tipc: Return non-zero value from tipc_udp_addr2str() on error

dev/parport: fix the array out-of-bounds risk

ipv6: prevent UAF in ip6_send_skb()

atm: idt77252: prevent use after free in dequeue_rx()

scsi: aacraid: Fix double-free on probe failure

usb: dwc3: st: fix probed platform device ref count on probe error path

Squashfs: sanity check symbolic link size

hwmon: (adc128d818) Fix underflows seen when writing limit attributes

Architecture um is not supported

mISDN: Fix a use after free in hfcmulti_tx()

drm/amdkfd: don't allow mapping the MMIO HDP page with large pages

drm/amd/display: Check gpio_id before used as array index

drm/amd/display: Check msg_id before processing transcation

drm/amdgpu: Fix out-of-bounds write warning

mptcp: pm: avoid possible UaF when selecting endp

hwmon: (nct6775-core) Fix underflows seen when writing limit attributes

hwmon: (w83627ehf) Fix underflows seen when writing limit attributes

jfs: Fix array-index-out-of-bounds in diFree

ASoC: dapm: Fix UAF for snd_soc_pcm_runtime object

hwmon: (lm95234) Fix underflows seen when writing limit attributes

VMCI: Fix use-after-free when removing resource in vmci_resource_remove()

sch/netem: fix use after free in netem_dequeue

media: venus: fix use after free in vdec_close

rcu-tasks: Fix show_rcu_tasks_trace_gp_kthread buffer overflow

Out of scope: Android/binder

drm/amd/display: Add array index check for hdcp ddc access

netfilter: nf_tables: use timestamp to check for set element timeout

netfilter: nf_tables: use timestamp to check for set element timeout

block: initialize integrity buffer to zero before writing it to media

remoteproc: imx_rproc: Skip over memory region when node value is NULL

Patch introduced a deadlock and was reverted.

pinctrl: single: fix potential NULL dereference in pcs_get_function()

netfilter: nf_tables: prefer nft_chain_validate

nilfs2: replace snprintf in show functions with sysfs_emit

nilfs2: protect references to superblock parameters exposed in sysfs

fix bitmap corruption on close_range() with CLOSE_RANGE_UNSHARE

ethtool: check device is present when getting link settings

drm/gma500: fix null pointer dereference in cdv_intel_lvds_get_modes

ext4: check dot and dotdot of dx_root before making dir indexed

drm/amdgpu: fix ucode out-of-bounds read warning

drm/amdgpu: Fix out-of-bounds read of df_v1_7_channel_number

drm/amd/pm: fix the Out-of-bounds read warning

HID: cougar: fix slab-out-of-bounds Read in cougar_report_fixup

of/irq: Prevent device address out-of-bounds read in interrupt map walk

drm/amdgpu: fix mc_data out-of-bounds read warning

gtp: pull network headers in gtp_dev_xmit()

exec: Fix ToCToU between perm check and set-uid/gid usage

drm/amdgpu: Using uninitialized value *size when calling amdgpu_vce_cs_reloc

ASoC: meson: axg-card: fix 'use-after-free'

ocfs2: add bounds checking to ocfs2_xattr_find_entry()

netfilter: nf_reject_ipv6: fix nf_reject_ip6_tcphdr_put()

ext4: aovid use-after-free in ext4_ext_insert_extent()

ocfs2: cancel dqi_sync_work before freeing oinfo

smb: client: fix OOBs when building SMB2_IOCTL request

media: s5p-jpeg: prevent buffer overflows

cifs: Fix buffer overflow when parsing NFS reparse points

Bluetooth: fix use-after-free in device_for_each_child()

Bluetooth: fix use-after-free in device_for_each_child()

jfs: fix array-index-out-of-bounds in jfs_readdir

drm/amd/display: Fix index out of bounds in degamma hardware format translation

ext4: fix slab-use-after-free in ext4_split_extent_at()

net/sched: stop qdisc_tree_reduce_backlog on TC_H_ROOT

NFSv4.0: Fix a use-after-free problem in the asynchronous open()

tipc: Fix use-after-free of kernel socket in cleanup_bearer().

net: ieee802154: do not leave a dangling sk pointer in ieee802154_create()

net: inet6: do not leave a dangling sk pointer in inet6_create()

hrtimers: Handle CPU state correctly on hotplug

hrtimers: Handle CPU state correctly on hotplug

blk-cgroup: Fix UAF in blkcg_unpin_online()

mtd: rawnand: fix double free in atmel_pmecc_create_user()

media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format

rtc: pcf85063: fix potential OOB write in PCF85063 NVMEM read

net: davicom: fix UAF in dm9000_drv_remove

NFC: nci: Add bounds checking in nci_hci_create_pipe()

Out of scope: ARM64 architecture isn't supported for current kernel

Postponed: complex analysis and adaptation required

drm/amd/display: Skip inactive planes within ModeSupportAndSystemConfiguration

HSI: ssi_protocol: Fix use after free vulnerability in ssi_protocol Driver Due to Race Condition

tcp/dccp: Don't use timer_pending() in reqsk_queue_unlink().

net/mlx5e: Fix use-after-free of encap entry in neigh update handler

drm/amdgpu: Fix even more out of bound writes from debugfs

smb: client: fix use-after-free bug in cifs_debug_data_proc_show()

dm cache: fix flushing uninitialized delayed_work on cache_ctr error

geneve: Fix use-after-free in geneve_find_dev().

geneve: Suppress list corruption splat in geneve_destroy_tunnels().

media: uvcvideo: Fix double free in error path

nilfs2: protect access to buffers with no active references

smb: client: fix UAF in async decryption

smb: client: fix NULL ptr deref in crypto_aead_setkey()

nbd: don't allow reconnect after disconnect

net: sched: Disallow replacing of child qdisc from one parent to another

padata: fix UAF in padata_reorder

rapidio: fix an API misues when rio_add_net() fails

memstick: rtsx_usb_ms: Fix slab-use-after-free in rtsx_usb_ms_drv_remove

drm/amd/pm: Fix negative array index read

tracing: Fix use-after-free in print_graph_function_flags during tracer switching

drm/amd/display: Fix out-of-bounds access in 'dcn21_link_encoder_create'

smb: client: fix potential UAF in cifs_debug_files_proc_show()

Restrict access to pagemap/kpageflags/kpagecount