vhost/scsi: null-ptr-dereference in vhost_scsi_get_req()

x86/fpu: Keep xfd_state in sync with MSR_IA32_XFD

net/mlx5e: Fix mlx5e_priv_init() cleanup flow

netfilter: iptables: Fix potential null-ptr-deref in ip6table_nat_table_init().

netfilter: iptables: Fix null-ptr-deref in iptable_nat_table_init().

mm: avoid leaving partial pfn mappings around in error case

netdevsim: avoid potential loop in nsim_dev_trap_report_work()

net/mlx5: Fix tainted pointer delete is case of flow rules creation fail

Affects only boot __init stage, already booted kernels are not affected

netfilter: nf_tables: use timestamp to check for set element timeout

netfilter: nf_tables: use timestamp to check for set element timeout

Architecture is not supported

drm/amd/display: Check msg_id before processing transcation

drm/amdkfd: don't allow mapping the MMIO HDP page with large pages

tipc: Return non-zero value from tipc_udp_addr2str() on error

Patched function waits for external events, which may prevent patching/unpatching.

um: line: always fill *error_out in setup_one_line()

usb: dwc3: st: fix probed platform device ref count on probe error path

drm/amdgpu: Fix out-of-bounds write warning

CVE patch is for powerpc arch only

dev/parport: fix the array out-of-bounds risk

[PATCH 1/1] media: venus: fix use after free in vdec_close

[PATCH 1/1] jfs: Fix array-index-out-of-bounds in diFree

[PATCH 1/1] vhost/vsock: always initialize seqpacket_allow

[PATCH 1/1] vhost/vsock: always initialize seqpacket_allow

[PATCH 1/1] net: bridge: mcast: wait for previous gc cycles when removing port

[PATCH 1/1] ipv6: fix possible UAF in ip6_finish_output2()

[PATCH 1/1] ipv6: prevent UAF in ip6_send_skb()

[PATCH 1/1] binder: fix UAF caused by offsets overwrite

[PATCH 1/1] Squashfs: sanity check symbolic link size

[PATCH 1/1] HID: amd_sfh: free driver_data after destroying hid device

[PATCH] hwmon: (w83627ehf) Fix underflows seen when writing limit attributes

[PATCH 1/1] net/iucv: fix use after free in iucv_sock_close()

[PATCH 1/1] mISDN: Fix a use after free in hfcmulti_tx()

[PATCH 1/1] atm: idt77252: prevent use after free in dequeue_rx()

[PATCH] hwmon: (nct6775-core) Fix underflows seen when writing limit attributes

[PATCH] hwmon: (lm95234) Fix underflows seen when writing limit attributes

[PATCH 1/1] hwmon: (adc128d818) Fix underflows seen when writing limit attributes

[PATCH 1/1] ASoC: dapm: Fix UAF for snd_soc_pcm_runtime object

[PATCH] sch/netem: fix use after free in netem_dequeue

[PATCH 1/1] drm/amd/display: Check gpio_id before used as array index

module is not included

kcm: Serialise kcm_sendmsg() for the same socket.

[PATCH 1/1] net: dsa: bcm_sf2: Fix a possible memory leak in bcm_sf2_mdio_register()

[PATCH 1/1] drm/msm/dpu: cleanup FB if dpu_format_populate_layout fails

[PATCH 1/1] net: hns3: fix a deadlock problem when config TC during resetting

vfs: Don't evict inode under the inode lru traversing context

[PATCH 1/1] xhci: Fix Panther point NULL pointer deref at full-speed re-enumeration

[PATCH 1/1] mmc: mmc_test: Fix NULL dereference on allocation failure

[PATCH 1/1] gtp: fix a potential NULL pointer dereference

[PATCH 1/1] drm/amd/display: Skip wbscl_set_scaler_filter if filter is null

[PATCH 1/1] uio_hv_generic: Fix kernel NULL pointer dereference in hv_uio_rescind

[PATCH 1/1] rcu-tasks: Fix show_rcu_tasks_trace_gp_kthread buffer overflow

[PATCH 1/1] RDMA/iwcm: Fix a use-after-free related to destroying CM IDs

[PATCH 1/1] ipv6: prevent possible UAF in ip6_xmit()

[PATCH 1/1] scsi: aacraid: Fix double-free on probe failure

[PATCH 1/1] drm/amdgpu: fix mc_data out-of-bounds read warning

[PATCH 1/1] drm/amdgpu: Fix out-of-bounds read of df_v1_7_channel_number

ila: call nf_unregister_net_hooks() sooner

bna: adjust 'name' buf size of bna_tcb and bna_ccb structures

netfilter: flowtable: validate vlan header

drm/amd/display: Add array index check for hdcp ddc access

[PATCH] sched/smt: Fix unbalance sched_smt_present dec/inc

[PATCH] sched/core: Fix unbalance set_rq_online/offline() in sched_cpu_deactivate()

ocfs2: cancel dqi_sync_work before freeing oinfo

wifi: ath11k: fix array out-of-bound access in SoC stats

tipc: guard against string buffer overrun

fbdev: pxafb: Fix possible use after free in pxafb_task()

ext4: drop ppath from ext4_ext_replay_update_ex() to avoid double-free

smb: client: fix OOBs when building SMB2_IOCTL request

wifi: iwlwifi: mvm: Fix response handling in iwl_mvm_send_recovery_cmd()

netfilter: Fix use-after-free in get_info()

nilfs2: fix kernel bug due to missing clearing of checked flag

Issue was backported and fixed in the same 5.15.0-303.168.3.el9uek, previous kernels are not affected

9p: add missing locking around taking dentry fid list

dma-buf: heaps: Fix off-by-one in CMA heap fault handler

netfilter: nf_reject_ipv6: fix nf_reject_ip6_tcphdr_put()

drivers: media: dvb-frontends/rtl2832: fix an out-of-bounds write error

aoe: fix the potential use-after-free problem in more places

ALSA: asihpi: Fix potential OOB array access

udf: fix uninit-value use in udf_get_fileshortad

bpf: Fix out-of-bounds write in trie_get_next_key()

net/sched: stop qdisc_tree_reduce_backlog on TC_H_ROOT

RDMA/rtrs-clt: Reset cid to con_num - 1 to stay in bounds

drm/amd/display: Fix index out of bounds in DCN30 color transformation

ext4: no need to continue when the number of entries is 1

ext4: fix slab-use-after-free in ext4_split_extent_at()

fbdev: sisfb: Fix strbuf array overflow

RDMA/bnxt_re: Add a check for memory allocation

tcp/dccp: Don't use timer_pending() in reqsk_queue_unlink().

net: sched: fix use-after-free in taprio_change()

platform/x86: panasonic-laptop: Fix SINF array out of bounds accesses

platform/x86: panasonic-laptop: Fix SINF array out of bounds accesses

RDMA/iwcm: Fix WARNING:at_kernel/workqueue.c:#check_flush_dependency

RDMA/iwcm: Fix WARNING:at_kernel/workqueue.c:#check_flush_dependency kpatch

ocfs2: add bounds checking to ocfs2_xattr_find_entry()

ext4: avoid use-after-free in ext4_ext_show_leaf()

ext4: aovid use-after-free in ext4_ext_insert_extent()

ext4: fix double brelse() the buffer of the extents path

parport: Proper fix for array out-of-bounds access

tracing: Consider the NULL character when validating the event length

drm/amd/display: Fix index out of bounds in degamma hardware format translation

drm/amd/display: Fix index out of bounds in DCN30 degamma hardware format translation

scsi: elx: libefc: Fix potential use after free in efc_nport_vport_del()

vhost_vdpa: assign irq bypass producer token correctly

The patch doesn't fix the vunlnerability

macsec: Fix use-after-free while sending the offloading packet

security/keys: fix slab-out-of-bounds in key_task_permission

NFSD: Async COPY result needs to return a write verifier

NFSD: Async COPY result needs to return a write verifier

NFSD: Limit the number of concurrent async COPY operations

NFSD: Limit the number of concurrent async COPY operations

NFSD: Initialize struct nfsd4_copy earlier

NFSD: Never decrement pending_async_copies on error

Patch affects __init

Complex adaptation required. Low impact CVE.

media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format

Patch affects initramfs

Out of scope: SuperH architecture isn't supported for current kernel

btrfs: ref-verify: fix use-after-free after invalid ref action

af_packet: avoid erroring out after sock_init_data() in packet_create()

xsk: fix OOB map writes when deleting elements

bpf: fix OOB devmap writes when deleting elements

mlxsw: core_linecards: Fix double memory deallocation in case of invalid INI file

vsock/virtio: Initialization of the dangling pointer occurring in vsk->trans

wifi: ath9k: add range check for conn_rsp_epid in htc_connect_service()

Architecture PARISC is not supported

tipc: Fix use-after-free of kernel socket in cleanup_bearer().

tipc: fix NULL deref in cleanup_bearer()

media: s5p-jpeg: prevent buffer overflows

nfsd: cancel nfsd_shrinker_work using sync mode in nfs4_state_shutdown_net

USB: serial: io_edgeport: fix use after free in debug printk

ALSA: usb-audio: Fix out of bounds reads when finding clock sources

Irrelevant for x64 kernels

net: do not delay dst_entries_add() in dst_release()

ALSA: 6fire: Release resources at card release

ALSA: 6fire: Release resources at card release

netfilter: x_tables: fix LED ID check in led_tg_check()

ksmbd: fix Out-of-Bounds Read in ksmbd_vfs_stream_read

acpi: nfit: vmalloc-out-of-bounds Read in acpi_nfit_ctl

ocfs2: fix uninitialized value in ocfs2_file_read_iter()

bpf: Check validity of link->type in bpf_link_show_fdinfo()

usb: typec: fix potential out of bounds in ucsi_ccg_update_set_new_cam_cmd()

dm cache: fix out-of-bounds access to the dirty bitset when resizing

dm cache: optimize dirty bit checking with find_next_bit when resizing

dm cache: fix potential out-of-bounds access on the first resume

net: bridge: xmit: make sure we have at least eth header len bytes

netfilter: ipset: add missing range check in bitmap_ip_uadt

ubifs: authentication: Fix use-after-free in ubifs_tnc_end_commit

9p/xen: fix release of IRQ

net: ieee802154: do not leave a dangling sk pointer in ieee802154_create()

jfs: fix array-index-out-of-bounds in jfs_readdir

crypto: hisilicon/qm - inject error before stopping queue

ima: Fix use-after-free on a dentry's dname.name

ksmbd: fix Out-of-Bounds Write in ksmbd_vfs_stream_write

btrfs: rename and export __btrfs_cow_block()

btrfs: fix use-after-free when COWing tree bock and tracing is enabled

xen/netfront: fix crash when removing device

HID: core: zero-initialize the report buffer

net: wwan: iosm: Fix tainted pointer delete is case of region creation fail

jfs: fix shift-out-of-bounds in dbSplit

Out of scope: User-mode Linux isn't supported for current kernel

ALSA: us122l: Use snd_card_free_when_closed() at disconnection

ocfs2: uncache inode which has failed entering the group

NFSv4.0: Fix a use-after-free problem in the asynchronous open()

net/smc: fix LGR and link use-after-free issue

Bluetooth: L2CAP: do not leave dangling sk pointer on error in l2cap_sock_create()

Bluetooth: L2CAP: do not leave dangling sk pointer on error in l2cap_sock_create()

net: inet: do not leave a dangling sk pointer in inet_create()

net: inet6: do not leave a dangling sk pointer in inet6_create()

jfs: add a check to prevent array-index-out-of-bounds in dbAdjTree

fou: remove warn in gue_gro_receive on unsupported protocol

net/mlx5: Always stop health timer during driver removal

cifs: Fix buffer overflow when parsing NFS reparse points

driver core: bus: Fix double free in driver API bus_register()

usb: musb: sunxi: Fix accessing an released usb phy

Kernel is not affected

mm: resolve faulty mmap_region() error path behaviour

hv_sock: Initializing vsk->trans to NULL to prevent a dangling pointer

Bluetooth: fix use-after-free in device_for_each_child()

driver core: Introduce device_find_any_child() helper

jfs: array-index-out-of-bounds fix in dtReadFirst

net: af_can: do not leave a dangling sk pointer in can_create()

EDAC/igen6: Avoid segmentation fault on module unload

KVM: VMX: Bury Intel PT virtualization (guest/host mode) behind CONFIG_BROKEN

KVM: VMX: Bury Intel PT virtualization (guest/host mode) behind CONFIG_BROKEN

blk-cgroup: Fix UAF in blkcg_unpin_online()

scsi: sg: Fix slab-use-after-free read in sg_release()

crypto: qat/qat_4xxx - fix off by one in uof_get_name()

gpiolib: cdev: Fix use after free in lineinfo_changed_notify

vdpa/mlx5: Fix invalid mr resource destroy

ipv6: avoid possible NULL deref in rt6_uncached_list_flush_dev()

net: fix data-races around sk->sk_forward_alloc

scsi: mpi3mr: Fix corrupt config pages PHY state is switched in sysfs

vp_vdpa: fix id_table array not null terminated error

vp_vdpa: fix id_table array not null terminated error

PCI/MSI: Handle lack of irqdomain gracefully

net: usb: lan78xx: Fix double free issue with interrupt buffer allocation

netdevsim: use cond_resched() in nsim_dev_trap_report_work()

nvmet-auth: complete a request only after freeing the dhchap pointers

nvmet: always initialize cqe.result

bnxt_en: Fix possible memory leak in bnxt_rdma_aux_device_init()

bnxt_en: Adjust logging of firmware messages in case of released token in __hwrm_send()

bnxt_en: Fix receive ring space parameters when XDP is active

bnxt_en: Fix aggregation ID mask to prevent oops on 5760X chips

net/mlx5: DR, prevent potential error pointer dereference

nvmet-auth: assign dh_key to NULL after kfree_sensitive

scsi: lpfc: Handle mailbox timeouts in lpfc_get_sfp_info

bnxt_en: Fix double DMA unmapping for XDP_REDIRECT

sched/deadline: Fix warning in migrate_enable for boosted tasks

Postponed: complex analysis and adaptation required

kpatch add alt asm definitions

kpatch add paravirt asm definitions