- [net] dccp: Use AF-independent rebuild_header routine (Hannes Frederic Sowa) [1424751]
- [net] dccp: fix freeing skb too early for IPV6_RECVPKTINFO (Hannes Frederic Sowa) [1424633] {CVE-2017-6074}
- [redhat] kernel.spec.template: disable autoloading for dccp proto (Hannes Frederic Sowa) [1425177]

- [virt] hv: do not lose pending heartbeat vmbus packets (Vitaly Kuznetsov) [1391167]
- [net] Fix use after free in the recvmmsg exit path (Davide Caratti) [1390044] {CVE-2016-7117}

- [mm] Fix Privilege escalation via MAP_PRIVATE (Larry Woodman) [1385112] {CVE-2016-5195}

- [fs] ext4: limit group search loop for non-extent files (Lukas Czerner) [1301100]
- [fb] vm: convert fb_mmap to vm_iomap_memory() helper (Jacob Tanenbaum) [1035240] {CVE-2013-2596}
- [s390] add dummy io_remap_pfn_range() to asm-s390/pgtable.h (Jacob Tanenbaum) [1035240] {CVE-2013-2596}
- [mm] vm: add vm_iomap_memory() helper function (Jacob Tanenbaum) [1035240] {CVE-2013-2596}
- [sched] prevent division by zero x->cpu_power (Denys Vlasenko) [1209728]
- [xen] x86: fully ignore segment override for register-only ops (Mateusz Guzik) [1200373] {CVE-2015-2151}

- [net] udp: fix behavior of wrong checksums (Denys Vlasenko) [1240757] {CVE-2015-5364 CVE-2015-5366}
- [net] ipv6/udp: Use correct var to determine non-blocking cond (Denys Vlasenko) [1240757] {CVE-2015-5364 CVE-2015-5366}
- [net] SNMP: Restore Udp6InErrors incrementation (Denys Vlasenko) [1240757] {CVE-2015-5364 CVE-2015-5366}

- [fs] pipe: fix pipe corruption and iovec overrun on partial copy (Mateusz Guzik) [1203787] {CVE-2015-1805}

- [infiniband] core: Prevent integer overflow in ib_umem_get (Doug Ledford) [1179353] {CVE-2014-8159}

- [block] virtio: Reset device after blk_cleanup_queue() (Stefan Hajnoczi) [1006536]
- [block] virtio: Call del_gendisk() before disable guest kick (Stefan Hajnoczi) [1006536]
- [block] virtio: Drop unused request tracking list (Stefan Hajnoczi) [1006536]
- [fs] cifs: setfacl removes part of ACL when setting POSIX ACLs (Sachin Prabhu) [1105625]
- [fs] splice: perform generic write checks (Eric Sandeen) [1155908] {CVE-2014-7822}
- [fs] ext4: verify block bitmap (Lukas Czerner) [1034403]
- [fs] ext4: fix type declaration of ext4_validate_block_bitmap (Lukas Czerner) [1034403]
- [fs] ext4: error out if verifying the block bitmap fails (Lukas Czerner) [1034403]
- [x86] traps: stop using IST for #SS (Petr Matousek) [1172809] {CVE-2014-9322}

- [x86] traps: stop using IST for #SS (Petr Matousek) [1172809] {CVE-2014-9322}

- [net] bridge: disable snooping if there is no querier (Frantisek Hrbata) [902454]
- [s390] kernel: sysinfo: convert /proc/sysinfo to seqfile (Alexander Gordeev) [1131283]
- [net] netlink: verify permisions of socket creator (Jiri Benc) [1094266] {CVE-2014-0181}
- [net] netlink: store effective caps at socket() time (Jiri Benc) [1094266] {CVE-2014-0181}
- [net] netlink: Rename netlink_capable netlink_allowed (Jiri Benc) [1094266] {CVE-2014-0181}
- [net] netlink: Fix permission check in netlink_connect() (Jiri Benc) [1094266] {CVE-2014-0181}
- [net] netlink: fix possible spoofing from non-root processes (Jiri Benc) [1094266] {CVE-2014-0181}
- [net] netlink: Make NETLINK_USERSOCK work again (Jiri Benc) [1094266] {CVE-2014-0181}
- [net] netlink: fix for too early rmmod (Jiri Benc) [1094266] {CVE-2014-0181}

- [audit] auditsc: audit_krule mask accesses need bounds checking (Denys Vlasenko) [1102702 1102703] {CVE-2014-3917}
- [mm] writeback: Fix hang when low on memory due to NFS traffic (Larry Woodman) [1125246 1080194]
- [net] tg3: Fix Read DMA workaround for 5719 A0 (Ivan Vecera) [1121017 924590]
- [fs] jbd: don't wake kjournald unnecessarily (Denys Vlasenko) [1116027 1081785]
- [fs] jbd: don't wait (forever) for stale tid caused by wraparound (Denys Vlasenko) [1116027 1081785]
- [fs] ext4: fix waiting and sending of barrier in ext4_sync_file() (Denys Vlasenko) [1116027 1081785]
- [fs] jbd2: Add function jbd2_trans_will_send_data_barrier() (Denys Vlasenko) [1116027 1081785]
- [fs] jbd2: fix sending of data flush on journal commit (Denys Vlasenko) [1116027 1081785]
- [fs] ext4, jbd2: Add barriers for file systems with ext journals (Denys Vlasenko) [1116027 1081785]
- [fs] jbd: fix fsync() tid wraparound bug (Denys Vlasenko) [1116027 1081785]
- [fs] ext4: fix fdatasync() for files with only i_size changes (Eric Sandeen) [1117665 1102768]

- [fs] dcache: fix cleanup on warning in d_splice_alias (Denys Vlasenko) [1109720 1080606]
- [net] neigh: Make neigh_add_timer symmetrical to neigh_del_timer (Marcelo Ricardo Leitner) [1111195 1109888]
- [net] neigh: set NUD_INCOMPLETE when probing router reachability (Marcelo Ricardo Leitner) [1106354 1090806]
- [net] ipv6: router reachability probing (Marcelo Ricardo Leitner) [1106354 1090806]
- [net] ipv6: probe routes asynchronous in rt6_probe (Marcelo Ricardo Leitner) [1106354 1090806]
- [net] ndisc: Update neigh->updated with write lock (Marcelo Ricardo Leitner) [1106354 1090806]
- [net] ipv6: remove the unnecessary statement in find_match() (Marcelo Ricardo Leitner) [1106354 1090806]
- [net] ipv6: fix route selection if CONFIG_IPV6_ROUTER_PREF unset (Marcelo Ricardo Leitner) [1106354 1090806]
- [net] ipv6: Fix def route failover when CONFIG_IPV6_ROUTER_PREF=n (Marcelo Ricardo Leitner) [1106354 1090806]
- [net] ipv6: Prefer reachable nexthop only if the caller requests (Marcelo Ricardo Leitner) [1106354 1090806]
- [fs] ext4/jbd2: don't wait forever stale tid caused by wraparound (Eric Sandeen) [1097528 980268]
- [fs] ext4: Initialize fsync transaction ids in ext4_new_inode() (Eric Sandeen) [1097528 980268]
- [fs] jbd2: don't wake kjournald unnecessarily (Eric Sandeen) [1097528 980268]
- [fs] jbd2: fix fsync() tid wraparound bug (Eric Sandeen) [1097528 980268]
- [infiniband] rds: do not deref NULL dev in rds_iw_laddr_check() (Jacob Tanenbaum) [1093311 1093312] {CVE-2014-2678}
- [fs] nfs4: Add recovery for individual stateids - partial backport. (Dave Wysochanski) [1113468 867570]
- [fs] nfs4: Don't start state recovery in nfs4_close_done - clean backport. (Dave Wysochanski) [1113468 867570]
- [xen] page-alloc: scrub anonymous domain heap pages upon freeing (Vitaly Kuznetsov) [1103648 1103649] {CVE-2014-4021}

- [nfs] sunrpc: don't use a credential with extra groups (Mateusz Guzik) [1095062 976201]
- [scsi] lpfc: Remove NDLP reference put in lpfc_cmpl_els_logo_acc (Rob Evers) [1096061 1075228]
- [infiniband] rds: dereference of a NULL device (Jacob Tanenbaum) [1079216 1079217] {CVE-2013-7339}
- [kernel] futex: check relative timeouts for overflow (Denys Vlasenko) [1091832 1084168]
- [virt] kvm: correctly detect KVM when hv emulation is enalbed (Jason Wang) [1094152 985767]
- [security] Fix spurious warnings in security_ops_task_setrlimit (Mateusz Guzik) [1092869 916235]
- [block] floppy: don't write kernel-only members to FDRAWCMD output (Denys Vlasenko) [1094302 1094303] {CVE-2014-1738 CVE-2014-1737}
- [block] floppy: ignore kernel-only members in FDRAWCMD input (Denys Vlasenko) [1094302 1094303] {CVE-2014-1738 CVE-2014-1737}

- [virt] HID: memory corruption flaw drivers/usb/input/hid-core.c (Jacob Tanenbaum) [1032996 1032999] {CVE-2013-2888}
- [virt] HID: memory corruption flaw in drivers/hv/hid-core.c (Jacob Tanenbaum) [1032996 1032999] {CVE-2013-2888}
- [scsi] lpfc: Fix task management commands having a fixed timeout (Ewan Milne) [1073123 1061120]
- [net] tcp: drop SYN+FIN messages (Jiri Pirko) [1066057 1066058] {CVE-2012-6638}
- [fs] GFS2: Check if glock held in gfs2_readpage (Robert S Peterson) [1073953 1063434]
- [net] sunrpc: fix deadlock in task wakeup code (Jeff Layton) [1073731 998126]

- [net] be2net: don't use skb_get_queue_mapping() (Ivan Vecera) [1066302 1063955]
- [ipc] change refcount to atomic_t (Phillip Lougher) [1024866 1024868] {CVE-2013-4483}
- [s390] qeth: buffer overflow in snmp ioctl (Jacob Tanenbaum) [1034402 1034404] {CVE-2013-6381}
- [scsi] AACRAID Driver compat IOCTL missing capability check (Jacob Tanenbaum) [1033531 1033532] {CVE-2013-6383}
- [xen] x86/AMD: work around erratum 793 (Radim Krcmar) [1035834 1035836] {CVE-2013-6885}
- [xen] do not expose hypercalls to rings 1 and 2 of HVM guests (Andrew Jones) [1029112 1029113] {CVE-2013-4554}
- [redhat] kabi: Adding symbol print_hex_dump (Jiri Olsa) [1054055 662558]
- [scsi] Add 'eh_deadline' to limit SCSI EH runtime (Ewan Milne) [1050097 956132]
- [scsi] remove check for 'resetting' (Ewan Milne) [1050097 956132]
- [scsi] dc395: Move 'last_reset' into internal host structure (Ewan Milne) [1050097 956132]
- [scsi] tmscsim: Move 'last_reset' into host structure (Ewan Milne) [1050097 956132]
- [scsi] advansys: Remove 'last_reset' references (Ewan Milne) [1050097 956132]
- [scsi] dpt_i2o: return SCSI_MLQUEUE_HOST_BUSY when in reset (Ewan Milne) [1050097 956132]
- [scsi] dpt_i2o: Remove DPTI_STATE_IOCTL (Ewan Milne) [1050097 956132]
- [net] ipv6: fix leaking uninit port number of offender sockaddr (Florian Westphal) [1035880 1035881] {CVE-2013-7264 CVE-2013-7265 CVE-2013-7281 CVE-2013-7263}
- [net] fix addr_len/msg->msg_namelen assign in recv_error funcs (Florian Westphal) [1035880 1035881] {CVE-2013-7264 CVE-2013-7265 CVE-2013-7281 CVE-2013-7263}
- [net] prevent leakage of uninitialized memory to user in recv (Florian Westphal) [1035880 1035881] {CVE-2013-7264 CVE-2013-7265 CVE-2013-7281 CVE-2013-7263}
- [net] be2net: prevent Tx stall on SH-R when packet size < 32 (Ivan Vecera) [1051535 1007995]
- [net] be2net: Trim padded packets for Lancer (Ivan Vecera) [1051535 1007995]
- [net] be2net: Pad skb to meet min Tx pkt size in lancer (Ivan Vecera) [1051535 1007995]
- [net] be2net: refactor HW workarounds in be_xmit() (Ivan Vecera) [1051535 1007995]
- [fs] exec/ptrace: fix get_dumpable() incorrect tests (Petr Oros) [1039483 1039484] {CVE-2013-2929}

- [char] ipmi: fix message handling during panics (Tony Camuso) [1049731 995293]
- [net] igb: Use 32bit mask calculating the flow control watermarks (Stefan Assmann) [1041694 1036115]
- [fs] NTLM auth and sign - Use appropriate server challenge (Sachin Prabhu) [1029865 1018286]
- [xen] gnttab: correct locking order reversal (Radim Krcmar) [1026245 1026246] {CVE-2013-4494}

- [net] be2net: don't use GRO for packets w/ re-inserted VLAN tags (Ivan Vecera) [1023348 1008691]
- [net] tg3: call pci_enable_wake() to set power state (John Feeney) [1014973 996331]
- [misc] backport fixes for percpu-rw-semaphore (Mikulas Patocka) [1014715 867997]
- [xen] information leak via I/O instruction emulation (Igor Mammedov) [1009602 1009603] {CVE-2013-4355}

- [xen] x86: check segment descriptor read result in 64-bit OUTS emulation (Radim Krcmar) [1012958 1012959] {CVE-2013-4368}
- [md] dm snapshot: fix data corruption (Mikulas Patocka) [1004734 975353] {CVE-2013-4299}