media: usb: fix memory leak in af9005_identify_state

add function ptr_to_id() in order not to leak kernel layout info

net: qlogic: Fix memory leak in ql_alloc_large_buffers

vhost: Check docket sk_family instead of call getname

mwifiex: Fix three heap overflow at parsing element in

vt: selection, close sel_buffer race

floppy: check FDC index for errors before assigning it

scsi: libsas: stop discovering if oob mode is disconnected

kernel: kvm: out-of-bounds access in ioapic indirect register reads

HID: Fix assumption that devices have inputs

dccp: Fix memleak in __feat_register_sp

slcan: Don't transmit uninitialized stack data in padding

vgacon: Fix a UAF in vgacon_invert_region

include/linux/relay.h: fix percpu annotation in struct rchan

crypto: user - fix leaking uninitialized memory to userspace

HID: hiddev: avoid opening a disconnected device

blktrace: Protect q->blk_trace with RCU

blktrace: Protect q->blk_trace with RCU

net/flow_dissector: switch to siphash

net/flow_dissector: switch to siphash

[wireless] brcmfmac: add subtype check for event handling in data path

mwifiex: pcie: Fix memory leak in mwifiex_pcie_init_evt_ring

media: stv06xx: add missing descriptor sanity checks

media: xirlink_cit: add missing descriptor sanity checks

brcmfmac: assure SSID length from firmware is limited

fix use-after-free in drivers/net/phy/mdio_bus.c

Heap Overflow in add_ie_rates() function of Marvell Wifi Driver in Linux kernel

net/mlx5: prevent memory leak in mlx5_fpga_conn_create_cq

mwifiex: pcie: Fix memory leak in mwifiex_pcie_alloc_cmdrsp_buf

ieee802154: atusb: fix use-after-free at disconnect

USB: core: Fix races in character device registration and deregistraion

ext4: fix use-after-free race with debug_want_extra_isize

Input: add safety guards to input_set_keycode()

KVM: SVM: Fix potential memory leak in svm_cpu_init()

coredump: fix race condition between

coredump: fix race condition between mmget_not_zero()/get_task_mm()

media: technisat-usb2: break out of loop at end of buffer

iwlwifi: dbg_ini: fix memory leak in alloc_sgtable

x86/speculation: Add Special Register Buffer Data Sampling (SRBDS) mitigation

can: peak_usb: fix slab info leak

media: ttusb-dec: Fix info-leak in ttusb_dec_send_command()

Incorrect version of patch were initially used. Work on correct fix is in progress.

netlabel: fixed possible NULL pointer dereference issue while importing some category bitmap into SELinux

fixed possible memory corruption in mwifiex kernel module

can: peak_usb: pcan_usb_pro: Fix info-leaks to USB devices

ALSA: info: Fix racy addition/deletion of nodes

ALSA: core: Fix card races between register and disconnect

p54usb: Fix race between disconnect and firmware loading

USB: core: Fix free-while-in-use bug in the USB S-Glibrary

media: rc: prevent memory leak in cx23888_ir_probe

scsi: mptfusion: Fix double fetch bug in ioctl

xfs: add agf freeblocks verify in xfs_agf_verify

mm: Fix mremap not considering huge pmd devmap

mwifiex: Fix possible buffer overflows in mwifiex_cmd_append_vsie_tlv()

mwifiex: Fix possible buffer overflows in mwifiex_ret_wmm_get_status()

scsi: sg: add sg_remove_request in sg_write

block, bfq: fix use-after-free in bfq_idle_slice_timer_body

N/A

bpf: Prevent memory disambiguation attack

x86/speculation: Prevent rogue cross-process SSBD shutdown

x86/speculation: Avoid force-disabling IBPB based on STIBP and enhanced IBRS.

x86/speculation: PR_SPEC_FORCE_DISABLE enforcement for indirect branches.

x86/speculation: Avoid force-disabling IBPB based on STIBP and enhanced IBRS. (kpatch adaptation)

N/A

of: unittest: fix memory leak in attach_node_and_children

iwlwifi: pcie: fix rb_allocator workqueue allocation

ext4: work around deleting a file with i_nlink == 0 safely

fs/binfmt_elf.c: allocate initialized memory in fill_thread_core_info()

libertas: fix a potential NULL pointer dereference

ext4: fix ext4_empty_dir() for directories with holes

crypto: user - fix memory leak in crypto_report

net-sysfs: call dev_hold if kobject_init_and_add success

vfio: access to disabled MMIO space of some devices may lead to DoS scenario

vfio: access to disabled MMIO space of some devices may lead to DoS scenario

can: peak_usb: pcan_usb_fd: Fix info-leaks to USB devices

fixed buffer overflow in cfg80211_mgd_wext_giwessid() in net/wireless/wext-sme.c which does not reject a long SSID IE

bcache: fix potential deadlock problem in btree_gc_coalesce

media: usb: siano: Fix general protection fault in smsusb

can: gs_usb: gs_can_open(): prevent memory leak

rtlwifi: prevent memory leak in rtl_usb_probe

ath10k: fix memory leak

scsi: bfa: release allocated memory in case of error

mac80211: fix station inactive_time shortly after boot

af_packet: set defaule value for tmo

ath9k: release allocated buffer if timed out

nl80211: fixed buffer overflow when handling beacon settings

propagate_one(): mnt_set_mountpoint() needs mount_lock

fixed incomplete patch for CVE-2019-11599

selinux: properly handle multiple messages in selinux_netlink_send()

ath9k_htc: release allocated buffer if timed out

crypto: authenc - fix parsing key with misaligned rta_len

sunrpc: use-after-free in svc_process_common()

inet: switch IP ID generator to siphash (kpatch adaptation)

inet: switch IP ID generator to siphash (kpatch adaptation)

vhost_net: fix possible infinite loop

RDMA/cxgb4: Do not dma memory off of the stack

btrfs: refactor btrfs_find_device() take fs_devices as argument

btrfs: merge btrfs_find_device and find_device

nfsd: apply umask on fs without ACL support

Revert "zram: convert remaining CLASS_ATTR() to CLASS_ATTR_RO()

Revert "zram: convert remaining CLASS_ATTR() to CLASS_ATTR_RO()

Fix for missing check in vgacon scrollback handling

random32: update the net random state on interrupt and activity

sctp: implement memory accounting on tx path

sctp: implement memory accounting on rx path

make 'user_access_begin()' do 'access_ok()'

net/packet: fix overflow in tpacket_rcv

nfs: Fix getxattr kernel panic and memory overflow

ext4: fix potential negative array index in do_split()

rbd: require global CAP_SYS_ADMIN for mapping and unmapping

mm/hugetlb: fix a race between hugetlb sysctl handlers

hdlc_ppp: add range checks in ppp_cp_parse_cr()

UBUNTU: SAUCE: nbd_genl_status: null check for nla_nest_start

btrfs only search for left_info if there is no right_info

netfilter: ctnetlink: add a range check for l3/l4 protonum

geneve: add transport ports in route lookup for geneve

cgroup: fix cgroup_sk_alloc() for sk_clone_lock()

cgroup: Fix sock_cgroup_data on big-endian.

cgroup: add missing skcd->no_refcnt check in cgroup_sk_clone()

xfs: fix boundary test in xfs_attr_shortform_verify

block: allow for_each_bvec to support zero len bvec

powercap: make attributes only readable by root

powercap: make attributes only readable by root (adaptation)

[net] Bluetooth: A2MP: Fix not initializing all members

tty/vt: fix write/write race in ioctl(KDSKBSENT) handler

vt: keyboard, simplify vt_kdgkbsent

vt: keyboard, extend func_buf_lock to readers

tty: make FONTX ioctl use the tty pointer they were actually passed

perf/core: Fix a memory leak in perf_event_parse_addr_filter()

vt: Disable KD_FONT_OP_COPY

btrfs: inode: Verify inode mode to avoid NULL pointer dereference

UBUNTU: SAUCE: target: fix XCOPY NAA identifier lookup

UBUNTU: SAUCE: target: fix XCOPY NAA identifier lookup (adaptation )

limit size of watch_events dom0 queue.

handle xenwatch_thread patching.

set ring->xenblkd to NULL explicitly

perf/core: Fix race in the perf_mmap_close() function

fbcon: Fix global-out-of-bounds read in fbcon_get_font()

fbcon: Fix global-out-of-bounds read in fbcon_get_font()

block: Fix use-after-free in blkdev_get()

fix a tty8250 serial driver.

net: icmp: fix data-race in cmp_global_allow()

icmp: randomize the global rate limiter

thp: make the THP mapcount atomic against __split_huge_pmd_locked()

tty: Fix ->pgrp locking in tiocspgrp()

tty: Fix ->session locking

mwifiex: Fix possible buffer overflows in mwifiex_cmd_802_11_ad_hoc_start

xen-blkback: fix error handling in xen_blkbk_map()

Xen/x86: don't bail early from clear_foreign_p2m_mapping()

Xen/x86: also check kernel mapping in set_foreign_p2m_mapping()

Xen/gntdev: correct dev_bus_addr handling in gntdev_map_grant_pages()

Xen/gntdev: correct error checking in gntdev_map_grant_pages()

xen-blkback: don't "handle" error by BUG()

xen-netback: don't "handle" error by BUG()

xen-scsiback: don't "handle" error by BUG()

xen-blkback: fix error handling in xen_blkbk_map()

ovl: pass correct flags for opening real directory

ovl: switch to mounter creds in readdir

ovl: verify permissions in ovl_path_open()

futex: Ensure the correct return value from futex_lock_pi

futex: Simplify fixup_pi_state_owner

futex: Replace pointless printk in fixup_owner

futex: Provide and use pi_state_update_owner

futex: Handle faults correctly for PI futexes

nbd: freeze the queue while we're adding connections

scsi: iscsi: Restrict sessions and handles to admin

scsi: iscsi: Verify lengths on passthrough PDUs

scsi: iscsi: Ensure sysfs attributes are limited to PAGE_SIZE

sysfs: Add sysfs_emit and sysfs_emit_at to format sysfs (dependency)

Xen/gnttab: handle p2m update errors on a per-slot basis

bpf: Prohibit alu ops for pointer types not defining ptr_limit

bpf: Fix off-by-one for area size in creating mask to left

bpf: Simplify alu_limit masking for pointer arithmetic

bpf: Add sanity check for upper ptr_limit

ext4: handle error of ext4_setup_system_zone() on remount

perf/x86/intel: Fix a crash caused by zero PEBS status

btrfs: fix race when cloning extent buffer during rewind of an old

netfilter: x_tables: make xt_replace_table wait until old

netfilter: x_tables: Use correct memory barriers.

xen-blkback: don't leak persistent grants from xen_blkbk_map()

bpf, x86: Validate computation of branch displacements for x86-64

IBM Power9 is unsupported

dm ioctl: fix out of bounds array access when no devices

netfilter: x_tables: fix compat match/target pad out-of-bound write

sctp: delay auto_asconf init until binding the first addr

race condition for removal of the HCI controller.

Bluetooth: verify AMP hci_chan before amp_destroy

Bluetooth: verify AMP hci_chan before amp_destroy (kcare adaptation)

net: mac802154: Fix general protection fault

cipso,calipso: resolve a number of problems with the DOI refcounts

seq_file: Disallow extremely large seq buffer allocations

net/mlx4_en: ethtool, Remove unsupported SFP EEPROM high

net/mlx4: Fix EEPROM dump support

Out of scope as the patch is for NFC/Android

Out of scope as the patch is for NFC/Android

Out of scope as the patch is for NFC/Android

KVM: nSVM: do not change host intercepts while nested VM is running (CVE-2021-3656 dependency)

KVM: nSVM: always intercept VMLOAD/VMSAVE when nested

KVM: nSVM: avoid picking up unsupported bits from L2 in int_ctl

KVM: nSVM: avoid picking up unsupported bits from L2 in int_ctl (adaptation)

can: bcm: fix infoleak in struct bcm_msg_head

Input: joydev - prevent use of not validated data in JSIOCSBTNMAP

Out of scope as the patch is for NFC/Android

mac80211: assure all fragments are encrypted

mac80211: add fragment cache to sta_info

mac80211: prevent mixed key and fragment cache attacks

mac80211: prevent mixed key and fragment cache attacks

mac80211: prevent mixed key and fragment cache attacks

mac80211: prevent mixed key and fragment cache attacks

mac80211: prevent mixed key and fragment cache attacks

cfg80211: mitigate A-MSDU aggregation attacks

can: bcm: delay release of struct bcm_op after synchronize_rcu

KVM: do not allow mapping valid but non-reference-counted pages

Bluetooth: fix the erroneous flush_work() order

Bluetooth: use correct lock to prevent UAF of hdev object

sctp: validate from_addr_param return

sctp: add size validation when walking chunks

virtio_console: Assure used length from device is limited

tracing: Fix bug in rb_per_cpu_empty() that might cause deadloop.

ext4: fix race writing to an inline_data file while its

fuse: fix bad inode

fuse: fix live lock in fuse_iget()

af_unix: fix garbage collect vs MSG_PEEK

af_unix: fix garbage collect vs MSG_PEEK (adaptation)

fs: add fget_many() and fput_many() (dependency)

fget: check that the fd still exists after getting a ref to

xfs: map unwritten blocks in XFS_IOC_{ALLOC,FREE}SP just like

cgroup-v1: Require capabilities to set release_agent

Initialize registers to avoid stack leak into userspace.

lib/iov_iter: initialize "flags" in new pipe_buffer

lib/timerqueue: Rely on rbtree semantics for next timer

lib/timerqueue: Rely on rbtree semantics for next timer (adaptation)

hugetlbfs: flush TLBs correctly after huge_pmd_unshare

btrfs: unlock newly allocated extent buffer after error

drm/i915: Flush TLBs before releasing backing store

drm/i915: Flush TLBs before releasing backing store (kpatch adaptation)

stale file descriptors on failed usercopy

NFSv4: Handle case where the lookup of a directory fails

tipc: improve size validations for received domain records

udf: Restore i_lenAlloc when inode expansion fails

udf: Fix NULL ptr deref when converting from inline format

ipv4: avoid using shared IP generator for connected sockets

sr9700: sanity check for packet length

An introduction of required changes through KernelCare could cause unavoidable problems to applications which use unprivileged eBPF.

esp: Fix possible buffer overflow in ESP transformation

NFSv4: Initialise connection to the server in nfs4_alloc_client()

Not affected without certain conditions - Secure Boot, configured kgdb/kdb. Complex adaptation

memstick: rtsx_usb_ms: fix UAF

xen/grant-table: add gnttab_try_end_foreign_access()

xen/xenbus: Fix granting of vmalloc'd memory

xen/xenbus: don't let xenbus_grant_ring() remove grants in error case

xen/scsifront: don't use gnttab_query_foreign_access() for mapped status

xen/gntalloc: don't use gnttab_query_foreign_access()

xen/9p: use alloc/free_pages_exact()

ALSA: pcm: Fix races among concurrent read/write and buffer changes

ALSA: pcm: Fix races among concurrent prealloc proc writes

ALSA: pcm: Fix races among concurrent prepare and

ALSA: pcm: Fix races among concurrent hw_params and hw_free

N/A

x86/speculation/mmio: Add mitigation for Processor MMIO Stale Data

floppy: use a statically allocated error counter

floppy: use a statically allocated error counter (kpatch adaptation)

net_sched: cls_route: remove from list when handle is 0

rds: copy_from_user only once per rds_sendmsg system call

scsi: target: Fix protect handling in WRITE SAME(32)

scsi: target: Fix WRITE_SAME No Data Buffer crash

af_key: Do not call xfrm_probe_algs in parallel

media: em28xx: initialize refcount before kref_get

proc/sysctl: fix return error for proc_doulongvec_minmax()

proc: avoid integer type confusion in get_proc_long

proc: proc_skip_spaces() shouldn't think it is working on C strings

scsi: stex: Properly zero out the passthrough command structure

mISDN: fix use-after-free bugs in l1oip timer handlers

mISDN: fix use-after-free bugs in l1oip timer handlers (adaptation)

ALSA: pcm: oss: Fix race at SNDCTL_DSP_SYNC

tcp/udp: Fix memory leak in ipv6_renew_options()

Bluetooth: L2CAP: fix use-after-free in l2cap_conn_del()

Bluetooth: L2CAP: Fix attempting to access uninitialized memory

Bluetooth: L2CAP: Fix l2cap_global_chan_by_psm

Bluetooth: L2CAP: Fix accepting connection request for invalid SPSM

ipv6: raw: Deduct extension header length in rawv6_push_pending_frames

i2c: ismt: Fix an out-of-bounds bug in ismt_access()

nfp: fix use-after-free in area_cache_get()

net: sched: atm: dont intepret cls results when asked to drop

media: dvb-core: Fix UAF due to refcount races at releasing

Bluetooth: L2CAP: Fix u8 overflow

net: sched: disallow noqueue for qdisc classes

wifi: rndis_wlan: Prevent buffer overflow in rndis_query_oid

hv_netvsc: Add check for kvmalloc_array

vc_screen: move load of struct vc_data pointer in vcs_read() to avoid UAF

rds: Fix lack of reentrancy for connection reset with dst addr zero

netfilter: ipset: add the missing IP_SET_HASH_WITH_NET0 macro for ip_set_hash_netportnet.c

net/sched: sch_hfsc: Ensure inner classes have fsc curve

x86/xen: Add xenpv_restore_regs_and_return_to_usermode()

Restrict access to pagemap/kpageflags/kpagecount

N/A

perf: Fix sys_perf_event_open() race against self