net: bridge: mst: fix vlan use-after-free

net: bridge: mst: fix vlan use-after-free

net: bridge: mst: fix vlan use-after-free

mm: cachestat: fix folio read-after-free in cache walk

PCI/MSI: Fix UAF in msi_capability_init

nvme: avoid double free special payload

net/sched: Fix UAF when resolving a clash

iommufd: Fix missing update of domains_itree after splitting iopt_area

mm: cachestat: fix two shmem bugs

nfsd: fix RELEASE_LOCKOWNER

kprobes/x86: Use copy_from_kernel_nofault() to read from unsafe address

mm/hugetlb: fix missing hugetlb_lock for resv

regmap: maple: Fix cache corruption in

This CVE introduces a regression and is reverted by CVE-2024-42102 in the same errata

efivarfs: force RO when remounting if SetVariable

efivarfs: force RO when remounting if SetVariable

KVM: SVM: Flush pages under kvm->lock to fix UAF

net: fix out-of-bounds access in ops_init

scsi: qedf: Ensure the copied buf is NUL

xhci: Handle TD clearing for multiple streams

cxl/region: Fix memregion leaks in devm_cxl_add_region()

ppp: reject claimed-as-LCP but actually malformed

Fix for skipped CVE-2023-52489 that modifies structure mem_section_usage only used at boot time

xdp: Remove WARN() from __xdp_reg_mem_model()

x86: stop playing stack games in profile_pc()

Reverts CVE-2024-26720, which we don't use.

mm: avoid overflows in dirty throttling logic

x86/coco: Require seeding RNG with RDRAND on CoCo

x86/coco: Require seeding RNG with RDRAND on CoCo

usb-storage: alauda: Check whether the media is initialized

usb-storage: alauda: Check whether the media is initialized (Adaptation)

uio: Fix use-after-free in uio_open

gfs2: Remove ill-placed consistency check

gfs2: simplify gdlm_put_lock with out_free label

gfs2: Fix potential glock use-after-free on unmount

gfs2: Fix potential glock use-after-free on unmount

scsi: qla2xxx: Fix double free of fcport

scsi: qla2xxx: Fix double free of the ha->vp_map pointer

fork: defer linking file vma until vma is fully initialized

wifi: nl80211: Avoid address calculations via out of bounds array indexing

wifi: mac80211: Avoid address calculations via out of bounds array indexing

tty: n_gsm: fix possible out-of-bounds in gsm0_receive()

cppc_cpufreq: Fix possible null pointer dereference

wifi: mt76: replace skb_put with skb_put_zero

cpufreq: exit() callback is optional

gpiolib: cdev: Fix use after free in lineinfo_changed_notify

bpf, sockmap: Prevent lock inversion deadlock in map delete elem

scsi: qla2xxx: Fix command flush on cable pull

ring-buffer: Fix a race between readers and resize checks

Input: cyapa - add missing input core locking to suspend/resume functions

ARM related CVE

ACPICA: Revert "ACPICA: avoid Info: mapping multiple BARs. Your kernel is fine."

KVM: x86/mmu: x86: Don't overflow lpage_info when checking attributes

net, sunrpc: Remap EPERM in case of connection failure in xs_tcp_setup_socket

net/sched: act_mirred: Create function tcf_mirred_to_dev and improve readability

net/sched: act_mirred: don't override retval if we already lost the skb

net: sched: sch_multiq: fix possible OOB write in multiq_tune()

tipc: Return non-zero value from tipc_udp_addr2str() on error

hwmon: (w83792d) Fix NULL pointer dereference by removing unnecessary structure field

hwmon: (w83792d) Fix NULL pointer dereference by removing unnecessary structure field

dmaengine: idxd: Fix oops during rmmod on single-CPU platforms

xfrm6: check ip6_dst_idev() return value in xfrm6_get_saddr()

gfs2: Fix NULL pointer dereference in gfs2_log_flush

RFDS: Medium score vulnerability affecting only Intel Atom CPUs, mitigated via microcode update.

Revert "net/mlx5: Block entering switchdev mode with ns inconsistency"

netfilter: nft_flow_offload: reset dst in route object after setting up flow

mptcp: ensure snd_nxt is properly initialized on connect

KVM: SVM: WARN on vNMI + NMI window iff NMIs are outright masked

Patches a sleepable function, there is a small but non-zero risk of livepatching failure

netfilter: flowtable: initialise extack before use

netpoll: Fix race condition in netpoll_owner_active

af_unix: Fix garbage collector racing against connect()

xfs: don't walk off the end of a directory data block

xfs: add bounds checking to xlog_recover_process_data

net/sched: act_api: fix possible infinite loop in tcf_idr_check_alloc()

block: initialize integrity buffer to zero before writing it to media

ipv6: prevent possible NULL dereference in rt6_probe()

ext4: fold quota accounting into ext4_xattr_inode_lookup_create()

ext4: do not create EA inode under buffer lock

ext4: turn quotas off if mount failed after enabling quotas

ext4: fix uninitialized ratelimit_state->lock access in __ext4_fill_super()

wifi: mt76: mt7921s: fix potential hung tasks during chip recovery

tty: Fix out-of-bound vmalloc access in imageblit

tcp: add sanity checks to rx zerocopy

mptcp: fix data re-injection from stale subflow

scsi: core: Fix unremoved procfs host directory regression

mac802154: fix llsec key resources release in mac802154_llsec_key_del

mac802154: fix llsec key resources release in mac802154_llsec_key_del

net/sched: taprio: extend minimum interval restriction to entire cycle too

xfs: fix log recovery buffer allocation for the

netfilter: nft_inner: validate mandatory meta and payload

netfilter: nft_inner: validate mandatory meta and payload

USB: class: cdc-wdm: Fix CPU lockup caused by excessive log messages

mptcp: ensure snd_una is properly initialized on connect

kpatch add alt asm definitions

x86/bugs: Change commas to semicolons in 'spectre_v2' sysfs file

x86/bugs: x86/bhi: Add support for clearing branch history at syscall entry