Live-patching will introduce network performance degradation in the best case scenario, or even some more serious issues. N/A or Low cvss3 score from NVD or vendors.

Out of scope as the patch is for powerpc arch only, x86_64 is not affected

RFDS: Medium score vulnerability affecting only Intel Atom CPUs, mitigated via microcode update.

drivers/amd/pm: fix a use-after-free in kv_parse_power_table

net: fix __dst_negative_advice() race

wifi: mac80211: fix potential key use-after-free

net/ipv6: avoid possible UAF in ip6_route_mpath_notify()

netfilter: nf_tables: release mutex after nft_gc_seq_end from abort path

netfilter: nf_tables: Fix potential data-race in __nft_expr_type_get()

mlxsw: spectrum_acl_tcam: Fix stack corruption

pwm: Fix double shift bug

of: Fix double free in of_parse_phandle_with_args_map

mmc: sdio: fix possible resource leaks in some error paths

bonding: stop the device in bond_setup_by_slave()

Revert "net/mlx5: Block entering switchdev mode with ns inconsistency"

Revert "net/mlx5: Block entering switchdev mode with ns inconsistency"

net/smc: avoid data corruption caused by decline

drm/vmwgfx: fix a memleak in vmw_gmrid_man_get_node

media: gspca: cpia1: shift-out-of-bounds in set_flicker

wait: add wake_up_pollfree()

sched/psi: Fix use-after-free in ep_remove_wait_queue()

virtio-blk: fix implicit overflow on virtio_max_dma_size

tracing: Restructure trace_clock_global() to never

tracing: Do no increment trace_clock_global() by

net: ieee802154: fix null deref in parse dev addr

isdn: mISDN: netjet: Fix crash in nj_probe:

wifi: ath11k: fix gtk offload status event locking

media: bttv: fix use after free error due to

EFI Firmware: CVE patch is for EFI firmware which runs at boot time.

tcp_close is sleepable and called from kthread, which may prevent patching and unpatchng.

wifi: cfg80211: check A-MSDU format more carefully

irqchip/gic-v3-its: Fix potential VPE leak on error

isdn: mISDN: Fix sleeping function called from invalid context

ethernet: hisilicon: hns: hns_dsaf_misc: fix a possible array overflow in hns_dsaf_ge_srst_by_port()

ovl: fix warning in ovl_create_real()

tcp: fix tcp_init_transfer() to not reset icsk_ca_initialized

netfilter: conntrack: serialize hash resizes and cleanups

userfaultfd: fix a race between writeprotect and exit_mmap()

mm: khugepaged: skip huge page collapse for special files

net/sunrpc: fix reference count leaks in rpc_sysfs_xprt_state_change

i2c: mlxbf: prevent stack overflow in mlxbf_i2c_smbus_start_transaction()

netfilter: nf_tables: fix memleak in map from abort

netfilter: nf_tables: Fix potential data-race in

nbd: null check for nla_nest_start

netfilter: nf_tables: do not compare internal table

SUNRPC: fix some memleaks in gssx_dec_option_array

Fixed function is sleepy and called from a kthread, which may prevent patching/unpatching.

wifi: iwlwifi: mvm: Fix key flags for IGTK on AP

wifi: iwlwifi: mvm: don't set the MFP flag for the

genirq/cpuhotplug, x86/vector: Prevent vector leak

ipvlan: Dont Use skb->sk in

misc: lis3lv02d_i2c: Fix regulators getting

vt: fix unicode buffer corruption when deleting

irqchip/gic-v3-its: Prevent double free on error

net/sched: act_skbmod: prevent kernel-infoleak

x86/fpu: Keep xfd_state in sync with MSR_IA32_XFD

ext4: fix corruption during on-line resize

netfilter: nf_tables: reject table flag and netdev basechain updates

netfilter: nf_tables: discard table flag update

netfilter: validate user input for expected length

drm/vmwgfx: Fix the lifetime of the bo cursor

block: prevent division by zero in blk_rq_stat_sum()

scsi: lpfc: Fix possible memory leak in lpfc_rcv_padisc()

dyndbg: fix old BUG_ON in >control parser

drm/ast: Fix soft lockup

usb: typec: ucsi: Limit read size on v1.2

wifi: iwlwifi: mvm: rfi: fix potential response leaks

wifi: rtw89: fix null pointer access when abort scan

netfilter: nf_tables: flush pending destroy work before exit_net release

netfilter: nf_tables: reject new basechain after table flag update

wifi:ath11k, low score CVE that needs complex adaptation but decreasing MHI Bus' buf-len isn't a typical security fix.

SUNRPC: fix a memleak in gss_import_v2_context

net: amd-xgbe: Fix skb data length underflow

block: Fix wrong offset in bio_truncate()

net: fix information leakage in /proc/net/ptype

Complex adaptation required. Issue can be reproduced with special UEFI implementation only.

ice: Fix some null pointer dereference issues in

pstore/ram: Fix crash when setting number of cpus

SUNRPC: Fix a suspicious RCU usage warning

drm/vmwgfx: Unmap the surface before resetting it

swiotlb: Fix double-allocation of slots due to broken alignment handling

net: bridge: switchdev: Skip MDB replays of

cachefiles: fix memory leak in

NFSv4.2: fix nfs4_listxattr kernel BUG at

quota: Fix potential NULL pointer dereference

drm/vmwgfx: Create debugfs ttm_resource_manager

nfs: fix UAF in direct writes

mm/hugetlb: fix missing hugetlb_lock for resv

netfilter: nf_tables: honor table dormant flag from

mlxsw: spectrum_acl_tcam: Fix incorrect list API

rtnetlink: Correct nested IFLA_VF_VLAN_LIST

i40e: fix vf may be used uninitialized in this

scsi: qla2xxx: Fix off by one in

netfilter: tproxy: bail out if IP has been disabled

netfilter: nfnetlink_queue: acquire rcu_read_lock()

drm/amd/display: Implement bounds check for stream encoder creation in DCN301

exit: Use the correct exit_code in /proc/<pid>/stat

fs/proc: do_task_stat: use __for_each_thread()

fs/proc: do_task_stat: move

fs/proc: do_task_stat: use sig->stats_lock to

hv_netvsc: Fix race condition between netvsc_probe and netvsc_remove

ext4: fix double-free of blocks due to wrong

arp: Prevent overflow in arp_req_get().

net/sched: act_mirred: use the backlog for mirred ingress

ext4: avoid allocating blocks from corrupted group in ext4_mb_find_by_goal()

ext4: avoid allocating blocks from corrupted group in ext4_mb_try_best_found()

stmmac: Clear variable when destroying workqueue

VFIO: Add the SPR_DSA and SPR_IAX devices to the

tty: n_gsm: fix possible out-of-bounds in gsm0_receive()

USB: core: Fix access violation during port device removal

cppc_cpufreq: Fix possible null pointer dereference

tipc: fix UAF in error path

tcp: defer shutdown(SEND_SHUTDOWN) for TCP_SYN_RECV sockets

i2c: core: Fix atomic xfer check for non-preempt

wifi: mac80211: don't return unset power in ieee80211_get_tx_power()

platform/x86: wmi: Fix opening of char device

ubi: Check for too small LEB size in VTBL code

tcp: add sanity checks to rx zerocopy

ipvlan: add ipvlan_route_v6_outbound() helper

PowerPC: Unsupported.

ext4: avoid online resizing failures due to

ext4: avoid online resizing failures due to

tcp: Use refcount_inc_not_zero() in tcp_twsk_unique()

block: fix overflow in blk_ioctl_discard()

tls: fix missing memory barrier in tls_init

ipv4: Fix uninit-value access in __ip_make_skb()

net: core: reject skb_copy(_expand) for fraglist GSO skbs

mptcp: ensure snd_nxt is properly initialized on connect

wifi: iwlwifi: mvm: guard against invalid STA ID on removal

net/sched: flower: Fix chain template offload

tipc: fix a possible memleak in tipc_buf_append

wifi: nl80211: don't free NULL coalescing rule

net: nsh: Use correct mac_offset to unwind gso skb in nsh_gso_segment()

nsh: Restore skb->{protocol,data,mac_header} for outer header in nsh_gso_segment().

firewire: ohci: mask bus reset interrupts between ISR and bottom half

pinctrl: core: fix possible memory leak in pinctrl_enable()

pinctrl: core: delete incorrect free in pinctrl_enable()

drm/vmwgfx: Fix invalid reads in fence signaled events

net: sched: sch_multiq: fix possible OOB write in multiq_tune()

net: bridge: xmit: make sure we have at least eth header len bytes

net/smc: fix neighbour and rtable leak in smc_ib_find_route()

net: bridge: mst: fix vlan use-after-free

net: bridge: mst: pass vlan group directly to br_mst_vlan_set_state

net: bridge: mst: fix suspicious rcu usage in br_mst_set_state

Out of scope as the patch is for powerpc arch only, x86_64 is not affected

drm: Don't unref the same fb many times by mistake due to deadlock handling

ionic: clean interrupt before enabling queue to avoid credit race

ionic: fix use after netif_napi_del()

Out of scope as the patch is for powerpc arch only, x86_64 is not affected

vfio/pci: Lock external INTx masking ops

igc: avoid returning frame twice in XDP_REDIRECT

Complex adaptation required. Network services prevents update because sleeps in inet_csk_accept() function.

x86/xen: Fix memory leak in

x86/xen: Add some null pointer checking to smp.c

x86/mce: Make sure to grab mce_sysfs_mutex in set_bank()

atl1c: Work around the DMA RX overflow issue

atl1c: Work around the DMA RX overflow issue

x86/bugs: Change commas to semicolons in 'spectre_v2' sysfs file

x86/bhi: Add support for clearing branch history at syscall entry

igb: Fix string truncation warnings in

mm: swap: fix race between free_swap_and_cache()

net/mlx5: Discard command completions in internal

wifi: brcmfmac: pcie: handle randbuf allocation

af_unix: Fix data races in

af_unix: Fix data-races around sk->sk_shutdown.

md: fix resync softlockup when bitmap size is less

stm class: Fix a double free in

ext4: fix mb_cache_entry's e_refcnt leak in

xfs: fix log recovery buffer allocation for the

md/raid5: fix deadlock that raid5d() wait for

md/raid5: remove pr_debug() in raid5d()

bonding: Fix out-of-bounds read in

cpufreq: exit() callback is optional

xhci: Handle TD clearing for multiple streams case

tipc: Change nla_policy for bearer-related names to

tipc: Change nla_policy for bearer-related names to

SUNRPC: Fix RPC client cleaned up the freed pipefs

mac802154: fix llsec key resources release in mac802154_llsec_key_del

mac802154: fix llsec key resources release in mac802154_llsec_key_del

net/sched: Fix mirred deadlock on device recursion

net/sched: Fix mirred deadlock on device recursion (Adaptation)

usb: typec: altmodes/displayport: create sysfs kpatch

tcp: properly terminate timers for kernel sockets

ftruncate: pass a signed offset

crypto: bcm - Fix pointer arithmetic

scsi: qedf: Ensure the copied buf is NUL terminated

usb: atm: cxacru: fix endpoint checking in cxacru_bind()

drivers: core: synchronize really_probe() and dev_uevent()

af_unix: Fix garbage collector racing against connect()

net/iucv: Avoid explicit cpumask var allocation on stack

net: openvswitch: fix overwriting ct original tuple for ICMPv6

pinctrl: fix deadlock in create_pinctrl() when handling -EPROBE_DEFER

USB: class: cdc-wdm: Fix CPU lockup caused by excessive log messages

vmci: prevent speculation leaks by sanitizing event in event_deliver()

liquidio: Adjust a NULL pointer handling path in lio_vf_rep_copy_packet

drm/amdgpu: Using uninitialized value *size when calling amdgpu_vce_cs_reloc

tcp: Fix shift-out-of-bounds in dctcp_update_alpha().

tcp: Fix shift-out-of-bounds in dctcp_update_alpha(). (Adaptation)

x86: stop playing stack games in profile_pc()

mm: avoid overflows in dirty throttling logic

scsi: qedf: Make qedf_execute_tmf() non-preemptible

NFSv4: Fix memory leak in nfs4_set_security_label

scsi: mpt3sas: Avoid test/set_bit() operating in non-allocated memory

usb-storage: alauda: Fix uninit-value in alauda_check_media()

usb-storage: alauda: Check whether the media is initialized

usb-storage: alauda: Check whether the media is initialized (Adaptation)

hwmon: (w83793) Fix NULL pointer dereference by removing unnecessary structure field

hwmon: (w83792d) Fix NULL pointer dereference by removing unnecessary structure field

hwmon: (w83791d) Fix NULL pointer dereference by removing unnecessary structure field

hwmon: Fix NULL pointer dereference by removing unnecessary structure field

tap: add missing verification for short frame

tun: add missing verification for short frame

mlxsw: thermal: Fix out-of-bounds memory accesses

drm/amdgpu: add error handle to avoid out-of-bounds

drm/amdgpu: Fix signedness bug in sdma_v4_0_process_trap_irq()

nvmet: fix a possible leak when destroy a ctrl during qp establishment

nvmet-fc: release reference on target port

nvmet-fc: avoid deadlock on delete association path

wifi: cfg80211: restrict NL80211_ATTR_TXQ_QUANTUM values

wifi: cfg80211: restrict NL80211_ATTR_TXQ_QUANTUM values (Adaptation)

wifi: mt76: replace skb_put with skb_put_zero

net/sched: Fix UAF when resolving a clash

HID: hid-thrustmaster: fix OOB read in thrustmaster_interrupts

wifi: ath11k: fix htt pktlog locking

Out of scope: boot time issue

net: fix possible store tearing in neigh_periodic_work()

perf/x86/lbr: Filter vsyscall addresses

phy: ti: phy-omap-usb2: Fix NULL pointer dereference for SRP

wifi: ath11k: fix dfs radar event locking

scsi: libfc: Fix potential NULL pointer dereference in fc_lport_ptp_setup()

Input: synaptics-rmi4 - fix use after free in rmi_unregister_function()

mlxsw: spectrum_acl_tcam: Move devlink param to TCAM code

mlxsw: spectrum_acl_tcam: Fix NULL pointer dereference in error path

CVE Rejected

slub: don't panic for memcg kmem cache creation failure

mm, slub: fix potential memoryleak in kmem_cache_open()

nvmem: Fix shift-out-of-bound (UBSAN) with byte size cells

serial: core: fix transmit-buffer reset and memleak

USB: core: Fix hang in usb_kill_urb by adding memory barriers

firmware: arm_scpi: Fix string overflow in SCPI genpd driver

firmware: arm_scpi: Fix string overflow in SCPI genpd driver

drm/radeon: check the alloc_workqueue return value in radeon_crtc_init()

vt_ioctl: fix array_index_nospec in vt_setactivate

Input: aiptek - use descriptors of current altsetting

Input: aiptek - fix endpoint sanity check

Input: aiptek - properly check endpoint type

USB: core: Make do_proc_control() and do_proc_bulk() killable

usb: core: Don't hold the device lock while sleeping in do_proc_control()

tcp_metrics: validate source addr length

tcp_metrics: validate source addr length

phylib: fix potential use-after-free

drm/amdgpu: Fix a null pointer access when the smc_rreg pointer is NULL

drm/amdgpu/debugfs: fix error code when smc register accessors are NULL

netfilter: nf_tables: Reject tables of unsupported family

drm/amdgpu/mes: fix use-after-free issue

net: do not leave a dangling sk pointer, when socket creation fails

netns: Make get_net_ns() handle zero refcount net

firmware: cs_dsp: Fix overflow checking of wmfw header

firmware: cs_dsp: Fix overflow checking of wmfw header (adaptation)

wifi: mac80211: Avoid address calculations via out of bounds array indexing

udp: Set SOCK_RCU_FREE earlier in udp_lib_get_port().

firmware: cs_dsp: Use strnlen() on name fields in V1 wmfw files

firmware: cs_dsp: Prevent buffer overrun when processing V2 alg headers

CVE patch is for powerpc arch only

CVE patch is for powerpc arch only

sched/deadline: Fix task_struct reference leak

USB: core: Fix duplicate endpoint bug by clearing reserved bits in the descriptor

ppp: reject claimed-as-LCP but actually malformed packets

drm/radeon: check bo_va->bo is non-NULL before using it

The patch affects too much kernel code. Low impact CVE.

VMCI: Use struct_size() in kmalloc()

VMCI: Fix memcpy() run-time warning in dg_dispatch_as_host()

VMCI: Fix possible memcpy() run-time warning in vmci_datagram_invoke_guest_handler()

dmaengine: idxd: Fix oops during rmmod on single-CPU platforms

scsi: mpi3mr: Avoid memcpy field-spanning write WARNING

net: fix out-of-bounds access in ops_init

ipv6: prevent NULL dereference in ip6_output()

ipv6: fib6_rules: avoid possible NULL dereference in fib6_rule_action()

scsi: bnx2fc: Remove spin_lock_bh while releasing resources after upload

wifi: iwlwifi: read txq->read_ptr under lock

nfs: handle error of rpc_proc_register() in init_nfs_fs()

wifi: mac80211: Fix deadlock in ieee80211_sta_ps_deliver_wakeup()

wifi: iwlwifi: mvm: check n_ssids before accessing the ssids

mptcp: ensure snd_una is properly initialized on connect

wifi: iwlwifi: mvm: don't read past the mfuart notifcation

xfrm6: check ip6_dst_idev() return value in xfrm6_get_saddr()

ipv6: prevent possible NULL dereference in rt6_probe()

scsi: qedi: Fix crash while reading debugfs attribute

wifi: mt76: mt7921s: fix potential hung tasks during chip recovery

firmware: cs_dsp: Validate payload length before processing block

firmware: cs_dsp: Return error if block header overflows file

protect the fetch of ->fd[fd] in do_dup2() from mispredictions

ipvs: properly dereference pe in ip_vs_add_service

leds: trigger: Unregister sysfs attributes before calling deactivate()

devres: Fix memory leakage caused by driver API devm_free_percpu()

Patch introduced regression and was reverted later.

nbd: Low-score CVE. Patched function is called from a kthread and sleeps, which may prevent patching/unpatching.

tracing: Ensure visibility when inserting an element into tracing_map

drm/amdgpu: Fix the null pointer when load rlc firmware

net: ice: Fix potential NULL pointer dereference in ice_bridge_setlink()

dm: call the resume method on internal suspend

filelock: Remove locks reliably when fcntl/close race is detected

Input: add bounds checking to input_set_capability()

Input: elantech - fix stack out of bound access in elantech_change_report_id()

asix: fix uninit-value in asix_mdio_read()

HID: logitech-hidpp: Fix kernel crash on receiver USB disconnect

ACPI: processor_idle: Fix memory leak in acpi_processor_power_exit()

driver core: auxiliary bus: Fix memory leak when driver_register() fail

ACPI: fix NULL pointer dereference

watchdog: Fix possible use-after-free by calling del_timer_sync()

drm/amdgpu: Fix potential out-of-bounds access in 'amdgpu_discovery_reg_base_init()'

drm/i915/vma: Fix UAF on destroy against retire race

x86/mm/pat: fix VM_PAT handling in COW mappings

tunnels: fix out of bounds access when building IPv6 PMTU error

mlxsw: Verify the accessed index doesn't exceed the array length

mlxsw: spectrum: Protect driver from buggy firmware

gfs2: Remove ill-placed consistency check

gfs2: simplify gdlm_put_lock with out_free label

gfs2: Fix potential glock use-after-free on unmount

gfs2: Fix potential glock use-after-free on unmount

media: cec: cec-adap: always cancel work in cec_transmit_msg_fh

media: cec: core: avoid recursive cec_claim_log_addrs

media: cec: core: avoid recursive cec_claim_log_addrs kpatch

media: cec: cec-api: add locking in cec_release()

wifi: cfg80211: Lock wiphy in cfg80211_get_station

HID: i2c-hid-of: fix NULL-deref on failed power up

HID: i2c-hid-of: fix NULL-deref on failed power up

kyber: fix out of bounds access when preempted

ext4: fold quota accounting into ext4_xattr_inode_lookup_create()

ext4: remove duplicate definition of ext4_xattr_ibody_inline_set()

ext4: do not create EA inode under buffer lock

udp: do not accept non-tunnel GSO skbs landing in a tunnel

udp: do not accept non-tunnel GSO skbs landing in a tunnel

net, sunrpc: Remap EPERM in case of connection failure in xs_tcp_setup_socket

netpoll: Fix race condition in netpoll_owner_active

xfs: don't walk off the end of a directory data block

drm/radeon: fix UBSAN warning in kv_dpm.c

ext4: fix uninitialized ratelimit_state->lock access in __ext4_fill_super()

net/sched: act_api: fix possible infinite loop in tcf_idr_check_alloc()

xfs: add bounds checking to xlog_recover_process_data

tcp: refactor tcp_retransmit_timer()

net: tcp: fix unexcepted socket die when snd_wnd is 0

tcp: avoid too many retransmit packets

ptp: Fix possible memory leak in ptp_clock_register()

virtio-net: Add validation for used length

tty: Fix out-of-bound vmalloc access in imageblit

block: don't call rq_qos_ops->done_bio if the bio isn't tracked

lib/generic-radix-tree.c: Don't overflow in peek()

hwmon: (mlxreg-fan) Return non-zero value when fan current state is enforced from sysfs

fbmem: Do not delete the mode that is still in use

tun: limit printing rate when illegal packet received by tun dev

PCI/PM: Drain runtime-idle callbacks before driver removal

This CVE introduces a regression and is reverted by CVE-2024-42102 in the same errata

Complex adaptation required, low score patch for non critical subsystem amdgpu

cpufreq: amd-pstate: fix memory leak on CPU EPP exit

cpufreq: amd-pstate: fix memory leak on CPU EPP exit

nvme-fc: do not wait in vain when unloading module

nvme-fc: do not wait in vain when unloading module

dev/parport: fix the array out-of-bounds risk

ipv6: prevent possible NULL deref in fib6_nh_init()

tipc: Return non-zero value from tipc_udp_addr2str() on error

drm/i915/gt: Fix potential UAF by revoke of fence registers

of: module: add buffer overflow check in of_modalias()

nouveau: lock the client object tree

nouveau: lock the client object tree

KVM: Always flush async #PF workqueue when vCPU is being destroyed

KVM: Always flush async #PF workqueue when vCPU is being destroyed

net/mlx5e: Add wrapping for auxiliary_driver op and remove unused args

net/mlx5e: Fix netif state handling

netfilter: ipset: Add list flush to cancel_gc

netfilter: ipset: Fix race between namespace cleanup and gc in the list:set type

netfilter: ipset: Fix race between namespace cleanup and gc in the list:set type

netfilter: ipset: Fix suspicious rcu_dereference_protected()

bnxt_re: avoid shift undefined behavior in bnxt_qplib_alloc_init_hwq

r8169: Fix possible ring buffer corruption on fragmented Tx packets.

tipc: force a dst refcount before doing decryption

drm/i915/dpt: Make DPT object unshrinkable

ACPICA: Revert "ACPICA: avoid Info: mapping multiple BARs. Your kernel is fine."

netfilter: nf_tables: prefer nft_chain_validate

ELF: fix kernel.randomize_va_space double read

bpf: Fix overrunning reservations in ringbuf

bpf: Fix overrunning reservations in ringbuf (adaptation)

sctp: Fix null-ptr-deref in reuseport_add_sock().

netfilter: flowtable: initialise extack before use

dmaengine: fix NULL pointer in channel unregistration function

bonding: fix null pointer deref in bond_ipsec_offload_ok

lib/generic-radix-tree.c: Fix rare race in __genradix_ptr_alloc()

bonding: fix xfrm real_dev null pointer dereference

ibmvnic: rename local variable index to bufidx

ibmvnic: Add tx check to prevent skb leak

drm/amdgpu: avoid using null object of framebuffer

netfilter: nf_tables: fully validate NFT_DATA_VALUE on store to data registers

gfs2: Fix NULL pointer dereference in gfs2_log_flush

USB: serial: mos7840: fix crash on resume

USB: serial: mos7840: fix crash on resume kpatch

kobject_uevent: Fix OOB access within zap_modalias_env()

block: initialize integrity buffer to zero before writing it to media

mlxsw: spectrum_acl_erp: Fix object nesting warning

mlxsw: spectrum_acl_erp: Fix object nesting warning kpatch

Out of scope: This CVE modified the __init function which won't be available to patch as it is used during bootup time.

netfilter: nft_set_pipapo: do not free live element

netfilter: nf_tables: Fix potential data-race in __nft_flowtable_type_get()

xprtrdma: fix pointer derefs in error cases of rpcrdma_ep_create

dma-direct: Leak pages on dma_set_decrypted() failure

mm/memcg: minor cleanup for MEM_CGROUP_ID_MAX

mm: memcontrol: fix cannot alloc the maximum memcg ID

memcontrol: ensure memcg acquired by id is properly set up

memcg: protect concurrent access to mem_cgroup_idr

memcg: protect concurrent access to mem_cgroup_idr

Live-patching will introduce network performance degradation in the best case scenario, or even some more serious issues. N/A or Low cvss3 score from NVD or vendors.

Bluetooth: Fix TOCTOU in HCI debugfs implementation

netfilter: nf_conntrack_h323: Add protection for bmp length out of

gso: do not skip outer ip header in case of ipip and net_failover

netfilter: nftables: add helper function to flush set elements

netfilter: nft_set_pipapo: walk over current view on netlink dump

netfilter: nf_tables: missing iterator type in lookup walk

netfilter: nft_set_pipapo: walk over current view on netlink dump

Bluetooth: l2cap: fix null-ptr-deref in l2cap_chan_timeout

bpf: Add BPF_PROG_TYPE_CGROUP_SKB attach type enforcement in BPF_LINK_CREATE

mptcp: pm: Fix uaf in __timer_delete_sync

media: edia: dvbdev: fix a use-after-free

vsock/virtio: Initialization of the dangling pointer occurring in vsk->trans

blk-rq-qos: fix crash on rq_qos_wait vs. rq_qos_wake_function race

netfilter: nf_reject_ipv6: fix potential crash in nf_send_reset6()

selinux,smack: don't bypass permissions check in inode_setsecctx hook

net: avoid potential underflow in qdisc_pkt_len_init() with UFO

xfrm: validate new SA's prefixlen using SA family when sel.family is unset

xfrm: fix one more kernel-infoleak in algo dumping

arm64: Low-score CVE requiring adaptation that is hard to implement; targets very rare hardware

i40e: fix i40e_count_filters() to count only active/new filters

i40e: fix race condition by adding filter's intermediate sync state

i40e: fix race condition by adding filter's intermediate sync state

mptcp: cope racing subflow creation in mptcp_rcv_space_adjust

scsi: core: Fix unremoved procfs host directory regression

media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format

HID: core: zero-initialize the report buffer

ALSA: usb-audio: Fix potential out-of-bound accesses for Extigy and Mbox devices

scsi: megaraid_sas: Fix for a potential deadlock

PPS for embedded GPS devices. Irrelevant for servers.

can: bcm: Fix UAF in bcm_proc_show()

Out of scope: ARM64 architecture isn't supported for current kernel

ALSA: usb-audio: Fix out of bounds reads when finding clock sources

netfilter: ipset: add missing range check in bitmap_ip_uadt

hwmon: (coretemp) fix pci device refcount leak in nv1a_ram_new()

net/mlx5: Always stop health timer during driver removal

net/mlx5e: SHAMPO, Fix invalid WQ linked list unlink

vsock: Keep the binding until socket destruction

vsock: Orphan socket after transport release

wifi: rtw89: Fix array index mistake in rtw89_sta_info_get_iter()

Out of scope: User-mode Linux isn't supported for current kernel

cifs: fix double free race when mount fails in cifs_get_root()

security/keys: fix slab-out-of-bounds in key_task_permission

idpf: fix idpf_vc_core_init error path

ndisc: use RCU protection in ndisc_alloc_skb()

Bluetooth: Fix use after free in hci_send_acl

cifs: potential buffer overflow in handling symlinks

media: uvcvideo: Fix double free in error path

x86/microcode/AMD: Fix out-of-bounds on systems with CPU-less NUMA nodes

net: atm: fix use after free in lec_send()

misc/vmw_vmci: fix an infoleak in vmci_host_do_receive_datagram()

ext4: fix off-by-one error in do_split

ext4: ignore xattrs past end

media: uvcvideo: Remove dangling pointers

media: uvcvideo: Remove dangling pointers

media: uvcvideo: Remove dangling pointers

media: uvcvideo: Remove dangling pointers

tcp/dccp: Don't use timer_pending() in reqsk_queue_unlink().

net: ch9200: fix uninitialised access during mii_nway_restart

sched/fair: Fix potential memory corruption in child_cfs_rq_on_list

wifi: iwlwifi: limit printed string from FW file

ftrace: Fix NULL pointer dereference in is_ftrace_trampoline when ftrace is dead

HID: intel-ish-hid: Fix use-after-free issue in ishtp_hid_remove()

memstick: rtsx_usb_ms: Fix slab-use-after-free in rtsx_usb_ms_drv_remove

ext4: avoid resizing to a partial cluster size

crypto: algif_hash - fix double free in hash_accept

net_sched: hfsc: Fix a UAF vulnerability in class with netem as child qdisc

sch_hfsc: Fix qlen accounting bug when using peek in hfsc_enqueue()

net_sched: hfsc: Address reentrant enqueue adding class to eltree twice

Complex adaptation required. Low impact CVE

can: peak_usb: fix use after free bugs

padata: fix UAF in padata_reorder

ipv6: mcast: extend RCU protection in igmp6_send()

ipv6: mcast: extend RCU protection in igmp6_send()

wifi: rtw88: fix the 'para' buffer size to avoid reading out of bounds

net/ipv6: release expired exception dst cached in socket

mm/hugetlb: fix huge_pmd_unshare() vs GUP-fast race

drm/vkms: Fix use after free and double free on init error

drm/vkms: Fix use after free and double free on init error

net_sched: ets: Fix double list add in class with netem as child qdisc

i2c/designware: Fix an initialization issue

Bluetooth: hci_core: Fix use-after-free in vhci_flush()

module: use RCU to synchronize find_module

udp: Fix memory accounting leak.

i40e: fix MMIO write access to an invalid page in i40e_clear_hw

net/sched: sch_qfq: Fix race condition on qfq_aggregate

net/sched: sch_qfq: Fix race condition on qfq_aggregate

tipc: Fix use-after-free in tipc_conn_close().

RDMA/iwcm: Fix a use-after-free related to destroying CM IDs

RDMA/iwcm: Fix use-after-free of work objects after cm_id destruction

scsi: lpfc: Use memcpy() for BIOS version

x86 xen add xenpv restore regs and return to usermode

kpatch add alt asm definitions