Reviews from Sasha

Signed-off-by: Sasha Levin <sashal@kernel.org>

6 files changed, 469 insertions, 0 deletions

diff --git a/cve/review/proposed/v6.7.10-sasha b/cve/review/proposed/v6.7.10-sasha
new file mode 100644
index 00000000..32c87f71
--- /dev/null
+++ b/cve/review/proposed/v6.7.10-sasha
@@ -0,0 +1,13 @@
+767146637efc5 netfilter: nf_conntrack_h323: Add protection for bmp length out of range
+c055fc00c07be net/rds: fix WARNING in rds_conn_connect_if_down
+685f7d5312645 net/ipv6: avoid possible UAF in ip6_route_mpath_notify()
+ef27f655b438b igc: avoid returning frame twice in XDP_REDIRECT
+9224fc86f1776 ice: fix uninitialized dplls mutex usage
+06e456a05d669 net: ice: Fix potential NULL pointer dereference in ice_bridge_setlink()
+2652b99e43403 ice: virtchnl: stop pretending to support RSS over AQ or registers
+89d72d4125e94 net: sparx5: Fix use after free inside sparx5_del_mact_entry
+1ca1ba465e55b geneve: make sure to pull inner header in geneve_rx()
+51270d573a8d9 tracing/net_sched: Fix tracepoints that save qdisc_dev() as a string
+b7cf07586c40f net/mlx5e: Use a memory barrier to enforce PTP WQ xmit submission tracking occurs after populating the metadata_map
+1eecc7ab82c42 net: lan78xx: fix runtime PM count underflow on link stop
+8076fcde016c9 x86/rfds: Mitigate Register File Data Sampling (RFDS)
diff --git a/cve/review/proposed/v6.7.11-sasha b/cve/review/proposed/v6.7.11-sasha
new file mode 100644
index 00000000..b11b8dd8
--- /dev/null
+++ b/cve/review/proposed/v6.7.11-sasha
@@ -0,0 +1,187 @@
+df7ecce842b84 x86/efistub: Don't clear BSS twice in mixed mode
+a20ad45008a7c spi: spi-mt65xx: Fix NULL pointer access in interrupt handler
+7eaf837a4eb5f netfilter: nf_tables: Fix a memory leak in nf_tables_updchain
+50e60de381c34 octeontx2-af: Use separate handlers for interrupts
+a88e0f936ba9a octeontx2: Detect the mbox up or down message via register
+d27e2da94a426 net/bnx2x: Prevent access to a freed page in page_pool
+55e565c42dce8 dm-integrity: fix a memory leak when rechecking the data
+32fa4366cc4da net: phy: fix phy_read_poll_timeout argument type in genphy_loopback
+bba045dc4d996 wireguard: receive: annotate data-race around receiving_counter.counter
+d5c0ed17fea60 virtio: packed: fix unmap leak for indirect desc table
+6ebfad33161af packet: annotate data-races around ignore_outgoing
+de105068fead5 nvme: fix reconnection fail due to reserved tag allocation
+e30cef001da25 net: txgbe: fix clk_name exceed MAX_DEV_ID limits
+ddbec99f58571 hsr: Fix uninit-value access in hsr_get_node()
+04d9d1fc428ac tcp: Fix refcnt handling in __inet_hash_connect().
+72ebb41b88f9d soc: fsl: dpio: fix kcalloc() argument order
+343041b59b781 net/sched: taprio: proper TCA_TAPRIO_TC_ENTRY_INDEX check
+2a750d6a5b365 rds: tcp: Fix use-after-free of net in reqsk_timer_handler().
+2ae0ab0143fcc spi: lpspi: Avoid potential use-after-free in probe()
+ca93bf607a44c thermal/drivers/mediatek/lvts_thermal: Fix a memory leak in an error handling path
+f31e0d0c2cad2 ASoC: tlv320adc3xxx: Don't strip remove function when driver is builtin
+2b4b90e053a29 x86/hyperv: Use per cpu initial stack for vtl context
+f53641a6e8490 comedi: comedi_test: Prevent timers rescheduling during deletion
+cfa9ba1ae0bef comedi: comedi_8255: Correct error in subdevice initialization
+dd839f31d7cd5 bcachefs: install fd later to avoid race with close
+719fcafe07c12 nfs: fix panic when nfs4_ff_layout_prepare_ds() fails
+9f0c4a46be1fe f2fs: fix to truncate meta inode pages forcely
+fd5860ab63415 NFS: Fix nfs_netfs_issue_read() xarray locking for writeback interrupt
+992cf65674778 Input: iqs7222 - add support for IQS7222D v1.1 and v1.2
+251a658bbfcea NFSv4.2: fix nfs4_listxattr kernel BUG at mm/usercopy.c:102
+7a8bccd8b29c3 RDMA/device: Fix a race between mad_client and cm_client init
+21ec68234826b f2fs: fix to avoid potential panic during recovery
+2f9420d3a94ae f2fs: compress: fix to cover f2fs_disable_compressed_file() w/ i_sem
+c2034ef6192a6 f2fs: fix NULL pointer dereference in f2fs_submit_page_write()
+b896e302f7967 f2fs: fix to remove unnecessary f2fs_bug_on() to avoid panic
+fd244524c2cf0 f2fs: compress: fix to cover normal cluster write with cp_rwsem
+8a430dd49e9cb f2fs: compress: fix to guarantee persisting compressed blocks by CP
+c21a8870c9861 RDMA/srpt: Do not register event handler until srpt device is fully setup
+3c4f53b2c341e scsi: hisi_sas: Fix a deadlock issue related to automatic dump
+c062166995c9e ALSA: hda/realtek: fix ALC285 issues on HP Envy x360 laptops
+f3dc1bdb6b0b0 cifs: Fix writeback data corruption
+c40497d823871 cifs: Don't use certain unnecessary folio_*() functions
+a9540e35624d1 smb: do not test the return value of folio_start_writeback()
+7938e9ce39d67 clk: zynq: Prevent null pointer dereference caused by kmalloc failure
+24338a6ae13cb sparc32: Fix section mismatch in leon_pci_grpci
+551ee0f210991 drm/msm/dpu: add division of drm_display_mode's hskew parameter
+7d474b43087aa clk: qcom: gcc-ipq5018: fix register offset for GCC_UBI0_AXI_ARES reset
+11b752ac5a07c clk: qcom: gcc-ipq5018: fix 'halt_reg' offset of 'gcc_pcie1_pipe_clk'
+f982adcc1b1c0 clk: qcom: gcc-ipq5018: fix 'enable_reg' offset of 'gcc_gmac0_sys_clk'
+ad86d7ee43b22 powerpc/hv-gpci: Fix the H_GET_PERF_COUNTER_INFO hcall return value checks
+cda9c0d556283 powerpc/pseries: Fix potential memleak in papr_get_attr()
+c958e86e9cc1b drm/mediatek: Fix a null pointer crash in mtk_drm_crtc_finish_page_flip
+73984daf07a1a drm/tests: helpers: Include missing drm_drv header
+d0b07f712bf61 media: ttpci: fix two memleaks in budget_av_attach
+b9b683844b01d media: go7007: fix a memleak in go7007_load_encoder
+7a4cf27d1f053 media: dvb-frontends: avoid stack overflow warnings with clang
+0a0b79ea55de8 media: pvrusb2: fix uaf in pvr2_context_set_notify
+c1db0073212ef HID: amd_sfh: Avoid disabling the interrupt
+ef5de1613d7d9 perf pmu: Fix a potential memory leak in perf_pmu__lookup()
+e63df1ec9a16d crypto: jitter - fix CRYPTO_JITTERENTROPY help text
+32e5a120a5105 drm/tegra: put drm_gem_object ref on error in tegra_fb_create
+aeedaee5ef546 drm/bridge: adv7511: fix crash on irq during probe
+baf67aefbe7d7 PCI: Mark 3ware-9650SE Root Port Extended Tags as broken
+49e27d3c9cd67 drm/msm/dpu: finalise global state object
+a106ed98af684 drm/msm/dpu: use devres-managed allocation for HW blocks
+1e897dcc4c673 drm/msm/dpu: use devres-managed allocation for MDP TOP
+f6aed043ee5d7 drm/amd/display: Add 'replay' NULL check in 'edp_set_replay_allow_active()'
+30baa4a96b23a media: pvrusb2: fix pvr2_stream_callback casts
+95ac1210fb275 media: pvrusb2: remove redundant NULL check
+0b70530ee7408 media: go7007: add check of return value of go7007_read_addr()
+4797a3dd46f22 media: imx: csc/scaler: fix v4l2_ctrl_handler memory leak
+3a11887f7f11a media: cedrus: h265: Fix configuring bitstream size
+aebfdfe39b932 NTB: fix possible name leak in ntb_register_device()
+aa1267e673fe5 drm: ci: use clk_ignore_unused for apq8016
+98f681b0f84cf ASoC: SOF: Add some bounds checking to firmware data
+2a3cfb9a24a28 drm/amd/display: fix NULL checks for adev->dm.dc in amdgpu_dm_fini()
+c4891d979c766 drm/radeon/ni: Fix wrong firmware size logging in ni_init_microcode()
+06267d22f9ee6 drm/msm/dpu: Only enable DSC_MODE_MULTIPLEX if dsc_merge is enabled
+2f4a67a3894e1 drm/msm/dpu: fix the programming of INTF_CFG2_DATA_HCTL_EN
+3b63880de42bd dt-bindings: msm: qcom, mdss: Include ommited fam-b compatible
+a853450bf4c75 crypto: xilinx - call finalize with bh disabled
+d0aa72604fbd8 quota: Fix potential NULL pointer dereference
+8c64f4cdf4e6c media: edia: dvbdev: fix a use-after-free
+8f94b49a5b5d3 media: v4l2-mem2mem: fix a memleak in v4l2_m2m_register_entity
+8cf9c5051076e media: v4l2-tpg: fix some memleaks in tpg_alloc
+ba535bce57e71 clk: meson: Add missing clocks to axg_clk_regmaps
+9ccfe80d022df drm/amd/display: Fix potential NULL pointer dereferences in 'dcn10_set_output_transfer_func()'
+4b09715f1504f drm/amd/display: Fix a potential buffer overflow in 'dp_dsc_clock_en_read()'
+2814646f76f85 HID: lenovo: Add middleclick_workaround sysfs knob for cptkbd
+222be59e5eed1 ASoC: SOF: amd: Fix memory leak in amd_sof_acp_probe()
+04ae3eb470e52 drm/lima: fix a memleak in lima_heap_alloc
+89709105a6091 drm/vmwgfx: fix a memleak in vmw_gmrid_man_get_node
+47a145c03484d drm/rockchip: inno_hdmi: Fix video timing
+643ae131b8598 drm/tegra: hdmi: Fix some error handling paths in tegra_hdmi_probe()
+afe6fcb977588 drm/tegra: dsi: Add missing check for of_find_device_by_node
+65e8fbde64520 dm: call the resume method on internal suspend
+84e95149bd341 nfp: flower: handle acti_netdevs allocation failure
+28330ceb953e3 OPP: debugfs: Fix warning around icc_get_name()
+0f28be64d132a erofs: fix lockdep false positives on initializing erofs_pseudo_mnt
+2c88c16dc20e8 erofs: fix handling kern_mount() failure
+0fbcf2366ba98 net: hns3: fix kernel crash when 1588 is received on HIP08 devices
+4469c0c5b14a0 net: phy: fix phy_get_internal_delay accessing an empty array
+b0ec2abf98267 net: ip_tunnel: make sure to pull inner header in ip_tunnel_rcv()
+7a4b21250bf79 bpf: Fix stackmap overflow check on 32-bit arches
+6787d916c2cf9 bpf: Fix hashtab overflow check on 32-bit arches
+281d464a34f54 bpf: Fix DEVMAP_HASH overflow check on 32-bit arches
+947ec0d002dce Bluetooth: fix use-after-free in accessing skb after sending it
+f7b94bdc1ec10 Bluetooth: af_bluetooth: Fix deadlock
+79f4127a502c5 Bluetooth: btusb: Fix memory leak
+a6e06258f4c31 Bluetooth: msft: Fix memory leak
+81137162bfaa7 Bluetooth: hci_core: Fix possible buffer overflow
+de4e88ec58c42 Bluetooth: btrtl: fix out of bounds memory access
+4fc82cd907ac0 iommu/vt-d: Don't issue ATS Invalidation request when device is disconnected
+b4152222e04cb wifi: brcm80211: handle pmk_op allocation failure
+a51ab63b297ce ACPI: CPPC: enable AMD CPPC V2 support for family 17h processors
+3cfcfc102a5e5 SUNRPC: fix some memleaks in gssx_dec_option_array
+e67b652d8e859 SUNRPC: fix a memleak in gss_import_v2_context
+aaa8736370db1 x86, relocs: Ignore relocations in .notes section
+021a67d096154 ACPI: resource: Add MAIBENBEN X577 to irq1_edge_low_force_override
+0d776cfd5e5b5 gpiolib: Pass consumer device through to core in devm_fwnode_gpiod_get_index()
+0ff08803eca41 arm64: dts: imx8mp-evk: Fix hdmi@3d node
+a5a5f4413d91f wifi: mt76: mt7925e: fix use-after-free in free_irq()
+c957280ef6ab6 wifi: mt76: mt7921e: fix use-after-free in free_irq()
+8536ef0aeae11 wifi: mt76: mt7925: add support to set ifs time by mcu command
+f1d71576d2c9e firmware: arm_scmi: Fix double free in SMC transport cleanup path
+0feda94c868d3 iommu/amd: Mark interrupt as managed
+e18afcb7b2a12 ACPI: processor_idle: Fix memory leak in acpi_processor_power_exit()
+cb5942b77c05d wifi: wilc1000: prevent use-after-free on vif when cleaning up all interfaces
+178c54666f9c4 bpf: Mark bpf_spin_{lock,unlock}() helpers with notrace correctly
+d5bd4041cd70f wifi: iwlwifi: mvm: don't set replay counters to 0xff
+903fad4394666 tools/resolve_btfids: Fix cross-compilation to non-host endianness
+d04d5882cd678 printk: Disable passing console lock owner completely during panic()
+b1c4c67a5e90d printk: ringbuffer: Skip non-finalized records in panic
+584528d621459 printk: ringbuffer: Cleanup reader terminology
+36652d0f3bf34 printk: Add this_cpu_in_panic()
+95d739ed962c9 arm64: dts: qcom: sm6115: declare VLS CLAMP register for USB3 PHY
+acb94d67f5a23 arm64: dts: qcom: qcm2290: declare VLS CLAMP register for USB3 PHY
+b8cfb7c819dd3 wifi: wfx: fix memory leak when starting AP
+92a871ab9fa59 libbpf: Use OPTS_SET() macro in bpf_xdp_query()
+cfdb4f7ffdb85 arm64: dts: ti: k3-am69-sk: remove assigned-clock-parents for unused VP
+5f0e4aede01cb wifi: libertas: fix some memleaks in lbs_allocate_cmd_buffer()
+296f3e926716d wifi: iwlwifi: acpi: fix WPFC reading
+24355fcb0d4cb wifi: ath9k: delay all of ath9k_wmi_event_tasklet() until init is complete
+5136ea6b109de arm64: dts: imx8qm: Correct edma3 power-domains and interrupt numbers
+2ef61296d2844 selftests/bpf: Disable IPv6 for lwt_redirect test
+fd5821a1a83c9 arm64: dts: qcom: sa8540p: Drop gfx.lvl as power-domain for gpucc
+883957bee580b pmdomain: qcom: rpmhpd: Drop SA8540P gfx.lvl
+5155e48128826 soc: qcom: socinfo: rename PM2250 to PM4125
+f661017e6d326 cpufreq: brcmstb-avs-cpufreq: add check for cpufreq_cpu_get's return value
+328efda22af81 wifi: wilc1000: do not realloc workqueue everytime an interface is added
+1213acb478a71 wifi: rtl8xxxu: add cancel_work_sync() for c2hcmd_work
+9636951e4468f wifi: b43: Stop/wake correct queue in DMA Tx path when QoS is disabled
+ad25ee36f0017 wifi: ath10k: fix NULL pointer dereference in ath10k_wmi_tlv_op_pull_mgmt_tx_compl_ev()
+14274d0bd31b4 timekeeping: Fix cross-timestamp interpolation for non-x86
+54e35eb8611cc x86/resctrl: Read supported bandwidth sources from CPUID
+0976783bb123f x86/resctrl: Remove hard-coded memory bandwidth limit
+f98364e926626 aoe: fix the potential use-after-free problem in aoecmd_cfg_pkts
+8ede3db5061bb io_uring/net: fix overflow check in io_recvmsg_mshot_prep()
+c55978024d123 io_uring/net: move receive multishot out of the generic msghdr path
+52307ac4f2b50 io_uring/net: unify how recvmsg and sendmsg copy in the msghdr
+03f12122b20b6 block: fix deadlock between bd_link_disk_holder and partition scan
+6cf3506587366 md: fix kmemleak of rdev->serial
+c3116e62ddeff s390/dasd: fix double module refcount decrement
+15930da42f898 workqueue: Don't call cpumask_test_cpu() with -1 CPU in wq_update_node_max_active()
+5797b1c18919c workqueue: Implement system-wide nr_active enforcement for unbound workqueues
+3948abaa4e2be do_sys_name_to_handle(): use kzalloc() to fix kernel-infoleak
+963465a33141d Input: gpio_keys_polled - suppress deferred probe error for gpio
+b3a51137607ce ASoC: amd: yc: Add HP Pavilion Aero Laptop 13-be2xxx(8BD6) into DMI quirk table
+6214e24cae9b1 ALSA: hda/realtek: Add quirks for Lenovo Thinkbook 16P laptops
+f8b0127aca8c6 ASoC: Intel: bytcr_rt5640: Add an extra entry for the Chuwi Vi8 tablet
+34b567868777e perf: RISCV: Fix panic on pmu overflow handler
+2535b848fa0f4 Bluetooth: rfcomm: Fix null-ptr-deref in rfcomm_check_security
+ed00a6945dc32 ASoC: amd: yc: Fix non-functional mic on Lenovo 21J2
+50ee641643dd0 ASoC: amd: yc: Add Lenovo ThinkBook 21J0 into DMI quirk table
+45532b21dc2a6 net: smsc95xx: add support for SYS TEC USB-SPEmodule1
+c7bb26b847e5b btrfs: fix data race at btrfs_use_block_rsv() when accessing block reserve
+e06cc89475edd btrfs: fix data races when accessing the reserved amount of block reserves
+32019c659ecfe x86/mm: Disallow vsyscall page read for copy_from_kernel_nofault()
+4d5e86a56615c RDMA/mlx5: Fix fortify source warning while accessing Eth segment
+c40aad7c81e5f ASoC: SOF: ipc4-pcm: Workaround for crashed firmware on system suspend
+1741a8269e1c5 HID: multitouch: Add required quirk for Synaptics 0xcddc device
+3693bb4465e6e x86/xen: Add some null pointer checking to smp.c
+f7fe85b229bc3 ASoC: amd: yc: Fix non-functional mic on Lenovo 82UU
+8f44e3808200c spi: intel-pci: Add support for Lunar Lake-M SPI serial flash
+551539a8606e2 ASoC: rt5645: Make LattePanda board DMI match more precise
+b979f2d50a099 soc: qcom: pmic_glink_altmode: fix drm bridge use-after-free
+aec7d25b497ce platform/x86: p2sb: On Goldmont only cache P2SB and SPI devfn BAR
diff --git a/cve/review/proposed/v6.7.6-sasha b/cve/review/proposed/v6.7.6-sasha
new file mode 100644
index 00000000..f3e3a8c8
--- /dev/null
+++ b/cve/review/proposed/v6.7.6-sasha
@@ -0,0 +1,112 @@
+bd504bcfec41a dm: limit the number of targets and parameter size area
+5bc09b397cbf1 nilfs2: fix potential bug in end_buffer_async_write
+27c5a095e2518 netfilter: ipset: Missing gc cancellations fixed
+97f7cf1cd80ee netfilter: ipset: fix performance regression in swap operation
+2394ac4145ea9 tracing: Inform kmemleak of saved_cmdlines allocation
+bdbddb109c753 tracing: Fix HAVE_DYNAMIC_FTRACE_WITH_REGS ifdef
+efe7cf828039a can: j1939: Fix UAF in j1939_sk_match_filter during setsockopt(SO_J1939_FILTER)
+6cdedc18ba7b9 can: j1939: prevent deadlock by changing j1939_socks_lock to rwlock
+fa765c4b4aed2 xen/events: close evtchn after mapping cleanup
+79d72c68c5878 fs,hugetlb: fix NULL pointer dereference in hugetlbs_fill_super
+cda4672da1c26 ceph: prevent use-after-free in encode_cap_msg()
+9cae43da98674 hv_netvsc: Register VF in netvsc_probe if NET_DEVICE_REGISTER missed
+46f5ab762d048 fs: relax mount_setattr() permission checks
+30369084ac6e2 tools/rtla: Fix clang warning about mount_point var size
+610010737f744 ASoC: amd: yc: Add DMI quirk for Lenovo Ideapad Pro 5 16ARP8
+fe752331d4b36 KVM: s390: vsie: fix race during shadow creation
+4860abb91f3d7 smb: Fix regression in writes when non-standard maximum write size negotiated
+4508ec1735709 smb: client: set correct id, uid and cruid for multiuser automounts
+8b02da04ad978 irqchip/gic-v3-its: Restore quirk probing for ACPI-based systems
+24c890dd712f6 crypto: algif_hash - Remove bogus SGL free on zero-length error path
+ccb88e9549e7c crypto: ccp - Fix null pointer dereference in __sev_platform_shutdown_locked
+38296afe3c6ee nilfs2: fix hang in nilfs_lookup_dirty_data_buffers()
+67b8bcbaed477 nilfs2: fix data corruption in dsync block recovery for small block sizes
+4639c5021029d ALSA: hda/conexant: Add quirk for SWS JS201D
+32f03f4002c5d ALSA: hda/realtek: fix mute/micmute LED For HP mt645
+a37ee9e117ef7 io_uring/net: fix multishot accept overflow handling
+a8b9cf62ade1b ftrace: Fix DIRECT_CALLS to use SAVE_REGS by default
+66bbea9ed6446 ring-buffer: Clean ring_buffer_poll_wait() error return
+e0526ec5360a4 hv_netvsc: Fix race condition between netvsc_probe and netvsc_remove
+deb110292180c drm/amd/display: Preserve original aspect ratio in create stream
+e6a7df96facdc drm/amd/display: Fix MST Null Ptr for RV
+8746c6c9dfa31 drm/buddy: Fix alloc_range() error handling code
+042b5f83841fb drm/nouveau: fix several DMA buffer leaks
+108a020c64434 ksmbd: free aux buffer if ksmbd_iov_pin_rsp_read fails
+ca185770db914 eventfs: Keep all directory links at 1
+12d823b31fadf eventfs: Remove fsnotify*() functions from lookup()
+264424dfdd5cb eventfs: Restructure eventfs_inode structure to be more condensed
+5a49f996046ba eventfs: Warn if an eventfs_inode is freed without is_freed being set
+43aa6f97c2d03 eventfs: Get rid of dentry pointers without refcounts
+8dce06e98c70a eventfs: Clean up dentry ops and add revalidate function
+408600be78cdb eventfs: Remove unused d_parent pointer field
+49304c2b93e4f tracefs: dentry lookup crapectomy
+99c001cb617df tracefs: Avoid using the ei->dentry pointer unnecessarily
+4fa4b010b83fb eventfs: Initialize the tracefs inode properly
+d81786f53aec1 tracefs: Zero out the tracefs_inode when allocating it
+834bf76add3e6 eventfs: Save directory inodes in the eventfs_inode structure
+1057066009c43 eventfs: Use kcalloc() instead of kzalloc()
+852e46e239ee6 eventfs: Do not create dentries nor inodes in iterate_shared
+53c41052ba312 eventfs: Have the inodes all for files and directories all be the same
+1de94b52d5e8d eventfs: Shortcut eventfs_iterate() by skipping entries already read
+704f960dbee2f eventfs: Read ei->entries before ei->children in eventfs_iterate()
+1e4624eb5a0ec eventfs: Do ctx->pos update for all iterations in eventfs_iterate()
+e109deadb7331 eventfs: Have eventfs_iterate() stop immediately if ei->is_freed is set
+493ec81a8fb8e eventfs: Stop using dcache_readdir() for getdents()
+b0f7e2d739b4a eventfs: Remove "lookup" parameter from create_dir/file_dentry()
+6a9d552483d50 media: rc: bpf attach/detach requires write permission
+c41336f4d6905 pmdomain: mediatek: fix race conditions with genpd
+95a0d596bbd05 iio: core: fix memleak in iio_device_register_sysfs
+9b6326354cf9a tracing/synthetic: Fix trace_string() return value
+44dc5c41b5b12 tracing: Fix wasted memory in saved_cmdlines logic
+1389358bb008e tracing/timerlat: Move hrtimer_init to timerlat_fd open()
+1513664f34028 ALSA: hda/realtek: fix mute/micmute LEDs for HP ZBook Power
+fcfc9f711d1e2 ALSA: hda/realtek - Add speaker pin verbtable for Dell dual speaker platform
+c7de2d9bb68a5 ALSA: hda/realtek: Enable headset mic on Vaio VJFE-ADL
+8b1d72395635a parisc: Fix random data corruption from exception handler
+37e8c97e53901 net: hsr: remove WARN_ONCE() in send_hsr_supervision_frame()
+bfb007aebe6bf nfc: nci: free rx_data_reassembly skb on NCI device cleanup
+2468e8922d2f6 ALSA: hda/realtek: Apply headset jack quirk for non-bass alc287 thinkpads
+99b817c173cd2 lsm: fix the logic in security_inode_getsecctx()
+faf51b201bc42 drm/amd/display: Fix dcn35 8k30 Underflow/Corruption Issue
+39079fe8e6608 drm/amd/display: fix incorrect mpc_combine array size
+7330256268664 drm/amdgpu: Reset IH OVERFLOW_CLEAR bit
+9c64e749cebd9 drm/virtio: Set segment size for virtio_gpu device
+9163616853190 Revert "drm/amd: flush any delayed gfxoff on suspend entry"
+977fe773dcc70 scsi: Revert "scsi: fcoe: Fix potential deadlock on &fip->ctlr_lock"
+337cebbd850f9 mptcp: really cope with fastopen race
+013e3179dbd2b mptcp: fix rcv space initialization
+b6c620dc43ccb mptcp: fix data re-injection from stale subflow
+0846dd77c8349 powerpc/iommu: Fix the missing iommu_group_put() during platform domain attach
+f1acb109505d9 powerpc/kasan: Limit KASAN thread size increase to 32KB
+83ef106fa732a i2c: qcom-geni: Correct I2C TRE sequence
+cffe487026be1 cifs: fix underflow in parse_server_interfaces()
+41044d5360685 PCI: Fix active state requirement in PME polling
+ed8b94f6e0acd powerpc/pseries/iommu: Fix iommu initialisation during DLPAR add
+dc9ceb90c4b42 media: ir_toy: fix a memleak in irtoy_tx
+61a348857e869 usb: dwc3: gadget: Fix NULL pointer dereference in dwc3_gadget_suspend
+12783c0b9e2c7 usb: core: Prevent null pointer dereference in update_port_device_state
+cc509b6a47e7c usb: chipidea: core: handle power lost in workqueue
+b2d2d7ea0dd09 usb: f_mass_storage: forbid async queue when shutdown happen
+3caf2b2ad7334 usb: ulpi: Fix debugfs directory leak
+c1d6708bf0d3d HID: wacom: Do not register input devices until after hid_hw_start
+f0d78972f27dc ALSA: hda/realtek: Enable Mute LED on HP Laptop 14-fq0xxx
+c6dce23ec993f ASoC: amd: yc: Add DMI quirk for MSI Bravo 15 C7VF
+0a9bab391e336 dm-crypt, dm-verity: disable tasklets
+39126abc5e206 nouveau: offload fence uevents work to workqueue
+0958b33ef5a04 tracing/trigger: Fix to return error if failed to alloc snapshot
+73d9629e1c8c1 i40e: Do not allow untrusted VF to remove administratively set MAC
+962ac2dce56bb drm/i915/dsc: Fix the macro that calculates DSCC_/DSCA_ PPS reg address
+6ef5d5b92f711 ASoC: rt5645: Fix deadlock in rt5645_jack_detect_work()
+32b55c5ff9103 net: tls: fix use-after-free with partial reads and async decrypt
+e01e3934a1b2d tls: fix race between tx work scheduling and socket close
+aec7961916f3f tls: fix race between async notify and socket close
+c57ca512f3b68 net: tls: factor out tls_*crypt_async_wait()
+15faa1f67ab40 lan966x: Fix crash when adding interface under a lag
+4e1d71cabb19e net/handshake: Fix handshake_req_destroy_test1
+aa1eec2f546f2 net/mlx5: DPLL, Fix possible use after free after delayed work timer triggers
+53c0441dd2c44 dpll: fix possible deadlock during netlink dump operation
+bb6f4dbe2639d selftests/landlock: Fix capability for net_test
+5571e41ec6e56 btrfs: don't drop extent_map for free space inode on write error
+e03ee2fe873eb btrfs: do not ASSERT() if the newly created subvolume already got read
+68fb3ca0e408e update workarounds for gcc "asm goto" issue
+4356e9f841f7f work around gcc bugs with 'asm goto' with outputs
diff --git a/cve/review/proposed/v6.7.7-sasha b/cve/review/proposed/v6.7.7-sasha
new file mode 100644
index 00000000..0dcb9a88
--- /dev/null
+++ b/cve/review/proposed/v6.7.7-sasha
@@ -0,0 +1,99 @@
+e3b63e966cac0 mm: zswap: fix missing folio cleanup in writeback race path
+9671761792156 drm/amd/display: fix null-pointer dereference on edid reading
+bae67893578d6 drm/amd/display: Fix memory leak in dm_sw_fini()
+d2b48f340d9e4 drm/amd/display: Fix potential null pointer dereference in dc_dmub_srv
+7d2a894d7f487 phonet/pep: fix racy skb_queue_empty() use
+5d78b73e85145 tools: ynl: don't leak mcast_groups on init error
+8762785f459be netfilter: nft_flow_offload: release dst in case direct xmit path is used
+9e0f0430389be netfilter: nft_flow_offload: reset dst in route object after setting up flow
+bccebf6470173 netfilter: nf_tables: set dormant flag on hook register failure
+4cd12c6065dfc bpf, sockmap: Fix NULL pointer dereference in sk_psock_verdict_data_ready()
+56667da7399eb net: implement lockless setsockopt(SO_PEEK_OFF)
+a7d6027790ace arp: Prevent overflow in arp_req_get().
+def689fc26b9a devlink: fix possible use-after-free and memory leaks in devlink_init()
+5559cea2d5aa3 ipv6: sr: fix possible use-after-free and null-ptr-deref
+6ea38e2aeb723 afs: Increase buffer size in afs_update_volume_status()
+6f7d0f5fd8e44 platform/x86: think-lmi: Fix password opcode ordering for workstations
+0281b919e175b bpf: Fix racing between bpf_timer_cancel_and_free and bpf_timer_cancel
+a5c57fd2e9bd1 powerpc/pseries/iommu: DLPAR add doesn't completely initialize pci_controller
+97dde84026339 net: stmmac: Fix incorrect dereference in interrupt handlers
+166c2c8a6a4dc net/sched: act_mirred: don't override retval if we already lost the skb
+52f671db18823 net/sched: act_mirred: use the backlog for mirred ingress
+66b60b0c8c4a1 dccp/tcp: Unhash sk from ehash for tb2 alloc failure after check_estalblished().
+dc489f86257ca net: bridge: switchdev: Skip MDB replays of deferred events on offload
+5761eb9761d2d scsi: smartpqi: Fix disable_managed_interrupts
+2127c60438366 xsk: Add truesize to skb_add_rx_frag().
+5ba4e6d5863c5 RDMA/qedr: Fix qedr_create_user_qp error flow
+fdfa083549de5 RDMA/srpt: Support specifying the srpt_service_guid parameter
+666047f3ece9f RDMA/irdma: Set the CQ read threshold for GEN 1
+bd97cea7b18a0 RDMA/irdma: Fix KASAN issue with tasklet
+809aa64ebff51 IB/hfi1: Fix a memleak in init_credit_return
+a538dabf772c1 Revert "drm/amd/display: increased min_dcfclk_mhz and min_fclk_mhz"
+97cba232549b9 drm/amd/display: Fix buffer overflow in 'get_host_router_total_dp_tunnel_bw()'
+45be0882c5f91 smb3: add missing null server pointer check
+51af8f255bdac ahci: Extend ASM1061 43-bit DMA address quirk to other ASM106x parts
+967d3c27127e7 mptcp: fix data races on remote_id
+1c9be13846c0b usb: roles: fix NULL pointer issue when put module's reference
+76c51146820c5 usb: gadget: ncm: Avoid dropping datagrams of properly parsed NTBs
+5fd9e45f1ebcd usb: cdns3: fix memory double free when handle zero packet
+cd45f99034b0c usb: cdns3: fixed memory use after free at cdns3_gadget_ep_disable()
+b191a18cb5c47 usb: dwc3: gadget: Don't disconnect if not started
+66ad2fbcdbeab dm-integrity, dm-verity: reduce stack usage for recheck
+359e54a93ab43 l2tp: pass correct message length to ip6_append_data
+fb33a46cd75e1 irqchip/mbigen: Don't use bus_get_dev_root() to find the parent
+c0ec2a712daf1 crypto: virtio/akcipher - Fix stack overflow on memcpy
+136cfaca22567 gtp: fix use-after-free and null-ptr-deref in gtp_genl_dump_pdp()
+9e46c70e829bd md: Don't suspend the array for interrupted reshape
+e21a2f17566cb cachefiles: fix memory leak in cachefiles_add_cache()
+dbcbfd662a725 platform/x86: touchscreen_dmi: Allow partial (prefix) matches for ACPI names
+13ddaf26be324 mm/swap: fix race when skipping swapcache
+de959094eb219 scsi: target: pscsi: Fix bio_put() for error case
+eef5c7b28dbec cxl/pci: Skip to handle RAS errors if CXL.mem device is detached
+50c70240097ce dm-crypt: don't modify the data when using authenticated encryption
+1eb1e984379e2 lib/Kconfig.debug: TEST_IOV_ITER depends on MMU
+b820de741ae48 fs/aio: Restrict kiocb_set_cancel_fn() to I/O submitted via libaio
+bd915ae73a2d7 drm/meson: Don't remove bridges which are created by other drivers
+e42b9d8b9ea26 btrfs: defrag: avoid unnecessary defrag caused by incorrect extent size
+752cd08da320a LoongArch: Update cpu_sibling_map when disabling nonboot CPUs
+1001db6c42e40 LoongArch: Disable IRQ before init_fn() for nonboot CPUs
+baf8361e54550 x86/bugs: Add asm helpers for executing VERW
+e6f57c6881916 IB/hfi1: Fix sdma.h tx->num_descs off-by-one error
+5f3bce13266e6 drm/amd/display: Request usb4 bw for mst streams
+cca5efe77a6a2 LoongArch: vDSO: Disable UBSAN instrumentation
+4551b30525cf3 LoongArch: Change acpi_core_pic[NR_CPUS] to acpi_core_pic[MAX_CORE_PIC]
+b513d30d59bb3 scsi: ufs: core: Fix shift issue in ufshcd_clear_cmd()
+de1034b38a346 efi: runtime: Fix potential overflow of soft-reserved region size
+731ab1f982880 fs/ntfs3: Fix oob in ntfs_listxattr
+652cfeb43d6b9 fs/ntfs3: Fixed overflow check in mi_enum_attr()
+aaab47f204aaf fs/ntfs3: Add NULL ptr dereference checking at the end of attr_allocate_frame()
+4255447ad34c5 Input: i8042 - add Fujitsu Lifebook U728 to i8042 quirk table
+710c69dbaccda nvmet-fc: avoid deadlock on delete association path
+70fbfc47a392b nvme-fc: do not wait in vain when unloading module
+eaa1b01fe709d ALSA: usb-audio: Ignore clock selector errors for single connection
+daf3f0f99cde9 ASoC: wm_adsp: Don't overwrite fwf_name with the default
+2ff33c759a424 drm/amd/display: increased min_dcfclk_mhz and min_fclk_mhz
+80441f76ee670 Input: xpad - add Lenovo Legion Go controllers
+6500ad28fd5d6 spi: sh-msiof: avoid integer overflow in constants
+346f59d1e8ed0 ALSA: usb-audio: Check presence of valid altsetting control
+f3be347ea42db usb: ucsi_acpi: Quirk to ack a connector change ack cmd
+47c5dd66c1840 nvmet-tcp: fix nvme tcp ida memory leak
+b6eda11c44dc8 HID: nvidia-shield: Add missing null pointer checks to LED initialization
+6e2276203ac9f dmaengine: ti: edma: Add some null pointer checks to the edma_probe
+180a8f12c21f4 Input: goodix - accept ACPI resources with gpio_count == 3 && gpio_int_idx == 0
+832698373a259 ext4: avoid allocating blocks from corrupted group in ext4_mb_find_by_goal()
+4530b3660d396 ext4: avoid allocating blocks from corrupted group in ext4_mb_try_best_found()
+993bf0f4c393b ext4: avoid dividing by 0 in mb_update_avg_fragment_size() when block bitmap corrupt
+1abdf288b0ef5 platform/x86: touchscreen_dmi: Add info for the TECLAST X16 Plus tablet
+20730e9b27787 ahci: add 43-bit DMA address quirk for ASMedia ASM1061 controllers
+e169bd4fb2b36 aoe: avoid potential deadlock at set_capacity
+0077a504e1a44 ahci: asm1166: correct count of reported ports
+8deb05c84b63b smb: Work around Clang __bdos() type confusion
+13f3956eb5681 block: Fix WARNING in _copy_from_iter
+de8b6e1c231a9 spi: hisi-sfc-v3xx: Return IRQ_NONE if no interrupts were detected
+8afe3c7fcaf72 spi: intel-pci: Add support for Arrow Lake SPI serial flash
+bcbc84af1183c wifi: mac80211: fix race condition on enabling fast-xmit
+6386f6c995b3a dmaengine: fsl-qdma: increase size of 'irq_name'
+83ab68168a3d9 scsi: target: core: Add TMF to tmr_list handling
+12c16919652b5 tools: selftests: riscv: Fix compile warnings in mm tests
+fb4cece17b458 scsi: smartpqi: Fix logical volume rescan race condition
+c6d5aa44eaf6d scsi: smartpqi: Add new controller PCI IDs
diff --git a/cve/review/proposed/v6.7.8-sasha b/cve/review/proposed/v6.7.8-sasha
new file mode 100644
index 00000000..e69de29b
--- /dev/null
+++ b/cve/review/proposed/v6.7.8-sasha
diff --git a/cve/review/proposed/v6.7.9-sasha b/cve/review/proposed/v6.7.9-sasha
new file mode 100644
index 00000000..87e1d799
--- /dev/null
+++ b/cve/review/proposed/v6.7.9-sasha
@@ -0,0 +1,58 @@
+fad87dbd48156 powerpc/rtas: use correct function name for resetting TCE tables
+09a3c1e461421 powerpc/pseries/iommu: IOMMU table is not initialized for kdump over SR-IOV
+d3ea125df37dc dmaengine: idxd: Ensure safe user copy of completion record
+d4c08d8b23b22 phy: qcom-qmp-usb: fix v3 offsets data
+bbcc1c83f343e dmaengine: dw-edma: eDMA: Add sync read before starting the DMA transfer in remote setup
+712a92a48158e dmaengine: dw-edma: HDMA: Add sync read before starting the DMA transfer in remote setup
+aa82ac51d6332 af_unix: Drop oob_skb ref before purging queue in GC.
+25236c91b5ab4 af_unix: Fix task hung while purging oob_skb in GC.
+5fa917a67a034 NFS: Fix data corruption caused by congestion.
+d6a9608af9a75 mptcp: fix possible deadlock in subflow diag
+10048689def7e mptcp: fix double-free on socket dismantle
+2774f256e7c02 mm/vmscan: fix a bug calling wakeup_kswapd() with a wrong zone index
+720da1e593b85 mm/debug_vm_pgtable: fix BUG_ON with pud advanced test
+2a93c6cbd5a70 pmdomain: qcom: rpmhpd: Fix enabled_corner aggregation
+eb5555d422d0f pmdomain: arm: Fix NULL dereference on scmi_perf_domain removal
+f45812cc23fb7 efivarfs: Request at most 512 bytes for variable names
+cf7c2789822db iommufd: Fix protection fault in iommufd_test_syz_conv_iova
+aeb004c0cd695 iommufd: Fix iopt_access_list_id overwrite bug
+6b1ba3f9040be mmc: mmci: stm32: fix DMA API overlapping mappings warning
+87a39071e0b63 dmaengine: fsl-qdma: init irq after reg initialization
+1c0cf6d196901 crypto: arm64/neonbs - fix out-of-bounds access on short input
+9d739bccf261d dmaengine: fsl-qdma: fix SoC may hang on 16 byte unaligned read
+f79ee78767ca6 soc: qcom: pmic_glink: Fix boot when QRTR=m
+9845664b9ee47 btrfs: dev-replace: properly validate device names
+e2b54eaf28df0 btrfs: fix double free of anonymous device after snapshot creation failure
+f78c1375339a2 wifi: nl80211: reject iftype change with mesh ID change
+616d82c3cfa2a gtp: fix use-after-free and null-ptr-deref in gtp_newlink()
+c17d2a7b216e1 Bluetooth: hci_bcm4377: do not mark valid bd_addr as invalid
+0ac32a396e4f4 ALSA: hda/realtek: Add special fixup for Lenovo 14IRP8
+67c3d7717efbd ALSA: hda/realtek: fix mute/micmute LED For HP mt440
+1fdf4e8be7059 ALSA: hda/realtek: Enable Mute LED on HP 840 G8 (MB 8AB8)
+c1947ce61ff4c ALSA: hda/realtek: tas2781: enable subwoofer volume control
+2f03fc340cac9 tomoyo: fix UAF write bug in tomoyo_write_control()
+f6ecfdad359a0 drm/nouveau: keep DMA buffers required for suspend/resume
+a1a4a9ca77f14 btrfs: fix race between ordered extent completion and fiemap
+682dc133f83e0 drivers: perf: ctr_get_width function for legacy is not defined
+0f8ca019544a2 drm/amd/display: Prevent potential buffer overflow in map_hw_resources
+5f7a07646655f afs: Fix endless loop in directory parsing
+00d6a284fcf3f fbcon: always restore the old font data in fbcon_do_set_font()
+c14f09f010cc5 ASoC: cs35l56: Fix deadlock in ASP1 mixer register initialization
+1fa8d07ae1a5f gpu: host1x: Skip reset assert on Tegra186
+2df70149e73e7 power: supply: bq27xxx-i2c: Do not free non existing IRQ
+13114dc554306 tls: fix use-after-free on failed backlog decryption
+41532b785e9d7 tls: separate no-async decryption request handling from async
+743ad091fb46e rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing back
+62e7151ae3eb4 netfilter: bridge: confirm multicast packets before passing them up the stack
+7dcd3e014aa7f Bluetooth: hci_qca: Set BDA quirk bit if fwnode exists in DT
+7e74aa53a68bf Bluetooth: hci_event: Fix handling of HCI_EV_IO_CAPA_REQUEST
+2449007d3f73b Bluetooth: Avoid potential use-after-free in hci_error_reset
+8af411bbba1f4 stmmac: Clear variable when destroying workqueue
+10bfd453da64a ipv6: fix potential "struct net" leak in inet6_rtm_getaddr()
+fe9f801355f0b net: veth: clear GRO when clearing XDP even when down
+3773d65ae5154 net: mctp: take ownership of skb in mctp_local_output
+5ae1e9922bbdb net: ip_tunnel: prevent perpetual headroom growth
+9a0d18853c280 netlink: add nla be16/32 types to minlen array
+661779e1fcafe netlink: Fix kernel-infoleak-after-free in __skb_datagram_iter
+959043afe53ae spi: cadence-qspi: remove system-wide suspend helper calls from runtime PM hooks
+32ce3bb57b6b4 spi: cadence-qspi: fix pointer reference in runtime PM hooks