- CKSIX-267: USB: hso: Fix OOB memory access in hso_probe/hso_get_config_data - CKSIX-267: CVE-2019-14615: drm/i915/gen9: Clear residual context state on context switch - CKSIX-267: CVE-2020-8647, CVE-2020-8649: vgacon: Fix a UAF in vgacon_invert_region - CKSIX-267: CVE-2020-14331: vgacon: Fix for missing check in scrollback handling - CKSIX-268: CVE-2021-3347: futex: Handle faults correctly for PI futexes - CKSIX-268: CVE-2021-3347: futex: Provide and use pi_state_update_owner() - CKSIX-263: KEYS: allow reaching the keys quotas exactly - CKSIX-263: KEYS: reaching the keys quotas correctly - CKSIX-263: fix -ENOMEM result with invalid user space pointer in sendto() syscall - CKSIX-263: CVE-2017-18344: posix-timer: Properly check sigevent->sigev_notify - CKSIX-263: CVE-2018-6927: futex: Prevent overflow by strengthen input validation - CKSIX-258: CVE-2017-6951: KEYS: Change the name of the dead type to ".dead" to prevent user access - CKSIX-258: CVE-2017-15299: KEYS: don't let add_key() update an uninstantiated key - CKSIX-258: fix CVE-2016-9604 - CKSIX-258: KEYS: add missing permission check for request_key() destination - CKSIX-258: CVE-2017-10661: timerfd: Protect the might cancel mechanism proper - CKSIX-258: fix CVE-2017-7472 - CKSIX-258: fix CVE-2017-15274