filelock: fix potential use-after-free in posix_lock_inode

greybus: Fix use-after-free bug in gb_interface_release due

ptp: fix integer overflow in max_vclocks_store

net/dpaa2: Avoid explicit cpumask var allocation on stack

ata: libata-core: Fix double free on error

net: dsa: mv88e6xxx: Correct check for empty list

bpf: Avoid uninitialized value in BPF_CORE_READ_BITFIELD

tcp_metrics: validate source addr length

tcp_metrics: validate source addr length

net: ethernet: lantiq_etop: fix double free in detach

ipv6: annotate some data-races around sk->sk_prot

ipv6: Fix data races around sk->sk_prot.

tcp: Fix data races around icsk->icsk_af_ops.

net: sched: sch_multiq: fix possible OOB write in multiq_tune()

bonding: Fix out-of-bounds read in bond_option_arp_ip_targets_set()

jfs: xattr: fix buffer overflow for invalid xattr

dmaengine: idxd: Fix possible Use-After-Free in irq_process_work_list

netns: Make get_net_ns() handle zero refcount net

block/ioctl: prefer different overflow check

net/sched: Fix UAF when resolving a clash

drm/i915/gt: Fix potential UAF by revoke of fence registers

net/iucv: Avoid explicit cpumask var allocation on stack

nilfs2: add missing check for inode numbers on directory

wifi: mt76: replace skb_put with skb_put_zero

wifi: cfg80211: Lock wiphy in cfg80211_get_station

ima: Avoid blocking in RCU read-side critical section

scsi: qedi: Fix crash while reading debugfs

batman-adv: bypass empty buckets in batadv_purge_orig_ref()

Vendor reverted due to missing fixes a591d35c4023 and a47a7af9b511

netfilter: nf_tables: fully validate NFT_DATA_VALUE on store to data transfers

pinctrl: fix deadlock in create_pinctrl() when handling -EPROBE_DEFER

nilfs2: fix inode number range checks

orangefs: fix out-of-bounds fsid access

drm/amd/display: Add array index check for hdcp ddc access

mmc: davinci: Don't strip remove function when driver is builtin

ipv6: fix possible race in __fib6_drop_pcpu_from()

seg6: fix parameter passing when calling NF_HOOK() in End.DX4 and End.DX6 behaviors

f2fs: remove clear SB_INLINECRYPT flag in default_options

netfilter: ipset: Fix suspicious rcu_dereference_protected()

gpio: davinci: Validate the obtained number of IRQs

serial: 8250_omap: Implementation of Errata i2310

serial: 8250_omap: Fix Errata i2310 with RX FIFO level check

i2c: pnx: Fix potential deadlock warning from del_timer_sync() call in isr

i2c: pnx: Fix potential deadlock warning from del_timer_sync() call in isr

libceph: fix race between delayed_work() and ceph_monc_stop()

usb: gadget: configfs: Prevent OOB read/write in usb_string_copy()

ipv6: prevent NULL dereference in ip6_output()

wifi: mac80211: mesh: Fix leak of mesh_preq_queue objects

bpf: Set run context for rawtp test_run callback

HID: core: remove unnecessary WARN_ON() in implement()

mptcp: ensure snd_una is properly initialized on connect

ipv6: prevent possible NULL deref in fib6_nh_init()

xfrm6: check ip6_dst_idev() return value in xfrm6_get_saddr()

drm/nouveau/dispnv04: fix null pointer dereference in nv17_tv_get_hd_modes

i40e: Fix XDP program unloading while removing the driver

udp: Set SOCK_RCU_FREE earlier in udp_lib_get_port().

xhci: Handle TD clearing for multiple streams case

Out of scope as the patch is for powerpc arch only, x86_64 is not affected

drm/amdgpu: avoid using null object of framebuffer

net: mana: Fix possible double free in error handling path

drm/panel: ilitek-ili9881c: Fix warning with GPIO controllers that sleep

drm/nouveau: fix null pointer dereference in nouveau_connector_get_modes

btrfs: retry block group reclaim without infinite loop

btrfs: fix adding block group to a reclaim list and the unused list during reclaim

inet_diag: Initialize pad field in struct inet_diag_req_v2

drm/amd/display: Skip finding free audio for unknown engine_id

Skipping since unaligned read doesn't fault on x86 and arm64.

scsi: mpt3sas: Avoid test/set_bit() operating in non-allocated memory

HID: logitech-dj: Fix memory leak in logi_dj_recv_switch_to_dj_mode()

net: hns3: fix kernelCVE-2024-39507-net__hns3__fix_kernel_crash_problem_in_concurrent_.patch crash problem in concurrent scenario

ionic: fix use after netif_napi_del()

ocfs2: fix races between hole punching and AIO+DIO

mm/huge_memory: don't unpoison huge_zero_folio

crypto: hisilicon/sec - Fix memory leak for sec resource release

MIPS related CVE.

drm/radeon: fix UBSAN warning in kv_dpm.c

smb: client: fix deadlock in smb2_find_smb_tcon()

VFIO: Add the SPR_DSA and SPR_IAX devices to the denylist

scsi: mpi3mr: Sanitise num_phys

vhost/scsi: null-ptr-dereference in vhost_scsi_get_req()

x86/fpu: Keep xfd_state in sync with MSR_IA32_XFD

net/mlx5e: Fix mlx5e_priv_init() cleanup flow

netfilter: iptables: Fix potential null-ptr-deref in ip6table_nat_table_init().

netfilter: iptables: Fix null-ptr-deref in iptable_nat_table_init().

mm: avoid leaving partial pfn mappings around in error case

netdevsim: avoid potential loop in nsim_dev_trap_report_work()

net/mlx5: Fix tainted pointer delete is case of flow rules creation fail

Affects only boot __init stage, already booted kernels are not affected

netfilter: nf_tables: use timestamp to check for set element timeout

netfilter: nf_tables: use timestamp to check for set element timeout

Architecture is not supported

drm/amd/display: Check msg_id before processing transcation

drm/amdkfd: don't allow mapping the MMIO HDP page with large pages

tipc: Return non-zero value from tipc_udp_addr2str() on error

Patched function waits for external events, which may prevent patching/unpatching.

um: line: always fill *error_out in setup_one_line()

usb: dwc3: st: fix probed platform device ref count on probe error path

drm/amdgpu: Fix out-of-bounds write warning

CVE patch is for powerpc arch only

dev/parport: fix the array out-of-bounds risk

[PATCH 1/1] media: venus: fix use after free in vdec_close

[PATCH 1/1] jfs: Fix array-index-out-of-bounds in diFree

[PATCH 1/1] vhost/vsock: always initialize seqpacket_allow

[PATCH 1/1] vhost/vsock: always initialize seqpacket_allow

[PATCH 1/1] net: bridge: mcast: wait for previous gc cycles when removing port

[PATCH 1/1] ipv6: fix possible UAF in ip6_finish_output2()

[PATCH 1/1] ipv6: prevent UAF in ip6_send_skb()

[PATCH 1/1] binder: fix UAF caused by offsets overwrite

[PATCH 1/1] Squashfs: sanity check symbolic link size

[PATCH 1/1] HID: amd_sfh: free driver_data after destroying hid device

[PATCH] hwmon: (w83627ehf) Fix underflows seen when writing limit attributes

[PATCH 1/1] net/iucv: fix use after free in iucv_sock_close()

[PATCH 1/1] mISDN: Fix a use after free in hfcmulti_tx()

[PATCH 1/1] atm: idt77252: prevent use after free in dequeue_rx()

[PATCH] hwmon: (nct6775-core) Fix underflows seen when writing limit attributes

[PATCH] hwmon: (lm95234) Fix underflows seen when writing limit attributes

[PATCH 1/1] hwmon: (adc128d818) Fix underflows seen when writing limit attributes

[PATCH 1/1] ASoC: dapm: Fix UAF for snd_soc_pcm_runtime object

[PATCH] sch/netem: fix use after free in netem_dequeue

[PATCH 1/1] drm/amd/display: Check gpio_id before used as array index

module is not included

kcm: Serialise kcm_sendmsg() for the same socket.

[PATCH 1/1] net: dsa: bcm_sf2: Fix a possible memory leak in bcm_sf2_mdio_register()

[PATCH 1/1] drm/msm/dpu: cleanup FB if dpu_format_populate_layout fails

[PATCH 1/1] net: hns3: fix a deadlock problem when config TC during resetting

vfs: Don't evict inode under the inode lru traversing context

[PATCH 1/1] xhci: Fix Panther point NULL pointer deref at full-speed re-enumeration

[PATCH 1/1] mmc: mmc_test: Fix NULL dereference on allocation failure

[PATCH 1/1] gtp: fix a potential NULL pointer dereference

[PATCH 1/1] drm/amd/display: Skip wbscl_set_scaler_filter if filter is null

[PATCH 1/1] uio_hv_generic: Fix kernel NULL pointer dereference in hv_uio_rescind

[PATCH 1/1] rcu-tasks: Fix show_rcu_tasks_trace_gp_kthread buffer overflow

[PATCH 1/1] RDMA/iwcm: Fix a use-after-free related to destroying CM IDs

[PATCH 1/1] ipv6: prevent possible UAF in ip6_xmit()

[PATCH 1/1] scsi: aacraid: Fix double-free on probe failure

[PATCH 1/1] drm/amdgpu: fix mc_data out-of-bounds read warning

[PATCH 1/1] drm/amdgpu: Fix out-of-bounds read of df_v1_7_channel_number

ila: call nf_unregister_net_hooks() sooner

bna: adjust 'name' buf size of bna_tcb and bna_ccb structures

netfilter: flowtable: validate vlan header

drm/amd/display: Add array index check for hdcp ddc access

[PATCH] sched/smt: Fix unbalance sched_smt_present dec/inc

[PATCH] sched/core: Fix unbalance set_rq_online/offline() in sched_cpu_deactivate()

Causes conflicts on fcntl_setlk when using with nfsv3 and nfsv4

fs/ntfs3: Validate ff offset

soc: qcom: pdr: protect locator_addr with the main mutex

ext4: check dot and dotdot of dx_root before making dir indexed

perf: Fix event leak upon exit

nilfs2: handle inconsistent state in nilfs_btnode_create_block()

usb: vhci-hcd: Do not drop references before new references are gained

xfs: fix log recovery buffer allocation for the legacy h_size fixup

btrfs: replace BUG_ON() with error handling at update_ref_for_cow()

scsi: lpfc: Fix a possible null pointer dereference

hfsplus: fix uninit-value in copy_name

tap: add missing verification for short frame

tun: add missing verification for short frame

exec: Fix ToCToU between perm check and set-uid/gid usage

gtp: pull network headers in gtp_dev_xmit()

drm/amdgpu: Using uninitialized value *size when calling amdgpu_vce_cs_reloc

drm/amd/pm: fix the Out-of-bounds read warning

drm/amdgpu: fix ucode out-of-bounds read warning

HID: cougar: fix slab-out-of-bounds Read in cougar_report_fixup

of/irq: Prevent device address out-of-bounds read in interrupt map walk

CONFIG_PCI_ENDPOINT is not enabled.

Attempting to fix the bug can potentially trigger safety check failures.

[PATCH 1/1] lib: objagg: Fix general protection fault

[PATCH 1/1] cgroup/cpuset: Prevent UAF in proc_cpuset_show()

[PATCH 1/1] Bluetooth: MGMT: Add error handling to pair_device()

[PATCH 1/1] wifi: mwifiex: Do not return unused priv in mwifiex_get_priv_by_id()

[PATCH 1/1] fou: Fix null-ptr-deref in GRO.

[PATCH 1/1] drm/amd/amdgpu: Check tbo resource pointer

[PATCH 1/1] lib/generic-radix-tree.c: Fix rare race in __genradix_ptr_alloc()

[PATCH 1/1] nilfs2: fix state management in error path of log writing function

ocfs2: cancel dqi_sync_work before freeing oinfo

wifi: ath11k: fix array out-of-bound access in SoC stats

tipc: guard against string buffer overrun

fbdev: pxafb: Fix possible use after free in pxafb_task()

ext4: drop ppath from ext4_ext_replay_update_ex() to avoid double-free

smb: client: fix OOBs when building SMB2_IOCTL request

wifi: iwlwifi: mvm: Fix response handling in iwl_mvm_send_recovery_cmd()

netfilter: Fix use-after-free in get_info()

nilfs2: fix kernel bug due to missing clearing of checked flag

Issue was backported and fixed in the same 5.15.0-303.168.3.el9uek, previous kernels are not affected

9p: add missing locking around taking dentry fid list

dma-buf: heaps: Fix off-by-one in CMA heap fault handler

netfilter: nf_reject_ipv6: fix nf_reject_ip6_tcphdr_put()

drivers: media: dvb-frontends/rtl2832: fix an out-of-bounds write error

aoe: fix the potential use-after-free problem in more places

ALSA: asihpi: Fix potential OOB array access

udf: fix uninit-value use in udf_get_fileshortad

bpf: Fix out-of-bounds write in trie_get_next_key()

net/sched: stop qdisc_tree_reduce_backlog on TC_H_ROOT

RDMA/rtrs-clt: Reset cid to con_num - 1 to stay in bounds

drm/amd/display: Fix index out of bounds in DCN30 color transformation

ext4: no need to continue when the number of entries is 1

ext4: fix slab-use-after-free in ext4_split_extent_at()

fbdev: sisfb: Fix strbuf array overflow

RDMA/bnxt_re: Add a check for memory allocation

tcp/dccp: Don't use timer_pending() in reqsk_queue_unlink().

net: sched: fix use-after-free in taprio_change()

platform/x86: panasonic-laptop: Fix SINF array out of bounds accesses

platform/x86: panasonic-laptop: Fix SINF array out of bounds accesses

RDMA/iwcm: Fix WARNING:at_kernel/workqueue.c:#check_flush_dependency

RDMA/iwcm: Fix WARNING:at_kernel/workqueue.c:#check_flush_dependency kpatch

ocfs2: add bounds checking to ocfs2_xattr_find_entry()

ext4: avoid use-after-free in ext4_ext_show_leaf()

ext4: aovid use-after-free in ext4_ext_insert_extent()

ext4: fix double brelse() the buffer of the extents path

parport: Proper fix for array out-of-bounds access

tracing: Consider the NULL character when validating the event length

drm/amd/display: Fix index out of bounds in degamma hardware format translation

drm/amd/display: Fix index out of bounds in DCN30 degamma hardware format translation

scsi: elx: libefc: Fix potential use after free in efc_nport_vport_del()

vhost_vdpa: assign irq bypass producer token correctly

The patch doesn't fix the vunlnerability

macsec: Fix use-after-free while sending the offloading packet

security/keys: fix slab-out-of-bounds in key_task_permission

NFSD: Async COPY result needs to return a write verifier

NFSD: Async COPY result needs to return a write verifier

NFSD: Limit the number of concurrent async COPY operations

NFSD: Limit the number of concurrent async COPY operations

NFSD: Initialize struct nfsd4_copy earlier

NFSD: Never decrement pending_async_copies on error

Patch affects __init

Complex adaptation required. Low impact CVE.

media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format

Patch affects initramfs

Out of scope: SuperH architecture isn't supported for current kernel

btrfs: ref-verify: fix use-after-free after invalid ref action

af_packet: avoid erroring out after sock_init_data() in packet_create()

xsk: fix OOB map writes when deleting elements

bpf: fix OOB devmap writes when deleting elements

mlxsw: core_linecards: Fix double memory deallocation in case of invalid INI file

vsock/virtio: Initialization of the dangling pointer occurring in vsk->trans

wifi: ath9k: add range check for conn_rsp_epid in htc_connect_service()

Architecture PARISC is not supported

tipc: Fix use-after-free of kernel socket in cleanup_bearer().

tipc: fix NULL deref in cleanup_bearer()

media: s5p-jpeg: prevent buffer overflows

nfsd: cancel nfsd_shrinker_work using sync mode in nfs4_state_shutdown_net

USB: serial: io_edgeport: fix use after free in debug printk

ALSA: usb-audio: Fix out of bounds reads when finding clock sources

Irrelevant for x64 kernels

net: do not delay dst_entries_add() in dst_release()

ALSA: 6fire: Release resources at card release

ALSA: 6fire: Release resources at card release

netfilter: x_tables: fix LED ID check in led_tg_check()

ksmbd: fix Out-of-Bounds Read in ksmbd_vfs_stream_read

acpi: nfit: vmalloc-out-of-bounds Read in acpi_nfit_ctl

ocfs2: fix uninitialized value in ocfs2_file_read_iter()

bpf: Check validity of link->type in bpf_link_show_fdinfo()

usb: typec: fix potential out of bounds in ucsi_ccg_update_set_new_cam_cmd()

dm cache: fix out-of-bounds access to the dirty bitset when resizing

dm cache: optimize dirty bit checking with find_next_bit when resizing

dm cache: fix potential out-of-bounds access on the first resume

net: bridge: xmit: make sure we have at least eth header len bytes

netfilter: ipset: add missing range check in bitmap_ip_uadt

ubifs: authentication: Fix use-after-free in ubifs_tnc_end_commit

9p/xen: fix release of IRQ

net: ieee802154: do not leave a dangling sk pointer in ieee802154_create()

jfs: fix array-index-out-of-bounds in jfs_readdir

crypto: hisilicon/qm - inject error before stopping queue

ima: Fix use-after-free on a dentry's dname.name

ksmbd: fix Out-of-Bounds Write in ksmbd_vfs_stream_write

btrfs: rename and export __btrfs_cow_block()

btrfs: fix use-after-free when COWing tree bock and tracing is enabled

xen/netfront: fix crash when removing device

HID: core: zero-initialize the report buffer

net: wwan: iosm: Fix tainted pointer delete is case of region creation fail

jfs: fix shift-out-of-bounds in dbSplit

Out of scope: User-mode Linux isn't supported for current kernel

ALSA: us122l: Use snd_card_free_when_closed() at disconnection

ocfs2: uncache inode which has failed entering the group

NFSv4.0: Fix a use-after-free problem in the asynchronous open()

net/smc: fix LGR and link use-after-free issue

Bluetooth: L2CAP: do not leave dangling sk pointer on error in l2cap_sock_create()

Bluetooth: L2CAP: do not leave dangling sk pointer on error in l2cap_sock_create()

net: inet: do not leave a dangling sk pointer in inet_create()

net: inet6: do not leave a dangling sk pointer in inet6_create()

jfs: add a check to prevent array-index-out-of-bounds in dbAdjTree

fou: remove warn in gue_gro_receive on unsupported protocol

cifs: Fix buffer overflow when parsing NFS reparse points

driver core: bus: Fix double free in driver API bus_register()

usb: musb: sunxi: Fix accessing an released usb phy

Kernel is not affected

mm: resolve faulty mmap_region() error path behaviour

hv_sock: Initializing vsk->trans to NULL to prevent a dangling pointer

Bluetooth: fix use-after-free in device_for_each_child()

driver core: Introduce device_find_any_child() helper

jfs: array-index-out-of-bounds fix in dtReadFirst

net: af_can: do not leave a dangling sk pointer in can_create()

EDAC/igen6: Avoid segmentation fault on module unload

KVM: VMX: Bury Intel PT virtualization (guest/host mode) behind CONFIG_BROKEN

KVM: VMX: Bury Intel PT virtualization (guest/host mode) behind CONFIG_BROKEN

io_uring: fix possible deadlock in io_register_iowq_max_workers()

sctp: properly validate chunk size in sctp_sf_ootb()

ubi: fastmap: Fix duplicate slab cache names while attaching

ASoC: stm32: spdifrx: fix dma channel release in stm32_spdifrx_remove

drm/dp_mst: Fix MST sideband message body length check

low-scored CVE which causes verification conflicts with freezable kthread and cifs reading routines.

netfilter: ipset: Hold module reference while requesting a module

EDAC/bluefield: Fix potential integer overflow

ALSA: caiaq: Use snd_card_free_when_closed() at disconnection

ALSA: caiaq: Use snd_card_free_when_closed() at disconnection

oel9-uek7 kernels are compiled without CONFIG_HFSPLUS_FS

tcp_bpf: Fix the sk_mem_uncharge logic in tcp_bpf_sendmsg

nilfs2: fix potential out-of-bounds memory access in nilfs_find_entry()

scsi: qedi: Fix a possible memory leak in qedi_alloc_and_init_sb()

net/mlx5e: Fix CT entry update leaks of modify header context

scsi: ufs: core: sysfs: Prevent div by zero

Out of scope: User-mode Linux isn't supported

NFSD: Prevent NULL dereference in nfsd4_process_cb_update()

media: v4l2-tpg: prevent the risk of a division by zero

nilfs2: fix null-ptr-deref in block_touch_buffer tracepoint

gpio: grgpio: Add NULL check in grgpio_probe

Rejected and is no longer a valid CVE

io_uring/rw: fix missing NOWAIT check for O_DIRECT start write

media: atomisp: Add check for rgby_data memory allocation failure

octeontx2-pf: handle otx2_mbox_get_rsp errors in otx2_ethtool.c

bpf: fix recursive lock when verdict program return SK_PASS

fbdev: sh7760fb: Fix a possible memory leak in sh7760fb_alloc_mem()

ALSA: pcm: Add sanity NULL check for the default mmap fault handler

rtc: check if __rtc_read_time was successful in rtc_timer_do_work()

ionic: Fix netdev notifier unregister on failure

crypto: caam - Fix the pointer passed to caam_qi_shutdown()

blk-cgroup: Fix UAF in blkcg_unpin_online()

scsi: sg: Fix slab-use-after-free read in sg_release()

crypto: qat/qat_4xxx - fix off by one in uof_get_name()

gpiolib: cdev: Fix use after free in lineinfo_changed_notify

vdpa/mlx5: Fix invalid mr resource destroy

ipv6: avoid possible NULL deref in rt6_uncached_list_flush_dev()

net: fix data-races around sk->sk_forward_alloc

scsi: mpi3mr: Fix corrupt config pages PHY state is switched in sysfs

vp_vdpa: fix id_table array not null terminated error

vp_vdpa: fix id_table array not null terminated error

net: usb: lan78xx: Fix double free issue with interrupt buffer allocation

netdevsim: use cond_resched() in nsim_dev_trap_report_work()

nvmet-auth: complete a request only after freeing the dhchap pointers

nvmet: always initialize cqe.result

net/mlx5: DR, prevent potential error pointer dereference

nvmet-auth: assign dh_key to NULL after kfree_sensitive

scsi: lpfc: Handle mailbox timeouts in lpfc_get_sfp_info

sched/deadline: Fix warning in migrate_enable for boosted tasks

Patch meant for use with microcode update

Bluetooth: hci_event: Align BR/EDR JUST_WORKS paring with LE

ata: pata_pxa: Fix potential NULL pointer dereference in pxa_ata_probe()

tipc: fix memory leak in tipc_link_xmit

net: tls: explicitly disallow disconnect

net: ppp: Add bound checking for skb data on ppp_sync_txmung

Out of scope: not affected

mtd: inftlcore: Add error check for inftl_read_oob()

HSI: ssi_protocol: Fix use after free vulnerability in ssi_protocol Driver Due to Race Condition

wifi: wl1251: fix memory leak in wl1251_tx_work

phonet/pep: fix racy skb_queue_empty() use

Out of scope as the patch is for powerpc arch only, x86_64 is not affected

drm/amdgpu: fix usage slab after free

smb: client: fix potential UAF in cifs_dump_full_key()

CONFIG_SMB_SERVER is not enabled.

smb/server: fix potential null-ptr-deref of lease_ctx_info in smb2_open()

smb: client: fix potential UAF in cifs_debug_files_proc_show()

smb: client: fix potential UAF in cifs_stats_proc_show()

bpf: Check rcu_read_lock_trace_held() before calling bpf map helpers

blk-iocost: do not WARN if iocg was already offlined

ext4: fix timer use-after-free on failed mount

scsi: ufs: bsg: Set bsg_queue to NULL after removal

net: defer final 'struct net' free in netns dismantle

net: defer final 'struct net' free in netns dismantle

dm cache: fix flushing uninitialized delayed_work on cache_ctr error

cifs: avoid NULL pointer dereference in dbg call

USB: wdm: close race between wdm_open and wdm_wwan_port_stop

qibfs: fix _another_ leak

udmabuf: fix a buf size overflow issue during udmabuf creation

drm/amd/display: fix double free issue during amdgpu module unload

drm/nouveau: Fix WARN_ON in nouveau_fence_context_kill()

Out of scope: PA-RISC architecture isn't supported for current kernel

wifi: brcm80211: fmac: Add error handling for brcmf_usb_dl_writeimage()

tracing: Fix oob write in trace_seq_to_buffer()

net_sched: drr: Fix double list add in class with netem as child qdisc

net_sched: ets: Fix double list add in class with netem as child qdisc

net_sched: qfq: Fix double list add in class with netem as child qdisc

of: module: add buffer overflow check in of_modalias()

firmware: arm_scmi: Balance device refcount when destroying devices

netfilter: ipset: fix region locking in hash types

iio: imu: st_lsm6dsx: fix possible lockup in st_lsm6dsx_read_fifo

iio: imu: st_lsm6dsx: fix possible lockup in st_lsm6dsx_read_tagged_fifo

module: ensure that kobject_put() is safe for module type kobjects

usb: typec: ucsi: displayport: Fix NULL pointer access

RDMA/rxe: Fix slab-use-after-free Read in rxe_queue_cleanup bug

wifi: mt76: disable napi on driver removal

dmaengine: ti: k3-udma: Add missing locking

usb: typec: ucsi: displayport: Fix deadlock

usb: typec: fix potential array underflow in ucsi_ccg_sync_control()

usb: typec: fix potential array underflow in ucsi_ccg_sync_control()

net_sched: sch_sfq: don't allow 1 packet limit

net_sched: sch_sfq: move the limit validation

nvme: tcp: avoid race between queue_lock lock and destroy

perf: Fix perf_event_validate_size()

perf: Fix perf_event_validate_size() lockdep splat

net: pktgen: fix access outside of user given buffer in pktgen_thread_write()

smb: client: Fix use-after-free in cifs_fill_dirent

dm cache: prevent BUG_ON by blocking retries on failed device resumes

orangefs: Do not truncate file size

media: cx231xx: set device_caps for 417

wifi: rtw88: fix the 'para' buffer size to avoid reading out of bounds

posix-cpu-timers: fix race between handle_posix_cpu_timers() and posix_cpu_timer_del()

RDMA/iwcm: Fix use-after-free of work objects after cm_id destruction

kpatch add alt asm definitions

kpatch add paravirt asm definitions