OS: almalinux9 kernel: kernel-5.14.0-427.31.1.el9_4 time: 2026-03-02 17:44:57 kpatch-name: skipped/CVE-2024-35839.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-35839 kpatch-skip-reason: Live-patching will introduce network performance degradation in the best case scenario, or even some more serious issues. N/A or Low cvss3 score from NVD or vendors. kpatch-cvss: kpatch-name: rhel9/5.14.0-427.33.1.el9_4/CVE-2024-36003-ice-fix-lag-and-vf-lock-dependency-in.patch kpatch-description: ice: fix LAG and VF lock dependency in kpatch-kernel: 5.14.0-427.33.1.el9_4 kpatch-cve: CVE-2024-36003 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-36003 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=96fdd1f6b4ed72a741fb0eb705c0e13049b8721f kpatch-name: rhel9/5.14.0-427.33.1.el9_4/CVE-2024-36025-scsi-qla2xxx-fix-off-by-one-in.patch kpatch-description: scsi: qla2xxx: Fix off by one in kpatch-kernel: 5.14.0-427.33.1.el9_4 kpatch-cve: CVE-2024-36025 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-36025 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=4406e4176f47177f5e51b4cc7e6a7a2ff3dbfbbd kpatch-name: rhel9/5.14.0-427.33.1.el9_4/CVE-2024-39476-md-raid5-fix-deadlock-that-raid5d-wait-for.patch kpatch-description: md/raid5: fix deadlock that raid5d() wait for kpatch-kernel: 5.14.0-427.33.1.el9_4 kpatch-cve: CVE-2024-39476 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-39476 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=151f66bb618d1fd0eeb84acb61b4a9fa5d8bb0fa kpatch-name: rhel9/5.14.0-427.33.1.el9_4/CVE-2024-39476-md-raid5-fix-deadlock-that-raid5d-wait-for-kpatch.patch kpatch-description: md/raid5: remove pr_debug() in raid5d() kpatch-kernel: 5.14.0-427.33.1.el9_4 kpatch-cve: CVE-2024-39476 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-39476 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=151f66bb618d1fd0eeb84acb61b4a9fa5d8bb0fa kpatch-name: rhel9/5.14.0-427.33.1.el9_4/CVE-2024-26925-netfilter-nf-tables-release-mutex-after.patch kpatch-description: netfilter: nf_tables: release mutex after kpatch-kernel: 5.14.0-427.33.1.el9_4 kpatch-cve: CVE-2024-26925 kpatch-cvss: 7.0 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26925 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=0d459e2ffb541841714839e8228b845458ed3b27 kpatch-name: rhel9/5.14.0-427.33.1.el9_4/CVE-2024-26581-netfilter-nft-set-rbtree-skip-end-interval.patch kpatch-description: netfilter: nft_set_rbtree: skip end interval kpatch-kernel: 5.14.0-427.33.1.el9_4 kpatch-cve: CVE-2024-26581 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26581 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=60c0c230c6f046da536d3df8b39a20b9a9fd6af0 kpatch-name: rhel9/5.14.0-427.33.1.el9_4/CVE-2024-27020-netfilter-nf-tables-fix-potential-data-race-in.patch kpatch-description: netfilter: nf_tables: Fix potential data-race in kpatch-kernel: 5.14.0-427.33.1.el9_4 kpatch-cve: CVE-2024-27020 kpatch-cvss: 7.0 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-27020 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=f969eb84ce482331a991079ab7a5c4dc3b7f89bf kpatch-name: rhel9/5.14.0-427.33.1.el9_4/CVE-2024-41090-tap-add-missing-verification-for-short-frame.patch kpatch-description: tap: add missing verification for short frame kpatch-kernel: 5.14.0-427.33.1.el9_4 kpatch-cve: CVE-2024-41090 kpatch-cvss: 7.1 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-41090 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=ed7f2afdd0e043a397677e597ced0830b83ba0b3 kpatch-name: rhel9/5.14.0-427.33.1.el9_4/CVE-2024-41091-tun-add-missing-verification-for-short-frame.patch kpatch-description: tun: add missing verification for short frame kpatch-kernel: 5.14.0-427.33.1.el9_4 kpatch-cve: CVE-2024-41091 kpatch-cvss: 7.1 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-41091 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=049584807f1d797fc3078b68035450a9769eb5c3 kpatch-name: rhel9/5.14.0-427.33.1.el9_4/CVE-2024-26668-netfilter-nft-limit-reject-configurations-that.patch kpatch-description: netfilter: nft_limit: reject configurations that cause integer overflow kpatch-kernel: 5.14.0-427.33.1.el9_4 kpatch-cve: CVE-2024-26668 kpatch-cvss: 7.1 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26668 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=c9d9eb9c53d37cdebbad56b91e40baf42d5a97aa kpatch-name: rhel9/5.14.0-427.33.1.el9_4/CVE-2024-38538-net-bridge-xmit-make-sure-we-have-at-least-eth.patch kpatch-description: net: bridge: xmit: make sure we have at least eth kpatch-kernel: 5.14.0-427.33.1.el9_4 kpatch-cve: CVE-2024-38538 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-38538 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=8bd67ebb50c0145fd2ca8681ab65eb7e8cde1afc kpatch-name: rhel9/5.14.0-427.33.1.el9_4/CVE-2023-52880-tty-n-gsm-require-cap-net-admin-to-attach.patch kpatch-description: tty: n_gsm: require CAP_NET_ADMIN to attach kpatch-kernel: 5.14.0-427.33.1.el9_4 kpatch-cve: CVE-2023-52880 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-52880 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=67c37756898a5a6b2941a13ae7260c89b54e0d88 kpatch-name: skipped/CVE-2024-26908.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-26908 kpatch-skip-reason: CVE marked as rejected by vendor kpatch-cvss: kpatch-name: rhel9/5.14.0-427.33.1.el9_4/CVE-2024-27016-netfilter-flowtable-validate-pppoe-header.patch kpatch-description: netfilter: flowtable: validate pppoe header kpatch-kernel: 5.14.0-427.33.1.el9_4 kpatch-cve: CVE-2024-27016 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-27016 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=87b3593bed1868b2d9fe096c01bcdf0ea86cbebf kpatch-name: rhel9/5.14.0-427.33.1.el9_4/CVE-2024-27019-netfilter-nf-tables-fix-potential-data-race-in.patch kpatch-description: netfilter: nf_tables: Fix potential data-race in kpatch-kernel: 5.14.0-427.33.1.el9_4 kpatch-cve: CVE-2024-27019 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-27019 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=d78d867dcea69c328db30df665be5be7d0148484 kpatch-name: rhel9/5.14.0-427.33.1.el9_4/CVE-2024-35896-netfilter-validate-user-input-for-expected.patch kpatch-description: netfilter: validate user input for expected length kpatch-kernel: 5.14.0-427.33.1.el9_4 kpatch-cve: CVE-2024-35896 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-35896 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=0c83842df40f86e529db6842231154772c20edcc kpatch-name: rhel9/5.14.0-427.33.1.el9_4/CVE-2024-35962-netfilter-complete-validation-of-user-input.patch kpatch-description: netfilter: complete validation of user input kpatch-kernel: 5.14.0-427.33.1.el9_4 kpatch-cve: CVE-2024-35962 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-35962 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=65acf6e0501ac8880a4f73980d01b5d27648b956 kpatch-name: rhel9/5.14.0-427.33.1.el9_4/CVE-2024-35897-netfilter-nf_tables-reject-table-flag-and-netdev-basechain-updates.patch kpatch-description: netfilter: nf_tables: discard table flag update kpatch-kernel: 5.14.0-427.33.1.el9_4 kpatch-cve: CVE-2024-35897 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-35897 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=6cbbe1ba76ee7e674a86abd43009b083a45838cb kpatch-name: rhel9/5.14.0-427.33.1.el9_4/CVE-2024-35897-netfilter-nf-tables-discard-table-flag-update.patch kpatch-description: netfilter: nf_tables: discard table flag update kpatch-kernel: 5.14.0-427.33.1.el9_4 kpatch-cve: CVE-2024-35897 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-35897 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=1bc83a019bbe268be3526406245ec28c2458a518 kpatch-name: rhel9/5.14.0-427.33.1.el9_4/CVE-2023-52771-cxl-port-fix-delete-endpoint-vs-parent.patch kpatch-description: cxl/port: Fix delete_endpoint() vs parent kpatch-kernel: 5.14.0-427.33.1.el9_4 kpatch-cve: CVE-2023-52771 kpatch-cvss: 4.4 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-52771 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=8d2ad999ca3c64cb08cf6a58d227b9d9e746d708 kpatch-name: rhel9/5.14.0-427.33.1.el9_4/CVE-2024-26810-vfio-pci-lock-external-intx-masking-ops.patch kpatch-description: vfio/pci: Lock external INTx masking ops kpatch-kernel: 5.14.0-427.33.1.el9_4 kpatch-cve: CVE-2024-26810 kpatch-cvss: 4.4 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26810 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=810cd4bb53456d0503cc4e7934e063835152c1b7 kpatch-name: rhel9/5.14.0-427.33.1.el9_4/CVE-2024-42152-nvmet-fix-a-possible-leak-when-destroy-a-ctrl.patch kpatch-description: nvmet: fix a possible leak when destroy a ctrl kpatch-kernel: 5.14.0-427.33.1.el9_4 kpatch-cve: CVE-2024-42152 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-42152 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=c758b77d4a0a0ed3a1292b3fd7a2aeccd1a169a4 kpatch-name: rhel9/5.14.0-427.33.1.el9_4/CVE-2024-26855-net-ice-fix-potential-null-pointer-dereference.patch kpatch-description: net: ice: Fix potential NULL pointer dereference kpatch-kernel: 5.14.0-427.33.1.el9_4 kpatch-cve: CVE-2024-26855 kpatch-cvss: 4.4 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26855 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=06e456a05d669ca30b224b8ed962421770c1496c kpatch-name: rhel9/5.14.0-427.33.1.el9_4/CVE-2024-41076-nfsv4-fix-memory-leak-in-nfs4-set-security-label.patch kpatch-description: NFSv4: Fix memory leak in nfs4_set_security_label kpatch-kernel: 5.14.0-427.33.1.el9_4 kpatch-cve: CVE-2024-41076 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-41076 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=aad11473f8f4be3df86461081ce35ec5b145ba68 kpatch-name: rhel9/5.14.0-427.33.1.el9_4/CVE-2024-41041-udp-set-sock-rcu-free-earlier-in.patch kpatch-description: udp: Set SOCK_RCU_FREE earlier in udp_lib_get_port(). kpatch-kernel: 5.14.0-427.33.1.el9_4 kpatch-cve: CVE-2024-41041 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-41041 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=5c0b485a8c6116516f33925b9ce5b6104a6eadfd kpatch-name: rhel9/5.14.0-427.33.1.el9_4/CVE-2024-42110-net-ntb-netdev-move-ntb-netdev-rx-handler-to.patch kpatch-description: net: ntb_netdev: Move ntb_netdev_rx_handler() to call netif_rx() from __netif_rx() kpatch-kernel: 5.14.0-427.33.1.el9_4 kpatch-cve: CVE-2024-42110 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-42110 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=e15a5d821e5192a3769d846079bc9aa380139baf kpatch-name: rhel9/5.14.0-427.33.1.el9_4/CVE-2024-40957-seg6-fix-parameter-passing-when-calling.patch kpatch-description: seg6: fix parameter passing when calling NF_HOOK() in End.DX4 and End.DX6 behaviors kpatch-kernel: 5.14.0-427.33.1.el9_4 kpatch-cve: CVE-2024-40957 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-40957 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=9a3bc8d16e0aacd65c31aaf23a2bced3288a7779 kpatch-name: rhel9/5.14.0-427.33.1.el9_4/CVE-2024-40978-scsi-qedi-fix-crash-while-reading-debugfs.patch kpatch-description: scsi: qedi: Fix crash while reading debugfs attribute kpatch-kernel: 5.14.0-427.33.1.el9_4 kpatch-cve: CVE-2024-40978 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-40978 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=28027ec8e32ecbadcd67623edb290dad61e735b5 kpatch-name: rhel9/5.14.0-427.33.1.el9_4/CVE-2024-40941-wifi-iwlwifi-mvm-don-t-read-past-the-mfuart.patch kpatch-description: wifi: iwlwifi: mvm: don't read past the mfuart notifcation kpatch-kernel: 5.14.0-427.33.1.el9_4 kpatch-cve: CVE-2024-40941 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-40941 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=4bb95f4535489ed830cf9b34b0a891e384d1aee4 kpatch-name: rhel9/5.14.0-427.33.1.el9_4/CVE-2024-40929-wifi-iwlwifi-mvm-check-n-ssids-before.patch kpatch-description: wifi: iwlwifi: mvm: check n_ssids before accessing the ssids kpatch-kernel: 5.14.0-427.33.1.el9_4 kpatch-cve: CVE-2024-40929 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-40929 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=60d62757df30b74bf397a2847a6db7385c6ee281 kpatch-name: rhel9/5.14.0-427.33.1.el9_4/CVE-2024-40912-wifi-mac80211-fix-deadlock-in.patch kpatch-description: wifi: mac80211: Fix deadlock in ieee80211_sta_ps_deliver_wakeup() kpatch-kernel: 5.14.0-427.33.1.el9_4 kpatch-cve: CVE-2024-40912 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-40912 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=44c06bbde6443de206b30f513100b5670b23fc5e kpatch-name: rhel9/5.14.0-427.33.1.el9_4/CVE-2024-40911-wifi-cfg80211-lock-wiphy-in.patch kpatch-description: wifi: cfg80211: Lock wiphy in cfg80211_get_station kpatch-kernel: 5.14.0-427.33.1.el9_4 kpatch-cve: CVE-2024-40911 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-40911 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=642f89daa34567d02f312d03e41523a894906dae kpatch-name: rhel9/5.14.0-427.33.1.el9_4/CVE-2024-40939-net-wwan-iosm-fix-tainted-pointer-delete-is.patch kpatch-description: net: wwan: iosm: Fix tainted pointer delete is case of region creation fail kpatch-kernel: 5.14.0-427.33.1.el9_4 kpatch-cve: CVE-2024-40939 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-40939 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=b0c9a26435413b81799047a7be53255640432547 kpatch-name: rhel9/5.14.0-427.33.1.el9_4/CVE-2024-40905-ipv6-fix-possible-race-in.patch kpatch-description: ipv6: fix possible race in __fib6_drop_pcpu_from() kpatch-kernel: 5.14.0-427.33.1.el9_4 kpatch-cve: CVE-2024-40905 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-40905 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=b01e1c030770ff3b4fe37fc7cc6bca03f594133f kpatch-name: rhel9/5.14.0-427.33.1.el9_4/CVE-2024-40983-tipc-force-a-dst-refcount-before-doing.patch kpatch-description: tipc: force a dst refcount before doing decryption kpatch-kernel: 5.14.0-427.33.1.el9_4 kpatch-cve: CVE-2024-40983 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-40983 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=2ebe8f840c7450ecbfca9d18ac92e9ce9155e269 kpatch-name: rhel9/5.14.0-427.33.1.el9_4/CVE-2024-40914-mm-huge_memory-don-t-unpoison-huge_zero_folio.patch kpatch-description: mm/huge_memory: don't unpoison huge_zero_folio kpatch-kernel: 5.14.0-427.33.1.el9_4 kpatch-cve: CVE-2024-40914 kpatch-cvss: 4.7 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-40914 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=fe6f86f4b40855a130a19aa589f9ba7f650423f4 kpatch-name: rhel9/5.14.0-427.33.1.el9_4/CVE-2024-38544-rdma-rxe-fix-seg-fault-in-rxe-comp-queue-pkt.patch kpatch-description: RDMA/rxe: Fix seg fault in rxe_comp_queue_pkt kpatch-kernel: 5.14.0-427.33.1.el9_4 kpatch-cve: CVE-2024-38544 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-38544 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=2b23b6097303ed0ba5f4bc036a1c07b6027af5c6 kpatch-name: rhel9/5.14.0-427.33.1.el9_4/CVE-2024-38579-crypto-bcm-fix-pointer-arithmetic.patch kpatch-description: crypto: bcm - Fix pointer arithmetic kpatch-kernel: 5.14.0-427.33.1.el9_4 kpatch-cve: CVE-2024-38579 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-38579 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=2b3460cbf454c6b03d7429e9ffc4fe09322eb1a9 kpatch-name: rhel9/5.14.0-427.33.1.el9_4/CVE-2024-38540-bnxt-re-avoid-shift-undefined-behavior-in.patch kpatch-description: bnxt_re: avoid shift undefined behavior in kpatch-kernel: 5.14.0-427.33.1.el9_4 kpatch-cve: CVE-2024-38540 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-38540 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=78cfd17142ef70599d6409cbd709d94b3da58659 kpatch-name: rhel9/5.14.0-427.33.1.el9_4/CVE-2024-35898-netfilter-nf-tables-fix-potential-data-race-in.patch kpatch-description: netfilter: nf_tables: Fix potential data-race in kpatch-kernel: 5.14.0-427.33.1.el9_4 kpatch-cve: CVE-2024-35898 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-35898 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/patch/?id=24225011d81b471acc0e1e315b7d9905459a6304 kpatch-name: rhel9/5.14.0-427.33.1.el9_4/CVE-2024-38608-net-mlx5e-Add-wrapping-for-auxiliary_driver-ops-and.patch kpatch-description: net/mlx5e: Add wrapping for auxiliary_driver ops and remove unused args kpatch-kernel: 5.14.0-427.33.1.el9_4 kpatch-cve: CVE-2024-38608 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-38608 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=b1a33e65134786b9ef97f978572531c6004c8526 kpatch-name: rhel9/5.14.0-427.33.1.el9_4/CVE-2024-38608-net-mlx5e-Fix-netif-state-handling.patch kpatch-description: net/mlx5e: Fix netif state handling kpatch-kernel: 5.14.0-427.33.1.el9_4 kpatch-cve: CVE-2024-38608 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-38608 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=3d5918477f94e4c2f064567875c475468e264644 kpatch-name: rhel9/5.14.0-427.33.1.el9_4/CVE-2024-27415-netfilter-bridge-confirm-multicast-packets.patch kpatch-description: netfilter: bridge: confirm multicast packets kpatch-kernel: 5.14.0-427.33.1.el9_4 kpatch-cve: CVE-2024-27415 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-27415 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=62e7151ae3eb465e0ab52a20c941ff33bb6332e9 kpatch-name: rhel9/5.14.0-427.33.1.el9_4/CVE-2024-27415-netfilter-bridge-confirm-multicast-packets-kpatch.patch kpatch-description: netfilter: bridge: confirm multicast packets kpatch kpatch-kernel: 5.14.0-427.33.1.el9_4 kpatch-cve: CVE-2024-27415 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-27415 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=62e7151ae3eb465e0ab52a20c941ff33bb6332e9 kpatch-name: rhel9/5.14.0-427.35.1.el9_4/CVE-2024-36979-net-bridge-mst-fix-vlan-use-after-free.patch kpatch-description: net: bridge: mst: fix vlan use-after-free kpatch-kernel: 5.14.0-427.35.1.el9_4 kpatch-cve: CVE-2024-36979 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-36979 kpatch-patch-url: https://git.kernel.org/linus/3a7c1661ae1383364cd6092d851f5e5da64d476b kpatch-name: rhel9/5.14.0-427.35.1.el9_4/CVE-2024-36979-CVE-2024-40920-net-bridge-mst-fix-suspicious-rcu-usage-in-br_mst_se.patch kpatch-description: net: bridge: mst: fix vlan use-after-free kpatch-kernel: 5.14.0-427.35.1.el9_4 kpatch-cve: CVE-2024-36979 CVE-2024-40920 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-36979 kpatch-patch-url: https://git.kernel.org/linus/546ceb1dfdac866648ec959cbc71d9525bd73462 kpatch-name: rhel9/5.14.0-427.35.1.el9_4/CVE-2024-36979-CVE-2024-40921-net-bridge-mst-pass-vlan-group-directly-to-br_mst_vl.patch kpatch-description: net: bridge: mst: fix vlan use-after-free kpatch-kernel: 5.14.0-427.35.1.el9_4 kpatch-cve: CVE-2024-36979 CVE-2024-40921 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-36979 kpatch-patch-url: https://git.kernel.org/linus/36c92936e868601fa1f43da6758cf55805043509 kpatch-name: rhel9/5.14.0-427.35.1.el9_4/CVE-2024-26630-mm-cachestat-fix-folio-read-after-free-in-cache-walk.patch kpatch-description: mm: cachestat: fix folio read-after-free in cache walk kpatch-kernel: 5.14.0-427.35.1.el9_4 kpatch-cve: CVE-2024-26630 kpatch-cvss: 7.1 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26630 kpatch-patch-url: https://git.kernel.org/linus/3a75cb05d53f4a6823a32deb078de1366954a804 kpatch-name: rhel9/5.14.0-427.35.1.el9_4/CVE-2024-41096-PCI-MSI-Fix-UAF-in-msi_capability_init.patch kpatch-description: PCI/MSI: Fix UAF in msi_capability_init kpatch-kernel: 5.14.0-427.35.1.el9_4 kpatch-cve: CVE-2024-41096 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-41096 kpatch-patch-url: https://git.kernel.org/linus/9eee5330656bf92f51cb1f09b2dc9f8cf975b3d1 kpatch-name: rhel9/5.14.0-427.35.1.el9_4/CVE-2024-41073-vme-avoid-double-free-special-payload.patch kpatch-description: nvme: avoid double free special payload kpatch-kernel: 5.14.0-427.35.1.el9_4 kpatch-cve: CVE-2024-41073 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-41073 kpatch-patch-url: https://git.kernel.org/linus/e5d574ab37f5f2e7937405613d9b1a724811e5ad kpatch-name: rhel9/5.14.0-427.35.1.el9_4/CVE-2024-41040-net-sched-Fix-UAF-when-resolving-a-clash.patch kpatch-description: net/sched: Fix UAF when resolving a clash kpatch-kernel: 5.14.0-427.35.1.el9_4 kpatch-cve: CVE-2024-41040 kpatch-cvss: 7.0 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-41040 kpatch-patch-url: https://git.kernel.org/linus/26488172b0292bed837b95a006a3f3431d1898c3 kpatch-name: rhel9/5.14.0-427.35.1.el9_4/CVE-2023-52801-iommufd-Fix-missing-update-of-domains_itree-after-s.patch kpatch-description: iommufd: Fix missing update of domains_itree after splitting iopt_area kpatch-kernel: 5.14.0-427.35.1.el9_4 kpatch-cve: CVE-2023-52801 kpatch-cvss: 9.1 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-52801 kpatch-patch-url: https://git.kernel.org/linus/e7250ab7ca4998fe026f2149805b03e09dc32498 kpatch-name: rhel9/5.14.0-427.35.1.el9_4/CVE-2024-35797-mm-cachestat-fix-two-shmem-bugs.patch kpatch-description: mm: cachestat: fix two shmem bugs kpatch-kernel: 5.14.0-427.35.1.el9_4 kpatch-cve: CVE-2024-35797 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-35797 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=d5d39c707a4cf0bcc84680178677b97aa2cb2627 kpatch-name: rhel9/5.14.0-427.35.1.el9_4/CVE-2024-26629-nfsd-fix-RELEASE_LOCKOWNER.patch kpatch-description: nfsd: fix RELEASE_LOCKOWNER kpatch-kernel: 5.14.0-427.35.1.el9_4 kpatch-cve: CVE-2024-26629 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26629 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=edcf9725150e42beeca42d085149f4c88fa97afd kpatch-name: rhel9/5.14.0-427.35.1.el9_4/CVE-2024-26946-kprobes-x86-use-copy-from-kernel-nofault-to.patch kpatch-description: kprobes/x86: Use copy_from_kernel_nofault() to read from unsafe address kpatch-kernel: 5.14.0-427.35.1.el9_4 kpatch-cve: CVE-2024-26946 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26946 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=4e51653d5d871f40f1bd5cf95cc7f2d8b33d063b kpatch-name: rhel9/5.14.0-427.35.1.el9_4/CVE-2024-36000-mm-hugetlb-fix-missing-hugetlb_lock-for-resv-unchar.patch kpatch-description: mm/hugetlb: fix missing hugetlb_lock for resv kpatch-kernel: 5.14.0-427.35.1.el9_4 kpatch-cve: CVE-2024-36000 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-36000 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=b76b46902c2d0395488c8412e1116c2486cdfcb2 kpatch-name: rhel9/5.14.0-427.35.1.el9_4/CVE-2024-36019-regmap-maple-fix-cache-corruption-in.patch kpatch-description: regmap: maple: Fix cache corruption in kpatch-kernel: 5.14.0-427.35.1.el9_4 kpatch-cve: CVE-2024-36019 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-36019 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=00bb549d7d63a21532e76e4a334d7807a54d9f31 kpatch-name: skipped/CVE-2024-26720.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-26720 kpatch-skip-reason: This CVE introduces a regression and is reverted by CVE-2024-42102 in the same errata kpatch-cvss: kpatch-name: rhel9/5.14.0-427.35.1.el9_4/CVE-2023-52463-efivarfs-force-RO-when-remounting-if-SetVariable-is-not-supported.patch kpatch-description: efivarfs: force RO when remounting if SetVariable kpatch-kernel: 5.14.0-427.35.1.el9_4 kpatch-cve: CVE-2023-52463 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-52463 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=0e8d2444168dd519fea501599d150e62718ed2fe kpatch-name: rhel9/5.14.0-427.35.1.el9_4/CVE-2023-52463-efivarfs-force-RO-when-remounting-if-SetVariable-is-not-supported-kpatch.patch kpatch-description: efivarfs: force RO when remounting if SetVariable kpatch-kernel: 5.14.0-427.35.1.el9_4 kpatch-cve: CVE-2023-52463 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-52463 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=0e8d2444168dd519fea501599d150e62718ed2fe kpatch-name: rhel9/5.14.0-427.35.1.el9_4/CVE-2024-35791-kvm-svm-flush-pages-under-kvm-lock-to-fix-uaf.patch kpatch-description: KVM: SVM: Flush pages under kvm->lock to fix UAF kpatch-kernel: 5.14.0-427.35.1.el9_4 kpatch-cve: CVE-2024-35791 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-35791 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=5ef1d8c1ddbf696e47b226e11888eaf8d9e8e807 kpatch-name: rhel9/5.14.0-427.35.1.el9_4/CVE-2024-36883-net-fix-out-of-bounds-access-in-ops-init.patch kpatch-description: net: fix out-of-bounds access in ops_init kpatch-kernel: 5.14.0-427.35.1.el9_4 kpatch-cve: CVE-2024-36883 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-36883 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=a26ff37e624d12e28077e5b24d2b264f62764ad6 kpatch-name: rhel9/5.14.0-427.35.1.el9_4/CVE-2024-38559-scsi-qedf-ensure-the-copied-buf-is-nul.patch kpatch-description: scsi: qedf: Ensure the copied buf is NUL kpatch-kernel: 5.14.0-427.35.1.el9_4 kpatch-cve: CVE-2024-38559 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-38559 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=d0184a375ee797eb657d74861ba0935b6e405c62 kpatch-name: rhel9/5.14.0-427.35.1.el9_4/CVE-2024-40927-xhci-handle-td-clearing-for-multiple-streams.patch kpatch-description: xhci: Handle TD clearing for multiple streams kpatch-kernel: 5.14.0-427.35.1.el9_4 kpatch-cve: CVE-2024-40927 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-40927 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=5ceac4402f5d975e5a01c806438eb4e554771577 kpatch-name: rhel9/5.14.0-427.35.1.el9_4/CVE-2024-40936-cxl-region-fix-memregion-leaks-in.patch kpatch-description: cxl/region: Fix memregion leaks in devm_cxl_add_region() kpatch-kernel: 5.14.0-427.35.1.el9_4 kpatch-cve: CVE-2024-40936 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-40936 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=49ba7b515c4c0719b866d16f068e62d16a8a3dd1 kpatch-name: rhel9/5.14.0-427.35.1.el9_4/CVE-2024-41044-ppp-reject-claimed-as-lcp-but-actually-malformed.patch kpatch-description: ppp: reject claimed-as-LCP but actually malformed kpatch-kernel: 5.14.0-427.35.1.el9_4 kpatch-cve: CVE-2024-41044 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-41044 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=f2aeb7306a898e1cbd03963d376f4b6656ca2b55 kpatch-name: rhel9/5.14.0-427.35.1.el9_4/CVE-2024-41055-mm-kmsan-fix-infinite-recursion-due-to-rcu.patch kpatch-description: mm, kmsan: fix infinite recursion due to RCU kpatch-kernel: 5.14.0-427.35.1.el9_4 kpatch-cve: CVE-2024-41055 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-41055 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=82f0b6f041fad768c28b4ad05a683065412c226e kpatch-name: rhel9/5.14.0-427.35.1.el9_4/CVE-2024-41055-mm-prevent-derefencing-null-ptr-in.patch kpatch-description: mm: prevent derefencing NULL ptr in kpatch-kernel: 5.14.0-427.35.1.el9_4 kpatch-cve: CVE-2024-41055 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-41055 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=82f0b6f041fad768c28b4ad05a683065412c226e kpatch-name: rhel9/5.14.0-427.35.1.el9_4/CVE-2024-42082-xdp-remove-warn-from-xdp-reg-mem-model.patch kpatch-description: xdp: Remove WARN() from __xdp_reg_mem_model() kpatch-kernel: 5.14.0-427.35.1.el9_4 kpatch-cve: CVE-2024-42082 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-42082 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=7e9f79428372c6eab92271390851be34ab26bfb4 kpatch-name: rhel9/5.14.0-427.35.1.el9_4/CVE-2024-42096-x86-stop-playing-stack-games-in-profile-pc.patch kpatch-description: x86: stop playing stack games in profile_pc() kpatch-kernel: 5.14.0-427.35.1.el9_4 kpatch-cve: CVE-2024-42096 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-42096 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=093d9603b60093a9aaae942db56107f6432a5dca kpatch-name: skipped/CVE-2024-42102.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-42102 kpatch-skip-reason: Reverts CVE-2024-26720, which we don't use. kpatch-cvss: kpatch-name: rhel9/5.14.0-427.35.1.el9_4/CVE-2024-42131-mm-avoid-overflows-in-dirty-throttling-logic.patch kpatch-description: mm: avoid overflows in dirty throttling logic kpatch-kernel: 5.14.0-427.35.1.el9_4 kpatch-cve: CVE-2024-42131 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-42131 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=385d838df280eba6c8680f9777bfa0d0bfe7e8b2 kpatch-name: rhel9/5.14.0-427.35.1.el9_4/CVE-2024-35875-x86-coco-Require-seeding-RNG-with-RDRAND-on-CoCo-systems.patch kpatch-description: x86/coco: Require seeding RNG with RDRAND on CoCo kpatch-kernel: 5.14.0-427.35.1.el9_4 kpatch-cve: CVE-2024-35875 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-35875 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=99485c4c026f024e7cb82da84c7951dbe3deb584 kpatch-name: rhel9/5.14.0-427.35.1.el9_4/CVE-2024-35875-x86-coco-Require-seeding-RNG-with-RDRAND-on-CoCo-systems-kpatch.patch kpatch-description: x86/coco: Require seeding RNG with RDRAND on CoCo kpatch-kernel: 5.14.0-427.35.1.el9_4 kpatch-cve: CVE-2024-35875 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-35875 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=99485c4c026f024e7cb82da84c7951dbe3deb584 kpatch-name: rhel9/5.14.0-427.35.1.el9_4/CVE-2024-38619-usb-storage-alauda-check-whether-the-media-is.patch kpatch-description: usb-storage: alauda: Check whether the media is initialized kpatch-kernel: 5.14.0-427.35.1.el9_4 kpatch-cve: CVE-2024-38619 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-38619 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=16637fea001ab3c8df528a8995b3211906165a30 kpatch-name: rhel9/5.14.0-427.35.1.el9_4/CVE-2024-38619-usb-storage-alauda-check-whether-the-media-is-initialized-kpatch.patch kpatch-description: usb-storage: alauda: Check whether the media is initialized (Adaptation) kpatch-kernel: 5.14.0-427.35.1.el9_4 kpatch-cve: CVE-2024-38619 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-38619 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=16637fea001ab3c8df528a8995b3211906165a30 kpatch-name: rhel9/5.14.0-427.35.1.el9_4/CVE-2024-26886-bluetooth-af-bluetooth-fix-deadlock.patch kpatch-description: Bluetooth: af_bluetooth: Fix deadlock kpatch-kernel: 5.14.0-427.35.1.el9_4 kpatch-cve: CVE-2024-26886 kpatch-cvss: 5.3 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26886 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=f7b94bdc1ec107c92262716b073b3e816d4784fb kpatch-name: rhel9/5.14.0-427.37.1.el9_4/CVE-2023-52439-uio-fix-use-after-free-in-uio-open.patch kpatch-description: uio: Fix use-after-free in uio_open kpatch-kernel: 5.14.0-427.37.1.el9_4 kpatch-cve: CVE-2023-52439 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-52439 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=0c9ae0b8605078eafc3bea053cc78791e97ba2e2 kpatch-name: rhel9/5.14.0-427.37.1.el9_4/CVE-2024-38570-01-gfs2-Remove-ill-placed-consistency-check.patch kpatch-description: gfs2: Remove ill-placed consistency check kpatch-kernel: 5.14.0-427.37.1.el9_4 kpatch-cve: CVE-2024-38570 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-38570 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=59f60005797b4018d7b46620037e0c53d690795e kpatch-name: rhel9/5.14.0-427.37.1.el9_4/CVE-2024-38570-02-gfs2-simplify-gdlm_put_lock-with-out_free-label.patch kpatch-description: gfs2: simplify gdlm_put_lock with out_free label kpatch-kernel: 5.14.0-427.37.1.el9_4 kpatch-cve: CVE-2024-38570 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-38570 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=a9b0f6f4adb1a8b4219e3e14ab6ef46c14987ac0 kpatch-name: rhel9/5.14.0-427.37.1.el9_4/CVE-2024-38570-03-gfs2-Fix-potential-glock-use-after-free-on-unmount.patch kpatch-description: gfs2: Fix potential glock use-after-free on unmount kpatch-kernel: 5.14.0-427.37.1.el9_4 kpatch-cve: CVE-2024-38570 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-38570 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=501cd8fabf621d10bd4893e37f6ce6c20523c8ca kpatch-name: rhel9/5.14.0-427.37.1.el9_4/CVE-2024-38570-03-gfs2-Fix-potential-glock-use-after-free-on-unmount-kpatch.patch kpatch-description: gfs2: Fix potential glock use-after-free on unmount kpatch-kernel: 5.14.0-427.37.1.el9_4 kpatch-cve: CVE-2024-38570 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-38570 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=501cd8fabf621d10bd4893e37f6ce6c20523c8ca kpatch-name: rhel9/5.14.0-427.37.1.el9_4/CVE-2024-26929-scsi-qla2xxx-fix-double-free-of-fcport.patch kpatch-description: scsi: qla2xxx: Fix double free of fcport kpatch-kernel: 5.14.0-427.37.1.el9_4 kpatch-cve: CVE-2024-26929 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26929 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=82f522ae0d97119a43da53e0f729275691b9c525 kpatch-name: rhel9/5.14.0-427.37.1.el9_4/CVE-2024-26930-scsi-qla2xxx-fix-double-free-of-the-ha-vp-map-pointer.patch kpatch-description: scsi: qla2xxx: Fix double free of the ha->vp_map pointer kpatch-kernel: 5.14.0-427.37.1.el9_4 kpatch-cve: CVE-2024-26930 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26930 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=e288285d47784fdcf7c81be56df7d65c6f10c58b kpatch-name: rhel9/5.14.0-427.37.1.el9_4/CVE-2024-27022-fork-defer-linking-file-vma-until-vma-is-fully-initialized.patch kpatch-description: fork: defer linking file vma until vma is fully initialized kpatch-kernel: 5.14.0-427.37.1.el9_4 kpatch-cve: CVE-2024-27022 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-27022 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=35e351780fa9d8240dd6f7e4f245f9ea37e96c19 kpatch-name: rhel9/5.14.0-427.37.1.el9_4/CVE-2024-38562-wifi-nl80211-avoid-address-calculations-via-out-of-bounds-array-indexing.patch kpatch-description: wifi: nl80211: Avoid address calculations via out of bounds array indexing kpatch-kernel: 5.14.0-427.37.1.el9_4 kpatch-cve: CVE-2024-38562 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-38562 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=838c7b8f1f278404d9d684c34a8cb26dc41aaaa1 kpatch-name: rhel9/5.14.0-427.37.1.el9_4/CVE-2024-41071-wifi-mac80211-avoid-address-calculations-via-out-of-bounds-array-indexing.patch kpatch-description: wifi: mac80211: Avoid address calculations via out of bounds array indexing kpatch-kernel: 5.14.0-427.37.1.el9_4 kpatch-cve: CVE-2024-41071 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-41071 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=2663d0462eb32ae7c9b035300ab6b1523886c718 kpatch-name: rhel9/5.14.0-427.37.1.el9_4/CVE-2024-36016-tty-n-gsm-fix-possible-out-of-bounds-in-gsm0-receive.patch kpatch-description: tty: n_gsm: fix possible out-of-bounds in gsm0_receive() kpatch-kernel: 5.14.0-427.37.1.el9_4 kpatch-cve: CVE-2024-36016 kpatch-cvss: 7.7 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-36016 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=47388e807f85948eefc403a8a5fdc5b406a65d5a kpatch-name: rhel9/5.14.0-427.37.1.el9_4/CVE-2024-38573-cppc-cpufreq-fix-possible-null-pointer-dereference.patch kpatch-description: cppc_cpufreq: Fix possible null pointer dereference kpatch-kernel: 5.14.0-427.37.1.el9_4 kpatch-cve: CVE-2024-38573 kpatch-cvss: 7.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-38573 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=cf7de25878a1f4508c69dc9f6819c21ba177dbfe kpatch-name: rhel9/5.14.0-427.37.1.el9_4/CVE-2024-42225-wifi-mt76-replace-skb-put-with-skb-put-zero.patch kpatch-description: wifi: mt76: replace skb_put with skb_put_zero kpatch-kernel: 5.14.0-427.37.1.el9_4 kpatch-cve: CVE-2024-42225 kpatch-cvss: 7.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-42225 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=7f819a2f4fbc510e088b49c79addcf1734503578 kpatch-name: rhel9/5.14.0-427.37.1.el9_4/CVE-2024-38615-cpufreq-exit-callback-is-optional.patch kpatch-description: cpufreq: exit() callback is optional kpatch-kernel: 5.14.0-427.37.1.el9_4 kpatch-cve: CVE-2024-38615 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-38615 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=b8f85833c05730d631576008daaa34096bc7f3ce kpatch-name: rhel9/5.14.0-427.37.1.el9_4/CVE-2024-36899-gpiolib-cdev-fix-use-after-free-in-lineinfo-changed-notify.patch kpatch-description: gpiolib: cdev: Fix use after free in lineinfo_changed_notify kpatch-kernel: 5.14.0-427.37.1.el9_4 kpatch-cve: CVE-2024-36899 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-36899 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=02f6b0e1ec7e0e7d059dddc893645816552039da kpatch-name: rhel9/5.14.0-427.37.1.el9_4/CVE-2024-35895-bpf-sockmap-prevent-lock-inversion-deadlock-in-map-delete-elem.patch kpatch-description: bpf, sockmap: Prevent lock inversion deadlock in map delete elem kpatch-kernel: 5.14.0-427.37.1.el9_4 kpatch-cve: CVE-2024-35895 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-35895 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=ff91059932401894e6c86341915615c5eb0eca48 kpatch-name: rhel9/5.14.0-427.37.1.el9_4/CVE-2024-26931-scsi-qla2xxx-fix-command-flush-on-cable-pull.patch kpatch-description: scsi: qla2xxx: Fix command flush on cable pull kpatch-kernel: 5.14.0-427.37.1.el9_4 kpatch-cve: CVE-2024-26931 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26931 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=a27d4d0e7de305def8a5098a614053be208d1aa1 kpatch-name: rhel9/5.14.0-427.37.1.el9_4/CVE-2024-38601-ring-buffer-fix-a-race-between-readers-and-resize-checks.patch kpatch-description: ring-buffer: Fix a race between readers and resize checks kpatch-kernel: 5.14.0-427.37.1.el9_4 kpatch-cve: CVE-2024-38601 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-38601 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=c2274b908db05529980ec056359fae916939fdaa kpatch-name: rhel9/5.14.0-427.37.1.el9_4/CVE-2023-52884-input-cyapa-add-missing-input-core-locking-to-suspend-resume-functions.patch kpatch-description: Input: cyapa - add missing input core locking to suspend/resume functions kpatch-kernel: 5.14.0-427.37.1.el9_4 kpatch-cve: CVE-2023-52884 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-52884 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=7b4e0b39182cf5e677c1fc092a3ec40e621c25b6 kpatch-name: skipped/CVE-2024-26947.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-26947 kpatch-skip-reason: ARM related CVE kpatch-cvss: kpatch-name: rhel9/5.14.0-427.37.1.el9_4/CVE-2024-40984-acpica-revert-acpica-avoid-info-mapping-multiple-bars-your-kernel-is-fine.patch kpatch-description: ACPICA: Revert "ACPICA: avoid Info: mapping multiple BARs. Your kernel is fine." kpatch-kernel: 5.14.0-427.37.1.el9_4 kpatch-cve: CVE-2024-40984 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-40984 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=a83e1385b780d41307433ddbc86e3c528db031f0 kpatch-name: rhel9/5.14.0-427.37.1.el9_4/CVE-2024-26991-kvm-x86-mmu-x86-don-t-overflow-lpage-info-when-checking-attributes.patch kpatch-description: KVM: x86/mmu: x86: Don't overflow lpage_info when checking attributes kpatch-kernel: 5.14.0-427.37.1.el9_4 kpatch-cve: CVE-2024-26991 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26991 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=992b54bd083c5bee24ff7cc35991388ab08598c4 kpatch-name: rhel9/5.14.0-427.37.1.el9_4/CVE-2024-42246-net-sunrpc-remap-eperm-in-case-of-connection-failure-in-xs-tcp-setup-socket.patch kpatch-description: net, sunrpc: Remap EPERM in case of connection failure in xs_tcp_setup_socket kpatch-kernel: 5.14.0-427.37.1.el9_4 kpatch-cve: CVE-2024-42246 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-42246 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=626dfed5fa3bfb41e0dffd796032b555b69f9cde kpatch-name: rhel9/5.14.0-427.37.1.el9_4/CVE-2024-26739-net-sched-act_mirred-Create-function-tcf_mirred_to_.patch kpatch-description: net/sched: act_mirred: Create function tcf_mirred_to_dev and improve readability kpatch-kernel: 5.14.0-427.37.1.el9_4 kpatch-cve: CVE-2024-26739 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26739 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=16085e48cb48aeb50a1178dc276747749910b0f2 kpatch-name: rhel9/5.14.0-427.37.1.el9_4/CVE-2024-26739-net-sched-act-mirred-don-t-override-retval-if-we-already-lost-the-skb.patch kpatch-description: net/sched: act_mirred: don't override retval if we already lost the skb kpatch-kernel: 5.14.0-427.37.1.el9_4 kpatch-cve: CVE-2024-26739 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26739 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=166c2c8a6a4dc2e4ceba9e10cfe81c3e469e3210 kpatch-name: rhel9/5.14.0-427.40.1.el9_4/CVE-2024-36978-net-sched-sch-multiq-fix-possible-oob-write-in-multiq-tune.patch kpatch-description: net: sched: sch_multiq: fix possible OOB write in multiq_tune() kpatch-kernel: 5.14.0-427.40.1.el9_4 kpatch-cve: CVE-2024-36978 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-36978 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=affc18fdc694190ca7575b9a86632a73b9fe043d kpatch-name: rhel9/5.14.0-427.40.1.el9_4/CVE-2024-42284-tipc-return-non-zero-value-from-tipc-udp-addr2str-on-error.patch kpatch-description: tipc: Return non-zero value from tipc_udp_addr2str() on error kpatch-kernel: 5.14.0-427.40.1.el9_4 kpatch-cve: CVE-2024-42284 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-42284 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=fa96c6baef1b5385e2f0c0677b32b3839e716076 kpatch-name: rhel9/5.14.0-427.40.1.el9_4/CVE-2021-47385-hwmon-w83792d-fix-null-pointer-dereference-by-removing-unnecessary-structure-field.patch kpatch-description: hwmon: (w83792d) Fix NULL pointer dereference by removing unnecessary structure field kpatch-kernel: 5.14.0-427.40.1.el9_4 kpatch-cve: CVE-2021-47385 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2021-47385 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=0f36b88173f028e372668ae040ab1a496834d278 kpatch-name: rhel9/5.14.0-427.40.1.el9_4/CVE-2021-47385-hwmon-w83792d-fix-null-pointer-dereference-by-removing-unnecessary-structure-field-kpatch.patch kpatch-description: hwmon: (w83792d) Fix NULL pointer dereference by removing unnecessary structure field kpatch-kernel: 5.14.0-427.40.1.el9_4 kpatch-cve: CVE-2021-47385 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2021-47385 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=0f36b88173f028e372668ae040ab1a496834d278 kpatch-name: rhel9/5.14.0-427.40.1.el9_4/CVE-2024-35989-dmaengine-idxd-fix-oops-during-rmmod-on-single-cpu-platforms.patch kpatch-description: dmaengine: idxd: Fix oops during rmmod on single-CPU platforms kpatch-kernel: 5.14.0-427.40.1.el9_4 kpatch-cve: CVE-2024-35989 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-35989 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=f221033f5c24659dc6ad7e5cf18fb1b075f4a8be kpatch-name: rhel9/5.14.0-427.40.1.el9_4/CVE-2024-40959-xfrm6-check-ip6-dst-idev-return-value-in-xfrm6-get-saddr.patch kpatch-description: xfrm6: check ip6_dst_idev() return value in xfrm6_get_saddr() kpatch-kernel: 5.14.0-427.40.1.el9_4 kpatch-cve: CVE-2024-40959 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-40959 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=d46401052c2d5614da8efea5788532f0401cb164 kpatch-name: rhel9/5.14.0-427.40.1.el9_4/CVE-2024-42079-gfs2-fix-null-pointer-dereference-in-gfs2-log-flush.patch kpatch-description: gfs2: Fix NULL pointer dereference in gfs2_log_flush kpatch-kernel: 5.14.0-427.40.1.el9_4 kpatch-cve: CVE-2024-42079 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-42079 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=35264909e9d1973ab9aaa2a1b07cda70f12bb828 kpatch-name: skipped/CVE-2023-28746.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2023-28746 kpatch-skip-reason: RFDS: Medium score vulnerability affecting only Intel Atom CPUs, mitigated via microcode update. kpatch-cvss: kpatch-name: rhel9/5.14.0-427.40.1.el9_4/CVE-2023-52658-revert-net-mlx5-block-entering-switchdev-mode-with-ns-inconsistency.patch kpatch-description: Revert "net/mlx5: Block entering switchdev mode with ns inconsistency" kpatch-kernel: 5.14.0-427.40.1.el9_4 kpatch-cve: CVE-2023-52658 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-52658 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=8deeefb24786ea7950b37bde4516b286c877db00 kpatch-name: rhel9/5.14.0-427.40.1.el9_4/CVE-2024-27403-netfilter-nft-flow-offload-reset-dst-in-route-object-after-setting-up-flow.patch kpatch-description: netfilter: nft_flow_offload: reset dst in route object after setting up flow kpatch-kernel: 5.14.0-427.40.1.el9_4 kpatch-cve: CVE-2024-27403 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-27403 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=9e0f0430389be7696396c62f037be4bf72cf93e3 kpatch-name: rhel9/5.14.0-427.40.1.el9_4/CVE-2024-36889-mptcp-ensure-snd-nxt-is-properly-initialized-on-connect.patch kpatch-description: mptcp: ensure snd_nxt is properly initialized on connect kpatch-kernel: 5.14.0-427.40.1.el9_4 kpatch-cve: CVE-2024-36889 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-36889 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=fb7a0d334894206ae35f023a82cad5a290fd7386 kpatch-name: rhel9/5.14.0-427.40.1.el9_4/CVE-2024-39483-kvm-svm-warn-on-vnmi-nmi-window-iff-nmis-are-outright-masked.patch kpatch-description: KVM: SVM: WARN on vNMI + NMI window iff NMIs are outright masked kpatch-kernel: 5.14.0-427.40.1.el9_4 kpatch-cve: CVE-2024-39483 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-39483 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=b4bd556467477420ee3a91fbcba73c579669edc6 kpatch-name: skipped/CVE-2024-39502.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-39502 kpatch-skip-reason: Patches a sleepable function, there is a small but non-zero risk of livepatching failure kpatch-cvss: kpatch-name: skipped/CVE-2024-42272.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-42272 kpatch-skip-reason: el9 kernels are not vulnerable: no versions with commit 88c67aeb1407 only. kpatch-cvss: kpatch-name: rhel9/5.14.0-427.40.1.el9_4/CVE-2024-38556-net-mlx5-add-a-timeout-to-acquire-the-command-queue-semaphore.patch kpatch-description: net/mlx5: Add a timeout to acquire the command queue semaphore kpatch-kernel: 5.14.0-427.40.1.el9_4 kpatch-cve: CVE-2024-38556 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/cve-2024-38556 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=485d65e1357123a697c591a5aeb773994b247ad7 kpatch-name: rhel9/5.14.0-427.40.1.el9_4/CVE-2024-38556-net-mlx5-add-a-timeout-to-acquire-the-command-queue-semaphore-kpatch.patch kpatch-description: net/mlx5: Add a timeout to acquire the command queue semaphore kpatch-kernel: 5.14.0-427.40.1.el9_4 kpatch-cve: CVE-2024-38556 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/cve-2024-38556 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=485d65e1357123a697c591a5aeb773994b247ad7 kpatch-name: rhel9/5.14.0-427.42.1.el9_4/CVE-2024-45018-netfilter-flowtable-initialise-extack-before-use.patch kpatch-description: netfilter: flowtable: initialise extack before use kpatch-kernel: 5.14.0-427.42.1.el9_4 kpatch-cve: CVE-2024-45018 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-45018 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=e9767137308daf906496613fd879808a07f006a2 kpatch-name: rhel9/5.14.0-427.42.1.el9_4/CVE-2024-41005-netpoll-fix-race-condition-in-netpoll-owner-active.patch kpatch-description: netpoll: Fix race condition in netpoll_owner_active kpatch-kernel: 5.14.0-427.42.1.el9_4 kpatch-cve: CVE-2024-41005 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-41005 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=c2e6a872bde9912f1a7579639c5ca3adf1003916 kpatch-name: rhel9/5.14.0-427.42.1.el9_4/CVE-2024-26923-af_unix-Fix-garbage-collector-racing-against-connec.patch kpatch-description: af_unix: Fix garbage collector racing against connect() kpatch-kernel: 5.14.0-427.42.1.el9_4 kpatch-cve: CVE-2024-26923 kpatch-cvss: 7.0 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26923 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=47d8ac011fe1c9251070e1bd64cb10b48193ec51 kpatch-name: rhel9/5.14.0-427.42.1.el9_4/CVE-2024-41013-xfs-don-t-walk-off-the-end-of-a-directory-data-block.patch kpatch-description: xfs: don't walk off the end of a directory data block kpatch-kernel: 5.14.0-427.42.1.el9_4 kpatch-cve: CVE-2024-41013 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-41013 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=0c7fcdb6d06cdf8b19b57c17605215b06afa864a kpatch-name: rhel9/5.14.0-427.42.1.el9_4/CVE-2024-41014-xfs-add-bounds-checking-to-xlog-recover-process-data.patch kpatch-description: xfs: add bounds checking to xlog_recover_process_data kpatch-kernel: 5.14.0-427.42.1.el9_4 kpatch-cve: CVE-2024-41014 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-41014 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=fb63435b7c7dc112b1ae1baea5486e0a6e27b196 kpatch-name: rhel9/5.14.0-427.42.1.el9_4/CVE-2024-40995-net-sched-act-api-fix-possible-infinite-loop-in-tcf-idr-check-alloc.patch kpatch-description: net/sched: act_api: fix possible infinite loop in tcf_idr_check_alloc() kpatch-kernel: 5.14.0-427.42.1.el9_4 kpatch-cve: CVE-2024-40995 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-40995 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=d864319871b05fadd153e0aede4811ca7008f5d6 kpatch-name: rhel9/5.14.0-427.42.1.el9_4/CVE-2024-40960-ipv6-prevent-possible-null-dereference-in-rt6-probe.patch kpatch-description: ipv6: prevent possible NULL dereference in rt6_probe() kpatch-kernel: 5.14.0-427.42.1.el9_4 kpatch-cve: CVE-2024-40960 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-40960 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=b86762dbe19a62e785c189f313cda5b989931f37 kpatch-name: rhel9/5.14.0-427.42.1.el9_4/CVE-2024-40972-ext4-fold-quota-accounting-into-ext4-xattr-inode-lookup-create.patch kpatch-description: ext4: fold quota accounting into ext4_xattr_inode_lookup_create() kpatch-kernel: 5.14.0-427.42.1.el9_4 kpatch-cve: CVE-2024-40972 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-40972 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=0a46ef234756dca04623b7591e8ebb3440622f0b kpatch-name: rhel9/5.14.0-427.42.1.el9_4/CVE-2024-40972-ext4-do-not-create-ea-inode-under-buffer-lock.patch kpatch-description: ext4: do not create EA inode under buffer lock kpatch-kernel: 5.14.0-427.42.1.el9_4 kpatch-cve: CVE-2024-40972 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-40972 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=0a46ef234756dca04623b7591e8ebb3440622f0b kpatch-name: rhel9/5.14.0-427.42.1.el9_4/CVE-2024-40998-ext4-turn-quotas-off-if-mount-failed-after-enabling-quotas.patch kpatch-description: ext4: turn quotas off if mount failed after enabling quotas kpatch-kernel: 5.14.0-427.42.1.el9_4 kpatch-cve: CVE-2024-40998 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-40998 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=b4b4fda34e535756f9e774fb2d09c4537b7dfd1c kpatch-name: rhel9/5.14.0-427.42.1.el9_4/CVE-2024-40998-ext4-fix-uninitialized-ratelimit-state-lock-access-in-ext4-fill-super.patch kpatch-description: ext4: fix uninitialized ratelimit_state->lock access in __ext4_fill_super() kpatch-kernel: 5.14.0-427.42.1.el9_4 kpatch-cve: CVE-2024-40998 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-40998 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=b4b4fda34e535756f9e774fb2d09c4537b7dfd1c kpatch-name: rhel9/5.14.0-427.42.1.el9_4/CVE-2024-40977-wifi-mt76-mt7921s-fix-potential-hung-tasks-during-chip-recovery.patch kpatch-description: wifi: mt76: mt7921s: fix potential hung tasks during chip recovery kpatch-kernel: 5.14.0-427.42.1.el9_4 kpatch-cve: CVE-2024-40977 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-40977 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=ecf0b2b8a37c8464186620bef37812a117ff6366 kpatch-name: rhel9/5.14.0-427.42.1.el9_4/CVE-2021-47383-tty-fix-out-of-bound-vmalloc-access-in-imageblit.patch kpatch-description: tty: Fix out-of-bound vmalloc access in imageblit kpatch-kernel: 5.14.0-427.42.1.el9_4 kpatch-cve: CVE-2021-47383 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2021-47383 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=3b0c406124719b625b1aba431659f5cdc24a982c kpatch-name: rhel9/5.14.0-427.42.1.el9_4/CVE-2024-26640-tcp-add-sanity-checks-to-rx-zerocopy.patch kpatch-description: tcp: add sanity checks to rx zerocopy kpatch-kernel: 5.14.0-427.42.1.el9_4 kpatch-cve: CVE-2024-26640 kpatch-cvss: 5.5 kpatch-cve-url: https://www.cve.org/CVERecord?id=CVE-CVE-2024-26640 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=577e4432f3ac810049cb7e6b71f4d96ec7c6e894 kpatch-name: rhel9/5.14.0-427.42.1.el9_4/CVE-2024-26826-mptcp-fix-data-re-injection-from-stale-subflow.patch kpatch-description: mptcp: fix data re-injection from stale subflow kpatch-kernel: 5.14.0-427.42.1.el9_4 kpatch-cve: CVE-2024-26826 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26826 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=b6c620dc43ccb4e802894e54b651cf81495e9598 kpatch-name: rhel9/5.14.0-427.42.1.el9_4/CVE-2024-26935-scsi-core-fix-unremoved-procfs-host-directory-regression.patch kpatch-description: scsi: core: Fix unremoved procfs host directory regression kpatch-kernel: 5.14.0-427.42.1.el9_4 kpatch-cve: CVE-2024-26935 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26935 kpatch-patch-url: https://github.com/torvalds/linux/commit/f23a4d6e07570826fe95023ca1aa96a011fa9f84 kpatch-name: rhel9/5.14.0-427.42.1.el9_4/CVE-2024-26961-mac802154-fix-llsec-key-resources-release-in_new.patch kpatch-description: mac802154: fix llsec key resources release in mac802154_llsec_key_del kpatch-kernel: 5.14.0-427.42.1.el9_4 kpatch-cve: CVE-2024-26961 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26961 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=e8a1e58345cf40b7b272e08ac7b32328b2543e40 kpatch-name: rhel9/5.14.0-427.42.1.el9_4/CVE-2024-26961-mac802154-fix-llsec-key-resources-release-in_new-kpatch.patch kpatch-description: mac802154: fix llsec key resources release in mac802154_llsec_key_del kpatch-kernel: 5.14.0-427.42.1.el9_4 kpatch-cve: CVE-2024-26961 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26961 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=e8a1e58345cf40b7b272e08ac7b32328b2543e40 kpatch-name: rhel9/5.14.0-427.42.1.el9_4/CVE-2024-36244-net-sched-taprio-extend-minimum-interval-restriction-to-entire.patch kpatch-description: net/sched: taprio: extend minimum interval restriction to entire cycle too kpatch-kernel: 5.14.0-427.42.1.el9_4 kpatch-cve: CVE-2024-36244 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-36244 kpatch-patch-url: https://github.com/torvalds/linux/commit/fb66df20a7201e60f2b13d7f95d031b31a8831d3 kpatch-name: rhel9/5.14.0-427.42.1.el9_4/CVE-2024-39472-xfs-fix-log-recovery-buffer-allocation-for-the-lega.patch kpatch-description: xfs: fix log recovery buffer allocation for the kpatch-kernel: 5.14.0-427.42.1.el9_4 kpatch-cve: CVE-2024-39472 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-39472 kpatch-patch-url: https://github.com/torvalds/linux/commit/45cf976008ddef4a9c9a30310c9b4fb2a9a6602a kpatch-name: rhel9/5.14.0-427.42.1.el9_4/CVE-2024-39504-netfilter-nft_inner-validate-mandatory-meta.patch kpatch-description: netfilter: nft_inner: validate mandatory meta and payload kpatch-kernel: 5.14.0-427.42.1.el9_4 kpatch-cve: CVE-2024-39504 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-39504 kpatch-patch-url: https://github.com/torvalds/linux/commit/c4ab9da85b9df3692f861512fe6c9812f38b7471 kpatch-name: rhel9/5.14.0-427.42.1.el9_4/CVE-2024-39504-netfilter-nft_inner-validate-mandatory-payload.patch kpatch-description: netfilter: nft_inner: validate mandatory meta and payload kpatch-kernel: 5.14.0-427.42.1.el9_4 kpatch-cve: CVE-2024-39504 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-39504 kpatch-patch-url: https://github.com/torvalds/linux/commit/c4ab9da85b9df3692f861512fe6c9812f38b7471 kpatch-name: rhel9/5.14.0-427.42.1.el9_4/CVE-2024-40904-usb-class-cdc-wdm-fix-cpu-lockup-caused-by-excessive-log-messages.patch kpatch-description: USB: class: cdc-wdm: Fix CPU lockup caused by excessive log messages kpatch-kernel: 5.14.0-427.42.1.el9_4 kpatch-cve: CVE-2024-40904 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-40904 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=22f00812862564b314784167a89f27b444f82a46 kpatch-name: rhel9/5.14.0-427.42.1.el9_4/CVE-2024-40931-mptcp-ensure-snd_una-is-properly-initialized-on-con.patch kpatch-description: mptcp: ensure snd_una is properly initialized on connect kpatch-kernel: 5.14.0-427.42.1.el9_4 kpatch-cve: CVE-2024-40931 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-40931 kpatch-patch-url: https://github.com/torvalds/linux/commit/8031b58c3a9b1db3ef68b3bd749fbee2e1e1aaa3 kpatch-name: rhel9/5.14.0-427.42.1.el9_4/kpatch-add-alt-asm-definitions.patch kpatch-description: kpatch add alt asm definitions kpatch-kernel: N/A kpatch-cve: N/A kpatch-cvss: N/A kpatch-cve-url: https://www.kernel.org kpatch-patch-url: https://www.kernel.org kpatch-name: rhel9/5.14.0-427.42.1.el9_4/CVE-2024-2201-x86-bugs-Change-commas-to-semicolons-in-spectre_v2-sysfs-file.patch kpatch-description: x86/bugs: Change commas to semicolons in 'spectre_v2' sysfs file kpatch-kernel: 5.14.0-427.42.1.el9_4 kpatch-cve: CVE-2024-2201 kpatch-cvss: 4.7 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-2201 kpatch-patch-url: https://git.kernel.org/linus/0cd01ac5dcb1e18eb18df0f0d05b5de76522a437 kpatch-name: rhel9/5.14.0-427.42.1.el9_4/CVE-2024-2201-x86-bhi-Add-support-for-clearing-branch-history-at-syscall-entry.patch kpatch-description: x86/bugs: x86/bhi: Add support for clearing branch history at syscall entry kpatch-kernel: 5.14.0-427.42.1.el9_4 kpatch-cve: CVE-2024-2201 kpatch-cvss: 4.7 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-2201 kpatch-patch-url: https://git.kernel.org/linus/7390db8aea0d64e9deb28b8e1ce716f5020c7ee5 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2023-52560-mm-damon-vaddr-test-fix-memory-leak-in-damon_do_test_apply_three_regions.patch kpatch-description: PCI: Avoid potential out-of-bounds read in pci_dev_for_each_resource() kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2023-52560 kpatch-cvss: 3.3 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-52560 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=45120b15743fa7c0aa53d5db6dfb4c8f87be4abd kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26631-ipv6-mcast-fix-data-race-in-ipv6_mc_down-mld_ifc_work.patch kpatch-description: ipv6: mcast: fix data-race in ipv6_mc_down / mld_ifc_work kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26631 kpatch-cvss: 2.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26631 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=2e7ef287f07c74985f1bf2858bedc62bd9ebf155 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2023-52758-string.h-add-array-wrappers-for-v-memdup_user.patch kpatch-description: string.h: add array-wrappers for (v)memdup_user() kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2023-52758 kpatch-cvss: 4.4 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-52758 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=cc9c54232f04aef3a5d7f64a0ece7df00f1aaa3d kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2023-52758-i2c-dev-copy-userspace-array-safely.patch kpatch-description: i2c: dev: copy userspace array safely kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2023-52758 kpatch-cvss: 4.4 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-52758 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=cc9c54232f04aef3a5d7f64a0ece7df00f1aaa3d kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-35923-io-uring-clear-opcode-specific-data-for-an-early-failure.patch kpatch-description: io_uring: clear opcode specific data for an early failure kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-35923 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-35923 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=e21e1c45e1fe2e31732f40256b49c04e76a17cee kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2023-52565-media-uvcvideo-fix-oob-read.patch kpatch-description: media: uvcvideo: Fix OOB read kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2023-52565 kpatch-cvss: 7.1 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-52565 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=41ebaa5e0eebea4c3bac96b72f9f8ae0d77c0bdb kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2023-52466-pci-avoid-potential-out-of-bounds-read-in-pci-dev-for-each-resource.patch kpatch-description: PCI: Avoid potential out-of-bounds read in pci_dev_for_each_resource() kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2023-52466 kpatch-cvss: 4.4 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-52466 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=3171e46d677a668eed3086da78671f1e4f5b8405 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26611-xsk-fix-usage-of-multi-buffer-bpf-helpers-for-zc-xdp.patch kpatch-description: xsk: fix usage of multi-buffer BPF helpers for ZC XDP kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26611 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26611 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=c5114710c8ce86b8317e9b448f4fd15c711c2a82 kpatch-name: skipped/CVE-2024-36930.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-36930 kpatch-skip-reason: function can sleep with no time out kpatch-cvss: kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-36891-maple-tree-fix-mas-empty-area-rev-null-pointer-dereference.patch kpatch-description: maple_tree: fix mas_empty_area_rev() null pointer dereference kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-36891 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-36891 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=955a923d2809803980ff574270f81510112be9cf kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-36927-ipv4-fix-uninit-value-access-in-ip-make-skb.patch kpatch-description: ipv4: Fix uninit-value access in __ip_make_skb() kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-36927 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-36927 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=fc1092f51567277509563800a3c56732070b6aa4 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-36901-ipv6-prevent-null-dereference-in-ip6-output.patch kpatch-description: ipv6: prevent NULL dereference in ip6_output() kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-36901 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-36901 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=4db783d68b9b39a411a96096c10828ff5dfada7a kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-36917-block-fix-overflow-in-blk_ioctl_discard.patch kpatch-description: block: fix overflow in blk_ioctl_discard() kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-36917 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-36917 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=22d24a544b0d49bbcbd61c8c0eaf77d3c9297155 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-36933-nsh-restore-skb-protocol-data-mac-header-for-outer-header-in-nsh-gso-segment.patch kpatch-description: nsh: Restore skb->{protocol,data,mac_header} for outer header in nsh_gso_segment(). kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-36933 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-36933 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=4b911a9690d72641879ea6d13cce1de31d346d79 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-36902-ipv6-fib6_rules-avoid-possible-NULL-dereference-in-fib6_rule_action.patch kpatch-description: ipv6: fib6_rules: avoid possible NULL dereference in fib6_rule_action() kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-36902 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-36902 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=d101291b2681e5ab938554e3e323f7a7ee33e3aa kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26612-netfs-fscache-prevent-oops-in-fscache-put-cache.patch kpatch-description: netfs, fscache: Prevent Oops in fscache_put_cache() kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26612 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26612 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=3be0b3ed1d76c6703b9ee482b55f7e01c369cc68 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26601-ext4-regenerate-buddy-after-block-freeing-failed-if-under-fc-replay.patch kpatch-description: ext4: regenerate buddy after block freeing failed if under fc replay kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26601 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26601 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=c9b528c35795b711331ed36dc3dbee90d5812d4e kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2021-47384-hwmon-w83793-Fix-NULL-pointer-dereference-by-removing-unnecessary-structure-field.patch kpatch-description: hwmon: (w83793) Fix NULL pointer dereference by removing unnecessary structure field kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2021-47384 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2021-47384 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=dd4d747ef05addab887dc8ff0d6ab9860bbcd783 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2021-47384-hwmon-w83793-Fix-NULL-pointer-dereference-by-removing-unnecessary-structure-field-kpatch.patch kpatch-description: hwmon: (w83793) Fix NULL pointer dereference by removing unnecessary structure field kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2021-47384 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2021-47384 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=dd4d747ef05addab887dc8ff0d6ab9860bbcd783 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-0340-vhost-use-kzalloc-instead-of-kmalloc-followed-by-memset.patch kpatch-description: vhost: use kzalloc() instead of kmalloc() followed by memset() kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-0340 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-0340 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=4d8df0f5f79f747d75a7d356d9b9ea40a4e4c8a9 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-1151-net-openvswitch-limit-the-number-of-recursions-from-action-sets.patch kpatch-description: net: openvswitch: limit the number of recursions from action sets kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-1151 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-1151 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=6e2f90d31fe09f2b852de25125ca875aabd81367 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-25739-ubi-Check-for-too-small-LEB-size-in-VTBL-code.patch kpatch-description: ubi: Check for too small LEB size in VTBL code kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-25739 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-25739 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=68a24aba7c593eafa8fd00f2f76407b9b32b47a9 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26591-bpf-fix-re-attachment-branch-in-bpf-tracing-prog-attach.patch kpatch-description: bpf: Fix re-attachment branch in bpf_tracing_prog_attach kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26591 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26591 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=715d82ba636cb3629a6e18a33bb9dbe53f9936ee kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26603-x86-fpu-stop-relying-on-userspace-for-info-to-fault-in-xsave-buffer.patch kpatch-description: x86/fpu: Stop relying on userspace for info to fault in xsave buffer kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26603 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26603 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=d877550eaf2dc9090d782864c96939397a3c6835 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26614-tcp-make-sure-init-the-accept-queue-s-spinlocks-once.patch kpatch-description: tcp: make sure init the accept_queue's spinlocks once kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26614 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26614 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=198bc90e0e734e5f98c3d2833e8390cac3df61b2 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26614-ipv6-init-the-accept_queue-spinlocks-in-inet6_create.patch kpatch-description: ipv6: init the accept_queue's spinlocks in inet6_create kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26614 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26614 kpatch-patch-url: https://github.com/torvalds/linux/commit/435e202d645c197dcfd39d7372eb2a56529b6640 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-23848-media-cec-core-avoid-recursive-cec_claim_log_addrs.patch kpatch-description: media: cec: core: avoid recursive cec_claim_log_addrs kpatch kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-23848 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-23848 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=47c82aac10a6954d68f29f10d9758d016e8e5af1 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-23848-media-cec-core-avoid-recursive-cec_claim_log_addrs-kpatch.patch kpatch-description: media: cec: core: avoid recursive cec_claim_log_addrs kpatch kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-23848 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-23848 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=47c82aac10a6954d68f29f10d9758d016e8e5af1 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2019-25162-i2c__Fix_a_potential_use_after_free.patch kpatch-description: i2c: Fix a potential use after free kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2019-25162 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2019-25162 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=e4c72c06c367758a14f227c847f9d623f1994ecf kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2022-48672-of-fdt-fix-off-by-one-error-in-unflatten-dt-nodes.patch kpatch-description: of: fdt: fix off-by-one error in unflatten_dt_nodes() kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2022-48672 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2022-48672 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=2f945a792f67815abca26fa8a5e863ccf3fa1181 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2023-52445-media-pvrusb2-fix-use-after-free-on-context-disconnection.patch kpatch-description: media: pvrusb2: fix use after free on context disconnection kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2023-52445 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-52445 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=ded85b0c0edd8f45fec88783d7555a5b982449c1 kpatch-name: skipped/CVE-2023-52451.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2023-52451 kpatch-skip-reason: Out of scope as the patch is for powerpc arch only, x86_64 is not affected kpatch-cvss: kpatch-name: skipped/CVE-2024-36932.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-36932 kpatch-skip-reason: Kernel versions older than 5.14.0-503.11.1.el9_5 are not affected kpatch-cvss: kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2023-52464-edac-thunderx-fix-possible-out-of-bounds-string-access.patch kpatch-description: EDAC/thunderx: Fix possible out-of-bounds string access kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2023-52464 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-52464 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=475c58e1a471e9b873e3e39958c64a2d278275c8 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26882-net-ip-tunnel-make-sure-to-pull-inner-header-in-ip-tunnel-rcv.patch kpatch-description: net: ip_tunnel: make sure to pull inner header in ip_tunnel_rcv() kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26882 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26882 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=b0ec2abf98267f14d032102551581c833b0659d3 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-23307-md-raid5-fix-atomicity-violation-in-raid5_cache_count.patch kpatch-description: md/raid5: fix atomicity violation in raid5_cache_count kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-23307 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-23307 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=dfd2bf436709b2bccb78c2dda550dde93700efa7 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26589-bpf-reject-variable-offset-alu-on-ptr-to-flow-keys.patch kpatch-description: bpf: Reject variable offset alu on PTR_TO_FLOW_KEYS kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26589 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26589 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=22c7fa171a02d310e3a3f6ed46a698ca8a0060ed kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26907-rdma-mlx5-fix-fortify-source-warning-while-accessing-eth-segment.patch kpatch-description: RDMA/mlx5: Fix fortify source warning while accessing Eth segment kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26907 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26907 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=4d5e86a56615cc387d21c629f9af8fb0e958d350 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2021-47386-hwmon___w83791d__Fix_NULL_pointer_dereference_by_r.patch kpatch-description: hwmon: (w83791d) Fix NULL pointer dereference by removing unnecessary structure field kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2021-47386 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2021-47386 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=943c15ac1b84d378da26bba41c83c67e16499ac4 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-35801-x86-fpu-keep-xfd-state-in-sync-with-msr-ia32-xfd.patch kpatch-description: x86/fpu: Keep xfd_state in sync with MSR_IA32_XFD kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-35801 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-35801 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=10e4b5166df9ff7a2d5316138ca668b42d004422 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-35801-x86-fpu-keep-xfd-state-in-sync-with-msr-ia32-xfd-kpatch.patch kpatch-description: x86/fpu: Keep xfd_state in sync with MSR_IA32_XFD kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-35801 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-35801 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=10e4b5166df9ff7a2d5316138ca668b42d004422 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-38627-stm-class-fix-a-double-free-in-stm-register-device.patch kpatch-description: stm class: Fix a double free in stm_register_device() kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-38627 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-38627 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=3df463865ba42b8f88a590326f4c9ea17a1ce459 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-38555-net-mlx5-discard-command-completions-in-internal-error.patch kpatch-description: net/mlx5: Discard command completions in internal error kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-38555 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-38555 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=db9b31aa9bc56ff0d15b78f7e827d61c4a096e40 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26934-usb-core-fix-deadlock-in-usb-deauthorize-interface.patch kpatch-description: USB: core: Fix deadlock in usb_deauthorize_interface() kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26934 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26934 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=80ba43e9f799cbdd83842fc27db667289b3150f5 kpatch-name: skipped/CVE-2024-39291.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-39291 kpatch-skip-reason: Out of scope: not affected kpatch-cvss: kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-38581-drm-amdgpu-mes-fix-use-after-free-issue.patch kpatch-description: drm/amdgpu/mes: fix use-after-free issue kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-38581 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-38581 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=948255282074d9367e01908b3f5dcf8c10fc9c3d kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-40903-usb-typec-tcpm-fix-use-after-free-case-in-tcpm-register-source-caps.patch kpatch-description: usb: typec: tcpm: fix use-after-free case in tcpm_register_source_caps kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-40903 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-40903 kpatch-patch-url: https://github.com/torvalds/linux/commit/e7e921918d905544500ca7a95889f898121ba886 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26933-01-USB-core-Add-hub_get-and-hub_put-routines.patch kpatch-description: USB: core: Fix deadlock in port "disable" sysfs attribute kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26933 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26933 kpatch-patch-url: https://github.com/torvalds/linux/commit/ee113b860aa169e9a4d2c167c95d0f1961c6e1b8 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26933-02-usb-core-fix-deadlock-in-port-disable-sysfs-attribute.patch kpatch-description: USB: core: Fix deadlock in port "disable" sysfs attribute kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26933 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26933 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=f4d1960764d8a70318b02f15203a1be2b2554ca1 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-39479-drm-i915-hwmon-get-rid-of-devm.patch kpatch-description: USB: core: Fix deadlock in port "disable" sysfs attribute kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-39479 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-39479 kpatch-patch-url: https://github.com/torvalds/linux/commit/5bc9de065b8bb9b8dd8799ecb4592d0403b54281 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-40906-net-mlx5-always-stop-health-timer-during-driver-removal.patch kpatch-description: net/mlx5: Always stop health timer during driver removal kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-40906 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-40906 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=c8b3f38d2dae0397944814d691a419c451f9906f kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-41039-firmware-cs-dsp-fix-overflow-checking-of-wmfw-header.patch kpatch-description: firmware: cs_dsp: Fix overflow checking of wmfw header kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-41039 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-41039 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=3019b86bce16fbb5bc1964f3544d0ce7d0137278 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-41039-firmware-cs-dsp-fix-overflow-checking-of-wmfw-header-kpatch.patch kpatch-description: firmware: cs_dsp: Fix overflow checking of wmfw header (adaptation) kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-41039 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-41039 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=3019b86bce16fbb5bc1964f3544d0ce7d0137278 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-41049-filelock-fix-potential-use-after-free-in-posix-lock-inode.patch kpatch-description: filelock: fix potential use-after-free in posix_lock_inode kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-41049 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-41049 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=1b3ec4f7c03d4b07bad70697d7e2f4088d2cfe92 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-41092-drm-i915-gt-fix-potential-uaf-by-revoke-of-fence-registers.patch kpatch-description: drm/i915/gt: Fix potential UAF by revoke of fence registers kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-41092 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-41092 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=996c3412a06578e9d779a16b9e79ace18125ab50 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-42159-scsi-mpi3mr-sanitise-num-phys.patch kpatch-description: scsi: mpi3mr: Sanitise num_phys kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-42159 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-42159 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=3668651def2c1622904e58b0280ee93121f2b10b kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-42228-drm-amdgpu-using-uninitialized-value-size-when-calling-amdgpu-vce-cs-reloc.patch kpatch-description: drm/amdgpu: Using uninitialized value *size when calling amdgpu_vce_cs_reloc kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-42228 kpatch-cvss: 7.0 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-42228 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=88a9a467c548d0b3c7761b4fd54a68e70f9c0944 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-42271-net-iucv-fix-use-after-free-in-iucv-sock-close.patch kpatch-description: net/iucv: fix use after free in iucv_sock_close() kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-42271 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-42271 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=f558120cd709682b739207b48cf7479fd9568431 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-42301-dev-parport-fix-the-array-out-of-bounds-risk.patch kpatch-description: dev/parport: fix the array out-of-bounds risk kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-42301 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-42301 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=ab11dac93d2d568d151b1918d7b84c2d02bacbd5 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-43842-wifi-rtw89-fix-array-index-mistake-in-rtw89-sta-info-get-iter.patch kpatch-description: wifi: rtw89: Fix array index mistake in rtw89_sta_info_get_iter() kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-43842 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-43842 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=85099c7ce4f9e64c66aa397cd9a37473637ab891 kpatch-name: skipped/CVE-2023-52606.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2023-52606 kpatch-skip-reason: CVE patch is for powerpc arch only kpatch-cvss: kpatch-name: skipped/CVE-2023-52696.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2023-52696 kpatch-skip-reason: CVE patch is for powerpc arch only kpatch-cvss: kpatch-name: skipped/CVE-2024-26672.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-26672 kpatch-skip-reason: Out of scope: not affected kpatch-cvss: kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26815-net-sched-taprio-proper-TCA_TAPRIO_TC_ENTRY_INDEX-check.patch kpatch-description: net/sched: taprio: proper TCA_TAPRIO_TC_ENTRY_INDEX check kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26815 kpatch-cvss: 7.1 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26815 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=343041b59b7810f9cdca371f445dd43b35c740b1 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26815-net-sched-taprio-proper-TCA_TAPRIO_TC_ENTRY_INDEX-check-kpatch.patch kpatch-description: net/sched: taprio: proper TCA_TAPRIO_TC_ENTRY_INDEX check kpatch kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26815 kpatch-cvss: 7.1 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26815 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=343041b59b7810f9cdca371f445dd43b35c740b1 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-35814-minmax-add-umin-a-b-and-umax-a-b.patch kpatch-description: minmax: add umin(a, b) and umax(a, b) kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-35814 kpatch-cvss: 7.1 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-35814 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=80fcac55385ccb710d33a20dc1caaef29bd5a921 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-35814-swiotlb-fix-double-allocation-of-slots-due-to-broken-alignment-handling.patch kpatch-description: swiotlb: Fix double-allocation of slots due to broken alignment handling kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-35814 kpatch-cvss: 7.1 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-35814 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=04867a7a33324c9c562ee7949dbcaab7aaad1fb4 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-36030-octeontx2-af-fix-the-double-free-in-rvu-npc-freemem.patch kpatch-description: octeontx2-af: fix the double free in rvu_npc_freemem() kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-36030 kpatch-cvss: 7.1 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-36030 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=6e965eba43e9724f3e603d7b7cc83e53b23d155e kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-36955-alsa-hda-intel-sdw-acpi-fix-usage-of-device-get-named-child-node.patch kpatch-description: ALSA: hda: intel-sdw-acpi: fix usage of device_get_named_child_node() kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-36955 kpatch-cvss: 7.7 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-36955 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=c158cf914713efc3bcdc25680c7156c48c12ef6a kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-39471-drm-amdgpu-add-error-handle-to-avoid-out-of-bounds.patch kpatch-description: drm/amdgpu: add error handle to avoid out-of-bounds kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-39471 kpatch-cvss: 7.1 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-39471 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=8b2faf1a4f3b6c748c0da36cda865a226534d520 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-39471-drm-amdgpu-fix-signedness-bug-in-sdma_v4_0_process_trap_irq.patch kpatch-description: drm/amdgpu: Fix signedness bug in sdma_v4_0_process_trap_irq() kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-39471 kpatch-cvss: 7.1 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-39471 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=6769a23697f17f9bf9365ca8ed62fe37e361a05a kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-39486-drm-drm_file-fix-pid-refcounting-race.patch kpatch-description: drm/drm_file: Fix pid refcounting race kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-39486 kpatch-cvss: 7.0 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-39486 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=4f2a129b33a2054e62273edd5a051c34c08d96e9 kpatch-name: skipped/CVE-2024-43888.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-43888 kpatch-skip-reason: Out of scope: not affected kpatch-cvss: kpatch-name: skipped/CVE-2021-47428.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2021-47428 kpatch-skip-reason: CVE patch is for powerpc arch only kpatch-cvss: kpatch-name: skipped/CVE-2021-47429.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2021-47429 kpatch-skip-reason: CVE patch is for powerpc arch only kpatch-cvss: kpatch-name: skipped/CVE-2021-47454.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2021-47454 kpatch-skip-reason: CVE patch is for powerpc arch only kpatch-cvss: kpatch-name: skipped/CVE-2022-48669.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2022-48669 kpatch-skip-reason: Out of scope as the patch is for powerpc arch only, x86_64 is not affected kpatch-cvss: kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2021-47432-include-linux-generic-radix-tree-h-replace-kernel-h-with-the-necessary-inclusions.patch kpatch-description: include/linux/generic-radix-tree.h: replace kernel.h with the necessary inclusions kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2021-47432 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2021-47432 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=9492261ff2460252cf2d8de89cdf854c7e2b28a0 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2021-47432-lib-generic-radix-tree-c-don-t-overflow-in-peek.patch kpatch-description: lib/generic-radix-tree.c: Don't overflow in peek() kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2021-47432 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2021-47432 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=9492261ff2460252cf2d8de89cdf854c7e2b28a0 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2021-47457-can-isotp-isotp-sendmsg-add-result-check-for-wait-event-interruptible.patch kpatch-description: can: isotp: isotp_sendmsg(): add result check for wait_event_interruptible() kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2021-47457 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2021-47457 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=9acf636215a6ce9362fe618e7da4913b8bfe84c8 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2021-47457-can-isotp-isotp_sendmsg-fix-TX-buffer-concurrent-access.patch kpatch-description: can: isotp: isotp_sendmsg(): fix TX buffer concurrent access in isotp_sendmsg() kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2021-47457 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2021-47457 kpatch-patch-url: https://github.com/torvalds/linux/commit/43a08c3bdac4cb42eff8fe5e2278bffe0c5c3daa kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2021-47457-kpatch.patch kpatch-description: can: isotp: isotp_sendmsg(): fix TX buffer concurrent access in isotp_sendmsg() kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2021-47457 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2021-47457 kpatch-patch-url: https://github.com/torvalds/linux/commit/43a08c3bdac4cb42eff8fe5e2278bffe0c5c3daa kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2021-47457-can-isotp-fix-error-path-in-isotp_sendmsg-to-unlock-wait-queue.patch kpatch-description: can: isotp: fix error path in isotp_sendmsg() to unlock wait queue kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2021-47457 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2021-47457 kpatch-patch-url: https://github.com/torvalds/linux/commit/8375dfac4f683e1b2c5956d919d36aeedad46699 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2021-47495-usbnet-sanity-check-for-maxpacket.patch kpatch-description: usbnet: sanity check for maxpacket kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2021-47495 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2021-47495 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=397430b50a363d8b7bdda00522123f82df6adc5e kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2021-47497-nvmem-Fix-shift-out-of-bound-UBSAN-with-byte-size-cells.patch kpatch-description: nvmem: Fix shift-out-of-bound (UBSAN) with byte size cells kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2021-47497 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2021-47497 kpatch-patch-url: https://github.com/torvalds/linux/commit/5d388fa01fa6eb310ac023a363a6cb216d9d8fe9 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26618-arm64-sme-Always-exit-sme_alloc-early-with-existing-storage.patch kpatch-description: arm64/sme: Always exit sme_alloc() early with existing kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26618 kpatch-cvss: 6.0 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26618 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=dc7eb8755797ed41a0d1b5c0c39df3c8f401b3d9 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2021-47098-hwmon-lm90-prevent-integer-overflow-underflow-in-hysteresis-calculations.patch kpatch-description: hwmon: (lm90) Prevent integer overflow/underflow in hysteresis calculations kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2021-47098 kpatch-cvss: 6.0 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2021-47098 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=55840b9eae5367b5d5b29619dc2fb7e4596dba46 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2021-47101-asix-fix-uninit-value-in-asix_mdio_read.patch kpatch-description: asix: fix uninit-value in asix_mdio_read() kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2021-47101 kpatch-cvss: 6.0 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2021-47101 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=8035b1a2a37a29d8c717ef84fca8fe7278bc9f03 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26924-netfilter-nft-set-pipapo-do-not-free-live-element.patch kpatch-description: netfilter: nft_set_pipapo: do not free live element kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26924 kpatch-cvss: 5.9 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26924 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=3cfc9ec039af60dbd8965ae085b2c2ccdcfbe1cc kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26894-acpi-processor-idle-fix-memory-leak-in-acpi-processor-power-exit.patch kpatch-description: ACPI: processor_idle: Fix memory leak in acpi_processor_power_exit() kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26894 kpatch-cvss: 6.0 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26894 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=e18afcb7b2a12b635ac10081f943fcf84ddacc51 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2023-52834-atl1c-Work-around-the-DMA-RX-overflow-issue.patch kpatch-description: atl1c: Work around the DMA RX overflow issue kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2023-52834 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-52834 kpatch-patch-url: https://git.kernel.org/linus/86565682e9053e5deb128193ea9e88531bbae9cf kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2023-52834-atl1c-Work-around-the-DMA-RX-overflow-issue-kpatch.patch kpatch-description: atl1c: Work around the DMA RX overflow issue kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2023-52834 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-52834 kpatch-patch-url: https://git.kernel.org/linus/86565682e9053e5deb128193ea9e88531bbae9cf kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-41057-netfs-fscache-export-fscache_put_volume-and-add-fsca.patch kpatch-description: cachefiles: fix slab-use-after-free in cachefiles_withdraw_cookie() kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-41057 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-41057 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=85b08b31a22b481ec6528130daf94eee4452e23f kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-41057-cachefiles-fix-slab-use-after-free-in-cachefiles-withdraw-cookie.patch kpatch-description: cachefiles: fix slab-use-after-free in cachefiles_withdraw_cookie() kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-41057 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-41057 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=5d8f805789072ea7fd39504694b7bd17e5f751c4 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-41058-cachefiles-fix-slab-use-after-free-in-fscache-withdraw-volume.patch kpatch-description: cachefiles: fix slab-use-after-free in fscache_withdraw_volume() kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-41058 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-41058 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=522018a0de6b6fcce60c04f86dfc5f0e4b6a1b36 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-41058-cachefiles-fix-slab-use-after-free-in-fscache-withdraw-volume-kpatch.patch kpatch-description: cachefiles: fix slab-use-after-free in fscache_withdraw_volume() kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-41058 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-41058 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=522018a0de6b6fcce60c04f86dfc5f0e4b6a1b36 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26890-bluetooth-btrtl-fix-out-of-bounds-memory-access.patch kpatch-description: Bluetooth: btrtl: fix out of bounds memory access kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26890 kpatch-cvss: 6.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26890 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=de4e88ec58c4202efd1f02eebb4939bbf6945358 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26890-bluetooth-btrtl-fix-out-of-bounds-memory-access-kpatch.patch kpatch-description: Bluetooth: btrtl: fix out of bounds memory access kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26890 kpatch-cvss: 6.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26890 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=de4e88ec58c4202efd1f02eebb4939bbf6945358 kpatch-name: skipped/CVE-2023-52482.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2023-52482 kpatch-skip-reason: CVE patch is for AMD Inception vulnerability related to Speculative Return Stack Overflow (SRSO) kpatch-cvss: kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2023-52475-Input-powermate-fix-use-after-free-in-powermate_conf.patch kpatch-description: Input: powermate - fix use-after-free in powermate_config_complete kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2023-52475 kpatch-cvss: 6.7 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-52475 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=5c15c60e7be615f05a45cd905093a54b11f461bc kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-24857-bluetooth-fix-toctou-in-hci-debugfs-implementation.patch kpatch-description: Bluetooth: Fix TOCTOU in HCI debugfs implementation kpatch-kernel: 4.18.0-553.27.1.el8_10 kpatch-cve: CVE-2024-24857 CVE-2024-24858 CVE-2024-24859 kpatch-cvss: 6.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-24857 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-24858 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-24859 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=7835fcfd132eb88b87e8eb901f88436f63ab60f7 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-35976-xsk-validate-user-input-for-xdp-umem-completion-fill-ring.patch kpatch-description: xsk: validate user input for XDP_{UMEM|COMPLETION}_FILL_RING kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-35976 kpatch-cvss: 6.7 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-35976 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=237f3cf13b20db183d3706d997eedc3c49eacd44 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-35853-mlxsw-spectrum-acl-tcam-fix-memory-leak-during-rehash.patch kpatch-description: mlxsw: spectrum_acl_tcam: Fix memory leak during rehash kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-35853 kpatch-cvss: 6.4 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-35853 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=8ca3f7a7b61393804c46f170743c3b839df13977 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-41012-filelock-remove-locks-reliably-when-fcntl-close-race-is-detected.patch kpatch-description: filelock: Remove locks reliably when fcntl/close race is detected kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-41012 kpatch-cvss: 6.3 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-41012 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=3cad1bc010416c6dd780643476bc59ed742436b9 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-22099-bluetooth-rfcomm-fix-null-ptr-deref-in-rfcomm-check-security.patch kpatch-description: Bluetooth: rfcomm: Fix null-ptr-deref in rfcomm_check_security kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-22099 CVE-2024-26903 kpatch-cvss: 6.3 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-22099 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=2535b848fa0f42ddff3e5255cf5e742c9b77bb26 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-22099-Bluetooth-rfcomm-Fix-null-ptr-deref-in-rfcomm_check_security-kpatch.patch kpatch-description: Bluetooth: rfcomm: Fix null-ptr-deref in rfcomm_check_security kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-22099 CVE-2024-26903 kpatch-cvss: 6.3 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-22099 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=2535b848fa0f42ddff3e5255cf5e742c9b77bb26 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26759-mm-swap-fix-race-when-skipping-swapcache.patch kpatch-description: mm/swap: fix race when skipping swapcache kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26759 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26759 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=13ddaf26be324a7f951891ecd9ccd04466d27458 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26761-cxl-pci-Fix-disabling-memory-if-DVSEC-CXL-Range-does.patch kpatch-description: cxl/pci: Fix disabling memory if DVSEC CXL Range does not match a CFMWS window kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26761 kpatch-cvss: 5.5 kpatch-cve-url: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2024-26761 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=2cc1a530ab31c65b52daf3cb5d0883c8b614ea69 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26767-drm-amd-display-fixed-integer-types-and-null-check-l.patch kpatch-description: drm/amd/display: fixed integer types and null check locations kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26767 kpatch-cvss: 5.5 kpatch-cve-url: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2024-26767 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=0484e05d048b66d01d1f3c1d2306010bb57d8738 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26772-ext4-avoid-allocating-blocks-from-corrupted-group.patch kpatch-description: ext4: avoid allocating blocks from corrupted group kpatch-kernel: 4.18.0-553.16.1.el8_10 kpatch-cve: CVE-2024-26772 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26772 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=832698373a25950942c04a512daa652c18a9b513 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26774-ext4-avoid-dividing-by-0-in-mb-update-avg-fragment-size.patch kpatch-description: ext4: avoid dividing by 0 in mb_update_avg_fragment_size() kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26774 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26774 kpatch-patch-url: https://git.launchpad.net/~ubuntu-kernel/ubuntu/+source/linux/+git/jammy/commit/?id=d75e5980e9baa1593477425fd71bf3a05b6326e9 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26782-mptcp-fix-double-free-on-socket-dismantle.patch kpatch-description: mptcp: fix double-free on socket dismantle kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26782 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26782 kpatch-patch-url: https://git.launchpad.net/~ubuntu-kernel/ubuntu/+source/linux/+git/jammy/commit/?id=bddc3abf4b9a9c710e93f3674a8614fa2f4f84a4 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26785-iommufd-Fix-protection-fault-in-iommufd_test_syz_con.patch kpatch-description: iommufd: Fix protection fault in iommufd_test_syz_conv_iova kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26785 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26785 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=cf7c2789822db8b5efa34f5ebcf1621bc0008d48 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26786-iommufd-Fix-iopt_access_list_id-overwrite-bug.patch kpatch-description: iommufd: Fix iopt_access_list_id overwrite bug kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26786 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26786 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=aeb004c0cd6958e910123a1607634401009c9539 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26803-net-veth-clear-GRO-when-clearing-XDP-even-when-down.patch kpatch-description: net: veth: clear GRO when clearing XDP even when down MIME-Version: 1.0 kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26803 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26803 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=7985d73961bbb4e726c1be7b9cd26becc7be8325 kpatch-name: skipped/CVE-2023-52683.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2023-52683 kpatch-skip-reason: Out of scope: boot time issue kpatch-cvss: kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2023-52676-bpf-guard-stack-limits-against-32bit-overflow.patch kpatch-description: bpf: Guard stack limits against 32bit overflow kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2023-52676 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-52676 kpatch-patch-url: https://github.com/torvalds/linux/commit/1d38a9ee81570c4bd61f557832dead4d6f816760 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2023-52679-of-fix-double-free-in-of_parse_phandle_with_args_map.patch kpatch-description: of: Fix double free in of_parse_phandle_with_args_map kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2023-52679 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-52679 kpatch-patch-url: https://github.com/torvalds/linux/commit/4dde83569832f9377362e50f7748463340c5db6b kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2023-52674-ALSA-scarlett2-Add-clamp-in-scarlett2_mixer_ctl_put.patch kpatch-description: ALSA: scarlett2: Add clamp() in scarlett2_mixer_ctl_put() kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2023-52674 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-52674 kpatch-patch-url: https://github.com/torvalds/linux/commit/04f8f053252b86c7583895c962d66747ecdc61b7 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2023-52680-ALSA-scarlett2-Add-missing-error-checks-to-_ctl_get.patch kpatch-description: ALSA: scarlett2: Add missing error checks to *_ctl_get() kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2023-52680 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-52680 kpatch-patch-url: https://github.com/torvalds/linux/commit/50603a67daef161c78c814580d57f7f0be57167e kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2023-52659-x86-mm-ensure-input-to-pfn-to-kaddr-is-treated-as-a-64-bit.patch kpatch-description: x86/mm: Ensure input to pfn_to_kaddr() is treated as a 64-bit type kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2023-52659 kpatch-cvss: 6.7 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-52659 kpatch-patch-url: https://github.com/torvalds/linux/commit/8e5647a723c49d73b9f108a8bb38e8c29d3948ea kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2023-52664-net-atlantic-eliminate-double-free-in-error-handling-logic.patch kpatch-description: net: atlantic: eliminate double free in error handling logic kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2023-52664 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-52664 kpatch-patch-url: https://github.com/torvalds/linux/commit/b3cb7a830a24527877b0bc900b9bd74a96aea928 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2023-52662-drm-vmwgfx-fix-a-memleak-in-vmw_gmrid_man_get_node.patch kpatch-description: drm/vmwgfx: fix a memleak in vmw_gmrid_man_get_node kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2023-52662 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-52662 kpatch-patch-url: https://github.com/torvalds/linux/commit/89709105a6091948ffb6ec2427954cbfe45358ce kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2023-52663-asoc-sof-amd-fix-memory-leak-in-amd-sof-acp-probe.patch kpatch-description: ASoC: SOF: amd: Fix memory leak in amd_sof_acp_probe() kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2023-52663 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-52663 kpatch-patch-url: https://github.com/torvalds/linux/commit/222be59e5eed1554119294edc743ee548c2371d0 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2023-52661-01-drm-tegra-rgb-Fix-some-error-handling-paths-in-tegra_dc_rgb_probe.patch kpatch-description: drm/tegra: rgb: Fix some error handling paths in tegra_dc_rgb_probe() kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2023-52661 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-52661 kpatch-patch-url: https://github.com/torvalds/linux/commit/bc456b5d93dbfdbd89f2a036f4f3d8026595f9e4 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2023-52661-02-drm-tegra-rgb-fix-missing-clk-put-in-the-error-handling.patch kpatch-description: drm/tegra: rgb: Fix missing clk_put() in the error handling paths of tegra_dc_rgb_probe() kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2023-52661 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-52661 kpatch-patch-url: https://github.com/torvalds/linux/commit/45c8034db47842b25a3ab6139d71e13b4e67b9b3 kpatch-name: skipped/CVE-2024-26712.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-26712 kpatch-skip-reason: Do not support powerpc build with kasan sanitizer 4a7aee96200ad281a5cc4cf5c7a2e2a49d2b97b0 kpatch-cvss: kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26743-rdma-qedr-fix-qedr-create-user-qp-error-flow.patch kpatch-description: RDMA/qedr: Fix qedr_create_user_qp error flow kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26743 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26743 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=5ba4e6d5863c53e937f49932dee0ecb004c65928 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26717-hid-i2c-hid-of-fix-null-deref-on-failed-power-up.patch kpatch-description: HID: i2c-hid-of: fix NULL-deref on failed power up kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26717 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26717 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=00aab7dcb2267f2aef59447602f34501efe1a07f kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26717-hid-i2c-hid-of-fix-null-deref-on-failed-power-up-kpatch.patch kpatch-description: HID: i2c-hid-of: fix NULL-deref on failed power up kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26717 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26717 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=00aab7dcb2267f2aef59447602f34501efe1a07f kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26744-rdma-srpt-support-specifying-the-srpt-service-guid-kpatch.patch kpatch-description: RDMA/srpt: Support specifying the srpt_service_guid kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26744 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26744 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/patch/?id=fdfa083549de5d50ebf7f6811f33757781e838c0 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26733-arp-prevent-overflow-in-arp-req-get.patch kpatch-description: arp: Prevent overflow in arp_req_get(). kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26733 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26733 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=a7d6027790acea24446ddd6632d394096c0f4667 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26758-md-don-t-ignore-suspended-array-in-md-check-recovery.patch kpatch-description: md: Don't ignore suspended array in md_check_recovery() kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26758 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26758 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=1baae052cccd08daf9a9d64c3f959d8cdb689757 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26740-net-sched-act-mirred-use-the-backlog-for-mirred-ingress-427.35.patch kpatch-description: net/sched: act_mirred: use the backlog for mirred ingress kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26740 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26740 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=52f671db18823089a02f07efc04efdb2272ddc17 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26757-md-don-t-ignore-read-only-array-in-md-check-recovery.patch kpatch-description: md: Don't ignore read-only array in md_check_recovery() kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26757 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26757 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=55a48ad2db64737f7ffc0407634218cc6e4c513b kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2022-48804-vt-ioctl-fix-array-index-nospec-in-vt-setactivate.patch kpatch-description: vt_ioctl: fix array_index_nospec in vt_setactivate kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2022-48804 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2022-48804 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=61cc70d9e8ef5b042d4ed87994d20100ec8896d9 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2023-52473-thermal-core-fix-null-pointer-dereference-in-zone-registration-error-path.patch kpatch-description: thermal: core: Fix NULL pointer dereference in zone registration error path kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2023-52473 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-52473 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=04e6ccfc93c5a1aa1d75a537cf27e418895e20ea kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2023-52501-ring-buffer-do-not-attempt-to-read-past-commit.patch kpatch-description: ring-buffer: Do not attempt to read past "commit" kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2023-52501 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-52501 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=95a404bd60af6c4d9d8db01ad14fe8957ece31ca kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2022-48703-thermal-int340x-thermal-handle-data-vault-when-the-value-is-zero-size-ptr.patch kpatch-description: thermal/int340x_thermal: handle data_vault when the value is ZERO_SIZE_PTR kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2022-48703 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2022-48703 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=7931e28098a4c1a2a6802510b0cbe57546d2049d kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2023-52462-bpf-fix-check-for-attempt-to-corrupt-spilled-pointer.patch kpatch-description: bpf: fix check for attempt to corrupt spilled pointer kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2023-52462 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-52462 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=ab125ed3ec1c10ccc36bc98c7a4256ad114a3dae kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2023-52467-mfd-syscon-fix-null-pointer-dereference-in-of-syscon-register.patch kpatch-description: mfd: syscon: Fix null pointer dereference in of_syscon_register() kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2023-52467 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-52467 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=41673c66b3d0c09915698fec5c13b24336f18dd1 kpatch-name: skipped/CVE-2023-52490.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2023-52490 kpatch-skip-reason: Out of scope: not affected kpatch-cvss: kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2023-52520-platform-x86-think-lmi-fix-reference-leak.patch kpatch-description: platform/x86: think-lmi: Fix reference leak kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2023-52520 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-52520 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/patch/?id=124cf0ea4b82e1444ec8c7420af4e7db5558c293 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2023-52585-drm-amdgpu-fix-possible-null-dereference-in.patch kpatch-description: drm/amdgpu: Fix possible NULL dereference in amdgpu_ras_query_error_status_helper() kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2023-52585 kpatch-cvss: 4.4 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-52585 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=b8d55a90fd55b767c25687747e2b24abd1ef8680 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2023-52762-virtio-blk-fix-implicit-overflow-on-virtio-max-dma-size.patch kpatch-description: virtio-blk: fix implicit overflow on virtio_max_dma_size kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2023-52762 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-52762 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=fafb51a67fb883eb2dde352539df939a251851be kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2023-52784-bonding-stop-the-device-in-bond-setup-by-slave.patch kpatch-description: bonding: stop the device in bond_setup_by_slave() kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2023-52784 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-52784 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=3cffa2ddc4d3fcf70cde361236f5a614f81a09b2 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2023-52751-smb-client-fix-use-after-free-in-smb2-query-info-compound.patch kpatch-description: smb: client: fix use-after-free in smb2_query_info_compound() kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2023-52751 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-52751 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=5c86919455c1edec99ebd3338ad213b59271a71b kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2023-52791-i2c-core-run-atomic-i2c-xfer-when-preemptible.patch kpatch-description: i2c: core: Run atomic i2c xfer when !preemptible kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2023-52791 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-52791 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=aa49c90894d06e18a1ee7c095edbd2f37c232d02 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2023-52791-i2c-core-fix-atomic-xfer-check-for-non-preempt-config.patch kpatch-description: i2c: core: Fix atomic xfer check for non-preempt config kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2023-52791 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-52791 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=aa49c90894d06e18a1ee7c095edbd2f37c232d02 kpatch-name: skipped/CVE-2023-52756.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2023-52756 kpatch-skip-reason: Bug doesn't hit as enum values are just shifted numbers kpatch-cvss: kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2023-52813-crypto-pcrypt-fix-hungtask-for-padata-reset.patch kpatch-description: crypto: pcrypt - Fix hungtask for PADATA_RESET kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2023-52813 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-52813 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=8f4f68e788c3a7a696546291258bfa5fdb215523 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2023-52811-scsi-ibmvfc-remove-bug-on-in-the-case-of-an-empty-event-pool.patch kpatch-description: scsi: ibmvfc: Remove BUG_ON in the case of an empty event pool kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2023-52811 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-52811 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=b39f2d10b86d0af353ea339e5815820026bca48f kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2023-52775-net-smc-avoid-data-corruption-caused-by-decline.patch kpatch-description: net/smc: avoid data corruption caused by decline kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2023-52775 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-52775 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=e6d71b437abc2f249e3b6a1ae1a7228e09c6e563 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2023-52831-cpu-hotplug-prevent-self-deadlock-on-cpu-hot-unplug.patch kpatch-description: cpu/hotplug: Prevent self deadlock on CPU hot-unplug kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2023-52831 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-52831 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=38685e2a0476127db766f81b1c06019ddc4c9ffa kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2023-52831-cpu-hotplug-don-t-offline-the-last-non-isolated-cpu.patch kpatch-description: cpu/hotplug: Don't offline the last non-isolated CPU kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2023-52831 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-52831 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=38685e2a0476127db766f81b1c06019ddc4c9ffa kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2023-52833-bluetooth-btusb-add-date-evt-skb-is-null-check.patch kpatch-description: Bluetooth: btusb: Add date->evt_skb is NULL check kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2023-52833 kpatch-cvss: 4.4 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-52833 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=624820f7c8826dd010e8b1963303c145f99816e9 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2023-52840-input-synaptics-rmi4-fix-use-after-free-in-rmi-unregister-function.patch kpatch-description: Input: synaptics-rmi4 - fix use after free in rmi_unregister_function() kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2023-52840 kpatch-cvss: 4.4 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-52840 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=eb988e46da2e4eae89f5337e047ce372fe33d5b1 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2023-52859-perf-hisi-Fix-use-after-free-when-register-pmu-fails.patch kpatch-description: perf: hisi: Fix use-after-free when register pmu fails kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2023-52859 kpatch-cvss: 6.0 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-52859 kpatch-patch-url: https://github.com/torvalds/linux/commit/b805cafc604bfdb671fae7347a57f51154afa735 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2023-52869-pstore-platform-add-check-for-kstrdup.patch kpatch-description: pstore/platform: Add check for kstrdup kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2023-52869 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-52869 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=a19d48f7c5d57c0f0405a7d4334d1d38fe9d3c1c kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2023-52878-can-dev-can_put_echo_skb-don-t-crash-kernel-if-can_priv-echo_skb-is-accessed-out-of-bounds.patch kpatch-description: can: dev: can_put_echo_skb(): don't crash kernel if can_priv::echo_skb is accessed out of bounds kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2023-52878 kpatch-cvss: 4.4 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-52878 kpatch-patch-url: https://github.com/torvalds/linux/commit/6411959c10fe917288cbb1038886999148560057 kpatch-name: skipped/CVE-2023-52902.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2023-52902 kpatch-skip-reason: nommu: kernel is not vulnerable. Commit 8220543("nommu: remove uses of VMA linked list") is absent kpatch-cvss: kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26840-cachefiles-fix-memory-leak-in-cachefiles_add_cache.patch kpatch-description: cachefiles: fix memory leak in cachefiles_add_cache() kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26840 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26840 kpatch-patch-url: https://github.com/torvalds/linux/commit/e21a2f17566cbd64926fb8f16323972f7a064444 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26857-geneve__make_sure_to_pull_inner_header_in_geneve_r.patch kpatch-description: geneve: make sure to pull inner header in geneve_rx() kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26857 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26857 kpatch-patch-url: https://github.com/torvalds/linux/commit/1ca1ba465e55b9460e4e75dec9fff31e708fec74 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26863-hsr__Fix_uninit-value_access_in_hsr_get_node__.patch kpatch-description: hsr: Fix uninit-value access in hsr_get_node() kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26863 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26863 kpatch-patch-url: https://github.com/torvalds/linux/commit/ddbec99f58571301679addbc022256970ca3eac6 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26870-NFSv4_2__fix_nfs4_listxattr_kernel_BUG_at_mm_userc.patch kpatch-description: NFSv4.2: fix nfs4_listxattr kernel BUG at mm/usercopy.c:102 kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26870 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26870 kpatch-patch-url: https://github.com/torvalds/linux/commit/251a658bbfceafb4d58c76b77682c8bf7bcfad65 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26878-quota__Fix_potential_NULL_pointer_dereference.patch kpatch-description: quota: Fix potential NULL pointer dereference kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26878 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26878 kpatch-patch-url: https://github.com/torvalds/linux/commit/d0aa72604fbd80c8aabb46eda00535ed35570f1f kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26889-Bluetooth-hci_core-Fix-possible-buffer-overflow.patch kpatch-description: Bluetooth: hci_core: Fix possible buffer overflow kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26889 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26889 kpatch-patch-url: https://github.com/torvalds/linux/commit/81137162bfaa7278785b24c1fd2e9e74f082e8e4 kpatch-name: skipped/CVE-2024-26899.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-26899 kpatch-skip-reason: Current kernel is not vulnerable. kpatch-cvss: kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26901-do_sys_name_to_handle____use_kzalloc___to_fix_kern.patch kpatch-description: do_sys_name_to_handle(): use kzalloc() to fix kernel-infoleak kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26901 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26901 kpatch-patch-url: https://github.com/torvalds/linux/commit/3948abaa4e2be938ccdfc289385a27342fb13d43 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26906-x86-sev-es-Allow-copy_from_kernel_nofault-in-earlier-boot.patch kpatch-description: x86/sev-es: Allow copy_from_kernel_nofault() in earlier boot kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26906 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26906 kpatch-patch-url: https://github.com/torvalds/linux/commit/f79936545fb122856bd78b189d3c7ee59928c751 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26906-x86_mm__Disallow_vsyscall_page_read_for_copy_from.patch kpatch-description: x86/mm: Disallow vsyscall page read for copy_from_kernel_nofault() kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26906 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26906 kpatch-patch-url: https://github.com/torvalds/linux/commit/32019c659ecfe1d92e3bf9fcdfbb11a7c70acd58 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26915-drm-amdgpu-Reset-IH-OVERFLOW_CLEAR-bit.patch kpatch-description: drm/amdgpu: Reset IH OVERFLOW_CLEAR bit kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26915 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26915 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=7330256268664ea0a7dd5b07a3fed363093477dd kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26920-tracing_trigger__Fix_to_return_error_if_failed_to_.patch kpatch-description: tracing/trigger: Fix to return error if failed to alloc snapshot kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26920 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26920 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=b5085b5ac1d96ea2a8a6240f869655176ce44197 kpatch-name: skipped/CVE-2024-26921.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-26921 kpatch-skip-reason: Live-patching will introduce network performance degradation in the best case scenario, or even some more serious issues. N/A or Low cvss3 score from NVD or vendors. kpatch-cvss: kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26937-drm-i915-gt-Reset-queue_priority_hint-on-parking.patch kpatch-description: drm/i915/gt: Reset queue_priority_hint on parking kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26937 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26937 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=4a3859ea5240365d21f6053ee219bb240d520895 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26938-drm-i915-bios-Tolerate-devdata-NULL-in-intel_bios_encoder_supports_dp_dual_mode.patch kpatch-description: drm/i915/bios: Tolerate devdata==NULL in intel_bios_encoder_supports_dp_dual_mode() kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26938 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26938 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=32e39bab59934bfd3f37097d4dd85ac5eb0fd549 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26939-drm-i915-vma-Fix-UAF-on-destroy-against-retire-race.patch kpatch-description: drm/i915/vma: Fix UAF on destroy against retire race kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26939 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26939 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=f3c71b2ded5c4367144a810ef25f998fd1d6c381 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26940-drm-vmwgfx-Create-debugfs-ttm_resource_manager-entry-only-if-needed.patch kpatch-description: drm/vmwgfx: Create debugfs ttm_resource_manager entry only if needed kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26940 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26940 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=4be9075fec0a639384ed19975634b662bfab938f kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26950-wireguard__netlink__access_device_through_ctx_inst.patch kpatch-description: wireguard: netlink: access device through ctx instead of peer kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26950 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26950 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=71cbd32e3db82ea4a74e3ef9aeeaa6971969c86f kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26951-wireguard__netlink__check_for_dangling_peer_via_is.patch kpatch-description: wireguard: netlink: check for dangling peer via is_dead instead of empty list kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26951 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26951 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=55b6c738673871c9b0edae05d0c97995c1ff08c4 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26953-net__esp__fix_bad_handling_of_pages_from_page_pool.patch kpatch-description: net: esp: fix bad handling of pages from page_pool kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26953 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26953 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=c3198822c6cb9fb588e446540485669cc81c5d34 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2023-52837-nbd-fix-uaf-in-nbd-open.patch kpatch-description: nbd: fix uaf in nbd_open kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2023-52837 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-52837 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=327462725b0f759f093788dfbcb2f1fd132f956b kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2023-52837-nbd-fix-uaf-in-nbd-open-kpatch.patch kpatch-description: nbd: fix uaf in nbd_open kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2023-52837 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-52837 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=327462725b0f759f093788dfbcb2f1fd132f956b kpatch-name: skipped/CVE-2024-35983.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-35983 kpatch-skip-reason: Kernel is not vulnerable: commit f2d5dcb4 is absent. kpatch-cvss: kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-35946-wifi-rtw89-fix-null-pointer-access-when-abort-scan-pt1.patch kpatch-description: wifi: rtw89: fix null pointer access when abort scan kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-35946 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-35946 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=7e11a2966f51695c0af0b1f976a32d64dee243b2 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-35946-wifi-rtw89-fix-null-pointer-access-when-abort-scan-pt2.patch kpatch-description: wifi: rtw89: fix null pointer access when abort scan kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-35946 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-35946 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=7e11a2966f51695c0af0b1f976a32d64dee243b2 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-35947-dyndbg-fix-old-BUG_ON-in-control-parser.patch kpatch-description: dyndbg: fix old BUG_ON in >control parser kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-35947 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-35947 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=00e7d3bea2ce7dac7bee1cf501fb071fd0ea8f6c kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-35950-drm-client-Fully-protect-modes-with-dev-mode_config-mutex.patch kpatch-description: drm/client: Fully protect modes[] with dev->mode_config.mutex kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-35950 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-35950 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3eadd887dbac1df8f25f701e5d404d1b90fd0fea kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-35959-net-mlx5e-fix-mlx5e-priv-init-cleanup-flow.patch kpatch-description: net/mlx5e: Fix mlx5e_priv_init() cleanup flow kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-35959 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-35959 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=ecb829459a841198e142f72fadab56424ae96519 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-35973-geneve-fix-header-validation-in-geneve-6-xmit-skb.patch kpatch-description: geneve: fix header validation in geneve[6]_xmit_skb kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-35973 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-35973 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=d8a6213d70accb403b82924a1c229e733433a5ef kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-35973-geneve-Fix-incorrect-inner-network-header-offset-when-innerprotoinherit-is-set.patch kpatch-description: geneve: Fix incorrect inner network header offset when innerprotoinherit is set kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-35954 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-35954 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c6ae073f5903f6c6439d0ac855836a4da5c0a701 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-35973-bareudp-Pull-inner-IP-header-on-xmit.patch kpatch-description: bareudp: Pull inner IP header on xmit kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-35954 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-35954 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c471236b2359e6b27388475dd04fff0a5e2bf922 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-35973-vxlan-Pull-inner-IP-header-in-vxlan_xmit_one.patch kpatch-description: vxlan: Pull inner IP header in vxlan_xmit_one() kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-35954 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-35954 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=31392048f55f98cb01ca709d32d06d926ab9760a kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-36031-keys-fix-overwrite-of-key-expiration-on-instantiation.patch kpatch-description: keys: Fix overwrite of key expiration on instantiation kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-36031 kpatch-cvss: 9.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-36031 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=9da27fb65a14c18efd4473e2e82b76b53ba60252 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-36896-usb-core-fix-access-violation-during-port-device-removal.patch kpatch-description: USB: core: Fix access violation during port device removal kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-36896 kpatch-cvss: 9.1 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-36896 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=a4b46d450c49f32e9d4247b421e58083fde304ce kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-35854-mlxsw-spectrum_acl_tcam-Fix-possible-use-after-free.patch kpatch-description: mlxsw: spectrum_acl_tcam: Fix possible use-after-free during rehash kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-35854 kpatch-cvss: 9.1 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-35854 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=54225988889931467a9b55fdbef534079b665519 kpatch-name: skipped/CVE-2024-38605.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-38605 kpatch-skip-reason: Not a bug for a real-life RHEL9 setup kpatch-cvss: kpatch-name: skipped/CVE-2024-26843.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-26843 kpatch-skip-reason: EFI Firmware: CVE patch is for EFI firmware which runs at boot time. kpatch-cvss: kpatch-name: skipped/CVE-2024-35957.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-35957 kpatch-skip-reason: Kernel is not affected kpatch-cvss: kpatch-name: skipped/CVE-2024-26900.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-26900 kpatch-skip-reason: Kernel is not affected kpatch-cvss: kpatch-name: skipped/CVE-2024-36926.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-36926 kpatch-skip-reason: CVE patch is for powerpc arch only kpatch-cvss: kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-36905-tcp-defer-shutdown-send-shutdown-for-tcp-syn-recv-sockets.patch kpatch-description: tcp: defer shutdown(SEND_SHUTDOWN) for TCP_SYN_RECV sockets kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-36905 kpatch-cvss: 9.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-36905 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=94062790aedb505bdda209b10bea47b294d6394f kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26927-asoc-sof-add-some-bounds-checking-to-firmware-data.patch kpatch-description: ASoC: SOF: Add some bounds checking to firmware data kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26927 kpatch-cvss: 8.4 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26927 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=98f681b0f84cfc3a1d83287b77697679e0398306 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-42154-tcp-metrics-validate-source-addr-length-kpatch.patch kpatch-description: tcp_metrics: validate source addr length kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-42154 kpatch-cvss: 9.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-42154 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=66be40e622e177316ae81717aa30057ba9e61dff kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26707-net-hsr-remove-warn-once-in-send-hsr-supervision-frame.patch kpatch-description: net: hsr: remove WARN_ONCE() in send_hsr_supervision_frame() kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26707 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26707 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=37e8c97e539015637cb920d3e6f1e404f707a06e kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26679-inet-read-sk-sk-family-once-in-inet-recv-error.patch kpatch-description: inet: read sk->sk_family once in inet_recv_error() kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26679 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26679 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=eef00a82c568944f113f2de738156ac591bbd5cd kpatch-name: skipped/CVE-2024-26678.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-26678 kpatch-skip-reason: Boot time issue kpatch-cvss: kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26691-kvm-arm64-fix-circular-locking-dependency.patch kpatch-description: KVM: arm64: Fix circular locking dependency kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26691 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26691 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=10c02aad111df02088d1a81792a709f6a7eca6cc kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26680-net-atlantic-fix-dma-mapping-for-ptp-hwts-ring.patch kpatch-description: net: atlantic: Fix DMA mapping for PTP hwts ring kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26680 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26680 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=2e7d3b67630dfd8f178c41fa2217aa00e79a5887 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26686-fs-proc-do_task_stat-move-thread_group_cputime_adjus.patch kpatch-description: fs/proc: do_task_stat: move thread_group_cputime_adjusted() outside of lock_task_sighand() kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26686 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26686 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=60f92acb60a989b14e4b744501a0df0f82ef30a3 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26686-fs-proc-do-task-stat-use-sig-stats-lock-to-gather-the-threads-children-stats.patch kpatch-description: fs/proc: do_task_stat: use sig->stats_lock to gather the threads/children stats kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26686 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26686 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=7601df8031fd67310af891897ef6cc0df4209305 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26704-ext4-fix-double-free-of-blocks-due-to-wrong.patch kpatch-description: ext4: fix double-free of blocks due to wrong kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26704 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26704 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=55583e899a5357308274601364741a83e78d6ac4 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26700-drm-amd-display-Fix-MST-Null-Ptr-for-RV.patch kpatch-description: drm/amd/display: Fix MST Null Ptr for RV kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26700 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26700 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=1b5b72b4d67c1e72c4fc19151fd669acecc92faa kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26675-ppp-async-limit-mru-to-64k.patch kpatch-description: ppp_async: limit MRU to 64K kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26675 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26675 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=cb88cb53badb8aeb3955ad6ce80b07b598e310b8 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2023-52757-smb-client-fix-potential-deadlock-when-releasing-mids.patch kpatch-description: smb: client: fix potential deadlock when releasing mids kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2023-52757 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-52757 kpatch-patch-url: https://gitlab.com/redhat/centos-stream/src/kernel/centos-stream-9/-/commit/e6dbb199ae1025d695a34ef4f2f87460e06f0c99 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2023-52632-drm-amdkfd-Fix-lock-dependency-warning-with-srcu.patch kpatch-description: drm/amdkfd: Fix lock dependency warning with srcu kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2023-52632 kpatch-cvss: 4.4 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-52632 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=2a9de42e8d3c82c6990d226198602be44f43f340 kpatch-name: skipped/CVE-2024-36920.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-36920 kpatch-skip-reason: Warning fix doesn't worth live-patching kpatch-cvss: kpatch-name: skipped/CVE-2024-36936.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-36936 kpatch-skip-reason: Boot time fix cannot be fixed with live-patching kpatch-cvss: kpatch-name: skipped/CVE-2023-52634.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2023-52634 kpatch-skip-reason: The patch for this CVE fixing vulnerability which was introduced in kernel v6.7 kpatch-cvss: kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2023-52635-pm-devfreq-synchronize-devfreq-monitor-start-stop.patch kpatch-description: PM / devfreq: Synchronize devfreq_monitor_[start/stop] kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2023-52635 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-52635 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=aed5ed595960c6d301dcd4ed31aeaa7a8054c0c6 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2023-52648-drm-vmwgfx-unmap-the-surface-before-resetting-it-on-a-plane.patch kpatch-description: drm/vmwgfx: Unmap the surface before resetting it on a plane state state kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2023-52648 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-52648 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=27571c64f1855881753e6f33c3186573afbab7ba kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2023-52649-drm-vkms-avoid-reading-beyond-lut-array.patch kpatch-description: drm/vkms: Avoid reading beyond LUT array kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2023-52649 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-52649 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=2fee84030d12d9fddfa874e4562d71761a129277 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2023-52650-drm-tegra-dsi-add-missing-check-for-of-find-device-by-node.patch kpatch-description: drm/tegra: dsi: Add missing check for of_find_device_by_node kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2023-52650 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-52650 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=afe6fcb9775882230cd29b529203eabd5d2a638d kpatch-name: skipped/CVE-2023-52619.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2023-52619 kpatch-skip-reason: Complex adaptation required. x86 and amd64 architectures are not affected. Issues triggers while dumping after another crash. kpatch-cvss: kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2023-52731-fbdev-fix-invalid-page-access-after-closing-deferred-i-o-devices.patch kpatch-description: fbdev: Fix invalid page access after closing deferred I/O devices kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2023-52731 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-52731 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=3efc61d95259956db25347e2a9562c3e54546e20 kpatch-name: skipped/CVE-2023-52686.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2023-52686 kpatch-skip-reason: CVE patch is for powerpc arch only kpatch-cvss: kpatch-name: skipped/CVE-2023-52740.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2023-52740 kpatch-skip-reason: CVE patch is for powerpc arch only kpatch-cvss: kpatch-name: skipped/CVE-2023-52690.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2023-52690 kpatch-skip-reason: Out of scope as the patch is for powerpc arch only kpatch-cvss: kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2023-52730-mmc-sdio-fix-possible-resource-leaks-in-some-error-paths.patch kpatch-description: mmc: sdio: fix possible resource leaks in some error paths kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2023-52730 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-52730 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=605d9fb9556f8f5fb4566f4df1480f280f308ded kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2023-52703-net-usb-kalmia-don-t-pass-act-len-in-usb-bulk-msg-error-path.patch kpatch-description: net/usb: kalmia: Don't pass act_len in usb_bulk_msg error path kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2023-52703 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-52703 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=c68f345b7c425b38656e1791a0486769a8797016 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2023-52697-ASoC-Intel-sof_sdw_rt_sdca_jack_common-ctx-headset_codec_dev-NULL.patch kpatch-description: ASoC: Intel: sof_sdw_rt_sdca_jack_common: ctx->headset_codec_dev = NULL kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2023-52697 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-52697 kpatch-patch-url: https://gitlab.com/redhat/centos-stream/src/kernel/centos-stream-9/-/commit/e502cdeaace02eccacb616335769bdf7cb586b7d kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2023-52698-calipso-fix-memory-leak-in-netlbl_calipso_add_pass.patch kpatch-description: calipso: fix memory leak in netlbl_calipso_add_pass() kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2023-52698 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-52698 kpatch-patch-url: https://gitlab.com/redhat/centos-stream/src/kernel/centos-stream-9/-/commit/6706598da43cfbde852754274549717cc558d1dd kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2023-52689-alsa-scarlett2-add-missing-mutex-lock-around-get-meter-levels.patch kpatch-description: ALSA: scarlett2: Add missing mutex lock around get meter levels kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2023-52689 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-52689 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=993f7b42fa066b055e3a19b7f76ad8157c0927a0 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26958-nfs-fix-UAF-in-direct-writes.patch kpatch-description: nfs: fix UAF in direct writes kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26958 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26958 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=17f46b803d4f23c66cacce81db35fef3adb8f2af kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26958-nfs-fix-UAF-in-direct-writes-kpatch.patch kpatch-description: nfs: fix UAF in direct writes kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26958 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26958 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=17f46b803d4f23c66cacce81db35fef3adb8f2af kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26960-mm-swap-fix-race-between-free_swap_and_cache-and-swa.patch kpatch-description: mm: swap: fix race between free_swap_and_cache() and swapoff() kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26960 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26960 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=82b1c07a0af603e3c47b906c8e991dc96f01688e kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26964-usb-xhci-Add-error-handling-in-xhci_map_urb_for_dma.patch kpatch-description: usb: xhci: Add error handling in xhci_map_urb_for_dma kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26964 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26964 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=be95cc6d71dfd0cba66e3621c65413321b398052 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26973-fat-fix-uninitialized-field-in-nostale-filehandles.patch kpatch-description: fat: fix uninitialized field in nostale filehandles kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26973 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26973 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=fde2497d2bc3a063d8af88b258dbadc86bd7b57c kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26975-powercap-intel_rapl-Fix-a-NULL-pointer-dereference.patch kpatch-description: powercap: intel_rapl: Fix a NULL pointer dereference kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26975 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26975 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=2d1f5006ff95770da502f8cee2a224a1ff83866e kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26984-nouveau-fix-instmem-race-condition-around-ptr-stores.patch kpatch-description: nouveau: fix instmem race condition around ptr stores kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26984 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26984 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=fff1386cc889d8fb4089d285f883f8cba62d82ce kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26987-mm-memory-failure-fix-deadlock-when-hugetlb_optimize_vmemmap-is-enabled.patch kpatch-description: mm/memory-failure: fix deadlock when hugetlb_optimize_vmemmap is enabled kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26987 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26987 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=1983184c22dd84a4d95a71e5c6775c2638557dc7 kpatch-name: skipped/CVE-2024-26988.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-26988 kpatch-skip-reason: Out of scope as the patch is for vmlinux init sections which are discarded after the boot kpatch-cvss: kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26989-arm64-hibernate-Fix-level3-translation-fault-in-swsusp_save.patch kpatch-description: arm64: hibernate: Fix level3 translation fault in swsusp_save() kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26989 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26989 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=50449ca66cc5a8cbc64749cf4b9f3d3fc5f4b457 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-27025-nbd-null-check-for-nla-nest-start.patch kpatch-description: nbd: null check for nla_nest_start kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-27025 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-27025 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=31edf4bbe0ba27fd03ac7d87eb2ee3d2a231af6d kpatch-name: skipped/CVE-2024-27023.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-27023 kpatch-skip-reason: Fix commit isn't present kpatch-cvss: kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-27389-pstore-inode-only-d-invalidate-is-needed.patch kpatch-description: pstore: inode: Only d_invalidate() is needed kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-27389 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-27389 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=a43e0fc5e9134a46515de2f2f8d4100b74e50de3 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-27038-clk-Fix-clk_core_get-NULL-dereference.patch kpatch-description: clk: Fix clk_core_get NULL dereference kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-27038 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-27038 kpatch-patch-url: https://gitlab.com/redhat/centos-stream/src/kernel/centos-stream-9/-/commit/ad3c36556614598882f9bfd24e917e329ca5f761 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-27042-drm-amdgpu-Fix-potential-out-of-bounds-access-in-amdgpu_discovery_reg_base_init.patch kpatch-description: drm/amdgpu: Fix potential out-of-bounds access in 'amdgpu_discovery_reg_base_init()' kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-27042 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-27042 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=8db10cee51e3e11a6658742465edc21986cf1e8d kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-27048-wifi-brcm80211-handle-pmk_op-allocation-failure.patch kpatch-description: wifi: brcm80211: handle pmk_op allocation failure kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-27048 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-27048 kpatch-patch-url: https://gitlab.com/redhat/centos-stream/src/kernel/centos-stream-9/-/commit/2ea4ff826876e4cd799a7df1e410bc9e6e7adb2c kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-27057-ASoC-SOF-ipc4-pcm-Workaround-for-crashed-firmware-on-system-suspend.patch kpatch-description: ASoC: SOF: ipc4-pcm: Workaround for crashed firmware on system suspend kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-27057 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-27057 kpatch-patch-url: https://gitlab.com/redhat/centos-stream/src/kernel/centos-stream-9/-/commit/9fdefb89decb48ec0dd19c899c2c43e0094afc44 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-27395-net-openvswitch-fix-use-after-free-in-ovs-ct-exit.patch kpatch-description: net: openvswitch: Fix Use-After-Free in ovs_ct_exit kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-27395 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-27395 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=9048616553c65e750d43846f225843ed745ec0d4 kpatch-name: skipped/CVE-2024-27404.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-27404 kpatch-skip-reason: Complex adaptation required. Network services prevents update because they can sleep in subflow_finish_connect() function. kpatch-cvss: kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-27410-wifi-nl80211-reject-iftype-change-with-mesh-ID-chang.patch kpatch-description: wifi: nl80211: reject iftype change with mesh ID change kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-27410 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-27410 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=063715c33b4c37587aeca2c83cf08ead0c542995 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-27414-rtnetlink-fix-error-logic-of-IFLA_BRIDGE_FLAGS-writing-back.patch kpatch-description: rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing back kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-27414 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-27414 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=a1227b27fcccc99dc44f912b479e01a17e2d7d31 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-35787-md-md-bitmap-fix-incorrect-usage-for-sb_index.patch kpatch-description: md/md-bitmap: fix incorrect usage for sb_index kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-35787 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-35787 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=736ad6c577a367834118f57417038d45bb5e0a31 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-35795-drm-amdgpu-fix-deadlock-while-reading-mqd-from-debugfs.patch kpatch-description: drm/amdgpu: fix deadlock while reading mqd from debugfs kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-35795 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-35795 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=197f6d6987c55860f6eea1c93e4f800c59078874 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-27431-cpumap-Zero-initialise-xdp_rxq_info-struct-before-running-xdp-program.patch kpatch-description: cpumap: Zero-initialise xdp_rxq_info struct before running kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-27431 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-27431 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=f0363af9619c77730764f10360e36c6445c12f7b kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-27436-ALSA-usb-audio-Stop-parsing-channels-bits-when-all-channels.patch kpatch-description: ALSA: usb-audio: Stop parsing channels bits when all channels kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-27436 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-27436 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=9af1658ba293458ca6a13f70637b9654fa4be064 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-31076-genirq-cpuhotplug-x86-vector-Prevent-vector-leak-during-CPU-offline.patch kpatch-description: genirq/cpuhotplug, x86/vector: Prevent vector leak during CPU offline kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-31076 kpatch-cvss: 5.1 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-31076 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=9eeda3e0071a329af1eba15f4e57dc39576bb420 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26976-kvm-always-flush-async-pf-workqueue-when-vcpu-is-being-destroyed.patch kpatch-description: KVM: Always flush async #PF workqueue when vCPU is being destroyed kpatch-kernel: kernel-5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26976 kpatch-cvss: 7.0 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26976 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=3d75b8aa5c29058a512db29da7cbee8052724157 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26976-kvm-always-flush-async-pf-workqueue-when-vcpu-is-being-destroyed-kpatch.patch kpatch-description: KVM: Always flush async #PF workqueue when vCPU is being destroyed kpatch-kernel: kernel-5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26976 kpatch-cvss: 7.0 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26976 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=3d75b8aa5c29058a512db29da7cbee8052724157 kpatch-name: skipped/CVE-2024-35794.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-35794 kpatch-skip-reason: Kernel is not affected kpatch-cvss: kpatch-name: skipped/CVE-2024-27079.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-27079 kpatch-skip-reason: Bug triggers in kdump kernel which we don't patch kpatch-cvss: kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26641-ip6-tunnel-make-sure-to-pull-inner-header-in-ip6-tnl-rcv.patch kpatch-description: ip6_tunnel: make sure to pull inner header in __ip6_tnl_rcv() kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26641 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26641 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=8d975c15c0cd744000ca386247432d57b21f9df0 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26656-drm-amdgpu-fix-use-after-free-bug.patch kpatch-description: drm/amdgpu: fix use-after-free bug kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26656 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26656 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=22207fd5c80177b860279653d017474b2812af5e kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26660-drm-amd-display-implement-bounds-check-for-stream-encoder-creation-in-DCN301.patch kpatch-description: drm/amd/display: Implement bounds check for stream encoder creation in DCN301 kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26660 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26660 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=58fca355ad37dcb5f785d9095db5f748b79c5dc2 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26661-drm-amd-display-add-null-test-for-timing-generator-in-dcn21_set_pipe.patch kpatch-description: drm/amd/display: Add NULL test for 'timing generator' in 'dcn21_set_pipe()' kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26661 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26661 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=66951d98d9bf45ba25acf37fe0747253fafdf298 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26662-drm-amd-display-fix-panel_cntl-could-be-null-in-dcn21_set_backlight_level.patch kpatch-description: drm/amd/display: Fix 'panel_cntl' could be null in 'dcn21_set_backlight_level()' kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26662 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26662 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=e96fddb32931d007db12b1fce9b5e8e4c080401b kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26663-tipc-check-the-bearer-type-before-calling-tipc_udp_nl_bearer_add.patch kpatch-description: tipc: Check the bearer type before calling tipc_udp_nl_bearer_add() kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26663 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26663 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=3871aa01e1a779d866fa9dfdd5a836f342f4eb87 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26669-net-sched-flower-fix-chain-template-offload-kpatch.patch kpatch-description: net/sched: flower: Fix chain template offload kpatch kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26669 kpatch-cvss: 7.1 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26669 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=32f2a0afa95fae0d1ceec2ff06e0e816939964b8 kpatch-name: skipped/CVE-2024-26674.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-26674 kpatch-skip-reason: Out of scope: not affected kpatch-cvss: kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26990-KVM-x86-mmu-Write-protect-L2-SPTEs-in-TDP-MMU-when-clearing-dirty-status.patch kpatch-description: KVM: x86/mmu: Write-protect L2 SPTEs in TDP MMU when clearing dirty status kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26990 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26990 kpatch-patch-url: https://gitlab.com/redhat/centos-stream/src/kernel/centos-stream-9/-/commit/4d44bfa805835e3c951faf2985249dd01af70c3c kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-27013-tun-limit-printing-rate-when-illegal-packet-received-by-tun-dev.patch kpatch-description: tun: limit printing rate when illegal packet received by tun dev kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-27013 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-27013 kpatch-patch-url: https://gitlab.com/redhat/centos-stream/src/kernel/centos-stream-9/-/commit/4e933e785236886890959d705f94e30c99775b87 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-27015-netfilter-flowtable-incorrect-pppoe-tuple.patch kpatch-description: netfilter: flowtable: incorrect pppoe tuple kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-27015 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-27015 kpatch-patch-url: https://gitlab.com/redhat/centos-stream/src/kernel/centos-stream-9/-/commit/83c2f8f40816ecedf9da8ac3bd803f7261e99594 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-35877-x86-mm-pat-fix-vm-pat-handling-in-cow-mappings.patch kpatch-description: x86/mm/pat: fix VM_PAT handling in COW mappings kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-35877 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-35877 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=04c35ab3bdae7fefbd7c7a7355f29fa03a035221 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-35864-smb__client__fix_potential_UAF_in_smb2_is_valid_le.patch kpatch-description: smb: client: fix potential UAF in smb2_is_valid_lease_break() kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-35864 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-35864 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=705c76fbf726c7a2f6ff9143d4013b18daaaebf1 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-35866-smb-client-fix-potential-uaf-in-cifs-dump-full-key.patch kpatch-description: smb: client: fix potential UAF in cifs_dump_full_key() kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-35866 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-35866 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=58acd1f497162e7d282077f816faa519487be045 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-35865-smb-client-fix-potential-uaf-in-smb2-is-valid-oplock-break.patch kpatch-description: smb: client: fix potential UAF in smb2_is_valid_oplock_break() kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-35865 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-35865 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=22863485a4626ec6ecf297f4cc0aef709bc862e4#if kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-35867-smb__client__fix_potential_UAF_in_cifs_stats_proc_.patch kpatch-description: smb: client: fix potential UAF in cifs_stats_proc_show() kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-35867 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-35867 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=0865ffefea197b437ba78b5dd8d8e256253efd65 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-35878-of-module-prevent-null-pointer-dereference-in-vsnprintf.patch kpatch-description: of: module: prevent NULL pointer dereference in vsnprintf() kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-35878 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-35878 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=a1aa5390cc912934fee76ce80af5f940452fa987 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-35872-mm-secretmem-fix-gup-fast-succeeding-on-secretmem-folios.patch kpatch-description: mm/secretmem: fix GUP-fast succeeding on secretmem folios kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-35872 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-35872 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=6564b014af92b677c1f07c44d7f5b595d589cf6e kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-35876-x86-mce-make-sure-to-grab-mce-sysfs-mutex-in-set-bank.patch kpatch-description: x86/mce: Make sure to grab mce_sysfs_mutex in set_bank() kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-35876 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-35876 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=3ddf944b32f88741c303f0b21459dbb3872b8bc5 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-35886-ipv6-fix-infinite-recursion-in-fib6-dump-done.patch kpatch-description: ipv6: Fix infinite recursion in fib6_dump_done(). kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-35886 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-35886 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=d21d40605bca7bd5fc23ef03d4c1ca1f48bc2cae kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-35888-erspan-make-sure-erspan_base_hdr-is-present-in-skb-h.patch kpatch-description: erspan: make sure erspan_base_hdr is present in skb->head kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-35888 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-35888 kpatch-patch-url: https://git.kernel.org/stable/c/17af420545a750f763025149fa7b833a4fc8b8f0 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-35892-net-sched-fix-lockdep-splat-in-qdisc-tree-reduce-backlog.patch kpatch-description: net/sched: fix lockdep splat in qdisc_tree_reduce_backlog() kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-35892 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-35892 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=7eb322360b0266481e560d1807ee79e0cef5742b kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-35894-mptcp-prevent-bpf-accessing-lowat-from-a-subflow-socket.patch kpatch-description: mptcp: prevent BPF accessing lowat from a subflow socket. kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-35894 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-35894 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=fcf4692fa39e86a590c14a4af2de704e1d20a3b5 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-35900-netfilter-nf-tables-reject-new-basechain-after-table-flag-update.patch kpatch-description: netfilter: nf_tables: reject new basechain after table flag update kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-35900 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-35900 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=994209ddf4f430946f6247616b2e33d179243769 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-35905-bpf-Fix-verification-of-indirect-var-off-stack-access.patch kpatch-description: bpf: Fix verification of indirect var-off stack access kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-35905 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-35905 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=a833a17aeac73b33f79433d7cee68d5cafd71e4f kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-35905-bpf-protect-against-int-overflow-for-stack-access-size.patch kpatch-description: bpf: Protect against int overflow for stack access size kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-35905 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-35905 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=ecc6a2101840177e57c925c102d2d29f260d37c8 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-35908-tls-get-psock-ref-after-taking-rxlock-to-avoid-leak.patch kpatch-description: tls: get psock ref after taking rxlock to avoid leak kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-35908 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-35908 kpatch-patch-url: https://git.kernel.org/stable/c/30fabe50a7ace3e9d57cf7f9288f33ea408491c8 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-35912-wifi-iwlwifi-mvm-rfi-fix-potential-response-leaks.patch kpatch-description: wifi: iwlwifi: mvm: rfi: fix potential response leaks kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-35912 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-35912 kpatch-patch-url: https://git.kernel.org/stable/c/06a093807eb7b5c5b29b6cff49f8174a4e702341 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-35913-wifi-iwlwifi-mvm-pick-the-version-of-SESSION_PROTECT.patch kpatch-description: wifi: iwlwifi: mvm: pick the version of SESSION_PROTECTION_NOTIF kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-35913 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-35913 kpatch-patch-url: https://git.kernel.org/stable/c/bbe806c294c9c4cd1221140d96e5f367673e393a kpatch-name: skipped/CVE-2024-35918.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-35918 kpatch-skip-reason: It is not possible to fix this vulnerability using kernel livepatching because it lies below the system call level. kpatch-cvss: kpatch-name: skipped/CVE-2024-38604.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-38604 kpatch-skip-reason: Existing kernels aren't affected kpatch-cvss: kpatch-name: skipped/CVE-2024-38632.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-38632 kpatch-skip-reason: Existing kernels aren't affected kpatch-cvss: kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-38635-soundwire-cadence-fix-invalid-PDI-offset.patch kpatch-description: soundwire: cadence: fix invalid PDI offset kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-38635 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-38635 kpatch-patch-url: https://github.com/torvalds/linux/commit/8ee1b439b1540ae543149b15a2a61b9dff937d91 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-38618-alsa-timer-set-lower-bound-of-start-tick-time.patch kpatch-description: ALSA: timer: Set lower bound of start tick time kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-38618 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-38618 kpatch-patch-url: https://github.com/torvalds/linux/commit/4a63bd179fa8d3fcc44a0d9d71d941ddd62f0c4e kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-38596-01-af_unix-Fix-data-races-around-sk-sk_shutdown.patch kpatch-description: af_unix: Fix data races around sk->sk_shutdown. kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-38596 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-38596 kpatch-patch-url: https://github.com/torvalds/linux/commit/e1d09c2c2f5793474556b60f83900e088d0d366d kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-38596-02-af_unix-Fix-data-races-around-sk-sk_shutdown.patch kpatch-description: af_unix: Fix data races around sk->sk_shutdown. kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-38596 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-38596 kpatch-patch-url: https://github.com/torvalds/linux/commit/afe8764f76346ba838d4f162883e23d2fcfaa90e kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-38596-03-af_unix-Fix-data-races-in-unix_stream_sendmsg.patch kpatch-description: af_unix: Fix data races in unix_release_sock/unix_stream_sendmsg kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-38596 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-38596 kpatch-patch-url: https://github.com/torvalds/linux/commit/540bf24fba16b88c1b3b9353927204b4f1074e25 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-39276-ext4-fix-mb-cache-entry-s-e-refcnt-leak-in-ext4-xattr-block-cache-find.patch kpatch-description: ext4: fix mb_cache_entry's e_refcnt leak in ext4_xattr_block_cache_find() kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-39276 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-39276 kpatch-patch-url: https://github.com/torvalds/linux/commit/0c0b4a49d3e7f49690a6827a41faeffad5df7e21 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-38600-alsa-fix-deadlocks-with-kctl-removals-at-disconnection.patch kpatch-description: ALSA: Fix deadlocks with kctl removals at disconnection kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-38600 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-38600 kpatch-patch-url: https://github.com/torvalds/linux/commit/87988a534d8e12f2e6fc01fe63e6c1925dc5307c kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-38629-dmaengine-idxd-Avoid-unnecessary-destruction-of-file_ida.patch kpatch-description: dmaengine: idxd: Avoid unnecessary destruction of file_ida kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-38629 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-38629 kpatch-patch-url: https://github.com/torvalds/linux/commit/76e43fa6a456787bad31b8d0daeabda27351a480 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-38388-alsa-hda-cs-dsp-ctl-use-private-free-for-control-cleanup.patch kpatch-description: ALSA: hda/cs_dsp_ctl: Use private_free for control cleanup kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-38388 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-38388 kpatch-patch-url: https://github.com/torvalds/linux/commit/172811e3a557d8681a5e2d0f871dc04a2d17eb13 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-38598-md-fix-resync-softlockup-when-bitmap-size-is-less-than-array-size.patch kpatch-description: md: fix resync softlockup when bitmap size is less than array size kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-38598 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-38598 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=f0e729af2eb6bee9eb58c4df1087f14ebaefe26b kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-42124-scsi-qedf-make-qedf-execute-tmf-non-preemptible.patch kpatch-description: scsi: qedf: Make qedf_execute_tmf() non-preemptible kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-42124 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-42124 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=0d8b637c9c5eeaa1a4e3dfb336f3ff918eb64fec kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-42101-drm-nouveau-fix-null-pointer-dereference-in-nouveau-connector-get-modes.patch kpatch-description: drm/nouveau: fix null pointer dereference in nouveau_connector_get_modes kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-42101 kpatch-cvss: 5.5 kpatch-cve-url: https://linux.oracle.com/cve/CVE-2024-42101.html kpatch-patch-url: https://github.com/oracle/linux-uek/commit/9e170d4e0426331fba6e136244deffb68f983c09 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-42084-ftruncate-pass-a-signed-offset.patch kpatch-description: ftruncate: pass a signed offset kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-42084 kpatch-cvss: 5.7 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-42084 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=4b8e88e563b5f666446d002ad0dc1e6e8e7102b0 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-42090-pinctrl-fix-deadlock-in-create-pinctrl-when-handling-eprobe-defer.patch kpatch-description: pinctrl: fix deadlock in create_pinctrl() when handling -EPROBE_DEFER kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-42090 kpatch-cvss: 4.7 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-42090 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=adec57ff8e66aee632f3dd1f93787c13d112b7a1 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-42114-wifi-cfg80211-restrict-nl80211-attr-txq-quantum-values.patch kpatch-description: wifi: cfg80211: restrict NL80211_ATTR_TXQ_QUANTUM values kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-42114 kpatch-cvss: 4.4 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-42114 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=d1cba2ea8121e7fdbe1328cea782876b1dd80993 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-42114-wifi-cfg80211-restrict-nl80211-attr-txq-quantum-values-kpatch.patch kpatch-description: wifi: cfg80211: restrict NL80211_ATTR_TXQ_QUANTUM values (Adaptation) kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-42114 kpatch-cvss: 4.4 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-42114 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=d1cba2ea8121e7fdbe1328cea782876b1dd80993 kpatch-name: skipped/CVE-2024-42125.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-42125 kpatch-skip-reason: kernel version 5.14 not affected kpatch-cvss: kpatch-name: skipped/CVE-2024-42123.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-42123 kpatch-skip-reason: kernel version 5.14 not affected kpatch-cvss: kpatch-name: skipped/CVE-2024-42078.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-42078 kpatch-skip-reason: kernel version 5.14 not affected kpatch-cvss: kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-42132-bluetooth-hci-disallow-setting-handle-bigger-than-hci-conn-handle-max.patch kpatch-description: bluetooth/hci: disallow setting handle bigger than HCI_CONN_HANDLE_MAX kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-42132 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-42132 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=1cc18c2ab2e8c54c355ea7c0423a636e415a0c23 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-42070-netfilter-nf-tables-fully-validate-nft-data-value-on-store-to-data-registers.patch kpatch-description: netfilter: nf_tables: fully validate NFT_DATA_VALUE on store to data registers kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-42070 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-42070 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=7931d32955e09d0a11b1fe0b6aac1bfa061c005c kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-27004-clk-Get-runtime-PM-before-walking-tree-during-disable_unused.patch kpatch-description: clk: Get runtime PM before walking tree during disable_unused kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-27004 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/cve-2024-27004 kpatch-patch-url: https://gitlab.com/redhat/centos-stream/src/kernel/centos-stream-9/-/commit/b4fcc898eb74b6e01a8191763e3855cd26845358 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-27004-clk-Get-runtime-PM-before-walking-tree-during-disable_unused-adapt.patch kpatch-description: clk: Get runtime PM before walking tree during disable_unused kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-27004 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/cve-2024-27004 kpatch-patch-url: https://gitlab.com/redhat/centos-stream/src/kernel/centos-stream-9/-/commit/b4fcc898eb74b6e01a8191763e3855cd26845358 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26708-mptcp-really-cope-with-fastopen-race.patch kpatch-description: mptcp: really cope with fastopen race kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26708 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26708 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=337cebbd850f94147cee05252778f8f78b8c337f kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-27003-clk-Get-runtime-PM-before-walking-tree-for-clk_summary.patch kpatch-description: Get runtime PM before walking tree for clk_summaryatch-description: kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-27003 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/cve-2024-27003 kpatch-patch-url: https://gitlab.com/redhat/centos-stream/src/kernel/centos-stream-9/-/commit/2dc64ff7510173e6992ae33c7c1518559c040a83 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-27062-nouveau-lock-the-client-object-tree.patch kpatch-description: nouveau: lock the client object tree kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-27062 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-27062 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=b7cc4ff787a572edf2c55caeffaa88cd801eb135 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-27062-nouveau-lock-the-client-object-tree-kpatch.patch kpatch-description: nouveau: lock the client object tree kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-27062 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-27062 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=b7cc4ff787a572edf2c55caeffaa88cd801eb135 kpatch-name: skipped/CVE-2024-35904.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-35904 kpatch-skip-reason: Affects only __init function for a built-in component, so patching will have no effect kpatch-cvss: kpatch-name: skipped/CVE-2024-35859.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-35859 kpatch-skip-reason: None of the kernels is affected kpatch-cvss: kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-35835-net-mlx5e-fix-a-double-free-in-arfs-create-groups.patch kpatch-description: net/mlx5e: fix a double-free in arfs_create_groups kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-35835 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-35835 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=3c6d5189246f590e4e1f167991558bdb72a4738b kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-35840-mptcp-use-option-mptcp-mpj-synack-in-subflow-finish-connect.patch kpatch-description: mptcp: use OPTION_MPTCP_MPJ_SYNACK in subflow_finish_connect() kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-35840 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-35840 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=be1d9d9d38da922bd4beeec5b6dd821ff5a1dfeb kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-35855-mlxsw-spectrum-acl-tcam-fix-possible-use-after-free-during-activity-update.patch kpatch-description: mlxsw: spectrum_acl_tcam: Fix possible use-after-free during activity update kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-35855 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-35855 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=79b5b4b18bc85b19d3a518483f9abbbe6d7b3ba4 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-35838-wifi-mac80211-fix-potential-sta-link-leak.patch kpatch-description: wifi: mac80211: fix potential sta-link leak kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-35838 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-35838 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=b01a74b3ca6fd51b62c67733ba7c3280fa6c5d26 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-35847-irqchip-gic-v3-its-prevent-double-free-on-error.patch kpatch-description: irqchip/gic-v3-its: Prevent double free on error kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-35847 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-35847 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=c26591afd33adce296c022e3480dea4282b7ef91 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-35831-io_uring-Fix-release-of-pinned-pages-when-__io_uaddr_map-fails.patch kpatch-description: io_uring: Fix release of pinned pages when __io_uaddr_map fails kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-35831 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-35831 kpatch-patch-url: https://github.com/torvalds/linux/commit/67d1189d1095d471ed7fa426c7e384a7140a5dd7 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26928-smb-client-fix-potential-UAF-in-cifs_debug_files_proc_show.patch kpatch-description: smb: client: fix potential UAF in cifs_debug_files_proc_show() kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26928 kpatch-cvss: 5.6 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26928 kpatch-patch-url: https://github.com/torvalds/linux/commit/ca545b7f0823f19db0f1148d59bc5e1a56634502 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-35861-smb-client-fix-potential-uaf-in-cifs-signal-cifsd-for-reconnect.patch kpatch-description: smb: client: fix potential UAF in cifs_signal_cifsd_for_reconnect() kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-35861 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-35861 kpatch-patch-url: https://github.com/torvalds/linux/commit/e0e50401cc3921c9eaf1b0e667db174519ea939f kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-35862-smb-client-fix-potential-uaf-in-smb2-is-network-name-deleted.patch kpatch-description: smb: client: fix potential UAF in smb2_is_network_name_deleted() kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-35862 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-35862 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=63981561ffd2d4987807df4126f96a11e18b0c1d kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-35863-smb-client-fix-potential-uaf-in-is-valid-oplock-break.patch kpatch-description: smb: client: fix potential UAF in is_valid_oplock_break() kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-35863 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-35863 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=69ccf040acddf33a3a85ec0f6b45ef84b0f7ec29 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26837-net-bridge-switchdev-Skip-MDB-replays-of-deferred-ev.patch kpatch-description: net: bridge: switchdev: Skip MDB replays of deferred events on offload kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26837 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26837 kpatch-patch-url: https://git.kernel.org/stable/c/2d5b4b3376fa146a23917b8577064906d643925f kpatch-name: skipped/CVE-2024-35942.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-35942 kpatch-skip-reason: Out of scope as the patch is for i.MX SoC kpatch-cvss: kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26892-wifi-mt76-mt7921e-fix-use-after-free-in-free-irq.patch kpatch-description: wifi: mt76: mt7921e: fix use-after-free in free_irq() kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26892 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26892 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=c957280ef6ab6bdf559a91ae693a6b34310697e3 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-39298-mm-memory-failure-fix-handling-of-dissolved-but-not-taken-off-from-buddy-pages.patch kpatch-description: mm/memory-failure: fix handling of dissolved but not taken off from buddy pages kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-39298 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-39298 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=8cf360b9d6a840700e06864236a01a883b34bbad kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-39473-asoc-sof-ipc4-topology-fix-input-format-query-of-process-modules-without-base-extension.patch kpatch-description: ASoC: SOF: ipc4-topology: Fix input format query of process modules without base extension kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-39473 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-39473 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=ffa077b2f6ad124ec3d23fbddc5e4b0ff2647af8 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-39474-mm-vmalloc-fix-vmalloc-which-may-return-null-if-called-with.patch kpatch-description: mm/vmalloc: fix vmalloc which may return null if called with kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-39474 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-39474 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=8e0545c83d672750632f46e3f9ad95c48c91a0fc kpatch-name: skipped/CVE-2024-39488.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-39488 kpatch-skip-reason: Out of scope: ARM64 architecture issue kpatch-cvss: kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-39497-drm-shmem-helper-fix-bug-on-on-mmap-prot-write-map-private.patch kpatch-description: drm/shmem-helper: Fix BUG_ON() on mmap(PROT_WRITE, MAP_PRIVATE) kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-39497 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-39497 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/patch/?id=03c71c42809ef4b17f5d874cdb2d3bf40e847b86 kpatch-name: skipped/CVE-2024-39498.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-39498 kpatch-skip-reason: Kernel is not affected. kpatch-cvss: kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-39499-vmci-prevent-speculation-leaks-by-sanitizing-event-in-event-deliver.patch kpatch-description: vmci: prevent speculation leaks by sanitizing event in event_deliver() kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-39499 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-39499 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=8003f00d895310d409b2bf9ef907c56b42a4e0f4 kpatch-name: skipped/CVE-2024-40930.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-40930 kpatch-skip-reason: Existing kernels aren't affected kpatch-cvss: kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-40967-serial-imx-Introduce-timeout-when-waiting-on-transmitter-empty.patch kpatch-description: serial: imx: Introduce timeout when waiting on transmitter empty kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-40967 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-40967 kpatch-patch-url: https://github.com/torvalds/linux/commit/e533e4c62e9993e62e947ae9bbec34e4c7ae81c2 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-40945-iommu-Return-right-value-in-iommu_sva_bind_device.patch kpatch-description: iommu: Return right value in iommu_sva_bind_device() kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-40945 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-40945 kpatch-patch-url: https://github.com/torvalds/linux/commit/89e8a2366e3bce584b6c01549d5019c5cda1205e kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-40940-net-mlx5-fix-tainted-pointer-delete-is-case-of-flow-rules-creation-fail.patch kpatch-description: net/mlx5: Fix tainted pointer delete is case of flow rules creation fail kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-40940 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-40940 kpatch-patch-url: https://github.com/torvalds/linux/commit/229bedbf62b13af5aba6525ad10b62ad38d9ccb5 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-40988-drm-radeon-fix-UBSAN-warning-in-kv_dpm-c.patch kpatch-description: drm/radeon: fix UBSAN warning in kv_dpm.c kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-40988 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-40988 kpatch-patch-url: https://github.com/torvalds/linux/commit/a498df5421fd737d11bfd152428ba6b1c8538321 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-40948-mm-page-table-check-fix-crash-on-zone-device.patch kpatch-description: mm/page_table_check: fix crash on ZONE_DEVICE kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-40948 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-40948 kpatch-patch-url: https://github.com/torvalds/linux/commit/8bb592c2eca8fd2bc06db7d80b38da18da4a2f43 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-40997-cpufreq-amd-pstate-fix-memory-leak-on-cpu-epp-exit.patch kpatch-description: cpufreq: amd-pstate: fix memory leak on CPU EPP exit kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-40997 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-40997 kpatch-patch-url: https://github.com/torvalds/linux/commit/cea04f3d9aeebda9d9c063c0dfa71e739c322c81 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-40997-cpufreq-amd-pstate-fix-memory-leak-on-cpu-epp-exit-kpatch.patch kpatch-description: cpufreq: amd-pstate: fix memory leak on CPU EPP exit kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-40997 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-40997 kpatch-patch-url: https://github.com/torvalds/linux/commit/cea04f3d9aeebda9d9c063c0dfa71e739c322c81 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-39491-alsa-hda-cs35l56-fix-lifetime-of-cs-dsp-instance.patch kpatch-description: ALSA: hda: cs35l56: Fix lifetime of cs_dsp instance kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-39491 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-39491 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/patch/?id=60d5e087e5f334475b032ad7e6ad849fb998f303 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-36939-nfs-handle-error-of-rpc-proc-register-in-init-nfs-fs.patch kpatch-description: nfs: handle error of rpc_proc_register() in init_nfs_fs() kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-36939 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-36939 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=24457f1be29f1e7042e50a7749f5c2dde8c433c8 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-36940-pinctrl-core-delete-incorrect-free-in-pinctrl_enable.patch kpatch-description: [PATCH] pinctrl: core: delete incorrect free in pinctrl_enable() kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-36940 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-36940 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=5038a66dad0199de60e5671603ea6623eb9e5c79 kpatch-name: skipped/CVE-2024-36944.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-36944 kpatch-skip-reason: Kernel is not affected kpatch-cvss: kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-36945-net-smc-fix-neighbour-and-rtable-leak-in-smc-ib-find-route.patch kpatch-description: net/smc: fix neighbour and rtable leak in smc_ib_find_route() kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-36945 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-36945 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=2ddc0dd7fec86ee53b8928a5cca5fbddd4fc7c06 kpatch-name: skipped/CVE-2024-36956.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-36956 kpatch-skip-reason: Thermal debugfs isn't present on redhat kernels. kpatch-cvss: kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-36960-drm-vmwgfx-Fix-invalid-reads-in-fence-signaled-events.patch kpatch-description: [PATCH 1/1] drm/vmwgfx: Fix invalid reads in fence signaled events kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-36960 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-36960 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=a37ef7613c00f2d72c8fc08bd83fb6cc76926c8c kpatch-name: skipped/CVE-2024-36961.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-36961 kpatch-skip-reason: Thermal debugfs isn't present on redhat kernels. kpatch-cvss: kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-36967-KEYS-trusted-Fix-memory-leak-in-tpm2_key_encode.patch kpatch-description: [PATCH] KEYS: trusted: Fix memory leak in tpm2_key_encode() kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-36967 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-36967 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=ffcaa2172cc1a85ddb8b783de96d38ca8855e248 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-36974-net-sched-taprio-always-validate-TCA_TAPRIO_ATTR_PRIOMAP.patch kpatch-description: [PATCH] net/sched: taprio: always validate TCA_TAPRIO_ATTR_PRIOMAP kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-36974 kpatch-cvss: 6.1 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-36974 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=f921a58ae20852d188f70842431ce6519c4fdc36 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-36977-usb-dwc3-wait-unconditionally-after-issuing-endxfer-command.patch kpatch-description: usb: dwc3: Wait unconditionally after issuing EndXfer command kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-36977 kpatch-cvss: 4.7 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-36977 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=1d26ba0944d398f88aaf997bda3544646cf21945 kpatch-name: skipped/CVE-2024-40907.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-40907 kpatch-skip-reason: Intoduced in the same kernel version with the fix kpatch-cvss: kpatch-name: skipped/CVE-2024-40913.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-40913 kpatch-skip-reason: Complex adaptation required kpatch-cvss: kpatch-name: skipped/CVE-2024-40925.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-40925 kpatch-skip-reason: Intoduced in the same kernel version with the fix kpatch-cvss: kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-39507-net__hns3__fix_kernel_crash_problem_in_concurrent_.patch kpatch-description: net: hns3: fix kernel crash problem in concurrent scenario kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-39507 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-39507 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=12cda920212a49fa22d9e8b9492ac4ea013310a4 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-40901-scsi__mpt3sas__Avoid_test_set_bit___operating_in_n.patch kpatch-description: scsi: mpt3sas: Avoid test/set_bit() operating in non-allocated memory kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-40901 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-40901 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=4254dfeda82f20844299dca6c38cbffcfd499f41 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-40919-bnxt_en__Adjust_logging_of_firmware_messages_in_ca.patch kpatch-description: bnxt_en: Adjust logging of firmware messages in case of released token in __hwrm_send() kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-40919 kpatch-cvss: 4.4 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-40919 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=a9b9741854a9fe9df948af49ca5514e0ed0429df kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-40922-io_uring_rsrc__don_t_lock_while__TASK_RUNNING.patch kpatch-description: io_uring/rsrc: don't lock while !TASK_RUNNING kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-40922 kpatch-cvss: 4.4 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-40922 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=54559642b96116b45e4b5ca7fd9f7835b8561272 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-40923-vmxnet3__disable_rx_data_ring_on_dma_allocation_fa.patch kpatch-description: vmxnet3: disable rx data ring on dma allocation failure kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-40923 kpatch-cvss: 4.4 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-40923 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=ffbe335b8d471f79b259e950cb20999700670456 kpatch-name: skipped/CVE-2024-41008.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-41008 kpatch-skip-reason: Complex adaptation required, low score patch for non critical subsystem amdgpu kpatch-cvss: kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-41020-filelock-fix-fcntl-close-race-recovery-compat-path.patch kpatch-description: filelock: Fix fcntl/close race recovery compat path kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-41020 kpatch-cvss: 6.7 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-41020 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=f8138f2ad2f745b9a1c696a05b749eabe44337ea kpatch-name: skipped/CVE-2024-41032.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-41032 kpatch-skip-reason: Kernel not vulnerable: blamed commit is absent kpatch-cvss: kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-41038-firmware-cs-dsp-prevent-buffer-overrun-when-processing-v2-alg-headers.patch kpatch-description: firmware: cs_dsp: Prevent buffer overrun when processing V2 alg headers kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-41038 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-41038 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=2163aff6bebbb752edf73f79700f5e2095f3559e kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-41042-netfilter-nf-tables-prefer-nft-chain-validate.patch kpatch-description: netfilter: nf_tables: prefer nft_chain_validate kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-41042 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-41042 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=cff3bd012a9512ac5ed858d38e6ed65f6391008c kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-41056-firmware-cs-dsp-use-strnlen-on-name-fields-in-v1-wmfw-files.patch kpatch-description: firmware: cs_dsp: Use strnlen() on name fields in V1 wmfw files kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-41056 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-41056 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=680e126ec0400f6daecf0510c5bb97a55779ff03 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-41060-drm-radeon-check-bo-va-bo-is-non-null-before-using-it.patch kpatch-description: drm/radeon: check bo_va->bo is non-NULL before using it kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-41060 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-41060 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=6fb15dcbcf4f212930350eaee174bb60ed40a536 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-41063-bluetooth-hci-core-cancel-all-works-upon-hci-unregister-dev.patch kpatch-description: Bluetooth: hci_core: cancel all works upon hci_unregister_dev() kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-41063 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-41063 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=0d151a103775dd9645c78c97f77d6e2a5298d913 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26838-rdma-irdma-fix-kasan-issue-with-tasklet.patch kpatch-description: RDMA/irdma: Fix KASAN issue with tasklet kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26838 kpatch-cvss: 4.4 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26838 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=bd97cea7b18a0a553773af806dfbfac27a7c4acb kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26846-nvme-fc-do-not-wait-in-vain-when-unloading-module.patch kpatch-description: nvme-fc: do not wait in vain when unloading module kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26846 kpatch-cvss: 4.4 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26846 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=70fbfc47a392b98e5f8dba70c6efc6839205c982 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26846-nvme-fc-do-not-wait-in-vain-when-unloading-module-kpatch.patch kpatch-description: nvme-fc: do not wait in vain when unloading module kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26846 kpatch-cvss: 4.4 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26846 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=70fbfc47a392b98e5f8dba70c6efc6839205c982 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26872-rdma-srpt-do-not-register-event-handler-until-srpt-device-is-fully-setup.patch kpatch-description: RDMA/srpt: Do not register event handler until srpt device is fully setup kpatch-kernel: kernel-5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26872 kpatch-cvss: 4.4 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26872 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=e362d007294955a4fb929e1c8978154a64efdcb6 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26922-drm-amdgpu-validate-the-parameters-of-bo-mapping-operations-more-clearly.patch kpatch-description: drm/amdgpu: validate the parameters of bo mapping operations more clearly kpatch-kernel: kernel-5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26922 kpatch-cvss: 4.4 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26922 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=212e3baccdb1939606420d88f7f52d346b49a284 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-27437-vfio-pci-disable-auto-enable-of-exclusive-intx-irq.patch kpatch-description: vfio/pci: Disable auto-enable of exclusive INTx IRQ kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-27437 kpatch-cvss: 4.4 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-27437 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=fe9a7082684eb059b925c535682e68c34d487d43 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26861-wireguard-receive-annotate-data-race-around-receiving-counter-counter.patch kpatch-description: wireguard: receive: annotate data-race around receiving_counter.counter kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26861 kpatch-cvss: 4.1 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26861 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=bba045dc4d996d03dce6fe45726e78a1a1f6d4c3 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-39501-drivers-core-synchronize-really-probe-and-dev-uevent.patch kpatch-description: drivers: core: synchronize really_probe() and dev_uevent() kpatch-kernel: kernel-5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-39501 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-39501 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=c0a40097f0bc81deafc15f9195d1fb54595cd6d0 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26992-KVM-x86-pmu-Disable-support-for-adaptive-PEBS.patch kpatch-description: KVM: x86/pmu: Disable support for adaptive PEBS kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26992 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26992 kpatch-patch-url: https://gitlab.com/redhat/centos-stream/src/kernel/centos-stream-9/-/commit/dcc98864e4faf282b2bd6fdf2b11a6fea6c570d8 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26992-KVM-x86-pmu-Disable-support-for-adaptive-PEBS-adapt.patch kpatch-description: KVM: x86/pmu: Disable support for adaptive PEBS kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26992 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26992 kpatch-patch-url: https://gitlab.com/redhat/centos-stream/src/kernel/centos-stream-9/-/commit/dcc98864e4faf282b2bd6fdf2b11a6fea6c570d8 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-43830-leds-trigger-Unregister-sysfs-attributes-before-calling-deactivate.patch kpatch-description: [PATCH 1/1] leds: trigger: Unregister sysfs attributes before calling kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-43830 kpatch-cvss: 6.6 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-43830 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=c0dc9adf9474ecb7106e60e5472577375aedaed3 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-43856-dma-fix-call-order-in-dmam-free-coherent.patch kpatch-description: dma: fix call order in dmam_free_coherent kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-43856 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-43856 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=28e8b7406d3a1f5329a03aa25a43aa28e087cb20 kpatch-name: skipped/CVE-2024-43865.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-43865 kpatch-skip-reason: Affects only the s390 architecture. kpatch-cvss: kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-43866-net-mlx5-always-drain-health-in-shutdown-callback.patch kpatch-description: net/mlx5: Always drain health in shutdown callback kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-43866 kpatch-cvss: 4.4 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-43866 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=1b75da22ed1e6171e261bc9265370162553d5393 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-43879-wifi-cfg80211-handle-2x996-ru-allocation-in-cfg80211-calculate-bitrate-he.patch kpatch-description: wifi: cfg80211: handle 2x996 RU allocation in cfg80211_calculate_bitrate_he() kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-43879 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-43879 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=bcbd771cd5d68c0c52567556097d75f9fc4e7cd6 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-43892-mm-memcg-minor-cleanup-for-MEM_CGROUP_ID_MAX.patch kpatch-description: [PATCH 5063/5129] mm/memcg: minor cleanup for MEM_CGROUP_ID_MAX kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-43892 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-43892 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=60b1e24ce8c3334d9204d6229356b750632136be kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-43892-memcg__protect_concurrent_access_to_mem_cgroup_idr.patch kpatch-description: [PATCH] memcg: protect concurrent access to mem_cgroup_idr kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-43892 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-43892 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=37a060b64ae83b76600d187d76591ce488ab836b kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-43911-wifi-mac80211-fix-null-dereference-at-band-check-in-starting-tx-ba-session.patch kpatch-description: wifi: mac80211: fix NULL dereference at band check in starting tx ba session kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-43911 kpatch-cvss: 5.7 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-43911 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=021d53a3d87eeb9dbba524ac515651242a2a7e3b kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-44947-fuse-initialize-beyond-eof-page-contents-before-setting-uptodate.patch kpatch-description: fuse: Initialize beyond-EOF page contents before setting uptodate kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-44947 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-44947 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=3c0da3d163eb32f1f91891efaade027fa9b245b9 kpatch-name: skipped/CVE-2024-40965.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-40965 kpatch-skip-reason: complex adaptation required for el9-arm64, el9-x86 not affected kpatch-cvss: kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2023-52749-spi-Fix-null-dereference-on-suspend.patch kpatch-description: spi: Fix null dereference on suspend kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2023-52749 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-52749 kpatch-patch-url: https://gitlab.com/redhat/centos-stream/src/kernel/centos-stream-9/-/commit/1d4e3a6f383420a71a60cfd34ba68336e5919558 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2023-52749-spi-Fix-null-dereference-on-suspend-adapt.patch kpatch-description: spi: Fix null dereference on suspend kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2023-52749 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-52749 kpatch-patch-url: https://gitlab.com/redhat/centos-stream/src/kernel/centos-stream-9/-/commit/1d4e3a6f383420a71a60cfd34ba68336e5919558 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-40966-tty-add-the-option-to-have-a-tty-reject-a-new-ldisc.patch kpatch-description: tty: add the option to have a tty reject a new ldisc kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-40966 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-40966 kpatch-patch-url: https://github.com/torvalds/linux/commit/6bd23e0c2bb6c65d4f5754d1456bc9a4427fc59b kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-40966-tty-add-the-option-to-have-a-tty-reject-a-new-ldisc-kpatch.patch kpatch-description: tty: add the option to have a tty reject a new ldisc kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-40966 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-40966 kpatch-patch-url: https://github.com/torvalds/linux/commit/6bd23e0c2bb6c65d4f5754d1456bc9a4427fc59b kpatch-name: skipped/CVE-2024-26650.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-26650 kpatch-skip-reason: Affected p2sb driver is not present in kernel v5.14.0 kpatch-cvss: kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-42141-bluetooth-iso-check-socket-flag-instead-of-hcon.patch kpatch-description: Bluetooth: ISO: Check socket flag instead of hcon kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-42141 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-42141 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=596b6f081336e77764ca35cfeab66d0fcdbe544e kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-42238-firmware-cs-dsp-return-error-if-block-header-overflows-file.patch kpatch-description: firmware: cs_dsp: Return error if block header overflows file kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-42238 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-42238 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=959fe01e85b7241e3ec305d657febbe82da16a02 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-42237-firmware-cs-dsp-validate-payload-length-before-processing-block.patch kpatch-description: firmware: cs_dsp: Validate payload length before processing block kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-42237 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-42237 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=6598afa9320b6ab13041616950ca5f8f938c0cf1 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-42245-revert-sched-fair-make-sure-to-try-to-detach-at-least-one-movable-task.patch kpatch-description: Revert "sched/fair: Make sure to try to detach at least one movable task" kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-42245 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-42245 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=2feab2492deb2f14f9675dd6388e9e2bf669c27a kpatch-name: skipped/CVE-2024-42258.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-42258 kpatch-skip-reason: Out of scope: 64-bit systems not affected. kpatch-cvss: kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-42268-net-mlx5-fix-missing-lock-on-sync-reset-reload.patch kpatch-description: net/mlx5: Fix missing lock on sync reset reload kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-42268 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-42268 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=572f9caa9e7295f8c8822e4122c7ae8f1c412ff9 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-42276-nvme-pci-add-missing-condition-check-for-existence-of-mapped-data.patch kpatch-description: nvme-pci: add missing condition check for existence of mapped data kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-42276 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-42276 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=c31fad1470389666ac7169fe43aa65bf5b7e2cfd kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-27012-restore-set-elements-when-delete-set-fails.patch kpatch-description: netfilter: nf_tables: restore set elements when delete set fails kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-27012 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-27012 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=86658fc7414d4b9e25c2699d751034537503d637 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-36006-mlxsw-spectrum-acl-tcam-fix-incorrect-list-api-usage.patch kpatch-description: mlxsw: spectrum_acl_tcam: Fix incorrect list API usage kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-36006 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-36006 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=b377add0f0117409c418ddd6504bd682ebe0bf79 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-36882-mm-use-memalloc-nofs-save-in-page-cache-ra-order.patch kpatch-description: mm: use memalloc_nofs_save() in page_cache_ra_order() kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-36882 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-36882 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=30153e4466647a17eebfced13eede5cbe4290e69 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-36015-ppdev-add-an-error-check-in-register-device.patch kpatch-description: ppdev: Add an error check in register_device kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-36015 kpatch-cvss: 5.5 kpatch-cve-url: https://ubuntu.com/security/CVE-2024-36015 kpatch-patch-url: https://git.launchpad.net/~ubuntu-kernel/ubuntu/+source/linux/+git/jammy/commit/?id=ee47778457b95fde8fd2def8cc10faed98e8eb4d kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-36884-Use-the-correct-type-in-nvidia_smmu_context_fault.patch kpatch-description: iommu/arm-smmu: Use the correct type in nvidia_smmu_context_fault() kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-36884 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-36884 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=65ade5653f5ab5a21635e51d0c65e95f490f5b6f kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-36881-mm-userfaultfd-reset-ptes-when-close-for-wr-protected-ones.patch kpatch-description: mm/userfaultfd: reset ptes when close() for wr-protected ones kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-36881 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-36881 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=c88033efe9a391e72ba6b5df4b01d6e628f4e734 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-35995-Use-access_width-over-bit_width-for-system.patch kpatch-description: ACPI: CPPC: Use access_width over bit_width for system memory accesses kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-35995 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-35995 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=2f4a4d63a193be6fd530d180bb13c3592052904c kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-35810-drm-vmwgfx-fix-the-lifetime-of-the-bo-cursor-memory.patch kpatch-description: drm/vmwgfx: Fix the lifetime of the bo cursor memory kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-35810 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-35810 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=9a9e8a7159ca09af9b1a300a6c8e8b6ff7501c76 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-35805-dm-snapshot-fix-lockup-in-dm-exception-table-exit.patch kpatch-description: dm snapshot: fix lockup in dm_exception_table_exit kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-35805 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-35805 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=6e7132ed3c07bd8a6ce3db4bb307ef2852b322dc kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-35807-ext4-fix-corruption-during-on-line-resize.patch kpatch-description: ext4: fix corruption during on-line resize kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-35807 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-35807 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=a6b3bfe176e8a5b05ec4447404e412c2a3fc92cc kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-35808-md-export-helpers-to-stop-sync_thread.patch kpatch-description: md: export helpers to stop sync_thread kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-35808 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-35808 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=7a2347e284d7ec2f0759be4db60fa7ca937284fc kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-35808-md-dm-raid-don-t-call-md-reap-sync-thread-directly.patch kpatch-description: md/dm-raid: don't call md_reap_sync_thread() directly kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-35808 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-35808 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=cd32b27a66db8776d8b8e82ec7d7dde97a8693b0 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-35809-pci-pm-drain-runtime-idle-callbacks-before-driver-removal.patch kpatch-description: PCI/PM: Drain runtime-idle callbacks before driver removal kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-35809 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-35809 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=9d5286d4e7f68beab450deddbb6a32edd5ecf4bf kpatch-name: skipped/CVE-2024-35812.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-35812 kpatch-skip-reason: Patch for this CVE has been reverted. Hence skipped kpatch-cvss: kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-35817-drm-amdgpu-amdgpu_ttm_gart_bind-set-gtt-bound-flag.patch kpatch-description: drm/amdgpu: amdgpu_ttm_gart_bind set gtt bound flag kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-35817 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-35817 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=6c6064cbe58b43533e3451ad6a8ba9736c109ac3 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-35822-usb-udc-remove-warning-when-queue-disabled-ep.patch kpatch-description: usb: udc: remove warning when queue disabled ep kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-35822 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-35822 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=2a587a035214fa1b5ef598aea0b81848c5b72e5e kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-35824-misc-lis3lv02d-i2c-fix-regulators-getting-en-dis-abled-twice-on-suspend-resume.patch kpatch-description: misc: lis3lv02d_i2c: Fix regulators getting en-/dis-abled twice on suspend/resume kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-35824 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-35824 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=ac3e0384073b2408d6cb0d972fee9fcc3776053d kpatch-name: skipped/CVE-2024-45005.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-45005 kpatch-skip-reason: s390 arch not supported. kpatch-cvss: kpatch-name: skipped/CVE-2024-44984.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-44984 kpatch-skip-reason: Existing kernels aren't affected kpatch-cvss: kpatch-name: skipped/CVE-2020-10135.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2020-10135 kpatch-skip-reason: Already fixed in the existing el9 kernels. kpatch-cvss: kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-44960-usb-gadget-core-Check-for-unset-descriptor.patch kpatch-description: tusb: gadget: core: Check for unset descriptor kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-44960 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-44960 kpatch-patch-url: https://github.com/torvalds/linux/commit/973a57891608a98e894db2887f278777f564de18 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26862-packet-annotate-data-races-around-ignore_outgoing.patch kpatch-description: packet: annotate data-races around ignore_outgoing kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26862 kpatch-cvss: 4.7 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26862 kpatch-patch-url: https://github.com/torvalds/linux/commit/6ebfad33161afacb3e1e59ed1c2feefef70f9f97 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-44965-x86-mm-Fix-pti_clone_pgtable-alignment-assumption.patch kpatch-description: x86/mm: Fix pti_clone_pgtable() alignment assumption kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-44965 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-44965 kpatch-patch-url: https://github.com/torvalds/linux/commit/41e71dbb0e0a0fe214545fe64af031303a08524c kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26835-netfilter-nf_tables-set-dormant-flag-on-hook-register-failure.patch kpatch-description: netfilter: nf_tables: set dormant flag on hook register failure kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26835 kpatch-cvss: 4.7 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26835 kpatch-patch-url: https://github.com/torvalds/linux/commit/bccebf64701735533c8db37773eeacc6566cc8ec kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-44970-net-mlx5e-SHAMPO-Fix-invalid-WQ-linked-list-unlink.patch kpatch-description: net/mlx5e: SHAMPO, Fix invalid WQ linked list unlink kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-44970 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-44970 kpatch-patch-url: https://github.com/torvalds/linux/commit/fba8334721e266f92079632598e46e5f89082f30 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2023-52615-hwrng-core-fix-page-fault-dead-lock-on-mmap-ed-hwrng.patch kpatch-description: hwrng: core - Fix page fault dead lock on mmap-ed hwrng kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2023-52615 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-52615 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=78aafb3884f6bc6636efcc1760c891c8500b9922 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2023-52621-bpf-check-rcu-read-lock-trace-held-before-calling-bpf-map-helpers.patch kpatch-description: bpf: Check rcu_read_lock_trace_held() before calling bpf map helpers kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2023-52621 kpatch-cvss: 4.4 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-52621 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=169410eba271afc9f0fb476d996795aa26770c6d kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2023-52643-iio-core-fix-memleak-in-iio-device-register-sysfs.patch kpatch-description: iio: core: fix memleak in iio_device_register_sysfs kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2023-52643 kpatch-cvss: 4.4 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-52643 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=95a0d596bbd0552a78e13ced43f2be1038883c81 kpatch-name: skipped/CVE-2024-26638.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-26638 kpatch-skip-reason: nbd: Low-score CVE. Patched function is called from a kthread and sleeps, which may prevent patching/unpatching. kpatch-cvss: kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26645-tracing-ensure-visibility-when-inserting-an-element-into-tracing-map.patch kpatch-description: tracing: Ensure visibility when inserting an element into tracing_map kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26645 kpatch-cvss: 4.4 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26645 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=2b44760609e9eaafc9d234a6883d042fc21132a7 kpatch-name: skipped/CVE-2024-26646.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-26646 kpatch-skip-reason: Affects only boot __init stage, already booted kernels are not affected kpatch-cvss: kpatch-name: skipped/CVE-2024-26746.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-26746 kpatch-skip-reason: Kernel not vulnerable. kpatch-cvss: kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-27011-netfilter-nf-tables-fix-memleak-in-map-from-abort-path.patch kpatch-description: netfilter: nf_tables: fix memleak in map from abort path kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-27011 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-27011 kpatch-patch-url: https://github.com/torvalds/linux/commit/86a1471d7cde792941109b93b558b5dc078b9ee9 kpatch-name: skipped/CVE-2024-39503.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-39503 kpatch-skip-reason: commit that introduces CVE is not present kpatch-cvss: kpatch-name: skipped/CVE-2023-52624.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2023-52624 kpatch-skip-reason: older kernels do not have support for DisplayCoreNext 3.5 kpatch-cvss: kpatch-name: skipped/CVE-2023-52625.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2023-52625 kpatch-skip-reason: older kernels do not have support for DisplayCoreNext 3.5 kpatch-cvss: kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-35924-usb-typec-ucsi-limit-read-size-on-v1-2.patch kpatch-description: usb: typec: ucsi: Limit read size on v1.2 kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-35924 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-35924 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=b3db266fb031fba88c423d4bb8983a73a3db6527 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-35925-block-prevent-division-by-zero-in-blk_rq_stat_sum.patch kpatch-description: block: prevent division by zero in blk_rq_stat_sum() kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-35925 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-35925 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=93f52fbeaf4b676b21acfe42a5152620e6770d02 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-35927-drm-Check-output-polling-initialized-before-disabling.patch kpatch-description: drm: Check output polling initialized before disabling kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-35927 kpatch-cvss: 5.5 kpatch-cve-url: https://ubuntu.com/security/CVE-2024-35927 kpatch-patch-url: https://git.kernel.org/linus/5abffb66d12bcac84bf7b66389c571b8bb6e82bd kpatch-name: skipped/CVE-2024-35928.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-35928 kpatch-skip-reason: The patch was later reverted in eb4f139888f6 kpatch-cvss: kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-35930-scsi-lpfc-Fix-possible-memory-leak-in-lpfc_rcv_padis.patch kpatch-description: scsi: lpfc: Fix possible memory leak in lpfc_rcv_padisc() kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-35930 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-35930 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=2ae917d4bcab80ab304b774d492e2fcd6c52c06b kpatch-name: skipped/CVE-2024-35938.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-35938 kpatch-skip-reason: wifi:ath11k, low score CVE that needs complex adaptation but decreasing MHI Bus' buf-len isn't a typical security fix. kpatch-cvss: kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-35939-dma-direct-leak-pages-on-dma-set-decrypted-failure.patch kpatch-description: dma-direct: Leak pages on dma_set_decrypted() failure kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-35939 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-35939 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=b9fa16949d18e06bdf728a560f5c8af56d2bdcaf kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-35944-vmci-use-struct-size-in-kmalloc.patch kpatch-description: VMCI: Use struct_size() in kmalloc() kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-35944 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-35944 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=e03d4910e6e45cb49f630258e870b08f2ee34e7a kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-35944-vmci-fix-memcpy-run-time-warning-in-dg-dispatch-as-host.patch kpatch-description: VMCI: Fix memcpy() run-time warning in dg_dispatch_as_host() kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-35944 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-35944 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=19b070fefd0d024af3daa7329cbc0d00de5302ec kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-35944-vmci-fix-possible-memcpy-run-time-warning-in-vmci-datagram-invoke-guest-handler.patch kpatch-description: VMCI: Fix possible memcpy() run-time warning in vmci_datagram_invoke_guest_handler() kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-35944 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-35944 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=19b070fefd0d024af3daa7329cbc0d00de5302ec kpatch-name: skipped/CVE-2024-26962.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-26962 kpatch-skip-reason: None of the existing kernels is affected kpatch-cvss: kpatch-name: skipped/CVE-2024-41007.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-41007 kpatch-skip-reason: Low-score CVE which might introduce problems in net subsystem kpatch-cvss: kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-41001-io_uring-sqpoll-work-around-a-potential-audit-memory-kpatch.patch kpatch-description: io_uring/sqpoll: work around a potential audit memory leak kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-41001 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-41001 kpatch-patch-url: https://github.com/torvalds/linux/commit/c4ce0ab27646f420 kpatch-name: skipped/CVE-2024-26812.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-26812 kpatch-skip-reason: Complex adaptation required, not worth the effort for 4.4 score CVE kpatch-cvss: kpatch-name: skipped/CVE-2024-41065.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-41065 kpatch-skip-reason: CVE patch is for powerpc arch only kpatch-cvss: kpatch-name: skipped/CVE-2024-41084.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-41084 kpatch-skip-reason: None of our RHEL9 kernels are affected by the bug kpatch-cvss: kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-41079-nvmet-always-initialize-cqe-result.patch kpatch-description: nvmet: always initialize cqe.result kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-41079 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-41079 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=cd0c1b8e045a8d2785342b385cb2684d9b48e426 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-41089-drm-nouveau-dispnv04-fix-null-pointer-dereference-in.patch kpatch-description: drm/nouveau/dispnv04: fix null pointer dereference in nv17_tv_get_hd_modes kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-41089 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-41089 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=6d411c8ccc kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-41095-drm-nouveau-dispnv04-fix-null-pointer-dereference.patch kpatch-description: drm/nouveau/dispnv04: fix null pointer dereference in nv17_tv_get_ld_modes kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-41095 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-41095 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=66edf3fb331 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-41077-null-blk-fix-validation-of-block-size.patch kpatch-description: null_blk: fix validation of block size kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-41077 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-41077 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=c462ecd659b5fce731f1d592285832fd6ad54053 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-41085-cxl-mem-fix-no-cxl-nvd-during-pmem-region-auto-assembling.patch kpatch-description: cxl/mem: Fix no cxl_nvd during pmem region auto-assembling kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-41085 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-41085 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=84ec985944ef34a34a1605b93ce401aa8737af96 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-41082-nvme-fabrics-use-reserved-tag-for-reg-read-write-command.patch kpatch-description: nvme-fabrics: use reserved tag for reg read/write command kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-41082 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-41082 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=7dc3bfcb4c9cc58970fff6aaa48172cb224d85aa kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-41094-drm-fbdev-dma-Only-set-smem_start-is-enable-per-module.patch kpatch-description: drm/fbdev-dma: Only set smem_start is enable per module option kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-41094 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-41094 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=d92a7580392a kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-41093-drm-amdgpu-avoid-using-null-object-of-framebuffer.patch kpatch-description: drm/amdgpu: avoid using null object of framebuffer kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-41093 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-41093 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=bcfa48ff785bd kpatch-name: skipped/CVE-2024-42226.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-42226 kpatch-skip-reason: Patch introduced regression and was reverted later. kpatch-cvss: kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2021-47185-tty-tty_buffer-Fix-the-softlockup-issue-in-flush_to_ldisc.patch kpatch-description: tty: tty_buffer: Fix the softlockup issue in flush_to_ldisc kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2021-47185 kpatch-cvss: 4.4 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2021-47185 kpatch-patch-url: https://gitlab.com/redhat/centos-stream/src/kernel/centos-stream-9/-/commit/9c76cbe7cde247be1f3258b807eab76ca69ba217 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2023-52477-usb-hub-Guard-against-accesses-to-uninitialized-BOS-descriptors.patch kpatch-description: usb: hub: Guard against accesses to uninitialized BOS descriptors kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2023-52477 kpatch-cvss: 4.4 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-52477 kpatch-patch-url: https://gitlab.com/redhat/centos-stream/src/kernel/centos-stream-9/-/commit/07563984720979c6e6a94ae06c00af2766e1fd11 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2023-52492-dmaengine-fix-NULL-pointer-in-channel-unregistration-function.patch kpatch-description: dmaengine: fix NULL pointer in channel unregistration function kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2023-52492 kpatch-cvss: 4.4 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-52492 kpatch-patch-url: https://gitlab.com/redhat/centos-stream/src/kernel/centos-stream-9/-/commit/d6f49707be942ea97ed52ed5b941b8ba6b7a2f0b kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2023-52498-async-Split-async_schedule_node_domain.patch kpatch-description: PM: sleep: Fix possible deadlocks in core system-wide PM code kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2023-52498 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-52498 kpatch-patch-url: https://gitlab.com/redhat/centos-stream/src/kernel/centos-stream-9/-/commit/a32b93bf0a723d8e73f43c1aca257e1588551a86 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2023-52498-async-Introduce-async_schedule_dev_nocall.patch kpatch-description: PM: sleep: Fix possible deadlocks in core system-wide PM code kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2023-52498 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-52498 kpatch-patch-url: https://gitlab.com/redhat/centos-stream/src/kernel/centos-stream-9/-/commit/a32b93bf0a723d8e73f43c1aca257e1588551a86 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2023-52498-PM-sleep-Fix-possible-deadlocks-in-core-system-wide-PM-code.patch kpatch-description: PM: sleep: Fix possible deadlocks in core system-wide PM code kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2023-52498 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-52498 kpatch-patch-url: https://gitlab.com/redhat/centos-stream/src/kernel/centos-stream-9/-/commit/a32b93bf0a723d8e73f43c1aca257e1588551a86 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2023-52513-RDMA-siw-Fix-connection-failure-handling.patch kpatch-description: RDMA/siw: Fix connection failure handling kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2023-52513 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-52513 kpatch-patch-url: https://gitlab.com/redhat/centos-stream/src/kernel/centos-stream-9/-/commit/7608c307a993bfd11cebc76c393ec1ec6965c7f5 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2023-52528-net-usb-smsc75xx-Fix-uninit-value-access-in-__smsc75xx_read_reg.patch kpatch-description: net: usb: smsc75xx: Fix uninit-value access in __smsc75xx_read_reg kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2023-52528 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-52528 kpatch-patch-url: https://gitlab.com/redhat/centos-stream/src/kernel/centos-stream-9/-/commit/2c893a88a6ab05e7aad61f8563acbeb18d801e59 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2023-52594-wifi-ath9k-Fix-potential-array-index-out-of-bounds-read-in-ath9k_htc_txstatus.patch kpatch-description: wifi: ath9k: Fix potential array-index-out-of-bounds read in ath9k_htc_txstatus() kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2023-52594 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-52594 kpatch-patch-url: https://gitlab.com/redhat/centos-stream/src/kernel/centos-stream-9/-/commit/f0a0cfd22759ea8c37a318561ada94000b85cc1a kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2023-52595-wifi-rt2x00-restart-beacon-queue-when-hardware-reset.patch kpatch-description: wifi: rt2x00: restart beacon queue when hardware reset kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2023-52595 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-52595 kpatch-patch-url: https://gitlab.com/redhat/centos-stream/src/kernel/centos-stream-9/-/commit/01d249eea31868b510e548a7c2f2747b80cdcf83 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2023-52614-PM-devfreq-Fix-buffer-overflow-in-trans_stat_show.patch kpatch-description: PM / devfreq: Fix buffer overflow in trans_stat_show kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2023-52614 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-52614 kpatch-patch-url: https://gitlab.com/redhat/centos-stream/src/kernel/centos-stream-9/-/commit/009f3aca851dcab5ae2502f03902cf27592498c8 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-35827-io_uring-net-fix-overflow-check-in-io_recvmsg_mshot_prep.patch kpatch-description: io_uring/net: fix overflow check in io_recvmsg_mshot_prep() kpatch-kernel: 5.14.0-427.42.1.el9_4 kpatch-cve: CVE-2024-35827 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-35827 kpatch-patch-url: https://gitlab.com/redhat/centos-stream/src/kernel/centos-stream-9/-/commit/7ba923ccba4030f236a5349983388d9944e9adf4 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-27010-net-sched-Fix-mirred-deadlock-on-device-recursion.patch kpatch-description: net/sched: Fix mirred deadlock on device recursion kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-27010 kpatch-cvss: 5.5 kpatch-cve-url: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2024-27010 kpatch-patch-url: https://gitlab.com/redhat/centos-stream/src/kernel/centos-stream-9/-/commit/c3c09e38bc617fa918353f8c98c2adafde92d74d kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-27010-net-sched-Fix-mirred-deadlock-on-device-recursion-kpatch.patch kpatch-description: net/sched: Fix mirred deadlock on device recursion kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-27010 kpatch-cvss: 5.5 kpatch-cve-url: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2024-27010 kpatch-patch-url: https://gitlab.com/redhat/centos-stream/src/kernel/centos-stream-9/-/commit/c3c09e38bc617fa918353f8c98c2adafde92d74d kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-27014-net-mlx5e-Prevent-deadlock-while-disabling-aRFS.patch kpatch-description: net/mlx5e: Prevent deadlock while disabling aRFS kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-27014 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-27014 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/patch/?id=fef965764cf562f28afb997b626fc7c3cec99693 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-27014-net-mlx5e-Prevent-deadlock-while-disabling-aRFS-kpatch.patch kpatch-description: net/mlx5e: Prevent deadlock while disabling aRFS kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-27014 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-27014 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/patch/?id=fef965764cf562f28afb997b626fc7c3cec99693 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-35931-drm-amdgpu-Add-hive-ras-recovery-check.patch kpatch-description: drm/amdgpu : Add hive ras recovery check kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-35931 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-35931 kpatch-patch-url: https://git.kernel.org/linus/53dd920c1f471a5763c660a7b94fe0aaf746d357 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-35931-drm-amdgpu-Add-hive-ras-recovery-check-kpatch.patch kpatch-description: drm/amdgpu : Add hive ras recovery check kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-35931 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-35931 kpatch-patch-url: https://git.kernel.org/linus/53dd920c1f471a5763c660a7b94fe0aaf746d357 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-35931-drm-amdgpu-Skip-do-PCI-error-slot-reset-during-RAS-recovery.patch kpatch-description: drm/amdgpu: Skip do PCI error slot reset during RAS recovery kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-35931 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-35931 kpatch-patch-url: https://git.kernel.org/linus/601429cca96b4af3be44172c3b64e4228515dbe1 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-27017-netfilter-nft-set-pipapo-walk-over-current-view-on-netlink-dump.patch kpatch-description: netfilter: nft_set_pipapo: walk over current view on netlink dump kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-27017 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-27017 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=29b359cf6d95fd60730533f7f10464e95bd17c73 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-27017-netfilter-nf_tables-missing-iterator-type-in-lookup-walk.patch kpatch-description: nf_tables: missing iterator type in lookup walk kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-27017 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-27017 kpatch-patch-url: https://gitlab.com/redhat/centos-stream/src/kernel/centos-stream-9/-/commit/09cc2ea43e7650ba90980dd4b92bec858130fcbd kpatch-name: skipped/CVE-2024-26605.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-26605 kpatch-skip-reason: Out of scope: not affected kpatch-cvss: kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-39508-io_uring-io-wq-Use-set_bit-and-test_bit-at-worker-flags.patch kpatch-description: io_uring/io-wq: Use set_bit() and test_bit() at worker->flags kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-39508 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-39508 kpatch-patch-url: https://web.git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=1cbb0affb15470a9621267fe0a8568007553a4bf kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-40924-drm-i915-dpt-Make-DPT-object-unshrinkable.patch kpatch-description: drm/i915/dpt: Make DPT object unshrinkable kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-40924 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-40924 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=327280149066f0e5f2e50356b5823f76dabfe86e kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-35979-raid1-fix-use-after-free-for-original-bio-in-raid1_write_request.patch kpatch-description: raid1: fix use-after-free for original bio in raid1_write_request() kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-35979 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/cve-2024-35979 kpatch-patch-url: https://gitlab.com/redhat/centos-stream/src/kernel/centos-stream-9/-/commit/0bc0ab758d44c21089633662acf877d683dff59a kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2023-52622-ext4-avoid-online-resizing-failures-due-to-oversized-flex-bg.patch kpatch-description: ext4: avoid online resizing failures due to oversized flex bg kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2023-52622 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-52622 kpatch-patch-url: https://github.com/torvalds/linux/commit/5d1935ac02ca5aee364a449a35e2977ea84509b0 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2023-52622-ext4-avoid-online-resizing-failures-due-to-oversized-flex-bg-kpatch.patch kpatch-description: ext4: avoid online resizing failures due to oversized flex bg kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2023-52622 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-52622 kpatch-patch-url: https://github.com/torvalds/linux/commit/5d1935ac02ca5aee364a449a35e2977ea84509b0 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2023-52656-io_uring-unix-drop-usage-of-io_uring-socket.patch kpatch-description: io_uring/unix: drop usage of io_uring socket kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2023-52656 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-52656 kpatch-patch-url: https://github.com/torvalds/linux/commit/a4104821ad651d8a0b374f0b2474c345bbb42f82 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2023-52656-io_uring-unix-drop-usage-of-io_uring-socket-kpatch.patch kpatch-description: io_uring/unix: drop usage of io_uring socket kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2023-52656 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-52656 kpatch-patch-url: https://github.com/torvalds/linux/commit/a4104821ad651d8a0b374f0b2474c345bbb42f82 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2023-52656-io_uring-drop-any-code-related-to-SCM_RIGHTS.patch kpatch-description: io_uring: drop any code related to SCM_RIGHTS kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2023-52656 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-52656 kpatch-patch-url: https://github.com/torvalds/linux/commit/6e5e6d274956305f1fc0340522b38f5f5be74bdb kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2023-52656-io_uring-drop-any-code-related-to-SCM_RIGHTS-kpatch.patch kpatch-description: io_uring: drop any code related to SCM_RIGHTS kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2023-52656 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-52656 kpatch-patch-url: https://github.com/torvalds/linux/commit/6e5e6d274956305f1fc0340522b38f5f5be74bdb kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-36010-igb-fix-string-truncation-warnings-in-igb_set_fw_version.patch kpatch-description: igb: Fix string truncation warnings in igb_set_fw_version kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-36010 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-36010 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=c56d055893cbe97848611855d1c97d0ab171eccc kpatch-name: skipped/CVE-2021-47505.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2021-47505 kpatch-skip-reason: A complex adaptation is needed which is not possible to implement safely. Only Android OS is affected. Low score CVE. kpatch-cvss: kpatch-name: skipped/CVE-2024-35880.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-35880 kpatch-skip-reason: Complex adaptation required. kpatch-cvss: kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-36022-drm-amdgpu-Init-zone-device-and-drm-client-after-mode-1-reset-on-reload.patch kpatch-description: drm/amdgpu: Init zone device and drm client after mode-1 reset on reload kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-36022 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-36022 kpatch-patch-url: https://github.com/torvalds/linux/commit/f679fd6057fbf5ab34aaee28d58b7f81af0cbf48 kpatch-name: skipped/CVE-2024-36028.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-36028 kpatch-skip-reason: Existing kernels aren't affected kpatch-cvss: kpatch-name: skipped/CVE-2024-36885.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-36885 kpatch-skip-reason: This CVE has been rejected upstream kpatch-cvss: kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-35843-iommu-vt-d-Use-device-rbtree-in-iopf-reporting-path-kpatch.patch kpatch-description: [PATCH] iommu/vt-d: Use device rbtree in iopf reporting path kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-35843 kpatch-cvss: 6.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-35843 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=def054b01a867822254e1dda13d587f5c7a99e2a kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2023-52637-can-j1939-fix-uaf-in-j1939-sk-match-filter-during-setsockopt-so-j1939-filter.patch kpatch-description: can: j1939: Fix UAF in j1939_sk_match_filter during setsockopt(SO_J1939_FILTER) kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2023-52637 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-52637 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=efe7cf828039aedb297c1f9920b638fffee6aabc kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2023-52637-can-j1939-fix-uaf-in-j1939-sk-match-filter-during-setsockopt-so-j1939-filter-kpatch.patch kpatch-description: can: j1939: Fix UAF in j1939_sk_match_filter during setsockopt(SO_J1939_FILTER) (kpatch) kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2023-52637 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-52637 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=efe7cf828039aedb297c1f9920b638fffee6aabc kpatch-name: skipped/CVE-2024-43870.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-43870 kpatch-skip-reason: The patch for CVE-2025-37747 reverts the patch for this CVE. kpatch-cvss: kpatch-name: skipped/CVE-2024-43869.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-43869 kpatch-skip-reason: The patch for CVE-2025-37747 reverts the patch for this CVE. kpatch-cvss: kpatch-name: skipped/CVE-2024-26670.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-26670 kpatch-skip-reason: Out of scope - affects 'smartphones' SoCs based on Cortex-A510 and Cortex-A520 kpatch-cvss: kpatch-name: skipped/CVE-2024-26734.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-26734 kpatch-skip-reason: Affects only boot __init stage, already booted kernels are not affected kpatch-cvss: kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-35991-dmaengine-idxd-convert-spinlock-to-mutex-to-lock-evl-workqueue-kpatch.patch kpatch-description: dmaengine: idxd: Convert spinlock to mutex to lock evl workqueue kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-35991 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-35991 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=d5638de827cff0fce77007e426ec0ffdedf68a44 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2023-52935-mm-khugepaged-fix-anon_vma-race.patch kpatch-description: mm/khugepaged: fix ->anon_vma race kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2023-52935 kpatch-cvss: 7.0 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-52935 kpatch-patch-url: https://github.com/oracle/linux-uek/commit/023f47a8250c6bdb4aebe744db4bf7f73414028b kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2023-52932-mm-swapfile-add-cond-resched-in-get-swap-pages.patch kpatch-description: mm/swapfile: add cond_resched() in get_swap_pages() kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2023-52932 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-52932 kpatch-patch-url: https://gerrit.kernelcare.com/plugins/gitiles/redhat-kernel/+/7d7029953ee667efa52fae07640ed0381d0b35c5 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2022-49267-mmc-core-use-sysfs-emit-instead-of-sprintf.patch kpatch-description: mmc: core: use sysfs_emit() instead of sprintf() kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2022-49267 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2022-49267 kpatch-patch-url: https://gerrit.kernelcare.com/plugins/gitiles/redhat-kernel/+/9d0581c93de14578bf0e332179349ca61551f311 kpatch-name: skipped/CVE-2022-49329.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2022-49329 kpatch-skip-reason: Out of scope: not affected kpatch-cvss: kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2022-49549-x86-mce-amd-fix-memory-leak-when-threshold-create-bank-fails.patch kpatch-description: x86/MCE/AMD: Fix memory leak when threshold_create_bank() fails kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2022-49549 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2022-49549 kpatch-patch-url: https://gerrit.kernelcare.com/plugins/gitiles/redhat-kernel/+/ce257e2fbe4d3e34dbef3b96694bf6e53c389a4f kpatch-name: skipped/CVE-2024-36928.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-36928 kpatch-skip-reason: s390: arch is not supported kpatch-cvss: kpatch-name: skipped/CVE-2022-49078.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2022-49078 kpatch-skip-reason: Out of scope: not affected kpatch-cvss: kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26719-nouveau-offload-fence-uevents-work-to-workqueue.patch kpatch-description: nouveau: offload fence uevents work to workqueue kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26719 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26719 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=39126abc5e20611579602f03b66627d7cd1422f0 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26719-nouveau-offload-fence-uevents-work-to-workqueue-kpatch.patch kpatch-description: nouveau: offload fence uevents work to workqueue kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26719 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26719 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=39126abc5e20611579602f03b66627d7cd1422f0 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2022-49124-x86-mce-Work-around-an-erratum-on-fast-string-copy-i-kpatch.patch kpatch-description: x86/mce: Work around an erratum on fast string copy instructions kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2022-49124 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/cve-2022-49124 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=ba37c73be3d5632f6fb9fa20b250ce45560ca85d kpatch-name: rhel9/5.14.0-503.14.1.el9_5/CVE-2024-42283-net-nexthop-initialize-all-fields-in-dumped-nexthops.patch kpatch-description: net: nexthop: Initialize all fields in dumped nexthops kpatch-kernel: 5.14.0-503.14.1.el9_5 kpatch-cve: CVE-2024-42283 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-42283 kpatch-patch-url: https://gitlab.com/redhat/centos-stream/src/kernel/centos-stream-9/-/commit/120bff1e127f6ec2b4a725bf22d76fbaed8bf559 kpatch-name: rhel9/5.14.0-503.14.1.el9_5/CVE-2024-46858-mptcp-pm-fix-uaf-in-timer-delete-sync.patch kpatch-description: mptcp: pm: Fix uaf in __timer_delete_sync kpatch-kernel: 5.14.0-503.14.1.el9_5 kpatch-cve: CVE-2024-46858 kpatch-cvss: 7.0 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-46858 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/patch/?id=3554482f4691571fc4b5490c17ae26896e62171c kpatch-name: rhel9/5.14.0-503.15.1.el9_5/CVE-2024-41009-bpf-fix-overrunning-reservations-in-ringbuf.patch kpatch-description: bpf: Fix overrunning reservations in ringbuf kpatch-kernel: 5.14.0-503.15.1.el9_5 kpatch-cve: CVE-2024-41009 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-41009 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=cfa1a2329a691ffd991fcf7248a57d752e712881 kpatch-name: rhel9/5.14.0-503.15.1.el9_5/CVE-2024-41009-bpf-fix-overrunning-reservations-in-ringbuf-kpatch.patch kpatch-description: bpf: Fix overrunning reservations in ringbuf kpatch-kernel: 5.14.0-503.15.1.el9_5 kpatch-cve: CVE-2024-41009 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-41009 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=cfa1a2329a691ffd991fcf7248a57d752e712881 kpatch-name: rhel9/5.14.0-503.15.1.el9_5/CVE-2024-42244-USB-serial-mos7840-fix-crash-on-resume.patch kpatch-description: USB: serial: mos7840: fix crash on resume kpatch-kernel: 5.14.0-503.15.1.el9_5 kpatch-cve: CVE-2024-42244 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-42244 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=b14aa5673e0a8077ff4b74f0bb260735e7d5e6a4 kpatch-name: rhel9/5.14.0-503.15.1.el9_5/CVE-2024-42244-USB-serial-mos7840-fix-crash-on-resume-kpatch.patch kpatch-description: USB: serial: mos7840: fix crash on resume kpatch-kernel: 5.14.0-503.15.1.el9_5 kpatch-cve: CVE-2024-42244 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-42244 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=b14aa5673e0a8077ff4b74f0bb260735e7d5e6a4 kpatch-name: rhel9/5.14.0-503.15.1.el9_5/CVE-2024-50226-cxl-port-fix-use-after-free-permit-out-of-order-decoder-shutdown-427.patch kpatch-description: cxl/port: Fix use-after-free, permit out-of-order decoder shutdown kpatch-kernel: 5.14.0-503.15.1.el9_5 kpatch-cve: CVE-2024-50226 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-50226 kpatch-patch-url: https://github.com/torvalds/linux/commit/101c268bd2f37e965a5468353e62d154db38838e kpatch-name: rhel9/5.14.0-503.16.1.el9_5/CVE-2024-50251-netfilter-nft_payload-sanitize-offset-and-length-before-calling-skb_checksum.patch kpatch-description: netfilter: nft_payload: sanitize offset and length before calling skb_checksum() kpatch-kernel: 5.14.0-503.16.1.el9_5 kpatch-cve: CVE-2024-50251 kpatch-cvss: 6.2 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-50251 kpatch-patch-url: https://git.kernel.org/linus/d5953d680f7e96208c29ce4139a0e38de87a57fe kpatch-name: rhel9/5.14.0-503.16.1.el9_5/CVE-2024-26615-net-smc-fix-illegal-rmb-desc-access-in-smc-d-connection-dump.patch kpatch-description: net/smc: fix illegal rmb_desc access in SMC-D connection dump kpatch-kernel: 5.14.0-503.16.1.el9_5 kpatch-cve: CVE-2024-26615 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26615 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=dbc153fd3c142909e564bb256da087e13fbf239c kpatch-name: rhel9/5.14.0-503.16.1.el9_5/CVE-2024-43854-block-initialize-integrity-buffer-to-zero-before-writing-it-to-media-427.42.1.patch kpatch-description: block: initialize integrity buffer to zero before writing it to media kpatch-kernel: 5.14.0-503.16.1.el9_5 kpatch-cve: CVE-2024-43854 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-43854 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=899ee2c3829c5ac14bfc7d3c4a5846c0b709b78f kpatch-name: rhel9/5.14.0-503.16.1.el9_5/CVE-2024-46695-selinux-smack-don-t-bypass-permissions-check-in-inode-setsecctx-hook.patch kpatch-description: selinux,smack: don't bypass permissions check in inode_setsecctx hook kpatch-kernel: 5.14.0-503.16.1.el9_5 kpatch-cve: CVE-2024-46695 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-46695 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=eebec98791d0137e455cc006411bb92a54250924 kpatch-name: rhel9/5.14.0-503.16.1.el9_5/CVE-2024-49949-net-avoid-potential-underflow-in-qdisc_pkt_len_init-with-UFO.patch kpatch-description: net: avoid potential underflow in qdisc_pkt_len_init() with UFO kpatch-kernel: 5.14.0-503.16.1.el9_5 kpatch-cve: CVE-2024-49949 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-49949 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=c20029db28399ecc50e556964eaba75c43b1e2f1 kpatch-name: rhel9/5.14.0-503.19.1.el9_5/CVE-2024-27399-bluetooth-l2cap-fix-null-ptr-deref-in-l2cap-chan-timeout.patch kpatch-description: Bluetooth: l2cap: fix null-ptr-deref in l2cap_chan_timeout kpatch-kernel: 5.14.0-503.19.1.el9_5 kpatch-cve: CVE-2024-27399 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-27399 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=adf0398cee86643b8eacde95f17d073d022f782c kpatch-name: rhel9/5.14.0-503.19.1.el9_5/CVE-2024-38564-bpf-add-bpf-prog-type-cgroup-skb-attach-type-enforcement-in-bpf-link-create.patch kpatch-description: bpf: Add BPF_PROG_TYPE_CGROUP_SKB attach type enforcement in BPF_LINK_CREATE kpatch-kernel: 5.14.0-503.19.1.el9_5 kpatch-cve: CVE-2024-38564 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-38564 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=543576ec15b17c0c93301ac8297333c7b6e84ac7 kpatch-name: rhel9/5.14.0-503.19.1.el9_5/CVE-2024-47675-bpf-fix-use-after-free-in-bpf-uprobe-multi-link-attach-5.14.0-427.42.1.el9_4.patch kpatch-description: bpf: Fix use-after-free in bpf_uprobe_multi_link_attach() kpatch-kernel: 5.14.0-503.19.1.el9_5 kpatch-cve: CVE-2024-47675 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-47675 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=5fe6e308abaea082c20fbf2aa5df8e14495622cf kpatch-name: rhel9/5.14.0-503.19.1.el9_5/CVE-2024-50099-arm64-probes-remove-broken-ldr-literal-uprobe-support.patch kpatch-description: arm64: probes: Remove broken LDR (literal) uprobe support kpatch-kernel: 5.14.0-503.19.1.el9_5 kpatch-cve: CVE-2024-50099 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-50099 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=acc450aa07099d071b18174c22a1119c57da8227 kpatch-name: rhel9/5.14.0-503.19.1.el9_5/CVE-2024-50262-bpf-fix-out-of-bounds-write-in-trie-get-next-key.patch kpatch-description: bpf: Fix out-of-bounds write in trie_get_next_key() kpatch-kernel: 5.14.0-503.19.1.el9_5 kpatch-cve: CVE-2024-50262 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-50262 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=13400ac8fb80c57c2bfb12ebd35ee121ce9b4d21 kpatch-name: rhel9/5.14.0-503.19.1.el9_5/CVE-2024-50115-KVM-nSVM-Ignore-nCR3-4-0-when-loading-PDPTEs-from-memory.patch kpatch-description: KVM: nSVM: Ignore nCR3[4:0] when loading PDPTEs from memory kpatch-kernel: 5.14.0-503.19.1.el9_5 kpatch-cve: CVE-2024-50115 kpatch-cvss: 7.1 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-50115 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f559b2e9c5c5308850544ab59396b7d53cfc67bd kpatch-name: rhel9/5.14.0-503.19.1.el9_5/CVE-2024-50110-xfrm-fix-one-more-kernel-infoleak-in-algo-dumping.patch kpatch-description: xfrm: fix one more kernel-infoleak in algo dumping kpatch-kernel: 5.14.0-503.19.1.el9_5 kpatch-cve: CVE-2024-50110 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-50110 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=6889cd2a93e1e3606b3f6e958aa0924e836de4d2 kpatch-name: rhel9/5.14.0-503.19.1.el9_5/CVE-2024-50142-xfrm-validate-new-sa-s-prefixlen-using-sa-family-when-sel-family-is-unset.patch kpatch-description: xfrm: validate new SA's prefixlen using SA family when sel.family is unset kpatch-kernel: 5.14.0-503.19.1.el9_5 kpatch-cve: CVE-2024-50142 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-50142 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=3f0ab59e6537c6a8f9e1b355b48f9c05a76e8563 kpatch-name: rhel9/5.14.0-503.19.1.el9_5/CVE-2024-50148-Bluetooth-bnep-fix-wild-memory-access-in-proto_unregister.patch kpatch-description: Bluetooth: bnep: fix wild-memory-access in proto_unregister kpatch-kernel: 5.14.0-503.19.1.el9_5 kpatch-cve: CVE-2024-50148 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-50148 kpatch-patch-url: https://git.kernel.org/linus/64a90991ba8d4e32e3173ddd83d0b24167a5668c kpatch-name: skipped/CVE-2024-50255.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-50255 kpatch-skip-reason: Bluetooth subsystem. Patched function may wait for a while, which may prevent patching/unpatching. kpatch-cvss: kpatch-name: rhel9/5.14.0-503.19.1.el9_5/CVE-2024-50125-Bluetooth-SCO-Fix-UAF-on-sco_sock_timeout-427.patch kpatch-description: Bluetooth: SCO: Fix UAF on sco_sock_timeout kpatch-kernel: 5.14.0-503.19.1.el9_5 kpatch-cve: CVE-2024-50125 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-50125 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=d30803f6a972 kpatch-name: rhel9/5.14.0-503.19.1.el9_5/CVE-2024-50124-Bluetooth-ISO-Fix-UAF-on-iso_sock_timeout.patch kpatch-description: Bluetooth: ISO: Fix UAF on iso_sock_timeout kpatch-kernel: 5.14.0-503.19.1.el9_5 kpatch-cve: CVE-2024-50124 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-50124 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=246b435ad668 kpatch-name: rhel9/5.14.0-503.19.1.el9_5/CVE-2024-49888-bpf-fix-a-sdiv-overflow-issue-427.patch kpatch-description: bpf: Fix a sdiv overflow issue kpatch-kernel: 5.14.0-503.19.1.el9_5 kpatch-cve: CVE-2024-49888 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-49888 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=7dd34d7b7dcf9309fc6224caf4dd5b35bedddcb7 kpatch-name: skipped/CVE-2024-50192.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-50192 kpatch-skip-reason: arm64: Low-score CVE requiring adaptation that is hard to implement; targets very rare hardware kpatch-cvss: kpatch-name: rhel9/5.14.0-503.21.1.el9_5/CVE-2024-50208-rdma-bnxt-re-fix-a-bug-while-setting-up-level-2-pbl-pages.patch kpatch-description: RDMA/bnxt_re: Fix a bug while setting up Level-2 PBL pages kpatch-kernel: 5.14.0-503.21.1.el9_5 kpatch-cve: CVE-2024-50208 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-50208 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=7988bdbbb85ac85a847baf09879edcd0f70521dc kpatch-name: rhel9/5.14.0-503.21.1.el9_5/CVE-2024-53122-mptcp-cope-racing-subflow-creation-in-mptcp-rcv-space-adjust.patch kpatch-description: mptcp: cope racing subflow creation in mptcp_rcv_space_adjust kpatch-kernel: 5.14.0-503.21.1.el9_5 kpatch-cve: CVE-2024-53122 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-53122 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=ce7356ae35943cc6494cc692e62d51a734062b7d kpatch-name: rhel9/5.14.0-503.21.1.el9_5/CVE-2024-50252-mlxsw-spectrum_ipip-Fix-memory-leak-when-changing-remote-IPv6-address.patch kpatch-description: mlxsw: spectrum_ipip: Fix memory leak when changing remote IPv6 address kpatch-kernel: 5.14.0-503.21.1.el9_5 kpatch-cve: CVE-2024-50252 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-50252 kpatch-patch-url: https://github.com/torvalds/linux/commit/12ae97c531fcd3bfd774d4dfeaeac23eafe24280 kpatch-name: rhel9/5.14.0-503.21.1.el9_5/CVE-2024-46713-perf-aux-Fix-AUX-buffer-serialization.patch kpatch-description: perf/aux: Fix AUX buffer serialization kpatch-kernel: 5.14.0-503.21.1.el9_5 kpatch-cve: CVE-2024-46713 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-46713 kpatch-patch-url: https://github.com/torvalds/linux/commit/2ab9d830262c132ab5db2f571003d80850d56b2a kpatch-name: rhel9/5.14.0-503.21.1.el9_5/CVE-2024-46713-perf-aux-Fix-AUX-buffer-serialization-kpatch.patch kpatch-description: perf/aux: Fix AUX buffer serialization (Adaptation) kpatch-kernel: 5.14.0-503.21.1.el9_5 kpatch-cve: CVE-2024-46713 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-46713 kpatch-patch-url: https://github.com/torvalds/linux/commit/2ab9d830262c132ab5db2f571003d80850d56b2a kpatch-name: rhel9/5.14.0-503.22.1.el9_5/CVE-2024-50154-tcp-dccp-Don-t-use-timer_pending-in-reqsk_queue_unlink.patch kpatch-description: tcp/dccp: Don't use timer_pending() in reqsk_queue_unlink() kpatch-kernel: 5.14.0-503.22.1.el9_5 kpatch-cve: CVE-2024-50154 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-50154 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=e8c526f2bdf1 kpatch-name: rhel9/5.14.0-503.22.1.el9_5/CVE-2024-50275-arm64-sve-Discard-stale-CPU-state-when-handling-SVE.patch kpatch-description: Discard stale CPU state when handling SVE traps kpatch-kernel: 5.14.0-503.22.1.el9_5 kpatch-cve: CVE-2024-50275 kpatch-cvss: 7.0 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-50275 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=751ecf6afd65 kpatch-name: rhel9/5.14.0-503.22.1.el9_5/CVE-2024-53088-0001-i40e-fix-i40e_count_filters-to-count-only-active-new-427.patch kpatch-description: i40e: fix i40e_count_filters() to count only active/new filters kpatch-kernel: 5.14.0-503.22.1.el9_5 kpatch-cve: CVE-2024-53088 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-53088 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=eb58c598ce kpatch-name: rhel9/5.14.0-503.22.1.el9_5/CVE-2024-53088-0002-i40e-fix-race-condition-by-adding-filter-s-intermediate-sync-state.patch kpatch-description: fix race condition by adding filter's intermediate sync state kpatch-kernel: 5.14.0-503.22.1.el9_5 kpatch-cve: CVE-2024-53088 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-53088 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f30490e969 kpatch-name: rhel9/5.14.0-503.23.2.el9_5/CVE-2024-53104-media-uvcvideo-Skip-parsing-frames-of-type-UVC_VS_UNDEFINED.patch kpatch-description: media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format kpatch-kernel: 5.14.0-503.23.2.el9_5 kpatch-cve: CVE-2024-53104 kpatch-cvss: 7.3 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-53104 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=beced2cb09b58c1243733f374c560a55382003d6 kpatch-name: rhel9/5.14.0-503.31.1.el9_5/CVE-2024-53113-mm-fix-null-pointer-dereference-in-alloc-pages-bulk-noprof.patch kpatch-description: mm: fix NULL pointer dereference in alloc_pages_bulk_noprof kpatch-kernel: 5.14.0-503.31.1.el9_5 kpatch-cve: CVE-2024-53113 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-53113 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=8ce41b0f9d77cca074df25afd39b86e2ee3aa68e kpatch-name: rhel9/5.14.0-503.31.1.el9_5/CVE-2024-53197-ALSA-usb-audio-Fix-potential-out-of-bound-accesses-for-Extigy-and-Mbox-devices.patch kpatch-description: ALSA: usb-audio: Fix potential out-of-bound accesses for Extigy and Mbox devices kpatch-kernel: 5.14.0-503.31.1.el9_5 kpatch-cve: CVE-2024-53197 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-53197 kpatch-patch-url: https://github.com/torvalds/linux/commit/b909df18ce2a998afef81d58bbd1a05dc0788c40 kpatch-name: rhel9/5.14.0-503.31.1.el9_5/CVE-2023-52922-can-bcm-fix-uaf-in-bcm-proc-show.patch kpatch-description: can: bcm: Fix UAF in bcm_proc_show() kpatch-kernel: 5.14.0-503.31.1.el9_5 kpatch-cve: CVE-2023-52922 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-52922 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=55c3b96074f3f9b0aee19bf93cd71af7516582bb kpatch-name: skipped/CVE-2023-52605.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2023-52605 kpatch-skip-reason: CVE Rejected kpatch-cvss: kpatch-name: rhel9/5.14.0-503.31.1.el9_5/CVE-2024-50264-vsock-virtio-initialization-of-the-dangling-pointer-occurring-in-vsk-trans.patch kpatch-description: vsock/virtio: Initialization of the dangling pointer occurring in vsk->trans kpatch-kernel: 5.14.0-503.31.1.el9_5 kpatch-cve: CVE-2024-50264 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-50264 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=6ca575374dd9a507cdd16dfa0e78c2e9e20bd05f kpatch-name: rhel9/5.14.0-503.31.1.el9_5/CVE-2024-50302-hid-core-zero-initialize-the-report-buffer.patch kpatch-description: HID: core: zero-initialize the report buffer kpatch-kernel: 5.14.0-503.31.1.el9_5 kpatch-cve: CVE-2024-50302 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-50302 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=177f25d1292c7e16e1199b39c85480f7f8815552 kpatch-name: skipped/CVE-2025-21785.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2025-21785 kpatch-skip-reason: Out of scope: ARM64 architecture isn't supported for current kernel kpatch-cvss: kpatch-name: rhel9/5.14.0-503.38.1.el9_5/CVE-2024-53150-alsa-usb-audio-fix-out-of-bounds-reads-when-finding-clock-sources.patch kpatch-description: ALSA: usb-audio: Fix out of bounds reads when finding clock sources kpatch-kernel: 5.14.0-503.38.1.el9_5 kpatch-cve: CVE-2024-53150 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-53150 kpatch-patch-url: https://gerrit.kernelcare.com/plugins/gitiles/redhat-kernel/+/cb8dcd77eb63e1e6b2497838cac19502bcc277de kpatch-name: rhel9/5.14.0-503.40.1.el9_5/CVE-2024-42292-kobject-uevent-fix-oob-access-within-zap-modalias-env.patch kpatch-description: kobject_uevent: Fix OOB access within zap_modalias_env() kpatch-kernel: 5.14.0-503.40.1.el9_5 kpatch-cve: CVE-2024-42292 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-42292 kpatch-patch-url: https://gerrit.kernelcare.com/plugins/gitiles/redhat-kernel/+/03b07e56f81a089b7d6d117827a48280bb28e1f2 kpatch-name: rhel9/5.14.0-503.40.1.el9_5/CVE-2024-42322-ipvs-properly-dereference-pe-in-ip-vs-add-service.patch kpatch-description: ipvs: properly dereference pe in ip_vs_add_service kpatch-kernel: 5.14.0-503.40.1.el9_5 kpatch-cve: CVE-2024-42322 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-42322 kpatch-patch-url: https://gerrit.kernelcare.com/plugins/gitiles/redhat-kernel/+/cbeeedcbd7c9cd2172dc907c11c89be4fed6b126 kpatch-name: rhel9/5.14.0-503.40.1.el9_5/CVE-2024-44990-bonding-fix-null-pointer-deref-in-bond_ipsec_offload.patch kpatch-description: bonding: fix null pointer deref in bond_ipsec_offload_ok kpatch-kernel: 5.14.0-503.40.1.el9_5 kpatch-cve: CVE-2024-44990 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-44990 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=95c90e4ad89d493a7a14fa200082e466e2548f9d kpatch-name: rhel9/5.14.0-503.40.1.el9_5/CVE-2024-46826-elf-fix-kernel-randomize-va-space-double-read.patch kpatch-description: ELF: fix kernel.randomize_va_space double read kpatch-kernel: 5.14.0-503.40.1.el9_5 kpatch-cve: CVE-2024-46826 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-46826 kpatch-patch-url: https://gerrit.kernelcare.com/plugins/gitiles/redhat-kernel/+/4475988b43d821c01db55a294dfa715c3b395bad kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-38541-of-module-add-buffer-overflow-check-in-of-modalias.patch kpatch-description: of: module: add buffer overflow check in of_modalias() kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-38541 kpatch-cvss: 9.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-38541 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=cf7385cb26ac4f0ee6c7385960525ad534323252 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-40956-dmaengine-idxd-fix-possible-use-after-free-in-irq-process-work-list.patch kpatch-description: dmaengine: idxd: Fix possible Use-After-Free in irq_process_work_list kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-40956 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-40956 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=e3215deca4520773cd2b155bed164c12365149a7 kpatch-name: skipped/CVE-2024-42302.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-42302 kpatch-skip-reason: Patched function waits for external events, which may prevent patching/unpatching. kpatch-cvss: kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-36012-bluetooth-msft-fix-slab-use-after-free-in-msft-do-close.patch kpatch-description: Bluetooth: msft: fix slab-use-after-free in msft_do_close() kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-36012 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-36012 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=10f9f426ac6e752c8d87bf4346930ba347aaabac kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-47685-netfilter-nf-reject-ipv6-fix-nf-reject-ip6-tcphdr-put.patch kpatch-description: netfilter: nf_reject_ipv6: fix nf_reject_ip6_tcphdr_put() kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-47685 kpatch-cvss: 9.1 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-47685 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=9c778fe48d20ef362047e3376dee56d77f8500d4 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2022-49006-tracing-free-buffers-when-a-used-dynamic-event-is-removed.patch kpatch-description: tracing: Free buffers when a used dynamic event is removed kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2022-49006 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2022-49006 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=4313e5a613049dfc1819a6dfb5f94cf2caff9452 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2022-49029-hwmon-ibmpex-fix-possible-uaf-when-ibmpex-register-bmc-fails.patch kpatch-description: hwmon: (ibmpex) Fix possible UAF when ibmpex_register_bmc() fails kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2022-49029 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2022-49029 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=e2a87785aab0dac190ac89be6a9ba955e2c634f2 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2022-49014-net-tun-fix-use-after-free-in-tun-detach.patch kpatch-description: net: tun: Fix use-after-free in tun_detach() kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2022-49014 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2022-49014 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=5daadc86f27ea4d691e2131c04310d0418c6cd12 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-43882-exec-fix-toctou-between-perm-check-and-set-uid-gid-usage.patch kpatch-description: exec: Fix ToCToU between perm check and set-uid/gid usage kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-43882 kpatch-cvss: 8.4 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-43882 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=f50733b45d865f91db90919f8311e2127ce5a0cb kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-27008-drm-nv04-Fix-out-of-bounds-access.patch kpatch-description: drm: nv04: Fix out of bounds access kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-27008 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-27008 kpatch-patch-url: https://github.com/torvalds/linux/commit/cf92bb778eda7830e79452c6917efa8474a30c1e kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-43873-vhost-vsock-always-initialize-seqpacket-allow.patch kpatch-description: vhost/vsock: always initialize seqpacket_allow kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-43873 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-43873 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=1e1fdcbdde3b7663e5d8faeb2245b9b151417d22 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-43873-kpatch.patch kpatch-description: vhost/vsock: always initialize seqpacket_allow kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-43873 kpatch-cvss: 7.8 kpatch-cve-url: https://www.cve.org/CVERecord?id=CVE-2024-43873 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=1e1fdcbdde3b7663e5d8faeb2245b9b151417d22 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-44934-net-bridge-mcast-wait-for-previous-gc-cycles-when-removing-port.patch kpatch-description: net: bridge: mcast: wait for previous gc cycles when removing port kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-44934 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-44934 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=92c4ee25208d0f35dafc3213cdf355fbe449e078 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-46756-hwmon-w83627ehf-fix-underflows-seen-when-writing-limit-attributes.patch kpatch-description: hwmon: (w83627ehf) Fix underflows seen when writing limit attributes kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-46756 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-46756 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=5c1de37969b7bc0abcb20b86e91e70caebbd4f89 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-46758-hwmon-lm95234-fix-underflows-seen-when-writing-limit-attributes.patch kpatch-description: hwmon: (lm95234) Fix underflows seen when writing limit attributes kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-46758 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-46758 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=af64e3e1537896337405f880c1e9ac1f8c0c6198 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-46759-hwmon-adc128d818-fix-underflows-seen-when-writing-limit-attributes.patch kpatch-description: hwmon: (adc128d818) Fix underflows seen when writing limit attributes kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-46759 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-46759 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=8cad724c8537fe3e0da8004646abc00290adae40 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-44987-ipv6-prevent-uaf-in-ip6-send-skb.patch kpatch-description: ipv6: prevent UAF in ip6_send_skb() kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-44987 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-44987 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=faa389b2fbaaec7fd27a390b4896139f9da662e3 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-46673-scsi-aacraid-fix-double-free-on-probe-failure.patch kpatch-description: scsi: aacraid: Fix double-free on probe failure kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-46673 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-46673 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=919ddf8336f0b84c0453bac583808c9f165a85c2 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-46725-drm-amdgpu-Fix-out-of-bounds-write-warning.patch kpatch-description: drm/amdgpu: Fix out-of-bounds write warning kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-46725 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-46725 kpatch-patch-url: https://github.com/torvalds/linux/commit/be1684930f5262a622d40ce7a6f1423530d87f89 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-44964-idpf-fix-memory-leaks-and-crashes-while-performing-a-soft-reset.patch kpatch-description: idpf: fix memory leaks and crashes while performing a soft reset kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-44964 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-44964 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=f01032a2ca099ec8d619aaa916c3762aa62495df kpatch-name: skipped/CVE-2024-44932.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-44932 kpatch-skip-reason: Blamed commit 90912f9 ("idpf: convert header split mode to libeth + napi_build_skb()") is absent. kpatch-cvss: kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-49882-ext4-fix-double-brelse-the-buffer-of-the-extents-path.patch kpatch-description: ext4: fix double brelse() the buffer of the extents path kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-49882 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-49882 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=dcaa6c31134c0f515600111c38ed7750003e1b9c kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-49883-ext4-aovid-use-after-free-in-ext4-ext-insert-extent.patch kpatch-description: ext4: aovid use-after-free in ext4_ext_insert_extent() kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-49883 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-49883 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=a164f3a432aae62ca23d03e6d926b122ee5b860d kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-49884-ext4-fix-slab-use-after-free-in-ext4-split-extent-at.patch kpatch-description: ext4: fix slab-use-after-free in ext4_split_extent_at() kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-49884 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-49884 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=c26ab35702f8cd0cdc78f96aa5856bfb77be798f kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-49889-ext4-avoid-use-after-free-in-ext4-ext-show-leaf.patch kpatch-description: ext4: avoid use-after-free in ext4_ext_show_leaf() kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-49889 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-49889 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=4e2524ba2ca5f54bdbb9e5153bea00421ef653f5 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-49930-wifi-ath11k-fix-array-out-of-bound-access-in-soc-stats.patch kpatch-description: wifi: ath11k: fix array out-of-bound access in SoC stats kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-49930 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-49930 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=69f253e46af98af17e3efa3e5dfa72fcb7d1983d kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-49950-bluetooth-l2cap-fix-uaf-in-l2cap-connect.patch kpatch-description: Bluetooth: L2CAP: Fix uaf in l2cap_connect kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-49950 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-49950 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=333b4fd11e89b29c84c269123f871883a30be586 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-49950-bluetooth-hci-core-fix-calling-mgmt-device-connected.patch kpatch-description: Bluetooth: hci_core: Fix calling mgmt_device_connected kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-49950 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-49950 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=333b4fd11e89b29c84c269123f871883a30be586 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-49960-ext4-fix-timer-use-after-free-on-failed-mount-5.14.0-427.42.1.el9_4.patch kpatch-description: ext4: fix timer use-after-free on failed mount kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-49960 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-49960 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=0ce160c5bdb67081a62293028dc85758a8efb22a kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-49967-ext4-no-need-to-continue-when-the-number-of-entries-is-1.patch kpatch-description: ext4: no need to continue when the number of entries is 1 kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-49967 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-49967 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=1a00a393d6a7fb1e745a41edd09019bd6a0ad64c kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-49983-ext4-drop-ppath-from-ext4-ext-replay-update-ex-to-avoid-double-free.patch kpatch-description: ext4: drop ppath from ext4_ext_replay_update_ex() to avoid double-free kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-49983 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-49983 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=5c0f4cc84d3a601c99bc5e6e6eb1cbda542cce95 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-49991-drm-amdkfd-amdkfd_free_gtt_mem-clear-the-correct-pointer.patch kpatch-description: drm/amdkfd: amdkfd_free_gtt_mem clear the correct pointer kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-49991 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-49991 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=c86ad39140bbcb9dc75a10046c2221f657e8083b kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-46722-drm-amdgpu-fix-mc-data-out-of-bounds-read-warning.patch kpatch-description: drm/amdgpu: fix mc_data out-of-bounds read warning kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-46722 kpatch-cvss: 7.1 kpatch-cve-url: https://access.redhat.com/security/cve/cve-2024-46722 kpatch-patch-url: https://github.com/oracle/linux-uek/commit/832acfdd23d33453c62188359fc6b51e155f5196 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-46723-drm-amdgpu-fix-ucode-out-of-bounds-read-warning.patch kpatch-description: drm/amdgpu: fix ucode out-of-bounds read warning kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-46723 kpatch-cvss: 7.1 kpatch-cve-url: https://access.redhat.com/security/cve/cve-2024-46723 kpatch-patch-url: https://git.kernel.org/linus/8944acd0f9db33e17f387fdc75d33bb473d7936f kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-46724-drm-amdgpu-fix-out-of-bounds-read-of-df-v1-7-channel-number.patch kpatch-description: drm/amdgpu: Fix out-of-bounds read of df_v1_7_channel_number kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-46724 kpatch-cvss: 7.1 kpatch-cve-url: https://access.redhat.com/security/cve/cve-2024-46724 kpatch-patch-url: https://git.kernel.org/linus/8944acd0f9db33e17f387fdc75d33bb473d7936f kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-46743-of-irq-prevent-device-address-out-of-bounds-read-in-interrupt-map-walk.patch kpatch-description: of/irq: Prevent device address out-of-bounds read in interrupt map walk kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-46743 kpatch-cvss: 7.1 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-46743 kpatch-patch-url: https://git.kernel.org/linus/b739dffa5d570b411d4bdf4bb9b8dfd6b7d72305 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-46747-hid-cougar-fix-slab-out-of-bounds-read-in-cougar-report-fixup.patch kpatch-description: HID: cougar: fix slab-out-of-bounds Read in cougar_report_fixup kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-46747 kpatch-cvss: 7.1 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-46747 kpatch-patch-url: https://git.kernel.org/linus/a6e9c391d45b5865b61e569146304cff72821a5d kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-49860-acpi-sysfs-validate-return-type-of-str-method.patch kpatch-description: ACPI: sysfs: validate return type of _STR method kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-49860 kpatch-cvss: 7.1 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-49860 kpatch-patch-url: https://git.kernel.org/stable/c/0cdfb9178a3bba843c95c2117c82c15f1a64b9ce kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-49862-powercap-intel-rapl-fix-off-by-one-in-get-rpi.patch kpatch-description: powercap: intel_rapl: Fix off by one in get_rpi() kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-49862 kpatch-cvss: 7.1 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-49862 kpatch-patch-url: https://git.kernel.org/linus/95f6580352a7225e619551febb83595bcb77ab17 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-49928-wifi-rtw89-avoid-reading-out-of-bounds-when-loading-tx-power-fw-elements.patch kpatch-description: wifi: rtw89: avoid reading out of bounds when loading TX power FW elements kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-49928 kpatch-cvss: 7.1 kpatch-cve-url: https://access.redhat.com/security/cve/cve-2024-49928 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=ed2e4bb17a4884cf29c3347353d8aabb7265b46c kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-50033-slip-make-slhc-remember-more-robust-against-malicious-packets.patch kpatch-description: slip: make slhc_remember() more robust against malicious packets kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-50033 kpatch-cvss: 7.1 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-50033 kpatch-patch-url: https://git.kernel.org/linus/7d3fce8cbe3a70a1c7c06c9b53696be5d5d8dd5c kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-50035-ppp-fix-ppp-async-encode-illegal-access.patch kpatch-description: ppp: fix ppp_async_encode() illegal access kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-50035 kpatch-cvss: 7.1 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-50035 kpatch-patch-url: https://git.kernel.org/linus/40dddd4b8bd08a69471efd96107a4e1c73fabefc kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-46786-fscache-delete-fscache-cookie-lru-timer-when-fscache-exits-to-avoid-uaf.patch kpatch-description: fscache: delete fscache_cookie_lru_timer when fscache exits to avoid UAF kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-46786 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-46786 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=72a6e22c604c95ddb3b10b5d3bb85b6ff4dbc34f kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-46800-sch-netem-fix-use-after-free-in-netem-dequeue.patch kpatch-description: sch/netem: fix use after free in netem_dequeue kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-46800 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-46800 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=3b3a2a9c6349e25a025d2330f479bc33a6ccb54a kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-46853-spi-nxp-fspi-fix-the-kasan-report-out-of-bounds-bug.patch kpatch-description: spi: nxp-fspi: fix the KASAN report out-of-bounds bug kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-46853 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-46853 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=2a8787c1cdc7be24fdd8953ecd1a8743a1006235 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-47748-vhost-vdpa-assign-irq-bypass-producer-token-correctly.patch kpatch-description: vhost_vdpa: assign irq bypass producer token correctly kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-47748 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-47748 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=02e9e9366fefe461719da5d173385b6685f70319 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-47745-mm-call-the-security-mmap-file-lsm-hook-in-remap-file-pages.patch kpatch-description: mm: call the security_mmap_file() LSM hook in remap_file_pages() kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-47745 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-47745 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=ea7e2d5e49c05e5db1922387b09ca74aa40f46e2 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-47745-mm-split-critical-region-in-remap_file_pages-and-invoke-LSMs-in-between.patch kpatch-description: mm: split critical region in remap_file_pages() and invoke LSMs in between kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-47745 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-47745 kpatch-patch-url: https://github.com/torvalds/linux/commit/58a039e679fe72bd0efa8b2abe669a7914bb4429 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-47719-iommufd-protect-against-overflow-of-align-during-iova-allocation.patch kpatch-description: iommufd: Protect against overflow of ALIGN() during iova allocation kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-47719 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-47719 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=8f6887349b2f829a4121c518aeb064fc922714e4 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-46828-sched-sch-cake-fix-bulk-flow-accounting-logic-for-host-fairness.patch kpatch-description: sched: sch_cake: fix bulk flow accounting logic for host fairness kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-46828 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-46828 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=546ea84d07e3e324644025e2aae2d12ea4c5896e kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-47718-wifi-rtw88-always-wait-for-both-firmware-loading-attempts.patch kpatch-description: wifi: rtw88: always wait for both firmware loading attempts kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-47718 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-47718 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=0e735a4c6137262bcefe45bb52fde7b1f5fc6c4d kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-50261-macsec-fix-use-after-free-while-sending-the-offloading-packet.patch kpatch-description: macsec: Fix use-after-free while sending the offloading packet kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-50261 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-50261 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=f1e54d11b210b53d418ff1476c6b58a2f434dfc0 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-50127-net-sched-fix-use-after-free-in-taprio-change.patch kpatch-description: net: sched: fix use-after-free in taprio_change() kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-50127 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-50127 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=f504465970aebb2467da548f7c1efbbf36d0f44b kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-50143-udf-fix-uninit-value-use-in-udf-get-fileshortad.patch kpatch-description: udf: fix uninit-value use in udf_get_fileshortad kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-50143 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-50143 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=264db9d666ad9a35075cc9ed9ec09d021580fbb1 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-50215-nvmet-auth-assign-dh-key-to-null-after-kfree-sensitive.patch kpatch-description: nvmet-auth: assign dh_key to NULL after kfree_sensitive kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-50215 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-50215 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=d2f551b1f72b4c508ab9298419f6feadc3b5d791 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-50186-net-explicitly-clear-the-sk-pointer-when-pf-create-fails.patch kpatch-description: net: explicitly clear the sk pointer, when pf->create fails kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-50186 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-50186 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=631083143315d1b192bd7d915b967b37819e88ea kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-50151-smb-client-fix-oobs-when-building-smb2-ioctl-request.patch kpatch-description: smb: client: fix OOBs when building SMB2_IOCTL request kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-50151 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-50151 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=1ab60323c5201bef25f2a3dc0ccc404d9aca77f1 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-50235-wifi-cfg80211-clear-wdev-cqm-config-pointer-on-free.patch kpatch-description: wifi: cfg80211: clear wdev->cqm_config pointer on free kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-50235 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-50235 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=d5fee261dfd9e17b08b1df8471ac5d5736070917 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-50282-drm-amdgpu-add-missing-size-check-in-amdgpu_debugfs_gprwave_read.patch kpatch-description: drm/amdgpu: add missing size check in amdgpu_debugfs_gprwave_read() kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-50282 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-50282 kpatch-patch-url: https://github.com/torvalds/linux/commit/f5d873f5825b40d886d03bd2aede91d4cf002434 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-53194-pci-fix-use-after-free-of-slot-bus-on-hot-remove.patch kpatch-description: PCI: Fix use-after-free of slot->bus on hot remove kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-53194 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-53194 kpatch-patch-url: https://gerrit.kernelcare.com/plugins/gitiles/redhat-kernel/+/15f44ba11987028c83e07b84ec885c5cbc6a6fac kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-53194-pci-fix-use-after-free-of-slot-bus-on-hot-remove-kpatch.patch kpatch-description: PCI: Fix use-after-free of slot->bus on hot remove kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-53194 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-53194 kpatch-patch-url: https://gerrit.kernelcare.com/plugins/gitiles/redhat-kernel/+/15f44ba11987028c83e07b84ec885c5cbc6a6fac kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-56558-nfsd-make-sure-exp-active-before-svc-export-show.patch kpatch-description: nfsd: make sure exp active before svc_export_show kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-56558 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-56558 kpatch-patch-url: https://gerrit.kernelcare.com/plugins/gitiles/redhat-kernel/+/35d4290a75207439e1c21c05d5c573ad1fb085ee kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-56601-net-inet-do-not-leave-a-dangling-sk-pointer-in-inet-create.patch kpatch-description: net: inet: do not leave a dangling sk pointer in inet_create() kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-56601 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-56601 kpatch-patch-url: https://gerrit.kernelcare.com/plugins/gitiles/redhat-kernel/+/45fb024fee85b4f2ab878b810b0039614faca933 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-56600-net-inet6-do-not-leave-a-dangling-sk-pointer-in-inet6-create.patch kpatch-description: net: inet6: do not leave a dangling sk pointer in inet6_create() kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-56600 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-56600 kpatch-patch-url: https://gerrit.kernelcare.com/plugins/gitiles/redhat-kernel/+/4c2958f580b2ec8b5e71cba661614384f6d0057f kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-53208-bluetooth-mgmt-fix-slab-use-after-free-read-in-set-powered-sync.patch kpatch-description: Bluetooth: MGMT: Fix slab-use-after-free Read in set_powered_sync kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-53208 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-53208 kpatch-patch-url: https://gerrit.kernelcare.com/plugins/gitiles/redhat-kernel/+/423b77549e6b62a78c0c47c15b3ec2abebfa8643 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-56551-drm-amdgpu-fix-usage-slab-after-free.patch kpatch-description: drm/amdgpu: fix usage slab after free kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-56551 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-56551 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=b61badd20b443eabe132314669bb51a263982e5c kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-56604-bluetooth-rfcomm-avoid-leaving-dangling-sk-pointer-in-rfcomm-sock-alloc-5.14.0-427.42.1.el9_4.patch kpatch-description: Bluetooth: RFCOMM: avoid leaving dangling sk pointer in rfcomm_sock_alloc() kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-56604 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-56604 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=3945c799f12b8d1f49a3b48369ca494d981ac465 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-56614-xsk-fix-oob-map-writes-when-deleting-elements.patch kpatch-description: xsk: fix OOB map writes when deleting elements kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-56614 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-56614 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=32cd3db7de97c0c7a018756ce66244342fd583f0 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-56642-tipc-fix-use-after-free-of-kernel-socket-in-cleanup-bearer.patch kpatch-description: tipc: Fix use-after-free of kernel socket in cleanup_bearer(). kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-56642 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-56642 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=6a2fa13312e51a621f652d522d7e2df7066330b6 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-56602-net-ieee802154-do-not-leave-a-dangling-sk-pointer-in-ieee802154-create.patch kpatch-description: net: ieee802154: do not leave a dangling sk pointer in ieee802154_create() kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-56602 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-56602 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=b4fcd63f6ef79c73cafae8cf4a114def5fc3d80d kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-56605-bluetooth-l2cap-do-not-leave-dangling-sk-pointer-on-error-in-l2cap-sock-create.patch kpatch-description: Bluetooth: L2CAP: do not leave dangling sk pointer on error in l2cap_sock_create() kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-56605 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-56605 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=7c4f78cdb8e7501e9f92d291a7d956591bf73be9 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-56631-scsi-sg-fix-slab-use-after-free-read-in-sg-release.patch kpatch-description: scsi: sg: Fix slab-use-after-free read in sg_release() kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-56631 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-56631 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=f10593ad9bc36921f623361c9e3dd96bd52d85ee kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-57798-drm-dp-mst-ensure-mst-primary-pointer-is-valid-in-drm-dp-mst-handle-up-req.patch kpatch-description: drm/dp_mst: Ensure mst_primary pointer is valid in drm_dp_mst_handle_up_req() kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-57798 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-57798 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=e54b00086f7473dbda1a7d6fc47720ced157c6a8 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-49995-tipc-guard-against-string-buffer-overrun.patch kpatch-description: tipc: guard against string buffer overrun kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-49995 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-49995 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=6555a2a9212be6983d2319d65276484f7c5f431a kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-50029-bluetooth-hci-conn-helper.patch kpatch-description: Bluetooth: hci_conn: helper kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-50029 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-50029 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=18fd04ad856df07733f5bb07e7f7168e7443d393 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-50029-bluetooth-hci-conn-fix-uaf-in-hci-enhanced-setup-sync-427.patch kpatch-description: Bluetooth: hci_conn: Fix UAF in hci_enhanced_setup_sync kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-50029 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-50029 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=18fd04ad856df07733f5bb07e7f7168e7443d393 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-50047-smb-client-fix-uaf-in-async-decryption.patch kpatch-description: smb: client: fix UAF in async decryption kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-50047 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-50047 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=b0abcd65ec545701b8793e12bc27dc98042b151a kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-50055-driver-core-bus-fix-double-free-in-driver-api-bus-register.patch kpatch-description: driver core: bus: Fix double free in driver API bus_register() kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-50055 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-50055 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=bfa54a793ba77ef696755b66f3ac4ed00c7d1248 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-50067-uprobe-avoid-out-of-bounds-memory-access-of-fetching-args.patch kpatch-description: uprobe: avoid out-of-bounds memory access of fetching args kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-50067 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-50067 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=373b9338c9722a368925d83bc622c596896b328e kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-50073-tty-n-gsm-fix-use-after-free-in-gsm-cleanup-mux.patch kpatch-description: tty: n_gsm: Fix use-after-free in gsm_cleanup_mux kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-50073 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-50073 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=9462f4ca56e7d2430fdb6dcc8498244acbfc4489 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-50074-parport-proper-fix-for-array-out-of-bounds-access.patch kpatch-description: parport: Proper fix for array out-of-bounds access kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-50074 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-50074 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=02ac3a9ef3a18b58d8f3ea2b6e46de657bf6c4f9 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-50121-nfsd-cancel-nfsd-shrinker-work-using-sync-mode-in-nfs4-state-shutdown-net.patch kpatch-description: nfsd: cancel nfsd_shrinker_work using sync mode in nfs4_state_shutdown_net kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-50121 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-50121 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=d5ff2fb2e7167e9483846e34148e60c0c016a1f6 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-50126-net-sched-use-rcu-read-side-critical-section-in-taprio-dump.patch kpatch-description: net: sched: use RCU read-side critical section in taprio_dump() kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-50126 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-50126 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=b22db8b8befe90b61c98626ca1a2fbb0505e9fe3 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-53057-net-sched-stop-qdisc-tree-reduce-backlog-on-tc-h-root.patch kpatch-description: net/sched: stop qdisc_tree_reduce_backlog on TC_H_ROOT kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-53057 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-53057 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=2e95c4384438adeaa772caa560244b1a2efef816 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-53059-wifi-iwlwifi-mvm-fix-response-handling-in-iwl-mvm-send-recovery-cmd-5.14.0-427.42.1.el9_4.patch kpatch-description: wifi: iwlwifi: mvm: Fix response handling in iwl_mvm_send_recovery_cmd() kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-53059 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-53059 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=07a6e3b78a65f4b2796a8d0d4adb1a15a81edead kpatch-name: skipped/CVE-2024-53095.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-53095 kpatch-skip-reason: low-scored CVE which inevitably will cause verification conflicts with freezable kthread and cifs reading routines. kpatch-cvss: kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-53103-hv-sock-initializing-vsk-trans-to-null-to-prevent-a-dangling-pointer.patch kpatch-description: hv_sock: Initializing vsk->trans to NULL to prevent a dangling pointer kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-53103 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-53103 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=e629295bd60abf4da1db85b82819ca6a4f6c1e79 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-53174-sunrpc-make-sure-cache-entry-active-before-cache-show.patch kpatch-description: SUNRPC: make sure cache entry active before cache_show kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-53174 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-53174 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=2862eee078a4d2d1f584e7f24fa50dddfa5f3471 kpatch-name: skipped/CVE-2024-53142.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-53142 kpatch-skip-reason: Patch affects initramfs kpatch-cvss: kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-53166-block-bfq-fix-bfqq-uaf-in-bfq-limit-depth.patch kpatch-description: block, bfq: fix bfqq uaf in bfq_limit_depth() kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-53166 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-53166 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=e8b8344de3980709080d86c157d24e7de07d70ad kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-53173-nfsv4-0-fix-a-use-after-free-problem-in-the-asynchronous-open.patch kpatch-description: NFSv4.0: Fix a use-after-free problem in the asynchronous open() kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-53173 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-53173 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=2fdb05dc0931250574f0cb0ebeb5ed8e20f4a889 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-53156-wifi-ath9k-add-range-check-for-conn-rsp-epid-in-htc-connect-service.patch kpatch-description: wifi: ath9k: add range check for conn_rsp_epid in htc_connect_service() kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-53156 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-53156 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=8619593634cbdf5abf43f5714df49b04e4ef09ab kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-42133-bluetooth-ignore-too-large-handle-values-in-big.patch kpatch-description: Bluetooth: Ignore too large handle values in BIG kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-42133 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-42133 kpatch-patch-url: https://gerrit.kernelcare.com/plugins/gitiles/redhat-kernel/+/f865cc1b92c617f6994dc373eab8e4ec4921d81a kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-42253-gpio-pca953x-fix-pca953x-irq-bus-sync-unlock-race.patch kpatch-description: gpio: pca953x: fix pca953x_irq_bus_sync_unlock race kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-42253 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-42253 kpatch-patch-url: https://gerrit.kernelcare.com/plugins/gitiles/redhat-kernel/+/d07570e18878a966d6f3abbb98ccccc859093491 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-42265-fs-prevent-out-of-bounds-array-speculation-when-closing-a-file-descriptor.patch kpatch-description: fs: prevent out-of-bounds array speculation when closing a file descriptor kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-42265 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-42265 kpatch-patch-url: https://gerrit.kernelcare.com/plugins/gitiles/redhat-kernel/+/f22b3d3a5e78ce648f17934837b487d332fade79 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-42291-ice-add-a-per-vf-limit-on-number-of-fdir-filters.patch kpatch-description: ice: Add a per-VF limit on number of FDIR filters kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-42291 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-42291 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=6ebbe97a488179f5dc85f2f1e0c89b486e99ee97 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-42291-ice-add-a-per-vf-limit-on-number-of-fdir-filters-kpatch.patch kpatch-description: ice: Add a per-VF limit on number of FDIR filters kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-42291 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-42291 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=6ebbe97a488179f5dc85f2f1e0c89b486e99ee97 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-42294-block-fix-deadlock-between-sd-remove-sd-release-427.patch kpatch-description: block: fix deadlock between sd_remove & sd_release kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-42294 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-42294 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=7e04da2dc7013af50ed3a2beb698d5168d1e594b kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-42304-ext4-make-sure-the-first-directory-block-is-not-a-hole.patch kpatch-description: ext4: make sure the first directory block is not a hole kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-42304 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-42304 kpatch-patch-url: https://gerrit.kernelcare.com/plugins/gitiles/redhat-kernel/+/ae437ce929084ea2f7ceae70426ee5f6a29bb927 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-42305-ext4-check-dot-and-dotdot-of-dx-root-before-making-dir-indexed.patch kpatch-description: ext4: check dot and dotdot of dx_root before making dir indexed kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-42305 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-42305 kpatch-patch-url: https://gerrit.kernelcare.com/plugins/gitiles/redhat-kernel/+/d8c9e2a5831c2ad2863136917bd8e3a8101e8058 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-42312-sysctl-always-initialize-i-uid-i-gid.patch kpatch-description: sysctl: always initialize i_uid/i_gid kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-42312 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-42312 kpatch-patch-url: https://gerrit.kernelcare.com/plugins/gitiles/redhat-kernel/+/9089c30d687c047202fc47af95ffdf71d8d64177 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-43871-devres-fix-memory-leakage-caused-by-driver-api-devm-free-percpu.patch kpatch-description: devres: Fix memory leakage caused by driver API devm_free_percpu() kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-43871 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-43871 kpatch-patch-url: https://git.kernel.org/linus/bd50a974097bb82d52a458bd3ee39fb723129a0c kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-43884-bluetooth-mgmt-add-error-handling-to-pair-device.patch kpatch-description: Bluetooth: MGMT: Add error handling to pair_device() kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-43884 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-43884 kpatch-patch-url: https://git.kernel.org/stable/c/064dd929c76532359d2905d90a7c12348043cfd4 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-43898-ext4-sanity-check-for-null-pointer-after-ext4-force-shutdown.patch kpatch-description: ext4: sanity check for NULL pointer after ext4_force_shutdown kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-43898 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-43898 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=83f4414b8f84249d538905825b088ff3ae555652 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-43914-md-raid5-avoid-bug-on-while-continue-reshape-after-reassembling.patch kpatch-description: md/raid5: avoid BUG_ON() while continue reshape after reassembling kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-43914 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-43914 kpatch-patch-url: https://git.kernel.org/stable/c/2c92f8c1c456d556f15cbf51667b385026b2e6a0 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-44931-gpio-prevent-potential-speculation-leaks-in-gpio-device-get-desc.patch kpatch-description: gpio: prevent potential speculation leaks in gpio_device_get_desc() kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-44931 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-44931 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=d795848ecce24a75dfd46481aee066ae6fe39775 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-44952-driver-core-fix-uevent-show-vs-driver-detach-race.patch kpatch-description: driver core: Fix uevent_show() vs driver detach race kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-44952 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-44952 kpatch-patch-url: https://git.kernel.org/linus/15fffc6a5624b13b428bb1c6e9088e32a55eb82c kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-44975-cgroup-cpuset-fix-panic-caused-by-partcmd-update.patch kpatch-description: cgroup/cpuset: fix panic caused by partcmd_update kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-44975 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-44975 kpatch-patch-url: https://git.kernel.org/linus/959ab6350add903e352890af53e86663739fcb9a kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-46761-pci-hotplug-pnv-php-fix-hotplug-driver-crash-on-powernv.patch kpatch-description: pci/hotplug/pnv_php: Fix hotplug driver crash on Powernv kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-46761 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-46761 kpatch-patch-url: https://gerrit.kernelcare.com/plugins/gitiles/redhat-kernel/+/57beb230405ef97244ad1738dd5cf3f745562c66 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-46822-arm64-acpi-harden-get-cpu-for-acpi-id-against-missing-cpu-entry.patch kpatch-description: arm64: acpi: Harden get_cpu_for_acpi_id() against missing CPU entry kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-46822 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-46822 kpatch-patch-url: https://gerrit.kernelcare.com/plugins/gitiles/redhat-kernel/+/a40d9d97da15b63aaa5ea8b1eb5e70cbaf3a7e75 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-46787-userfaultfd-fix-checks-for-huge-pmds.patch kpatch-description: userfaultfd: fix checks for huge PMDs kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-46787 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-46787 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=71c186efc1b2cf1aeabfeff3b9bd5ac4c5ac14d8 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-46783-tcp-bpf-fix-return-value-of-tcp-bpf-sendmsg.patch kpatch-description: tcp_bpf: fix return value of tcp_bpf_sendmsg() kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-46783 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-46783 kpatch-patch-url: https://gerrit.kernelcare.com/plugins/gitiles/redhat-kernel/+/2acef5216c312f9ab92de1458ba09cab6bc7e514 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-46805-drm-amdgpu-fix-the-waring-dereferencing-hive.patch kpatch-description: drm/amdgpu: fix the waring dereferencing hive kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-46805 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-46805 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=f20d1d5cbb39802f68be24458861094f3e66f356 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-46806-drm-amdgpu-Fix-the-warning-division-or-modulo-by-zero.patch kpatch-description: drm/amdgpu: Fix the warning division or modulo by zero kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-46806 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-46806 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=1a00f2ac82d6bc6689388c7edcd2a4bd82664f3c kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-46807-drm-amd-amdgpu-Check-tbo-resource-pointer.patch kpatch-description: drm/amd/amdgpu: Check tbo resource pointer kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-46807 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-46807 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=6cd2b872643bb29bba01a8ac739138db7bd79007 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-46819-drm-amdgpu-the-warning-dereferencing-obj-for-nbio_v7.patch kpatch-description: drm/amdgpu: the warning dereferencing obj for nbio_v7_4 kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-46819 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-46819 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=d190b459b2a4304307c3468ed97477b808381011 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-46835-drm-amdgpu-Fix-smatch-static-checker-warning.patch kpatch-description: drm/amdgpu: Fix smatch static checker warning kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-46835 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-46835 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=bdbdc7cecd00305dc844a361f9883d3a21022027 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-49933-blk-iocost-fix-more-out-of-bound-shifts.patch kpatch-description: blk_iocost: fix more out of bound shifts kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-49933 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-49933 kpatch-patch-url: https://gerrit.kernelcare.com/plugins/gitiles/redhat-kernel/+/c40ade3008f8de2df1a77eec9f9f6e5599b113ad kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-49934-fs-inode-prevent-dump-mapping-accessing-invalid-dentry-d-name-name.patch kpatch-description: fs/inode: Prevent dump_mapping() accessing invalid dentry.d_name.name kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-49934 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-49934 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=7f7b850689ac06a62befe26e1fd1806799e7f152 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-49935-acpi-pad-fix-crash-in-exit-round-robin.patch kpatch-description: ACPI: PAD: fix crash in exit_round_robin() kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-49935 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-49935 kpatch-patch-url: https://gerrit.kernelcare.com/plugins/gitiles/redhat-kernel/+/300494193de5407a4b13ae2ee1ef86b7f6a098f7 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-49937-wifi-cfg80211-set-correct-chandef-when-starting-cac.patch kpatch-description: wifi: cfg80211: Set correct chandef when starting CAC kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-49937 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-49937 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=20361712880396e44ce80aaeec2d93d182035651 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-49938-wifi-ath9k-htc-use-skb-set-length-for-resetting-urb-before-resubmit.patch kpatch-description: wifi: ath9k_htc: Use __skb_set_length() for resetting urb before resubmit kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-49938 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-49938 kpatch-patch-url: https://gerrit.kernelcare.com/plugins/gitiles/redhat-kernel/+/aab3dd4c2caa688cdcb0a2e843d9dd34983ce21c kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-49939-wifi-rtw89-avoid-to-add-interface-to-list-twice-when-ser.patch kpatch-description: wifi: rtw89: avoid to add interface to list twice when SER kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-49939 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-49939 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=7dd5d2514a8ea58f12096e888b0bd050d7eae20a kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-49946-ppp-do-not-assume-bh-is-held-in-ppp-channel-bridge-input.patch kpatch-description: ppp: do not assume bh is held in ppp_channel_bridge_input() kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-49946 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-49946 kpatch-patch-url: https://gerrit.kernelcare.com/plugins/gitiles/redhat-kernel/+/8ddd27039e5418b77b4e27da7f00feb9e524f496 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-49948-net-add-more-sanity-checks-to-qdisc-pkt-len-init.patch kpatch-description: net: add more sanity checks to qdisc_pkt_len_init() kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-49948 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-49948 kpatch-patch-url: https://gerrit.kernelcare.com/plugins/gitiles/redhat-kernel/+/889018b514b45537686572e97a0db3582a9b8778 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-49951-Bluetooth-hci_sync-Add-helper-functions-to-manipulat.patch kpatch-description: Bluetooth: hci_sync: Add helper functions to manipulate cmd_sync queue kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-49951 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-49951 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=505ea2b295929e7be2b4e1bc86ee31cb7862fb01 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-49951-bluetooth-mgmt-fix-possible-crash-on-mgmt-index-removed.patch kpatch-description: Bluetooth: MGMT: Fix possible crash on mgmt_index_removed kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-49951 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-49951 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=f53e1c9c726d83092167f2226f32bd3b73f26c21 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-44958-sched-smt-introduce-sched-smt-present-inc-dec-helper.patch kpatch-description: sched/smt: Introduce sched_smt_present_inc/dec() helper kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-44958 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/cve-2024-44958 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=e22f910a26cc2a3ac9c66b8e935ef2a7dd881117 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-44958-sched-smt-fix-unbalance-sched-smt-present-dec-inc.patch kpatch-description: sched/smt: Fix unbalance sched_smt_present dec/inc kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-44958 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/cve-2024-44958 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=e22f910a26cc2a3ac9c66b8e935ef2a7dd881117 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2023-52672-pipe-wakeup-wr-wait-after-setting-max-usage.patch kpatch-description: pipe: wakeup wr_wait after setting max_usage kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2023-52672 kpatch-cvss: 7.0 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-52672 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=e95aada4cb93d42e25c30a0ef9eb2923d9711d4a kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2023-52672-pipe-wakeup-wr-wait-after-setting-max-usage-kpatch.patch kpatch-description: pipe: wakeup wr_wait after setting max_usage kpatch kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2023-52672 kpatch-cvss: 7.0 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-52672 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=e95aada4cb93d42e25c30a0ef9eb2923d9711d4a kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2025-23138-watch_queue-fix-pipe-accounting-mismatch.patch kpatch-description: watch_queue: fix pipe accounting mismatch kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2025-23138 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-23138 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=f13abc1e8e1a3b7455511c4e122750127f6bc9b0 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-50128-net-wwan-fix-global-oob-in-wwan-rtnl-policy.patch kpatch-description: net: wwan: fix global oob in wwan_rtnl_policy kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-50128 kpatch-cvss: 7.1 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-50128 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=47dd5447cab8ce30a847a0337d5341ae4c7476a7 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-50128-net-wwan-fix-global-oob-in-wwan-rtnl-policy-kpatch.patch kpatch-description: net: wwan: fix global oob in wwan_rtnl_policy kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-50128 kpatch-cvss: 7.1 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-50128 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=47dd5447cab8ce30a847a0337d5341ae4c7476a7 kpatch-name: skipped/CVE-2024-50228.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-50228 kpatch-skip-reason: Vendor reverted in d1aa0c04294 as it causes deadlocks kpatch-cvss: kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-50278-dm-cache-fix-potential-out-of-bounds-access-on-the-first-resume.patch kpatch-description: dm cache: fix potential out-of-bounds access on the first resume kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-50278 kpatch-cvss: 7.1 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-50278 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=c0ade5d98979585d4f5a93e4514c2e9a65afa08d kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-53082-virtio-net-add-hash-key-length-check.patch kpatch-description: virtio_net: Add hash_key_length check kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-53082 kpatch-cvss: 7.1 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-53082 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=3f7d9c1964fcd16d02a8a9d4fd6f6cb60c4cc530 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-56663-wifi-nl80211-fix-nl80211-attr-mlo-link-id-off-by-one.patch kpatch-description: wifi: nl80211: fix NL80211_ATTR_MLO_LINK_ID off-by-one kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-56663 kpatch-cvss: 7.1 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-56663 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=2e3dbf938656986cce73ac4083500d0bcfbffe24 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-56663-wifi-nl80211-fix-nl80211-attr-mlo-link-id-off-by-one-kpatch-427.patch kpatch-description: wifi: nl80211: fix NL80211_ATTR_MLO_LINK_ID off-by-one kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-56663 kpatch-cvss: 7.1 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-56663 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=2e3dbf938656986cce73ac4083500d0bcfbffe24 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-58099-vmxnet3-fix-packet-corruption-in-vmxnet3-xdp-xmit-frame.patch kpatch-description: vmxnet3: Fix packet corruption in vmxnet3_xdp_xmit_frame kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-58099 kpatch-cvss: 7.0 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-58099 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=4678adf94da4a9e9683817b246b58ce15fb81782 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-50058-serial-protect-uart-port-dtr-rts-in-uart-shutdown-too-5.14.0-427.42.1.el9_4.patch kpatch-description: serial: protect uart_port_dtr_rts() in uart_shutdown() too kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-50058 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-50058 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=602babaa84d627923713acaf5f7e9a4369e77473 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-50082-blk-rq-qos-fix-crash-on-rq-qos-wait-vs-rq-qos-wake-function-race.patch kpatch-description: blk-rq-qos: fix crash on rq_qos_wait vs. rq_qos_wake_function race kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-50082 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-50082 kpatch-patch-url: https://gerrit.kernelcare.com/plugins/gitiles/redhat-kernel/+/d25e973b35b6a5fe36c0d54c2ff18cea94768d16 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-50081-blk-mq-setup-queue-tag-set-before-initializing-hctx.patch kpatch-description: blk-mq: setup queue ->tag_set before initializing hctx kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-50081 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-50081 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=c25c0c9035bb8b28c844dfddeda7b8bdbcfcae95 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-50101-iommu-vt-d-fix-incorrect-pci-for-each-dma-alias-for-non-pci-devices.patch kpatch-description: iommu/vt-d: Fix incorrect pci_for_each_dma_alias() for non-PCI devices kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-50101 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-50101 kpatch-patch-url: https://gerrit.kernelcare.com/plugins/gitiles/redhat-kernel/+/ff8b885f915c9f9ec8862550d06f4c584590465c kpatch-name: skipped/CVE-2024-50102.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-50102 kpatch-skip-reason: low score, complex adaptation kpatch-cvss: kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-50077-bluetooth-iso-fix-multiple-init-when-debugfs-is-disabled.patch kpatch-description: Bluetooth: ISO: Fix multiple init when debugfs is disabled kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-50077 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-50077 kpatch-patch-url: https://gerrit.kernelcare.com/plugins/gitiles/redhat-kernel/+/b306874973019a38a44c89ff1a0f212e8cd2ff38 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-50078-bluetooth-call-iso-exit-on-module-unload.patch kpatch-description: Bluetooth: Call iso_exit() on module unload kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-50078 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-50078 kpatch-patch-url: https://gerrit.kernelcare.com/plugins/gitiles/redhat-kernel/+/5c872ad564167ebc157853d3729a33acc4246804 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-50093-thermal-intel-int340x-processor-fix-warning-during-module-unload-5.14.0-427.42.1.el9_4.patch kpatch-description: thermal: intel: int340x: processor: Fix warning during module unload kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-50093 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-50093 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=99ca0b57e49fb73624eede1c4396d9e3d10ccf14 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-50075-xhci-tegra-fix-checked-usb2-port-number.patch kpatch-description: xhci: tegra: fix checked USB2 port number kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-50075 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-50075 kpatch-patch-url: https://gerrit.kernelcare.com/plugins/gitiles/redhat-kernel/+/84a0da9984fa9acaab8757b00358c9720b6176a4 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-53146-nfsd-prevent-a-potential-integer-overflow.patch kpatch-description: NFSD: Prevent a potential integer overflow kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-53146 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-53146 kpatch-patch-url: https://gerrit.kernelcare.com/plugins/gitiles/redhat-kernel/+/6b6e999f74ca06c1ff4de7635a8e3dcb7c7471fb kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-53160-rcu-kvfree-fix-data-race-in-mod-timer-kvfree-call-rcu-503.patch kpatch-description: rcu/kvfree: Fix data-race in __mod_timer / kvfree_call_rcu kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-53160 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-53160 kpatch-patch-url: https://gerrit.kernelcare.com/plugins/gitiles/redhat-kernel/+/89edcfe6e5c6c2dc1074e0d91aa9eae5e865ef16 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-53161-edac-bluefield-fix-potential-integer-overflow.patch kpatch-description: EDAC/bluefield: Fix potential integer overflow kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-53161 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-53161 kpatch-patch-url: https://gerrit.kernelcare.com/plugins/gitiles/redhat-kernel/+/4580f9aa3479c1e331c1c167be805992ecc3977a kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-53164-net-sched-fix-ordering-of-qlen-adjustment.patch kpatch-description: net: sched: fix ordering of qlen adjustment kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-53164 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-53164 kpatch-patch-url: https://gerrit.kernelcare.com/plugins/gitiles/redhat-kernel/+/972b8e2a61435b7f87399962f33d1defdd00d8ee kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-53190-wifi-rtlwifi-drastically-reduce-the-attempts-to-read-efuse-in-case-of-failures.patch kpatch-description: wifi: rtlwifi: Drastically reduce the attempts to read efuse in case of failures kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-53190 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-53190 kpatch-patch-url: https://gerrit.kernelcare.com/plugins/gitiles/redhat-kernel/+/008e728d2cb3fd43805ab81f3390121ae48bdfc2 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-43823-pci-keystone-fix-null-pointer-dereference-in-case-of-dt-error-in-ks-pcie-setup-rc-app-regs.patch kpatch-description: PCI: keystone: Fix NULL pointer dereference in case of DT error in ks_pcie_setup_rc_app_regs() kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-43823 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-43823 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=a231707a91f323af1e5d9f1722055ec2fc1c7775 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-42315-exfat-fix-potential-deadlock-on-exfat-get-dentry-set.patch kpatch-description: exfat: fix potential deadlock on __exfat_get_dentry_set kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-42315 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-42315 kpatch-patch-url: https://gerrit.kernelcare.com/plugins/gitiles/redhat-kernel/+/eff13001333d23f7feb55566de65e647f8d467da kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-42321-net-flow-dissector-use-debug-net-warn-on-once.patch kpatch-description: net: flow_dissector: use DEBUG_NET_WARN_ON_ONCE kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-42321 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-42321 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=120f1c857a73e52132e473dee89b340440cb692b kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-42321-net-flow-dissector-use-debug-net-warn-on-once-kpatch.patch kpatch-description: net: flow_dissector: use DEBUG_NET_WARN_ON_ONCE kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-42321 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-42321 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=120f1c857a73e52132e473dee89b340440cb692b kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-43828-ext4-fix-infinite-loop-when-replaying-fast-commit.patch kpatch-description: ext4: fix infinite loop when replaying fast_commit kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-43828 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-43828 kpatch-patch-url: https://gerrit.kernelcare.com/plugins/gitiles/redhat-kernel/+/8f63a570a6f19f4d4f11f57e2d2b30e5eb63f620 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-43853-cgroup-cpuset-prevent-uaf-in-proc-cpuset-show.patch kpatch-description: cgroup/cpuset: Prevent UAF in proc_cpuset_show() kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-43853 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-43853 kpatch-patch-url: https://gerrit.kernelcare.com/plugins/gitiles/redhat-kernel/+/0cdc1804f690b38e184f62132ed20dbb67ee0db1 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-43846-lib-objagg-fix-general-protection-fault.patch kpatch-description: lib: objagg: Fix general protection fault kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-43846 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-43846 kpatch-patch-url: https://gerrit.kernelcare.com/plugins/gitiles/redhat-kernel/+/74e6153f64b017a067583f0a6bde31818beea0b5 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-43821-scsi-lpfc-fix-a-possible-null-pointer-dereference.patch kpatch-description: scsi: lpfc: Fix a possible null pointer dereference kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-43821 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-43821 kpatch-patch-url: https://gerrit.kernelcare.com/plugins/gitiles/redhat-kernel/+/d9d1c26b2574f8083cd4f64a015926c34641b4ba kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-43834-xdp-fix-invalid-wait-context-of-page-pool-destroy.patch kpatch-description: xdp: fix invalid wait context of page_pool_destroy() kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-43834 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-43834 kpatch-patch-url: https://gerrit.kernelcare.com/plugins/gitiles/redhat-kernel/+/0d4127c3f89fa99892274bafb83aa63cca5b268e kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-46839-workqueue-wq-watchdog-touch-is-always-called-with-valid-cpu.patch kpatch-description: workqueue: wq_watchdog_touch is always called with valid CPU kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-46839 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-46839 kpatch-patch-url: https://gerrit.kernelcare.com/plugins/gitiles/redhat-kernel/+/b0d5b181c0e5e324b4c356490692a34f1df1e62c kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-47660-fsnotify-clear-parent-watched-flags-lazily.patch kpatch-description: fsnotify: clear PARENT_WATCHED flags lazily kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-47660 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-47660 kpatch-patch-url: https://gerrit.kernelcare.com/plugins/gitiles/redhat-kernel/+/4a2f697b8e88132dcc2c99b69ba54c84a2204ce2 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-47668-lib-generic-radix-tree-c-fix-rare-race-in-genradix-ptr-alloc.patch kpatch-description: lib/generic-radix-tree.c: Fix rare race in __genradix_ptr_alloc() kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-47668 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-47668 kpatch-patch-url: https://gerrit.kernelcare.com/plugins/gitiles/redhat-kernel/+/3bdde79f44ca9bfa9b22c7f72232da184ac5bcc1 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-47705-block-fix-potential-invalid-pointer-dereference-in-blk-add-partition.patch kpatch-description: block: fix potential invalid pointer dereference in blk_add_partition kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-47705 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-47705 kpatch-patch-url: https://gerrit.kernelcare.com/plugins/gitiles/redhat-kernel/+/3e68b101c7ecfe7b3041da80b966a0de9cc495ca kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-47700-ext4-fix-race-between-writepages-and-remount-5.14.0-427.42.1.el9_4.patch kpatch-description: ext4: fix race between writepages and remount kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-47700 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-47700 kpatch-patch-url: https://gerrit.kernelcare.com/plugins/gitiles/redhat-kernel/+/0cb471cc39d1154f24885b140b63e1cd485d576f kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-47700-ext4-check-stripe-size-compatibility-on-remount-as-well.patch kpatch-description: ext4: check stripe size compatibility on remount as well kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-47700 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-47700 kpatch-patch-url: https://gerrit.kernelcare.com/plugins/gitiles/redhat-kernel/+/ab54091a0f3e986133f0c88b8ef50897432f73bc kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-47678-icmp-change-the-order-of-rate-limits.patch kpatch-description: icmp: change the order of rate limits kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-47678 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-47678 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=8c2bd38b95f75f3d2a08c93e35303e26d480d24e kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-47687-vdpa-mlx5-fix-invalid-mr-resource-destroy.patch kpatch-description: vdpa/mlx5: Fix invalid mr resource destroy kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-47687 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-47687 kpatch-patch-url: https://gerrit.kernelcare.com/plugins/gitiles/redhat-kernel/+/3adeea8520479e8f802c73b097d451de93e3ae92 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-47703-bpf-lsm-add-check-for-bpf-lsm-return-value-427-42.patch kpatch-description: bpf, lsm: Add check for BPF LSM return value kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-47703 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-47703 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=5d99e198be279045e6ecefe220f5c52f8ce9bfd5 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-47703-bpf-lsm-add-check-for-bpf-lsm-return-value-kpatch.patch kpatch-description: bpf, lsm: Add check for BPF LSM return value kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-47703 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-47703 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=5d99e198be279045e6ecefe220f5c52f8ce9bfd5 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-49856-x86-sgx-fix-deadlock-in-sgx-numa-node-search.patch kpatch-description: x86/sgx: Fix deadlock in SGX NUMA node search kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-49856 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-49856 kpatch-patch-url: https://gerrit.kernelcare.com/plugins/gitiles/redhat-kernel/+/23d833f47a1b5f8c152b5bcd79da38f0ebb8b7f1 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-49870-cachefiles-fix-dentry-leak-in-cachefiles-open-file.patch kpatch-description: cachefiles: fix dentry leak in cachefiles_open_file() kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-49870 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-49870 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=da6ef2dffe6056aad3435e6cf7c6471c2a62187c kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-49875-nfsd-map-the-ebadmsg-to-nfserr-io-to-avoid-warning-kpatch.patch kpatch-description: nfsd: map the EBADMSG to nfserr_io to avoid warning kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-49875 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-49875 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/patch/?id=6fe058502f8864649c3d614b06b2235223798f48 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-49878-resource-fix-region-intersects-vs-add-memory-driver-managed.patch kpatch-description: resource: fix region_intersects() vs add_memory_driver_managed() kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-49878 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-49878 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=b4afe4183ec77f230851ea139d91e5cf2644c68b kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-49881-ext4-update-orig-path-in-ext4-find-extent.patch kpatch-description: ext4: update orig_path in ext4_find_extent() kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-49881 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-49881 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=5b4b2dcace35f618fe361a87bae6f0d13af31bc1 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-49886-platform-x86-isst-fix-the-kasan-report-slab-out-of-bounds-bug.patch kpatch-description: platform/x86: ISST: Fix the KASAN report slab-out-of-bounds bug kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-49886 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-49886 kpatch-patch-url: https://gerrit.kernelcare.com/plugins/gitiles/redhat-kernel/+/3fb0619aea7eae33176feaa8d80897c775fd9a7f kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-49927-x86-ioapic-handle-allocation-failures-gracefully.patch kpatch-description: x86/ioapic: Handle allocation failures gracefully kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-49927 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-49927 kpatch-patch-url: https://gerrit.kernelcare.com/plugins/gitiles/redhat-kernel/+/6197b636f23c4d085050216758d0fcc8f7890ad6 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-49929-wifi-iwlwifi-mvm-avoid-null-pointer-dereference-427.patch kpatch-description: wifi: iwlwifi: mvm: avoid NULL pointer dereference kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-49929 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-49929 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=557a6cd847645e667f3b362560bd7e7c09aac284 kpatch-name: skipped/CVE-2024-36968.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-36968 kpatch-skip-reason: Complex adaptation required (too many dependency patches) kpatch-cvss: kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-35963-35967-Add-a-helper-header-with-copy_safe_from_sockptr.patch kpatch-description: net: Make copy_safe_from_sockptr() match documentation kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-35963 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-35963 kpatch-patch-url: https://github.com/torvalds/linux/commit/eb94b7bb10109a14a5431a67e5d8e31cfa06b395 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-35963-bluetooth-hci-sock-fix-not-validating-setsockopt-user-input.patch kpatch-description: Bluetooth: hci_sock: Fix not validating setsockopt user input kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-35963 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-35963 kpatch-patch-url: https://gerrit.kernelcare.com/plugins/gitiles/redhat-kernel/+/ed4080047efc99977b8c980fb54e8fc33088516c kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-35964-bluetooth-iso-fix-not-validating-setsockopt-user-input-459.patch kpatch-description: Bluetooth: ISO: Fix not validating setsockopt user input kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-35964 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-35964 kpatch-patch-url: https://github.com/torvalds/linux/commit/9e8742cdfc4b0e65266bb4a901a19462bda9285e kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-35965-bluetooth-l2cap-fix-not-validating-setsockopt-user-input-507.patch kpatch-description: Bluetooth: L2CAP: Fix not validating setsockopt user input kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-35965 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-35965 kpatch-patch-url: https://gerrit.kernelcare.com/plugins/gitiles/redhat-kernel/+/02356256e68a10f40fbb1ff037b65545229eda71 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-35966-bluetooth-rfcomm-fix-not-validating-setsockopt-user-input.patch kpatch-description: Bluetooth: RFCOMM: Fix not validating setsockopt user input kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-35966 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-35966 kpatch-patch-url: https://gerrit.kernelcare.com/plugins/gitiles/redhat-kernel/+/f8636959ab09a5ebf43ae5d6621283a97a29c518 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-35967-bluetooth-sco-fix-not-validating-setsockopt-user-input-459.patch kpatch-description: Bluetooth: SCO: Fix not validating setsockopt user input kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-35967 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-35967 kpatch-patch-url: https://gerrit.kernelcare.com/plugins/gitiles/redhat-kernel/+/ca23fe19b0c913cbe4ec00b3085c0b8968711685 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-35978-bluetooth-fix-memory-leak-in-hci-req-sync-complete.patch kpatch-description: Bluetooth: Fix memory leak in hci_req_sync_complete() kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-35978 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-35978 kpatch-patch-url: https://gerrit.kernelcare.com/plugins/gitiles/redhat-kernel/+/914a591cd651095d6099cd1d1402595219c25482 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-36011-bluetooth-hci-fix-potential-null-ptr-deref.patch kpatch-description: Bluetooth: HCI: Fix potential null-ptr-deref kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-36011 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-36011 kpatch-patch-url: https://gerrit.kernelcare.com/plugins/gitiles/redhat-kernel/+/e63366bd363b9e1dda8a674072309414389ce76c kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-36880-bluetooth-qca-add-missing-firmware-sanity-checks.patch kpatch-description: Bluetooth: qca: add missing firmware sanity checks kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-36880 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-36880 kpatch-patch-url: https://gerrit.kernelcare.com/plugins/gitiles/redhat-kernel/+/b92260e242fc2117e1175bf43e982524d871a7d6 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-36880-bluetooth-qca-fix-firmware-check-error-path.patch kpatch-description: Bluetooth: qca: fix firmware check error path kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-36880 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-36880 kpatch-patch-url: https://github.com/torvalds/linux/commit/40d442f969fb1e871da6fca73d3f8aef1f888558 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-46754-bpf-remove-tst-run-from-lwt-seg6local-prog-ops.patch kpatch-description: bpf: Remove tst_run from lwt_seg6local_prog_ops. kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-46754 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-46754 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=c13fda93aca118b8e5cd202e339046728ee7dddb kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-46754-bpf-remove-tst-run-from-lwt-seg6local-prog-ops-kpatch.patch kpatch-description: bpf: Remove tst_run from lwt_seg6local_prog_ops. kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-46754 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-46754 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=c13fda93aca118b8e5cd202e339046728ee7dddb kpatch-name: skipped/CVE-2024-36013.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-36013 kpatch-skip-reason: Requires adaptation (missing commit e7b02296) kpatch-cvss: kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-47692-nfsd-return-EINVAL-when-namelen-is-0.patch kpatch-description: nfsd: return -EINVAL when namelen is 0 kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-47692 kpatch-cvss: 6.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-47692 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/patch/?id=0f1d007bbea38a61cf9c5392708dc70ae9d84a3d kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2022-48969-xen-netfront-stop-tx-queues-during-live-migration.patch kpatch-description: xen/netfront: stop tx queues during live migration kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2022-48969 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2022-48969 kpatch-patch-url: https://git.kernel.org/stable/c/042b2046d0f05cf8124c26ff65dbb6148a4404fb kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2022-48969-xen-netfront-fix-NULL-sring-after-live-migration.patch kpatch-description: xen-netfront: Fix NULL sring after live migration kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2022-48969 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2022-48969 kpatch-patch-url: https://git.kernel.org/stable/c/99859947517e446058ad7243ee81d2f9801fa3dd kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2022-48989-fscache-fix-oops-due-to-race-with-cookie_lru-and-use_cookie.patch kpatch-description: fscache: Fix oops due to race with cookie_lru and use_cookie kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2022-48989 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2022-48989 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/patch/?id=37f0b459c9b67e14fe4dcc3a15d286c4436ed01d kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2022-48989-fscache-fix-oops-due-to-race-with-cookie_lru-and-use_cookie-kpatch.patch kpatch-description: fscache: Fix oops due to race with cookie_lru and use_cookie kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2022-48989 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2022-48989 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/patch/?id=37f0b459c9b67e14fe4dcc3a15d286c4436ed01d kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2023-52917-ntb-intel-fix-the-NULL-vs-IS_ERR-bug-for-debugfs_create_dir.patch kpatch-description: ntb: intel: Fix the NULL vs IS_ERR() bug for debugfs_create_dir() kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2023-52917 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-52917 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=16e5bed6c1883b19f9fcbdff996aa3381954d5f3 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-27398-bluetooth-fix-use-after-free-bugs-caused-by-sco-sock-timeout.patch kpatch-description: Bluetooth: Fix use-after-free bugs caused by sco_sock_timeout kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-27398 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-27398 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=483bc08181827fc475643272ffb69c533007e546 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-35891-net-phy-micrel-fix-potential-null-pointer-dereference.patch kpatch-description: net: phy: micrel: Fix potential null pointer dereference kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-35891 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-35891 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=96c155943a703f0655c0c4cab540f67055960e91 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-35933-bluetooth-btintel-fix-null-ptr-deref-in-btintel-read-version.patch kpatch-description: Bluetooth: btintel: Fix null ptr deref in btintel_read_version kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-35933 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-35933 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=b79e040910101b020931ba0c9a6b77e81ab7f645 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-35934-net-smc-reduce-rtnl-pressure-in-smc-pnet-create-pnetids-list.patch kpatch-description: net/smc: reduce rtnl pressure in smc_pnet_create_pnetids_list() kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-35934 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-35934 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=00af2aa93b76b1bade471ad0d0525d4d29ca5cc0 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-56688-sunrpc-clear-xprt-sock-upd-timeout-when-reset-transport.patch kpatch-description: sunrpc: clear XPRT_SOCK_UPD_TIMEOUT when reset transport kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-56688 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-56688 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=4db9ad82a6c823094da27de4825af693a3475d51 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-56760-pci-msi-handle-lack-of-irqdomain-gracefully.patch kpatch-description: PCI/MSI: Handle lack of irqdomain gracefully kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-56760 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-56760 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=a60b990798eb17433d0283788280422b1bd94b18 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-56654-bluetooth-hci-event-fix-using-rcu-read-un-lock-while-iterating-5.14.0-458.patch kpatch-description: Bluetooth: hci_event: Fix using rcu_read_(un)lock while iterating kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-56654 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-56654 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=581dd2dc168fe0ed2a7a5534a724f0d3751c93ae kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-56667-drm-i915-fix-null-pointer-dereference-in-capture-engine.patch kpatch-description: drm/i915: Fix NULL pointer dereference in capture_engine kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-56667 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-56667 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=da0b986256ae9a78b0215214ff44f271bfe237c1 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-56779-nfsd-fix-nfs4-openowner-leak-when-concurrent-nfsd4-open-occur.patch kpatch-description: nfsd: fix nfs4_openowner leak when concurrent nfsd4_open occur kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-56779 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-56779 kpatch-patch-url: https://gerrit.kernelcare.com/plugins/gitiles/redhat-kernel/+/48fd2c6fe1d4b072683f1aa52c09b022440cdbb7 kpatch-name: skipped/CVE-2024-57809.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-57809 kpatch-skip-reason: Out of scope: ARM architecture isn't supported for current kernel kpatch-cvss: kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-49959-jbd2-stop-waiting-for-space-when-jbd2-cleanup-journal-tail-returns-error.patch kpatch-description: jbd2: stop waiting for space when jbd2_cleanup_journal_tail() returns error kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-49959 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-49959 kpatch-patch-url: https://gerrit.kernelcare.com/plugins/gitiles/redhat-kernel/+/425c5b206fe228aa0fa23680052e3a1dee284152 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-49962-acpica-check-null-return-of-acpi-allocate-zeroed-in-acpi-db-convert-to-package.patch kpatch-description: ACPICA: check null return of ACPI_ALLOCATE_ZEROED() in acpi_db_convert_to_package() kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-49962 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-49962 kpatch-patch-url: https://gerrit.kernelcare.com/plugins/gitiles/redhat-kernel/+/9dc1296a3901032af37b7e0d0fe3aefeb63417bb kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-49968-ext4-filesystems-without-casefold-feature-cannot-be-mounted-with-siphash.patch kpatch-description: ext4: filesystems without casefold feature cannot be mounted with siphash kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-49968 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-49968 kpatch-patch-url: https://gerrit.kernelcare.com/plugins/gitiles/redhat-kernel/+/06ab941f82f863d5a1e6fbac45da49cf99b7bfdd kpatch-name: skipped/CVE-2024-49971.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-49971 kpatch-skip-reason: Older kernels don't have the affected src code kpatch-cvss: kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-49973-r8169-fix-spelling-mistake-tx-underun-tx-underrun.patch kpatch-description: r8169: Fix spelling mistake: "tx_underun" -> "tx_underrun" kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-49973 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-49973 kpatch-patch-url: https://gerrit.kernelcare.com/plugins/gitiles/redhat-kernel/+/ebe8a25db93112497b4cb5e14b70ce8c12defc4c kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-49973-r8169-add-tally-counter-fields-added-with-rtl8125.patch kpatch-description: r8169: add tally counter fields added with RTL8125 kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-49973 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-49973 kpatch-patch-url: https://gerrit.kernelcare.com/plugins/gitiles/redhat-kernel/+/f06efd3552fd109b58660b48a0a7872bae537c23 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-49973-r8169-add-tally-counter-fields-added-with-rtl8125-kpatch.patch kpatch-description: r8169: add tally counter fields added with RTL8125 kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-49973 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-49973 kpatch-patch-url: https://gerrit.kernelcare.com/plugins/gitiles/redhat-kernel/+/f06efd3552fd109b58660b48a0a7872bae537c23 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-49974-nfsd-force-all-nfsv4-2-copy-requests-to-be-synchronous-427.patch kpatch-description: NFSD: Force all NFSv4.2 COPY requests to be synchronous kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-49974 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-49974 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=aadc3bbea163b6caaaebfdd2b6c4667fbc726752 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-49975-uprobes-fix-kernel-info-leak-via-uprobes-vma.patch kpatch-description: uprobes: fix kernel info leak via "[uprobes]" vma kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-49975 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-49975 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=34820304cc2cd1804ee1f8f3504ec77813d29c8e kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-49977-net-stmmac-fix-zero-division-error-when-disabling-tc-cbs.patch kpatch-description: net: stmmac: Fix zero-division error when disabling tc cbs kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-49977 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-49977 kpatch-patch-url: https://gerrit.kernelcare.com/plugins/gitiles/redhat-kernel/+/2ea91d250d1fda437d3e1f116c353732ca418de1 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-49993-iommu-vt-d-fix-potential-lockup-if-qi-submit-sync-called-with-0-count.patch kpatch-description: iommu/vt-d: Fix potential lockup if qi_submit_sync called with 0 count kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-49993 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-49993 kpatch-patch-url: https://gerrit.kernelcare.com/plugins/gitiles/redhat-kernel/+/7ebd49e14d8e827647d481b86e6aeba5632c04db kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-49994-block-fix-integer-overflow-in-blksecdiscard.patch kpatch-description: block: fix integer overflow in BLKSECDISCARD kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-49994 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-49994 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=697ba0b6ec4ae04afb67d3911799b5e2043b4455 kpatch-name: rhel9/5.14.0-570.17.1.el9_6/CVE-2024-46871-drm-amd-display-Correct-the-defined-value-for-AMDGPU_DMUB_NOTIFICATION_MAX.patch kpatch-description: drm/amd/display: Correct the defined value for AMDGPU_DMUB_NOTIFICATION_MAX kpatch-kernel: 5.14.0-570.17.1.el9_6 kpatch-cve: CVE-2024-46871 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/cve-2024-46871 kpatch-patch-url: https://github.com/torvalds/linux/commit/ad28d7c3d989fc5689581664653879d664da76f0 kpatch-name: rhel9/5.14.0-570.17.1.el9_6/CVE-2024-46871-drm-amd-display-Correct-the-defined-value-for-AMDGPU_DMUB_NOTIFICATION_MAX-kpatch.patch kpatch-description: drm/amd/display: Correct the defined value for AMDGPU_DMUB_NOTIFICATION_MAX kpatch-kernel: 5.14.0-570.17.1.el9_6 kpatch-cve: CVE-2024-46871 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/cve-2024-46871 kpatch-patch-url: https://github.com/torvalds/linux/commit/ad28d7c3d989fc5689581664653879d664da76f0 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-50182-secretmem-disable-memfd-secret-if-arch-cannot-set-direct-map.patch kpatch-description: secretmem: disable memfd_secret() if arch cannot set direct map kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-50182 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-50182 kpatch-patch-url: https://gerrit.kernelcare.com/plugins/gitiles/redhat-kernel/+/a6c409e80ceabb7f0f410509ae5d539d96a8b75f kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-50191-ext4-don-t-set-sb-rdonly-after-filesystem-errors-427.patch kpatch-description: ext4: don't set SB_RDONLY after filesystem errors kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-50191 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-50191 kpatch-patch-url: https://gerrit.kernelcare.com/plugins/gitiles/redhat-kernel/+/cff362e53534f9015fd6de56bd5bd610fd09e411 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-50199-mm-swapfile-skip-hugetlb-pages-for-unuse-vma-427.patch kpatch-description: mm/swapfile: skip HugeTLB pages for unuse_vma kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-50199 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-50199 kpatch-patch-url: https://gerrit.kernelcare.com/plugins/gitiles/redhat-kernel/+/ea9f3379f6d295cdb55e08274d9f4a700874fc87 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-50200-maple-tree-correct-tree-corruption-on-spanning-store.patch kpatch-description: maple_tree: correct tree corruption on spanning store kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-50200 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-50200 kpatch-patch-url: https://gerrit.kernelcare.com/plugins/gitiles/redhat-kernel/+/29fff32560b20952e379a5227efa50d979bf76de kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-50201-drm-radeon-Fix-encoder-possible_clones.patch kpatch-description: drm/radeon: Fix encoder->possible_clones kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-50201 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-50201 kpatch-patch-url: https://github.com/torvalds/linux/commit/28127dba64d8ae1a0b737b973d6d029908599611 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-50236-wifi-ath10k-fix-memory-leak-in-management-tx.patch kpatch-description: wifi: ath10k: Fix memory leak in management tx kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-50236 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-50236 kpatch-patch-url: https://gerrit.kernelcare.com/plugins/gitiles/redhat-kernel/+/def3a1d5edaa0f8e92613a6e67687d6434d85a97 kpatch-name: skipped/CVE-2024-49999.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-49999 kpatch-skip-reason: bugfix for module from non-standard kernel-modules-partner package kpatch-cvss: kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-50002-static-call-handle-module-init-failure-correctly-in-static-call-del-module.patch kpatch-description: static_call: Handle module init failure correctly in static_call_del_module() kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-50002 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/cve-2024-50002 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=4b30051c4864234ec57290c3d142db7c88f10d8a kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-50006-ext4-fix-i-data-sem-unlock-order-in-ext4-ind-migrate.patch kpatch-description: ext4: fix i_data_sem unlock order in ext4_ind_migrate() kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-50006 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/cve-2024-50006 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=cc749e61c011c255d81b192a822db650c68b313f kpatch-name: skipped/CVE-2024-50008.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-50008 kpatch-skip-reason: Patch not necessary, the size of the struct remains the same. kpatch-cvss: kpatch-name: skipped/CVE-2024-50009.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-50009 kpatch-skip-reason: Kernels not vulnerable kpatch-cvss: kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-50013-exfat-fix-memory-leak-in-exfat-load-bitmap.patch kpatch-description: exfat: fix memory leak in exfat_load_bitmap() kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-50013 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/cve-2024-50013 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=d2b537b3e533f28e0d97293fe9293161fe8cd137 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-50014-ext4-fix-access-to-uninitialised-lock-in-fc-replay-path-427.patch kpatch-description: ext4: fix access to uninitialised lock in fc replay path kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-50014 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/cve-2024-50014 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=23dfdb56581ad92a9967bcd720c8c23356af74c1 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-50019-kthread-unpark-only-parked-kthread.patch kpatch-description: kthread: unpark only parked kthread kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-50019 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/cve-2024-50019 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=214e01ad4ed7158cab66498810094fac5d09b218 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-56664-bpf-sockmap-Fix-race-between-element-replace-and-close.patch kpatch-description: bpf, sockmap: Fix race between element replace and close() kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-56664 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-56664 kpatch-patch-url: https://github.com/torvalds/linux/commit/ed1fc5d76b81a4d681211333c026202cad4d5649 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-39500-sock_map-avoid-race-between-sock_map_close-and-sk_psock_put.patch kpatch-description: sock_map: avoid race between sock_map_close and sk_psock_put kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-39500 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-39500 kpatch-patch-url: https://github.com/torvalds/linux/commit/4b4647add7d3c8530493f7247d11e257ee425bf0 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-39500-bpf-sockmap-Avoid-using-sk_socket-after-free-when-sending.patch kpatch-description: bpf, sockmap: Avoid using sk_socket after free when sending kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-39500 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-39500 kpatch-patch-url: https://github.com/torvalds/linux/commit/8259eb0e06d8f64c700f5fbdb28a5c18e10de291 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-50163-bpf-make-sure-internal-and-uapi-bpf-redirect-flags-don-t-overlap.patch kpatch-description: bpf: Make sure internal and UAPI bpf_redirect flags don't overlap kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-50163 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-50163 kpatch-patch-url: https://gerrit.kernelcare.com/plugins/gitiles/redhat-kernel/+/4b8b25c4f7a530e3400dc1ae1cde7daa75017246 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-50163-bpf-make-sure-internal-and-uapi-bpf_redirect-flags-don-t-overlap-kpatch.patch kpatch-description: bpf: Make sure internal and UAPI bpf_redirect flags don't overlap kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-50163 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-50163 kpatch-patch-url: https://gerrit.kernelcare.com/plugins/gitiles/redhat-kernel/+/4b8b25c4f7a530e3400dc1ae1cde7daa75017246 kpatch-name: skipped/CVE-2024-43889.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-43889 kpatch-skip-reason: Out of scope: This CVE modified the __init function which won't be available to patch as it is used during bootup time. kpatch-cvss: kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-56562-i3c-master-fix-miss-free-init-dyn-addr-at-i3c-master-put-i3c-addrs.patch kpatch-description: i3c: master: Fix miss free init_dyn_addr at i3c_master_put_i3c_addrs() kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-56562 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-56562 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=3082990592f7c6d7510a9133afa46e31bbe26533 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-56590-bluetooth-hci-core-fix-not-checking-skb-length-on-hci-acldata-packet.patch kpatch-description: Bluetooth: hci_core: Fix not checking skb length on hci_acldata_packet kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-56590 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-56590 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=3fe288a8214e7dd784d1f9b7c9e448244d316b47 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-56647-net-fix-icmp-host-relookup-triggering-ip-rt-bug.patch kpatch-description: net: Fix icmp host relookup triggering ip_rt_bug kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-56647 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-56647 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=c44daa7e3c73229f7ac74985acb8c7fb909c4e0a kpatch-name: skipped/CVE-2024-56591.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-56591 kpatch-skip-reason: Complex adaptation required. kpatch-cvss: kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-56570-ovl-filter-invalid-inodes-with-missing-lookup-function.patch kpatch-description: ovl: Filter invalid inodes with missing lookup function kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-56570 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-56570 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=c8b359dddb418c60df1a69beea01d1b3322bfe83 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-56616-drm-dp-mst-fix-mst-sideband-message-body-length-check.patch kpatch-description: drm/dp_mst: Fix MST sideband message body length check kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-56616 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-56616 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=bd2fccac61b40eaf08d9546acc9fef958bfe4763 kpatch-name: skipped/CVE-2024-56535.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-56535 kpatch-skip-reason: Out of scope: not affected kpatch-cvss: kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-50130-netfilter-bpf-must-hold-reference-on-net-namespace.patch kpatch-description: netfilter: bpf: must hold reference on net namespace kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-50130 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-50130 kpatch-patch-url: https://gitlab.com/redhat/centos-stream/src/kernel/centos-stream-9/-/commit/012a65c2b62eb5ab1b7638ad8b42dcbfeed50377 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-50130-netfilter-bpf-must-hold-reference-on-net-namespace-kpatch.patch kpatch-description: netfilter: bpf: must hold reference on net namespace kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-50130 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-50130 kpatch-patch-url: https://gitlab.com/redhat/centos-stream/src/kernel/centos-stream-9/-/commit/012a65c2b62eb5ab1b7638ad8b42dcbfeed50377 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-44989-bonding-fix-xfrm-real-dev-null-pointer-dereference.patch kpatch-description: bonding: fix xfrm real_dev null pointer dereference kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-44989 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-44989 kpatch-patch-url: https://gerrit.kernelcare.com/plugins/gitiles/redhat-kernel/+/9e78ac97ac246090b38a80fe12919bd746e014ca kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-45000-fs-netfs-fscache-cookie-add-missing-n-accesses-check.patch kpatch-description: fs/netfs/fscache_cookie: add missing "n_accesses" check kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-45000 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-45000 kpatch-patch-url: https://gerrit.kernelcare.com/plugins/gitiles/redhat-kernel/+/4ec44df1aaa2041e65fd7fa060950ef438ba47f3 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-45016-netem-fix-return-value-if-duplicate-enqueue-fails.patch kpatch-description: netem: fix return value if duplicate enqueue fails kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-45016 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-45016 kpatch-patch-url: https://gerrit.kernelcare.com/plugins/gitiles/redhat-kernel/+/866881d110e1a014d36455563068030ed04292ff kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-45022-mm-vmalloc-fix-page-mapping-if-vm-area-alloc-pages-with-high-order-fallback-to-order-0.patch kpatch-description: mm/vmalloc: fix page mapping if vm_area_alloc_pages() with high order fallback to order 0 kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-45022 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-45022 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=61ebe5a747da649057c37be1c37eb934b4af79ca kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-46675-usb-dwc3-core-prevent-usb-core-invalid-event-buffer-address-access.patch kpatch-description: usb: dwc3: core: Prevent USB core invalid event buffer address access kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-46675 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-46675 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=14e497183df28c006603cc67fd3797a537eef7b9 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-46745-input-uinput-reject-requests-with-unreasonable-number-of-slots.patch kpatch-description: Input: uinput - reject requests with unreasonable number of slots kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-46745 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-46745 kpatch-patch-url: https://gerrit.kernelcare.com/plugins/gitiles/redhat-kernel/+/a7bcad71a975ba1c9004f9be7bf512589f112892 kpatch-name: skipped/CVE-2024-46750.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-46750 kpatch-skip-reason: Complex adaptation required. Low impact CVE. kpatch-cvss: kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-47706-block-bfq-fix-possible-uaf-for-bfqq-bic-with-merge-chain.patch kpatch-description: block, bfq: fix possible UAF for bfqq->bic with merge chain kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-47706 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-47706 kpatch-patch-url: https://gerrit.kernelcare.com/plugins/gitiles/redhat-kernel/+/adad3bd6893bf04a838136f1c6be2bb85f997601 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-47737-nfsd-call-cache-put-if-xdr-reserve-space-returns-null.patch kpatch-description: nfsd: call cache_put if xdr_reserve_space returns NULL kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-47737 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-47737 kpatch-patch-url: https://gerrit.kernelcare.com/plugins/gitiles/redhat-kernel/+/c3566565b6db1f28fd4b98c2d4d950957fc06d9c kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-47710-sock-map-add-a-cond-resched-in-sock-hash-free.patch kpatch-description: sock_map: Add a cond_resched() in sock_hash_free() kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-47710 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-47710 kpatch-patch-url: https://gerrit.kernelcare.com/plugins/gitiles/redhat-kernel/+/219ab74949bb01acf065fc868528ae5824bbc45c kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-49851-tpm-clean-up-tpm-space-after-command-failure.patch kpatch-description: tpm: Clean up TPM space after command failure kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-49851 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-49851 kpatch-patch-url: https://gerrit.kernelcare.com/plugins/gitiles/redhat-kernel/+/b800d2f669941bf2e36e06e63d91ea508d7f4a89 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-47739-padata-use-integer-wrap-around-to-prevent-deadlock-on-seq-nr-overflow.patch kpatch-description: padata: use integer wrap around to prevent deadlock on seq_nr overflow kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-47739 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-47739 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=9a22b2812393d93d84358a760c347c21939029a6 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-47738-wifi-mac80211-don-t-use-rate-mask-for-scanning.patch kpatch-description: wifi: mac80211: don't use rate mask for scanning kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-47738 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-47738 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=ab9177d83c040eba58387914077ebca56f14fae6 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-47738-wifi-mac80211-don-t-use-rate-mask-for-offchannel-tx-either.patch kpatch-description: wifi: mac80211: don't use rate mask for offchannel TX either kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-47738 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-47738 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=e7a7ef9a0742dbd0818d5b15fba2c5313ace765b kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-47715-wifi-mt76-mt7915-fix-oops-on-non-dbdc-mt7986.patch kpatch-description: wifi: mt76: mt7915: fix oops on non-dbdc mt7986 kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-47715 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-47715 kpatch-patch-url: https://gerrit.kernelcare.com/plugins/gitiles/redhat-kernel/+/92ace24156c077bc527f9669f109ad8bb14f96b7 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-47713-wifi-mac80211-use-two-phase-skb-reclamation-in-ieee80211-do-stop.patch kpatch-description: wifi: mac80211: use two-phase skb reclamation in ieee80211_do_stop() kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-47713 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-47713 kpatch-patch-url: https://gerrit.kernelcare.com/plugins/gitiles/redhat-kernel/+/e30f106712a5f5f4fa17ddc2122a2e45700032e4 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-49569-nvme-rdma-unquiesce-admin-q-before-destroy-it-5.14.0-427.42.1.el9_4.patch kpatch-description: nvme-rdma: unquiesce admin_q before destroy it kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-49569 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-49569 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=5858b687559809f05393af745cbadf06dee61295 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-48873-wifi-rtw89-check-return-value-of-ieee80211-probereq-get-for-rnr.patch kpatch-description: wifi: rtw89: check return value of ieee80211_probereq_get() for RNR kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-48873 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-48873 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=630d5d8f2bf6b340202b6bc2c05d794bbd8e4c1c kpatch-name: skipped/CVE-2024-50109.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-50109 kpatch-skip-reason: Out of scope: not affected kpatch-cvss: kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-50117-drm-amd-guard-against-bad-data-for-atif-acpi-method.patch kpatch-description: drm/amd: Guard against bad data for ATIF ACPI method kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-50117 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-50117 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/patch/?id=6032287747f874b52dc8b9d7490e2799736e035f kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-53060-drm-amdgpu-prevent-NULL-pointer-dereference-if-ATIF-is-not-supported.patch kpatch-description: drm/amdgpu: prevent NULL pointer dereference if ATIF is not supported kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-53060 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-53060 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/patch/?id=27fc29b5376998c126c85cf9b15d9dfc2afc9cbe kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-50153-scsi-target-core-fix-null-ptr-deref-in-target-alloc-device.patch kpatch-description: scsi: target: core: Fix null-ptr-deref in target_alloc_device() kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-50153 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-50153 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=fca6caeb4a61d240f031914413fcc69534f6dc03 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-50162-bpf-devmap-provide-rxq-after-redirect.patch kpatch-description: bpf: devmap: provide rxq after redirect kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-50162 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-50162 kpatch-patch-url: https://gerrit.kernelcare.com/plugins/gitiles/redhat-kernel/+/0b7b4054a5a1c3ac36de466a54075eb7ffa203b0 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-50169-vsock-update-rx-bytes-on-read-skb.patch kpatch-description: vsock: Update rx_bytes on read_skb() kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-50169 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-50169 kpatch-patch-url: https://gerrit.kernelcare.com/plugins/gitiles/redhat-kernel/+/b39157fe97a3fb9a86c285d1a58138dc695e6c93 kpatch-name: skipped/CVE-2025-21668.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2025-21668 kpatch-skip-reason: Out of scope as the patch is for i.MX SoC kpatch-cvss: kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2025-21669-vsock-virtio-discard-packets-if-the-transport-changes.patch kpatch-description: vsock/virtio: discard packets if the transport changes kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2025-21669 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-21669 kpatch-patch-url: https://gerrit.kernelcare.com/plugins/gitiles/redhat-kernel/+/0b3993be3ed75d822877751a7296c5ddfa348009 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2025-21666-vsock-prevent-null-ptr-deref-in-vsock-has-data-has-space.patch kpatch-description: vsock: prevent null-ptr-deref in vsock_*[has_data|has_space] kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2025-21666 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-21666 kpatch-patch-url: https://gerrit.kernelcare.com/plugins/gitiles/redhat-kernel/+/cc9fa15290414bcbda3c27774c73cc8c5f478685 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2025-21689-usb-serial-quatech2-fix-null-ptr-deref-in-qt2-process-read-urb.patch kpatch-description: USB: serial: quatech2: fix null-ptr-deref in qt2_process_read_urb() kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2025-21689 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-21689 kpatch-patch-url: https://gerrit.kernelcare.com/plugins/gitiles/redhat-kernel/+/21286266ff606cfb100698bc9e1606fbce0c6214 kpatch-name: skipped/CVE-2025-21663.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2025-21663 kpatch-skip-reason: Out of scope as the patch is for NVIDIA Tegra SoCs targeting mobile devices kpatch-cvss: kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2025-21694-fs-proc-fix-softlockup-in-read-vmcore.patch kpatch-description: fs/proc: fix softlockup in __read_vmcore kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2025-21694 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-21694 kpatch-patch-url: https://gerrit.kernelcare.com/plugins/gitiles/redhat-kernel/+/5cbcb62dddf5346077feb82b7b0c9254222d3445 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2025-21694-fs-proc-fix-softlockup-in-read-vmcore-part-2.patch kpatch-description: fs/proc: fix softlockup in __read_vmcore (part 2) kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2025-21694 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-21694 kpatch-patch-url: https://gerrit.kernelcare.com/plugins/gitiles/redhat-kernel/+/a8d3bf75378ff85af8c5de536ec2fd440b4da45c kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-45010-01-mptcp-pm-re-using-id-of-unused-removed-subflows.patch kpatch-description: mptcp: pm: re-using ID of unused removed subflows kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-45010 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-45010 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=edd8b5d868a4d459f3065493001e293901af758d kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-45010-02-mptcp-pm-remove-mptcp_pm_remove_subflow.patch kpatch-description: mptcp: pm: remove mptcp_pm_remove_subflow() kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-45010 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-45010 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=f448451aa62d54be16acb0034223c17e0d12bc69 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-45010-03-mptcp-pm-inc-rmaddr-mib-counter-once-per-rm_addr-id.patch kpatch-description: mptcp: pm: inc RmAddr MIB counter once per RM_ADDR ID kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-45010 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-45010 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=6a09788c1a66e3d8b04b3b3e7618cc817bb60ae9 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-45010-mptcp-pm-only-mark-subflow-endp-as-available.patch kpatch-description: mptcp: pm: only mark 'subflow' endp as available kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-45010 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-45010 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=322ea3778965da72862cca2a0c50253aacf65fe6 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-45009-mptcp-pm-only-decrement-add-addr-accepted-for-mpj-req.patch kpatch-description: mptcp: pm: only decrement add_addr_accepted for MPJ req kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-45009 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-45009 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=1c1f721375989579e46741f59523e39ec9b2a9bd kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-45009-mptcp-pm-fix-uaf-read-in-mptcp-pm-nl-rm-addr-or-subflow-427.patch kpatch-description: mptcp: pm: fix UaF read in mptcp_pm_nl_rm_addr_or_subflow kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-45009 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-45009 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=1c1f721375989579e46741f59523e39ec9b2a9bd kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-46711-01-mptcp-pm-update-add_addr-counters-after-connect.patch kpatch-description: mptcp: pm: update add_addr counters after connect kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-46711 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-46711 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=40eec1795cc27b076d49236649a29507c7ed8c2d kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-46711-02-mptcp-pm-reduce-indentation-blocks.patch kpatch-description: mptcp: pm: reduce indentation blocks kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-46711 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-46711 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=c95eb32ced823a00be62202b43966b07b2f20b7f kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-46711-03-mptcp-pm-reuse-id-0-after-delete-and-re-add.patch kpatch-description: mptcp: pm: reuse ID 0 after delete and re-add kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-46711 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-46711 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=8b8ed1b429f8fa7ebd5632555e7b047bc0620075 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-46711-mptcp-pm-fix-id-0-endp-usage-after-multiple-re-creations.patch kpatch-description: mptcp: pm: fix ID 0 endp usage after multiple re-creations kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-46711 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-46711 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=9366922adc6a71378ca01f898c41be295309f044 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-50024-net-fix-an-unsafe-loop-on-the-list.patch kpatch-description: net: Fix an unsafe loop on the list kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-50024 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-50024 kpatch-patch-url: https://gerrit.kernelcare.com/plugins/gitiles/redhat-kernel/+/2bfc0a91e9ecc41d056fa20e9d29c13c91468775 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-50024-net-fix-an-unsafe-loop-on-the-list-kpatch.patch kpatch-description: net: Fix an unsafe loop on the list kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-50024 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-50024 kpatch-patch-url: https://gerrit.kernelcare.com/plugins/gitiles/redhat-kernel/+/2bfc0a91e9ecc41d056fa20e9d29c13c91468775 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-50022-device-dax-correct-pgoff-align-in-dax-set-mapping.patch kpatch-description: device-dax: correct pgoff align in dax_set_mapping() kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-50022 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-50022 kpatch-patch-url: https://gerrit.kernelcare.com/plugins/gitiles/redhat-kernel/+/f956f3a8d3b63f9b34058024444c775b453c1058 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-50039-net-sched-accept-tca-stab-only-for-root-qdisc.patch kpatch-description: net/sched: accept TCA_STAB only for root qdisc kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-50039 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-50039 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=3cb7cf1540ddff5473d6baeb530228d19bc97b8a kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-50044-bluetooth-rfcomm-fix-possible-deadlock-in-rfcomm-sk-state-change.patch kpatch-description: Bluetooth: RFCOMM: FIX possible deadlock in rfcomm_sk_state_change kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-50044 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-50044 kpatch-patch-url: https://gerrit.kernelcare.com/plugins/gitiles/redhat-kernel/+/bd79893de96e83eb6eaa8c544b8429011c48e382 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-50028-thermal-core-reference-count-the-zone-in-thermal-zone-get-by-id.patch kpatch-description: thermal: core: Reference count the zone in thermal_zone_get_by_id() kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-50028 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-50028 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=a42a5839f400e929c489bb1b58f54596c4535167 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-50028-thermal-core-reference-count-the-zone-in-thermal-zone-get-by-id-kpatch.patch kpatch-description: thermal: core: Reference count the zone in thermal_zone_get_by_id() kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-50028 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-50028 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=a42a5839f400e929c489bb1b58f54596c4535167 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-50046-nfsv4-prevent-null-pointer-dereference-in-nfs42_complete_copies.patch kpatch-description: NFSv4: Prevent NULL-pointer dereference in nfs42_complete_copies() kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-50046 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-50046 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/patch/?id=584c019baedddec3fd634053e8fb2d8836108d38 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-50046-nfsv4-prevent-null-pointer-dereference-in-nfs42_complete_copies-kpatch.patch kpatch-description: NFSv4: Prevent NULL-pointer dereference in nfs42_complete_copies() kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-50046 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-50046 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/patch/?id=584c019baedddec3fd634053e8fb2d8836108d38 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-50023-net-phy-remove-led-entry-from-leds-list-on-unregister.patch kpatch-description: net: phy: Remove LED entry from LEDs list on unregister kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-50023 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-50023 kpatch-patch-url: https://gerrit.kernelcare.com/plugins/gitiles/redhat-kernel/+/f93fc006d3228575190f3aa093e82f1a18176beb kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-50150-usb-typec-altmode-should-keep-reference-to-parent.patch kpatch-description: usb: typec: altmode should keep reference to parent kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-50150 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-50150 kpatch-patch-url: https://github.com/torvalds/linux/commit/befab3a278c59db0cc88c8799638064f6d3fd6f8 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-50150-usb-typec-altmode-should-keep-reference-to-parent-kpatch.patch kpatch-description: usb: typec: altmode should keep reference to parent kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-50150 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-50150 kpatch-patch-url: https://github.com/torvalds/linux/commit/befab3a278c59db0cc88c8799638064f6d3fd6f8 kpatch-name: skipped/CVE-2025-1272.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2025-1272 kpatch-skip-reason: The vulnerable commit isn't present in the kernel kpatch-cvss: kpatch-name: skipped/CVE-2024-53152.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-53152 kpatch-skip-reason: The vulnerable commit isn't present in the kernel kpatch-cvss: kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-57884-mm-vmscan-account-for-free-pages-to-prevent-infinite-loop-in-throttle-direct-reclaim.patch kpatch-description: mm: vmscan: account for free pages to prevent infinite Loop in throttle_direct_reclaim() kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-57884 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-57884 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=6aaced5abd32e2a57cd94fd64f824514d0361da8 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-57888-workqueue-do-not-warn-when-cancelling-wq-mem-reclaim-work-from-wq-mem-reclaim-worker-427.patch kpatch-description: workqueue: Do not warn when cancelling WQ_MEM_RECLAIM work from !WQ_MEM_RECLAIM worker kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-57888 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-57888 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=de35994ecd2dd6148ab5a6c5050a1670a04dec77 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-57890-rdma-uverbs-prevent-integer-overflow-issue.patch kpatch-description: RDMA/uverbs: Prevent integer overflow issue kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-57890 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-57890 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=d0257e089d1bbd35c69b6c97ff73e3690ab149a9 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-57898-wifi-cfg80211-clear-link-id-from-bitmap-during-link-delete-after-clean-up.patch kpatch-description: wifi: cfg80211: clear link ID from bitmap during link delete after clean up kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-57898 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-57898 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=b5c32ff6a3a38c74facdd1fe34c0d709a55527fd kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-57929-dm-array-fix-releasing-a-faulty-array-block-twice-in-dm-array-cursor-end.patch kpatch-description: dm array: fix releasing a faulty array block twice in dm_array_cursor_end kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-57929 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-57929 kpatch-patch-url: https://gerrit.kernelcare.com/plugins/gitiles/redhat-kernel/+/7647113f8e1739d3aa86157b3f203834e39b9525 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-57931-selinux-ignore-unknown-extended-permissions.patch kpatch-description: selinux: ignore unknown extended permissions kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-57931 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-57931 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=900f83cf376bdaf798b6f5dcb2eae0c822e908b6 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-57940-exfat-fix-the-infinite-loop-in-exfat-readdir.patch kpatch-description: exfat: fix the infinite loop in exfat_readdir() kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-57940 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-57940 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=fee873761bd978d077d8c55334b4966ac4cb7b59 kpatch-name: skipped/CVE-2025-21646.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2025-21646 kpatch-skip-reason: bugfix for module from non-standard kernel-modules-partner package kpatch-cvss: kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-50299-sctp-properly-validate-chunk-size-in-sctp-sf-ootb.patch kpatch-description: sctp: properly validate chunk size in sctp_sf_ootb() kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-50299 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-50299 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=0ead60804b64f5bd6999eec88e503c6a1a242d41 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-50304-ipv4-ip-tunnel-fix-suspicious-rcu-usage-warning-in-ip-tunnel-find-427.patch kpatch-description: ipv4: ip_tunnel: Fix suspicious RCU usage warning in ip_tunnel_find() kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-50304 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-50304 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=90e0569dd3d32f4f4d2ca691d3fa5a8a14a13c12 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-53047-mptcp-init-protect-sched-with-rcu-read-lock.patch kpatch-description: mptcp: init: protect sched with rcu_read_lock kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-53047 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-53047 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=3deb12c788c385e17142ce6ec50f769852fcec65 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-50237-wifi-mac80211-do-not-pass-a-stopped-vif-to-the-driver-in-get-txpower-427.patch kpatch-description: wifi: mac80211: do not pass a stopped vif to the driver in .get_txpower kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-50237 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-50237 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=393b6bc174b0dd21bb2a36c13b36e62fc3474a23 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-53042-ipv4-ip-tunnel-fix-suspicious-rcu-usage-warning-in-ip-tunnel-init-flow.patch kpatch-description: ipv4: ip_tunnel: Fix suspicious RCU usage warning in ip_tunnel_init_flow() kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-53042 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-53042 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=ad4a3ca6a8e886f6491910a3ae5d53595e40597d kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-50256-netfilter-nf-reject-ipv6-fix-potential-crash-in-nf-send-reset6-427.31.patch kpatch-description: netfilter: nf_reject_ipv6: fix potential crash in nf_send_reset6() kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-50256 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-50256 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=4ed234fe793f27a kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-50272-filemap-fix-bounds-checking-in-filemap-read.patch kpatch-description: filemap: Fix bounds checking in filemap_read() kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-50272 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-50272 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=ace149e0830c380ddfce7e466fe860ca502fe4ee kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-50018-net-napi-prevent-overflow-of-napi-defer-hard-irqs-427.patch kpatch-description: net: napi: Prevent overflow of napi_defer_hard_irqs kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-50018 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/cve-2024-50018 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=08062af0a52107a243f7608fd972edb54ca5b7f8 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-53091-bpf-add-sk-is-inet-and-is-icsk-check-in-tls-sw-has-ctx-tx-rx-dep.patch kpatch-description: bpf: Add sk_is_inet and IS_ICSK check in tls_sw_has_ctx_tx/rx kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-53091 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-53091 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=44d0469f79bd3d0b3433732877358df7dc6b17b1 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-53091-bpf-add-sk-is-inet-and-is-icsk-check-in-tls-sw-has-ctx-tx-rx.patch kpatch-description: bpf: Add sk_is_inet and IS_ICSK check in tls_sw_has_ctx_tx/rx kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-53091 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-53091 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=44d0469f79bd3d0b3433732877358df7dc6b17b1 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-53072-platform-x86-amd-pmc-detect-when-stb-is-not-available-427.patch kpatch-description: platform/x86/amd/pmc: Detect when STB is not available kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-53072 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-53072 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=bceec87a73804bb4c33b9a6c96e2d27cd893a801 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-53051-drm-i915-hdcp-Add-encoder-check-in-intel_hdcp_get_capability-427.patch kpatch-description: drm/i915/hdcp: Add encoder check in intel_hdcp_get_capability kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-53051 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-53051 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=31b42af516afa1e184d1a9f9dd4096c54044269a kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-53055-wifi-iwlwifi-mvm-fix-6-ghz-scan-construction.patch kpatch-description: wifi: iwlwifi: mvm: fix 6 GHz scan construction kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-53055 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-53055 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=7245012f0f496162dd95d888ed2ceb5a35170f1a kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-53085-tpm-lock-tpm-chip-in-tpm-pm-suspend-first.patch kpatch-description: tpm: Lock TPM chip in tpm_pm_suspend() first kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-53085 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-53085 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=9265fed6db601ee2ec47577815387458ef4f047a kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-53085-tpm-do-not-start-chip-while-suspended.patch kpatch-description: tpm: Lock TPM chip in tpm_pm_suspend() first kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-53085 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-53085 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=17d253af4c2c8a2acf84bb55a0c2045f150b7dfd kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-53237-bluetooth-fix-use-after-free-in-device-for-each-child.patch kpatch-description: Bluetooth: fix use-after-free in device_for_each_child() kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-53237 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-53237 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=27aabf27fd014ae037cc179c61b0bee7cff55b3d kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-53105-mm-page-alloc-move-mlocked-flag-clearance-into-free-pages-prepare.patch kpatch-description: mm: page_alloc: move mlocked flag clearance into free_pages_prepare() kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-53105 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-53105 kpatch-patch-url: https://gerrit.kernelcare.com/plugins/gitiles/redhat-kernel/+/766d9612332476cb0bc466221812df770a3b800d kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-53110-vp-vdpa-fix-id-table-array-not-null-terminated-error.patch kpatch-description: vp_vdpa: fix id_table array not null terminated error kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-53110 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-53110 kpatch-patch-url: https://gerrit.kernelcare.com/plugins/gitiles/redhat-kernel/+/5784918ef59d82c73929a6b39dd97680b465a8b6 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-53110-vp-vdpa-fix-id-table-array-not-null-terminated-error-kpatch.patch kpatch-description: vp_vdpa: fix id_table array not null terminated error kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-53110 kpatch-cvss: 5.5 kpatch-cve-url: https://linux.oracle.com/cve/CVE-2024-53110.html kpatch-patch-url: https://github.com/oracle/linux-uek/commit/7f1af1d1dd31af1e4cad1745199453068b2e347b kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-53117-virtio-vsock-improve-msg-zerocopy-error-handling.patch kpatch-description: virtio/vsock: Improve MSG_ZEROCOPY error handling kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-53117 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-53117 kpatch-patch-url: https://gerrit.kernelcare.com/plugins/gitiles/redhat-kernel/+/fec562a8413c59054526c72f6007eb9a4e309afa kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-53118-vsock-fix-sk-error-queue-memory-leak.patch kpatch-description: vsock: Fix sk_error_queue memory leak kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-53118 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-53118 kpatch-patch-url: https://gerrit.kernelcare.com/plugins/gitiles/redhat-kernel/+/6daa6d320444074e38907b88ab74159d821d25dc kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-53120-net-mlx5e-ct-fix-null-ptr-deref-in-add-rule-err-flow.patch kpatch-description: net/mlx5e: CT: Fix null-ptr-deref in add rule err flow kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-53120 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-53120 kpatch-patch-url: https://gerrit.kernelcare.com/plugins/gitiles/redhat-kernel/+/3fa56410d0cae081cddc0730c170352d0c222719 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-53121-net-mlx5-fs-lock-fte-when-checking-if-active.patch kpatch-description: net/mlx5: fs, lock FTE when checking if active kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-53121 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-53121 kpatch-patch-url: https://gerrit.kernelcare.com/plugins/gitiles/redhat-kernel/+/fa16357dc46b6d78622bf166ac0eddfe8ad1114a kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-53123-mptcp-error-out-earlier-on-disconnect.patch kpatch-description: mptcp: error out earlier on disconnect kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-53123 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-53123 kpatch-patch-url: https://gerrit.kernelcare.com/plugins/gitiles/redhat-kernel/+/9315faaf6febb9aa11114cfe589c99aef6b1b8c0 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-53134-pmdomain-imx93-blk-ctrl-correct-remove-path.patch kpatch-description: pmdomain: imx93-blk-ctrl: correct remove path kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-53134 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-53134 kpatch-patch-url: https://gerrit.kernelcare.com/plugins/gitiles/redhat-kernel/+/b27e912173cc015658298020556e478efb956448 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-50271-signal-restore-the-override_rlimit-logic.patch kpatch-description: signal: restore the override_rlimit logic kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-50271 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/cve-2024-50271 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=012f4d5d25e9ef92ee129bd5aa7aa60f692681e1 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-41062-bluetooth-l2cap-sync-sock-recv-cb-and-release.patch kpatch-description: bluetooth/l2cap: sync sock recv cb and release kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-41062 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-41062 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=89e856e124f9ae548572c56b1b70c2255705f8fe kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-41062-bluetooth-l2cap-fix-deadlock.patch kpatch-description: Bluetooth: L2CAP: Fix deadlock kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-41062 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-41062 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=89e856e124f9ae548572c56b1b70c2255705f8fe kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-41062-bluetooth-fix-usage-of-hci-cmd-sync-status.patch kpatch-description: Bluetooth: Fix usage of __hci_cmd_sync_status kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-41062 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-41062 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=89e856e124f9ae548572c56b1b70c2255705f8fe kpatch-name: skipped/CVE-2024-50038.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-50038 kpatch-skip-reason: Complex adaptation required, low-CVSS score. kpatch-cvss: kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-53050-drm-i915-hdcp-Add-encoder-check-in-hdcp2_get_capabil-427.patch kpatch-description: drm/i915/hdcp: Add encoder check in hdcp2_get_capability kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-53050 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-53050 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=d34f4f058edf1235c103ca9c921dc54820d14d40 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-50015-ext4-dax-fix-overflowing-extents-beyond-inode-size-w.patch kpatch-description: ext4: dax: fix overflowing extents beyond inode size when partially writing kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-50015 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/cve-2024-50015 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=f8a7c342326f6ad1dfdb30a18dd013c70f5e9669 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-50216-xfs-fix-finding-a-last-resort-ag-in-xfs-filestream-pick-ag.patch kpatch-description: xfs: fix finding a last resort AG in xfs_filestream_pick_ag kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-50216 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-50216 kpatch-patch-url: https://gerrit.kernelcare.com/plugins/gitiles/redhat-kernel/+/cac47910f4a7b3dadc8fe21cd662b980f43c7c8b kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-56644-net-ipv6-release-expired-exception-dst-cached-in-socket.patch kpatch-description: net/ipv6: release expired exception dst cached in socket kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-56644 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-56644 kpatch-patch-url: https://gerrit.kernelcare.com/plugins/gitiles/redhat-kernel/+/9ca54b8d0a490bc5430c279d717ee9c60b1667b8 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-56566-mm-slub-Avoid-list-corruption-when-removing-a-slab-427.patch kpatch-description: mm/slub: Avoid list corruption when removing a slab from the full list kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-56566 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-56566 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=33a213c04faff6c3a7fe77e947db81bc7270fe32 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-53141-netfilter-ipset-add-missing-range-check-in-bitmap_ip_uadt.patch kpatch-description: netfilter: ipset: add missing range check in bitmap_ip_uadt kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-53141 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-53141 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=35f56c554eb1b56b77b3cf197a6b00922d49033d kpatch-name: skipped/CVE-2024-53232.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-53232 kpatch-skip-reason: Out of scope: IBM System/390 architecture isn't supported for current kernel kpatch-cvss: kpatch-name: skipped/CVE-2024-50189.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-50189 kpatch-skip-reason: When introduced by live-patching, patch causes more problems than it fixes. Complex adaptation required. kpatch-cvss: kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-53203-usb-typec-fix-potential-array-underflow-in-ucsi-ccg-sync-control.patch kpatch-description: usb: typec: fix potential array underflow in ucsi_ccg_sync_control() kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-53203 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-53203 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=e56aac6e5a25630645607b6856d4b2a17b2311a5 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-53203-usb-typec-fix-pm-usage-counter-imbalance-in-ucsi_ccg_sync_control-next.patch kpatch-description: usb: typec: fix potential array underflow in ucsi_ccg_sync_control() kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-53203 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-53203 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=e56aac6e5a25630645607b6856d4b2a17b2311a5 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2022-50214-coresight-clear-the-connection-field-properly.patch kpatch-description: coresight: Clear the connection field properly kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2022-50214 kpatch-cvss: 7.0 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2022-50214 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=2af89ebacf299b7fba5f3087d35e8a286ec33706 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2022-50214-coresight-fix-loss-of-connection-info-when-a-module-is-unloaded.patch kpatch-description: coresight: Fix loss of connection info when a module is unloaded kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2022-50214 kpatch-cvss: 7.0 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2022-50214 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=c45b2835e7b205783bdfe08cc98fa86a7c5eeb74 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-42094-net-iucv-avoid-explicit-cpumask-var-allocation-on-stack.patch kpatch-description: net/iucv: Avoid explicit cpumask var allocation on stack kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-42094 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-42094 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=be4e1304419c99a164b4c0e101c7c2a756b635b9 kpatch-name: skipped/CVE-2024-50106.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-50106 kpatch-skip-reason: Complex adaptation required. kpatch-cvss: kpatch-name: skipped/CVE-2024-50141.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-50141 kpatch-skip-reason: low score CVE with complex adaptation kpatch-cvss: kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-53224-rdma-mlx5-move-events-notifier-registration-to-be-after-device-registration-427.patch kpatch-description: RDMA/mlx5: Move events notifier registration to be after device registration kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-53224 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-53224 kpatch-patch-url: https://github.com/torvalds/linux/commit/ede132a5cf559f3ab35a4c28bac4f4a6c20334d8 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-53224-rdma-mlx5-move-events-notifier-registration-to-be-after-device-registration-kpatch.patch kpatch-description: RDMA/mlx5: Move events notifier registration to be after device registration kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-53224 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-53224 kpatch-patch-url: https://github.com/torvalds/linux/commit/ede132a5cf559f3ab35a4c28bac4f4a6c20334d8 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-53093-nvme-multipath-defer-partition-scanning.patch kpatch-description: nvme-multipath: defer partition scanning kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-53093 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-53093 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=1f021341eef41e77a633186e9be5223de2ce5d48 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-53093-nvme-multipath-defer-partition-scanning-kpatch-427.patch kpatch-description: nvme-multipath: defer partition scanning kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-53093 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-53093 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=1f021341eef41e77a633186e9be5223de2ce5d48 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-56693-brd-defer-automatic-disk-creation-until-module-initialization-succeeds.patch kpatch-description: brd: defer automatic disk creation until module initialization succeeds kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-56693 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-56693 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=826cc42adf44930a633d11a5993676d85ddb0842 kpatch-name: skipped/CVE-2024-46864.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-46864. kpatch-skip-reason: hyperv + execve isn't supported kpatch-cvss: kpatch-name: skipped/CVE-2024-56623.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-56623 kpatch-skip-reason: low-scored CVE which causes verification conflicts with freezable kthread and cifs reading routines. kpatch-cvss: kpatch-name: rhel9/5.14.0-570.16.1.el9_6/CVE-2025-21927-nvme-tcp-fix-potential-memory-corruption-in-nvme_tcp.patch kpatch-description: nvme-tcp: fix potential memory corruption in nvme_tcp_recv_pdu() kpatch-kernel: 5.14.0-570.16.1.el9_6 kpatch-cve: CVE-2025-21927 kpatch-cvss: 7.8 kpatch-cve-url: http://access.redhat.com/security/cve/cve-2025-21927 kpatch-patch-url: https://github.com/torvalds/linux/commit/ad95bab0cd28ed77c2c0d0b6e76e03e031391064 kpatch-name: rhel9/5.14.0-570.16.1.el9_6/CVE-2024-58069-rtc-pcf85063-fix-potential-oob-write-in-pcf85063-nvmem-read.patch kpatch-description: rtc: pcf85063: fix potential OOB write in PCF85063 NVMEM read kpatch-kernel: 5.14.0-570.16.1.el9_6 kpatch-cve: CVE-2024-58069 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-58069 kpatch-patch-url: https://gerrit.kernelcare.com/plugins/gitiles/redhat-kernel/+/fa02e98b919cc77b62e1dd69e0415ef3c8f11bf9 kpatch-name: skipped/CVE-2024-58005.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-58005 kpatch-skip-reason: low score CVE with complex adaptation kpatch-cvss: kpatch-name: rhel9/5.14.0-570.16.1.el9_6/CVE-2025-21993-iscsi-ibft-fix-ubsan-shift-out-of-bounds-warning-in-ibft-attr-show-nic.patch kpatch-description: iscsi_ibft: Fix UBSAN shift-out-of-bounds warning in ibft_attr_show_nic() kpatch-kernel: 5.14.0-570.16.1.el9_6 kpatch-cve: CVE-2025-21993 kpatch-cvss: 7.1 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-21993 kpatch-patch-url: https://gerrit.kernelcare.com/plugins/gitiles/redhat-kernel/+/2cb0313ac98f57d52d0283dc8aa67896fae4bcdc kpatch-name: rhel9/5.14.0-570.16.1.el9_6/CVE-2024-58007-soc-qcom-add-check-devm-kasprintf-returned-value.patch kpatch-description: soc: qcom: Add check devm_kasprintf() returned value kpatch-kernel: 5.14.0-570.16.1.el9_6 kpatch-cve: CVE-2024-58007 kpatch-cvss: 7.1 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-58007 kpatch-patch-url: https://gerrit.kernelcare.com/plugins/gitiles/redhat-kernel/+/d4077724b78ffc30a9edb53f0d927f99ba2f6005 kpatch-name: rhel9/5.14.0-570.16.1.el9_6/CVE-2024-58007-soc-qcom-socinfo-fix-revision-check-in-qcom-socinfo-probe.patch kpatch-description: soc: qcom: socinfo: fix revision check in qcom_socinfo_probe() kpatch-kernel: 5.14.0-570.16.1.el9_6 kpatch-cve: CVE-2024-58007 kpatch-cvss: 7.1 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-58007 kpatch-patch-url: https://gerrit.kernelcare.com/plugins/gitiles/redhat-kernel/+/73b61f76d4281ec279d03497f3284723a6bfbcb0 kpatch-name: rhel9/5.14.0-570.16.1.el9_6/CVE-2024-58007-soc-qcom-socinfo-avoid-out-of-bounds-read-of-serial-number.patch kpatch-description: soc: qcom: socinfo: Avoid out of bounds read of serial number kpatch-kernel: 5.14.0-570.16.1.el9_6 kpatch-cve: CVE-2024-58007 kpatch-cvss: 7.1 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-58007 kpatch-patch-url: https://gerrit.kernelcare.com/plugins/gitiles/redhat-kernel/+/4f0ad061f33317d3b4d338e57fdd48e0b299be85 kpatch-name: rhel9/5.14.0-570.17.1.el9_6/CVE-2025-21756-vsock-keep-the-binding-until-socket-destruction.patch kpatch-description: vsock: Keep the binding until socket destruction kpatch-kernel: 5.14.0-570.17.1.el9_6 kpatch-cve: CVE-2025-21756 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-21756 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=fcdd2242c0231032fc84e1404315c245ae56322a kpatch-name: rhel9/5.14.0-570.17.1.el9_6/CVE-2025-21756-vsock-orphan-socket-after-transport-release.patch kpatch-description: vsock: Orphan socket after transport release kpatch-kernel: 5.14.0-570.17.1.el9_6 kpatch-cve: CVE-2025-21756 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-21756 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=fcdd2242c0231032fc84e1404315c245ae56322a kpatch-name: rhel9/5.14.0-570.17.1.el9_6/CVE-2025-37749-net-ppp-add-bound-checking-for-skb-data-on-ppp-sync-txmung.patch kpatch-description: net: ppp: Add bound checking for skb data on ppp_sync_txmung kpatch-kernel: 5.14.0-570.17.1.el9_6 kpatch-cve: CVE-2025-37749 kpatch-cvss: 7.0 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-37749 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=aabc6596ffb377c4c9c8f335124b92ea282c9821 kpatch-name: rhel9/5.14.0-570.17.1.el9_6/CVE-2025-21966-dm-flakey-fix-memory-corruption-in-optional-corrupt-bio-byte-feature.patch kpatch-description: dm-flakey: Fix memory corruption in optional corrupt_bio_byte feature kpatch-kernel: 5.14.0-570.17.1.el9_6 kpatch-cve: CVE-2025-21966 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-21966 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=57e9417f69839cb10f7ffca684c38acd28ceb57b kpatch-name: rhel9/5.14.0-570.18.1.el9_6/CVE-2025-21964-cifs-fix-integer-overflow-while-processing-acregmax-mount-option-427.patch kpatch-description: cifs: Fix integer overflow while processing acregmax mount option kpatch-kernel: 5.14.0-570.18.1.el9_6 kpatch-cve: CVE-2025-21964 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-21964 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=7489161b1852390b4413d57f2457cd40b34da6cc kpatch-name: rhel9/5.14.0-570.19.1.el9_6/CVE-2022-3424-misc-sgi-gru-fix-use-after-free-error-in-gru_set_con.patch kpatch-description: misc: sgi-gru: fix use-after-free error in gru_set_context_option, gru_fault and gru_handle_user_call_os kpatch-kernel: 5.14.0-570.19.1.el9_6 kpatch-cve: CVE-2022-3424 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2022-3424 kpatch-patch-url: https://github.com/torvalds/linux/commit/643a16a0eb1d6ac23744bb6e90a00fc21148a9dc kpatch-name: rhel9/5.14.0-570.19.1.el9_6/CVE-2025-21764-ndisc-use-rcu-protection-in-ndisc-alloc-skb.patch kpatch-description: ndisc: use rcu protection in ndisc_alloc_skb() kpatch-kernel: 5.14.0-570.19.1.el9_6 kpatch-cve: CVE-2025-21764 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/cve-2025-21764 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=628e6d18930bbd21f2d4562228afe27694f66da9 kpatch-name: rhel9/5.14.0-570.21.1.el9_6/CVE-2025-21920-vlan-enforce-underlying-device-type.patch kpatch-description: vlan: enforce underlying device type kpatch-kernel: 5.14.0-570.21.1.el9_6 kpatch-cve: CVE-2025-21920 kpatch-cvss: 7.1 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-21920 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=b33a534610067ade2bdaf2052900aaad99701353 kpatch-name: rhel9/5.14.0-570.21.1.el9_6/CVE-2025-21926-net-gso-fix-ownership-in-udp-gso-segment.patch kpatch-description: net: gso: fix ownership in __udp_gso_segment kpatch-kernel: 5.14.0-570.21.1.el9_6 kpatch-cve: CVE-2025-21926 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-21926 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=ee01b2f2d7d0010787c2343463965bbc283a497f kpatch-name: rhel9/5.14.0-570.21.1.el9_6/CVE-2025-21997-xsk-fix-an-integer-overflow-in-xp_create_and_assign_umem.patch kpatch-description: xsk: fix an integer overflow in xp_create_and_assign_umem() kpatch-kernel: 5.14.0-570.21.1.el9_6 kpatch-cve: CVE-2025-21997 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-21997 kpatch-patch-url: https://github.com/torvalds/linux/commit/559847f56769037e5b2e0474d3dbff985b98083d kpatch-name: rhel9/5.14.0-570.21.1.el9_6/CVE-2025-22055-net-fix-geneve-opt-length-integer-overflow.patch kpatch-description: net: fix geneve_opt length integer overflow kpatch-kernel: 5.14.0-570.21.1.el9_6 kpatch-cve: CVE-2025-22055 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-22055 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=b27055a08ad4b415dcf15b63034f9cb236f7fb40 kpatch-name: rhel9/5.14.0-570.21.1.el9_6/CVE-2025-22055-net-fix-geneve-opt-length-integer-overflow-kpatch.patch kpatch-description: net: fix geneve_opt length integer overflow kpatch-kernel: 5.14.0-570.21.1.el9_6 kpatch-cve: CVE-2025-22055 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-22055 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=b27055a08ad4b415dcf15b63034f9cb236f7fb40 kpatch-name: rhel9/5.14.0-570.21.1.el9_6/CVE-2025-37943-wifi-ath12k-fix-invalid-data-access-in-ath12k-dp-rx-h-undecap-nwifi.patch kpatch-description: wifi: ath12k: Fix invalid data access in ath12k_dp_rx_h_undecap_nwifi kpatch-kernel: 5.14.0-570.21.1.el9_6 kpatch-cve: CVE-2025-37943 kpatch-cvss: 7.0 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-37943 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=9a0dddfb30f120db3851627935851d262e4e7acb kpatch-name: rhel9/5.14.0-570.21.1.el9_6/CVE-2025-37785-ext4-fix-OOB-read-when-checking-dotdot-dir.patch kpatch-description: ext4: fix OOB read when checking dotdot dir kpatch-kernel: 5.14.0-570.21.1.el9_6 kpatch-cve: CVE-2025-37785 kpatch-cvss: 7.1 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-37785 kpatch-patch-url: https://github.com/torvalds/linux/commit/d5e206778e96e8667d3bde695ad372c296dc9353 kpatch-name: rhel9/5.14.0-570.22.1.el9_6/CVE-2025-21961-eth-bnxt-fix-truesize-for-mb-xdp-pass-case.patch kpatch-description: eth: bnxt: fix truesize for mb-xdp-pass case kpatch-kernel: 5.14.0-570.22.1.el9_6 kpatch-cve: CVE-2025-21961 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-21961 kpatch-patch-url: https://github.com/torvalds/linux/commit/9f7b2aa5034e24d3c49db73d5f760c0435fe31c2 kpatch-name: rhel9/5.14.0-570.22.1.el9_6/CVE-2025-21963-cifs-fix-integer-overflow-while-processing-acdirmax-mount-option.patch kpatch-description: cifs: Fix integer overflow while processing acdirmax mount option kpatch-kernel: 5.14.0-570.22.1.el9_6 kpatch-cve: CVE-2025-21963 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-21963 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=5b29891f91dfb8758baf1e2217bef4b16b2b165b kpatch-name: rhel9/5.14.0-570.22.1.el9_6/CVE-2025-21979-wifi-cfg80211-cancel-wiphy-work-before-freeing-wiphy.patch kpatch-description: wifi: cfg80211: cancel wiphy_work before freeing wiphy kpatch-kernel: 5.14.0-570.22.1.el9_6 kpatch-cve: CVE-2025-21979 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-21979 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=72d520476a2fab6f3489e8388ab524985d6c4b90 kpatch-name: rhel9/5.14.0-570.22.1.el9_6/CVE-2025-21999-proc-fix-uaf-in-proc-get-inode.patch kpatch-description: proc: fix UAF in proc_get_inode() kpatch-kernel: 5.14.0-570.22.1.el9_6 kpatch-cve: CVE-2025-21999 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-21999 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=654b33ada4ab5e926cd9c570196fefa7bec7c1df kpatch-name: rhel9/5.14.0-570.22.1.el9_6/CVE-2025-21999-proc-fix-uaf-in-proc-get-inode-kpatch.patch kpatch-description: proc: fix UAF in proc_get_inode() kpatch-kernel: 5.14.0-570.22.1.el9_6 kpatch-cve: CVE-2025-21999 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-21999 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=654b33ada4ab5e926cd9c570196fefa7bec7c1df kpatch-name: rhel9/5.14.0-570.22.1.el9_6/CVE-2025-22126-md-factor-out-a-helper-from-mddev_put.patch kpatch-description: md: factor out a helper from mddev_put() kpatch-kernel: 5.14.0-570.22.1.el9_6 kpatch-cve: CVE-2025-22126 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-22126 kpatch-patch-url: https://github.com/torvalds/linux/commit/3d8d32873c7b6d9cec5b40c2ddb8c7c55961694f kpatch-name: rhel9/5.14.0-570.22.1.el9_6/CVE-2025-22126-md-fix-mddev-uaf-while-iterating-all-mddevs-list-427.patch kpatch-description: md: fix mddev uaf while iterating all_mddevs list kpatch-kernel: 5.14.0-570.22.1.el9_6 kpatch-cve: CVE-2025-22126 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-22126 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=8542870237c3a48ff049b6c5df5f50c8728284fa kpatch-name: rhel9/5.14.0-570.22.1.el9_6/CVE-2025-21969-Bluetooth-L2CAP-Fix-slab-use-after-free-Read-in-l2cap-503.patch kpatch-description: Bluetooth: L2CAP: Fix slab-use-after-free Read in l2cap_send_cmd kpatch-kernel: 5.14.0-570.22.1.el9_6 kpatch-cve: CVE-2025-21969 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-21969 kpatch-patch-url: https://git.kernel.org/linus/c96cce853542b3b13da3738f35ef1be8cfcc9d1d kpatch-name: rhel9/5.14.0-570.23.1.el9_6/CVE-2025-23150-ext4-fix-off-by-one-error-in-do-split.patch kpatch-description: ext4: fix off-by-one error in do_split kpatch-kernel: 5.14.0-570.23.1.el9_6 kpatch-cve: CVE-2025-23150 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-23150 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=94824ac9a8aaf2fb3c54b4bdde842db80ffa555d kpatch-name: rhel9/5.14.0-570.23.1.el9_6/CVE-2025-21919-sched-fair-fix-potential-memory-corruption-in-child-cfs-rq-on-list.patch kpatch-description: sched/fair: Fix potential memory corruption in child_cfs_rq_on_list kpatch-kernel: 5.14.0-570.23.1.el9_6 kpatch-cve: CVE-2025-21919 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-21919 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=3b4035ddbfc8e4521f85569998a7569668cccf51 kpatch-name: skipped/CVE-2025-21883.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2025-21883 kpatch-skip-reason: Complex adaptation required. Low impact CVE. kpatch-cvss: kpatch-name: rhel9/5.14.0-570.23.1.el9_6/CVE-2025-22104-ibmvnic-use-kernel-helpers-for-hex-dumps.patch kpatch-description: ibmvnic: Use kernel helpers for hex dumps kpatch-kernel: 5.14.0-570.23.1.el9_6 kpatch-cve: CVE-2025-22104 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-22104 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=d93a6caab5d7d9b5ce034d75b1e1e993338e3852 kpatch-name: rhel9/5.14.0-570.23.1.el9_6/CVE-2025-37738-ext4-ignore-xattrs-past-end.patch kpatch-description: ext4: ignore xattrs past end kpatch-kernel: 5.14.0-570.23.1.el9_6 kpatch-cve: CVE-2025-37738 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-37738 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=c8e008b60492cf6fd31ef127aea6d02fd3d314cd kpatch-name: rhel9/5.14.0-570.24.1.el9_6/CVE-2023-52933-squashfs-fix-handling-and-sanity-checking-of-xattr-ids-count.patch kpatch-description: Squashfs: fix handling and sanity checking of xattr_ids count kpatch-kernel: 5.14.0-570.24.1.el9_6 kpatch-cve: CVE-2023-52933 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-52933 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=f65c4bbbd682b0877b669828b4e033b8d5d0a2dc kpatch-name: rhel9/5.14.0-570.25.1.el9_6/CVE-2025-22004-net-atm-fix-use-after-free-in-lec-send.patch kpatch-description: net: atm: fix use after free in lec_send() kpatch-kernel: 5.14.0-570.25.1.el9_6 kpatch-cve: CVE-2025-22004 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-22004 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=f3009d0d6ab78053117f8857b921a8237f4d17b3 kpatch-name: rhel9/5.14.0-570.25.1.el9_6/CVE-2025-21887-ovl-fix-uaf-in-ovl-dentry-update-reval-by-moving-dput-in-ovl-link-up.patch kpatch-description: ovl: fix UAF in ovl_dentry_update_reval by moving dput() in ovl_link_up kpatch-kernel: 5.14.0-570.25.1.el9_6 kpatch-cve: CVE-2025-21887 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-21887 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=c84e125fff2615b4d9c259e762596134eddd2f27 kpatch-name: rhel9/5.14.0-570.25.1.el9_6/CVE-2025-21759-ipv6-mcast-add-dev_net_rcu-helper.patch kpatch-description: ipv6: mcast: extend RCU protection in igmp6_send() kpatch-kernel: 5.14.0-570.25.1.el9_6 kpatch-cve: CVE-2025-21759 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-21759 kpatch-patch-url: https://github.com/torvalds/linux/commit/087c1faa594fa07a66933d750c0b2610aa1a2946 kpatch-name: rhel9/5.14.0-570.25.1.el9_6/CVE-2025-21759-ipv6-mcast-extend-RCU-protection-in-igmp6_send.patch kpatch-description: ipv6: mcast: extend RCU protection in igmp6_send() kpatch-kernel: 5.14.0-570.25.1.el9_6 kpatch-cve: CVE-2025-21759 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-21759 kpatch-patch-url: https://github.com/torvalds/linux/commit/087c1faa594fa07a66933d750c0b2610aa1a2946 kpatch-name: rhel9/5.14.0-570.25.1.el9_6/CVE-2022-49846-udf-Fix-a-slab-out-of-bounds-write-bug-in-udf_find_entry.patch kpatch-description: udf: Fix a slab-out-of-bounds write bug in udf_find_entry() kpatch-kernel: 5.14.0-570.25.1.el9_6 kpatch-cve: CVE-2022-49846 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2022-49846 kpatch-patch-url: https://github.com/torvalds/linux/commit/c8af247de385ce49afabc3bf1cf4fd455c94bfe8 kpatch-name: rhel9/5.14.0-570.26.1.el9_6/CVE-2025-21991-x86-microcode-amd-fix-out-of-bounds-on-systems-with-cpu-less-numa-nodes.patch kpatch-description: x86/microcode/AMD: Fix out-of-bounds on systems with CPU-less NUMA nodes kpatch-kernel: 5.14.0-570.26.1.el9_6 kpatch-cve: CVE-2025-21991 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-21991 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=e3e89178a9f4a80092578af3ff3c8478f9187d59 kpatch-name: rhel9/5.14.0-570.28.1.el9_6/CVE-2025-38089-sunrpc-handle-svc-garbage-during-svc-auth-processing-as-auth-error-5.14.0-503.40.1.el9_5.patch kpatch-description: sunrpc: handle SVC_GARBAGE during svc auth processing as auth error kpatch-kernel: 5.14.0-570.28.1.el9_6 kpatch-cve: CVE-2025-38089 kpatch-cvss: 7.0 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-38089 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=94d10a4dba0bc482f2b01e39f06d5513d0f75742 kpatch-name: rhel9/5.14.0-570.28.1.el9_6/CVE-2024-58002-media-uvcvideo-remove-dangling-pointers.patch kpatch-description: media: uvcvideo: Remove dangling pointers kpatch-kernel: 5.14.0-570.28.1.el9_6 kpatch-cve: CVE-2024-58002 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-58002 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=221cd51efe4565501a3dbf04cc011b537dcce7fb kpatch-name: rhel9/5.14.0-570.28.1.el9_6/CVE-2024-58002-media-uvcvideo-remove-dangling-pointers-kpatch.patch kpatch-description: media: uvcvideo: Remove dangling pointers kpatch-kernel: 5.14.0-570.28.1.0.1.el9_6 kpatch-cve: CVE-2024-58002 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-58002 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ac18d781466252cd35a3e311e0a4b264260fd927 kpatch-name: rhel9/5.14.0-570.30.1.el9_6/CVE-2025-37958-mm-huge-memory-fix-dereferencing-invalid-pmd-migration-entry-427.patch kpatch-description: mm/huge_memory: fix dereferencing invalid pmd migration entry kpatch-kernel: 5.14.0-570.30.1.el9_6 kpatch-cve: CVE-2025-37958 kpatch-cvss: 7.0 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-37958 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=be6e843fc51a584672dfd9c4a6a24c8cb81d5fb7 kpatch-name: rhel9/5.14.0-570.30.1.el9_6/CVE-2025-21905-wifi-iwlwifi-limit-printed-string-from-fw-file.patch kpatch-description: wifi: iwlwifi: limit printed string from FW file kpatch-kernel: 5.14.0-570.30.1.el9_6 kpatch-cve: CVE-2025-21905 kpatch-cvss: 7.1 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-21905 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=e0dc2c1bef722cbf16ae557690861e5f91208129 kpatch-name: rhel9/5.14.0-570.30.1.el9_6/CVE-2024-57980-media-uvcvideo-fix-double-free-in-error-path.patch kpatch-description: media: uvcvideo: Fix double free in error path kpatch-kernel: 5.14.0-570.30.1.el9_6 kpatch-cve: CVE-2024-57980 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-57980 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=c6ef3a7fa97ec823a1e1af9085cf13db9f7b3bac kpatch-name: rhel9/5.14.0-570.30.1.el9_6/CVE-2025-38110-net-mdiobus-fix-potential-out-of-bounds-clause-45-read-write-access.patch kpatch-description: net/mdiobus: Fix potential out-of-bounds clause 45 read/write access kpatch-kernel: 5.14.0-570.30.1.el9_6 kpatch-cve: CVE-2025-38110 kpatch-cvss: 7.0 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-38110 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=260388f79e94fb3026c419a208ece8358bb7b555 kpatch-name: rhel9/5.14.0-570.30.1.el9_6/CVE-2025-22113-ext4-define-ext4_journal_destroy-wrapper-427.patch kpatch-description: ext4: avoid journaling sb update on error if journal is destroying kpatch-kernel: 5.14.0-570.30.1.el9_6 kpatch-cve: CVE-2025-22113 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-22113 kpatch-patch-url: https://github.com/torvalds/linux/commit/5a02a6204ca37e7c22fbb55a789c503f05e8e89a kpatch-name: rhel9/5.14.0-570.30.1.el9_6/CVE-2025-22113-ext4-avoid-journaling-sb-update-on-error-if-journal-is-destroying-427.patch kpatch-description: ext4: avoid journaling sb update on error if journal is destroying kpatch-kernel: 5.14.0-570.30.1.el9_6 kpatch-cve: CVE-2025-22113 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-22113 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=ce2f26e73783b4a7c46a86e3af5b5c8de0971790 kpatch-name: rhel9/5.14.0-570.30.1.el9_6/CVE-2025-22121-ext4-fix-out-of-bound-read-in-ext4_xattr_inode_dec_ref_all.patch kpatch-description: ext4: fix out-of-bound read in ext4_xattr_inode_dec_ref_all() kpatch-kernel: 5.14.0-570.30.1.el9_6 kpatch-cve: CVE-2025-22121 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-22121 kpatch-patch-url: https://github.com/torvalds/linux/commit/5701875f9609b000d91351eaa6bfd97fe2f157f4 kpatch-name: rhel9/5.14.0-570.30.1.el9_6/CVE-2025-22121-ext4-fix-out-of-bound-read-in-ext4_xattr_inode_dec_ref_all-kpatch.patch kpatch-description: ext4: fix out-of-bound read in ext4_xattr_inode_dec_ref_all() kpatch-kernel: 5.14.0-570.30.1.el9_6 kpatch-cve: CVE-2025-22121 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-22121 kpatch-patch-url: https://github.com/torvalds/linux/commit/5701875f9609b000d91351eaa6bfd97fe2f157f4 kpatch-name: rhel9/5.14.0-570.30.1.el9_6/CVE-2025-37797-net_sched-hfsc-Fix-a-UAF-vulnerability-in-class-handling.patch kpatch-description: net_sched: hfsc: Fix a UAF vulnerability in class handling kpatch-kernel: 5.14.0-570.30.1.el9_6 kpatch-cve: CVE-2025-37797 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-37797 kpatch-patch-url: https://github.com/torvalds/linux/commit/3df275ef0a6ae181e8428a6589ef5d5231e58b5c kpatch-name: rhel9/5.14.0-570.30.1.el9_6/CVE-2025-38086-net-ch9200-fix-uninitialised-access-during-mii_nway_restart.patch kpatch-description: net: ch9200: fix uninitialised access during mii_nway_restart kpatch-kernel: 5.14.0-570.30.1.el9_6 kpatch-cve: CVE-2025-38086 kpatch-cvss: 7.0 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-38086 kpatch-patch-url: https://github.com/torvalds/linux/commit/9ad0452c0277b816a435433cca601304cfac7c21 kpatch-name: rhel9/5.14.0-570.32.1.el9_6/CVE-2025-21962-cifs-fix-integer-overflow-while-processing-closetimeo-mount-option.patch kpatch-description: cifs: Fix integer overflow while processing closetimeo mount option kpatch-kernel: 5.14.0-570.32.1.el9_6 kpatch-cve: CVE-2025-21962 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-21962 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=d5a30fddfe2f2e540f6c43b59cf701809995faef kpatch-name: rhel9/5.14.0-570.32.1.el9_6/CVE-2025-21727-padata-fix-uaf-in-padata-reorder.patch kpatch-description: padata: fix UAF in padata_reorder kpatch-kernel: 5.14.0-570.32.1.el9_6 kpatch-cve: CVE-2025-21727 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-21727 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=e01780ea4661172734118d2a5f41bc9720765668 kpatch-name: rhel9/5.14.0-570.32.1.el9_6/CVE-2025-38087-net-sched-fix-use-after-free-in-taprio-dev-notifier.patch kpatch-description: net/sched: fix use-after-free in taprio_dev_notifier kpatch-kernel: 5.14.0-570.32.1.el9_6 kpatch-cve: CVE-2025-38087 kpatch-cvss: 7.0 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-38087 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=b160766e26d4e2e2d6fe2294e0b02f92baefcec5 kpatch-name: rhel9/5.14.0-570.32.1.el9_6/CVE-2022-49788-misc-vmw-vmci-fix-an-infoleak-in-vmci-host-do-receive-datagram.patch kpatch-description: misc/vmw_vmci: fix an infoleak in vmci_host_do_receive_datagram() kpatch-kernel: 5.14.0-570.32.1.el9_6 kpatch-cve: CVE-2022-49788 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2022-49788 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=e5b0d06d9b10f5f43101bd6598b076c347f9295f kpatch-name: rhel9/5.14.0-570.32.1.el9_6/CVE-2025-22020-memstick-rtsx-usb-ms-fix-slab-use-after-free-in-rtsx-usb-ms-drv-remove.patch kpatch-description: memstick: rtsx_usb_ms: Fix slab-use-after-free in rtsx_usb_ms_drv_remove kpatch-kernel: 5.14.0-570.32.1.el9_6 kpatch-cve: CVE-2025-22020 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-22020 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=4676741a3464b300b486e70585c3c9b692be1632 kpatch-name: rhel9/5.14.0-570.32.1.el9_6/CVE-2025-21928-hid-intel-ish-hid-fix-use-after-free-issue-in-ishtp-hid-remove.patch kpatch-description: HID: intel-ish-hid: Fix use-after-free issue in ishtp_hid_remove() kpatch-kernel: 5.14.0-570.32.1.el9_6 kpatch-cve: CVE-2025-21928 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-21928 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=07583a0010696a17fb0942e0b499a62785c5fc9f kpatch-name: rhel9/5.14.0-570.32.1.el9_6/CVE-2025-37890-net-sched-hfsc-fix-a-uaf-vulnerability-in-class-with-netem-as-child-qdisc.patch kpatch-description: net_sched: hfsc: Fix a UAF vulnerability in class with netem as child qdisc kpatch-kernel: 5.14.0-570.32.1.el9_6 kpatch-cve: CVE-2025-37890 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-37890 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=141d34391abbb315d68556b7c67ad97885407547 kpatch-name: rhel9/5.14.0-570.32.1.el9_6/CVE-2025-37890-net-sched-hfsc-fix-qlen-accounting-bug-when-using-peek-in-hfsc_enqueue.patch kpatch-description: sch_hfsc: Fix qlen accounting bug when using peek in hfsc_enqueue() kpatch-kernel: 5.14.0-570.32.1.el9_6 kpatch-cve: CVE-2025-37890 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-37890 kpatch-patch-url: https://github.com/torvalds/linux/commit/3f981138109f63232a5fb7165938d4c945cc1b9d kpatch-name: rhel9/5.14.0-570.32.1.el9_6/CVE-2025-37890-net-sched-hfsc-address-reentrant-enqueue-adding-class-to-eltree-twice.patch kpatch-description: net_sched: hfsc: Address reentrant enqueue adding class to eltree twice kpatch-kernel: 5.14.0-570.32.1.el9_6 kpatch-cve: CVE-2025-37890 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-37890 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=141d34391abbb315d68556b7c67ad97885407547 kpatch-name: skipped/CVE-2025-38052.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2025-38052 kpatch-skip-reason: Complex adaptation required. Low impact CVE kpatch-cvss: kpatch-name: rhel9/5.14.0-570.33.2.el9_6/CVE-2025-38079-crypto-algif-hash-fix-double-free-in-hash-accept.patch kpatch-description: crypto: algif_hash - fix double free in hash_accept kpatch-kernel: 5.14.0-570.33.2.el9_6 kpatch-cve: CVE-2025-38079 kpatch-cvss: 7.0 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-38079 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=b2df03ed4052e97126267e8c13ad4204ea6ba9b6 kpatch-name: rhel9/5.14.0-570.33.2.el9_6/CVE-2025-38292-wifi-ath12k-fix-invalid-access-to-memory-5.14.0-427.42.1.el9_4.patch kpatch-description: wifi: ath12k: fix invalid access to memory kpatch-kernel: 5.14.0-570.33.2.el9_6 kpatch-cve: CVE-2025-38292 kpatch-cvss: 7.0 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-38292 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=9f17747fbda6fca934854463873c4abf8061491d kpatch-name: skipped/CVE-2024-28956.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-28956 kpatch-skip-reason: Patch meant for use with microcode update kpatch-cvss: kpatch-name: rhel9/5.14.0-570.35.1.el9_6/CVE-2024-49978-gso-fix-udp-gso-fraglist-segmentation-after-pull-from-frag_list-427.patch kpatch-description: gso: fix udp gso fraglist segmentation after pull from frag_list kpatch-kernel: 5.14.0-570.35.1.el9_6 kpatch-cve: CVE-2024-49978 kpatch-cvss: 7.0 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-49978 kpatch-patch-url: https://github.com/torvalds/linux/commit/a1e40ac5b5e9077fe1f7ae0eb88034db0f9ae1ab kpatch-name: rhel9/5.14.0-570.35.1.el9_6/CVE-2025-38124-net-fix-udp-gso-skb_segment-after-pull-from-frag_list.patch kpatch-description: net: fix udp gso skb_segment after pull from frag_list kpatch-kernel: 5.14.0-570.35.1.el9_6 kpatch-cve: CVE-2025-38124 kpatch-cvss: 7.0 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-38124 kpatch-patch-url: https://github.com/torvalds/linux/commit/3382a1ed7f778db841063f5d7e317ac55f9e7f72 kpatch-name: rhel9/5.14.0-570.35.1.el9_6/CVE-2025-38159-wifi-rtw88-fix-the-para-buffer-size-to-avoid-reading-out-of-bounds.patch kpatch-description: wifi: rtw88: fix the 'para' buffer size to avoid reading out of bounds kpatch-kernel: 5.14.0-570.35.1.el9_6 kpatch-cve: CVE-2025-38159 kpatch-cvss: 7.1 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-38159 kpatch-patch-url: https://github.com/torvalds/linux/commit/4c2c372de2e108319236203cce6de44d70ae15cd kpatch-name: rhel9/5.14.0-570.35.1.el9_6/CVE-2025-38250-bluetooth-hci-core-fix-use-after-free-in-vhci-flush.patch kpatch-description: Bluetooth: hci_core: Fix use-after-free in vhci_flush() kpatch-kernel: 5.14.0-570.35.1.el9_6 kpatch-cve: CVE-2025-38250 kpatch-cvss: 7.0 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-38250 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=1d6123102e9fbedc8d25bf4731da6d513173e49e kpatch-name: skipped/CVE-2025-38085.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2025-38085 kpatch-skip-reason: Complex adaptation required. High risk of regression. kpatch-cvss: kpatch-name: rhel9/5.14.0-570.35.1.el9_6/CVE-2025-38471-tls-always-refresh-the-queue-when-reading-sock.patch kpatch-description: tls: always refresh the queue when reading sock kpatch-kernel: 5.14.0-570.35.1.el9_6 kpatch-cve: CVE-2025-38471 kpatch-cvss: 7.4 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-38471 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=4ab26bce3969f8fd925fe6f6f551e4d1a508c68b kpatch-name: rhel9/5.14.0-570.35.1.el9_6/CVE-2025-38380-i2c-designware-fix-an-initialization-issue.patch kpatch-description: i2c/designware: Fix an initialization issue kpatch-kernel: 5.14.0-570.35.1.el9_6 kpatch-cve: CVE-2025-38380 kpatch-cvss: 7.0 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-38380 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=3d30048958e0d43425f6d4e76565e6249fa71050 kpatch-name: rhel9/5.14.0-570.35.1.el9_6/CVE-2025-21867-bpf-test-run-fix-use-after-free-issue-in-eth-skb-pkt-type.patch kpatch-description: bpf, test_run: Fix use-after-free issue in eth_skb_pkt_type() kpatch-kernel: 5.14.0-570.35.1.el9_6 kpatch-cve: CVE-2025-21867 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-21867 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=6b3d638ca897e099fa99bd6d02189d3176f80a47 kpatch-name: rhel9/5.14.0-570.37.1.el9_6/CVE-2025-22058-udp-fix-memory-accounting-leak.patch kpatch-description: udp: Fix memory accounting leak. kpatch-kernel: 5.14.0-570.37.1.el9_6 kpatch-cve: CVE-2025-22058 kpatch-cvss: 7.1 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-22058 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=df207de9d9e7a4d92f8567e2c539d9c8c12fd99d kpatch-name: rhel9/5.14.0-570.37.1.el9_6/CVE-2025-37914-net-sched-ets-fix-double-list-add-in-class-with-netem-as-child-qdisc.patch kpatch-description: net_sched: ets: Fix double list add in class with netem as child qdisc kpatch-kernel: 5.14.0-570.37.1.el9_6 kpatch-cve: CVE-2025-37914 kpatch-cvss: 7.0 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-37914 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=1a6d0c00fa07972384b0c308c72db091d49988b6 kpatch-name: rhel9/5.14.0-570.39.1.el9_6/CVE-2025-38211-rdma-iwcm-Fix-a-use-after-free-related-to-destroying-CM-IDs.patch kpatch-description: RDMA/iwcm: Fix a use-after-free related to destroying CM IDs kpatch-kernel: 5.14.0-570.39.1.el9_6 kpatch-cve: CVE-2025-38211 kpatch-cvss: 7.3 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-38211 kpatch-patch-url: https://github.com/torvalds/linux/commit/aee2424246f9f1dadc33faa78990c1e2eb7826e4 kpatch-name: rhel9/5.14.0-570.39.1.el9_6/CVE-2025-38211-rdma-iwcm-fix-use-after-free-of-work-objects-after-cm-id-destruction.patch kpatch-description: RDMA/iwcm: Fix use-after-free of work objects after cm_id destruction kpatch-kernel: 5.14.0-570.39.1.el9_6 kpatch-cve: CVE-2025-38211 kpatch-cvss: 7.3 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-38211 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=6883b680e703c6b2efddb4e7a8d891ce1803d06b kpatch-name: rhel9/5.14.0-570.39.1.el9_6/CVE-2025-38461-vsock-fix-transport-toctou.patch kpatch-description: vsock: Fix transport_* TOCTOU kpatch-kernel: 5.14.0-570.39.1.el9_6 kpatch-cve: CVE-2025-38461 kpatch-cvss: 7.3 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-38461 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=687aa0c5581b8d4aa87fd92973e4ee576b550cdf kpatch-name: rhel9/5.14.0-570.39.1.el9_6/CVE-2025-38200-i40e-fix-mmio-write-access-to-an-invalid-page-in-i40e-clear-hw.patch kpatch-description: i40e: fix MMIO write access to an invalid page in i40e_clear_hw kpatch-kernel: 5.14.0-570.39.1.el9_6 kpatch-cve: CVE-2025-38200 kpatch-cvss: 7.0 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-38200 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=015bac5daca978448f2671478c553ce1f300c21e kpatch-name: rhel9/5.14.0-570.39.1.el9_6/CVE-2025-37823-net-sched-hfsc-fix-a-potential-uaf-in-hfsc-dequeue-too.patch kpatch-description: net_sched: hfsc: Fix a potential UAF in hfsc_dequeue() too kpatch-kernel: 5.14.0-570.39.1.el9_6 kpatch-cve: CVE-2025-37823 kpatch-cvss: 7.1 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-37823 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=6ccbda44e2cc3d26fd22af54c650d6d5d801addf kpatch-name: rhel9/5.14.0-570.39.1.el9_6/CVE-2025-38350-net-sched-always-pass-notifications-when-child-class-becomes-empty.patch kpatch-description: net/sched: Always pass notifications when child class becomes empty kpatch-kernel: 5.14.0-570.39.1.el9_6 kpatch-cve: CVE-2025-38350 kpatch-cvss: 7.0 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-38350 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=103406b38c600fec1fe375a77b27d87e314aea09 kpatch-name: rhel9/5.14.0-570.39.1.el9_6/CVE-2025-38464-tipc-fix-use-after-free-in-tipc-conn-close.patch kpatch-description: tipc: Fix use-after-free in tipc_conn_close(). kpatch-kernel: 5.14.0-570.39.1.el9_6 kpatch-cve: CVE-2025-38464 kpatch-cvss: 7.3 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-38464 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=667eeab4999e981c96b447a4df5f20bdf5c26f13 kpatch-name: rhel9/5.14.0-570.39.1.el9_6/CVE-2025-38500-xfrm-interface-fix-use-after-free-after-changing-collect-md-xfrm-interface.patch kpatch-description: xfrm: interface: fix use-after-free after changing collect_md xfrm interface kpatch-kernel: 5.14.0-570.39.1.el9_6 kpatch-cve: CVE-2025-38500 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-38500 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=a90b2a1aaacbcf0f91d7e4868ad6c51c5dee814b kpatch-name: rhel9/5.14.0-570.39.1.el9_6/CVE-2025-38500-xfrm-interface-fix-use-after-free-after-changing-collect-md-xfrm-interface-kpatch.patch kpatch-description: xfrm: interface: fix use-after-free after changing collect_md xfrm interface kpatch-kernel: 5.14.0-570.39.1.el9_6 kpatch-cve: CVE-2025-38500 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-38500 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=a90b2a1aaacbcf0f91d7e4868ad6c51c5dee814b kpatch-name: rhel9/5.14.0-570.41.1.el9_6/CVE-2025-37803-udmabuf-fix-a-buf-size-overflow-issue-during-udmabuf-creation.patch kpatch-description: udmabuf: fix a buf size overflow issue during udmabuf creation kpatch-kernel: 5.14.0-570.41.1.el9_6 kpatch-cve: CVE-2025-37803 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-37803 kpatch-patch-url: https://github.com/torvalds/linux/commit/021ba7f1babd029e714d13a6bf2571b08af96d0f kpatch-name: rhel9/5.14.0-570.41.1.el9_6/CVE-2025-38392-idpf-convert-control-queue-mutex-to-a-spinlock-427.patch kpatch-description: idpf: convert control queue mutex to a spinlock kpatch-kernel: 5.14.0-570.41.1.el9_6 kpatch-cve: CVE-2025-38392 kpatch-cvss: 7.3 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-38392 kpatch-patch-url: https://github.com/torvalds/linux/commit/b2beb5bb2cd90d7939e470ed4da468683f41baa3 kpatch-name: rhel9/5.14.0-570.42.2.el9_6/CVE-2025-38332-scsi-lpfc-use-memcpy-for-bios-version.patch kpatch-description: scsi: lpfc: Use memcpy() for BIOS version kpatch-kernel: 5.14.0-570.42.2.el9_6 kpatch-cve: CVE-2025-38332 kpatch-cvss: 7.0 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-38332 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=ae82eaf4aeea060bb736c3e20c0568b67c701d7d kpatch-name: rhel9/5.14.0-570.42.2.el9_6/CVE-2025-22097-drm-vkms-fix-use-after-free-and-double-free-on-init-error.patch kpatch-description: drm/vkms: Fix use after free and double free on init error kpatch-kernel: 5.14.0-570.42.2.el9_6 kpatch-cve: CVE-2025-22097 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-22097 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=ed15511a773df86205bda66c37193569575ae828 kpatch-name: rhel9/5.14.0-570.42.2.el9_6/CVE-2025-22097-drm-vkms-fix-use-after-free-and-double-free-on-init-error-kpatch.patch kpatch-description: drm/vkms: Fix use after free and double free on init error kpatch-kernel: 5.14.0-570.42.2.el9_6 kpatch-cve: CVE-2025-22097 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-22097 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=ed15511a773df86205bda66c37193569575ae828 kpatch-name: skipped/CVE-2025-38449.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2025-38449 kpatch-skip-reason: requires a very complex adaptation kpatch-cvss: kpatch-name: rhel9/5.14.0-570.42.2.el9_6/CVE-2025-38352-posix-cpu-timers-fix-race-between-handle-posix-cpu-timers-and-posix-cpu-timer-del.patch kpatch-description: posix-cpu-timers: fix race between handle_posix_cpu_timers() and posix_cpu_timer_del() kpatch-kernel: 5.14.0-570.42.2.el9_6 kpatch-cve: CVE-2025-38352 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-38352 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=f90fff1e152dedf52b932240ebbd670d83330eca kpatch-name: rhel9/5.14.0-570.44.1.el9_6/CVE-2025-38550-ipv6-mcast-delay-put-pmc-idev-in-mld-del-delrec.patch kpatch-description: ipv6: mcast: Delay put pmc->idev in mld_del_delrec() kpatch-kernel: 5.14.0-570.44.1.el9_6 kpatch-cve: CVE-2025-38550 kpatch-cvss: 7.1 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-38550 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=ae3264a25a4635531264728859dbe9c659fad554 kpatch-name: rhel9/5.14.0-570.46.1.el9_6/CVE-2025-37810-usb-dwc3-gadget-check-that-event-count-does-not-exceed-event-buffer-length.patch kpatch-description: usb: dwc3: gadget: check that event count does not exceed event buffer length kpatch-kernel: 5.14.0-570.46.1.el9_6 kpatch-cve: CVE-2025-37810 kpatch-cvss: 7.1 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-37810 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=63ccd26cd1f6600421795f6ca3e625076be06c9f kpatch-name: rhel9/5.14.0-570.46.1.el9_6/CVE-2025-38498-do-change-type-refuse-to-operate-on-unmounted-not-ours-mounts.patch kpatch-description: do_change_type(): refuse to operate on unmounted/not ours mounts kpatch-kernel: 5.14.0-570.46.1.el9_6 kpatch-cve: CVE-2025-38498 kpatch-cvss: 7.3 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-38498 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=12f147ddd6de7382dad54812e65f3f08d05809fc kpatch-name: skipped/CVE-2025-39694.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2025-39694 kpatch-skip-reason: Out of scope: IBM System/390 architecture isn't supported for current kernel kpatch-cvss: kpatch-name: rhel9/5.14.0-570.46.1.el9_6/CVE-2023-53125-net-usb-smsc75xx-limit-packet-length-to-skb-len.patch kpatch-description: net: usb: smsc75xx: Limit packet length to skb->len kpatch-kernel: 5.14.0-570.46.1.el9_6 kpatch-cve: CVE-2023-53125 kpatch-cvss: 7.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-53125 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=d8b228318935044dafe3a5bc07ee71a1f1424b8d kpatch-name: rhel9/5.14.0-570.46.1.el9_6/CVE-2023-53125-net-usb-smsc75xx-move-packet-length-check-to-prevent-kernel-panic-in-skb_pull.patch kpatch-description: net: usb: smsc75xx: Move packet length check to prevent kernel panic in skb_pull kpatch-kernel: 5.14.0-570.46.1.el9_6 kpatch-cve: CVE-2023-53125 kpatch-cvss: 7.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-53125 kpatch-patch-url: https://github.com/torvalds/linux/commit/43ffe6caccc7a1bb9d7442fbab521efbf6c1378c kpatch-name: rhel9/5.14.0-570.49.1.el9_6/CVE-2025-38472-netfilter-nf-conntrack-fix-crash-due-to-removal-of-uninitialised-entry.patch kpatch-description: netfilter: nf_conntrack: fix crash due to removal of uninitialised entry kpatch-kernel: 5.14.0-570.49.1.el9_6 kpatch-cve: CVE-2025-38472 kpatch-cvss: 7.1 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-38472 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=2d72afb340657f03f7261e9243b44457a9228ac7 kpatch-name: rhel9/5.14.0-570.49.1.el9_6/CVE-2025-38527-smb-client-fix-use-after-free-in-cifs-oplock-break.patch kpatch-description: smb: client: fix use-after-free in cifs_oplock_break kpatch-kernel: 5.14.0-570.46.1.el9_6 kpatch-cve: CVE-2025-38527 kpatch-cvss: 7.0 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-38527 kpatch-patch-url: https://github.com/torvalds/linux/commit/705c79101ccf9edea5a00d761491a03ced314210 kpatch-name: rhel9/5.14.0-570.49.1.el9_6/CVE-2025-38718-sctp-linearize-cloned-gso-packets-in-sctp-rcv.patch kpatch-description: sctp: linearize cloned gso packets in sctp_rcv kpatch-kernel: 5.14.0-570.49.1.el9_6 kpatch-cve: CVE-2025-38718 kpatch-cvss: 7.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-38718 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=fd60d8a086191fe33c2d719732d2482052fa6805 kpatch-name: rhel9/5.14.0-570.49.1.el9_6/CVE-2025-39682-tls-break-out-of-main-loop-when-PEEK-gets-a-non-data-record.patch kpatch-description: tls: break out of main loop when PEEK gets a non-data record kpatch-kernel: 5.14.0-570.49.1.el9_6 kpatch-cve: CVE-2025-39682 kpatch-cvss: 7.0 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-39682 kpatch-patch-url: https://github.com/torvalds/linux/commit/10f41d0710fc81b7af93fa6106678d57b1ff24a7 kpatch-name: rhel9/5.14.0-570.49.1.el9_6/CVE-2025-39682-tls-stop-recv-if-initial-process_rx_list-gave-us-non-DATA.patch kpatch-description: tls: stop recv() if initial process_rx_list gave us non-DATA kpatch-kernel: 5.14.0-570.49.1.el9_6 kpatch-cve: CVE-2025-39682 kpatch-cvss: 7.0 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-39682 kpatch-patch-url: https://github.com/torvalds/linux/commit/fdfbaec5923d9359698cbb286bc0deadbb717504 kpatch-name: rhel9/5.14.0-570.49.1.el9_6/CVE-2025-39682-tls-don-t-skip-over-different-type-records-from-the-rx_list.patch kpatch-description: tls: don't skip over different type records from the rx_list kpatch-kernel: 5.14.0-570.49.1.el9_6 kpatch-cve: CVE-2025-39682 kpatch-cvss: 7.0 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-39682 kpatch-patch-url: https://github.com/torvalds/linux/commit/ec823bf3a479d42c589dc0f28ef4951c49cd2d2a kpatch-name: rhel9/5.14.0-570.49.1.el9_6/CVE-2025-39682-tls-fix-handling-of-zero-length-records-on-the-rx-list.patch kpatch-description: tls: fix handling of zero-length records on the rx_list kpatch-kernel: 5.14.0-570.49.1.el9_6 kpatch-cve: CVE-2025-39682 kpatch-cvss: 7.0 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-39682 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=62708b9452f8eb77513115b17c4f8d1a22ebf843 kpatch-name: rhel9/5.14.0-570.51.1.el9_6/CVE-2024-50301-security-keys-fix-slab-out-of-bounds-in-key-task-permission.patch kpatch-description: security/keys: fix slab-out-of-bounds in key_task_permission kpatch-kernel: 5.14.0-570.51.1.el9_6 kpatch-cve: CVE-2024-50301 kpatch-cvss: 7.1 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-50301 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=4a74da044ec9ec8679e6beccc4306b936b62873f kpatch-name: rhel9/5.14.0-611.8.1.el9_7/CVE-2025-38351-kvm-x86-hyper-v-skip-non-canonical-addresses-during-pv-tlb-flush-5.14.0-570.62.1.el9_6.patch kpatch-description: KVM: x86/hyper-v: Skip non-canonical addresses during PV TLB flush kpatch-kernel: 5.14.0-611.8.1.el9_7 kpatch-cve: CVE-2025-38351 kpatch-cvss: 7.3 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-38351 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=fa787ac07b3ceb56dd88a62d1866038498e96230 kpatch-name: rhel9/5.14.0-611.8.1.el9_7/CVE-2025-38351-kvm-x86-hyper-v-skip-non-canonical-addresses-during-pv-tlb-flush-kpatch.patch kpatch-description: KVM: x86/hyper-v: Skip non-canonical addresses during PV TLB flush kpatch-kernel: 5.14.0-611.8.1.el9_7 kpatch-cve: CVE-2025-38351 kpatch-cvss: 7.3 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-38351 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=fa787ac07b3ceb56dd88a62d1866038498e96230 kpatch-name: rhel9/5.14.0-570.51.1.el9_6/CVE-2025-39761-wifi-ath12k-decrement-tid-on-rx-peer-frag-setup-error-handling.patch kpatch-description: wifi: ath12k: Decrement TID on RX peer frag setup error handling kpatch-kernel: 5.14.0-570.51.1.el9_6 kpatch-cve: CVE-2025-39761 kpatch-cvss: 7.1 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-39761 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=7c0884fcd2ddde0544d2e77f297ae461e1f53f58 kpatch-name: rhel9/5.14.0-570.52.1.el9_6/CVE-2025-38614-eventpoll-fix-semi-unbounded-recursion.patch kpatch-description: eventpoll: Fix semi-unbounded recursion kpatch-kernel: 5.14.0-570.52.1.el9_6 kpatch-cve: CVE-2025-38614 kpatch-cvss: 6.2 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-38614 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=f2e467a48287c868818085aa35389a224d226732 kpatch-name: rhel9/5.14.0-570.52.1.el9_6/CVE-2025-38614-eventpoll-fix-semi-unbounded-recursion-kpatch-427.patch kpatch-description: eventpoll: Fix semi-unbounded recursion kpatch-kernel: 5.14.0-570.52.1.el9_6 kpatch-cve: CVE-2025-38614 kpatch-cvss: 6.2 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-38614 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=f2e467a48287c868818085aa35389a224d226732 kpatch-name: rhel9/5.14.0-570.52.1.el9_6/CVE-2025-38614-eventpoll-fix-semi-unbounded-recursion-kpatch2.patch kpatch-description: eventpoll: Fix semi-unbounded recursion kpatch-kernel: 5.14.0-570.52.1.el9_6 kpatch-cve: CVE-2025-38614 kpatch-cvss: 6.2 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-38614 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=f2e467a48287c868818085aa35389a224d226732 kpatch-name: rhel9/5.14.0-570.52.1.el9_6/CVE-2025-38556-hid-simplify-snto32.patch kpatch-description: HID: simplify snto32() kpatch-kernel: 5.14.0-570.52.1.el9_6 kpatch-cve: CVE-2025-38556 kpatch-cvss: 7.1 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-38556 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=a6b87bfc2ab5bccb7ad953693c85d9062aef3fdd kpatch-name: rhel9/5.14.0-570.52.1.el9_6/CVE-2025-38556-hid-stop-exporting-hid_snto32.patch kpatch-description: HID: stop exporting hid_snto32() kpatch-kernel: 5.14.0-570.52.1.el9_6 kpatch-cve: CVE-2025-38556 kpatch-cvss: 7.1 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-38556 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=a6b87bfc2ab5bccb7ad953693c85d9062aef3fdd kpatch-name: rhel9/5.14.0-570.52.1.el9_6/CVE-2025-38556-hid-core-harden-s32ton-against-conversion-to-0-bits.patch kpatch-description: HID: core: Harden s32ton() against conversion to 0 bits kpatch-kernel: 5.14.0-570.52.1.el9_6 kpatch-cve: CVE-2025-38556 kpatch-cvss: 7.1 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-38556 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=a6b87bfc2ab5bccb7ad953693c85d9062aef3fdd kpatch-name: rhel9/5.14.0-570.52.1.el9_6/CVE-2025-38556-hid-stop-exporting-hid_snto32-kpatch.patch kpatch-description: HID: stop exporting hid_snto32() kpatch-kernel: 5.14.0-570.52.1.el9_6 kpatch-cve: CVE-2025-38556 kpatch-cvss: 7.1 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-38556 kpatch-patch-url: https://github.com/torvalds/linux/commit/c653ffc283404a6c1c0e65143a833180c7ff799b kpatch-name: rhel9/5.14.0-570.52.1.el9_6/CVE-2025-39757-alsa-usb-audio-validate-uac3-cluster-segment-descriptors.patch kpatch-description: ALSA: usb-audio: Validate UAC3 cluster segment descriptors kpatch-kernel: 5.14.0-570.52.1.el9_6 kpatch-cve: CVE-2025-39757 kpatch-cvss: 7.1 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-39757 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=ecfd41166b72b67d3bdeb88d224ff445f6163869 kpatch-name: rhel9/5.14.0-570.52.1.el9_6/CVE-2025-39757-alsa-usb-audio-fix-size-validation-in-convert_chmap_v3.patch kpatch-description: ALSA: usb-audio: Fix size validation in convert_chmap_v3() kpatch-kernel: 5.14.0-570.52.1.el9_6 kpatch-cve: CVE-2025-39757 kpatch-cvss: 7.1 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-39757 kpatch-patch-url: https://github.com/torvalds/linux/commit/89f0addeee3cb2dc49837599330ed9c4612f05b0 kpatch-name: rhel9/5.14.0-570.52.1.el9_6/CVE-2023-53373-crypto-seqiv-handle-ebusy-correctly.patch kpatch-description: crypto: seqiv - Handle EBUSY correctly kpatch-kernel: 5.14.0-570.52.1.el9_6 kpatch-cve: CVE-2023-53373 kpatch-cvss: 7.1 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-53373 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=32e62025e5e52fbe4812ef044759de7010b15dbc kpatch-name: rhel9/5.14.0-570.55.1.el9_6/CVE-2025-39849-wifi-cfg80211-sme-cap-ssid-length-in-cfg80211-connect-result.patch kpatch-description: wifi: cfg80211: sme: cap SSID length in __cfg80211_connect_result() kpatch-kernel: 5.14.0-570.55.1.el9_6 kpatch-cve: CVE-2025-39849 kpatch-cvss: 7.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-39849 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=62b635dcd69c4fde7ce1de4992d71420a37e51e3 kpatch-name: rhel9/5.14.0-570.55.1.el9_6/CVE-2025-39817-efivarfs-fix-slab-out-of-bounds-in-efivarfs-d-compare.patch kpatch-description: efivarfs: Fix slab-out-of-bounds in efivarfs_d_compare kpatch-kernel: 5.14.0-570.55.1.el9_6 kpatch-cve: CVE-2025-39817 kpatch-cvss: 7.0 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-39817 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=a6358f8cf64850f3f27857b8ed8c1b08cfc4685c kpatch-name: rhel9/5.14.0-570.55.1.el9_6/CVE-2025-39841-scsi-lpfc-fix-buffer-free-clear-order-in-deferred-receive-path.patch kpatch-description: scsi: lpfc: Fix buffer free/clear order in deferred receive path kpatch-kernel: 5.14.0-570.55.1.el9_6 kpatch-cve: CVE-2025-39841 kpatch-cvss: 7.0 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-39841 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=9dba9a45c348e8460da97c450cddf70b2056deb3 kpatch-name: skipped/CVE-2022-50087.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2022-50087 kpatch-skip-reason: Out of scope: not affected kpatch-cvss: kpatch-name: rhel9/5.14.0-570.58.1.el9_6/CVE-2025-39730-nfs-fix-filehandle-bounds-checking-in-nfs-fh-to-dentry.patch kpatch-description: NFS: Fix filehandle bounds checking in nfs_fh_to_dentry() kpatch-kernel: 5.14.0-570.58.1.el9_6 kpatch-cve: CVE-2025-39730 kpatch-cvss: 7.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-39730 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=ef93a685e01a281b5e2a25ce4e3428cf9371a205 kpatch-name: skipped/CVE-2025-39751.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2025-39751 kpatch-skip-reason: This CVE has been rejected or withdrawn by its CVE Numbering Authority as per NVD website kpatch-cvss: kpatch-name: rhel9/5.14.0-570.58.1.el9_6/CVE-2025-39819-fs-smb-fix-inconsistent-refcnt-update-427.patch kpatch-description: fs/smb: Fix inconsistent refcnt update kpatch-kernel: 5.14.0-570.58.1.el9_6 kpatch-cve: CVE-2025-39819 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-39819 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=ab529e6ca1f67bcf31f3ea80c72bffde2e9e053e kpatch-name: rhel9/5.14.0-570.58.1.el9_6/CVE-2025-39718-vsock-virtio-validate-length-in-packet-header-before-skb-put.patch kpatch-description: vsock/virtio: Validate length in packet header before skb_put() kpatch-kernel: 5.14.0-570.58.1.el9_6 kpatch-cve: CVE-2025-39718 kpatch-cvss: 7.6 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-39718 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=0dab92484474587b82e8e0455839eaf5ac7bf894 kpatch-name: rhel9/5.14.0-570.58.1.el9_6/CVE-2023-53331-pstore-ram-check-start-of-empty-przs-during-init.patch kpatch-description: pstore/ram: Check start of empty przs during init kpatch-kernel: 5.14.0-570.58.1.el9_6 kpatch-cve: CVE-2023-53331 kpatch-cvss: 7.0 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-53331 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=fe8c3623ab06603eb760444a032d426542212021 kpatch-name: rhel9/5.14.0-570.60.1.el9_6/CVE-2025-39702-ipv6-sr-fix-mac-comparison-to-be-constant-time.patch kpatch-description: ipv6: sr: Fix MAC comparison to be constant-time kpatch-kernel: 5.14.0-570.60.1.el9_6 kpatch-cve: CVE-2025-39702 kpatch-cvss: 7.1 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-39702 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=a458b2902115b26a25d67393b12ddd57d1216aaa kpatch-name: rhel9/5.14.0-570.60.1.el9_6/CVE-2022-50367-fs-fix-uaf-gpf-bug-in-nilfs-mdt-destroy.patch kpatch-description: fs: fix UAF/GPF bug in nilfs_mdt_destroy kpatch-kernel: 5.14.0-570.60.1.el9_6 kpatch-cve: CVE-2022-50367 kpatch-cvss: 7.0 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2022-50367 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=2e488f13755ffbb60f307e991b27024716a33b29 kpatch-name: rhel9/5.14.0-570.60.1.el9_6/CVE-2023-53494-crypto-xts-handle-ebusy-correctly.patch kpatch-description: crypto: xts - Handle EBUSY correctly kpatch-kernel: 5.14.0-570.60.1.el9_6 kpatch-cve: CVE-2023-53494 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-53494 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=51c082514c2dedf2711c99d93c196cc4eedceb40 kpatch-name: rhel9/5.14.0-611.5.1.el9_7/CVE-2024-46744-squashfs-sanity-check-symbolic-link-size.patch kpatch-description: Squashfs: sanity check symbolic link size kpatch-kernel: 5.14.0-611.5.1.el9_7 kpatch-cve: CVE-2024-46744 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-46744 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=810ee43d9cd245d138a2733d87a24858a23f577d kpatch-name: rhel9/5.14.0-611.5.1.el9_7/CVE-2024-56603-net-af-can-do-not-leave-a-dangling-sk-pointer-in-can-create.patch kpatch-description: net: af_can: do not leave a dangling sk pointer in can_create() kpatch-kernel: 5.14.0-611.5.1.el9_7 kpatch-cve: CVE-2024-56603 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-56603 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=811a7ca7320c062e15d0f5b171fe6ad8592d1434 kpatch-name: rhel9/5.14.0-611.5.1.el9_7/CVE-2025-21648-netfilter-conntrack-clamp-maximum-hashtable-size-to-int-max.patch kpatch-description: netfilter: conntrack: clamp maximum hashtable size to INT_MAX kpatch-kernel: 5.14.0-611.5.1.el9_7 kpatch-cve: CVE-2025-21648 kpatch-cvss: 7.1 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-21648 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=b541ba7d1f5a5b7b3e2e22dc9e40e18a7d6dbc13 kpatch-name: rhel9/5.14.0-611.5.1.el9_7/CVE-2025-21796-nfsd-clear-acl-access-acl-default-after-releasing-them.patch kpatch-description: nfsd: clear acl_access/acl_default after releasing them kpatch-kernel: 5.14.0-611.5.1.el9_7 kpatch-cve: CVE-2025-21796 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-21796 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=7faf14a7b0366f153284db0ad3347c457ea70136 kpatch-name: skipped/CVE-2025-21671.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2025-21671 kpatch-skip-reason: Out of scope: not affected kpatch-cvss: kpatch-name: rhel9/5.14.0-611.5.1.el9_7/CVE-2025-21791-vrf-use-rcu-protection-in-l3mdev-l3-out.patch kpatch-description: vrf: use RCU protection in l3mdev_l3_out() kpatch-kernel: 5.14.0-611.5.1.el9_7 kpatch-cve: CVE-2025-21791 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-21791 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=6d0ce46a93135d96b7fa075a94a88fe0da8e8773 kpatch-name: rhel9/5.14.0-611.5.1.el9_7/CVE-2024-58014-wifi-brcmsmac-add-gain-range-check-to-wlc-phy-iqcal-gainparams-nphy.patch kpatch-description: wifi: brcmsmac: add gain range check to wlc_phy_iqcal_gainparams_nphy() kpatch-kernel: 5.14.0-611.5.1.el9_7 kpatch-cve: CVE-2024-58014 kpatch-cvss: 7.1 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-58014 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=3f4a0948c3524ae50f166dbc6572a3296b014e62 kpatch-name: rhel9/5.14.0-611.5.1.el9_7/CVE-2024-56662-acpi-nfit-vmalloc-out-of-bounds-read-in-acpi-nfit-ctl.patch kpatch-description: acpi: nfit: vmalloc-out-of-bounds Read in acpi_nfit_ctl kpatch-kernel: 5.14.0-611.5.1.el9_7 kpatch-cve: CVE-2024-56662 kpatch-cvss: 7.1 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-56662 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=265e98f72bac6c41a4492d3e30a8e5fd22fe0779 kpatch-name: rhel9/5.14.0-611.5.1.el9_7/CVE-2025-37994-usb-typec-ucsi-displayport-fix-null-pointer-access.patch kpatch-description: usb: typec: ucsi: displayport: Fix NULL pointer access kpatch-kernel: 5.14.0-611.5.1.el9_7 kpatch-cve: CVE-2025-37994 kpatch-cvss: 7.0 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-37994 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=312d79669e71283d05c05cc49a1a31e59e3d9e0e kpatch-name: rhel9/5.14.0-611.5.1.el9_7/CVE-2024-53229-RDMA-rxe-fix-the-qp-flush-warnings-in-req.patch kpatch-description: RDMA/rxe: Fix the qp flush warnings in req kpatch-kernel: 5.14.0-611.5.1.el9_7 kpatch-cve: CVE-2024-53229 kpatch-cvss: 7.0 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-53229 kpatch-patch-url: https://github.com/torvalds/linux/commit/ea4c990fa9e19ffef0648e40c566b94ba5ab31be kpatch-name: rhel9/5.14.0-611.5.1.el9_7/CVE-2025-21647-sched-sch_cake-add-bounds-checks-to-host-bulk-flow-fairness-counts.patch kpatch-description: sched: sch_cake: add bounds checks to host bulk flow fairness counts kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2025-21647 kpatch-cvss: 7.1 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-21647 kpatch-patch-url: https://github.com/torvalds/linux/commit/737d4d91d35b5f7fa5bb442651472277318b0bfd kpatch-name: rhel9/5.14.0-611.5.1.el9_7/CVE-2025-21691-cachestat-fix-page-cache-statistics-permission-checking-503.patch kpatch-description: cachestat: fix page cache statistics permission checking kpatch-kernel: 5.14.0-611.5.1.el9_7 kpatch-cve: CVE-2025-21691 kpatch-cvss: 7.1 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-21691 kpatch-patch-url: https://github.com/torvalds/linux/commit/5f537664e705b0bf8b7e329861f20128534f6a83 kpatch-name: rhel9/5.14.0-611.5.1.el9_7/CVE-2025-21702-pfifo_tail_enqueue-drop-new-packet-when-sch-limit-0-503.patch kpatch-description: pfifo_tail_enqueue: Drop new packet when sch->limit == 0 kpatch-kernel: 5.14.0-611.5.1.el9_7 kpatch-cve: CVE-2025-21702 kpatch-cvss: 7.0 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-21702 kpatch-patch-url: https://github.com/torvalds/linux/commit/647cef20e649c576dff271e018d5d15d998b629d kpatch-name: rhel9/5.14.0-611.5.1.el9_7/CVE-2025-21738-ata-libata-sff-ensure-that-we-cannot-write-outside-the-allocated-buffer.patch kpatch-description: ata: libata-sff: Ensure that we cannot write outside the allocated buffer kpatch-kernel: 5.14.0-611.5.1.el9_7 kpatch-cve: CVE-2025-21738 kpatch-cvss: 6.7 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-21738 kpatch-patch-url: https://github.com/torvalds/linux/commit/6e74e53b34b6dec5a50e1404e2680852ec6768d2 kpatch-name: rhel9/5.14.0-611.5.1.el9_7/CVE-2022-49627-ima-fix-potential-memory-leak-in-ima-init-crypto.patch kpatch-description: ima: Fix potential memory leak in ima_init_crypto() kpatch-kernel: 5.14.0-611.5.1.el9_7 kpatch-cve: CVE-2022-49627 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2022-49627 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=067d2521874135267e681c19d42761c601d503d6 kpatch-name: rhel9/5.14.0-611.5.1.el9_7/CVE-2022-49643-ima-fix-a-potential-integer-overflow-in-ima-appraise-measurement.patch kpatch-description: ima: Fix a potential integer overflow in ima_appraise_measurement kpatch-kernel: 5.14.0-611.5.1.el9_7 kpatch-cve: CVE-2022-49643 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2022-49643 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=d2ee2cfc4aa85ff6a2a3b198a3a524ec54e3d999 kpatch-name: rhel9/5.14.0-611.5.1.el9_7/CVE-2022-49648-tracing-histograms-fix-memory-leak-problem.patch kpatch-description: tracing/histograms: Fix memory leak problem kpatch-kernel: 5.14.0-611.5.1.el9_7 kpatch-cve: CVE-2022-49648 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2022-49648 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=7edc3945bdce9c39198a10d6129377a5c53559c2 kpatch-name: rhel9/5.14.0-611.5.1.el9_7/CVE-2022-49657-usbnet-fix-memory-leak-in-error-case.patch kpatch-description: usbnet: fix memory leak in error case kpatch-kernel: 5.14.0-611.5.1.el9_7 kpatch-cve: CVE-2022-49657 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2022-49657 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=b55a21b764c1e182014630fa5486d717484ac58f kpatch-name: rhel9/5.14.0-611.5.1.el9_7/CVE-2022-49672-net-tun-unlink-napi-from-device-on-destruction.patch kpatch-description: net: tun: unlink NAPI from device on destruction kpatch-kernel: 5.14.0-611.5.1.el9_7 kpatch-cve: CVE-2022-49672 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2022-49672 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=3b9bc84d311104906d2b4995a9a02d7b7ddab2db kpatch-name: rhel9/5.14.0-611.5.1.el9_7/CVE-2024-46689-soc-qcom-cmd-db-map-shared-memory-as-wc-not-wb.patch kpatch-description: soc: qcom: cmd-db: Map shared memory as WC, not WB kpatch-kernel: 5.14.0-611.5.1.el9_7 kpatch-cve: CVE-2024-46689 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-46689 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=f9bb896eab221618927ae6a2f1d566567999839d kpatch-name: rhel9/5.14.0-611.5.1.el9_7/CVE-2024-47679-vfs-fix-race-between-evice-inodes-and-find-inode-iput.patch kpatch-description: vfs: fix race between evice_inodes() and find_inode()&iput() kpatch-kernel: 5.14.0-611.5.1.el9_7 kpatch-cve: CVE-2024-47679 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-47679 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=88b1afbf0f6b221f6c5bb66cc80cd3b38d696687 kpatch-name: rhel9/5.14.0-611.5.1.el9_7/CVE-2024-56690-crypto-pcrypt-call-crypto-layer-directly-when-padata-do-parallel-return-ebusy.patch kpatch-description: crypto: pcrypt - Call crypto layer directly when padata_do_parallel() return -EBUSY kpatch-kernel: 5.14.0-611.5.1.el9_7 kpatch-cve: CVE-2024-56690 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-56690 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=662f2f13e66d3883b9238b0b96b17886179e60e2 kpatch-name: rhel9/5.14.0-611.5.1.el9_7/CVE-2024-57986-hid-core-fix-assumption-that-resolution-multipliers-must-be-in-logical-collections.patch kpatch-description: HID: core: Fix assumption that Resolution Multipliers must be in Logical Collections kpatch-kernel: 5.14.0-611.5.1.el9_7 kpatch-cve: CVE-2024-57986 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-57986 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=64f2657b579343cf923aa933f08074e6258eb07b kpatch-name: rhel9/5.14.0-611.5.1.el9_7/CVE-2024-56739-rtc-check-if-rtc-read-time-was-successful-in-rtc-timer-do-work.patch kpatch-description: rtc: check if __rtc_read_time was successful in rtc_timer_do_work() kpatch-kernel: 5.14.0-611.5.1.el9_7 kpatch-cve: CVE-2024-56739 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-56739 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=e8ba8a2bc4f60a1065f23d6a0e7cbea945a0f40d kpatch-name: rhel9/5.14.0-611.5.1.el9_7/CVE-2025-21848-nfp-bpf-add-check-for-nfp-app-ctrl-msg-alloc.patch kpatch-description: nfp: bpf: Add check for nfp_app_ctrl_msg_alloc() kpatch-kernel: 5.14.0-611.5.1.el9_7 kpatch-cve: CVE-2025-21848 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-21848 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=878e7b11736e062514e58f3b445ff343e6705537 kpatch-name: rhel9/5.14.0-611.5.1.el9_7/CVE-2022-49845-can-j1939-j1939-send-one-fix-missing-can-header-initialization.patch kpatch-description: can: j1939: j1939_send_one(): fix missing CAN header initialization kpatch-kernel: 5.14.0-611.5.1.el9_7 kpatch-cve: CVE-2022-49845 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2022-49845 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=3eb3d283e8579a22b81dd2ac3987b77465b2a22f kpatch-name: rhel9/5.14.0-611.5.1.el9_7/CVE-2022-49024-can-m-can-pci-add-missing-m-can-class-free-dev-in-probe-remove-methods.patch kpatch-description: can: m_can: pci: add missing m_can_class_free_dev() in probe/remove methods kpatch-kernel: 5.14.0-611.5.1.el9_7 kpatch-cve: CVE-2022-49024 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2022-49024 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=1eca1d4cc21b6d0fc5f9a390339804c0afce9439 kpatch-name: skipped/CVE-2022-49432.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2022-49432 kpatch-skip-reason: Out of scope: PowerPC architecture isn't supported for current kernel kpatch-cvss: kpatch-name: rhel9/5.14.0-611.5.1.el9_7/CVE-2025-21728-bpf-send-signals-asynchronously-if-preemptible.patch kpatch-description: bpf: Send signals asynchronously if !preemptible kpatch-kernel: 5.14.0-611.5.1.el9_7 kpatch-cve: CVE-2025-21728 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-21728 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=87c544108b612512b254c8f79aa5c0a8546e2cc4 kpatch-name: rhel9/5.14.0-611.5.1.el9_7/CVE-2025-21728-bpf-Use-preempt_count-directly-in-bpf_send_signal_common.patch kpatch-description: [PATCH] bpf: Use preempt_count() directly in bpf_send_signal_common() kpatch-kernel: 5.14.0-611.5.1.el9_7 kpatch-cve: CVE-2025-21728 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-21728 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=87c544108b612512b254c8f79aa5c0a8546e2cc4 kpatch-name: skipped/CVE-2025-21855.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2025-21855 kpatch-skip-reason: CONFIG_IBMVNIC is not enabled on EL9. kpatch-cvss: kpatch-name: rhel9/5.14.0-611.5.1.el9_7/CVE-2024-56675-bpf-fix-uaf-via-mismatching-bpf-prog-attachment-rcu-flavors-5.14.0-503.40.1.el9_5.patch kpatch-description: bpf: Fix UAF via mismatching bpf_prog/attachment RCU flavors kpatch-kernel: 5.14.0-611.5.1.el9_7 kpatch-cve: CVE-2024-56675 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-56675 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=ef1b808e3b7c98612feceedf985c2fbbeb28f956 kpatch-name: rhel9/5.14.0-611.5.1.el9_7/CVE-2025-21853-bpf-avoid-holding-freeze-mutex-during-mmap-operation-5.14.0-427.42.1.patch kpatch-description: bpf: avoid holding freeze_mutex during mmap operation kpatch-kernel: 5.14.0-611.5.1.el9_7 kpatch-cve: CVE-2025-21853 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-21853 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=bc27c52eea189e8f7492d40739b7746d67b65beb kpatch-name: rhel9/5.14.0-611.5.1.el9_7/CVE-2024-50060-io-uring-check-if-we-need-to-reschedule-during-overflow-flush-503.patch kpatch-description: io_uring: check if we need to reschedule during overflow flush kpatch-kernel: 5.14.0-611.5.1.el9_7 kpatch-cve: CVE-2024-50060 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-50060 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=eac2ca2d682f94f46b1973bdf5e77d85d77b8e53 kpatch-name: rhel9/5.14.0-611.5.1.el9_7/CVE-2024-53216-sunrpc-introduce-cache-check-rcu-to-help-check-in-rcu-context.patch kpatch-description: SUNRPC: introduce cache_check_rcu to help check in rcu context kpatch-kernel: 5.14.0-611.5.1.el9_7 kpatch-cve: CVE-2024-53216 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-53216 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=f8c989a0c89a75d30f899a7cabdc14d72522bb8d kpatch-name: rhel9/5.14.0-611.5.1.el9_7/CVE-2024-53216-sunrpc-no-need-get-cache-ref-when-protected-by-rcu.patch kpatch-description: SUNRPC: no need get cache ref when protected by rcu kpatch-kernel: 5.14.0-611.5.1.el9_7 kpatch-cve: CVE-2024-53216 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-53216 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=f8c989a0c89a75d30f899a7cabdc14d72522bb8d kpatch-name: rhel9/5.14.0-611.5.1.el9_7/CVE-2024-53216-nfsd-no-need-get-cache-ref-when-protected-by-rcu.patch kpatch-description: nfsd: no need get cache ref when protected by rcu kpatch-kernel: 5.14.0-611.5.1.el9_7 kpatch-cve: CVE-2024-53216 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-53216 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=f8c989a0c89a75d30f899a7cabdc14d72522bb8d kpatch-name: rhel9/5.14.0-611.5.1.el9_7/CVE-2024-53216-nfsd-fix-uaf-when-access-ex-uuid-or-ex-stats-427.patch kpatch-description: nfsd: fix UAF when access ex_uuid or ex_stats kpatch-kernel: 5.14.0-611.5.1.el9_7 kpatch-cve: CVE-2024-53216 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-53216 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=f8c989a0c89a75d30f899a7cabdc14d72522bb8d kpatch-name: rhel9/5.14.0-611.5.1.el9_7/CVE-2024-54456-nfs-fix-potential-buffer-overflowin-nfs-sysfs-link-rpc-client.patch kpatch-description: NFS: Fix potential buffer overflowin nfs_sysfs_link_rpc_client() kpatch-kernel: 5.14.0-611.5.1.el9_7 kpatch-cve: CVE-2024-54456 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-54456 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=49fd4e34751e90e6df009b70cd0659dc839e7ca8 kpatch-name: rhel9/5.14.0-611.5.1.el9_7/CVE-2024-56709-io-uring-check-if-iowq-is-killed-before-queuing.patch kpatch-description: io_uring: check if iowq is killed before queuing kpatch-kernel: 5.14.0-611.5.1.el9_7 kpatch-cve: CVE-2024-56709 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-56709 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=dbd2ca9367eb19bc5e269b8c58b0b1514ada9156 kpatch-name: rhel9/5.14.0-611.5.1.el9_7/CVE-2025-21863-io-uring-prevent-opcode-speculation.patch kpatch-description: io_uring: prevent opcode speculation kpatch-kernel: 5.14.0-611.5.1.el9_7 kpatch-cve: CVE-2025-21863 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-21863 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=1e988c3fe1264708f4f92109203ac5b1d65de50b kpatch-name: rhel9/5.14.0-611.5.1.el9_7/CVE-2025-21714-rdma-mlx5-fix-implicit-odp-use-after-free-503.patch kpatch-description: RDMA/mlx5: Fix implicit ODP use after free kpatch-kernel: 5.14.0-611.5.1.el9_7 kpatch-cve: CVE-2025-21714 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-21714 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=d3d930411ce390e532470194296658a960887773 kpatch-name: rhel9/5.14.0-611.5.1.el9_7/CVE-2025-21714-RDMA-mlx5-Fix-implicit-ODP-hang-on-parent-deregistration-503.patch kpatch-description: RDMA/mlx5: Fix implicit ODP hang on parent deregistration kpatch-kernel: 5.14.0-611.5.1.el9_7 kpatch-cve: CVE-2025-21714 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-21714 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=3d8c6f26893d55fab218ad086719de1fc9bb86ba kpatch-name: rhel9/5.14.0-611.5.1.el9_7/CVE-2025-21729-wifi-rtw89-fix-race-between-cancel-hw-scan-and-hw-scan-completion.patch kpatch-description: wifi: rtw89: fix race between cancel_hw_scan and hw_scan completion kpatch-kernel: 5.14.0-611.5.1.el9_7 kpatch-cve: CVE-2025-21729 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-21729 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=ba4bb0402c60e945c4c396c51f0acac3c3e3ea5c kpatch-name: rhel9/5.14.0-611.5.1.el9_7/CVE-2022-49670-linux-dim-fix-divide-by-0-in-rdma-dim.patch kpatch-description: linux/dim: Fix divide by 0 in RDMA DIM kpatch-kernel: 5.14.0-611.5.1.el9_7 kpatch-cve: CVE-2022-49670 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2022-49670 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=0fe3dbbefb74a8575f61d7801b08dbc50523d60d kpatch-name: rhel9/5.14.0-611.5.1.el9_7/CVE-2024-50195-posix-clock-fix-missing-timespec64-check-in-pc-clock-settime.patch kpatch-description: posix-clock: Fix missing timespec64 check in pc_clock_settime() kpatch-kernel: 5.14.0-611.5.1.el9_7 kpatch-cve: CVE-2024-50195 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-50195 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=d8794ac20a299b647ba9958f6d657051fc51a540 kpatch-name: rhel9/5.14.0-611.5.1.el9_7/CVE-2024-50195-posix-clock-posix-clock-fix-unbalanced-locking-in-pc-clock-settime-5.14.0-570.62.1.el9_6.patch kpatch-description: posix-clock: posix-clock: Fix unbalanced locking in pc_clock_settime() kpatch-kernel: 5.14.0-611.5.1.el9_7 kpatch-cve: CVE-2024-50195 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-50195 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=d8794ac20a299b647ba9958f6d657051fc51a540 kpatch-name: rhel9/5.14.0-611.5.1.el9_7/CVE-2024-57988-bluetooth-btbcm-fix-null-deref-in-btbcm-get-board-name-5.14.0-503.40.1.el9_5.patch kpatch-description: Bluetooth: btbcm: Fix NULL deref in btbcm_get_board_name() kpatch-kernel: 5.14.0-611.5.1.el9_7 kpatch-cve: CVE-2024-57988 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-57988 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=b88655bc6593c6a7fdc1248b212d17e581c4334e kpatch-name: rhel9/5.14.0-611.5.1.el9_7/CVE-2024-58077-asoc-soc-pcm-don-t-use-soc-pcm-ret-on-prepare-callback-5.14.0-427.42.1.el9_4.patch kpatch-description: ASoC: soc-pcm: don't use soc_pcm_ret() on .prepare callback kpatch-kernel: 5.14.0-611.5.1.el9_7 kpatch-cve: CVE-2024-58077 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-58077 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=301c26a018acb94dd537a4418cefa0f654500c6f kpatch-name: skipped/CVE-2025-22056.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2025-22056 kpatch-skip-reason: Postponed: complex analysis and adaptation required kpatch-cvss: kpatch-name: rhel9/5.14.0-611.5.1.el9_7/CVE-2024-56672-blk-cgroup-fix-uaf-in-blkcg-unpin-online.patch kpatch-description: blk-cgroup: Fix UAF in blkcg_unpin_online() kpatch-kernel: 5.14.0-611.5.1.el9_7 kpatch-cve: CVE-2024-56672 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-56672 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=86e6ca55b83c575ab0f2e105cf08f98e58d3d7af kpatch-name: rhel9/5.14.0-611.5.1.el9_7/CVE-2024-53170-block-fix-uaf-for-flush-rq-while-iterating-tags.patch kpatch-description: block: fix uaf for flush rq while iterating tags kpatch-kernel: 5.14.0-611.5.1.el9_7 kpatch-cve: CVE-2024-53170 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-53170 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=3802f73bd80766d70f319658f334754164075bc3 kpatch-name: rhel9/5.14.0-611.5.1.el9_7/CVE-2024-47727-x86-tdx-fix-in-kernel-mmio-check-5.14.0-503.40.1.el9_5.patch kpatch-description: x86/tdx: Fix "in-kernel MMIO" check kpatch-kernel: 5.14.0-611.5.1.el9_7 kpatch-cve: CVE-2024-47727 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-47727 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=d4fc4d01471528da8a9797a065982e05090e1d81 kpatch-name: rhel9/5.14.0-611.5.1.el9_7/CVE-2024-57998-opp-add-index-check-to-assert-to-avoid-buffer-overflow-in-read-freq-503.patch kpatch-description: OPP: add index check to assert to avoid buffer overflow in _read_freq() kpatch-kernel: 5.14.0-611.5.1.el9_7 kpatch-cve: CVE-2024-57998 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-57998 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=d659bc68ed489022ea33342cfbda2911a81e7a0d kpatch-name: rhel9/5.14.0-611.5.1.el9_7/CVE-2024-58068-opp-fix-dev-pm-opp-find-bw-when-bandwidth-table-not-initialized.patch kpatch-description: OPP: fix dev_pm_opp_find_bw_*() when bandwidth table not initialized kpatch-kernel: 5.14.0-611.5.1.el9_7 kpatch-cve: CVE-2024-58068 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-58068 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=b44b9bc7cab2967c3d6a791b1cd542c89fc07f0e kpatch-name: rhel9/5.14.0-611.5.1.el9_7/CVE-2025-21745-blk-cgroup-fix-class-block-class-s-subsystem-refcount-leakage.patch kpatch-description: blk-cgroup: Fix class @block_class's subsystem refcount leakage kpatch-kernel: 5.14.0-611.5.1.el9_7 kpatch-cve: CVE-2025-21745 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-21745 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=d1248436cbef1f924c04255367ff4845ccd9025e kpatch-name: rhel9/5.14.0-611.5.1.el9_7/CVE-2024-58083-kvm-explicitly-verify-target-vcpu-is-online-in-kvm-get-vcpu.patch kpatch-description: KVM: Explicitly verify target vCPU is online in kvm_get_vcpu() kpatch-kernel: 5.14.0-611.5.1.el9_7 kpatch-cve: CVE-2024-58083 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-58083 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=1e7381f3617d14b3c11da80ff5f8a93ab14cfc46 kpatch-name: rhel9/5.14.0-611.5.1.el9_7/CVE-2025-21787-team-better-team-option-type-string-validation-503.38.patch kpatch-description: team: better TEAM_OPTION_TYPE_STRING validation kpatch-kernel: 5.14.0-611.5.1.el9_7 kpatch-cve: CVE-2025-21787 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-21787 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=5bef3ac184b5626ea62385d6b82a1992b89d7940 kpatch-name: skipped/CVE-2025-21829.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2025-21829 kpatch-skip-reason: Patches a sleepable function, which may prevent patching/unpatching. kpatch-cvss: kpatch-name: rhel9/5.14.0-611.5.1.el9_7/CVE-2025-21765-net-add-dev-net-rcu-helper.patch kpatch-description: net: add dev_net_rcu() helper kpatch-kernel: 5.14.0-611.5.1.el9_7 kpatch-cve: CVE-2025-21765 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-21765 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=3c8ffcd248da34fc41e52a46e51505900115fc2a kpatch-name: rhel9/5.14.0-611.5.1.el9_7/CVE-2025-21765-ipv6-use-rcu-protection-in-ip6-default-advmss.patch kpatch-description: ipv6: use RCU protection in ip6_default_advmss() kpatch-kernel: 5.14.0-611.5.1.el9_7 kpatch-cve: CVE-2025-21765 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-21765 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=3c8ffcd248da34fc41e52a46e51505900115fc2a kpatch-name: rhel9/5.14.0-611.5.1.el9_7/CVE-2024-49864-rxrpc-fix-a-race-between-socket-set-up-and-i-o-thread-creation.patch kpatch-description: rxrpc: Fix a race between socket set up and I/O thread creation kpatch-kernel: 5.14.0-611.5.1.el9_7 kpatch-cve: CVE-2024-49864 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-49864 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=bc212465326e8587325f520a052346f0b57360e6 kpatch-name: rhel9/5.14.0-611.5.1.el9_7/CVE-2025-21844-smb-client-add-check-for-next-buffer-in-receive-encrypted-standard.patch kpatch-description: smb: client: Add check for next_buffer in receive_encrypted_standard() kpatch-kernel: 5.14.0-611.5.1.el9_7 kpatch-cve: CVE-2025-21844 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-21844 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=860ca5e50f73c2a1cef7eefc9d39d04e275417f7 kpatch-name: rhel9/5.14.0-611.5.1.el9_7/CVE-2024-52332-igb-fix-potential-invalid-memory-access-in-igb-init-module.patch kpatch-description: igb: Fix potential invalid memory access in igb_init_module() kpatch-kernel: 5.14.0-611.5.1.el9_7 kpatch-cve: CVE-2024-52332 kpatch-cvss: 7.1 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-52332 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=0566f83d206c7a864abcd741fe39d6e0ae5eef29 kpatch-name: rhel9/5.14.0-611.5.1.el9_7/CVE-2024-58012-asoc-sof-intel-hda-dai-ensure-dai-widget-is-valid-during-params-5.14.0-427.42.1.el9_4.patch kpatch-description: ASoC: SOF: Intel: hda-dai: Ensure DAI widget is valid during params kpatch-kernel: 5.14.0-611.5.1.el9_7 kpatch-cve: CVE-2024-58012 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-58012 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=569922b82ca660f8b24e705f6cf674e6b1f99cc7 kpatch-name: rhel9/5.14.0-611.5.1.el9_7/CVE-2024-53052-io-uring-rw-fix-missing-nowait-check-for-o-direct-start-write-dep.patch kpatch-description: io_uring/rw: fix missing NOWAIT check for O_DIRECT start write kpatch-kernel: 5.14.0-611.5.1.el9_7 kpatch-cve: CVE-2024-53052 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-53052 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=ed0360bbab72b829437b67ebb2f9cfac19f59dfe kpatch-name: rhel9/5.14.0-611.5.1.el9_7/CVE-2024-53052-io-uring-rw-fix-missing-nowait-check-for-o-direct-start-write-5.14.0-427.42.1.el9_4.patch kpatch-description: io_uring/rw: fix missing NOWAIT check for O_DIRECT start write kpatch-kernel: 5.14.0-611.5.1.el9_7 kpatch-cve: CVE-2024-53052 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-53052 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=1d60d74e852647255bd8e76f5a22dc42531e4389 kpatch-name: rhel9/5.14.0-611.5.1.el9_7/CVE-2025-21847-asoc-sof-stream-ipc-check-for-cstream-nullity-in-sof-ipc-msg-data.patch kpatch-description: ASoC: SOF: stream-ipc: Check for cstream nullity in sof_ipc_msg_data() kpatch-kernel: 5.14.0-611.5.1.el9_7 kpatch-cve: CVE-2025-21847 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-21847 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=d8d99c3b5c485f339864aeaa29f76269cc0ea975 kpatch-name: skipped/CVE-2025-21837.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2025-21837 kpatch-skip-reason: CVE has been marked as REJECTED on the NVD website. kpatch-cvss: kpatch-name: skipped/CVE-2025-21726.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2025-21726 kpatch-skip-reason: Out of scope: not affected kpatch-cvss: kpatch-name: rhel9/5.14.0-611.5.1.el9_7/CVE-2024-58072-wifi-rtlwifi-remove-unused-check-buddy-priv.patch kpatch-description: wifi: rtlwifi: remove unused check_buddy_priv kpatch-kernel: 5.14.0-611.5.1.el9_7 kpatch-cve: CVE-2024-58072 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-58072 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=2fdac64c3c35858aa8ac5caa70b232e03456e120 kpatch-name: skipped/CVE-2022-49437.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2022-49437 kpatch-skip-reason: Out of scope: PowerPC architecture isn't supported for current kernel kpatch-cvss: kpatch-name: skipped/CVE-2022-49623.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2022-49623 kpatch-skip-reason: Out of scope: PowerPC architecture isn't supported for current kernel kpatch-cvss: kpatch-name: rhel9/5.14.0-611.5.1.el9_7/CVE-2024-56645-can-j1939-j1939-session-new-fix-skb-reference-counting.patch kpatch-description: can: j1939: j1939_session_new(): fix skb reference counting kpatch-kernel: 5.14.0-611.5.1.el9_7 kpatch-cve: CVE-2024-56645 kpatch-cvss: 7.1 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-56645 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=a8c695005bfe6569acd73d777ca298ddddd66105 kpatch-name: rhel9/5.14.0-611.5.1.el9_7/CVE-2025-38396-fs-export-anon-inode-make-secure-inode-and-fix-secretmem-lsm-bypass-5.14.0-427.42.1.el9_4.patch kpatch-description: fs: export anon_inode_make_secure_inode() and fix secretmem LSM bypass kpatch-kernel: 5.14.0-611.5.1.el9_7 kpatch-cve: CVE-2025-38396 kpatch-cvss: 7.0 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-38396 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=cbe4134ea4bc493239786220bd69cb8a13493190 kpatch-name: rhel9/5.14.0-611.5.1.el9_7/CVE-2025-21795-Revert-NFSD-Reschedule-CB-operations-when-backchannel-rpc_clnt-is-shut-down.patch kpatch-description: NFSD: fix hang in nfsd4_shutdown_callback kpatch-kernel: 5.14.0-611.5.1.el9_7 kpatch-cve: CVE-2025-21795 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-21795 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=9c8ecb9308d8013ff9ac9d36fdd8ae746033b93c kpatch-name: rhel9/5.14.0-611.5.1.el9_7/CVE-2025-21795-nfsd-fix-hang-in-nfsd4-shutdown-callback.patch kpatch-description: NFSD: fix hang in nfsd4_shutdown_callback kpatch-kernel: 5.14.0-611.5.1.el9_7 kpatch-cve: CVE-2025-21795 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-21795 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=036ac2778f7b28885814c6fbc07e156ad1624d03 kpatch-name: rhel9/5.14.0-611.5.1.el9_7/CVE-2024-53119-virtio-vsock-fix-accept-queue-memory-leak.patch kpatch-description: virtio/vsock: Fix accept_queue memory leak kpatch-kernel: 5.14.0-611.5.1.el9_7 kpatch-cve: CVE-2024-53119 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-53119 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=d7b0ff5a866724c3ad21f2628c22a63336deec3f kpatch-name: rhel9/5.14.0-611.5.1.el9_7/CVE-2024-58088-bpf-fix-deadlock-when-freeing-cgroup-storage.patch kpatch-description: bpf: Fix deadlock when freeing cgroup storage kpatch-kernel: 5.14.0-611.5.1.el9_7 kpatch-cve: CVE-2024-58088 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-58088 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=c78f4afbd962f43a3989f45f3ca04300252b19b5 kpatch-name: skipped/CVE-2025-21851.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2025-21851 kpatch-skip-reason: arm64 and CONFIG_PAGE_SIZE_64KB specific kpatch-cvss: kpatch-name: rhel9/5.14.0-611.5.1.el9_7/CVE-2024-57993-hid-hid-thrustmaster-fix-warning-in-thrustmaster-probe-by-adding-endpoint-check.patch kpatch-description: HID: hid-thrustmaster: Fix warning in thrustmaster_probe by adding endpoint check kpatch-kernel: 5.14.0-611.5.1.el9_7 kpatch-cve: CVE-2024-57993 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-57993 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=50420d7c79c37a3efe4010ff9b1bb14bc61ebccf kpatch-name: rhel9/5.14.0-611.5.1.el9_7/CVE-2024-57993-hid-hid-thrustmaster-fix-stack-out-of-bounds-read-in-usb-check-int-endpoints.patch kpatch-description: HID: hid-thrustmaster: fix stack-out-of-bounds read in usb_check_int_endpoints() kpatch-kernel: 5.14.0-611.5.1.el9_7 kpatch-cve: CVE-2024-57993 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-57993 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=50420d7c79c37a3efe4010ff9b1bb14bc61ebccf kpatch-name: rhel9/5.14.0-611.5.1.el9_7/CVE-2024-57993-hid-thrustmaster-fix-memory-leak-in-thrustmaster-interrupts.patch kpatch-description: HID: thrustmaster: fix memory leak in thrustmaster_interrupts() kpatch-kernel: 5.14.0-611.5.1.el9_7 kpatch-cve: CVE-2024-57993 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-57993 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=50420d7c79c37a3efe4010ff9b1bb14bc61ebccf kpatch-name: skipped/CVE-2025-21739.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2025-21739 kpatch-skip-reason: config CONFIG_SCSI_UFSHCD is not set for any kernel version kpatch-cvss: kpatch-name: rhel9/5.14.0-611.5.1.el9_7/CVE-2025-38075-scsi-target-iscsi-fix-timeout-on-deleted-connection.patch kpatch-description: scsi: target: iscsi: Fix timeout on deleted connection kpatch-kernel: 5.14.0-611.5.1.el9_7 kpatch-cve: CVE-2025-38075 kpatch-cvss: 7.0 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-38075 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=7f533cc5ee4c4436cee51dc58e81dfd9c3384418 kpatch-name: skipped/CVE-2022-49357.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2022-49357 kpatch-skip-reason: Out of scope: T2 Macs not supported kpatch-cvss: kpatch-name: skipped/CVE-2022-49353.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2022-49353 kpatch-skip-reason: Out of scope: PowerPC architecture isn't supported for current kernel kpatch-cvss: kpatch-name: skipped/CVE-2025-21786.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2025-21786 kpatch-skip-reason: Complex adaptation required kpatch-cvss: kpatch-name: skipped/CVE-2025-38116.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2025-38116 kpatch-skip-reason: Out of scope: not affected kpatch-cvss: kpatch-name: rhel9/5.14.0-611.5.1.el9_7/CVE-2024-57981-usb-xhci-fix-null-pointer-dereference-on-certain-command-aborts-5.14.0-427.42.1.el9_4.patch kpatch-description: usb: xhci: Fix NULL pointer dereference on certain command aborts kpatch-kernel: 5.14.0-611.5.1.el9_7 kpatch-cve: CVE-2024-57981 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-57981 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=1e0a19912adb68a4b2b74fd77001c96cd83eb073 kpatch-name: rhel9/5.14.0-611.5.1.el9_7/CVE-2025-21861-mm-migrate-device-don-t-add-folio-to-be-freed-to-lru-in-migrate-device-finalize.patch kpatch-description: mm/migrate_device: don't add folio to be freed to LRU in migrate_device_finalize() kpatch-kernel: 5.14.0-611.5.1.el9_7 kpatch-cve: CVE-2025-21861 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-21861 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=41cddf83d8b00f29fd105e7a0777366edc69a5cf kpatch-name: skipped/CVE-2025-21696.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2025-21696 kpatch-skip-reason: Patch for mm subsystem from CVE of medium (5.5) impact kpatch-cvss: kpatch-name: skipped/CVE-2022-48830.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2022-48830 kpatch-skip-reason: CAN isn't used in servers kpatch-cvss: kpatch-name: skipped/CVE-2022-49269.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2022-49269 kpatch-skip-reason: CAN isn't used in servers kpatch-cvss: kpatch-name: rhel9/5.14.0-611.5.1.el9_7/CVE-2025-21828-wifi-mac80211-don-t-flush-non-uploaded-stas.patch kpatch-description: wifi: mac80211: don't flush non-uploaded STAs kpatch-kernel: 5.14.0-611.5.1.el9_7 kpatch-cve: CVE-2025-21828 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-21828 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=aa3ce3f8fafa0b8fb062f28024855ea8cb3f3450 kpatch-name: rhel9/5.14.0-611.5.1.el9_7/CVE-2024-53135-kvm-vmx-bury-intel-pt-virtualization-guest-host-mode-behind-config-broken-427.patch kpatch-description: KVM: VMX: Bury Intel PT virtualization (guest/host mode) behind CONFIG_BROKEN kpatch-kernel: 5.14.0-611.5.1.el9_7 kpatch-cve: CVE-2024-53135 kpatch-cvss: 6.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-53135 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=aa0d42cacf093a6fcca872edc954f6f812926a17 kpatch-name: rhel9/5.14.0-611.5.1.el9_7/CVE-2024-53135-kvm-vmx-bury-intel-pt-virtualization-guest-host-mode-behind-config-broken-kpatch-427.patch kpatch-description: KVM: VMX: Bury Intel PT virtualization (guest/host mode) behind CONFIG_BROKEN kpatch-kernel: 5.14.0-611.5.1.el9_7 kpatch-cve: CVE-2024-53135 kpatch-cvss: 6.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-53135 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=aa0d42cacf093a6fcca872edc954f6f812926a17 kpatch-name: rhel9/5.14.0-611.5.1.el9_7/CVE-2024-50294-rxrpc-fix-missing-locking-causing-hanging-calls.patch kpatch-description: rxrpc: Fix missing locking causing hanging calls kpatch-kernel: 5.14.0-611.5.1.el9_7 kpatch-cve: CVE-2024-50294 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-50294 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=fc9de52de38f656399d2ce40f7349a6b5f86e787 kpatch-name: rhel9/5.14.0-611.5.1.el9_7/CVE-2024-50294-rxrpc-fix-missing-locking-causing-hanging-calls-kpatch.patch kpatch-description: rxrpc: Fix missing locking causing hanging calls kpatch-kernel: 5.14.0-611.5.1.el9_7 kpatch-cve: CVE-2024-50294 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-50294 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=fc9de52de38f656399d2ce40f7349a6b5f86e787 kpatch-name: rhel9/5.14.0-611.5.1.el9_7/CVE-2025-21839-KVM-x86-Load-DR6-with-guest-value-only-before-kpatch-503.patch kpatch-description: KVM: x86: Load DR6 with guest value only before entering .vcpu_run() loop kpatch-kernel: 5.14.0-611.5.1.el9_7 kpatch-cve: CVE-2025-21839 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-21839 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=c2fee09fc167c74a64adb08656cb993ea475197e kpatch-name: rhel9/5.14.0-611.5.1.el9_7/CVE-2025-21746-input-serio-define-serio-pause-rx-guard-to-pause-and-resume-serio-ports.patch kpatch-description: Input: serio - define serio_pause_rx guard to pause and resume serio ports kpatch-kernel: 5.14.0-611.5.1.el9_7 kpatch-cve: CVE-2025-21746 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-21746 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=08bd5b7c9a2401faabdaa1472d45c7de0755fd7e kpatch-name: rhel9/5.14.0-611.5.1.el9_7/CVE-2025-21746-input-synaptics-fix-crash-when-enabling-pass-through-port.patch kpatch-description: Input: synaptics - fix crash when enabling pass-through port kpatch-kernel: 5.14.0-611.5.1.el9_7 kpatch-cve: CVE-2025-21746 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-21746 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=08bd5b7c9a2401faabdaa1472d45c7de0755fd7e kpatch-name: rhel9/5.14.0-611.5.1.el9_7/CVE-2025-21746-input-synaptics-fix-crash-when-enabling-pass-through-port-kpatch.patch kpatch-description: Input: synaptics - fix crash when enabling pass-through port kpatch-kernel: 5.14.0-611.5.1.el9_7 kpatch-cve: CVE-2025-21746 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-21746 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=08bd5b7c9a2401faabdaa1472d45c7de0755fd7e kpatch-name: rhel9/5.14.0-611.5.1.el9_7/CVE-2022-49443-list-fix-a-data-race-around-ep-rdllist-570.51.patch kpatch-description: list: fix a data-race around ep->rdllist kpatch-kernel: 5.14.0-611.5.1.el9_7 kpatch-cve: CVE-2022-49443 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2022-49443 kpatch-patch-url: https://github.com/torvalds/linux/commit/d679ae94fdd5d3ab00c35078f5af5f37e068b03d kpatch-name: rhel9/5.14.0-611.5.1.el9_7/CVE-2024-53680-ipvs-fix-ub-due-to-uninitialized-stack-access-in-ip-vs-protocol-init.patch kpatch-description: ipvs: fix UB due to uninitialized stack access in ip_vs_protocol_init() kpatch-kernel: 5.14.0-611.5.1.el9_7 kpatch-cve: CVE-2024-53680 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-53680 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=146b6f1112eb30a19776d6c323c994e9d67790db kpatch-name: rhel9/5.14.0-611.5.1.el9_7/CVE-2025-21864-tcp-drop-skb-dst-in-tcp_rcv_established.patch kpatch-description: tcp: drop skb dst in tcp_rcv_established() kpatch-kernel: 5.14.0-611.5.1.el9_7 kpatch-cve: CVE-2025-21864 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-21864 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=783d108dd71d97e4cac5fe8ce70ca43ed7dc7bb7 kpatch-name: rhel9/5.14.0-611.5.1.el9_7/CVE-2025-21864-tcp-drop-secpath-at-the-same-time-as-we-currently-dr-284.patch kpatch-description: tcp: drop secpath at the same time as we currently drop dst kpatch-kernel: 5.14.0-611.5.1.el9_7 kpatch-cve: CVE-2025-21864 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-21864 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=9b6412e6979f6f9e0632075f8f008937b5cd4efd kpatch-name: rhel9/5.14.0-611.5.1.el9_7/CVE-2025-21846-acct-perform-last-write-from-workqueue.patch kpatch-description: acct: perform last write from workqueue kpatch-kernel: 5.14.0-611.5.1.el9_7 kpatch-cve: CVE-2025-21846 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-21846 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=56d5f3eba3f5de0efdd556de4ef381e109b973a9 kpatch-name: rhel9/5.14.0-611.5.1.el9_7/CVE-2025-21846-acct-perform-last-write-from-workqueue-kpatch.patch kpatch-description: acct: perform last write from workqueue kpatch-kernel: 5.14.0-611.5.1.el9_7 kpatch-cve: CVE-2025-21846 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-21846 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=56d5f3eba3f5de0efdd556de4ef381e109b973a9 kpatch-name: rhel9/5.14.0-611.5.1.el9_7/CVE-2025-21806-net-let-net-core-dev-weight-always-be-non-zero.patch kpatch-description: net: let net.core.dev_weight always be non-zero kpatch-kernel: 5.14.0-611.5.1.el9_7 kpatch-cve: CVE-2025-21806 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-21806 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=d1f9f79fa2af8e3b45cffdeef66e05833480148a kpatch-name: rhel9/5.14.0-611.5.1.el9_7/CVE-2025-21806-net-let-net-core-dev-weight-always-be-non-zero-kpatch.patch kpatch-description: net: let net.core.dev_weight always be non-zero kpatch-kernel: 5.14.0-611.5.1.el9_7 kpatch-cve: CVE-2025-21806 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-21806 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=d1f9f79fa2af8e3b45cffdeef66e05833480148a kpatch-name: rhel9/5.14.0-611.5.1.el9_7/CVE-2024-53090-afs-fix-lock-recursion-5.14.0-427.42.1.el9_4-kpatch.patch kpatch-description: afs: Fix lock recursion kpatch-kernel: 5.14.0-611.5.1.el9_7 kpatch-cve: CVE-2024-53090 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-53090 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=610a79ffea02102899a1373fe226d949944a7ed6 kpatch-name: rhel9/5.14.0-611.5.1.el9_7/CVE-2025-21693-mm-zswap-properly-synchronize-freeing-resources-during-CPU-hotunplug-kpatch-5.14.0-427.42.1.el9_4.patch kpatch-description: [PATCH] mm: zswap: properly synchronize freeing resources during CPU hotunplug kpatch-kernel: 5.14.0-611.5.1.el9_7 kpatch-cve: CVE-2025-21693 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-21693 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=12dcb0ef540629a281533f9dedc1b6b8e14cfb65 kpatch-name: rhel9/5.14.0-611.5.1.el9_7/CVE-2025-21693-mm-zswap-move-allocations-during-CPU-init-outside-the-lock-5.14.0-503.40.1.el9_5.patch kpatch-description: [PATCH] mm: zswap: move allocations during CPU init outside the lock kpatch-kernel: 5.14.0-611.5.1.el9_7 kpatch-cve: CVE-2025-21693 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-21693 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=779b9955f64327c339a16f68055af98252fd3315 kpatch-name: rhel9/5.14.0-611.5.1.el9_7/CVE-2025-21693-mm-zswap-fix-crypto_free_acomp-deadlock-in-zswap_cpu_comp_dead-5.14.0-503.40.1.el9_5.patch kpatch-description: [PATCH] mm: zswap: fix crypto_free_acomp() deadlock in zswap_cpu_comp_dead() kpatch-kernel: 5.14.0-611.5.1.el9_7 kpatch-cve: CVE-2025-21693 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-21693 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=c11bcbc0a517acf69282c8225059b2a8ac5fe628 kpatch-name: rhel9/5.14.0-611.11.1.el9_7/CVE-2025-39864-wifi-cfg80211-fix-use-after-free-in-cmp-bss.patch kpatch-description: wifi: cfg80211: fix use-after-free in cmp_bss() kpatch-kernel: 5.14.0-611.11.1.el9_7 kpatch-cve: CVE-2025-39864 kpatch-cvss: 7.0 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-39864 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=26e84445f02ce6b2fe5f3e0e28ff7add77f35e08 kpatch-name: rhel9/5.14.0-611.11.1.el9_7/CVE-2025-38724-nfsd-handle-get-client-locked-failure-in-nfsd4-setclientid-confirm.patch kpatch-description: nfsd: handle get_client_locked() failure in nfsd4_setclientid_confirm() kpatch-kernel: 5.14.0-611.11.1.el9_7 kpatch-cve: CVE-2025-38724 kpatch-cvss: 7.0 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-38724 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=908e4ead7f757504d8b345452730636e298cbf68 kpatch-name: skipped/CVE-2025-39898.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2025-39898 kpatch-skip-reason: CVE rejected kpatch-cvss: kpatch-name: skipped/CVE-2025-39981.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2025-39981 kpatch-skip-reason: Complex adaptation required kpatch-cvss: kpatch-name: rhel9/5.14.0-611.11.1.el9_7/CVE-2025-39955-tcp-clear-tcp-sk-sk-fastopen-rsk-in-tcp-disconnect.patch kpatch-description: tcp: Clear tcp_sk(sk)->fastopen_rsk in tcp_disconnect(). kpatch-kernel: 5.14.0-611.11.1.el9_7 kpatch-cve: CVE-2025-39955 kpatch-cvss: 7.6 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-39955 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=45c8a6cc2bcd780e634a6ba8e46bffbdf1fc5c01 kpatch-name: rhel9/5.14.0-611.11.1.el9_7/CVE-2025-39955-tcp-don-t-call-reqsk_fastopen_remove-in-tcp_conn_request.patch kpatch-description: tcp: Clear tcp_sk(sk)->fastopen_rsk in tcp_disconnect(). kpatch-kernel: 5.14.0-611.11.1.el9_7 kpatch-cve: CVE-2025-39955 kpatch-cvss: 7.6 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-39955 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=2e7cbbbe3d61c63606994b7ff73c72537afe2e1c kpatch-name: rhel9/5.14.0-611.9.1.el9_7/CVE-2025-39843-mm-slub-avoid-wake-up-kswapd-in-set-track-prepare-427.patch kpatch-description: mm: slub: avoid wake up kswapd in set_track_prepare kpatch-kernel: 5.14.0-611.9.1.el9_7 kpatch-cve: CVE-2025-39843 kpatch-cvss: 7.0 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-39843 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=850470a8413a8a78e772c4f6bd9fe81ec6bd5b0f kpatch-name: rhel9/5.14.0-611.8.1.el9_7/CVE-2025-39982-bluetooth-hci-event-fix-uaf-in-hci-acl-create-conn-sync.patch kpatch-description: Bluetooth: hci_event: Fix UAF in hci_acl_create_conn_sync kpatch-kernel: 5.14.0-611.8.1.el9_7 kpatch-cve: CVE-2025-39982 kpatch-cvss: 7.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-39982 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=9e622804d57e2d08f0271200606bd1270f75126f kpatch-name: rhel9/5.14.0-611.8.1.el9_7/CVE-2025-39983-bluetooth-hci-event-fix-uaf-in-hci-conn-tx-dequeue.patch kpatch-description: Bluetooth: hci_event: Fix UAF in hci_conn_tx_dequeue kpatch-kernel: 5.14.0-611.8.1.el9_7 kpatch-cve: CVE-2025-39983 kpatch-cvss: 7.0 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-39983 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=2e128683176a56459cef8705fc7c35f438f88abd kpatch-name: rhel9/5.14.0-611.8.1.el9_7/CVE-2025-39971-i40e-fix-idx-validation-in-config-queues-msg.patch kpatch-description: i40e: fix idx validation in config queues msg kpatch-kernel: 5.14.0-611.8.1.el9_7 kpatch-cve: CVE-2025-39971 kpatch-cvss: 7.6 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-39971 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=f1ad24c5abe1eaef69158bac1405a74b3c365115 kpatch-name: rhel9/5.14.0-611.8.1.el9_7/CVE-2025-39697-NFS-Use-the-correct-commit-info-in-nfs_join_page_gro.patch kpatch-description: NFS: Use the correct commit info in nfs_join_page_group() kpatch-kernel: 5.14.0-611.8.1.el9_7 kpatch-cve: CVE-2025-39697 kpatch-cvss: 7.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-39697 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=a354b4a367f565b95a6ca819eb792af81af3d4da kpatch-name: rhel9/5.14.0-611.8.1.el9_7/CVE-2025-39697-nfs-fold-nfs_page_group_lock_subrequests-into-nfs_lo-503.patch kpatch-description: nfs: fold nfs_page_group_lock_subrequests into nfs_lock_and_join_requests kpatch-kernel: 5.14.0-611.8.1.el9_7 kpatch-cve: CVE-2025-39697 kpatch-cvss: 7.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-39697 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=fd947b71cc1b86c4731f8d470f5ab5df94e838d8 kpatch-name: rhel9/5.14.0-611.8.1.el9_7/CVE-2025-39697-NFS-Fix-a-race-when-updating-an-existing-write-503.patch kpatch-description: NFS: Fix a race when updating an existing write kpatch-kernel: 5.14.0-611.8.1.el9_7 kpatch-cve: CVE-2025-39697 kpatch-cvss: 7.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-39697 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=f230d40147cc37eb3aef4d50e2e2c06ea73d9a77 kpatch-name: rhel9/5.14.0-611.8.1.el9_7/CVE-2025-39697-avoid-modifying-nfs_page_group_sync_on_bit-503.patch kpatch-description: avoid modifying nfs_page_group_sync_on_bit kpatch-kernel: 5.14.0-611.8.1.el9_7 kpatch-cve: CVE-2025-39697 kpatch-cvss: 7.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-39697 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=a354b4a367f565b95a6ca819eb792af81af3d4da kpatch-name: rhel9/5.14.0-611.13.1.el9_7/CVE-2025-39925-can-j1939-implement-netdev-unregister-notification-handler.patch kpatch-description: can: j1939: implement NETDEV_UNREGISTER notification handler kpatch-kernel: 5.14.0-611.13.1.el9_7 kpatch-cve: CVE-2025-39925 kpatch-cvss: 7.0 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-39925 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=7fcbe5b2c6a4b5407bf2241fdb71e0a390f6ab9a kpatch-name: rhel9/5.14.0-611.13.1.el9_7/CVE-2025-39925-can-j1939-add-missing-calls-in-netdev-unregister-notification-handler.patch kpatch-description: can: j1939: add missing calls in NETDEV_UNREGISTER notification handler kpatch-kernel: 5.14.0-611.13.1.el9_7 kpatch-cve: CVE-2025-39925 kpatch-cvss: 7.0 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-39925 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=7fcbe5b2c6a4b5407bf2241fdb71e0a390f6ab9a kpatch-name: skipped/CVE-2025-39979.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2025-39979 kpatch-skip-reason: Blamed commit b581f4266928 is not present kpatch-cvss: kpatch-name: rhel9/5.14.0-611.16.1.el9_7/CVE-2025-40176-tls-wait-for-pending-async-decryptions-if-tls-strp-msg-hold-fails.patch kpatch-description: tls: wait for pending async decryptions if tls_strp_msg_hold fails kpatch-kernel: 5.14.0-611.16.1.el9_7 kpatch-cve: CVE-2025-40176 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-40176 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=b8a6ff84abbcbbc445463de58704686011edc8e1 kpatch-name: rhel9/5.14.0-611.16.1.el9_7/CVE-2025-38499-clone-private-mnt-make-sure-that-caller-has-cap-sys-admin-in-the-right-userns.patch kpatch-description: clone_private_mnt(): make sure that caller has CAP_SYS_ADMIN in the right userns kpatch-kernel: 5.14.0-611.16.1.el9_7 kpatch-cve: CVE-2025-38499 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-38499 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=c28f922c9dcee0e4876a2c095939d77fe7e15116 kpatch-name: rhel9/5.14.0-611.20.1.el9_7/CVE-2025-39883-mm-memory-failure-fix-vm-bug-on-page-pagepoisoned-page-when-unpoison-memory-5.14.0-427.42.1.el9_4.patch kpatch-description: mm/memory-failure: fix VM_BUG_ON_PAGE(PagePoisoned(page)) when unpoison memory kpatch-kernel: 5.14.0-611.20.1.el9_7 kpatch-cve: CVE-2025-39883 kpatch-cvss: 7.0 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-39883 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=d613f53c83ec47089c4e25859d5e8e0359f6f8da kpatch-name: rhel9/5.14.0-611.20.1.el9_7/CVE-2025-40240-sctp-avoid-null-dereference-when-chunk-data-buffer-is-missing.patch kpatch-description: sctp: avoid NULL dereference when chunk data buffer is missing kpatch-kernel: 5.14.0-611.20.1.el9_7 kpatch-cve: CVE-2025-40240 kpatch-cvss: 7.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-40240 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=441f0647f7673e0e64d4910ef61a5fb8f16bfb82 kpatch-name: rhel9/5.14.0-611.24.1.el9_7/CVE-2025-40277-drm-vmwgfx-validate-command-header-size-against-svga-cmd-max-datasize.patch kpatch-description: drm/vmwgfx: Validate command header size against SVGA_CMD_MAX_DATASIZE kpatch-kernel: 5.14.0-611.24.1.el9_7 kpatch-cve: CVE-2025-40277 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-40277 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=32b415a9dc2c212e809b7ebc2b14bc3fbda2b9af kpatch-name: rhel9/5.14.0-611.24.1.el9_7/CVE-2025-68285-libceph-fix-potential-use-after-free-in-have-mon-and-osd-map.patch kpatch-description: libceph: fix potential use-after-free in have_mon_and_osd_map() kpatch-kernel: 5.14.0-611.24.1.el9_7 kpatch-cve: CVE-2025-68285 kpatch-cvss: 7.0 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-68285 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=076381c261374c587700b3accf410bdd2dba334e kpatch-name: rhel9/5.14.0-611.24.1.el9_7/CVE-2025-68285-libceph-fix-potential-use-after-free-in-have-mon-and-osd-map-kpatch.patch kpatch-description: libceph: fix potential use-after-free in have_mon_and_osd_map() kpatch-kernel: 5.14.0-611.24.1.el9_7 kpatch-cve: CVE-2025-68285 kpatch-cvss: 7.0 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-68285 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=076381c261374c587700b3accf410bdd2dba334e kpatch-name: rhel9/5.14.0-611.24.1.el9_7/CVE-2025-68287-usb-dwc3-fix-race-condition-between-concurrent-dwc3-remove-requests-call-paths.patch kpatch-description: usb: dwc3: Fix race condition between concurrent dwc3_remove_requests() call paths kpatch-kernel: 5.14.0-611.24.1.el9_7 kpatch-cve: CVE-2025-68287 kpatch-cvss: 7.0 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-68287 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=e4037689a366743c4233966f0e74bc455820d316 kpatch-name: rhel9/5.14.0-611.24.1.el9_7/CVE-2025-39933-smb-client-let-recv_done-verify-data_offset-data_len.patch kpatch-description: smb: client: let recv_done verify data_offset, data_length and remaining_data_length kpatch-kernel: 5.14.0-611.24.1.el9_7 kpatch-cve: CVE-2025-39933 kpatch-cvss: 7.1 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-39933 kpatch-patch-url: https://github.com/torvalds/linux/commit/f57e53ea252363234f86674db475839e5b87102e kpatch-name: rhel9/5.14.0-611.26.1.el9_7/CVE-2025-38349-eventpoll-don-t-decrement-ep-refcount-while-still-holding-the-ep-mutex-5.14.0-570.51.1.el9_6.patch kpatch-description: eventpoll: don't decrement ep refcount while still holding the ep mutex kpatch-kernel: 5.14.0-611.26.1.el9_7 kpatch-cve: CVE-2025-38349 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-38349 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=8c2e52ebbe885c7eeaabd3b7ddcdc1246fc400d2 kpatch-name: rhel9/5.14.0-611.26.1.el9_7/CVE-2025-40248-vsock-ignore-signal-timeout-on-connect-if-already-established.patch kpatch-description: vsock: Ignore signal/timeout on connect() if already established kpatch-kernel: 5.14.0-611.26.1.el9_7 kpatch-cve: CVE-2025-40248 kpatch-cvss: 7.0 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-40248 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=002541ef650b742a198e4be363881439bb9d86b4 kpatch-name: rhel9/5.14.0-611.26.1.el9_7/CVE-2025-40258-mptcp-fix-race-condition-in-mptcp-schedule-work.patch kpatch-description: mptcp: fix race condition in mptcp_schedule_work() kpatch-kernel: 5.14.0-611.26.1.el9_7 kpatch-cve: CVE-2025-40258 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-40258 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=035bca3f017ee9dea3a5a756e77a6f7138cc6eea kpatch-name: rhel9/5.14.0-611.26.1.el9_7/CVE-2025-68301-net-atlantic-fix-fragment-overflow-handling-in-rx-path.patch kpatch-description: net: atlantic: fix fragment overflow handling in RX path kpatch-kernel: 5.14.0-611.26.1.el9_7 kpatch-cve: CVE-2025-68301 kpatch-cvss: 7.0 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-68301 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=5ffcb7b890f61541201461580bb6622ace405aec kpatch-name: rhel9/5.14.0-611.26.1.el9_7/CVE-2025-40294-bluetooth-mgmt-fix-oob-access-in-parse-adv-monitor-pattern.patch kpatch-description: Bluetooth: MGMT: Fix OOB access in parse_adv_monitor_pattern() kpatch-kernel: 5.14.0-611.26.1.el9_7 kpatch-cve: CVE-2025-40294 kpatch-cvss: 7.3 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-40294 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=8d59fba49362c65332395789fd82771f1028d87e kpatch-name: rhel9/5.14.0-611.26.1.el9_7/CVE-2025-40294-bluetooth-mgmt-fix-oob-access-in-parse-adv-monitor-pattern-kpatch.patch kpatch-description: Bluetooth: MGMT: Fix OOB access in parse_adv_monitor_pattern() kpatch-kernel: 5.14.0-611.26.1.el9_7 kpatch-cve: CVE-2025-40294 kpatch-cvss: 7.3 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-40294 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=8d59fba49362c65332395789fd82771f1028d87e kpatch-name: rhel9/5.14.0-611.26.1.el9_7/CVE-2025-68305-bluetooth-hci-sock-prevent-race-in-socket-write-iter-and-sock-bind.patch kpatch-description: Bluetooth: hci_sock: Prevent race in socket write iter and sock bind kpatch-kernel: 5.14.0-611.26.1.el9_7 kpatch-cve: CVE-2025-68305 kpatch-cvss: 7.0 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-68305 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=89bb613511cc21ed5ba6bddc1c9b9ae9c0dad392 kpatch-name: rhel9/5.14.0-611.27.1.el9_7/CVE-2025-40154-asoc-intel-bytcr-rt5640-fix-invalid-quirk-input-mapping.patch kpatch-description: ASoC: Intel: bytcr_rt5640: Fix invalid quirk input mapping kpatch-kernel: 5.14.0-611.27.1.el9_7 kpatch-cve: CVE-2025-40154 kpatch-cvss: 7.0 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-40154 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=fba404e4b4af4f4f747bb0e41e9fff7d03c7bcc0 kpatch-name: rhel9/5.14.0-611.27.1.el9_7/CVE-2025-40251-devlink-rate-unset-parent-pointer-in-devl-rate-nodes-destroy-427.patch kpatch-description: devlink: rate: Unset parent pointer in devl_rate_nodes_destroy kpatch-kernel: 5.14.0-611.27.1.el9_7 kpatch-cve: CVE-2025-40251 kpatch-cvss: 7.1 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-40251 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=f94c1a114ac209977bdf5ca841b98424295ab1f0 kpatch-name: rhel9/5.14.0-611.27.1.el9_7/CVE-2025-38568-net-sched-mqprio-fix-stack-out-of-bounds-write-in-tc-entry-parsing.patch kpatch-description: net/sched: mqprio: fix stack out-of-bounds write in tc entry parsing kpatch-kernel: 5.14.0-611.27.1.el9_7 kpatch-cve: CVE-2025-38568 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-38568 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=ffd2dc4c6c49ff4f1e5d34e454a6a55608104c17 kpatch-name: rhel9/5.14.0-611.27.1.el9_7/CVE-2025-38568-net-sched-mqprio-fix-stack-out-of-bounds-write-in-tc-entry-parsing-kpatch-427-42.patch kpatch-description: net/sched: mqprio: fix stack out-of-bounds write in tc entry parsing kpatch-kernel: 5.14.0-611.27.1.el9_7 kpatch-cve: CVE-2025-38568 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-38568 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=ffd2dc4c6c49ff4f1e5d34e454a6a55608104c17 kpatch-name: rhel9/5.14.0-611.30.1.el9_7/CVE-2025-40141-bluetooth-iso-fix-possible-uaf-on-iso-conn-free.patch kpatch-description: Bluetooth: ISO: Fix possible UAF on iso_conn_free kpatch-kernel: 5.14.0-611.30.1.el9_7 kpatch-cve: CVE-2025-40141 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-40141 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=9950f095d6c875dbe0c9ebfcf972ec88fdf26fc8 kpatch-name: rhel9/5.14.0-611.30.1.el9_7/CVE-2025-37789-net-openvswitch-fix-nested-key-length-validation-in-the-set-action.patch kpatch-description: net: openvswitch: fix nested key length validation in the set() action kpatch-kernel: 5.14.0-611.30.1.el9_7 kpatch-cve: CVE-2025-37789 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-37789 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=65d91192aa66f05710cfddf6a14b5a25ee554dba kpatch-name: skipped/CVE-2025-37819.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2025-37819 kpatch-skip-reason: Out of scope: ARM64 architecture isn't supported for current kernel kpatch-cvss: kpatch-name: rhel9/5.14.0-611.30.1.el9_7/CVE-2025-38022-rdma-core-fix-kasan-slab-use-after-free-read-in-ib-register-device-problem-5.14.0-503.40.1.el9_5.patch kpatch-description: RDMA/core: Fix "KASAN: slab-use-after-free Read in ib_register_device" problem kpatch-kernel: 5.14.0-611.30.1.el9_7 kpatch-cve: CVE-2025-38022 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-38022 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=d0706bfd3ee40923c001c6827b786a309e2a8713 kpatch-name: rhel9/5.14.0-611.30.1.el9_7/CVE-2025-40318-bluetooth-hci-sync-fix-race-in-hci-cmd-sync-dequeue-once.patch kpatch-description: Bluetooth: hci_sync: fix race in hci_cmd_sync_dequeue_once kpatch-kernel: 5.14.0-611.30.1.el9_7 kpatch-cve: CVE-2025-40318 kpatch-cvss: 7.0 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-40318 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=09b0cd1297b4dbfe736aeaa0ceeab2265f47f772 kpatch-name: rhel9/5.14.0-611.30.1.el9_7/CVE-2025-40271-fs-proc-fix-uaf-in-proc-readdir-de.patch kpatch-description: fs/proc: fix uaf in proc_readdir_de() kpatch-kernel: 5.14.0-611.30.1.el9_7 kpatch-cve: CVE-2025-40271 kpatch-cvss: 7.0 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-40271 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=895b4c0c79b092d732544011c3cecaf7322c36a1 kpatch-name: rhel9/5.14.0-611.30.1.el9_7/CVE-2025-38024-rdma-rxe-fix-slab-use-after-free-read-in-rxe-queue-cleanup-bug.patch kpatch-description: RDMA/rxe: Fix slab-use-after-free Read in rxe_queue_cleanup bug kpatch-kernel: 5.14.0-611.30.1.el9_7 kpatch-cve: CVE-2025-38024 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-38024 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=f81b33582f9339d2dc17c69b92040d3650bb4bae kpatch-name: rhel9/5.14.0-611.30.1.el9_7/CVE-2025-39760-usb-core-config-prevent-oob-read-in-ss-endpoint-companion-parsing.patch kpatch-description: usb: core: config: Prevent OOB read in SS endpoint companion parsing kpatch-kernel: 5.14.0-611.30.1.el9_7 kpatch-cve: CVE-2025-39760 kpatch-cvss: 7.1 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-39760 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=cf16f408364efd8a68f39011a3b073c83a03612d kpatch-name: rhel9/5.14.0-611.30.1.el9_7/CVE-2025-38415-squashfs-check-return-result-of-sb-min-blocksize.patch kpatch-description: Squashfs: check return result of sb_min_blocksize kpatch-kernel: 5.14.0-611.30.1.el9_7 kpatch-cve: CVE-2025-38415 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-38415 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=734aa85390ea693bb7eaf2240623d41b03705c84 kpatch-name: rhel9/5.14.0-611.30.1.el9_7/CVE-2025-38415-squashfs-check-return-result-of-sb-min-blocksize-kpatch.patch kpatch-description: Squashfs: check return result of sb_min_blocksize kpatch-kernel: 5.14.0-611.30.1.el9_7 kpatch-cve: CVE-2025-38415 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-38415 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=734aa85390ea693bb7eaf2240623d41b03705c84 kpatch-name: rhel9/5.14.0-611.30.1.el9_7/CVE-2025-38415-squashfs-fix-memory-leak-in-squashfs_fill_super.patch kpatch-description: squashfs: fix memory leak in squashfs_fill_super kpatch-kernel: 5.14.0-611.30.1.el9_7 kpatch-cve: CVE-2025-38415 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-38415 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=b64700d41bdc4e9f82f1346c15a3678ebb91a89c kpatch-name: rhel9/5.14.0-611.30.1.el9_7/CVE-2025-40269-alsa-usb-audio-fix-potential-overflow-of-pcm-transfer-buffer.patch kpatch-description: ALSA: usb-audio: Fix potential overflow of PCM transfer buffer kpatch-kernel: 5.14.0-611.30.1.el9_7 kpatch-cve: CVE-2025-40269 kpatch-cvss: 7.3 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-40269 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=05a1fc5efdd8560f34a3af39c9cf1e1526cc3ddf kpatch-name: rhel9/5.14.0-611.30.1.el9_7/CVE-2025-38403-vsock-vmci-clear-the-vmci-transport-packet-properly-when-initializing-it.patch kpatch-description: vsock/vmci: Clear the vmci transport packet properly when initializing it kpatch-kernel: 5.14.0-611.30.1.el9_7 kpatch-cve: CVE-2025-38403 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-38403 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=223e2288f4b8c262a864e2c03964ffac91744cd5 kpatch-name: rhel9/5.14.0-611.30.1.el9_7/CVE-2025-38459-atm-clip-fix-infinite-recursive-call-of-clip-push.patch kpatch-description: atm: clip: Fix infinite recursive call of clip_push(). kpatch-kernel: 5.14.0-611.30.1.el9_7 kpatch-cve: CVE-2025-38459 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-38459 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=c489f3283dbfc0f3c00c312149cae90d27552c45 kpatch-name: rhel9/5.14.0-611.30.1.el9_7/CVE-2025-38730-io_uring-net-commit-partial-buffers-on-retry-5.14.0-503.40.1.el9_5.patch kpatch-description: io_uring/net: commit partial buffers on retry kpatch-kernel: 5.14.0-611.30.1.el9_7 kpatch-cve: CVE-2025-38730 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-38730 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/patch/?id=fe9da1812f8697a38f7e30991d568ec199e16059 kpatch-name: rhel9/5.14.0-611.34.1.el9_7/CVE-2025-68349-nfsv4-pnfs-clear-nfs-ino-layoutcommit-in-pnfs-mark-layout-stateid-invalid.patch kpatch-description: NFSv4/pNFS: Clear NFS_INO_LAYOUTCOMMIT in pnfs_mark_layout_stateid_invalid kpatch-kernel: 5.14.0-611.34.1.el9_7 kpatch-cve: CVE-2025-68349 kpatch-cvss: 7.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-68349 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=e0f8058f2cb56de0b7572f51cd563ca5debce746 kpatch-name: rhel9/5.14.0-611.34.1.el9_7/CVE-2025-68811-svcrdma-use-rc-pageoff-for-memcpy-byte-offset-5.14.0-427.42.1.el9_4.patch kpatch-description: svcrdma: use rc_pageoff for memcpy byte offset kpatch-kernel: 5.14.0-611.34.1.el9_7 kpatch-cve: CVE-2025-68811 kpatch-cvss: 7.1 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-68811 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=a8ee9099f30654917aa68f55d707b5627e1dbf77 kpatch-name: rhel9/5.14.0-611.34.1.el9_7/CVE-2026-22998-nvme-tcp-fix-null-pointer-dereferences-in-nvmet-tcp-build-pdu-iovec.patch kpatch-description: nvme-tcp: fix NULL pointer dereferences in nvmet_tcp_build_pdu_iovec kpatch-kernel: 5.14.0-611.34.1.el9_7 kpatch-cve: CVE-2026-22998 kpatch-cvss: 7.6 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2026-22998 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=32b63acd78f577b332d976aa06b56e70d054cbba kpatch-name: rhel9/5.14.0-611.34.1.el9_7/CVE-2025-40322-fbdev-bitblit-bound-check-glyph-index-in-bit-putcs.patch kpatch-description: fbdev: bitblit: bound-check glyph index in bit_putcs* kpatch-kernel: 5.14.0-611.34.1.el9_7 kpatch-cve: CVE-2025-40322 kpatch-cvss: 7.1 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-40322 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=18c4ef4e765a798b47980555ed665d78b71aeadf kpatch-name: rhel9/5.14.0-611.34.1.el9_7/CVE-2025-40304-fbdev-add-bounds-checking-in-bit-putcs-to-fix-vmalloc-out-of-bounds.patch kpatch-description: fbdev: Add bounds checking in bit_putcs to fix vmalloc-out-of-bounds kpatch-kernel: 5.14.0-611.34.1.el9_7 kpatch-cve: CVE-2025-40304 kpatch-cvss: 7.3 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-40304 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=3637d34b35b287ab830e66048841ace404382b67 kpatch-name: rhel9/5.14.0-611.34.1.el9_7/CVE-2023-53034-ntb-hw-switchtec-fix-shift-out-of-bounds-in-switchtec-ntb-mw-set-trans.patch kpatch-description: ntb_hw_switchtec: Fix shift-out-of-bounds in switchtec_ntb_mw_set_trans kpatch-kernel: 5.14.0-611.34.1.el9_7 kpatch-cve: CVE-2023-53034 kpatch-cvss: 7.1 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-53034 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=de203da734fae00e75be50220ba5391e7beecdf9 kpatch-name: rhel9/5.14.0-611.34.1.el9_7/CVE-2025-40064-smc-fix-use-after-free-in-pnet-find-base-ndev.patch kpatch-description: smc: Fix use-after-free in __pnet_find_base_ndev(). kpatch-kernel: 5.14.0-611.34.1.el9_7 kpatch-cve: CVE-2025-40064 kpatch-cvss: 7.1 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-40064 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=3d3466878afd8d43ec0ca2facfbc7f03e40d0f79 uname: 5.14.0-611.34.1.el9_7