Fix potential NULL pointer dereference in fc_lport_ptp_setup()

Input: synaptics-rmi4 - fix use after free in rmi_unregister_function()

mlxsw: spectrum_acl_tcam: Move devlink param to TCAM code

mlxsw: spectrum_acl_tcam: Fix NULL pointer dereference in error path

CVE Rejected

slub: don't panic for memcg kmem cache creation failure

mm, slub: fix potential memoryleak in kmem_cache_open()

nvmem: Fix shift-out-of-bound (UBSAN) with byte size cells

serial: core: fix transmit-buffer reset and memleak

USB: core: Fix hang in usb_kill_urb by adding memory barriers

firmware: arm_scpi: Fix string overflow in SCPI genpd driver

firmware: arm_scpi: Fix string overflow in SCPI genpd driver

drm/radeon: check the alloc_workqueue return value in radeon_crtc_init()

vt_ioctl: fix array_index_nospec in vt_setactivate

Input: aiptek - use descriptors of current altsetting

Input: aiptek - fix endpoint sanity check

Input: aiptek - properly check endpoint type

USB: core: Make do_proc_control() and do_proc_bulk() killable

usb: core: Don't hold the device lock while sleeping in do_proc_control()

tcp_metrics: validate source addr length

tcp_metrics: validate source addr length

phylib: fix potential use-after-free

drm/amdgpu: Fix a null pointer access when the smc_rreg pointer is NULL

drm/amdgpu/debugfs: fix error code when smc register accessors are NULL

netfilter: nf_tables: Reject tables of unsupported family

drm/amdgpu/mes: fix use-after-free issue

net: do not leave a dangling sk pointer, when socket creation fails

netns: Make get_net_ns() handle zero refcount net

firmware: cs_dsp: Fix overflow checking of wmfw header

firmware: cs_dsp: Fix overflow checking of wmfw header (adaptation)

wifi: mac80211: Avoid address calculations via out of bounds array indexing

udp: Set SOCK_RCU_FREE earlier in udp_lib_get_port().

firmware: cs_dsp: Use strnlen() on name fields in V1 wmfw files

firmware: cs_dsp: Prevent buffer overrun when processing V2 alg headers

CVE patch is for powerpc arch only

CVE patch is for powerpc arch only

sched/deadline: Fix task_struct reference leak

USB: core: Fix duplicate endpoint bug by clearing reserved bits in the descriptor

ppp: reject claimed-as-LCP but actually malformed packets

drm/radeon: check bo_va->bo is non-NULL before using it

The patch affects too much kernel code. Low impact CVE.

VMCI: Use struct_size() in kmalloc()

VMCI: Fix memcpy() run-time warning in dg_dispatch_as_host()

VMCI: Fix possible memcpy() run-time warning in vmci_datagram_invoke_guest_handler()

dmaengine: idxd: Fix oops during rmmod on single-CPU platforms

scsi: mpi3mr: Avoid memcpy field-spanning write WARNING

net: fix out-of-bounds access in ops_init

ipv6: prevent NULL dereference in ip6_output()

ipv6: fib6_rules: avoid possible NULL dereference in fib6_rule_action()

scsi: bnx2fc: Remove spin_lock_bh while releasing resources after upload

wifi: iwlwifi: read txq->read_ptr under lock

nfs: handle error of rpc_proc_register() in init_nfs_fs()

wifi: mac80211: Fix deadlock in ieee80211_sta_ps_deliver_wakeup()

wifi: iwlwifi: mvm: check n_ssids before accessing the ssids

mptcp: ensure snd_una is properly initialized on connect

wifi: iwlwifi: mvm: don't read past the mfuart notifcation

xfrm6: check ip6_dst_idev() return value in xfrm6_get_saddr()

ipv6: prevent possible NULL dereference in rt6_probe()

scsi: qedi: Fix crash while reading debugfs attribute

wifi: mt76: mt7921s: fix potential hung tasks during chip recovery

firmware: cs_dsp: Validate payload length before processing block

firmware: cs_dsp: Return error if block header overflows file

protect the fetch of ->fd[fd] in do_dup2() from mispredictions

ipvs: properly dereference pe in ip_vs_add_service

leds: trigger: Unregister sysfs attributes before calling deactivate()

devres: Fix memory leakage caused by driver API devm_free_percpu()

Patch introduced regression and was reverted later.

nbd: Low-score CVE. Patched function is called from a kthread and sleeps, which may prevent patching/unpatching.

tracing: Ensure visibility when inserting an element into tracing_map

drm/amdgpu: Fix the null pointer when load rlc firmware

net: ice: Fix potential NULL pointer dereference in ice_bridge_setlink()

dm: call the resume method on internal suspend

filelock: Remove locks reliably when fcntl/close race is detected

Input: add bounds checking to input_set_capability()

Input: elantech - fix stack out of bound access in elantech_change_report_id()

asix: fix uninit-value in asix_mdio_read()

HID: logitech-hidpp: Fix kernel crash on receiver USB disconnect

ACPI: processor_idle: Fix memory leak in acpi_processor_power_exit()

driver core: auxiliary bus: Fix memory leak when driver_register() fail

ACPI: fix NULL pointer dereference

watchdog: Fix possible use-after-free by calling del_timer_sync()

drm/i915/vma: Fix UAF on destroy against retire race

x86/mm/pat: fix VM_PAT handling in COW mappings

tunnels: fix out of bounds access when building IPv6 PMTU error

mlxsw: Verify the accessed index doesn't exceed the array length

mlxsw: spectrum: Protect driver from buggy firmware

gfs2: Remove ill-placed consistency check

gfs2: simplify gdlm_put_lock with out_free label

gfs2: Fix potential glock use-after-free on unmount

gfs2: Fix potential glock use-after-free on unmount

media: cec: cec-adap: always cancel work in cec_transmit_msg_fh

media: cec: core: avoid recursive cec_claim_log_addrs

media: cec: core: avoid recursive cec_claim_log_addrs kpatch

media: cec: cec-api: add locking in cec_release()

wifi: cfg80211: Lock wiphy in cfg80211_get_station

HID: i2c-hid-of: fix NULL-deref on failed power up

HID: i2c-hid-of: fix NULL-deref on failed power up

kyber: fix out of bounds access when preempted

ext4: fold quota accounting into ext4_xattr_inode_lookup_create()

ext4: remove duplicate definition of ext4_xattr_ibody_inline_set()

ext4: do not create EA inode under buffer lock

udp: do not accept non-tunnel GSO skbs landing in a tunnel

udp: do not accept non-tunnel GSO skbs landing in a tunnel

net, sunrpc: Remap EPERM in case of connection failure in xs_tcp_setup_socket

netpoll: Fix race condition in netpoll_owner_active

xfs: don't walk off the end of a directory data block

drm/radeon: fix UBSAN warning in kv_dpm.c

ext4: fix uninitialized ratelimit_state->lock access in __ext4_fill_super()

net/sched: act_api: fix possible infinite loop in tcf_idr_check_alloc()

xfs: add bounds checking to xlog_recover_process_data

tcp: refactor tcp_retransmit_timer()

net: tcp: fix unexcepted socket die when snd_wnd is 0

tcp: avoid too many retransmit packets

ptp: Fix possible memory leak in ptp_clock_register()

virtio-net: Add validation for used length

tty: Fix out-of-bound vmalloc access in imageblit

block: don't call rq_qos_ops->done_bio if the bio isn't tracked

lib/generic-radix-tree.c: Don't overflow in peek()

hwmon: (mlxreg-fan) Return non-zero value when fan current state is enforced from sysfs

fbmem: Do not delete the mode that is still in use

tun: limit printing rate when illegal packet received by tun dev

PCI/PM: Drain runtime-idle callbacks before driver removal

This CVE introduces a regression and is reverted by CVE-2024-42102 in the same errata

Complex adaptation required, low score patch for non critical subsystem amdgpu

nvme-fc: do not wait in vain when unloading module

nvme-fc: do not wait in vain when unloading module

dev/parport: fix the array out-of-bounds risk

ipv6: prevent possible NULL deref in fib6_nh_init()

tipc: Return non-zero value from tipc_udp_addr2str() on error

drm/i915/gt: Fix potential UAF by revoke of fence registers

of: module: add buffer overflow check in of_modalias()

nouveau: lock the client object tree

nouveau: lock the client object tree

KVM: Always flush async #PF workqueue when vCPU is being destroyed

KVM: Always flush async #PF workqueue when vCPU is being destroyed

net/mlx5e: Add wrapping for auxiliary_driver op and remove unused args

net/mlx5e: Fix netif state handling

bnxt_re: avoid shift undefined behavior in bnxt_qplib_alloc_init_hwq

r8169: Fix possible ring buffer corruption on fragmented Tx packets.

tipc: force a dst refcount before doing decryption

drm/i915/dpt: Make DPT object unshrinkable

ACPICA: Revert "ACPICA: avoid Info: mapping multiple BARs. Your kernel is fine."

netfilter: nf_tables: prefer nft_chain_validate

ELF: fix kernel.randomize_va_space double read

bpf: Fix overrunning reservations in ringbuf

bpf: Fix overrunning reservations in ringbuf (adaptation)

sctp: Fix null-ptr-deref in reuseport_add_sock().

netfilter: flowtable: initialise extack before use

dmaengine: fix NULL pointer in channel unregistration function

bonding: fix null pointer deref in bond_ipsec_offload_ok

lib/generic-radix-tree.c: Fix rare race in __genradix_ptr_alloc()

bonding: fix xfrm real_dev null pointer dereference

ibmvnic: rename local variable index to bufidx

ibmvnic: Add tx check to prevent skb leak

drm/amdgpu: avoid using null object of framebuffer

netfilter: nf_tables: fully validate NFT_DATA_VALUE on store to data registers

gfs2: Fix NULL pointer dereference in gfs2_log_flush

USB: serial: mos7840: fix crash on resume

USB: serial: mos7840: fix crash on resume kpatch

kobject_uevent: Fix OOB access within zap_modalias_env()

block: initialize integrity buffer to zero before writing it to media

mlxsw: spectrum_acl_erp: Fix object nesting warning

mlxsw: spectrum_acl_erp: Fix object nesting warning kpatch

Out of scope: This CVE modified the __init function which won't be available to patch as it is used during bootup time.

netfilter: nft_set_pipapo: do not free live element

netfilter: nf_tables: Fix potential data-race in __nft_flowtable_type_get()

xprtrdma: fix pointer derefs in error cases of rpcrdma_ep_create

dma-direct: Leak pages on dma_set_decrypted() failure

mm/memcg: minor cleanup for MEM_CGROUP_ID_MAX

mm: memcontrol: fix cannot alloc the maximum memcg ID

memcontrol: ensure memcg acquired by id is properly set up

memcg: protect concurrent access to mem_cgroup_idr

memcg: protect concurrent access to mem_cgroup_idr

Live-patching will introduce network performance degradation in the best case scenario, or even some more serious issues. N/A or Low cvss3 score from NVD or vendors.

Bluetooth: Fix TOCTOU in HCI debugfs implementation

netfilter: nf_conntrack_h323: Add protection for bmp length out of

gso: do not skip outer ip header in case of ipip and net_failover

netfilter: nft_set_pipapo: .walk does not deal with generations

netfilter: nftables: add helper function to flush set elements

netfilter: nft_set_pipapo: walk over current view on netlink dump

netfilter: nf_tables: missing iterator type in lookup walk

netfilter: nft_set_pipapo: walk over current view on netlink dump

Bluetooth: l2cap: fix null-ptr-deref in l2cap_chan_timeout

bpf: Add BPF_PROG_TYPE_CGROUP_SKB attach type enforcement in BPF_LINK_CREATE

mptcp: pm: Fix uaf in __timer_delete_sync

media: edia: dvbdev: fix a use-after-free

vsock/virtio: Initialization of the dangling pointer occurring in vsk->trans

blk-rq-qos: fix crash on rq_qos_wait vs. rq_qos_wake_function race

netfilter: nf_reject_ipv6: fix potential crash in nf_send_reset6()

selinux,smack: don't bypass permissions check in inode_setsecctx hook

net: avoid potential underflow in qdisc_pkt_len_init() with UFO

xfrm: validate new SA's prefixlen using SA family when sel.family is unset

xfrm: fix one more kernel-infoleak in algo dumping

i40e: fix i40e_count_filters() to count only active/new filters

i40e: fix race condition by adding filter's intermediate sync state

i40e: fix race condition by adding filter's intermediate sync state

mptcp: cope racing subflow creation in mptcp_rcv_space_adjust

scsi: core: Remove the /proc/scsi/${proc_name} directory earlier

scsi: core: Fix a procfs host directory removal regression

scsi: core: Fix unremoved procfs host directory regression

media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format

HID: core: zero-initialize the report buffer

ALSA: usb-audio: Fix potential out-of-bound accesses for Extigy and Mbox devices

scsi: megaraid_sas: Fix for a potential deadlock

PPS for embedded GPS devices. Irrelevant for servers.

can: bcm: Fix UAF in bcm_proc_show()

Out of scope: ARM64 architecture isn't supported for current kernel

ALSA: usb-audio: Fix out of bounds reads when finding clock sources

netfilter: ipset: add missing range check in bitmap_ip_uadt

hwmon: (coretemp) fix pci device refcount leak in nv1a_ram_new()

net/mlx5: Always stop health timer during driver removal

net/mlx5e: SHAMPO, Fix invalid WQ linked list unlink

vsock: Keep the binding until socket destruction

vsock: Orphan socket after transport release

wifi: rtw89: Fix array index mistake in rtw89_sta_info_get_iter()

x86 xen add xenpv restore regs and return to usermode

kpatch add alt asm definitions