proc: proc_skip_spaces() shouldn't think it is working on C strings

proc: avoid integer type confusion in get_proc_long

Bluetooth: L2CAP: Fix u8 overflow

Bluetooth: L2CAP: Fix accepting connection request for invalid SPSM

Bluetooth: L2CAP: Fix l2cap_global_chan_by_psm

xen/netback: Ensure protocol headers don't fall in the non-linear area

fix sleep in atomic bug when firmware download timeout

ksmbd: validate length in smb2_write()

Bluetooth: L2CAP: fix use-after-free in l2cap_conn_del()

mm/hugetlb: fix races when looking up a CONT-PTE/PMD size

wifi: brcmfmac: Fix potential buffer overflow in brcmf_fweh_event_worker()

Bluetooth: L2CAP: Fix attempting to access uninitialized memory

af_unix: Fix memory leaks of the whole sk due to OOB skb

HID: roccat: Fix use-after-free in roccat_read()

Bluetooth: L2CAP: Fix memory leak in vhci_write

fbdev: smscufx: Fix use-after-free in ufx_ops_open()

net: sched: fix race condition in qdisc_graft()

nvme: ensure subsystem reset is single threaded

[PATCH] KVM: x86: nSVM: leave nested mode on vCPU free

[PATCH] KVM: x86: nSVM: harden svm_free_nested against freeing vmcb02

[PATCH] KVM: x86: forcibly leave nested mode on vCPU reset

[PATCH] KVM: x86: forcibly leave nested mode on vCPU reset

ipv4: Handle attempt to delete multipath route when fib_info

kcm: avoid potential race in kcm_tx_work

drm/i915: fix TLB invalidation for Gen12 video and compute engines

code from this cve inlined in sleepy thread 'xenvif_kthread_guest_rx' that we can't patch

code from this cve inlined in sleepy thread 'xenvif_kthread_guest_rx' that we can't patch

KVM: x86/mmu: Fix race condition in direct_page_fault

wifi: wilc1000: validate number of channels

wifi: wilc1000: validate length of IEEE80211_P2P_ATTR_OPER_CHANNEL

wifi: wilc1000: validate pairwise and authentication suite offsets

wifi: wilc1000: validate length of IEEE80211_P2P_ATTR_CHANNEL_LIST

nfp: fix use-after-free in area_cache_get()

NFSD: fix use-after-free in __nfs42_ssc_open()

netfilter: nft_payload: incorrect arithmetics when fetching

net/ulp: prevent ULP without clone op from entering the LISTEN status

net/ulp: prevent ULP without clone op from entering the LISTEN status

net/ulp: prevent ULP without clone op from entering the LISTEN status

io_uring: make poll refs more robust

io_uring: make poll refs more robust

io_uring/poll: fix poll_refs race with cancelation

ntfs: fix use-after-free in ntfs_ucsncmp()

cifs: fix use-after-free caused by invalid pointer `hostname`

tipc: fix an information leak in tipc_topsrv_kern_subscr

tipc: fix an information leak in tipc_topsrv_kern_subscr

tipc: fix an information leak in tipc_topsrv_kern_subscr

KVM: VMX: Execute IBPB on emulated VM-exit when guest has IBRS

gru: allow users to specify gru chiplet 2

fs/ntfs3: Validate resident attribute name

fs/ntfs3: Validate attribute name offset

x86/bugs: Flush IBP in ib_prctl_set()

ksmbd: check nt_len to be at least CIFS_ENCPWD_SIZE in

ALSA: pcm: Move rwsem lock inside snd_ctl_elem_read to prevent UAF

net: sched: cbq: dont intepret cls results when asked to drop

net: sched: atm: dont intepret cls results when asked to drop

[PATCH] fs/ntfs3: Validate data run offset

[PATCH] fs/ntfs3: Fix slab-out-of-bounds read in run_unpack

[PATCH] fs/ntfs3: Delete duplicate condition in ntfs_read_mft()

[PATCH] fs/ntfs3: Fix slab-out-of-bounds read in ntfs_trim_fs

general protection fault in az6027_i2c_xfer

drm/vmwgfx: Validate the box size for the snooped cursor

media: dvb-core: Fix UAF due to refcount races at releasing

USB: gadgetfs: Fix race between mounting and unmounting

wifi: rndis_wlan: Prevent buffer overflow in rndis_query_oid

ovl: fail on invalid uid/gid mapping at copy up

net/sched: tcindex: update imperfect hash filters respecting rcu

NFSD: fix use-after-free in nfsd4_ssc_setup_dul()

HID: check empty report_list in hid_validate_values()

l2tp: Serialize access to sk_user_data with sk_callback_lock

l2tp: Don't sleep and disable BH under writer-side sk_callback_lock

net: sched: disallow noqueue for qdisc classes

fs/ntfs3: Fix attr_punch_hole() null pointer derenference

ipv6: raw: Deduct extension header length in rawv6_push_pending_frames

sctp: fail if no bound addresses can be used for a given scope

net: mpls: fix stale pointer if allocation fails during device rename

Complex adaptation is required, mainline retired tcindex.

rds: rds_rm_zerocopy_callback() use list_first_entry()

[PATCH] media: rc: Fix use-after-free bugs caused by ene_tx_irqsim()

Out of scope. Android related patch.

drm/i915/gvt: fix double free bug in split_2MB_gtt_entry

scsi: iscsi_tcp: Fix UAF during login when accessing the shost

x86/speculation: Identify processors vulnerable to SMT RSB predictions

KVM: x86: Mitigate the cross-thread return address predictions bug

KVM: x86: Mitigate the cross-thread return address predictions bug (adaptation)

net/tls: tls_is_tx_ready() checked list_entry

kvm: initialize all of the kvm_debugregs structure before sending it

Safety check failed for copy_from_user; zendesk:191568

netrom: Fix use-after-free caused by accept on already connected

fbcon: Check font dimension limits

netfilter: nf_tables: deactivate anonymous set from preparation phase

net: sched: sch_qfq: prevent slab-out-of-bounds in qfq_activate_agg

wifi: brcmfmac: slab-out-of-bounds read in brcmf_get_assoc_ies()

KVM: nVMX: add missing consistency checks for CR0 and CR4

xirc2ps_cs: Fix use after free bug in xirc2ps_detach

sched/rt: pick_next_rt_entity(): check list_entry

HID: asus: use spinlock to safely schedule workers

HID: asus: use spinlock to safely schedule workers (adaptation)

net: add sock_init_data_uid()

tap: tap_open(): correctly initialize socket uid

tun: tun_chr_open(): correctly initialize socket uid

fs: hfsplus: fix UAF issue in hfsplus_put_super

9p/xen : Fix use after free bug in xen_9pfs_front_remove due to race condition

HID: bigben: use spinlock to safely schedule workers

HID: bigben: use spinlock to safely schedule workers (adaptation)

net/sched: flower: fix possible OOB write in fl_set_geneve_opt()

io_uring: mutex locked poll hashing

mctp: defer the kfree of object mdev->addrs

netfilter: nf_tables: incorrect error path handling with

ipvlan:Fix out-of-bounds caused by unclear skb->cb

netfilter: nf_tables: prevent OOB access in nft_byteorder_eval

netfilter: nf_tables: do not ignore genmask when looking up chain by id

btrfs: fix race between quota disable and quota assign ioctls

hwmon: (xgene) Fix use after free bug in xgene_hwmon_remove due to

nfc: st-nci: Fix use after free bug in ndlc_remove due to race

bluetooth: Perform careful capability checks in hci_sock_ioctl()

xfs: verify buffer contents when we skip log replay

bpf: Fix incorrect verifier pruning due to missing register precision

i2c: xgene-slimpro: Fix out-of-bounds bug in xgene_slimpro_i2c_xfer()

perf: Fix check before add_event_to_groups() in perf_group_detach()

dm ioctl: fix nested locking in table_clear() to remove deadlock concern

malidp: Fix NULL vs IS_ERR() checking

net: tls: fix possible race condition between

power: supply: da9150: Fix use after free bug in

memstick: r592: Fix UAF bug in r592_remove due to race condition

ksmbd: fix NULL pointer dereference in smb2_get_info_filesystem()

relayfs: fix out-of-bounds access in relay_file_read

net: qcom/emac: Fix use after free bug in emac_remove due to race

power: supply: bq24190: Fix use after free bug in bq24190_remove due

media: saa7134: fix use after free bug in saa7134_finidev due to race

media: dm1105: Fix use after free bug in dm1105_remove due to race

usb: gadget: udc: renesas_usb3: Fix use after free bug in

media: rkvdec: fix use after free bug in rkvdec_remove

act_mirred: use the backlog for nested calls to mirred ingress

fs/ntfs3: Check fields while reading

Medium severity vulnerability CVE requiring extremely complex adaptation (if at all possible)

io_uring: ensure IOPOLL locks around deferred work

netfilter: nf_tables: skip bound chain on rule flush

netfilter: nf_tables: disallow rule addition to bound chain via

hw: amd: Cross-Process Information Leak

net/sched: cls_fw: Fix improper refcount update leads to

netfilter: nft_set_pipapo: fix improper element removal

net/sched: sch_qfq: refactor parsing of netlink parameters

net/sched: sch_qfq: account for stab overhead in qfq_enqueue

net/sched: sch_qfq: refactor parsing of netlink parameters (adaptation)

netfilter: nf_tables: fix chain binding transaction logic

netfilter: nf_tables: fix chain binding transaction logic

net/sched: cls_u32: Fix reference counter leak leading to overflow

netfilter: nf_tables: add NFT_TRANS_PREPARE_ERROR to deal with bound set/chain

netfilter: nf_tables: unbind non-anonymous set if rule construction fails

netfilter: nf_tables: skip immediate deactivate in _PREPARE_ERROR

Complex adaptation required.

gfs2: Don't deref jdesc in evict

binder: fix UAF caused by faulty buffer cleanup

ksmbd: fix global-out-of-bounds in smb2_find_context_vals

ksmbd: fix wrong UserName check in session_user

ksmbd: allocate one more byte for implied bcc[0]

fs/ntfs3: Validate MFT flags before replaying logs

ext4: avoid a potential slab-out-of-bounds in ext4_group_desc_csum

media: dvb-core: Fix kernel WARNING for blocking operation in wait_event*()

f2fs: fix to avoid NULL pointer dereference f2fs_write_end_io()

netfilter: nf_tables: deactivate catchall elements in next generation

Bluetooth: L2CAP: Fix use-after-free in l2cap_sock_ready_cb

net/sched: cls_route: No longer copy tcf_result on update to avoid

net/sched: cls_fw: No longer copy tcf_result on update to avoid

net/sched: cls_u32: No longer copy tcf_result on update to avoid

net: tap_open(): set sk_uid from current_fsuid()

net: tun_chr_open(): set sk_uid from current_fsuid()

Complex adaptation required. Low impact CVE.

This is a low priority CVE & the patch impacts many critical components of the networking subsystem & it requires multiple complex adaptations in those components to avoid losing existing connections on patch/unpatch.

libceph: harden msgr2.1 frame segment length checks

ksmbd: validate session id and tree id in the compound request

The patch remove functionality.

[PATCH] exfat: check if filename entries exceeds max filename length

[PATCH] nfc: llcp: simplify llcp_sock_connect() error paths

[PATCH] net: nfc: Fix use-after-free caused by nfc_llcp_find_local

ksmbd: use ksmbd_req_buf_next() in ksmbd_smb2_check_message()

ksmbd: validate command payload size

ksmbd: fix out-of-bound read in smb2_write

Smart Patch for drivers/media/usb/siano/smsusb.c

A low priority AMD Inception vulnerability that affects Zen3/Zen4 & relates to RetBleed fixes requiring microcode updates, we can't do much about it in KCare Infra.

ipv6: rpl: Fix Route of Death.

net: rpl: fix rpl header size calculation

The patch removes functionality.

af_unix: Fix null-ptr-deref in unix_stream_sendpage().

netfilter: nftables: exthdr: fix 4-byte stack OOB write

igmp: limit igmpv3_newpack() packet size to IP_MAX_MTU

net: sched: sch_qfq: Fix UAF in qfq_dequeue()

net: sched: sch_qfq: Fix UAF in qfq_dequeue() (adaptation)

netfilter: ipset: add the missing IP_SET_HASH_WITH_NET0 macro for

net/sched: sch_hfsc: Ensure inner classes have fsc curve

Bluetooth: hci_ldisc: check HCI_UART_PROTO_READY flag in

xfrm: add NULL check in xfrm_update_ae_params

ubi: Refuse attaching if mtd's erasesize is 0

igb: set max size RX buffer when store bad packet is enabled

igb: set max size RX buffer when store bad packet is enabled (adaptation)

RDMA/irdma: Prevent zero-length STAG registration

RDMA/irdma: Prevent zero-length STAG registration (adaptation)

netfilter: nfnetlink_osf: avoid OOB read

netfilter: xt_u32: validate user space input

netfilter: xt_u32: validate user space input (adaptation)

netfilter: xt_sctp: validate the flag_info count

nvmet-tcp: Fix a possible UAF in queue intialization setup

vringh: don't use vringh_kiov_advance() in vringh_iov_xfer()

ipv4: fix null-deref in ipv4_link_failure

drm/qxl: fix UAF on handle creation

xfrm: add forgotten nla_policy for XFRMA_MTIMER_THRESH

xfrm: add forgotten nla_policy for XFRMA_MTIMER_THRESH

net: xfrm: Fix xfrm_address_filter OOB read

USB: core: Unite old scheme and new scheme descriptor reads (dependency)

USB: core: Change usb_get_device_descriptor() API (dependency)

USB: core: Fix race by not overwriting udev->descriptor in hub_port_init()