cifs: Fix buffer overflow when parsing NFS reparse points

driver core: bus: Fix double free in driver API bus_register()

spi: mpc52xx: Add cancel_work_sync before module remove

crypto: hisilicon/qm - inject error before stopping queue

nfsd: cancel nfsd_shrinker_work using sync mode in nfs4_state_shutdown_net

media: xc2028: avoid use-after-free in load_firmware_cb()

fs/ntfs3: Additional check in ntfs_file_release

nilfs2: fix potential out-of-bounds memory access in nilfs_find_entry()

bpf: fix OOB devmap writes when deleting elements

xsk: fix OOB map writes when deleting elements

af_packet: avoid erroring out after sock_init_data() in packet_create()

Bluetooth: L2CAP: do not leave dangling sk pointer on error in l2cap_sock_create()

net: af_can: do not leave a dangling sk pointer in can_create()

net: ieee802154: do not leave a dangling sk pointer in ieee802154_create()

net: inet: do not leave a dangling sk pointer in inet_create()

ksmbd: fix Out-of-Bounds Write in ksmbd_vfs_stream_write

btrfs: flush delalloc workers queue before stopping cleaner kthread during unmount

ila: serialize calls to nf_register_net_hooks()

block, bfq: fix waker_bfqq UAF after bfq_split_bfqq()

pktgen: Avoid out-of-bounds access in get_imix_entries

vfio/platform: check the bounds of read/write syscalls

net: sched: fix ets qdisc OOB Indexing

ALSA: usb-audio: Fix out of bounds reads when finding clock sources

ocfs2: fix uninitialized value in ocfs2_file_read_iter()

netfilter: x_tables: fix LED ID check in led_tg_check()

arm64/sve: Discard stale CPU state when handling SVE traps

acpi: nfit: vmalloc-out-of-bounds Read in acpi_nfit_ctl

ksmbd: fix Out-of-Bounds Read in ksmbd_vfs_stream_read

ksmbd: fix a missing return value check bug

iio: pressure: zpa2326: fix information leak in triggered buffer

iio: dummy: iio_simply_dummy_buffer: fix information leak in triggered buffer

iio: light: vcnl4035: fix information leak in triggered buffer

iio: imu: kmx61: fix information leak in triggered buffer

iio: adc: ti-ads8688: fix information leak in triggered buffer

gpiolib: cdev: Fix use after free in lineinfo_changed_notify

iio: adc: rockchip_saradc: fix information leak in triggered buffer

KVM: VMX: Bury Intel PT virtualization (guest/host mode) behind CONFIG_BROKEN

KVM: VMX: Bury Intel PT virtualization (guest/host mode) behind CONFIG_BROKEN

Out of scope: SuperH arch not supported.

arm64: ptrace: fix partial SETREGSET for NT_ARM_TAGGED_ADDR_CTRL

i3c: mipi-i3c-hci: Mask ring interrupts before ring stop request

i3c: Use i3cdev->desc->info instead of calling i3c_device_get_info() to avoid deadlock

drm/amd/display: Check BIOS images before it is used

exfat: fix potential deadlock on __exfat_get_dentry_set

RDMA/rtrs: Ensure 'ib_sge list' is accessible

jfs: Fix shift-out-of-bounds in dbDiscardAG

soc: qcom: geni-se: fix array underflow in geni_se_clk_tbl_get()

bpf: Fix bpf_sk_select_reuseport() memory leak

gtp: Destroy device along with udp socket's netns dismantle.

drm/v3d: Ensure job pointer is set to NULL after job completion

drm/v3d: Assign job pointer to NULL before signaling the fence

fs/proc: fix softlockup in __read_vmcore (part 2)

vsock/virtio: discard packets if the transport changes

gfs2: Truncate address space when flipping GFS2_DIF_JDATA flag

scsi: storvsc: Ratelimit warning logs to prevent VM denial of service

USB: serial: quatech2: fix null-ptr-deref in qt2_process_read_urb()

Bluetooth: L2CAP: Fix uaf in l2cap_connect

Bluetooth: hci_core: Fix calling mgmt_device_connected

hrtimers: Handle CPU state correctly on hotplug

hrtimers: Handle CPU state correctly on hotplug

EDAC/bluefield: Fix potential integer overflow

firmware: arm_scpi: Check the DVFS OPP count returned by the firmware

vfio/pci: Properly hide first-in-list PCIe extended capability

xen: Fix the issue of resource not being properly released in xenbus_dev_probe()

ALSA: usb-audio: Fix potential out-of-bound accesses for Extigy and Mbox devices

ALSA: usb-audio: Fix a DMA to stack memory bug

Out of scope: User-mode Linux isn't supported

Out of scope: User-mode Linux isn't supported for current kernel

Out of scope: User-mode Linux isn't supported for current kernel

ALSA: pcm: Add sanity NULL check for the default mmap fault handler

ubi: fastmap: Fix duplicate slab cache names while attaching

EDAC/igen6: Avoid segmentation fault on module unload

powerpc: arch is not supported

9p/xen: fix release of IRQ

tipc: Fix use-after-free of kernel socket in cleanup_bearer().

net/smc: fix LGR and link use-after-free issue

jffs2: Prevent rtime decompress memory corruption

btrfs: fix use-after-free when COWing tree bock and tracing is enabled

ocfs2: fix slab-use-after-free due to dangling pointer dqi_priv

scsi: sg: Fix slab-use-after-free read in sg_release()

ksmbd: fix racy issue from session lookup and expire

btrfs: don't BUG_ON on ENOMEM from btrfs_lookup_extent_info() in walk_down_proc()

dma-debug: fix a possible deadlock on radix_lock

net/smc: check smcd_v2_ext_offset when receiving proposal msg

ipv6: avoid possible NULL deref in rt6_uncached_list_flush_dev()

bcache: revert replacing IS_ERR_OR_NULL with IS_ERR again

net/smc: check iparea_offset and ipv6_prefixes_cnt when receiving proposal msg

net: dsa: improve shutdown sequence

ipv4: ip_tunnel: Fix suspicious RCU usage warning in ip_tunnel_find()

netfilter: conntrack: clamp maximum hashtable size to INT_MAX

afs: Fix the maximum cell name length

dm thin: make get_first_thin use rcu-safe list first function

sctp: sysctl: cookie_hmac_alg: avoid using current->nsproxy

sctp: sysctl: rto_min/max: avoid using current->nsproxy

sctp: sysctl: auth_enable: avoid using current->nsproxy

sctp: sysctl: udp_port: avoid using current->nsproxy

vsock: prevent null-ptr-deref in vsock_*[has_data|has_space]

filemap: avoid truncating 64-bit offset to 32 bits

net_sched: cls_flow: validate TCA_FLOW_RSHIFT attribute

net_sched: cls_flow: validate TCA_FLOW_RSHIFT attribute (adaptation)

af_packet: fix vlan_get_tci() vs MSG_PEEK

drm/amdkfd: Correct the migration DMA map direction

mm: vmscan: account for free pages to prevent infinite Loop in throttle_direct_reclaim()

usb: gadget: f_fs: Remove WARN_ON in functionfs_bind

Out of scope: ARM architecture isn't supported for current kernel

mptcp: fix TCP options overflow.

brd: remove brd_devices_mutex mutex

brd: defer automatic disk creation until module initialization succeeds

drm/amd/display: Correct the defined value for AMDGPU_DMUB_NOTIFICATION_MAX

drm/amd/display: Correct the defined value for AMDGPU_DMUB_NOTIFICATION_MAX

hfsplus: don't query the device logical block size multiple times

hfsplus: don't query the device logical block size multiple times

igb: Fix potential invalid memory access in igb_init_module()

ocfs2: uncache inode which has failed entering the group

mm: fix NULL pointer dereference in alloc_pages_bulk_noprof

virtio/vsock: Fix accept_queue memory leak

net/mlx5e: CT: Fix null-ptr-deref in add rule err flow

net/mlx5: fs, lock FTE when checking if active

mptcp: cope racing subflow creation in mptcp_rcv_space_adjust

net: fix data-races around sk->sk_forward_alloc

Revert "mmc: dw_mmc: Fix IDMAC operation with pages bigger than 4K"

pinctrl: mcp23s08: Fix sleeping in atomic context due to regmap locking

pinctrl: mcp23s08: Fix sleeping in atomic context due to regmap locking (adaptation)

RDMA/uverbs: Prevent integer overflow issue

net: restrict SO_REUSEPORT to inet sockets

ALSA: 6fire: Release resources at card release

Bluetooth: fix use-after-free in device_for_each_child()

Bluetooth: fix use-after-free in device_for_each_child()

scsi: bfa: Fix use-after-free in bfad_im_module_exit()

btrfs: ref-verify: fix use-after-free after invalid ref action

nfsd: make sure exp active before svc_export_show

net: inet6: do not leave a dangling sk pointer in inet6_create()

jfs: array-index-out-of-bounds fix in dtReadFirst

jfs: fix array-index-out-of-bounds in jfs_readdir

jfs: add a check to prevent array-index-out-of-bounds in dbAdjTree

af_packet: fix vlan_get_protocol_dgram() vs MSG_PEEK

af_packet: fix vlan_get_protocol_dgram() vs MSG_PEEK (adaptation)

net: defer final 'struct net' free in netns dismantle

net: defer final 'struct net' free in netns dismantle

smb: client: fix potential UAF in smb2_is_valid_lease_break()

smb: client: fix potential UAF in cifs_debug_files_proc_show()

drm/dp_mst: Skip CSN if topology probing is not done yet

drm/dp_mst: Ensure mst_primary pointer is valid in drm_dp_mst_handle_up_req()

net: avoid race between device unregistration and ethnl ops

watch_queue: Use the bitmap API when applicable

ntfs3: Add bounds checking to mi_enum_attr()

fs/ntfs3: Sequential field availability check in mi_enum_attr()

iscsi_ibft: Fix UBSAN shift-out-of-bounds warning in ibft_attr_show_nic()

can: hi311x: hi3110_can_ist(): fix potential use-after-free

ELF: fix kernel.randomize_va_space double read

net: sched: Disallow replacing of child qdisc from one parent to another

pfifo_tail_enqueue: Drop new packet when sch->limit == 0

netfilter: nf_reject_ipv6: fix potential crash in nf_send_reset6()

vsock: Keep the binding until socket destruction

vsock: Orphan socket after transport release

net: bridge: switchdev: Skip MDB replays of deferred events on offload

net: bridge: switchdev: Skip MDB replays of deferred events on offload (adapatation)

netfilter: allow exp not to be removed in nf_ct_find_expectation

net: atlantic: eliminate double free in error handling logic

net: rose: fix timer races against user threads

soc: qcom: socinfo: Avoid out of bounds read of serial number

orangefs: fix a oob in orangefs_debug_write

wifi: iwlwifi: limit printed string from FW file

padata: fix UAF in padata_reorder

Out of scope; patch fixes the memory controller module for Nvidia Tegra SoCs.

rtc: pcf85063: fix potential OOB write in PCF85063 NVMEM read

The DM9000 chip is available on ARM32 and MIPS architectures, which KernelCare does not support.

media: uvcvideo: Fix double free in error path

usb: gadget: f_tcm: Don't free command immediately

KVM: Explicitly verify target vCPU is online in kvm_get_vcpu()

nilfs2: do not force clear folio if buffer is referenced

PPS for embedded GPS devices. Irrelevant for servers.

nbd: don't allow reconnect after disconnect

btrfs: fix use-after-free when attempting to join an aborted transaction

NFC: nci: Add bounds checking in nci_hci_create_pipe()

Out of scope: ARM64 architecture isn't supported for current kernel

ndisc: use RCU protection in ndisc_alloc_skb()

neighbour: use RCU protection in __neigh_notify()

arp: use RCU protection in arp_xmit()

openvswitch: use RCU protection in ovs_vport_cmd_fill_info()

ndisc: extend RCU protection in ndisc_send_skb()

nfsd: clear acl_access/acl_default after releasing them

vrf: use RCU protection in l3mdev_l3_out()

nilfs2: protect access to buffers with no active references

geneve: Fix use-after-free in geneve_find_dev().

ovl: fix UAF in ovl_dentry_update_reval by moving dput() in ovl_link_up

rapidio: fix an API misues when rio_add_net() fails

HID: intel-ish-hid: Fix use-after-free issue in ishtp_hid_remove()

sched/fair: Fix potential memory corruption in child_cfs_rq_on_list

Squashfs: check the inode number is not the invalid value of zero

x86/CPU/AMD: Terminate the erratum_1386_microcode array

HID: core: Fix assumption that Resolution Multipliers must be in Logical Collections

rdma/cxgb4: Prevent potential integer overflow on 32bit

usb: xhci: Fix NULL pointer dereference on certain command aborts

ocfs2: handle a symlink read error correctly

media: vidtv: Fix a null-ptr-deref in vidtv_mux_stop_thread

f2fs: fix to wait dio completion

tpm: Change to kvalloc() in eventlog/acpi.c

wifi: ath10k: avoid NULL pointer error during sdio remove

vlan: enforce underlying device type

vlan: enforce underlying device type

ftrace: Avoid potential division by zero in function_stat_show()

Out of scope: not affected

wifi: cfg80211: regulatory: improve invalid hints checking

wifi: nl80211: reject cooked mode if it is set along with other flags

caif_virtio: fix wrong pointer check in cfv_probe()

llc: do not use skb_get() before dev_queue_xmit()

ppp: Fix KMSAN uninit-value warning with bpf

usb: renesas_usbhs: Flush the notify_hotplug_work

usb: atm: cxacru: fix a flaw in existing endpoint checks

slimbus: messaging: Free transaction ID in delayed interrupt scenario

[PATCH] media: uvcvideo: Only save async fh if success

[PATCH] media: uvcvideo: Remove dangling pointers

[PATCH] media: uvcvideo: Remove dangling pointers

memcg: fix soft lockup in the OOM process

memcg: always call cond_resched() after fn()

memcg: fix soft lockup in the OOM process (adaptation)

USB: gadget: f_midi: f_midi_complete to call queue_work

Out of scope: PowerPC architecture isn't supported for current kernel

gtp: Suppress list corruption splat in gtp_net_exit_batch_rtnl().

tee: optee: Fix supplicant wait loop

drop_monitor: fix incorrect initialization order

nfp: bpf: Add check for nfp_app_ctrl_msg_alloc()

i2c: npcm: disable interrupt enable bit before devm_request_irq

usbnet: gl620a: fix endpoint checking in genelink_bind()

mptcp: always handle address removal under msk socket lock

drm/amdgpu: fix usage slab after free

sunrpc: fix one UAF issue caused by sunrpc kernel tcp socket

drm/amd/display: Fix out-of-bounds access in 'dcn21_link_encoder_create'

x86/microcode/AMD: Fix out-of-bounds on systems with CPU-less NUMA nodes

drm/amd/display: Fix slab-use-after-free on hdcp_work

net: atm: fix use after free in lec_send()

proc: fix UAF in proc_get_inode()

proc: fix UAF in proc_get_inode()

Bluetooth: hci_event: Align BR/EDR JUST_WORKS paring with LE

memstick: rtsx_usb_ms: Fix slab-use-after-free in rtsx_usb_ms_drv_remove

net: fix geneve_opt length integer overflow

net: fix geneve_opt length integer overflow

drm/amd/pm: Fix negative array index read

drm/amd/display: Skip inactive planes within ModeSupportAndSystemConfiguration