net: fix a concurrency bug in l2tp_tunnel_register()

l2tp: Serialize access to sk_user_data with sk_callback_lock

l2tp: Don't sleep and disable BH under writer-side sk_callback_lock

net: sched: atm: dont intepret cls results when asked to drop

net: sched: cbq: dont intepret cls results when asked to drop

x86/bugs: Flush IBP in ib_prctl_set()

net: sched: disallow noqueue for qdisc classes

ipv6: raw: Deduct extension header length in rawv6_push_pending_frames

KVM: VMX: Execute IBPB on emulated VM-exit when guest has IBRS

net: mpls: fix stale pointer if allocation fails during device rename

rds: rds_rm_zerocopy_callback() use list_first_entry()

sched/rt: pick_next_rt_entity(): check list_entry

scsi: iscsi_tcp: Fix UAF during login when accessing the shost ipaddress

prlimit: do_prlimit needs to have a speculation check

fs: hfsplus: fix UAF issue in hfsplus_put_super

fbcon: Check font dimension limits

vc_screen: move load of struct vc_data pointer in vcs_read() to avoid UAF

USB: ene_usb6250: Allocate enough memory for full object

netfilter: ctnetlink: fix possible refcount leak in ctnetlink_create_conntrack()

xfs: fix up non-directory creation in SGID directories

tun: avoid double free in tun_free_netdev

xfs: verify buffer contents when we skip log replay

net: tls: fix possible race condition between do_tls_getsockopt_conf() and do_tls_setsockopt_conf()

i2c: xgene-slimpro: Fix out-of-bounds bug in xgene_slimpro_i2c_xfer()

net: qcom/emac: Fix use after free bug in emac_remove due to race condition

net: sched: fix race condition in qdisc_graft()

bpf: Fix incorrect verifier pruning due to missing register precision taints

net: sched: sch_qfq: prevent slab-out-of-bounds in qfq_activate_agg

netfilter: nf_tables: deactivate anonymous set from preparation phase

ipvlan:Fix out-of-bounds caused by unclear skb->cb

btrfs: check return value of btrfs_commit_transaction in relocation

btrfs: unset reloc control if transaction commit fails in prepare_to_relocate()

net/sched: flower: fix possible OOB write in fl_set_geneve_opt()

memstick: r592: Fix UAF bug in r592_remove due to race condition

kernel/relay.c: fix read_pos error when multiple readers

relayfs: fix out-of-bounds access in relay_file_read

vc_screen: don't clobber return value in vcs_read

vc_screen: modify vcs_size() handling in vcs_read()

ext4: improve error recovery code paths in __ext4_remount()

ext4: avoid a potential slab-out-of-bounds in ext4_group_desc_csum

This is a low priority CVE & the patch impacts many critical components of the networking subsystem & it requires multiple complex adaptations in those components to avoid losing existing connections on patch/unpatch.

netfilter: nf_tables: incorrect error path handling with NFT_MSG_NEWRULE

netfilter: nf_tables: prevent OOB access in nft_byteorder_eval

net/sched: cls_u32: Fix reference counter leak leading to overflow

net/sched: sch_qfq: account for stab overhead in qfq_enqueue

net/sched: cls_fw: Fix improper refcount update leads to use-after-free

hw: amd: Cross-Process Information Leak

A low priority AMD Inception vulnerability that affects Zen3/Zen4 & relates to RetBleed fixes requiring microcode updates, we can't do much about it in KCare Infra.

kpatch add alt asm definitions

kpatch add paravirt asm definitions

N/A

x86/CPU/AMD: Do not leak quotient data after a division by 0

net/sched: Retire rsvp classifier

igb: set max size RX buffer when store bad packet is enabled

igb: set max size RX buffer when store bad packet is enabled (adaptation)

netfilter: ipset: add the missing IP_SET_HASH_WITH_NET0 macro for ip_set_hash_netportnet.c

net/sched: sch_hfsc: Ensure inner classes have fsc curve

net: sched: sch_qfq: Fix UAF in qfq_dequeue()

net: sched: sch_qfq: Fix UAF in qfq_dequeue() (adaptation)

drm/amdgpu: Fix potential fence use-after-free v2

net/tls: do not free tls_rec on async operation in bpf_exec_tx_verdict()

af_unix: Fix null-ptr-deref in unix_stream_sendpage().

netfilter: xt_sctp: validate the flag_info count

netfilter: xt_u32: validate user space input

netfilter: xt_u32: validate user space input (adaptation)

netfilter: nfnetlink_osf: avoid OOB read

xfrm: add NULL check in xfrm_update_ae_params

net: xfrm: Fix xfrm_address_filter OOB read

ipv4: fix null-deref in ipv4_link_failure

ubi: refuse attaching if mtd's erasesize is 0

xen/events: replace evtchn_rwlock with RCU

xen/events: replace evtchn_rwlock with RCU (adaptation)

Complex adaptation required.

fs/jfs: Add a mutex named txEnd_lmLogClose_mutex to prevent a race condition between txEnd and lmLogClose functions

smb: client: fix OOB in smbCalcSize()

netfilter: nf_tables: reject QUEUE/DROP verdict parameters

arm64: arch is not supported

aoe: fix the potential use-after-free problem in aoecmd_cfg_pkts

llc: call sock_orphan() at release time

dm: limit the number of targets and parameter size area.

net: prevent mss overflow in skb_segment()

net: openvswitch: limit the number of recursions from action sets

vhost: use kzalloc() instead of kmalloc() followed by memset()

net: add atomic_long_t to net_device_stats fields

net: add atomic_long_t to net_device_stats fields

geneve: make sure to pull inner header in geneve_rx()

net/rds: fix WARNING in rds_conn_connect_if_down

netfilter: nf_conntrack_h323: Add protection for bmp length

ipvlan: Dont Use skb->sk in ipvlan_process_v{4,6}_outbound

genirq/cpuhotplug, x86/vector: Prevent vector leak during CPU offline

netfilter: tproxy: bail out if IP has been disabled on the device

netfilter: nfnetlink_queue: acquire rcu_read_lock() in instance_destroy_rcu()

virtio: delete vq in vp_find_vqs_msix() when request_irq() fails

tcp: Fix shift-out-of-bounds in dctcp_update_alpha().

tcp: Fix shift-out-of-bounds in dctcp_update_alpha().

kdb: Fix buffer overflow during tab-complete

netfilter: nf_tables: fully validate NFT_DATA_VALUE on store to data registers

pinctrl: fix deadlock in create_pinctrl() when handling -EPROBE_DEFER

x86: stop playing stack games in profile_pc()

SUNRPC: Fix RPC client cleaned up the freed pipefs dentries

net: relax socket state check at accept time.

filelock: Fix fcntl/close race recovery compat path

USB: core: Fix duplicate endpoint bug by clearing

udp: Set SOCK_RCU_FREE earlier in udp_lib_get_port().

filelock: fix potential use-after-free in posix_lock_inode

hfsplus: fix uninit-value in copy_name

tap: add missing verification for short frame

tun: add missing verification for short frame

tcp_metrics: validate source addr length

tcp_metrics: validate source addr length

mlxsw: spectrum_acl_erp: Fix object nesting warning

mlxsw: spectrum_acl_erp: Fix object nesting warning kpatch

driver core: Cast to (void *) with __force for __percpu pointer

devres: Fix memory leakage caused by driver API devm_free_percpu()

drm/amdkfd: don't allow mapping the MMIO HDP page with large pages

ata: libata-core: Fix null pointer dereference on error

drm/amdgpu: Using uninitialized value *size when calling amdgpu_vce_cs_reloc

ima: Fix use-after-free on a dentry's dname.name

VMCI: Fix use-after-free when removing resource in vmci_resource_remove()

Squashfs: sanity check symbolic link size

hwmon: (w83627ehf) Fix underflows seen when writing limit attributes

hwmon: (nct6775-core) Fix underflows seen when writing limit attributes

hwmon: (lm95234) Fix underflows seen when writing limit attributes

hwmon: (adc128d818) Fix underflows seen when writing limit attributes

ASoC: dapm: Fix UAF for snd_soc_pcm_runtime object

sch/netem: fix use after free in netem_dequeue

drm/amdgpu: fix mc_data out-of-bounds read warning

drm/amdgpu: fix ucode out-of-bounds read warning

of/irq: Prevent device address out-of-bounds read in interrupt map walk

ila: call nf_unregister_net_hooks() sooner