fs: aio: fix plug memory disclosure and fix reqs_active accounting backport

fs: aio: plug memory disclosure and fix reqs_active accounting

net: ipv4: current group_info should be put after using

net: filter: prevent nla extensions to peek beyond the end of the message

block: floppy: ignore kernel-only members in FDRAWCMD ioctl input

block: floppy: don't write kernel-only members to FDRAWCMD ioctl output

net: core, nfqueue, openvswitch: Orphan frags in skb_zerocopy and handle errors

kernel: futex: prevent requeue pi on same futex

kernel: ptrace,x86: force IRET path after a ptrace_stop()

net: l2tp: don't fall back on UDP [get|set]sockopt()

fs: Fix umount ref count leak.

ath9k: protect tid->sched check

mac80211: fix AP powersave TX vs. wakeup race

sctp: Fix sk_ack_backlog wrap-around problem

auditsc: audit_krule mask accesses need bounds checking

SCTP: Fix auth_capable inheritence on INIT collision

KVM: x86: Improve thread safety in pit

ALSA: control: Don't access controls outside of protected regions

kvm/vmx: handle invept and invvpid vm exits gracefully

kvm/vmx: handle invept and invvpid vm exits gracefully

target/rd: Refactor rd_build_device_space + rd_release_device_space

media-device: fix infoleak in ioctl media_enum_entities()

exec/ptrace: fix get_dumpable() incorrect tests

vfs: fix ref count leak in path_mountpoint()

HID: magicmouse: sanity check report size in raw_event() callback

HID: logitech: perform bounds checking on device_id early enough

HID: off by one error in various _report_fixup routines

USB: whiteheat: Added bounds checking for bulk command response

HID: picolcd: sanity check report size in raw_event() callback

udf: Avoid infinite loop when processing indirect ICBs

assoc_array: Fix termination condition in assoc array garbage collection

net: sctp: fix skb_over_panic when receiving malformed ASCONF chunks

net: sctp: fix panic on duplicate ASCONF chunks

net: sctp: fix remote memory pressure from excessive queueing

ALSA: control: Fix replacing user controls

ALSA: control: Fix replacing user controls

ALSA: control: Fix replacing user controls

ALSA: control: Handle numid overflow

ALSA: control: Make sure that id->index does not overflow

x86_64, traps: Stop using IST for #SS

x86_64, traps: Stop using IST for #SS

net: sctp: fix skb_over_panic when receiving malformed ASCONF chunks

shmem: fix faulting into a hole while it's punched

shmem: fix faulting into a hole, not taking i_mutex

shmem: fix splicing from a hole while it's punched

cifs: Possible null ptr deref in SMB2_tcon

kernel: splice: lack of generic write checks

isofs: Fix unbounded recursion when processing relocated directories

xfs: remote attribute overwrite causes transaction overrun

x86,kvm,vmx: Preserve CR4 across VM entry

x86,kvm,vmx: Preserve CR4 across VM entry

mm: add !pte_present() check on existing hugetlb_entry callbacks

tracing/syscalls: Ignore numbers outside NR_syscalls' range

ext4: prevent bugon on race between write/fcntl

netfilter: conntrack: disable generic tracking for known protocols

mm: Fix NULL pointer dereference in madvise(MADV_WILLNEED) support

mac80211: fix fragmentation code, particularly for encryption

[media] ttusb-dec: buffer overflow in ioctl

packet: improve socket create/bind latency in some cases

kvm/vmx: Fix DR6 update on #DB exception

kvm/vmx: Advance rip to after an ICEBP instruction

net: sctp: fix slab corruption from use after free on INIT collisions

kernel: infiniband: uverbs: unprotected physical memory access

crypto: aesni - fix memory usage in GCM decryption

pipe: fix pipe corruption and iovec overrun on partial copy

kernel: use-after-free during key garbage collection

kernel: Remove a bogus 'ret_from_fork' optimization

kernel: Remove a bogus 'ret_from_fork' optimization

isofs: infinite loop in CE record entries

isofs: Fix unchecked printing of ER records

kernel: Linux stack ASLR implementation

kernel: execution in the early microcode loader

ipv4: Missing sk_nulls_node_init() in ping_unhash()

ipv6: Don't reduce hop limit for an interface

sctp: fix ASCONF list handling

udp: fix behavior of wrong checksums

keys: Ensure we free the assoc array edit if edit is valid

bpf_jit: fix compilation of large bpf programs

dcache: fold try_to_ascend() into the sole remaining caller

dcache: move d_rcu from overlapping d_child to overlapping d_alias

dcache: move d_rcu from overlapping d_child to overlapping d_alias (kpatch adaptation)

dcache: deal with deadlock in d_walk()

dcache: d_walk() might skip too much

virtio-net: drop NETIF_F_FRAGLIST

dcache: Handle escaped paths in prepend_path

vfs: Test for and handle paths that are unreachable from their mnt_root

Initialize msg/shm IPC objects before doing ipc_addid()

KVM: x86: Don't report guest userspace emulation error to userspace

kernel: Provide READ_ONCE and ASSIGN_ONCE

kernel: Change ASSIGN_ONCE(val, x) to WRITE_ONCE(x, val)

kernel: make READ_ONCE() valid on const arguments

fs: take i_mutex during prepare_binprm for set[ug]id executables

sctp: fix race on protocol/netns initialization

sctp: fix race on protocol/netns initialization (kpatch adaptation)

x86_64, switch_to(): Load TLS descriptors before switching DS and ES

KVM: x86: SYSENTER emulation is broken

Disable modification of LDT by userspace processes.

crypto: define OPTIMIZER_HIDE_VAR for future use in memzero_explicit

random: add and use memzero_explicit() for clearing data

fix kernel crash in smp_execute_task caused by libsas disco_mutex (dependency for cve-2017-18232)

[x86] kvm: Check non-canonical addresses upon WRMSR

[x86] kvm: Prevent guest from writing non-canonical shared MSR addresses

virt: guest to host DoS by triggering an infinite loop in microcode

kvm: svm: unconditionally intercept #DB

CVE-2015-5307 and CVE-2015-8104 kpatch adaptation

KEYS: Fix keyring ref leak in join_session_keyring()

KEYS: Fix race between key destruction and finding a keyring by name

KEYS: Fix crash when attempt to garbage collect an uninstantiated keyring

KEYS: Don't permit request_key() to construct a new keyring

veth: don't modify ip_summed; doing so treats packets with bad checksums as good

KEYS: Fix ASN.1 indefinite length object parsing

IB/security: Restrict use of the write() interface

sctp: Prevent soft lockup when sctp_accept() is called during a timeout event

KEYS: potential uninitialized variable

udp: properly support MSG_PEEK with truncated buffers

tcp: make challenge acks less predictable

tcp: make challenge acks less predictable

netfilter: x_tables: validate e->target_offset early

netfilter: x_tables: make sure e->next_offset covers remaining blob size

netfilter: x_tables: fix unconditional helper

netfilter: x_tables: check for bogus target offset

mm: remove gup_flags FOLL_WRITE games from __get_user_pages()

fs/pnode.c: treat zero mnt_group_id-s as unequal

propogate_mnt: Handle the first propogated copy being a slave

HID: hiddev: validate num_values for HIDIOCGUSAGES,HIDIOCSUSAGES commands

Btrfs: fix truncation of compressed and inlined extents

Btrfs: fix truncation of compressed and inlined extents

iw_cxgb3: Fix incorrectly returning error on success

Bluetooth: Fix potential NULL dereference in RFCOMM bind callback

ASN.1: Fix non-match detection failure on data overrun

x86/mm: Add barriers and document switch_mm()-vs-flush synchronization

ALSA: usb-audio: avoid freeing umidi object twice

ipv4: Don't do expensive useless work during inetdev destroy.

atl2: Disable unimplemented scatter/gather feature

atl2: Disable unimplemented scatter/gather feature (kpatch adaptation)

ALSA: timer: Fix leak in SNDRV_TIMER_IOCTL_PARAMS

ALSA: timer: Fix leak in events via snd_timer_user_ccallback

ALSA: timer: Fix leak in events via snd_timer_user_tinterrupt

IB/srpt: Simplify srpt_handle_tsk_mgmt()

aacraid: Check size values after double-fetch from user

packet: missing dev_put() in packet_do_bind()

packet: race condition in packet_bind

ALSA: rawmidi: Change resized buffers atomically

net: Fix use after free in the recvmmsg exit path

tcp: fix use after free in tcp_xmit_retransmit_queue()

sctp: validate chunk len before actually using it

dccp: fix freeing skb too early for IPV6_RECVPKTINFO

vfio/pci: Fix integer overflows, bitmask check

packet: fix race condition in packet_set_ring

tty: n_hdlc: get rid of racy n_hdlc.tbuf

mpi: Fix NULL ptr dereference in mpi_powm

net: avoid signed overflows for SO_{SND|RCV}BUFFORCE

selinux: fix off-by-one in setprocattr

kernel: Null pointer dereference in search_keyring

block: fix use-after-free in seq file

crypto: algif_hash - Only export and import on sockets with data

ext4: validate s_first_meta_bg at mount time

net/packet: fix overflow in check for priv area size, tp_frame_nr, tp_reserve

sctp: avoid BUG_ON on sctp_wait_for_sndbuf

mm: enlarge stack guard gap

nfsd: stricter decoding of write-like NFSv2/v3 ops

KVM: x86: fix emulation of "MOV SS, null selector"

nfsd: check for oversized NFSv2/v3 arguments

tcp: avoid infinite loop in tcp_splice_read()

fs/binfmt_elf.c: fix bug in loading of PIE binaries

l2tp: fix racy SOCK_ZAPPED flag check in l2tp_ip{,6}_bind()

KEYS: Fix short sprintf buffer in /proc/keys show function

[scsi] sg_write()/bsg_write() is not fit to be called under KERNEL_DS

[net] ping: implement proper locking

[net] ipv4: keep skb->dst around in presence of IP options

[mm] mempolicy.c: fix error handling in set_mempolicy and mbind

[x86] mm: Tighten x86 /dev/mem with zeroing reads

[net] tcp: do not inherit fastopen_req from parent

[net] ipv6/dccp: do not inherit ipv6_mc_list from parent

[net] tcp: do not inherit fastopen_req from parent

[net] sctp: do not inherit ipv6_{mc|ac|fl}_list from parent

[net] ipv6: Prevent overrun when parsing v6 header options

[net] ipv6: xfrm: Handle errors reported by xfrm6_find_1stfragopt()

[net] ipv6: Check ip6_find_1stfragopt() return value properly

[net] ipv6: Fix leak in ipv6_gso_segment()

[fs] mnt: Prevent pivot_root from creating a loop in the mount tree

[fs] Add a missing permission check to do_umount

[security] keys: Disallow keyrings beginning with '.' to be joined as session keyrings

[fs] xfs: fix two memory leaks in xfs_attr_list.c error paths

[x86] kvm: nvmx: Allow L1 to intercept software exceptions (#BP and #OF)

RDS: verify the underlying transport exists before creating a connection

RDS: fix race condition when sending a message on unbound socket

ext4: validate that metadata blocks do not overlap superblock

Bluetooth: Properly check L2CAP config option output buffer length

xfrm_user: validate XFRM_MSG_NEWAE XFRMA_REPLAY_ESN_VAL replay_window

xfrm_user: validate XFRM_MSG_NEWAE incoming ESN size harder

udp: consistently apply ufo or fragmentation

net-packet: fix race in packet_set_ring on PACKET_RESERVE

ipc: mqueue: fix a use-after-free in sys_mq_notify()

net: ping: check minimum size on ICMP header length

net: ipv6: avoid overflow of offset in ip6_find_1stfragopt

net: ipv6: accept 64k - 1 packet length in ip6_find_1stfragopt()

net: tcp: fix 0 divide in __tcp_select_window()

net: tcp: initialize rcv_mss to TCP_MIN_MSS instead of 0

ALSA: timer: Fix race among timer ioctls

ALSA: timer: Fix race at concurrent reads

ALSA: timer: Fix negative queue usage by racy accesses

ALSA: timer: fix NULL pointer dereference in read()/ioctl() race

ALSA: timer: Fix race between read and ioctl

ALSA: timer: Fix missing queue indices reset at SNDRV_TIMER_IOCTL_SELECT

meltdown: introduce gmb

add kernel page table isolation feature(aka KAISER)

kcpti: fix cpu hotplug crash

kcpti: ignore Xen PV guests

kcpti: map performance monitoring buffers

kcpti: align trampoline stack to 16

kcpti: free all shadow page table layers

kcpti: check present flag when removing global pte flag

kcpti: ignore AMD processors

kcpti: apply patch to Xen PV domains

spec_ctrl

[x86] msr: add 64bit _on_cpu access functions

[x86] Add another set of MSR accessor functions

spec_ctrl

spec_ctrl: print warning on {ibrs,ibpb}_enabled files creation failure

spec_ctrl: rescan cpuid when patch is loaded

keys: Fix an error code in request_master_key()

keys: Use memzero_explicit() for secret data

keys: Differentiate uses of rcu_dereference_key() and user_key_payload()

keys: fix keyctl_set_reqkey_keyring() to not leak thread keyrings

keys: Fix handling of stored error in a negatively instantiated user key

packet: fix races in fanout_add()

packet: Do not call fanout_release from atomic contexts

packet: hold bind lock when rebinding to fanout hook

packet: in packet_do_bind, test fanout with bind_lock held

assoc_array: Fix a buggy node-splitting case

keys: prevent KEYCTL_READ on negative key

x86/mm/32: Enable full randomization on i386 and X86_32

[media] xc2028: avoid use after free

firewire: net: guard against rx buffer overflows

avoid overflow in vmw_surface_define_ioctl()

bio: avoid page leaks

ugetlbfs: remove superfluous page unlock in VM_SHARED case

etfilter: nfnetlink_cthelper: Add missing permission checks

etlink: Add netns check on taps

SB: core: prevent malicious bNumInterfaces overflow

netfilter: xt_TCPMSS: add more sanity tests on tcph->doff

dm: fix race between dm_get_from_kobject() and __dm_destroy()

Bluetooth: Prevent stack info leak from the EFS element.

ACPI: sbshc: remove raw pointer from printk() message.

futex: Prevent overflow by strengthen input validation

Prevent flooding into debug port 0x80

Prevent flooding into debug port 0x80

Sanitize 'move_pages()' permission checks

dccp: fix use-after-free (CVE-2017-8824)

scsi: fix the issue that iscsi_if_rx doesn't parse nlmsg properly

provide with option to switch compat32 v4l ioctls on and off.

alsa: seq: Make ioctls race-free

kvm/x86: fix icebp instruction handling

perf/hwbp: Simplify the perf-hwbp code, fix documentation

x86/entry/64: Don't use IST entry for #BP stack

x86/entry/64: Don't use IST entry for #BP stack (kpatch adaptation)

netfilter: ebtables: CONFIG_COMPAT: don't trust userland offsets

ipsec: Fix aborted xfrm policy dump crash

ipsec: Fix aborted xfrm policy dump crash (kpatch adaptation)

Speculative Store Bypass mitigation

xfrm: policy: check policy direction value

tcp: avoid collapses in tcp_prune_queue() if possible

tcp: detect malicious patterns in tcp_collapse_ofo_queue()

crypto: algif_skcipher - Load TX SG list after waiting

Revert "net: increase fragment memory usage limits"

fix for use-after-free bug via crafted system calls in mm/mempolicy.c:do_get_mempolicy()

ALSA: seq: Fix racy pool initializations

introduce barrier_nospec() and array_index_nospec() (adaptation, 862.2.3.el7)

fix regression when using the last syscall on x86 (adaptation, 123.el7-kernels)

fix regression for ipv6 in latest kernels after spectre commit (adaptation)

Add disable SMT knob

Setup L1TF bug bit

Add ability to flush l1d cache on vmexit

Limit arg stack to at most 75% of _STK_LIM

get_rock_ridge_filename(): handle malformed NM entries

ALSA: pcm: prevent UAF in snd_pcm_info

timerfd: Protect the might cancel mechanism proper

timerfd: Protect the might cancel mechanism proper (kpatch adaptation)

crypto: salsa20 - fix blkcipher_walk API usage

ext4: fail ext4_iget for root directory if unallocated

posix-timer: Properly check sigevent->sigev_notify

fix possible deadlock with mutex within SCSI libsas (adaptation)

loop: fix concurrent lo_open/lo_release

sctp: verify size of a new chunk in _sctp_make_chunk()

scsi: libsas: fix memory leak

drm: udl: Properly check framebuffer mmap offsets

ext4: always verify the magic number in xattr blocks

ext4: always verify the magic number in xattr blocks

ext4: clear i_data in ext4_inode_info when removing inline data

ALSA: rawmidi: Change resized buffers atomically

mm/madvise.c: fix madvise() infinite loop under special circumstances

ext4: don't allow r/w mounts if metadata blocks overlap the superblock

xfs: move inode fork verifiers to xfs_dinode_verify

xfs: enhance dinode verifier

cdrom-information-leak-in-cdrom_ioctl_media_changed.patch

proc: do not access cmdline nor environ from file-backed areas

AIO: properly check iovec sizes

ext4: always check block group bounds in ext4_init_block_bitmap()

ext4: make sure bitmaps and the inode table don't overlap with bg descriptors

include/linux/mmdebug.h: add VM_WARN which maps to WARN()

include/linux/mmdebug.h: add VM_WARN_ONCE()

hugetlbfs: check for pgoff value overflow

hugetlbfs: check for pgoff value overflow

hugetlbfs: check for pgoff value overflow

include/linux/mmdebug.h: fix VM_WARN[_*]() with CONFIG_DEBUG_VM=n

mm/hugetlb.c: clean up VM_WARN usage

scsi: target: iscsi: Use hex2bin instead of a re-implementation

[fs] xfs: don't fail when converting shortform attr to long form during ATTR_REPLACE

[fs] ext4: add more inode number paranoia checks

net/packet: fix a race in packet_bind() and packet_notifier()

net: Set sk_prot_creator when cloning sockets to the right proto

proc: restrict kernel stack dumps to root

use-after-free vulnerability in the way the Linux kernel's KVM hypervisor implements its device control API

[net] tcp: pass previous skb to tcp_shifted_skb()

[net] tcp: limit payload size of sacked skbs

[net] tcp: tcp_fragment() should apply sane memory limits

[net] tcp: add tcp_min_snd_mss sysctl

[net] tcp: enforce tcp_min_snd_mss in tcp_mtu_probing()

ipmi_si: fix use-after-free of resource->name

sunrpc: use-after-free in svc_process_common()

CVE-2018-16884 kpatch adaptation

CVE-2018-16884 kpatch adaptation

MDS CPU Side-channel Attacks mitigation

vhost-net: Always access vq->private_data under vq mutex

vhost-net: set packet weight of tx polling to 2 * vq size

vhost_net: use packet weight for rx handler, too

vhost_net: introduce vhost_exceeds_weight()

vhost_net: fix possible infinite loop

mm/mincore.c: make mincore() more conservative

l2tp: pass tunnel pointer to ->session_create()

KVM: x86: introduce linear_{read,write}_system

KVM: x86: pass kvm_vcpu to kvm_read_guest_virt and kvm_write_guest_virt_system

kvm: x86: use correct privilege level for sgdt/sidt/fxsave/fxrstor access

vhost/vsock: fix use-after-free in network stack callers

3.10.0/CVE-2018-15594.patch

Bluetooth: Verify that l2cap_get_conf_opt provides large enough buffer

Bluetooth: Check L2CAP option sizes returned from l2cap_get_conf_opt

scsi: megaraid_sas: return error when create DMA pool failed

ext4: zero out the unused memory region in the extent tree block

floppy: Do not copy a kernel pointer to user memory in FDGETPRM ioctl

HID: debug: check length before copy_to_user()

alarmtimer: Prevent overflow for relative nanosleep

validate cached inodes are free when allocated in xfs

xfs: fixed incorrect xfs_da_shrink_inode call with NULL buffer

xfs: fixed possible ifp->if_broot dereference based on the XFS_DINODE_FMT_BTREE format

xfs: fix a null pointer dereference in xfs_bmap_extents_to_btree

xfs: fix error handling in xfs_bmap_extents_to_btree

cdrom: Fix info leak/OOB read in cdrom_ioctl_drive_status

iovec: make sure the caller actually wants anything in memcpy_fromiovecend

KVM: x86: work around leak of uninitialized stack contents

Mitigation of SWAPGS Spectre gadget

host: make sure log_num < in_num

mwifiex: Fix possible buffer overflows at parsing bss descriptor

mwifiex: Fix possible buffer overflows at parsing bss descriptor

ext4: never move the system.data xattr out of the inode body

KVM: coalesced_mmio: add bounds checking

tcp: purge write queue in tcp_connect_init()

mwifiex: Fix three heap overflow at parsing element in cfg80211_ap_settings

Heap Overflow in mwifiex_process_country_ie() function of Marvell Wifi Driver

cfg80211: wext: avoid copying malformed SSIDs

[wireless] rtlwifi: Fix potential overflow on P2P code

[x86] kvm: x86: do not modify masked bits of shared MSRs

[mm] mm/hugetlb.c: __get_user_pages ignores certain follow_hugetlb_page errors

[mm] mm: prevent get_user_pages() from overflowing page refcount

[usb] check usb_get_extra_descriptor for proper size

[usb] hso: Fix OOB memory access in hso_probe/hso_get_config_data

[net] bluetooth: hidp: fix buffer overflow

[bluetooth] Bluetooth: hci_uart: check for missing tty operations

[block] floppy: fix out-of-bounds read in copy_buffer

[sound] ALSA: info: Fix racy addition/deletion of nodes

[sound] ALSA: core: Fix card races between register and disconnect

[sound] ALSA: line6: Fix write on zero-sized buffer

[sound] ALSA: line6: Fix memory leak at line6_init_pcm() error path

[net] tun: call dev_get_valid_name() before register_netdevice()

[net] tun: allow positive return values on dev_get_valid_name() call

[security] KEYS: Strip trailing spaces

[security] KEYS: remove unnecessary get/put of explicit dest_keyring

[security] KEYS: add missing permission check for request_key() destination

binfmt_elf: switch to new creds when switching to new mm

[kernel] perf/core: Fix perf_event_open() vs. execve() race

[net] sysfs: Fix mem leak in netdev_register_kobject

cfg80211: add and use strongly typed element iteration macros

ieee80211: fix for_each_element_extid()

cfg80211: Use const more consistently in for_each_element macros

[net] mac80211: Do not send Layer 2 Update frame before authorization

[net] nl80211: validate beacon head

[media] cx24116: fix a buffer overflow when checking userspace params

tracing: Fix possible double free on failure of allocating trace buffer

blktrace: fix dereference after null check

x86/speculation: Add Special Register Buffer Data Sampling (SRBDS) mitigation

vfio: access to disabled MMIO space of some devices may lead to DoS scenario

vfio: access to disabled MMIO space of some devices may lead to DoS scenario

HID: hiddev: avoid opening a disconnected device

mwifiex: Fix possible buffer overflows in mwifiex_cmd_append_vsie_tlv()

mwifiex: Fix possible buffer overflows in mwifiex_ret_wmm_get_status()

kernel: memory corruption in Voice over IP nf_conntrack_h323 module

floppy: check FDC index for errors before assigning it

vgacon: Fix a UAF in vgacon_invert_region

ipv6: constify ip6_dst_lookup_{flow|tail}() sock arguments

net: ipv6: add net argument to ip6_dst_lookup_flow

net: ipv6_stub: use ip6_dst_lookup_flow instead of ip6_dst_lookup

net: ipv6_stub: ip6_dst_lookup_flow (adaptation)

vhost: Check docket sk_family instead of call getname

mm: mempolicy: require at least one nodeid for MPOL_PREFERRED

Input: add safety guards to input_set_keycode

chardev: add helper function to register char devs with a struct device (CVE-2020-10690 dependency)

ptp: fix the race between the release of ptp_clock and cdev

ptp: fix the race between the release of ptp_clock and cdev (adaptation)

fs/binfmt_elf.c: allocate initialized memory in fill_thread_core_info

signal: Extend exec_id to 64bits

signal: Extend exec_id to 64bits (adaptation)

scsi: sg: add sg_remove_request in sg_write

nfs: Correct an nfs page array calculation error

selinux: properly handle multiple messages in selinux_netlink_send

mISDN: enforce CAP_NET_RAW for raw sockets

ieee802154: enforce CAP_NET_RAW for raw sockets

net: sit: fix memory leak in sit_init_net()

scsi: qla2xxx: fix a potential NULL pointer dereference

scsi: libsas: delete sas port if expander discover failed

media: usb:zr364xx:Fix KASAN:null-ptr-deref Read in zr364xx_vidioc_querycap

scsi: libsas: fix a race condition when smp task timeout

fs/proc/proc_sysctl.c: fix NULL pointer dereference in put_links

fs/proc/proc_sysctl.c: Fix a NULL pointer dereference

can: peak_usb: fix slab info leak

ext4: work around deleting a file with i_nlink == 0 safely

KVM: x86: fix out-of-bounds write in KVM_GET_EMULATED_CPUID (CVE-2019-19332)

i2c: core-smbus: prevent stack corruption on read I2C_BLOCK_DATA

Input: ff-memless - kill timer in destroy()

rtlwifi: prevent memory leak in rtl_usb_probe

crypto: user - fix memory leak in crypto_report

media: v4l: event: Prevent freeing event subscriptions while accessed

media: v4l: event: Prevent freeing event subscriptions while accessed (adaptation)

ext4: validate the debug_want_extra_isize mount option at parse time

ext4: forbid i_extra_isize not divisible by 4

ext4: add more paranoia checking in ext4_expand_extra_isize handling

ext4: fix support for inode sizes > 1024 bytes

USB: adutux: fix use-after-free on disconnect

usb: cdc-acm: make sure a refcount is taken early enough

USB: core: Fix races in character device registration and deregistraion

[net] sock: backport __sock_queue_rcv_skb()

[net] bluetooth: split sk_filter in l2cap_sock_recv_cb

Bluetooth: L2CAP: Fix calling sk_filter on non-socket based channel

Bluetooth: A2MP: Fix not initializing all members

net-sysfs: call dev_hold if kobject_init_and_add success

net-sysfs: Call dev_hold always in netdev_queue_add_kobject

net-sysfs: Call dev_hold always in rx_queue_add_kobject

Fix for missing check in vgacon scrollback handling

crypto: authenc: Export key parsing helper function (CVE-2020-10769 dependency)

crypto: authenc - fix parsing key with misaligned rta_len

ext4: fix potential negative array index in do_split()

nfs: Fix getxattr kernel panic and memory overflow

hdlc_ppp: add range checks in ppp_cp_parse_cr()

block: Fix use-after-free in blkdev_get()

HID: Fix assumption that devices have inputs

pinctrl: Delete an error message

pinctrl: devicetree: Avoid taking direct reference to device name string

perf/core: Fix race in the perf_mmap_close() function

netfilter: ctnetlink: add a range check for l3/l4 protonum

tty/vt: fix write/write race in ioctl(KDSKBSENT) handler

tty: keyboard, do not speculate on func_table index

vt: keyboard, simplify vt_kdgkbsent

vt: keyboard, extend func_buf_lock to readers

vt: keyboard, rename i to kb_func in vt_do_kdgkb_ioctl

vt: keyboard, reorder user buffer handling in vt_do_kdgkb_ioctl

tty: Fix ->pgrp locking in tiocspgrp()

af_unix: fix struct pid memory leak

af_unix: fix struct pid memory leak (adaptation)

net: Fix permission check in netlink_connect() (CVE-2021-27363_27364 dependency)

netlink: Rename netlink_capable netlink_allowed (CVE-2021-27363_27364 dependency)

net: Add variants of capable for use on netlink messages (CVE-2021-27363_27364 dependency)

scsi: iscsi: Restrict sessions and handles to admin capabilities

sysfs: Add sysfs_emit and sysfs_emit_at to format sysfs output (CVE-2021-27365 dependency)

scsi: iscsi: Ensure sysfs attributes are limited to PAGE_SIZE

scsi: iscsi: Verify lengths on passthrough PDUs

futex: Replace pointless printk in fixup_owner()

futex: Provide and use pi_state_update_owner()

futex: Handle faults correctly for PI futexes

vt: selection, close sel_buffer race

media: xirlink_cit: add missing descriptor sanity checks

cipso,calipso: resolve a number of problems with the DOI refcounts

Bluetooth: verify AMP hci_chan before amp_destroy

Bluetooth: verify AMP hci_chan before amp_destroy (kcare adaptation)

sched/numa: Move task_numa_free() to __put_task_struct()

sched/numa: Fix task_numa_free() lockdep splat

sched/numa: Simplify task_numa_compare()

sched/fair: Don't free p->numa_faults with concurrent readers

sched/fair: Use RCU accessors consistently for ->numa_group

netfilter: x_tables: fix compat match/target pad out-of-bound write

bpf, x86: Validate computation of branch displacements for x86-64

seqcount: Provide raw_read_seqcount() (CVE-2021-29650 dependency)

netfilter: x_tables: make xt_replace_table wait until old

netfilter: x_tables: Use correct memory barriers.

bluetooth: eliminate the potential race condition when removing the

Restrict access to pagemap/kpageflags/kpagecount

vmx_vcpu_run wrapper

ALSA: seq: Fix racy pool initializations (kpatch adaptation due CVE-2018-1000004)