cve/review/done/v6.14.5-lee - pub/scm/linux/security/vulns - Git at Google

 1b0449544c64 mm/vmscan: don't try to reclaim hwpoison folio [auto: cve already created]
 3ece3e8e5976 PCI/MSI: Handle the NOMASK flag correctly for all PCI/MSI backends
 fbb429ddff5c net/niu: Niu requires MSIX ENTRY_DATA fields touch before entry reads [auto: cve already created]
 14c8a418159e cpufreq: sun50i: prevent out-of-bounds access [auto: cve already created]
 9992649f6786 cpufreq: apple-soc: Fix null-ptr-deref in apple_soc_cpufreq_get_rate() [auto: cve already created]
 484d3f15cc6c cpufreq: scmi: Fix null-ptr-deref in scmi_cpufreq_get_rate() [auto: cve already created]
 73b24dc73173 cpufreq: scpi: Fix null-ptr-deref in scpi_cpufreq_get_rate() [auto: cve already created]
 4c3240850629 scsi: ufs: mcq: Add NULL check in ufshcd_mcq_abort() [auto: cve already created]
 b0c26f479926 btrfs: zoned: return EIO on RAID1 block group write pointer mismatch [auto: cve already created]
 91037037ee3d net/mlx5: Fix null-ptr-deref in mlx5_create_{inner_,}ttc_table()
 08a966a917fe scsi: ufs: core: Add NULL check in ufshcd_mcq_compl_pending_transfer() [auto: cve already created]
 3d7aa0c7b4e9 nvmet: fix out-of-bounds access in nvmet_enable_port [auto: cve already created]
 d63527e109e8 tipc: fix NULL pointer dereference in tipc_mon_reinit_self() [auto: cve already created]
 3df275ef0a6a net_sched: hfsc: Fix a UAF vulnerability in class handling [auto: cve already created]
 6ccbda44e2cc net_sched: hfsc: Fix a potential UAF in hfsc_dequeue() too [auto: cve already created]
 2567daad69cd pds_core: handle unsupported PDS_CORE_CMD_FW_CONTROL result
 3f77c3dfffc7 pds_core: make wait_context part of q_info
 7d1d19a11cfb riscv: uprobes: Add missing fence.i after building the XOL buffer [auto: cve already created]
 bbce3de72be5 sched/eevdf: Fix se->slice being set to U64_MAX and resulting crash [auto: cve already created]
 cc3628dcd851 xen-netfront: handle NULL returned by xdp_convert_buff_to_frame() [auto: cve already created]
 3318dc299b07 irqchip/gic-v2m: Prevent use after free of gicv2m_get_fwnode() [auto: cve already created]
 bd51834d1cf6 LoongArch: Return NULL from huge_pte_offset() for invalid PMD [auto: cve already created]
 7c7f1bfdb224 mcb: fix a double free bug in chameleon_parse_gdd() [auto: cve already created]
 00f1cc14da0f mei: vsc: Fix fortify-panic caused by invalid counted_by() use [auto: cve already created]
 9bcac97dc42d KVM: x86: Reset IRTE to host control if *new* route isn't postable
 18eb77c75ed0 misc: microchip: pci1xxxx: Fix Kernel panic during IRQ handler registration [auto: cve already created]
 ee6a44da3c87 tty: Require CAP_SYS_ADMIN for all usages of TIOCL_SELMOUSEREPORT [auto: cve already created]
 1ea050da5562 usb: xhci: Fix invalid pointer dereference in Etron workaround [auto: cve already created]
 a1059896f2bf usb: cdns3: Fix deadlock when using NCM gadget [auto: cve already created]
 4e28f79e3dff usb: chipidea: ci_hdrc_imx: fix usbmisc handling [auto: cve already created]
 63ccd26cd1f6 usb: dwc3: gadget: check that event count does not exceed event buffer length [auto: cve already created]
 ec27386de23a usb: typec: class: Fix NULL pointer access [auto: cve already created]
 dcc47a028c24 crypto: null - Use spin lock instead of mutex [auto: cve already created]
 11ba7ce076e5 bpf: Fix kmemleak warning for percpu hashmap [auto: cve already created]
 4580f4e0ebdf bpf: Fix deadlock between rcu_tasks_trace and event_mutex.
 3db42c75a921 s390/sclp: Add check for get_zeroed_page()
 285cec318bf5 fs/ntfs3: Keep write operations atomic [auto: cve already created]
 3c7df2e27346 sound/virtio: Fix cancel_sync warnings on uninitialized work_structs [auto: cve already created]
 906dec15b9b3 usb: xhci: Fix isochronous Ring Underrun/Overrun event handling
 8c75f3e6a433 usb: gadget: aspeed: Add NULL pointer check in ast_vhub_init_dev()
 887c5c12e80c um: work around sched_yield not yielding in time-travel mode
 d0259a856afc 9p/net: fix improper handling of bogus negative read/write replies
 390513642ee6 io_uring: always do atomic put from iowq [auto: cve already created]
 021ba7f1babd udmabuf: fix a buf size overflow issue during udmabuf creation [auto: cve already created]
 0ba3a4ab76fd perf/core: Fix WARN_ON(!ctx) in __free_event() for partial init
 280e5a301005 iommu: Clear iommu-dma ops on cleanup
 40cb48eba3b4 netfs: Only create /proc/fs/netfs with CONFIG_PROC_FS
 951a04ab3a2d spi: spi-imx: Add check for spi_imx_setupxfer() [auto: cve already created]
 18daa52418e7 driver core: fix potential NULL pointer dereference in dev_uevent() [auto: cve already created]
 4c2227656d90 vmxnet3: Fix malformed packet sizing in vmxnet3_process_xdp [auto: cve already created]
	1b0449544c64 mm/vmscan: don't try to reclaim hwpoison folio [auto: cve already created]
	3ece3e8e5976 PCI/MSI: Handle the NOMASK flag correctly for all PCI/MSI backends
	fbb429ddff5c net/niu: Niu requires MSIX ENTRY_DATA fields touch before entry reads [auto: cve already created]
	14c8a418159e cpufreq: sun50i: prevent out-of-bounds access [auto: cve already created]
	9992649f6786 cpufreq: apple-soc: Fix null-ptr-deref in apple_soc_cpufreq_get_rate() [auto: cve already created]
	484d3f15cc6c cpufreq: scmi: Fix null-ptr-deref in scmi_cpufreq_get_rate() [auto: cve already created]
	73b24dc73173 cpufreq: scpi: Fix null-ptr-deref in scpi_cpufreq_get_rate() [auto: cve already created]
	4c3240850629 scsi: ufs: mcq: Add NULL check in ufshcd_mcq_abort() [auto: cve already created]
	b0c26f479926 btrfs: zoned: return EIO on RAID1 block group write pointer mismatch [auto: cve already created]
	91037037ee3d net/mlx5: Fix null-ptr-deref in mlx5_create_{inner_,}ttc_table()
	08a966a917fe scsi: ufs: core: Add NULL check in ufshcd_mcq_compl_pending_transfer() [auto: cve already created]
	3d7aa0c7b4e9 nvmet: fix out-of-bounds access in nvmet_enable_port [auto: cve already created]
	d63527e109e8 tipc: fix NULL pointer dereference in tipc_mon_reinit_self() [auto: cve already created]
	3df275ef0a6a net_sched: hfsc: Fix a UAF vulnerability in class handling [auto: cve already created]
	6ccbda44e2cc net_sched: hfsc: Fix a potential UAF in hfsc_dequeue() too [auto: cve already created]
	2567daad69cd pds_core: handle unsupported PDS_CORE_CMD_FW_CONTROL result
	3f77c3dfffc7 pds_core: make wait_context part of q_info
	7d1d19a11cfb riscv: uprobes: Add missing fence.i after building the XOL buffer [auto: cve already created]
	bbce3de72be5 sched/eevdf: Fix se->slice being set to U64_MAX and resulting crash [auto: cve already created]
	cc3628dcd851 xen-netfront: handle NULL returned by xdp_convert_buff_to_frame() [auto: cve already created]
	3318dc299b07 irqchip/gic-v2m: Prevent use after free of gicv2m_get_fwnode() [auto: cve already created]
	bd51834d1cf6 LoongArch: Return NULL from huge_pte_offset() for invalid PMD [auto: cve already created]
	7c7f1bfdb224 mcb: fix a double free bug in chameleon_parse_gdd() [auto: cve already created]
	00f1cc14da0f mei: vsc: Fix fortify-panic caused by invalid counted_by() use [auto: cve already created]
	9bcac97dc42d KVM: x86: Reset IRTE to host control if new route isn't postable
	18eb77c75ed0 misc: microchip: pci1xxxx: Fix Kernel panic during IRQ handler registration [auto: cve already created]
	ee6a44da3c87 tty: Require CAP_SYS_ADMIN for all usages of TIOCL_SELMOUSEREPORT [auto: cve already created]
	1ea050da5562 usb: xhci: Fix invalid pointer dereference in Etron workaround [auto: cve already created]
	a1059896f2bf usb: cdns3: Fix deadlock when using NCM gadget [auto: cve already created]
	4e28f79e3dff usb: chipidea: ci_hdrc_imx: fix usbmisc handling [auto: cve already created]
	63ccd26cd1f6 usb: dwc3: gadget: check that event count does not exceed event buffer length [auto: cve already created]
	ec27386de23a usb: typec: class: Fix NULL pointer access [auto: cve already created]
	dcc47a028c24 crypto: null - Use spin lock instead of mutex [auto: cve already created]
	11ba7ce076e5 bpf: Fix kmemleak warning for percpu hashmap [auto: cve already created]
	4580f4e0ebdf bpf: Fix deadlock between rcu_tasks_trace and event_mutex.
	3db42c75a921 s390/sclp: Add check for get_zeroed_page()
	285cec318bf5 fs/ntfs3: Keep write operations atomic [auto: cve already created]
	3c7df2e27346 sound/virtio: Fix cancel_sync warnings on uninitialized work_structs [auto: cve already created]
	906dec15b9b3 usb: xhci: Fix isochronous Ring Underrun/Overrun event handling
	8c75f3e6a433 usb: gadget: aspeed: Add NULL pointer check in ast_vhub_init_dev()
	887c5c12e80c um: work around sched_yield not yielding in time-travel mode
	d0259a856afc 9p/net: fix improper handling of bogus negative read/write replies
	390513642ee6 io_uring: always do atomic put from iowq [auto: cve already created]
	021ba7f1babd udmabuf: fix a buf size overflow issue during udmabuf creation [auto: cve already created]
	0ba3a4ab76fd perf/core: Fix WARN_ON(!ctx) in __free_event() for partial init
	280e5a301005 iommu: Clear iommu-dma ops on cleanup
	40cb48eba3b4 netfs: Only create /proc/fs/netfs with CONFIG_PROC_FS
	951a04ab3a2d spi: spi-imx: Add check for spi_imx_setupxfer() [auto: cve already created]
	18daa52418e7 driver core: fix potential NULL pointer dereference in dev_uevent() [auto: cve already created]
	4c2227656d90 vmxnet3: Fix malformed packet sizing in vmxnet3_process_xdp [auto: cve already created]