xen/netback: Ensure protocol headers don't fall in the non-linear area

Bluetooth: L2CAP: Fix u8 overflow

net: sched: disallow noqueue for qdisc classes

ipv6: raw: Deduct extension header length in rawv6_push_pending_frames

net: sched: atm: dont intepret cls results when asked to drop

dmaengine: Fix double increment of client_count in dma_chan_get()

HID: check empty report_list in hid_validate_values()

net: mpls: fix stale pointer if allocation fails during device rename

Complex adaptation is required, mainline retired tcindex.

x86/speculation: Allow enabling STIBP with legacy IBRS

prlimit: do_prlimit needs to have a speculation check

scsi: iscsi_tcp: Fix UAF during login when accessing the shost ipaddress

USB: ene_usb6250: Allocate enough memory for full object

ext4: fix WARNING in ext4_update_inline_data

ext4: zero i_disksize when initializing the bootloader inode

ext4: fix task hung in ext4_xattr_delete_inode

ftrace: Fix invalid address access in lookup_rec() when index is 0

net: tunnels: annotate lockless accesses to dev->needed_headroom

fs: prevent out-of-bounds array speculation when closing a file descriptor

ila: do not generate empty messages in ila_xlat_nl_cmd_get_mapping()

ext4: fix another off-by-one fsmap error on 1k block filesystems

tcp: tcp_make_synack() can be called from process context

net: usb: smsc75xx: Limit packet length to skb->len

net: usb: smsc75xx: Move packet length check to prevent kernel panic in skb_pull

nvmet: avoid potential UAF in nvmet_req_complete()

Fix double fget() in vhost_net_set_backend()

bluetooth: Perform careful capability checks in hci_sock_ioctl()

bluetooth: Add cmd validity checks at the start of hci_sock_ioctl()

xfs: verify buffer contents when we skip log replay

net: sched: cbq: dont intepret cls results when asked to drop

net: qcom/emac: Fix use after free bug in emac_remove due to race condition

i2c: xgene-slimpro: Fix out-of-bounds bug in xgene_slimpro_i2c_xfer()

net: sched: sch_qfq: prevent slab-out-of-bounds in qfq_activate_agg

netfilter: nf_tables: split set destruction in deactivate and destroy phase

netfilter: nft_hash: fix nft_hash_deactivate

netfilter: nf_tables: bogus EBUSY when deleting set after flush

netfilter: nf_tables: deactivate anonymous set from preparation phase

netfilter: nf_tables: split set destruction in deactivate and destroy phase (adaptation)

netfilter: nf_tables: bogus EBUSY when deleting set after flush (Revert)

netfilter: nf_tables: split set destruction in deactivate and destroy phase

netfilter: nf_tables: split set destruction in deactivate and destroy phase

net: tls: fix possible race condition between

ipvlan:Fix out-of-bounds caused by unclear skb->cb

ext4: avoid a potential slab-out-of-bounds in ext4_group_desc_csum

Re: Possible deadlock detected in Linux 6.2.0 in

netfilter: nf_tables: do not allow RULE_ID to refer to another chain

netfilter: nf_tables: do not allow RULE_ID to refer to another chain

netfilter: nf_tables: do not allow RULE_ID to refer to another chain

netfilter: nf_tables: stricter validation of element data

btrfs: unset reloc control if transaction commit fails in prepare_to_relocate()

btrfs: unset reloc control if transaction commit fails in prepare_to_relocate()

netfilter: nf_tables: incorrect error path handling with NFT_MSG_NEWRULE

netfilter: nf_tables: prevent OOB access in nft_byteorder_eval

net/sched: cls_u32: Fix reference counter leak leading to overflow

net/sched: sch_qfq: account for stab overhead in qfq_enqueue

net/sched: cls_fw: Fix improper refcount update leads to use-after-free

A low priority AMD Inception vulnerability that affects Zen3/Zen4 & relates to RetBleed fixes requiring microcode updates, we can't do much about it in KCare Infra.

gfs2: Don't deref jdesc in evict

This is a low priority CVE & the patch impacts many critical components of the networking subsystem & it requires multiple complex adaptations in those components to avoid losing existing connections on patch/unpatch.

net/sched: cls_route: No longer copy tcf_result on update to avoid

net/sched: cls_u32: No longer copy tcf_result on update to avoid

xfrm: add NULL check in xfrm_update_ae_params

af_unix: Fix null-ptr-deref in unix_stream_sendpage().

net/sched: sch_hfsc: Ensure inner classes have fsc curve

net: sched: sch_qfq: Fix UAF in qfq_dequeue()

net: sched: sch_qfq: Fix UAF in qfq_dequeue() (adaptation)

The patch removes functionality.

An introduction of required changes through KernelCare could cause unavoidable problems to applications which use netfilter functionality.

netfilter: ipset: add the missing IP_SET_HASH_WITH_NET0 macro for ip_set_hash_netportnet.c

xen/events: replace evtchn_rwlock with RCU

xen/events: replace evtchn_rwlock with RCU (adaptation)

fs/jfs: Add a mutex named txEnd_lmLogClose_mutex to prevent a race condition between txEnd and lmLogClose functions

perf: Disallow mis-matched inherited group reads (adaptation)

perf: Disallow mis-matched inherited group reads (adaptation)

thermal: core: prevent potential string overflow

drm/radeon: possible buffer overflow

llc: verify mac len before reading mac header

tipc: Change nla_policy for bearer-related names to NLA_NUL_STRING

tipc: Change nla_policy for bearer-related names to NLA_NUL_STRING

vc_screen: move load of struct vc_data pointer in vcs_read() to avoid UAF

drm/qxl: fix UAF on handle creation

ipv4: igmp: fix refcnt uaf issue when receiving igmp query packet

smb: client: fix OOB in smbCalcSize()

netfilter: nf_tables: Reject tables of unsupported family

tty: n_gsm: fix the UAF caused by race condition in gsm_cleanup_mux

perf: Fix perf_event_validate_size()

netfilter: nf_tables: reject QUEUE/DROP verdict parameters

net/rds: Fix UBSAN: array-index-out-of-bounds in rds_cmsg_recv

dm: limit the number of targets and parameter size area

Complex adaptation is required, vendor retired ATA over Ethernet driver.

ext4: fix corruption during on-line resize

sched/membarrier: reduce the ability to hammer on

llc: call sock_orphan() at release time

aoe: fix the potential use-after-free problem in

EDAC/thunderx: Fix possible out-of-bounds string access

drm: Don't unref the same fb many times by mistake due to deadlock

calipso: fix memory leak in netlbl_calipso_add_pass()

netfilter: nf_tables: fix pointer math issue in nft_byteorder_eval()

xen-netback: don't produce zero-size SKB frags

netfilter: nftables: exthdr: fix 4-byte stack OOB write

sched/rt: pick_next_rt_entity(): check list_entry

PCI/PM: Drain runtime-idle callbacks before driver removal

netfilter: nf_tables: disallow anonymous set with timeout

ubi: Check for too small LEB size in VTBL code

netfilter: nf_tables: disallow timeout for anonymous sets

x86/kvm: Disable kvmclock on all CPUs on shutdown

KVM: nVMX: add missing consistency checks for CR0 and CR4

kdb: Fix buffer overflow during tab-complete

virtio: delete vq in vp_find_vqs_msix() when request_irq() fails

netfilter: nfnetlink_queue: acquire rcu_read_lock() in

ipvlan: Dont Use skb->sk in ipvlan_process_v{4,6}_outbound

net: fix __dst_negative_advice() race

netfilter: nf_tables: fully validate NFT_DATA_VALUE on store to data registers

pinctrl: fix deadlock in create_pinctrl() when handling -EPROBE_DEFER

net: relax socket state check at accept time.

filelock: Fix fcntl/close race recovery compat path

USB: core: Fix duplicate endpoint bug by clearing

hfsplus: fix uninit-value in copy_name

bonding: Fix out-of-bounds read in bond_option_arp_ip_targets_set()

nilfs2: add missing check for inode numbers on directory entries

bnx2x: Fix multiple UBSAN array-index-out-of-bounds

fou: Fix null-ptr-deref in GRO.

ima: Fix use-after-free on a dentry's dname.name

netfilter: ctnetlink: use helper function to calculate expect ID

RDMA/iwcm: Fix a use-after-free related to destroying CM IDs

tipc: Return non-zero value from tipc_udp_addr2str() on error

driver core: Cast to (void *) with __force for __percpu pointer

devres: Fix memory leakage caused by driver API devm_free_percpu()

exec: Fix ToCToU between perm check and set-uid/gid usage

ext4: check dot and dotdot of dx_root before making dir indexed

usb: vhci-hcd: Do not drop references before new references are gained

ipv6: prevent UAF in ip6_send_skb()

sch/netem: fix use after free in netem_dequeue

nilfs2: fix use-after-free of nilfs_root in dirtying inodes via iput

nilfs2: fix missing cleanup on rollforward recovery error

hwmon: (adc128d818) Fix underflows seen when writing limit attributes

hwmon: (lm95234) Fix underflows seen when writing limit attributes

hwmon: (nct6775-core) Fix underflows seen when writing limit attributes

hwmon: (w83627ehf) Fix underflows seen when writing limit attributes

btrfs: clean up our handling of refs == 0 in snapshot delete

PCI: Add missing bridge lock to pci_bus_lock()

Input: uinput - reject requests with unreasonable number of slots

Squashfs: sanity check symbolic link size

of/irq: Prevent device address out-of-bounds read in interrupt map walk

VMCI: Fix use-after-free when removing resource in vmci_resource_remove()

nilfs2: protect references to superblock parameters exposed in sysfs

rtmutex: Drop rt_mutex::wait_lock before scheduling

low-scored CVE which inevitably will cause verification conflicts with freezable kthread and cifs reading routines.

firmware_loader: Block path traversal

net/xen-netback: prevent UAF in xenvif_flush_hash()

uprobe: avoid out-of-bounds memory access of fetching args

net/ipv6: avoid possible UAF in ip6_route_mpath_notify()

nilfs2: fix kernel bug due to missing clearing of checked flag

ext4: return error on ext4_find_inline_entry

ext4: avoid OOB when system.data xattr changes underneath the filesystem

ext4: avoid ext4_error()'s caused by ENOMEM in the truncate path

ext4: fix slab-use-after-free in ext4_split_extent_at()

ACPI: sysfs: validate return type of _STR method

driver core: bus: Fix double free in driver API bus_register()

dm cache: fix out-of-bounds access to the dirty bitset when resizing

ppp: fix ppp_async_encode() illegal access

udf: fix uninit-value use in udf_get_fileshortad

scsi: sg: Fix slab-use-after-free read in sg_release()

tipc: guard against string buffer overrun

tipc: wait and exit until all work queues are done

tipc: wait and exit until all work queues are done

tipc: Fix use-after-free of kernel socket in cleanup_bearer().

ext4: fix timer use-after-free on failed mount

pfifo_tail_enqueue: Drop new packet when sch->limit == 0

HID: core: zero-initialize the report buffer

smb: client: fix UAF in smb2_reconnect_server()

smb: client: fix use-after-free of signing key

net/sched: stop qdisc_tree_reduce_backlog on TC_H_ROOT

net: defer final 'struct net' free in netns dismantle

net: defer final 'struct net' free in netns dismantle

btrfs: fix use-after-free when attempting to join an aborted transaction

nbd: don't allow reconnect after disconnect

block, bfq: don't move oom_bfqq

macsec: fix UAF bug for real_dev

macsec: fix UAF bug for real_dev

block: Fix handling of offline queues in blk_mq_alloc_request_hctx()

ext4: aovid use-after-free in ext4_ext_insert_extent()

hv_sock: Initializing vsk->trans to NULL to prevent a dangling pointer

PPS for embedded GPS devices. Irrelevant for servers.

slip: make slhc_remember() more robust against malicious packets

netfilter: x_tables: fix LED ID check in led_tg_check()

geneve: Fix use-after-free in geneve_find_dev().

geneve: Suppress list corruption splat in geneve_exit_net().

scsi: iscsi_tcp: Fix UAF during logout when accessing the shost ipaddress

mm: call the security_mmap_file() LSM hook in remap_file_pages()

mm: split critical region in remap_file_pages() and invoke LSMs in between

ext4: fix double brelse() the buffer of the extents path

vrf: use RCU protection in l3mdev_l3_out()

nfsd: clear acl_access/acl_default after releasing them

dm cache: fix potential out-of-bounds access on the first resume

security/keys: fix slab-out-of-bounds in key_task_permission

net: do not delay dst_entries_add() in dst_release()

vlan: enforce underlying device type

blk-throttle: Set BIO_THROTTLED when bio has been throttled

btrfs: do not clean up repair bio if submit fails

bfq: Update cgroup information before merging bio

net: atm: fix use after free in lec_send()

nilfs2: do not force clear folio if buffer is referenced

KVM: Explicitly verify target vCPU is online in kvm_get_vcpu()

NFSv4.0: Fix a use-after-free problem in the asynchronous open()

ext4: Fix possible corruption when moving a directory

ext4: Fix deadlock during directory rename

ext4: fix possible double unlock when moving a directory

ext4: Remove ext4 locking of moved directory

fs: Establish locking order for unrelated directories

fs: Lock moved directories

tracing: Fix oob write in trace_seq_to_buffer()

Out of scope: not affected

ext4: fix off-by-one error in do_split

smb: client: Fix use-after-free in cifs_fill_dirent

dm thin: fix use-after-free crash in dm_sm_register_threshold_callback

scsi: target: iscsi: Fix timeout on deleted connection

ched, cpuset: Fix dl_cpu_busy() panic due to empty cs->cpus_allowed

sch_hfsc: make hfsc_qlen_notify() idempotent

net: tap: NULL pointer derefence in dev_parse_header_protocol when skb->dev is null

sch_htb: make htb_qlen_notify() idempotent

sch_htb: make htb_qlen_notify() idempotent

__legitimize_mnt(): check for MNT_SYNC_UMOUNT should be under mount_lock

SUNRPC: Fix a server shutdown leak

mpls: Use rcu_dereference_rtnl() in mpls_route_input_rcu().

codel: remove sch->q.qlen check before qdisc_tree_reduce_backlog()

virtio: break and reset virtio devices on device_shutdown()

virtgpu: don't reset on shutdown

virtio: break and reset virtio devices on device_shutdown()

dma-buf/dma-resv: check if the new fence is really later

ftrace: Add cond_resched() to ftrace_graph_set_hash()

net: ch9200: fix uninitialised access during mii_nway_restart

Complex adaptation required. Do not use binding in the interrupt handler.

net: pktgen: fix access outside of user given buffer in pktgen_thread_write()

scsi: lpfc: Prevent buffer overflow crashes in debugfs with malformed user input

iavf: Fix adminq error handling

nfs: handle failure of nfs_get_lock_context in unlock path

ipc: fix to protect IPCS lookups using RCU

fbdev: Fix do_register_framebuffer to prevent null-ptr-deref in fb_videomode_to_var

posix-cpu-timers: fix race between handle_posix_cpu_timers() and posix_cpu_timer_del()

calipso: Fix null-ptr-deref in calipso_req_{set,del}attr().

mm/khugepaged: fix ->anon_vma race

i40e: fix MMIO write access to an invalid page in i40e_clear_hw

clone_private_mnt(): make sure that caller has CAP_SYS_ADMIN in the right userns

net_sched: sch_sfq: reject invalid perturb period

net/sched: sch_qfq: Fix race condition on qfq_aggregate

ACPICA: Refuse to evaluate a method if arguments are missing

tipc: Fix use-after-free in tipc_conn_close().

ipv6: reject malicious packets in ipv6_gso_segment()

Squashfs: check return result of sb_min_blocksize

squashfs: fix memory leak in squashfs_fill_super

Squashfs: check return result of sb_min_blocksize

scsi: libiscsi: Initialize iscsi_conn->dd_data only if memory is allocated

can: netlink: can_changelink(): fix NULL pointer deref of struct can_priv::do_set_mode

ipv6: sr: Fix MAC comparison to be constant-time

hfsplus: fix slab-out-of-bounds read in hfsplus_uni2asc()

hfsplus: fix slab-out-of-bounds read in hfsplus_uni2asc()

iavf: Fix reset error handling

module: ensure that kobject_put() is safe for module type kobjects

RDMA/iwcm: Fix WARNING:at_kernel/workqueue.c:#check_flush_dependency

RDMA/iwcm: Fix WARNING:at_kernel/workqueue.c:#check_flush_dependency kpatch

x86/xen: Add xenpv_restore_regs_and_return_to_usermode()

N/A

N/A

Restrict access to pagemap/kpageflags/kpagecount

vmx_vcpu_run wrapper

x86/CPU/AMD: Do not leak quotient data after a division by 0

tcp/udp: Fix memory leak in ipv6_renew_options()

Bluetooth: L2CAP: Fix accepting connection request for invalid SPSM

Bluetooth: L2CAP: Fix l2cap_global_chan_by_psm