Out of scope: User-mode Linux isn't supported for current kernel

mmc: davinci: Don't strip remove function when driver is builtin

watchdog: cpu5wdt.c: Fix use-after-free bug caused by cpu5wdt_trigger

stm class: Fix a double free in stm_register_device()

Out of scope: not affected

drm: zynqmp_dpsub: Always register bridge

tpm_tis_spi: Account for SPI header when allocating TPM SPI xfer buffer

dma-mapping: benchmark: handle NUMA_NO_NODE correctly

Out of scope: RISC V architecture isn't supported for current kernel

9p: add missing locking around taking dentry fid list

net: sched: sch_multiq: fix possible OOB write in multiq_tune()

usb: typec: tcpm: fix use-after-free case in

drm/i915/hwmon: Get rid of devm

kdb: Fix buffer overflow during tab-complete

net/mlx5: Always stop health timer during driver removal

jfs: xattr: fix buffer overflow for invalid xattr

Postponed: complex analysis and adaptation required

Postponed: complex analysis and adaptation required

btrfs: zoned: fix use-after-free due to race with dev replace

greybus: Fix use-after-free bug in gb_interface_release due to race condition.

ima: Fix use-after-free on a dentry's dname.name

net: fix __dst_negative_advice() race

scsi: mpi3mr: Sanitise num_phys

drm/amdgpu: Using uninitialized value *size when calling amdgpu_vce_cs_reloc

tcp_metrics: validate source addr length

tcp_metrics: validate source addr length

net: dsa: mv88e6xxx: Correct check for empty list

f2fs: check validation of fault attrs in f2fs_build_fault_attr()

f2fs: Add inline to f2fs_build_fault_attr() stub

Postponed: complex analysis and adaptation required

netem: fix return value if duplicate enqueue fails

sch/netem: fix use after free in netem_dequeue

exec: Fix ToCToU between perm check and set-uid/gid usage

RDMA/iwcm: Fix a use-after-free related to destroying CM IDs

dev/parport: fix the array out-of-bounds risk

net: microchip: vcap: Fix use-after-free error in kunit test

of/irq: Prevent device address out-of-bounds read in interrupt map walk

of/irq: Fix using uninitialized variable @addr_len in API of_irq_parse_one()

drm/amdgpu: fix ucode out-of-bounds read warning

drm/amdgpu: Fix out-of-bounds read of df_v1_7_channel_number

HID: cougar: fix slab-out-of-bounds Read in cougar_report_fixup

drm/amd/pm: fix the Out-of-bounds read warning

Out of scope as the patch is for powerpc arch only, x86_64 is not affected

mptcp: pm: Fix uaf in __timer_delete_sync

net: dpaa: Pad packets to ETH_ZLEN

Patched function waits for external events, which may prevent patching/unpatching.

tipc: Return non-zero value from tipc_udp_addr2str() on error

hwmon: (ltc2991) re-order conditions to fix off by one bug

Out of scope: RISC V architecture isn't supported for current kernel

net: bridge: mcast: wait for previous gc cycles when removing port

media: xc2028: avoid use-after-free in load_firmware_cb()

drm/mgag200: Bind I2C lifetime to DRM device

drm/amdgpu: Validate TA binary size

drm/xe: Free job before xe_exec_queue_put

scsi: aacraid: Fix double-free on probe failure

hwmon: (nct6775-core) Fix underflows seen when writing limit attributes

drm/amdgpu: Fix out-of-bounds write warning

drm/amd/pm: Fix negative array index read

drm/amd/display: Check gpio_id before used as array index

drm/amd/display: Check num_valid_sets before accessing reader_wm_sets[]

drm/amd/display: Check msg_id before processing transcation

drm/amd/display: Skip inactive planes within ModeSupportAndSystemConfiguration

atm: idt77252: prevent use after free in dequeue_rx()

wifi: rtw89: Fix array index mistake in rtw89_sta_info_get_iter()

iio: Fix the sorting functionality in iio_gts_build_avail_time_table

vhost/vsock: always initialize seqpacket_allow

btrfs: fix extent map use-after-free when adding pages to compressed bio

media: venus: fix use after free in vdec_close

Squashfs: sanity check symbolic link size

misc: fastrpc: Fix double free of 'buf' in error path

binder: fix UAF caused by offsets overwrite

drm/amd/display: Fix index may exceed array range within fpu_update_bw_bounding_box

drm/amd/display: Check link_index before accessing dc->links[]

KVM: x86: Acquire kvm->srcu when handling KVM_SET_VCPU_EVENTS

tracing/timerlat: Only clear timer if a kthread exists

sched: sch_cake: fix bulk flow accounting logic for host fairness

usb: gadget: aspeed_udc: validate endpoint index for ast udc

HID: amd_sfh: free driver_data after destroying hid device

mm: list_lru: fix UAF for memory cgroup

f2fs: fix to cover read extent cache access with lock

VMCI: Fix use-after-free when removing resource in vmci_resource_remove()

hwmon: (w83627ehf) Fix underflows seen when writing limit attributes

hwmon: (lm95234) Fix underflows seen when writing limit attributes

hwmon: (adc128d818) Fix underflows seen when writing limit attributes

Architecture is not supported

ipv6: fix possible UAF in ip6_finish_output2()

ipv6: prevent possible UAF in ip6_xmit()

smack: tcp: ipv4, fix incorrect labeling

ext4: no need to continue when the number of entries is 1

net/sched: stop qdisc_tree_reduce_backlog on TC_H_ROOT

vsock/virtio: Initialization of the dangling pointer occurring in vsk->trans

hv_sock: Initializing vsk->trans to NULL to prevent a dangling pointer

netfilter: ipset: add missing range check in bitmap_ip_uadt

net: sched: fix ordering of qlen adjustment

netfilter: nf_reject_ipv6: fix nf_reject_ip6_tcphdr_put()

ocfs2: add bounds checking to ocfs2_xattr_find_entry()

bpf: Fix use-after-free in bpf_uprobe_multi_link_attach()

scsi: sd: Fix off-by-one error in sd_read_block_characteristics()

RDMA/rtrs-clt: Reset cid to con_num - 1 to stay in bounds

drivers: media: dvb-frontends/rtl2830: fix an out-of-bounds write error

drivers: media: dvb-frontends/rtl2832: fix an out-of-bounds write error

ext4: return error on ext4_find_inline_entry

ext4: avoid OOB when system.data xattr changes underneath the filesystem

RDMA/iwcm: Fix WARNING:at_kernel/workqueue.c:#check_flush_dependency

RDMA/iwcm: Fix WARNING:at_kernel/workqueue.c:#check_flush_dependency

f2fs: fix to avoid use-after-free in f2fs_stop_gc_thread()

[PATCH] wifi: rtw88: always wait for both firmware loading attempts

crypto: hisilicon/qm - inject error before stopping queue

PCI: kirin: Fix buffer overflow in kirin_pcie_parse_port()

RDMA/hns: Fix Use-After-Free of rsv_qp on HIP08

vhost_vdpa: assign irq bypass producer token correctly

firmware_loader: Block path traversal

x86/tdx: Fix "in-kernel MMIO" check

crypto: iaa - Fix potential use after free bug

mm: call the security_mmap_file() LSM hook in remap_file_pages()

iommufd: Protect against overflow of ALIGN() during iova allocation

Out of scope: ARM architecture isn't supported for current kernel

net: ethernet: lantiq_etop: fix memory disclosure

tipc: guard against string buffer overrun

ALSA: asihpi: Fix potential OOB array access

drm/amdkfd: amdkfd_free_gtt_mem clear the correct pointer

drm/amd/display: fix double free issue during amdgpu module unload

mac802154: Fix potential RCU dereference issue in mac802154_scan_worker

Out of scope: android related patch.

firmware: arm_scmi: Fix double free in OPTEE transport

scsi: elx: libefc: Fix potential use after free in efc_nport_vport_del()

drm/amd/display: Fix index out of bounds in DCN30 degamma hardware format translation

drm/amd/display: Fix index out of bounds in degamma hardware format translation

ext4: avoid use-after-free in ext4_ext_show_leaf()

ext4: aovid use-after-free in ext4_ext_insert_extent()

ext4: fix double brelse() the buffer of the extents path

ext4: fix off by one issue in alloc_flex_gd()

ext4: fix slab-use-after-free in ext4_split_extent_at()

Bluetooth: L2CAP: Fix uaf in l2cap_connect

net/xen-netback: prevent UAF in xenvif_flush_hash()

wifi: ath12k: fix array out-of-bound access in SoC stats

wifi: ath11k: fix array out-of-bound access in SoC stats

drm/amd/display: Fix index out of bounds in DCN30 color transformation

ext4: drop ppath from ext4_ext_replay_update_ex() to avoid double-free

ext4: fix timer use-after-free on failed mount

ocfs2: cancel dqi_sync_work before freeing oinfo

aoe: fix the potential use-after-free problem in more places

fbdev: pxafb: Fix possible use after free in pxafb_task()

jfs: fix out-of-bounds in dbNextAG() and diAlloc()

net: seeq: Fix use after free vulnerability in ether3 Driver Due to Race Condition

nilfs2: fix potential oob read in nilfs_btree_check_delete()

nbd: fix race between timeout and normal completion

ACPI: sysfs: validate return type of _STR method

jfs: fix out-of-bounds in dbNextAG() and diAlloc()

powercap: intel_rapl: Fix off by one in get_rpi()

i3c: master: svc: Fix use after free vulnerability in svc_i3c_master Driver Due to Race Condition

jfs: Fix uninit-value access of new_ea in ea_buffer

jfs: Fix uaf in dbFreeBits

wifi: rtw89: avoid reading out of bounds when loading TX power FW elements

media: venus: fix use after free bug in venus_remove due to race condition

btrfs: fix race setting file private on concurrent lseek using same fd

btrfs: fix race setting file private on concurrent lseek using same fd

[PATCH 1/1] ocfs2: strict bound check before memcmp in ocfs2_xattr_find_entry()

[PATCH 1/1] USB: usbtmc: prevent kernel-usb-infoleak

[PATCH 1/1] wifi: iwlwifi: mvm: don't wait for tx queues if firmware is dead

[PATCH 1/1] wifi: iwlwifi: mvm: pause TCM when the firmware is stopped

[PATCH 1/1] exfat: resolve memory leak from exfat_create_upcase_table()

[PATCH 1/1] icmp: change the order of rate limits

[PATCH 1/1] icmp: change the order of rate limits

[PATCH 1/1] vfs: fix race between evice_inodes() and find_inode()&iput()

[PATCH 1/1] nfsd: return -EINVAL when namelen is 0

[PATCH 1/1] IB/core: Fix ib_cache_setup_one error flow cleanup

[PATCH] ntb: intel: Fix the NULL vs IS_ERR() bug for debugfs_create_dir()

media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format

fbdev: sisfb: Fix strbuf array overflow

net: explicitly clear the sk pointer, when pf->create fails

btrfs: fix uninitialized pointer free in add_inode_ref()

tcp: fix mptcp DSS corruption due to large pmtu xmit

xsk: fix OOB map writes when deleting elements

wifi: ath9k: add range check for conn_rsp_epid in htc_connect_service()

Out of scope: SuperH architecture isn't supported for current kernel

btrfs: fix use-after-free in btrfs_encoded_read_endio()

drm/xe/vm: move xa_alloc to prevent UAF

driver core: bus: Fix double free in driver API bus_register()

smb: client: fix UAF in async decryption

Bluetooth: hci_conn: Fix UAF in hci_enhanced_setup_sync

net: microchip: vcap api: Fix memory leaks in vcap_api_encode_rule_test()

parport: Proper fix for array out-of-bounds access

tty: n_gsm: Fix use-after-free in gsm_cleanup_mux

i3c: master: cdns: Fix use after free vulnerability in cdns_i3c_master Driver Due to Race Condition

ntb: ntb_hw_switchtec: Fix use after free vulnerability in switchtec_ntb_remove due to race condition

ice: Fix increasing MSI-X on VF

net: do not delay dst_entries_add() in dst_release()

ppp: fix ppp_async_encode() illegal access

slip: make slhc_remember() more robust against malicious packets

bpf: Prevent tail call between progs attached to different hooks

bpf: Prevent tail call between progs attached to different hooks

mm/mremap: fix move_normal_pmd/retract_page_tables race

Out of scope: patch for x86_32 arch

wifi: nl80211: fix NL80211_ATTR_MLO_LINK_ID off-by-one

wifi: nl80211: fix NL80211_ATTR_MLO_LINK_ID off-by-one

ksmbd: unset the binding mark of a reused connection

ksmbd: fix user-after-free from session log off

ksmbd: fix user-after-free from session log off

jfs: array-index-out-of-bounds fix in dtReadFirst

jfs: add a check to prevent array-index-out-of-bounds in dbAdjTree

HID: core: zero-initialize the report buffer

net: defer final 'struct net' free in netns dismantle

net: defer final 'struct net' free in netns dismantle

drm/dp_mst: Skip CSN if topology probing is not done yet (dependency)

drm/dp_mst: Ensure mst_primary pointer is valid in drm_dp_mst_handle_up_req()

blk-cgroup: Fix UAF in blkcg_unpin_online()

media: dvbdev: prevent the risk of out of memory access

uprobe: avoid out-of-bounds memory access of fetching args

tracing: Consider the NULL character when validating the event length

net: sched: fix use-after-free in taprio_change()

net: sched: use RCU read-side critical section in taprio_dump()

Bluetooth: SCO: Fix UAF on sco_sock_timeout

Bluetooth: ISO: Fix UAF on iso_sock_timeout

nfsd: cancel nfsd_shrinker_work using sync mode in nfs4_state_shutdown_net

spi: mpc52xx: Add cancel_work_sync before module remove

RDMA/bnxt_re: Add a check for memory allocation

firmware: arm_scmi: Fix the double free in scmi_debugfs_common_setup()

RDMA/bnxt_re: Fix out of bound check

netdevsim: use cond_resched() in nsim_dev_trap_report_work()

tcp/dccp: Don't use timer_pending() in reqsk_queue_unlink().

tcp: Fix use-after-free of nreq in reqsk_timer_handler().

smb: client: fix OOBs when building SMB2_IOCTL request

udf: fix uninit-value use in udf_get_fileshortad

Out of scope: ARM64 architecture issue

nvmet-auth: assign dh_key to NULL after kfree_sensitive

macsec: Fix use-after-free while sending the offloading packet

bpf: Fix out-of-bounds write in trie_get_next_key()

netfilter: Fix use-after-free in get_info()

fs/ntfs3: Add rough attr alloc_size check

fs/ntfs3: Additional check in ntfs_file_release

wifi: cfg80211: clear wdev->cqm_config pointer on free

iov_iter: fix copy_page_from_iter_atomic() if KMAP_LOCAL_FORCE_MAP

nilfs2: fix kernel bug due to missing clearing of checked flag

wifi: iwlwifi: mvm: Fix response handling in iwl_mvm_send_recovery_cmd()

media: s5p-jpeg: prevent buffer overflows

ksmbd: fix slab-use-after-free in ksmbd_smb2_session_create

ksmbd: fix slab-use-after-free in smb3_preauth_hash_rsp

drm/amdgpu: add missing size check in amdgpu_debugfs_gprwave_read()

dm cache: fix flushing uninitialized delayed_work on cache_ctr error

net: vertexcom: mse102x: Fix possible double free of TX skb

usb: musb: sunxi: Fix accessing an released usb phy

USB: serial: io_edgeport: fix use after free in debug printk

iscsi_ibft: Fix UBSAN shift-out-of-bounds warning in ibft_attr_show_nic()

ksmbd: fix Out-of-Bounds Read in ksmbd_vfs_stream_read

wifi: iwlegacy: Clear stale interrupts before resuming device

security/keys: fix slab-out-of-bounds in key_task_permission

virtio_net: Add hash_key_length check

dm cache: fix out-of-bounds access to the dirty bitset when resizing

arm64/sve: Discard stale CPU state when handling SVE traps

media: mgb4: protect driver against spectre

bpf: Check validity of link->type in bpf_link_show_fdinfo()

drm/amd/display: Adjust VSDB parser for replay feature

crypto: qat/qat_4xxx - fix off by one in uof_get_name()

ocfs2: fix uninitialized value in ocfs2_file_read_iter()

netfilter: x_tables: fix LED ID check in led_tg_check()

The ADDRESS_MASKING config option cannot be turned off. LAM (linear address masking) would be fatal for applications using it.

block, bfq: fix bfqq uaf in bfq_limit_depth()

firmware: arm_scmi: Fix slab-use-after-free in scmi_bus_notifier()

smb: client: Fix use-after-free of network namespace.

smb: client: fix TCP timers deadlock after rmmod

sctp: fix possible UAF in sctp_v6_available()

vdpa: solidrun: Fix UB bug with devres

mm: avoid unsafe VMA hook invocation when error arises on mmap hook

mm: unconditionally close VMAs on error

mm: refactor map_deny_write_exec()

mm: refactor arch_calc_vm_flag_bits() and arm64 MTE handling

mm: resolve faulty mmap_region() error path behaviour

mm: reinstate ability to map write-sealed memfd mappings read-only

drm/amd/display: Handle dml allocation failure to avoid crash

Patch affects initramfs

ALSA: usb-audio: Fix out of bounds reads when finding clock sources

sunrpc: fix one UAF issue caused by sunrpc kernel tcp socket

ubifs: authentication: Fix use-after-free in ubifs_tnc_end_commit

NFSv4.0: Fix a use-after-free problem in the asynchronous open()

SUNRPC: make sure cache entry active before cache_show

smb: client: fix NULL ptr deref in crypto_aead_setkey()

wifi: ath12k: fix warning when unbinding

ALSA: usb-audio: Fix potential out-of-bound accesses for Extigy and Mbox devices

ALSA: usb-audio: Fix a DMA to stack memory bug

usb: typec: fix potential array underflow in ucsi_ccg_sync_control()

Bluetooth: MGMT: Fix slab-use-after-free Read in set_powered_sync

Bluetooth: fix use-after-free in device_for_each_child()

scsi: bfa: Fix use-after-free in bfad_im_module_exit()

drm: zynqmp_kms: Unplug DRM device before removal

f2fs: fix race in concurrent f2fs_stop_gc_thread

net: usb: lan78xx: Fix double free issue with interrupt buffer allocation

drm/amdgpu: fix usage slab after free

Out of scope: IBM System/390 architecture isn't supported for current kernel

Out of scope: RISC V architecture isn't supported for current kernel

idpf: avoid vport access in idpf_get_link_ksettings

idpf: avoid vport access in idpf_get_link_ksettings

Out of scope: not affected

cxl/port: Fix use-after-free, permit out-of-order decoder shutdown

af_packet: avoid erroring out after sock_init_data() in packet_create()

drm/amd/display: Fix out-of-bounds access in 'dcn21_link_encoder_create'

bpf: fix OOB devmap writes when deleting elements

nilfs2: fix potential out-of-bounds memory access in nilfs_find_entry()

ksmbd: fix Out-of-Bounds Write in ksmbd_vfs_stream_write

scsi: sg: Fix slab-use-after-free read in sg_release()

net: avoid potential UAF in default_operstate()

net/smc: fix LGR and link use-after-free issue

tipc: Fix use-after-free of kernel socket in cleanup_bearer().

tipc: fix NULL deref in cleanup_bearer()

can: hi311x: hi3110_can_ist(): fix potential use-after-free

powerpc arch not supported

brd: defer automatic disk creation until module initialization succeeds

EDAC/igen6: Avoid segmentation fault on module unload

powerpc: arch is not supported

9p/xen: fix release of IRQ

jffs2: Prevent rtime decompress memory corruption

jffs2: Fix rtime decompressor

kunit: string-stream: Fix a UAF bug in kunit_init_suite()

drm/amd/display: Fix handling of plane refcount

net: sched: Disallow replacing of child qdisc from one parent to another

KVM: nSVM: Ignore nCR3[4:0] when loading PDPTEs from memory

iomap: improve shared block detection in iomap_unshare_iter

iomap: don't bother unsharing delalloc extents

iomap: share iomap_unshare_iter predicate code with fsdax

fsdax: remove zeroing code from dax_unshare_iter

fsdax: dax_unshare_iter needs to copy entire blocks

fs/ntfs3: Check if more than chunk-size bytes are written

dm cache: optimize dirty bit checking with find_next_bit when resizing

dm cache: fix potential out-of-bounds access on the first resume

usb: typec: fix potential out of bounds in ucsi_ccg_update_set_new_cam_cmd()

xfs: add bounds checking to xlog_recover_process_data

net: wwan: fix global oob in wwan_rtnl_policy

net: wwan: fix global oob in wwan_rtnl_policy

ALSA: 6fire: Release resources at card release

ALSA: 6fire: Release resources at card release

hfsplus: don't query the device logical block size multiple times

hfsplus: don't query the device logical block size multiple times

smb: prevent use-after-free due to open_cached_dir error paths

smb: prevent use-after-free due to open_cached_dir error paths

net: inet6: do not leave a dangling sk pointer in inet6_create()

btrfs: ref-verify: fix use-after-free after invalid ref action

nfsd: make sure exp active before svc_export_show

Bluetooth: L2CAP: do not leave dangling sk pointer on error in l2cap_sock_create()

Bluetooth: L2CAP: handle NULL sock pointer in l2cap_sock_alloc

Bluetooth: RFCOMM: avoid leaving dangling sk pointer in rfcomm_sock_alloc()

net: af_can: do not leave a dangling sk pointer in can_create()

net: ieee802154: do not leave a dangling sk pointer in ieee802154_create()

net: inet: do not leave a dangling sk pointer in inet_create()

jfs: fix array-index-out-of-bounds in jfs_readdir

netfilter: bpf: must hold reference on net namespace

netfilter: bpf: must hold reference on net namespace kpatch

netfilter: nft_payload: sanitize offset and length before calling skb_checksum()

KVM: VMX: Bury Intel PT virtualization (guest/host mode) behind CONFIG_BROKEN

KVM: VMX: Bury Intel PT virtualization (guest/host mode) behind CONFIG_BROKEN

drm/amd/display: Don't refer to dc_sink in is_dsc_need_re_compute

drm/amd/display: Add NULL pointer check for kzalloc

Out of scope: SuperH arch not supported.

arm64: ptrace: fix partial SETREGSET for NT_ARM_TAGGED_ADDR_CTRL

i3c: mipi-i3c-hci: Mask ring interrupts before ring stop request

i3c: Use i3cdev->desc->info instead of calling i3c_device_get_info() to avoid deadlock

f2fs: fix to shrink read extent node in batches

sched: fix warning in sched_setaffinity

net/ipv6: release expired exception dst cached in socket

Revert "bpf, sockmap: Prevent lock inversion deadlock in map delete elem"

bpf, sockmap: Fix race between element replace and close()

acpi: nfit: vmalloc-out-of-bounds Read in acpi_nfit_ctl

Complex adaptation required

ipvlan: Fix use-after-free in ipvlan_get_iflink().

drm/mediatek: Set private->all_drm_private[i]->drm to NULL if mtk_drm_bind returns err

ksmbd: fix a missing return value check bug

iio: pressure: zpa2326: fix information leak in triggered buffer

iio: dummy: iio_simply_dummy_buffer: fix information leak in triggered buffer

iio: light: vcnl4035: fix information leak in triggered buffer

iio: imu: kmx61: fix information leak in triggered buffer

iio: adc: rockchip_saradc: fix information leak in triggered buffer

iio: adc: ti-ads8688: fix information leak in triggered buffer

net: hns3: fixed hclge_fetch_pf_reg accesses bar space out of bounds issue

bpf: Fix UAF via mismatching bpf_prog/attachment RCU flavors

ksmbd: fix racy issue from session lookup and expire

Postponed: complex analysis and adaptation required

ublk: detach gendisk from ublk device if add_disk() fails

btrfs: fix use-after-free when COWing tree bock and tracing is enabled

smb: client: fix use-after-free of signing key

net/mlx5e: Skip restore TC rules for vport rep without loaded flag

ocfs2: fix slab-use-after-free due to dangling pointer dqi_priv

Out of scope: ARM64 architecture isn't supported for current kernel

bpf: Fix bpf_sk_select_reuseport() memory leak

openvswitch: fix lockup on tx to unregistering netdev with carrier

pktgen: Avoid out-of-bounds access in get_imix_entries

net: fec: handle page_pool_dev_alloc_pages error

net/mlx5: Clear port select structure when fail to create

net/mlx5e: Fix inversion dependency warning while enabling IPsec tunnel

drm/v3d: Ensure job pointer is set to NULL after job completion

filemap: avoid truncating 64-bit offset to 32 bits

net: sched: fix ets qdisc OOB Indexing

cachestat: fix page cache statistics permission checking

hrtimers: Handle CPU state correctly on hotplug

hrtimers: Handle CPU state correctly on hotplug

mac802154: check local interfaces before deleting sdata list

iomap: avoid avoid truncating 64-bit offset to 32 bits

vsock/bpf: return early if transport is not assigned

vsock/virtio: discard packets if the transport changes

vsock: prevent null-ptr-deref in vsock_*[has_data|has_space]

fs/proc: fix softlockup in __read_vmcore

fs/proc: fix softlockup in __read_vmcore (part 2)

Out of scope as the patch is for i.MX SoC

Patch is on ARM64 architecture, which this distro does not support.

fs: relax assertions on failure to encode file handles

net: fix data-races around sk->sk_forward_alloc

RDMA/erdma: Prevent use-after-free in erdma_accept_newconn()

sch_htb: make htb_qlen_notify() idempotent

netfilter: ipset: fix region locking in hash types

codel: remove sch->q.qlen check before qdisc_tree_reduce_backlog()

sch_htb: make htb_deactivate() idempotent

sch_drr: make drr_qlen_notify() idempotent

sch_hfsc: make hfsc_qlen_notify() idempotent

sch_qfq: make qfq_qlen_notify() idempotent

sch_qfq: make qfq_qlen_notify() idempotent

sch_ets: make est_qlen_notify() idempotent

net_sched: hfsc: Fix a UAF vulnerability in class with netem as child qdisc

sch_hfsc: Fix qlen accounting bug when using peek in hfsc_enqueue()

net_sched: hfsc: Address reentrant enqueue adding class to eltree twice

nbd: don't allow reconnect after disconnect

net_sched: sch_sfq: don't allow 1 packet limit

ax25: rcu protect dev->ax25_ptr

ax25: rcu protect dev->ax25_ptr

padata: fix UAF in padata_reorder

padata: add pd get/put refcnt helper

padata: avoid UAF for reorder_work

memory: tegra20-emc: fix an OF node reference bug in tegra_emc_find_node_by_ram_code()

Hot-join not supported

nilfs2: protect access to buffers with no active references

rtc: pcf85063: fix potential OOB write in PCF85063 NVMEM read

net: rose: fix timer races against user threads

net: davicom: fix UAF in dm9000_drv_remove

media: uvcvideo: Fix double free in error path

PPS for embedded GPS devices. Irrelevant for servers.

usb: gadget: f_tcm: Don't free command immediately

wifi: mt76: mt7925: fix a potential array-index-out-of-bounds issue for clc

wifi: mt76: mt7925: fix off by one in mt7925_load_clc()

nilfs2: do not force clear folio if buffer is referenced

xfrm: state: fix out-of-bounds read during lookup

RDMA/mlx5: Fix implicit ODP use after free

btrfs: fix use-after-free when attempting to join an aborted transaction

Bluetooth: MGMT: Fix slab-use-after-free Read in mgmt_remove_adv_monitor_sync

KVM: Explicitly verify target vCPU is online in kvm_get_vcpu()

usbnet: ipheth: fix possible overflow in DPE length check

usbnet: ipheth: use static NDP16 location in URB

Out of scope: ARM architecture isn't supported for current kernel

media: uvcvideo: Fix crash during unbind if gpio unit is in use

media: uvcvideo: Fix crash during unbind if gpio unit is in use (kpatch adaptation)

media: uvcvideo: Remove dangling pointers

media: uvcvideo: Remove dangling pointers

media: uvcvideo: Remove dangling pointers

NFC: nci: Add bounds checking in nci_hci_create_pipe()

RDMA/mlx5: Fix a race for an ODP MR which leads to CQE with error

unsupported_arch_s390

net_sched: hfsc: Fix a UAF vulnerability in class handling

net_sched: prio: fix a race in prio_tune()

nfsd: clear acl_access/acl_default after releasing them

vrf: use RCU protection in l3mdev_l3_out()

Out of scope: ARM64 architecture isn't supported for current kernel

media: vidtv: Fix a null-ptr-deref in vidtv_mux_stop_thread

scsi: ufs: bsg: Set bsg_queue to NULL after removal

NFS: Fix potential buffer overflowin nfs_sysfs_link_rpc_client()

orangefs: fix a oob in orangefs_debug_write

drm/amdgpu: avoid buffer overflow attach in smu_sys_set_pp_table()

partitions: mac: fix handling of bogus partition table

clocksource: Use migrate_disable() to avoid calling get_random_u32() in atomic context

clocksource: Use migrate_disable() to avoid calling get_random_u32() in atomic context kpatch

ndisc: use RCU protection in ndisc_alloc_skb()

neighbour: use RCU protection in __neigh_notify()

net: add dev_net_rcu() helper

arp: use RCU protection in arp_xmit()

openvswitch: use RCU protection in ovs_vport_cmd_fill_info()

ndisc: extend RCU protection in ndisc_send_skb()

ipv6: mcast: extend RCU protection in igmp6_send()

ipv6: mcast: add RCU protection to mld_newpack()

io_uring/kbuf: reallocate buf lists on upgrade

usb: gadget: core: flush gadget workqueue after device removal

geneve: Fix use-after-free in geneve_find_dev().

Out of scope: IBM System/390 architecture isn't supported for current kernel

ibmvnic: Don't reference skb after sending to VIOS

bpf, test_run: Fix use-after-free issue in eth_skb_pkt_type()

io_uring: prevent opcode speculation

ovl: fix UAF in ovl_dentry_update_reval by moving dput() in ovl_link_up

net/sched: Always pass notifications when child class becomes empty

net_sched: sch_sfq: move the limit validation