- ALSA: pcm: Fix races among concurrent prealloc proc writes {CVE-2022-1048} - ALSA: pcm: Fix races among concurrent prepare and hw_params/hw_free calls {CVE-2022-1048} - ALSA: pcm: Fix races among concurrent read/write and buffer changes {CVE-2022-1048} - ALSA: pcm: Fix races among concurrent hw_params and hw_free calls {CVE-2022-1048} - x86/elf: Disable automatic READ_IMPLIES_EXEC on 64-bit {CVE-2022-25265} - x86/elf: Split READ_IMPLIES_EXEC from executable PT_GNU_STACK {CVE-2022-25265} - x86/elf: Add table to document READ_IMPLIES_EXEC {CVE-2022-25265} - KVM: SEV-ES: fix another issue with string I/O VMGEXITs {CVE-2021-4093} - KVM: SEV-ES: go over the sev_pio_data buffer in multiple passes if needed {CVE-2021-4093} - KVM: SEV-ES: keep INS functions together {CVE-2021-4093} - KVM: x86: remove unnecessary arguments from complete_emulator_pio_in {CVE-2021-4093} - KVM: x86: split the two parts of emulator_pio_in {CVE-2021-4093} - KVM: x86: leave vcpu->arch.pio.count alone in emulator_pio_in_out {CVE-2021-4093} - KVM: SEV-ES: clean up kvm_sev_es_ins/outs {CVE-2021-4093} - KVM: SEV-ES: rename guest_ins_data to sev_pio_data {CVE-2021-4093} - KVM: SEV-ES: fix length of string I/O {CVE-2021-4093} - drm/i915: fix TLB invalidation for Gen12 video and compute engines {CVE-2022-4139} - drm/i915: Flush TLBs before releasing backing store {CVE-2022-0330} - xfs: fix up non-directory creation in SGID directories {CVE-2021-4037} - tcp: Fix data races around icsk->icsk_af_ops. {CVE-2022-3566} - ipv6: Fix data races around sk->sk_prot. {CVE-2022-3567} - ipv6: annotate some data-races around sk->sk_prot {CVE-2022-3567} - ipv6: use indirect call wrappers for {tcp, udpv6}_{recv, send}msg() {CVE-2022-3567} - netfilter: nf_tables: deactivate anonymous set from preparation phase {CVE-2023-32233} - netfilter: nf_tables: bogus EBUSY when deleting set after flush - media: dmxdev: fix UAF when dvb_register_device() fails {CVE-2022-41218} - l2tp: Don't sleep and disable BH under writer-side sk_callback_lock {CVE-2022-4129} - l2tp: Serialize access to sk_user_data with sk_callback_lock {CVE-2022-4129} - net: fix a concurrency bug in l2tp_tunnel_register() {CVE-2022-4129} - Bluetooth: L2CAP: Fix memory leak in vhci_write {CVE-2022-3619} - Bluetooth: L2CAP: Fix handling fragmented length - wifi: brcmfmac: Fix potential buffer overflow in brcmf_fweh_event_worker() {CVE-2022-3628} - wifi: cfg80211: avoid nontransmitted BSS list corruption {CVE-2022-42721} - cfg80211: scan: fix RCU in cfg80211_add_nontrans_list() - wifi: cfg80211: fix BSS refcounting bugs {CVE-2022-42720} - cfg80211: hold bss_lock while updating nontrans_list - ALSA: pcm: Move rwsem lock inside snd_ctl_elem_read to prevent UAF {CVE-2023-0266} - ALSA: control: Drop superfluous snd_power_wait() calls - ALSA: control: Track in-flight control read/write/tlv accesses - Bluetooth: L2CAP: Fix use-after-free caused by l2cap_reassemble_sdu {CVE-2022-3564} - netfilter: nf_conntrack_irc: Tighten matching on DCC message {CVE-2022-2663} - netfilter: nf_conntrack_irc: Fix forged IP logic {CVE-2022-2663} - KVM: x86: Avoid theoretical NULL pointer dereference in kvm_irq_delivery_to_apic_fast() {CVE-2022-2153} - KVM: Add infrastructure and macro to mark VM as bugged - KVM: x86/mmu: fix NULL pointer dereference on guest INVPCID {CVE-2022-1789} - tcp/udp: Fix memory leak in ipv6_renew_options(). {CVE-2022-3524} - proc: proc_skip_spaces() shouldn't think it is working on C strings {CVE-2022-4378} - proc: avoid integer type confusion in get_proc_long {CVE-2022-4378} - wifi: mac80211: fix crash in beacon protection for P2P-device {CVE-2022-42722} - net: sched: cbq: dont intepret cls results when asked to drop {CVE-2023-23454} - ipv6: raw: Deduct extension header length in rawv6_push_pending_frames {CVE-2023-0394} - net: sched: disallow noqueue for qdisc classes {CVE-2022-47929} - wifi: cfg80211: fix u8 overflow in cfg80211_update_notlisted_nontrans() {CVE-2022-41674} - af_key: Do not call xfrm_probe_algs in parallel {CVE-2022-3028} - dm verity: set DM_TARGET_IMMUTABLE feature flag {CVE-2022-20572}