ksmbd: fix Preauh_HashValue race condition

crypto: essiv - Check ssize for decryption and in-place encryption

padata: Fix pd UAF once and for all

padata: Fix pd UAF once and for all

Vulnerability affects only ZynqMP SoCs.

tcp_bpf: Call sk_msg_free() when tcp_bpf_send_verdict() fails to allocate psock->cork.

libceph: fix invalid accesses to ceph_connection_v1_info

net: fec: Fix possible NPD in fec_enet_phy_reset_after_clk_enable()

i40e: fix IRQ freeing in i40e_vsi_request_irq_msix error path

can: xilinx_can: xcan_write_frame(): fix use-after-free of transmitted SKB

dmaengine: ti: edma: Fix memory allocation size for queue_priority_map

dmaengine: qcom: bam_dma: Fix DT error handling for num-channels/ees

mm/memory-failure: fix VM_BUG_ON_PAGE(PagePoisoned(page)) when unpoison memory

qed: Don't collect too many protection override GRC elements

tcp: Clear tcp_sk(sk)->fastopen_rsk in tcp_disconnect().

cnic: Fix use-after-free bugs in cnic_delete_task

drm: bridge: anx7625: Fix NULL pointer dereference with early IRQ

ksmbd: smbdirect: validate data_offset and data_length field of smb_direct_data_transfer

can: peak_usb: fix shift-out-of-bounds issue

nexthop: Forbid FDB status change while nexthop is in a group

drm/gma500: Fix null dereference in hdmi teardown

tracing: dynevent: Add a missing lockdown check on dynevent

fbcon: fix integer overflow in fbcon_do_set_font

fbcon: Fix OOB access in font allocation

Complex adaptation required. Livepatching of this vulnerability can harm the network subsystem..

mm/migrate_device: don't add folio to be freed to LRU in migrate_device_finalize()

scsi: target: target_core_configfs: Add length check to avoid buffer overflow

media: b2c2: Fix use-after-free causing by irq_check_work in flexcop_pci_remove

udp: Fix memory accounting leak.

media: tuner: xc5000: Fix use-after-free in xc5000_release

media: i2c: tc358743: Fix use-after-free bugs caused by orphan timer in probe

perf: arm_spe: Prevent overflow in PERF_IDX2OFF()

blk-mq: check kobject state_in_sysfs before deleting in blk_mq_unregister_hctx

bpf: Explicitly check accesses to bpf_sock_addr

usb: host: max3421-hcd: Fix error pointer dereference in probe cleanup

scsi: pm80xx: Fix array-index-out-of-of-bounds on rmmod

pps: fix warning in pps_register_cdev when register device fail

ASoC: Intel: bytcr_rt5640: Fix invalid quirk input mapping

ASoC: Intel: bytcr_rt5651: Fix invalid quirk input mapping

net: usb: Remove disruptive netif_wake_queue in rtl8150_set_multicast

net: dlink: handle copy_thresh allocation failure

uio_hv_generic: Let userspace take care of interrupt mask

fs: udf: fix OOB read in lengthAllocDescs handling

mm: hugetlb: avoid soft lockup when mprotect to large memory area

pinctrl: check the return value of pinmux_ops::get_function_name()

bus: fsl-mc: Check return value of platform_get_resource()

drm/vmwgfx: Fix Use-after-free in validation

net/sctp: fix a null dereference in sctp_disposition sctp_sf_do_5_1D_ce()

bpf: Fix metadata_dst leak __bpf_redirect_neigh_v{4,6}

cpufreq: intel_pstate: Fix object lifecycle issue in update_qos_request()

sctp: Fix MAC comparison to be constant-time

ext4: verify orphan file size is not too big

ext4: verify orphan file size is not too big

ext4: align max orphan file size with e2fsprogs limit

KVM: x86: Don't (re)check L1 intercepts when completing userspace I/O

dm: fix NULL pointer dereference in __dm_suspend()

pid: Add a judgment for ns null in pid_nr_ns

ext4: detect invalid INLINE_DATA + EXTENTS flag combination

net/ip6_tunnel: Prevent perpetual tunnel growth

ALSA: usb-audio: Fix NULL pointer deference in try_to_register_card

hfsplus: fix slab-out-of-bounds read in hfsplus_strcasecmp()

hfsplus: fix KMSAN uninit-value issue in __hfsplus_ext_cache_extent()

hfs: validate record offset in hfsplus_bmap_alloc

hfsplus: fix KMSAN uninit-value issue in hfsplus_delete_cat()

hfs: fix KMSAN uninit-value issue in hfs_find_set_zero_bits()

sctp: avoid NULL dereference when chunk data buffer is missing

ocfs2: clear extent cache after moving/defragmenting extents

vsock: fix lock inversion in vsock_assign_transport()

comedi: fix divide-by-zero in comedi_buf_munge()

most: usb: Fix use-after-free in hdm_disconnect

most: usb: hdm_probe: Fix calling put_device() before device initialization

most: usb: fix double free on late probe failure

fuse: fix livelock in synchronous file put from fuseblk workers

vfs: Don't leak disconnected dentries on umount

usb: gadget: f_ncm: Refactor bind path to use __free()

usb: gadget: f_acm: Refactor bind path to use __free()

usb: gadget: f_acm: Refactor bind path to use __free()

drm/amdgpu: avoid buffer overflow attach in smu_sys_set_pp_table()

mmc: core: use sysfs_emit() instead of sprintf()