pipe: Fix missing lock in pipe_resize_ring()

dm verity: set DM_TARGET_IMMUTABLE feature flag

dm verity: set DM_TARGET_IMMUTABLE feature flag (adaptation)

i2c: ismt: prevent memory corruption in ismt_access()

fs/ntfs3: Fix invalid free in log_replay

KVM: x86: avoid calling x86 emulator without a decoded

udf: Avoid using stale lengthOfImpUse

perf: Fix sys_perf_event_open() race against self

secure_seq: use the 64 bits of the siphash for port offset

Complex adaptation required. Low impact CVE.

ext4: avoid cycles in directory h-tree

ext4: verify dir block before splitting it

fbcon: Disallow setting font bigger than screen size

fbcon: Prevent that screen size is smaller than font size

fbmem: Check virtual screen sizes in fb_set_var()

xen/blkfront: fix leaking data in shared pages

xen/netfront: fix leaking data in shared pages

xen/netfront: force data bouncing when backend is untrusted

xen/netfront: force data bouncing when backend is untrusted (adaptation)

xen/blkfront: force data bouncing when backend is untrusted

xen/blkfront: force data bouncing when backend is untrusted (adaptation)

xen-netfront: restore __skb_queue_tail() positioning in xennet_get_responses()

Out of scope - ARM architecture.

rpmsg: virtio: Fix possible double free in rpmsg_virtio_add_ctrl_dev()

rpmsg: virtio: Fix possible double free in rpmsg_probe()

netfilter: nf_queue: do not allow packet truncation below transport header offset

net: rose: fix UAF bugs caused by timer handler

net: rose: fix UAF bugs caused by timer handler (adaptation)

lkdtm/bugs: Check for the NULL pointer after calling kmalloc

staging: r8188eu: add check for kzalloc

xfrm: xfrm_policy: fix a possible double xfrm_pols_put() in

watchqueue: make sure to serialize 'wqueue->defunct' properly

KVM: x86: do not report a vCPU as preempted outside instruction boundaries

KVM: x86: do not set st->preempted when going back to user space

Livepatching Retbleed may decrease the stability and performance of the kernel, while vulnerability has a medium security impact and only for a certain hardware environment.

io_uring: disable polling pollfree files

drm/virtio: Fix NULL vs IS_ERR checking in virtio_gpu_object_shmem_init

drm/virtio: Correct drm_gem_shmem_get_sg_table() error handling

io_uring/af_unix: defer registered files gc to io_uring release

io_uring/af_unix: defer registered files gc to io_uring release

UBUNTU: SAUCE: io_uring/af_unix: fix memleak during unix GC

wifi: cfg80211: fix u8 overflow in cfg80211_update_notlisted_nontrans()

mac80211: move CRC into struct ieee802_11_elems

mac80211: always allocate struct ieee802_11_elems

wifi: mac80211: fix MBSSID parsing use-after-free

wifi: cfg80211: fix BSS refcounting bugs

wifi: mac80211: fix crash in beacon protection for P2P-device

wifi: cfg80211: avoid nontransmitted BSS list corruption

ksmbd: fix memory leak in smb2_handle_negotiate

ksmbd: prevent out of bound read for SMB2_TREE_CONNNECT

ksmbd: fix use-after-free bug in smb2_tree_disconect

ksmbd: prevent out of bound read for SMB2_WRITE

ksmbd: fix heap-based overflow in set_ntacl_dacl()

arm64: fix oops in concurrently setting insn_emulation sysctls

arm64: fix oops in concurrently setting insn_emulation sysctls

bpf: Don't use tnum_range on array range checking for poke

fs: fix UAF/GPF bug in nilfs_mdt_destroy

af_key: Do not call xfrm_probe_algs in parallel

devlink: Fix use-after-free after a failed reload

atm: idt77252: fix use-after-free bugs caused by tst_timer

netfilter: nf_tables: disallow binding to already bound chain

scsi: stex: Properly zero out the passthrough command structure

binder: fix UAF of alloc->vma in race with munmap()

SUNRPC: Fix svcxdr_init_decode's end-of-buffer calculation

SUNRPC: Fix svcxdr_init_encode's buflen calculation

NFSD: Protect against send buffer overflow in NFSv2 READDIR

NFSD: Protect against send buffer overflow in NFSv3 READDIR

NFSD: Protect against send buffer overflow in NFSv2 READ

NFSD: Protect against send buffer overflow in NFSv3 READ

NFSD: Remove "inline" directives on op_rsize_bop helpers

NFSD: Cap rsize_bop result based on send buffer size

r8152: Rate limit overflow messages

mISDN: fix use-after-free bugs in l1oip timer handlers

mISDN: fix use-after-free bugs in l1oip timer handlers (adaptation)

tcp/udp: Fix memory leak in ipv6_renew_options().

Bluetooth: L2CAP: Fix use-after-free caused by l2cap_reassemble_sdu

nilfs2: fix NULL pointer dereference at nilfs_bmap_lookup_at_level()

video: fbdev: i740fb: Error out if 'pixclock' equals zero

staging: rtl8712: fix use after free bugs

binder: fix UAF of ref->proc caused by race condition

[PATCH] efi: capsule-loader: Fix use-after-free in efi_capsule_write

efi: capsule-loader: Fix use-after-free in efi_capsule_write (adaptation)

ALSA: pcm: oss: Fix race at SNDCTL_DSP_SYNC

sch_sfb: Don't assume the skb is still around after enqueueing to

sch_sfb: Also store skb len before calling child enqueue

video: fbdev: pxa3xx-gcu: Fix integer overflow in pxa3xx_gcu_write

usb: mon: make mmapped memory read only

nilfs2: fix use-after-free bug of struct nilfs_root

nilfs2: fix leak of nilfs_root in case of writer thread creation

nilfs2: replace WARN_ONs by nilfs_error for checkpoint acquisition failure

Complex adaptation required. Low impact CVE.

mm: Force TLB flush for PFNMAP mappings before unlink_file_vma()

mm: Fix TLB flush for not-first PFNMAP mappings in unmap_region()

netfilter: nf_conntrack_irc: Fix forged IP logic

add cache flush to solve SEV cache incoherency issues

add cache flush to solve SEV cache incoherency issues (adaptation)

proc: proc_skip_spaces() shouldn't think it is working on C strings

proc: avoid integer type confusion in get_proc_long

Bluetooth: L2CAP: Fix u8 overflow

Bluetooth: L2CAP: Fix accepting connection request for invalid SPSM

Bluetooth: L2CAP: Fix l2cap_global_chan_by_psm

xen/netback: Ensure protocol headers don't fall in the non-linear area

fix sleep in atomic bug when firmware download timeout

ksmbd: validate length in smb2_write()

Bluetooth: L2CAP: fix use-after-free in l2cap_conn_del()

mm/hugetlb: fix races when looking up a CONT-PTE/PMD size

wifi: brcmfmac: Fix potential buffer overflow in brcmf_fweh_event_worker()

Bluetooth: L2CAP: Fix attempting to access uninitialized memory

af_unix: Fix memory leaks of the whole sk due to OOB skb

HID: roccat: Fix use-after-free in roccat_read()

Bluetooth: L2CAP: Fix memory leak in vhci_write

fbdev: smscufx: Fix use-after-free in ufx_ops_open()

net: sched: fix race condition in qdisc_graft()

nvme: ensure subsystem reset is single threaded

[PATCH] KVM: x86: nSVM: leave nested mode on vCPU free

[PATCH] KVM: x86: nSVM: harden svm_free_nested against freeing vmcb02

[PATCH] KVM: x86: forcibly leave nested mode on vCPU reset

[PATCH] KVM: x86: forcibly leave nested mode on vCPU reset

ipv4: Handle attempt to delete multipath route when fib_info

kcm: avoid potential race in kcm_tx_work

drm/i915: fix TLB invalidation for Gen12 video and compute engines

drm/i915: fix TLB invalidation for Gen12 video and compute engines

code from this cve inlined in sleepy thread 'xenvif_kthread_guest_rx' that we can't patch

code from this cve inlined in sleepy thread 'xenvif_kthread_guest_rx' that we can't patch

KVM: x86/mmu: Fix race condition in direct_page_fault

wifi: wilc1000: validate number of channels

wifi: wilc1000: validate length of IEEE80211_P2P_ATTR_OPER_CHANNEL

wifi: wilc1000: validate pairwise and authentication suite offsets

wifi: wilc1000: validate length of IEEE80211_P2P_ATTR_CHANNEL_LIST

nfp: fix use-after-free in area_cache_get()

NFSD: fix use-after-free in __nfs42_ssc_open()

netfilter: nft_payload: incorrect arithmetics when fetching

net/ulp: prevent ULP without clone op from entering the LISTEN status

net/ulp: prevent ULP without clone op from entering the LISTEN status

net/ulp: prevent ULP without clone op from entering the LISTEN status

ntfs: fix use-after-free in ntfs_ucsncmp()

ntfs: fix use-after-free in ntfs_ucsncmp()

cifs: fix use-after-free caused by invalid pointer `hostname`

tipc: fix an information leak in tipc_topsrv_kern_subscr

tipc: fix an information leak in tipc_topsrv_kern_subscr

tipc: fix an information leak in tipc_topsrv_kern_subscr

KVM: VMX: Execute IBPB on emulated VM-exit when guest has IBRS

gru: allow users to specify gru chiplet 2

fs/ntfs3: Validate resident attribute name

fs/ntfs3: Validate attribute name offset

x86/bugs: Flush IBP in ib_prctl_set()

ksmbd: check nt_len to be at least CIFS_ENCPWD_SIZE in

ALSA: pcm: Move rwsem lock inside snd_ctl_elem_read to prevent UAF

net: sched: cbq: dont intepret cls results when asked to drop

net: sched: atm: dont intepret cls results when asked to drop

[PATCH] fs/ntfs3: Validate data run offset

[PATCH] fs/ntfs3: Fix slab-out-of-bounds read in run_unpack

[PATCH] fs/ntfs3: Delete duplicate condition in ntfs_read_mft()

[PATCH] fs/ntfs3: Fix slab-out-of-bounds read in ntfs_trim_fs

general protection fault in az6027_i2c_xfer

drm/vmwgfx: Validate the box size for the snooped cursor

media: dvb-core: Fix UAF due to refcount races at releasing

USB: gadgetfs: Fix race between mounting and unmounting

wifi: rndis_wlan: Prevent buffer overflow in rndis_query_oid

ovl: fail on invalid uid/gid mapping at copy up

net/sched: tcindex: update imperfect hash filters respecting rcu

NFSD: fix use-after-free in nfsd4_ssc_setup_dul()

HID: check empty report_list in hid_validate_values()

l2tp: Serialize access to sk_user_data with sk_callback_lock

l2tp: Don't sleep and disable BH under writer-side sk_callback_lock

net: sched: disallow noqueue for qdisc classes

fs/ntfs3: Fix attr_punch_hole() null pointer derenference

ipv6: raw: Deduct extension header length in rawv6_push_pending_frames

sctp: fail if no bound addresses can be used for a given scope

net: mpls: fix stale pointer if allocation fails during device rename

Complex adaptation is required, mainline retired tcindex.

rds: rds_rm_zerocopy_callback() use list_first_entry()

[PATCH] media: rc: Fix use-after-free bugs caused by ene_tx_irqsim()

Out of scope. Android related patch.

drm/i915/gvt: fix double free bug in split_2MB_gtt_entry

scsi: iscsi_tcp: Fix UAF during login when accessing the shost

x86/speculation: Identify processors vulnerable to SMT RSB predictions

KVM: x86: Mitigate the cross-thread return address predictions bug

KVM: x86: Mitigate the cross-thread return address predictions bug (adaptation)

net/tls: tls_is_tx_ready() checked list_entry

kvm: initialize all of the kvm_debugregs structure before sending it

Safety check failed for copy_from_user; zendesk:191568

netrom: Fix use-after-free caused by accept on already connected

fbcon: Check font dimension limits

netfilter: nf_tables: deactivate anonymous set from preparation phase

net: sched: sch_qfq: prevent slab-out-of-bounds in qfq_activate_agg

wifi: brcmfmac: slab-out-of-bounds read in brcmf_get_assoc_ies()

KVM: nVMX: add missing consistency checks for CR0 and CR4

xirc2ps_cs: Fix use after free bug in xirc2ps_detach

sched/rt: pick_next_rt_entity(): check list_entry

HID: asus: use spinlock to safely schedule workers

HID: asus: use spinlock to safely schedule workers (adaptation)

net: add sock_init_data_uid()

tap: tap_open(): correctly initialize socket uid

tun: tun_chr_open(): correctly initialize socket uid

fs: hfsplus: fix UAF issue in hfsplus_put_super

9p/xen : Fix use after free bug in xen_9pfs_front_remove due to race condition

HID: bigben: use spinlock to safely schedule workers

HID: bigben: use spinlock to safely schedule workers (adaptation)

net/sched: flower: fix possible OOB write in fl_set_geneve_opt()

io_uring: mutex locked poll hashing

mctp: defer the kfree of object mdev->addrs

netfilter: nf_tables: incorrect error path handling with

ipvlan:Fix out-of-bounds caused by unclear skb->cb

netfilter: nf_tables: prevent OOB access in nft_byteorder_eval

netfilter: nf_tables: do not ignore genmask when looking up chain by id

btrfs: fix race between quota disable and quota assign ioctls

hwmon: (xgene) Fix use after free bug in xgene_hwmon_remove due to

nfc: st-nci: Fix use after free bug in ndlc_remove due to race

bluetooth: Perform careful capability checks in hci_sock_ioctl()

xfs: verify buffer contents when we skip log replay

bpf: Fix incorrect verifier pruning due to missing register precision

i2c: xgene-slimpro: Fix out-of-bounds bug in xgene_slimpro_i2c_xfer()

perf: Fix check before add_event_to_groups() in perf_group_detach()

dm ioctl: fix nested locking in table_clear() to remove deadlock concern

malidp: Fix NULL vs IS_ERR() checking

net: tls: fix possible race condition between

power: supply: da9150: Fix use after free bug in

memstick: r592: Fix UAF bug in r592_remove due to race condition

ksmbd: fix NULL pointer dereference in smb2_get_info_filesystem()

relayfs: fix out-of-bounds access in relay_file_read

net: qcom/emac: Fix use after free bug in emac_remove due to race

power: supply: bq24190: Fix use after free bug in bq24190_remove due

media: saa7134: fix use after free bug in saa7134_finidev due to race

media: dm1105: Fix use after free bug in dm1105_remove due to race

usb: gadget: udc: renesas_usb3: Fix use after free bug in

media: rkvdec: fix use after free bug in rkvdec_remove

act_mirred: use the backlog for nested calls to mirred ingress

fs/ntfs3: Check fields while reading

Medium severity vulnerability CVE requiring extremely complex adaptation (if at all possible)

io_uring: ensure IOPOLL locks around deferred work

netfilter: nf_tables: skip bound chain on rule flush

netfilter: nf_tables: disallow rule addition to bound chain via

hw: amd: Cross-Process Information Leak

net/sched: cls_fw: Fix improper refcount update leads to

netfilter: nft_set_pipapo: fix improper element removal

net/sched: sch_qfq: refactor parsing of netlink parameters

net/sched: sch_qfq: account for stab overhead in qfq_enqueue

net/sched: sch_qfq: refactor parsing of netlink parameters (adaptation)

netfilter: nf_tables: fix chain binding transaction logic

netfilter: nf_tables: fix chain binding transaction logic

net/sched: cls_u32: Fix reference counter leak leading to overflow

netfilter: nf_tables: add NFT_TRANS_PREPARE_ERROR to deal with bound set/chain

netfilter: nf_tables: unbind non-anonymous set if rule construction fails

netfilter: nf_tables: skip immediate deactivate in _PREPARE_ERROR

Complex adaptation required.

gfs2: Don't deref jdesc in evict

binder: fix UAF caused by faulty buffer cleanup

ksmbd: fix global-out-of-bounds in smb2_find_context_vals

ksmbd: fix wrong UserName check in session_user

ksmbd: allocate one more byte for implied bcc[0]

fs/ntfs3: Validate MFT flags before replaying logs

ext4: avoid a potential slab-out-of-bounds in ext4_group_desc_csum

media: dvb-core: Fix kernel WARNING for blocking operation in wait_event*()

f2fs: fix to avoid NULL pointer dereference f2fs_write_end_io()

netfilter: nf_tables: deactivate catchall elements in next generation

Bluetooth: L2CAP: Fix use-after-free in l2cap_sock_ready_cb

net/sched: cls_route: No longer copy tcf_result on update to avoid

net/sched: cls_fw: No longer copy tcf_result on update to avoid

net/sched: cls_u32: No longer copy tcf_result on update to avoid

net: tap_open(): set sk_uid from current_fsuid()

net: tun_chr_open(): set sk_uid from current_fsuid()

Complex adaptation required. Low impact CVE.

This is a low priority CVE & the patch impacts many critical components of the networking subsystem & it requires multiple complex adaptations in those components to avoid losing existing connections on patch/unpatch.

libceph: harden msgr2.1 frame segment length checks

ksmbd: validate session id and tree id in the compound request

The patch remove functionality.

[PATCH] exfat: check if filename entries exceeds max filename length

[PATCH] nfc: llcp: simplify llcp_sock_connect() error paths

[PATCH] net: nfc: Fix use-after-free caused by nfc_llcp_find_local

ksmbd: use ksmbd_req_buf_next() in ksmbd_smb2_check_message()

ksmbd: validate command payload size

ksmbd: fix out-of-bound read in smb2_write

Smart Patch for drivers/media/usb/siano/smsusb.c

A low priority AMD Inception vulnerability that affects Zen3/Zen4 & relates to RetBleed fixes requiring microcode updates, we can't do much about it in KCare Infra.

ipv6: rpl: Fix Route of Death.

net: rpl: fix rpl header size calculation

The patch removes functionality.

af_unix: Fix null-ptr-deref in unix_stream_sendpage().

netfilter: nftables: exthdr: fix 4-byte stack OOB write

igmp: limit igmpv3_newpack() packet size to IP_MAX_MTU

net: sched: sch_qfq: Fix UAF in qfq_dequeue()

net: sched: sch_qfq: Fix UAF in qfq_dequeue() (adaptation)

netfilter: ipset: add the missing IP_SET_HASH_WITH_NET0 macro for

net/sched: sch_hfsc: Ensure inner classes have fsc curve

netfilter: nf_tables: skip bound chain in netns release path

netfilter: nf_tables: disallow rule removal from chain binding

An introduction of required changes through KernelCare could cause unavoidable problems to applications which use netfilter functionality.

Bluetooth: hci_ldisc: check HCI_UART_PROTO_READY flag in

xfrm: add NULL check in xfrm_update_ae_params

ubi: Refuse attaching if mtd's erasesize is 0

igb: set max size RX buffer when store bad packet is enabled

igb: set max size RX buffer when store bad packet is enabled (adaptation)

RDMA/irdma: Prevent zero-length STAG registration

RDMA/irdma: Prevent zero-length STAG registration (adaptation)

netfilter: nfnetlink_osf: avoid OOB read

netfilter: xt_u32: validate user space input

netfilter: xt_u32: validate user space input (adaptation)

netfilter: xt_sctp: validate the flag_info count

nvmet-tcp: Fix a possible UAF in queue intialization setup

vringh: don't use vringh_kiov_advance() in vringh_iov_xfer()

ipv4: fix null-deref in ipv4_link_failure

drm/qxl: fix UAF on handle creation

xfrm: add forgotten nla_policy for XFRMA_MTIMER_THRESH

xfrm: add forgotten nla_policy for XFRMA_MTIMER_THRESH

net: xfrm: Fix xfrm_address_filter OOB read

USB: core: Unite old scheme and new scheme descriptor reads (dependency)

USB: core: Change usb_get_device_descriptor() API (dependency)

USB: core: Fix race by not overwriting udev->descriptor in hub_port_init()

netfilter: nf_tables: Reject tables of unsupported family

smb: client: fix OOB in smbCalcSize()

perf: Fix perf_event_validate_size()

perf: Fix perf_event_validate_size() lockdep splat

ipv4: igmp: fix refcnt uaf issue when receiving igmp query packet

Complex adaptation required, low impact CVE.

tipc: fix a potential deadlock on &tx->lock

xen/events: replace evtchn_rwlock with RCU

net/tls: do not free tls_rec on async operation in bpf_exec_tx_verdict()

netfilter: nf_tables: bail out on mismatching dynset and set expressions

ksmbd: limit pdu length size according to connection status

ksmbd: fix racy issue from session setup and logoff

ksmbd: fix racy issue from session setup and logoff (adaptation)

ravb: Fix use-after-free issue in ravb_tx_timeout_work()

x86/sev: Check for user-space IOIO pointing to kernel space

x86/sev: Check IOBM for IOIO exceptions from user-space

x86/sev: Disable MMIO emulation from user mode

smb: client: fix OOB in receive_encrypted_standard()

net: tls, update curr on splice as well

ida: Fix crash in ida_free when the bitmap is empty

atm: Fix Use-After-Free in do_vcc_ioctl

appletalk: Fix Use-After-Free in atalk_ioctl

Complex adaptation required. Low impact CVE.

usb: dwc3: dwc3-qcom: Add missing platform_device_put() in dwc3_qcom_acpi_register_core

Bluetooth: af_bluetooth: Fix Use-After-Free in bt_sock_recvmsg

net/rose: Fix Use-After-Free in rose_ioctl

nfc: nci: fix possible NULL pointer dereference in send_acknowledge()

io_uring/fdinfo: lock SQ thread while retrieving thread cpu/pid

netfilter: nf_tables: fix pointer math issue in nft_byteorder_eval()

nvmet: nul-terminate the NQNs passed in the connect command

vhost: use kzalloc() instead of kmalloc() followed by memset()

netfilter: nf_tables: check if catch-all set element is active in next generation

netfilter: nf_tables: reject QUEUE/DROP verdict parameters

phy: tegra: xusb: Fix return value of tegra_xusb_find_port_node function

scsi: lpfc: Fix a possible data race in lpfc_unregister_fcf_rescan()

ksmbd: destroy expired sessions

ksmbd: destroy expired sessions

uio: Fix use-after-free in uio_open

binder: fix use-after-free in shinker's callback

f2fs: fix to avoid dirent corruption

f2fs: explicitly null-terminate the xattr list

mtd: Fix gluebi NULL pointer dereference caused by ftl notifier

block: add check that partition length needs to be aligned with block size

EDAC/thunderx: Fix possible out-of-bounds string access

drivers/amd/pm: fix a use-after-free in kv_parse_power_table

btrfs: do not ASSERT() if the newly created subvolume already got read

Bluetooth: Fix atomicity violation in {min,max}_key_size_set

bpf: Fix re-attachment branch in bpf_tracing_prog_attach

ksmbd: fix racy issue under cocurrent smb2 tree disconnect

ksmbd: fix racy issue under cocurrent smb2 tree disconnect (adaptation)

ksmbd: fix out-of-bound read in deassemble_neg_contexts()

ksmbd: fix out-of-bound read in parse_lease_state()

ksmbd: fix out of bounds in init_smb2_rsp_hdr()

media: pvrusb2: fix use after free on context disconnection

ksmbd: fix slab-out-of-bounds in smb_strndup_from_utf16()

powerpc/pseries/memhp: Fix access beyond end of drmem array

mlxsw: spectrum_acl_tcam: Fix stack corruption

bpf: Reject variable offset alu on PTR_TO_FLOW_KEYS

xen-netback: don't produce zero-size SKB frags

ipv6: remove max_size check inline with ipv4

ipv6: remove max_size check inline with ipv4

dm ioctl: log an error if the ioctl structure is corrupted

dm: limit the number of targets and parameter size area

apparmor: avoid crash when parsed profile name is empty

gfs2: Fix kernel NULL pointer dereference in gfs2_rgrp_dump

binder: ksmbd: add missing compound request handing in some commands

net: qualcomm: rmnet: fix global oob in rmnet_policy

net: qualcomm: rmnet: fix global oob in rmnet_policy

KVM: arm64: vgic-its: Avoid potential UAF in LPI translation cache

ipv6: mcast: fix data-race in ipv6_mc_down / mld_ifc_work

ip6_tunnel: fix NEXTHDR_FRAGMENT handling in ip6_tnl_parse_tlv_enc_lim()

ksmdb: use cmd helper variable in smb2_get_ksmbd_tcon()

ksmbd: validate session id and tree id in compound request

serial: imx: fix tx statemachine deadlock

Version not affected

nvmet-tcp: Fix a kernel panic when host sends an invalid H2C PDU length

nvmet-tcp: Fix the H2C expected PDU len calculation

Complex adaptation required. Issue can be reproduced with special UEFI implementation only.

mfd: syscon: Fix null pointer dereference in of_syscon_register()

drm/radeon: check the alloc_workqueue return value in radeon_crtc_init()

Complex adaptation required.

binder: fix race between mmput() and do_exit()

net/sched: act_ct: fix skb leak and crash on ooo frags

crypto: scomp - fix req->dst buffer overflow

UBSAN: array-index-out-of-bounds in dtSplitRoot

jfs: fix uaf in jfs_evict_inode

Bluetooth: Add more enc key size check

ksmbd: fix UAF issue in ksmbd_tcp_new_connection()

ksmbd: fix UAF issue in ksmbd_tcp_new_connection() (adaptation)

FS:JFS:UBSAN:array-index-out-of-bounds in dbAdjTree

jfs: fix array-index-out-of-bounds in diNewExt

KVM: s390: fix setting of fpc register

f2fs: fix to tag gcing flag on page during block migration

llc: call sock_orphan() at release time

powerpc/lib: Validate size for vector operations

jfs: fix array-index-out-of-bounds in dbAdjTree

i2c: i801: Fix block process call transactions

ksmbd: fix global oob in ksmbd_nl_policy

ksmbd: fix global oob in ksmbd_nl_policy (adaptation)

ip6_tunnel: make sure to pull inner header in __ip6_tnl_rcv()

drm/amd/display: Implement bounds check for stream encoder

net/smc: fix illegal rmb_desc access in SMC-D connection dump

llc: make llc_ui_sendmsg() more robust against bonding

btrfs: don't abort filesystem when attempting to snapshot

scsi: core: Move scsi_host_busy() out of host lock for waking

tcp: add sanity checks to rx zerocopy

tipc: Check the bearer type before calling

binder: signal epoll threads of self-work

IB/ipoib: Fix mcast list locking

wifi: iwlwifi: fix a memory corruption

powerpc/mm: Fix null-pointer dereference in pgtable_cache_add

pstore/ram: Fix crash when setting number of cpus to an odd

s390/ptrace: handle setting of fpc register correctly

SUNRPC: Fix a suspicious RCU usage warning

ceph: fix deadlock or deadcode of misusing dget()

crypto: lib/mpi - Fix unexpected pointer access in

net: prevent mss overflow in skb_segment()

um: time-travel: fix time corruption

PM / devfreq: Synchronize devfreq_monitor_[start/stop]

net: openvswitch: limit the number of recursions from action sets

net/rds: Fix UBSAN: array-index-out-of-bounds in rds_cmsg_recv

phy: ti: phy-omap-usb2: Fix NULL pointer dereference for SRP

sched/membarrier: reduce the ability to hammer on sys_membarrier

can: j1939: prevent deadlock by changing j1939_socks_lock to rwlock

can: j1939: prevent deadlock by changing j1939_socks_lock to rwlock (adaptation)

ext4: avoid online resizing failures due to oversized flex bg

ext4: avoid online resizing failures due to oversized flex bg

llc: Drop support for ETH_P_TR_802_2.

llc: Drop support for ETH_P_TR_802_2 (adaptation)

The modified structure mem_section_usage is used only during bootup time. As we patch the changes after booting they will have no effect. Therefore we cannot patch this CVE.

Power management subsystem - sleep mode. Irrelevant for servers.

wifi: ath9k: Fix potential array-index-out-of-bounds read in ath9k_htc_txstatus()

wifi: rt2x00: restart beacon queue when hardware reset

firmware: arm_scmi: Check mailbox/SMT channel for consistency

PM / devfreq: Fix buffer overflow in trans_stat_show

hwrng: core - Fix page fault dead lock on mmap-ed hwrng

block/rnbd-srv: Check for unlikely string overflow

tracing: Ensure visibility when inserting an element into tracing_map

ppp_async: limit MRU to 64K

blk-mq: fix IO hang from sbitmap wakeup race

inet: read sk->sk_family once in inet_recv_error()

tunnels: fix out of bounds access when building IPv6 PMTU error

net: stmmac: xgmac: fix handling of DPP safety error for DMA channels

net: stmmac: xgmac: fix handling of DPP safety error for DMA channels

netfilter: nft_ct: sanitize layer 3 and 4 protocol number in custom expectations

nilfs2: fix potential bug in end_buffer_async_write

af_unix: Call kfree_skb() for dead unix_(sk)->oob_skb in GC.

netfilter: nft_limit: reject configurations that cause integer overflow

usb: dwc3: gadget: Fix NULL pointer dereference in dwc3_gadget_suspend

crypto: ccp - Fix null pointer dereference in __sev_platform_shutdown_locked

hv_netvsc: Fix race condition between netvsc_probe and netvsc_remove

ext4: fix double-free of blocks due to wrong extents moved_len

iio: magnetometer: rm3100: add boundary check for the value read from RM3100_REG_TMRC

nilfs2: fix data corruption in dsync block recovery for small block sizes

nilfs2: fix hang in nilfs_lookup_dirty_data_buffers()

ceph: prevent use-after-free in encode_cap_msg()

Do not support powerpc build with kasan sanitizer 4a7aee96200ad281a5cc4cf5c7a2e2a49d2b97b0

media: mtk-jpeg: Fix use after free bug due to error path handling in mtk_jpeg_dec_device_run

tcp: make sure init the accept_queue's spinlocks once

media: rc: bpf attach/detach requires write permission

iio: core: fix memleak in iio_device_register_sysfs

nfc: nci: free rx_data_reassembly skb on NCI device cleanup

mptcp: fix data re-injection from stale subflow

media: ir_toy: fix a memleak in irtoy_tx

tracing/trigger: Fix to return error if failed to alloc snapshot

Revert "drm/amd: flush any delayed gfxoff on suspend entry"

dmaengine: fix NULL pointer in channel unregistration

bus: mhi: host: Drop chan lock before queuing buffers

bus: mhi: host: Add alignment check for event ring read

netfilter: nft_chain_filter: handle NETDEV_UNREGISTER for

drm: Don't unref the same fb many times by mistake due to

jfs: fix slab-out-of-bounds Read in dtSearch

HID: i2c-hid-of: fix NULL-deref on failed power up

mm/writeback: fix possible divide-by-zero in

kpatch add alt asm definitions

x86/bugs: Change commas to semicolons in 'spectre_v2' sysfs file

x86/bhi: Add support for clearing branch history at syscall entry

wifi: brcmfmac: Fix use-after-free bug in

tomoyo: fix UAF write bug in tomoyo_write_control()

wifi: mac80211: fix potential key use-after-free

smb: client: fix potential OOBs in

fs,hugetlb: fix NULL pointer dereference in hugetlbs_fill_super

aoe: fix the potential use-after-free problem in aoecmd_cfg_pkts

net/ipv6: avoid possible UAF in ip6_route_mpath_notify()

fs/ntfs3: Add NULL ptr dereference checking at the end of attr_allocate_frame()

fs/ntfs3: Fix oob in ntfs_listxattr

netfilter: nf_tables: disallow timeout for anonymous sets

drm/tegra: dsi: Add missing check for of_find_device_by_node

erofs: fix lz4 inplace decompression

wifi: b43: Stop/wake correct queue in DMA Tx path when QoS is

pmdomain: mediatek: fix race conditions with genpd

NTB: fix possible name leak in ntb_register_device()

drm/vmwgfx: fix a memleak in vmw_gmrid_man_get_node

bpf: Fix stackmap overflow check on 32-bit arches

x86, relocs: Ignore relocations in .notes section

ACPI: processor_idle: Fix memory leak in acpi_processor_power_exit()

bpf: Fix hashtab overflow check on 32-bit arches

bpf: Fix DEVMAP_HASH overflow check on 32-bit arches

EFI Firmware: CVE patch is for EFI firmware which runs at boot time.

octeontx2: CVE patch is outside the scope.

afs: Increase buffer size in afs_update_volume_status()

ipv6: sr: fix possible use-after-free and null-ptr-deref

xhci: process isoc TD properly when there was a transaction error mid TD.

xhci: process isoc TD properly when there was a transaction error mid TD.

xhci: handle isoc Babble and Buffer Overrun events properly

sr9800: Add check for usbnet_get_endpoints

x86/fpu: Stop relying on userspace for info to fault in xsave buffer

ext4: regenerate buddy after block freeing failed if under fc replay

Low-severity patch proven to suffer from stack-unsafety problem when patching during network load.

wifi: ath10k: fix NULL pointer dereference in ath10k_wmi_tlv_op_pull_mgmt_tx_compl_ev()

dmaengine: fsl-qdma: fix SoC may hang on 16 byte unaligned read

btrfs: dev-replace: properly validate device names

btrfs: fix double free of anonymous device after snapshot creation failure

gtp: fix use-after-free and null-ptr-deref in gtp_newlink()

RISCV arch not supported.

fbcon: always restore the old font data in fbcon_do_set_font()

fbcon: always restore the old font data in fbcon_do_set_font()

Bluetooth: Avoid potential use-after-free in hci_error_reset

stmmac: Clear variable when destroying workqueue

net: veth: clear GRO when clearing XDP even when down

net: ip_tunnel: prevent perpetual headroom growth

netlink: Fix kernel-infoleak-after-free in __skb_datagram_iter

ipv6: mcast: remove one synchronize_net() barrier in ipv6_mc_down()

netfilter: nft_flow_offload: reset dst in route object after setting up flow

efi/capsule-loader: fix incorrect allocation size

ipv6: fix potential "struct net" leak in inet6_rtm_getaddr()

netrom: Fix data-races around sysctl_net_busy_read

wifi: nl80211: reject iftype change with mesh ID change

netfilter: nft_set_pipapo: do not free live element

cifs: fix underflow in parse_server_interfaces()

Bluetooth: Fix TOCTOU in HCI debugfs implementation

USB: core: Fix deadlock in usb_deauthorize_interface()

md/raid5: fix atomicity violation in raid5_cache_count

af_unix: Do not use atomic ops for unix_sk(sk)->inflight

af_unix: Fix garbage collector racing against connect()

media: xc4000: Fix atomicity violation in xc4000_get_frequency

scsi: qla2xxx: Fix double free of fcport

drm/vmwgfx: Fix possible null pointer derefence with invalid contexts

netfilter: nf_tables: Fix potential data-race in __nft_obj_type_get()

netfilter: nf_tables: Fix potential data-race in __nft_expr_type_get()

sysv: don't call sb_bread() with pointers_lock held

ubi: Check for too small LEB size in VTBL code

netfilter: nf_tables: disallow anonymous set with timeout flag

xen/events: close evtchn after mapping cleanup

amdkfd: use calloc instead of kzalloc to avoid integer overflow

tcp_close is sleepable and called from kthread, which may prevent patching and unpatchng.

tty: n_gsm: require CAP_NET_ADMIN to attach N_GSM0710 ldisc

tty: n_gsm: fix possible out-of-bounds in gsm0_receive()

ksmbd: fix potencial out-of-bounds when buffer offset is

smb: client: fix use-after-free bug in

Bluetooth: af_bluetooth: Fix deadlock

x86/sev: Harden #VC instruction emulation somewhat

x86/sev: Check for MWAITX and MONITORX opcodes in the #VC