- [5.14.0-284.30.0.1.el9_2.OL9] - x86/tsx: Add a feature bit for TSX control MSR support {CVE-2023-1637} - x86/speculation: Restore speculation related MSRs {CVE-2023-1637} - x86/pm: Save the MSR validity status at context setup {CVE-2023-1637} - x86/pm: Fix false positive kmemleak report in msr_build_context {CVE-2023-1637} - x86/cpu: Restore AMD"s DE_CFG MSR after resume {CVE-2023-1637} - x86/pm: Add enumeration check before spec MSRs {CVE-2023-1637} - arm64: efi: Execute runtime services from a dedicated {CVE-2023-21102} - netfilter: nf_tables: incorrect error path handling with NFT_MSG_NEWRULE {CVE-2023-3390} - netfilter: nf_tables: add NFT_TRANS_PREPARE_ERROR to deal with bound set/chain {CVE-2023-3390} - netfilter: nf_tables: unbind non-anonymous set if rule construction fails {CVE-2023-3390} - netfilter: nf_tables: disallow rule addition to bound chain via NFTA_RULE_CHAIN_ID {CVE-2023-4147} - netfilter: nf_tables: do not ignore genmask when looking up chain by id {CVE-2023-31248} - netfilter: nf_tables: prevent OOB access in nft_byteorder_eval {CVE-2023-35001} - netfilter: nft_set_pipapo: fix improper element removal {CVE-2023-4004} - net/sched: cls_fw: Fix improper refcount update leads to use-after-free {CVE-2023-3776}