ftruncate: pass a signed offset

crypto: bcm - Fix pointer arithmetic

scsi: qedf: Ensure the copied buf is NUL terminated

usb: atm: cxacru: fix endpoint checking in cxacru_bind()

drivers: core: synchronize really_probe() and dev_uevent()

af_unix: Fix garbage collector racing against connect()

net/iucv: Avoid explicit cpumask var allocation on stack

net: openvswitch: fix overwriting ct original tuple for ICMPv6

pinctrl: fix deadlock in create_pinctrl() when handling -EPROBE_DEFER

USB: class: cdc-wdm: Fix CPU lockup caused by excessive log messages

vmci: prevent speculation leaks by sanitizing event in event_deliver()

liquidio: Adjust a NULL pointer handling path in lio_vf_rep_copy_packet

drm/amdgpu: Using uninitialized value *size when calling amdgpu_vce_cs_reloc

tcp: Fix shift-out-of-bounds in dctcp_update_alpha().

tcp: Fix shift-out-of-bounds in dctcp_update_alpha(). (Adaptation)

x86: stop playing stack games in profile_pc()

mm: avoid overflows in dirty throttling logic

scsi: qedf: Make qedf_execute_tmf() non-preemptible

NFSv4: Fix memory leak in nfs4_set_security_label

scsi: mpt3sas: Avoid test/set_bit() operating in non-allocated memory

usb-storage: alauda: Fix uninit-value in alauda_check_media()

usb-storage: alauda: Check whether the media is initialized

usb-storage: alauda: Check whether the media is initialized (Adaptation)

tap: add missing verification for short frame

tun: add missing verification for short frame

mlxsw: thermal: Fix out-of-bounds memory accesses

drm/amdgpu: add error handle to avoid out-of-bounds

drm/amdgpu: Fix signedness bug in sdma_v4_0_process_trap_irq()

nvmet: fix a possible leak when destroy a ctrl during qp establishment

wifi: cfg80211: restrict NL80211_ATTR_TXQ_QUANTUM values

wifi: cfg80211: restrict NL80211_ATTR_TXQ_QUANTUM values (Adaptation)

wifi: mt76: replace skb_put with skb_put_zero

net/sched: Fix UAF when resolving a clash

HID: hid-thrustmaster: fix OOB read in thrustmaster_interrupts

wifi: ath11k: fix htt pktlog locking

Out of scope: boot time issue

net: fix possible store tearing in neigh_periodic_work()

perf/x86/lbr: Filter vsyscall addresses

phy: ti: phy-omap-usb2: Fix NULL pointer dereference for SRP

wifi: ath11k: fix dfs radar event locking

scsi: libfc: Fix potential NULL pointer dereference in fc_lport_ptp_setup()

Input: synaptics-rmi4 - fix use after free in rmi_unregister_function()

mlxsw: spectrum_acl_tcam: Move devlink param to TCAM code

mlxsw: spectrum_acl_tcam: Fix NULL pointer dereference in error path

CVE Rejected

slub: don't panic for memcg kmem cache creation failure

mm, slub: fix potential memoryleak in kmem_cache_open()

nvmem: Fix shift-out-of-bound (UBSAN) with byte size cells

serial: core: fix transmit-buffer reset and memleak

USB: core: Fix hang in usb_kill_urb by adding memory barriers

firmware: arm_scpi: Fix string overflow in SCPI genpd driver

firmware: arm_scpi: Fix string overflow in SCPI genpd driver

drm/radeon: check the alloc_workqueue return value in radeon_crtc_init()

vt_ioctl: fix array_index_nospec in vt_setactivate

Input: aiptek - use descriptors of current altsetting

Input: aiptek - fix endpoint sanity check

Input: aiptek - properly check endpoint type

USB: core: Make do_proc_control() and do_proc_bulk() killable

usb: core: Don't hold the device lock while sleeping in do_proc_control()

tcp_metrics: validate source addr length

tcp_metrics: validate source addr length

phylib: fix potential use-after-free

drm/amdgpu: Fix a null pointer access when the smc_rreg pointer is NULL

drm/amdgpu/debugfs: fix error code when smc register accessors are NULL

netfilter: nf_tables: Reject tables of unsupported family

drm/amdgpu/mes: fix use-after-free issue

net: do not leave a dangling sk pointer, when socket creation fails

netns: Make get_net_ns() handle zero refcount net

wifi: mac80211: Avoid address calculations via out of bounds array indexing

udp: Set SOCK_RCU_FREE earlier in udp_lib_get_port().

firmware: cs_dsp: Use strnlen() on name fields in V1 wmfw files

firmware: cs_dsp: Prevent buffer overrun when processing V2 alg headers

Out of scope as the patch is for powerpc arch only, x86_64 is not affected

Out of scope as the patch is for powerpc arch only, x86_64 is not affected

sched/deadline: Fix task_struct reference leak

USB: core: Fix duplicate endpoint bug by clearing reserved bits in the descriptor

ppp: reject claimed-as-LCP but actually malformed packets

drm/radeon: check bo_va->bo is non-NULL before using it

Fix for skipped CVE-2023-52489 that modifies structure mem_section_usage only used at boot time

VMCI: Use struct_size() in kmalloc()

VMCI: Fix memcpy() run-time warning in dg_dispatch_as_host()

VMCI: Fix possible memcpy() run-time warning in vmci_datagram_invoke_guest_handler()

dmaengine: idxd: Fix oops during rmmod on single-CPU platforms

scsi: mpi3mr: Avoid memcpy field-spanning write WARNING

net: fix out-of-bounds access in ops_init

ipv6: prevent NULL dereference in ip6_output()

ipv6: fib6_rules: avoid possible NULL dereference in fib6_rule_action()

scsi: bnx2fc: Remove spin_lock_bh while releasing resources after upload

wifi: iwlwifi: read txq->read_ptr under lock

nfs: handle error of rpc_proc_register() in init_nfs_fs()

KVM: arm64: vgic-v2: Use cpuid from userspace as vcpu_id

KVM: arm64: vgic-v2: Check for non-NULL vCPU in vgic_v2_parse_attr()

wifi: mac80211: Fix deadlock in ieee80211_sta_ps_deliver_wakeup()

wifi: iwlwifi: mvm: check n_ssids before accessing the ssids

mptcp: ensure snd_una is properly initialized on connect

wifi: iwlwifi: mvm: don't read past the mfuart notifcation

xfrm6: check ip6_dst_idev() return value in xfrm6_get_saddr()

ipv6: prevent possible NULL dereference in rt6_probe()

scsi: qedi: Fix crash while reading debugfs attribute

wifi: mt76: mt7921s: fix potential hung tasks during chip recovery

firmware: cs_dsp: Validate payload length before processing block

firmware: cs_dsp: Return error if block header overflows file

protect the fetch of ->fd[fd] in do_dup2() from mispredictions

ipvs: properly dereference pe in ip_vs_add_service

leds: trigger: Unregister sysfs attributes before calling deactivate()

devres: Fix memory leakage caused by driver API devm_free_percpu()

Patch introduced regression and was reverted later.

nbd: Low-score CVE. Patched function is called from a kthread and sleeps, which may prevent patching/unpatching.

tracing: Ensure visibility when inserting an element into tracing_map

drm/amdgpu: Fix the null pointer when load rlc firmware

net: ice: Fix potential NULL pointer dereference in ice_bridge_setlink()

dm: call the resume method on internal suspend

filelock: Remove locks reliably when fcntl/close race is detected

Input: add bounds checking to input_set_capability()

Input: elantech - fix stack out of bound access in elantech_change_report_id()

asix: fix uninit-value in asix_mdio_read()

ACPI: processor_idle: Fix memory leak in acpi_processor_power_exit()

driver core: auxiliary bus: Fix memory leak when driver_register() fail

ACPI: fix NULL pointer dereference

watchdog: Fix possible use-after-free by calling del_timer_sync()

drm/amdgpu: Fix potential out-of-bounds access in 'amdgpu_discovery_reg_base_init()'

drm/i915/vma: Fix UAF on destroy against retire race

x86/mm/pat: fix VM_PAT handling in COW mappings

tunnels: fix out of bounds access when building IPv6 PMTU error

gfs2: Remove ill-placed consistency check

gfs2: simplify gdlm_put_lock with out_free label

gfs2: Fix potential glock use-after-free on unmount

gfs2: Fix potential glock use-after-free on unmount

netpoll: Fix race condition in netpoll_owner_active

xfs: don't walk off the end of a directory data block

drm/radeon: fix UBSAN warning in kv_dpm.c

ext4: fix uninitialized ratelimit_state->lock access in __ext4_fill_super()

net/sched: act_api: fix possible infinite loop in tcf_idr_check_alloc()

xfs: add bounds checking to xlog_recover_process_data

tcp: refactor tcp_retransmit_timer()

net: tcp: fix unexcepted socket die when snd_wnd is 0

tcp: avoid too many retransmit packets

ptp: Fix possible memory leak in ptp_clock_register()

virtio-net: Add validation for used length

tty: Fix out-of-bound vmalloc access in imageblit

block: don't call rq_qos_ops->done_bio if the bio isn't tracked

lib/generic-radix-tree.c: Don't overflow in peek()

hwmon: (mlxreg-fan) Return non-zero value when fan current state is enforced from sysfs

fbmem: Do not delete the mode that is still in use

tun: limit printing rate when illegal packet received by tun dev

PCI/PM: Drain runtime-idle callbacks before driver removal

This CVE introduces a regression and is reverted by CVE-2024-42102 in the same errata