watchdog: cpu5wdt.c: Fix use-after-free bug caused by cpu5wdt_trigger

netem: fix return value if duplicate enqueue fails

ipv6: fix possible UAF in ip6_finish_output2()

ipv6: prevent UAF in ip6_send_skb()

atm: idt77252: prevent use after free in dequeue_rx()

Architecture is not supported

scsi: aacraid: Fix double-free on probe failure

drm/amdgpu: Fix out-of-bounds write warning

VMCI: Fix use-after-free when removing resource in vmci_resource_remove()

binder: fix UAF caused by offsets overwrite

Squashfs: sanity check symbolic link size

HID: amd_sfh: free driver_data after destroying hid device

hfsplus: fix uninit-value in copy_name

gtp: pull network headers in gtp_dev_xmit()

tap: add missing verification for short frame

tun: add missing verification for short frame

drm/amd/pm: fix the Out-of-bounds read warning

drm/amdgpu: fix ucode out-of-bounds read warning

um: line: always fill *error_out in setup_one_line()

drm/amdgpu: fix mc_data out-of-bounds read warning

exec: Fix ToCToU between perm check and set-uid/gid usage

drm/amdgpu: Fix out-of-bounds read of df_v1_7_channel_number

HID: cougar: fix slab-out-of-bounds Read in cougar_report_fixup

of/irq: Prevent device address out-of-bounds read in interrupt map walk

netfilter: flowtable: validate vlan header

net: relax socket state check at accept time.

ax25: Fix reference count leak issues of ax25_dev

CVE patch is for RISCV arch only

scsi: core: Fix a use-after-free

scsi: core: Fix a use-after-free

net/sched: flower: Fix chain template offload

net/sched: flower: Fix chain template offload

nvme: avoid double free special payload

CVE patch is for powerpc arch only

tipc: Return non-zero value from tipc_udp_addr2str() on error

mISDN: Fix a use after free in hfcmulti_tx()

net/iucv: fix use after free in iucv_sock_close()

drm/amdkfd: don't allow mapping the MMIO HDP page with large pages

wifi: mac80211: Avoid address calculations via out of bounds array indexing

smack: tcp: ipv4, fix incorrect labeling

rcu-tasks: Fix show_rcu_tasks_trace_gp_kthread buffer overflow

RDMA/iwcm: Fix a use-after-free related to destroying CM IDs

dev/parport: fix the array out-of-bounds risk

Patched function waits for external events, which may prevent patching/unpatching.

media: venus: fix use after free in vdec_close

jfs: Fix array-index-out-of-bounds in diFree

vhost/vsock: always initialize seqpacket_allow

vhost/vsock: always initialize seqpacket_allow

net: bridge: mcast: wait for previous gc cycles when removing port

mptcp: pm: avoid possible UaF when selecting endp

ipv6: prevent possible UAF in ip6_xmit()

ocfs2: add bounds checking to ocfs2_check_dir_entry()

jfs: don't walk off the end of ealist

fs/ntfs3: Validate ff offset

filelock: Remove locks reliably when fcntl/close race is detected

drm/amdgpu: Fix signedness bug in sdma_v4_0_process_trap_irq()

netfilter: nf_tables: prefer nft_chain_validate

drm/radeon: check bo_va->bo is non-NULL before using it

Bluetooth: hci_core: cancel all works upon hci_unregister_dev()

CVE patch is for powerpc arch only

CVE patch is for powerpc arch only

Out of scope as the patch is for s390 arch only, x86_64 is not affected

wifi: cfg80211: wext: add extra SIOCSIWSCAN data check

null_blk: fix validation of block size

btrfs: qgroup: fix quota root leak after quota disable failure

ila: block BH in ila_output()

ata: libata-core: Fix null pointer dereference on error

wifi: cfg80211: restrict NL80211_ATTR_TXQ_QUANTUM values

wifi: cfg80211: restrict NL80211_ATTR_TXQ_QUANTUM values (Adaptation)

net, sunrpc: Remap EPERM in case of connection failure in xs_tcp_setup_socket

powerpc arch not supported.

drm/i915/gem: Fix Virtual Memory mapping boundaries calculation

bna: adjust 'name' buf size of bna_tcb and bna_ccb structures

ila: call nf_unregister_net_hooks() sooner

protect the fetch of ->fd[fd] in do_dup2() from mispredictions

RISCV arch not supported.

netfilter: iptables: Fix potential null-ptr-deref in ip6table_nat_table_init().

iommu: sprd: Avoid NULL deref in sprd_iommu_hw_en

bpf: Fix a segment issue when downgrading gso_size

net: nexthop: Initialize all fields in dumped nexthops

f2fs: fix return value of f2fs_convert_inline_inode()

scsi: qla2xxx: Complete command early within lock

sched: act_ct: take care of padding in struct zones_ht_key

can: bcm: Remove proc entry when dev is unregistered.

f2fs: fix to don't dirty inode for readonly filesystem

fs/ntfs3: Update log->page_{mask,bits} if log->page_size changed

kobject_uevent: Fix OOB access within zap_modalias_env()

scsi: qla2xxx: Fix for possible memory corruption

scsi: qla2xxx: validate nvme_local_port correctly

nilfs2: handle inconsistent state in nilfs_btnode_create_block()

drm/amd/display: Add array index check for hdcp ddc access

drm/amd/display: Check gpio_id before used as array index

drm/amd/display: Check msg_id before processing transcation

sch/netem: fix use after free in netem_dequeue

ASoC: dapm: Fix UAF for snd_soc_pcm_runtime object

hwmon: (adc128d818) Fix underflows seen when writing limit attributes

hwmon: (lm95234) Fix underflows seen when writing limit attributes

hwmon: (nct6775-core) Fix underflows seen when writing limit attributes

hwmon: (w83627ehf) Fix underflows seen when writing limit attributes

apparmor: Fix null pointer deref when receiving skb during sock creation

media: pci: cx23885: check cx23885_vdev_init() return

drm/amd/display: Add NULL test for 'timing generator' in 'dcn21_set_pipe()'

media: i2c: et8ek8: Don't strip remove function when driver is builtin

xfs: fix log recovery buffer allocation for the legacy h_size fixup

filelock: Remove locks reliably when fcntl/close race is detected

scsi: qla2xxx: During vport delete send async logout explicitly

ext4: make sure the first directory block is not a hole

ext4: check dot and dotdot of dx_root before making dir indexed

udf: Avoid using corrupted block bitmap buffer

drm/gma500: fix null pointer dereference in psb_intel_lvds_get_modes

drm/gma500: fix null pointer dereference in cdv_intel_lvds_get_modes

hfs: fix to initialize fields of hfs_inode_info after hfs_alloc_inode()

sysctl: always initialize i_uid/i_gid

ext4: fix infinite loop when replaying fast_commit

block: initialize integrity buffer to zero before writing it to media

soc: qcom: pdr: protect locator_addr with the main mutex

lib: objagg: Fix general protection fault

xdp: fix invalid wait context of page_pool_destroy()

leds: trigger: Unregister sysfs attributes before calling deactivate()

drm/qxl: Add check for drm_cvt_mode

dma: fix call order in dmam_free_coherent

cgroup/cpuset: Prevent UAF in proc_cpuset_show()

virtio_net: Fix napi_skb_cache_put warning

usb: vhci-hcd: Do not drop references before new references are gained

Bluetooth: MGMT: Add error handling to pair_device()

Out of scope: This CVE modified the __init function which won't be available to patch as it is used during bootup time.

serial: core: check uartclk for zero to avoid divide by zero

drm/client: fix null pointer dereference in drm_client_modeset_probe

drm/amd/display: Add null checker before passing variables

drm/amd/pm: Fix the null pointer dereference for vega10_hwmgr

drm/amdgpu/pm: Fix the null pointer dereference in apply_state_adjust_rules

netfilter: ctnetlink: use helper function to calculate expect ID

md/raid5: avoid BUG_ON() while continue reshape after reassembling

drm/amdgpu/pm: Fix the null pointer dereference for smu7

drm/amdgpu: Fix the null pointer dereference to ras_manager

ALSA: line6: Fix racy access to midibuf

Patch introduced a deadlock and was reverted.

x86/mtrr: Check if fixed MTRRs exist before saving them

fuse: Initialize beyond-EOF page contents before setting uptodate

sctp: Fix null-ptr-deref in reuseport_add_sock().

remoteproc: imx_rproc: Skip over memory region when node value is NULL

net: usb: qmi_wwan: fix memory leak for not ip packets

drm/vmwgfx: Fix a deadlock in dma buf fence polling

drm/vmwgfx: Fix a deadlock in dma buf fence polling kpatch

drm/nouveau: prime: fix refcount underflow

The patch for CVE-2025-37747 reverts the patch for this CVE.

perf: Fix event leak upon exit

devres: Fix memory leakage caused by driver API devm_free_percpu()

PCI: endpoint: Clean up error handling in vpci_scan_bus()

wifi: cfg80211: handle 2x996 RU allocation in cfg80211_calculate_bitrate_he()

mlxsw: spectrum_acl_erp: Fix object nesting warning

mlxsw: spectrum_acl_erp: Fix object nesting warning kpatch

usb: dwc3: core: Prevent USB core invalid event buffer address access

thunderbolt: Mark XDomain as unplugged when router is removed

mmc: mmc_test: Fix NULL dereference on allocation failure

pinctrl: single: fix potential NULL dereference in pcs_get_function()

ethtool: check device is present when getting link settings

gtp: fix a potential NULL pointer dereference

nfc: pn533: Add poll mod list filling check

soc: qcom: cmd-db: Map shared memory as WC, not WB

usb: gadget: core: Check for unset descriptor

x86/mm: Fix pti_clone_pgtable() alignment assumption

binfmt_flat: Fix corruption when not offsetting data start

s390 arch not supported.

net: dsa: bcm_sf2: Fix a possible memory leak in bcm_sf2_mdio_register()

drm/msm/dpu: cleanup FB if dpu_format_populate_layout fails

net: dsa: mv88e6xxx: Fix out-of-bound access

bonding: fix xfrm real_dev null pointer dereference

bonding: fix null pointer deref in bond_ipsec_offload_ok

xhci: Fix Panther point NULL pointer deref at full-speed re-enumeration

vfs: Don't evict inode under the inode lru traversing context

fix bitmap corruption on close_range() with CLOSE_RANGE_UNSHARE

memcg_write_event_control(): fix a user-triggerable oops

netfilter: flowtable: initialise extack before use

net: hns3: fix a deadlock problem when config TC during resetting

Input: MT - limit max slots

drm/amd/display: Skip wbscl_set_scaler_filter if filter is null

usb: typec: ucsi: Fix null pointer dereference in trace

apparmor: fix possible NULL pointer dereference

drm/amd/display: Assign linear_pitch_alignment even for VM

nvmet-tcp: fix kernel crash if commands allocation fails

uio_hv_generic: Fix kernel NULL pointer dereference in hv_uio_rescind

Input: uinput - reject requests with unreasonable number of slots

Complex adaptation required. Low impact CVE.

btrfs: replace BUG_ON() with error handling at update_ref_for_cow()

wifi: mwifiex: Do not return unused priv in mwifiex_get_priv_by_id()

drm/amd/display: Stop amdgpu_dm initialize when stream nums greater than 6

drm/amd/display: Check num_valid_sets before accessing reader_wm_sets[]

drm/amd/amdgpu: Check tbo resource pointer

drm/amdgpu: the warning dereferencing obj for nbio_v7_4

drm/bridge: tc358767: Check if fully initialized before signalling HPD event via IRQ

arm64: acpi: Harden get_cpu_for_acpi_id() against missing CPU entry

Postponed: complex analysis and adaptation required

sched: sch_cake: fix bulk flow accounting logic for host fairness

Out of scope: MIPS architecture isn't supported for current kernel

btrfs: clean up our handling of refs == 0 in snapshot delete

fsnotify: clear PARENT_WATCHED flags lazily

staging: iio: frequency: ad9834: Validate frequency parameter value

i3c: mipi-i3c-hci: Error out instead on BUG_ON() in IBI DMA setup

PCI: keystone: Add workaround for Errata #i2037 (AM65x SR 1.0)

lib/generic-radix-tree.c: Fix rare race in __genradix_ptr_alloc()

nilfs2: fix state management in error path of log writing function

drm/bridge: sii902x: Fix probing race issue

firmware: arm_scmi: Fix double free in SMC transport cleanup path

drm/amdgpu: fix the waring dereferencing hive

can: mcp251x: fix deadlock if an interrupt occurs during mcp251x_open

nilfs2: fix missing cleanup on rollforward recovery error

udf: Avoid excessive partition lengths

tcp_bpf: fix return value of tcp_bpf_sendmsg()

pci/hotplug/pnv_php: Fix hotplug driver crash on Powernv

fou: Fix null-ptr-deref in GRO.

nilfs2: protect references to superblock parameters exposed in sysfs

nilfs2: protect references to superblock parameters exposed in sysfs

This CVE fixes CVE-2024-26584 that creates stack unsafety under network load

wifi: virt_wifi: don't use strlen() in const context

wifi: virt_wifi: don't use strlen() in const context

wifi: virt_wifi: don't use strlen() in const context

ksmbd: unset the binding mark of a reused connection

fou: remove warn in gue_gro_receive on unsupported protocol

Out of scope: RISC V architecture isn't supported for current kernel

f2fs: fix to do sanity check on F2FS_INLINE_DATA flag in inode during GC

spi: nxp-fspi: fix the KASAN report out-of-bounds bug

dma-buf: heaps: Fix off-by-one in CMA heap fault handler

ASoC: meson: axg-card: fix 'use-after-free'

netfilter: nf_reject_ipv6: fix nf_reject_ip6_tcphdr_put()

9p: add missing locking around taking dentry fid list

ocfs2: cancel dqi_sync_work before freeing oinfo

net/xen-netback: prevent UAF in xenvif_flush_hash()

wifi: ath11k: fix array out-of-bound access in SoC stats

fbdev: pxafb: Fix possible use after free in pxafb_task()

drm/amd/display: Fix index out of bounds in DCN30 degamma hardware format translation

drm/amd/display: Fix index out of bounds in degamma hardware format translation

ext4: avoid use-after-free in ext4_ext_show_leaf()

ext4: fix slab-use-after-free in ext4_split_extent_at()

ext4: aovid use-after-free in ext4_ext_insert_extent()

ext4: fix double brelse() the buffer of the extents path

ocfs2: add bounds checking to ocfs2_xattr_find_entry()

wifi: rtw88: always wait for both firmware loading attempts

ext4: avoid OOB when system.data xattr changes underneath the filesystem

drivers: media: dvb-frontends/rtl2832: fix an out-of-bounds write error

drivers: media: dvb-frontends/rtl2830: fix an out-of-bounds write error

scsi: elx: libefc: Fix potential use after free in efc_nport_vport_del()

RDMA/rtrs-clt: Reset cid to con_num - 1 to stay in bounds

firmware_loader: Block path traversal

net: ethernet: lantiq_etop: fix memory disclosure

net: bridge: xmit: make sure we have at least eth header len bytes

tipc: guard against string buffer overrun

ALSA: asihpi: Fix potential OOB array access

ext4: no need to continue when the number of entries is 1

ext4: drop ppath from ext4_ext_replay_update_ex() to avoid double-free

aoe: fix the potential use-after-free problem in more places

fbdev: sisfb: Fix strbuf array overflow

net: explicitly clear the sk pointer, when pf->create fails

drm/amd/display: Fix index out of bounds in DCN30 color transformation

mptcp: pm: Fix uaf in __timer_delete_sync

Rare Panasonic laptop hardware; patch requires struct adaptation for minimal impact

net: dpaa: Pad packets to ETH_ZLEN

jfs: fix out-of-bounds in dbNextAG() and diAlloc()

net: seeq: Fix use after free vulnerability in ether3 Driver Due to Race Condition

ACPI: sysfs: validate return type of _STR method

jfs: Fix uaf in dbFreeBits

jfs: Fix uninit-value access of new_ea in ea_buffer

ppp: fix ppp_async_encode() illegal access

slip: make slhc_remember() more robust against malicious packets

media: venus: fix use after free bug in venus_remove due to race condition

nilfs2: fix potential oob read in nilfs_btree_check_delete()

ntb: ntb_hw_switchtec: Fix use after free vulnerability in switchtec_ntb_remove due to race condition

vhost_vdpa: assign irq bypass producer token correctly

ntb: intel: Fix the NULL vs IS_ERR() bug for debugfs_create_dir()

nfsd: return -EINVAL when namelen is 0

media: usbtv: Remove useless locks in usbtv_video_free()

ALSA: usb-audio: Fix possible NULL pointer dereference in snd_usb_pcm_has_fixed_rate()

RDMA/rxe: Fix seg fault in rxe_comp_queue_pkt

HNS RoCE driver for China-specific Hisilicon/Kunpeng ARM SoCs

IB/core: Fix ib_cache_setup_one error flow cleanup

net: mana: Fix TX CQE error handling

s390 architecture is not supported

ARM related CVE

Affects only __init function for a built-in component, so patching will have no effect

usb: typec: tcpm: Check for port partner validity before consuming it

vfio/pci: fix potential memory leak in vfio_intx_enable()

ocfs2: strict bound check before memcmp in ocfs2_xattr_find_entry()

gfs2: Fix NULL pointer dereference in gfs2_log_flush

Out of scope: s390 is not supported

Out of scope: s390 is not supported

gpio: prevent potential speculation leaks in gpio_device_get_desc()

selinux,smack: don't bypass permissions check in inode_setsecctx hook

netfilter: nft_socket: fix sk refcount leaks

USB: usbtmc: prevent kernel-usb-infoleak

wifi: iwlwifi: mvm: don't wait for tx queues if firmware is dead

wifi: iwlwifi: mvm: pause TCM when the firmware is stopped

mm: avoid leaving partial pfn mappings around in error case

vfs: fix race between evice_inodes() and find_inode()&iput()

tcp: check skb is non-NULL in tcp_rto_delta_us()

tcp: check skb is non-NULL in tcp_rto_delta_us()

nilfs2: fix potential null-ptr-deref in nilfs_btree_insert()

nilfs2: determine empty node blocks as corrupted

block: fix potential invalid pointer dereference in blk_add_partition

jbd2: stop waiting for space when jbd2_cleanup_journal_tail() returns error

ocfs2: reserve space for inline xattr before attaching reflink tree

ocfs2: remove unreasonable unlock in ocfs2_read_blocks

static_call: Replace pointless WARN_ON() in static_call_module_notify()

ACPICA: check null return of ACPI_ALLOCATE_ZEROED() in acpi_db_convert_to_package()

ACPI: battery: Fix possible crash when unregistering a battery hook

ocfs2: fix null-ptr-deref when journal load failed.

net: avoid potential underflow in qdisc_pkt_len_init() with UFO

netfilter: nf_tables: prevent nf_skb_duplicated corruption

tpm: Clean up TPM space after command failure

RDMA/cxgb4: Added NULL check for lookup_atid

Out of scope: EFI libstub fix, running kernels not vulnerable.

f2fs: Require FMODE_WRITE for atomic write ioctls

btrfs: fix a NULL pointer dereference when failed to start a new trasacntion

btrfs: wait for fixup workers before stopping cleaner kthread during umount

tracing/timerlat: Fix a race during cpuhp processing

x86/sgx: Fix deadlock in SGX NUMA node search

vhost/scsi: null-ptr-dereference in vhost_scsi_get_req()

RDMA/iwcm: Fix WARNING:at_kernel/workqueue.c:#check_flush_dependency

RDMA/iwcm: Fix WARNING:at_kernel/workqueue.c:#check_flush_dependency

Out of scope as the patch is for arm64 arch only, x86_64 not affected

Bluetooth: L2CAP: Fix div-by-zero in l2cap_le_flowctl_init()

Bluetooth: L2CAP: Fix div-by-zero in l2cap_le_flowctl_init() (adaptation)

Out of scope, i.MX SoC is not supported

block, bfq: fix possible UAF for bfqq->bic with merge chain

can: bcm: Clear bo->bcm_proc_read after remove_proc_entry()

sock_map: Add a cond_resched() in sock_hash_free()

wifi: wilc1000: fix potential RCU dereference issue in wilc_parse_join_bss_param

wifi: mac80211: use two-phase skb reclamation in ieee80211_do_stop()

drm/amd/display: Add null check for set_output_gamma in dcn30_set_output_transfer_func

bonding: Fix unnecessary warnings and logs from bond_xdp_get_xmit_slave()

RDMA/hns: Fix spin_unlock_irqrestore() called with IRQs enabled

nfsd: call cache_put if xdr_reserve_space returns NULL

padata: use integer wrap around to prevent deadlock on seq_nr overflow

resource: fix region_intersects() vs add_memory_driver_managed()

drm: omapdrm: Add missing check for alloc_ordered_workqueue

ext4: update orig_path in ext4_find_extent()

platform/x86: ISST: Fix the KASAN report slab-out-of-bounds bug

drm/amd/pm: ensure the fw_info is not null before using it

drm/amd/display: Initialize get_bytes_per_element's default to 1

drm/amd/display: Check stream before comparing them

[PATCH] thermal: intel: int340x: processor: Fix warning during module unload

[PATCH 1/1] bpf: Check rcu_read_lock_trace_held() before calling bpf map helpers

[PATCH 1/1] netfilter: br_netfilter: fix panic with metadata_dst skb

[PATCH 1/1] drm/amd/display: Check null pointer before dereferencing se

[PATCH 1/1] RDMA/rtrs-srv: Avoid null pointer deref during path

[PATCH 1/1] RDMA/mad: Improve handling of timed out WRs of mad agent

[PATCH 1/1] nouveau/dmem: Fix vulnerability in migrate_to_ram upon

[PATCH 1/1] ceph: remove the incorrect Fw reference check when

[PATCH 1/1] virtio_pmem: Check device status before requesting flush

[PATCH 1/1] net: phy: dp83869: fix memory corruption when enabling

[PATCH 1/1] ext4: don't set SB_RDONLY after filesystem errors

nfsd: map the EBADMSG to nfserr_io to avoid warning

jfs: check if leafidx greater than num leaves per dmap tree

drm/amd/display: Check null pointers before using dc->clk_mgr

drm/amd/display: Add null check for top_pipe_to_program in commit_planes_for_stream

x86/ioapic: Handle allocation failures gracefully

blk_iocost: fix more out of bound shifts

Low-score CVE changes a kthread, which may prevent patching/unpatching

wifi: ath9k_htc: Use __skb_set_length() for resetting urb before resubmit

sctp: set sk_state back to CLOSED if autobind fails in sctp_listen_start

sctp: ensure sk_state is set to CLOSED if hashing fails in sctp_listen_start

ppp: do not assume bh is held in ppp_channel_bridge_input()

net: add more sanity checks to qdisc_pkt_len_init()

Input: adp5589-keys - fix NULL pointer dereference

[PATCH] NFSv4: Prevent NULL-pointer dereference in nfs42_complete_copies()

[PATCH] NFSv4: Prevent NULL-pointer dereference in nfs42_complete_copies()

When introduced by live-patching, patch causes more problems than it fixes. Complex adaptation required.

f2fs: get rid of online repaire on corrupted directory

uprobes: fix kernel info leak via "[uprobes]" vma

net: stmmac: Fix zero-division error when disabling tc cbs

i2c: stm32f7: Do not prepare/unprepare clock during runtime suspend/resume

net/mlx5e: Fix NULL deref in mlx5e_tir_builder_alloc()

net/mlx5: Fix error path in multi-packet WQE transmit

drm/amd/display: Fix system hang while resume with TBT monitor

ext4: fix i_data_sem unlock order in ext4_ind_migrate()

wifi: mwifiex: Fix memcpy() field-spanning write warning in mwifiex_cmd_802_11_scan_ext()

wifi: mwifiex: Fix memcpy() field-spanning write warning in mwifiex_cmd_802_11_scan_ext()

[PATCH] static_call: Handle module init failure correctly in static_call_del_module()

exfat: fix memory leak in exfat_load_bitmap()

kthread: unpark only parked kthread

net: Fix an unsafe loop on the list

drm/v3d: Stop the active perfmon before being destroyed

igb: Do not bring the device up after non-fatal error

i40e: Fix macvlan leak by synchronizing access to mac_filter_hash

Bluetooth: RFCOMM: FIX possible deadlock in rfcomm_sk_state_change

net/sched: accept TCA_STAB only for root qdisc

net/sched: accept TCA_STAB only for root qdisc

UBUNTU: [Config] Disable BlueZ highspeed support

ax25: Fix refcount imbalance on inbound connections

net/sched: stop qdisc_tree_reduce_backlog on TC_H_ROOT

media: mtk-vcodec: potential null pointer deference in SCP

Bluetooth: SCO: Fix not validating setsockopt user input

Bluetooth: RFCOMM: Fix not validating setsockopt user

Bluetooth: L2CAP: Fix not validating setsockopt user input

Bluetooth: hci_sock: Fix not validating setsockopt user input

net: fec: remove .ndo_poll_controller to avoid deadlocks

net: fec: remove .ndo_poll_controller to avoid deadlocks

vsock/virtio: Initialization of the dangling pointer occurring in vsk->trans

drm/amd/display: Add null checks for 'stream' and 'plane' before dereferencing

smb: client: set correct id, uid and cruid for multiuser automounts

net: sched: fix ordering of qlen adjustment

netfilter: ipset: add missing range check in bitmap_ip_uadt

hv_sock: Initializing vsk->trans to NULL to prevent a dangling pointer

blk-cgroup: Fix UAF in blkcg_unpin_online()

blk-cgroup: Fix UAF in blkcg_unpin_online()

parport: Proper fix for array out-of-bounds access

mptcp: pm: only decrement add_addr_accepted for MPJ req

mptcp: pm: fix UaF read in mptcp_pm_nl_rm_addr_or_subflow

ax25: fix use-after-free bugs caused by ax25_ds_del_timer

RDMA/bnxt_re: Add a check for memory allocation

tcp/dccp: Don't use timer_pending() in reqsk_queue_unlink().

tracing: Consider the NULL character when validating the event length

net: sched: fix use-after-free in taprio_change()

udf: fix uninit-value use in udf_get_fileshortad

smb: client: fix OOBs when building SMB2_IOCTL request

KVM: nSVM: Ignore nCR3[4:0] when loading PDPTEs from memory

fs/ntfs3: Check if more than chunk-size bytes are written

wifi: iwlegacy: Clear stale interrupts before resuming device

dm cache: fix out-of-bounds access to the dirty bitset when resizing

dm cache: optimize dirty bit checking with find_next_bit when resizing

dm cache: fix potential out-of-bounds access on the first resume

net: do not delay dst_entries_add() in dst_release()

usb: typec: fix potential out of bounds in ucsi_ccg_update_set_new_cam_cmd()

security/keys: fix slab-out-of-bounds in key_task_permission

wifi: iwlwifi: mvm: Fix response handling in iwl_mvm_send_recovery_cmd()

bpf: Fix out-of-bounds write in trie_get_next_key()

nilfs2: fix kernel bug due to missing clearing of checked flag

media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format

usb: musb: sunxi: Fix accessing an released usb phy

USB: serial: io_edgeport: fix use after free in debug printk

tcp: fix mptcp DSS corruption due to large pmtu xmit

media: s5p-jpeg: prevent buffer overflows

The fix for this CVE was reverted in upstream Ubuntu kernel by the following commit (b0feddb6759a) Revert "drm/amdgpu: add missing size check in amdgpu_debugfs_gprwave_read()"

netfilter: Fix use-after-free in get_info()

KVM: Fix a data race on last_boosted_vcpu in kvm_vcpu_on_spin()

drm/shmem-helper: Fix BUG_ON() on mmap(PROT_WRITE, MAP_PRIVATE)

closures: Change BUG_ON() to WARN_ON()

ibmvnic: Add tx check to prevent skb leak

netfilter: nft_payload: sanitize offset and length before calling skb_checksum()

drm/i915: Fix potential context UAFs

io_uring: fix possible deadlock in io_register_iowq_max_workers()

HID: core: zero-initialize the report buffer

dm-crypt, dm-verity: disable tasklets

dm-crypt, dm-verity: disable tasklets (adaptation)

arm64: probes: Remove broken LDR (literal) uprobe support

iommu/vt-d: Fix incorrect pci_for_each_dma_alias() for non-PCI devices

blk-rq-qos: fix crash on rq_qos_wait vs. rq_qos_wake_function race

exec: don't WARN for racy path_noexec check

xfrm: fix one more kernel-infoleak in algo dumping

serial: protect uart_port_dtr_rts() in uart_shutdown() too

ASoC: qcom: Fix NULL Dereference in asoc_qcom_lpass_cpu_platform_probe()

Out of scope: x86 architecture isn't supported for current kernel

nilfs2: fix kernel bug due to missing clearing of buffer delay flag

ice: Add a per-VF limit on number of FDIR filters

ice: Add a per-VF limit on number of FDIR filters (adaptation)

ALSA: hda/cs8409: Fix possible NULL dereference

scsi: target: core: Fix null-ptr-deref in target_alloc_device()

Bluetooth: bnep: fix wild-memory-access in proto_unregister

Bluetooth: bnep: fix wild-memory-access in proto_unregister kpatch

drm/vboxvideo: Replace fake VLA at end of vbva_mouse_pointer_shape with real VLA

drm/amd: Guard against bad data for ATIF ACPI method

xfrm: validate new SA's prefixlen using SA family when sel.family is unset

ACPI: PRM: Find EFI_MEMORY_RUNTIME block for PRM handler and context

[PATCH] ACPI: PRM: Remove unnecessary strict handler address checks

[PATCH] drm/amdgpu: prevent NULL pointer dereference if ATIF is not supported

be2net: fix potential memory leak in be_xmit()

net/sun3_82586: fix potential memory leak in sun3_82586_send_packet()

net: systemport: fix potential memory leak in bcm_sysport_xmit()

secretmem: disable memfd_secret() if arch cannot set direct map

arm64: Low-score CVE requiring adaptation that is hard to implement; targets very rare hardware

posix-clock: Fix missing timespec64 check in pc_clock_settime()

posix-clock: posix-clock: Fix unbalanced locking in pc_clock_settime()

pinctrl: ocelot: fix system hang on level based interrupts

iio: light: veml6030: fix IIO device retrieval from embedded device

mm/swapfile: skip HugeTLB pages for unuse_vma

drm/radeon: Fix encoder->possible_clones

nilfs2: propagate directory read errors from nilfs_find_entry()

RDMA/bnxt_re: Fix a bug while setting up Level-2 PBL pages

ALSA: firewire-lib: Avoid division by zero in apply_constraint_to_size()

wifi: ath10k: Fix memory leak in management tx

staging: iio: frequency: ad9832: fix division by zero in ad9832_calc_freqreg()

iio: adc: ad7124: fix division by zero in ad7124_set_channel_odr()

nilfs2: fix potential deadlock with newly created symlinks

ocfs2: pass u64 to ocfs2_truncate_inline maybe overflow

netdevsim: Add trailing zero to terminate the string in nsim_nexthop_bucket_activity_write()

fs/ntfs3: Fix possible deadlock in mi_read

fs/ntfs3: Additional check in ni_clear()

wifi: mac80211: do not pass a stopped vif to the driver in .get_txpower

ASoC: stm32: spdifrx: fix dma channel release in stm32_spdifrx_remove

media: cx24116: prevent overflows on SNR calculus

media: v4l2-tpg: prevent the risk of a division by zero

btrfs: reinitialize delayed ref list after deleting it from the list

ocfs2: remove entry once instead of null-ptr-dereference in ocfs2_xa_remove()

[PATCH 2/2] bpf: devmap: provide rxq after redirect

[PATCH 1/2] bpf: Make sure internal and UAPI bpf_redirect flags don't overlap

[PATCH 1/2] bpf: Make sure internal and UAPI bpf_redirect flags don't overlap

net: stmmac: TSO: Fix unbalanced DMA map/unmap for non-paged SKB data

net: stmmac: TSO: Fix unbalanced DMA map/unmap for non-paged SKB data

wifi: iwlwifi: mvm: fix 6 GHz scan construction

sctp: properly validate chunk size in sctp_sf_ootb()

net: hns3: fix kernel crash when uninstalling driver

The ndev->dev.parent mappings cannot be changed to ndev->dev.parent and driver is broken already

media: dvbdev: prevent the risk of out of memory access

io_uring/rw: fix missing NOWAIT check for O_DIRECT start write

io_uring/rw: fix missing NOWAIT check for O_DIRECT start write

nfs: Fix KMSAN warning in decode_getfattr_attrs()

fs: Fix uninitialized value issue in from_kuid and from_kgid

mptcp: handle consistently DSS corruption

clk: Add a devm variant of clk_rate_exclusive_get()

clk: Provide !COMMON_CLK dummy for devm_clk_rate_exclusive_get()

i2c: lpi2c: Avoid calling clk_get_rate during transfer

i2c: lpi2c: Avoid calling clk_get_rate during transfer (adaptation)

i40e: fix race condition by adding filter's intermediate sync state

i40e: fix race condition by adding filter's intermediate sync state

cifs: Fix buffer overflow when parsing NFS reparse points

driver core: bus: Fix double free in driver API bus_register()

spi: mpc52xx: Add cancel_work_sync before module remove

crypto: hisilicon/qm - inject error before stopping queue

nfsd: cancel nfsd_shrinker_work using sync mode in nfs4_state_shutdown_net

media: xc2028: avoid use-after-free in load_firmware_cb()

fs/ntfs3: Additional check in ntfs_file_release

nilfs2: fix potential out-of-bounds memory access in nilfs_find_entry()

bpf: fix OOB devmap writes when deleting elements

xsk: fix OOB map writes when deleting elements

af_packet: avoid erroring out after sock_init_data() in packet_create()

Bluetooth: L2CAP: do not leave dangling sk pointer on error in l2cap_sock_create()

net: af_can: do not leave a dangling sk pointer in can_create()

net: ieee802154: do not leave a dangling sk pointer in ieee802154_create()

net: inet: do not leave a dangling sk pointer in inet_create()

ksmbd: fix Out-of-Bounds Write in ksmbd_vfs_stream_write

btrfs: flush delalloc workers queue before stopping cleaner kthread during unmount

ila: serialize calls to nf_register_net_hooks()

pktgen: Avoid out-of-bounds access in get_imix_entries

vfio/platform: check the bounds of read/write syscalls

net: sched: fix ets qdisc OOB Indexing

ALSA: usb-audio: Fix out of bounds reads when finding clock sources

ocfs2: fix uninitialized value in ocfs2_file_read_iter()

netfilter: x_tables: fix LED ID check in led_tg_check()

arm64/sve: Discard stale CPU state when handling SVE traps

acpi: nfit: vmalloc-out-of-bounds Read in acpi_nfit_ctl

ksmbd: fix Out-of-Bounds Read in ksmbd_vfs_stream_read

ksmbd: fix a missing return value check bug

iio: pressure: zpa2326: fix information leak in triggered buffer

iio: dummy: iio_simply_dummy_buffer: fix information leak in triggered buffer

iio: light: vcnl4035: fix information leak in triggered buffer

iio: imu: kmx61: fix information leak in triggered buffer

iio: adc: ti-ads8688: fix information leak in triggered buffer

gpiolib: cdev: Fix use after free in lineinfo_changed_notify

iio: adc: rockchip_saradc: fix information leak in triggered buffer

KVM: VMX: Bury Intel PT virtualization (guest/host mode) behind CONFIG_BROKEN

KVM: VMX: Bury Intel PT virtualization (guest/host mode) behind CONFIG_BROKEN

Out of scope: SuperH arch not supported.

arm64: ptrace: fix partial SETREGSET for NT_ARM_TAGGED_ADDR_CTRL

i3c: mipi-i3c-hci: Mask ring interrupts before ring stop request

i3c: Use i3cdev->desc->info instead of calling i3c_device_get_info() to avoid deadlock

drm/amd/display: Check BIOS images before it is used

exfat: fix potential deadlock on __exfat_get_dentry_set

RDMA/rtrs: Ensure 'ib_sge list' is accessible

jfs: Fix shift-out-of-bounds in dbDiscardAG

soc: qcom: geni-se: fix array underflow in geni_se_clk_tbl_get()

bpf: Fix bpf_sk_select_reuseport() memory leak

gtp: Destroy device along with udp socket's netns dismantle.

drm/v3d: Ensure job pointer is set to NULL after job completion

drm/v3d: Assign job pointer to NULL before signaling the fence

fs/proc: fix softlockup in __read_vmcore (part 2)

vsock/virtio: discard packets if the transport changes

gfs2: Truncate address space when flipping GFS2_DIF_JDATA flag

scsi: storvsc: Ratelimit warning logs to prevent VM denial of service

USB: serial: quatech2: fix null-ptr-deref in qt2_process_read_urb()

Bluetooth: L2CAP: Fix uaf in l2cap_connect

Bluetooth: hci_core: Fix calling mgmt_device_connected

hrtimers: Handle CPU state correctly on hotplug

hrtimers: Handle CPU state correctly on hotplug

EDAC/bluefield: Fix potential integer overflow

firmware: arm_scpi: Check the DVFS OPP count returned by the firmware

vfio/pci: Properly hide first-in-list PCIe extended capability

xen: Fix the issue of resource not being properly released in xenbus_dev_probe()

ALSA: usb-audio: Fix potential out-of-bound accesses for Extigy and Mbox devices

ALSA: usb-audio: Fix a DMA to stack memory bug

Out of scope: User-mode Linux isn't supported

Out of scope: User-mode Linux isn't supported for current kernel

Out of scope: User-mode Linux isn't supported for current kernel

ALSA: pcm: Add sanity NULL check for the default mmap fault handler

ubi: fastmap: Fix duplicate slab cache names while attaching

EDAC/igen6: Avoid segmentation fault on module unload

powerpc: arch is not supported

9p/xen: fix release of IRQ

tipc: Fix use-after-free of kernel socket in cleanup_bearer().

net/smc: fix LGR and link use-after-free issue

jffs2: Prevent rtime decompress memory corruption

btrfs: fix use-after-free when COWing tree bock and tracing is enabled

ocfs2: fix slab-use-after-free due to dangling pointer dqi_priv

scsi: sg: Fix slab-use-after-free read in sg_release()

ksmbd: fix user-after-free from session log off

ksmbd: fix user-after-free from session log off

ksmbd: fix racy issue from session lookup and expire

btrfs: don't BUG_ON on ENOMEM from btrfs_lookup_extent_info() in walk_down_proc()

dma-debug: fix a possible deadlock on radix_lock

net/smc: check smcd_v2_ext_offset when receiving proposal msg

ipv6: avoid possible NULL deref in rt6_uncached_list_flush_dev()

bcache: revert replacing IS_ERR_OR_NULL with IS_ERR again

net/smc: check iparea_offset and ipv6_prefixes_cnt when receiving proposal msg

net: dsa: improve shutdown sequence

ipv4: ip_tunnel: Fix suspicious RCU usage warning in ip_tunnel_find()

netfilter: conntrack: clamp maximum hashtable size to INT_MAX

afs: Fix the maximum cell name length

dm thin: make get_first_thin use rcu-safe list first function

sctp: sysctl: cookie_hmac_alg: avoid using current->nsproxy

sctp: sysctl: rto_min/max: avoid using current->nsproxy

sctp: sysctl: auth_enable: avoid using current->nsproxy

sctp: sysctl: udp_port: avoid using current->nsproxy

vsock: prevent null-ptr-deref in vsock_*[has_data|has_space]

filemap: avoid truncating 64-bit offset to 32 bits

net_sched: cls_flow: validate TCA_FLOW_RSHIFT attribute

net_sched: cls_flow: validate TCA_FLOW_RSHIFT attribute (adaptation)

drm/amdkfd: Correct the migration DMA map direction

mm: vmscan: account for free pages to prevent infinite Loop in throttle_direct_reclaim()

usb: gadget: f_fs: Remove WARN_ON in functionfs_bind

Out of scope: ARM architecture isn't supported for current kernel

mptcp: fix TCP options overflow.

brd: remove brd_devices_mutex mutex

brd: defer automatic disk creation until module initialization succeeds

drm/amd/display: Correct the defined value for AMDGPU_DMUB_NOTIFICATION_MAX

drm/amd/display: Correct the defined value for AMDGPU_DMUB_NOTIFICATION_MAX

hfsplus: don't query the device logical block size multiple times

hfsplus: don't query the device logical block size multiple times

igb: Fix potential invalid memory access in igb_init_module()

ocfs2: uncache inode which has failed entering the group

mm: fix NULL pointer dereference in alloc_pages_bulk_noprof

virtio/vsock: Fix accept_queue memory leak

net/mlx5e: CT: Fix null-ptr-deref in add rule err flow

net/mlx5: fs, lock FTE when checking if active

mptcp: cope racing subflow creation in mptcp_rcv_space_adjust

net: fix data-races around sk->sk_forward_alloc

pinctrl: mcp23s08: Fix sleeping in atomic context due to regmap locking

pinctrl: mcp23s08: Fix sleeping in atomic context due to regmap locking (adaptation)

RDMA/uverbs: Prevent integer overflow issue

net: restrict SO_REUSEPORT to inet sockets

ALSA: 6fire: Release resources at card release

Bluetooth: fix use-after-free in device_for_each_child()

Bluetooth: fix use-after-free in device_for_each_child()

scsi: bfa: Fix use-after-free in bfad_im_module_exit()

btrfs: ref-verify: fix use-after-free after invalid ref action

nfsd: make sure exp active before svc_export_show

net: inet6: do not leave a dangling sk pointer in inet6_create()

jfs: array-index-out-of-bounds fix in dtReadFirst

jfs: fix array-index-out-of-bounds in jfs_readdir

jfs: add a check to prevent array-index-out-of-bounds in dbAdjTree

net/ipv6: release expired exception dst cached in socket

bpf: sync_linked_regs() must preserve subreg_def

topology: Keep the cpumask unchanged when printing cpumap

drm/amd/display: Add check for granularity in dml ceil/floor helpers

dm array: fix releasing a faulty array block twice in dm_array_cursor_end

selinux: ignore unknown extended permissions

net/sctp: Prevent autoclose integer overflow in sctp_association_init()

Out of scope: RISC V architecture isn't supported for current kernel

exfat: fix the infinite loop in exfat_readdir()

virtio-blk: don't keep queue frozen during system suspend

mac802154: check local interfaces before deleting sdata list

sctp: sysctl: plpmtud_probe_interval: avoid using current->nsproxy

drm/rockchip: vop: Fix a dereferenced before check warning

nilfs2: fix null-ptr-deref in block_touch_buffer tracepoint

nilfs2: fix null-ptr-deref in block_dirty_buffer tracepoint

svcrdma: Address an integer overflow

comedi: Flush partial mappings in error case

NFSD: Prevent a potential integer overflow

Out of scope: User-mode Linux isn't supported

net/mlx5e: kTLS, Fix incorrect page refcounting

[PATCH] netlink: terminate outstanding dump on socket close

net: defer final 'struct net' free in netns dismantle

net: defer final 'struct net' free in netns dismantle

smb: client: fix potential UAF in smb2_is_valid_lease_break()

smb: client: fix potential UAF in cifs_debug_files_proc_show()

drm/dp_mst: Skip CSN if topology probing is not done yet

drm/dp_mst: Ensure mst_primary pointer is valid in drm_dp_mst_handle_up_req()

net: avoid race between device unregistration and ethnl ops

watch_queue: Use the bitmap API when applicable

ntfs3: Add bounds checking to mi_enum_attr()

fs/ntfs3: Sequential field availability check in mi_enum_attr()

iscsi_ibft: Fix UBSAN shift-out-of-bounds warning in ibft_attr_show_nic()

can: hi311x: hi3110_can_ist(): fix potential use-after-free

ELF: fix kernel.randomize_va_space double read

net: sched: Disallow replacing of child qdisc from one parent to another

pfifo_tail_enqueue: Drop new packet when sch->limit == 0

netfilter: nf_reject_ipv6: fix potential crash in nf_send_reset6()

vsock: Keep the binding until socket destruction

vsock: Orphan socket after transport release

net: bridge: switchdev: Skip MDB replays of deferred events on offload

net: bridge: switchdev: Skip MDB replays of deferred events on offload (adapatation)

netfilter: allow exp not to be removed in nf_ct_find_expectation

net: atlantic: eliminate double free in error handling logic

net: rose: fix timer races against user threads

soc: qcom: socinfo: Avoid out of bounds read of serial number

orangefs: fix a oob in orangefs_debug_write

wifi: iwlwifi: limit printed string from FW file

padata: fix UAF in padata_reorder

padata: avoid UAF for reorder_work

padata: avoid UAF for reorder_work

Out of scope; patch fixes the memory controller module for Nvidia Tegra SoCs.

rtc: pcf85063: fix potential OOB write in PCF85063 NVMEM read

The DM9000 chip is available on ARM32 and MIPS architectures, which KernelCare does not support.

media: uvcvideo: Fix double free in error path

usb: gadget: f_tcm: Don't free command immediately

KVM: Explicitly verify target vCPU is online in kvm_get_vcpu()

nilfs2: do not force clear folio if buffer is referenced

PPS for embedded GPS devices. Irrelevant for servers.

nbd: don't allow reconnect after disconnect

btrfs: fix use-after-free when attempting to join an aborted transaction

NFC: nci: Add bounds checking in nci_hci_create_pipe()

Out of scope: ARM64 architecture isn't supported for current kernel

ndisc: use RCU protection in ndisc_alloc_skb()

neighbour: use RCU protection in __neigh_notify()

arp: use RCU protection in arp_xmit()

openvswitch: use RCU protection in ovs_vport_cmd_fill_info()

ndisc: extend RCU protection in ndisc_send_skb()

nfsd: clear acl_access/acl_default after releasing them

vrf: use RCU protection in l3mdev_l3_out()

vrf: use RCU protection in l3mdev_l3_out()

nilfs2: protect access to buffers with no active references

geneve: Fix use-after-free in geneve_find_dev().

ovl: fix UAF in ovl_dentry_update_reval by moving dput() in ovl_link_up

rapidio: fix an API misues when rio_add_net() fails

HID: intel-ish-hid: Fix use-after-free issue in ishtp_hid_remove()

Squashfs: check the inode number is not the invalid value of zero

HID: core: Fix assumption that Resolution Multipliers must be in Logical Collections

rdma/cxgb4: Prevent potential integer overflow on 32bit

usb: xhci: Fix NULL pointer dereference on certain command aborts

ocfs2: handle a symlink read error correctly

media: vidtv: Fix a null-ptr-deref in vidtv_mux_stop_thread

f2fs: fix to wait dio completion

tpm: Change to kvalloc() in eventlog/acpi.c

wifi: ath10k: avoid NULL pointer error during sdio remove

vlan: enforce underlying device type

vlan: enforce underlying device type

ftrace: Avoid potential division by zero in function_stat_show()

Out of scope: not affected

wifi: cfg80211: regulatory: improve invalid hints checking

wifi: nl80211: reject cooked mode if it is set along with other flags

caif_virtio: fix wrong pointer check in cfv_probe()

llc: do not use skb_get() before dev_queue_xmit()

ppp: Fix KMSAN uninit-value warning with bpf

usb: renesas_usbhs: Flush the notify_hotplug_work

usb: atm: cxacru: fix a flaw in existing endpoint checks

slimbus: messaging: Free transaction ID in delayed interrupt scenario

[PATCH] media: uvcvideo: Only save async fh if success

[PATCH] media: uvcvideo: Remove dangling pointers

[PATCH] media: uvcvideo: Remove dangling pointers

memcg: fix soft lockup in the OOM process

memcg: always call cond_resched() after fn()

memcg: fix soft lockup in the OOM process (adaptation)

USB: gadget: f_midi: f_midi_complete to call queue_work

Out of scope: PowerPC architecture isn't supported for current kernel

gtp: Suppress list corruption splat in gtp_net_exit_batch_rtnl().

tee: optee: Fix supplicant wait loop

drop_monitor: fix incorrect initialization order

nfp: bpf: Add check for nfp_app_ctrl_msg_alloc()

i2c: npcm: disable interrupt enable bit before devm_request_irq

usbnet: gl620a: fix endpoint checking in genelink_bind()

mptcp: always handle address removal under msk socket lock

acct: perform last write from workqueue

acct: perform last write from workqueue

drm/amdgpu: Fix potential NULL pointer dereference in atomctrl_get_smc_sclk_range_table

ipmi: ipmb: Add check devm_kasprintf() returned value

wifi: rtlwifi: fix memory leaks and invalid access at probe error path

team: prevent adding a device which is already a team device lower

ubifs: skip dumping tnc tree when zroot is null

Out of scope: boot time issue

safesetid: check size of policy writes

wifi: brcmsmac: add gain range check to wlc_phy_iqcal_gainparams_nphy()

Out of scope: not affected

HID: multitouch: Add NULL check in mt_input_configured

net/rose: prevent integer overflows in rose_setsockopt()

bpf: Send signals asynchronously if !preemptible

bpf: Use preempt_count() directly in bpf_send_signal_common()

ipmr: do not call mr_mfc_uses_dev() for unres entries

net: rose: lock the socket in rose_bind()

blk-cgroup: Fix class @block_class's subsystem refcount leakage

wifi: brcmfmac: fix NULL pointer dereference in brcmf_txfinalize()

nilfs2: fix possible int overflows in nilfs_fiemap()

ipv6: mcast: add RCU protection to mld_newpack()

Out of scope: not affected

nilfs2: handle errors that nilfs_prepare_chunk() may return

tomoyo: don't emit warning in tomoyo_write_control()

drm/v3d: Stop active perfmon if it is being destroyed

net: usb: rtl8150: enable basic endpoint checking

net: ethernet: ti: am65-cpsw: fix freeing IRQ in am65_cpsw_nuss_remove_tx_chns()

NFSD: fix hang in nfsd4_shutdown_callback

team: better TEAM_OPTION_TYPE_STRING validation

batman-adv: fix panic during interface removal

KVM: x86: Reject Hyper-V's SEND_IPI hypercalls if local APIC isn't in-kernel

USB: hub: Ignore non-compliant devices with too many configs or interfaces

partitions: mac: fix handling of bogus partition table

clocksource: Use migrate_disable() to avoid calling get_random_u32() in atomic context

ptp: Ensure info->enable callback is always set

ptp: Ensure info->enable callback is always set

wifi: rtlwifi: remove unused check_buddy_priv

net: let net.core.dev_weight always be non-zero

net: let net.core.dev_weight always be non-zero