net: sit: fix memory leak in sit_init_net()

N/A

net-gro: fix use-after-free read in napi_gro_frags()

drm/edid: Fix a missing-check bug in drm_load_edid_firmware()

sunrpc: use SVC_NET() in svcauth_gss_* functions

sunrpc: use-after-free in svc_process_common()

CVE-2018-16884 kpatch adaptation

crypto: user - fix leaking uninitialized memory to userspace

USB: hso: Fix OOB memory access in hso_probe/hso_get_config_data

USB: check usb_get_extra_descriptor for proper size

Bluetooth: Verify that l2cap_get_conf_opt provides large

Bluetooth: Check L2CAP option sizes returned from

sctp: implement memory accounting on tx path

vfio/type1: Limit DMA mappings per container

vfio/type1: Limit DMA mappings per container

introduce vhost_exceeds_weight() (adaptation for CVE-2019-3900 dependency)

add weight support to drivers/vhost/vsock.c (adaptation)

add weight support to drivers/vhost/scsi.c (adaptation)

Change mincore() to count "mapped" pages rather than "cached" pages

KVM: x86: work around leak of uninitialized stack contents

Bluetooth: Align minimum encryption key size for LE and BR/EDR connections

Bluetooth: Fix regression with minimum encryption key size alignment

Bluetooth: Fix faulty expression for minimum encryption key size check

fix heap overflow in mwifiex_uap_parse_tail_ies()

inet: switch IP ID generator to siphash

netns: provide pure entropy for net_hash_mix()

coredump: fix race condition between

coredump: fix race condition between mmget_not_zero()/get_task_mm()

ext4: zero out the unused memory region in the extent tree block

Bluetooth: hidp: fix buffer overflow

fix use-after-free access to LDT entry

KVM: coalesced_mmio: add bounds checking

net-sysfs: Fix mem leak in netdev_register_kobject

xfrm: policy: Fix out-of-bound array accesses in __xfrm_policy_unlink

x86/speculation/taa: Add mitigation for TSX Async Abort

[kvm] kvm: x86, powerpc: do not allow clearing largepages debugfs entry

[kvm] kvm: Convert kvm_lock to a mutex

[kvm] kvm: mmu: Do not release the page inside mmu_set_spte()

[kvm] KVM: x86: make FNAME(fetch) and __direct_map more similar

[kvm] KVM: x86: remove now unneeded hugepage gfn adjustment

[kvm] KVM: x86: remove now unneeded hugepage gfn adjustment

[kvm] KVM: x86: remove now unneeded hugepage gfn adjustment

[kvm] kvm: mmu: ITLB_MULTIHIT mitigation

[kvm] kvm: x86: mmu: Recovery of shattered NX large pages

KVM: x86/mmu: Treat invalid shadow pages as obsolete

KVM: x86/mmu: Take slots_lock when using kvm_mmu_zap_all_fast()

kvm: mmu: ITLB_MULTIHIT mitigation

fix thread creation

drm/i915/gtt: Add read only pages to gen8_pte_encode

drm/i915/gtt: Read-only pages for insert_entries on bdw+

drm/i915/gtt: Disable read-only support under GVT

drm/i915: Prevent writing into a read-only object via a GGTT mmap

[drm] drm/i915: Rename gen7 cmdparser tables

[drm] drm/i915: Disable Secure Batches for gen6+

[drm] drm/i915: Remove Master tables from cmdparser

[drm] drm/i915: Add support for mandatory cmdparsing

[drm] drm/i915: Support ro ppgtt mapped cmdparser shadow buffers

[drm] drm/i915: Allow parsing of unsized batches

[drm] drm/i915: Add gen9 BCS cmdparsing

[drm] drm/i915/cmdparser: Use explicit goto for error paths

[drm] drm/i915/cmdparser: Add support for backward jumps

[drm] drm/i915/cmdparser: Ignore Length operands during command matching

[drm] drm/i915/gen8+: Add RC6 CTX corruption WA

[drm] drm/i915: Lower RM timeout to avoid DSI hard hangs

[drm] drm/i915/cmdparser: Fix jump whitelist clearing

rtlwifi: Fix potential overflow on P2P code

fix a heap overflow in Marvell WiFi driver

mwifiex: fix possible heap overflow in mwifiex_process_country_ie()

mwifiex: Fix three heap overflow at parsing element in

mwifiex: Fix three heap overflow at parsing element in

mwifiex: Fix three heap overflow at parsing element in

fixed incomplete patch for CVE-2019-11599

[x86] kvm: x86: do not modify masked bits of shared MSRs

HID: hiddev: avoid opening a disconnected device

nfsd: COPY and CLONE operations require the saved filehandle to be set

scsi: qedi: remove memset/memcpy to nfunc and use func instead

ath10k: Fix a NULL-ptr-deref bug in ath10k_usb_alloc_urb_from_pipe

ALSA: line6: Fix write on zero-sized buffer

ieee802154: enforce CAP_NET_RAW for raw sockets

mISDN: enforce CAP_NET_RAW for raw sockets

mwifiex: pcie: Fix memory leak in mwifiex_pcie_init_evt_ring

ath9k_htc: release allocated buffer if timed out

ath9k: release allocated buffer if timed out

can: peak_usb: fix slab info leak

exec: Fix mem leak in kernel_read_file

ipv4: set the tcp_min_rtt_wlen range from 0 to one day

ipv4: set the tcp_min_rtt_wlen range from 0 to one day

blktrace: Protect q->blk_trace with RCU

net: ipv6_stub: use ip6_dst_lookup_flow instead of ip6_dst_lookup

kpatch adaptation for CVE-2020-1749

iwlwifi: pcie: fix rb_allocator workqueue allocation

net/flow_dissector: switch to siphash

net/flow_dissector: switch to siphash

net/mlx5: prevent memory leak in mlx5_fpga_conn_create_cq

iwlwifi: dbg_ini: fix memory leak in alloc_sgtable

RDMA/hfi1: Prevent memory leak in sdma_init

drm/amdgpu: fix multiple memory leaks in acp_hw_init

RDMA: Fix goto target to release the allocated memory

Fix assumption that devices have inputs

sched/fair: Fix low cpu usage with high throttling

UBUNTU: SAUCE: drm/i915: Fix use-after-free when destroying GEM context

Incorrect version of patch were initially used. Work on correct fix is in progress.

[netdrv] mdio_bus: Fix use-after-free on device_register fails

[net] mac80211: Do not send Layer 2 Update frame before authorization

cfg80211: add and use strongly typed element iteration macros

cfg80211: Use const more consistently in for_each_element macros

[net] nl80211: validate beacon head

[net] nl80211: validate beacon head (kpatch adaptation)

KVM: prevent L2 guest from unauthorized accessing L1 resources

netlabel: cope with NULL catmap

block, bfq: fix use-after-free in bfq_idle_slice_timer_body

x86/speculation: Add Special Register Buffer Data Sampling (SRBDS) mitigation

[wireless] mwifiex: Fix possible buffer overflows in mwifiex_cmd_append_vsie_tlv()

[wireless] mwifiex: Fix possible buffer overflows in mwifiex_ret_wmm_get_status()

x86/speculation: Prevent rogue cross-process SSBD shutdown

x86/speculation: Avoid force-disabling IBPB based on STIBP and enhanced IBRS.

x86/speculation: PR_SPEC_FORCE_DISABLE enforcement for indirect branches.

x86/speculation: Avoid force-disabling IBPB based on STIBP and enhanced IBRS. (kpatch adaptation)

N/A

[x86] mm: Fix mremap not considering huge pmd devmap

vfio: access to disabled MMIO space of some devices may lead to DoS scenario

vfio: access to disabled MMIO space of some devices may lead to DoS scenario

x86/kvm: Be careful not to clear KVM_VCPU_FLUSH_TLB bit

x86/kvm: Be careful not to clear KVM_VCPU_FLUSH_TLB bit

x86/kvm: Be careful not to clear KVM_VCPU_FLUSH_TLB bit

x86/kvm: Be careful not to clear KVM_VCPU_FLUSH_TLB bit

x86/kvm: Be careful not to clear KVM_VCPU_FLUSH_TLB bit

x86/kvm: Be careful not to clear KVM_VCPU_FLUSH_TLB bit

x86/kvm: Be careful not to clear KVM_VCPU_FLUSH_TLB bit

x86/kvm: Be careful not to clear KVM_VCPU_FLUSH_TLB bit

x86/kvm: Be careful not to clear KVM_VCPU_FLUSH_TLB bit

x86/kvm: Be careful not to clear KVM_VCPU_FLUSH_TLB bit (adaptation)

ACPI: configfs: Disallow loading ACPI tables when locked down

net/packet: make tp_drops atomic

net/packet: fix overflow in tpacket_rcv

xfs: fix boundary test in xfs_attr_shortform_verify

vgacon: Fix for missing check in scrollback handling

[net] Bluetooth: L2CAP: Fix calling sk_filter on non-socket based channel

[net] Bluetooth: A2MP: Fix not initializing all members

KVM: fix overflow of zero page refcount with ksm running

[block] block/loop: Don't grab "struct file" for vfs_getattr() operation.

[block] block/loop: Use global lock for ioctl() operation.

[block] blk-sysfs: Rework documention of __blk_release_queue

[fs] ext4: avoid declaring fs inconsistent due to invalid file handles

[fs] ext4: fix special inode number checks in __ext4_iget()

[fs] ext4: fix use-after-free race with debug_want_extra_isize

[block] block: add helper for checking if queue is registered

[fs] fs/proc/proc_sysctl.c: fix NULL pointer dereference in put_links

[fs] fs/proc/proc_sysctl.c: Fix a NULL pointer dereference

[fs] ext4: work around deleting a file with i_nlink == 0 safely

[security] selinux: remove redundant selinux_nlmsg_perm

[bluetooth] hci_ldisc: Initialize hci_dev before open()

[bluetooth] hci_ldisc: Postpone HCI_UART_PROTO_READY bit set in hci_uart_set_proto()

[char] ipmi: Fix memory leak in __ipmi_bmc_register

[usb] USB: core: Fix races in character device registration and deregistraion

[block] block: Remove "dying" checks from sysfs callbacks

[video] vgacon: Fix a UAF in vgacon_invert_region

[kernel] rcu: Upgrade rcu_swap_protected() to rcu_replace_pointer()

[x86] kvm: x86: fix out-of-bounds write in KVM_GET_EMULATED_CPUID

[wireless] rtlwifi: prevent memory leak in rtl_usb_probe

[wireless] rtl8xxxu: prevent leaking urb

[wireless] mwifiex: pcie: Fix memory leak in mwifiex_pcie_alloc_cmdrsp_buf

[wireless] mt76: fix array overflow on receiving too many fragments for a packet

[input] Input: ff-memless - kill timer in destroy()

[scsi] scsi: qla2xxx: fix a potential NULL pointer dereference

[media] media: videobuf2-v4l2: drop WARN_ON in vb2_warn_zero_bytesused()

[media] media: serial_ir: Fix use-after-free in serial_ir_init_module

[kernel] tracing: Fix memory leak in create_filter()

[kernel] tracing: Avoid memory leak in predicate_parse()

[kernel] tracing: Have error path in predicate_parse() free its allocated memory

[kernel] tracing: Avoid memory leak in process_system_preds()

[mm] mm: mempolicy: require at least one nodeid for MPOL_PREFERRED

[vhost] vhost: Check docket sk_family instead of call getname

[media] media: v4l: event: Prevent freeing event subscriptions while accessed

[media] media: v4l: event: Add subscription to list before calling "add" operation

[media] media: v4l: event: Prevent freeing event subscriptions while accessed

[crypto] crypto: ccp - Release all allocated memory if sha type is invalid

[crypto] crypto: user - fix memory leak in crypto_report

[input] Input: add safety guards to input_set_keycode()

[tty] vt: selection, close sel_buffer race

[tty] vt: don't reinvent min()

[tty] vt: selection: allow functions to be called from inside kernel

[staging] staging: speakup: refactor to use existing code in vt

[tty] vt: selection, push console lock down

[tty] vt: selection, push sel_lock up

[staging] staging: speakup: refactor to use existing code in vt (kpatch adaptation)

[fs] fs/binfmt_elf.c: allocate initialized memory in fill_thread_core_info()

[media] media: usb: fix memory leak in af9005_identify_state

[media] media: ttusb-dec: Fix info-leak in ttusb_dec_send_command()

[media] media: xirlink_cit: add missing descriptor sanity checks

[scsi] scsi: sg: add sg_remove_request in sg_write

[security] selinux: properly handle multiple messages in selinux_netlink_send()

[kernel] signal: Extend exec_id to 64bits

[kernel] signal: Extend exec_id to 64bits (kpatch adaptation)

[fs] xfs: add agf freeblocks verify in xfs_agf_verify

[kernel] blktrace: break out of blktrace setup on concurrent calls

[kernel] blktrace: Avoid sparse warnings when assigning q->blk_trace

[kernel] blktrace: no need to check return value of debugfs_create functions

[block] block: add docs for gendisk / request_queue refcount helpers

[block] block: clarify context for refcount increment helpers

[block] block: revert back to synchronous request_queue removal

[kernel] blktrace: annotate required lock on do_blk_trace_setup()

[block] loop: be paranoid on exit and prevent new additions / removals

[kernel] blktrace: fix debugfs use after free

[kernel] blktrace: ensure our debugfs dir exists

[netdrv] fjes: Handle workqueue allocation failure

[netdrv] net: hns3: add some error checking in hclge_tm module

[net] xsk: Add missing check on user supplied headroom size

[fs] ext4: protect journal inode's blocks using block_validity

[fs] ext4: unsigned int compared against zero

[fs] ext4: protect journal inode's blocks using block_validity (kpatch adaptation)

[fs] ext4: add more paranoia checking in ext4_expand_extra_isize handling

[fs] chardev: Avoid potential use-after-free in 'chrdev_open()'

[include] block: allow for_each_bvec to support zero len bvec

net_sched: cls_route: remove the right filter from hashtable

random32: update the net random state on interrupt and activity

netfilter: ctnetlink: add a range check for l3/l4 protonum

icmp: randomize the global rate limiter

tty: Fix ->pgrp locking in tiocspgrp()

perf/core: Fix race in the perf_mmap_close() function

epoll: Keep a reference on files added to the check list

do_epoll_ctl(): clean the failure exits up a bit

fix regression in "epoll: Keep a reference on files added to the check list"

scsi: target: Fix XCOPY NAA identifier lookup

scsi: target: Fix XCOPY NAA identifier lookup (kpatch adaptation)

futex: Handle transient ownerless rtmutex state correctly (CVE-2021-3347 dependency)

futex: Ensure the correct return value from futex_lock_pi

futex: Replace pointless printk in fixup_owner

futex: Simplify fixup_pi_state_owner

futex: Provide and use pi_state_update_owner

futex: Handle faults correctly for PI futexes

scsi: iscsi: Restrict sessions and handles to admin capabilities

sysfs: Add sysfs_emit and sysfs_emit_at to format sysfs output

scsi: iscsi: Ensure sysfs attributes are limited to PAGE_SIZE

scsi: iscsi: Verify lengths on passthrough PDUs

USB: iowarrior: fix use-after-free on disconnect

USB: adutux: fix use-after-free on disconnect

media: ov519: add missing endpoint sanity checks

USB: core: Fix free-while-in-use bug in the USB S-Glibrary

fs/namespace.c: fix mountpoint reference counter race

ext4: fix potential negative array index in do_split()

cgroup: fix cgroup_sk_alloc() for sk_clone_lock()

cgroup: Fix sock_cgroup_data on big-endian.

netprio_cgroup: Fix unlimited memory leak of v2 cgroups

cgroup: fix cgroup_sk_alloc() for sk_clone_lock() (adaptation)

nfsd: apply umask on fs without ACL support

nfs: Fix getxattr kernel panic and memory overflow

mm/hugetlb: fix a race between hugetlb sysctl handlers

rbd: require global CAP_SYS_ADMIN for mapping and unmapping

HID: hid-input: clear unmapped usages

hdlc_ppp: add range checks in ppp_cp_parse_cr()

vt: Disable KD_FONT_OP_COPY

ALSA: rawmidi: Fix racy buffer resize under concurrent accesses

ALSA: rawmidi: Fix racy buffer resize under concurrent accesses (adaptation)

tun: correct header offsets in napi frags mode

fuse: fix bad inode

serial: 8250: fix null-ptr-deref in serial8250_start_tx()

perf/core: Fix a memory leak in perf_event_parse_addr_filter()

vt: vt_ioctl: fix VT_DISALLOCATE freeing in-use virtual console

vt: vt_ioctl: fix VT_DISALLOCATE freeing in-use virtual console (adaptation)

IB/hfi1: Ensure correct mm is used at all times

IB/hfi1: Ensure correct mm is used at all times (adaptation)

Mitigation is made with intel firmware update, el8 kernels also need 'i915.enable_guc' specified in cmdline to be affected

af_key: pfkey_dump needs parameter validation

[virt] kvm: fix memory leak in kvm_io_bus_unregister_dev()

The problematic patch was introduced only in the 8.4 release, >=kernel-4.18.0-305.el8

The problematic patch was introduced only in the 8.4 release, >=kernel-4.18.0-305.el8

Affects only secure boot __init stage, already booted kernels are not affected

Bluetooth: verify AMP hci_chan before amp_destroy

Bluetooth: verify AMP hci_chan before amp_destroy (kcare adaptation)

seq_file: Disallow extremely large seq buffer allocations

bluetooth: eliminate the potential race condition when removing the

KVM: do not allow mapping valid but non-reference-counted pages

can: bcm: delay release of struct bcm_op after synchronize_rcu

netfilter: x_tables: fix compat match/target pad out-of-bound write

Out of scope as the patch is for powerpc arch only, x86_64 is not affected

KVM: nSVM: avoid picking up unsupported bits from L2 in int_ctl

KVM: nSVM: always intercept VMLOAD/VMSAVE when nested

RDMA/cma: Add missing locking to rdma_accept()

RDMA/ucma: Fix the locking of ctx->file

RDMA/ucma: Fix locking for ctx->events_reported

RDMA/ucma: Rework ucma_migrate_id() to avoid races with destroy

HID: make arrays usage and value to be the same

[block] nbd: prevent memory leak

[block] nbd: Fix memory leak in nbd_add_socket

tty: Fix ->session locking

nbd: freeze the queue while we're adding connections

dm ioctl: fix out of bounds array access when no devices

fuse: fix live lock in fuse_iget()

pinctrl: devicetree: Avoid taking direct reference to device name string

mwifiex: Fix possible buffer overflows in mwifiex_cmd_802_11_ad_hoc_start

cipso,calipso: resolve a number of problems with the DOI refcounts

KVM: Destroy I/O bus devices on unregister failure _after_ sync'ing SRCU

KVM: Stop looking for coalesced MMIO zones if the bus is destroyed

sctp: delay auto_asconf init until binding the first addr

Bluetooth: use correct lock to prevent UAF of hdev object

netfilter: x_tables: Use correct memory barriers.

Bluetooth: fix the erroneous flush_work() order

Bluetooth: SMP: Fail if remote and local public keys are identical

mm: thp: make the THP mapcount atomic against __split_huge_pmd_locked()

mm: thp: fix MADV_REMOVE deadlock on shmem THP

perf/x86/intel: Fix a crash caused by zero PEBS status

bpf: Fix 32 bit src register truncation on div/mod

bpf: Fix truncation handling for mod32 dst reg wrt zero

Bluetooth: Fix slab-out-of-bounds read in hci_extended_inquiry_result_evt()

netfilter: nf_tables: fix flowtable list del corruption

[net] bpf: restrict map value pointer arithmetic for unprivileged

[net] bpf: restrict stack pointer arithmetic for unprivileged

bpf: Prohibit alu ops for pointer types not defining ptr_limit

bpf: Fix off-by-one for area size in creating mask to left

bpf: Simplify alu_limit masking for pointer arithmetic

bpf: Add sanity check for upper ptr_limit

bpf: Use correct permission flag for mixed signed bounds arithmetic

bpf: Move off_reg into sanitize_ptr_alu

bpf: Ensure off_reg has no mixed signed bounds for all types

bpf: Rework ptr_limit into alu_limit and add common error path

bpf: Improve verifier error messages for users

bpf: Refactor and streamline bounds check into helper

bpf: Move sanitize_val_alu out of op switch

bpf: Tighten speculative pointer arithmetic mask

bpf: Fix masking negation logic upon negative dst register

bpf: Fix leakage of uninitialized bpf stack under speculation

bpf: Wrap aux data inside bpf_sanitize_info container

bpf: Fix mask direction swap upon off reg sign change

bpf: No need to simulate speculative domain for immediates

tracing: Fix bug in rb_per_cpu_empty() that might cause deadloop.

net: mac802154: Fix general protection fault

[net] mac80211: Don't memset RXCB prior to PAE intercept

mac80211: assure all fragments are encrypted

mac80211: prevent mixed key and fragment cache attacks

mac80211: properly handle A-MSDUs that start with an RFC 1042 header

cfg80211: mitigate A-MSDU aggregation attacks

mac80211: drop A-MSDUs on old ciphers

mac80211: check defrag PN against current frame

mac80211: prevent attacks on TKIP/WEP as well

mac80211: do not accept/forward invalid EAPOL frames

mac80211: extend protection against mixed key and fragment cache attacks

ath10k: Validate first subframe of A-MSDU before processing the list

mac80211: prevent mixed key and fragment cache attacks (kpatch adaptation)

mac80211: add fragment cache to sta_info

mac80211: prevent attacks on TKIP/WEP as well (kpatch adaptation)

ovl: prevent private clone if bind mount is not allowed

ixgbe: fix large MTU request from VF

Already included.

Out of scope as the patch is for powerpc arch only, x86_64 is not affected

ovl: fix missing negative dentry check in ovl_rename()

xfs: map unwritten blocks in XFS_IOC_{ALLOC,FREE}SP just like

drm/print: introduce new struct drm_device based WARN* macros

drm/i915: Flush TLBs before releasing backing store

drm/i915: Flush TLBs before releasing backing store (kpatch adaptation)

tipc: improve size validations for received domain records

lib/iov_iter: initialize "flags" in new pipe_buffer

af_unix: fix garbage collect vs MSG_PEEK

af_unix: fix garbage collect vs MSG_PEEK (adaptation)

fs: add fget_many() and fput_many() (dependency)

drm/vmwgfx: Fix stale file descriptors on failed usercopy

cgroup-v1: Require capabilities to set release_agent

KVM: s390: Return error on SIDA memop on normal guest

bpf, x86: Validate computation of branch displacements for x86-64

bpf, x86: Validate computation of branch displacements for x86-32

bpf: Fix integer overflow in prealloc_elems_and_freelist()

xfs: fix up non-directory creation in SGID directories

ipv6: use siphash in rt6_exception_hash()

ipv6: make exception cache less predictible

ipv6: use siphash in rt6_exception_hash() (kpatch adaptation)

vt: keyboard: avoid signed integer overflow in k_ascii

vt: keyboard: avoid signed integer overflow in k_ascii (kpatch adaptation)

pNFS/flexfiles: fix incorrect size check in decode_nfs_fh()

net: qrtr: fix another OOB Read in qrtr_endpoint_post

ipv4: use siphash instead of Jenkins in fnhe_hashfun()

ipv4: make exception cache less predictible

ipv4: use siphash instead of Jenkins in fnhe_hashfun() (kpatch adaptation)

fget: check that the fd still exists after getting a ref to it

netfilter: nat: force port remap to prevent shadowing well-known ports

ipv6: use prandom_u32() for ID generation

cgroup: Optimize single thread migration

cgroup: unify attach permission checking

cgroup/cgroup.c: replace 'of->kn->priv' with of_cft()

cgroup: cgroup.{procs,threads} factor out common parts

cgroup: Use open-time credentials for process migraton perm checks

cgroup: Use open-time cgroup namespace for process migration perm checks

tee: handle lookup of shm with reference count 0

Input: joydev - prevent potential read overflow in ioctl

fuse: fix pipe buffer lifetime for direct_io

fuse: fix pipe buffer lifetime for direct_io (kpatch adaptation)

bpf: Remove MTU check in __bpf_skb_max_len

IBM Power9 is unsupported

media: uvcvideo: Avoid cyclic entity chains due to malformed USB descriptors.

drm/nouveau: Add a dedicated mutex for the clients list

drm/nouveau: clean up all clients on device removal

drm/nouveau: Add a dedicated mutex for the clients list (adaptation)

ipc: replace costly bailout check in sysvipc_find_ipc()

crypto: ccp/gcm - use const time tag comparison.

crypto: ccp - fix resource leaks in ccp_run_aes_gcm_cmd()

memcg: enable accounting of ipc resources

use init_tag from inithdr for ABORT chunk

fix the processing for COOKIE_ECHO chunk

sctp: add vtag check in sctp_sf_violation

sctp: add vtag check in sctp_sf_do_8_5_1_E_sa

sctp: add vtag check in sctp_sf_ootb

hugetlbfs: flush TLBs correctly after huge_pmd_unshare

ARM related CVE

An introduction of required changes through KernelCare could cause unavoidable problems to applications which use unprivileged eBPF.

Out of scope as the patch is for powerpc arch only, x86_64 is not affected

An introduction of required changes through KernelCare could cause unavoidable problems to applications which use unprivileged eBPF.

An introduction of required changes through KernelCare could cause unavoidable problems to applications which use unprivileged eBPF.

hso: fix bailout in error case of probe

usb: hso: fix error handling code of hso_create_net_device

media: firewire: firedtv-avc: fix a buffer overflow in avc_ca_pmt()

isdn: cpai: check ctr->cnr to avoid array index out of bound

mwifiex: Fix skb_over_panic in mwifiex_usb_recv()

account stream padding length for reconf chunk

af_unix: fix races in sk_peer_pid and sk_peer_cred accesses

cred: allow get_cred() and put_cred() to be given NULL

af_unix: fix races in sk_peer_pid and sk_peer_cred accesses (adaptation)

inet: use bigger hash table for IP ID generation

inet: use bigger hash table for IP ID generation (adaptation)

fbcon: Fix global-out-of-bounds read in fbcon_get_font()

fbcon: Fix global-out-of-bounds read in fbcon_get_font()

esp: Fix possible buffer overflow in ESP transformation

sock: remove one redundant SKB_FRAG_PAGE_ORDER macro (CVE-2022-27666 dependency)

perf: Fix sys_perf_event_open() race against self

netfilter: nf_tables: disallow non-stateful expression in sets earlier

secure_seq: use the 64 bits of the siphash for port offset

x86/speculation/mmio: Add mitigation for Processor MMIO Stale Data

UBUNTU: SAUCE: net_sched: cls_route: remove from list when handle is 0

af_key: add __GFP_ZERO flag for compose_sadb_supported in function pfkey_register

block-map: add __GFP_ZERO flag for alloc_page in function

Fix lock_sock() blockage by memcpy_from_msg()

net: sched: fix use-after-free in tc_new_tfilter()

fix double dev_kfree_skb() in error path

net/packet: fix slab-out-of-bounds access in packet_recvmsg()

net/packet: fix slab-out-of-bounds access in packet_recvmsg()

net/sched: cls_u32: fix netns refcount changes in u32_change()

netfilter: nf_queue: do not allow packet truncation below transport header offset

ipv4: avoid using shared IP generator for connected sockets

ipv4: tcp: send zero IPID in SYNACK messages

vt: vt_ioctl: fix race in VT_RESIZEX

media: v4l: ioctl: Fix memory leak in video_usercopy

udf: Fix NULL ptr deref when converting from inline format

udf: Restore i_lenAlloc when inode expansion fails

Reinstate some of "swiotlb: rework "fix info leak with

ext4: verify dir block before splitting it

ext4: make variable "count" signed

ext4: avoid cycles in directory h-tree

ALSA: pcm: Fix races among concurrent read/write and buffer changes

ALSA: pcm: Fix races among concurrent prepare and hw_params/hw_free calls

ALSA: pcm: Fix races among concurrent hw_params and hw_free calls

ALSA: pcm: Fix races among concurrent prealloc proc writes

ALSA: pcm: Fix races among concurrent hw_params and hw_free calls (adaptation)

Initialize registers to avoid stack leak into userspace.

Bail out in case userspace uses unsupported registers.

Out of scope as the patch is aarch64 related

NFSv4: Handle case where the lookup of a directory fails

netfilter: nf_tables: do not allow SET_ID to refer to another

netfilter: nf_tables: do not allow SET_ID to refer to another

lockdown: also lock down previous kgdb use

drm/i915: fix TLB invalidation for Gen12 video and compute

net: usb: ax88179_178a: Fix out-of-bounds accesses in RX

net: usb: ax88179_178a: Fix out-of-bounds accesses in RX

net: usb: ax88179_178a: Fix out-of-bounds accesses in RX

net: usb: ax88179_178a: Fix out-of-bounds accesses in RX

i2c: ismt: prevent memory corruption in ismt_access()

proc: avoid integer type confusion in get_proc_long

proc: proc_skip_spaces() shouldn't think it is working on C strings

ovl: fail on invalid uid/gid mapping at copy up

ath9k: fix use-after-free in ath9k_hif_usb_rx_cbMIME-Version: 1.0

media: em28xx: initialize refcount before kref_get

ptrace: Check PTRACE_O_SUSPEND_SECCOMP permission on PTRACE_SEIZE

x86/elf: Disable automatic READ_IMPLIES_EXEC on 64-bit

igmp: Add ip_mc_list lock in ip_check_mc_rcu

af_key: Do not call xfrm_probe_algs in parallel

Bluetooth: L2CAP: Fix use-after-free caused by l2cap_reassemble_sdu

mm/hugetlb: fix races when looking up a CONT-PTE/PMD size hugetlb page

net/ulp: prevent ULP without clone op from entering the LISTEN status

wifi: cfg80211: fix BSS refcounting bugs

tcp/udp: Fix memory leak in ipv6_renew_options()

wifi: brcmfmac: Fix potential buffer overflow in brcmf_fweh_event_worker()

usb: mon: make mmapped memory read only

video: of_display_timing.h: include errno.h

fbcon: Disallow setting font bigger than screen size

fbcon: Prevent that screen size is smaller than font size

fbmem: Check virtual screen sizes in fb_set_var()

vt: drop old FONT ioctls

net: fix a concurrency bug in l2tp_tunnel_register()

l2tp: Serialize access to sk_user_data with sk_callback_lock

l2tp: Don't sleep and disable BH under writer-side sk_callback_lock

vt: use tty_insert_flip_string in respond_string

vt: keyboard, use tty_insert_flip_string in puts_queue

tty: drivers/tty/, stop using tty_schedule_flip()

tty: the rest, stop using tty_schedule_flip()

tty: drop tty_schedule_flip()

tty: extract tty_flip_buffer_commit() from tty_flip_buffer_push()

tty: use new tty_insert_flip_string_and_push_buffer() in pty_write()

tty: drop tty_schedule_flip()

net: tls: fix possible race condition between do_tls_getsockopt_conf() and do_tls_setsockopt_conf()

Bluetooth: L2CAP: Fix accepting connection request

net/sched: tcindex: update imperfect hash filters

Complex adaptation is required, mainline retired tcindex.

i2c: xgene-slimpro: Fix out-of-bounds bug in xgene_slimpro_i2c_xfer()

perf: Fix check before add_event_to_groups() in perf_group_detach()

netfilter: nf_tables: incorrect error path handling with NFT_MSG_NEWRULE

ipvlan:Fix out-of-bounds caused by unclear skb->cb

net/sched: flower: fix possible OOB write in fl_set_geneve_opt()

hw: amd: Cross-Process Information Leak

net/sched: cls_fw: Fix improper refcount update leads to use-after-free

netfilter: nf_tables: prevent OOB access in nft_byteorder_eval

bluetooth: Perform careful capability checks in hci_sock_ioctl()

media: rc: Fix use-after-free bugs caused by ene_tx_irqsim()

Bluetooth: btsdio: fix use after free bug in btsdio_remove due to race condition

memstick: r592: Fix UAF bug in r592_remove due to race condition

kernel/relay.c: fix read_pos error when multiple readers

net/sched: cls_u32: Fix reference counter leak leading to overflow

net/sched: sch_qfq: account for stab overhead in qfq_enqueue

net/sched: cls_route: No longer copy tcf_result on update to avoid use-after-free

net/sched: cls_fw: No longer copy tcf_result on update to avoid use-after-free

net/sched: cls_u32: No longer copy tcf_result on update to avoid use-after-free

net: sched: sch_qfq: prevent slab-out-of-bounds in qfq_activate_agg

media: saa7134: fix use after free bug in saa7134_finidev due to race condition

media: dm1105: Fix use after free bug in dm1105_remove due to race condition

atlantic: Fix OOB read and write in hw_atl_utils_fw_rpc_wait

ext4: add EXT4_INODE_HAS_XATTR_SPACE macro in xattr.h

ext4: fix use-after-free in ext4_xattr_set_entry

seq_buf: Fix overflow in seq_buf_putmem_hex()

HID: betop: check shape of output reports

Complex adaptation required.

Bluetooth: L2CAP: Fix attempting to access uninitialized memory

net: qcom/emac: Fix use after free bug in emac_remove due to race condition

This is a low priority CVE & the patch impacts many critical components of the networking subsystem & it requires multiple complex adaptations in those components to avoid losing existing connections on patch/unpatch.

hwmon: (xgene) Fix use after free bug in xgene_hwmon_remove due to race condition

fbcon: Check font dimension limits

Bluetooth: L2CAP: fix use-after-free in l2cap_conn_del()

can: usb_8dev: usb_8dev_start_xmit(): fix double dev_kfree_skb() in error path

sctp: fail if no bound addresses can be used for a given scope

xfrm: add NULL check in xfrm_update_ae_params

HID: asus: use spinlock to safely schedule workers

HID: asus: use spinlock to safely schedule workers

HID: asus: use spinlock to safely schedule workers

media: dvb-core: Fix kernel WARNING for blocking operation in wait_event*()

Medium severity vulnerability CVE requiring extremely complex adaptation (if at all possible)

Not possible to trigger in rhel8

media: dvb-usb: az6027: fix null-ptr-deref in az6027_i2c_xfer()

r8152: Rate limit overflow messages

prlimit: do_prlimit needs to have a speculation check

media: ttusb-dec: fix memory leak in ttusb_dec_exit_dvb()

net: sched: atm: dont intepret cls results when asked to drop

net: mpls: fix stale pointer if allocation fails during device rename

media: usb: siano: Fix use after free bugs caused by do_submit_urb

media: usb: siano: Fix use after free bugs caused by do_submit_urb

net: sched: fix race condition in qdisc_graft()

gfs2: Don't deref jdesc in evict

tipc: fix an information leak in tipc_topsrv_kern_subscr

tipc: set con sock in tipc_conn_alloc

tipc: add an extra conn_get in tipc_conn_alloc

net: tun: fix bugs for oversize packet when napi frags enabled

cifs: Fix UAF in cifs_demultiplex_thread()

media: dvbdev: remove double-unlock

media: dvbdev: Fix memleak in dvb_register_device

media: dvbdev: fix error logic at dvb_register_device()

media: dvbdev: adopts refcnt to avoid UAF

media: dvbdev: fix refcnt bug

media: dvbdev: adopts refcnt to avoid UAF (adaptation)

media: dvb-core: Fix use-after-free due to race at dvb_register_device()

media: dvb-core: Fix use-after-free due to race at dvb_register_device() (adaptation)

media: dvb_net: avoid speculation from net slot

media: dvb-core: Fix use-after-free due on race condition at dvb_net

media: dvb-core: Fix use-after-free due on race condition at dvb_net (adaptation)

media: dvb_ca_en50221: off by one in dvb_ca_en50221_io_do_ioctl()

media: dvb_ca_en50221: avoid speculation from CA slot

media: dvb_ca_en50221: fix a size write bug

media: dvb-core: Fix use-after-free due to race condition at dvb_ca_en50221

media: dvb-core: Fix use-after-free due to race condition at dvb_ca_en50221 (adaptation)

scsi: iscsi_tcp: Fix UAF during login when accessing the shost ipaddress

af_unix: Fix null-ptr-deref in unix_stream_sendpage().

A low priority AMD Inception vulnerability that affects Zen3/Zen4 & relates to RetBleed fixes requiring microcode updates, we can't do much about it in KCare Infra.

net/sched: sch_hfsc: Ensure inner classes have fsc curve

net/sched: sch_hfsc: upgrade 'rt' to 'sc' when it becomes a inner curve

igb: set max size RX buffer when store bad packet is enabled

igb: set max size RX buffer when store bad packet is enabled

net: sched: sch_qfq: Fix UAF in qfq_dequeue()

net: sched: sch_qfq: Fix UAF in qfq_dequeue() (adaptation)

nfp: fix use-after-free in area_cache_get()

drivers: net: slip: fix NPD bug in sl_tx_timeout()

Fix double fget() in vhost_net_set_backend()

HID: check empty report_list in hid_validate_values()

smb: client: fix OOB in smbCalcSize()

smb: client: fix potential OOB in cifs_dump_detail()

smb: client: fix potential OOB in smb2_dump_detail()

perf: Disallow mis-matched inherited group reads

perf: Disallow mis-matched inherited group reads (adaptation)

perf/core: Fix potential NULL deref

Bluetooth: L2CAP: Fix use-after-free in l2cap_sock_ready_cb

perf: Fix perf_event_validate_size()

perf: Fix perf_event_validate_size() lockdep splat

drm/amdgpu: Fix potential fence use-after-free v2

ext4: fix kernel BUG in 'ext4_write_inline_data_end()'

tty: n_gsm: fix the UAF caused by race condition in gsm_cleanup_mux

netfilter: nf_tables: reject QUEUE/DROP verdict parameters

drm/vmwgfx: Fix possible null pointer derefence with invalid contexts

An introduction of required changes through KernelCare could cause unavoidable problems to applications which use netfilter functionality.

ipv4: igmp: fix refcnt uaf issue when receiving igmp query packet

Bluetooth: Fix double free in hci_conn_cleanup

ida: Fix crash in ida_free when the bitmap is empty

drm/qxl: fix UAF on handle creation

Bluetooth: af_bluetooth: Fix Use-After-Free in

Bluetooth: Add more enc key size check

Input: gtco - bounds check collection indent level

The patch for this CVE already present in kernel-5.14.0-362.24.1.el9_3 version. The kernel-5.14.0-362.18.1.el9_3 version and below are not vulnerable because they don't have commit 5f68718b34a5 (netfilter: nf_tables: GC transaction API to avoid race with control plane) which introduced the vulnerability.

netfilter: nfnetlink_osf: avoid OOB read

netfilter: xt_sctp: validate the flag_info count

Complex adaptation required to add timer_shutdown_sync() in timers subsystem.

fbcon: Fix error paths in set_con2fb_map

fbcon: set_con2fb_map needs to set con2fb_map!

net/sched: cls_rsvp: always try to match inside the linear part of skb

kobject: Remove docstring reference to kset

kobject: modify kobject_get_path() to take a const

kobject: Fix slab-out-of-bounds in fill_kobj_path()

net: add a route cache full diagnostic message

net/dst: use a smaller percpu_counter batch for dst entries accounting

ipv6: remove max_size check inline with ipv4

ipv6: Remove extra counter pull before gc

media: technisat-usb2: break out of loop at end of

RDMA/irdma: Prevent zero-length STAG registration

atm: Fix Use-After-Free in do_vcc_ioctl

Missing vulnerable code for this kernel version

Missing vulnerable code for this kernel version

mISDN: fix use-after-free bugs in l1oip timer

verify struct l1oip layout

Bluetooth: L2CAP: Fix u8 overflow

Complex adaptation required. Requires changes a lot of constants

Complex adaptation required.

team: fix null-ptr-deref when team device type is changed

team: fix null-ptr-deref when team device type is changed

x86/xen: Add xenpv_restore_regs_and_return_to_usermode()

kpatch add alt asm definitions

kpatch add paravirt asm definitions

Livepatching Retbleed may decrease kernel stability and performance. This vulnerability has medium security impact and applies to certain hardware environments only.

Livepatching Retbleed may decrease kernel stability and performance. This vulnerability has medium security impact and applies to certain hardware environments only.

Livepatching Retbleed may decrease the stability and performance of the kernel, while vulnerability has a medium security impact and only for a certain hardware environment.

Livepatching Retbleed may decrease kernel stability and performance. This vulnerability has medium security impact and applies to certain hardware environments only.

Livepatching Retbleed may decrease the stability and performance of the kernel, while vulnerability has a medium security impact and only for a certain hardware environment.