ipv6: mcast: extend RCU protection in igmp6_send()

ext4: ignore xattrs past end

ext4: fix off-by-one error in do_split

net_sched: hfsc: Fix a UAF vulnerability in class handling

net_sched: hfsc: Fix a potential UAF in hfsc_dequeue() too

of: module: add buffer overflow check in of_modalias()

net/sched: act_mirred: don't override retval if we already lost the skb

tracing: Fix oob write in trace_seq_to_buffer()

dm-bufio: don't schedule in atomic context

KVM: x86: Acquire SRCU in KVM_GET_MP_STATE to protect guest memory accesses

net_sched: drr: Fix double list add in class with netem as child qdisc

net_sched: qfq: Fix double list add in class with netem as child qdisc

openvswitch: Fix unsafe attribute parsing in output_userspace()

netfilter: ipset: fix region locking in hash types

x86/mm: Eliminate window where TLB flushes may be inadvertently skipped

nfs: handle failure of nfs_get_lock_context in unlock path

net/mlx5e: Disable MACsec offload for uplink representor profile

net/tls: fix kernel panic when alloc_page failed

dma-buf: insert memory barrier before updating num_fences

mm/vmscan: fix a bug calling wakeup_kswapd() with a wrong zone index

bpf, arm64: Fix trampoline for BPF_TRAMP_F_CALL_ORIG

sctp: add mutual exclusion in proc_sctp_do_udp_port()

btrfs: don't BUG_ON() when 0 reference count at btrfs_lookup_extent_info()

ipv6: Fix potential uninit-value access in __ip6_make_skb()

ipv4: Fix uninit-value access in __ip_make_skb()

btrfs: check folio mapping after unlock in relocate_one_folio()

sch_hfsc: Fix qlen accounting bug when using peek in hfsc_enqueue()

net_sched: hfsc: Address reentrant enqueue adding class to eltree twice

can: bcm: add locking for bcm_op runtime updates

can: bcm: add locking for bcm_op runtime updates

virtio: break and reset virtio devices on device_shutdown()

virtgpu: don't reset on shutdown

virtio: break and reset virtio devices on device_shutdown()

rseq: Fix segfault on registration when rseq_cs is non-zero

bridge: mcast: Fix use-after-free during router port configuration

fs: export anon_inode_make_secure_inode() and fix secretmem LSM bypass

xsk: Fix race condition in AF_XDP generic RX path

xsk: Fix race condition in AF_XDP generic RX path

cifs: handle cases where a channel is closed

smb: client: fix potential deadlock when reconnecting channels

smb: client: fix potential deadlock when reconnecting channels

xfrm: interface: fix use-after-free after changing collect_md xfrm interface

xfrm: interface: fix use-after-free after changing collect_md xfrm interface

net/sched: Restrict conditions for adding duplicating netems to qdisc tree

ipv6: reject malicious packets in ipv6_gso_segment()

ipv6: fix possible infinite loop in fib6_info_uses_dev()

ipv6: prevent infinite loop in rt6_nlmsg_size()

exfat: fix double free in delayed_free

eventpoll: Fix semi-unbounded recursion

eventpoll: Fix semi-unbounded recursion

mptcp: make fallback action and fallback decision atomic

mptcp: make fallback action and fallback decision atomic

smb: client: fix UAF in decryption with multichannel

ppp: fix race conditions in ppp_fill_forward_path

net: bridge: fix soft lockup in br_multicast_query_expired()

net: bridge: fix soft lockup in br_multicast_query_expired()

Out of scope: boot time issue

Out of scope: boot time issue

netfilter: br_netfilter: do not check confirmed bit in br_nf_local_in() after confirm

e1000e: fix heap overflow in e1000_set_eeprom

mm/slub: avoid accessing metadata when pointer is invalid in object_err()

tracing: Silence warning when chunk allocation fails in trace_pid_write

tcp_bpf: Call sk_msg_free() when tcp_bpf_send_verdict() fails to allocate psock->cork.

libceph: fix invalid accesses to ceph_connection_v1_info

libceph: fix invalid accesses to ceph_connection_v1_info

mm/damon/sysfs: fix use-after-free in state_show()

mm/damon/reclaim: avoid divide-by-zero in damon_reclaim_apply_parameters()

mm/damon/lru_sort: avoid divide-by-zero in damon_lru_sort_apply_parameters()

kernfs: Fix UAF in polling when open file is released

mm/memory-failure: fix VM_BUG_ON_PAGE(PagePoisoned(page)) when unpoison memory

ext4: avoid potential buffer over-read in parse_apply_sb_mount_options()

btrfs: fix assertion when building free space tree (dependency)

btrfs: do not assert we found block group item when creating free space tree

bpf: Fix metadata_dst leak __bpf_redirect_neigh_v{4,6}

btrfs: avoid potential out-of-bounds in btrfs_encode_fh()

smb: client: Fix refcount leak for cifs_sb_tlink

cifs: parse_dfs_referrals: prevent oob on malformed input

vfs: Don't leak disconnected dentries on umount

media: v4l2-subdev: Fix alloc failure check in v4l2_subdev_call_state_try()

tls: wait for pending async decryptions if tls_strp_msg_hold fails

cpufreq: intel_pstate: Fix object lifecycle issue in update_qos_request()

kernel/sys.c: fix the racy usage of task_lock(tsk->group_leader) in sys_prlimit64() paths

sctp: Fix MAC comparison to be constant-time

pid: Add a judgment for ns null in pid_nr_ns

ext4: detect invalid INLINE_DATA + EXTENTS flag combination

drm/vmwgfx: Fix Use-after-free in validation

net/sctp: fix a null dereference in sctp_disposition sctp_sf_do_5_1D_ce()

crypto: essiv - Check ssize for decryption and in-place encryption

netdevsim: fix a race issue related to the operation on bpf_bound_progs list

netdevsim: fix a race issue related to the operation on bpf_bound_progs list