mm: enlarge stack guard gap

net: netfilter: try hard to allocate ftp_buffer

CLKRN-127:fs:proc:set correct permission to procfs entry

Fix race between inotify_handle_event() and sys_rename()

udp: consistently apply ufo or fragmentation

net/packet: fix overflow in check for priv area size, tp_frame_nr, tp_reserve

net-packet: fix race in packet_set_ring on PACKET_RESERVE

fixup disk errors on HyperV hosts

tcp: check skb tailroom before collapsing

fs/binfmt_elf.c: fix bug in loading of PIE binaries

don't set memory.swappiness by default

dccp: fix use-after-free (CVE-2017-8824)

meltdown: introduce gmb

add kernel page table isolation feature(aka KAISER)

kcpti: fix cpu hotplug crash

kcpti: ignore Xen PV guests

kcpti: map performance monitoring buffers

kcpti: align trampoline stack to 16

kcpti: free all shadow page table layers

kcpti: check present flag when removing global pte flag

kcpti: ignore AMD processors

kcpti: apply patch to Xen PV domains

spec_ctrl

spec_ctrl: print warning on {ibrs,ibpb}_enabled files creation failure

spec_ctrl: rescan cpuid when patch is loaded

kvm: nVMX: update last_nonleaf_level when initializing nested EPT

kvm: mmu: always terminate page walks at level 1

keys: prevent KEYCTL_READ on negative key

timerfd: Protect the might cancel mechanism proper

timerfd: Protect the might cancel mechanism proper (kpatch adaptation)

scsi: fix the issue that iscsi_if_rx doesn't parse nlmsg properly

ipsec: Fix aborted xfrm policy dump crash

ipsec: Fix aborted xfrm policy dump crash (kpatch adaptation)

posix-timer: Properly check sigevent->sigev_notify

kvm/x86: fix icebp instruction handling

x86/entry/64: Don't use IST entry for #BP stack

x86/entry/64: Don't use IST entry for #BP stack (kpatch adaptation)

tcp: avoid collapses in tcp_prune_queue() if possible

tcp: detect malicious patterns in tcp_collapse_ofo_queue()

fix for use-after-free bug via crafted system calls in mm/mempolicy.c:do_get_mempolicy()

drm: udl: Properly check framebuffer mmap offsets

Limit arg stack to at most 75% of _STK_LIM

nfsd: check for oversized NFSv2/v3 arguments

Bluetooth: Properly check L2CAP config option output buffer length

Sanitize 'move_pages()' permission checks

x86/mm/32: Enable full randomization on i386 and X86_32

[media] xc2028: avoid use after free

firewire: net: guard against rx buffer overflows

avoid overflow in vmw_surface_define_ioctl()

bio: avoid page leaks

hugetlbfs: remove superfluous page unlock in VM_SHARED case

netfilter: nfnetlink_cthelper: Add missing permission checks

netlink: Add netns check on taps

USB: core: prevent malicious bNumInterfaces overflow

netfilter: xt_TCPMSS: add more sanity tests on tcph->doff

dm: fix race between dm_get_from_kobject() and __dm_destroy()

Bluetooth: Prevent stack info leak from the EFS element.

Prevent flooding into debug port 0x80

Prevent flooding into debug port 0x80

ACPI: sbshc: remove raw pointer from printk() message.

futex: Prevent overflow by strengthen input validation

packet: fix races in fanout_add()

packet: Do not call fanout_release from atomic contexts

packet: hold bind lock when rebinding to fanout hook

packet: in packet_do_bind, test fanout with bind_lock held

assoc_array: Fix a buggy node-splitting case

ALSA: timer: Fix negative queue usage by racy accesses

ALSA: timer: fix NULL pointer dereference in read()/ioctl() race

ALSA: timer: Fix race between read and ioctl

ALSA: timer: Fix missing queue indices reset at SNDRV_TIMER_IOCTL_SELECT

ipc: mqueue: fix a use-after-free in sys_mq_notify()

[net] ipv6: Prevent overrun when parsing v6 header options

[net] ipv6: xfrm: Handle errors reported by xfrm6_find_1stfragopt()

[net] ipv6: Check ip6_find_1stfragopt() return value properly

[net] ipv6: Fix leak in ipv6_gso_segment()

perf/hwbp: Simplify the perf-hwbp code, fix documentation

netfilter: ebtables: CONFIG_COMPAT: don't trust userland offsets

xfrm: policy: check policy direction value

provide with option to switch compat32 v4l ioctls on and off.

alsa: seq: Make ioctls race-free

Speculative Store Bypass mitigation

Add disable SMT knob

Setup L1TF bug bit

Add ability to flush l1d cache on vmexit

net: create skb_gso_validate_mac_len()

perf/core: Fix concurrent sys_perf_event_open() vs. 'move_group' race

ALSA: seq: Fix racy pool initializations

introduce barrier_nospec() and array_index_nospec() (adaptation, 862.2.3.el7)

fix regression when using the last syscall on x86 (adaptation, 693.11.1.el7-kernels)

fix regression for ipv6 in latest kernels after spectre commit (adaptation)

fix possible deadlock with mutex within SCSI libsas (adaptation)

ext4: validate s_first_meta_bg at mount time

sctp: avoid BUG_ON on sctp_wait_for_sndbuf

scsi: target: iscsi: Use hex2bin instead of a re-implementation

scsi: target: iscsi: Use bin2hex instead of a re-implementation

[fs] xfs: don't fail when converting shortform attr to long form during ATTR_REPLACE

[fs] ext4: add more inode number paranoia checks

ext4: never move the system.data xattr out of the inode body

Bluetooth: hidp: buffer overflow in hidp_process_report

ext4: handle the rest of ext4_mb_load_buddy() ENOMEM errors

net/packet: fix a race in packet_bind() and packet_notifier()

binfmt_elf: switch to new creds when switching to new mm

MDS CPU Side-channel Attacks mitigation

[net] tcp: pass previous skb to tcp_shifted_skb()

[net] tcp: limit payload size of sacked skbs

[net] tcp: tcp_fragment() should apply sane memory limits

[net] tcp: add tcp_min_snd_mss sysctl

[net] tcp: enforce tcp_min_snd_mss in tcp_mtu_probing()

fs: ext4: dont't mask __GFP_NOFAIL when working with s_buddy_cache

net: Set sk_prot_creator when cloning sockets to the right proto

proc: restrict kernel stack dumps to root

Mitigation of SWAPGS Spectre gadget

brcmfmac: assure SSID length from firmware is limited

sunrpc: use-after-free in svc_process_common()

CVE-2018-16884 kpatch adaptation

host: make sure log_num < in_num

KVM: coalesced_mmio: add bounds checking

tcp: purge write queue in tcp_connect_init()

[drm] drm/i915/gtt: Add read only pages to gen8_pte_encode

[drm] erm/i915/gtt: Read-only pages for insert_entries on bdw+

[drm] drm/i915/gtt: Disable read-only support under GVT

[drm] drm/i915: Rename gen7 cmdparser tables

[drm] drm/i915: Disable Secure Batches for gen6+

[drm] drm/i915: Remove Master tables from cmdparser

[drm] drm/i915: Add support for mandatory cmdparsing

[drm] drm/i915: Support ro ppgtt mapped cmdparser shadow buffers

[drm] drm/i915: Allow parsing of unsized batches

[drm] drm/i915: Add gen9 BCS cmdparsing

[drm] drm/i915/cmdparser: Add support for backward jumps

[drm] drm/i915/cmdparser: Ignore Length operands during command matching

[drm] drm/i915/gen8+: Add RC6 CTX corruption WA

[drm] drm/i915/gen8+: Add RC6 CTX corruption WA

[drm] drm/i915: Lower RM timeout to avoid DSI hard hangs

[drm] drm/i915/cmdparser: Fix jump whitelist clearing

KVM: x86: fix out-of-bounds write in KVM_GET_EMULATED_CPUID

mwifiex: Fix three heap overflow at parsing element in cfg80211_ap_settings

Heap Overflow in mwifiex_process_country_ie() function of Marvell Wifi Driver

mwifiex: Fix heap overflow in mmwifiex_process_tdls_action_frame()

cfg80211: wext: avoid copying malformed SSIDs

x86: kvm: Do not release the page inside mmu_set_spte() (CVE-2018-12207 prerequirement)

CVE-2018-12207 prerequirement - code cleanup and simplification

x86: kvm: change kvm_mmu_page_get_gfn BUG_ON to WARN_ON (CVE-2018-12207 prerequirement)

x86: kvm: vmx,svm: always run with EFER.NXE=1 when shadow paging is active (CVE-2018-12207 prerequirement)

kvm: Convert kvm_lock to a mutex (CVE-2018-12207 prerequirement)

kvm: mmu: ITLB_MULTIHIT mitigation (adaptation)

[wireless] rtlwifi: Fix potential overflow on P2P code

[x86] kvm: x86: do not modify masked bits of shared MSRs

[kernel] mm: optimize dev_pagemap reference counting around get_dev_pagemap

[mm] gup: don't leak pte_devmap references in the gup slow paths

[mm] mm/hugetlb.c: __get_user_pages ignores certain follow_hugetlb_page errors

[mm] mm: prevent get_user_pages() from overflowing page refcount

x86/speculation: Add Special Register Buffer Data Sampling (SRBDS) mitigation

mm: don't use "overdraft" feature if oom_guarantee is zero

mm: don't use "overdraft" feature if oom_guarantee is zero (adaptation)

[netdrv] brcmfmac: add subtype check for event handling in data path

[usb] check usb_get_extra_descriptor for proper size

[usb] hso: Fix OOB memory access in hso_probe/hso_get_config_data

[net] bluetooth: hidp: fix buffer overflow

[sound] ALSA: info: Fix racy addition/deletion of nodes

[sound] ALSA: core: Fix card races between register and disconnect

[net] tun: call dev_get_valid_name() before register_netdevice()

[net] tun: allow positive return values on dev_get_valid_name() call

[security] KEYS: Strip trailing spaces

[security] KEYS: remove unnecessary get/put of explicit dest_keyring

[security] KEYS: add missing permission check for request_key() destination

drm: move edid property update and add modes out of edid firmware loader

[drm] drm/edid: Fix a missing-check bug in drm_load_edid_firmware()

[net] sysfs: Fix mem leak in netdev_register_kobject

[media] cx24116: fix a buffer overflow when checking userspace params

HID: Fix assumption that devices have inputs

pinctrl: Delete an error message

pinctrl: devicetree: Avoid taking direct reference to device name string

perf/core: Fix race in the perf_mmap_close() function

netfilter: ctnetlink: add a range check for l3/l4 protonum

tty/vt: fix write/write race in ioctl(KDSKBSENT) handler

tty: keyboard, do not speculate on func_table index

vt: keyboard, simplify vt_kdgkbsent

vt: keyboard, extend func_buf_lock to readers

vt: keyboard, rename i to kb_func in vt_do_kdgkb_ioctl

vt: keyboard, reorder user buffer handling in vt_do_kdgkb_ioctl

tty: Fix ->pgrp locking in tiocspgrp()

af_unix: fix struct pid memory leak

af_unix: fix struct pid memory leak (adaptation)

scsi: iscsi: Restrict sessions and handles to admin capabilities

sysfs: Add sysfs_emit and sysfs_emit_at to format sysfs output (CVE-2021-27365 dependency)

scsi: iscsi: Ensure sysfs attributes are limited to PAGE_SIZE

scsi: iscsi: Verify lengths on passthrough PDUs

RDMA/cma: Add missing locking to rdma_accept()

RDMA/ucma: Fix the locking of ctx->file

RDMA/ucma: Fix locking for ctx->events_reported

RDMA/ucma: Rework ucma_migrate_id() to avoid races with destroy

cgroup-v1: Require capabilities to set release_agent

[bluetooth] Bluetooth: hci_uart: check for missing tty operations

[block] floppy: fix out-of-bounds read in copy_buffer

[sound] ALSA: line6: Fix write on zero-sized buffer

[sound] ALSA: line6: Fix memory leak at line6_init_pcm() error path

[fs] dcache: allow word-at-a-time name hashing with big-endian CPUs

[lib] siphash: add cryptographically secure PRF

[net] inet: switch IP ID generator to siphash

[kernel] perf/core: Fix perf_event_open() vs. execve() race

cfg80211: add and use strongly typed element iteration macros

ieee80211: fix for_each_element_extid()

cfg80211: Use const more consistently in for_each_element macros

[net] mac80211: Do not send Layer 2 Update frame before authorization

[net] nl80211: validate beacon head

netlabel: cope with NULL catmap

tracing: Fix possible double free on failure of allocating trace buffer

blktrace: fix dereference after null check

kernel: memory corruption in Voice over IP nf_conntrack_h323 module

vfio: access to disabled MMIO space of some devices may lead to DoS scenario

vfio: access to disabled MMIO space of some devices may lead to DoS scenario

HID: hiddev: avoid opening a disconnected device

mwifiex: Fix possible buffer overflows in mwifiex_cmd_append_vsie_tlv()

mwifiex: Fix possible buffer overflows in mwifiex_ret_wmm_get_status()

floppy: check FDC index for errors before assigning it

vgacon: Fix a UAF in vgacon_invert_region

ipv6: constify ip6_dst_lookup_{flow|tail}() sock arguments

net: ipv6: add net argument to ip6_dst_lookup_flow

net: ipv6_stub: use ip6_dst_lookup_flow instead of ip6_dst_lookup

net: ipv6_stub: ip6_dst_lookup_flow (adaptation)

vhost: Check docket sk_family instead of call getname

mm: mempolicy: require at least one nodeid for MPOL_PREFERRED

Input: add safety guards to input_set_keycode

Incorrect version of patch were initially used. Work on correct fix is in progress.

fs/binfmt_elf.c: allocate initialized memory in fill_thread_core_info

signal: Extend exec_id to 64bits

signal: Extend exec_id to 64bits (adaptation)

scsi: sg: add sg_remove_request in sg_write

nfs: Correct an nfs page array calculation error

selinux: properly handle multiple messages in selinux_netlink_send

mISDN: enforce CAP_NET_RAW for raw sockets

ieee802154: enforce CAP_NET_RAW for raw sockets

net: sit: fix memory leak in sit_init_net()

scsi: qla2xxx: fix a potential NULL pointer dereference

fjes: Handle workqueue allocation failure.

scsi: libsas: delete sas port if expander discover failed

media: usb:zr364xx:Fix KASAN:null-ptr-deref Read in zr364xx_vidioc_querycap

fs/proc/proc_sysctl.c: fix NULL pointer dereference in put_links

fs/proc/proc_sysctl.c: Fix a NULL pointer dereference

can: peak_usb: fix slab info leak

ext4: work around deleting a file with i_nlink == 0 safely

i2c: core-smbus: prevent stack corruption on read I2C_BLOCK_DATA

Input: ff-memless - kill timer in destroy()

rtlwifi: prevent memory leak in rtl_usb_probe

crypto: user - fix memory leak in crypto_report

media: v4l: event: Prevent freeing event subscriptions while accessed

media: v4l: event: Prevent freeing event subscriptions while accessed (adaptation)

ext4: validate the debug_want_extra_isize mount option at parse time

ext4: forbid i_extra_isize not divisible by 4

ext4: fix support for inode sizes > 1024 bytes

USB: adutux: fix use-after-free on disconnect

usb: cdc-acm: make sure a refcount is taken early enough

USB: core: Fix races in character device registration and deregistraion

[net] sock: backport __sock_queue_rcv_skb()

[net] bluetooth: split sk_filter in l2cap_sock_recv_cb

Bluetooth: L2CAP: Fix calling sk_filter on non-socket based channel

Bluetooth: A2MP: Fix not initializing all members

net-sysfs: call dev_hold if kobject_init_and_add success

net-sysfs: Call dev_hold always in netdev_queue_add_kobject

net-sysfs: Call dev_hold always in rx_queue_add_kobject

Fix for missing check in vgacon scrollback handling

futex: Replace pointless printk in fixup_owner()

futex: Provide and use pi_state_update_owner()

futex: Handle faults correctly for PI futexes

Out of scope as the bpf/verifier is not implemented in this kernel yet

Out of scope as the bpf/verifier is not implemented in this kernel yet

vt: selection, close sel_buffer race

Mitigation is made with intel firmware update, el8 kernels also need 'i915.enable_guc' specified in cmdline to be affected

Mitigation is made with intel firmware update, el-kernels also need 'i915.enable_guc' specified in cmdline to be affected

Mitigation is made with intel firmware update, el-kernels also need 'i915.enable_guc' specified in cmdline to be affected

seq_file: Disallow extremely large seq buffer allocations

Out of scope as the patch is for powerpc arch only, x86_64 is not affected

netfilter: x_tables: fix compat match/target pad out-of-bound write

bpf, x86: Validate computation of branch displacements for x86-64

netfilter: x_tables: make xt_replace_table wait until old

netfilter: x_tables: Use correct memory barriers.

bluetooth: eliminate the potential race condition when removing the

firewire: firedtv-avc: potential buffer overflow

media: firewire: firedtv-avc: fix a buffer overflow

[media] firewire: don't break long lines

media: firewire: firedtv-avc: fix a buffer overflow

fuse: fix bad inode

HID: core: Sanitize event code and type when mapping input

do_epoll_ctl(): clean the failure exits up a bit

af_unix: fix garbage collect vs MSG_PEEK

af_unix: fix garbage collect vs MSG_PEEK (adaptation)

Bluetooth: fix the erroneous flush_work() order

Bluetooth: use correct lock to prevent UAF of hdev object

Bluetooth: fix use-after-free error in lock_sock_nested()

xfs: map unwritten blocks in XFS_IOC_{ALLOC,FREE}SP just like

drm/i915: Flush TLBs before releasing backing store

RDMA/cma: Do not change route.addr.src_addr.ss_family

fget: check that the fd still exists after getting a ref to it

fget: check that the fd still exists after getting a ref to it

fget: check that the fd still exists after getting a ref to it (adaptation)

perf: Fix sys_perf_event_open() race against self

netfilter: nf_tables: disallow non-stateful expression in

x86/speculation/mmio: Add mitigation for Processor MMIO Stale Data

net_sched: cls_route: remove from list when handle is 0

Livepatching Retbleed may decrease kernel stability and performance. This vulnerability has medium security impact and applies to certain hardware environments only.

Livepatching Retbleed may decrease kernel stability and performance. This vulnerability has medium security impact and applies to certain hardware environments only.

Livepatching Retbleed may decrease the stability and performance of the kernel, while vulnerability has a medium security impact and only for a certain hardware environment.

Livepatching Retbleed may decrease kernel stability and performance. This vulnerability has medium security impact and applies to certain hardware environments only.

Livepatching Retbleed may decrease the stability and performance of the kernel, while vulnerability has a medium security impact and only for a certain hardware environment.

net: usb: ax88179_178a: fix packet alignment padding

ax88179_178a: Merge memcpy + le32_to_cpus to get_unaligned_le32

net: usb: Merge cpu_to_le32s + memcpy to put_unaligned_le32

net: usb: ax88179_178a: Fix out-of-bounds accesses in RX fixup

net: usb: ax88179_178a: Fix packet receiving

An introduction of required changes through KernelCare could cause unavoidable problems to applications which use unprivileged eBPF.

proc: avoid integer type confusion in get_proc_long

proc: proc_skip_spaces() shouldn't think it is working on C strings

Restrict access to pagemap/kpageflags/kpagecount

vmx_vcpu_run wrapper

nfsd: COPY and CLONE operations require the saved filehandle to be set

ipmi_si: fix use-after-free of resource->name

ALSA: seq: Fix racy pool initializations (kpatch adaptation due CVE-2018-1000004)