Two fixes are worth mentioning: the first is about handling vulnerable Intel CPUs, the second addresses the Copy-on-Write mechanism.
MMIO Stale Data Vulnerabilities
Linux kernel "knows" which CPU vulnerabilities exists on a CPU it is running on, including this popular class of vulnerabilities of Intel processors. In the heart of this particular type of weakness is the fact that there some internal buffers in CPUs holding data that can be exposed to an unauthorized party if he does a specially-crafted sequence of operations utilizing MMIO access (that is, when CPU addresses peripheral devices using normal memory addressing). So kernel holds information of processors and corresponding bugs for each of them. This information is presented via standard sysfs interface. The problem was that some processors are really old products neither sold nor supported by the vendor. So they will never be patched with a new microcode to fix the MMIO problem. And their MMIO bug status was shown as "Not affected", which is, strictly speaking, not true: they may be vulnerable, and may be not, we don't know.
This kernel fix introduces a new constant X86_BUG_MMIO_UNKNOWN to eliminate this logical confusion.
Copy-on-Write Vulnerability
In August, a Redhat developer David Hildenbrand found a new vulnerability (CVE-2022-2590) in the way how Linux kernel works with shared memory. An unprivileged user can modify file content of a shmem/tmpfs file, even if that user does not have write permissions to the file. The file could be an executable. X86_64 Linux versions 5.16 and newer were affected.
Useful Links