iommufd: Require drivers to supply the cache_invalidate_user ops

net: nexthop: Initialize all fields in dumped nexthops

mptcp: pm: Fix uaf in __timer_delete_sync

bpf: Fix overrunning reservations in ringbuf

bpf: Fix overrunning reservations in ringbuf

USB: serial: mos7840: fix crash on resume

USB: serial: mos7840: fix crash on resume

cxl/port: Fix use-after-free, permit out-of-order decoder shutdown

netfilter: nft_payload: sanitize offset and length before calling skb_checksum()

net/smc: fix illegal rmb_desc access in SMC-D connection dump

block: initialize integrity buffer to zero before writing it to media

iommu: Restore lost return in iommu_report_device_fault()

selinux,smack: don't bypass permissions check in inode_setsecctx hook

net: avoid potential underflow in qdisc_pkt_len_init() with UFO

Bluetooth: l2cap: fix null-ptr-deref in l2cap_chan_timeout

bpf: Add BPF_PROG_TYPE_CGROUP_SKB attach type enforcement in BPF_LINK_CREATE

bpf: Fix a kernel verifier crash in stacksafe()

bpf: Fix use-after-free in bpf_uprobe_multi_link_attach()

arm64: probes: Remove broken LDR (literal) uprobe support

bpf: Fix out-of-bounds write in trie_get_next_key()

KVM: nSVM: Ignore nCR3[4:0] when loading PDPTEs from memory

nfsd: ensure that nfsd4_fattr_args.context is zeroed out

xfrm: fix one more kernel-infoleak in algo dumping

xfrm: validate new SA's prefixlen using SA family when sel.family is unset

Bluetooth: bnep: fix wild-memory-access in proto_unregister

Bluetooth subsystem. Patched function may wait for a while, which may prevent patching/unpatching.

sched/numa: Fix the potential null pointer dereference in task_numa_work()

Bluetooth: SCO: Fix UAF on sco_sock_timeout

Bluetooth: ISO: Fix UAF on iso_sock_timeout

bpf: Fix a sdiv overflow issue

arm64: Low-score CVE requiring adaptation that is hard to implement; targets very rare hardware

RDMA/bnxt_re: Fix a bug while setting up Level-2 PBL pages

mptcp: cope racing subflow creation in mptcp_rcv_space_adjust

mlxsw: spectrum_ipip: Fix memory leak when changing remote IPv6 address

perf/aux: Fix AUX buffer serialization

perf/aux: Fix AUX buffer serialization (Adaptation)

tcp/dccp: Don't use timer_pending() in reqsk_queue_unlink()

Discard stale CPU state when handling SVE traps

fix race condition by adding filter's intermediate sync state

media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format

mm: migrate: fix getting incorrect page mapping during page migration

mm: fix NULL pointer dereference in alloc_pages_bulk_noprof

ALSA: usb-audio: Fix potential out-of-bound accesses for Extigy and Mbox devices

can: bcm: Fix UAF in bcm_proc_show()

CVE Rejected

vsock/virtio: Initialization of the dangling pointer occurring in vsk->trans

HID: core: zero-initialize the report buffer

Out of scope: ARM64 architecture isn't supported for current kernel

md: fix deadlock between mddev_suspend and flush bio