ACIL FM
Dark
Refresh
Current DIR:
/var/cache/kcare/patches/none-89d716922759c6ca4f0e42ff3d87e5c7cfb3d106-74-default
/
var
cache
kcare
patches
none-89d716922759c6ca4f0e42ff3d87e5c7cfb3d106-74-default
Upload
Zip Selected
Delete Selected
Pilih semua
Nama
Ukuran
Permission
Aksi
.done
0 B
chmod
View
DL
Edit
Rename
Delete
kcare.ko
823.47 MB
chmod
View
DL
Edit
Rename
Delete
kpatch.bin
27.48 GB
chmod
View
DL
Edit
Rename
Delete
kpatch.info
599.43 MB
chmod
View
DL
Edit
Rename
Delete
release.content.json
297.72 MB
chmod
View
DL
Edit
Rename
Delete
tmp.release.content.json.json-sig
4.96 MB
chmod
View
DL
Edit
Rename
Delete
Edit file: /var/cache/kcare/patches/none-89d716922759c6ca4f0e42ff3d87e5c7cfb3d106-74-default/kpatch.info
OS: almalinux9 kernel: kernel-5.14.0-427.31.1.el9_4 time: 2026-02-25 09:45:19 kpatch-name: skipped/CVE-2024-35839.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-35839 kpatch-skip-reason: Live-patching will introduce network performance degradation in the best case scenario, or even some more serious issues. N/A or Low cvss3 score from NVD or vendors. kpatch-cvss: kpatch-name: rhel9/5.14.0-427.33.1.el9_4/CVE-2024-36003-ice-fix-lag-and-vf-lock-dependency-in.patch kpatch-description: ice: fix LAG and VF lock dependency in kpatch-kernel: 5.14.0-427.33.1.el9_4 kpatch-cve: CVE-2024-36003 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-36003 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=96fdd1f6b4ed72a741fb0eb705c0e13049b8721f kpatch-name: rhel9/5.14.0-427.33.1.el9_4/CVE-2024-36025-scsi-qla2xxx-fix-off-by-one-in.patch kpatch-description: scsi: qla2xxx: Fix off by one in kpatch-kernel: 5.14.0-427.33.1.el9_4 kpatch-cve: CVE-2024-36025 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-36025 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=4406e4176f47177f5e51b4cc7e6a7a2ff3dbfbbd kpatch-name: rhel9/5.14.0-427.33.1.el9_4/CVE-2024-39476-md-raid5-fix-deadlock-that-raid5d-wait-for.patch kpatch-description: md/raid5: fix deadlock that raid5d() wait for kpatch-kernel: 5.14.0-427.33.1.el9_4 kpatch-cve: CVE-2024-39476 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-39476 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=151f66bb618d1fd0eeb84acb61b4a9fa5d8bb0fa kpatch-name: rhel9/5.14.0-427.33.1.el9_4/CVE-2024-39476-md-raid5-fix-deadlock-that-raid5d-wait-for-kpatch.patch kpatch-description: md/raid5: remove pr_debug() in raid5d() kpatch-kernel: 5.14.0-427.33.1.el9_4 kpatch-cve: CVE-2024-39476 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-39476 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=151f66bb618d1fd0eeb84acb61b4a9fa5d8bb0fa kpatch-name: rhel9/5.14.0-427.33.1.el9_4/CVE-2024-26925-netfilter-nf-tables-release-mutex-after.patch kpatch-description: netfilter: nf_tables: release mutex after kpatch-kernel: 5.14.0-427.33.1.el9_4 kpatch-cve: CVE-2024-26925 kpatch-cvss: 7.0 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26925 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=0d459e2ffb541841714839e8228b845458ed3b27 kpatch-name: rhel9/5.14.0-427.33.1.el9_4/CVE-2024-26581-netfilter-nft-set-rbtree-skip-end-interval.patch kpatch-description: netfilter: nft_set_rbtree: skip end interval kpatch-kernel: 5.14.0-427.33.1.el9_4 kpatch-cve: CVE-2024-26581 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26581 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=60c0c230c6f046da536d3df8b39a20b9a9fd6af0 kpatch-name: rhel9/5.14.0-427.33.1.el9_4/CVE-2024-27020-netfilter-nf-tables-fix-potential-data-race-in.patch kpatch-description: netfilter: nf_tables: Fix potential data-race in kpatch-kernel: 5.14.0-427.33.1.el9_4 kpatch-cve: CVE-2024-27020 kpatch-cvss: 7.0 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-27020 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=f969eb84ce482331a991079ab7a5c4dc3b7f89bf kpatch-name: rhel9/5.14.0-427.33.1.el9_4/CVE-2024-41090-tap-add-missing-verification-for-short-frame.patch kpatch-description: tap: add missing verification for short frame kpatch-kernel: 5.14.0-427.33.1.el9_4 kpatch-cve: CVE-2024-41090 kpatch-cvss: 7.1 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-41090 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=ed7f2afdd0e043a397677e597ced0830b83ba0b3 kpatch-name: rhel9/5.14.0-427.33.1.el9_4/CVE-2024-41091-tun-add-missing-verification-for-short-frame.patch kpatch-description: tun: add missing verification for short frame kpatch-kernel: 5.14.0-427.33.1.el9_4 kpatch-cve: CVE-2024-41091 kpatch-cvss: 7.1 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-41091 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=049584807f1d797fc3078b68035450a9769eb5c3 kpatch-name: rhel9/5.14.0-427.33.1.el9_4/CVE-2024-26668-netfilter-nft-limit-reject-configurations-that.patch kpatch-description: netfilter: nft_limit: reject configurations that cause integer overflow kpatch-kernel: 5.14.0-427.33.1.el9_4 kpatch-cve: CVE-2024-26668 kpatch-cvss: 7.1 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26668 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=c9d9eb9c53d37cdebbad56b91e40baf42d5a97aa kpatch-name: rhel9/5.14.0-427.33.1.el9_4/CVE-2024-38538-net-bridge-xmit-make-sure-we-have-at-least-eth.patch kpatch-description: net: bridge: xmit: make sure we have at least eth kpatch-kernel: 5.14.0-427.33.1.el9_4 kpatch-cve: CVE-2024-38538 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-38538 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=8bd67ebb50c0145fd2ca8681ab65eb7e8cde1afc kpatch-name: rhel9/5.14.0-427.33.1.el9_4/CVE-2023-52880-tty-n-gsm-require-cap-net-admin-to-attach.patch kpatch-description: tty: n_gsm: require CAP_NET_ADMIN to attach kpatch-kernel: 5.14.0-427.33.1.el9_4 kpatch-cve: CVE-2023-52880 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-52880 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=67c37756898a5a6b2941a13ae7260c89b54e0d88 kpatch-name: skipped/CVE-2024-26908.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-26908 kpatch-skip-reason: CVE marked as rejected by vendor kpatch-cvss: kpatch-name: rhel9/5.14.0-427.33.1.el9_4/CVE-2024-27016-netfilter-flowtable-validate-pppoe-header.patch kpatch-description: netfilter: flowtable: validate pppoe header kpatch-kernel: 5.14.0-427.33.1.el9_4 kpatch-cve: CVE-2024-27016 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-27016 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=87b3593bed1868b2d9fe096c01bcdf0ea86cbebf kpatch-name: rhel9/5.14.0-427.33.1.el9_4/CVE-2024-27019-netfilter-nf-tables-fix-potential-data-race-in.patch kpatch-description: netfilter: nf_tables: Fix potential data-race in kpatch-kernel: 5.14.0-427.33.1.el9_4 kpatch-cve: CVE-2024-27019 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-27019 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=d78d867dcea69c328db30df665be5be7d0148484 kpatch-name: rhel9/5.14.0-427.33.1.el9_4/CVE-2024-35896-netfilter-validate-user-input-for-expected.patch kpatch-description: netfilter: validate user input for expected length kpatch-kernel: 5.14.0-427.33.1.el9_4 kpatch-cve: CVE-2024-35896 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-35896 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=0c83842df40f86e529db6842231154772c20edcc kpatch-name: rhel9/5.14.0-427.33.1.el9_4/CVE-2024-35962-netfilter-complete-validation-of-user-input.patch kpatch-description: netfilter: complete validation of user input kpatch-kernel: 5.14.0-427.33.1.el9_4 kpatch-cve: CVE-2024-35962 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-35962 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=65acf6e0501ac8880a4f73980d01b5d27648b956 kpatch-name: rhel9/5.14.0-427.33.1.el9_4/CVE-2024-35897-netfilter-nf_tables-reject-table-flag-and-netdev-basechain-updates.patch kpatch-description: netfilter: nf_tables: discard table flag update kpatch-kernel: 5.14.0-427.33.1.el9_4 kpatch-cve: CVE-2024-35897 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-35897 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=6cbbe1ba76ee7e674a86abd43009b083a45838cb kpatch-name: rhel9/5.14.0-427.33.1.el9_4/CVE-2024-35897-netfilter-nf-tables-discard-table-flag-update.patch kpatch-description: netfilter: nf_tables: discard table flag update kpatch-kernel: 5.14.0-427.33.1.el9_4 kpatch-cve: CVE-2024-35897 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-35897 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=1bc83a019bbe268be3526406245ec28c2458a518 kpatch-name: rhel9/5.14.0-427.33.1.el9_4/CVE-2023-52771-cxl-port-fix-delete-endpoint-vs-parent.patch kpatch-description: cxl/port: Fix delete_endpoint() vs parent kpatch-kernel: 5.14.0-427.33.1.el9_4 kpatch-cve: CVE-2023-52771 kpatch-cvss: 4.4 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-52771 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=8d2ad999ca3c64cb08cf6a58d227b9d9e746d708 kpatch-name: rhel9/5.14.0-427.33.1.el9_4/CVE-2024-26810-vfio-pci-lock-external-intx-masking-ops.patch kpatch-description: vfio/pci: Lock external INTx masking ops kpatch-kernel: 5.14.0-427.33.1.el9_4 kpatch-cve: CVE-2024-26810 kpatch-cvss: 4.4 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26810 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=810cd4bb53456d0503cc4e7934e063835152c1b7 kpatch-name: rhel9/5.14.0-427.33.1.el9_4/CVE-2024-42152-nvmet-fix-a-possible-leak-when-destroy-a-ctrl.patch kpatch-description: nvmet: fix a possible leak when destroy a ctrl kpatch-kernel: 5.14.0-427.33.1.el9_4 kpatch-cve: CVE-2024-42152 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-42152 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=c758b77d4a0a0ed3a1292b3fd7a2aeccd1a169a4 kpatch-name: rhel9/5.14.0-427.33.1.el9_4/CVE-2024-26855-net-ice-fix-potential-null-pointer-dereference.patch kpatch-description: net: ice: Fix potential NULL pointer dereference kpatch-kernel: 5.14.0-427.33.1.el9_4 kpatch-cve: CVE-2024-26855 kpatch-cvss: 4.4 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26855 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=06e456a05d669ca30b224b8ed962421770c1496c kpatch-name: rhel9/5.14.0-427.33.1.el9_4/CVE-2024-41076-nfsv4-fix-memory-leak-in-nfs4-set-security-label.patch kpatch-description: NFSv4: Fix memory leak in nfs4_set_security_label kpatch-kernel: 5.14.0-427.33.1.el9_4 kpatch-cve: CVE-2024-41076 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-41076 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=aad11473f8f4be3df86461081ce35ec5b145ba68 kpatch-name: rhel9/5.14.0-427.33.1.el9_4/CVE-2024-41041-udp-set-sock-rcu-free-earlier-in.patch kpatch-description: udp: Set SOCK_RCU_FREE earlier in udp_lib_get_port(). kpatch-kernel: 5.14.0-427.33.1.el9_4 kpatch-cve: CVE-2024-41041 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-41041 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=5c0b485a8c6116516f33925b9ce5b6104a6eadfd kpatch-name: rhel9/5.14.0-427.33.1.el9_4/CVE-2024-42110-net-ntb-netdev-move-ntb-netdev-rx-handler-to.patch kpatch-description: net: ntb_netdev: Move ntb_netdev_rx_handler() to call netif_rx() from __netif_rx() kpatch-kernel: 5.14.0-427.33.1.el9_4 kpatch-cve: CVE-2024-42110 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-42110 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=e15a5d821e5192a3769d846079bc9aa380139baf kpatch-name: rhel9/5.14.0-427.33.1.el9_4/CVE-2024-40957-seg6-fix-parameter-passing-when-calling.patch kpatch-description: seg6: fix parameter passing when calling NF_HOOK() in End.DX4 and End.DX6 behaviors kpatch-kernel: 5.14.0-427.33.1.el9_4 kpatch-cve: CVE-2024-40957 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-40957 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=9a3bc8d16e0aacd65c31aaf23a2bced3288a7779 kpatch-name: rhel9/5.14.0-427.33.1.el9_4/CVE-2024-40978-scsi-qedi-fix-crash-while-reading-debugfs.patch kpatch-description: scsi: qedi: Fix crash while reading debugfs attribute kpatch-kernel: 5.14.0-427.33.1.el9_4 kpatch-cve: CVE-2024-40978 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-40978 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=28027ec8e32ecbadcd67623edb290dad61e735b5 kpatch-name: rhel9/5.14.0-427.33.1.el9_4/CVE-2024-40941-wifi-iwlwifi-mvm-don-t-read-past-the-mfuart.patch kpatch-description: wifi: iwlwifi: mvm: don't read past the mfuart notifcation kpatch-kernel: 5.14.0-427.33.1.el9_4 kpatch-cve: CVE-2024-40941 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-40941 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=4bb95f4535489ed830cf9b34b0a891e384d1aee4 kpatch-name: rhel9/5.14.0-427.33.1.el9_4/CVE-2024-40929-wifi-iwlwifi-mvm-check-n-ssids-before.patch kpatch-description: wifi: iwlwifi: mvm: check n_ssids before accessing the ssids kpatch-kernel: 5.14.0-427.33.1.el9_4 kpatch-cve: CVE-2024-40929 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-40929 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=60d62757df30b74bf397a2847a6db7385c6ee281 kpatch-name: rhel9/5.14.0-427.33.1.el9_4/CVE-2024-40912-wifi-mac80211-fix-deadlock-in.patch kpatch-description: wifi: mac80211: Fix deadlock in ieee80211_sta_ps_deliver_wakeup() kpatch-kernel: 5.14.0-427.33.1.el9_4 kpatch-cve: CVE-2024-40912 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-40912 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=44c06bbde6443de206b30f513100b5670b23fc5e kpatch-name: rhel9/5.14.0-427.33.1.el9_4/CVE-2024-40911-wifi-cfg80211-lock-wiphy-in.patch kpatch-description: wifi: cfg80211: Lock wiphy in cfg80211_get_station kpatch-kernel: 5.14.0-427.33.1.el9_4 kpatch-cve: CVE-2024-40911 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-40911 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=642f89daa34567d02f312d03e41523a894906dae kpatch-name: rhel9/5.14.0-427.33.1.el9_4/CVE-2024-40939-net-wwan-iosm-fix-tainted-pointer-delete-is.patch kpatch-description: net: wwan: iosm: Fix tainted pointer delete is case of region creation fail kpatch-kernel: 5.14.0-427.33.1.el9_4 kpatch-cve: CVE-2024-40939 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-40939 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=b0c9a26435413b81799047a7be53255640432547 kpatch-name: rhel9/5.14.0-427.33.1.el9_4/CVE-2024-40905-ipv6-fix-possible-race-in.patch kpatch-description: ipv6: fix possible race in __fib6_drop_pcpu_from() kpatch-kernel: 5.14.0-427.33.1.el9_4 kpatch-cve: CVE-2024-40905 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-40905 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=b01e1c030770ff3b4fe37fc7cc6bca03f594133f kpatch-name: rhel9/5.14.0-427.33.1.el9_4/CVE-2024-40983-tipc-force-a-dst-refcount-before-doing.patch kpatch-description: tipc: force a dst refcount before doing decryption kpatch-kernel: 5.14.0-427.33.1.el9_4 kpatch-cve: CVE-2024-40983 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-40983 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=2ebe8f840c7450ecbfca9d18ac92e9ce9155e269 kpatch-name: rhel9/5.14.0-427.33.1.el9_4/CVE-2024-40914-mm-huge_memory-don-t-unpoison-huge_zero_folio.patch kpatch-description: mm/huge_memory: don't unpoison huge_zero_folio kpatch-kernel: 5.14.0-427.33.1.el9_4 kpatch-cve: CVE-2024-40914 kpatch-cvss: 4.7 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-40914 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=fe6f86f4b40855a130a19aa589f9ba7f650423f4 kpatch-name: rhel9/5.14.0-427.33.1.el9_4/CVE-2024-38544-rdma-rxe-fix-seg-fault-in-rxe-comp-queue-pkt.patch kpatch-description: RDMA/rxe: Fix seg fault in rxe_comp_queue_pkt kpatch-kernel: 5.14.0-427.33.1.el9_4 kpatch-cve: CVE-2024-38544 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-38544 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=2b23b6097303ed0ba5f4bc036a1c07b6027af5c6 kpatch-name: rhel9/5.14.0-427.33.1.el9_4/CVE-2024-38579-crypto-bcm-fix-pointer-arithmetic.patch kpatch-description: crypto: bcm - Fix pointer arithmetic kpatch-kernel: 5.14.0-427.33.1.el9_4 kpatch-cve: CVE-2024-38579 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-38579 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=2b3460cbf454c6b03d7429e9ffc4fe09322eb1a9 kpatch-name: rhel9/5.14.0-427.33.1.el9_4/CVE-2024-38540-bnxt-re-avoid-shift-undefined-behavior-in.patch kpatch-description: bnxt_re: avoid shift undefined behavior in kpatch-kernel: 5.14.0-427.33.1.el9_4 kpatch-cve: CVE-2024-38540 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-38540 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=78cfd17142ef70599d6409cbd709d94b3da58659 kpatch-name: rhel9/5.14.0-427.33.1.el9_4/CVE-2024-35898-netfilter-nf-tables-fix-potential-data-race-in.patch kpatch-description: netfilter: nf_tables: Fix potential data-race in kpatch-kernel: 5.14.0-427.33.1.el9_4 kpatch-cve: CVE-2024-35898 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-35898 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/patch/?id=24225011d81b471acc0e1e315b7d9905459a6304 kpatch-name: rhel9/5.14.0-427.33.1.el9_4/CVE-2024-38608-net-mlx5e-Add-wrapping-for-auxiliary_driver-ops-and.patch kpatch-description: net/mlx5e: Add wrapping for auxiliary_driver ops and remove unused args kpatch-kernel: 5.14.0-427.33.1.el9_4 kpatch-cve: CVE-2024-38608 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-38608 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=b1a33e65134786b9ef97f978572531c6004c8526 kpatch-name: rhel9/5.14.0-427.33.1.el9_4/CVE-2024-38608-net-mlx5e-Fix-netif-state-handling.patch kpatch-description: net/mlx5e: Fix netif state handling kpatch-kernel: 5.14.0-427.33.1.el9_4 kpatch-cve: CVE-2024-38608 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-38608 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=3d5918477f94e4c2f064567875c475468e264644 kpatch-name: rhel9/5.14.0-427.33.1.el9_4/CVE-2024-27415-netfilter-bridge-confirm-multicast-packets.patch kpatch-description: netfilter: bridge: confirm multicast packets kpatch-kernel: 5.14.0-427.33.1.el9_4 kpatch-cve: CVE-2024-27415 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-27415 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=62e7151ae3eb465e0ab52a20c941ff33bb6332e9 kpatch-name: rhel9/5.14.0-427.33.1.el9_4/CVE-2024-27415-netfilter-bridge-confirm-multicast-packets-kpatch.patch kpatch-description: netfilter: bridge: confirm multicast packets kpatch kpatch-kernel: 5.14.0-427.33.1.el9_4 kpatch-cve: CVE-2024-27415 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-27415 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=62e7151ae3eb465e0ab52a20c941ff33bb6332e9 kpatch-name: rhel9/5.14.0-427.35.1.el9_4/CVE-2024-36979-net-bridge-mst-fix-vlan-use-after-free.patch kpatch-description: net: bridge: mst: fix vlan use-after-free kpatch-kernel: 5.14.0-427.35.1.el9_4 kpatch-cve: CVE-2024-36979 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-36979 kpatch-patch-url: https://git.kernel.org/linus/3a7c1661ae1383364cd6092d851f5e5da64d476b kpatch-name: rhel9/5.14.0-427.35.1.el9_4/CVE-2024-36979-CVE-2024-40920-net-bridge-mst-fix-suspicious-rcu-usage-in-br_mst_se.patch kpatch-description: net: bridge: mst: fix vlan use-after-free kpatch-kernel: 5.14.0-427.35.1.el9_4 kpatch-cve: CVE-2024-36979 CVE-2024-40920 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-36979 kpatch-patch-url: https://git.kernel.org/linus/546ceb1dfdac866648ec959cbc71d9525bd73462 kpatch-name: rhel9/5.14.0-427.35.1.el9_4/CVE-2024-36979-CVE-2024-40921-net-bridge-mst-pass-vlan-group-directly-to-br_mst_vl.patch kpatch-description: net: bridge: mst: fix vlan use-after-free kpatch-kernel: 5.14.0-427.35.1.el9_4 kpatch-cve: CVE-2024-36979 CVE-2024-40921 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-36979 kpatch-patch-url: https://git.kernel.org/linus/36c92936e868601fa1f43da6758cf55805043509 kpatch-name: rhel9/5.14.0-427.35.1.el9_4/CVE-2024-26630-mm-cachestat-fix-folio-read-after-free-in-cache-walk.patch kpatch-description: mm: cachestat: fix folio read-after-free in cache walk kpatch-kernel: 5.14.0-427.35.1.el9_4 kpatch-cve: CVE-2024-26630 kpatch-cvss: 7.1 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26630 kpatch-patch-url: https://git.kernel.org/linus/3a75cb05d53f4a6823a32deb078de1366954a804 kpatch-name: rhel9/5.14.0-427.35.1.el9_4/CVE-2024-41096-PCI-MSI-Fix-UAF-in-msi_capability_init.patch kpatch-description: PCI/MSI: Fix UAF in msi_capability_init kpatch-kernel: 5.14.0-427.35.1.el9_4 kpatch-cve: CVE-2024-41096 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-41096 kpatch-patch-url: https://git.kernel.org/linus/9eee5330656bf92f51cb1f09b2dc9f8cf975b3d1 kpatch-name: rhel9/5.14.0-427.35.1.el9_4/CVE-2024-41073-vme-avoid-double-free-special-payload.patch kpatch-description: nvme: avoid double free special payload kpatch-kernel: 5.14.0-427.35.1.el9_4 kpatch-cve: CVE-2024-41073 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-41073 kpatch-patch-url: https://git.kernel.org/linus/e5d574ab37f5f2e7937405613d9b1a724811e5ad kpatch-name: rhel9/5.14.0-427.35.1.el9_4/CVE-2024-41040-net-sched-Fix-UAF-when-resolving-a-clash.patch kpatch-description: net/sched: Fix UAF when resolving a clash kpatch-kernel: 5.14.0-427.35.1.el9_4 kpatch-cve: CVE-2024-41040 kpatch-cvss: 7.0 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-41040 kpatch-patch-url: https://git.kernel.org/linus/26488172b0292bed837b95a006a3f3431d1898c3 kpatch-name: rhel9/5.14.0-427.35.1.el9_4/CVE-2023-52801-iommufd-Fix-missing-update-of-domains_itree-after-s.patch kpatch-description: iommufd: Fix missing update of domains_itree after splitting iopt_area kpatch-kernel: 5.14.0-427.35.1.el9_4 kpatch-cve: CVE-2023-52801 kpatch-cvss: 9.1 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-52801 kpatch-patch-url: https://git.kernel.org/linus/e7250ab7ca4998fe026f2149805b03e09dc32498 kpatch-name: rhel9/5.14.0-427.35.1.el9_4/CVE-2024-35797-mm-cachestat-fix-two-shmem-bugs.patch kpatch-description: mm: cachestat: fix two shmem bugs kpatch-kernel: 5.14.0-427.35.1.el9_4 kpatch-cve: CVE-2024-35797 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-35797 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=d5d39c707a4cf0bcc84680178677b97aa2cb2627 kpatch-name: rhel9/5.14.0-427.35.1.el9_4/CVE-2024-26629-nfsd-fix-RELEASE_LOCKOWNER.patch kpatch-description: nfsd: fix RELEASE_LOCKOWNER kpatch-kernel: 5.14.0-427.35.1.el9_4 kpatch-cve: CVE-2024-26629 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26629 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=edcf9725150e42beeca42d085149f4c88fa97afd kpatch-name: rhel9/5.14.0-427.35.1.el9_4/CVE-2024-26946-kprobes-x86-use-copy-from-kernel-nofault-to.patch kpatch-description: kprobes/x86: Use copy_from_kernel_nofault() to read from unsafe address kpatch-kernel: 5.14.0-427.35.1.el9_4 kpatch-cve: CVE-2024-26946 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26946 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=4e51653d5d871f40f1bd5cf95cc7f2d8b33d063b kpatch-name: rhel9/5.14.0-427.35.1.el9_4/CVE-2024-36000-mm-hugetlb-fix-missing-hugetlb_lock-for-resv-unchar.patch kpatch-description: mm/hugetlb: fix missing hugetlb_lock for resv kpatch-kernel: 5.14.0-427.35.1.el9_4 kpatch-cve: CVE-2024-36000 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-36000 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=b76b46902c2d0395488c8412e1116c2486cdfcb2 kpatch-name: rhel9/5.14.0-427.35.1.el9_4/CVE-2024-36019-regmap-maple-fix-cache-corruption-in.patch kpatch-description: regmap: maple: Fix cache corruption in kpatch-kernel: 5.14.0-427.35.1.el9_4 kpatch-cve: CVE-2024-36019 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-36019 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=00bb549d7d63a21532e76e4a334d7807a54d9f31 kpatch-name: skipped/CVE-2024-26720.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-26720 kpatch-skip-reason: This CVE introduces a regression and is reverted by CVE-2024-42102 in the same errata kpatch-cvss: kpatch-name: rhel9/5.14.0-427.35.1.el9_4/CVE-2023-52463-efivarfs-force-RO-when-remounting-if-SetVariable-is-not-supported.patch kpatch-description: efivarfs: force RO when remounting if SetVariable kpatch-kernel: 5.14.0-427.35.1.el9_4 kpatch-cve: CVE-2023-52463 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-52463 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=0e8d2444168dd519fea501599d150e62718ed2fe kpatch-name: rhel9/5.14.0-427.35.1.el9_4/CVE-2023-52463-efivarfs-force-RO-when-remounting-if-SetVariable-is-not-supported-kpatch.patch kpatch-description: efivarfs: force RO when remounting if SetVariable kpatch-kernel: 5.14.0-427.35.1.el9_4 kpatch-cve: CVE-2023-52463 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-52463 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=0e8d2444168dd519fea501599d150e62718ed2fe kpatch-name: rhel9/5.14.0-427.35.1.el9_4/CVE-2024-35791-kvm-svm-flush-pages-under-kvm-lock-to-fix-uaf.patch kpatch-description: KVM: SVM: Flush pages under kvm->lock to fix UAF kpatch-kernel: 5.14.0-427.35.1.el9_4 kpatch-cve: CVE-2024-35791 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-35791 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=5ef1d8c1ddbf696e47b226e11888eaf8d9e8e807 kpatch-name: rhel9/5.14.0-427.35.1.el9_4/CVE-2024-36883-net-fix-out-of-bounds-access-in-ops-init.patch kpatch-description: net: fix out-of-bounds access in ops_init kpatch-kernel: 5.14.0-427.35.1.el9_4 kpatch-cve: CVE-2024-36883 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-36883 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=a26ff37e624d12e28077e5b24d2b264f62764ad6 kpatch-name: rhel9/5.14.0-427.35.1.el9_4/CVE-2024-38559-scsi-qedf-ensure-the-copied-buf-is-nul.patch kpatch-description: scsi: qedf: Ensure the copied buf is NUL kpatch-kernel: 5.14.0-427.35.1.el9_4 kpatch-cve: CVE-2024-38559 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-38559 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=d0184a375ee797eb657d74861ba0935b6e405c62 kpatch-name: rhel9/5.14.0-427.35.1.el9_4/CVE-2024-40927-xhci-handle-td-clearing-for-multiple-streams.patch kpatch-description: xhci: Handle TD clearing for multiple streams kpatch-kernel: 5.14.0-427.35.1.el9_4 kpatch-cve: CVE-2024-40927 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-40927 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=5ceac4402f5d975e5a01c806438eb4e554771577 kpatch-name: rhel9/5.14.0-427.35.1.el9_4/CVE-2024-40936-cxl-region-fix-memregion-leaks-in.patch kpatch-description: cxl/region: Fix memregion leaks in devm_cxl_add_region() kpatch-kernel: 5.14.0-427.35.1.el9_4 kpatch-cve: CVE-2024-40936 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-40936 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=49ba7b515c4c0719b866d16f068e62d16a8a3dd1 kpatch-name: rhel9/5.14.0-427.35.1.el9_4/CVE-2024-41044-ppp-reject-claimed-as-lcp-but-actually-malformed.patch kpatch-description: ppp: reject claimed-as-LCP but actually malformed kpatch-kernel: 5.14.0-427.35.1.el9_4 kpatch-cve: CVE-2024-41044 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-41044 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=f2aeb7306a898e1cbd03963d376f4b6656ca2b55 kpatch-name: rhel9/5.14.0-427.35.1.el9_4/CVE-2024-41055-mm-kmsan-fix-infinite-recursion-due-to-rcu.patch kpatch-description: mm, kmsan: fix infinite recursion due to RCU kpatch-kernel: 5.14.0-427.35.1.el9_4 kpatch-cve: CVE-2024-41055 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-41055 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=82f0b6f041fad768c28b4ad05a683065412c226e kpatch-name: rhel9/5.14.0-427.35.1.el9_4/CVE-2024-41055-mm-prevent-derefencing-null-ptr-in.patch kpatch-description: mm: prevent derefencing NULL ptr in kpatch-kernel: 5.14.0-427.35.1.el9_4 kpatch-cve: CVE-2024-41055 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-41055 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=82f0b6f041fad768c28b4ad05a683065412c226e kpatch-name: rhel9/5.14.0-427.35.1.el9_4/CVE-2024-42082-xdp-remove-warn-from-xdp-reg-mem-model.patch kpatch-description: xdp: Remove WARN() from __xdp_reg_mem_model() kpatch-kernel: 5.14.0-427.35.1.el9_4 kpatch-cve: CVE-2024-42082 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-42082 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=7e9f79428372c6eab92271390851be34ab26bfb4 kpatch-name: rhel9/5.14.0-427.35.1.el9_4/CVE-2024-42096-x86-stop-playing-stack-games-in-profile-pc.patch kpatch-description: x86: stop playing stack games in profile_pc() kpatch-kernel: 5.14.0-427.35.1.el9_4 kpatch-cve: CVE-2024-42096 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-42096 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=093d9603b60093a9aaae942db56107f6432a5dca kpatch-name: skipped/CVE-2024-42102.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-42102 kpatch-skip-reason: Reverts CVE-2024-26720, which we don't use. kpatch-cvss: kpatch-name: rhel9/5.14.0-427.35.1.el9_4/CVE-2024-42131-mm-avoid-overflows-in-dirty-throttling-logic.patch kpatch-description: mm: avoid overflows in dirty throttling logic kpatch-kernel: 5.14.0-427.35.1.el9_4 kpatch-cve: CVE-2024-42131 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-42131 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=385d838df280eba6c8680f9777bfa0d0bfe7e8b2 kpatch-name: rhel9/5.14.0-427.35.1.el9_4/CVE-2024-35875-x86-coco-Require-seeding-RNG-with-RDRAND-on-CoCo-systems.patch kpatch-description: x86/coco: Require seeding RNG with RDRAND on CoCo kpatch-kernel: 5.14.0-427.35.1.el9_4 kpatch-cve: CVE-2024-35875 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-35875 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=99485c4c026f024e7cb82da84c7951dbe3deb584 kpatch-name: rhel9/5.14.0-427.35.1.el9_4/CVE-2024-35875-x86-coco-Require-seeding-RNG-with-RDRAND-on-CoCo-systems-kpatch.patch kpatch-description: x86/coco: Require seeding RNG with RDRAND on CoCo kpatch-kernel: 5.14.0-427.35.1.el9_4 kpatch-cve: CVE-2024-35875 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-35875 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=99485c4c026f024e7cb82da84c7951dbe3deb584 kpatch-name: rhel9/5.14.0-427.35.1.el9_4/CVE-2024-38619-usb-storage-alauda-check-whether-the-media-is.patch kpatch-description: usb-storage: alauda: Check whether the media is initialized kpatch-kernel: 5.14.0-427.35.1.el9_4 kpatch-cve: CVE-2024-38619 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-38619 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=16637fea001ab3c8df528a8995b3211906165a30 kpatch-name: rhel9/5.14.0-427.35.1.el9_4/CVE-2024-38619-usb-storage-alauda-check-whether-the-media-is-initialized-kpatch.patch kpatch-description: usb-storage: alauda: Check whether the media is initialized (Adaptation) kpatch-kernel: 5.14.0-427.35.1.el9_4 kpatch-cve: CVE-2024-38619 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-38619 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=16637fea001ab3c8df528a8995b3211906165a30 kpatch-name: rhel9/5.14.0-427.35.1.el9_4/CVE-2024-26886-bluetooth-af-bluetooth-fix-deadlock.patch kpatch-description: Bluetooth: af_bluetooth: Fix deadlock kpatch-kernel: 5.14.0-427.35.1.el9_4 kpatch-cve: CVE-2024-26886 kpatch-cvss: 5.3 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26886 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=f7b94bdc1ec107c92262716b073b3e816d4784fb kpatch-name: rhel9/5.14.0-427.37.1.el9_4/CVE-2023-52439-uio-fix-use-after-free-in-uio-open.patch kpatch-description: uio: Fix use-after-free in uio_open kpatch-kernel: 5.14.0-427.37.1.el9_4 kpatch-cve: CVE-2023-52439 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-52439 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=0c9ae0b8605078eafc3bea053cc78791e97ba2e2 kpatch-name: rhel9/5.14.0-427.37.1.el9_4/CVE-2024-38570-01-gfs2-Remove-ill-placed-consistency-check.patch kpatch-description: gfs2: Remove ill-placed consistency check kpatch-kernel: 5.14.0-427.37.1.el9_4 kpatch-cve: CVE-2024-38570 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-38570 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=59f60005797b4018d7b46620037e0c53d690795e kpatch-name: rhel9/5.14.0-427.37.1.el9_4/CVE-2024-38570-02-gfs2-simplify-gdlm_put_lock-with-out_free-label.patch kpatch-description: gfs2: simplify gdlm_put_lock with out_free label kpatch-kernel: 5.14.0-427.37.1.el9_4 kpatch-cve: CVE-2024-38570 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-38570 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=a9b0f6f4adb1a8b4219e3e14ab6ef46c14987ac0 kpatch-name: rhel9/5.14.0-427.37.1.el9_4/CVE-2024-38570-03-gfs2-Fix-potential-glock-use-after-free-on-unmount.patch kpatch-description: gfs2: Fix potential glock use-after-free on unmount kpatch-kernel: 5.14.0-427.37.1.el9_4 kpatch-cve: CVE-2024-38570 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-38570 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=501cd8fabf621d10bd4893e37f6ce6c20523c8ca kpatch-name: rhel9/5.14.0-427.37.1.el9_4/CVE-2024-38570-03-gfs2-Fix-potential-glock-use-after-free-on-unmount-kpatch.patch kpatch-description: gfs2: Fix potential glock use-after-free on unmount kpatch-kernel: 5.14.0-427.37.1.el9_4 kpatch-cve: CVE-2024-38570 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-38570 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=501cd8fabf621d10bd4893e37f6ce6c20523c8ca kpatch-name: rhel9/5.14.0-427.37.1.el9_4/CVE-2024-26929-scsi-qla2xxx-fix-double-free-of-fcport.patch kpatch-description: scsi: qla2xxx: Fix double free of fcport kpatch-kernel: 5.14.0-427.37.1.el9_4 kpatch-cve: CVE-2024-26929 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26929 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=82f522ae0d97119a43da53e0f729275691b9c525 kpatch-name: rhel9/5.14.0-427.37.1.el9_4/CVE-2024-26930-scsi-qla2xxx-fix-double-free-of-the-ha-vp-map-pointer.patch kpatch-description: scsi: qla2xxx: Fix double free of the ha->vp_map pointer kpatch-kernel: 5.14.0-427.37.1.el9_4 kpatch-cve: CVE-2024-26930 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26930 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=e288285d47784fdcf7c81be56df7d65c6f10c58b kpatch-name: rhel9/5.14.0-427.37.1.el9_4/CVE-2024-27022-fork-defer-linking-file-vma-until-vma-is-fully-initialized.patch kpatch-description: fork: defer linking file vma until vma is fully initialized kpatch-kernel: 5.14.0-427.37.1.el9_4 kpatch-cve: CVE-2024-27022 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-27022 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=35e351780fa9d8240dd6f7e4f245f9ea37e96c19 kpatch-name: rhel9/5.14.0-427.37.1.el9_4/CVE-2024-38562-wifi-nl80211-avoid-address-calculations-via-out-of-bounds-array-indexing.patch kpatch-description: wifi: nl80211: Avoid address calculations via out of bounds array indexing kpatch-kernel: 5.14.0-427.37.1.el9_4 kpatch-cve: CVE-2024-38562 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-38562 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=838c7b8f1f278404d9d684c34a8cb26dc41aaaa1 kpatch-name: rhel9/5.14.0-427.37.1.el9_4/CVE-2024-41071-wifi-mac80211-avoid-address-calculations-via-out-of-bounds-array-indexing.patch kpatch-description: wifi: mac80211: Avoid address calculations via out of bounds array indexing kpatch-kernel: 5.14.0-427.37.1.el9_4 kpatch-cve: CVE-2024-41071 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-41071 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=2663d0462eb32ae7c9b035300ab6b1523886c718 kpatch-name: rhel9/5.14.0-427.37.1.el9_4/CVE-2024-36016-tty-n-gsm-fix-possible-out-of-bounds-in-gsm0-receive.patch kpatch-description: tty: n_gsm: fix possible out-of-bounds in gsm0_receive() kpatch-kernel: 5.14.0-427.37.1.el9_4 kpatch-cve: CVE-2024-36016 kpatch-cvss: 7.7 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-36016 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=47388e807f85948eefc403a8a5fdc5b406a65d5a kpatch-name: rhel9/5.14.0-427.37.1.el9_4/CVE-2024-38573-cppc-cpufreq-fix-possible-null-pointer-dereference.patch kpatch-description: cppc_cpufreq: Fix possible null pointer dereference kpatch-kernel: 5.14.0-427.37.1.el9_4 kpatch-cve: CVE-2024-38573 kpatch-cvss: 7.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-38573 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=cf7de25878a1f4508c69dc9f6819c21ba177dbfe kpatch-name: rhel9/5.14.0-427.37.1.el9_4/CVE-2024-42225-wifi-mt76-replace-skb-put-with-skb-put-zero.patch kpatch-description: wifi: mt76: replace skb_put with skb_put_zero kpatch-kernel: 5.14.0-427.37.1.el9_4 kpatch-cve: CVE-2024-42225 kpatch-cvss: 7.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-42225 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=7f819a2f4fbc510e088b49c79addcf1734503578 kpatch-name: rhel9/5.14.0-427.37.1.el9_4/CVE-2024-38615-cpufreq-exit-callback-is-optional.patch kpatch-description: cpufreq: exit() callback is optional kpatch-kernel: 5.14.0-427.37.1.el9_4 kpatch-cve: CVE-2024-38615 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-38615 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=b8f85833c05730d631576008daaa34096bc7f3ce kpatch-name: rhel9/5.14.0-427.37.1.el9_4/CVE-2024-36899-gpiolib-cdev-fix-use-after-free-in-lineinfo-changed-notify.patch kpatch-description: gpiolib: cdev: Fix use after free in lineinfo_changed_notify kpatch-kernel: 5.14.0-427.37.1.el9_4 kpatch-cve: CVE-2024-36899 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-36899 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=02f6b0e1ec7e0e7d059dddc893645816552039da kpatch-name: rhel9/5.14.0-427.37.1.el9_4/CVE-2024-35895-bpf-sockmap-prevent-lock-inversion-deadlock-in-map-delete-elem.patch kpatch-description: bpf, sockmap: Prevent lock inversion deadlock in map delete elem kpatch-kernel: 5.14.0-427.37.1.el9_4 kpatch-cve: CVE-2024-35895 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-35895 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=ff91059932401894e6c86341915615c5eb0eca48 kpatch-name: rhel9/5.14.0-427.37.1.el9_4/CVE-2024-26931-scsi-qla2xxx-fix-command-flush-on-cable-pull.patch kpatch-description: scsi: qla2xxx: Fix command flush on cable pull kpatch-kernel: 5.14.0-427.37.1.el9_4 kpatch-cve: CVE-2024-26931 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26931 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=a27d4d0e7de305def8a5098a614053be208d1aa1 kpatch-name: rhel9/5.14.0-427.37.1.el9_4/CVE-2024-38601-ring-buffer-fix-a-race-between-readers-and-resize-checks.patch kpatch-description: ring-buffer: Fix a race between readers and resize checks kpatch-kernel: 5.14.0-427.37.1.el9_4 kpatch-cve: CVE-2024-38601 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-38601 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=c2274b908db05529980ec056359fae916939fdaa kpatch-name: rhel9/5.14.0-427.37.1.el9_4/CVE-2023-52884-input-cyapa-add-missing-input-core-locking-to-suspend-resume-functions.patch kpatch-description: Input: cyapa - add missing input core locking to suspend/resume functions kpatch-kernel: 5.14.0-427.37.1.el9_4 kpatch-cve: CVE-2023-52884 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-52884 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=7b4e0b39182cf5e677c1fc092a3ec40e621c25b6 kpatch-name: skipped/CVE-2024-26947.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-26947 kpatch-skip-reason: ARM related CVE kpatch-cvss: kpatch-name: rhel9/5.14.0-427.37.1.el9_4/CVE-2024-40984-acpica-revert-acpica-avoid-info-mapping-multiple-bars-your-kernel-is-fine.patch kpatch-description: ACPICA: Revert "ACPICA: avoid Info: mapping multiple BARs. Your kernel is fine." kpatch-kernel: 5.14.0-427.37.1.el9_4 kpatch-cve: CVE-2024-40984 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-40984 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=a83e1385b780d41307433ddbc86e3c528db031f0 kpatch-name: rhel9/5.14.0-427.37.1.el9_4/CVE-2024-26991-kvm-x86-mmu-x86-don-t-overflow-lpage-info-when-checking-attributes.patch kpatch-description: KVM: x86/mmu: x86: Don't overflow lpage_info when checking attributes kpatch-kernel: 5.14.0-427.37.1.el9_4 kpatch-cve: CVE-2024-26991 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26991 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=992b54bd083c5bee24ff7cc35991388ab08598c4 kpatch-name: rhel9/5.14.0-427.37.1.el9_4/CVE-2024-42246-net-sunrpc-remap-eperm-in-case-of-connection-failure-in-xs-tcp-setup-socket.patch kpatch-description: net, sunrpc: Remap EPERM in case of connection failure in xs_tcp_setup_socket kpatch-kernel: 5.14.0-427.37.1.el9_4 kpatch-cve: CVE-2024-42246 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-42246 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=626dfed5fa3bfb41e0dffd796032b555b69f9cde kpatch-name: rhel9/5.14.0-427.37.1.el9_4/CVE-2024-26739-net-sched-act_mirred-Create-function-tcf_mirred_to_.patch kpatch-description: net/sched: act_mirred: Create function tcf_mirred_to_dev and improve readability kpatch-kernel: 5.14.0-427.37.1.el9_4 kpatch-cve: CVE-2024-26739 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26739 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=16085e48cb48aeb50a1178dc276747749910b0f2 kpatch-name: rhel9/5.14.0-427.37.1.el9_4/CVE-2024-26739-net-sched-act-mirred-don-t-override-retval-if-we-already-lost-the-skb.patch kpatch-description: net/sched: act_mirred: don't override retval if we already lost the skb kpatch-kernel: 5.14.0-427.37.1.el9_4 kpatch-cve: CVE-2024-26739 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26739 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=166c2c8a6a4dc2e4ceba9e10cfe81c3e469e3210 kpatch-name: rhel9/5.14.0-427.40.1.el9_4/CVE-2024-36978-net-sched-sch-multiq-fix-possible-oob-write-in-multiq-tune.patch kpatch-description: net: sched: sch_multiq: fix possible OOB write in multiq_tune() kpatch-kernel: 5.14.0-427.40.1.el9_4 kpatch-cve: CVE-2024-36978 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-36978 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=affc18fdc694190ca7575b9a86632a73b9fe043d kpatch-name: rhel9/5.14.0-427.40.1.el9_4/CVE-2024-42284-tipc-return-non-zero-value-from-tipc-udp-addr2str-on-error.patch kpatch-description: tipc: Return non-zero value from tipc_udp_addr2str() on error kpatch-kernel: 5.14.0-427.40.1.el9_4 kpatch-cve: CVE-2024-42284 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-42284 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=fa96c6baef1b5385e2f0c0677b32b3839e716076 kpatch-name: rhel9/5.14.0-427.40.1.el9_4/CVE-2021-47385-hwmon-w83792d-fix-null-pointer-dereference-by-removing-unnecessary-structure-field.patch kpatch-description: hwmon: (w83792d) Fix NULL pointer dereference by removing unnecessary structure field kpatch-kernel: 5.14.0-427.40.1.el9_4 kpatch-cve: CVE-2021-47385 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2021-47385 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=0f36b88173f028e372668ae040ab1a496834d278 kpatch-name: rhel9/5.14.0-427.40.1.el9_4/CVE-2021-47385-hwmon-w83792d-fix-null-pointer-dereference-by-removing-unnecessary-structure-field-kpatch.patch kpatch-description: hwmon: (w83792d) Fix NULL pointer dereference by removing unnecessary structure field kpatch-kernel: 5.14.0-427.40.1.el9_4 kpatch-cve: CVE-2021-47385 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2021-47385 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=0f36b88173f028e372668ae040ab1a496834d278 kpatch-name: rhel9/5.14.0-427.40.1.el9_4/CVE-2024-35989-dmaengine-idxd-fix-oops-during-rmmod-on-single-cpu-platforms.patch kpatch-description: dmaengine: idxd: Fix oops during rmmod on single-CPU platforms kpatch-kernel: 5.14.0-427.40.1.el9_4 kpatch-cve: CVE-2024-35989 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-35989 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=f221033f5c24659dc6ad7e5cf18fb1b075f4a8be kpatch-name: rhel9/5.14.0-427.40.1.el9_4/CVE-2024-40959-xfrm6-check-ip6-dst-idev-return-value-in-xfrm6-get-saddr.patch kpatch-description: xfrm6: check ip6_dst_idev() return value in xfrm6_get_saddr() kpatch-kernel: 5.14.0-427.40.1.el9_4 kpatch-cve: CVE-2024-40959 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-40959 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=d46401052c2d5614da8efea5788532f0401cb164 kpatch-name: rhel9/5.14.0-427.40.1.el9_4/CVE-2024-42079-gfs2-fix-null-pointer-dereference-in-gfs2-log-flush.patch kpatch-description: gfs2: Fix NULL pointer dereference in gfs2_log_flush kpatch-kernel: 5.14.0-427.40.1.el9_4 kpatch-cve: CVE-2024-42079 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-42079 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=35264909e9d1973ab9aaa2a1b07cda70f12bb828 kpatch-name: skipped/CVE-2023-28746.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2023-28746 kpatch-skip-reason: RFDS: Medium score vulnerability affecting only Intel Atom CPUs, mitigated via microcode update. kpatch-cvss: kpatch-name: rhel9/5.14.0-427.40.1.el9_4/CVE-2023-52658-revert-net-mlx5-block-entering-switchdev-mode-with-ns-inconsistency.patch kpatch-description: Revert "net/mlx5: Block entering switchdev mode with ns inconsistency" kpatch-kernel: 5.14.0-427.40.1.el9_4 kpatch-cve: CVE-2023-52658 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-52658 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=8deeefb24786ea7950b37bde4516b286c877db00 kpatch-name: rhel9/5.14.0-427.40.1.el9_4/CVE-2024-27403-netfilter-nft-flow-offload-reset-dst-in-route-object-after-setting-up-flow.patch kpatch-description: netfilter: nft_flow_offload: reset dst in route object after setting up flow kpatch-kernel: 5.14.0-427.40.1.el9_4 kpatch-cve: CVE-2024-27403 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-27403 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=9e0f0430389be7696396c62f037be4bf72cf93e3 kpatch-name: rhel9/5.14.0-427.40.1.el9_4/CVE-2024-36889-mptcp-ensure-snd-nxt-is-properly-initialized-on-connect.patch kpatch-description: mptcp: ensure snd_nxt is properly initialized on connect kpatch-kernel: 5.14.0-427.40.1.el9_4 kpatch-cve: CVE-2024-36889 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-36889 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=fb7a0d334894206ae35f023a82cad5a290fd7386 kpatch-name: rhel9/5.14.0-427.40.1.el9_4/CVE-2024-39483-kvm-svm-warn-on-vnmi-nmi-window-iff-nmis-are-outright-masked.patch kpatch-description: KVM: SVM: WARN on vNMI + NMI window iff NMIs are outright masked kpatch-kernel: 5.14.0-427.40.1.el9_4 kpatch-cve: CVE-2024-39483 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-39483 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=b4bd556467477420ee3a91fbcba73c579669edc6 kpatch-name: skipped/CVE-2024-39502.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-39502 kpatch-skip-reason: Patches a sleepable function, there is a small but non-zero risk of livepatching failure kpatch-cvss: kpatch-name: skipped/CVE-2024-42272.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-42272 kpatch-skip-reason: el9 kernels are not vulnerable: no versions with commit 88c67aeb1407 only. kpatch-cvss: kpatch-name: rhel9/5.14.0-427.40.1.el9_4/CVE-2024-38556-net-mlx5-add-a-timeout-to-acquire-the-command-queue-semaphore.patch kpatch-description: net/mlx5: Add a timeout to acquire the command queue semaphore kpatch-kernel: 5.14.0-427.40.1.el9_4 kpatch-cve: CVE-2024-38556 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/cve-2024-38556 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=485d65e1357123a697c591a5aeb773994b247ad7 kpatch-name: rhel9/5.14.0-427.40.1.el9_4/CVE-2024-38556-net-mlx5-add-a-timeout-to-acquire-the-command-queue-semaphore-kpatch.patch kpatch-description: net/mlx5: Add a timeout to acquire the command queue semaphore kpatch-kernel: 5.14.0-427.40.1.el9_4 kpatch-cve: CVE-2024-38556 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/cve-2024-38556 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=485d65e1357123a697c591a5aeb773994b247ad7 kpatch-name: rhel9/5.14.0-427.42.1.el9_4/CVE-2024-45018-netfilter-flowtable-initialise-extack-before-use.patch kpatch-description: netfilter: flowtable: initialise extack before use kpatch-kernel: 5.14.0-427.42.1.el9_4 kpatch-cve: CVE-2024-45018 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-45018 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=e9767137308daf906496613fd879808a07f006a2 kpatch-name: rhel9/5.14.0-427.42.1.el9_4/CVE-2024-41005-netpoll-fix-race-condition-in-netpoll-owner-active.patch kpatch-description: netpoll: Fix race condition in netpoll_owner_active kpatch-kernel: 5.14.0-427.42.1.el9_4 kpatch-cve: CVE-2024-41005 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-41005 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=c2e6a872bde9912f1a7579639c5ca3adf1003916 kpatch-name: rhel9/5.14.0-427.42.1.el9_4/CVE-2024-26923-af_unix-Fix-garbage-collector-racing-against-connec.patch kpatch-description: af_unix: Fix garbage collector racing against connect() kpatch-kernel: 5.14.0-427.42.1.el9_4 kpatch-cve: CVE-2024-26923 kpatch-cvss: 7.0 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26923 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=47d8ac011fe1c9251070e1bd64cb10b48193ec51 kpatch-name: rhel9/5.14.0-427.42.1.el9_4/CVE-2024-41013-xfs-don-t-walk-off-the-end-of-a-directory-data-block.patch kpatch-description: xfs: don't walk off the end of a directory data block kpatch-kernel: 5.14.0-427.42.1.el9_4 kpatch-cve: CVE-2024-41013 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-41013 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=0c7fcdb6d06cdf8b19b57c17605215b06afa864a kpatch-name: rhel9/5.14.0-427.42.1.el9_4/CVE-2024-41014-xfs-add-bounds-checking-to-xlog-recover-process-data.patch kpatch-description: xfs: add bounds checking to xlog_recover_process_data kpatch-kernel: 5.14.0-427.42.1.el9_4 kpatch-cve: CVE-2024-41014 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-41014 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=fb63435b7c7dc112b1ae1baea5486e0a6e27b196 kpatch-name: rhel9/5.14.0-427.42.1.el9_4/CVE-2024-40995-net-sched-act-api-fix-possible-infinite-loop-in-tcf-idr-check-alloc.patch kpatch-description: net/sched: act_api: fix possible infinite loop in tcf_idr_check_alloc() kpatch-kernel: 5.14.0-427.42.1.el9_4 kpatch-cve: CVE-2024-40995 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-40995 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=d864319871b05fadd153e0aede4811ca7008f5d6 kpatch-name: rhel9/5.14.0-427.42.1.el9_4/CVE-2024-40960-ipv6-prevent-possible-null-dereference-in-rt6-probe.patch kpatch-description: ipv6: prevent possible NULL dereference in rt6_probe() kpatch-kernel: 5.14.0-427.42.1.el9_4 kpatch-cve: CVE-2024-40960 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-40960 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=b86762dbe19a62e785c189f313cda5b989931f37 kpatch-name: rhel9/5.14.0-427.42.1.el9_4/CVE-2024-40972-ext4-fold-quota-accounting-into-ext4-xattr-inode-lookup-create.patch kpatch-description: ext4: fold quota accounting into ext4_xattr_inode_lookup_create() kpatch-kernel: 5.14.0-427.42.1.el9_4 kpatch-cve: CVE-2024-40972 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-40972 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=0a46ef234756dca04623b7591e8ebb3440622f0b kpatch-name: rhel9/5.14.0-427.42.1.el9_4/CVE-2024-40972-ext4-do-not-create-ea-inode-under-buffer-lock.patch kpatch-description: ext4: do not create EA inode under buffer lock kpatch-kernel: 5.14.0-427.42.1.el9_4 kpatch-cve: CVE-2024-40972 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-40972 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=0a46ef234756dca04623b7591e8ebb3440622f0b kpatch-name: rhel9/5.14.0-427.42.1.el9_4/CVE-2024-40998-ext4-turn-quotas-off-if-mount-failed-after-enabling-quotas.patch kpatch-description: ext4: turn quotas off if mount failed after enabling quotas kpatch-kernel: 5.14.0-427.42.1.el9_4 kpatch-cve: CVE-2024-40998 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-40998 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=b4b4fda34e535756f9e774fb2d09c4537b7dfd1c kpatch-name: rhel9/5.14.0-427.42.1.el9_4/CVE-2024-40998-ext4-fix-uninitialized-ratelimit-state-lock-access-in-ext4-fill-super.patch kpatch-description: ext4: fix uninitialized ratelimit_state->lock access in __ext4_fill_super() kpatch-kernel: 5.14.0-427.42.1.el9_4 kpatch-cve: CVE-2024-40998 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-40998 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=b4b4fda34e535756f9e774fb2d09c4537b7dfd1c kpatch-name: rhel9/5.14.0-427.42.1.el9_4/CVE-2024-40977-wifi-mt76-mt7921s-fix-potential-hung-tasks-during-chip-recovery.patch kpatch-description: wifi: mt76: mt7921s: fix potential hung tasks during chip recovery kpatch-kernel: 5.14.0-427.42.1.el9_4 kpatch-cve: CVE-2024-40977 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-40977 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=ecf0b2b8a37c8464186620bef37812a117ff6366 kpatch-name: rhel9/5.14.0-427.42.1.el9_4/CVE-2021-47383-tty-fix-out-of-bound-vmalloc-access-in-imageblit.patch kpatch-description: tty: Fix out-of-bound vmalloc access in imageblit kpatch-kernel: 5.14.0-427.42.1.el9_4 kpatch-cve: CVE-2021-47383 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2021-47383 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=3b0c406124719b625b1aba431659f5cdc24a982c kpatch-name: rhel9/5.14.0-427.42.1.el9_4/CVE-2024-26640-tcp-add-sanity-checks-to-rx-zerocopy.patch kpatch-description: tcp: add sanity checks to rx zerocopy kpatch-kernel: 5.14.0-427.42.1.el9_4 kpatch-cve: CVE-2024-26640 kpatch-cvss: 5.5 kpatch-cve-url: https://www.cve.org/CVERecord?id=CVE-CVE-2024-26640 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=577e4432f3ac810049cb7e6b71f4d96ec7c6e894 kpatch-name: rhel9/5.14.0-427.42.1.el9_4/CVE-2024-26826-mptcp-fix-data-re-injection-from-stale-subflow.patch kpatch-description: mptcp: fix data re-injection from stale subflow kpatch-kernel: 5.14.0-427.42.1.el9_4 kpatch-cve: CVE-2024-26826 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26826 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=b6c620dc43ccb4e802894e54b651cf81495e9598 kpatch-name: rhel9/5.14.0-427.42.1.el9_4/CVE-2024-26935-scsi-core-fix-unremoved-procfs-host-directory-regression.patch kpatch-description: scsi: core: Fix unremoved procfs host directory regression kpatch-kernel: 5.14.0-427.42.1.el9_4 kpatch-cve: CVE-2024-26935 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26935 kpatch-patch-url: https://github.com/torvalds/linux/commit/f23a4d6e07570826fe95023ca1aa96a011fa9f84 kpatch-name: rhel9/5.14.0-427.42.1.el9_4/CVE-2024-26961-mac802154-fix-llsec-key-resources-release-in_new.patch kpatch-description: mac802154: fix llsec key resources release in mac802154_llsec_key_del kpatch-kernel: 5.14.0-427.42.1.el9_4 kpatch-cve: CVE-2024-26961 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26961 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=e8a1e58345cf40b7b272e08ac7b32328b2543e40 kpatch-name: rhel9/5.14.0-427.42.1.el9_4/CVE-2024-26961-mac802154-fix-llsec-key-resources-release-in_new-kpatch.patch kpatch-description: mac802154: fix llsec key resources release in mac802154_llsec_key_del kpatch-kernel: 5.14.0-427.42.1.el9_4 kpatch-cve: CVE-2024-26961 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26961 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=e8a1e58345cf40b7b272e08ac7b32328b2543e40 kpatch-name: rhel9/5.14.0-427.42.1.el9_4/CVE-2024-36244-net-sched-taprio-extend-minimum-interval-restriction-to-entire.patch kpatch-description: net/sched: taprio: extend minimum interval restriction to entire cycle too kpatch-kernel: 5.14.0-427.42.1.el9_4 kpatch-cve: CVE-2024-36244 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-36244 kpatch-patch-url: https://github.com/torvalds/linux/commit/fb66df20a7201e60f2b13d7f95d031b31a8831d3 kpatch-name: rhel9/5.14.0-427.42.1.el9_4/CVE-2024-39472-xfs-fix-log-recovery-buffer-allocation-for-the-lega.patch kpatch-description: xfs: fix log recovery buffer allocation for the kpatch-kernel: 5.14.0-427.42.1.el9_4 kpatch-cve: CVE-2024-39472 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-39472 kpatch-patch-url: https://github.com/torvalds/linux/commit/45cf976008ddef4a9c9a30310c9b4fb2a9a6602a kpatch-name: rhel9/5.14.0-427.42.1.el9_4/CVE-2024-39504-netfilter-nft_inner-validate-mandatory-meta.patch kpatch-description: netfilter: nft_inner: validate mandatory meta and payload kpatch-kernel: 5.14.0-427.42.1.el9_4 kpatch-cve: CVE-2024-39504 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-39504 kpatch-patch-url: https://github.com/torvalds/linux/commit/c4ab9da85b9df3692f861512fe6c9812f38b7471 kpatch-name: rhel9/5.14.0-427.42.1.el9_4/CVE-2024-39504-netfilter-nft_inner-validate-mandatory-payload.patch kpatch-description: netfilter: nft_inner: validate mandatory meta and payload kpatch-kernel: 5.14.0-427.42.1.el9_4 kpatch-cve: CVE-2024-39504 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-39504 kpatch-patch-url: https://github.com/torvalds/linux/commit/c4ab9da85b9df3692f861512fe6c9812f38b7471 kpatch-name: rhel9/5.14.0-427.42.1.el9_4/CVE-2024-40904-usb-class-cdc-wdm-fix-cpu-lockup-caused-by-excessive-log-messages.patch kpatch-description: USB: class: cdc-wdm: Fix CPU lockup caused by excessive log messages kpatch-kernel: 5.14.0-427.42.1.el9_4 kpatch-cve: CVE-2024-40904 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-40904 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=22f00812862564b314784167a89f27b444f82a46 kpatch-name: rhel9/5.14.0-427.42.1.el9_4/CVE-2024-40931-mptcp-ensure-snd_una-is-properly-initialized-on-con.patch kpatch-description: mptcp: ensure snd_una is properly initialized on connect kpatch-kernel: 5.14.0-427.42.1.el9_4 kpatch-cve: CVE-2024-40931 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-40931 kpatch-patch-url: https://github.com/torvalds/linux/commit/8031b58c3a9b1db3ef68b3bd749fbee2e1e1aaa3 kpatch-name: rhel9/5.14.0-427.42.1.el9_4/kpatch-add-alt-asm-definitions.patch kpatch-description: kpatch add alt asm definitions kpatch-kernel: N/A kpatch-cve: N/A kpatch-cvss: N/A kpatch-cve-url: https://www.kernel.org kpatch-patch-url: https://www.kernel.org kpatch-name: rhel9/5.14.0-427.42.1.el9_4/CVE-2024-2201-x86-bugs-Change-commas-to-semicolons-in-spectre_v2-sysfs-file.patch kpatch-description: x86/bugs: Change commas to semicolons in 'spectre_v2' sysfs file kpatch-kernel: 5.14.0-427.42.1.el9_4 kpatch-cve: CVE-2024-2201 kpatch-cvss: 4.7 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-2201 kpatch-patch-url: https://git.kernel.org/linus/0cd01ac5dcb1e18eb18df0f0d05b5de76522a437 kpatch-name: rhel9/5.14.0-427.42.1.el9_4/CVE-2024-2201-x86-bhi-Add-support-for-clearing-branch-history-at-syscall-entry.patch kpatch-description: x86/bugs: x86/bhi: Add support for clearing branch history at syscall entry kpatch-kernel: 5.14.0-427.42.1.el9_4 kpatch-cve: CVE-2024-2201 kpatch-cvss: 4.7 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-2201 kpatch-patch-url: https://git.kernel.org/linus/7390db8aea0d64e9deb28b8e1ce716f5020c7ee5 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2023-52560-mm-damon-vaddr-test-fix-memory-leak-in-damon_do_test_apply_three_regions.patch kpatch-description: PCI: Avoid potential out-of-bounds read in pci_dev_for_each_resource() kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2023-52560 kpatch-cvss: 3.3 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-52560 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=45120b15743fa7c0aa53d5db6dfb4c8f87be4abd kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26631-ipv6-mcast-fix-data-race-in-ipv6_mc_down-mld_ifc_work.patch kpatch-description: ipv6: mcast: fix data-race in ipv6_mc_down / mld_ifc_work kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26631 kpatch-cvss: 2.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26631 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=2e7ef287f07c74985f1bf2858bedc62bd9ebf155 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2023-52758-string.h-add-array-wrappers-for-v-memdup_user.patch kpatch-description: string.h: add array-wrappers for (v)memdup_user() kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2023-52758 kpatch-cvss: 4.4 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-52758 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=cc9c54232f04aef3a5d7f64a0ece7df00f1aaa3d kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2023-52758-i2c-dev-copy-userspace-array-safely.patch kpatch-description: i2c: dev: copy userspace array safely kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2023-52758 kpatch-cvss: 4.4 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-52758 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=cc9c54232f04aef3a5d7f64a0ece7df00f1aaa3d kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-35923-io-uring-clear-opcode-specific-data-for-an-early-failure.patch kpatch-description: io_uring: clear opcode specific data for an early failure kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-35923 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-35923 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=e21e1c45e1fe2e31732f40256b49c04e76a17cee kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2023-52565-media-uvcvideo-fix-oob-read.patch kpatch-description: media: uvcvideo: Fix OOB read kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2023-52565 kpatch-cvss: 7.1 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-52565 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=41ebaa5e0eebea4c3bac96b72f9f8ae0d77c0bdb kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2023-52466-pci-avoid-potential-out-of-bounds-read-in-pci-dev-for-each-resource.patch kpatch-description: PCI: Avoid potential out-of-bounds read in pci_dev_for_each_resource() kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2023-52466 kpatch-cvss: 4.4 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-52466 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=3171e46d677a668eed3086da78671f1e4f5b8405 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26611-xsk-fix-usage-of-multi-buffer-bpf-helpers-for-zc-xdp.patch kpatch-description: xsk: fix usage of multi-buffer BPF helpers for ZC XDP kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26611 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26611 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=c5114710c8ce86b8317e9b448f4fd15c711c2a82 kpatch-name: skipped/CVE-2024-36930.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-36930 kpatch-skip-reason: function can sleep with no time out kpatch-cvss: kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-36891-maple-tree-fix-mas-empty-area-rev-null-pointer-dereference.patch kpatch-description: maple_tree: fix mas_empty_area_rev() null pointer dereference kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-36891 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-36891 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=955a923d2809803980ff574270f81510112be9cf kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-36927-ipv4-fix-uninit-value-access-in-ip-make-skb.patch kpatch-description: ipv4: Fix uninit-value access in __ip_make_skb() kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-36927 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-36927 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=fc1092f51567277509563800a3c56732070b6aa4 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-36901-ipv6-prevent-null-dereference-in-ip6-output.patch kpatch-description: ipv6: prevent NULL dereference in ip6_output() kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-36901 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-36901 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=4db783d68b9b39a411a96096c10828ff5dfada7a kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-36917-block-fix-overflow-in-blk_ioctl_discard.patch kpatch-description: block: fix overflow in blk_ioctl_discard() kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-36917 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-36917 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=22d24a544b0d49bbcbd61c8c0eaf77d3c9297155 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-36933-nsh-restore-skb-protocol-data-mac-header-for-outer-header-in-nsh-gso-segment.patch kpatch-description: nsh: Restore skb->{protocol,data,mac_header} for outer header in nsh_gso_segment(). kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-36933 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-36933 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=4b911a9690d72641879ea6d13cce1de31d346d79 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-36902-ipv6-fib6_rules-avoid-possible-NULL-dereference-in-fib6_rule_action.patch kpatch-description: ipv6: fib6_rules: avoid possible NULL dereference in fib6_rule_action() kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-36902 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-36902 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=d101291b2681e5ab938554e3e323f7a7ee33e3aa kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26612-netfs-fscache-prevent-oops-in-fscache-put-cache.patch kpatch-description: netfs, fscache: Prevent Oops in fscache_put_cache() kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26612 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26612 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=3be0b3ed1d76c6703b9ee482b55f7e01c369cc68 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26601-ext4-regenerate-buddy-after-block-freeing-failed-if-under-fc-replay.patch kpatch-description: ext4: regenerate buddy after block freeing failed if under fc replay kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26601 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26601 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=c9b528c35795b711331ed36dc3dbee90d5812d4e kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2021-47384-hwmon-w83793-Fix-NULL-pointer-dereference-by-removing-unnecessary-structure-field.patch kpatch-description: hwmon: (w83793) Fix NULL pointer dereference by removing unnecessary structure field kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2021-47384 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2021-47384 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=dd4d747ef05addab887dc8ff0d6ab9860bbcd783 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2021-47384-hwmon-w83793-Fix-NULL-pointer-dereference-by-removing-unnecessary-structure-field-kpatch.patch kpatch-description: hwmon: (w83793) Fix NULL pointer dereference by removing unnecessary structure field kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2021-47384 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2021-47384 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=dd4d747ef05addab887dc8ff0d6ab9860bbcd783 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-0340-vhost-use-kzalloc-instead-of-kmalloc-followed-by-memset.patch kpatch-description: vhost: use kzalloc() instead of kmalloc() followed by memset() kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-0340 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-0340 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=4d8df0f5f79f747d75a7d356d9b9ea40a4e4c8a9 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-1151-net-openvswitch-limit-the-number-of-recursions-from-action-sets.patch kpatch-description: net: openvswitch: limit the number of recursions from action sets kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-1151 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-1151 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=6e2f90d31fe09f2b852de25125ca875aabd81367 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-25739-ubi-Check-for-too-small-LEB-size-in-VTBL-code.patch kpatch-description: ubi: Check for too small LEB size in VTBL code kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-25739 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-25739 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=68a24aba7c593eafa8fd00f2f76407b9b32b47a9 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26591-bpf-fix-re-attachment-branch-in-bpf-tracing-prog-attach.patch kpatch-description: bpf: Fix re-attachment branch in bpf_tracing_prog_attach kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26591 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26591 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=715d82ba636cb3629a6e18a33bb9dbe53f9936ee kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26603-x86-fpu-stop-relying-on-userspace-for-info-to-fault-in-xsave-buffer.patch kpatch-description: x86/fpu: Stop relying on userspace for info to fault in xsave buffer kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26603 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26603 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=d877550eaf2dc9090d782864c96939397a3c6835 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26614-tcp-make-sure-init-the-accept-queue-s-spinlocks-once.patch kpatch-description: tcp: make sure init the accept_queue's spinlocks once kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26614 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26614 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=198bc90e0e734e5f98c3d2833e8390cac3df61b2 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26614-ipv6-init-the-accept_queue-spinlocks-in-inet6_create.patch kpatch-description: ipv6: init the accept_queue's spinlocks in inet6_create kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26614 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26614 kpatch-patch-url: https://github.com/torvalds/linux/commit/435e202d645c197dcfd39d7372eb2a56529b6640 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-23848-media-cec-core-avoid-recursive-cec_claim_log_addrs.patch kpatch-description: media: cec: core: avoid recursive cec_claim_log_addrs kpatch kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-23848 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-23848 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=47c82aac10a6954d68f29f10d9758d016e8e5af1 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-23848-media-cec-core-avoid-recursive-cec_claim_log_addrs-kpatch.patch kpatch-description: media: cec: core: avoid recursive cec_claim_log_addrs kpatch kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-23848 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-23848 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=47c82aac10a6954d68f29f10d9758d016e8e5af1 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2019-25162-i2c__Fix_a_potential_use_after_free.patch kpatch-description: i2c: Fix a potential use after free kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2019-25162 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2019-25162 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=e4c72c06c367758a14f227c847f9d623f1994ecf kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2022-48672-of-fdt-fix-off-by-one-error-in-unflatten-dt-nodes.patch kpatch-description: of: fdt: fix off-by-one error in unflatten_dt_nodes() kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2022-48672 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2022-48672 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=2f945a792f67815abca26fa8a5e863ccf3fa1181 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2023-52445-media-pvrusb2-fix-use-after-free-on-context-disconnection.patch kpatch-description: media: pvrusb2: fix use after free on context disconnection kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2023-52445 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-52445 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=ded85b0c0edd8f45fec88783d7555a5b982449c1 kpatch-name: skipped/CVE-2023-52451.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2023-52451 kpatch-skip-reason: Out of scope as the patch is for powerpc arch only, x86_64 is not affected kpatch-cvss: kpatch-name: skipped/CVE-2024-36932.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-36932 kpatch-skip-reason: Kernel versions older than 5.14.0-503.11.1.el9_5 are not affected kpatch-cvss: kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2023-52464-edac-thunderx-fix-possible-out-of-bounds-string-access.patch kpatch-description: EDAC/thunderx: Fix possible out-of-bounds string access kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2023-52464 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-52464 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=475c58e1a471e9b873e3e39958c64a2d278275c8 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26882-net-ip-tunnel-make-sure-to-pull-inner-header-in-ip-tunnel-rcv.patch kpatch-description: net: ip_tunnel: make sure to pull inner header in ip_tunnel_rcv() kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26882 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26882 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=b0ec2abf98267f14d032102551581c833b0659d3 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-23307-md-raid5-fix-atomicity-violation-in-raid5_cache_count.patch kpatch-description: md/raid5: fix atomicity violation in raid5_cache_count kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-23307 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-23307 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=dfd2bf436709b2bccb78c2dda550dde93700efa7 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26589-bpf-reject-variable-offset-alu-on-ptr-to-flow-keys.patch kpatch-description: bpf: Reject variable offset alu on PTR_TO_FLOW_KEYS kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26589 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26589 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=22c7fa171a02d310e3a3f6ed46a698ca8a0060ed kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26907-rdma-mlx5-fix-fortify-source-warning-while-accessing-eth-segment.patch kpatch-description: RDMA/mlx5: Fix fortify source warning while accessing Eth segment kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26907 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26907 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=4d5e86a56615cc387d21c629f9af8fb0e958d350 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2021-47386-hwmon___w83791d__Fix_NULL_pointer_dereference_by_r.patch kpatch-description: hwmon: (w83791d) Fix NULL pointer dereference by removing unnecessary structure field kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2021-47386 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2021-47386 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=943c15ac1b84d378da26bba41c83c67e16499ac4 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-35801-x86-fpu-keep-xfd-state-in-sync-with-msr-ia32-xfd.patch kpatch-description: x86/fpu: Keep xfd_state in sync with MSR_IA32_XFD kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-35801 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-35801 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=10e4b5166df9ff7a2d5316138ca668b42d004422 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-35801-x86-fpu-keep-xfd-state-in-sync-with-msr-ia32-xfd-kpatch.patch kpatch-description: x86/fpu: Keep xfd_state in sync with MSR_IA32_XFD kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-35801 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-35801 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=10e4b5166df9ff7a2d5316138ca668b42d004422 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-38627-stm-class-fix-a-double-free-in-stm-register-device.patch kpatch-description: stm class: Fix a double free in stm_register_device() kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-38627 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-38627 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=3df463865ba42b8f88a590326f4c9ea17a1ce459 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-38555-net-mlx5-discard-command-completions-in-internal-error.patch kpatch-description: net/mlx5: Discard command completions in internal error kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-38555 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-38555 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=db9b31aa9bc56ff0d15b78f7e827d61c4a096e40 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26934-usb-core-fix-deadlock-in-usb-deauthorize-interface.patch kpatch-description: USB: core: Fix deadlock in usb_deauthorize_interface() kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26934 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26934 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=80ba43e9f799cbdd83842fc27db667289b3150f5 kpatch-name: skipped/CVE-2024-39291.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-39291 kpatch-skip-reason: Out of scope: not affected kpatch-cvss: kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-38581-drm-amdgpu-mes-fix-use-after-free-issue.patch kpatch-description: drm/amdgpu/mes: fix use-after-free issue kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-38581 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-38581 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=948255282074d9367e01908b3f5dcf8c10fc9c3d kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-40903-usb-typec-tcpm-fix-use-after-free-case-in-tcpm-register-source-caps.patch kpatch-description: usb: typec: tcpm: fix use-after-free case in tcpm_register_source_caps kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-40903 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-40903 kpatch-patch-url: https://github.com/torvalds/linux/commit/e7e921918d905544500ca7a95889f898121ba886 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26933-01-USB-core-Add-hub_get-and-hub_put-routines.patch kpatch-description: USB: core: Fix deadlock in port "disable" sysfs attribute kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26933 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26933 kpatch-patch-url: https://github.com/torvalds/linux/commit/ee113b860aa169e9a4d2c167c95d0f1961c6e1b8 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26933-02-usb-core-fix-deadlock-in-port-disable-sysfs-attribute.patch kpatch-description: USB: core: Fix deadlock in port "disable" sysfs attribute kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26933 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26933 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=f4d1960764d8a70318b02f15203a1be2b2554ca1 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-39479-drm-i915-hwmon-get-rid-of-devm.patch kpatch-description: USB: core: Fix deadlock in port "disable" sysfs attribute kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-39479 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-39479 kpatch-patch-url: https://github.com/torvalds/linux/commit/5bc9de065b8bb9b8dd8799ecb4592d0403b54281 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-40906-net-mlx5-always-stop-health-timer-during-driver-removal.patch kpatch-description: net/mlx5: Always stop health timer during driver removal kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-40906 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-40906 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=c8b3f38d2dae0397944814d691a419c451f9906f kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-41039-firmware-cs-dsp-fix-overflow-checking-of-wmfw-header.patch kpatch-description: firmware: cs_dsp: Fix overflow checking of wmfw header kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-41039 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-41039 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=3019b86bce16fbb5bc1964f3544d0ce7d0137278 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-41039-firmware-cs-dsp-fix-overflow-checking-of-wmfw-header-kpatch.patch kpatch-description: firmware: cs_dsp: Fix overflow checking of wmfw header (adaptation) kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-41039 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-41039 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=3019b86bce16fbb5bc1964f3544d0ce7d0137278 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-41049-filelock-fix-potential-use-after-free-in-posix-lock-inode.patch kpatch-description: filelock: fix potential use-after-free in posix_lock_inode kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-41049 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-41049 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=1b3ec4f7c03d4b07bad70697d7e2f4088d2cfe92 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-41092-drm-i915-gt-fix-potential-uaf-by-revoke-of-fence-registers.patch kpatch-description: drm/i915/gt: Fix potential UAF by revoke of fence registers kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-41092 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-41092 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=996c3412a06578e9d779a16b9e79ace18125ab50 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-42159-scsi-mpi3mr-sanitise-num-phys.patch kpatch-description: scsi: mpi3mr: Sanitise num_phys kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-42159 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-42159 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=3668651def2c1622904e58b0280ee93121f2b10b kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-42228-drm-amdgpu-using-uninitialized-value-size-when-calling-amdgpu-vce-cs-reloc.patch kpatch-description: drm/amdgpu: Using uninitialized value *size when calling amdgpu_vce_cs_reloc kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-42228 kpatch-cvss: 7.0 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-42228 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=88a9a467c548d0b3c7761b4fd54a68e70f9c0944 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-42271-net-iucv-fix-use-after-free-in-iucv-sock-close.patch kpatch-description: net/iucv: fix use after free in iucv_sock_close() kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-42271 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-42271 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=f558120cd709682b739207b48cf7479fd9568431 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-42301-dev-parport-fix-the-array-out-of-bounds-risk.patch kpatch-description: dev/parport: fix the array out-of-bounds risk kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-42301 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-42301 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=ab11dac93d2d568d151b1918d7b84c2d02bacbd5 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-43842-wifi-rtw89-fix-array-index-mistake-in-rtw89-sta-info-get-iter.patch kpatch-description: wifi: rtw89: Fix array index mistake in rtw89_sta_info_get_iter() kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-43842 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-43842 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=85099c7ce4f9e64c66aa397cd9a37473637ab891 kpatch-name: skipped/CVE-2023-52606.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2023-52606 kpatch-skip-reason: CVE patch is for powerpc arch only kpatch-cvss: kpatch-name: skipped/CVE-2023-52696.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2023-52696 kpatch-skip-reason: CVE patch is for powerpc arch only kpatch-cvss: kpatch-name: skipped/CVE-2024-26672.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-26672 kpatch-skip-reason: Out of scope: not affected kpatch-cvss: kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26815-net-sched-taprio-proper-TCA_TAPRIO_TC_ENTRY_INDEX-check.patch kpatch-description: net/sched: taprio: proper TCA_TAPRIO_TC_ENTRY_INDEX check kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26815 kpatch-cvss: 7.1 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26815 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=343041b59b7810f9cdca371f445dd43b35c740b1 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26815-net-sched-taprio-proper-TCA_TAPRIO_TC_ENTRY_INDEX-check-kpatch.patch kpatch-description: net/sched: taprio: proper TCA_TAPRIO_TC_ENTRY_INDEX check kpatch kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26815 kpatch-cvss: 7.1 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26815 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=343041b59b7810f9cdca371f445dd43b35c740b1 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-35814-minmax-add-umin-a-b-and-umax-a-b.patch kpatch-description: minmax: add umin(a, b) and umax(a, b) kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-35814 kpatch-cvss: 7.1 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-35814 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=80fcac55385ccb710d33a20dc1caaef29bd5a921 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-35814-swiotlb-fix-double-allocation-of-slots-due-to-broken-alignment-handling.patch kpatch-description: swiotlb: Fix double-allocation of slots due to broken alignment handling kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-35814 kpatch-cvss: 7.1 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-35814 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=04867a7a33324c9c562ee7949dbcaab7aaad1fb4 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-36030-octeontx2-af-fix-the-double-free-in-rvu-npc-freemem.patch kpatch-description: octeontx2-af: fix the double free in rvu_npc_freemem() kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-36030 kpatch-cvss: 7.1 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-36030 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=6e965eba43e9724f3e603d7b7cc83e53b23d155e kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-36955-alsa-hda-intel-sdw-acpi-fix-usage-of-device-get-named-child-node.patch kpatch-description: ALSA: hda: intel-sdw-acpi: fix usage of device_get_named_child_node() kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-36955 kpatch-cvss: 7.7 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-36955 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=c158cf914713efc3bcdc25680c7156c48c12ef6a kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-39471-drm-amdgpu-add-error-handle-to-avoid-out-of-bounds.patch kpatch-description: drm/amdgpu: add error handle to avoid out-of-bounds kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-39471 kpatch-cvss: 7.1 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-39471 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=8b2faf1a4f3b6c748c0da36cda865a226534d520 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-39471-drm-amdgpu-fix-signedness-bug-in-sdma_v4_0_process_trap_irq.patch kpatch-description: drm/amdgpu: Fix signedness bug in sdma_v4_0_process_trap_irq() kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-39471 kpatch-cvss: 7.1 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-39471 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=6769a23697f17f9bf9365ca8ed62fe37e361a05a kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-39486-drm-drm_file-fix-pid-refcounting-race.patch kpatch-description: drm/drm_file: Fix pid refcounting race kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-39486 kpatch-cvss: 7.0 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-39486 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=4f2a129b33a2054e62273edd5a051c34c08d96e9 kpatch-name: skipped/CVE-2024-43888.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-43888 kpatch-skip-reason: Out of scope: not affected kpatch-cvss: kpatch-name: skipped/CVE-2021-47428.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2021-47428 kpatch-skip-reason: CVE patch is for powerpc arch only kpatch-cvss: kpatch-name: skipped/CVE-2021-47429.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2021-47429 kpatch-skip-reason: CVE patch is for powerpc arch only kpatch-cvss: kpatch-name: skipped/CVE-2021-47454.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2021-47454 kpatch-skip-reason: CVE patch is for powerpc arch only kpatch-cvss: kpatch-name: skipped/CVE-2022-48669.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2022-48669 kpatch-skip-reason: Out of scope as the patch is for powerpc arch only, x86_64 is not affected kpatch-cvss: kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2021-47432-include-linux-generic-radix-tree-h-replace-kernel-h-with-the-necessary-inclusions.patch kpatch-description: include/linux/generic-radix-tree.h: replace kernel.h with the necessary inclusions kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2021-47432 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2021-47432 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=9492261ff2460252cf2d8de89cdf854c7e2b28a0 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2021-47432-lib-generic-radix-tree-c-don-t-overflow-in-peek.patch kpatch-description: lib/generic-radix-tree.c: Don't overflow in peek() kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2021-47432 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2021-47432 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=9492261ff2460252cf2d8de89cdf854c7e2b28a0 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2021-47457-can-isotp-isotp-sendmsg-add-result-check-for-wait-event-interruptible.patch kpatch-description: can: isotp: isotp_sendmsg(): add result check for wait_event_interruptible() kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2021-47457 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2021-47457 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=9acf636215a6ce9362fe618e7da4913b8bfe84c8 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2021-47457-can-isotp-isotp_sendmsg-fix-TX-buffer-concurrent-access.patch kpatch-description: can: isotp: isotp_sendmsg(): fix TX buffer concurrent access in isotp_sendmsg() kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2021-47457 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2021-47457 kpatch-patch-url: https://github.com/torvalds/linux/commit/43a08c3bdac4cb42eff8fe5e2278bffe0c5c3daa kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2021-47457-kpatch.patch kpatch-description: can: isotp: isotp_sendmsg(): fix TX buffer concurrent access in isotp_sendmsg() kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2021-47457 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2021-47457 kpatch-patch-url: https://github.com/torvalds/linux/commit/43a08c3bdac4cb42eff8fe5e2278bffe0c5c3daa kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2021-47457-can-isotp-fix-error-path-in-isotp_sendmsg-to-unlock-wait-queue.patch kpatch-description: can: isotp: fix error path in isotp_sendmsg() to unlock wait queue kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2021-47457 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2021-47457 kpatch-patch-url: https://github.com/torvalds/linux/commit/8375dfac4f683e1b2c5956d919d36aeedad46699 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2021-47495-usbnet-sanity-check-for-maxpacket.patch kpatch-description: usbnet: sanity check for maxpacket kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2021-47495 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2021-47495 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=397430b50a363d8b7bdda00522123f82df6adc5e kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2021-47497-nvmem-Fix-shift-out-of-bound-UBSAN-with-byte-size-cells.patch kpatch-description: nvmem: Fix shift-out-of-bound (UBSAN) with byte size cells kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2021-47497 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2021-47497 kpatch-patch-url: https://github.com/torvalds/linux/commit/5d388fa01fa6eb310ac023a363a6cb216d9d8fe9 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26618-arm64-sme-Always-exit-sme_alloc-early-with-existing-storage.patch kpatch-description: arm64/sme: Always exit sme_alloc() early with existing kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26618 kpatch-cvss: 6.0 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26618 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=dc7eb8755797ed41a0d1b5c0c39df3c8f401b3d9 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2021-47098-hwmon-lm90-prevent-integer-overflow-underflow-in-hysteresis-calculations.patch kpatch-description: hwmon: (lm90) Prevent integer overflow/underflow in hysteresis calculations kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2021-47098 kpatch-cvss: 6.0 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2021-47098 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=55840b9eae5367b5d5b29619dc2fb7e4596dba46 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2021-47101-asix-fix-uninit-value-in-asix_mdio_read.patch kpatch-description: asix: fix uninit-value in asix_mdio_read() kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2021-47101 kpatch-cvss: 6.0 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2021-47101 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=8035b1a2a37a29d8c717ef84fca8fe7278bc9f03 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26924-netfilter-nft-set-pipapo-do-not-free-live-element.patch kpatch-description: netfilter: nft_set_pipapo: do not free live element kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26924 kpatch-cvss: 5.9 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26924 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=3cfc9ec039af60dbd8965ae085b2c2ccdcfbe1cc kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26894-acpi-processor-idle-fix-memory-leak-in-acpi-processor-power-exit.patch kpatch-description: ACPI: processor_idle: Fix memory leak in acpi_processor_power_exit() kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26894 kpatch-cvss: 6.0 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26894 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=e18afcb7b2a12b635ac10081f943fcf84ddacc51 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2023-52834-atl1c-Work-around-the-DMA-RX-overflow-issue.patch kpatch-description: atl1c: Work around the DMA RX overflow issue kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2023-52834 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-52834 kpatch-patch-url: https://git.kernel.org/linus/86565682e9053e5deb128193ea9e88531bbae9cf kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2023-52834-atl1c-Work-around-the-DMA-RX-overflow-issue-kpatch.patch kpatch-description: atl1c: Work around the DMA RX overflow issue kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2023-52834 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-52834 kpatch-patch-url: https://git.kernel.org/linus/86565682e9053e5deb128193ea9e88531bbae9cf kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-41057-netfs-fscache-export-fscache_put_volume-and-add-fsca.patch kpatch-description: cachefiles: fix slab-use-after-free in cachefiles_withdraw_cookie() kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-41057 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-41057 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=85b08b31a22b481ec6528130daf94eee4452e23f kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-41057-cachefiles-fix-slab-use-after-free-in-cachefiles-withdraw-cookie.patch kpatch-description: cachefiles: fix slab-use-after-free in cachefiles_withdraw_cookie() kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-41057 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-41057 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=5d8f805789072ea7fd39504694b7bd17e5f751c4 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-41058-cachefiles-fix-slab-use-after-free-in-fscache-withdraw-volume.patch kpatch-description: cachefiles: fix slab-use-after-free in fscache_withdraw_volume() kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-41058 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-41058 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=522018a0de6b6fcce60c04f86dfc5f0e4b6a1b36 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-41058-cachefiles-fix-slab-use-after-free-in-fscache-withdraw-volume-kpatch.patch kpatch-description: cachefiles: fix slab-use-after-free in fscache_withdraw_volume() kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-41058 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-41058 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=522018a0de6b6fcce60c04f86dfc5f0e4b6a1b36 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26890-bluetooth-btrtl-fix-out-of-bounds-memory-access.patch kpatch-description: Bluetooth: btrtl: fix out of bounds memory access kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26890 kpatch-cvss: 6.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26890 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=de4e88ec58c4202efd1f02eebb4939bbf6945358 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26890-bluetooth-btrtl-fix-out-of-bounds-memory-access-kpatch.patch kpatch-description: Bluetooth: btrtl: fix out of bounds memory access kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26890 kpatch-cvss: 6.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26890 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=de4e88ec58c4202efd1f02eebb4939bbf6945358 kpatch-name: skipped/CVE-2023-52482.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2023-52482 kpatch-skip-reason: CVE patch is for AMD Inception vulnerability related to Speculative Return Stack Overflow (SRSO) kpatch-cvss: kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2023-52475-Input-powermate-fix-use-after-free-in-powermate_conf.patch kpatch-description: Input: powermate - fix use-after-free in powermate_config_complete kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2023-52475 kpatch-cvss: 6.7 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-52475 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=5c15c60e7be615f05a45cd905093a54b11f461bc kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-24857-bluetooth-fix-toctou-in-hci-debugfs-implementation.patch kpatch-description: Bluetooth: Fix TOCTOU in HCI debugfs implementation kpatch-kernel: 4.18.0-553.27.1.el8_10 kpatch-cve: CVE-2024-24857 CVE-2024-24858 CVE-2024-24859 kpatch-cvss: 6.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-24857 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-24858 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-24859 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=7835fcfd132eb88b87e8eb901f88436f63ab60f7 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-35976-xsk-validate-user-input-for-xdp-umem-completion-fill-ring.patch kpatch-description: xsk: validate user input for XDP_{UMEM|COMPLETION}_FILL_RING kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-35976 kpatch-cvss: 6.7 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-35976 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=237f3cf13b20db183d3706d997eedc3c49eacd44 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-35853-mlxsw-spectrum-acl-tcam-fix-memory-leak-during-rehash.patch kpatch-description: mlxsw: spectrum_acl_tcam: Fix memory leak during rehash kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-35853 kpatch-cvss: 6.4 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-35853 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=8ca3f7a7b61393804c46f170743c3b839df13977 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-41012-filelock-remove-locks-reliably-when-fcntl-close-race-is-detected.patch kpatch-description: filelock: Remove locks reliably when fcntl/close race is detected kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-41012 kpatch-cvss: 6.3 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-41012 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=3cad1bc010416c6dd780643476bc59ed742436b9 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-22099-bluetooth-rfcomm-fix-null-ptr-deref-in-rfcomm-check-security.patch kpatch-description: Bluetooth: rfcomm: Fix null-ptr-deref in rfcomm_check_security kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-22099 CVE-2024-26903 kpatch-cvss: 6.3 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-22099 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=2535b848fa0f42ddff3e5255cf5e742c9b77bb26 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-22099-Bluetooth-rfcomm-Fix-null-ptr-deref-in-rfcomm_check_security-kpatch.patch kpatch-description: Bluetooth: rfcomm: Fix null-ptr-deref in rfcomm_check_security kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-22099 CVE-2024-26903 kpatch-cvss: 6.3 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-22099 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=2535b848fa0f42ddff3e5255cf5e742c9b77bb26 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26759-mm-swap-fix-race-when-skipping-swapcache.patch kpatch-description: mm/swap: fix race when skipping swapcache kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26759 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26759 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=13ddaf26be324a7f951891ecd9ccd04466d27458 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26761-cxl-pci-Fix-disabling-memory-if-DVSEC-CXL-Range-does.patch kpatch-description: cxl/pci: Fix disabling memory if DVSEC CXL Range does not match a CFMWS window kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26761 kpatch-cvss: 5.5 kpatch-cve-url: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2024-26761 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=2cc1a530ab31c65b52daf3cb5d0883c8b614ea69 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26767-drm-amd-display-fixed-integer-types-and-null-check-l.patch kpatch-description: drm/amd/display: fixed integer types and null check locations kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26767 kpatch-cvss: 5.5 kpatch-cve-url: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2024-26767 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=0484e05d048b66d01d1f3c1d2306010bb57d8738 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26772-ext4-avoid-allocating-blocks-from-corrupted-group.patch kpatch-description: ext4: avoid allocating blocks from corrupted group kpatch-kernel: 4.18.0-553.16.1.el8_10 kpatch-cve: CVE-2024-26772 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26772 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=832698373a25950942c04a512daa652c18a9b513 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26774-ext4-avoid-dividing-by-0-in-mb-update-avg-fragment-size.patch kpatch-description: ext4: avoid dividing by 0 in mb_update_avg_fragment_size() kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26774 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26774 kpatch-patch-url: https://git.launchpad.net/~ubuntu-kernel/ubuntu/+source/linux/+git/jammy/commit/?id=d75e5980e9baa1593477425fd71bf3a05b6326e9 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26782-mptcp-fix-double-free-on-socket-dismantle.patch kpatch-description: mptcp: fix double-free on socket dismantle kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26782 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26782 kpatch-patch-url: https://git.launchpad.net/~ubuntu-kernel/ubuntu/+source/linux/+git/jammy/commit/?id=bddc3abf4b9a9c710e93f3674a8614fa2f4f84a4 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26785-iommufd-Fix-protection-fault-in-iommufd_test_syz_con.patch kpatch-description: iommufd: Fix protection fault in iommufd_test_syz_conv_iova kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26785 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26785 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=cf7c2789822db8b5efa34f5ebcf1621bc0008d48 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26786-iommufd-Fix-iopt_access_list_id-overwrite-bug.patch kpatch-description: iommufd: Fix iopt_access_list_id overwrite bug kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26786 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26786 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=aeb004c0cd6958e910123a1607634401009c9539 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26803-net-veth-clear-GRO-when-clearing-XDP-even-when-down.patch kpatch-description: net: veth: clear GRO when clearing XDP even when down MIME-Version: 1.0 kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26803 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26803 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=7985d73961bbb4e726c1be7b9cd26becc7be8325 kpatch-name: skipped/CVE-2023-52683.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2023-52683 kpatch-skip-reason: Out of scope: boot time issue kpatch-cvss: kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2023-52676-bpf-guard-stack-limits-against-32bit-overflow.patch kpatch-description: bpf: Guard stack limits against 32bit overflow kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2023-52676 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-52676 kpatch-patch-url: https://github.com/torvalds/linux/commit/1d38a9ee81570c4bd61f557832dead4d6f816760 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2023-52679-of-fix-double-free-in-of_parse_phandle_with_args_map.patch kpatch-description: of: Fix double free in of_parse_phandle_with_args_map kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2023-52679 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-52679 kpatch-patch-url: https://github.com/torvalds/linux/commit/4dde83569832f9377362e50f7748463340c5db6b kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2023-52674-ALSA-scarlett2-Add-clamp-in-scarlett2_mixer_ctl_put.patch kpatch-description: ALSA: scarlett2: Add clamp() in scarlett2_mixer_ctl_put() kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2023-52674 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-52674 kpatch-patch-url: https://github.com/torvalds/linux/commit/04f8f053252b86c7583895c962d66747ecdc61b7 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2023-52680-ALSA-scarlett2-Add-missing-error-checks-to-_ctl_get.patch kpatch-description: ALSA: scarlett2: Add missing error checks to *_ctl_get() kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2023-52680 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-52680 kpatch-patch-url: https://github.com/torvalds/linux/commit/50603a67daef161c78c814580d57f7f0be57167e kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2023-52659-x86-mm-ensure-input-to-pfn-to-kaddr-is-treated-as-a-64-bit.patch kpatch-description: x86/mm: Ensure input to pfn_to_kaddr() is treated as a 64-bit type kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2023-52659 kpatch-cvss: 6.7 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-52659 kpatch-patch-url: https://github.com/torvalds/linux/commit/8e5647a723c49d73b9f108a8bb38e8c29d3948ea kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2023-52664-net-atlantic-eliminate-double-free-in-error-handling-logic.patch kpatch-description: net: atlantic: eliminate double free in error handling logic kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2023-52664 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-52664 kpatch-patch-url: https://github.com/torvalds/linux/commit/b3cb7a830a24527877b0bc900b9bd74a96aea928 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2023-52662-drm-vmwgfx-fix-a-memleak-in-vmw_gmrid_man_get_node.patch kpatch-description: drm/vmwgfx: fix a memleak in vmw_gmrid_man_get_node kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2023-52662 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-52662 kpatch-patch-url: https://github.com/torvalds/linux/commit/89709105a6091948ffb6ec2427954cbfe45358ce kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2023-52663-asoc-sof-amd-fix-memory-leak-in-amd-sof-acp-probe.patch kpatch-description: ASoC: SOF: amd: Fix memory leak in amd_sof_acp_probe() kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2023-52663 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-52663 kpatch-patch-url: https://github.com/torvalds/linux/commit/222be59e5eed1554119294edc743ee548c2371d0 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2023-52661-01-drm-tegra-rgb-Fix-some-error-handling-paths-in-tegra_dc_rgb_probe.patch kpatch-description: drm/tegra: rgb: Fix some error handling paths in tegra_dc_rgb_probe() kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2023-52661 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-52661 kpatch-patch-url: https://github.com/torvalds/linux/commit/bc456b5d93dbfdbd89f2a036f4f3d8026595f9e4 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2023-52661-02-drm-tegra-rgb-fix-missing-clk-put-in-the-error-handling.patch kpatch-description: drm/tegra: rgb: Fix missing clk_put() in the error handling paths of tegra_dc_rgb_probe() kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2023-52661 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-52661 kpatch-patch-url: https://github.com/torvalds/linux/commit/45c8034db47842b25a3ab6139d71e13b4e67b9b3 kpatch-name: skipped/CVE-2024-26712.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-26712 kpatch-skip-reason: Do not support powerpc build with kasan sanitizer 4a7aee96200ad281a5cc4cf5c7a2e2a49d2b97b0 kpatch-cvss: kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26743-rdma-qedr-fix-qedr-create-user-qp-error-flow.patch kpatch-description: RDMA/qedr: Fix qedr_create_user_qp error flow kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26743 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26743 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=5ba4e6d5863c53e937f49932dee0ecb004c65928 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26717-hid-i2c-hid-of-fix-null-deref-on-failed-power-up.patch kpatch-description: HID: i2c-hid-of: fix NULL-deref on failed power up kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26717 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26717 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=00aab7dcb2267f2aef59447602f34501efe1a07f kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26717-hid-i2c-hid-of-fix-null-deref-on-failed-power-up-kpatch.patch kpatch-description: HID: i2c-hid-of: fix NULL-deref on failed power up kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26717 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26717 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=00aab7dcb2267f2aef59447602f34501efe1a07f kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26744-rdma-srpt-support-specifying-the-srpt-service-guid-kpatch.patch kpatch-description: RDMA/srpt: Support specifying the srpt_service_guid kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26744 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26744 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/patch/?id=fdfa083549de5d50ebf7f6811f33757781e838c0 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26733-arp-prevent-overflow-in-arp-req-get.patch kpatch-description: arp: Prevent overflow in arp_req_get(). kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26733 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26733 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=a7d6027790acea24446ddd6632d394096c0f4667 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26758-md-don-t-ignore-suspended-array-in-md-check-recovery.patch kpatch-description: md: Don't ignore suspended array in md_check_recovery() kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26758 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26758 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=1baae052cccd08daf9a9d64c3f959d8cdb689757 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26740-net-sched-act-mirred-use-the-backlog-for-mirred-ingress-427.35.patch kpatch-description: net/sched: act_mirred: use the backlog for mirred ingress kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26740 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26740 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=52f671db18823089a02f07efc04efdb2272ddc17 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26757-md-don-t-ignore-read-only-array-in-md-check-recovery.patch kpatch-description: md: Don't ignore read-only array in md_check_recovery() kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26757 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26757 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=55a48ad2db64737f7ffc0407634218cc6e4c513b kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2022-48804-vt-ioctl-fix-array-index-nospec-in-vt-setactivate.patch kpatch-description: vt_ioctl: fix array_index_nospec in vt_setactivate kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2022-48804 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2022-48804 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=61cc70d9e8ef5b042d4ed87994d20100ec8896d9 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2023-52473-thermal-core-fix-null-pointer-dereference-in-zone-registration-error-path.patch kpatch-description: thermal: core: Fix NULL pointer dereference in zone registration error path kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2023-52473 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-52473 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=04e6ccfc93c5a1aa1d75a537cf27e418895e20ea kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2023-52501-ring-buffer-do-not-attempt-to-read-past-commit.patch kpatch-description: ring-buffer: Do not attempt to read past "commit" kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2023-52501 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-52501 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=95a404bd60af6c4d9d8db01ad14fe8957ece31ca kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2022-48703-thermal-int340x-thermal-handle-data-vault-when-the-value-is-zero-size-ptr.patch kpatch-description: thermal/int340x_thermal: handle data_vault when the value is ZERO_SIZE_PTR kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2022-48703 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2022-48703 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=7931e28098a4c1a2a6802510b0cbe57546d2049d kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2023-52462-bpf-fix-check-for-attempt-to-corrupt-spilled-pointer.patch kpatch-description: bpf: fix check for attempt to corrupt spilled pointer kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2023-52462 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-52462 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=ab125ed3ec1c10ccc36bc98c7a4256ad114a3dae kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2023-52467-mfd-syscon-fix-null-pointer-dereference-in-of-syscon-register.patch kpatch-description: mfd: syscon: Fix null pointer dereference in of_syscon_register() kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2023-52467 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-52467 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=41673c66b3d0c09915698fec5c13b24336f18dd1 kpatch-name: skipped/CVE-2023-52490.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2023-52490 kpatch-skip-reason: Out of scope: not affected kpatch-cvss: kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2023-52520-platform-x86-think-lmi-fix-reference-leak.patch kpatch-description: platform/x86: think-lmi: Fix reference leak kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2023-52520 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-52520 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/patch/?id=124cf0ea4b82e1444ec8c7420af4e7db5558c293 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2023-52585-drm-amdgpu-fix-possible-null-dereference-in.patch kpatch-description: drm/amdgpu: Fix possible NULL dereference in amdgpu_ras_query_error_status_helper() kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2023-52585 kpatch-cvss: 4.4 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-52585 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=b8d55a90fd55b767c25687747e2b24abd1ef8680 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2023-52762-virtio-blk-fix-implicit-overflow-on-virtio-max-dma-size.patch kpatch-description: virtio-blk: fix implicit overflow on virtio_max_dma_size kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2023-52762 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-52762 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=fafb51a67fb883eb2dde352539df939a251851be kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2023-52784-bonding-stop-the-device-in-bond-setup-by-slave.patch kpatch-description: bonding: stop the device in bond_setup_by_slave() kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2023-52784 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-52784 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=3cffa2ddc4d3fcf70cde361236f5a614f81a09b2 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2023-52751-smb-client-fix-use-after-free-in-smb2-query-info-compound.patch kpatch-description: smb: client: fix use-after-free in smb2_query_info_compound() kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2023-52751 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-52751 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=5c86919455c1edec99ebd3338ad213b59271a71b kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2023-52791-i2c-core-run-atomic-i2c-xfer-when-preemptible.patch kpatch-description: i2c: core: Run atomic i2c xfer when !preemptible kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2023-52791 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-52791 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=aa49c90894d06e18a1ee7c095edbd2f37c232d02 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2023-52791-i2c-core-fix-atomic-xfer-check-for-non-preempt-config.patch kpatch-description: i2c: core: Fix atomic xfer check for non-preempt config kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2023-52791 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-52791 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=aa49c90894d06e18a1ee7c095edbd2f37c232d02 kpatch-name: skipped/CVE-2023-52756.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2023-52756 kpatch-skip-reason: Bug doesn't hit as enum values are just shifted numbers kpatch-cvss: kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2023-52813-crypto-pcrypt-fix-hungtask-for-padata-reset.patch kpatch-description: crypto: pcrypt - Fix hungtask for PADATA_RESET kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2023-52813 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-52813 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=8f4f68e788c3a7a696546291258bfa5fdb215523 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2023-52811-scsi-ibmvfc-remove-bug-on-in-the-case-of-an-empty-event-pool.patch kpatch-description: scsi: ibmvfc: Remove BUG_ON in the case of an empty event pool kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2023-52811 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-52811 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=b39f2d10b86d0af353ea339e5815820026bca48f kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2023-52775-net-smc-avoid-data-corruption-caused-by-decline.patch kpatch-description: net/smc: avoid data corruption caused by decline kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2023-52775 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-52775 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=e6d71b437abc2f249e3b6a1ae1a7228e09c6e563 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2023-52831-cpu-hotplug-prevent-self-deadlock-on-cpu-hot-unplug.patch kpatch-description: cpu/hotplug: Prevent self deadlock on CPU hot-unplug kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2023-52831 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-52831 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=38685e2a0476127db766f81b1c06019ddc4c9ffa kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2023-52831-cpu-hotplug-don-t-offline-the-last-non-isolated-cpu.patch kpatch-description: cpu/hotplug: Don't offline the last non-isolated CPU kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2023-52831 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-52831 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=38685e2a0476127db766f81b1c06019ddc4c9ffa kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2023-52833-bluetooth-btusb-add-date-evt-skb-is-null-check.patch kpatch-description: Bluetooth: btusb: Add date->evt_skb is NULL check kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2023-52833 kpatch-cvss: 4.4 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-52833 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=624820f7c8826dd010e8b1963303c145f99816e9 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2023-52840-input-synaptics-rmi4-fix-use-after-free-in-rmi-unregister-function.patch kpatch-description: Input: synaptics-rmi4 - fix use after free in rmi_unregister_function() kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2023-52840 kpatch-cvss: 4.4 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-52840 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=eb988e46da2e4eae89f5337e047ce372fe33d5b1 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2023-52859-perf-hisi-Fix-use-after-free-when-register-pmu-fails.patch kpatch-description: perf: hisi: Fix use-after-free when register pmu fails kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2023-52859 kpatch-cvss: 6.0 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-52859 kpatch-patch-url: https://github.com/torvalds/linux/commit/b805cafc604bfdb671fae7347a57f51154afa735 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2023-52869-pstore-platform-add-check-for-kstrdup.patch kpatch-description: pstore/platform: Add check for kstrdup kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2023-52869 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-52869 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=a19d48f7c5d57c0f0405a7d4334d1d38fe9d3c1c kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2023-52878-can-dev-can_put_echo_skb-don-t-crash-kernel-if-can_priv-echo_skb-is-accessed-out-of-bounds.patch kpatch-description: can: dev: can_put_echo_skb(): don't crash kernel if can_priv::echo_skb is accessed out of bounds kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2023-52878 kpatch-cvss: 4.4 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-52878 kpatch-patch-url: https://github.com/torvalds/linux/commit/6411959c10fe917288cbb1038886999148560057 kpatch-name: skipped/CVE-2023-52902.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2023-52902 kpatch-skip-reason: nommu: kernel is not vulnerable. Commit 8220543("nommu: remove uses of VMA linked list") is absent kpatch-cvss: kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26840-cachefiles-fix-memory-leak-in-cachefiles_add_cache.patch kpatch-description: cachefiles: fix memory leak in cachefiles_add_cache() kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26840 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26840 kpatch-patch-url: https://github.com/torvalds/linux/commit/e21a2f17566cbd64926fb8f16323972f7a064444 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26857-geneve__make_sure_to_pull_inner_header_in_geneve_r.patch kpatch-description: geneve: make sure to pull inner header in geneve_rx() kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26857 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26857 kpatch-patch-url: https://github.com/torvalds/linux/commit/1ca1ba465e55b9460e4e75dec9fff31e708fec74 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26863-hsr__Fix_uninit-value_access_in_hsr_get_node__.patch kpatch-description: hsr: Fix uninit-value access in hsr_get_node() kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26863 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26863 kpatch-patch-url: https://github.com/torvalds/linux/commit/ddbec99f58571301679addbc022256970ca3eac6 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26870-NFSv4_2__fix_nfs4_listxattr_kernel_BUG_at_mm_userc.patch kpatch-description: NFSv4.2: fix nfs4_listxattr kernel BUG at mm/usercopy.c:102 kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26870 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26870 kpatch-patch-url: https://github.com/torvalds/linux/commit/251a658bbfceafb4d58c76b77682c8bf7bcfad65 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26878-quota__Fix_potential_NULL_pointer_dereference.patch kpatch-description: quota: Fix potential NULL pointer dereference kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26878 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26878 kpatch-patch-url: https://github.com/torvalds/linux/commit/d0aa72604fbd80c8aabb46eda00535ed35570f1f kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26889-Bluetooth-hci_core-Fix-possible-buffer-overflow.patch kpatch-description: Bluetooth: hci_core: Fix possible buffer overflow kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26889 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26889 kpatch-patch-url: https://github.com/torvalds/linux/commit/81137162bfaa7278785b24c1fd2e9e74f082e8e4 kpatch-name: skipped/CVE-2024-26899.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-26899 kpatch-skip-reason: Current kernel is not vulnerable. kpatch-cvss: kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26901-do_sys_name_to_handle____use_kzalloc___to_fix_kern.patch kpatch-description: do_sys_name_to_handle(): use kzalloc() to fix kernel-infoleak kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26901 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26901 kpatch-patch-url: https://github.com/torvalds/linux/commit/3948abaa4e2be938ccdfc289385a27342fb13d43 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26906-x86-sev-es-Allow-copy_from_kernel_nofault-in-earlier-boot.patch kpatch-description: x86/sev-es: Allow copy_from_kernel_nofault() in earlier boot kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26906 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26906 kpatch-patch-url: https://github.com/torvalds/linux/commit/f79936545fb122856bd78b189d3c7ee59928c751 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26906-x86_mm__Disallow_vsyscall_page_read_for_copy_from.patch kpatch-description: x86/mm: Disallow vsyscall page read for copy_from_kernel_nofault() kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26906 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26906 kpatch-patch-url: https://github.com/torvalds/linux/commit/32019c659ecfe1d92e3bf9fcdfbb11a7c70acd58 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26915-drm-amdgpu-Reset-IH-OVERFLOW_CLEAR-bit.patch kpatch-description: drm/amdgpu: Reset IH OVERFLOW_CLEAR bit kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26915 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26915 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=7330256268664ea0a7dd5b07a3fed363093477dd kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26920-tracing_trigger__Fix_to_return_error_if_failed_to_.patch kpatch-description: tracing/trigger: Fix to return error if failed to alloc snapshot kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26920 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26920 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=b5085b5ac1d96ea2a8a6240f869655176ce44197 kpatch-name: skipped/CVE-2024-26921.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-26921 kpatch-skip-reason: Live-patching will introduce network performance degradation in the best case scenario, or even some more serious issues. N/A or Low cvss3 score from NVD or vendors. kpatch-cvss: kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26937-drm-i915-gt-Reset-queue_priority_hint-on-parking.patch kpatch-description: drm/i915/gt: Reset queue_priority_hint on parking kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26937 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26937 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=4a3859ea5240365d21f6053ee219bb240d520895 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26938-drm-i915-bios-Tolerate-devdata-NULL-in-intel_bios_encoder_supports_dp_dual_mode.patch kpatch-description: drm/i915/bios: Tolerate devdata==NULL in intel_bios_encoder_supports_dp_dual_mode() kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26938 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26938 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=32e39bab59934bfd3f37097d4dd85ac5eb0fd549 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26939-drm-i915-vma-Fix-UAF-on-destroy-against-retire-race.patch kpatch-description: drm/i915/vma: Fix UAF on destroy against retire race kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26939 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26939 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=f3c71b2ded5c4367144a810ef25f998fd1d6c381 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26940-drm-vmwgfx-Create-debugfs-ttm_resource_manager-entry-only-if-needed.patch kpatch-description: drm/vmwgfx: Create debugfs ttm_resource_manager entry only if needed kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26940 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26940 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=4be9075fec0a639384ed19975634b662bfab938f kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26950-wireguard__netlink__access_device_through_ctx_inst.patch kpatch-description: wireguard: netlink: access device through ctx instead of peer kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26950 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26950 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=71cbd32e3db82ea4a74e3ef9aeeaa6971969c86f kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26951-wireguard__netlink__check_for_dangling_peer_via_is.patch kpatch-description: wireguard: netlink: check for dangling peer via is_dead instead of empty list kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26951 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26951 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=55b6c738673871c9b0edae05d0c97995c1ff08c4 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26953-net__esp__fix_bad_handling_of_pages_from_page_pool.patch kpatch-description: net: esp: fix bad handling of pages from page_pool kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26953 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26953 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=c3198822c6cb9fb588e446540485669cc81c5d34 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2023-52837-nbd-fix-uaf-in-nbd-open.patch kpatch-description: nbd: fix uaf in nbd_open kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2023-52837 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-52837 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=327462725b0f759f093788dfbcb2f1fd132f956b kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2023-52837-nbd-fix-uaf-in-nbd-open-kpatch.patch kpatch-description: nbd: fix uaf in nbd_open kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2023-52837 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-52837 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=327462725b0f759f093788dfbcb2f1fd132f956b kpatch-name: skipped/CVE-2024-35983.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-35983 kpatch-skip-reason: Kernel is not vulnerable: commit f2d5dcb4 is absent. kpatch-cvss: kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-35946-wifi-rtw89-fix-null-pointer-access-when-abort-scan-pt1.patch kpatch-description: wifi: rtw89: fix null pointer access when abort scan kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-35946 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-35946 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=7e11a2966f51695c0af0b1f976a32d64dee243b2 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-35946-wifi-rtw89-fix-null-pointer-access-when-abort-scan-pt2.patch kpatch-description: wifi: rtw89: fix null pointer access when abort scan kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-35946 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-35946 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=7e11a2966f51695c0af0b1f976a32d64dee243b2 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-35947-dyndbg-fix-old-BUG_ON-in-control-parser.patch kpatch-description: dyndbg: fix old BUG_ON in >control parser kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-35947 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-35947 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=00e7d3bea2ce7dac7bee1cf501fb071fd0ea8f6c kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-35950-drm-client-Fully-protect-modes-with-dev-mode_config-mutex.patch kpatch-description: drm/client: Fully protect modes[] with dev->mode_config.mutex kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-35950 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-35950 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3eadd887dbac1df8f25f701e5d404d1b90fd0fea kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-35959-net-mlx5e-fix-mlx5e-priv-init-cleanup-flow.patch kpatch-description: net/mlx5e: Fix mlx5e_priv_init() cleanup flow kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-35959 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-35959 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=ecb829459a841198e142f72fadab56424ae96519 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-35973-geneve-fix-header-validation-in-geneve-6-xmit-skb.patch kpatch-description: geneve: fix header validation in geneve[6]_xmit_skb kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-35973 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-35973 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=d8a6213d70accb403b82924a1c229e733433a5ef kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-35973-geneve-Fix-incorrect-inner-network-header-offset-when-innerprotoinherit-is-set.patch kpatch-description: geneve: Fix incorrect inner network header offset when innerprotoinherit is set kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-35954 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-35954 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c6ae073f5903f6c6439d0ac855836a4da5c0a701 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-35973-bareudp-Pull-inner-IP-header-on-xmit.patch kpatch-description: bareudp: Pull inner IP header on xmit kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-35954 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-35954 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c471236b2359e6b27388475dd04fff0a5e2bf922 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-35973-vxlan-Pull-inner-IP-header-in-vxlan_xmit_one.patch kpatch-description: vxlan: Pull inner IP header in vxlan_xmit_one() kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-35954 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-35954 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=31392048f55f98cb01ca709d32d06d926ab9760a kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-36031-keys-fix-overwrite-of-key-expiration-on-instantiation.patch kpatch-description: keys: Fix overwrite of key expiration on instantiation kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-36031 kpatch-cvss: 9.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-36031 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=9da27fb65a14c18efd4473e2e82b76b53ba60252 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-36896-usb-core-fix-access-violation-during-port-device-removal.patch kpatch-description: USB: core: Fix access violation during port device removal kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-36896 kpatch-cvss: 9.1 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-36896 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=a4b46d450c49f32e9d4247b421e58083fde304ce kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-35854-mlxsw-spectrum_acl_tcam-Fix-possible-use-after-free.patch kpatch-description: mlxsw: spectrum_acl_tcam: Fix possible use-after-free during rehash kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-35854 kpatch-cvss: 9.1 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-35854 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=54225988889931467a9b55fdbef534079b665519 kpatch-name: skipped/CVE-2024-38605.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-38605 kpatch-skip-reason: Not a bug for a real-life RHEL9 setup kpatch-cvss: kpatch-name: skipped/CVE-2024-26843.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-26843 kpatch-skip-reason: EFI Firmware: CVE patch is for EFI firmware which runs at boot time. kpatch-cvss: kpatch-name: skipped/CVE-2024-35957.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-35957 kpatch-skip-reason: Kernel is not affected kpatch-cvss: kpatch-name: skipped/CVE-2024-26900.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-26900 kpatch-skip-reason: Kernel is not affected kpatch-cvss: kpatch-name: skipped/CVE-2024-36926.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-36926 kpatch-skip-reason: CVE patch is for powerpc arch only kpatch-cvss: kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-36905-tcp-defer-shutdown-send-shutdown-for-tcp-syn-recv-sockets.patch kpatch-description: tcp: defer shutdown(SEND_SHUTDOWN) for TCP_SYN_RECV sockets kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-36905 kpatch-cvss: 9.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-36905 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=94062790aedb505bdda209b10bea47b294d6394f kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26927-asoc-sof-add-some-bounds-checking-to-firmware-data.patch kpatch-description: ASoC: SOF: Add some bounds checking to firmware data kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26927 kpatch-cvss: 8.4 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26927 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=98f681b0f84cfc3a1d83287b77697679e0398306 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-42154-tcp-metrics-validate-source-addr-length-kpatch.patch kpatch-description: tcp_metrics: validate source addr length kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-42154 kpatch-cvss: 9.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-42154 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=66be40e622e177316ae81717aa30057ba9e61dff kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26707-net-hsr-remove-warn-once-in-send-hsr-supervision-frame.patch kpatch-description: net: hsr: remove WARN_ONCE() in send_hsr_supervision_frame() kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26707 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26707 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=37e8c97e539015637cb920d3e6f1e404f707a06e kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26679-inet-read-sk-sk-family-once-in-inet-recv-error.patch kpatch-description: inet: read sk->sk_family once in inet_recv_error() kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26679 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26679 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=eef00a82c568944f113f2de738156ac591bbd5cd kpatch-name: skipped/CVE-2024-26678.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-26678 kpatch-skip-reason: Boot time issue kpatch-cvss: kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26691-kvm-arm64-fix-circular-locking-dependency.patch kpatch-description: KVM: arm64: Fix circular locking dependency kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26691 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26691 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=10c02aad111df02088d1a81792a709f6a7eca6cc kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26680-net-atlantic-fix-dma-mapping-for-ptp-hwts-ring.patch kpatch-description: net: atlantic: Fix DMA mapping for PTP hwts ring kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26680 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26680 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=2e7d3b67630dfd8f178c41fa2217aa00e79a5887 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26686-fs-proc-do_task_stat-move-thread_group_cputime_adjus.patch kpatch-description: fs/proc: do_task_stat: move thread_group_cputime_adjusted() outside of lock_task_sighand() kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26686 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26686 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=60f92acb60a989b14e4b744501a0df0f82ef30a3 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26686-fs-proc-do-task-stat-use-sig-stats-lock-to-gather-the-threads-children-stats.patch kpatch-description: fs/proc: do_task_stat: use sig->stats_lock to gather the threads/children stats kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26686 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26686 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=7601df8031fd67310af891897ef6cc0df4209305 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26704-ext4-fix-double-free-of-blocks-due-to-wrong.patch kpatch-description: ext4: fix double-free of blocks due to wrong kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26704 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26704 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=55583e899a5357308274601364741a83e78d6ac4 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26700-drm-amd-display-Fix-MST-Null-Ptr-for-RV.patch kpatch-description: drm/amd/display: Fix MST Null Ptr for RV kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26700 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26700 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=1b5b72b4d67c1e72c4fc19151fd669acecc92faa kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26675-ppp-async-limit-mru-to-64k.patch kpatch-description: ppp_async: limit MRU to 64K kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26675 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26675 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=cb88cb53badb8aeb3955ad6ce80b07b598e310b8 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2023-52757-smb-client-fix-potential-deadlock-when-releasing-mids.patch kpatch-description: smb: client: fix potential deadlock when releasing mids kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2023-52757 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-52757 kpatch-patch-url: https://gitlab.com/redhat/centos-stream/src/kernel/centos-stream-9/-/commit/e6dbb199ae1025d695a34ef4f2f87460e06f0c99 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2023-52632-drm-amdkfd-Fix-lock-dependency-warning-with-srcu.patch kpatch-description: drm/amdkfd: Fix lock dependency warning with srcu kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2023-52632 kpatch-cvss: 4.4 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-52632 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=2a9de42e8d3c82c6990d226198602be44f43f340 kpatch-name: skipped/CVE-2024-36920.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-36920 kpatch-skip-reason: Warning fix doesn't worth live-patching kpatch-cvss: kpatch-name: skipped/CVE-2024-36936.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-36936 kpatch-skip-reason: Boot time fix cannot be fixed with live-patching kpatch-cvss: kpatch-name: skipped/CVE-2023-52634.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2023-52634 kpatch-skip-reason: The patch for this CVE fixing vulnerability which was introduced in kernel v6.7 kpatch-cvss: kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2023-52635-pm-devfreq-synchronize-devfreq-monitor-start-stop.patch kpatch-description: PM / devfreq: Synchronize devfreq_monitor_[start/stop] kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2023-52635 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-52635 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=aed5ed595960c6d301dcd4ed31aeaa7a8054c0c6 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2023-52648-drm-vmwgfx-unmap-the-surface-before-resetting-it-on-a-plane.patch kpatch-description: drm/vmwgfx: Unmap the surface before resetting it on a plane state state kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2023-52648 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-52648 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=27571c64f1855881753e6f33c3186573afbab7ba kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2023-52649-drm-vkms-avoid-reading-beyond-lut-array.patch kpatch-description: drm/vkms: Avoid reading beyond LUT array kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2023-52649 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-52649 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=2fee84030d12d9fddfa874e4562d71761a129277 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2023-52650-drm-tegra-dsi-add-missing-check-for-of-find-device-by-node.patch kpatch-description: drm/tegra: dsi: Add missing check for of_find_device_by_node kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2023-52650 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-52650 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=afe6fcb9775882230cd29b529203eabd5d2a638d kpatch-name: skipped/CVE-2023-52619.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2023-52619 kpatch-skip-reason: Complex adaptation required. x86 and amd64 architectures are not affected. Issues triggers while dumping after another crash. kpatch-cvss: kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2023-52731-fbdev-fix-invalid-page-access-after-closing-deferred-i-o-devices.patch kpatch-description: fbdev: Fix invalid page access after closing deferred I/O devices kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2023-52731 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-52731 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=3efc61d95259956db25347e2a9562c3e54546e20 kpatch-name: skipped/CVE-2023-52686.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2023-52686 kpatch-skip-reason: CVE patch is for powerpc arch only kpatch-cvss: kpatch-name: skipped/CVE-2023-52740.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2023-52740 kpatch-skip-reason: CVE patch is for powerpc arch only kpatch-cvss: kpatch-name: skipped/CVE-2023-52690.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2023-52690 kpatch-skip-reason: Out of scope as the patch is for powerpc arch only kpatch-cvss: kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2023-52730-mmc-sdio-fix-possible-resource-leaks-in-some-error-paths.patch kpatch-description: mmc: sdio: fix possible resource leaks in some error paths kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2023-52730 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-52730 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=605d9fb9556f8f5fb4566f4df1480f280f308ded kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2023-52703-net-usb-kalmia-don-t-pass-act-len-in-usb-bulk-msg-error-path.patch kpatch-description: net/usb: kalmia: Don't pass act_len in usb_bulk_msg error path kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2023-52703 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-52703 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=c68f345b7c425b38656e1791a0486769a8797016 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2023-52697-ASoC-Intel-sof_sdw_rt_sdca_jack_common-ctx-headset_codec_dev-NULL.patch kpatch-description: ASoC: Intel: sof_sdw_rt_sdca_jack_common: ctx->headset_codec_dev = NULL kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2023-52697 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-52697 kpatch-patch-url: https://gitlab.com/redhat/centos-stream/src/kernel/centos-stream-9/-/commit/e502cdeaace02eccacb616335769bdf7cb586b7d kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2023-52698-calipso-fix-memory-leak-in-netlbl_calipso_add_pass.patch kpatch-description: calipso: fix memory leak in netlbl_calipso_add_pass() kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2023-52698 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-52698 kpatch-patch-url: https://gitlab.com/redhat/centos-stream/src/kernel/centos-stream-9/-/commit/6706598da43cfbde852754274549717cc558d1dd kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2023-52689-alsa-scarlett2-add-missing-mutex-lock-around-get-meter-levels.patch kpatch-description: ALSA: scarlett2: Add missing mutex lock around get meter levels kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2023-52689 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-52689 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=993f7b42fa066b055e3a19b7f76ad8157c0927a0 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26958-nfs-fix-UAF-in-direct-writes.patch kpatch-description: nfs: fix UAF in direct writes kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26958 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26958 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=17f46b803d4f23c66cacce81db35fef3adb8f2af kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26958-nfs-fix-UAF-in-direct-writes-kpatch.patch kpatch-description: nfs: fix UAF in direct writes kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26958 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26958 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=17f46b803d4f23c66cacce81db35fef3adb8f2af kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26960-mm-swap-fix-race-between-free_swap_and_cache-and-swa.patch kpatch-description: mm: swap: fix race between free_swap_and_cache() and swapoff() kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26960 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26960 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=82b1c07a0af603e3c47b906c8e991dc96f01688e kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26964-usb-xhci-Add-error-handling-in-xhci_map_urb_for_dma.patch kpatch-description: usb: xhci: Add error handling in xhci_map_urb_for_dma kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26964 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26964 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=be95cc6d71dfd0cba66e3621c65413321b398052 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26973-fat-fix-uninitialized-field-in-nostale-filehandles.patch kpatch-description: fat: fix uninitialized field in nostale filehandles kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26973 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26973 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=fde2497d2bc3a063d8af88b258dbadc86bd7b57c kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26975-powercap-intel_rapl-Fix-a-NULL-pointer-dereference.patch kpatch-description: powercap: intel_rapl: Fix a NULL pointer dereference kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26975 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26975 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=2d1f5006ff95770da502f8cee2a224a1ff83866e kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26984-nouveau-fix-instmem-race-condition-around-ptr-stores.patch kpatch-description: nouveau: fix instmem race condition around ptr stores kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26984 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26984 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=fff1386cc889d8fb4089d285f883f8cba62d82ce kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26987-mm-memory-failure-fix-deadlock-when-hugetlb_optimize_vmemmap-is-enabled.patch kpatch-description: mm/memory-failure: fix deadlock when hugetlb_optimize_vmemmap is enabled kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26987 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26987 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=1983184c22dd84a4d95a71e5c6775c2638557dc7 kpatch-name: skipped/CVE-2024-26988.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-26988 kpatch-skip-reason: Out of scope as the patch is for vmlinux init sections which are discarded after the boot kpatch-cvss: kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26989-arm64-hibernate-Fix-level3-translation-fault-in-swsusp_save.patch kpatch-description: arm64: hibernate: Fix level3 translation fault in swsusp_save() kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26989 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26989 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=50449ca66cc5a8cbc64749cf4b9f3d3fc5f4b457 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-27025-nbd-null-check-for-nla-nest-start.patch kpatch-description: nbd: null check for nla_nest_start kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-27025 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-27025 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=31edf4bbe0ba27fd03ac7d87eb2ee3d2a231af6d kpatch-name: skipped/CVE-2024-27023.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-27023 kpatch-skip-reason: Fix commit isn't present kpatch-cvss: kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-27389-pstore-inode-only-d-invalidate-is-needed.patch kpatch-description: pstore: inode: Only d_invalidate() is needed kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-27389 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-27389 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=a43e0fc5e9134a46515de2f2f8d4100b74e50de3 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-27038-clk-Fix-clk_core_get-NULL-dereference.patch kpatch-description: clk: Fix clk_core_get NULL dereference kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-27038 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-27038 kpatch-patch-url: https://gitlab.com/redhat/centos-stream/src/kernel/centos-stream-9/-/commit/ad3c36556614598882f9bfd24e917e329ca5f761 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-27042-drm-amdgpu-Fix-potential-out-of-bounds-access-in-amdgpu_discovery_reg_base_init.patch kpatch-description: drm/amdgpu: Fix potential out-of-bounds access in 'amdgpu_discovery_reg_base_init()' kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-27042 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-27042 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=8db10cee51e3e11a6658742465edc21986cf1e8d kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-27048-wifi-brcm80211-handle-pmk_op-allocation-failure.patch kpatch-description: wifi: brcm80211: handle pmk_op allocation failure kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-27048 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-27048 kpatch-patch-url: https://gitlab.com/redhat/centos-stream/src/kernel/centos-stream-9/-/commit/2ea4ff826876e4cd799a7df1e410bc9e6e7adb2c kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-27057-ASoC-SOF-ipc4-pcm-Workaround-for-crashed-firmware-on-system-suspend.patch kpatch-description: ASoC: SOF: ipc4-pcm: Workaround for crashed firmware on system suspend kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-27057 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-27057 kpatch-patch-url: https://gitlab.com/redhat/centos-stream/src/kernel/centos-stream-9/-/commit/9fdefb89decb48ec0dd19c899c2c43e0094afc44 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-27395-net-openvswitch-fix-use-after-free-in-ovs-ct-exit.patch kpatch-description: net: openvswitch: Fix Use-After-Free in ovs_ct_exit kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-27395 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-27395 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=9048616553c65e750d43846f225843ed745ec0d4 kpatch-name: skipped/CVE-2024-27404.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-27404 kpatch-skip-reason: Complex adaptation required. Network services prevents update because they can sleep in subflow_finish_connect() function. kpatch-cvss: kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-27410-wifi-nl80211-reject-iftype-change-with-mesh-ID-chang.patch kpatch-description: wifi: nl80211: reject iftype change with mesh ID change kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-27410 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-27410 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=063715c33b4c37587aeca2c83cf08ead0c542995 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-27414-rtnetlink-fix-error-logic-of-IFLA_BRIDGE_FLAGS-writing-back.patch kpatch-description: rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing back kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-27414 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-27414 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=a1227b27fcccc99dc44f912b479e01a17e2d7d31 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-35787-md-md-bitmap-fix-incorrect-usage-for-sb_index.patch kpatch-description: md/md-bitmap: fix incorrect usage for sb_index kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-35787 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-35787 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=736ad6c577a367834118f57417038d45bb5e0a31 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-35795-drm-amdgpu-fix-deadlock-while-reading-mqd-from-debugfs.patch kpatch-description: drm/amdgpu: fix deadlock while reading mqd from debugfs kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-35795 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-35795 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=197f6d6987c55860f6eea1c93e4f800c59078874 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-27431-cpumap-Zero-initialise-xdp_rxq_info-struct-before-running-xdp-program.patch kpatch-description: cpumap: Zero-initialise xdp_rxq_info struct before running kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-27431 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-27431 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=f0363af9619c77730764f10360e36c6445c12f7b kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-27436-ALSA-usb-audio-Stop-parsing-channels-bits-when-all-channels.patch kpatch-description: ALSA: usb-audio: Stop parsing channels bits when all channels kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-27436 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-27436 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=9af1658ba293458ca6a13f70637b9654fa4be064 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-31076-genirq-cpuhotplug-x86-vector-Prevent-vector-leak-during-CPU-offline.patch kpatch-description: genirq/cpuhotplug, x86/vector: Prevent vector leak during CPU offline kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-31076 kpatch-cvss: 5.1 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-31076 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=9eeda3e0071a329af1eba15f4e57dc39576bb420 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26976-kvm-always-flush-async-pf-workqueue-when-vcpu-is-being-destroyed.patch kpatch-description: KVM: Always flush async #PF workqueue when vCPU is being destroyed kpatch-kernel: kernel-5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26976 kpatch-cvss: 7.0 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26976 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=3d75b8aa5c29058a512db29da7cbee8052724157 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26976-kvm-always-flush-async-pf-workqueue-when-vcpu-is-being-destroyed-kpatch.patch kpatch-description: KVM: Always flush async #PF workqueue when vCPU is being destroyed kpatch-kernel: kernel-5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26976 kpatch-cvss: 7.0 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26976 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=3d75b8aa5c29058a512db29da7cbee8052724157 kpatch-name: skipped/CVE-2024-35794.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-35794 kpatch-skip-reason: Kernel is not affected kpatch-cvss: kpatch-name: skipped/CVE-2024-27079.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-27079 kpatch-skip-reason: Bug triggers in kdump kernel which we don't patch kpatch-cvss: kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26641-ip6-tunnel-make-sure-to-pull-inner-header-in-ip6-tnl-rcv.patch kpatch-description: ip6_tunnel: make sure to pull inner header in __ip6_tnl_rcv() kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26641 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26641 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=8d975c15c0cd744000ca386247432d57b21f9df0 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26656-drm-amdgpu-fix-use-after-free-bug.patch kpatch-description: drm/amdgpu: fix use-after-free bug kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26656 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26656 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=22207fd5c80177b860279653d017474b2812af5e kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26660-drm-amd-display-implement-bounds-check-for-stream-encoder-creation-in-DCN301.patch kpatch-description: drm/amd/display: Implement bounds check for stream encoder creation in DCN301 kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26660 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26660 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=58fca355ad37dcb5f785d9095db5f748b79c5dc2 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26661-drm-amd-display-add-null-test-for-timing-generator-in-dcn21_set_pipe.patch kpatch-description: drm/amd/display: Add NULL test for 'timing generator' in 'dcn21_set_pipe()' kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26661 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26661 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=66951d98d9bf45ba25acf37fe0747253fafdf298 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26662-drm-amd-display-fix-panel_cntl-could-be-null-in-dcn21_set_backlight_level.patch kpatch-description: drm/amd/display: Fix 'panel_cntl' could be null in 'dcn21_set_backlight_level()' kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26662 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26662 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=e96fddb32931d007db12b1fce9b5e8e4c080401b kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26663-tipc-check-the-bearer-type-before-calling-tipc_udp_nl_bearer_add.patch kpatch-description: tipc: Check the bearer type before calling tipc_udp_nl_bearer_add() kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26663 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26663 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=3871aa01e1a779d866fa9dfdd5a836f342f4eb87 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26669-net-sched-flower-fix-chain-template-offload-kpatch.patch kpatch-description: net/sched: flower: Fix chain template offload kpatch kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26669 kpatch-cvss: 7.1 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26669 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=32f2a0afa95fae0d1ceec2ff06e0e816939964b8 kpatch-name: skipped/CVE-2024-26674.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-26674 kpatch-skip-reason: Out of scope: not affected kpatch-cvss: kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26990-KVM-x86-mmu-Write-protect-L2-SPTEs-in-TDP-MMU-when-clearing-dirty-status.patch kpatch-description: KVM: x86/mmu: Write-protect L2 SPTEs in TDP MMU when clearing dirty status kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26990 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26990 kpatch-patch-url: https://gitlab.com/redhat/centos-stream/src/kernel/centos-stream-9/-/commit/4d44bfa805835e3c951faf2985249dd01af70c3c kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-27013-tun-limit-printing-rate-when-illegal-packet-received-by-tun-dev.patch kpatch-description: tun: limit printing rate when illegal packet received by tun dev kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-27013 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-27013 kpatch-patch-url: https://gitlab.com/redhat/centos-stream/src/kernel/centos-stream-9/-/commit/4e933e785236886890959d705f94e30c99775b87 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-27015-netfilter-flowtable-incorrect-pppoe-tuple.patch kpatch-description: netfilter: flowtable: incorrect pppoe tuple kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-27015 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-27015 kpatch-patch-url: https://gitlab.com/redhat/centos-stream/src/kernel/centos-stream-9/-/commit/83c2f8f40816ecedf9da8ac3bd803f7261e99594 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-35877-x86-mm-pat-fix-vm-pat-handling-in-cow-mappings.patch kpatch-description: x86/mm/pat: fix VM_PAT handling in COW mappings kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-35877 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-35877 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=04c35ab3bdae7fefbd7c7a7355f29fa03a035221 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-35864-smb__client__fix_potential_UAF_in_smb2_is_valid_le.patch kpatch-description: smb: client: fix potential UAF in smb2_is_valid_lease_break() kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-35864 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-35864 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=705c76fbf726c7a2f6ff9143d4013b18daaaebf1 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-35866-smb-client-fix-potential-uaf-in-cifs-dump-full-key.patch kpatch-description: smb: client: fix potential UAF in cifs_dump_full_key() kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-35866 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-35866 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=58acd1f497162e7d282077f816faa519487be045 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-35865-smb-client-fix-potential-uaf-in-smb2-is-valid-oplock-break.patch kpatch-description: smb: client: fix potential UAF in smb2_is_valid_oplock_break() kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-35865 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-35865 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=22863485a4626ec6ecf297f4cc0aef709bc862e4#if kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-35867-smb__client__fix_potential_UAF_in_cifs_stats_proc_.patch kpatch-description: smb: client: fix potential UAF in cifs_stats_proc_show() kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-35867 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-35867 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=0865ffefea197b437ba78b5dd8d8e256253efd65 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-35878-of-module-prevent-null-pointer-dereference-in-vsnprintf.patch kpatch-description: of: module: prevent NULL pointer dereference in vsnprintf() kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-35878 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-35878 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=a1aa5390cc912934fee76ce80af5f940452fa987 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-35872-mm-secretmem-fix-gup-fast-succeeding-on-secretmem-folios.patch kpatch-description: mm/secretmem: fix GUP-fast succeeding on secretmem folios kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-35872 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-35872 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=6564b014af92b677c1f07c44d7f5b595d589cf6e kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-35876-x86-mce-make-sure-to-grab-mce-sysfs-mutex-in-set-bank.patch kpatch-description: x86/mce: Make sure to grab mce_sysfs_mutex in set_bank() kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-35876 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-35876 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=3ddf944b32f88741c303f0b21459dbb3872b8bc5 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-35886-ipv6-fix-infinite-recursion-in-fib6-dump-done.patch kpatch-description: ipv6: Fix infinite recursion in fib6_dump_done(). kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-35886 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-35886 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=d21d40605bca7bd5fc23ef03d4c1ca1f48bc2cae kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-35888-erspan-make-sure-erspan_base_hdr-is-present-in-skb-h.patch kpatch-description: erspan: make sure erspan_base_hdr is present in skb->head kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-35888 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-35888 kpatch-patch-url: https://git.kernel.org/stable/c/17af420545a750f763025149fa7b833a4fc8b8f0 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-35892-net-sched-fix-lockdep-splat-in-qdisc-tree-reduce-backlog.patch kpatch-description: net/sched: fix lockdep splat in qdisc_tree_reduce_backlog() kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-35892 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-35892 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=7eb322360b0266481e560d1807ee79e0cef5742b kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-35894-mptcp-prevent-bpf-accessing-lowat-from-a-subflow-socket.patch kpatch-description: mptcp: prevent BPF accessing lowat from a subflow socket. kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-35894 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-35894 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=fcf4692fa39e86a590c14a4af2de704e1d20a3b5 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-35900-netfilter-nf-tables-reject-new-basechain-after-table-flag-update.patch kpatch-description: netfilter: nf_tables: reject new basechain after table flag update kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-35900 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-35900 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=994209ddf4f430946f6247616b2e33d179243769 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-35905-bpf-Fix-verification-of-indirect-var-off-stack-access.patch kpatch-description: bpf: Fix verification of indirect var-off stack access kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-35905 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-35905 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=a833a17aeac73b33f79433d7cee68d5cafd71e4f kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-35905-bpf-protect-against-int-overflow-for-stack-access-size.patch kpatch-description: bpf: Protect against int overflow for stack access size kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-35905 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-35905 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=ecc6a2101840177e57c925c102d2d29f260d37c8 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-35908-tls-get-psock-ref-after-taking-rxlock-to-avoid-leak.patch kpatch-description: tls: get psock ref after taking rxlock to avoid leak kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-35908 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-35908 kpatch-patch-url: https://git.kernel.org/stable/c/30fabe50a7ace3e9d57cf7f9288f33ea408491c8 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-35912-wifi-iwlwifi-mvm-rfi-fix-potential-response-leaks.patch kpatch-description: wifi: iwlwifi: mvm: rfi: fix potential response leaks kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-35912 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-35912 kpatch-patch-url: https://git.kernel.org/stable/c/06a093807eb7b5c5b29b6cff49f8174a4e702341 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-35913-wifi-iwlwifi-mvm-pick-the-version-of-SESSION_PROTECT.patch kpatch-description: wifi: iwlwifi: mvm: pick the version of SESSION_PROTECTION_NOTIF kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-35913 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-35913 kpatch-patch-url: https://git.kernel.org/stable/c/bbe806c294c9c4cd1221140d96e5f367673e393a kpatch-name: skipped/CVE-2024-35918.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-35918 kpatch-skip-reason: It is not possible to fix this vulnerability using kernel livepatching because it lies below the system call level. kpatch-cvss: kpatch-name: skipped/CVE-2024-38604.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-38604 kpatch-skip-reason: Existing kernels aren't affected kpatch-cvss: kpatch-name: skipped/CVE-2024-38632.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-38632 kpatch-skip-reason: Existing kernels aren't affected kpatch-cvss: kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-38635-soundwire-cadence-fix-invalid-PDI-offset.patch kpatch-description: soundwire: cadence: fix invalid PDI offset kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-38635 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-38635 kpatch-patch-url: https://github.com/torvalds/linux/commit/8ee1b439b1540ae543149b15a2a61b9dff937d91 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-38618-alsa-timer-set-lower-bound-of-start-tick-time.patch kpatch-description: ALSA: timer: Set lower bound of start tick time kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-38618 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-38618 kpatch-patch-url: https://github.com/torvalds/linux/commit/4a63bd179fa8d3fcc44a0d9d71d941ddd62f0c4e kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-38596-01-af_unix-Fix-data-races-around-sk-sk_shutdown.patch kpatch-description: af_unix: Fix data races around sk->sk_shutdown. kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-38596 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-38596 kpatch-patch-url: https://github.com/torvalds/linux/commit/e1d09c2c2f5793474556b60f83900e088d0d366d kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-38596-02-af_unix-Fix-data-races-around-sk-sk_shutdown.patch kpatch-description: af_unix: Fix data races around sk->sk_shutdown. kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-38596 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-38596 kpatch-patch-url: https://github.com/torvalds/linux/commit/afe8764f76346ba838d4f162883e23d2fcfaa90e kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-38596-03-af_unix-Fix-data-races-in-unix_stream_sendmsg.patch kpatch-description: af_unix: Fix data races in unix_release_sock/unix_stream_sendmsg kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-38596 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-38596 kpatch-patch-url: https://github.com/torvalds/linux/commit/540bf24fba16b88c1b3b9353927204b4f1074e25 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-39276-ext4-fix-mb-cache-entry-s-e-refcnt-leak-in-ext4-xattr-block-cache-find.patch kpatch-description: ext4: fix mb_cache_entry's e_refcnt leak in ext4_xattr_block_cache_find() kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-39276 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-39276 kpatch-patch-url: https://github.com/torvalds/linux/commit/0c0b4a49d3e7f49690a6827a41faeffad5df7e21 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-38600-alsa-fix-deadlocks-with-kctl-removals-at-disconnection.patch kpatch-description: ALSA: Fix deadlocks with kctl removals at disconnection kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-38600 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-38600 kpatch-patch-url: https://github.com/torvalds/linux/commit/87988a534d8e12f2e6fc01fe63e6c1925dc5307c kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-38629-dmaengine-idxd-Avoid-unnecessary-destruction-of-file_ida.patch kpatch-description: dmaengine: idxd: Avoid unnecessary destruction of file_ida kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-38629 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-38629 kpatch-patch-url: https://github.com/torvalds/linux/commit/76e43fa6a456787bad31b8d0daeabda27351a480 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-38388-alsa-hda-cs-dsp-ctl-use-private-free-for-control-cleanup.patch kpatch-description: ALSA: hda/cs_dsp_ctl: Use private_free for control cleanup kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-38388 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-38388 kpatch-patch-url: https://github.com/torvalds/linux/commit/172811e3a557d8681a5e2d0f871dc04a2d17eb13 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-38598-md-fix-resync-softlockup-when-bitmap-size-is-less-than-array-size.patch kpatch-description: md: fix resync softlockup when bitmap size is less than array size kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-38598 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-38598 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=f0e729af2eb6bee9eb58c4df1087f14ebaefe26b kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-42124-scsi-qedf-make-qedf-execute-tmf-non-preemptible.patch kpatch-description: scsi: qedf: Make qedf_execute_tmf() non-preemptible kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-42124 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-42124 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=0d8b637c9c5eeaa1a4e3dfb336f3ff918eb64fec kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-42101-drm-nouveau-fix-null-pointer-dereference-in-nouveau-connector-get-modes.patch kpatch-description: drm/nouveau: fix null pointer dereference in nouveau_connector_get_modes kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-42101 kpatch-cvss: 5.5 kpatch-cve-url: https://linux.oracle.com/cve/CVE-2024-42101.html kpatch-patch-url: https://github.com/oracle/linux-uek/commit/9e170d4e0426331fba6e136244deffb68f983c09 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-42084-ftruncate-pass-a-signed-offset.patch kpatch-description: ftruncate: pass a signed offset kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-42084 kpatch-cvss: 5.7 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-42084 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=4b8e88e563b5f666446d002ad0dc1e6e8e7102b0 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-42090-pinctrl-fix-deadlock-in-create-pinctrl-when-handling-eprobe-defer.patch kpatch-description: pinctrl: fix deadlock in create_pinctrl() when handling -EPROBE_DEFER kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-42090 kpatch-cvss: 4.7 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-42090 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=adec57ff8e66aee632f3dd1f93787c13d112b7a1 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-42114-wifi-cfg80211-restrict-nl80211-attr-txq-quantum-values.patch kpatch-description: wifi: cfg80211: restrict NL80211_ATTR_TXQ_QUANTUM values kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-42114 kpatch-cvss: 4.4 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-42114 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=d1cba2ea8121e7fdbe1328cea782876b1dd80993 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-42114-wifi-cfg80211-restrict-nl80211-attr-txq-quantum-values-kpatch.patch kpatch-description: wifi: cfg80211: restrict NL80211_ATTR_TXQ_QUANTUM values (Adaptation) kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-42114 kpatch-cvss: 4.4 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-42114 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=d1cba2ea8121e7fdbe1328cea782876b1dd80993 kpatch-name: skipped/CVE-2024-42125.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-42125 kpatch-skip-reason: kernel version 5.14 not affected kpatch-cvss: kpatch-name: skipped/CVE-2024-42123.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-42123 kpatch-skip-reason: kernel version 5.14 not affected kpatch-cvss: kpatch-name: skipped/CVE-2024-42078.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-42078 kpatch-skip-reason: kernel version 5.14 not affected kpatch-cvss: kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-42132-bluetooth-hci-disallow-setting-handle-bigger-than-hci-conn-handle-max.patch kpatch-description: bluetooth/hci: disallow setting handle bigger than HCI_CONN_HANDLE_MAX kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-42132 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-42132 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=1cc18c2ab2e8c54c355ea7c0423a636e415a0c23 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-42070-netfilter-nf-tables-fully-validate-nft-data-value-on-store-to-data-registers.patch kpatch-description: netfilter: nf_tables: fully validate NFT_DATA_VALUE on store to data registers kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-42070 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-42070 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=7931d32955e09d0a11b1fe0b6aac1bfa061c005c kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-27004-clk-Get-runtime-PM-before-walking-tree-during-disable_unused.patch kpatch-description: clk: Get runtime PM before walking tree during disable_unused kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-27004 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/cve-2024-27004 kpatch-patch-url: https://gitlab.com/redhat/centos-stream/src/kernel/centos-stream-9/-/commit/b4fcc898eb74b6e01a8191763e3855cd26845358 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-27004-clk-Get-runtime-PM-before-walking-tree-during-disable_unused-adapt.patch kpatch-description: clk: Get runtime PM before walking tree during disable_unused kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-27004 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/cve-2024-27004 kpatch-patch-url: https://gitlab.com/redhat/centos-stream/src/kernel/centos-stream-9/-/commit/b4fcc898eb74b6e01a8191763e3855cd26845358 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26708-mptcp-really-cope-with-fastopen-race.patch kpatch-description: mptcp: really cope with fastopen race kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26708 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26708 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=337cebbd850f94147cee05252778f8f78b8c337f kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-27003-clk-Get-runtime-PM-before-walking-tree-for-clk_summary.patch kpatch-description: Get runtime PM before walking tree for clk_summaryatch-description: kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-27003 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/cve-2024-27003 kpatch-patch-url: https://gitlab.com/redhat/centos-stream/src/kernel/centos-stream-9/-/commit/2dc64ff7510173e6992ae33c7c1518559c040a83 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-27062-nouveau-lock-the-client-object-tree.patch kpatch-description: nouveau: lock the client object tree kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-27062 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-27062 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=b7cc4ff787a572edf2c55caeffaa88cd801eb135 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-27062-nouveau-lock-the-client-object-tree-kpatch.patch kpatch-description: nouveau: lock the client object tree kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-27062 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-27062 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=b7cc4ff787a572edf2c55caeffaa88cd801eb135 kpatch-name: skipped/CVE-2024-35904.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-35904 kpatch-skip-reason: Affects only __init function for a built-in component, so patching will have no effect kpatch-cvss: kpatch-name: skipped/CVE-2024-35859.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-35859 kpatch-skip-reason: None of the kernels is affected kpatch-cvss: kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-35835-net-mlx5e-fix-a-double-free-in-arfs-create-groups.patch kpatch-description: net/mlx5e: fix a double-free in arfs_create_groups kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-35835 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-35835 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=3c6d5189246f590e4e1f167991558bdb72a4738b kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-35840-mptcp-use-option-mptcp-mpj-synack-in-subflow-finish-connect.patch kpatch-description: mptcp: use OPTION_MPTCP_MPJ_SYNACK in subflow_finish_connect() kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-35840 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-35840 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=be1d9d9d38da922bd4beeec5b6dd821ff5a1dfeb kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-35855-mlxsw-spectrum-acl-tcam-fix-possible-use-after-free-during-activity-update.patch kpatch-description: mlxsw: spectrum_acl_tcam: Fix possible use-after-free during activity update kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-35855 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-35855 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=79b5b4b18bc85b19d3a518483f9abbbe6d7b3ba4 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-35838-wifi-mac80211-fix-potential-sta-link-leak.patch kpatch-description: wifi: mac80211: fix potential sta-link leak kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-35838 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-35838 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=b01a74b3ca6fd51b62c67733ba7c3280fa6c5d26 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-35847-irqchip-gic-v3-its-prevent-double-free-on-error.patch kpatch-description: irqchip/gic-v3-its: Prevent double free on error kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-35847 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-35847 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=c26591afd33adce296c022e3480dea4282b7ef91 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-35831-io_uring-Fix-release-of-pinned-pages-when-__io_uaddr_map-fails.patch kpatch-description: io_uring: Fix release of pinned pages when __io_uaddr_map fails kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-35831 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-35831 kpatch-patch-url: https://github.com/torvalds/linux/commit/67d1189d1095d471ed7fa426c7e384a7140a5dd7 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26928-smb-client-fix-potential-UAF-in-cifs_debug_files_proc_show.patch kpatch-description: smb: client: fix potential UAF in cifs_debug_files_proc_show() kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26928 kpatch-cvss: 5.6 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26928 kpatch-patch-url: https://github.com/torvalds/linux/commit/ca545b7f0823f19db0f1148d59bc5e1a56634502 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-35861-smb-client-fix-potential-uaf-in-cifs-signal-cifsd-for-reconnect.patch kpatch-description: smb: client: fix potential UAF in cifs_signal_cifsd_for_reconnect() kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-35861 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-35861 kpatch-patch-url: https://github.com/torvalds/linux/commit/e0e50401cc3921c9eaf1b0e667db174519ea939f kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-35862-smb-client-fix-potential-uaf-in-smb2-is-network-name-deleted.patch kpatch-description: smb: client: fix potential UAF in smb2_is_network_name_deleted() kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-35862 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-35862 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=63981561ffd2d4987807df4126f96a11e18b0c1d kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-35863-smb-client-fix-potential-uaf-in-is-valid-oplock-break.patch kpatch-description: smb: client: fix potential UAF in is_valid_oplock_break() kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-35863 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-35863 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=69ccf040acddf33a3a85ec0f6b45ef84b0f7ec29 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26837-net-bridge-switchdev-Skip-MDB-replays-of-deferred-ev.patch kpatch-description: net: bridge: switchdev: Skip MDB replays of deferred events on offload kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26837 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26837 kpatch-patch-url: https://git.kernel.org/stable/c/2d5b4b3376fa146a23917b8577064906d643925f kpatch-name: skipped/CVE-2024-35942.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-35942 kpatch-skip-reason: Out of scope as the patch is for i.MX SoC kpatch-cvss: kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26892-wifi-mt76-mt7921e-fix-use-after-free-in-free-irq.patch kpatch-description: wifi: mt76: mt7921e: fix use-after-free in free_irq() kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26892 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26892 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=c957280ef6ab6bdf559a91ae693a6b34310697e3 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-39298-mm-memory-failure-fix-handling-of-dissolved-but-not-taken-off-from-buddy-pages.patch kpatch-description: mm/memory-failure: fix handling of dissolved but not taken off from buddy pages kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-39298 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-39298 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=8cf360b9d6a840700e06864236a01a883b34bbad kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-39473-asoc-sof-ipc4-topology-fix-input-format-query-of-process-modules-without-base-extension.patch kpatch-description: ASoC: SOF: ipc4-topology: Fix input format query of process modules without base extension kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-39473 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-39473 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=ffa077b2f6ad124ec3d23fbddc5e4b0ff2647af8 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-39474-mm-vmalloc-fix-vmalloc-which-may-return-null-if-called-with.patch kpatch-description: mm/vmalloc: fix vmalloc which may return null if called with kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-39474 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-39474 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=8e0545c83d672750632f46e3f9ad95c48c91a0fc kpatch-name: skipped/CVE-2024-39488.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-39488 kpatch-skip-reason: Out of scope: ARM64 architecture issue kpatch-cvss: kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-39497-drm-shmem-helper-fix-bug-on-on-mmap-prot-write-map-private.patch kpatch-description: drm/shmem-helper: Fix BUG_ON() on mmap(PROT_WRITE, MAP_PRIVATE) kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-39497 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-39497 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/patch/?id=03c71c42809ef4b17f5d874cdb2d3bf40e847b86 kpatch-name: skipped/CVE-2024-39498.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-39498 kpatch-skip-reason: Kernel is not affected. kpatch-cvss: kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-39499-vmci-prevent-speculation-leaks-by-sanitizing-event-in-event-deliver.patch kpatch-description: vmci: prevent speculation leaks by sanitizing event in event_deliver() kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-39499 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-39499 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=8003f00d895310d409b2bf9ef907c56b42a4e0f4 kpatch-name: skipped/CVE-2024-40930.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-40930 kpatch-skip-reason: Existing kernels aren't affected kpatch-cvss: kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-40967-serial-imx-Introduce-timeout-when-waiting-on-transmitter-empty.patch kpatch-description: serial: imx: Introduce timeout when waiting on transmitter empty kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-40967 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-40967 kpatch-patch-url: https://github.com/torvalds/linux/commit/e533e4c62e9993e62e947ae9bbec34e4c7ae81c2 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-40945-iommu-Return-right-value-in-iommu_sva_bind_device.patch kpatch-description: iommu: Return right value in iommu_sva_bind_device() kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-40945 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-40945 kpatch-patch-url: https://github.com/torvalds/linux/commit/89e8a2366e3bce584b6c01549d5019c5cda1205e kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-40940-net-mlx5-fix-tainted-pointer-delete-is-case-of-flow-rules-creation-fail.patch kpatch-description: net/mlx5: Fix tainted pointer delete is case of flow rules creation fail kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-40940 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-40940 kpatch-patch-url: https://github.com/torvalds/linux/commit/229bedbf62b13af5aba6525ad10b62ad38d9ccb5 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-40988-drm-radeon-fix-UBSAN-warning-in-kv_dpm-c.patch kpatch-description: drm/radeon: fix UBSAN warning in kv_dpm.c kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-40988 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-40988 kpatch-patch-url: https://github.com/torvalds/linux/commit/a498df5421fd737d11bfd152428ba6b1c8538321 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-40948-mm-page-table-check-fix-crash-on-zone-device.patch kpatch-description: mm/page_table_check: fix crash on ZONE_DEVICE kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-40948 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-40948 kpatch-patch-url: https://github.com/torvalds/linux/commit/8bb592c2eca8fd2bc06db7d80b38da18da4a2f43 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-40997-cpufreq-amd-pstate-fix-memory-leak-on-cpu-epp-exit.patch kpatch-description: cpufreq: amd-pstate: fix memory leak on CPU EPP exit kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-40997 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-40997 kpatch-patch-url: https://github.com/torvalds/linux/commit/cea04f3d9aeebda9d9c063c0dfa71e739c322c81 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-40997-cpufreq-amd-pstate-fix-memory-leak-on-cpu-epp-exit-kpatch.patch kpatch-description: cpufreq: amd-pstate: fix memory leak on CPU EPP exit kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-40997 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-40997 kpatch-patch-url: https://github.com/torvalds/linux/commit/cea04f3d9aeebda9d9c063c0dfa71e739c322c81 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-39491-alsa-hda-cs35l56-fix-lifetime-of-cs-dsp-instance.patch kpatch-description: ALSA: hda: cs35l56: Fix lifetime of cs_dsp instance kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-39491 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-39491 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/patch/?id=60d5e087e5f334475b032ad7e6ad849fb998f303 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-36939-nfs-handle-error-of-rpc-proc-register-in-init-nfs-fs.patch kpatch-description: nfs: handle error of rpc_proc_register() in init_nfs_fs() kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-36939 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-36939 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=24457f1be29f1e7042e50a7749f5c2dde8c433c8 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-36940-pinctrl-core-delete-incorrect-free-in-pinctrl_enable.patch kpatch-description: [PATCH] pinctrl: core: delete incorrect free in pinctrl_enable() kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-36940 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-36940 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=5038a66dad0199de60e5671603ea6623eb9e5c79 kpatch-name: skipped/CVE-2024-36944.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-36944 kpatch-skip-reason: Kernel is not affected kpatch-cvss: kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-36945-net-smc-fix-neighbour-and-rtable-leak-in-smc-ib-find-route.patch kpatch-description: net/smc: fix neighbour and rtable leak in smc_ib_find_route() kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-36945 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-36945 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=2ddc0dd7fec86ee53b8928a5cca5fbddd4fc7c06 kpatch-name: skipped/CVE-2024-36956.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-36956 kpatch-skip-reason: Thermal debugfs isn't present on redhat kernels. kpatch-cvss: kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-36960-drm-vmwgfx-Fix-invalid-reads-in-fence-signaled-events.patch kpatch-description: [PATCH 1/1] drm/vmwgfx: Fix invalid reads in fence signaled events kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-36960 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-36960 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=a37ef7613c00f2d72c8fc08bd83fb6cc76926c8c kpatch-name: skipped/CVE-2024-36961.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-36961 kpatch-skip-reason: Thermal debugfs isn't present on redhat kernels. kpatch-cvss: kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-36967-KEYS-trusted-Fix-memory-leak-in-tpm2_key_encode.patch kpatch-description: [PATCH] KEYS: trusted: Fix memory leak in tpm2_key_encode() kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-36967 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-36967 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=ffcaa2172cc1a85ddb8b783de96d38ca8855e248 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-36974-net-sched-taprio-always-validate-TCA_TAPRIO_ATTR_PRIOMAP.patch kpatch-description: [PATCH] net/sched: taprio: always validate TCA_TAPRIO_ATTR_PRIOMAP kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-36974 kpatch-cvss: 6.1 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-36974 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=f921a58ae20852d188f70842431ce6519c4fdc36 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-36977-usb-dwc3-wait-unconditionally-after-issuing-endxfer-command.patch kpatch-description: usb: dwc3: Wait unconditionally after issuing EndXfer command kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-36977 kpatch-cvss: 4.7 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-36977 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=1d26ba0944d398f88aaf997bda3544646cf21945 kpatch-name: skipped/CVE-2024-40907.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-40907 kpatch-skip-reason: Intoduced in the same kernel version with the fix kpatch-cvss: kpatch-name: skipped/CVE-2024-40913.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-40913 kpatch-skip-reason: Complex adaptation required kpatch-cvss: kpatch-name: skipped/CVE-2024-40925.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-40925 kpatch-skip-reason: Intoduced in the same kernel version with the fix kpatch-cvss: kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-39507-net__hns3__fix_kernel_crash_problem_in_concurrent_.patch kpatch-description: net: hns3: fix kernel crash problem in concurrent scenario kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-39507 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-39507 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=12cda920212a49fa22d9e8b9492ac4ea013310a4 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-40901-scsi__mpt3sas__Avoid_test_set_bit___operating_in_n.patch kpatch-description: scsi: mpt3sas: Avoid test/set_bit() operating in non-allocated memory kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-40901 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-40901 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=4254dfeda82f20844299dca6c38cbffcfd499f41 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-40919-bnxt_en__Adjust_logging_of_firmware_messages_in_ca.patch kpatch-description: bnxt_en: Adjust logging of firmware messages in case of released token in __hwrm_send() kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-40919 kpatch-cvss: 4.4 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-40919 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=a9b9741854a9fe9df948af49ca5514e0ed0429df kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-40922-io_uring_rsrc__don_t_lock_while__TASK_RUNNING.patch kpatch-description: io_uring/rsrc: don't lock while !TASK_RUNNING kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-40922 kpatch-cvss: 4.4 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-40922 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=54559642b96116b45e4b5ca7fd9f7835b8561272 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-40923-vmxnet3__disable_rx_data_ring_on_dma_allocation_fa.patch kpatch-description: vmxnet3: disable rx data ring on dma allocation failure kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-40923 kpatch-cvss: 4.4 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-40923 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=ffbe335b8d471f79b259e950cb20999700670456 kpatch-name: skipped/CVE-2024-41008.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-41008 kpatch-skip-reason: Complex adaptation required, low score patch for non critical subsystem amdgpu kpatch-cvss: kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-41020-filelock-fix-fcntl-close-race-recovery-compat-path.patch kpatch-description: filelock: Fix fcntl/close race recovery compat path kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-41020 kpatch-cvss: 6.7 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-41020 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=f8138f2ad2f745b9a1c696a05b749eabe44337ea kpatch-name: skipped/CVE-2024-41032.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-41032 kpatch-skip-reason: Kernel not vulnerable: blamed commit is absent kpatch-cvss: kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-41038-firmware-cs-dsp-prevent-buffer-overrun-when-processing-v2-alg-headers.patch kpatch-description: firmware: cs_dsp: Prevent buffer overrun when processing V2 alg headers kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-41038 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-41038 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=2163aff6bebbb752edf73f79700f5e2095f3559e kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-41042-netfilter-nf-tables-prefer-nft-chain-validate.patch kpatch-description: netfilter: nf_tables: prefer nft_chain_validate kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-41042 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-41042 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=cff3bd012a9512ac5ed858d38e6ed65f6391008c kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-41056-firmware-cs-dsp-use-strnlen-on-name-fields-in-v1-wmfw-files.patch kpatch-description: firmware: cs_dsp: Use strnlen() on name fields in V1 wmfw files kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-41056 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-41056 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=680e126ec0400f6daecf0510c5bb97a55779ff03 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-41060-drm-radeon-check-bo-va-bo-is-non-null-before-using-it.patch kpatch-description: drm/radeon: check bo_va->bo is non-NULL before using it kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-41060 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-41060 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=6fb15dcbcf4f212930350eaee174bb60ed40a536 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-41063-bluetooth-hci-core-cancel-all-works-upon-hci-unregister-dev.patch kpatch-description: Bluetooth: hci_core: cancel all works upon hci_unregister_dev() kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-41063 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-41063 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=0d151a103775dd9645c78c97f77d6e2a5298d913 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26838-rdma-irdma-fix-kasan-issue-with-tasklet.patch kpatch-description: RDMA/irdma: Fix KASAN issue with tasklet kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26838 kpatch-cvss: 4.4 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26838 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=bd97cea7b18a0a553773af806dfbfac27a7c4acb kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26846-nvme-fc-do-not-wait-in-vain-when-unloading-module.patch kpatch-description: nvme-fc: do not wait in vain when unloading module kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26846 kpatch-cvss: 4.4 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26846 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=70fbfc47a392b98e5f8dba70c6efc6839205c982 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26846-nvme-fc-do-not-wait-in-vain-when-unloading-module-kpatch.patch kpatch-description: nvme-fc: do not wait in vain when unloading module kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26846 kpatch-cvss: 4.4 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26846 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=70fbfc47a392b98e5f8dba70c6efc6839205c982 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26872-rdma-srpt-do-not-register-event-handler-until-srpt-device-is-fully-setup.patch kpatch-description: RDMA/srpt: Do not register event handler until srpt device is fully setup kpatch-kernel: kernel-5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26872 kpatch-cvss: 4.4 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26872 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=e362d007294955a4fb929e1c8978154a64efdcb6 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26922-drm-amdgpu-validate-the-parameters-of-bo-mapping-operations-more-clearly.patch kpatch-description: drm/amdgpu: validate the parameters of bo mapping operations more clearly kpatch-kernel: kernel-5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26922 kpatch-cvss: 4.4 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26922 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=212e3baccdb1939606420d88f7f52d346b49a284 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-27437-vfio-pci-disable-auto-enable-of-exclusive-intx-irq.patch kpatch-description: vfio/pci: Disable auto-enable of exclusive INTx IRQ kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-27437 kpatch-cvss: 4.4 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-27437 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=fe9a7082684eb059b925c535682e68c34d487d43 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26861-wireguard-receive-annotate-data-race-around-receiving-counter-counter.patch kpatch-description: wireguard: receive: annotate data-race around receiving_counter.counter kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26861 kpatch-cvss: 4.1 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26861 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=bba045dc4d996d03dce6fe45726e78a1a1f6d4c3 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-39501-drivers-core-synchronize-really-probe-and-dev-uevent.patch kpatch-description: drivers: core: synchronize really_probe() and dev_uevent() kpatch-kernel: kernel-5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-39501 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-39501 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=c0a40097f0bc81deafc15f9195d1fb54595cd6d0 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26992-KVM-x86-pmu-Disable-support-for-adaptive-PEBS.patch kpatch-description: KVM: x86/pmu: Disable support for adaptive PEBS kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26992 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26992 kpatch-patch-url: https://gitlab.com/redhat/centos-stream/src/kernel/centos-stream-9/-/commit/dcc98864e4faf282b2bd6fdf2b11a6fea6c570d8 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26992-KVM-x86-pmu-Disable-support-for-adaptive-PEBS-adapt.patch kpatch-description: KVM: x86/pmu: Disable support for adaptive PEBS kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26992 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26992 kpatch-patch-url: https://gitlab.com/redhat/centos-stream/src/kernel/centos-stream-9/-/commit/dcc98864e4faf282b2bd6fdf2b11a6fea6c570d8 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-43830-leds-trigger-Unregister-sysfs-attributes-before-calling-deactivate.patch kpatch-description: [PATCH 1/1] leds: trigger: Unregister sysfs attributes before calling kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-43830 kpatch-cvss: 6.6 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-43830 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=c0dc9adf9474ecb7106e60e5472577375aedaed3 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-43856-dma-fix-call-order-in-dmam-free-coherent.patch kpatch-description: dma: fix call order in dmam_free_coherent kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-43856 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-43856 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=28e8b7406d3a1f5329a03aa25a43aa28e087cb20 kpatch-name: skipped/CVE-2024-43865.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-43865 kpatch-skip-reason: Affects only the s390 architecture. kpatch-cvss: kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-43866-net-mlx5-always-drain-health-in-shutdown-callback.patch kpatch-description: net/mlx5: Always drain health in shutdown callback kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-43866 kpatch-cvss: 4.4 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-43866 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=1b75da22ed1e6171e261bc9265370162553d5393 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-43879-wifi-cfg80211-handle-2x996-ru-allocation-in-cfg80211-calculate-bitrate-he.patch kpatch-description: wifi: cfg80211: handle 2x996 RU allocation in cfg80211_calculate_bitrate_he() kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-43879 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-43879 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=bcbd771cd5d68c0c52567556097d75f9fc4e7cd6 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-43892-mm-memcg-minor-cleanup-for-MEM_CGROUP_ID_MAX.patch kpatch-description: [PATCH 5063/5129] mm/memcg: minor cleanup for MEM_CGROUP_ID_MAX kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-43892 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-43892 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=60b1e24ce8c3334d9204d6229356b750632136be kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-43892-memcg__protect_concurrent_access_to_mem_cgroup_idr.patch kpatch-description: [PATCH] memcg: protect concurrent access to mem_cgroup_idr kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-43892 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-43892 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=37a060b64ae83b76600d187d76591ce488ab836b kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-43911-wifi-mac80211-fix-null-dereference-at-band-check-in-starting-tx-ba-session.patch kpatch-description: wifi: mac80211: fix NULL dereference at band check in starting tx ba session kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-43911 kpatch-cvss: 5.7 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-43911 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=021d53a3d87eeb9dbba524ac515651242a2a7e3b kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-44947-fuse-initialize-beyond-eof-page-contents-before-setting-uptodate.patch kpatch-description: fuse: Initialize beyond-EOF page contents before setting uptodate kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-44947 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-44947 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=3c0da3d163eb32f1f91891efaade027fa9b245b9 kpatch-name: skipped/CVE-2024-40965.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-40965 kpatch-skip-reason: complex adaptation required for el9-arm64, el9-x86 not affected kpatch-cvss: kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2023-52749-spi-Fix-null-dereference-on-suspend.patch kpatch-description: spi: Fix null dereference on suspend kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2023-52749 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-52749 kpatch-patch-url: https://gitlab.com/redhat/centos-stream/src/kernel/centos-stream-9/-/commit/1d4e3a6f383420a71a60cfd34ba68336e5919558 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2023-52749-spi-Fix-null-dereference-on-suspend-adapt.patch kpatch-description: spi: Fix null dereference on suspend kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2023-52749 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-52749 kpatch-patch-url: https://gitlab.com/redhat/centos-stream/src/kernel/centos-stream-9/-/commit/1d4e3a6f383420a71a60cfd34ba68336e5919558 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-40966-tty-add-the-option-to-have-a-tty-reject-a-new-ldisc.patch kpatch-description: tty: add the option to have a tty reject a new ldisc kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-40966 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-40966 kpatch-patch-url: https://github.com/torvalds/linux/commit/6bd23e0c2bb6c65d4f5754d1456bc9a4427fc59b kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-40966-tty-add-the-option-to-have-a-tty-reject-a-new-ldisc-kpatch.patch kpatch-description: tty: add the option to have a tty reject a new ldisc kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-40966 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-40966 kpatch-patch-url: https://github.com/torvalds/linux/commit/6bd23e0c2bb6c65d4f5754d1456bc9a4427fc59b kpatch-name: skipped/CVE-2024-26650.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-26650 kpatch-skip-reason: Affected p2sb driver is not present in kernel v5.14.0 kpatch-cvss: kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-42141-bluetooth-iso-check-socket-flag-instead-of-hcon.patch kpatch-description: Bluetooth: ISO: Check socket flag instead of hcon kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-42141 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-42141 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=596b6f081336e77764ca35cfeab66d0fcdbe544e kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-42238-firmware-cs-dsp-return-error-if-block-header-overflows-file.patch kpatch-description: firmware: cs_dsp: Return error if block header overflows file kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-42238 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-42238 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=959fe01e85b7241e3ec305d657febbe82da16a02 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-42237-firmware-cs-dsp-validate-payload-length-before-processing-block.patch kpatch-description: firmware: cs_dsp: Validate payload length before processing block kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-42237 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-42237 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=6598afa9320b6ab13041616950ca5f8f938c0cf1 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-42245-revert-sched-fair-make-sure-to-try-to-detach-at-least-one-movable-task.patch kpatch-description: Revert "sched/fair: Make sure to try to detach at least one movable task" kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-42245 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-42245 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=2feab2492deb2f14f9675dd6388e9e2bf669c27a kpatch-name: skipped/CVE-2024-42258.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-42258 kpatch-skip-reason: Out of scope: 64-bit systems not affected. kpatch-cvss: kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-42268-net-mlx5-fix-missing-lock-on-sync-reset-reload.patch kpatch-description: net/mlx5: Fix missing lock on sync reset reload kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-42268 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-42268 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=572f9caa9e7295f8c8822e4122c7ae8f1c412ff9 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-42276-nvme-pci-add-missing-condition-check-for-existence-of-mapped-data.patch kpatch-description: nvme-pci: add missing condition check for existence of mapped data kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-42276 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-42276 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=c31fad1470389666ac7169fe43aa65bf5b7e2cfd kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-27012-restore-set-elements-when-delete-set-fails.patch kpatch-description: netfilter: nf_tables: restore set elements when delete set fails kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-27012 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-27012 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=86658fc7414d4b9e25c2699d751034537503d637 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-36006-mlxsw-spectrum-acl-tcam-fix-incorrect-list-api-usage.patch kpatch-description: mlxsw: spectrum_acl_tcam: Fix incorrect list API usage kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-36006 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-36006 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=b377add0f0117409c418ddd6504bd682ebe0bf79 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-36882-mm-use-memalloc-nofs-save-in-page-cache-ra-order.patch kpatch-description: mm: use memalloc_nofs_save() in page_cache_ra_order() kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-36882 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-36882 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=30153e4466647a17eebfced13eede5cbe4290e69 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-36015-ppdev-add-an-error-check-in-register-device.patch kpatch-description: ppdev: Add an error check in register_device kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-36015 kpatch-cvss: 5.5 kpatch-cve-url: https://ubuntu.com/security/CVE-2024-36015 kpatch-patch-url: https://git.launchpad.net/~ubuntu-kernel/ubuntu/+source/linux/+git/jammy/commit/?id=ee47778457b95fde8fd2def8cc10faed98e8eb4d kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-36884-Use-the-correct-type-in-nvidia_smmu_context_fault.patch kpatch-description: iommu/arm-smmu: Use the correct type in nvidia_smmu_context_fault() kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-36884 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-36884 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=65ade5653f5ab5a21635e51d0c65e95f490f5b6f kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-36881-mm-userfaultfd-reset-ptes-when-close-for-wr-protected-ones.patch kpatch-description: mm/userfaultfd: reset ptes when close() for wr-protected ones kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-36881 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-36881 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=c88033efe9a391e72ba6b5df4b01d6e628f4e734 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-35995-Use-access_width-over-bit_width-for-system.patch kpatch-description: ACPI: CPPC: Use access_width over bit_width for system memory accesses kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-35995 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-35995 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=2f4a4d63a193be6fd530d180bb13c3592052904c kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-35810-drm-vmwgfx-fix-the-lifetime-of-the-bo-cursor-memory.patch kpatch-description: drm/vmwgfx: Fix the lifetime of the bo cursor memory kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-35810 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-35810 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=9a9e8a7159ca09af9b1a300a6c8e8b6ff7501c76 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-35805-dm-snapshot-fix-lockup-in-dm-exception-table-exit.patch kpatch-description: dm snapshot: fix lockup in dm_exception_table_exit kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-35805 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-35805 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=6e7132ed3c07bd8a6ce3db4bb307ef2852b322dc kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-35807-ext4-fix-corruption-during-on-line-resize.patch kpatch-description: ext4: fix corruption during on-line resize kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-35807 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-35807 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=a6b3bfe176e8a5b05ec4447404e412c2a3fc92cc kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-35808-md-export-helpers-to-stop-sync_thread.patch kpatch-description: md: export helpers to stop sync_thread kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-35808 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-35808 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=7a2347e284d7ec2f0759be4db60fa7ca937284fc kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-35808-md-dm-raid-don-t-call-md-reap-sync-thread-directly.patch kpatch-description: md/dm-raid: don't call md_reap_sync_thread() directly kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-35808 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-35808 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=cd32b27a66db8776d8b8e82ec7d7dde97a8693b0 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-35809-pci-pm-drain-runtime-idle-callbacks-before-driver-removal.patch kpatch-description: PCI/PM: Drain runtime-idle callbacks before driver removal kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-35809 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-35809 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=9d5286d4e7f68beab450deddbb6a32edd5ecf4bf kpatch-name: skipped/CVE-2024-35812.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-35812 kpatch-skip-reason: Patch for this CVE has been reverted. Hence skipped kpatch-cvss: kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-35817-drm-amdgpu-amdgpu_ttm_gart_bind-set-gtt-bound-flag.patch kpatch-description: drm/amdgpu: amdgpu_ttm_gart_bind set gtt bound flag kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-35817 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-35817 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=6c6064cbe58b43533e3451ad6a8ba9736c109ac3 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-35822-usb-udc-remove-warning-when-queue-disabled-ep.patch kpatch-description: usb: udc: remove warning when queue disabled ep kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-35822 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-35822 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=2a587a035214fa1b5ef598aea0b81848c5b72e5e kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-35824-misc-lis3lv02d-i2c-fix-regulators-getting-en-dis-abled-twice-on-suspend-resume.patch kpatch-description: misc: lis3lv02d_i2c: Fix regulators getting en-/dis-abled twice on suspend/resume kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-35824 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-35824 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=ac3e0384073b2408d6cb0d972fee9fcc3776053d kpatch-name: skipped/CVE-2024-45005.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-45005 kpatch-skip-reason: s390 arch not supported. kpatch-cvss: kpatch-name: skipped/CVE-2024-44984.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-44984 kpatch-skip-reason: Existing kernels aren't affected kpatch-cvss: kpatch-name: skipped/CVE-2020-10135.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2020-10135 kpatch-skip-reason: Already fixed in the existing el9 kernels. kpatch-cvss: kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-44960-usb-gadget-core-Check-for-unset-descriptor.patch kpatch-description: tusb: gadget: core: Check for unset descriptor kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-44960 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-44960 kpatch-patch-url: https://github.com/torvalds/linux/commit/973a57891608a98e894db2887f278777f564de18 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26862-packet-annotate-data-races-around-ignore_outgoing.patch kpatch-description: packet: annotate data-races around ignore_outgoing kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26862 kpatch-cvss: 4.7 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26862 kpatch-patch-url: https://github.com/torvalds/linux/commit/6ebfad33161afacb3e1e59ed1c2feefef70f9f97 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-44965-x86-mm-Fix-pti_clone_pgtable-alignment-assumption.patch kpatch-description: x86/mm: Fix pti_clone_pgtable() alignment assumption kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-44965 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-44965 kpatch-patch-url: https://github.com/torvalds/linux/commit/41e71dbb0e0a0fe214545fe64af031303a08524c kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26835-netfilter-nf_tables-set-dormant-flag-on-hook-register-failure.patch kpatch-description: netfilter: nf_tables: set dormant flag on hook register failure kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26835 kpatch-cvss: 4.7 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26835 kpatch-patch-url: https://github.com/torvalds/linux/commit/bccebf64701735533c8db37773eeacc6566cc8ec kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-44970-net-mlx5e-SHAMPO-Fix-invalid-WQ-linked-list-unlink.patch kpatch-description: net/mlx5e: SHAMPO, Fix invalid WQ linked list unlink kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-44970 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-44970 kpatch-patch-url: https://github.com/torvalds/linux/commit/fba8334721e266f92079632598e46e5f89082f30 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2023-52615-hwrng-core-fix-page-fault-dead-lock-on-mmap-ed-hwrng.patch kpatch-description: hwrng: core - Fix page fault dead lock on mmap-ed hwrng kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2023-52615 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-52615 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=78aafb3884f6bc6636efcc1760c891c8500b9922 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2023-52621-bpf-check-rcu-read-lock-trace-held-before-calling-bpf-map-helpers.patch kpatch-description: bpf: Check rcu_read_lock_trace_held() before calling bpf map helpers kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2023-52621 kpatch-cvss: 4.4 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-52621 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=169410eba271afc9f0fb476d996795aa26770c6d kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2023-52643-iio-core-fix-memleak-in-iio-device-register-sysfs.patch kpatch-description: iio: core: fix memleak in iio_device_register_sysfs kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2023-52643 kpatch-cvss: 4.4 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-52643 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=95a0d596bbd0552a78e13ced43f2be1038883c81 kpatch-name: skipped/CVE-2024-26638.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-26638 kpatch-skip-reason: nbd: Low-score CVE. Patched function is called from a kthread and sleeps, which may prevent patching/unpatching. kpatch-cvss: kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26645-tracing-ensure-visibility-when-inserting-an-element-into-tracing-map.patch kpatch-description: tracing: Ensure visibility when inserting an element into tracing_map kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26645 kpatch-cvss: 4.4 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26645 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=2b44760609e9eaafc9d234a6883d042fc21132a7 kpatch-name: skipped/CVE-2024-26646.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-26646 kpatch-skip-reason: Affects only boot __init stage, already booted kernels are not affected kpatch-cvss: kpatch-name: skipped/CVE-2024-26746.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-26746 kpatch-skip-reason: Kernel not vulnerable. kpatch-cvss: kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-27011-netfilter-nf-tables-fix-memleak-in-map-from-abort-path.patch kpatch-description: netfilter: nf_tables: fix memleak in map from abort path kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-27011 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-27011 kpatch-patch-url: https://github.com/torvalds/linux/commit/86a1471d7cde792941109b93b558b5dc078b9ee9 kpatch-name: skipped/CVE-2024-39503.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-39503 kpatch-skip-reason: commit that introduces CVE is not present kpatch-cvss: kpatch-name: skipped/CVE-2023-52624.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2023-52624 kpatch-skip-reason: older kernels do not have support for DisplayCoreNext 3.5 kpatch-cvss: kpatch-name: skipped/CVE-2023-52625.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2023-52625 kpatch-skip-reason: older kernels do not have support for DisplayCoreNext 3.5 kpatch-cvss: kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-35924-usb-typec-ucsi-limit-read-size-on-v1-2.patch kpatch-description: usb: typec: ucsi: Limit read size on v1.2 kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-35924 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-35924 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=b3db266fb031fba88c423d4bb8983a73a3db6527 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-35925-block-prevent-division-by-zero-in-blk_rq_stat_sum.patch kpatch-description: block: prevent division by zero in blk_rq_stat_sum() kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-35925 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-35925 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=93f52fbeaf4b676b21acfe42a5152620e6770d02 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-35927-drm-Check-output-polling-initialized-before-disabling.patch kpatch-description: drm: Check output polling initialized before disabling kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-35927 kpatch-cvss: 5.5 kpatch-cve-url: https://ubuntu.com/security/CVE-2024-35927 kpatch-patch-url: https://git.kernel.org/linus/5abffb66d12bcac84bf7b66389c571b8bb6e82bd kpatch-name: skipped/CVE-2024-35928.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-35928 kpatch-skip-reason: The patch was later reverted in eb4f139888f6 kpatch-cvss: kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-35930-scsi-lpfc-Fix-possible-memory-leak-in-lpfc_rcv_padis.patch kpatch-description: scsi: lpfc: Fix possible memory leak in lpfc_rcv_padisc() kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-35930 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-35930 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=2ae917d4bcab80ab304b774d492e2fcd6c52c06b kpatch-name: skipped/CVE-2024-35938.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-35938 kpatch-skip-reason: wifi:ath11k, low score CVE that needs complex adaptation but decreasing MHI Bus' buf-len isn't a typical security fix. kpatch-cvss: kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-35939-dma-direct-leak-pages-on-dma-set-decrypted-failure.patch kpatch-description: dma-direct: Leak pages on dma_set_decrypted() failure kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-35939 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-35939 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=b9fa16949d18e06bdf728a560f5c8af56d2bdcaf kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-35944-vmci-use-struct-size-in-kmalloc.patch kpatch-description: VMCI: Use struct_size() in kmalloc() kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-35944 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-35944 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=e03d4910e6e45cb49f630258e870b08f2ee34e7a kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-35944-vmci-fix-memcpy-run-time-warning-in-dg-dispatch-as-host.patch kpatch-description: VMCI: Fix memcpy() run-time warning in dg_dispatch_as_host() kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-35944 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-35944 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=19b070fefd0d024af3daa7329cbc0d00de5302ec kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-35944-vmci-fix-possible-memcpy-run-time-warning-in-vmci-datagram-invoke-guest-handler.patch kpatch-description: VMCI: Fix possible memcpy() run-time warning in vmci_datagram_invoke_guest_handler() kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-35944 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-35944 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=19b070fefd0d024af3daa7329cbc0d00de5302ec kpatch-name: skipped/CVE-2024-26962.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-26962 kpatch-skip-reason: None of the existing kernels is affected kpatch-cvss: kpatch-name: skipped/CVE-2024-41007.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-41007 kpatch-skip-reason: Low-score CVE which might introduce problems in net subsystem kpatch-cvss: kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-41001-io_uring-sqpoll-work-around-a-potential-audit-memory-kpatch.patch kpatch-description: io_uring/sqpoll: work around a potential audit memory leak kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-41001 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-41001 kpatch-patch-url: https://github.com/torvalds/linux/commit/c4ce0ab27646f420 kpatch-name: skipped/CVE-2024-26812.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-26812 kpatch-skip-reason: Complex adaptation required, not worth the effort for 4.4 score CVE kpatch-cvss: kpatch-name: skipped/CVE-2024-41065.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-41065 kpatch-skip-reason: CVE patch is for powerpc arch only kpatch-cvss: kpatch-name: skipped/CVE-2024-41084.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-41084 kpatch-skip-reason: None of our RHEL9 kernels are affected by the bug kpatch-cvss: kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-41079-nvmet-always-initialize-cqe-result.patch kpatch-description: nvmet: always initialize cqe.result kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-41079 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-41079 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=cd0c1b8e045a8d2785342b385cb2684d9b48e426 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-41089-drm-nouveau-dispnv04-fix-null-pointer-dereference-in.patch kpatch-description: drm/nouveau/dispnv04: fix null pointer dereference in nv17_tv_get_hd_modes kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-41089 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-41089 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=6d411c8ccc kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-41095-drm-nouveau-dispnv04-fix-null-pointer-dereference.patch kpatch-description: drm/nouveau/dispnv04: fix null pointer dereference in nv17_tv_get_ld_modes kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-41095 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-41095 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=66edf3fb331 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-41077-null-blk-fix-validation-of-block-size.patch kpatch-description: null_blk: fix validation of block size kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-41077 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-41077 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=c462ecd659b5fce731f1d592285832fd6ad54053 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-41085-cxl-mem-fix-no-cxl-nvd-during-pmem-region-auto-assembling.patch kpatch-description: cxl/mem: Fix no cxl_nvd during pmem region auto-assembling kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-41085 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-41085 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=84ec985944ef34a34a1605b93ce401aa8737af96 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-41082-nvme-fabrics-use-reserved-tag-for-reg-read-write-command.patch kpatch-description: nvme-fabrics: use reserved tag for reg read/write command kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-41082 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-41082 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=7dc3bfcb4c9cc58970fff6aaa48172cb224d85aa kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-41094-drm-fbdev-dma-Only-set-smem_start-is-enable-per-module.patch kpatch-description: drm/fbdev-dma: Only set smem_start is enable per module option kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-41094 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-41094 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=d92a7580392a kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-41093-drm-amdgpu-avoid-using-null-object-of-framebuffer.patch kpatch-description: drm/amdgpu: avoid using null object of framebuffer kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-41093 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-41093 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=bcfa48ff785bd kpatch-name: skipped/CVE-2024-42226.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-42226 kpatch-skip-reason: Patch introduced regression and was reverted later. kpatch-cvss: kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2021-47185-tty-tty_buffer-Fix-the-softlockup-issue-in-flush_to_ldisc.patch kpatch-description: tty: tty_buffer: Fix the softlockup issue in flush_to_ldisc kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2021-47185 kpatch-cvss: 4.4 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2021-47185 kpatch-patch-url: https://gitlab.com/redhat/centos-stream/src/kernel/centos-stream-9/-/commit/9c76cbe7cde247be1f3258b807eab76ca69ba217 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2023-52477-usb-hub-Guard-against-accesses-to-uninitialized-BOS-descriptors.patch kpatch-description: usb: hub: Guard against accesses to uninitialized BOS descriptors kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2023-52477 kpatch-cvss: 4.4 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-52477 kpatch-patch-url: https://gitlab.com/redhat/centos-stream/src/kernel/centos-stream-9/-/commit/07563984720979c6e6a94ae06c00af2766e1fd11 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2023-52492-dmaengine-fix-NULL-pointer-in-channel-unregistration-function.patch kpatch-description: dmaengine: fix NULL pointer in channel unregistration function kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2023-52492 kpatch-cvss: 4.4 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-52492 kpatch-patch-url: https://gitlab.com/redhat/centos-stream/src/kernel/centos-stream-9/-/commit/d6f49707be942ea97ed52ed5b941b8ba6b7a2f0b kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2023-52498-async-Split-async_schedule_node_domain.patch kpatch-description: PM: sleep: Fix possible deadlocks in core system-wide PM code kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2023-52498 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-52498 kpatch-patch-url: https://gitlab.com/redhat/centos-stream/src/kernel/centos-stream-9/-/commit/a32b93bf0a723d8e73f43c1aca257e1588551a86 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2023-52498-async-Introduce-async_schedule_dev_nocall.patch kpatch-description: PM: sleep: Fix possible deadlocks in core system-wide PM code kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2023-52498 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-52498 kpatch-patch-url: https://gitlab.com/redhat/centos-stream/src/kernel/centos-stream-9/-/commit/a32b93bf0a723d8e73f43c1aca257e1588551a86 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2023-52498-PM-sleep-Fix-possible-deadlocks-in-core-system-wide-PM-code.patch kpatch-description: PM: sleep: Fix possible deadlocks in core system-wide PM code kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2023-52498 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-52498 kpatch-patch-url: https://gitlab.com/redhat/centos-stream/src/kernel/centos-stream-9/-/commit/a32b93bf0a723d8e73f43c1aca257e1588551a86 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2023-52513-RDMA-siw-Fix-connection-failure-handling.patch kpatch-description: RDMA/siw: Fix connection failure handling kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2023-52513 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-52513 kpatch-patch-url: https://gitlab.com/redhat/centos-stream/src/kernel/centos-stream-9/-/commit/7608c307a993bfd11cebc76c393ec1ec6965c7f5 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2023-52528-net-usb-smsc75xx-Fix-uninit-value-access-in-__smsc75xx_read_reg.patch kpatch-description: net: usb: smsc75xx: Fix uninit-value access in __smsc75xx_read_reg kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2023-52528 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-52528 kpatch-patch-url: https://gitlab.com/redhat/centos-stream/src/kernel/centos-stream-9/-/commit/2c893a88a6ab05e7aad61f8563acbeb18d801e59 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2023-52594-wifi-ath9k-Fix-potential-array-index-out-of-bounds-read-in-ath9k_htc_txstatus.patch kpatch-description: wifi: ath9k: Fix potential array-index-out-of-bounds read in ath9k_htc_txstatus() kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2023-52594 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-52594 kpatch-patch-url: https://gitlab.com/redhat/centos-stream/src/kernel/centos-stream-9/-/commit/f0a0cfd22759ea8c37a318561ada94000b85cc1a kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2023-52595-wifi-rt2x00-restart-beacon-queue-when-hardware-reset.patch kpatch-description: wifi: rt2x00: restart beacon queue when hardware reset kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2023-52595 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-52595 kpatch-patch-url: https://gitlab.com/redhat/centos-stream/src/kernel/centos-stream-9/-/commit/01d249eea31868b510e548a7c2f2747b80cdcf83 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2023-52614-PM-devfreq-Fix-buffer-overflow-in-trans_stat_show.patch kpatch-description: PM / devfreq: Fix buffer overflow in trans_stat_show kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2023-52614 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-52614 kpatch-patch-url: https://gitlab.com/redhat/centos-stream/src/kernel/centos-stream-9/-/commit/009f3aca851dcab5ae2502f03902cf27592498c8 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-35827-io_uring-net-fix-overflow-check-in-io_recvmsg_mshot_prep.patch kpatch-description: io_uring/net: fix overflow check in io_recvmsg_mshot_prep() kpatch-kernel: 5.14.0-427.42.1.el9_4 kpatch-cve: CVE-2024-35827 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-35827 kpatch-patch-url: https://gitlab.com/redhat/centos-stream/src/kernel/centos-stream-9/-/commit/7ba923ccba4030f236a5349983388d9944e9adf4 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-27010-net-sched-Fix-mirred-deadlock-on-device-recursion.patch kpatch-description: net/sched: Fix mirred deadlock on device recursion kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-27010 kpatch-cvss: 5.5 kpatch-cve-url: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2024-27010 kpatch-patch-url: https://gitlab.com/redhat/centos-stream/src/kernel/centos-stream-9/-/commit/c3c09e38bc617fa918353f8c98c2adafde92d74d kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-27010-net-sched-Fix-mirred-deadlock-on-device-recursion-kpatch.patch kpatch-description: net/sched: Fix mirred deadlock on device recursion kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-27010 kpatch-cvss: 5.5 kpatch-cve-url: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2024-27010 kpatch-patch-url: https://gitlab.com/redhat/centos-stream/src/kernel/centos-stream-9/-/commit/c3c09e38bc617fa918353f8c98c2adafde92d74d kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-27014-net-mlx5e-Prevent-deadlock-while-disabling-aRFS.patch kpatch-description: net/mlx5e: Prevent deadlock while disabling aRFS kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-27014 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-27014 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/patch/?id=fef965764cf562f28afb997b626fc7c3cec99693 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-27014-net-mlx5e-Prevent-deadlock-while-disabling-aRFS-kpatch.patch kpatch-description: net/mlx5e: Prevent deadlock while disabling aRFS kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-27014 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-27014 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/patch/?id=fef965764cf562f28afb997b626fc7c3cec99693 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-35931-drm-amdgpu-Add-hive-ras-recovery-check.patch kpatch-description: drm/amdgpu : Add hive ras recovery check kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-35931 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-35931 kpatch-patch-url: https://git.kernel.org/linus/53dd920c1f471a5763c660a7b94fe0aaf746d357 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-35931-drm-amdgpu-Add-hive-ras-recovery-check-kpatch.patch kpatch-description: drm/amdgpu : Add hive ras recovery check kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-35931 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-35931 kpatch-patch-url: https://git.kernel.org/linus/53dd920c1f471a5763c660a7b94fe0aaf746d357 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-35931-drm-amdgpu-Skip-do-PCI-error-slot-reset-during-RAS-recovery.patch kpatch-description: drm/amdgpu: Skip do PCI error slot reset during RAS recovery kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-35931 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-35931 kpatch-patch-url: https://git.kernel.org/linus/601429cca96b4af3be44172c3b64e4228515dbe1 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-27017-netfilter-nft-set-pipapo-walk-over-current-view-on-netlink-dump.patch kpatch-description: netfilter: nft_set_pipapo: walk over current view on netlink dump kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-27017 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-27017 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=29b359cf6d95fd60730533f7f10464e95bd17c73 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-27017-netfilter-nf_tables-missing-iterator-type-in-lookup-walk.patch kpatch-description: nf_tables: missing iterator type in lookup walk kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-27017 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-27017 kpatch-patch-url: https://gitlab.com/redhat/centos-stream/src/kernel/centos-stream-9/-/commit/09cc2ea43e7650ba90980dd4b92bec858130fcbd kpatch-name: skipped/CVE-2024-26605.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-26605 kpatch-skip-reason: Out of scope: not affected kpatch-cvss: kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-39508-io_uring-io-wq-Use-set_bit-and-test_bit-at-worker-flags.patch kpatch-description: io_uring/io-wq: Use set_bit() and test_bit() at worker->flags kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-39508 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-39508 kpatch-patch-url: https://web.git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=1cbb0affb15470a9621267fe0a8568007553a4bf kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-40924-drm-i915-dpt-Make-DPT-object-unshrinkable.patch kpatch-description: drm/i915/dpt: Make DPT object unshrinkable kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-40924 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-40924 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=327280149066f0e5f2e50356b5823f76dabfe86e kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-35979-raid1-fix-use-after-free-for-original-bio-in-raid1_write_request.patch kpatch-description: raid1: fix use-after-free for original bio in raid1_write_request() kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-35979 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/cve-2024-35979 kpatch-patch-url: https://gitlab.com/redhat/centos-stream/src/kernel/centos-stream-9/-/commit/0bc0ab758d44c21089633662acf877d683dff59a kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2023-52622-ext4-avoid-online-resizing-failures-due-to-oversized-flex-bg.patch kpatch-description: ext4: avoid online resizing failures due to oversized flex bg kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2023-52622 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-52622 kpatch-patch-url: https://github.com/torvalds/linux/commit/5d1935ac02ca5aee364a449a35e2977ea84509b0 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2023-52622-ext4-avoid-online-resizing-failures-due-to-oversized-flex-bg-kpatch.patch kpatch-description: ext4: avoid online resizing failures due to oversized flex bg kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2023-52622 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-52622 kpatch-patch-url: https://github.com/torvalds/linux/commit/5d1935ac02ca5aee364a449a35e2977ea84509b0 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2023-52656-io_uring-unix-drop-usage-of-io_uring-socket.patch kpatch-description: io_uring/unix: drop usage of io_uring socket kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2023-52656 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-52656 kpatch-patch-url: https://github.com/torvalds/linux/commit/a4104821ad651d8a0b374f0b2474c345bbb42f82 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2023-52656-io_uring-unix-drop-usage-of-io_uring-socket-kpatch.patch kpatch-description: io_uring/unix: drop usage of io_uring socket kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2023-52656 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-52656 kpatch-patch-url: https://github.com/torvalds/linux/commit/a4104821ad651d8a0b374f0b2474c345bbb42f82 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2023-52656-io_uring-drop-any-code-related-to-SCM_RIGHTS.patch kpatch-description: io_uring: drop any code related to SCM_RIGHTS kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2023-52656 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-52656 kpatch-patch-url: https://github.com/torvalds/linux/commit/6e5e6d274956305f1fc0340522b38f5f5be74bdb kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2023-52656-io_uring-drop-any-code-related-to-SCM_RIGHTS-kpatch.patch kpatch-description: io_uring: drop any code related to SCM_RIGHTS kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2023-52656 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-52656 kpatch-patch-url: https://github.com/torvalds/linux/commit/6e5e6d274956305f1fc0340522b38f5f5be74bdb kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-36010-igb-fix-string-truncation-warnings-in-igb_set_fw_version.patch kpatch-description: igb: Fix string truncation warnings in igb_set_fw_version kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-36010 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-36010 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=c56d055893cbe97848611855d1c97d0ab171eccc kpatch-name: skipped/CVE-2021-47505.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2021-47505 kpatch-skip-reason: A complex adaptation is needed which is not possible to implement safely. Only Android OS is affected. Low score CVE. kpatch-cvss: kpatch-name: skipped/CVE-2024-35880.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-35880 kpatch-skip-reason: Complex adaptation required. kpatch-cvss: kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-36022-drm-amdgpu-Init-zone-device-and-drm-client-after-mode-1-reset-on-reload.patch kpatch-description: drm/amdgpu: Init zone device and drm client after mode-1 reset on reload kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-36022 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-36022 kpatch-patch-url: https://github.com/torvalds/linux/commit/f679fd6057fbf5ab34aaee28d58b7f81af0cbf48 kpatch-name: skipped/CVE-2024-36028.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-36028 kpatch-skip-reason: Existing kernels aren't affected kpatch-cvss: kpatch-name: skipped/CVE-2024-36885.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-36885 kpatch-skip-reason: This CVE has been rejected upstream kpatch-cvss: kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-35843-iommu-vt-d-Use-device-rbtree-in-iopf-reporting-path-kpatch.patch kpatch-description: [PATCH] iommu/vt-d: Use device rbtree in iopf reporting path kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-35843 kpatch-cvss: 6.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-35843 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=def054b01a867822254e1dda13d587f5c7a99e2a kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2023-52637-can-j1939-fix-uaf-in-j1939-sk-match-filter-during-setsockopt-so-j1939-filter.patch kpatch-description: can: j1939: Fix UAF in j1939_sk_match_filter during setsockopt(SO_J1939_FILTER) kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2023-52637 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-52637 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=efe7cf828039aedb297c1f9920b638fffee6aabc kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2023-52637-can-j1939-fix-uaf-in-j1939-sk-match-filter-during-setsockopt-so-j1939-filter-kpatch.patch kpatch-description: can: j1939: Fix UAF in j1939_sk_match_filter during setsockopt(SO_J1939_FILTER) (kpatch) kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2023-52637 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-52637 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=efe7cf828039aedb297c1f9920b638fffee6aabc kpatch-name: skipped/CVE-2024-43870.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-43870 kpatch-skip-reason: The patch for CVE-2025-37747 reverts the patch for this CVE. kpatch-cvss: kpatch-name: skipped/CVE-2024-43869.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-43869 kpatch-skip-reason: The patch for CVE-2025-37747 reverts the patch for this CVE. kpatch-cvss: kpatch-name: skipped/CVE-2024-26670.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-26670 kpatch-skip-reason: Out of scope - affects 'smartphones' SoCs based on Cortex-A510 and Cortex-A520 kpatch-cvss: kpatch-name: skipped/CVE-2024-26734.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-26734 kpatch-skip-reason: Affects only boot __init stage, already booted kernels are not affected kpatch-cvss: kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-35991-dmaengine-idxd-convert-spinlock-to-mutex-to-lock-evl-workqueue-kpatch.patch kpatch-description: dmaengine: idxd: Convert spinlock to mutex to lock evl workqueue kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-35991 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-35991 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=d5638de827cff0fce77007e426ec0ffdedf68a44 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2023-52935-mm-khugepaged-fix-anon_vma-race.patch kpatch-description: mm/khugepaged: fix ->anon_vma race kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2023-52935 kpatch-cvss: 7.0 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-52935 kpatch-patch-url: https://github.com/oracle/linux-uek/commit/023f47a8250c6bdb4aebe744db4bf7f73414028b kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2023-52932-mm-swapfile-add-cond-resched-in-get-swap-pages.patch kpatch-description: mm/swapfile: add cond_resched() in get_swap_pages() kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2023-52932 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-52932 kpatch-patch-url: https://gerrit.kernelcare.com/plugins/gitiles/redhat-kernel/+/7d7029953ee667efa52fae07640ed0381d0b35c5 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2022-49267-mmc-core-use-sysfs-emit-instead-of-sprintf.patch kpatch-description: mmc: core: use sysfs_emit() instead of sprintf() kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2022-49267 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2022-49267 kpatch-patch-url: https://gerrit.kernelcare.com/plugins/gitiles/redhat-kernel/+/9d0581c93de14578bf0e332179349ca61551f311 kpatch-name: skipped/CVE-2022-49329.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2022-49329 kpatch-skip-reason: Out of scope: not affected kpatch-cvss: kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2022-49549-x86-mce-amd-fix-memory-leak-when-threshold-create-bank-fails.patch kpatch-description: x86/MCE/AMD: Fix memory leak when threshold_create_bank() fails kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2022-49549 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2022-49549 kpatch-patch-url: https://gerrit.kernelcare.com/plugins/gitiles/redhat-kernel/+/ce257e2fbe4d3e34dbef3b96694bf6e53c389a4f kpatch-name: skipped/CVE-2024-36928.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-36928 kpatch-skip-reason: s390: arch is not supported kpatch-cvss: kpatch-name: skipped/CVE-2022-49078.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2022-49078 kpatch-skip-reason: Out of scope: not affected kpatch-cvss: kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26719-nouveau-offload-fence-uevents-work-to-workqueue.patch kpatch-description: nouveau: offload fence uevents work to workqueue kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26719 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26719 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=39126abc5e20611579602f03b66627d7cd1422f0 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2024-26719-nouveau-offload-fence-uevents-work-to-workqueue-kpatch.patch kpatch-description: nouveau: offload fence uevents work to workqueue kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2024-26719 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26719 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=39126abc5e20611579602f03b66627d7cd1422f0 kpatch-name: rhel9/5.14.0-503.11.1.el9_5/CVE-2022-49124-x86-mce-Work-around-an-erratum-on-fast-string-copy-i-kpatch.patch kpatch-description: x86/mce: Work around an erratum on fast string copy instructions kpatch-kernel: 5.14.0-503.11.1.el9_5 kpatch-cve: CVE-2022-49124 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/cve-2022-49124 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=ba37c73be3d5632f6fb9fa20b250ce45560ca85d kpatch-name: rhel9/5.14.0-503.14.1.el9_5/CVE-2024-42283-net-nexthop-initialize-all-fields-in-dumped-nexthops.patch kpatch-description: net: nexthop: Initialize all fields in dumped nexthops kpatch-kernel: 5.14.0-503.14.1.el9_5 kpatch-cve: CVE-2024-42283 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-42283 kpatch-patch-url: https://gitlab.com/redhat/centos-stream/src/kernel/centos-stream-9/-/commit/120bff1e127f6ec2b4a725bf22d76fbaed8bf559 kpatch-name: rhel9/5.14.0-503.14.1.el9_5/CVE-2024-46858-mptcp-pm-fix-uaf-in-timer-delete-sync.patch kpatch-description: mptcp: pm: Fix uaf in __timer_delete_sync kpatch-kernel: 5.14.0-503.14.1.el9_5 kpatch-cve: CVE-2024-46858 kpatch-cvss: 7.0 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-46858 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/patch/?id=3554482f4691571fc4b5490c17ae26896e62171c kpatch-name: rhel9/5.14.0-503.15.1.el9_5/CVE-2024-41009-bpf-fix-overrunning-reservations-in-ringbuf.patch kpatch-description: bpf: Fix overrunning reservations in ringbuf kpatch-kernel: 5.14.0-503.15.1.el9_5 kpatch-cve: CVE-2024-41009 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-41009 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=cfa1a2329a691ffd991fcf7248a57d752e712881 kpatch-name: rhel9/5.14.0-503.15.1.el9_5/CVE-2024-41009-bpf-fix-overrunning-reservations-in-ringbuf-kpatch.patch kpatch-description: bpf: Fix overrunning reservations in ringbuf kpatch-kernel: 5.14.0-503.15.1.el9_5 kpatch-cve: CVE-2024-41009 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-41009 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=cfa1a2329a691ffd991fcf7248a57d752e712881 kpatch-name: rhel9/5.14.0-503.15.1.el9_5/CVE-2024-42244-USB-serial-mos7840-fix-crash-on-resume.patch kpatch-description: USB: serial: mos7840: fix crash on resume kpatch-kernel: 5.14.0-503.15.1.el9_5 kpatch-cve: CVE-2024-42244 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-42244 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=b14aa5673e0a8077ff4b74f0bb260735e7d5e6a4 kpatch-name: rhel9/5.14.0-503.15.1.el9_5/CVE-2024-42244-USB-serial-mos7840-fix-crash-on-resume-kpatch.patch kpatch-description: USB: serial: mos7840: fix crash on resume kpatch-kernel: 5.14.0-503.15.1.el9_5 kpatch-cve: CVE-2024-42244 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-42244 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=b14aa5673e0a8077ff4b74f0bb260735e7d5e6a4 kpatch-name: rhel9/5.14.0-503.15.1.el9_5/CVE-2024-50226-cxl-port-fix-use-after-free-permit-out-of-order-decoder-shutdown-427.patch kpatch-description: cxl/port: Fix use-after-free, permit out-of-order decoder shutdown kpatch-kernel: 5.14.0-503.15.1.el9_5 kpatch-cve: CVE-2024-50226 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-50226 kpatch-patch-url: https://github.com/torvalds/linux/commit/101c268bd2f37e965a5468353e62d154db38838e kpatch-name: rhel9/5.14.0-503.16.1.el9_5/CVE-2024-50251-netfilter-nft_payload-sanitize-offset-and-length-before-calling-skb_checksum.patch kpatch-description: netfilter: nft_payload: sanitize offset and length before calling skb_checksum() kpatch-kernel: 5.14.0-503.16.1.el9_5 kpatch-cve: CVE-2024-50251 kpatch-cvss: 6.2 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-50251 kpatch-patch-url: https://git.kernel.org/linus/d5953d680f7e96208c29ce4139a0e38de87a57fe kpatch-name: rhel9/5.14.0-503.16.1.el9_5/CVE-2024-26615-net-smc-fix-illegal-rmb-desc-access-in-smc-d-connection-dump.patch kpatch-description: net/smc: fix illegal rmb_desc access in SMC-D connection dump kpatch-kernel: 5.14.0-503.16.1.el9_5 kpatch-cve: CVE-2024-26615 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26615 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=dbc153fd3c142909e564bb256da087e13fbf239c kpatch-name: rhel9/5.14.0-503.16.1.el9_5/CVE-2024-43854-block-initialize-integrity-buffer-to-zero-before-writing-it-to-media-427.42.1.patch kpatch-description: block: initialize integrity buffer to zero before writing it to media kpatch-kernel: 5.14.0-503.16.1.el9_5 kpatch-cve: CVE-2024-43854 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-43854 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=899ee2c3829c5ac14bfc7d3c4a5846c0b709b78f kpatch-name: rhel9/5.14.0-503.16.1.el9_5/CVE-2024-46695-selinux-smack-don-t-bypass-permissions-check-in-inode-setsecctx-hook.patch kpatch-description: selinux,smack: don't bypass permissions check in inode_setsecctx hook kpatch-kernel: 5.14.0-503.16.1.el9_5 kpatch-cve: CVE-2024-46695 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-46695 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=eebec98791d0137e455cc006411bb92a54250924 kpatch-name: rhel9/5.14.0-503.16.1.el9_5/CVE-2024-49949-net-avoid-potential-underflow-in-qdisc_pkt_len_init-with-UFO.patch kpatch-description: net: avoid potential underflow in qdisc_pkt_len_init() with UFO kpatch-kernel: 5.14.0-503.16.1.el9_5 kpatch-cve: CVE-2024-49949 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-49949 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=c20029db28399ecc50e556964eaba75c43b1e2f1 kpatch-name: rhel9/5.14.0-503.19.1.el9_5/CVE-2024-27399-bluetooth-l2cap-fix-null-ptr-deref-in-l2cap-chan-timeout.patch kpatch-description: Bluetooth: l2cap: fix null-ptr-deref in l2cap_chan_timeout kpatch-kernel: 5.14.0-503.19.1.el9_5 kpatch-cve: CVE-2024-27399 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-27399 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=adf0398cee86643b8eacde95f17d073d022f782c kpatch-name: rhel9/5.14.0-503.19.1.el9_5/CVE-2024-38564-bpf-add-bpf-prog-type-cgroup-skb-attach-type-enforcement-in-bpf-link-create.patch kpatch-description: bpf: Add BPF_PROG_TYPE_CGROUP_SKB attach type enforcement in BPF_LINK_CREATE kpatch-kernel: 5.14.0-503.19.1.el9_5 kpatch-cve: CVE-2024-38564 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-38564 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=543576ec15b17c0c93301ac8297333c7b6e84ac7 kpatch-name: rhel9/5.14.0-503.19.1.el9_5/CVE-2024-47675-bpf-fix-use-after-free-in-bpf-uprobe-multi-link-attach-5.14.0-427.42.1.el9_4.patch kpatch-description: bpf: Fix use-after-free in bpf_uprobe_multi_link_attach() kpatch-kernel: 5.14.0-503.19.1.el9_5 kpatch-cve: CVE-2024-47675 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-47675 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=5fe6e308abaea082c20fbf2aa5df8e14495622cf kpatch-name: rhel9/5.14.0-503.19.1.el9_5/CVE-2024-50099-arm64-probes-remove-broken-ldr-literal-uprobe-support.patch kpatch-description: arm64: probes: Remove broken LDR (literal) uprobe support kpatch-kernel: 5.14.0-503.19.1.el9_5 kpatch-cve: CVE-2024-50099 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-50099 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=acc450aa07099d071b18174c22a1119c57da8227 kpatch-name: rhel9/5.14.0-503.19.1.el9_5/CVE-2024-50262-bpf-fix-out-of-bounds-write-in-trie-get-next-key.patch kpatch-description: bpf: Fix out-of-bounds write in trie_get_next_key() kpatch-kernel: 5.14.0-503.19.1.el9_5 kpatch-cve: CVE-2024-50262 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-50262 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=13400ac8fb80c57c2bfb12ebd35ee121ce9b4d21 kpatch-name: rhel9/5.14.0-503.19.1.el9_5/CVE-2024-50115-KVM-nSVM-Ignore-nCR3-4-0-when-loading-PDPTEs-from-memory.patch kpatch-description: KVM: nSVM: Ignore nCR3[4:0] when loading PDPTEs from memory kpatch-kernel: 5.14.0-503.19.1.el9_5 kpatch-cve: CVE-2024-50115 kpatch-cvss: 7.1 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-50115 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f559b2e9c5c5308850544ab59396b7d53cfc67bd kpatch-name: rhel9/5.14.0-503.19.1.el9_5/CVE-2024-50110-xfrm-fix-one-more-kernel-infoleak-in-algo-dumping.patch kpatch-description: xfrm: fix one more kernel-infoleak in algo dumping kpatch-kernel: 5.14.0-503.19.1.el9_5 kpatch-cve: CVE-2024-50110 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-50110 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=6889cd2a93e1e3606b3f6e958aa0924e836de4d2 kpatch-name: rhel9/5.14.0-503.19.1.el9_5/CVE-2024-50142-xfrm-validate-new-sa-s-prefixlen-using-sa-family-when-sel-family-is-unset.patch kpatch-description: xfrm: validate new SA's prefixlen using SA family when sel.family is unset kpatch-kernel: 5.14.0-503.19.1.el9_5 kpatch-cve: CVE-2024-50142 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-50142 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=3f0ab59e6537c6a8f9e1b355b48f9c05a76e8563 kpatch-name: rhel9/5.14.0-503.19.1.el9_5/CVE-2024-50148-Bluetooth-bnep-fix-wild-memory-access-in-proto_unregister.patch kpatch-description: Bluetooth: bnep: fix wild-memory-access in proto_unregister kpatch-kernel: 5.14.0-503.19.1.el9_5 kpatch-cve: CVE-2024-50148 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-50148 kpatch-patch-url: https://git.kernel.org/linus/64a90991ba8d4e32e3173ddd83d0b24167a5668c kpatch-name: skipped/CVE-2024-50255.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-50255 kpatch-skip-reason: Bluetooth subsystem. Patched function may wait for a while, which may prevent patching/unpatching. kpatch-cvss: kpatch-name: rhel9/5.14.0-503.19.1.el9_5/CVE-2024-50125-Bluetooth-SCO-Fix-UAF-on-sco_sock_timeout-427.patch kpatch-description: Bluetooth: SCO: Fix UAF on sco_sock_timeout kpatch-kernel: 5.14.0-503.19.1.el9_5 kpatch-cve: CVE-2024-50125 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-50125 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=d30803f6a972 kpatch-name: rhel9/5.14.0-503.19.1.el9_5/CVE-2024-50124-Bluetooth-ISO-Fix-UAF-on-iso_sock_timeout.patch kpatch-description: Bluetooth: ISO: Fix UAF on iso_sock_timeout kpatch-kernel: 5.14.0-503.19.1.el9_5 kpatch-cve: CVE-2024-50124 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-50124 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=246b435ad668 kpatch-name: rhel9/5.14.0-503.19.1.el9_5/CVE-2024-49888-bpf-fix-a-sdiv-overflow-issue-427.patch kpatch-description: bpf: Fix a sdiv overflow issue kpatch-kernel: 5.14.0-503.19.1.el9_5 kpatch-cve: CVE-2024-49888 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-49888 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=7dd34d7b7dcf9309fc6224caf4dd5b35bedddcb7 kpatch-name: skipped/CVE-2024-50192.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-50192 kpatch-skip-reason: arm64: Low-score CVE requiring adaptation that is hard to implement; targets very rare hardware kpatch-cvss: kpatch-name: rhel9/5.14.0-503.21.1.el9_5/CVE-2024-50208-rdma-bnxt-re-fix-a-bug-while-setting-up-level-2-pbl-pages.patch kpatch-description: RDMA/bnxt_re: Fix a bug while setting up Level-2 PBL pages kpatch-kernel: 5.14.0-503.21.1.el9_5 kpatch-cve: CVE-2024-50208 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-50208 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=7988bdbbb85ac85a847baf09879edcd0f70521dc kpatch-name: rhel9/5.14.0-503.21.1.el9_5/CVE-2024-53122-mptcp-cope-racing-subflow-creation-in-mptcp-rcv-space-adjust.patch kpatch-description: mptcp: cope racing subflow creation in mptcp_rcv_space_adjust kpatch-kernel: 5.14.0-503.21.1.el9_5 kpatch-cve: CVE-2024-53122 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-53122 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=ce7356ae35943cc6494cc692e62d51a734062b7d kpatch-name: rhel9/5.14.0-503.21.1.el9_5/CVE-2024-50252-mlxsw-spectrum_ipip-Fix-memory-leak-when-changing-remote-IPv6-address.patch kpatch-description: mlxsw: spectrum_ipip: Fix memory leak when changing remote IPv6 address kpatch-kernel: 5.14.0-503.21.1.el9_5 kpatch-cve: CVE-2024-50252 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-50252 kpatch-patch-url: https://github.com/torvalds/linux/commit/12ae97c531fcd3bfd774d4dfeaeac23eafe24280 kpatch-name: rhel9/5.14.0-503.21.1.el9_5/CVE-2024-46713-perf-aux-Fix-AUX-buffer-serialization.patch kpatch-description: perf/aux: Fix AUX buffer serialization kpatch-kernel: 5.14.0-503.21.1.el9_5 kpatch-cve: CVE-2024-46713 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-46713 kpatch-patch-url: https://github.com/torvalds/linux/commit/2ab9d830262c132ab5db2f571003d80850d56b2a kpatch-name: rhel9/5.14.0-503.21.1.el9_5/CVE-2024-46713-perf-aux-Fix-AUX-buffer-serialization-kpatch.patch kpatch-description: perf/aux: Fix AUX buffer serialization (Adaptation) kpatch-kernel: 5.14.0-503.21.1.el9_5 kpatch-cve: CVE-2024-46713 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-46713 kpatch-patch-url: https://github.com/torvalds/linux/commit/2ab9d830262c132ab5db2f571003d80850d56b2a kpatch-name: rhel9/5.14.0-503.22.1.el9_5/CVE-2024-50154-tcp-dccp-Don-t-use-timer_pending-in-reqsk_queue_unlink.patch kpatch-description: tcp/dccp: Don't use timer_pending() in reqsk_queue_unlink() kpatch-kernel: 5.14.0-503.22.1.el9_5 kpatch-cve: CVE-2024-50154 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-50154 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=e8c526f2bdf1 kpatch-name: rhel9/5.14.0-503.22.1.el9_5/CVE-2024-50275-arm64-sve-Discard-stale-CPU-state-when-handling-SVE.patch kpatch-description: Discard stale CPU state when handling SVE traps kpatch-kernel: 5.14.0-503.22.1.el9_5 kpatch-cve: CVE-2024-50275 kpatch-cvss: 7.0 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-50275 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=751ecf6afd65 kpatch-name: rhel9/5.14.0-503.22.1.el9_5/CVE-2024-53088-0001-i40e-fix-i40e_count_filters-to-count-only-active-new-427.patch kpatch-description: i40e: fix i40e_count_filters() to count only active/new filters kpatch-kernel: 5.14.0-503.22.1.el9_5 kpatch-cve: CVE-2024-53088 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-53088 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=eb58c598ce kpatch-name: rhel9/5.14.0-503.22.1.el9_5/CVE-2024-53088-0002-i40e-fix-race-condition-by-adding-filter-s-intermediate-sync-state.patch kpatch-description: fix race condition by adding filter's intermediate sync state kpatch-kernel: 5.14.0-503.22.1.el9_5 kpatch-cve: CVE-2024-53088 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-53088 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f30490e969 kpatch-name: rhel9/5.14.0-503.23.2.el9_5/CVE-2024-53104-media-uvcvideo-Skip-parsing-frames-of-type-UVC_VS_UNDEFINED.patch kpatch-description: media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format kpatch-kernel: 5.14.0-503.23.2.el9_5 kpatch-cve: CVE-2024-53104 kpatch-cvss: 7.3 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-53104 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=beced2cb09b58c1243733f374c560a55382003d6 kpatch-name: rhel9/5.14.0-503.31.1.el9_5/CVE-2024-53113-mm-fix-null-pointer-dereference-in-alloc-pages-bulk-noprof.patch kpatch-description: mm: fix NULL pointer dereference in alloc_pages_bulk_noprof kpatch-kernel: 5.14.0-503.31.1.el9_5 kpatch-cve: CVE-2024-53113 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-53113 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=8ce41b0f9d77cca074df25afd39b86e2ee3aa68e kpatch-name: rhel9/5.14.0-503.31.1.el9_5/CVE-2024-53197-ALSA-usb-audio-Fix-potential-out-of-bound-accesses-for-Extigy-and-Mbox-devices.patch kpatch-description: ALSA: usb-audio: Fix potential out-of-bound accesses for Extigy and Mbox devices kpatch-kernel: 5.14.0-503.31.1.el9_5 kpatch-cve: CVE-2024-53197 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-53197 kpatch-patch-url: https://github.com/torvalds/linux/commit/b909df18ce2a998afef81d58bbd1a05dc0788c40 kpatch-name: rhel9/5.14.0-503.31.1.el9_5/CVE-2023-52922-can-bcm-fix-uaf-in-bcm-proc-show.patch kpatch-description: can: bcm: Fix UAF in bcm_proc_show() kpatch-kernel: 5.14.0-503.31.1.el9_5 kpatch-cve: CVE-2023-52922 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-52922 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=55c3b96074f3f9b0aee19bf93cd71af7516582bb kpatch-name: skipped/CVE-2023-52605.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2023-52605 kpatch-skip-reason: CVE Rejected kpatch-cvss: kpatch-name: rhel9/5.14.0-503.31.1.el9_5/CVE-2024-50264-vsock-virtio-initialization-of-the-dangling-pointer-occurring-in-vsk-trans.patch kpatch-description: vsock/virtio: Initialization of the dangling pointer occurring in vsk->trans kpatch-kernel: 5.14.0-503.31.1.el9_5 kpatch-cve: CVE-2024-50264 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-50264 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=6ca575374dd9a507cdd16dfa0e78c2e9e20bd05f kpatch-name: rhel9/5.14.0-503.31.1.el9_5/CVE-2024-50302-hid-core-zero-initialize-the-report-buffer.patch kpatch-description: HID: core: zero-initialize the report buffer kpatch-kernel: 5.14.0-503.31.1.el9_5 kpatch-cve: CVE-2024-50302 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-50302 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=177f25d1292c7e16e1199b39c85480f7f8815552 kpatch-name: skipped/CVE-2025-21785.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2025-21785 kpatch-skip-reason: Out of scope: ARM64 architecture isn't supported for current kernel kpatch-cvss: kpatch-name: rhel9/5.14.0-503.38.1.el9_5/CVE-2024-53150-alsa-usb-audio-fix-out-of-bounds-reads-when-finding-clock-sources.patch kpatch-description: ALSA: usb-audio: Fix out of bounds reads when finding clock sources kpatch-kernel: 5.14.0-503.38.1.el9_5 kpatch-cve: CVE-2024-53150 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-53150 kpatch-patch-url: https://gerrit.kernelcare.com/plugins/gitiles/redhat-kernel/+/cb8dcd77eb63e1e6b2497838cac19502bcc277de kpatch-name: rhel9/5.14.0-503.40.1.el9_5/CVE-2024-42292-kobject-uevent-fix-oob-access-within-zap-modalias-env.patch kpatch-description: kobject_uevent: Fix OOB access within zap_modalias_env() kpatch-kernel: 5.14.0-503.40.1.el9_5 kpatch-cve: CVE-2024-42292 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-42292 kpatch-patch-url: https://gerrit.kernelcare.com/plugins/gitiles/redhat-kernel/+/03b07e56f81a089b7d6d117827a48280bb28e1f2 kpatch-name: rhel9/5.14.0-503.40.1.el9_5/CVE-2024-42322-ipvs-properly-dereference-pe-in-ip-vs-add-service.patch kpatch-description: ipvs: properly dereference pe in ip_vs_add_service kpatch-kernel: 5.14.0-503.40.1.el9_5 kpatch-cve: CVE-2024-42322 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-42322 kpatch-patch-url: https://gerrit.kernelcare.com/plugins/gitiles/redhat-kernel/+/cbeeedcbd7c9cd2172dc907c11c89be4fed6b126 kpatch-name: rhel9/5.14.0-503.40.1.el9_5/CVE-2024-44990-bonding-fix-null-pointer-deref-in-bond_ipsec_offload.patch kpatch-description: bonding: fix null pointer deref in bond_ipsec_offload_ok kpatch-kernel: 5.14.0-503.40.1.el9_5 kpatch-cve: CVE-2024-44990 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-44990 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=95c90e4ad89d493a7a14fa200082e466e2548f9d kpatch-name: rhel9/5.14.0-503.40.1.el9_5/CVE-2024-46826-elf-fix-kernel-randomize-va-space-double-read.patch kpatch-description: ELF: fix kernel.randomize_va_space double read kpatch-kernel: 5.14.0-503.40.1.el9_5 kpatch-cve: CVE-2024-46826 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-46826 kpatch-patch-url: https://gerrit.kernelcare.com/plugins/gitiles/redhat-kernel/+/4475988b43d821c01db55a294dfa715c3b395bad kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-38541-of-module-add-buffer-overflow-check-in-of-modalias.patch kpatch-description: of: module: add buffer overflow check in of_modalias() kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-38541 kpatch-cvss: 9.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-38541 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=cf7385cb26ac4f0ee6c7385960525ad534323252 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-40956-dmaengine-idxd-fix-possible-use-after-free-in-irq-process-work-list.patch kpatch-description: dmaengine: idxd: Fix possible Use-After-Free in irq_process_work_list kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-40956 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-40956 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=e3215deca4520773cd2b155bed164c12365149a7 kpatch-name: skipped/CVE-2024-42302.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-42302 kpatch-skip-reason: Patched function waits for external events, which may prevent patching/unpatching. kpatch-cvss: kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-36012-bluetooth-msft-fix-slab-use-after-free-in-msft-do-close.patch kpatch-description: Bluetooth: msft: fix slab-use-after-free in msft_do_close() kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-36012 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-36012 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=10f9f426ac6e752c8d87bf4346930ba347aaabac kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-47685-netfilter-nf-reject-ipv6-fix-nf-reject-ip6-tcphdr-put.patch kpatch-description: netfilter: nf_reject_ipv6: fix nf_reject_ip6_tcphdr_put() kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-47685 kpatch-cvss: 9.1 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-47685 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=9c778fe48d20ef362047e3376dee56d77f8500d4 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2022-49006-tracing-free-buffers-when-a-used-dynamic-event-is-removed.patch kpatch-description: tracing: Free buffers when a used dynamic event is removed kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2022-49006 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2022-49006 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=4313e5a613049dfc1819a6dfb5f94cf2caff9452 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2022-49029-hwmon-ibmpex-fix-possible-uaf-when-ibmpex-register-bmc-fails.patch kpatch-description: hwmon: (ibmpex) Fix possible UAF when ibmpex_register_bmc() fails kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2022-49029 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2022-49029 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=e2a87785aab0dac190ac89be6a9ba955e2c634f2 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2022-49014-net-tun-fix-use-after-free-in-tun-detach.patch kpatch-description: net: tun: Fix use-after-free in tun_detach() kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2022-49014 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2022-49014 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=5daadc86f27ea4d691e2131c04310d0418c6cd12 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-43882-exec-fix-toctou-between-perm-check-and-set-uid-gid-usage.patch kpatch-description: exec: Fix ToCToU between perm check and set-uid/gid usage kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-43882 kpatch-cvss: 8.4 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-43882 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=f50733b45d865f91db90919f8311e2127ce5a0cb kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-27008-drm-nv04-Fix-out-of-bounds-access.patch kpatch-description: drm: nv04: Fix out of bounds access kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-27008 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-27008 kpatch-patch-url: https://github.com/torvalds/linux/commit/cf92bb778eda7830e79452c6917efa8474a30c1e kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-43873-vhost-vsock-always-initialize-seqpacket-allow.patch kpatch-description: vhost/vsock: always initialize seqpacket_allow kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-43873 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-43873 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=1e1fdcbdde3b7663e5d8faeb2245b9b151417d22 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-43873-kpatch.patch kpatch-description: vhost/vsock: always initialize seqpacket_allow kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-43873 kpatch-cvss: 7.8 kpatch-cve-url: https://www.cve.org/CVERecord?id=CVE-2024-43873 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=1e1fdcbdde3b7663e5d8faeb2245b9b151417d22 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-44934-net-bridge-mcast-wait-for-previous-gc-cycles-when-removing-port.patch kpatch-description: net: bridge: mcast: wait for previous gc cycles when removing port kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-44934 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-44934 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=92c4ee25208d0f35dafc3213cdf355fbe449e078 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-46756-hwmon-w83627ehf-fix-underflows-seen-when-writing-limit-attributes.patch kpatch-description: hwmon: (w83627ehf) Fix underflows seen when writing limit attributes kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-46756 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-46756 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=5c1de37969b7bc0abcb20b86e91e70caebbd4f89 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-46758-hwmon-lm95234-fix-underflows-seen-when-writing-limit-attributes.patch kpatch-description: hwmon: (lm95234) Fix underflows seen when writing limit attributes kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-46758 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-46758 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=af64e3e1537896337405f880c1e9ac1f8c0c6198 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-46759-hwmon-adc128d818-fix-underflows-seen-when-writing-limit-attributes.patch kpatch-description: hwmon: (adc128d818) Fix underflows seen when writing limit attributes kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-46759 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-46759 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=8cad724c8537fe3e0da8004646abc00290adae40 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-44987-ipv6-prevent-uaf-in-ip6-send-skb.patch kpatch-description: ipv6: prevent UAF in ip6_send_skb() kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-44987 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-44987 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=faa389b2fbaaec7fd27a390b4896139f9da662e3 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-46673-scsi-aacraid-fix-double-free-on-probe-failure.patch kpatch-description: scsi: aacraid: Fix double-free on probe failure kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-46673 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-46673 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=919ddf8336f0b84c0453bac583808c9f165a85c2 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-46725-drm-amdgpu-Fix-out-of-bounds-write-warning.patch kpatch-description: drm/amdgpu: Fix out-of-bounds write warning kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-46725 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-46725 kpatch-patch-url: https://github.com/torvalds/linux/commit/be1684930f5262a622d40ce7a6f1423530d87f89 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-44964-idpf-fix-memory-leaks-and-crashes-while-performing-a-soft-reset.patch kpatch-description: idpf: fix memory leaks and crashes while performing a soft reset kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-44964 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-44964 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=f01032a2ca099ec8d619aaa916c3762aa62495df kpatch-name: skipped/CVE-2024-44932.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-44932 kpatch-skip-reason: Blamed commit 90912f9 ("idpf: convert header split mode to libeth + napi_build_skb()") is absent. kpatch-cvss: kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-49882-ext4-fix-double-brelse-the-buffer-of-the-extents-path.patch kpatch-description: ext4: fix double brelse() the buffer of the extents path kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-49882 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-49882 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=dcaa6c31134c0f515600111c38ed7750003e1b9c kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-49883-ext4-aovid-use-after-free-in-ext4-ext-insert-extent.patch kpatch-description: ext4: aovid use-after-free in ext4_ext_insert_extent() kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-49883 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-49883 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=a164f3a432aae62ca23d03e6d926b122ee5b860d kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-49884-ext4-fix-slab-use-after-free-in-ext4-split-extent-at.patch kpatch-description: ext4: fix slab-use-after-free in ext4_split_extent_at() kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-49884 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-49884 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=c26ab35702f8cd0cdc78f96aa5856bfb77be798f kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-49889-ext4-avoid-use-after-free-in-ext4-ext-show-leaf.patch kpatch-description: ext4: avoid use-after-free in ext4_ext_show_leaf() kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-49889 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-49889 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=4e2524ba2ca5f54bdbb9e5153bea00421ef653f5 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-49930-wifi-ath11k-fix-array-out-of-bound-access-in-soc-stats.patch kpatch-description: wifi: ath11k: fix array out-of-bound access in SoC stats kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-49930 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-49930 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=69f253e46af98af17e3efa3e5dfa72fcb7d1983d kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-49950-bluetooth-l2cap-fix-uaf-in-l2cap-connect.patch kpatch-description: Bluetooth: L2CAP: Fix uaf in l2cap_connect kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-49950 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-49950 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=333b4fd11e89b29c84c269123f871883a30be586 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-49950-bluetooth-hci-core-fix-calling-mgmt-device-connected.patch kpatch-description: Bluetooth: hci_core: Fix calling mgmt_device_connected kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-49950 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-49950 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=333b4fd11e89b29c84c269123f871883a30be586 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-49960-ext4-fix-timer-use-after-free-on-failed-mount-5.14.0-427.42.1.el9_4.patch kpatch-description: ext4: fix timer use-after-free on failed mount kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-49960 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-49960 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=0ce160c5bdb67081a62293028dc85758a8efb22a kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-49967-ext4-no-need-to-continue-when-the-number-of-entries-is-1.patch kpatch-description: ext4: no need to continue when the number of entries is 1 kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-49967 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-49967 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=1a00a393d6a7fb1e745a41edd09019bd6a0ad64c kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-49983-ext4-drop-ppath-from-ext4-ext-replay-update-ex-to-avoid-double-free.patch kpatch-description: ext4: drop ppath from ext4_ext_replay_update_ex() to avoid double-free kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-49983 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-49983 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=5c0f4cc84d3a601c99bc5e6e6eb1cbda542cce95 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-49991-drm-amdkfd-amdkfd_free_gtt_mem-clear-the-correct-pointer.patch kpatch-description: drm/amdkfd: amdkfd_free_gtt_mem clear the correct pointer kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-49991 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-49991 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=c86ad39140bbcb9dc75a10046c2221f657e8083b kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-46722-drm-amdgpu-fix-mc-data-out-of-bounds-read-warning.patch kpatch-description: drm/amdgpu: fix mc_data out-of-bounds read warning kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-46722 kpatch-cvss: 7.1 kpatch-cve-url: https://access.redhat.com/security/cve/cve-2024-46722 kpatch-patch-url: https://github.com/oracle/linux-uek/commit/832acfdd23d33453c62188359fc6b51e155f5196 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-46723-drm-amdgpu-fix-ucode-out-of-bounds-read-warning.patch kpatch-description: drm/amdgpu: fix ucode out-of-bounds read warning kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-46723 kpatch-cvss: 7.1 kpatch-cve-url: https://access.redhat.com/security/cve/cve-2024-46723 kpatch-patch-url: https://git.kernel.org/linus/8944acd0f9db33e17f387fdc75d33bb473d7936f kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-46724-drm-amdgpu-fix-out-of-bounds-read-of-df-v1-7-channel-number.patch kpatch-description: drm/amdgpu: Fix out-of-bounds read of df_v1_7_channel_number kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-46724 kpatch-cvss: 7.1 kpatch-cve-url: https://access.redhat.com/security/cve/cve-2024-46724 kpatch-patch-url: https://git.kernel.org/linus/8944acd0f9db33e17f387fdc75d33bb473d7936f kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-46743-of-irq-prevent-device-address-out-of-bounds-read-in-interrupt-map-walk.patch kpatch-description: of/irq: Prevent device address out-of-bounds read in interrupt map walk kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-46743 kpatch-cvss: 7.1 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-46743 kpatch-patch-url: https://git.kernel.org/linus/b739dffa5d570b411d4bdf4bb9b8dfd6b7d72305 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-46747-hid-cougar-fix-slab-out-of-bounds-read-in-cougar-report-fixup.patch kpatch-description: HID: cougar: fix slab-out-of-bounds Read in cougar_report_fixup kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-46747 kpatch-cvss: 7.1 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-46747 kpatch-patch-url: https://git.kernel.org/linus/a6e9c391d45b5865b61e569146304cff72821a5d kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-49860-acpi-sysfs-validate-return-type-of-str-method.patch kpatch-description: ACPI: sysfs: validate return type of _STR method kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-49860 kpatch-cvss: 7.1 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-49860 kpatch-patch-url: https://git.kernel.org/stable/c/0cdfb9178a3bba843c95c2117c82c15f1a64b9ce kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-49862-powercap-intel-rapl-fix-off-by-one-in-get-rpi.patch kpatch-description: powercap: intel_rapl: Fix off by one in get_rpi() kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-49862 kpatch-cvss: 7.1 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-49862 kpatch-patch-url: https://git.kernel.org/linus/95f6580352a7225e619551febb83595bcb77ab17 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-49928-wifi-rtw89-avoid-reading-out-of-bounds-when-loading-tx-power-fw-elements.patch kpatch-description: wifi: rtw89: avoid reading out of bounds when loading TX power FW elements kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-49928 kpatch-cvss: 7.1 kpatch-cve-url: https://access.redhat.com/security/cve/cve-2024-49928 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=ed2e4bb17a4884cf29c3347353d8aabb7265b46c kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-50033-slip-make-slhc-remember-more-robust-against-malicious-packets.patch kpatch-description: slip: make slhc_remember() more robust against malicious packets kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-50033 kpatch-cvss: 7.1 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-50033 kpatch-patch-url: https://git.kernel.org/linus/7d3fce8cbe3a70a1c7c06c9b53696be5d5d8dd5c kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-50035-ppp-fix-ppp-async-encode-illegal-access.patch kpatch-description: ppp: fix ppp_async_encode() illegal access kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-50035 kpatch-cvss: 7.1 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-50035 kpatch-patch-url: https://git.kernel.org/linus/40dddd4b8bd08a69471efd96107a4e1c73fabefc kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-46786-fscache-delete-fscache-cookie-lru-timer-when-fscache-exits-to-avoid-uaf.patch kpatch-description: fscache: delete fscache_cookie_lru_timer when fscache exits to avoid UAF kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-46786 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-46786 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=72a6e22c604c95ddb3b10b5d3bb85b6ff4dbc34f kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-46800-sch-netem-fix-use-after-free-in-netem-dequeue.patch kpatch-description: sch/netem: fix use after free in netem_dequeue kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-46800 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-46800 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=3b3a2a9c6349e25a025d2330f479bc33a6ccb54a kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-46853-spi-nxp-fspi-fix-the-kasan-report-out-of-bounds-bug.patch kpatch-description: spi: nxp-fspi: fix the KASAN report out-of-bounds bug kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-46853 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-46853 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=2a8787c1cdc7be24fdd8953ecd1a8743a1006235 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-47748-vhost-vdpa-assign-irq-bypass-producer-token-correctly.patch kpatch-description: vhost_vdpa: assign irq bypass producer token correctly kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-47748 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-47748 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=02e9e9366fefe461719da5d173385b6685f70319 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-47745-mm-call-the-security-mmap-file-lsm-hook-in-remap-file-pages.patch kpatch-description: mm: call the security_mmap_file() LSM hook in remap_file_pages() kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-47745 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-47745 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=ea7e2d5e49c05e5db1922387b09ca74aa40f46e2 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-47745-mm-split-critical-region-in-remap_file_pages-and-invoke-LSMs-in-between.patch kpatch-description: mm: split critical region in remap_file_pages() and invoke LSMs in between kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-47745 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-47745 kpatch-patch-url: https://github.com/torvalds/linux/commit/58a039e679fe72bd0efa8b2abe669a7914bb4429 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-47719-iommufd-protect-against-overflow-of-align-during-iova-allocation.patch kpatch-description: iommufd: Protect against overflow of ALIGN() during iova allocation kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-47719 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-47719 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=8f6887349b2f829a4121c518aeb064fc922714e4 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-46828-sched-sch-cake-fix-bulk-flow-accounting-logic-for-host-fairness.patch kpatch-description: sched: sch_cake: fix bulk flow accounting logic for host fairness kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-46828 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-46828 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=546ea84d07e3e324644025e2aae2d12ea4c5896e kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-47718-wifi-rtw88-always-wait-for-both-firmware-loading-attempts.patch kpatch-description: wifi: rtw88: always wait for both firmware loading attempts kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-47718 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-47718 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=0e735a4c6137262bcefe45bb52fde7b1f5fc6c4d kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-50261-macsec-fix-use-after-free-while-sending-the-offloading-packet.patch kpatch-description: macsec: Fix use-after-free while sending the offloading packet kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-50261 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-50261 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=f1e54d11b210b53d418ff1476c6b58a2f434dfc0 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-50127-net-sched-fix-use-after-free-in-taprio-change.patch kpatch-description: net: sched: fix use-after-free in taprio_change() kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-50127 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-50127 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=f504465970aebb2467da548f7c1efbbf36d0f44b kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-50143-udf-fix-uninit-value-use-in-udf-get-fileshortad.patch kpatch-description: udf: fix uninit-value use in udf_get_fileshortad kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-50143 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-50143 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=264db9d666ad9a35075cc9ed9ec09d021580fbb1 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-50215-nvmet-auth-assign-dh-key-to-null-after-kfree-sensitive.patch kpatch-description: nvmet-auth: assign dh_key to NULL after kfree_sensitive kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-50215 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-50215 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=d2f551b1f72b4c508ab9298419f6feadc3b5d791 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-50186-net-explicitly-clear-the-sk-pointer-when-pf-create-fails.patch kpatch-description: net: explicitly clear the sk pointer, when pf->create fails kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-50186 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-50186 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=631083143315d1b192bd7d915b967b37819e88ea kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-50151-smb-client-fix-oobs-when-building-smb2-ioctl-request.patch kpatch-description: smb: client: fix OOBs when building SMB2_IOCTL request kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-50151 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-50151 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=1ab60323c5201bef25f2a3dc0ccc404d9aca77f1 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-50235-wifi-cfg80211-clear-wdev-cqm-config-pointer-on-free.patch kpatch-description: wifi: cfg80211: clear wdev->cqm_config pointer on free kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-50235 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-50235 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=d5fee261dfd9e17b08b1df8471ac5d5736070917 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-50282-drm-amdgpu-add-missing-size-check-in-amdgpu_debugfs_gprwave_read.patch kpatch-description: drm/amdgpu: add missing size check in amdgpu_debugfs_gprwave_read() kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-50282 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-50282 kpatch-patch-url: https://github.com/torvalds/linux/commit/f5d873f5825b40d886d03bd2aede91d4cf002434 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-53194-pci-fix-use-after-free-of-slot-bus-on-hot-remove.patch kpatch-description: PCI: Fix use-after-free of slot->bus on hot remove kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-53194 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-53194 kpatch-patch-url: https://gerrit.kernelcare.com/plugins/gitiles/redhat-kernel/+/15f44ba11987028c83e07b84ec885c5cbc6a6fac kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-53194-pci-fix-use-after-free-of-slot-bus-on-hot-remove-kpatch.patch kpatch-description: PCI: Fix use-after-free of slot->bus on hot remove kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-53194 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-53194 kpatch-patch-url: https://gerrit.kernelcare.com/plugins/gitiles/redhat-kernel/+/15f44ba11987028c83e07b84ec885c5cbc6a6fac kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-56558-nfsd-make-sure-exp-active-before-svc-export-show.patch kpatch-description: nfsd: make sure exp active before svc_export_show kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-56558 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-56558 kpatch-patch-url: https://gerrit.kernelcare.com/plugins/gitiles/redhat-kernel/+/35d4290a75207439e1c21c05d5c573ad1fb085ee kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-56601-net-inet-do-not-leave-a-dangling-sk-pointer-in-inet-create.patch kpatch-description: net: inet: do not leave a dangling sk pointer in inet_create() kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-56601 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-56601 kpatch-patch-url: https://gerrit.kernelcare.com/plugins/gitiles/redhat-kernel/+/45fb024fee85b4f2ab878b810b0039614faca933 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-56600-net-inet6-do-not-leave-a-dangling-sk-pointer-in-inet6-create.patch kpatch-description: net: inet6: do not leave a dangling sk pointer in inet6_create() kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-56600 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-56600 kpatch-patch-url: https://gerrit.kernelcare.com/plugins/gitiles/redhat-kernel/+/4c2958f580b2ec8b5e71cba661614384f6d0057f kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-53208-bluetooth-mgmt-fix-slab-use-after-free-read-in-set-powered-sync.patch kpatch-description: Bluetooth: MGMT: Fix slab-use-after-free Read in set_powered_sync kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-53208 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-53208 kpatch-patch-url: https://gerrit.kernelcare.com/plugins/gitiles/redhat-kernel/+/423b77549e6b62a78c0c47c15b3ec2abebfa8643 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-56551-drm-amdgpu-fix-usage-slab-after-free.patch kpatch-description: drm/amdgpu: fix usage slab after free kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-56551 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-56551 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=b61badd20b443eabe132314669bb51a263982e5c kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-56604-bluetooth-rfcomm-avoid-leaving-dangling-sk-pointer-in-rfcomm-sock-alloc-5.14.0-427.42.1.el9_4.patch kpatch-description: Bluetooth: RFCOMM: avoid leaving dangling sk pointer in rfcomm_sock_alloc() kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-56604 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-56604 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=3945c799f12b8d1f49a3b48369ca494d981ac465 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-56614-xsk-fix-oob-map-writes-when-deleting-elements.patch kpatch-description: xsk: fix OOB map writes when deleting elements kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-56614 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-56614 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=32cd3db7de97c0c7a018756ce66244342fd583f0 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-56642-tipc-fix-use-after-free-of-kernel-socket-in-cleanup-bearer.patch kpatch-description: tipc: Fix use-after-free of kernel socket in cleanup_bearer(). kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-56642 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-56642 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=6a2fa13312e51a621f652d522d7e2df7066330b6 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-56602-net-ieee802154-do-not-leave-a-dangling-sk-pointer-in-ieee802154-create.patch kpatch-description: net: ieee802154: do not leave a dangling sk pointer in ieee802154_create() kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-56602 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-56602 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=b4fcd63f6ef79c73cafae8cf4a114def5fc3d80d kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-56605-bluetooth-l2cap-do-not-leave-dangling-sk-pointer-on-error-in-l2cap-sock-create.patch kpatch-description: Bluetooth: L2CAP: do not leave dangling sk pointer on error in l2cap_sock_create() kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-56605 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-56605 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=7c4f78cdb8e7501e9f92d291a7d956591bf73be9 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-56631-scsi-sg-fix-slab-use-after-free-read-in-sg-release.patch kpatch-description: scsi: sg: Fix slab-use-after-free read in sg_release() kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-56631 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-56631 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=f10593ad9bc36921f623361c9e3dd96bd52d85ee kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-57798-drm-dp-mst-ensure-mst-primary-pointer-is-valid-in-drm-dp-mst-handle-up-req.patch kpatch-description: drm/dp_mst: Ensure mst_primary pointer is valid in drm_dp_mst_handle_up_req() kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-57798 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-57798 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=e54b00086f7473dbda1a7d6fc47720ced157c6a8 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-49995-tipc-guard-against-string-buffer-overrun.patch kpatch-description: tipc: guard against string buffer overrun kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-49995 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-49995 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=6555a2a9212be6983d2319d65276484f7c5f431a kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-50029-bluetooth-hci-conn-helper.patch kpatch-description: Bluetooth: hci_conn: helper kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-50029 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-50029 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=18fd04ad856df07733f5bb07e7f7168e7443d393 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-50029-bluetooth-hci-conn-fix-uaf-in-hci-enhanced-setup-sync-427.patch kpatch-description: Bluetooth: hci_conn: Fix UAF in hci_enhanced_setup_sync kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-50029 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-50029 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=18fd04ad856df07733f5bb07e7f7168e7443d393 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-50047-smb-client-fix-uaf-in-async-decryption.patch kpatch-description: smb: client: fix UAF in async decryption kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-50047 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-50047 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=b0abcd65ec545701b8793e12bc27dc98042b151a kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-50055-driver-core-bus-fix-double-free-in-driver-api-bus-register.patch kpatch-description: driver core: bus: Fix double free in driver API bus_register() kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-50055 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-50055 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=bfa54a793ba77ef696755b66f3ac4ed00c7d1248 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-50067-uprobe-avoid-out-of-bounds-memory-access-of-fetching-args.patch kpatch-description: uprobe: avoid out-of-bounds memory access of fetching args kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-50067 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-50067 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=373b9338c9722a368925d83bc622c596896b328e kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-50073-tty-n-gsm-fix-use-after-free-in-gsm-cleanup-mux.patch kpatch-description: tty: n_gsm: Fix use-after-free in gsm_cleanup_mux kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-50073 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-50073 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=9462f4ca56e7d2430fdb6dcc8498244acbfc4489 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-50074-parport-proper-fix-for-array-out-of-bounds-access.patch kpatch-description: parport: Proper fix for array out-of-bounds access kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-50074 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-50074 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=02ac3a9ef3a18b58d8f3ea2b6e46de657bf6c4f9 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-50121-nfsd-cancel-nfsd-shrinker-work-using-sync-mode-in-nfs4-state-shutdown-net.patch kpatch-description: nfsd: cancel nfsd_shrinker_work using sync mode in nfs4_state_shutdown_net kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-50121 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-50121 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=d5ff2fb2e7167e9483846e34148e60c0c016a1f6 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-50126-net-sched-use-rcu-read-side-critical-section-in-taprio-dump.patch kpatch-description: net: sched: use RCU read-side critical section in taprio_dump() kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-50126 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-50126 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=b22db8b8befe90b61c98626ca1a2fbb0505e9fe3 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-53057-net-sched-stop-qdisc-tree-reduce-backlog-on-tc-h-root.patch kpatch-description: net/sched: stop qdisc_tree_reduce_backlog on TC_H_ROOT kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-53057 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-53057 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=2e95c4384438adeaa772caa560244b1a2efef816 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-53059-wifi-iwlwifi-mvm-fix-response-handling-in-iwl-mvm-send-recovery-cmd-5.14.0-427.42.1.el9_4.patch kpatch-description: wifi: iwlwifi: mvm: Fix response handling in iwl_mvm_send_recovery_cmd() kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-53059 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-53059 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=07a6e3b78a65f4b2796a8d0d4adb1a15a81edead kpatch-name: skipped/CVE-2024-53095.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-53095 kpatch-skip-reason: low-scored CVE which inevitably will cause verification conflicts with freezable kthread and cifs reading routines. kpatch-cvss: kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-53103-hv-sock-initializing-vsk-trans-to-null-to-prevent-a-dangling-pointer.patch kpatch-description: hv_sock: Initializing vsk->trans to NULL to prevent a dangling pointer kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-53103 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-53103 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=e629295bd60abf4da1db85b82819ca6a4f6c1e79 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-53174-sunrpc-make-sure-cache-entry-active-before-cache-show.patch kpatch-description: SUNRPC: make sure cache entry active before cache_show kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-53174 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-53174 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=2862eee078a4d2d1f584e7f24fa50dddfa5f3471 kpatch-name: skipped/CVE-2024-53142.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-53142 kpatch-skip-reason: Patch affects initramfs kpatch-cvss: kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-53166-block-bfq-fix-bfqq-uaf-in-bfq-limit-depth.patch kpatch-description: block, bfq: fix bfqq uaf in bfq_limit_depth() kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-53166 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-53166 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=e8b8344de3980709080d86c157d24e7de07d70ad kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-53173-nfsv4-0-fix-a-use-after-free-problem-in-the-asynchronous-open.patch kpatch-description: NFSv4.0: Fix a use-after-free problem in the asynchronous open() kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-53173 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-53173 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=2fdb05dc0931250574f0cb0ebeb5ed8e20f4a889 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-53156-wifi-ath9k-add-range-check-for-conn-rsp-epid-in-htc-connect-service.patch kpatch-description: wifi: ath9k: add range check for conn_rsp_epid in htc_connect_service() kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-53156 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-53156 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=8619593634cbdf5abf43f5714df49b04e4ef09ab kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-42133-bluetooth-ignore-too-large-handle-values-in-big.patch kpatch-description: Bluetooth: Ignore too large handle values in BIG kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-42133 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-42133 kpatch-patch-url: https://gerrit.kernelcare.com/plugins/gitiles/redhat-kernel/+/f865cc1b92c617f6994dc373eab8e4ec4921d81a kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-42253-gpio-pca953x-fix-pca953x-irq-bus-sync-unlock-race.patch kpatch-description: gpio: pca953x: fix pca953x_irq_bus_sync_unlock race kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-42253 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-42253 kpatch-patch-url: https://gerrit.kernelcare.com/plugins/gitiles/redhat-kernel/+/d07570e18878a966d6f3abbb98ccccc859093491 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-42265-fs-prevent-out-of-bounds-array-speculation-when-closing-a-file-descriptor.patch kpatch-description: fs: prevent out-of-bounds array speculation when closing a file descriptor kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-42265 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-42265 kpatch-patch-url: https://gerrit.kernelcare.com/plugins/gitiles/redhat-kernel/+/f22b3d3a5e78ce648f17934837b487d332fade79 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-42291-ice-add-a-per-vf-limit-on-number-of-fdir-filters.patch kpatch-description: ice: Add a per-VF limit on number of FDIR filters kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-42291 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-42291 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=6ebbe97a488179f5dc85f2f1e0c89b486e99ee97 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-42291-ice-add-a-per-vf-limit-on-number-of-fdir-filters-kpatch.patch kpatch-description: ice: Add a per-VF limit on number of FDIR filters kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-42291 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-42291 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=6ebbe97a488179f5dc85f2f1e0c89b486e99ee97 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-42294-block-fix-deadlock-between-sd-remove-sd-release-427.patch kpatch-description: block: fix deadlock between sd_remove & sd_release kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-42294 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-42294 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=7e04da2dc7013af50ed3a2beb698d5168d1e594b kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-42304-ext4-make-sure-the-first-directory-block-is-not-a-hole.patch kpatch-description: ext4: make sure the first directory block is not a hole kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-42304 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-42304 kpatch-patch-url: https://gerrit.kernelcare.com/plugins/gitiles/redhat-kernel/+/ae437ce929084ea2f7ceae70426ee5f6a29bb927 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-42305-ext4-check-dot-and-dotdot-of-dx-root-before-making-dir-indexed.patch kpatch-description: ext4: check dot and dotdot of dx_root before making dir indexed kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-42305 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-42305 kpatch-patch-url: https://gerrit.kernelcare.com/plugins/gitiles/redhat-kernel/+/d8c9e2a5831c2ad2863136917bd8e3a8101e8058 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-42312-sysctl-always-initialize-i-uid-i-gid.patch kpatch-description: sysctl: always initialize i_uid/i_gid kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-42312 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-42312 kpatch-patch-url: https://gerrit.kernelcare.com/plugins/gitiles/redhat-kernel/+/9089c30d687c047202fc47af95ffdf71d8d64177 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-43871-devres-fix-memory-leakage-caused-by-driver-api-devm-free-percpu.patch kpatch-description: devres: Fix memory leakage caused by driver API devm_free_percpu() kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-43871 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-43871 kpatch-patch-url: https://git.kernel.org/linus/bd50a974097bb82d52a458bd3ee39fb723129a0c kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-43884-bluetooth-mgmt-add-error-handling-to-pair-device.patch kpatch-description: Bluetooth: MGMT: Add error handling to pair_device() kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-43884 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-43884 kpatch-patch-url: https://git.kernel.org/stable/c/064dd929c76532359d2905d90a7c12348043cfd4 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-43898-ext4-sanity-check-for-null-pointer-after-ext4-force-shutdown.patch kpatch-description: ext4: sanity check for NULL pointer after ext4_force_shutdown kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-43898 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-43898 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=83f4414b8f84249d538905825b088ff3ae555652 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-43914-md-raid5-avoid-bug-on-while-continue-reshape-after-reassembling.patch kpatch-description: md/raid5: avoid BUG_ON() while continue reshape after reassembling kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-43914 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-43914 kpatch-patch-url: https://git.kernel.org/stable/c/2c92f8c1c456d556f15cbf51667b385026b2e6a0 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-44931-gpio-prevent-potential-speculation-leaks-in-gpio-device-get-desc.patch kpatch-description: gpio: prevent potential speculation leaks in gpio_device_get_desc() kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-44931 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-44931 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=d795848ecce24a75dfd46481aee066ae6fe39775 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-44952-driver-core-fix-uevent-show-vs-driver-detach-race.patch kpatch-description: driver core: Fix uevent_show() vs driver detach race kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-44952 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-44952 kpatch-patch-url: https://git.kernel.org/linus/15fffc6a5624b13b428bb1c6e9088e32a55eb82c kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-44975-cgroup-cpuset-fix-panic-caused-by-partcmd-update.patch kpatch-description: cgroup/cpuset: fix panic caused by partcmd_update kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-44975 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-44975 kpatch-patch-url: https://git.kernel.org/linus/959ab6350add903e352890af53e86663739fcb9a kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-46761-pci-hotplug-pnv-php-fix-hotplug-driver-crash-on-powernv.patch kpatch-description: pci/hotplug/pnv_php: Fix hotplug driver crash on Powernv kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-46761 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-46761 kpatch-patch-url: https://gerrit.kernelcare.com/plugins/gitiles/redhat-kernel/+/57beb230405ef97244ad1738dd5cf3f745562c66 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-46822-arm64-acpi-harden-get-cpu-for-acpi-id-against-missing-cpu-entry.patch kpatch-description: arm64: acpi: Harden get_cpu_for_acpi_id() against missing CPU entry kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-46822 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-46822 kpatch-patch-url: https://gerrit.kernelcare.com/plugins/gitiles/redhat-kernel/+/a40d9d97da15b63aaa5ea8b1eb5e70cbaf3a7e75 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-46787-userfaultfd-fix-checks-for-huge-pmds.patch kpatch-description: userfaultfd: fix checks for huge PMDs kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-46787 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-46787 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=71c186efc1b2cf1aeabfeff3b9bd5ac4c5ac14d8 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-46783-tcp-bpf-fix-return-value-of-tcp-bpf-sendmsg.patch kpatch-description: tcp_bpf: fix return value of tcp_bpf_sendmsg() kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-46783 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-46783 kpatch-patch-url: https://gerrit.kernelcare.com/plugins/gitiles/redhat-kernel/+/2acef5216c312f9ab92de1458ba09cab6bc7e514 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-46805-drm-amdgpu-fix-the-waring-dereferencing-hive.patch kpatch-description: drm/amdgpu: fix the waring dereferencing hive kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-46805 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-46805 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=f20d1d5cbb39802f68be24458861094f3e66f356 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-46806-drm-amdgpu-Fix-the-warning-division-or-modulo-by-zero.patch kpatch-description: drm/amdgpu: Fix the warning division or modulo by zero kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-46806 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-46806 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=1a00f2ac82d6bc6689388c7edcd2a4bd82664f3c kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-46807-drm-amd-amdgpu-Check-tbo-resource-pointer.patch kpatch-description: drm/amd/amdgpu: Check tbo resource pointer kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-46807 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-46807 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=6cd2b872643bb29bba01a8ac739138db7bd79007 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-46819-drm-amdgpu-the-warning-dereferencing-obj-for-nbio_v7.patch kpatch-description: drm/amdgpu: the warning dereferencing obj for nbio_v7_4 kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-46819 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-46819 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=d190b459b2a4304307c3468ed97477b808381011 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-46835-drm-amdgpu-Fix-smatch-static-checker-warning.patch kpatch-description: drm/amdgpu: Fix smatch static checker warning kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-46835 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-46835 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=bdbdc7cecd00305dc844a361f9883d3a21022027 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-49933-blk-iocost-fix-more-out-of-bound-shifts.patch kpatch-description: blk_iocost: fix more out of bound shifts kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-49933 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-49933 kpatch-patch-url: https://gerrit.kernelcare.com/plugins/gitiles/redhat-kernel/+/c40ade3008f8de2df1a77eec9f9f6e5599b113ad kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-49934-fs-inode-prevent-dump-mapping-accessing-invalid-dentry-d-name-name.patch kpatch-description: fs/inode: Prevent dump_mapping() accessing invalid dentry.d_name.name kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-49934 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-49934 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=7f7b850689ac06a62befe26e1fd1806799e7f152 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-49935-acpi-pad-fix-crash-in-exit-round-robin.patch kpatch-description: ACPI: PAD: fix crash in exit_round_robin() kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-49935 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-49935 kpatch-patch-url: https://gerrit.kernelcare.com/plugins/gitiles/redhat-kernel/+/300494193de5407a4b13ae2ee1ef86b7f6a098f7 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-49937-wifi-cfg80211-set-correct-chandef-when-starting-cac.patch kpatch-description: wifi: cfg80211: Set correct chandef when starting CAC kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-49937 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-49937 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=20361712880396e44ce80aaeec2d93d182035651 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-49938-wifi-ath9k-htc-use-skb-set-length-for-resetting-urb-before-resubmit.patch kpatch-description: wifi: ath9k_htc: Use __skb_set_length() for resetting urb before resubmit kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-49938 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-49938 kpatch-patch-url: https://gerrit.kernelcare.com/plugins/gitiles/redhat-kernel/+/aab3dd4c2caa688cdcb0a2e843d9dd34983ce21c kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-49939-wifi-rtw89-avoid-to-add-interface-to-list-twice-when-ser.patch kpatch-description: wifi: rtw89: avoid to add interface to list twice when SER kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-49939 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-49939 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=7dd5d2514a8ea58f12096e888b0bd050d7eae20a kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-49946-ppp-do-not-assume-bh-is-held-in-ppp-channel-bridge-input.patch kpatch-description: ppp: do not assume bh is held in ppp_channel_bridge_input() kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-49946 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-49946 kpatch-patch-url: https://gerrit.kernelcare.com/plugins/gitiles/redhat-kernel/+/8ddd27039e5418b77b4e27da7f00feb9e524f496 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-49948-net-add-more-sanity-checks-to-qdisc-pkt-len-init.patch kpatch-description: net: add more sanity checks to qdisc_pkt_len_init() kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-49948 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-49948 kpatch-patch-url: https://gerrit.kernelcare.com/plugins/gitiles/redhat-kernel/+/889018b514b45537686572e97a0db3582a9b8778 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-49951-Bluetooth-hci_sync-Add-helper-functions-to-manipulat.patch kpatch-description: Bluetooth: hci_sync: Add helper functions to manipulate cmd_sync queue kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-49951 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-49951 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=505ea2b295929e7be2b4e1bc86ee31cb7862fb01 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-49951-bluetooth-mgmt-fix-possible-crash-on-mgmt-index-removed.patch kpatch-description: Bluetooth: MGMT: Fix possible crash on mgmt_index_removed kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-49951 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-49951 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=f53e1c9c726d83092167f2226f32bd3b73f26c21 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-44958-sched-smt-introduce-sched-smt-present-inc-dec-helper.patch kpatch-description: sched/smt: Introduce sched_smt_present_inc/dec() helper kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-44958 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/cve-2024-44958 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=e22f910a26cc2a3ac9c66b8e935ef2a7dd881117 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-44958-sched-smt-fix-unbalance-sched-smt-present-dec-inc.patch kpatch-description: sched/smt: Fix unbalance sched_smt_present dec/inc kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-44958 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/cve-2024-44958 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=e22f910a26cc2a3ac9c66b8e935ef2a7dd881117 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2023-52672-pipe-wakeup-wr-wait-after-setting-max-usage.patch kpatch-description: pipe: wakeup wr_wait after setting max_usage kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2023-52672 kpatch-cvss: 7.0 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-52672 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=e95aada4cb93d42e25c30a0ef9eb2923d9711d4a kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2023-52672-pipe-wakeup-wr-wait-after-setting-max-usage-kpatch.patch kpatch-description: pipe: wakeup wr_wait after setting max_usage kpatch kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2023-52672 kpatch-cvss: 7.0 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-52672 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=e95aada4cb93d42e25c30a0ef9eb2923d9711d4a kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2025-23138-watch_queue-fix-pipe-accounting-mismatch.patch kpatch-description: watch_queue: fix pipe accounting mismatch kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2025-23138 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-23138 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=f13abc1e8e1a3b7455511c4e122750127f6bc9b0 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-50128-net-wwan-fix-global-oob-in-wwan-rtnl-policy.patch kpatch-description: net: wwan: fix global oob in wwan_rtnl_policy kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-50128 kpatch-cvss: 7.1 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-50128 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=47dd5447cab8ce30a847a0337d5341ae4c7476a7 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-50128-net-wwan-fix-global-oob-in-wwan-rtnl-policy-kpatch.patch kpatch-description: net: wwan: fix global oob in wwan_rtnl_policy kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-50128 kpatch-cvss: 7.1 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-50128 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=47dd5447cab8ce30a847a0337d5341ae4c7476a7 kpatch-name: skipped/CVE-2024-50228.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-50228 kpatch-skip-reason: Vendor reverted in d1aa0c04294 as it causes deadlocks kpatch-cvss: kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-50278-dm-cache-fix-potential-out-of-bounds-access-on-the-first-resume.patch kpatch-description: dm cache: fix potential out-of-bounds access on the first resume kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-50278 kpatch-cvss: 7.1 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-50278 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=c0ade5d98979585d4f5a93e4514c2e9a65afa08d kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-53082-virtio-net-add-hash-key-length-check.patch kpatch-description: virtio_net: Add hash_key_length check kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-53082 kpatch-cvss: 7.1 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-53082 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=3f7d9c1964fcd16d02a8a9d4fd6f6cb60c4cc530 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-56663-wifi-nl80211-fix-nl80211-attr-mlo-link-id-off-by-one.patch kpatch-description: wifi: nl80211: fix NL80211_ATTR_MLO_LINK_ID off-by-one kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-56663 kpatch-cvss: 7.1 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-56663 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=2e3dbf938656986cce73ac4083500d0bcfbffe24 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-56663-wifi-nl80211-fix-nl80211-attr-mlo-link-id-off-by-one-kpatch-427.patch kpatch-description: wifi: nl80211: fix NL80211_ATTR_MLO_LINK_ID off-by-one kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-56663 kpatch-cvss: 7.1 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-56663 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=2e3dbf938656986cce73ac4083500d0bcfbffe24 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-58099-vmxnet3-fix-packet-corruption-in-vmxnet3-xdp-xmit-frame.patch kpatch-description: vmxnet3: Fix packet corruption in vmxnet3_xdp_xmit_frame kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-58099 kpatch-cvss: 7.0 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-58099 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=4678adf94da4a9e9683817b246b58ce15fb81782 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-50058-serial-protect-uart-port-dtr-rts-in-uart-shutdown-too-5.14.0-427.42.1.el9_4.patch kpatch-description: serial: protect uart_port_dtr_rts() in uart_shutdown() too kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-50058 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-50058 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=602babaa84d627923713acaf5f7e9a4369e77473 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-50082-blk-rq-qos-fix-crash-on-rq-qos-wait-vs-rq-qos-wake-function-race.patch kpatch-description: blk-rq-qos: fix crash on rq_qos_wait vs. rq_qos_wake_function race kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-50082 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-50082 kpatch-patch-url: https://gerrit.kernelcare.com/plugins/gitiles/redhat-kernel/+/d25e973b35b6a5fe36c0d54c2ff18cea94768d16 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-50081-blk-mq-setup-queue-tag-set-before-initializing-hctx.patch kpatch-description: blk-mq: setup queue ->tag_set before initializing hctx kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-50081 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-50081 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=c25c0c9035bb8b28c844dfddeda7b8bdbcfcae95 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-50101-iommu-vt-d-fix-incorrect-pci-for-each-dma-alias-for-non-pci-devices.patch kpatch-description: iommu/vt-d: Fix incorrect pci_for_each_dma_alias() for non-PCI devices kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-50101 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-50101 kpatch-patch-url: https://gerrit.kernelcare.com/plugins/gitiles/redhat-kernel/+/ff8b885f915c9f9ec8862550d06f4c584590465c kpatch-name: skipped/CVE-2024-50102.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-50102 kpatch-skip-reason: low score, complex adaptation kpatch-cvss: kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-50077-bluetooth-iso-fix-multiple-init-when-debugfs-is-disabled.patch kpatch-description: Bluetooth: ISO: Fix multiple init when debugfs is disabled kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-50077 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-50077 kpatch-patch-url: https://gerrit.kernelcare.com/plugins/gitiles/redhat-kernel/+/b306874973019a38a44c89ff1a0f212e8cd2ff38 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-50078-bluetooth-call-iso-exit-on-module-unload.patch kpatch-description: Bluetooth: Call iso_exit() on module unload kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-50078 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-50078 kpatch-patch-url: https://gerrit.kernelcare.com/plugins/gitiles/redhat-kernel/+/5c872ad564167ebc157853d3729a33acc4246804 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-50093-thermal-intel-int340x-processor-fix-warning-during-module-unload-5.14.0-427.42.1.el9_4.patch kpatch-description: thermal: intel: int340x: processor: Fix warning during module unload kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-50093 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-50093 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=99ca0b57e49fb73624eede1c4396d9e3d10ccf14 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-50075-xhci-tegra-fix-checked-usb2-port-number.patch kpatch-description: xhci: tegra: fix checked USB2 port number kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-50075 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-50075 kpatch-patch-url: https://gerrit.kernelcare.com/plugins/gitiles/redhat-kernel/+/84a0da9984fa9acaab8757b00358c9720b6176a4 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-53146-nfsd-prevent-a-potential-integer-overflow.patch kpatch-description: NFSD: Prevent a potential integer overflow kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-53146 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-53146 kpatch-patch-url: https://gerrit.kernelcare.com/plugins/gitiles/redhat-kernel/+/6b6e999f74ca06c1ff4de7635a8e3dcb7c7471fb kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-53160-rcu-kvfree-fix-data-race-in-mod-timer-kvfree-call-rcu-503.patch kpatch-description: rcu/kvfree: Fix data-race in __mod_timer / kvfree_call_rcu kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-53160 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-53160 kpatch-patch-url: https://gerrit.kernelcare.com/plugins/gitiles/redhat-kernel/+/89edcfe6e5c6c2dc1074e0d91aa9eae5e865ef16 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-53161-edac-bluefield-fix-potential-integer-overflow.patch kpatch-description: EDAC/bluefield: Fix potential integer overflow kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-53161 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-53161 kpatch-patch-url: https://gerrit.kernelcare.com/plugins/gitiles/redhat-kernel/+/4580f9aa3479c1e331c1c167be805992ecc3977a kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-53164-net-sched-fix-ordering-of-qlen-adjustment.patch kpatch-description: net: sched: fix ordering of qlen adjustment kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-53164 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-53164 kpatch-patch-url: https://gerrit.kernelcare.com/plugins/gitiles/redhat-kernel/+/972b8e2a61435b7f87399962f33d1defdd00d8ee kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-53190-wifi-rtlwifi-drastically-reduce-the-attempts-to-read-efuse-in-case-of-failures.patch kpatch-description: wifi: rtlwifi: Drastically reduce the attempts to read efuse in case of failures kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-53190 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-53190 kpatch-patch-url: https://gerrit.kernelcare.com/plugins/gitiles/redhat-kernel/+/008e728d2cb3fd43805ab81f3390121ae48bdfc2 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-43823-pci-keystone-fix-null-pointer-dereference-in-case-of-dt-error-in-ks-pcie-setup-rc-app-regs.patch kpatch-description: PCI: keystone: Fix NULL pointer dereference in case of DT error in ks_pcie_setup_rc_app_regs() kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-43823 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-43823 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=a231707a91f323af1e5d9f1722055ec2fc1c7775 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-42315-exfat-fix-potential-deadlock-on-exfat-get-dentry-set.patch kpatch-description: exfat: fix potential deadlock on __exfat_get_dentry_set kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-42315 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-42315 kpatch-patch-url: https://gerrit.kernelcare.com/plugins/gitiles/redhat-kernel/+/eff13001333d23f7feb55566de65e647f8d467da kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-42321-net-flow-dissector-use-debug-net-warn-on-once.patch kpatch-description: net: flow_dissector: use DEBUG_NET_WARN_ON_ONCE kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-42321 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-42321 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=120f1c857a73e52132e473dee89b340440cb692b kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-42321-net-flow-dissector-use-debug-net-warn-on-once-kpatch.patch kpatch-description: net: flow_dissector: use DEBUG_NET_WARN_ON_ONCE kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-42321 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-42321 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=120f1c857a73e52132e473dee89b340440cb692b kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-43828-ext4-fix-infinite-loop-when-replaying-fast-commit.patch kpatch-description: ext4: fix infinite loop when replaying fast_commit kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-43828 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-43828 kpatch-patch-url: https://gerrit.kernelcare.com/plugins/gitiles/redhat-kernel/+/8f63a570a6f19f4d4f11f57e2d2b30e5eb63f620 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-43853-cgroup-cpuset-prevent-uaf-in-proc-cpuset-show.patch kpatch-description: cgroup/cpuset: Prevent UAF in proc_cpuset_show() kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-43853 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-43853 kpatch-patch-url: https://gerrit.kernelcare.com/plugins/gitiles/redhat-kernel/+/0cdc1804f690b38e184f62132ed20dbb67ee0db1 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-43846-lib-objagg-fix-general-protection-fault.patch kpatch-description: lib: objagg: Fix general protection fault kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-43846 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-43846 kpatch-patch-url: https://gerrit.kernelcare.com/plugins/gitiles/redhat-kernel/+/74e6153f64b017a067583f0a6bde31818beea0b5 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-43821-scsi-lpfc-fix-a-possible-null-pointer-dereference.patch kpatch-description: scsi: lpfc: Fix a possible null pointer dereference kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-43821 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-43821 kpatch-patch-url: https://gerrit.kernelcare.com/plugins/gitiles/redhat-kernel/+/d9d1c26b2574f8083cd4f64a015926c34641b4ba kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-43834-xdp-fix-invalid-wait-context-of-page-pool-destroy.patch kpatch-description: xdp: fix invalid wait context of page_pool_destroy() kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-43834 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-43834 kpatch-patch-url: https://gerrit.kernelcare.com/plugins/gitiles/redhat-kernel/+/0d4127c3f89fa99892274bafb83aa63cca5b268e kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-46839-workqueue-wq-watchdog-touch-is-always-called-with-valid-cpu.patch kpatch-description: workqueue: wq_watchdog_touch is always called with valid CPU kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-46839 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-46839 kpatch-patch-url: https://gerrit.kernelcare.com/plugins/gitiles/redhat-kernel/+/b0d5b181c0e5e324b4c356490692a34f1df1e62c kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-47660-fsnotify-clear-parent-watched-flags-lazily.patch kpatch-description: fsnotify: clear PARENT_WATCHED flags lazily kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-47660 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-47660 kpatch-patch-url: https://gerrit.kernelcare.com/plugins/gitiles/redhat-kernel/+/4a2f697b8e88132dcc2c99b69ba54c84a2204ce2 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-47668-lib-generic-radix-tree-c-fix-rare-race-in-genradix-ptr-alloc.patch kpatch-description: lib/generic-radix-tree.c: Fix rare race in __genradix_ptr_alloc() kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-47668 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-47668 kpatch-patch-url: https://gerrit.kernelcare.com/plugins/gitiles/redhat-kernel/+/3bdde79f44ca9bfa9b22c7f72232da184ac5bcc1 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-47705-block-fix-potential-invalid-pointer-dereference-in-blk-add-partition.patch kpatch-description: block: fix potential invalid pointer dereference in blk_add_partition kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-47705 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-47705 kpatch-patch-url: https://gerrit.kernelcare.com/plugins/gitiles/redhat-kernel/+/3e68b101c7ecfe7b3041da80b966a0de9cc495ca kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-47700-ext4-fix-race-between-writepages-and-remount-5.14.0-427.42.1.el9_4.patch kpatch-description: ext4: fix race between writepages and remount kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-47700 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-47700 kpatch-patch-url: https://gerrit.kernelcare.com/plugins/gitiles/redhat-kernel/+/0cb471cc39d1154f24885b140b63e1cd485d576f kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-47700-ext4-check-stripe-size-compatibility-on-remount-as-well.patch kpatch-description: ext4: check stripe size compatibility on remount as well kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-47700 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-47700 kpatch-patch-url: https://gerrit.kernelcare.com/plugins/gitiles/redhat-kernel/+/ab54091a0f3e986133f0c88b8ef50897432f73bc kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-47678-icmp-change-the-order-of-rate-limits.patch kpatch-description: icmp: change the order of rate limits kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-47678 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-47678 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=8c2bd38b95f75f3d2a08c93e35303e26d480d24e kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-47687-vdpa-mlx5-fix-invalid-mr-resource-destroy.patch kpatch-description: vdpa/mlx5: Fix invalid mr resource destroy kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-47687 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-47687 kpatch-patch-url: https://gerrit.kernelcare.com/plugins/gitiles/redhat-kernel/+/3adeea8520479e8f802c73b097d451de93e3ae92 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-47703-bpf-lsm-add-check-for-bpf-lsm-return-value-427-42.patch kpatch-description: bpf, lsm: Add check for BPF LSM return value kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-47703 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-47703 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=5d99e198be279045e6ecefe220f5c52f8ce9bfd5 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-47703-bpf-lsm-add-check-for-bpf-lsm-return-value-kpatch.patch kpatch-description: bpf, lsm: Add check for BPF LSM return value kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-47703 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-47703 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=5d99e198be279045e6ecefe220f5c52f8ce9bfd5 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-49856-x86-sgx-fix-deadlock-in-sgx-numa-node-search.patch kpatch-description: x86/sgx: Fix deadlock in SGX NUMA node search kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-49856 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-49856 kpatch-patch-url: https://gerrit.kernelcare.com/plugins/gitiles/redhat-kernel/+/23d833f47a1b5f8c152b5bcd79da38f0ebb8b7f1 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-49870-cachefiles-fix-dentry-leak-in-cachefiles-open-file.patch kpatch-description: cachefiles: fix dentry leak in cachefiles_open_file() kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-49870 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-49870 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=da6ef2dffe6056aad3435e6cf7c6471c2a62187c kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-49875-nfsd-map-the-ebadmsg-to-nfserr-io-to-avoid-warning-kpatch.patch kpatch-description: nfsd: map the EBADMSG to nfserr_io to avoid warning kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-49875 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-49875 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/patch/?id=6fe058502f8864649c3d614b06b2235223798f48 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-49878-resource-fix-region-intersects-vs-add-memory-driver-managed.patch kpatch-description: resource: fix region_intersects() vs add_memory_driver_managed() kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-49878 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-49878 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=b4afe4183ec77f230851ea139d91e5cf2644c68b kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-49881-ext4-update-orig-path-in-ext4-find-extent.patch kpatch-description: ext4: update orig_path in ext4_find_extent() kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-49881 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-49881 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=5b4b2dcace35f618fe361a87bae6f0d13af31bc1 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-49886-platform-x86-isst-fix-the-kasan-report-slab-out-of-bounds-bug.patch kpatch-description: platform/x86: ISST: Fix the KASAN report slab-out-of-bounds bug kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-49886 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-49886 kpatch-patch-url: https://gerrit.kernelcare.com/plugins/gitiles/redhat-kernel/+/3fb0619aea7eae33176feaa8d80897c775fd9a7f kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-49927-x86-ioapic-handle-allocation-failures-gracefully.patch kpatch-description: x86/ioapic: Handle allocation failures gracefully kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-49927 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-49927 kpatch-patch-url: https://gerrit.kernelcare.com/plugins/gitiles/redhat-kernel/+/6197b636f23c4d085050216758d0fcc8f7890ad6 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-49929-wifi-iwlwifi-mvm-avoid-null-pointer-dereference-427.patch kpatch-description: wifi: iwlwifi: mvm: avoid NULL pointer dereference kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-49929 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-49929 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=557a6cd847645e667f3b362560bd7e7c09aac284 kpatch-name: skipped/CVE-2024-36968.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-36968 kpatch-skip-reason: Complex adaptation required (too many dependency patches) kpatch-cvss: kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-35963-35967-Add-a-helper-header-with-copy_safe_from_sockptr.patch kpatch-description: net: Make copy_safe_from_sockptr() match documentation kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-35963 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-35963 kpatch-patch-url: https://github.com/torvalds/linux/commit/eb94b7bb10109a14a5431a67e5d8e31cfa06b395 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-35963-bluetooth-hci-sock-fix-not-validating-setsockopt-user-input.patch kpatch-description: Bluetooth: hci_sock: Fix not validating setsockopt user input kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-35963 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-35963 kpatch-patch-url: https://gerrit.kernelcare.com/plugins/gitiles/redhat-kernel/+/ed4080047efc99977b8c980fb54e8fc33088516c kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-35964-bluetooth-iso-fix-not-validating-setsockopt-user-input-459.patch kpatch-description: Bluetooth: ISO: Fix not validating setsockopt user input kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-35964 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-35964 kpatch-patch-url: https://github.com/torvalds/linux/commit/9e8742cdfc4b0e65266bb4a901a19462bda9285e kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-35965-bluetooth-l2cap-fix-not-validating-setsockopt-user-input-507.patch kpatch-description: Bluetooth: L2CAP: Fix not validating setsockopt user input kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-35965 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-35965 kpatch-patch-url: https://gerrit.kernelcare.com/plugins/gitiles/redhat-kernel/+/02356256e68a10f40fbb1ff037b65545229eda71 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-35966-bluetooth-rfcomm-fix-not-validating-setsockopt-user-input.patch kpatch-description: Bluetooth: RFCOMM: Fix not validating setsockopt user input kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-35966 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-35966 kpatch-patch-url: https://gerrit.kernelcare.com/plugins/gitiles/redhat-kernel/+/f8636959ab09a5ebf43ae5d6621283a97a29c518 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-35967-bluetooth-sco-fix-not-validating-setsockopt-user-input-459.patch kpatch-description: Bluetooth: SCO: Fix not validating setsockopt user input kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-35967 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-35967 kpatch-patch-url: https://gerrit.kernelcare.com/plugins/gitiles/redhat-kernel/+/ca23fe19b0c913cbe4ec00b3085c0b8968711685 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-35978-bluetooth-fix-memory-leak-in-hci-req-sync-complete.patch kpatch-description: Bluetooth: Fix memory leak in hci_req_sync_complete() kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-35978 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-35978 kpatch-patch-url: https://gerrit.kernelcare.com/plugins/gitiles/redhat-kernel/+/914a591cd651095d6099cd1d1402595219c25482 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-36011-bluetooth-hci-fix-potential-null-ptr-deref.patch kpatch-description: Bluetooth: HCI: Fix potential null-ptr-deref kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-36011 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-36011 kpatch-patch-url: https://gerrit.kernelcare.com/plugins/gitiles/redhat-kernel/+/e63366bd363b9e1dda8a674072309414389ce76c kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-36880-bluetooth-qca-add-missing-firmware-sanity-checks.patch kpatch-description: Bluetooth: qca: add missing firmware sanity checks kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-36880 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-36880 kpatch-patch-url: https://gerrit.kernelcare.com/plugins/gitiles/redhat-kernel/+/b92260e242fc2117e1175bf43e982524d871a7d6 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-36880-bluetooth-qca-fix-firmware-check-error-path.patch kpatch-description: Bluetooth: qca: fix firmware check error path kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-36880 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-36880 kpatch-patch-url: https://github.com/torvalds/linux/commit/40d442f969fb1e871da6fca73d3f8aef1f888558 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-46754-bpf-remove-tst-run-from-lwt-seg6local-prog-ops.patch kpatch-description: bpf: Remove tst_run from lwt_seg6local_prog_ops. kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-46754 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-46754 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=c13fda93aca118b8e5cd202e339046728ee7dddb kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-46754-bpf-remove-tst-run-from-lwt-seg6local-prog-ops-kpatch.patch kpatch-description: bpf: Remove tst_run from lwt_seg6local_prog_ops. kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-46754 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-46754 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=c13fda93aca118b8e5cd202e339046728ee7dddb kpatch-name: skipped/CVE-2024-36013.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-36013 kpatch-skip-reason: Requires adaptation (missing commit e7b02296) kpatch-cvss: kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-47692-nfsd-return-EINVAL-when-namelen-is-0.patch kpatch-description: nfsd: return -EINVAL when namelen is 0 kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-47692 kpatch-cvss: 6.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-47692 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/patch/?id=0f1d007bbea38a61cf9c5392708dc70ae9d84a3d kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2022-48969-xen-netfront-stop-tx-queues-during-live-migration.patch kpatch-description: xen/netfront: stop tx queues during live migration kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2022-48969 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2022-48969 kpatch-patch-url: https://git.kernel.org/stable/c/042b2046d0f05cf8124c26ff65dbb6148a4404fb kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2022-48969-xen-netfront-fix-NULL-sring-after-live-migration.patch kpatch-description: xen-netfront: Fix NULL sring after live migration kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2022-48969 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2022-48969 kpatch-patch-url: https://git.kernel.org/stable/c/99859947517e446058ad7243ee81d2f9801fa3dd kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2022-48989-fscache-fix-oops-due-to-race-with-cookie_lru-and-use_cookie.patch kpatch-description: fscache: Fix oops due to race with cookie_lru and use_cookie kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2022-48989 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2022-48989 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/patch/?id=37f0b459c9b67e14fe4dcc3a15d286c4436ed01d kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2022-48989-fscache-fix-oops-due-to-race-with-cookie_lru-and-use_cookie-kpatch.patch kpatch-description: fscache: Fix oops due to race with cookie_lru and use_cookie kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2022-48989 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2022-48989 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/patch/?id=37f0b459c9b67e14fe4dcc3a15d286c4436ed01d kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2023-52917-ntb-intel-fix-the-NULL-vs-IS_ERR-bug-for-debugfs_create_dir.patch kpatch-description: ntb: intel: Fix the NULL vs IS_ERR() bug for debugfs_create_dir() kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2023-52917 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-52917 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=16e5bed6c1883b19f9fcbdff996aa3381954d5f3 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-27398-bluetooth-fix-use-after-free-bugs-caused-by-sco-sock-timeout.patch kpatch-description: Bluetooth: Fix use-after-free bugs caused by sco_sock_timeout kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-27398 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-27398 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=483bc08181827fc475643272ffb69c533007e546 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-35891-net-phy-micrel-fix-potential-null-pointer-dereference.patch kpatch-description: net: phy: micrel: Fix potential null pointer dereference kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-35891 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-35891 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=96c155943a703f0655c0c4cab540f67055960e91 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-35933-bluetooth-btintel-fix-null-ptr-deref-in-btintel-read-version.patch kpatch-description: Bluetooth: btintel: Fix null ptr deref in btintel_read_version kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-35933 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-35933 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=b79e040910101b020931ba0c9a6b77e81ab7f645 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-35934-net-smc-reduce-rtnl-pressure-in-smc-pnet-create-pnetids-list.patch kpatch-description: net/smc: reduce rtnl pressure in smc_pnet_create_pnetids_list() kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-35934 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-35934 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=00af2aa93b76b1bade471ad0d0525d4d29ca5cc0 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-56688-sunrpc-clear-xprt-sock-upd-timeout-when-reset-transport.patch kpatch-description: sunrpc: clear XPRT_SOCK_UPD_TIMEOUT when reset transport kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-56688 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-56688 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=4db9ad82a6c823094da27de4825af693a3475d51 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-56760-pci-msi-handle-lack-of-irqdomain-gracefully.patch kpatch-description: PCI/MSI: Handle lack of irqdomain gracefully kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-56760 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-56760 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=a60b990798eb17433d0283788280422b1bd94b18 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-56654-bluetooth-hci-event-fix-using-rcu-read-un-lock-while-iterating-5.14.0-458.patch kpatch-description: Bluetooth: hci_event: Fix using rcu_read_(un)lock while iterating kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-56654 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-56654 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=581dd2dc168fe0ed2a7a5534a724f0d3751c93ae kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-56667-drm-i915-fix-null-pointer-dereference-in-capture-engine.patch kpatch-description: drm/i915: Fix NULL pointer dereference in capture_engine kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-56667 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-56667 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=da0b986256ae9a78b0215214ff44f271bfe237c1 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-56779-nfsd-fix-nfs4-openowner-leak-when-concurrent-nfsd4-open-occur.patch kpatch-description: nfsd: fix nfs4_openowner leak when concurrent nfsd4_open occur kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-56779 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-56779 kpatch-patch-url: https://gerrit.kernelcare.com/plugins/gitiles/redhat-kernel/+/48fd2c6fe1d4b072683f1aa52c09b022440cdbb7 kpatch-name: skipped/CVE-2024-57809.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-57809 kpatch-skip-reason: Out of scope: ARM architecture isn't supported for current kernel kpatch-cvss: kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-49959-jbd2-stop-waiting-for-space-when-jbd2-cleanup-journal-tail-returns-error.patch kpatch-description: jbd2: stop waiting for space when jbd2_cleanup_journal_tail() returns error kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-49959 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-49959 kpatch-patch-url: https://gerrit.kernelcare.com/plugins/gitiles/redhat-kernel/+/425c5b206fe228aa0fa23680052e3a1dee284152 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-49962-acpica-check-null-return-of-acpi-allocate-zeroed-in-acpi-db-convert-to-package.patch kpatch-description: ACPICA: check null return of ACPI_ALLOCATE_ZEROED() in acpi_db_convert_to_package() kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-49962 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-49962 kpatch-patch-url: https://gerrit.kernelcare.com/plugins/gitiles/redhat-kernel/+/9dc1296a3901032af37b7e0d0fe3aefeb63417bb kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-49968-ext4-filesystems-without-casefold-feature-cannot-be-mounted-with-siphash.patch kpatch-description: ext4: filesystems without casefold feature cannot be mounted with siphash kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-49968 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-49968 kpatch-patch-url: https://gerrit.kernelcare.com/plugins/gitiles/redhat-kernel/+/06ab941f82f863d5a1e6fbac45da49cf99b7bfdd kpatch-name: skipped/CVE-2024-49971.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-49971 kpatch-skip-reason: Older kernels don't have the affected src code kpatch-cvss: kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-49973-r8169-fix-spelling-mistake-tx-underun-tx-underrun.patch kpatch-description: r8169: Fix spelling mistake: "tx_underun" -> "tx_underrun" kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-49973 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-49973 kpatch-patch-url: https://gerrit.kernelcare.com/plugins/gitiles/redhat-kernel/+/ebe8a25db93112497b4cb5e14b70ce8c12defc4c kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-49973-r8169-add-tally-counter-fields-added-with-rtl8125.patch kpatch-description: r8169: add tally counter fields added with RTL8125 kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-49973 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-49973 kpatch-patch-url: https://gerrit.kernelcare.com/plugins/gitiles/redhat-kernel/+/f06efd3552fd109b58660b48a0a7872bae537c23 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-49973-r8169-add-tally-counter-fields-added-with-rtl8125-kpatch.patch kpatch-description: r8169: add tally counter fields added with RTL8125 kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-49973 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-49973 kpatch-patch-url: https://gerrit.kernelcare.com/plugins/gitiles/redhat-kernel/+/f06efd3552fd109b58660b48a0a7872bae537c23 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-49974-nfsd-force-all-nfsv4-2-copy-requests-to-be-synchronous-427.patch kpatch-description: NFSD: Force all NFSv4.2 COPY requests to be synchronous kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-49974 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-49974 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=aadc3bbea163b6caaaebfdd2b6c4667fbc726752 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-49975-uprobes-fix-kernel-info-leak-via-uprobes-vma.patch kpatch-description: uprobes: fix kernel info leak via "[uprobes]" vma kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-49975 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-49975 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=34820304cc2cd1804ee1f8f3504ec77813d29c8e kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-49977-net-stmmac-fix-zero-division-error-when-disabling-tc-cbs.patch kpatch-description: net: stmmac: Fix zero-division error when disabling tc cbs kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-49977 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-49977 kpatch-patch-url: https://gerrit.kernelcare.com/plugins/gitiles/redhat-kernel/+/2ea91d250d1fda437d3e1f116c353732ca418de1 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-49993-iommu-vt-d-fix-potential-lockup-if-qi-submit-sync-called-with-0-count.patch kpatch-description: iommu/vt-d: Fix potential lockup if qi_submit_sync called with 0 count kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-49993 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-49993 kpatch-patch-url: https://gerrit.kernelcare.com/plugins/gitiles/redhat-kernel/+/7ebd49e14d8e827647d481b86e6aeba5632c04db kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-49994-block-fix-integer-overflow-in-blksecdiscard.patch kpatch-description: block: fix integer overflow in BLKSECDISCARD kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-49994 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-49994 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=697ba0b6ec4ae04afb67d3911799b5e2043b4455 kpatch-name: rhel9/5.14.0-570.17.1.el9_6/CVE-2024-46871-drm-amd-display-Correct-the-defined-value-for-AMDGPU_DMUB_NOTIFICATION_MAX.patch kpatch-description: drm/amd/display: Correct the defined value for AMDGPU_DMUB_NOTIFICATION_MAX kpatch-kernel: 5.14.0-570.17.1.el9_6 kpatch-cve: CVE-2024-46871 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/cve-2024-46871 kpatch-patch-url: https://github.com/torvalds/linux/commit/ad28d7c3d989fc5689581664653879d664da76f0 kpatch-name: rhel9/5.14.0-570.17.1.el9_6/CVE-2024-46871-drm-amd-display-Correct-the-defined-value-for-AMDGPU_DMUB_NOTIFICATION_MAX-kpatch.patch kpatch-description: drm/amd/display: Correct the defined value for AMDGPU_DMUB_NOTIFICATION_MAX kpatch-kernel: 5.14.0-570.17.1.el9_6 kpatch-cve: CVE-2024-46871 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/cve-2024-46871 kpatch-patch-url: https://github.com/torvalds/linux/commit/ad28d7c3d989fc5689581664653879d664da76f0 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-50182-secretmem-disable-memfd-secret-if-arch-cannot-set-direct-map.patch kpatch-description: secretmem: disable memfd_secret() if arch cannot set direct map kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-50182 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-50182 kpatch-patch-url: https://gerrit.kernelcare.com/plugins/gitiles/redhat-kernel/+/a6c409e80ceabb7f0f410509ae5d539d96a8b75f kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-50191-ext4-don-t-set-sb-rdonly-after-filesystem-errors-427.patch kpatch-description: ext4: don't set SB_RDONLY after filesystem errors kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-50191 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-50191 kpatch-patch-url: https://gerrit.kernelcare.com/plugins/gitiles/redhat-kernel/+/cff362e53534f9015fd6de56bd5bd610fd09e411 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-50199-mm-swapfile-skip-hugetlb-pages-for-unuse-vma-427.patch kpatch-description: mm/swapfile: skip HugeTLB pages for unuse_vma kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-50199 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-50199 kpatch-patch-url: https://gerrit.kernelcare.com/plugins/gitiles/redhat-kernel/+/ea9f3379f6d295cdb55e08274d9f4a700874fc87 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-50200-maple-tree-correct-tree-corruption-on-spanning-store.patch kpatch-description: maple_tree: correct tree corruption on spanning store kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-50200 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-50200 kpatch-patch-url: https://gerrit.kernelcare.com/plugins/gitiles/redhat-kernel/+/29fff32560b20952e379a5227efa50d979bf76de kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-50201-drm-radeon-Fix-encoder-possible_clones.patch kpatch-description: drm/radeon: Fix encoder->possible_clones kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-50201 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-50201 kpatch-patch-url: https://github.com/torvalds/linux/commit/28127dba64d8ae1a0b737b973d6d029908599611 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-50236-wifi-ath10k-fix-memory-leak-in-management-tx.patch kpatch-description: wifi: ath10k: Fix memory leak in management tx kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-50236 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-50236 kpatch-patch-url: https://gerrit.kernelcare.com/plugins/gitiles/redhat-kernel/+/def3a1d5edaa0f8e92613a6e67687d6434d85a97 kpatch-name: skipped/CVE-2024-49999.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-49999 kpatch-skip-reason: bugfix for module from non-standard kernel-modules-partner package kpatch-cvss: kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-50002-static-call-handle-module-init-failure-correctly-in-static-call-del-module.patch kpatch-description: static_call: Handle module init failure correctly in static_call_del_module() kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-50002 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/cve-2024-50002 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=4b30051c4864234ec57290c3d142db7c88f10d8a kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-50006-ext4-fix-i-data-sem-unlock-order-in-ext4-ind-migrate.patch kpatch-description: ext4: fix i_data_sem unlock order in ext4_ind_migrate() kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-50006 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/cve-2024-50006 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=cc749e61c011c255d81b192a822db650c68b313f kpatch-name: skipped/CVE-2024-50008.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-50008 kpatch-skip-reason: Patch not necessary, the size of the struct remains the same. kpatch-cvss: kpatch-name: skipped/CVE-2024-50009.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-50009 kpatch-skip-reason: Kernels not vulnerable kpatch-cvss: kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-50013-exfat-fix-memory-leak-in-exfat-load-bitmap.patch kpatch-description: exfat: fix memory leak in exfat_load_bitmap() kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-50013 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/cve-2024-50013 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=d2b537b3e533f28e0d97293fe9293161fe8cd137 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-50014-ext4-fix-access-to-uninitialised-lock-in-fc-replay-path-427.patch kpatch-description: ext4: fix access to uninitialised lock in fc replay path kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-50014 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/cve-2024-50014 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=23dfdb56581ad92a9967bcd720c8c23356af74c1 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-50019-kthread-unpark-only-parked-kthread.patch kpatch-description: kthread: unpark only parked kthread kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-50019 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/cve-2024-50019 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=214e01ad4ed7158cab66498810094fac5d09b218 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-56664-bpf-sockmap-Fix-race-between-element-replace-and-close.patch kpatch-description: bpf, sockmap: Fix race between element replace and close() kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-56664 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-56664 kpatch-patch-url: https://github.com/torvalds/linux/commit/ed1fc5d76b81a4d681211333c026202cad4d5649 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-39500-sock_map-avoid-race-between-sock_map_close-and-sk_psock_put.patch kpatch-description: sock_map: avoid race between sock_map_close and sk_psock_put kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-39500 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-39500 kpatch-patch-url: https://github.com/torvalds/linux/commit/4b4647add7d3c8530493f7247d11e257ee425bf0 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-39500-bpf-sockmap-Avoid-using-sk_socket-after-free-when-sending.patch kpatch-description: bpf, sockmap: Avoid using sk_socket after free when sending kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-39500 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-39500 kpatch-patch-url: https://github.com/torvalds/linux/commit/8259eb0e06d8f64c700f5fbdb28a5c18e10de291 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-50163-bpf-make-sure-internal-and-uapi-bpf-redirect-flags-don-t-overlap.patch kpatch-description: bpf: Make sure internal and UAPI bpf_redirect flags don't overlap kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-50163 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-50163 kpatch-patch-url: https://gerrit.kernelcare.com/plugins/gitiles/redhat-kernel/+/4b8b25c4f7a530e3400dc1ae1cde7daa75017246 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-50163-bpf-make-sure-internal-and-uapi-bpf_redirect-flags-don-t-overlap-kpatch.patch kpatch-description: bpf: Make sure internal and UAPI bpf_redirect flags don't overlap kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-50163 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-50163 kpatch-patch-url: https://gerrit.kernelcare.com/plugins/gitiles/redhat-kernel/+/4b8b25c4f7a530e3400dc1ae1cde7daa75017246 kpatch-name: skipped/CVE-2024-43889.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-43889 kpatch-skip-reason: Out of scope: This CVE modified the __init function which won't be available to patch as it is used during bootup time. kpatch-cvss: kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-56562-i3c-master-fix-miss-free-init-dyn-addr-at-i3c-master-put-i3c-addrs.patch kpatch-description: i3c: master: Fix miss free init_dyn_addr at i3c_master_put_i3c_addrs() kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-56562 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-56562 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=3082990592f7c6d7510a9133afa46e31bbe26533 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-56590-bluetooth-hci-core-fix-not-checking-skb-length-on-hci-acldata-packet.patch kpatch-description: Bluetooth: hci_core: Fix not checking skb length on hci_acldata_packet kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-56590 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-56590 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=3fe288a8214e7dd784d1f9b7c9e448244d316b47 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-56647-net-fix-icmp-host-relookup-triggering-ip-rt-bug.patch kpatch-description: net: Fix icmp host relookup triggering ip_rt_bug kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-56647 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-56647 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=c44daa7e3c73229f7ac74985acb8c7fb909c4e0a kpatch-name: skipped/CVE-2024-56591.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-56591 kpatch-skip-reason: Complex adaptation required. kpatch-cvss: kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-56570-ovl-filter-invalid-inodes-with-missing-lookup-function.patch kpatch-description: ovl: Filter invalid inodes with missing lookup function kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-56570 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-56570 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=c8b359dddb418c60df1a69beea01d1b3322bfe83 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-56616-drm-dp-mst-fix-mst-sideband-message-body-length-check.patch kpatch-description: drm/dp_mst: Fix MST sideband message body length check kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-56616 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-56616 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=bd2fccac61b40eaf08d9546acc9fef958bfe4763 kpatch-name: skipped/CVE-2024-56535.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-56535 kpatch-skip-reason: Out of scope: not affected kpatch-cvss: kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-50130-netfilter-bpf-must-hold-reference-on-net-namespace.patch kpatch-description: netfilter: bpf: must hold reference on net namespace kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-50130 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-50130 kpatch-patch-url: https://gitlab.com/redhat/centos-stream/src/kernel/centos-stream-9/-/commit/012a65c2b62eb5ab1b7638ad8b42dcbfeed50377 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-50130-netfilter-bpf-must-hold-reference-on-net-namespace-kpatch.patch kpatch-description: netfilter: bpf: must hold reference on net namespace kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-50130 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-50130 kpatch-patch-url: https://gitlab.com/redhat/centos-stream/src/kernel/centos-stream-9/-/commit/012a65c2b62eb5ab1b7638ad8b42dcbfeed50377 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-44989-bonding-fix-xfrm-real-dev-null-pointer-dereference.patch kpatch-description: bonding: fix xfrm real_dev null pointer dereference kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-44989 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-44989 kpatch-patch-url: https://gerrit.kernelcare.com/plugins/gitiles/redhat-kernel/+/9e78ac97ac246090b38a80fe12919bd746e014ca kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-45000-fs-netfs-fscache-cookie-add-missing-n-accesses-check.patch kpatch-description: fs/netfs/fscache_cookie: add missing "n_accesses" check kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-45000 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-45000 kpatch-patch-url: https://gerrit.kernelcare.com/plugins/gitiles/redhat-kernel/+/4ec44df1aaa2041e65fd7fa060950ef438ba47f3 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-45016-netem-fix-return-value-if-duplicate-enqueue-fails.patch kpatch-description: netem: fix return value if duplicate enqueue fails kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-45016 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-45016 kpatch-patch-url: https://gerrit.kernelcare.com/plugins/gitiles/redhat-kernel/+/866881d110e1a014d36455563068030ed04292ff kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-45022-mm-vmalloc-fix-page-mapping-if-vm-area-alloc-pages-with-high-order-fallback-to-order-0.patch kpatch-description: mm/vmalloc: fix page mapping if vm_area_alloc_pages() with high order fallback to order 0 kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-45022 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-45022 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=61ebe5a747da649057c37be1c37eb934b4af79ca kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-46675-usb-dwc3-core-prevent-usb-core-invalid-event-buffer-address-access.patch kpatch-description: usb: dwc3: core: Prevent USB core invalid event buffer address access kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-46675 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-46675 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=14e497183df28c006603cc67fd3797a537eef7b9 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-46745-input-uinput-reject-requests-with-unreasonable-number-of-slots.patch kpatch-description: Input: uinput - reject requests with unreasonable number of slots kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-46745 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-46745 kpatch-patch-url: https://gerrit.kernelcare.com/plugins/gitiles/redhat-kernel/+/a7bcad71a975ba1c9004f9be7bf512589f112892 kpatch-name: skipped/CVE-2024-46750.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-46750 kpatch-skip-reason: Complex adaptation required. Low impact CVE. kpatch-cvss: kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-47706-block-bfq-fix-possible-uaf-for-bfqq-bic-with-merge-chain.patch kpatch-description: block, bfq: fix possible UAF for bfqq->bic with merge chain kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-47706 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-47706 kpatch-patch-url: https://gerrit.kernelcare.com/plugins/gitiles/redhat-kernel/+/adad3bd6893bf04a838136f1c6be2bb85f997601 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-47737-nfsd-call-cache-put-if-xdr-reserve-space-returns-null.patch kpatch-description: nfsd: call cache_put if xdr_reserve_space returns NULL kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-47737 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-47737 kpatch-patch-url: https://gerrit.kernelcare.com/plugins/gitiles/redhat-kernel/+/c3566565b6db1f28fd4b98c2d4d950957fc06d9c kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-47710-sock-map-add-a-cond-resched-in-sock-hash-free.patch kpatch-description: sock_map: Add a cond_resched() in sock_hash_free() kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-47710 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-47710 kpatch-patch-url: https://gerrit.kernelcare.com/plugins/gitiles/redhat-kernel/+/219ab74949bb01acf065fc868528ae5824bbc45c kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-49851-tpm-clean-up-tpm-space-after-command-failure.patch kpatch-description: tpm: Clean up TPM space after command failure kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-49851 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-49851 kpatch-patch-url: https://gerrit.kernelcare.com/plugins/gitiles/redhat-kernel/+/b800d2f669941bf2e36e06e63d91ea508d7f4a89 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-47739-padata-use-integer-wrap-around-to-prevent-deadlock-on-seq-nr-overflow.patch kpatch-description: padata: use integer wrap around to prevent deadlock on seq_nr overflow kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-47739 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-47739 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=9a22b2812393d93d84358a760c347c21939029a6 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-47738-wifi-mac80211-don-t-use-rate-mask-for-scanning.patch kpatch-description: wifi: mac80211: don't use rate mask for scanning kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-47738 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-47738 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=ab9177d83c040eba58387914077ebca56f14fae6 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-47738-wifi-mac80211-don-t-use-rate-mask-for-offchannel-tx-either.patch kpatch-description: wifi: mac80211: don't use rate mask for offchannel TX either kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-47738 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-47738 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=e7a7ef9a0742dbd0818d5b15fba2c5313ace765b kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-47715-wifi-mt76-mt7915-fix-oops-on-non-dbdc-mt7986.patch kpatch-description: wifi: mt76: mt7915: fix oops on non-dbdc mt7986 kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-47715 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-47715 kpatch-patch-url: https://gerrit.kernelcare.com/plugins/gitiles/redhat-kernel/+/92ace24156c077bc527f9669f109ad8bb14f96b7 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-47713-wifi-mac80211-use-two-phase-skb-reclamation-in-ieee80211-do-stop.patch kpatch-description: wifi: mac80211: use two-phase skb reclamation in ieee80211_do_stop() kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-47713 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-47713 kpatch-patch-url: https://gerrit.kernelcare.com/plugins/gitiles/redhat-kernel/+/e30f106712a5f5f4fa17ddc2122a2e45700032e4 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-49569-nvme-rdma-unquiesce-admin-q-before-destroy-it-5.14.0-427.42.1.el9_4.patch kpatch-description: nvme-rdma: unquiesce admin_q before destroy it kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-49569 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-49569 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=5858b687559809f05393af745cbadf06dee61295 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-48873-wifi-rtw89-check-return-value-of-ieee80211-probereq-get-for-rnr.patch kpatch-description: wifi: rtw89: check return value of ieee80211_probereq_get() for RNR kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-48873 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-48873 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=630d5d8f2bf6b340202b6bc2c05d794bbd8e4c1c kpatch-name: skipped/CVE-2024-50109.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-50109 kpatch-skip-reason: Out of scope: not affected kpatch-cvss: kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-50117-drm-amd-guard-against-bad-data-for-atif-acpi-method.patch kpatch-description: drm/amd: Guard against bad data for ATIF ACPI method kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-50117 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-50117 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/patch/?id=6032287747f874b52dc8b9d7490e2799736e035f kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-53060-drm-amdgpu-prevent-NULL-pointer-dereference-if-ATIF-is-not-supported.patch kpatch-description: drm/amdgpu: prevent NULL pointer dereference if ATIF is not supported kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-53060 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-53060 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/patch/?id=27fc29b5376998c126c85cf9b15d9dfc2afc9cbe kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-50153-scsi-target-core-fix-null-ptr-deref-in-target-alloc-device.patch kpatch-description: scsi: target: core: Fix null-ptr-deref in target_alloc_device() kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-50153 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-50153 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=fca6caeb4a61d240f031914413fcc69534f6dc03 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-50162-bpf-devmap-provide-rxq-after-redirect.patch kpatch-description: bpf: devmap: provide rxq after redirect kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-50162 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-50162 kpatch-patch-url: https://gerrit.kernelcare.com/plugins/gitiles/redhat-kernel/+/0b7b4054a5a1c3ac36de466a54075eb7ffa203b0 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-50169-vsock-update-rx-bytes-on-read-skb.patch kpatch-description: vsock: Update rx_bytes on read_skb() kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-50169 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-50169 kpatch-patch-url: https://gerrit.kernelcare.com/plugins/gitiles/redhat-kernel/+/b39157fe97a3fb9a86c285d1a58138dc695e6c93 kpatch-name: skipped/CVE-2025-21668.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2025-21668 kpatch-skip-reason: Out of scope as the patch is for i.MX SoC kpatch-cvss: kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2025-21669-vsock-virtio-discard-packets-if-the-transport-changes.patch kpatch-description: vsock/virtio: discard packets if the transport changes kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2025-21669 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-21669 kpatch-patch-url: https://gerrit.kernelcare.com/plugins/gitiles/redhat-kernel/+/0b3993be3ed75d822877751a7296c5ddfa348009 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2025-21666-vsock-prevent-null-ptr-deref-in-vsock-has-data-has-space.patch kpatch-description: vsock: prevent null-ptr-deref in vsock_*[has_data|has_space] kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2025-21666 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-21666 kpatch-patch-url: https://gerrit.kernelcare.com/plugins/gitiles/redhat-kernel/+/cc9fa15290414bcbda3c27774c73cc8c5f478685 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2025-21689-usb-serial-quatech2-fix-null-ptr-deref-in-qt2-process-read-urb.patch kpatch-description: USB: serial: quatech2: fix null-ptr-deref in qt2_process_read_urb() kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2025-21689 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-21689 kpatch-patch-url: https://gerrit.kernelcare.com/plugins/gitiles/redhat-kernel/+/21286266ff606cfb100698bc9e1606fbce0c6214 kpatch-name: skipped/CVE-2025-21663.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2025-21663 kpatch-skip-reason: Out of scope as the patch is for NVIDIA Tegra SoCs targeting mobile devices kpatch-cvss: kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2025-21694-fs-proc-fix-softlockup-in-read-vmcore.patch kpatch-description: fs/proc: fix softlockup in __read_vmcore kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2025-21694 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-21694 kpatch-patch-url: https://gerrit.kernelcare.com/plugins/gitiles/redhat-kernel/+/5cbcb62dddf5346077feb82b7b0c9254222d3445 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2025-21694-fs-proc-fix-softlockup-in-read-vmcore-part-2.patch kpatch-description: fs/proc: fix softlockup in __read_vmcore (part 2) kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2025-21694 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-21694 kpatch-patch-url: https://gerrit.kernelcare.com/plugins/gitiles/redhat-kernel/+/a8d3bf75378ff85af8c5de536ec2fd440b4da45c kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-45010-01-mptcp-pm-re-using-id-of-unused-removed-subflows.patch kpatch-description: mptcp: pm: re-using ID of unused removed subflows kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-45010 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-45010 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=edd8b5d868a4d459f3065493001e293901af758d kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-45010-02-mptcp-pm-remove-mptcp_pm_remove_subflow.patch kpatch-description: mptcp: pm: remove mptcp_pm_remove_subflow() kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-45010 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-45010 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=f448451aa62d54be16acb0034223c17e0d12bc69 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-45010-03-mptcp-pm-inc-rmaddr-mib-counter-once-per-rm_addr-id.patch kpatch-description: mptcp: pm: inc RmAddr MIB counter once per RM_ADDR ID kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-45010 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-45010 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=6a09788c1a66e3d8b04b3b3e7618cc817bb60ae9 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-45010-mptcp-pm-only-mark-subflow-endp-as-available.patch kpatch-description: mptcp: pm: only mark 'subflow' endp as available kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-45010 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-45010 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=322ea3778965da72862cca2a0c50253aacf65fe6 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-45009-mptcp-pm-only-decrement-add-addr-accepted-for-mpj-req.patch kpatch-description: mptcp: pm: only decrement add_addr_accepted for MPJ req kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-45009 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-45009 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=1c1f721375989579e46741f59523e39ec9b2a9bd kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-45009-mptcp-pm-fix-uaf-read-in-mptcp-pm-nl-rm-addr-or-subflow-427.patch kpatch-description: mptcp: pm: fix UaF read in mptcp_pm_nl_rm_addr_or_subflow kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-45009 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-45009 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=1c1f721375989579e46741f59523e39ec9b2a9bd kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-46711-01-mptcp-pm-update-add_addr-counters-after-connect.patch kpatch-description: mptcp: pm: update add_addr counters after connect kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-46711 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-46711 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=40eec1795cc27b076d49236649a29507c7ed8c2d kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-46711-02-mptcp-pm-reduce-indentation-blocks.patch kpatch-description: mptcp: pm: reduce indentation blocks kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-46711 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-46711 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=c95eb32ced823a00be62202b43966b07b2f20b7f kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-46711-03-mptcp-pm-reuse-id-0-after-delete-and-re-add.patch kpatch-description: mptcp: pm: reuse ID 0 after delete and re-add kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-46711 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-46711 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=8b8ed1b429f8fa7ebd5632555e7b047bc0620075 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-46711-mptcp-pm-fix-id-0-endp-usage-after-multiple-re-creations.patch kpatch-description: mptcp: pm: fix ID 0 endp usage after multiple re-creations kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-46711 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-46711 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=9366922adc6a71378ca01f898c41be295309f044 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-50024-net-fix-an-unsafe-loop-on-the-list.patch kpatch-description: net: Fix an unsafe loop on the list kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-50024 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-50024 kpatch-patch-url: https://gerrit.kernelcare.com/plugins/gitiles/redhat-kernel/+/2bfc0a91e9ecc41d056fa20e9d29c13c91468775 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-50024-net-fix-an-unsafe-loop-on-the-list-kpatch.patch kpatch-description: net: Fix an unsafe loop on the list kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-50024 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-50024 kpatch-patch-url: https://gerrit.kernelcare.com/plugins/gitiles/redhat-kernel/+/2bfc0a91e9ecc41d056fa20e9d29c13c91468775 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-50022-device-dax-correct-pgoff-align-in-dax-set-mapping.patch kpatch-description: device-dax: correct pgoff align in dax_set_mapping() kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-50022 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-50022 kpatch-patch-url: https://gerrit.kernelcare.com/plugins/gitiles/redhat-kernel/+/f956f3a8d3b63f9b34058024444c775b453c1058 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-50039-net-sched-accept-tca-stab-only-for-root-qdisc.patch kpatch-description: net/sched: accept TCA_STAB only for root qdisc kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-50039 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-50039 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=3cb7cf1540ddff5473d6baeb530228d19bc97b8a kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-50044-bluetooth-rfcomm-fix-possible-deadlock-in-rfcomm-sk-state-change.patch kpatch-description: Bluetooth: RFCOMM: FIX possible deadlock in rfcomm_sk_state_change kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-50044 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-50044 kpatch-patch-url: https://gerrit.kernelcare.com/plugins/gitiles/redhat-kernel/+/bd79893de96e83eb6eaa8c544b8429011c48e382 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-50028-thermal-core-reference-count-the-zone-in-thermal-zone-get-by-id.patch kpatch-description: thermal: core: Reference count the zone in thermal_zone_get_by_id() kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-50028 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-50028 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=a42a5839f400e929c489bb1b58f54596c4535167 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-50028-thermal-core-reference-count-the-zone-in-thermal-zone-get-by-id-kpatch.patch kpatch-description: thermal: core: Reference count the zone in thermal_zone_get_by_id() kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-50028 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-50028 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=a42a5839f400e929c489bb1b58f54596c4535167 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-50046-nfsv4-prevent-null-pointer-dereference-in-nfs42_complete_copies.patch kpatch-description: NFSv4: Prevent NULL-pointer dereference in nfs42_complete_copies() kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-50046 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-50046 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/patch/?id=584c019baedddec3fd634053e8fb2d8836108d38 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-50046-nfsv4-prevent-null-pointer-dereference-in-nfs42_complete_copies-kpatch.patch kpatch-description: NFSv4: Prevent NULL-pointer dereference in nfs42_complete_copies() kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-50046 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-50046 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/patch/?id=584c019baedddec3fd634053e8fb2d8836108d38 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-50023-net-phy-remove-led-entry-from-leds-list-on-unregister.patch kpatch-description: net: phy: Remove LED entry from LEDs list on unregister kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-50023 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-50023 kpatch-patch-url: https://gerrit.kernelcare.com/plugins/gitiles/redhat-kernel/+/f93fc006d3228575190f3aa093e82f1a18176beb kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-50150-usb-typec-altmode-should-keep-reference-to-parent.patch kpatch-description: usb: typec: altmode should keep reference to parent kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-50150 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-50150 kpatch-patch-url: https://github.com/torvalds/linux/commit/befab3a278c59db0cc88c8799638064f6d3fd6f8 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-50150-usb-typec-altmode-should-keep-reference-to-parent-kpatch.patch kpatch-description: usb: typec: altmode should keep reference to parent kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-50150 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-50150 kpatch-patch-url: https://github.com/torvalds/linux/commit/befab3a278c59db0cc88c8799638064f6d3fd6f8 kpatch-name: skipped/CVE-2025-1272.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2025-1272 kpatch-skip-reason: The vulnerable commit isn't present in the kernel kpatch-cvss: kpatch-name: skipped/CVE-2024-53152.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-53152 kpatch-skip-reason: The vulnerable commit isn't present in the kernel kpatch-cvss: kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-57884-mm-vmscan-account-for-free-pages-to-prevent-infinite-loop-in-throttle-direct-reclaim.patch kpatch-description: mm: vmscan: account for free pages to prevent infinite Loop in throttle_direct_reclaim() kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-57884 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-57884 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=6aaced5abd32e2a57cd94fd64f824514d0361da8 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-57888-workqueue-do-not-warn-when-cancelling-wq-mem-reclaim-work-from-wq-mem-reclaim-worker-427.patch kpatch-description: workqueue: Do not warn when cancelling WQ_MEM_RECLAIM work from !WQ_MEM_RECLAIM worker kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-57888 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-57888 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=de35994ecd2dd6148ab5a6c5050a1670a04dec77 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-57890-rdma-uverbs-prevent-integer-overflow-issue.patch kpatch-description: RDMA/uverbs: Prevent integer overflow issue kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-57890 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-57890 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=d0257e089d1bbd35c69b6c97ff73e3690ab149a9 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-57898-wifi-cfg80211-clear-link-id-from-bitmap-during-link-delete-after-clean-up.patch kpatch-description: wifi: cfg80211: clear link ID from bitmap during link delete after clean up kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-57898 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-57898 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=b5c32ff6a3a38c74facdd1fe34c0d709a55527fd kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-57929-dm-array-fix-releasing-a-faulty-array-block-twice-in-dm-array-cursor-end.patch kpatch-description: dm array: fix releasing a faulty array block twice in dm_array_cursor_end kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-57929 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-57929 kpatch-patch-url: https://gerrit.kernelcare.com/plugins/gitiles/redhat-kernel/+/7647113f8e1739d3aa86157b3f203834e39b9525 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-57931-selinux-ignore-unknown-extended-permissions.patch kpatch-description: selinux: ignore unknown extended permissions kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-57931 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-57931 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=900f83cf376bdaf798b6f5dcb2eae0c822e908b6 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-57940-exfat-fix-the-infinite-loop-in-exfat-readdir.patch kpatch-description: exfat: fix the infinite loop in exfat_readdir() kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-57940 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-57940 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=fee873761bd978d077d8c55334b4966ac4cb7b59 kpatch-name: skipped/CVE-2025-21646.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2025-21646 kpatch-skip-reason: bugfix for module from non-standard kernel-modules-partner package kpatch-cvss: kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-50299-sctp-properly-validate-chunk-size-in-sctp-sf-ootb.patch kpatch-description: sctp: properly validate chunk size in sctp_sf_ootb() kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-50299 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-50299 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=0ead60804b64f5bd6999eec88e503c6a1a242d41 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-50304-ipv4-ip-tunnel-fix-suspicious-rcu-usage-warning-in-ip-tunnel-find-427.patch kpatch-description: ipv4: ip_tunnel: Fix suspicious RCU usage warning in ip_tunnel_find() kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-50304 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-50304 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=90e0569dd3d32f4f4d2ca691d3fa5a8a14a13c12 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-53047-mptcp-init-protect-sched-with-rcu-read-lock.patch kpatch-description: mptcp: init: protect sched with rcu_read_lock kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-53047 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-53047 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=3deb12c788c385e17142ce6ec50f769852fcec65 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-50237-wifi-mac80211-do-not-pass-a-stopped-vif-to-the-driver-in-get-txpower-427.patch kpatch-description: wifi: mac80211: do not pass a stopped vif to the driver in .get_txpower kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-50237 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-50237 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=393b6bc174b0dd21bb2a36c13b36e62fc3474a23 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-53042-ipv4-ip-tunnel-fix-suspicious-rcu-usage-warning-in-ip-tunnel-init-flow.patch kpatch-description: ipv4: ip_tunnel: Fix suspicious RCU usage warning in ip_tunnel_init_flow() kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-53042 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-53042 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=ad4a3ca6a8e886f6491910a3ae5d53595e40597d kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-50256-netfilter-nf-reject-ipv6-fix-potential-crash-in-nf-send-reset6-427.31.patch kpatch-description: netfilter: nf_reject_ipv6: fix potential crash in nf_send_reset6() kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-50256 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-50256 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=4ed234fe793f27a kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-50272-filemap-fix-bounds-checking-in-filemap-read.patch kpatch-description: filemap: Fix bounds checking in filemap_read() kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-50272 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-50272 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=ace149e0830c380ddfce7e466fe860ca502fe4ee kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-50018-net-napi-prevent-overflow-of-napi-defer-hard-irqs-427.patch kpatch-description: net: napi: Prevent overflow of napi_defer_hard_irqs kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-50018 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/cve-2024-50018 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=08062af0a52107a243f7608fd972edb54ca5b7f8 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-53091-bpf-add-sk-is-inet-and-is-icsk-check-in-tls-sw-has-ctx-tx-rx-dep.patch kpatch-description: bpf: Add sk_is_inet and IS_ICSK check in tls_sw_has_ctx_tx/rx kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-53091 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-53091 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=44d0469f79bd3d0b3433732877358df7dc6b17b1 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-53091-bpf-add-sk-is-inet-and-is-icsk-check-in-tls-sw-has-ctx-tx-rx.patch kpatch-description: bpf: Add sk_is_inet and IS_ICSK check in tls_sw_has_ctx_tx/rx kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-53091 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-53091 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=44d0469f79bd3d0b3433732877358df7dc6b17b1 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-53072-platform-x86-amd-pmc-detect-when-stb-is-not-available-427.patch kpatch-description: platform/x86/amd/pmc: Detect when STB is not available kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-53072 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-53072 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=bceec87a73804bb4c33b9a6c96e2d27cd893a801 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-53051-drm-i915-hdcp-Add-encoder-check-in-intel_hdcp_get_capability-427.patch kpatch-description: drm/i915/hdcp: Add encoder check in intel_hdcp_get_capability kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-53051 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-53051 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=31b42af516afa1e184d1a9f9dd4096c54044269a kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-53055-wifi-iwlwifi-mvm-fix-6-ghz-scan-construction.patch kpatch-description: wifi: iwlwifi: mvm: fix 6 GHz scan construction kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-53055 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-53055 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=7245012f0f496162dd95d888ed2ceb5a35170f1a kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-53085-tpm-lock-tpm-chip-in-tpm-pm-suspend-first.patch kpatch-description: tpm: Lock TPM chip in tpm_pm_suspend() first kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-53085 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-53085 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=9265fed6db601ee2ec47577815387458ef4f047a kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-53085-tpm-do-not-start-chip-while-suspended.patch kpatch-description: tpm: Lock TPM chip in tpm_pm_suspend() first kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-53085 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-53085 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=17d253af4c2c8a2acf84bb55a0c2045f150b7dfd kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-53237-bluetooth-fix-use-after-free-in-device-for-each-child.patch kpatch-description: Bluetooth: fix use-after-free in device_for_each_child() kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-53237 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-53237 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=27aabf27fd014ae037cc179c61b0bee7cff55b3d kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-53105-mm-page-alloc-move-mlocked-flag-clearance-into-free-pages-prepare.patch kpatch-description: mm: page_alloc: move mlocked flag clearance into free_pages_prepare() kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-53105 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-53105 kpatch-patch-url: https://gerrit.kernelcare.com/plugins/gitiles/redhat-kernel/+/766d9612332476cb0bc466221812df770a3b800d kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-53110-vp-vdpa-fix-id-table-array-not-null-terminated-error.patch kpatch-description: vp_vdpa: fix id_table array not null terminated error kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-53110 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-53110 kpatch-patch-url: https://gerrit.kernelcare.com/plugins/gitiles/redhat-kernel/+/5784918ef59d82c73929a6b39dd97680b465a8b6 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-53110-vp-vdpa-fix-id-table-array-not-null-terminated-error-kpatch.patch kpatch-description: vp_vdpa: fix id_table array not null terminated error kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-53110 kpatch-cvss: 5.5 kpatch-cve-url: https://linux.oracle.com/cve/CVE-2024-53110.html kpatch-patch-url: https://github.com/oracle/linux-uek/commit/7f1af1d1dd31af1e4cad1745199453068b2e347b kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-53117-virtio-vsock-improve-msg-zerocopy-error-handling.patch kpatch-description: virtio/vsock: Improve MSG_ZEROCOPY error handling kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-53117 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-53117 kpatch-patch-url: https://gerrit.kernelcare.com/plugins/gitiles/redhat-kernel/+/fec562a8413c59054526c72f6007eb9a4e309afa kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-53118-vsock-fix-sk-error-queue-memory-leak.patch kpatch-description: vsock: Fix sk_error_queue memory leak kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-53118 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-53118 kpatch-patch-url: https://gerrit.kernelcare.com/plugins/gitiles/redhat-kernel/+/6daa6d320444074e38907b88ab74159d821d25dc kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-53120-net-mlx5e-ct-fix-null-ptr-deref-in-add-rule-err-flow.patch kpatch-description: net/mlx5e: CT: Fix null-ptr-deref in add rule err flow kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-53120 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-53120 kpatch-patch-url: https://gerrit.kernelcare.com/plugins/gitiles/redhat-kernel/+/3fa56410d0cae081cddc0730c170352d0c222719 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-53121-net-mlx5-fs-lock-fte-when-checking-if-active.patch kpatch-description: net/mlx5: fs, lock FTE when checking if active kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-53121 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-53121 kpatch-patch-url: https://gerrit.kernelcare.com/plugins/gitiles/redhat-kernel/+/fa16357dc46b6d78622bf166ac0eddfe8ad1114a kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-53123-mptcp-error-out-earlier-on-disconnect.patch kpatch-description: mptcp: error out earlier on disconnect kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-53123 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-53123 kpatch-patch-url: https://gerrit.kernelcare.com/plugins/gitiles/redhat-kernel/+/9315faaf6febb9aa11114cfe589c99aef6b1b8c0 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-53134-pmdomain-imx93-blk-ctrl-correct-remove-path.patch kpatch-description: pmdomain: imx93-blk-ctrl: correct remove path kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-53134 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-53134 kpatch-patch-url: https://gerrit.kernelcare.com/plugins/gitiles/redhat-kernel/+/b27e912173cc015658298020556e478efb956448 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-50271-signal-restore-the-override_rlimit-logic.patch kpatch-description: signal: restore the override_rlimit logic kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-50271 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/cve-2024-50271 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=012f4d5d25e9ef92ee129bd5aa7aa60f692681e1 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-41062-bluetooth-l2cap-sync-sock-recv-cb-and-release.patch kpatch-description: bluetooth/l2cap: sync sock recv cb and release kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-41062 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-41062 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=89e856e124f9ae548572c56b1b70c2255705f8fe kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-41062-bluetooth-l2cap-fix-deadlock.patch kpatch-description: Bluetooth: L2CAP: Fix deadlock kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-41062 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-41062 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=89e856e124f9ae548572c56b1b70c2255705f8fe kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-41062-bluetooth-fix-usage-of-hci-cmd-sync-status.patch kpatch-description: Bluetooth: Fix usage of __hci_cmd_sync_status kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-41062 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-41062 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=89e856e124f9ae548572c56b1b70c2255705f8fe kpatch-name: skipped/CVE-2024-50038.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-50038 kpatch-skip-reason: Complex adaptation required, low-CVSS score. kpatch-cvss: kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-53050-drm-i915-hdcp-Add-encoder-check-in-hdcp2_get_capabil-427.patch kpatch-description: drm/i915/hdcp: Add encoder check in hdcp2_get_capability kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-53050 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-53050 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=d34f4f058edf1235c103ca9c921dc54820d14d40 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-50015-ext4-dax-fix-overflowing-extents-beyond-inode-size-w.patch kpatch-description: ext4: dax: fix overflowing extents beyond inode size when partially writing kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-50015 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/cve-2024-50015 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=f8a7c342326f6ad1dfdb30a18dd013c70f5e9669 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-50216-xfs-fix-finding-a-last-resort-ag-in-xfs-filestream-pick-ag.patch kpatch-description: xfs: fix finding a last resort AG in xfs_filestream_pick_ag kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-50216 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-50216 kpatch-patch-url: https://gerrit.kernelcare.com/plugins/gitiles/redhat-kernel/+/cac47910f4a7b3dadc8fe21cd662b980f43c7c8b kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-56644-net-ipv6-release-expired-exception-dst-cached-in-socket.patch kpatch-description: net/ipv6: release expired exception dst cached in socket kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-56644 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-56644 kpatch-patch-url: https://gerrit.kernelcare.com/plugins/gitiles/redhat-kernel/+/9ca54b8d0a490bc5430c279d717ee9c60b1667b8 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-56566-mm-slub-Avoid-list-corruption-when-removing-a-slab-427.patch kpatch-description: mm/slub: Avoid list corruption when removing a slab from the full list kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-56566 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-56566 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=33a213c04faff6c3a7fe77e947db81bc7270fe32 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-53141-netfilter-ipset-add-missing-range-check-in-bitmap_ip_uadt.patch kpatch-description: netfilter: ipset: add missing range check in bitmap_ip_uadt kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-53141 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-53141 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=35f56c554eb1b56b77b3cf197a6b00922d49033d kpatch-name: skipped/CVE-2024-53232.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-53232 kpatch-skip-reason: Out of scope: IBM System/390 architecture isn't supported for current kernel kpatch-cvss: kpatch-name: skipped/CVE-2024-50189.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-50189 kpatch-skip-reason: When introduced by live-patching, patch causes more problems than it fixes. Complex adaptation required. kpatch-cvss: kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-53203-usb-typec-fix-potential-array-underflow-in-ucsi-ccg-sync-control.patch kpatch-description: usb: typec: fix potential array underflow in ucsi_ccg_sync_control() kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-53203 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-53203 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=e56aac6e5a25630645607b6856d4b2a17b2311a5 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-53203-usb-typec-fix-pm-usage-counter-imbalance-in-ucsi_ccg_sync_control-next.patch kpatch-description: usb: typec: fix potential array underflow in ucsi_ccg_sync_control() kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-53203 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-53203 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=e56aac6e5a25630645607b6856d4b2a17b2311a5 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2022-50214-coresight-clear-the-connection-field-properly.patch kpatch-description: coresight: Clear the connection field properly kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2022-50214 kpatch-cvss: 7.0 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2022-50214 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=2af89ebacf299b7fba5f3087d35e8a286ec33706 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2022-50214-coresight-fix-loss-of-connection-info-when-a-module-is-unloaded.patch kpatch-description: coresight: Fix loss of connection info when a module is unloaded kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2022-50214 kpatch-cvss: 7.0 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2022-50214 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=c45b2835e7b205783bdfe08cc98fa86a7c5eeb74 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-42094-net-iucv-avoid-explicit-cpumask-var-allocation-on-stack.patch kpatch-description: net/iucv: Avoid explicit cpumask var allocation on stack kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-42094 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-42094 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=be4e1304419c99a164b4c0e101c7c2a756b635b9 kpatch-name: skipped/CVE-2024-50106.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-50106 kpatch-skip-reason: Complex adaptation required. kpatch-cvss: kpatch-name: skipped/CVE-2024-50141.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-50141 kpatch-skip-reason: low score CVE with complex adaptation kpatch-cvss: kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-53224-rdma-mlx5-move-events-notifier-registration-to-be-after-device-registration-427.patch kpatch-description: RDMA/mlx5: Move events notifier registration to be after device registration kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-53224 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-53224 kpatch-patch-url: https://github.com/torvalds/linux/commit/ede132a5cf559f3ab35a4c28bac4f4a6c20334d8 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-53224-rdma-mlx5-move-events-notifier-registration-to-be-after-device-registration-kpatch.patch kpatch-description: RDMA/mlx5: Move events notifier registration to be after device registration kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-53224 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-53224 kpatch-patch-url: https://github.com/torvalds/linux/commit/ede132a5cf559f3ab35a4c28bac4f4a6c20334d8 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-53093-nvme-multipath-defer-partition-scanning.patch kpatch-description: nvme-multipath: defer partition scanning kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-53093 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-53093 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=1f021341eef41e77a633186e9be5223de2ce5d48 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-53093-nvme-multipath-defer-partition-scanning-kpatch-427.patch kpatch-description: nvme-multipath: defer partition scanning kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-53093 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-53093 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=1f021341eef41e77a633186e9be5223de2ce5d48 kpatch-name: rhel9/5.14.0-570.12.1.el9_6/CVE-2024-56693-brd-defer-automatic-disk-creation-until-module-initialization-succeeds.patch kpatch-description: brd: defer automatic disk creation until module initialization succeeds kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2024-56693 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-56693 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=826cc42adf44930a633d11a5993676d85ddb0842 kpatch-name: skipped/CVE-2024-46864.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-46864. kpatch-skip-reason: hyperv + execve isn't supported kpatch-cvss: kpatch-name: rhel9/5.14.0-570.16.1.el9_6/CVE-2025-21927-nvme-tcp-fix-potential-memory-corruption-in-nvme_tcp.patch kpatch-description: nvme-tcp: fix potential memory corruption in nvme_tcp_recv_pdu() kpatch-kernel: 5.14.0-570.16.1.el9_6 kpatch-cve: CVE-2025-21927 kpatch-cvss: 7.8 kpatch-cve-url: http://access.redhat.com/security/cve/cve-2025-21927 kpatch-patch-url: https://github.com/torvalds/linux/commit/ad95bab0cd28ed77c2c0d0b6e76e03e031391064 kpatch-name: rhel9/5.14.0-570.16.1.el9_6/CVE-2024-58069-rtc-pcf85063-fix-potential-oob-write-in-pcf85063-nvmem-read.patch kpatch-description: rtc: pcf85063: fix potential OOB write in PCF85063 NVMEM read kpatch-kernel: 5.14.0-570.16.1.el9_6 kpatch-cve: CVE-2024-58069 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-58069 kpatch-patch-url: https://gerrit.kernelcare.com/plugins/gitiles/redhat-kernel/+/fa02e98b919cc77b62e1dd69e0415ef3c8f11bf9 kpatch-name: skipped/CVE-2024-58005.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-58005 kpatch-skip-reason: low score CVE with complex adaptation kpatch-cvss: kpatch-name: rhel9/5.14.0-570.16.1.el9_6/CVE-2025-21993-iscsi-ibft-fix-ubsan-shift-out-of-bounds-warning-in-ibft-attr-show-nic.patch kpatch-description: iscsi_ibft: Fix UBSAN shift-out-of-bounds warning in ibft_attr_show_nic() kpatch-kernel: 5.14.0-570.16.1.el9_6 kpatch-cve: CVE-2025-21993 kpatch-cvss: 7.1 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-21993 kpatch-patch-url: https://gerrit.kernelcare.com/plugins/gitiles/redhat-kernel/+/2cb0313ac98f57d52d0283dc8aa67896fae4bcdc kpatch-name: rhel9/5.14.0-570.16.1.el9_6/CVE-2024-58007-soc-qcom-add-check-devm-kasprintf-returned-value.patch kpatch-description: soc: qcom: Add check devm_kasprintf() returned value kpatch-kernel: 5.14.0-570.16.1.el9_6 kpatch-cve: CVE-2024-58007 kpatch-cvss: 7.1 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-58007 kpatch-patch-url: https://gerrit.kernelcare.com/plugins/gitiles/redhat-kernel/+/d4077724b78ffc30a9edb53f0d927f99ba2f6005 kpatch-name: rhel9/5.14.0-570.16.1.el9_6/CVE-2024-58007-soc-qcom-socinfo-fix-revision-check-in-qcom-socinfo-probe.patch kpatch-description: soc: qcom: socinfo: fix revision check in qcom_socinfo_probe() kpatch-kernel: 5.14.0-570.16.1.el9_6 kpatch-cve: CVE-2024-58007 kpatch-cvss: 7.1 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-58007 kpatch-patch-url: https://gerrit.kernelcare.com/plugins/gitiles/redhat-kernel/+/73b61f76d4281ec279d03497f3284723a6bfbcb0 kpatch-name: rhel9/5.14.0-570.16.1.el9_6/CVE-2024-58007-soc-qcom-socinfo-avoid-out-of-bounds-read-of-serial-number.patch kpatch-description: soc: qcom: socinfo: Avoid out of bounds read of serial number kpatch-kernel: 5.14.0-570.16.1.el9_6 kpatch-cve: CVE-2024-58007 kpatch-cvss: 7.1 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-58007 kpatch-patch-url: https://gerrit.kernelcare.com/plugins/gitiles/redhat-kernel/+/4f0ad061f33317d3b4d338e57fdd48e0b299be85 kpatch-name: rhel9/5.14.0-570.17.1.el9_6/CVE-2025-21756-vsock-keep-the-binding-until-socket-destruction.patch kpatch-description: vsock: Keep the binding until socket destruction kpatch-kernel: 5.14.0-570.17.1.el9_6 kpatch-cve: CVE-2025-21756 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-21756 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=fcdd2242c0231032fc84e1404315c245ae56322a kpatch-name: rhel9/5.14.0-570.17.1.el9_6/CVE-2025-21756-vsock-orphan-socket-after-transport-release.patch kpatch-description: vsock: Orphan socket after transport release kpatch-kernel: 5.14.0-570.17.1.el9_6 kpatch-cve: CVE-2025-21756 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-21756 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=fcdd2242c0231032fc84e1404315c245ae56322a kpatch-name: rhel9/5.14.0-570.17.1.el9_6/CVE-2025-37749-net-ppp-add-bound-checking-for-skb-data-on-ppp-sync-txmung.patch kpatch-description: net: ppp: Add bound checking for skb data on ppp_sync_txmung kpatch-kernel: 5.14.0-570.17.1.el9_6 kpatch-cve: CVE-2025-37749 kpatch-cvss: 7.0 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-37749 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=aabc6596ffb377c4c9c8f335124b92ea282c9821 kpatch-name: rhel9/5.14.0-570.17.1.el9_6/CVE-2025-21966-dm-flakey-fix-memory-corruption-in-optional-corrupt-bio-byte-feature.patch kpatch-description: dm-flakey: Fix memory corruption in optional corrupt_bio_byte feature kpatch-kernel: 5.14.0-570.17.1.el9_6 kpatch-cve: CVE-2025-21966 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-21966 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=57e9417f69839cb10f7ffca684c38acd28ceb57b kpatch-name: rhel9/5.14.0-570.18.1.el9_6/CVE-2025-21964-cifs-fix-integer-overflow-while-processing-acregmax-mount-option-427.patch kpatch-description: cifs: Fix integer overflow while processing acregmax mount option kpatch-kernel: 5.14.0-570.18.1.el9_6 kpatch-cve: CVE-2025-21964 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-21964 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=7489161b1852390b4413d57f2457cd40b34da6cc kpatch-name: rhel9/5.14.0-570.19.1.el9_6/CVE-2022-3424-misc-sgi-gru-fix-use-after-free-error-in-gru_set_con.patch kpatch-description: misc: sgi-gru: fix use-after-free error in gru_set_context_option, gru_fault and gru_handle_user_call_os kpatch-kernel: 5.14.0-570.19.1.el9_6 kpatch-cve: CVE-2022-3424 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2022-3424 kpatch-patch-url: https://github.com/torvalds/linux/commit/643a16a0eb1d6ac23744bb6e90a00fc21148a9dc kpatch-name: rhel9/5.14.0-570.19.1.el9_6/CVE-2025-21764-ndisc-use-rcu-protection-in-ndisc-alloc-skb.patch kpatch-description: ndisc: use rcu protection in ndisc_alloc_skb() kpatch-kernel: 5.14.0-570.19.1.el9_6 kpatch-cve: CVE-2025-21764 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/cve-2025-21764 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=628e6d18930bbd21f2d4562228afe27694f66da9 kpatch-name: rhel9/5.14.0-570.21.1.el9_6/CVE-2025-21920-vlan-enforce-underlying-device-type.patch kpatch-description: vlan: enforce underlying device type kpatch-kernel: 5.14.0-570.21.1.el9_6 kpatch-cve: CVE-2025-21920 kpatch-cvss: 7.1 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-21920 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=b33a534610067ade2bdaf2052900aaad99701353 kpatch-name: rhel9/5.14.0-570.21.1.el9_6/CVE-2025-21926-net-gso-fix-ownership-in-udp-gso-segment.patch kpatch-description: net: gso: fix ownership in __udp_gso_segment kpatch-kernel: 5.14.0-570.21.1.el9_6 kpatch-cve: CVE-2025-21926 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-21926 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=ee01b2f2d7d0010787c2343463965bbc283a497f kpatch-name: rhel9/5.14.0-570.21.1.el9_6/CVE-2025-21997-xsk-fix-an-integer-overflow-in-xp_create_and_assign_umem.patch kpatch-description: xsk: fix an integer overflow in xp_create_and_assign_umem() kpatch-kernel: 5.14.0-570.21.1.el9_6 kpatch-cve: CVE-2025-21997 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-21997 kpatch-patch-url: https://github.com/torvalds/linux/commit/559847f56769037e5b2e0474d3dbff985b98083d kpatch-name: rhel9/5.14.0-570.21.1.el9_6/CVE-2025-22055-net-fix-geneve-opt-length-integer-overflow.patch kpatch-description: net: fix geneve_opt length integer overflow kpatch-kernel: 5.14.0-570.21.1.el9_6 kpatch-cve: CVE-2025-22055 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-22055 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=b27055a08ad4b415dcf15b63034f9cb236f7fb40 kpatch-name: rhel9/5.14.0-570.21.1.el9_6/CVE-2025-22055-net-fix-geneve-opt-length-integer-overflow-kpatch.patch kpatch-description: net: fix geneve_opt length integer overflow kpatch-kernel: 5.14.0-570.21.1.el9_6 kpatch-cve: CVE-2025-22055 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-22055 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=b27055a08ad4b415dcf15b63034f9cb236f7fb40 kpatch-name: rhel9/5.14.0-570.21.1.el9_6/CVE-2025-37943-wifi-ath12k-fix-invalid-data-access-in-ath12k-dp-rx-h-undecap-nwifi.patch kpatch-description: wifi: ath12k: Fix invalid data access in ath12k_dp_rx_h_undecap_nwifi kpatch-kernel: 5.14.0-570.21.1.el9_6 kpatch-cve: CVE-2025-37943 kpatch-cvss: 7.0 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-37943 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=9a0dddfb30f120db3851627935851d262e4e7acb kpatch-name: rhel9/5.14.0-570.21.1.el9_6/CVE-2025-37785-ext4-fix-OOB-read-when-checking-dotdot-dir.patch kpatch-description: ext4: fix OOB read when checking dotdot dir kpatch-kernel: 5.14.0-570.21.1.el9_6 kpatch-cve: CVE-2025-37785 kpatch-cvss: 7.1 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-37785 kpatch-patch-url: https://github.com/torvalds/linux/commit/d5e206778e96e8667d3bde695ad372c296dc9353 kpatch-name: rhel9/5.14.0-570.22.1.el9_6/CVE-2025-21961-eth-bnxt-fix-truesize-for-mb-xdp-pass-case.patch kpatch-description: eth: bnxt: fix truesize for mb-xdp-pass case kpatch-kernel: 5.14.0-570.22.1.el9_6 kpatch-cve: CVE-2025-21961 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-21961 kpatch-patch-url: https://github.com/torvalds/linux/commit/9f7b2aa5034e24d3c49db73d5f760c0435fe31c2 kpatch-name: rhel9/5.14.0-570.22.1.el9_6/CVE-2025-21963-cifs-fix-integer-overflow-while-processing-acdirmax-mount-option.patch kpatch-description: cifs: Fix integer overflow while processing acdirmax mount option kpatch-kernel: 5.14.0-570.22.1.el9_6 kpatch-cve: CVE-2025-21963 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-21963 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=5b29891f91dfb8758baf1e2217bef4b16b2b165b kpatch-name: rhel9/5.14.0-570.22.1.el9_6/CVE-2025-21979-wifi-cfg80211-cancel-wiphy-work-before-freeing-wiphy.patch kpatch-description: wifi: cfg80211: cancel wiphy_work before freeing wiphy kpatch-kernel: 5.14.0-570.22.1.el9_6 kpatch-cve: CVE-2025-21979 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-21979 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=72d520476a2fab6f3489e8388ab524985d6c4b90 kpatch-name: rhel9/5.14.0-570.22.1.el9_6/CVE-2025-21999-proc-fix-uaf-in-proc-get-inode.patch kpatch-description: proc: fix UAF in proc_get_inode() kpatch-kernel: 5.14.0-570.22.1.el9_6 kpatch-cve: CVE-2025-21999 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-21999 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=654b33ada4ab5e926cd9c570196fefa7bec7c1df kpatch-name: rhel9/5.14.0-570.22.1.el9_6/CVE-2025-21999-proc-fix-uaf-in-proc-get-inode-kpatch.patch kpatch-description: proc: fix UAF in proc_get_inode() kpatch-kernel: 5.14.0-570.22.1.el9_6 kpatch-cve: CVE-2025-21999 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-21999 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=654b33ada4ab5e926cd9c570196fefa7bec7c1df kpatch-name: rhel9/5.14.0-570.22.1.el9_6/CVE-2025-22126-md-factor-out-a-helper-from-mddev_put.patch kpatch-description: md: factor out a helper from mddev_put() kpatch-kernel: 5.14.0-570.22.1.el9_6 kpatch-cve: CVE-2025-22126 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-22126 kpatch-patch-url: https://github.com/torvalds/linux/commit/3d8d32873c7b6d9cec5b40c2ddb8c7c55961694f kpatch-name: rhel9/5.14.0-570.22.1.el9_6/CVE-2025-22126-md-fix-mddev-uaf-while-iterating-all-mddevs-list-427.patch kpatch-description: md: fix mddev uaf while iterating all_mddevs list kpatch-kernel: 5.14.0-570.22.1.el9_6 kpatch-cve: CVE-2025-22126 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-22126 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=8542870237c3a48ff049b6c5df5f50c8728284fa kpatch-name: rhel9/5.14.0-570.22.1.el9_6/CVE-2025-21969-Bluetooth-L2CAP-Fix-slab-use-after-free-Read-in-l2cap-503.patch kpatch-description: Bluetooth: L2CAP: Fix slab-use-after-free Read in l2cap_send_cmd kpatch-kernel: 5.14.0-570.22.1.el9_6 kpatch-cve: CVE-2025-21969 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-21969 kpatch-patch-url: https://git.kernel.org/linus/c96cce853542b3b13da3738f35ef1be8cfcc9d1d kpatch-name: rhel9/5.14.0-570.23.1.el9_6/CVE-2025-23150-ext4-fix-off-by-one-error-in-do-split.patch kpatch-description: ext4: fix off-by-one error in do_split kpatch-kernel: 5.14.0-570.23.1.el9_6 kpatch-cve: CVE-2025-23150 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-23150 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=94824ac9a8aaf2fb3c54b4bdde842db80ffa555d kpatch-name: rhel9/5.14.0-570.23.1.el9_6/CVE-2025-21919-sched-fair-fix-potential-memory-corruption-in-child-cfs-rq-on-list.patch kpatch-description: sched/fair: Fix potential memory corruption in child_cfs_rq_on_list kpatch-kernel: 5.14.0-570.23.1.el9_6 kpatch-cve: CVE-2025-21919 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-21919 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=3b4035ddbfc8e4521f85569998a7569668cccf51 kpatch-name: skipped/CVE-2025-21883.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2025-21883 kpatch-skip-reason: Complex adaptation required. Low impact CVE. kpatch-cvss: kpatch-name: rhel9/5.14.0-570.23.1.el9_6/CVE-2025-22104-ibmvnic-use-kernel-helpers-for-hex-dumps.patch kpatch-description: ibmvnic: Use kernel helpers for hex dumps kpatch-kernel: 5.14.0-570.23.1.el9_6 kpatch-cve: CVE-2025-22104 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-22104 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=d93a6caab5d7d9b5ce034d75b1e1e993338e3852 kpatch-name: rhel9/5.14.0-570.23.1.el9_6/CVE-2025-37738-ext4-ignore-xattrs-past-end.patch kpatch-description: ext4: ignore xattrs past end kpatch-kernel: 5.14.0-570.23.1.el9_6 kpatch-cve: CVE-2025-37738 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-37738 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=c8e008b60492cf6fd31ef127aea6d02fd3d314cd kpatch-name: rhel9/5.14.0-570.24.1.el9_6/CVE-2023-52933-squashfs-fix-handling-and-sanity-checking-of-xattr-ids-count.patch kpatch-description: Squashfs: fix handling and sanity checking of xattr_ids count kpatch-kernel: 5.14.0-570.24.1.el9_6 kpatch-cve: CVE-2023-52933 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-52933 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=f65c4bbbd682b0877b669828b4e033b8d5d0a2dc kpatch-name: rhel9/5.14.0-570.25.1.el9_6/CVE-2025-22004-net-atm-fix-use-after-free-in-lec-send.patch kpatch-description: net: atm: fix use after free in lec_send() kpatch-kernel: 5.14.0-570.25.1.el9_6 kpatch-cve: CVE-2025-22004 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-22004 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=f3009d0d6ab78053117f8857b921a8237f4d17b3 kpatch-name: rhel9/5.14.0-570.25.1.el9_6/CVE-2025-21887-ovl-fix-uaf-in-ovl-dentry-update-reval-by-moving-dput-in-ovl-link-up.patch kpatch-description: ovl: fix UAF in ovl_dentry_update_reval by moving dput() in ovl_link_up kpatch-kernel: 5.14.0-570.25.1.el9_6 kpatch-cve: CVE-2025-21887 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-21887 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=c84e125fff2615b4d9c259e762596134eddd2f27 kpatch-name: rhel9/5.14.0-570.25.1.el9_6/CVE-2025-21759-ipv6-mcast-add-dev_net_rcu-helper.patch kpatch-description: ipv6: mcast: extend RCU protection in igmp6_send() kpatch-kernel: 5.14.0-570.25.1.el9_6 kpatch-cve: CVE-2025-21759 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-21759 kpatch-patch-url: https://github.com/torvalds/linux/commit/087c1faa594fa07a66933d750c0b2610aa1a2946 kpatch-name: rhel9/5.14.0-570.25.1.el9_6/CVE-2025-21759-ipv6-mcast-extend-RCU-protection-in-igmp6_send.patch kpatch-description: ipv6: mcast: extend RCU protection in igmp6_send() kpatch-kernel: 5.14.0-570.25.1.el9_6 kpatch-cve: CVE-2025-21759 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-21759 kpatch-patch-url: https://github.com/torvalds/linux/commit/087c1faa594fa07a66933d750c0b2610aa1a2946 kpatch-name: rhel9/5.14.0-570.25.1.el9_6/CVE-2022-49846-udf-Fix-a-slab-out-of-bounds-write-bug-in-udf_find_entry.patch kpatch-description: udf: Fix a slab-out-of-bounds write bug in udf_find_entry() kpatch-kernel: 5.14.0-570.25.1.el9_6 kpatch-cve: CVE-2022-49846 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2022-49846 kpatch-patch-url: https://github.com/torvalds/linux/commit/c8af247de385ce49afabc3bf1cf4fd455c94bfe8 kpatch-name: rhel9/5.14.0-570.26.1.el9_6/CVE-2025-21991-x86-microcode-amd-fix-out-of-bounds-on-systems-with-cpu-less-numa-nodes.patch kpatch-description: x86/microcode/AMD: Fix out-of-bounds on systems with CPU-less NUMA nodes kpatch-kernel: 5.14.0-570.26.1.el9_6 kpatch-cve: CVE-2025-21991 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-21991 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=e3e89178a9f4a80092578af3ff3c8478f9187d59 kpatch-name: rhel9/5.14.0-570.28.1.el9_6/CVE-2025-38089-sunrpc-handle-svc-garbage-during-svc-auth-processing-as-auth-error-5.14.0-503.40.1.el9_5.patch kpatch-description: sunrpc: handle SVC_GARBAGE during svc auth processing as auth error kpatch-kernel: 5.14.0-570.28.1.el9_6 kpatch-cve: CVE-2025-38089 kpatch-cvss: 7.0 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-38089 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=94d10a4dba0bc482f2b01e39f06d5513d0f75742 kpatch-name: rhel9/5.14.0-570.28.1.el9_6/CVE-2024-58002-media-uvcvideo-remove-dangling-pointers.patch kpatch-description: media: uvcvideo: Remove dangling pointers kpatch-kernel: 5.14.0-570.28.1.el9_6 kpatch-cve: CVE-2024-58002 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-58002 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=221cd51efe4565501a3dbf04cc011b537dcce7fb kpatch-name: rhel9/5.14.0-570.28.1.el9_6/CVE-2024-58002-media-uvcvideo-remove-dangling-pointers-kpatch.patch kpatch-description: media: uvcvideo: Remove dangling pointers kpatch-kernel: 5.14.0-570.28.1.0.1.el9_6 kpatch-cve: CVE-2024-58002 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-58002 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ac18d781466252cd35a3e311e0a4b264260fd927 kpatch-name: rhel9/5.14.0-570.30.1.el9_6/CVE-2025-37958-mm-huge-memory-fix-dereferencing-invalid-pmd-migration-entry-427.patch kpatch-description: mm/huge_memory: fix dereferencing invalid pmd migration entry kpatch-kernel: 5.14.0-570.30.1.el9_6 kpatch-cve: CVE-2025-37958 kpatch-cvss: 7.0 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-37958 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=be6e843fc51a584672dfd9c4a6a24c8cb81d5fb7 kpatch-name: rhel9/5.14.0-570.30.1.el9_6/CVE-2025-21905-wifi-iwlwifi-limit-printed-string-from-fw-file.patch kpatch-description: wifi: iwlwifi: limit printed string from FW file kpatch-kernel: 5.14.0-570.30.1.el9_6 kpatch-cve: CVE-2025-21905 kpatch-cvss: 7.1 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-21905 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=e0dc2c1bef722cbf16ae557690861e5f91208129 kpatch-name: rhel9/5.14.0-570.30.1.el9_6/CVE-2024-57980-media-uvcvideo-fix-double-free-in-error-path.patch kpatch-description: media: uvcvideo: Fix double free in error path kpatch-kernel: 5.14.0-570.30.1.el9_6 kpatch-cve: CVE-2024-57980 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-57980 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=c6ef3a7fa97ec823a1e1af9085cf13db9f7b3bac kpatch-name: rhel9/5.14.0-570.30.1.el9_6/CVE-2025-38110-net-mdiobus-fix-potential-out-of-bounds-clause-45-read-write-access.patch kpatch-description: net/mdiobus: Fix potential out-of-bounds clause 45 read/write access kpatch-kernel: 5.14.0-570.30.1.el9_6 kpatch-cve: CVE-2025-38110 kpatch-cvss: 7.0 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-38110 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=260388f79e94fb3026c419a208ece8358bb7b555 kpatch-name: rhel9/5.14.0-570.30.1.el9_6/CVE-2025-22113-ext4-define-ext4_journal_destroy-wrapper-427.patch kpatch-description: ext4: avoid journaling sb update on error if journal is destroying kpatch-kernel: 5.14.0-570.30.1.el9_6 kpatch-cve: CVE-2025-22113 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-22113 kpatch-patch-url: https://github.com/torvalds/linux/commit/5a02a6204ca37e7c22fbb55a789c503f05e8e89a kpatch-name: rhel9/5.14.0-570.30.1.el9_6/CVE-2025-22113-ext4-avoid-journaling-sb-update-on-error-if-journal-is-destroying-427.patch kpatch-description: ext4: avoid journaling sb update on error if journal is destroying kpatch-kernel: 5.14.0-570.30.1.el9_6 kpatch-cve: CVE-2025-22113 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-22113 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=ce2f26e73783b4a7c46a86e3af5b5c8de0971790 kpatch-name: rhel9/5.14.0-570.30.1.el9_6/CVE-2025-22121-ext4-fix-out-of-bound-read-in-ext4_xattr_inode_dec_ref_all.patch kpatch-description: ext4: fix out-of-bound read in ext4_xattr_inode_dec_ref_all() kpatch-kernel: 5.14.0-570.30.1.el9_6 kpatch-cve: CVE-2025-22121 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-22121 kpatch-patch-url: https://github.com/torvalds/linux/commit/5701875f9609b000d91351eaa6bfd97fe2f157f4 kpatch-name: rhel9/5.14.0-570.30.1.el9_6/CVE-2025-22121-ext4-fix-out-of-bound-read-in-ext4_xattr_inode_dec_ref_all-kpatch.patch kpatch-description: ext4: fix out-of-bound read in ext4_xattr_inode_dec_ref_all() kpatch-kernel: 5.14.0-570.30.1.el9_6 kpatch-cve: CVE-2025-22121 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-22121 kpatch-patch-url: https://github.com/torvalds/linux/commit/5701875f9609b000d91351eaa6bfd97fe2f157f4 kpatch-name: rhel9/5.14.0-570.30.1.el9_6/CVE-2025-37797-net_sched-hfsc-Fix-a-UAF-vulnerability-in-class-handling.patch kpatch-description: net_sched: hfsc: Fix a UAF vulnerability in class handling kpatch-kernel: 5.14.0-570.30.1.el9_6 kpatch-cve: CVE-2025-37797 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-37797 kpatch-patch-url: https://github.com/torvalds/linux/commit/3df275ef0a6ae181e8428a6589ef5d5231e58b5c kpatch-name: rhel9/5.14.0-570.30.1.el9_6/CVE-2025-38086-net-ch9200-fix-uninitialised-access-during-mii_nway_restart.patch kpatch-description: net: ch9200: fix uninitialised access during mii_nway_restart kpatch-kernel: 5.14.0-570.30.1.el9_6 kpatch-cve: CVE-2025-38086 kpatch-cvss: 7.0 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-38086 kpatch-patch-url: https://github.com/torvalds/linux/commit/9ad0452c0277b816a435433cca601304cfac7c21 kpatch-name: rhel9/5.14.0-570.32.1.el9_6/CVE-2025-21962-cifs-fix-integer-overflow-while-processing-closetimeo-mount-option.patch kpatch-description: cifs: Fix integer overflow while processing closetimeo mount option kpatch-kernel: 5.14.0-570.32.1.el9_6 kpatch-cve: CVE-2025-21962 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-21962 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=d5a30fddfe2f2e540f6c43b59cf701809995faef kpatch-name: rhel9/5.14.0-570.32.1.el9_6/CVE-2025-21727-padata-fix-uaf-in-padata-reorder.patch kpatch-description: padata: fix UAF in padata_reorder kpatch-kernel: 5.14.0-570.32.1.el9_6 kpatch-cve: CVE-2025-21727 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-21727 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=e01780ea4661172734118d2a5f41bc9720765668 kpatch-name: rhel9/5.14.0-570.32.1.el9_6/CVE-2025-38087-net-sched-fix-use-after-free-in-taprio-dev-notifier.patch kpatch-description: net/sched: fix use-after-free in taprio_dev_notifier kpatch-kernel: 5.14.0-570.32.1.el9_6 kpatch-cve: CVE-2025-38087 kpatch-cvss: 7.0 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-38087 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=b160766e26d4e2e2d6fe2294e0b02f92baefcec5 kpatch-name: rhel9/5.14.0-570.32.1.el9_6/CVE-2022-49788-misc-vmw-vmci-fix-an-infoleak-in-vmci-host-do-receive-datagram.patch kpatch-description: misc/vmw_vmci: fix an infoleak in vmci_host_do_receive_datagram() kpatch-kernel: 5.14.0-570.32.1.el9_6 kpatch-cve: CVE-2022-49788 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2022-49788 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=e5b0d06d9b10f5f43101bd6598b076c347f9295f kpatch-name: rhel9/5.14.0-570.32.1.el9_6/CVE-2025-22020-memstick-rtsx-usb-ms-fix-slab-use-after-free-in-rtsx-usb-ms-drv-remove.patch kpatch-description: memstick: rtsx_usb_ms: Fix slab-use-after-free in rtsx_usb_ms_drv_remove kpatch-kernel: 5.14.0-570.32.1.el9_6 kpatch-cve: CVE-2025-22020 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-22020 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=4676741a3464b300b486e70585c3c9b692be1632 kpatch-name: rhel9/5.14.0-570.32.1.el9_6/CVE-2025-21928-hid-intel-ish-hid-fix-use-after-free-issue-in-ishtp-hid-remove.patch kpatch-description: HID: intel-ish-hid: Fix use-after-free issue in ishtp_hid_remove() kpatch-kernel: 5.14.0-570.32.1.el9_6 kpatch-cve: CVE-2025-21928 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-21928 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=07583a0010696a17fb0942e0b499a62785c5fc9f kpatch-name: rhel9/5.14.0-570.32.1.el9_6/CVE-2025-37890-net-sched-hfsc-fix-a-uaf-vulnerability-in-class-with-netem-as-child-qdisc.patch kpatch-description: net_sched: hfsc: Fix a UAF vulnerability in class with netem as child qdisc kpatch-kernel: 5.14.0-570.32.1.el9_6 kpatch-cve: CVE-2025-37890 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-37890 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=141d34391abbb315d68556b7c67ad97885407547 kpatch-name: rhel9/5.14.0-570.32.1.el9_6/CVE-2025-37890-net-sched-hfsc-fix-qlen-accounting-bug-when-using-peek-in-hfsc_enqueue.patch kpatch-description: sch_hfsc: Fix qlen accounting bug when using peek in hfsc_enqueue() kpatch-kernel: 5.14.0-570.32.1.el9_6 kpatch-cve: CVE-2025-37890 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-37890 kpatch-patch-url: https://github.com/torvalds/linux/commit/3f981138109f63232a5fb7165938d4c945cc1b9d kpatch-name: rhel9/5.14.0-570.32.1.el9_6/CVE-2025-37890-net-sched-hfsc-address-reentrant-enqueue-adding-class-to-eltree-twice.patch kpatch-description: net_sched: hfsc: Address reentrant enqueue adding class to eltree twice kpatch-kernel: 5.14.0-570.32.1.el9_6 kpatch-cve: CVE-2025-37890 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-37890 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=141d34391abbb315d68556b7c67ad97885407547 kpatch-name: skipped/CVE-2025-38052.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2025-38052 kpatch-skip-reason: Complex adaptation required. Low impact CVE kpatch-cvss: kpatch-name: rhel9/5.14.0-570.33.2.el9_6/CVE-2025-38079-crypto-algif-hash-fix-double-free-in-hash-accept.patch kpatch-description: crypto: algif_hash - fix double free in hash_accept kpatch-kernel: 5.14.0-570.33.2.el9_6 kpatch-cve: CVE-2025-38079 kpatch-cvss: 7.0 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-38079 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=b2df03ed4052e97126267e8c13ad4204ea6ba9b6 kpatch-name: rhel9/5.14.0-570.33.2.el9_6/CVE-2025-38292-wifi-ath12k-fix-invalid-access-to-memory-5.14.0-427.42.1.el9_4.patch kpatch-description: wifi: ath12k: fix invalid access to memory kpatch-kernel: 5.14.0-570.33.2.el9_6 kpatch-cve: CVE-2025-38292 kpatch-cvss: 7.0 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-38292 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=9f17747fbda6fca934854463873c4abf8061491d kpatch-name: skipped/CVE-2024-28956.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2024-28956 kpatch-skip-reason: Patch meant for use with microcode update kpatch-cvss: kpatch-name: rhel9/5.14.0-570.35.1.el9_6/CVE-2024-49978-gso-fix-udp-gso-fraglist-segmentation-after-pull-from-frag_list-427.patch kpatch-description: gso: fix udp gso fraglist segmentation after pull from frag_list kpatch-kernel: 5.14.0-570.35.1.el9_6 kpatch-cve: CVE-2024-49978 kpatch-cvss: 7.0 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-49978 kpatch-patch-url: https://github.com/torvalds/linux/commit/a1e40ac5b5e9077fe1f7ae0eb88034db0f9ae1ab kpatch-name: rhel9/5.14.0-570.35.1.el9_6/CVE-2025-38124-net-fix-udp-gso-skb_segment-after-pull-from-frag_list.patch kpatch-description: net: fix udp gso skb_segment after pull from frag_list kpatch-kernel: 5.14.0-570.35.1.el9_6 kpatch-cve: CVE-2025-38124 kpatch-cvss: 7.0 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-38124 kpatch-patch-url: https://github.com/torvalds/linux/commit/3382a1ed7f778db841063f5d7e317ac55f9e7f72 kpatch-name: rhel9/5.14.0-570.35.1.el9_6/CVE-2025-38159-wifi-rtw88-fix-the-para-buffer-size-to-avoid-reading-out-of-bounds.patch kpatch-description: wifi: rtw88: fix the 'para' buffer size to avoid reading out of bounds kpatch-kernel: 5.14.0-570.35.1.el9_6 kpatch-cve: CVE-2025-38159 kpatch-cvss: 7.1 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-38159 kpatch-patch-url: https://github.com/torvalds/linux/commit/4c2c372de2e108319236203cce6de44d70ae15cd kpatch-name: rhel9/5.14.0-570.35.1.el9_6/CVE-2025-38250-bluetooth-hci-core-fix-use-after-free-in-vhci-flush.patch kpatch-description: Bluetooth: hci_core: Fix use-after-free in vhci_flush() kpatch-kernel: 5.14.0-570.35.1.el9_6 kpatch-cve: CVE-2025-38250 kpatch-cvss: 7.0 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-38250 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=1d6123102e9fbedc8d25bf4731da6d513173e49e kpatch-name: skipped/CVE-2025-38085.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2025-38085 kpatch-skip-reason: Complex adaptation required. High risk of regression. kpatch-cvss: kpatch-name: rhel9/5.14.0-570.35.1.el9_6/CVE-2025-38471-tls-always-refresh-the-queue-when-reading-sock.patch kpatch-description: tls: always refresh the queue when reading sock kpatch-kernel: 5.14.0-570.35.1.el9_6 kpatch-cve: CVE-2025-38471 kpatch-cvss: 7.4 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-38471 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=4ab26bce3969f8fd925fe6f6f551e4d1a508c68b kpatch-name: rhel9/5.14.0-570.35.1.el9_6/CVE-2025-38380-i2c-designware-fix-an-initialization-issue.patch kpatch-description: i2c/designware: Fix an initialization issue kpatch-kernel: 5.14.0-570.35.1.el9_6 kpatch-cve: CVE-2025-38380 kpatch-cvss: 7.0 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-38380 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=3d30048958e0d43425f6d4e76565e6249fa71050 kpatch-name: rhel9/5.14.0-570.35.1.el9_6/CVE-2025-21867-bpf-test-run-fix-use-after-free-issue-in-eth-skb-pkt-type.patch kpatch-description: bpf, test_run: Fix use-after-free issue in eth_skb_pkt_type() kpatch-kernel: 5.14.0-570.35.1.el9_6 kpatch-cve: CVE-2025-21867 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-21867 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=6b3d638ca897e099fa99bd6d02189d3176f80a47 kpatch-name: rhel9/5.14.0-570.37.1.el9_6/CVE-2025-22058-udp-fix-memory-accounting-leak.patch kpatch-description: udp: Fix memory accounting leak. kpatch-kernel: 5.14.0-570.37.1.el9_6 kpatch-cve: CVE-2025-22058 kpatch-cvss: 7.1 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-22058 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=df207de9d9e7a4d92f8567e2c539d9c8c12fd99d kpatch-name: rhel9/5.14.0-570.37.1.el9_6/CVE-2025-37914-net-sched-ets-fix-double-list-add-in-class-with-netem-as-child-qdisc.patch kpatch-description: net_sched: ets: Fix double list add in class with netem as child qdisc kpatch-kernel: 5.14.0-570.37.1.el9_6 kpatch-cve: CVE-2025-37914 kpatch-cvss: 7.0 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-37914 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=1a6d0c00fa07972384b0c308c72db091d49988b6 kpatch-name: rhel9/5.14.0-570.39.1.el9_6/CVE-2025-38211-rdma-iwcm-Fix-a-use-after-free-related-to-destroying-CM-IDs.patch kpatch-description: RDMA/iwcm: Fix a use-after-free related to destroying CM IDs kpatch-kernel: 5.14.0-570.39.1.el9_6 kpatch-cve: CVE-2025-38211 kpatch-cvss: 7.3 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-38211 kpatch-patch-url: https://github.com/torvalds/linux/commit/aee2424246f9f1dadc33faa78990c1e2eb7826e4 kpatch-name: rhel9/5.14.0-570.39.1.el9_6/CVE-2025-38211-rdma-iwcm-fix-use-after-free-of-work-objects-after-cm-id-destruction.patch kpatch-description: RDMA/iwcm: Fix use-after-free of work objects after cm_id destruction kpatch-kernel: 5.14.0-570.39.1.el9_6 kpatch-cve: CVE-2025-38211 kpatch-cvss: 7.3 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-38211 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=6883b680e703c6b2efddb4e7a8d891ce1803d06b kpatch-name: rhel9/5.14.0-570.39.1.el9_6/CVE-2025-38461-vsock-fix-transport-toctou.patch kpatch-description: vsock: Fix transport_* TOCTOU kpatch-kernel: 5.14.0-570.39.1.el9_6 kpatch-cve: CVE-2025-38461 kpatch-cvss: 7.3 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-38461 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=687aa0c5581b8d4aa87fd92973e4ee576b550cdf kpatch-name: rhel9/5.14.0-570.39.1.el9_6/CVE-2025-38200-i40e-fix-mmio-write-access-to-an-invalid-page-in-i40e-clear-hw.patch kpatch-description: i40e: fix MMIO write access to an invalid page in i40e_clear_hw kpatch-kernel: 5.14.0-570.39.1.el9_6 kpatch-cve: CVE-2025-38200 kpatch-cvss: 7.0 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-38200 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=015bac5daca978448f2671478c553ce1f300c21e kpatch-name: rhel9/5.14.0-570.39.1.el9_6/CVE-2025-37823-net-sched-hfsc-fix-a-potential-uaf-in-hfsc-dequeue-too.patch kpatch-description: net_sched: hfsc: Fix a potential UAF in hfsc_dequeue() too kpatch-kernel: 5.14.0-570.39.1.el9_6 kpatch-cve: CVE-2025-37823 kpatch-cvss: 7.1 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-37823 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=6ccbda44e2cc3d26fd22af54c650d6d5d801addf kpatch-name: rhel9/5.14.0-570.39.1.el9_6/CVE-2025-38350-net-sched-always-pass-notifications-when-child-class-becomes-empty.patch kpatch-description: net/sched: Always pass notifications when child class becomes empty kpatch-kernel: 5.14.0-570.39.1.el9_6 kpatch-cve: CVE-2025-38350 kpatch-cvss: 7.0 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-38350 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=103406b38c600fec1fe375a77b27d87e314aea09 kpatch-name: rhel9/5.14.0-570.39.1.el9_6/CVE-2025-38464-tipc-fix-use-after-free-in-tipc-conn-close.patch kpatch-description: tipc: Fix use-after-free in tipc_conn_close(). kpatch-kernel: 5.14.0-570.39.1.el9_6 kpatch-cve: CVE-2025-38464 kpatch-cvss: 7.3 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-38464 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=667eeab4999e981c96b447a4df5f20bdf5c26f13 kpatch-name: rhel9/5.14.0-570.39.1.el9_6/CVE-2025-38500-xfrm-interface-fix-use-after-free-after-changing-collect-md-xfrm-interface.patch kpatch-description: xfrm: interface: fix use-after-free after changing collect_md xfrm interface kpatch-kernel: 5.14.0-570.39.1.el9_6 kpatch-cve: CVE-2025-38500 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-38500 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=a90b2a1aaacbcf0f91d7e4868ad6c51c5dee814b kpatch-name: rhel9/5.14.0-570.39.1.el9_6/CVE-2025-38500-xfrm-interface-fix-use-after-free-after-changing-collect-md-xfrm-interface-kpatch.patch kpatch-description: xfrm: interface: fix use-after-free after changing collect_md xfrm interface kpatch-kernel: 5.14.0-570.39.1.el9_6 kpatch-cve: CVE-2025-38500 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-38500 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=a90b2a1aaacbcf0f91d7e4868ad6c51c5dee814b kpatch-name: rhel9/5.14.0-570.41.1.el9_6/CVE-2025-37803-udmabuf-fix-a-buf-size-overflow-issue-during-udmabuf-creation.patch kpatch-description: udmabuf: fix a buf size overflow issue during udmabuf creation kpatch-kernel: 5.14.0-570.41.1.el9_6 kpatch-cve: CVE-2025-37803 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-37803 kpatch-patch-url: https://github.com/torvalds/linux/commit/021ba7f1babd029e714d13a6bf2571b08af96d0f kpatch-name: rhel9/5.14.0-570.41.1.el9_6/CVE-2025-38392-idpf-convert-control-queue-mutex-to-a-spinlock-427.patch kpatch-description: idpf: convert control queue mutex to a spinlock kpatch-kernel: 5.14.0-570.41.1.el9_6 kpatch-cve: CVE-2025-38392 kpatch-cvss: 7.3 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-38392 kpatch-patch-url: https://github.com/torvalds/linux/commit/b2beb5bb2cd90d7939e470ed4da468683f41baa3 kpatch-name: rhel9/5.14.0-570.42.2.el9_6/CVE-2025-38332-scsi-lpfc-use-memcpy-for-bios-version.patch kpatch-description: scsi: lpfc: Use memcpy() for BIOS version kpatch-kernel: 5.14.0-570.42.2.el9_6 kpatch-cve: CVE-2025-38332 kpatch-cvss: 7.0 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-38332 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=ae82eaf4aeea060bb736c3e20c0568b67c701d7d kpatch-name: rhel9/5.14.0-570.42.2.el9_6/CVE-2025-22097-drm-vkms-fix-use-after-free-and-double-free-on-init-error.patch kpatch-description: drm/vkms: Fix use after free and double free on init error kpatch-kernel: 5.14.0-570.42.2.el9_6 kpatch-cve: CVE-2025-22097 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-22097 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=ed15511a773df86205bda66c37193569575ae828 kpatch-name: rhel9/5.14.0-570.42.2.el9_6/CVE-2025-22097-drm-vkms-fix-use-after-free-and-double-free-on-init-error-kpatch.patch kpatch-description: drm/vkms: Fix use after free and double free on init error kpatch-kernel: 5.14.0-570.42.2.el9_6 kpatch-cve: CVE-2025-22097 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-22097 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=ed15511a773df86205bda66c37193569575ae828 kpatch-name: skipped/CVE-2025-38449.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2025-38449 kpatch-skip-reason: requires a very complex adaptation kpatch-cvss: kpatch-name: rhel9/5.14.0-570.42.2.el9_6/CVE-2025-38352-posix-cpu-timers-fix-race-between-handle-posix-cpu-timers-and-posix-cpu-timer-del.patch kpatch-description: posix-cpu-timers: fix race between handle_posix_cpu_timers() and posix_cpu_timer_del() kpatch-kernel: 5.14.0-570.42.2.el9_6 kpatch-cve: CVE-2025-38352 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-38352 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=f90fff1e152dedf52b932240ebbd670d83330eca kpatch-name: rhel9/5.14.0-570.44.1.el9_6/CVE-2025-38550-ipv6-mcast-delay-put-pmc-idev-in-mld-del-delrec.patch kpatch-description: ipv6: mcast: Delay put pmc->idev in mld_del_delrec() kpatch-kernel: 5.14.0-570.44.1.el9_6 kpatch-cve: CVE-2025-38550 kpatch-cvss: 7.1 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-38550 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=ae3264a25a4635531264728859dbe9c659fad554 kpatch-name: rhel9/5.14.0-570.46.1.el9_6/CVE-2025-37810-usb-dwc3-gadget-check-that-event-count-does-not-exceed-event-buffer-length.patch kpatch-description: usb: dwc3: gadget: check that event count does not exceed event buffer length kpatch-kernel: 5.14.0-570.46.1.el9_6 kpatch-cve: CVE-2025-37810 kpatch-cvss: 7.1 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-37810 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=63ccd26cd1f6600421795f6ca3e625076be06c9f kpatch-name: rhel9/5.14.0-570.46.1.el9_6/CVE-2025-38498-do-change-type-refuse-to-operate-on-unmounted-not-ours-mounts.patch kpatch-description: do_change_type(): refuse to operate on unmounted/not ours mounts kpatch-kernel: 5.14.0-570.46.1.el9_6 kpatch-cve: CVE-2025-38498 kpatch-cvss: 7.3 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-38498 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=12f147ddd6de7382dad54812e65f3f08d05809fc kpatch-name: skipped/CVE-2025-39694.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2025-39694 kpatch-skip-reason: Out of scope: IBM System/390 architecture isn't supported for current kernel kpatch-cvss: kpatch-name: rhel9/5.14.0-570.46.1.el9_6/CVE-2023-53125-net-usb-smsc75xx-limit-packet-length-to-skb-len.patch kpatch-description: net: usb: smsc75xx: Limit packet length to skb->len kpatch-kernel: 5.14.0-570.46.1.el9_6 kpatch-cve: CVE-2023-53125 kpatch-cvss: 7.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-53125 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=d8b228318935044dafe3a5bc07ee71a1f1424b8d kpatch-name: rhel9/5.14.0-570.46.1.el9_6/CVE-2023-53125-net-usb-smsc75xx-move-packet-length-check-to-prevent-kernel-panic-in-skb_pull.patch kpatch-description: net: usb: smsc75xx: Move packet length check to prevent kernel panic in skb_pull kpatch-kernel: 5.14.0-570.46.1.el9_6 kpatch-cve: CVE-2023-53125 kpatch-cvss: 7.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-53125 kpatch-patch-url: https://github.com/torvalds/linux/commit/43ffe6caccc7a1bb9d7442fbab521efbf6c1378c kpatch-name: rhel9/5.14.0-570.49.1.el9_6/CVE-2025-38472-netfilter-nf-conntrack-fix-crash-due-to-removal-of-uninitialised-entry.patch kpatch-description: netfilter: nf_conntrack: fix crash due to removal of uninitialised entry kpatch-kernel: 5.14.0-570.49.1.el9_6 kpatch-cve: CVE-2025-38472 kpatch-cvss: 7.1 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-38472 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=2d72afb340657f03f7261e9243b44457a9228ac7 kpatch-name: rhel9/5.14.0-570.49.1.el9_6/CVE-2025-38527-smb-client-fix-use-after-free-in-cifs-oplock-break.patch kpatch-description: smb: client: fix use-after-free in cifs_oplock_break kpatch-kernel: 5.14.0-570.46.1.el9_6 kpatch-cve: CVE-2025-38527 kpatch-cvss: 7.0 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-38527 kpatch-patch-url: https://github.com/torvalds/linux/commit/705c79101ccf9edea5a00d761491a03ced314210 kpatch-name: rhel9/5.14.0-570.49.1.el9_6/CVE-2025-38718-sctp-linearize-cloned-gso-packets-in-sctp-rcv.patch kpatch-description: sctp: linearize cloned gso packets in sctp_rcv kpatch-kernel: 5.14.0-570.49.1.el9_6 kpatch-cve: CVE-2025-38718 kpatch-cvss: 7.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-38718 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=fd60d8a086191fe33c2d719732d2482052fa6805 kpatch-name: rhel9/5.14.0-570.49.1.el9_6/CVE-2025-39682-tls-break-out-of-main-loop-when-PEEK-gets-a-non-data-record.patch kpatch-description: tls: break out of main loop when PEEK gets a non-data record kpatch-kernel: 5.14.0-570.49.1.el9_6 kpatch-cve: CVE-2025-39682 kpatch-cvss: 7.0 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-39682 kpatch-patch-url: https://github.com/torvalds/linux/commit/10f41d0710fc81b7af93fa6106678d57b1ff24a7 kpatch-name: rhel9/5.14.0-570.49.1.el9_6/CVE-2025-39682-tls-stop-recv-if-initial-process_rx_list-gave-us-non-DATA.patch kpatch-description: tls: stop recv() if initial process_rx_list gave us non-DATA kpatch-kernel: 5.14.0-570.49.1.el9_6 kpatch-cve: CVE-2025-39682 kpatch-cvss: 7.0 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-39682 kpatch-patch-url: https://github.com/torvalds/linux/commit/fdfbaec5923d9359698cbb286bc0deadbb717504 kpatch-name: rhel9/5.14.0-570.49.1.el9_6/CVE-2025-39682-tls-don-t-skip-over-different-type-records-from-the-rx_list.patch kpatch-description: tls: don't skip over different type records from the rx_list kpatch-kernel: 5.14.0-570.49.1.el9_6 kpatch-cve: CVE-2025-39682 kpatch-cvss: 7.0 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-39682 kpatch-patch-url: https://github.com/torvalds/linux/commit/ec823bf3a479d42c589dc0f28ef4951c49cd2d2a kpatch-name: rhel9/5.14.0-570.49.1.el9_6/CVE-2025-39682-tls-fix-handling-of-zero-length-records-on-the-rx-list.patch kpatch-description: tls: fix handling of zero-length records on the rx_list kpatch-kernel: 5.14.0-570.49.1.el9_6 kpatch-cve: CVE-2025-39682 kpatch-cvss: 7.0 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-39682 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=62708b9452f8eb77513115b17c4f8d1a22ebf843 kpatch-name: rhel9/5.14.0-570.51.1.el9_6/CVE-2024-50301-security-keys-fix-slab-out-of-bounds-in-key-task-permission.patch kpatch-description: security/keys: fix slab-out-of-bounds in key_task_permission kpatch-kernel: 5.14.0-570.51.1.el9_6 kpatch-cve: CVE-2024-50301 kpatch-cvss: 7.1 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-50301 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=4a74da044ec9ec8679e6beccc4306b936b62873f kpatch-name: rhel9/5.14.0-611.8.1.el9_7/CVE-2025-38351-kvm-x86-hyper-v-skip-non-canonical-addresses-during-pv-tlb-flush-5.14.0-570.62.1.el9_6.patch kpatch-description: KVM: x86/hyper-v: Skip non-canonical addresses during PV TLB flush kpatch-kernel: 5.14.0-611.8.1.el9_7 kpatch-cve: CVE-2025-38351 kpatch-cvss: 7.3 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-38351 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=fa787ac07b3ceb56dd88a62d1866038498e96230 kpatch-name: rhel9/5.14.0-611.8.1.el9_7/CVE-2025-38351-kvm-x86-hyper-v-skip-non-canonical-addresses-during-pv-tlb-flush-kpatch.patch kpatch-description: KVM: x86/hyper-v: Skip non-canonical addresses during PV TLB flush kpatch-kernel: 5.14.0-611.8.1.el9_7 kpatch-cve: CVE-2025-38351 kpatch-cvss: 7.3 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-38351 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=fa787ac07b3ceb56dd88a62d1866038498e96230 kpatch-name: rhel9/5.14.0-570.51.1.el9_6/CVE-2025-39761-wifi-ath12k-decrement-tid-on-rx-peer-frag-setup-error-handling.patch kpatch-description: wifi: ath12k: Decrement TID on RX peer frag setup error handling kpatch-kernel: 5.14.0-570.51.1.el9_6 kpatch-cve: CVE-2025-39761 kpatch-cvss: 7.1 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-39761 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=7c0884fcd2ddde0544d2e77f297ae461e1f53f58 kpatch-name: rhel9/5.14.0-570.52.1.el9_6/CVE-2025-38614-eventpoll-fix-semi-unbounded-recursion.patch kpatch-description: eventpoll: Fix semi-unbounded recursion kpatch-kernel: 5.14.0-570.52.1.el9_6 kpatch-cve: CVE-2025-38614 kpatch-cvss: 6.2 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-38614 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=f2e467a48287c868818085aa35389a224d226732 kpatch-name: rhel9/5.14.0-570.52.1.el9_6/CVE-2025-38614-eventpoll-fix-semi-unbounded-recursion-kpatch-427.patch kpatch-description: eventpoll: Fix semi-unbounded recursion kpatch-kernel: 5.14.0-570.52.1.el9_6 kpatch-cve: CVE-2025-38614 kpatch-cvss: 6.2 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-38614 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=f2e467a48287c868818085aa35389a224d226732 kpatch-name: rhel9/5.14.0-570.52.1.el9_6/CVE-2025-38614-eventpoll-fix-semi-unbounded-recursion-kpatch2.patch kpatch-description: eventpoll: Fix semi-unbounded recursion kpatch-kernel: 5.14.0-570.52.1.el9_6 kpatch-cve: CVE-2025-38614 kpatch-cvss: 6.2 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-38614 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=f2e467a48287c868818085aa35389a224d226732 kpatch-name: rhel9/5.14.0-570.52.1.el9_6/CVE-2025-38556-hid-simplify-snto32.patch kpatch-description: HID: simplify snto32() kpatch-kernel: 5.14.0-570.52.1.el9_6 kpatch-cve: CVE-2025-38556 kpatch-cvss: 7.1 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-38556 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=a6b87bfc2ab5bccb7ad953693c85d9062aef3fdd kpatch-name: rhel9/5.14.0-570.52.1.el9_6/CVE-2025-38556-hid-stop-exporting-hid_snto32.patch kpatch-description: HID: stop exporting hid_snto32() kpatch-kernel: 5.14.0-570.52.1.el9_6 kpatch-cve: CVE-2025-38556 kpatch-cvss: 7.1 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-38556 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=a6b87bfc2ab5bccb7ad953693c85d9062aef3fdd kpatch-name: rhel9/5.14.0-570.52.1.el9_6/CVE-2025-38556-hid-core-harden-s32ton-against-conversion-to-0-bits.patch kpatch-description: HID: core: Harden s32ton() against conversion to 0 bits kpatch-kernel: 5.14.0-570.52.1.el9_6 kpatch-cve: CVE-2025-38556 kpatch-cvss: 7.1 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-38556 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=a6b87bfc2ab5bccb7ad953693c85d9062aef3fdd kpatch-name: rhel9/5.14.0-570.52.1.el9_6/CVE-2025-38556-hid-stop-exporting-hid_snto32-kpatch.patch kpatch-description: HID: stop exporting hid_snto32() kpatch-kernel: 5.14.0-570.52.1.el9_6 kpatch-cve: CVE-2025-38556 kpatch-cvss: 7.1 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-38556 kpatch-patch-url: https://github.com/torvalds/linux/commit/c653ffc283404a6c1c0e65143a833180c7ff799b kpatch-name: rhel9/5.14.0-570.52.1.el9_6/CVE-2025-39757-alsa-usb-audio-validate-uac3-cluster-segment-descriptors.patch kpatch-description: ALSA: usb-audio: Validate UAC3 cluster segment descriptors kpatch-kernel: 5.14.0-570.52.1.el9_6 kpatch-cve: CVE-2025-39757 kpatch-cvss: 7.1 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-39757 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=ecfd41166b72b67d3bdeb88d224ff445f6163869 kpatch-name: rhel9/5.14.0-570.52.1.el9_6/CVE-2025-39757-alsa-usb-audio-fix-size-validation-in-convert_chmap_v3.patch kpatch-description: ALSA: usb-audio: Fix size validation in convert_chmap_v3() kpatch-kernel: 5.14.0-570.52.1.el9_6 kpatch-cve: CVE-2025-39757 kpatch-cvss: 7.1 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-39757 kpatch-patch-url: https://github.com/torvalds/linux/commit/89f0addeee3cb2dc49837599330ed9c4612f05b0 kpatch-name: rhel9/5.14.0-570.52.1.el9_6/CVE-2023-53373-crypto-seqiv-handle-ebusy-correctly.patch kpatch-description: crypto: seqiv - Handle EBUSY correctly kpatch-kernel: 5.14.0-570.52.1.el9_6 kpatch-cve: CVE-2023-53373 kpatch-cvss: 7.1 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-53373 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=32e62025e5e52fbe4812ef044759de7010b15dbc kpatch-name: rhel9/5.14.0-570.55.1.el9_6/CVE-2025-39849-wifi-cfg80211-sme-cap-ssid-length-in-cfg80211-connect-result.patch kpatch-description: wifi: cfg80211: sme: cap SSID length in __cfg80211_connect_result() kpatch-kernel: 5.14.0-570.55.1.el9_6 kpatch-cve: CVE-2025-39849 kpatch-cvss: 7.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-39849 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=62b635dcd69c4fde7ce1de4992d71420a37e51e3 kpatch-name: rhel9/5.14.0-570.55.1.el9_6/CVE-2025-39817-efivarfs-fix-slab-out-of-bounds-in-efivarfs-d-compare.patch kpatch-description: efivarfs: Fix slab-out-of-bounds in efivarfs_d_compare kpatch-kernel: 5.14.0-570.55.1.el9_6 kpatch-cve: CVE-2025-39817 kpatch-cvss: 7.0 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-39817 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=a6358f8cf64850f3f27857b8ed8c1b08cfc4685c kpatch-name: rhel9/5.14.0-570.55.1.el9_6/CVE-2025-39841-scsi-lpfc-fix-buffer-free-clear-order-in-deferred-receive-path.patch kpatch-description: scsi: lpfc: Fix buffer free/clear order in deferred receive path kpatch-kernel: 5.14.0-570.55.1.el9_6 kpatch-cve: CVE-2025-39841 kpatch-cvss: 7.0 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-39841 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=9dba9a45c348e8460da97c450cddf70b2056deb3 kpatch-name: skipped/CVE-2022-50087.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2022-50087 kpatch-skip-reason: Out of scope: not affected kpatch-cvss: kpatch-name: rhel9/5.14.0-570.58.1.el9_6/CVE-2025-39730-nfs-fix-filehandle-bounds-checking-in-nfs-fh-to-dentry.patch kpatch-description: NFS: Fix filehandle bounds checking in nfs_fh_to_dentry() kpatch-kernel: 5.14.0-570.58.1.el9_6 kpatch-cve: CVE-2025-39730 kpatch-cvss: 7.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-39730 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=ef93a685e01a281b5e2a25ce4e3428cf9371a205 kpatch-name: skipped/CVE-2025-39751.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2025-39751 kpatch-skip-reason: This CVE has been rejected or withdrawn by its CVE Numbering Authority as per NVD website kpatch-cvss: kpatch-name: rhel9/5.14.0-570.58.1.el9_6/CVE-2025-39819-fs-smb-fix-inconsistent-refcnt-update-427.patch kpatch-description: fs/smb: Fix inconsistent refcnt update kpatch-kernel: 5.14.0-570.58.1.el9_6 kpatch-cve: CVE-2025-39819 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-39819 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=ab529e6ca1f67bcf31f3ea80c72bffde2e9e053e kpatch-name: rhel9/5.14.0-570.58.1.el9_6/CVE-2025-39718-vsock-virtio-validate-length-in-packet-header-before-skb-put.patch kpatch-description: vsock/virtio: Validate length in packet header before skb_put() kpatch-kernel: 5.14.0-570.58.1.el9_6 kpatch-cve: CVE-2025-39718 kpatch-cvss: 7.6 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-39718 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=0dab92484474587b82e8e0455839eaf5ac7bf894 kpatch-name: rhel9/5.14.0-570.58.1.el9_6/CVE-2023-53331-pstore-ram-check-start-of-empty-przs-during-init.patch kpatch-description: pstore/ram: Check start of empty przs during init kpatch-kernel: 5.14.0-570.58.1.el9_6 kpatch-cve: CVE-2023-53331 kpatch-cvss: 7.0 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-53331 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=fe8c3623ab06603eb760444a032d426542212021 kpatch-name: rhel9/5.14.0-570.60.1.el9_6/CVE-2025-39702-ipv6-sr-fix-mac-comparison-to-be-constant-time.patch kpatch-description: ipv6: sr: Fix MAC comparison to be constant-time kpatch-kernel: 5.14.0-570.60.1.el9_6 kpatch-cve: CVE-2025-39702 kpatch-cvss: 7.1 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-39702 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=a458b2902115b26a25d67393b12ddd57d1216aaa kpatch-name: rhel9/5.14.0-570.60.1.el9_6/CVE-2022-50367-fs-fix-uaf-gpf-bug-in-nilfs-mdt-destroy.patch kpatch-description: fs: fix UAF/GPF bug in nilfs_mdt_destroy kpatch-kernel: 5.14.0-570.60.1.el9_6 kpatch-cve: CVE-2022-50367 kpatch-cvss: 7.0 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2022-50367 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=2e488f13755ffbb60f307e991b27024716a33b29 kpatch-name: rhel9/5.14.0-570.60.1.el9_6/CVE-2023-53494-crypto-xts-handle-ebusy-correctly.patch kpatch-description: crypto: xts - Handle EBUSY correctly kpatch-kernel: 5.14.0-570.60.1.el9_6 kpatch-cve: CVE-2023-53494 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-53494 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=51c082514c2dedf2711c99d93c196cc4eedceb40 kpatch-name: rhel9/5.14.0-611.5.1.el9_7/CVE-2024-46744-squashfs-sanity-check-symbolic-link-size.patch kpatch-description: Squashfs: sanity check symbolic link size kpatch-kernel: 5.14.0-611.5.1.el9_7 kpatch-cve: CVE-2024-46744 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-46744 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=810ee43d9cd245d138a2733d87a24858a23f577d kpatch-name: rhel9/5.14.0-611.5.1.el9_7/CVE-2024-56603-net-af-can-do-not-leave-a-dangling-sk-pointer-in-can-create.patch kpatch-description: net: af_can: do not leave a dangling sk pointer in can_create() kpatch-kernel: 5.14.0-611.5.1.el9_7 kpatch-cve: CVE-2024-56603 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-56603 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=811a7ca7320c062e15d0f5b171fe6ad8592d1434 kpatch-name: rhel9/5.14.0-611.5.1.el9_7/CVE-2025-21648-netfilter-conntrack-clamp-maximum-hashtable-size-to-int-max.patch kpatch-description: netfilter: conntrack: clamp maximum hashtable size to INT_MAX kpatch-kernel: 5.14.0-611.5.1.el9_7 kpatch-cve: CVE-2025-21648 kpatch-cvss: 7.1 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-21648 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=b541ba7d1f5a5b7b3e2e22dc9e40e18a7d6dbc13 kpatch-name: rhel9/5.14.0-611.5.1.el9_7/CVE-2025-21796-nfsd-clear-acl-access-acl-default-after-releasing-them.patch kpatch-description: nfsd: clear acl_access/acl_default after releasing them kpatch-kernel: 5.14.0-611.5.1.el9_7 kpatch-cve: CVE-2025-21796 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-21796 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=7faf14a7b0366f153284db0ad3347c457ea70136 kpatch-name: skipped/CVE-2025-21671.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2025-21671 kpatch-skip-reason: Out of scope: not affected kpatch-cvss: kpatch-name: rhel9/5.14.0-611.5.1.el9_7/CVE-2025-21791-vrf-use-rcu-protection-in-l3mdev-l3-out.patch kpatch-description: vrf: use RCU protection in l3mdev_l3_out() kpatch-kernel: 5.14.0-611.5.1.el9_7 kpatch-cve: CVE-2025-21791 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-21791 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=6d0ce46a93135d96b7fa075a94a88fe0da8e8773 kpatch-name: rhel9/5.14.0-611.5.1.el9_7/CVE-2024-58014-wifi-brcmsmac-add-gain-range-check-to-wlc-phy-iqcal-gainparams-nphy.patch kpatch-description: wifi: brcmsmac: add gain range check to wlc_phy_iqcal_gainparams_nphy() kpatch-kernel: 5.14.0-611.5.1.el9_7 kpatch-cve: CVE-2024-58014 kpatch-cvss: 7.1 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-58014 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=3f4a0948c3524ae50f166dbc6572a3296b014e62 kpatch-name: rhel9/5.14.0-611.5.1.el9_7/CVE-2024-56662-acpi-nfit-vmalloc-out-of-bounds-read-in-acpi-nfit-ctl.patch kpatch-description: acpi: nfit: vmalloc-out-of-bounds Read in acpi_nfit_ctl kpatch-kernel: 5.14.0-611.5.1.el9_7 kpatch-cve: CVE-2024-56662 kpatch-cvss: 7.1 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-56662 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=265e98f72bac6c41a4492d3e30a8e5fd22fe0779 kpatch-name: rhel9/5.14.0-611.5.1.el9_7/CVE-2025-37994-usb-typec-ucsi-displayport-fix-null-pointer-access.patch kpatch-description: usb: typec: ucsi: displayport: Fix NULL pointer access kpatch-kernel: 5.14.0-611.5.1.el9_7 kpatch-cve: CVE-2025-37994 kpatch-cvss: 7.0 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-37994 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=312d79669e71283d05c05cc49a1a31e59e3d9e0e kpatch-name: rhel9/5.14.0-611.5.1.el9_7/CVE-2024-53229-RDMA-rxe-fix-the-qp-flush-warnings-in-req.patch kpatch-description: RDMA/rxe: Fix the qp flush warnings in req kpatch-kernel: 5.14.0-611.5.1.el9_7 kpatch-cve: CVE-2024-53229 kpatch-cvss: 7.0 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-53229 kpatch-patch-url: https://github.com/torvalds/linux/commit/ea4c990fa9e19ffef0648e40c566b94ba5ab31be kpatch-name: rhel9/5.14.0-611.5.1.el9_7/CVE-2025-21647-sched-sch_cake-add-bounds-checks-to-host-bulk-flow-fairness-counts.patch kpatch-description: sched: sch_cake: add bounds checks to host bulk flow fairness counts kpatch-kernel: 5.14.0-570.12.1.el9_6 kpatch-cve: CVE-2025-21647 kpatch-cvss: 7.1 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-21647 kpatch-patch-url: https://github.com/torvalds/linux/commit/737d4d91d35b5f7fa5bb442651472277318b0bfd kpatch-name: rhel9/5.14.0-611.5.1.el9_7/CVE-2025-21691-cachestat-fix-page-cache-statistics-permission-checking-503.patch kpatch-description: cachestat: fix page cache statistics permission checking kpatch-kernel: 5.14.0-611.5.1.el9_7 kpatch-cve: CVE-2025-21691 kpatch-cvss: 7.1 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-21691 kpatch-patch-url: https://github.com/torvalds/linux/commit/5f537664e705b0bf8b7e329861f20128534f6a83 kpatch-name: rhel9/5.14.0-611.5.1.el9_7/CVE-2025-21702-pfifo_tail_enqueue-drop-new-packet-when-sch-limit-0-503.patch kpatch-description: pfifo_tail_enqueue: Drop new packet when sch->limit == 0 kpatch-kernel: 5.14.0-611.5.1.el9_7 kpatch-cve: CVE-2025-21702 kpatch-cvss: 7.0 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-21702 kpatch-patch-url: https://github.com/torvalds/linux/commit/647cef20e649c576dff271e018d5d15d998b629d kpatch-name: rhel9/5.14.0-611.5.1.el9_7/CVE-2025-21738-ata-libata-sff-ensure-that-we-cannot-write-outside-the-allocated-buffer.patch kpatch-description: ata: libata-sff: Ensure that we cannot write outside the allocated buffer kpatch-kernel: 5.14.0-611.5.1.el9_7 kpatch-cve: CVE-2025-21738 kpatch-cvss: 6.7 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-21738 kpatch-patch-url: https://github.com/torvalds/linux/commit/6e74e53b34b6dec5a50e1404e2680852ec6768d2 kpatch-name: rhel9/5.14.0-611.5.1.el9_7/CVE-2022-49627-ima-fix-potential-memory-leak-in-ima-init-crypto.patch kpatch-description: ima: Fix potential memory leak in ima_init_crypto() kpatch-kernel: 5.14.0-611.5.1.el9_7 kpatch-cve: CVE-2022-49627 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2022-49627 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=067d2521874135267e681c19d42761c601d503d6 kpatch-name: rhel9/5.14.0-611.5.1.el9_7/CVE-2022-49643-ima-fix-a-potential-integer-overflow-in-ima-appraise-measurement.patch kpatch-description: ima: Fix a potential integer overflow in ima_appraise_measurement kpatch-kernel: 5.14.0-611.5.1.el9_7 kpatch-cve: CVE-2022-49643 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2022-49643 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=d2ee2cfc4aa85ff6a2a3b198a3a524ec54e3d999 kpatch-name: rhel9/5.14.0-611.5.1.el9_7/CVE-2022-49648-tracing-histograms-fix-memory-leak-problem.patch kpatch-description: tracing/histograms: Fix memory leak problem kpatch-kernel: 5.14.0-611.5.1.el9_7 kpatch-cve: CVE-2022-49648 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2022-49648 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=7edc3945bdce9c39198a10d6129377a5c53559c2 kpatch-name: rhel9/5.14.0-611.5.1.el9_7/CVE-2022-49657-usbnet-fix-memory-leak-in-error-case.patch kpatch-description: usbnet: fix memory leak in error case kpatch-kernel: 5.14.0-611.5.1.el9_7 kpatch-cve: CVE-2022-49657 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2022-49657 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=b55a21b764c1e182014630fa5486d717484ac58f kpatch-name: rhel9/5.14.0-611.5.1.el9_7/CVE-2022-49672-net-tun-unlink-napi-from-device-on-destruction.patch kpatch-description: net: tun: unlink NAPI from device on destruction kpatch-kernel: 5.14.0-611.5.1.el9_7 kpatch-cve: CVE-2022-49672 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2022-49672 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=3b9bc84d311104906d2b4995a9a02d7b7ddab2db kpatch-name: rhel9/5.14.0-611.5.1.el9_7/CVE-2024-46689-soc-qcom-cmd-db-map-shared-memory-as-wc-not-wb.patch kpatch-description: soc: qcom: cmd-db: Map shared memory as WC, not WB kpatch-kernel: 5.14.0-611.5.1.el9_7 kpatch-cve: CVE-2024-46689 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-46689 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=f9bb896eab221618927ae6a2f1d566567999839d kpatch-name: rhel9/5.14.0-611.5.1.el9_7/CVE-2024-47679-vfs-fix-race-between-evice-inodes-and-find-inode-iput.patch kpatch-description: vfs: fix race between evice_inodes() and find_inode()&iput() kpatch-kernel: 5.14.0-611.5.1.el9_7 kpatch-cve: CVE-2024-47679 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-47679 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=88b1afbf0f6b221f6c5bb66cc80cd3b38d696687 kpatch-name: rhel9/5.14.0-611.5.1.el9_7/CVE-2024-56690-crypto-pcrypt-call-crypto-layer-directly-when-padata-do-parallel-return-ebusy.patch kpatch-description: crypto: pcrypt - Call crypto layer directly when padata_do_parallel() return -EBUSY kpatch-kernel: 5.14.0-611.5.1.el9_7 kpatch-cve: CVE-2024-56690 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-56690 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=662f2f13e66d3883b9238b0b96b17886179e60e2 kpatch-name: rhel9/5.14.0-611.5.1.el9_7/CVE-2024-57986-hid-core-fix-assumption-that-resolution-multipliers-must-be-in-logical-collections.patch kpatch-description: HID: core: Fix assumption that Resolution Multipliers must be in Logical Collections kpatch-kernel: 5.14.0-611.5.1.el9_7 kpatch-cve: CVE-2024-57986 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-57986 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=64f2657b579343cf923aa933f08074e6258eb07b kpatch-name: rhel9/5.14.0-611.5.1.el9_7/CVE-2024-56739-rtc-check-if-rtc-read-time-was-successful-in-rtc-timer-do-work.patch kpatch-description: rtc: check if __rtc_read_time was successful in rtc_timer_do_work() kpatch-kernel: 5.14.0-611.5.1.el9_7 kpatch-cve: CVE-2024-56739 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-56739 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=e8ba8a2bc4f60a1065f23d6a0e7cbea945a0f40d kpatch-name: rhel9/5.14.0-611.5.1.el9_7/CVE-2025-21848-nfp-bpf-add-check-for-nfp-app-ctrl-msg-alloc.patch kpatch-description: nfp: bpf: Add check for nfp_app_ctrl_msg_alloc() kpatch-kernel: 5.14.0-611.5.1.el9_7 kpatch-cve: CVE-2025-21848 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-21848 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=878e7b11736e062514e58f3b445ff343e6705537 kpatch-name: rhel9/5.14.0-611.5.1.el9_7/CVE-2022-49845-can-j1939-j1939-send-one-fix-missing-can-header-initialization.patch kpatch-description: can: j1939: j1939_send_one(): fix missing CAN header initialization kpatch-kernel: 5.14.0-611.5.1.el9_7 kpatch-cve: CVE-2022-49845 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2022-49845 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=3eb3d283e8579a22b81dd2ac3987b77465b2a22f kpatch-name: rhel9/5.14.0-611.5.1.el9_7/CVE-2022-49024-can-m-can-pci-add-missing-m-can-class-free-dev-in-probe-remove-methods.patch kpatch-description: can: m_can: pci: add missing m_can_class_free_dev() in probe/remove methods kpatch-kernel: 5.14.0-611.5.1.el9_7 kpatch-cve: CVE-2022-49024 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2022-49024 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=1eca1d4cc21b6d0fc5f9a390339804c0afce9439 kpatch-name: skipped/CVE-2022-49432.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2022-49432 kpatch-skip-reason: Out of scope: PowerPC architecture isn't supported for current kernel kpatch-cvss: kpatch-name: rhel9/5.14.0-611.5.1.el9_7/CVE-2025-21728-bpf-send-signals-asynchronously-if-preemptible.patch kpatch-description: bpf: Send signals asynchronously if !preemptible kpatch-kernel: 5.14.0-611.5.1.el9_7 kpatch-cve: CVE-2025-21728 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-21728 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=87c544108b612512b254c8f79aa5c0a8546e2cc4 kpatch-name: rhel9/5.14.0-611.5.1.el9_7/CVE-2025-21728-bpf-Use-preempt_count-directly-in-bpf_send_signal_common.patch kpatch-description: [PATCH] bpf: Use preempt_count() directly in bpf_send_signal_common() kpatch-kernel: 5.14.0-611.5.1.el9_7 kpatch-cve: CVE-2025-21728 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-21728 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=87c544108b612512b254c8f79aa5c0a8546e2cc4 kpatch-name: skipped/CVE-2025-21855.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2025-21855 kpatch-skip-reason: CONFIG_IBMVNIC is not enabled on EL9. kpatch-cvss: kpatch-name: rhel9/5.14.0-611.5.1.el9_7/CVE-2024-56675-bpf-fix-uaf-via-mismatching-bpf-prog-attachment-rcu-flavors-5.14.0-503.40.1.el9_5.patch kpatch-description: bpf: Fix UAF via mismatching bpf_prog/attachment RCU flavors kpatch-kernel: 5.14.0-611.5.1.el9_7 kpatch-cve: CVE-2024-56675 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-56675 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=ef1b808e3b7c98612feceedf985c2fbbeb28f956 kpatch-name: rhel9/5.14.0-611.5.1.el9_7/CVE-2025-21853-bpf-avoid-holding-freeze-mutex-during-mmap-operation-5.14.0-427.42.1.patch kpatch-description: bpf: avoid holding freeze_mutex during mmap operation kpatch-kernel: 5.14.0-611.5.1.el9_7 kpatch-cve: CVE-2025-21853 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-21853 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=bc27c52eea189e8f7492d40739b7746d67b65beb kpatch-name: rhel9/5.14.0-611.5.1.el9_7/CVE-2024-50060-io-uring-check-if-we-need-to-reschedule-during-overflow-flush-503.patch kpatch-description: io_uring: check if we need to reschedule during overflow flush kpatch-kernel: 5.14.0-611.5.1.el9_7 kpatch-cve: CVE-2024-50060 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-50060 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=eac2ca2d682f94f46b1973bdf5e77d85d77b8e53 kpatch-name: rhel9/5.14.0-611.5.1.el9_7/CVE-2024-53216-sunrpc-introduce-cache-check-rcu-to-help-check-in-rcu-context.patch kpatch-description: SUNRPC: introduce cache_check_rcu to help check in rcu context kpatch-kernel: 5.14.0-611.5.1.el9_7 kpatch-cve: CVE-2024-53216 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-53216 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=f8c989a0c89a75d30f899a7cabdc14d72522bb8d kpatch-name: rhel9/5.14.0-611.5.1.el9_7/CVE-2024-53216-sunrpc-no-need-get-cache-ref-when-protected-by-rcu.patch kpatch-description: SUNRPC: no need get cache ref when protected by rcu kpatch-kernel: 5.14.0-611.5.1.el9_7 kpatch-cve: CVE-2024-53216 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-53216 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=f8c989a0c89a75d30f899a7cabdc14d72522bb8d kpatch-name: rhel9/5.14.0-611.5.1.el9_7/CVE-2024-53216-nfsd-no-need-get-cache-ref-when-protected-by-rcu.patch kpatch-description: nfsd: no need get cache ref when protected by rcu kpatch-kernel: 5.14.0-611.5.1.el9_7 kpatch-cve: CVE-2024-53216 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-53216 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=f8c989a0c89a75d30f899a7cabdc14d72522bb8d kpatch-name: rhel9/5.14.0-611.5.1.el9_7/CVE-2024-53216-nfsd-fix-uaf-when-access-ex-uuid-or-ex-stats-427.patch kpatch-description: nfsd: fix UAF when access ex_uuid or ex_stats kpatch-kernel: 5.14.0-611.5.1.el9_7 kpatch-cve: CVE-2024-53216 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-53216 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=f8c989a0c89a75d30f899a7cabdc14d72522bb8d kpatch-name: rhel9/5.14.0-611.5.1.el9_7/CVE-2024-54456-nfs-fix-potential-buffer-overflowin-nfs-sysfs-link-rpc-client.patch kpatch-description: NFS: Fix potential buffer overflowin nfs_sysfs_link_rpc_client() kpatch-kernel: 5.14.0-611.5.1.el9_7 kpatch-cve: CVE-2024-54456 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-54456 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=49fd4e34751e90e6df009b70cd0659dc839e7ca8 kpatch-name: rhel9/5.14.0-611.5.1.el9_7/CVE-2024-56709-io-uring-check-if-iowq-is-killed-before-queuing.patch kpatch-description: io_uring: check if iowq is killed before queuing kpatch-kernel: 5.14.0-611.5.1.el9_7 kpatch-cve: CVE-2024-56709 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-56709 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=dbd2ca9367eb19bc5e269b8c58b0b1514ada9156 kpatch-name: rhel9/5.14.0-611.5.1.el9_7/CVE-2025-21863-io-uring-prevent-opcode-speculation.patch kpatch-description: io_uring: prevent opcode speculation kpatch-kernel: 5.14.0-611.5.1.el9_7 kpatch-cve: CVE-2025-21863 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-21863 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=1e988c3fe1264708f4f92109203ac5b1d65de50b kpatch-name: rhel9/5.14.0-611.5.1.el9_7/CVE-2025-21714-rdma-mlx5-fix-implicit-odp-use-after-free-503.patch kpatch-description: RDMA/mlx5: Fix implicit ODP use after free kpatch-kernel: 5.14.0-611.5.1.el9_7 kpatch-cve: CVE-2025-21714 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-21714 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=d3d930411ce390e532470194296658a960887773 kpatch-name: rhel9/5.14.0-611.5.1.el9_7/CVE-2025-21714-RDMA-mlx5-Fix-implicit-ODP-hang-on-parent-deregistration-503.patch kpatch-description: RDMA/mlx5: Fix implicit ODP hang on parent deregistration kpatch-kernel: 5.14.0-611.5.1.el9_7 kpatch-cve: CVE-2025-21714 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-21714 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=3d8c6f26893d55fab218ad086719de1fc9bb86ba kpatch-name: rhel9/5.14.0-611.5.1.el9_7/CVE-2025-21729-wifi-rtw89-fix-race-between-cancel-hw-scan-and-hw-scan-completion.patch kpatch-description: wifi: rtw89: fix race between cancel_hw_scan and hw_scan completion kpatch-kernel: 5.14.0-611.5.1.el9_7 kpatch-cve: CVE-2025-21729 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-21729 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=ba4bb0402c60e945c4c396c51f0acac3c3e3ea5c kpatch-name: rhel9/5.14.0-611.5.1.el9_7/CVE-2022-49670-linux-dim-fix-divide-by-0-in-rdma-dim.patch kpatch-description: linux/dim: Fix divide by 0 in RDMA DIM kpatch-kernel: 5.14.0-611.5.1.el9_7 kpatch-cve: CVE-2022-49670 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2022-49670 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=0fe3dbbefb74a8575f61d7801b08dbc50523d60d kpatch-name: rhel9/5.14.0-611.5.1.el9_7/CVE-2024-50195-posix-clock-fix-missing-timespec64-check-in-pc-clock-settime.patch kpatch-description: posix-clock: Fix missing timespec64 check in pc_clock_settime() kpatch-kernel: 5.14.0-611.5.1.el9_7 kpatch-cve: CVE-2024-50195 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-50195 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=d8794ac20a299b647ba9958f6d657051fc51a540 kpatch-name: rhel9/5.14.0-611.5.1.el9_7/CVE-2024-50195-posix-clock-posix-clock-fix-unbalanced-locking-in-pc-clock-settime-5.14.0-570.62.1.el9_6.patch kpatch-description: posix-clock: posix-clock: Fix unbalanced locking in pc_clock_settime() kpatch-kernel: 5.14.0-611.5.1.el9_7 kpatch-cve: CVE-2024-50195 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-50195 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=d8794ac20a299b647ba9958f6d657051fc51a540 kpatch-name: rhel9/5.14.0-611.5.1.el9_7/CVE-2024-57988-bluetooth-btbcm-fix-null-deref-in-btbcm-get-board-name-5.14.0-503.40.1.el9_5.patch kpatch-description: Bluetooth: btbcm: Fix NULL deref in btbcm_get_board_name() kpatch-kernel: 5.14.0-611.5.1.el9_7 kpatch-cve: CVE-2024-57988 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-57988 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=b88655bc6593c6a7fdc1248b212d17e581c4334e kpatch-name: rhel9/5.14.0-611.5.1.el9_7/CVE-2024-58077-asoc-soc-pcm-don-t-use-soc-pcm-ret-on-prepare-callback-5.14.0-427.42.1.el9_4.patch kpatch-description: ASoC: soc-pcm: don't use soc_pcm_ret() on .prepare callback kpatch-kernel: 5.14.0-611.5.1.el9_7 kpatch-cve: CVE-2024-58077 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-58077 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=301c26a018acb94dd537a4418cefa0f654500c6f kpatch-name: skipped/CVE-2025-22056.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2025-22056 kpatch-skip-reason: Postponed: complex analysis and adaptation required kpatch-cvss: kpatch-name: rhel9/5.14.0-611.5.1.el9_7/CVE-2024-56672-blk-cgroup-fix-uaf-in-blkcg-unpin-online.patch kpatch-description: blk-cgroup: Fix UAF in blkcg_unpin_online() kpatch-kernel: 5.14.0-611.5.1.el9_7 kpatch-cve: CVE-2024-56672 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-56672 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=86e6ca55b83c575ab0f2e105cf08f98e58d3d7af kpatch-name: rhel9/5.14.0-611.5.1.el9_7/CVE-2024-53170-block-fix-uaf-for-flush-rq-while-iterating-tags.patch kpatch-description: block: fix uaf for flush rq while iterating tags kpatch-kernel: 5.14.0-611.5.1.el9_7 kpatch-cve: CVE-2024-53170 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-53170 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=3802f73bd80766d70f319658f334754164075bc3 kpatch-name: rhel9/5.14.0-611.5.1.el9_7/CVE-2024-47727-x86-tdx-fix-in-kernel-mmio-check-5.14.0-503.40.1.el9_5.patch kpatch-description: x86/tdx: Fix "in-kernel MMIO" check kpatch-kernel: 5.14.0-611.5.1.el9_7 kpatch-cve: CVE-2024-47727 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-47727 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=d4fc4d01471528da8a9797a065982e05090e1d81 kpatch-name: rhel9/5.14.0-611.5.1.el9_7/CVE-2024-57998-opp-add-index-check-to-assert-to-avoid-buffer-overflow-in-read-freq-503.patch kpatch-description: OPP: add index check to assert to avoid buffer overflow in _read_freq() kpatch-kernel: 5.14.0-611.5.1.el9_7 kpatch-cve: CVE-2024-57998 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-57998 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=d659bc68ed489022ea33342cfbda2911a81e7a0d kpatch-name: rhel9/5.14.0-611.5.1.el9_7/CVE-2024-58068-opp-fix-dev-pm-opp-find-bw-when-bandwidth-table-not-initialized.patch kpatch-description: OPP: fix dev_pm_opp_find_bw_*() when bandwidth table not initialized kpatch-kernel: 5.14.0-611.5.1.el9_7 kpatch-cve: CVE-2024-58068 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-58068 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=b44b9bc7cab2967c3d6a791b1cd542c89fc07f0e kpatch-name: rhel9/5.14.0-611.5.1.el9_7/CVE-2025-21745-blk-cgroup-fix-class-block-class-s-subsystem-refcount-leakage.patch kpatch-description: blk-cgroup: Fix class @block_class's subsystem refcount leakage kpatch-kernel: 5.14.0-611.5.1.el9_7 kpatch-cve: CVE-2025-21745 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-21745 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=d1248436cbef1f924c04255367ff4845ccd9025e kpatch-name: rhel9/5.14.0-611.5.1.el9_7/CVE-2024-58083-kvm-explicitly-verify-target-vcpu-is-online-in-kvm-get-vcpu.patch kpatch-description: KVM: Explicitly verify target vCPU is online in kvm_get_vcpu() kpatch-kernel: 5.14.0-611.5.1.el9_7 kpatch-cve: CVE-2024-58083 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-58083 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=1e7381f3617d14b3c11da80ff5f8a93ab14cfc46 kpatch-name: rhel9/5.14.0-611.5.1.el9_7/CVE-2025-21787-team-better-team-option-type-string-validation-503.38.patch kpatch-description: team: better TEAM_OPTION_TYPE_STRING validation kpatch-kernel: 5.14.0-611.5.1.el9_7 kpatch-cve: CVE-2025-21787 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-21787 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=5bef3ac184b5626ea62385d6b82a1992b89d7940 kpatch-name: skipped/CVE-2025-21829.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2025-21829 kpatch-skip-reason: Patches a sleepable function, which may prevent patching/unpatching. kpatch-cvss: kpatch-name: rhel9/5.14.0-611.5.1.el9_7/CVE-2025-21765-net-add-dev-net-rcu-helper.patch kpatch-description: net: add dev_net_rcu() helper kpatch-kernel: 5.14.0-611.5.1.el9_7 kpatch-cve: CVE-2025-21765 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-21765 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=3c8ffcd248da34fc41e52a46e51505900115fc2a kpatch-name: rhel9/5.14.0-611.5.1.el9_7/CVE-2025-21765-ipv6-use-rcu-protection-in-ip6-default-advmss.patch kpatch-description: ipv6: use RCU protection in ip6_default_advmss() kpatch-kernel: 5.14.0-611.5.1.el9_7 kpatch-cve: CVE-2025-21765 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-21765 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=3c8ffcd248da34fc41e52a46e51505900115fc2a kpatch-name: rhel9/5.14.0-611.5.1.el9_7/CVE-2024-49864-rxrpc-fix-a-race-between-socket-set-up-and-i-o-thread-creation.patch kpatch-description: rxrpc: Fix a race between socket set up and I/O thread creation kpatch-kernel: 5.14.0-611.5.1.el9_7 kpatch-cve: CVE-2024-49864 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-49864 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=bc212465326e8587325f520a052346f0b57360e6 kpatch-name: rhel9/5.14.0-611.5.1.el9_7/CVE-2025-21844-smb-client-add-check-for-next-buffer-in-receive-encrypted-standard.patch kpatch-description: smb: client: Add check for next_buffer in receive_encrypted_standard() kpatch-kernel: 5.14.0-611.5.1.el9_7 kpatch-cve: CVE-2025-21844 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-21844 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=860ca5e50f73c2a1cef7eefc9d39d04e275417f7 kpatch-name: rhel9/5.14.0-611.5.1.el9_7/CVE-2024-52332-igb-fix-potential-invalid-memory-access-in-igb-init-module.patch kpatch-description: igb: Fix potential invalid memory access in igb_init_module() kpatch-kernel: 5.14.0-611.5.1.el9_7 kpatch-cve: CVE-2024-52332 kpatch-cvss: 7.1 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-52332 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=0566f83d206c7a864abcd741fe39d6e0ae5eef29 kpatch-name: rhel9/5.14.0-611.5.1.el9_7/CVE-2024-58012-asoc-sof-intel-hda-dai-ensure-dai-widget-is-valid-during-params-5.14.0-427.42.1.el9_4.patch kpatch-description: ASoC: SOF: Intel: hda-dai: Ensure DAI widget is valid during params kpatch-kernel: 5.14.0-611.5.1.el9_7 kpatch-cve: CVE-2024-58012 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-58012 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=569922b82ca660f8b24e705f6cf674e6b1f99cc7 kpatch-name: rhel9/5.14.0-611.5.1.el9_7/CVE-2024-53052-io-uring-rw-fix-missing-nowait-check-for-o-direct-start-write-dep.patch kpatch-description: io_uring/rw: fix missing NOWAIT check for O_DIRECT start write kpatch-kernel: 5.14.0-611.5.1.el9_7 kpatch-cve: CVE-2024-53052 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-53052 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=ed0360bbab72b829437b67ebb2f9cfac19f59dfe kpatch-name: rhel9/5.14.0-611.5.1.el9_7/CVE-2024-53052-io-uring-rw-fix-missing-nowait-check-for-o-direct-start-write-5.14.0-427.42.1.el9_4.patch kpatch-description: io_uring/rw: fix missing NOWAIT check for O_DIRECT start write kpatch-kernel: 5.14.0-611.5.1.el9_7 kpatch-cve: CVE-2024-53052 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-53052 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=1d60d74e852647255bd8e76f5a22dc42531e4389 kpatch-name: rhel9/5.14.0-611.5.1.el9_7/CVE-2025-21847-asoc-sof-stream-ipc-check-for-cstream-nullity-in-sof-ipc-msg-data.patch kpatch-description: ASoC: SOF: stream-ipc: Check for cstream nullity in sof_ipc_msg_data() kpatch-kernel: 5.14.0-611.5.1.el9_7 kpatch-cve: CVE-2025-21847 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-21847 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=d8d99c3b5c485f339864aeaa29f76269cc0ea975 kpatch-name: skipped/CVE-2025-21837.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2025-21837 kpatch-skip-reason: CVE has been marked as REJECTED on the NVD website. kpatch-cvss: kpatch-name: skipped/CVE-2025-21726.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2025-21726 kpatch-skip-reason: Out of scope: not affected kpatch-cvss: kpatch-name: rhel9/5.14.0-611.5.1.el9_7/CVE-2024-58072-wifi-rtlwifi-remove-unused-check-buddy-priv.patch kpatch-description: wifi: rtlwifi: remove unused check_buddy_priv kpatch-kernel: 5.14.0-611.5.1.el9_7 kpatch-cve: CVE-2024-58072 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-58072 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=2fdac64c3c35858aa8ac5caa70b232e03456e120 kpatch-name: skipped/CVE-2022-49437.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2022-49437 kpatch-skip-reason: Out of scope: PowerPC architecture isn't supported for current kernel kpatch-cvss: kpatch-name: skipped/CVE-2022-49623.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2022-49623 kpatch-skip-reason: Out of scope: PowerPC architecture isn't supported for current kernel kpatch-cvss: kpatch-name: rhel9/5.14.0-611.5.1.el9_7/CVE-2024-56645-can-j1939-j1939-session-new-fix-skb-reference-counting.patch kpatch-description: can: j1939: j1939_session_new(): fix skb reference counting kpatch-kernel: 5.14.0-611.5.1.el9_7 kpatch-cve: CVE-2024-56645 kpatch-cvss: 7.1 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-56645 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=a8c695005bfe6569acd73d777ca298ddddd66105 kpatch-name: rhel9/5.14.0-611.5.1.el9_7/CVE-2025-38396-fs-export-anon-inode-make-secure-inode-and-fix-secretmem-lsm-bypass-5.14.0-427.42.1.el9_4.patch kpatch-description: fs: export anon_inode_make_secure_inode() and fix secretmem LSM bypass kpatch-kernel: 5.14.0-611.5.1.el9_7 kpatch-cve: CVE-2025-38396 kpatch-cvss: 7.0 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-38396 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=cbe4134ea4bc493239786220bd69cb8a13493190 kpatch-name: rhel9/5.14.0-611.5.1.el9_7/CVE-2025-21795-Revert-NFSD-Reschedule-CB-operations-when-backchannel-rpc_clnt-is-shut-down.patch kpatch-description: NFSD: fix hang in nfsd4_shutdown_callback kpatch-kernel: 5.14.0-611.5.1.el9_7 kpatch-cve: CVE-2025-21795 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-21795 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=9c8ecb9308d8013ff9ac9d36fdd8ae746033b93c kpatch-name: rhel9/5.14.0-611.5.1.el9_7/CVE-2025-21795-nfsd-fix-hang-in-nfsd4-shutdown-callback.patch kpatch-description: NFSD: fix hang in nfsd4_shutdown_callback kpatch-kernel: 5.14.0-611.5.1.el9_7 kpatch-cve: CVE-2025-21795 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-21795 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=036ac2778f7b28885814c6fbc07e156ad1624d03 kpatch-name: rhel9/5.14.0-611.5.1.el9_7/CVE-2024-53119-virtio-vsock-fix-accept-queue-memory-leak.patch kpatch-description: virtio/vsock: Fix accept_queue memory leak kpatch-kernel: 5.14.0-611.5.1.el9_7 kpatch-cve: CVE-2024-53119 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-53119 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=d7b0ff5a866724c3ad21f2628c22a63336deec3f kpatch-name: rhel9/5.14.0-611.5.1.el9_7/CVE-2024-58088-bpf-fix-deadlock-when-freeing-cgroup-storage.patch kpatch-description: bpf: Fix deadlock when freeing cgroup storage kpatch-kernel: 5.14.0-611.5.1.el9_7 kpatch-cve: CVE-2024-58088 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-58088 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=c78f4afbd962f43a3989f45f3ca04300252b19b5 kpatch-name: skipped/CVE-2025-21851.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2025-21851 kpatch-skip-reason: arm64 and CONFIG_PAGE_SIZE_64KB specific kpatch-cvss: kpatch-name: rhel9/5.14.0-611.5.1.el9_7/CVE-2024-57993-hid-hid-thrustmaster-fix-warning-in-thrustmaster-probe-by-adding-endpoint-check.patch kpatch-description: HID: hid-thrustmaster: Fix warning in thrustmaster_probe by adding endpoint check kpatch-kernel: 5.14.0-611.5.1.el9_7 kpatch-cve: CVE-2024-57993 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-57993 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=50420d7c79c37a3efe4010ff9b1bb14bc61ebccf kpatch-name: rhel9/5.14.0-611.5.1.el9_7/CVE-2024-57993-hid-hid-thrustmaster-fix-stack-out-of-bounds-read-in-usb-check-int-endpoints.patch kpatch-description: HID: hid-thrustmaster: fix stack-out-of-bounds read in usb_check_int_endpoints() kpatch-kernel: 5.14.0-611.5.1.el9_7 kpatch-cve: CVE-2024-57993 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-57993 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=50420d7c79c37a3efe4010ff9b1bb14bc61ebccf kpatch-name: rhel9/5.14.0-611.5.1.el9_7/CVE-2024-57993-hid-thrustmaster-fix-memory-leak-in-thrustmaster-interrupts.patch kpatch-description: HID: thrustmaster: fix memory leak in thrustmaster_interrupts() kpatch-kernel: 5.14.0-611.5.1.el9_7 kpatch-cve: CVE-2024-57993 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-57993 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=50420d7c79c37a3efe4010ff9b1bb14bc61ebccf kpatch-name: skipped/CVE-2025-21739.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2025-21739 kpatch-skip-reason: config CONFIG_SCSI_UFSHCD is not set for any kernel version kpatch-cvss: kpatch-name: rhel9/5.14.0-611.5.1.el9_7/CVE-2025-38075-scsi-target-iscsi-fix-timeout-on-deleted-connection.patch kpatch-description: scsi: target: iscsi: Fix timeout on deleted connection kpatch-kernel: 5.14.0-611.5.1.el9_7 kpatch-cve: CVE-2025-38075 kpatch-cvss: 7.0 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-38075 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=7f533cc5ee4c4436cee51dc58e81dfd9c3384418 kpatch-name: skipped/CVE-2022-49357.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2022-49357 kpatch-skip-reason: Out of scope: T2 Macs not supported kpatch-cvss: kpatch-name: skipped/CVE-2022-49353.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2022-49353 kpatch-skip-reason: Out of scope: PowerPC architecture isn't supported for current kernel kpatch-cvss: kpatch-name: skipped/CVE-2025-21786.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2025-21786 kpatch-skip-reason: Complex adaptation required kpatch-cvss: kpatch-name: skipped/CVE-2025-38116.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2025-38116 kpatch-skip-reason: Out of scope: not affected kpatch-cvss: kpatch-name: rhel9/5.14.0-611.5.1.el9_7/CVE-2024-57981-usb-xhci-fix-null-pointer-dereference-on-certain-command-aborts-5.14.0-427.42.1.el9_4.patch kpatch-description: usb: xhci: Fix NULL pointer dereference on certain command aborts kpatch-kernel: 5.14.0-611.5.1.el9_7 kpatch-cve: CVE-2024-57981 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-57981 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=1e0a19912adb68a4b2b74fd77001c96cd83eb073 kpatch-name: rhel9/5.14.0-611.5.1.el9_7/CVE-2025-21861-mm-migrate-device-don-t-add-folio-to-be-freed-to-lru-in-migrate-device-finalize.patch kpatch-description: mm/migrate_device: don't add folio to be freed to LRU in migrate_device_finalize() kpatch-kernel: 5.14.0-611.5.1.el9_7 kpatch-cve: CVE-2025-21861 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-21861 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=41cddf83d8b00f29fd105e7a0777366edc69a5cf kpatch-name: skipped/CVE-2025-21696.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2025-21696 kpatch-skip-reason: Patch for mm subsystem from CVE of medium (5.5) impact kpatch-cvss: kpatch-name: skipped/CVE-2022-48830.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2022-48830 kpatch-skip-reason: CAN isn't used in servers kpatch-cvss: kpatch-name: skipped/CVE-2022-49269.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2022-49269 kpatch-skip-reason: CAN isn't used in servers kpatch-cvss: kpatch-name: rhel9/5.14.0-611.5.1.el9_7/CVE-2025-21828-wifi-mac80211-don-t-flush-non-uploaded-stas.patch kpatch-description: wifi: mac80211: don't flush non-uploaded STAs kpatch-kernel: 5.14.0-611.5.1.el9_7 kpatch-cve: CVE-2025-21828 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-21828 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=aa3ce3f8fafa0b8fb062f28024855ea8cb3f3450 kpatch-name: rhel9/5.14.0-611.5.1.el9_7/CVE-2024-53135-kvm-vmx-bury-intel-pt-virtualization-guest-host-mode-behind-config-broken-427.patch kpatch-description: KVM: VMX: Bury Intel PT virtualization (guest/host mode) behind CONFIG_BROKEN kpatch-kernel: 5.14.0-611.5.1.el9_7 kpatch-cve: CVE-2024-53135 kpatch-cvss: 6.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-53135 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=aa0d42cacf093a6fcca872edc954f6f812926a17 kpatch-name: rhel9/5.14.0-611.5.1.el9_7/CVE-2024-53135-kvm-vmx-bury-intel-pt-virtualization-guest-host-mode-behind-config-broken-kpatch-427.patch kpatch-description: KVM: VMX: Bury Intel PT virtualization (guest/host mode) behind CONFIG_BROKEN kpatch-kernel: 5.14.0-611.5.1.el9_7 kpatch-cve: CVE-2024-53135 kpatch-cvss: 6.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-53135 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=aa0d42cacf093a6fcca872edc954f6f812926a17 kpatch-name: rhel9/5.14.0-611.5.1.el9_7/CVE-2024-50294-rxrpc-fix-missing-locking-causing-hanging-calls.patch kpatch-description: rxrpc: Fix missing locking causing hanging calls kpatch-kernel: 5.14.0-611.5.1.el9_7 kpatch-cve: CVE-2024-50294 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-50294 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=fc9de52de38f656399d2ce40f7349a6b5f86e787 kpatch-name: rhel9/5.14.0-611.5.1.el9_7/CVE-2024-50294-rxrpc-fix-missing-locking-causing-hanging-calls-kpatch.patch kpatch-description: rxrpc: Fix missing locking causing hanging calls kpatch-kernel: 5.14.0-611.5.1.el9_7 kpatch-cve: CVE-2024-50294 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-50294 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=fc9de52de38f656399d2ce40f7349a6b5f86e787 kpatch-name: rhel9/5.14.0-611.5.1.el9_7/CVE-2025-21839-KVM-x86-Load-DR6-with-guest-value-only-before-kpatch-503.patch kpatch-description: KVM: x86: Load DR6 with guest value only before entering .vcpu_run() loop kpatch-kernel: 5.14.0-611.5.1.el9_7 kpatch-cve: CVE-2025-21839 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-21839 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=c2fee09fc167c74a64adb08656cb993ea475197e kpatch-name: rhel9/5.14.0-611.5.1.el9_7/CVE-2025-21746-input-serio-define-serio-pause-rx-guard-to-pause-and-resume-serio-ports.patch kpatch-description: Input: serio - define serio_pause_rx guard to pause and resume serio ports kpatch-kernel: 5.14.0-611.5.1.el9_7 kpatch-cve: CVE-2025-21746 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-21746 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=08bd5b7c9a2401faabdaa1472d45c7de0755fd7e kpatch-name: rhel9/5.14.0-611.5.1.el9_7/CVE-2025-21746-input-synaptics-fix-crash-when-enabling-pass-through-port.patch kpatch-description: Input: synaptics - fix crash when enabling pass-through port kpatch-kernel: 5.14.0-611.5.1.el9_7 kpatch-cve: CVE-2025-21746 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-21746 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=08bd5b7c9a2401faabdaa1472d45c7de0755fd7e kpatch-name: rhel9/5.14.0-611.5.1.el9_7/CVE-2025-21746-input-synaptics-fix-crash-when-enabling-pass-through-port-kpatch.patch kpatch-description: Input: synaptics - fix crash when enabling pass-through port kpatch-kernel: 5.14.0-611.5.1.el9_7 kpatch-cve: CVE-2025-21746 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-21746 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=08bd5b7c9a2401faabdaa1472d45c7de0755fd7e kpatch-name: rhel9/5.14.0-611.5.1.el9_7/CVE-2022-49443-list-fix-a-data-race-around-ep-rdllist-570.51.patch kpatch-description: list: fix a data-race around ep->rdllist kpatch-kernel: 5.14.0-611.5.1.el9_7 kpatch-cve: CVE-2022-49443 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2022-49443 kpatch-patch-url: https://github.com/torvalds/linux/commit/d679ae94fdd5d3ab00c35078f5af5f37e068b03d kpatch-name: rhel9/5.14.0-611.5.1.el9_7/CVE-2024-53680-ipvs-fix-ub-due-to-uninitialized-stack-access-in-ip-vs-protocol-init.patch kpatch-description: ipvs: fix UB due to uninitialized stack access in ip_vs_protocol_init() kpatch-kernel: 5.14.0-611.5.1.el9_7 kpatch-cve: CVE-2024-53680 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-53680 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=146b6f1112eb30a19776d6c323c994e9d67790db kpatch-name: rhel9/5.14.0-611.5.1.el9_7/CVE-2025-21864-tcp-drop-skb-dst-in-tcp_rcv_established.patch kpatch-description: tcp: drop skb dst in tcp_rcv_established() kpatch-kernel: 5.14.0-611.5.1.el9_7 kpatch-cve: CVE-2025-21864 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-21864 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=783d108dd71d97e4cac5fe8ce70ca43ed7dc7bb7 kpatch-name: rhel9/5.14.0-611.5.1.el9_7/CVE-2025-21864-tcp-drop-secpath-at-the-same-time-as-we-currently-dr-284.patch kpatch-description: tcp: drop secpath at the same time as we currently drop dst kpatch-kernel: 5.14.0-611.5.1.el9_7 kpatch-cve: CVE-2025-21864 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-21864 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=9b6412e6979f6f9e0632075f8f008937b5cd4efd kpatch-name: rhel9/5.14.0-611.5.1.el9_7/CVE-2025-21846-acct-perform-last-write-from-workqueue.patch kpatch-description: acct: perform last write from workqueue kpatch-kernel: 5.14.0-611.5.1.el9_7 kpatch-cve: CVE-2025-21846 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-21846 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=56d5f3eba3f5de0efdd556de4ef381e109b973a9 kpatch-name: rhel9/5.14.0-611.5.1.el9_7/CVE-2025-21846-acct-perform-last-write-from-workqueue-kpatch.patch kpatch-description: acct: perform last write from workqueue kpatch-kernel: 5.14.0-611.5.1.el9_7 kpatch-cve: CVE-2025-21846 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-21846 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=56d5f3eba3f5de0efdd556de4ef381e109b973a9 kpatch-name: rhel9/5.14.0-611.5.1.el9_7/CVE-2025-21806-net-let-net-core-dev-weight-always-be-non-zero.patch kpatch-description: net: let net.core.dev_weight always be non-zero kpatch-kernel: 5.14.0-611.5.1.el9_7 kpatch-cve: CVE-2025-21806 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-21806 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=d1f9f79fa2af8e3b45cffdeef66e05833480148a kpatch-name: rhel9/5.14.0-611.5.1.el9_7/CVE-2025-21806-net-let-net-core-dev-weight-always-be-non-zero-kpatch.patch kpatch-description: net: let net.core.dev_weight always be non-zero kpatch-kernel: 5.14.0-611.5.1.el9_7 kpatch-cve: CVE-2025-21806 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-21806 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=d1f9f79fa2af8e3b45cffdeef66e05833480148a kpatch-name: rhel9/5.14.0-611.5.1.el9_7/CVE-2024-53090-afs-fix-lock-recursion-5.14.0-427.42.1.el9_4-kpatch.patch kpatch-description: afs: Fix lock recursion kpatch-kernel: 5.14.0-611.5.1.el9_7 kpatch-cve: CVE-2024-53090 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-53090 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=610a79ffea02102899a1373fe226d949944a7ed6 kpatch-name: rhel9/5.14.0-611.5.1.el9_7/CVE-2025-21693-mm-zswap-properly-synchronize-freeing-resources-during-CPU-hotunplug-kpatch-5.14.0-427.42.1.el9_4.patch kpatch-description: [PATCH] mm: zswap: properly synchronize freeing resources during CPU hotunplug kpatch-kernel: 5.14.0-611.5.1.el9_7 kpatch-cve: CVE-2025-21693 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-21693 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=12dcb0ef540629a281533f9dedc1b6b8e14cfb65 kpatch-name: rhel9/5.14.0-611.5.1.el9_7/CVE-2025-21693-mm-zswap-move-allocations-during-CPU-init-outside-the-lock-5.14.0-503.40.1.el9_5.patch kpatch-description: [PATCH] mm: zswap: move allocations during CPU init outside the lock kpatch-kernel: 5.14.0-611.5.1.el9_7 kpatch-cve: CVE-2025-21693 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-21693 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=779b9955f64327c339a16f68055af98252fd3315 kpatch-name: rhel9/5.14.0-611.5.1.el9_7/CVE-2025-21693-mm-zswap-fix-crypto_free_acomp-deadlock-in-zswap_cpu_comp_dead-5.14.0-503.40.1.el9_5.patch kpatch-description: [PATCH] mm: zswap: fix crypto_free_acomp() deadlock in zswap_cpu_comp_dead() kpatch-kernel: 5.14.0-611.5.1.el9_7 kpatch-cve: CVE-2025-21693 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-21693 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=c11bcbc0a517acf69282c8225059b2a8ac5fe628 kpatch-name: rhel9/5.14.0-611.11.1.el9_7/CVE-2025-39864-wifi-cfg80211-fix-use-after-free-in-cmp-bss.patch kpatch-description: wifi: cfg80211: fix use-after-free in cmp_bss() kpatch-kernel: 5.14.0-611.11.1.el9_7 kpatch-cve: CVE-2025-39864 kpatch-cvss: 7.0 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-39864 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=26e84445f02ce6b2fe5f3e0e28ff7add77f35e08 kpatch-name: rhel9/5.14.0-611.11.1.el9_7/CVE-2025-38724-nfsd-handle-get-client-locked-failure-in-nfsd4-setclientid-confirm.patch kpatch-description: nfsd: handle get_client_locked() failure in nfsd4_setclientid_confirm() kpatch-kernel: 5.14.0-611.11.1.el9_7 kpatch-cve: CVE-2025-38724 kpatch-cvss: 7.0 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-38724 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=908e4ead7f757504d8b345452730636e298cbf68 kpatch-name: skipped/CVE-2025-39898.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2025-39898 kpatch-skip-reason: CVE rejected kpatch-cvss: kpatch-name: skipped/CVE-2025-39981.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2025-39981 kpatch-skip-reason: Complex adaptation required kpatch-cvss: kpatch-name: rhel9/5.14.0-611.11.1.el9_7/CVE-2025-39955-tcp-clear-tcp-sk-sk-fastopen-rsk-in-tcp-disconnect.patch kpatch-description: tcp: Clear tcp_sk(sk)->fastopen_rsk in tcp_disconnect(). kpatch-kernel: 5.14.0-611.11.1.el9_7 kpatch-cve: CVE-2025-39955 kpatch-cvss: 7.6 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-39955 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=45c8a6cc2bcd780e634a6ba8e46bffbdf1fc5c01 kpatch-name: rhel9/5.14.0-611.11.1.el9_7/CVE-2025-39955-tcp-don-t-call-reqsk_fastopen_remove-in-tcp_conn_request.patch kpatch-description: tcp: Clear tcp_sk(sk)->fastopen_rsk in tcp_disconnect(). kpatch-kernel: 5.14.0-611.11.1.el9_7 kpatch-cve: CVE-2025-39955 kpatch-cvss: 7.6 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-39955 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=2e7cbbbe3d61c63606994b7ff73c72537afe2e1c kpatch-name: rhel9/5.14.0-611.9.1.el9_7/CVE-2025-39843-mm-slub-avoid-wake-up-kswapd-in-set-track-prepare-427.patch kpatch-description: mm: slub: avoid wake up kswapd in set_track_prepare kpatch-kernel: 5.14.0-611.9.1.el9_7 kpatch-cve: CVE-2025-39843 kpatch-cvss: 7.0 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-39843 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=850470a8413a8a78e772c4f6bd9fe81ec6bd5b0f kpatch-name: rhel9/5.14.0-611.8.1.el9_7/CVE-2025-39982-bluetooth-hci-event-fix-uaf-in-hci-acl-create-conn-sync.patch kpatch-description: Bluetooth: hci_event: Fix UAF in hci_acl_create_conn_sync kpatch-kernel: 5.14.0-611.8.1.el9_7 kpatch-cve: CVE-2025-39982 kpatch-cvss: 7.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-39982 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=9e622804d57e2d08f0271200606bd1270f75126f kpatch-name: rhel9/5.14.0-611.8.1.el9_7/CVE-2025-39983-bluetooth-hci-event-fix-uaf-in-hci-conn-tx-dequeue.patch kpatch-description: Bluetooth: hci_event: Fix UAF in hci_conn_tx_dequeue kpatch-kernel: 5.14.0-611.8.1.el9_7 kpatch-cve: CVE-2025-39983 kpatch-cvss: 7.0 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-39983 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=2e128683176a56459cef8705fc7c35f438f88abd kpatch-name: rhel9/5.14.0-611.8.1.el9_7/CVE-2025-39971-i40e-fix-idx-validation-in-config-queues-msg.patch kpatch-description: i40e: fix idx validation in config queues msg kpatch-kernel: 5.14.0-611.8.1.el9_7 kpatch-cve: CVE-2025-39971 kpatch-cvss: 7.6 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-39971 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=f1ad24c5abe1eaef69158bac1405a74b3c365115 kpatch-name: rhel9/5.14.0-611.8.1.el9_7/CVE-2025-39697-NFS-Use-the-correct-commit-info-in-nfs_join_page_gro.patch kpatch-description: NFS: Use the correct commit info in nfs_join_page_group() kpatch-kernel: 5.14.0-611.8.1.el9_7 kpatch-cve: CVE-2025-39697 kpatch-cvss: 7.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-39697 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=a354b4a367f565b95a6ca819eb792af81af3d4da kpatch-name: rhel9/5.14.0-611.8.1.el9_7/CVE-2025-39697-nfs-fold-nfs_page_group_lock_subrequests-into-nfs_lo-503.patch kpatch-description: nfs: fold nfs_page_group_lock_subrequests into nfs_lock_and_join_requests kpatch-kernel: 5.14.0-611.8.1.el9_7 kpatch-cve: CVE-2025-39697 kpatch-cvss: 7.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-39697 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=fd947b71cc1b86c4731f8d470f5ab5df94e838d8 kpatch-name: rhel9/5.14.0-611.8.1.el9_7/CVE-2025-39697-NFS-Fix-a-race-when-updating-an-existing-write-503.patch kpatch-description: NFS: Fix a race when updating an existing write kpatch-kernel: 5.14.0-611.8.1.el9_7 kpatch-cve: CVE-2025-39697 kpatch-cvss: 7.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-39697 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=f230d40147cc37eb3aef4d50e2e2c06ea73d9a77 kpatch-name: rhel9/5.14.0-611.8.1.el9_7/CVE-2025-39697-avoid-modifying-nfs_page_group_sync_on_bit-503.patch kpatch-description: avoid modifying nfs_page_group_sync_on_bit kpatch-kernel: 5.14.0-611.8.1.el9_7 kpatch-cve: CVE-2025-39697 kpatch-cvss: 7.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-39697 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=a354b4a367f565b95a6ca819eb792af81af3d4da kpatch-name: rhel9/5.14.0-611.13.1.el9_7/CVE-2025-39925-can-j1939-implement-netdev-unregister-notification-handler.patch kpatch-description: can: j1939: implement NETDEV_UNREGISTER notification handler kpatch-kernel: 5.14.0-611.13.1.el9_7 kpatch-cve: CVE-2025-39925 kpatch-cvss: 7.0 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-39925 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=7fcbe5b2c6a4b5407bf2241fdb71e0a390f6ab9a kpatch-name: rhel9/5.14.0-611.13.1.el9_7/CVE-2025-39925-can-j1939-add-missing-calls-in-netdev-unregister-notification-handler.patch kpatch-description: can: j1939: add missing calls in NETDEV_UNREGISTER notification handler kpatch-kernel: 5.14.0-611.13.1.el9_7 kpatch-cve: CVE-2025-39925 kpatch-cvss: 7.0 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-39925 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=7fcbe5b2c6a4b5407bf2241fdb71e0a390f6ab9a kpatch-name: skipped/CVE-2025-39979.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2025-39979 kpatch-skip-reason: Blamed commit b581f4266928 is not present kpatch-cvss: kpatch-name: rhel9/5.14.0-611.16.1.el9_7/CVE-2025-40176-tls-wait-for-pending-async-decryptions-if-tls-strp-msg-hold-fails.patch kpatch-description: tls: wait for pending async decryptions if tls_strp_msg_hold fails kpatch-kernel: 5.14.0-611.16.1.el9_7 kpatch-cve: CVE-2025-40176 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-40176 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=b8a6ff84abbcbbc445463de58704686011edc8e1 kpatch-name: rhel9/5.14.0-611.16.1.el9_7/CVE-2025-38499-clone-private-mnt-make-sure-that-caller-has-cap-sys-admin-in-the-right-userns.patch kpatch-description: clone_private_mnt(): make sure that caller has CAP_SYS_ADMIN in the right userns kpatch-kernel: 5.14.0-611.16.1.el9_7 kpatch-cve: CVE-2025-38499 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-38499 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=c28f922c9dcee0e4876a2c095939d77fe7e15116 kpatch-name: rhel9/5.14.0-611.20.1.el9_7/CVE-2025-39883-mm-memory-failure-fix-vm-bug-on-page-pagepoisoned-page-when-unpoison-memory-5.14.0-427.42.1.el9_4.patch kpatch-description: mm/memory-failure: fix VM_BUG_ON_PAGE(PagePoisoned(page)) when unpoison memory kpatch-kernel: 5.14.0-611.20.1.el9_7 kpatch-cve: CVE-2025-39883 kpatch-cvss: 7.0 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-39883 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=d613f53c83ec47089c4e25859d5e8e0359f6f8da kpatch-name: rhel9/5.14.0-611.20.1.el9_7/CVE-2025-40240-sctp-avoid-null-dereference-when-chunk-data-buffer-is-missing.patch kpatch-description: sctp: avoid NULL dereference when chunk data buffer is missing kpatch-kernel: 5.14.0-611.20.1.el9_7 kpatch-cve: CVE-2025-40240 kpatch-cvss: 7.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-40240 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=441f0647f7673e0e64d4910ef61a5fb8f16bfb82 kpatch-name: rhel9/5.14.0-611.24.1.el9_7/CVE-2025-40277-drm-vmwgfx-validate-command-header-size-against-svga-cmd-max-datasize.patch kpatch-description: drm/vmwgfx: Validate command header size against SVGA_CMD_MAX_DATASIZE kpatch-kernel: 5.14.0-611.24.1.el9_7 kpatch-cve: CVE-2025-40277 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-40277 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=32b415a9dc2c212e809b7ebc2b14bc3fbda2b9af kpatch-name: rhel9/5.14.0-611.24.1.el9_7/CVE-2025-68285-libceph-fix-potential-use-after-free-in-have-mon-and-osd-map.patch kpatch-description: libceph: fix potential use-after-free in have_mon_and_osd_map() kpatch-kernel: 5.14.0-611.24.1.el9_7 kpatch-cve: CVE-2025-68285 kpatch-cvss: 7.0 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-68285 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=076381c261374c587700b3accf410bdd2dba334e kpatch-name: rhel9/5.14.0-611.24.1.el9_7/CVE-2025-68285-libceph-fix-potential-use-after-free-in-have-mon-and-osd-map-kpatch.patch kpatch-description: libceph: fix potential use-after-free in have_mon_and_osd_map() kpatch-kernel: 5.14.0-611.24.1.el9_7 kpatch-cve: CVE-2025-68285 kpatch-cvss: 7.0 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-68285 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=076381c261374c587700b3accf410bdd2dba334e kpatch-name: rhel9/5.14.0-611.24.1.el9_7/CVE-2025-68287-usb-dwc3-fix-race-condition-between-concurrent-dwc3-remove-requests-call-paths.patch kpatch-description: usb: dwc3: Fix race condition between concurrent dwc3_remove_requests() call paths kpatch-kernel: 5.14.0-611.24.1.el9_7 kpatch-cve: CVE-2025-68287 kpatch-cvss: 7.0 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-68287 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=e4037689a366743c4233966f0e74bc455820d316 kpatch-name: rhel9/5.14.0-611.24.1.el9_7/CVE-2025-39933-smb-client-let-recv_done-verify-data_offset-data_len.patch kpatch-description: smb: client: let recv_done verify data_offset, data_length and remaining_data_length kpatch-kernel: 5.14.0-611.24.1.el9_7 kpatch-cve: CVE-2025-39933 kpatch-cvss: 7.1 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-39933 kpatch-patch-url: https://github.com/torvalds/linux/commit/f57e53ea252363234f86674db475839e5b87102e kpatch-name: rhel9/5.14.0-611.26.1.el9_7/CVE-2025-38349-eventpoll-don-t-decrement-ep-refcount-while-still-holding-the-ep-mutex-5.14.0-570.51.1.el9_6.patch kpatch-description: eventpoll: don't decrement ep refcount while still holding the ep mutex kpatch-kernel: 5.14.0-611.26.1.el9_7 kpatch-cve: CVE-2025-38349 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-38349 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=8c2e52ebbe885c7eeaabd3b7ddcdc1246fc400d2 kpatch-name: rhel9/5.14.0-611.26.1.el9_7/CVE-2025-40248-vsock-ignore-signal-timeout-on-connect-if-already-established.patch kpatch-description: vsock: Ignore signal/timeout on connect() if already established kpatch-kernel: 5.14.0-611.26.1.el9_7 kpatch-cve: CVE-2025-40248 kpatch-cvss: 7.0 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-40248 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=002541ef650b742a198e4be363881439bb9d86b4 kpatch-name: rhel9/5.14.0-611.26.1.el9_7/CVE-2025-40258-mptcp-fix-race-condition-in-mptcp-schedule-work.patch kpatch-description: mptcp: fix race condition in mptcp_schedule_work() kpatch-kernel: 5.14.0-611.26.1.el9_7 kpatch-cve: CVE-2025-40258 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-40258 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=035bca3f017ee9dea3a5a756e77a6f7138cc6eea kpatch-name: rhel9/5.14.0-611.26.1.el9_7/CVE-2025-68301-net-atlantic-fix-fragment-overflow-handling-in-rx-path.patch kpatch-description: net: atlantic: fix fragment overflow handling in RX path kpatch-kernel: 5.14.0-611.26.1.el9_7 kpatch-cve: CVE-2025-68301 kpatch-cvss: 7.0 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-68301 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=5ffcb7b890f61541201461580bb6622ace405aec kpatch-name: rhel9/5.14.0-611.26.1.el9_7/CVE-2025-40294-bluetooth-mgmt-fix-oob-access-in-parse-adv-monitor-pattern.patch kpatch-description: Bluetooth: MGMT: Fix OOB access in parse_adv_monitor_pattern() kpatch-kernel: 5.14.0-611.26.1.el9_7 kpatch-cve: CVE-2025-40294 kpatch-cvss: 7.3 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-40294 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=8d59fba49362c65332395789fd82771f1028d87e kpatch-name: rhel9/5.14.0-611.26.1.el9_7/CVE-2025-40294-bluetooth-mgmt-fix-oob-access-in-parse-adv-monitor-pattern-kpatch.patch kpatch-description: Bluetooth: MGMT: Fix OOB access in parse_adv_monitor_pattern() kpatch-kernel: 5.14.0-611.26.1.el9_7 kpatch-cve: CVE-2025-40294 kpatch-cvss: 7.3 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-40294 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=8d59fba49362c65332395789fd82771f1028d87e kpatch-name: rhel9/5.14.0-611.26.1.el9_7/CVE-2025-68305-bluetooth-hci-sock-prevent-race-in-socket-write-iter-and-sock-bind.patch kpatch-description: Bluetooth: hci_sock: Prevent race in socket write iter and sock bind kpatch-kernel: 5.14.0-611.26.1.el9_7 kpatch-cve: CVE-2025-68305 kpatch-cvss: 7.0 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-68305 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=89bb613511cc21ed5ba6bddc1c9b9ae9c0dad392 kpatch-name: rhel9/5.14.0-611.27.1.el9_7/CVE-2025-40154-asoc-intel-bytcr-rt5640-fix-invalid-quirk-input-mapping.patch kpatch-description: ASoC: Intel: bytcr_rt5640: Fix invalid quirk input mapping kpatch-kernel: 5.14.0-611.27.1.el9_7 kpatch-cve: CVE-2025-40154 kpatch-cvss: 7.0 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-40154 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=fba404e4b4af4f4f747bb0e41e9fff7d03c7bcc0 kpatch-name: rhel9/5.14.0-611.27.1.el9_7/CVE-2025-40251-devlink-rate-unset-parent-pointer-in-devl-rate-nodes-destroy-427.patch kpatch-description: devlink: rate: Unset parent pointer in devl_rate_nodes_destroy kpatch-kernel: 5.14.0-611.27.1.el9_7 kpatch-cve: CVE-2025-40251 kpatch-cvss: 7.1 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-40251 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=f94c1a114ac209977bdf5ca841b98424295ab1f0 kpatch-name: rhel9/5.14.0-611.27.1.el9_7/CVE-2025-38568-net-sched-mqprio-fix-stack-out-of-bounds-write-in-tc-entry-parsing.patch kpatch-description: net/sched: mqprio: fix stack out-of-bounds write in tc entry parsing kpatch-kernel: 5.14.0-611.27.1.el9_7 kpatch-cve: CVE-2025-38568 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-38568 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=ffd2dc4c6c49ff4f1e5d34e454a6a55608104c17 kpatch-name: rhel9/5.14.0-611.27.1.el9_7/CVE-2025-38568-net-sched-mqprio-fix-stack-out-of-bounds-write-in-tc-entry-parsing-kpatch-427-42.patch kpatch-description: net/sched: mqprio: fix stack out-of-bounds write in tc entry parsing kpatch-kernel: 5.14.0-611.27.1.el9_7 kpatch-cve: CVE-2025-38568 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-38568 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=ffd2dc4c6c49ff4f1e5d34e454a6a55608104c17 kpatch-name: rhel9/5.14.0-611.30.1.el9_7/CVE-2025-40141-bluetooth-iso-fix-possible-uaf-on-iso-conn-free.patch kpatch-description: Bluetooth: ISO: Fix possible UAF on iso_conn_free kpatch-kernel: 5.14.0-611.30.1.el9_7 kpatch-cve: CVE-2025-40141 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-40141 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=9950f095d6c875dbe0c9ebfcf972ec88fdf26fc8 kpatch-name: rhel9/5.14.0-611.30.1.el9_7/CVE-2025-37789-net-openvswitch-fix-nested-key-length-validation-in-the-set-action.patch kpatch-description: net: openvswitch: fix nested key length validation in the set() action kpatch-kernel: 5.14.0-611.30.1.el9_7 kpatch-cve: CVE-2025-37789 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-37789 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=65d91192aa66f05710cfddf6a14b5a25ee554dba kpatch-name: skipped/CVE-2025-37819.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2025-37819 kpatch-skip-reason: Out of scope: ARM64 architecture isn't supported for current kernel kpatch-cvss: kpatch-name: rhel9/5.14.0-611.30.1.el9_7/CVE-2025-38022-rdma-core-fix-kasan-slab-use-after-free-read-in-ib-register-device-problem-5.14.0-503.40.1.el9_5.patch kpatch-description: RDMA/core: Fix "KASAN: slab-use-after-free Read in ib_register_device" problem kpatch-kernel: 5.14.0-611.30.1.el9_7 kpatch-cve: CVE-2025-38022 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-38022 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=d0706bfd3ee40923c001c6827b786a309e2a8713 kpatch-name: rhel9/5.14.0-611.30.1.el9_7/CVE-2025-40318-bluetooth-hci-sync-fix-race-in-hci-cmd-sync-dequeue-once.patch kpatch-description: Bluetooth: hci_sync: fix race in hci_cmd_sync_dequeue_once kpatch-kernel: 5.14.0-611.30.1.el9_7 kpatch-cve: CVE-2025-40318 kpatch-cvss: 7.0 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-40318 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=09b0cd1297b4dbfe736aeaa0ceeab2265f47f772 kpatch-name: rhel9/5.14.0-611.30.1.el9_7/CVE-2025-40271-fs-proc-fix-uaf-in-proc-readdir-de.patch kpatch-description: fs/proc: fix uaf in proc_readdir_de() kpatch-kernel: 5.14.0-611.30.1.el9_7 kpatch-cve: CVE-2025-40271 kpatch-cvss: 7.0 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-40271 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=895b4c0c79b092d732544011c3cecaf7322c36a1 kpatch-name: rhel9/5.14.0-611.30.1.el9_7/CVE-2025-38024-rdma-rxe-fix-slab-use-after-free-read-in-rxe-queue-cleanup-bug.patch kpatch-description: RDMA/rxe: Fix slab-use-after-free Read in rxe_queue_cleanup bug kpatch-kernel: 5.14.0-611.30.1.el9_7 kpatch-cve: CVE-2025-38024 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-38024 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=f81b33582f9339d2dc17c69b92040d3650bb4bae kpatch-name: rhel9/5.14.0-611.30.1.el9_7/CVE-2025-39760-usb-core-config-prevent-oob-read-in-ss-endpoint-companion-parsing.patch kpatch-description: usb: core: config: Prevent OOB read in SS endpoint companion parsing kpatch-kernel: 5.14.0-611.30.1.el9_7 kpatch-cve: CVE-2025-39760 kpatch-cvss: 7.1 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-39760 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=cf16f408364efd8a68f39011a3b073c83a03612d kpatch-name: rhel9/5.14.0-611.30.1.el9_7/CVE-2025-38415-squashfs-check-return-result-of-sb-min-blocksize.patch kpatch-description: Squashfs: check return result of sb_min_blocksize kpatch-kernel: 5.14.0-611.30.1.el9_7 kpatch-cve: CVE-2025-38415 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-38415 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=734aa85390ea693bb7eaf2240623d41b03705c84 kpatch-name: rhel9/5.14.0-611.30.1.el9_7/CVE-2025-38415-squashfs-check-return-result-of-sb-min-blocksize-kpatch.patch kpatch-description: Squashfs: check return result of sb_min_blocksize kpatch-kernel: 5.14.0-611.30.1.el9_7 kpatch-cve: CVE-2025-38415 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-38415 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=734aa85390ea693bb7eaf2240623d41b03705c84 kpatch-name: rhel9/5.14.0-611.30.1.el9_7/CVE-2025-38415-squashfs-fix-memory-leak-in-squashfs_fill_super.patch kpatch-description: squashfs: fix memory leak in squashfs_fill_super kpatch-kernel: 5.14.0-611.30.1.el9_7 kpatch-cve: CVE-2025-38415 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-38415 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=b64700d41bdc4e9f82f1346c15a3678ebb91a89c kpatch-name: rhel9/5.14.0-611.30.1.el9_7/CVE-2025-40269-alsa-usb-audio-fix-potential-overflow-of-pcm-transfer-buffer.patch kpatch-description: ALSA: usb-audio: Fix potential overflow of PCM transfer buffer kpatch-kernel: 5.14.0-611.30.1.el9_7 kpatch-cve: CVE-2025-40269 kpatch-cvss: 7.3 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-40269 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=05a1fc5efdd8560f34a3af39c9cf1e1526cc3ddf kpatch-name: rhel9/5.14.0-611.30.1.el9_7/CVE-2025-38403-vsock-vmci-clear-the-vmci-transport-packet-properly-when-initializing-it.patch kpatch-description: vsock/vmci: Clear the vmci transport packet properly when initializing it kpatch-kernel: 5.14.0-611.30.1.el9_7 kpatch-cve: CVE-2025-38403 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-38403 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=223e2288f4b8c262a864e2c03964ffac91744cd5 kpatch-name: rhel9/5.14.0-611.30.1.el9_7/CVE-2025-38459-atm-clip-fix-infinite-recursive-call-of-clip-push.patch kpatch-description: atm: clip: Fix infinite recursive call of clip_push(). kpatch-kernel: 5.14.0-611.30.1.el9_7 kpatch-cve: CVE-2025-38459 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-38459 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=c489f3283dbfc0f3c00c312149cae90d27552c45 kpatch-name: rhel9/5.14.0-611.34.1.el9_7/CVE-2025-68349-nfsv4-pnfs-clear-nfs-ino-layoutcommit-in-pnfs-mark-layout-stateid-invalid.patch kpatch-description: NFSv4/pNFS: Clear NFS_INO_LAYOUTCOMMIT in pnfs_mark_layout_stateid_invalid kpatch-kernel: 5.14.0-611.34.1.el9_7 kpatch-cve: CVE-2025-68349 kpatch-cvss: 7.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-68349 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=e0f8058f2cb56de0b7572f51cd563ca5debce746 kpatch-name: rhel9/5.14.0-611.34.1.el9_7/CVE-2025-40322-fbdev-bitblit-bound-check-glyph-index-in-bit-putcs.patch kpatch-description: fbdev: bitblit: bound-check glyph index in bit_putcs* kpatch-kernel: 5.14.0-611.34.1.el9_7 kpatch-cve: CVE-2025-40322 kpatch-cvss: 7.1 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-40322 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=18c4ef4e765a798b47980555ed665d78b71aeadf kpatch-name: rhel9/5.14.0-611.34.1.el9_7/CVE-2025-40304-fbdev-add-bounds-checking-in-bit-putcs-to-fix-vmalloc-out-of-bounds.patch kpatch-description: fbdev: Add bounds checking in bit_putcs to fix vmalloc-out-of-bounds kpatch-kernel: 5.14.0-611.34.1.el9_7 kpatch-cve: CVE-2025-40304 kpatch-cvss: 7.3 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2025-40304 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=3637d34b35b287ab830e66048841ace404382b67 uname: 5.14.0-611.34.1.el9_7
Simpan
Batal
Isi Zip:
Unzip
Create
Buat Folder
Buat File
Terminal / Execute
Run
Chmod Bulk
All File
All Folder
All File dan Folder
Apply