seq_file: Disallow extremely large seq buffer allocations

media: xirlink_cit: add missing descriptor sanity checks

cipso,calipso: resolve a number of problems with the DOI refcounts

Bluetooth: verify AMP hci_chan before amp_destroy

Bluetooth: verify AMP hci_chan before amp_destroy (kcare adaptation)

Out of scope as the patch is for powerpc arch only, x86_64 is not affected

netfilter: x_tables: fix compat match/target pad out-of-bound write

bpf, x86: Validate computation of branch displacements for x86-64

netfilter: x_tables: Use correct memory barriers.

bluetooth: eliminate the potential race condition when removing the

net_sched: cls_route: remove the right filter from hashtable

KVM: nSVM: avoid picking up unsupported bits from L2 in int_ctl

KVM: nSVM: avoid picking up unsupported bits from L2 in int_ctl (adaptation)

KVM: nSVM: always intercept VMLOAD/VMSAVE when nested

Out of scope as the patch is for powerpc arch only, x86_64 is not affected

RDMA/cma: Add missing locking to rdma_accept()

RDMA/ucma: Fix the locking of ctx->file

RDMA/ucma: Fix locking for ctx->events_reported

RDMA/ucma: Rework ucma_migrate_id() to avoid races with destroy

perf/core: Fix a memory leak in perf_event_parse_addr_filter()

firewire: firedtv-avc: potential buffer overflow

media: firewire: firedtv-avc: fix a buffer overflow

[media] firewire: don't break long lines

media: firewire: firedtv-avc: fix a buffer overflow

fuse: fix bad inode

HID: core: Sanitize event code and type when mapping input

do_epoll_ctl(): clean the failure exits up a bit

af_unix: fix garbage collect vs MSG_PEEK

af_unix: fix garbage collect vs MSG_PEEK (adaptation)

af_unix: fix garbage collect vs MSG_PEEK (adaptation)

Bluetooth: fix the erroneous flush_work() order

Bluetooth: use correct lock to prevent UAF of hdev object

xfs: map unwritten blocks in XFS_IOC_{ALLOC,FREE}SP just like

drm/vmwgfx: Fix stale file descriptors on failed usercopy

drm/i915: Flush TLBs before releasing backing store

RDMA/cma: Do not change route.addr.src_addr.ss_family

Initialize registers to avoid stack leak into userspace.

Bail out in case userspace uses unsupported registers.

cgroup-v1: Require capabilities to set release_agent

perf: Fix sys_perf_event_open() race against self

netfilter: nf_tables: disallow non-stateful expression in

Not affected without certain conditions - Secure Boot, configured kgdb/kdb. Complex adaptation

x86/speculation/mmio: Add mitigation for Processor MMIO Stale Data

net_sched: cls_route: remove from list when handle is 0

Livepatching Retbleed may decrease kernel stability and performance. This vulnerability has medium security impact and applies to certain hardware environments only.

Livepatching Retbleed may decrease kernel stability and performance. This vulnerability has medium security impact and applies to certain hardware environments only.

Livepatching Retbleed may decrease the stability and performance of the kernel, while vulnerability has a medium security impact and only for a certain hardware environment.

Livepatching Retbleed may decrease kernel stability and performance. This vulnerability has medium security impact and applies to certain hardware environments only.

Livepatching Retbleed may decrease the stability and performance of the kernel, while vulnerability has a medium security impact and only for a certain hardware environment.

net: usb: ax88179_178a: fix packet alignment padding

ax88179_178a: Merge memcpy + le32_to_cpus to get_unaligned_le32

net: usb: Merge cpu_to_le32s + memcpy to put_unaligned_le32

net: usb: ax88179_178a: Fix out-of-bounds accesses in RX fixup

net: usb: ax88179_178a: Fix packet receiving

An introduction of required changes through KernelCare could cause unavoidable problems to applications which use unprivileged eBPF.

proc: avoid integer type confusion in get_proc_long

proc: proc_skip_spaces() shouldn't think it is working on C strings

usb: mon: make mmapped memory read only

Bluetooth: L2CAP: Fix use-after-free caused by l2cap_reassemble_sdu

net/sched: flower: fix possible OOB write in fl_set_geneve_opt()

hw: amd: Cross-Process Information Leak

netfilter: nf_tables: deactivate anonymous set from preparation phase

netfilter: nf_tables: deactivate anonymous set from preparation phase (adaptation)

netfilter: nf_tables: do not allow SET_ID to refer to another table

netfilter: nf_tables: skip deactivated anonymous sets during lookups

netfilter: nf_tables: prevent OOB access in nft_byteorder_eval

Smart Patch for net/sched: cls_u32: Fix reference counter leak leading to overflow

Smart Patch for net/sched/cls_u32.c

net/sched: cls_fw: No longer copy tcf_result on update to avoid use-after-free

net/sched: cls_route: No longer copy tcf_result on update to avoid use-after-free

net/sched: cls_fw: Fix improper refcount update leads to use-after-free

net/sched: sch_qfq: account for stab overhead in qfq_enqueue

Complex adaptation required.

net/sched: sch_qfq: prevent slab-out-of-bounds in qfq_activate_agg

revert of: netfilter: ipset: actually allow allowable CIDR 0 in hash:net, port, net

Bluetooth: L2CAP: Fix accepting connection request for invalid SPSM

Bluetooth: L2CAP: Fix l2cap_global_chan_by_psm

net: sched: sch_qfq: Fix UAF in qfq_dequeue()

net: sched: sch_qfq: Fix UAF in qfq_dequeue() (adaptation)

fbcon driver was updated and patched in the same kernel 3.10.0-1160.111.1.el7. Older versions don't contain vulnerabilities b07db3958485 and d443d9386472

igb: set max size RX buffer when store bad packet is enabled

igb: set max size RX buffer when store bad packet is enabled (adaptation)

netfilter: nf_tables: reject QUEUE/DROP verdict parameters

sched/membarrier: reduce the ability to hammer on sys_membarrier

[PATCH 1681/1699] af_unix: Fix null-ptr-deref in

[PATCH 1658/1699] net/sched: sch_hfsc: Ensure inner classes have fsc

[PATCH 1659/1699] net/sched: sch_hfsc: upgrade 'rt' to 'sc' when it

[PATCH 1686/1699] bluetooth: Perform careful capability checks in

[PATCH 1689/1699] bluetooth: Add cmd validity checks at the start of

[PATCH 1696/1699] vt: vt_ioctl: fix race in VT_RESIZEX

[PATCH 1643/1699] RDMA/i40iw: Prevent zero-length STAG registration

RDMA/irdma: Prevent zero-length STAG registration (adaptation)

net: fix __dst_negative_advice() race

fuse: fix pipe buffer lifetime for direct_io

fuse: fix pipe buffer lifetime for direct_io

wifi: mac80211: Avoid address calculations via out of bounds array indexing

N/A

x86/bhi: Add support for clearing branch history at syscall entry

media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format

can: bcm: Fix UAF in bcm_proc_show()

HID: core: zero-initialize the report buffer

ALSA: usb-audio: Fix potential out-of-bound accesses for Extigy and Mbox devices

ALSA: usb-audio: Fix a DMA to stack memory bug

Restrict access to pagemap/kpageflags/kpagecount