seq_file: Disallow extremely large seq buffer allocations

netfilter: x_tables: fix compat match/target pad out-of-bound write

KVM: nSVM: avoid picking up unsupported bits from L2 in int_ctl

hugetlbfs: flush TLBs correctly after huge_pmd_unshare

ptrace: Check PTRACE_O_SUSPEND_SECCOMP permission on PTRACE_SEIZE

netfilter: nf_tables: disallow non-stateful expression in sets

mac80211: assure all fragments are encrypted

Bluetooth: SMP: Fail if remote and local public keys are identical

PCI: rpadlpar: Fix potential drc_name corruption in store functions

firewire: nosy: Fix a use-after-free bug in nosy_ioctl()

Bluetooth: fix the erroneous flush_work() order

tracing: Fix bug in rb_per_cpu_empty() that might cause deadloop.

net: 6pack: fix slab-out-of-bounds in decode_data

ipv6: use prandom_u32() for ID generation

usb: max-3421: Prevent corruption of freed memory

usb: max-3421: Prevent corruption of freed memory (Adaptation)

Bluetooth: verify AMP hci_chan before amp_destroy

Bluetooth: verify AMP hci_chan before amp_destroy

can: bcm: fix infoleak in struct bcm_msg_head

x86/entry: Use the correct fence macro after swapgs in kernel CR3

Restrict access to pagemap/kpageflags/kpagecount

pNFS/flexfiles: fix incorrect size check in decode_nfs_fh()

USB: gadget: validate endpoint index for xilinx udc

can: ems_usb: ems_usb_start_xmit(): fix double dev_kfree_skb()

net: sched: use Qdisc rcu API instead of relying on rtnl lock

cgroup: Use open-time cgroup namespace for process migration perm checks

NFC: reorder the logic in nfc_{un,}register_device

NFC: add NCI_UNREG flag to eliminate the race

NFC: reorganize the functions in nci_request

af_key: add __GFP_ZERO flag for compose_sadb_supported in function pfkey_register

drm/vgem: Close use-after-free race in vgem_gem_create

floppy: use a statically allocated error counter

floppy: use a statically allocated error counter (kpatch adaptation)

ath9k fix use-after-free in ath9k_hif_usb_rx_cb

nfc: nfcmrvl: main: reorder destructive operations in nfcmrvl_nci_unregister_dev to avoid bugs

llc: fix netdevice reference leaks in llc_ui_bind()

x86/speculation/mmio: Add mitigation for Processor MMIO Stale Data

usb: gadget: rndis: check size of RNDIS_MSG_SET command

USB: gadget: validate interface OS descriptor requests

igmp: Add ip_mc_list lock in ip_check_mc_rcu

netfilter: nf_tables: stricter validation of element data

net: Rename and export copy_skb_header

xen/blkfront: fix leaking data in shared pages

xen/netfront: fix leaking data in shared pages

xen/netfront: force data bouncing when backend is untrusted (adaptation)

net/packet: fix slab-out-of-bounds access in packet_recvmsg()

fbcon: Disallow setting font bigger than screen size

fbcon: Prevent that screen size is smaller than font size

fbmem: Check virtual screen sizes in fb_set_var()

vt: drop old FONT ioctls

netfilter: nf_queue: do not allow packet truncation below transport header offset

net_sched: cls_route: remove from list when handle is 0

netfilter: nf_tables: do not allow SET_ID to refer to another table

percpu: stop printing kernel addresses

f2fs: fix to do sanity check on segment/section count

xfs: add agf freeblocks verify in xfs_agf_verify

nfc: fix refcount leak in llcp_sock_bind()

nfc: fix refcount leak in llcp_sock_connect()

nfc: fix memory leak in llcp_sock_bind()

nfc: Avoid endless loops caused by repeated llcp_sock_connect()

drm/ttm/nouveau: don't call tt destroy callback on alloc failure.

netfilter: x_tables: Use correct memory barriers.

xen-blkback: don't leak persistent grants from xen_blkbk_map()

An out-of-bounds (OOB) memory access flaw was found in fs/f2fs/node.c

bluetooth: eliminate the potential race condition when removing the HCI controller

mac80211: do not accept/forward invalid EAPOL frames

cipso,calipso: resolve a number of problems with the DOI refcounts

RDMA/cma: Add missing locking to rdma_accept()

RDMA/ucma: Rework ucma_migrate_id() to avoid races with destroy

Bluetooth: use correct lock to prevent UAF of hdev object

virtio_console: Assure used length from device is limited

isdn: cpai: check ctr->cnr to avoid array index out of bound

ixgbe: fix large MTU request from VF

mwifiex: Fix skb_over_panic in mwifiex_usb_recv()

dm ioctl: fix out of bounds array access when no devices

af_unix: fix garbage collect vs MSG_PEEK

af_unix: fix garbage collect vs MSG_PEEK (Adaptation)

af_unix: fix garbage collect vs MSG_PEEK (Adaptation)

btrfs: fix race when cloning extent buffer during rewind of an old root

media: firewire: firedtv-avc: fix a buffer overflow in avc_ca_pmt()

usb: hso: fix error handling code of hso_create_net_device

l2tp: fix races with ipv4-mapped ipv6 addresses

l2tp: fix races with ipv4-mapped ipv6 addresses (Adaptation)

net: ipv6: keep sk status consistent after datagram connect failure

xtables: add xt_match, xt_target and data copy_to_user functions

iptables: use match, target and data copy_to_user helpers

ip6tables: use match, target and data copy_to_user helpers

xtables: extend matches and targets with .usersize

netfilter: x_tables: fix pointer leaks to userspace

iptables: use match, target and data copy_to_user helpers (Adaptation)