rds: rds_rm_zerocopy_callback() use list_first_entry()

[PATCH] media: rc: Fix use-after-free bugs caused by ene_tx_irqsim()

Out of scope. Android related patch.

drm/i915/gvt: fix double free bug in split_2MB_gtt_entry

scsi: iscsi_tcp: Fix UAF during login when accessing the shost

x86/speculation: Identify processors vulnerable to SMT RSB predictions

KVM: x86: Mitigate the cross-thread return address predictions bug

KVM: x86: Mitigate the cross-thread return address predictions bug (adaptation)

net/tls: tls_is_tx_ready() checked list_entry

kvm: initialize all of the kvm_debugregs structure before sending it

Safety check failed for copy_from_user; zendesk:191568

netrom: Fix use-after-free caused by accept on already connected

fbcon: Check font dimension limits

netfilter: nf_tables: deactivate anonymous set from preparation phase

net: sched: sch_qfq: prevent slab-out-of-bounds in qfq_activate_agg

wifi: brcmfmac: slab-out-of-bounds read in brcmf_get_assoc_ies()

KVM: nVMX: add missing consistency checks for CR0 and CR4

xirc2ps_cs: Fix use after free bug in xirc2ps_detach

sched/rt: pick_next_rt_entity(): check list_entry

HID: asus: use spinlock to safely schedule workers

HID: asus: use spinlock to safely schedule workers (adaptation)

net: add sock_init_data_uid()

tap: tap_open(): correctly initialize socket uid

tun: tun_chr_open(): correctly initialize socket uid

fs: hfsplus: fix UAF issue in hfsplus_put_super

9p/xen : Fix use after free bug in xen_9pfs_front_remove due to race condition

HID: bigben: use spinlock to safely schedule workers

HID: bigben: use spinlock to safely schedule workers (adaptation)

net/sched: flower: fix possible OOB write in fl_set_geneve_opt()

io_uring: mutex locked poll hashing

mctp: defer the kfree of object mdev->addrs

netfilter: nf_tables: incorrect error path handling with

ipvlan:Fix out-of-bounds caused by unclear skb->cb

netfilter: nf_tables: prevent OOB access in nft_byteorder_eval

netfilter: nf_tables: do not ignore genmask when looking up chain by id

btrfs: fix race between quota disable and quota assign ioctls

hwmon: (xgene) Fix use after free bug in xgene_hwmon_remove due to

nfc: st-nci: Fix use after free bug in ndlc_remove due to race

bluetooth: Perform careful capability checks in hci_sock_ioctl()

xfs: verify buffer contents when we skip log replay

bpf: Fix incorrect verifier pruning due to missing register precision

i2c: xgene-slimpro: Fix out-of-bounds bug in xgene_slimpro_i2c_xfer()

perf: Fix check before add_event_to_groups() in perf_group_detach()

dm ioctl: fix nested locking in table_clear() to remove deadlock concern

malidp: Fix NULL vs IS_ERR() checking

net: tls: fix possible race condition between

power: supply: da9150: Fix use after free bug in

memstick: r592: Fix UAF bug in r592_remove due to race condition

ksmbd: fix NULL pointer dereference in smb2_get_info_filesystem()

relayfs: fix out-of-bounds access in relay_file_read

net: qcom/emac: Fix use after free bug in emac_remove due to race

power: supply: bq24190: Fix use after free bug in bq24190_remove due

media: saa7134: fix use after free bug in saa7134_finidev due to race

media: dm1105: Fix use after free bug in dm1105_remove due to race

usb: gadget: udc: renesas_usb3: Fix use after free bug in

media: rkvdec: fix use after free bug in rkvdec_remove

act_mirred: use the backlog for nested calls to mirred ingress

fs/ntfs3: Check fields while reading

Medium severity vulnerability CVE requiring extremely complex adaptation (if at all possible)

io_uring: ensure IOPOLL locks around deferred work

netfilter: nf_tables: skip bound chain on rule flush

netfilter: nf_tables: disallow rule addition to bound chain via

hw: amd: Cross-Process Information Leak

net/sched: cls_fw: Fix improper refcount update leads to

netfilter: nft_set_pipapo: fix improper element removal

net/sched: sch_qfq: refactor parsing of netlink parameters

net/sched: sch_qfq: account for stab overhead in qfq_enqueue

net/sched: sch_qfq: refactor parsing of netlink parameters (adaptation)

netfilter: nf_tables: fix chain binding transaction logic

netfilter: nf_tables: fix chain binding transaction logic

net/sched: cls_u32: Fix reference counter leak leading to overflow

netfilter: nf_tables: add NFT_TRANS_PREPARE_ERROR to deal with bound set/chain

netfilter: nf_tables: unbind non-anonymous set if rule construction fails

netfilter: nf_tables: skip immediate deactivate in _PREPARE_ERROR

Complex adaptation required.

gfs2: Don't deref jdesc in evict

binder: fix UAF caused by faulty buffer cleanup

ksmbd: fix global-out-of-bounds in smb2_find_context_vals

ksmbd: fix wrong UserName check in session_user

ksmbd: allocate one more byte for implied bcc[0]

fs/ntfs3: Validate MFT flags before replaying logs

ext4: avoid a potential slab-out-of-bounds in ext4_group_desc_csum

media: dvb-core: Fix kernel WARNING for blocking operation in wait_event*()

f2fs: fix to avoid NULL pointer dereference f2fs_write_end_io()

netfilter: nf_tables: deactivate catchall elements in next generation

Bluetooth: L2CAP: Fix use-after-free in l2cap_sock_ready_cb

net/sched: cls_route: No longer copy tcf_result on update to avoid

net/sched: cls_fw: No longer copy tcf_result on update to avoid

net/sched: cls_u32: No longer copy tcf_result on update to avoid

net: tap_open(): set sk_uid from current_fsuid()

net: tun_chr_open(): set sk_uid from current_fsuid()

Complex adaptation required. Low impact CVE.

This is a low priority CVE & the patch impacts many critical components of the networking subsystem & it requires multiple complex adaptations in those components to avoid losing existing connections on patch/unpatch.

libceph: harden msgr2.1 frame segment length checks

ksmbd: validate session id and tree id in the compound request

The patch remove functionality.

[PATCH] exfat: check if filename entries exceeds max filename length

[PATCH] nfc: llcp: simplify llcp_sock_connect() error paths

[PATCH] net: nfc: Fix use-after-free caused by nfc_llcp_find_local

ksmbd: use ksmbd_req_buf_next() in ksmbd_smb2_check_message()

ksmbd: validate command payload size

ksmbd: fix out-of-bound read in smb2_write

Smart Patch for drivers/media/usb/siano/smsusb.c

A low priority AMD Inception vulnerability that affects Zen3/Zen4 & relates to RetBleed fixes requiring microcode updates, we can't do much about it in KCare Infra.

ipv6: rpl: Fix Route of Death.

net: rpl: fix rpl header size calculation

The patch removes functionality.

af_unix: Fix null-ptr-deref in unix_stream_sendpage().

netfilter: nftables: exthdr: fix 4-byte stack OOB write

igmp: limit igmpv3_newpack() packet size to IP_MAX_MTU

net: sched: sch_qfq: Fix UAF in qfq_dequeue()

net: sched: sch_qfq: Fix UAF in qfq_dequeue() (adaptation)

xen/netback: Fix buffer overrun triggered by unusual packet

netfilter: ipset: add the missing IP_SET_HASH_WITH_NET0 macro for

net/sched: sch_hfsc: Ensure inner classes have fsc curve

netfilter: nf_tables: skip bound chain in netns release path

netfilter: nf_tables: disallow rule removal from chain binding

An introduction of required changes through KernelCare could cause unavoidable problems to applications which use netfilter functionality.

Bluetooth: hci_ldisc: check HCI_UART_PROTO_READY flag in

xfrm: add NULL check in xfrm_update_ae_params

ubi: Refuse attaching if mtd's erasesize is 0

igb: set max size RX buffer when store bad packet is enabled

igb: set max size RX buffer when store bad packet is enabled (adaptation)

RDMA/irdma: Prevent zero-length STAG registration

RDMA/irdma: Prevent zero-length STAG registration (adaptation)

netfilter: nfnetlink_osf: avoid OOB read

netfilter: xt_u32: validate user space input

netfilter: xt_u32: validate user space input (adaptation)

netfilter: xt_sctp: validate the flag_info count

nvmet-tcp: Fix a possible UAF in queue intialization setup

vringh: don't use vringh_kiov_advance() in vringh_iov_xfer()

ipv4: fix null-deref in ipv4_link_failure

drm/qxl: fix UAF on handle creation

xfrm: add forgotten nla_policy for XFRMA_MTIMER_THRESH

xfrm: add forgotten nla_policy for XFRMA_MTIMER_THRESH

net: xfrm: Fix xfrm_address_filter OOB read

USB: core: Unite old scheme and new scheme descriptor reads (dependency)

USB: core: Change usb_get_device_descriptor() API (dependency)

USB: core: Fix race by not overwriting udev->descriptor in hub_port_init()

netfilter: nf_tables: Reject tables of unsupported family

smb: client: fix OOB in smbCalcSize()

perf: Fix perf_event_validate_size()

perf: Fix perf_event_validate_size() lockdep splat

ipv4: igmp: fix refcnt uaf issue when receiving igmp query packet

Complex adaptation required, low impact CVE.

tipc: fix a potential deadlock on &tx->lock

xen/events: replace evtchn_rwlock with RCU

net/tls: do not free tls_rec on async operation in bpf_exec_tx_verdict()

netfilter: nf_tables: bail out on mismatching dynset and set expressions

ksmbd: fix racy issue from session setup and logoff

ksmbd: fix racy issue from session setup and logoff (adaptation)

ravb: Fix use-after-free issue in ravb_tx_timeout_work()

x86/sev: Check for user-space IOIO pointing to kernel space

x86/sev: Check IOBM for IOIO exceptions from user-space

x86/sev: Disable MMIO emulation from user mode

net: nfc: fix races in nfc_llcp_sock_get() and nfc_llcp_sock_get_sn()

nfc: nci: assert requested protocol is valid

smb: client: fix OOB in receive_encrypted_standard()

net: tls, update curr on splice as well

ida: Fix crash in ida_free when the bitmap is empty

atm: Fix Use-After-Free in do_vcc_ioctl

appletalk: Fix Use-After-Free in atalk_ioctl

Complex adaptation required. Low impact CVE.

usb: dwc3: dwc3-qcom: Add missing platform_device_put() in dwc3_qcom_acpi_register_core

Bluetooth: af_bluetooth: Fix Use-After-Free in bt_sock_recvmsg

net/rose: Fix Use-After-Free in rose_ioctl

nfc: nci: fix possible NULL pointer dereference in send_acknowledge()

io_uring/fdinfo: lock SQ thread while retrieving thread cpu/pid

netfilter: nf_tables: fix pointer math issue in nft_byteorder_eval()

nvmet: nul-terminate the NQNs passed in the connect command

vhost: use kzalloc() instead of kmalloc() followed by memset()

mctp: perform route lookups under a RCU read-side lock

netfilter: nf_tables: check if catch-all set element is active in next generation

netfilter: nf_tables: reject QUEUE/DROP verdict parameters

phy: tegra: xusb: Fix return value of tegra_xusb_find_port_node function

scsi: lpfc: Fix a possible data race in lpfc_unregister_fcf_rescan()

ksmbd: destroy expired sessions

ksmbd: destroy expired sessions

uio: Fix use-after-free in uio_open

binder: fix use-after-free in shinker's callback

f2fs: fix to avoid dirent corruption

f2fs: explicitly null-terminate the xattr list

mtd: Fix gluebi NULL pointer dereference caused by ftl notifier

block: add check that partition length needs to be aligned with block size

EDAC/thunderx: Fix possible out-of-bounds string access

drivers/amd/pm: fix a use-after-free in kv_parse_power_table

btrfs: do not ASSERT() if the newly created subvolume already got read

Bluetooth: Fix atomicity violation in {min,max}_key_size_set

bpf: Fix re-attachment branch in bpf_tracing_prog_attach

ksmbd: fix racy issue under cocurrent smb2 tree disconnect

ksmbd: fix racy issue under cocurrent smb2 tree disconnect (adaptation)

ksmbd: fix out-of-bound read in deassemble_neg_contexts()

ksmbd: fix out-of-bound read in parse_lease_state()

ksmbd: fix out of bounds in init_smb2_rsp_hdr()

media: pvrusb2: fix use after free on context disconnection

ksmbd: fix slab-out-of-bounds in smb_strndup_from_utf16()

powerpc/pseries/memhp: Fix access beyond end of drmem array

mlxsw: spectrum_acl_tcam: Fix stack corruption

bpf: Reject variable offset alu on PTR_TO_FLOW_KEYS

xen-netback: don't produce zero-size SKB frags

ipv6: remove max_size check inline with ipv4

ipv6: remove max_size check inline with ipv4

dm ioctl: log an error if the ioctl structure is corrupted

dm: limit the number of targets and parameter size area

apparmor: avoid crash when parsed profile name is empty

gfs2: Fix kernel NULL pointer dereference in gfs2_rgrp_dump

binder: ksmbd: add missing compound request handing in some commands

net: qualcomm: rmnet: fix global oob in rmnet_policy

net: qualcomm: rmnet: fix global oob in rmnet_policy

KVM: arm64: vgic-its: Avoid potential UAF in LPI translation cache

ipv6: mcast: fix data-race in ipv6_mc_down / mld_ifc_work

ip6_tunnel: fix NEXTHDR_FRAGMENT handling in ip6_tnl_parse_tlv_enc_lim()

ksmdb: use cmd helper variable in smb2_get_ksmbd_tcon()

ksmbd: validate session id and tree id in compound request

serial: imx: fix tx statemachine deadlock

serial: 8250: omap: Don't skip resource freeing if pm_runtime_resume_and_get() failed

nvmet-tcp: Fix a kernel panic when host sends an invalid H2C PDU length

nvmet-tcp: Fix the H2C expected PDU len calculation

nvmet-tcp: fix a crash in nvmet_req_complete()

bpf: fix check for attempt to corrupt spilled pointer

Complex adaptation required. Issue can be reproduced with special UEFI implementation only.

mfd: syscon: Fix null pointer dereference in of_syscon_register()

drm/radeon: check the alloc_workqueue return value in radeon_crtc_init()

Complex adaptation required.

binder: fix UAF of alloc->vma in race with munmap()

binder: fix race between mmput() and do_exit()

net/sched: act_ct: fix skb leak and crash on ooo frags

crypto: scomp - fix req->dst buffer overflow

UBSAN: array-index-out-of-bounds in dtSplitRoot

jfs: fix uaf in jfs_evict_inode

Bluetooth: Add more enc key size check

ksmbd: fix UAF issue in ksmbd_tcp_new_connection()

ksmbd: fix UAF issue in ksmbd_tcp_new_connection() (adaptation)

FS:JFS:UBSAN:array-index-out-of-bounds in dbAdjTree

jfs: fix array-index-out-of-bounds in diNewExt

KVM: s390: fix setting of fpc register

f2fs: fix to tag gcing flag on page during block migration

llc: call sock_orphan() at release time

powerpc/lib: Validate size for vector operations

jfs: fix array-index-out-of-bounds in dbAdjTree

i2c: i801: Fix block process call transactions

ksmbd: fix global oob in ksmbd_nl_policy

ksmbd: fix global oob in ksmbd_nl_policy (adaptation)

ip6_tunnel: make sure to pull inner header in __ip6_tnl_rcv()

drm/amd/display: Implement bounds check for stream encoder

net/smc: fix illegal rmb_desc access in SMC-D connection dump

llc: make llc_ui_sendmsg() more robust against bonding

btrfs: don't abort filesystem when attempting to snapshot

scsi: core: Move scsi_host_busy() out of host lock for waking

tcp: add sanity checks to rx zerocopy

tipc: Check the bearer type before calling

binder: signal epoll threads of self-work

IB/ipoib: Fix mcast list locking

wifi: iwlwifi: fix a memory corruption

powerpc/mm: Fix null-pointer dereference in pgtable_cache_add

pstore/ram: Fix crash when setting number of cpus to an odd

s390/ptrace: handle setting of fpc register correctly

SUNRPC: Fix a suspicious RCU usage warning

ceph: fix deadlock or deadcode of misusing dget()

crypto: lib/mpi - Fix unexpected pointer access in

net: prevent mss overflow in skb_segment()

fs/ntfs3: Fix an NULL dereference bug

um: time-travel: fix time corruption

PM / devfreq: Synchronize devfreq_monitor_[start/stop]

net: openvswitch: limit the number of recursions from action sets

net/rds: Fix UBSAN: array-index-out-of-bounds in rds_cmsg_recv

phy: ti: phy-omap-usb2: Fix NULL pointer dereference for SRP

sched/membarrier: reduce the ability to hammer on sys_membarrier

can: j1939: prevent deadlock by changing j1939_socks_lock to rwlock

can: j1939: prevent deadlock by changing j1939_socks_lock to rwlock (adaptation)

ext4: avoid online resizing failures due to oversized flex bg

ext4: avoid online resizing failures due to oversized flex bg

llc: Drop support for ETH_P_TR_802_2.

llc: Drop support for ETH_P_TR_802_2 (adaptation)

The modified structure mem_section_usage is used only during bootup time. As we patch the changes after booting they will have no effect. Therefore we cannot patch this CVE.

Power management subsystem - sleep mode. Irrelevant for servers.

wifi: ath9k: Fix potential array-index-out-of-bounds read in ath9k_htc_txstatus()

wifi: rt2x00: restart beacon queue when hardware reset

firmware: arm_scmi: Check mailbox/SMT channel for consistency

PM / devfreq: Fix buffer overflow in trans_stat_show

hwrng: core - Fix page fault dead lock on mmap-ed hwrng

block/rnbd-srv: Check for unlikely string overflow

tracing: Ensure visibility when inserting an element into tracing_map

ppp_async: limit MRU to 64K

blk-mq: fix IO hang from sbitmap wakeup race

inet: read sk->sk_family once in inet_recv_error()

tunnels: fix out of bounds access when building IPv6 PMTU error

net: stmmac: xgmac: fix handling of DPP safety error for DMA channels

net: stmmac: xgmac: fix handling of DPP safety error for DMA channels

netfilter: nft_ct: sanitize layer 3 and 4 protocol number in custom expectations

hwmon: (coretemp) Fix out-of-bounds memory access

nilfs2: fix potential bug in end_buffer_async_write

af_unix: Call kfree_skb() for dead unix_(sk)->oob_skb in GC.

netfilter: nft_limit: reject configurations that cause integer overflow

usb: dwc3: gadget: Fix NULL pointer dereference in dwc3_gadget_suspend

crypto: ccp - Fix null pointer dereference in __sev_platform_shutdown_locked

hv_netvsc: Fix race condition between netvsc_probe and netvsc_remove

ext4: fix double-free of blocks due to wrong extents moved_len

iio: magnetometer: rm3100: add boundary check for the value read from RM3100_REG_TMRC

nilfs2: fix data corruption in dsync block recovery for small block sizes

nilfs2: fix hang in nilfs_lookup_dirty_data_buffers()

ceph: prevent use-after-free in encode_cap_msg()

Do not support powerpc build with kasan sanitizer 4a7aee96200ad281a5cc4cf5c7a2e2a49d2b97b0

media: mtk-jpeg: Fix use after free bug due to error path handling in mtk_jpeg_dec_device_run

Complex adaptation required. Network services prevents update because sleeps in inet_csk_accept() function.

media: rc: bpf attach/detach requires write permission

iio: core: fix memleak in iio_device_register_sysfs

nfc: nci: free rx_data_reassembly skb on NCI device cleanup

mptcp: fix data re-injection from stale subflow

media: ir_toy: fix a memleak in irtoy_tx

tracing/trigger: Fix to return error if failed to alloc snapshot

dmaengine: fix NULL pointer in channel unregistration

bus: mhi: host: Drop chan lock before queuing buffers

bus: mhi: host: Add alignment check for event ring read

netfilter: nft_chain_filter: handle NETDEV_UNREGISTER for

drm: Don't unref the same fb many times by mistake due to

jfs: fix slab-out-of-bounds Read in dtSearch

HID: i2c-hid-of: fix NULL-deref on failed power up

mm/writeback: fix possible divide-by-zero in

kpatch add alt asm definitions

x86/bugs: Change commas to semicolons in 'spectre_v2' sysfs file

x86/bhi: Add support for clearing branch history at syscall entry

net: hsr: remove WARN_ONCE() in send_hsr_supervision_frame()

wifi: brcmfmac: Fix use-after-free bug in

tomoyo: fix UAF write bug in tomoyo_write_control()

wifi: mac80211: fix potential key use-after-free

smb: client: fix potential OOBs in

fs,hugetlb: fix NULL pointer dereference in hugetlbs_fill_super

aoe: fix the potential use-after-free problem in aoecmd_cfg_pkts

net/ipv6: avoid possible UAF in ip6_route_mpath_notify()

fs/ntfs3: Add NULL ptr dereference checking at the end of attr_allocate_frame()

fs/ntfs3: Fix oob in ntfs_listxattr

netfilter: nf_tables: disallow timeout for anonymous sets

drm/tegra: dsi: Add missing check for of_find_device_by_node

erofs: fix lz4 inplace decompression

wifi: b43: Stop/wake correct queue in DMA Tx path when QoS is

pmdomain: mediatek: fix race conditions with genpd

NTB: fix possible name leak in ntb_register_device()

drm/vmwgfx: fix a memleak in vmw_gmrid_man_get_node

bpf: Fix stackmap overflow check on 32-bit arches

RDMA/mlx5: Fix fortify source warning while accessing Eth segment

x86, relocs: Ignore relocations in .notes section

ACPI: processor_idle: Fix memory leak in acpi_processor_power_exit()

bpf: Fix hashtab overflow check on 32-bit arches

bpf: Fix DEVMAP_HASH overflow check on 32-bit arches

EFI Firmware: CVE patch is for EFI firmware which runs at boot time.

octeontx2: CVE patch is outside the scope.

afs: Increase buffer size in afs_update_volume_status()

ipv6: sr: fix possible use-after-free and null-ptr-deref

xhci: process isoc TD properly when there was a transaction error mid TD.

xhci: process isoc TD properly when there was a transaction error mid TD.

xhci: handle isoc Babble and Buffer Overrun events properly

sr9800: Add check for usbnet_get_endpoints

x86/fpu: Stop relying on userspace for info to fault in xsave buffer

ext4: regenerate buddy after block freeing failed if under fc replay

Low-severity patch proven to suffer from stack-unsafety problem when patching during network load.

wifi: ath10k: fix NULL pointer dereference in ath10k_wmi_tlv_op_pull_mgmt_tx_compl_ev()

dmaengine: fsl-qdma: fix SoC may hang on 16 byte unaligned read

btrfs: dev-replace: properly validate device names

btrfs: fix double free of anonymous device after snapshot creation failure

gtp: fix use-after-free and null-ptr-deref in gtp_newlink()

RISCV arch not supported.

fbcon: always restore the old font data in fbcon_do_set_font()

Bluetooth: Avoid potential use-after-free in hci_error_reset

stmmac: Clear variable when destroying workqueue

net: veth: clear GRO when clearing XDP even when down

net: ip_tunnel: prevent perpetual headroom growth

netlink: Fix kernel-infoleak-after-free in __skb_datagram_iter

ipv6: mcast: remove one synchronize_net() barrier in ipv6_mc_down()

netfilter: nft_flow_offload: reset dst in route object after setting up flow

efi/capsule-loader: fix incorrect allocation size

ipv6: fix potential "struct net" leak in inet6_rtm_getaddr()

netrom: Fix data-races around sysctl_net_busy_read

wifi: nl80211: reject iftype change with mesh ID change

dmaengine: ti: edma: Add some null pointer checks to the

ext4: avoid allocating blocks from corrupted group in ext4_mb_find_by_goal()

ext4: avoid allocating blocks from corrupted group in ext4_mb_try_best_found()

ext4: avoid dividing by 0 in mb_update_avg_fragment_size()

spi: hisi-sfc-v3xx: Return IRQ_NONE if no interrupts were

fbdev: sis: Error out if pixclock equals zero

fbdev: savage: Error out if pixclock equals zero

wifi: mac80211: fix race condition on enabling fast-xmit

mptcp: fix double-free on socket dismantle

STM32 arch is not supported. Low impact CVE.

NXP Layerscape SoCs affected only. Unable to fix early initialization.

NFSv4.2: fix nfs4_listxattr kernel BUG at mm/usercopy.c:102

quota: Fix potential NULL pointer dereference

cachefiles: fix memory leak in cachefiles_add_cache()

netfilter: nf_conntrack_h323: Add protection for bmp length

hsr: Fix uninit-value access in hsr_get_node()

net: ip_tunnel: make sure to pull inner header in ip_tunnel_rcv()

Bluetooth: hci_core: Fix possible buffer overflow

do_sys_name_to_handle(): use kzalloc() to fix kernel-infoleak

x86/sev-es: Allow copy_from_kernel_nofault() in earlier boot

x86/mm: Disallow vsyscall page read for copy_from_kernel_nofault()

net/rds: fix WARNING in rds_conn_connect_if_down

spi: spi-mt65xx: Fix NULL pointer access in interrupt handler

f2fs: replace congestion_wait() calls with io_schedule_timeout()

f2fs: compress: fix to cover normal cluster write with cp_rwsem

clk: zynq: Prevent null pointer dereference caused by kmalloc failure

clk: Fix clk_core_get NULL dereference

clk: hisilicon: hi3559a: Fix an erroneous devm_kfree()

drm/amd/display: Fix potential NULL pointer dereferences in 'dcn10_set_output_transfer_func()'

drm/amd/display: Fix a potential buffer overflow in 'dp_dsc_clock_en_read()'

nfp: flower: handle acti_netdevs allocation failure

net: phy: fix phy_get_internal_delay accessing an empty array

nvmet-fc: release reference on target port

nvmet-fc: avoid deadlock on delete association path

ipv4, ipv6: Fix handling of transhdrlen in __ip{,6}_append_data()

l2tp: pass correct message length to ip6_append_data

dm-crypt: don't modify the data when using authenticated

CVE targets a specific ARM processor.

usb: cdns3: fixed memory use after free at cdns3_gadget_ep_disable()

usb: roles: fix NULL pointer issue when put module's reference

usb: cdns3: fix memory double free when handle zero packet

RDMA/srpt: Support specifying the srpt_service_guid

RDMA/qedr: Fix qedr_create_user_qp error flow

fs/aio: Restrict kiocb_set_cancel_fn() to I/O submitted via libaio

Bluetooth: rfcomm: Fix null-ptr-deref in rfcomm_check_security

Bluetooth: rfcomm: Fix null-ptr-deref in rfcomm_check_security

media: edia: dvbdev: fix a use-after-free

cpumap: Zero-initialise xdp_rxq_info struct before running XDP program

wifi: iwlwifi: dbg-tlv: ensure NUL termination

media: tc358743: register v4l2 async device only after successful setup

f2fs: compress: fix reserve_cblocks counting error when out of space

net: ethernet: mtk_eth_soc: fix PPE hanging issue

drm/lima: fix a memleak in lima_heap_alloc

wifi: libertas: fix some memleaks in lbs_allocate_cmd_buffer()

ALSA: usb-audio: Stop parsing channels bits when all channels are found.

scsi: target: core: Add TMF to tmr_list handling

IB/hfi1: Fix a memleak in init_credit_return

netfilter: nf_tables: set dormant flag on hook register failure

drm/amd/display: Fix memory leak in dm_sw_fini()

drm/amdgpu: Reset IH OVERFLOW_CLEAR bit

packet: annotate data-races around ignore_outgoing

RDMA/irdma: Fix KASAN issue with tasklet

Low-severity patch proven to suffer from stack-unsafety problem when patching during network load.

Low-severity patch proven to suffer from stack-unsafety problem when patching during network load.

net: sparx5: Fix use after free inside sparx5_del_mact_entry

net: ice: Fix potential NULL pointer dereference in

net: hns3: fix kernel crash when 1588 is received on HIP08 devices

dm: call the resume method on internal suspend

crypto: xilinx - call finalize with bh disabled

media: pvrusb2: fix uaf in pvr2_context_set_notify

drm/mediatek: Fix a null pointer crash in

RDMA/srpt: Do not register event handler until srpt device is fully setup

PCI: Make pci_dev_is_disconnected() helper public for other drivers

iommu/vt-d: Don't issue ATS Invalidation request when device is disconnected

wireguard: receive: annotate data-race around receiving_counter.counter

net/bnx2x: Prevent access to a freed page in page_pool

cpufreq: brcmstb-avs-cpufreq: add check for cpufreq_cpu_get's

wifi: rtl8xxxu: add cancel_work_sync() for c2hcmd_work

wifi: wilc1000: fix RCU usage in connect path

Out of scope: s390 architecture isn't supported

netfilter: nf_tables: do not compare internal table flags on

media: ttpci: fix two memleaks in budget_av_attach

media: go7007: fix a memleak in go7007_load_encoder

media: dvb-frontends: avoid stack overflow warnings with

media: imx: csc/scaler: fix v4l2_ctrl_handler memory leak

media: v4l2-mem2mem: fix a memleak in

media: v4l2-tpg: fix some memleaks in tpg_alloc

SUNRPC: fix some memleaks in gssx_dec_option_array

arp: Prevent overflow in arp_req_get().

eBPF: low score UAF with CONFIG_BPF_UNPRIV_DEFAULT_OFF=y by default but needs complex adaptation.

VFIO: Add the SPR_DSA and SPR_IAX devices to the denylist

WiFi - Complex adaptation required.

nvme-fc: do not wait in vain when unloading module

nvme-fc: do not wait in vain when unloading module

geneve: make sure to pull inner header in geneve_rx()

clk: meson: Add missing clocks to axg_clk_regmaps

clk: meson: Add missing clocks to axg_clk_regmaps

netfilter: nft_set_pipapo: do not free live element

cifs: fix underflow in parse_server_interfaces()

Bluetooth: Fix TOCTOU in HCI debugfs implementation

USB: core: Fix deadlock in usb_deauthorize_interface()

md/raid5: fix atomicity violation in raid5_cache_count

af_unix: Do not use atomic ops for unix_sk(sk)->inflight

af_unix: Fix garbage collector racing against connect()

media: xc4000: Fix atomicity violation in xc4000_get_frequency

scsi: qla2xxx: Fix double free of fcport

drm/vmwgfx: Fix possible null pointer derefence with invalid contexts

netfilter: nf_tables: Fix potential data-race in __nft_obj_type_get()

netfilter: nf_tables: Fix potential data-race in __nft_expr_type_get()

sysv: don't call sb_bread() with pointers_lock held

ubi: Check for too small LEB size in VTBL code

netfilter: nf_tables: disallow anonymous set with timeout flag

xen/events: close evtchn after mapping cleanup

amdkfd: use calloc instead of kzalloc to avoid integer overflow

tcp_close is sleepable and called from kthread, which may prevent patching and unpatchng.

tty: n_gsm: require CAP_NET_ADMIN to attach N_GSM0710 ldisc

nfsd: fix RELEASE_LOCKOWNER

nfsd: don't take fi_lock in nfsd_break_deleg_cb()

nfs: fix UAF in direct writes

Out of scope: IBM System/390 architecture isn't supported for current kernel

nilfs2: fix failure to detect DAT corruption in btree and

nilfs2: prevent kernel bug at submit_bh_wbc()

wireguard: netlink: check for dangling peer via is_dead instead of empty list

wireguard: netlink: access device through ctx instead of peer

drm/i915/gt: Reset queue_priority_hint on parking

scsi: core: Fix unremoved procfs host directory regression

scsi: qla2xxx: Fix command flush on cable pull

crypto: qat - fix double free during reset (dependency)

crypto: qat - resolve race condition during AER recovery

mm: swap: fix race between free_swap_and_cache() and

pci_iounmap(): Fix MMIO mapping leak

KVM: Always flush async #PF workqueue when vCPU is being destroyed

fat: fix uninitialized field in nostale filehandles

usb: xhci: Add error handling in xhci_map_urb_for_dma

comedi: vmk80xx: fix incomplete endpoint checking

serial/pmac_zilog: Remove flawed mitigation for rx irq flood

usb: gadget: f_ncm: Fix UAF ncm object at re-bind after usb ep transport error

speakup: Avoid crash on very long word

fs: sysfs: Fix reference leak in sysfs_break_active_protection()

arm64: hibernate: Fix level3 translation fault in swsusp_save()

Out of scope as the patch is for vmlinux init sections which are discarded after the boot

nouveau: fix instmem race condition around ptr stores

serial: mxs-auart: add spinlock around changing cts state

USB: usb-storage: Prevent divide-by-0 error in isd200_ata_command

xen-netfront: Add missing skb_mark_for_recycle

netfilter: flowtable: incorrect pppoe tuple

tun: limit printing rate when illegal packet received by tun dev

Out of scope as the patch is for s390 arch only, x86_64 is not affected

drm: nv04: Fix out of bounds access

net: gtp: Fix Use-After-Free in gtp_dellink

net: openvswitch: Fix Use-After-Free in ovs_ct_exit

PCI: Drop pci_device_remove() test of pci_dev->driver (dependency)

PCI/PM: Drain runtime-idle callbacks before driver removal

soc: fsl: qbman: Always disable interrupts when taking cgr_lock

dm snapshot: fix lockup in dm_exception_table_exit

KVM: SVM: Flush pages under kvm->lock to fix UAF in svm_register_enc_region()

wifi: mac80211: check/clear fast rx for non-4addr sta VLAN changes

net: ll_temac: platform_get_resource replaced by wrong function

drm/amdgpu: amdgpu_ttm_gart_bind set gtt bound flag

vt: fix unicode buffer corruption when deleting characters

fs/aio: Check IOCB_AIO_RW before the struct aio_kiocb conversion

usb: udc: remove warning when queue disabled ep

btrfs: fix information leak in btrfs_ioctl_logical_to_ino()

irqchip/gic-v3-its: Prevent double free on error

of: dynamic: Synchronize of_changeset_destroy() with the devlink removals

Out of scope as the patch is for riscv arch only, x86_64 is not affected

mm/secretmem: fix GUP-fast succeeding on secretmem folios

x86/mm/pat: fix VM_PAT handling in COW mappings

icmp: prevent possible NULL dereferences from icmp_build_probe()

mlxsw: spectrum_acl_tcam: Fix possible use-after-free during

mlxsw: spectrum_acl_tcam: Fix possible use-after-free during

mlxsw: spectrum_acl_tcam: Fix memory leak during rehash

mlxsw: spectrum_acl_tcam: Fix memory leak when canceling

netfilter: nf_tables: Fix potential data-race in __nft_flowtable_type_get()

netfilter: validate user input for expected length

bpf, sockmap: Prevent lock inversion deadlock in map delete

net/sched: act_skbmod: prevent kernel-infoleak

erspan: make sure erspan_base_hdr is present in skb->head

ipv6: Fix infinite recursion in fib6_dump_done().

mlxbf_gige: stop interface during shutdown

gro: fix ownership transfer

iwlwifi: mvm: rfi: use kmemdup() to replace kzalloc + memcpy (dependency)

wifi: iwlwifi: mvm: rfi: fix potential response leaks

nfc: nci: Fix uninit-value in nci_dev_up and nci_ntf_packet

net/rds: fix possible cp null dereference

block: prevent division by zero in blk_rq_stat_sum()

fbmon: prevent division by zero in fb_videomode_from_videomode()

It is not possible to fix this vulnerability using kernel livepatching because it lies below the system call level.

Out of scope as the patch that introduces the vulnerability 2fbbd712baf1 (net: mana: Enable RX path to handle various MTU sizes) is missing from these kernels

VMCI: Fix memcpy() run-time warning in dg_dispatch_as_host()

VMCI: Fix possible memcpy() run-time warning in vmci_datagram_invoke_guest_handler()

pstore/zone: Add a null pointer check to the psz_kmsg_read

btrfs: handle chunk tree lookup error in btrfs_relocate_sys_chunks()

btrfs: send: handle path ref underflow in header iterate_inode_ref()

net/smc: reduce rtnl pressure in smc_pnet_create_pnetids_list()

Bluetooth: btintel: Fix null ptr deref in btintel_read_version

scsi: lpfc: Fix possible memory leak in lpfc_rcv_padisc()

drm/client: Fully protect modes[] with dev->mode_config.mutex

wifi:ath11k, low score CVE that needs complex adaptation but decreasing MHI Bus' buf-len isn't a typical security fix.

batman-adv: Avoid infinite loop trying to resize local TT

Bluetooth: Fix memory leak in hci_req_sync_complete()

xsk: validate user input for XDP_{UMEM|COMPLETION}_FILL_RING

geneve: fix header validation in geneve[6]_xmit_skb

Complex adaptation required. Livepatching of this vulnerability can harm the network subsystem..

ipv6: fix race condition between ipv6_get_ifaddr and

net/mlx5: Properly link new fs rules into the tree

net: ena: Fix incorrect descriptor free behavior

i2c: smbus: fix NULL function pointer dereference

Out of scope as the patch is for riscv arch only, x86_64 is not affected

ipv4: check for NULL idev in ip_route_use_hint()

mlxsw: spectrum_acl_tcam: Fix warning during rehash

mlxsw: spectrum_acl_tcam: Fix incorrect list API usage

netfilter: nf_tables: honor table dormant flag from netdev release event path

dma: xilinx_dpdma: Fix locking

dmaengine: idxd: Fix oops during rmmod on single-CPU platforms

HID: i2c-hid: remove I2C_HID_READ_PENDING flag to prevent lock-up

binder: check offset alignment in binder_get_object()

vfio/pci: Lock external INTx masking ops

vfio/fsl-mc: Block calling interrupt handler without trigger

scsi: qla2xxx: Fix off by one in qla_edif_app_getstats()

mmc: sdhci-msm: pervent access to suspended controller

vfio/pci: Disable auto-enable of exclusive INTx IRQ

tty: n_gsm: fix possible out-of-bounds in gsm0_receive()

ksmbd: fix potencial out-of-bounds when buffer offset is

smb: client: fix use-after-free bug in

Bluetooth: af_bluetooth: Fix deadlock

x86/sev: Harden #VC instruction emulation somewhat

x86/sev: Check for MWAITX and MONITORX opcodes in the #VC

ksmbd: fix slab-out-of-bounds in smb2_allocate_rsp_buf

ksmbd: validate request buffer size in

eeprom: at24: Probe for DDR3 thermal sensor in the SPD case (dependency)

eeprom: at24: Use dev_err_probe for nvmem register failure (dependency)

eeprom: at24: fix memory corruption race condition

Bluetooth: Fix use-after-free bugs caused by sco_sock_timeout

Bluetooth: l2cap: fix null-ptr-deref in l2cap_chan_timeout

firewire: nosy: ensure user_length is taken into account when

dyndbg: fix old BUG_ON in >control parser

md: fix kmemleak of rdev->serial

KEYS: trusted: Fix memory leak in tpm2_key_encode()

KEYS: trusted: Do not use WARN when encode fails

remoteproc: mediatek: Make sure IPI buffer fits in L2TCM

net: fix out-of-bounds access in ops_init

tipc: fix UAF in error path

drm/vmwgfx: Fix invalid reads in fence signaled events

drm/amd/display: Fix division by zero in setup_dsc_config

ALSA: Fix deadlocks with kctl removals at disconnection

arm: arch is not supported

tcp: defer shutdown(SEND_SHUTDOWN) for TCP_SYN_RECV sockets

tcp: Use refcount_inc_not_zero() in tcp_twsk_unique().

rtnetlink: Correct nested IFLA_VF_VLAN_LIST attribute validation

ipv6: fib6_rules: avoid possible NULL dereference in fib6_rule_action()

drm/amd/display: Atom Integrated System Info v2_2 for DCN35

mptcp: ensure snd_nxt is properly initialized on connect

Bluetooth: qca: add missing firmware sanity checks

s390: arch is not supported

bpf, skmsg: Fix NULL pointer dereference in sk_psock_skb_ingress_enqueue

bna: ensure the copied buf is NUL terminated

s390: arch is not supported

net: core: reject skb_copy(_expand) for fraglist GSO skbs

scsi: bnx2fc: Remove spin_lock_bh while releasing resources after upload

blk-iocost: avoid out of bounds shift

KVM: arm64: vgic-v2: Use cpuid from userspace as vcpu_id (dependency)

KVM: arm64: vgic-v2: Check for non-NULL vCPU in vgic_v2_parse_attr()

wifi: nl80211: don't free NULL coalescing rule

pinctrl: core: delete incorrect free in pinctrl_enable()

ALSA: hda: intel-sdw-acpi: fix usage of device_get_named_child_node()

tipc: fix a possible memleak in tipc_buf_append

scsi: lpfc: Move NPIV's transport unregistration to after resource clean up

firewire: ohci: mask bus reset interrupts between ISR and bottom half

qibfs: fix dentry leak

phonet: fix rtm_phonet_notify() skb allocation

octeontx2-af: avoid off-by-one read from userspace

fs/9p: only translate RWX permissions for plain 9P2000

drm/amdgpu: Fix possible NULL dereference in amdgpu_ras_query_error_status_helper()

Live-patching will introduce network performance degradation in the best case scenario, or even some more serious issues. N/A or Low cvss3 score from NVD or vendors.

Out of scope - related to SuperH

gfs2: Fix slab-use-after-free in gfs2_qd_dealloc

net: atlantic: Fix DMA mapping for PTP hwts ring

Fixed function sleeps and executed in kthread, which may prevent patching/unpatching. Low score CVE.

ipv6: prevent NULL dereference in ip6_output()

Out of scope: User-mode Linux isn't supported for current kernel

mmc: davinci: Don't strip remove function when driver is

tcp_metrics: validate source addr length

tcp_metrics: validate source addr length

net: sched: sch_multiq: fix possible OOB write in multiq_tune()

drm/amd/display: Fix potential index out of bounds in color transformation function

net/mlx5: Discard command completions in internal error

nilfs2: We cannot patch functions that sleep in kthread().

stm class: Fix a double free in stm_register_device()

kdb: Fix buffer overflow during tab-complete

greybus: Fix use-after-free bug in gb_interface_release due to race condition.

dma-mapping: benchmark: handle NUMA_NO_NODE correctly

net: fix __dst_negative_advice() race

Out of scope as the patch is for NFC/Android

net/dpaa2: Avoid explicit cpumask var allocation on stack

net/iucv: Avoid explicit cpumask var allocation on stack

nilfs2: add missing check for inode numbers on directory

BPF selftest fix, not a kernel code.

net: dsa: mv88e6xxx: Correct check for empty list

wifi: mt76: replace skb_put with skb_put_zero

drm/amdgpu: add error handle to avoid out-of-bounds

bonding: Fix out-of-bounds read in

net/sched: Fix UAF when resolving a clash

media: lgdt3306a: Add a check against null-pointer-def

Patched functions sleep and are called from a kthread. Trackpad suspend/resume fix.

net: can: j1939: enhanced error handling for tightly received

media: cec: cec-api: add locking in cec_release()

usb: gadget: printer: fix races against disable

genirq/cpuhotplug, x86/vector: Prevent vector leak during CPU

ipvlan: Dont Use skb->sk in ipvlan_process_v{4,6}_outbound

f2fs: compress: don't allow unaligned truncation on released

f2fs: compress: fix to cover

dma-mapping: benchmark: fix node id validation

tls: fix missing memory barrier in tls_init

ppdev: Add an error check in register_device

Bluetooth: qca: fix info leak when fetching fw build id

drm/arm/malidp: fix a possible null pointer dereference

netfilter: tproxy: bail out if IP has been disabled on the device

usb: gadget: f_fs: Fix race between aio_cancel() and AIO request complete

netfilter: nfnetlink_queue: acquire rcu_read_lock() in instance_destroy_rcu()

drm: Check output polling initialized before disabling

Complex adaptation required. Livepatching of this vulnerability can harm the network subsystem.

scsi: qedf: Ensure the copied buf is NUL terminated

net: openvswitch: fix overwriting ct original tuple for ICMPv6

ASoC: kirkwood: Fix potential NULL dereference

drm/mediatek: Add 0 size check to mtk_drm_gem_obj

drm: bridge: cdns-mhdp8546: Fix possible null pointer dereference

media: atomisp: ssh_css: Fix a null-pointer dereference in load_video_binaries

drm: vc4: Fix possible null pointer dereference

net/sched: taprio: always validate TCA_TAPRIO_ATTR_PRIOMAP

nilfs2: fix potential kernel bug due to lack of writeback

r8169: Fix possible ring buffer corruption on fragmented Tx packets.

nilfs2: fix unexpected freezing of nilfs_segctor_sync() (dependency)

nilfs2: fix potential hang in nilfs_detach_log_writer()

epoll: be better about file lifetimes

crypto: bcm - Fix pointer arithmetic

ecryptfs: Fix buffer size for tag 66 packet

cppc_cpufreq: Fix possible null pointer dereference

thermal/drivers/tsens: Fix null pointer dereference

scsi: bfa: Ensure the copied buf is NUL terminated

speakup: Fix sizeof() vs ARRAY_SIZE() bug

ring-buffer: Fix a race between readers and resize checks

jffs2: prevent xattr node from overflowing the eraseblock

af_unix: Fix data races in unix_release_sock/unix_stream_sendmsg

RDMA/hns: Fix deadlock on SRQ async events.

RDMA/hns: Modify the print level of CQE error

ALSA: core: Fix NULL module pointer assignment at card init

macintosh/via-macii: Fix "BUG: sleeping function called from invalid context"

Out of scope as the patch is for m68k arch only, x86_64, arm64 is not affected

Vulnerability affects OS during boot time and can't be closed via livepatching.

Patch changes global data size, which may lead to FS errors. Low-score CVE requires complex adaptation.

media: stk1160: fix bounds checking in stk1160_copy_video()

ALSA: timer: Set lower bound of start tick time

greybus: lights: check return of get_channel_from_mode

soundwire: cadence: fix invalid PDI offset

serial: max3100: Update uart_driver_registered on driver removal

dma-buf/sw-sync: don't enable IRQ from sync_print_obj()

enic: Validate length of nl attributes in enic_set_vf_port

bpf: Allow delete from sockmap/sockhash only if update is allowed

ext4: fix mb_cache_entry's e_refcnt leak in ext4_xattr_block_cache_find()

Out of scope as the patch is for s390 arch only, x86_64, arm64 is not affected

ipv6: sr: fix missing sk_buff release in seg6_input_core

ipv6: sr: fix memleak in seg6_hmac_init_algo

f2fs: fix to do sanity check on i_xattr_nid in sanity_check_inode()

thermal/drivers/qcom/lmh: Check for SCM availability at probe

fbdev: savage: Handle err return when savagefb_check_var failed

net/9p: fix uninit-value in p9_client_rpc()

smb: client: fix deadlock in smb2_find_smb_tcon()

crypto: qat - Fix ADF_DEV_RESET_SYNC memory leak

liquidio: Adjust a NULL pointer handling path in lio_vf_rep_copy_packet

drm/komeda: check for error-valued pointer

drivers: core: synchronize really_probe() and dev_uevent()

vmci: prevent speculation leaks by sanitizing event in event_deliver()

HID: core: remove unnecessary WARN_ON() in implement()

wifi: mac80211: Fix deadlock in ieee80211_sta_ps_deliver_wakeup()

wifi: cfg80211: Lock wiphy in cfg80211_get_station

wifi: iwlwifi: mvm: check n_ssids before accessing the ssids

bpf: Set run context for rawtp test_run callback

ipv6: fix possible race in __fib6_drop_pcpu_from()

USB: class: cdc-wdm: Fix CPU lockup caused by excessive log

scsi: mpt3sas: Avoid test/set_bit() operating in non-allocated memory

wifi: mac80211: mesh: Fix leak of mesh_preq_queue objects

wifi: iwlwifi: mvm: don't read past the mfuart notifcation

iommu: Return right value in iommu_sva_bind_device()

drm/exynos/vidi: fix memory leak in .get_modes()

ocfs2: fix races between hole punching and AIO+DIO

xfrm6: check ip6_dst_idev() return value in xfrm6_get_saddr()

seg6: fix parameter passing when calling NF_HOOK() in End.DX4 and End.DX6 behaviors

scsi: qedi: Fix crash while reading debugfs attribute

drm/lima: mask irqs in timeout path before hard reset

Out of scope as the patch is for powerpc arch only, x86_64 is not affected

f2fs: remove clear SB_INLINECRYPT flag in default_options

MIPS related CVE.

serial: imx: Introduce timeout when waiting on transmitter empty

Out of scope as the patch is for MIPS arch only, x86_64 is not affected

ipv6: prevent possible NULL deref in fib6_nh_init()

ipv6: prevent possible NULL dereference in rt6_probe()

crypto: hisilicon/sec - Fix memory leak for sec resource release

batman-adv: bypass empty buckets in batadv_purge_orig_ref()

tracing: Build event generation tests only as modules

tracing: Build event generation tests only as modules

tipc: force a dst refcount before doing decryption

ACPICA: Revert "ACPICA: avoid Info: mapping multiple BARs.

RDMA/mlx5: Add check for srq max_sge attribute

drm/radeon: fix UBSAN warning in kv_dpm.c

drm/amdgpu: fix UBSAN warning in kv_dpm.c

netpoll: Fix race condition in netpoll_owner_active

ppp: reject claimed-as-LCP but actually malformed packets

udp: Set SOCK_RCU_FREE earlier in udp_lib_get_port().

Fix userfaultfd_api to return EINVAL as expected

usb: atm: cxacru: fix endpoint checking in cxacru_bind()

drm/nouveau/dispnv04: fix null pointer dereference in nv17_tv_get_ld_modes

drm/amdgpu: avoid using null object of framebuffer

drm/nouveau/dispnv04: fix null pointer dereference in nv17_tv_get_hd_modes

The patch affects too much kernel code. Low impact CVE.

pinctrl: fix deadlock in create_pinctrl() when handling -EPROBE_DEFER

ASoC: fsl-asoc-card: set priv->pdev before using it

drm/panel: ilitek-ili9881c: Fix warning with GPIO controllers that sleep

gpio: davinci: Validate the obtained number of IRQs

x86: stop playing stack games in profile_pc()

iio: chemical: bme680: Fix overflows in compensate() functions

ftruncate: pass a signed offset

crypto: ecdh - explicitly zeroize private_key

ALSA: emux: improve patch ioctl data validation

drm/amd/display: Check pipe offset before setting vblank

drm/amd/display: Skip finding free audio for unknown engine_id

jffs2: Fix potential illegal address access in jffs2_free_inode

inet_diag: Initialize pad field in struct inet_diag_req_v2

drm/nouveau: fix null pointer dereference in nouveau_connector_get_modes

drm/lima: fix shared irq handling on driver remove

scsi: qedf: Make qedf_execute_tmf() non-preemptible

Arch riscv is not supported.

mm: avoid overflows in dirty throttling logic

nvmet: fix a possible leak when destroy a ctrl during qp