gpiolib: cdev: Fix use after free in lineinfo_changed_notify

iio: light: vcnl4035: fix information leak in triggered buffer

iio: dummy: iio_simply_dummy_buffer: fix information leak in triggered buffer

bpf, sockmap: Fix race between element replace and close()

scsi: sg: Fix slab-use-after-free read in sg_release()

drm/amdgpu: fix usage slab after free

drm/amd/display: Fix out-of-bounds access in 'dcn21_link_encoder_create'

ocfs2: fix slab-use-after-free due to dangling pointer

block: fix uaf for flush rq while iterating tags

block, bfq: fix waker_bfqq UAF after bfq_split_bfqq()

pktgen: Avoid out-of-bounds access in get_imix_entries

drm: adv7511: Fix use-after-free in adv7533_attach_dsi()

zram: fix potential UAF of zram table

bpf: Fix overloading of MEM_UNINIT's meaning

net: rose: fix timer races against user threads

drm/amd/display: fix double free issue during amdgpu module unload

media: uvcvideo: Fix double free in error path

soc: qcom: socinfo: Avoid out of bounds read of serial number

NFC: nci: Add bounds checking in nci_hci_create_pipe()

vrf: use RCU protection in l3mdev_l3_out()

arm64: cacheinfo: Avoid out-of-bounds write to cacheinfo array

orangefs: fix a oob in orangefs_debug_write

drm/amdgpu: avoid buffer overflow attach in smu_sys_set_pp_table()

i3c: master: cdns: Fix use after free vulnerability in cdns_i3c_master Driver Due to Race Condition

The commit to patch isn't present

rapidio: fix an API misues when rio_add_net() fails

vsock: Keep the binding until socket destruction

net: atm: fix use after free in lec_send()

wifi: cfg80211: cancel wiphy_work before freeing wiphy

x86/microcode/AMD: Fix out-of-bounds on systems with CPU-less NUMA nodes

bpf, test_run: Fix use-after-free issue in eth_skb_pkt_type()

ibmvnic: Don't reference skb after sending to VIOS

proc: fix UAF in proc_get_inode()

proc: fix UAF in proc_get_inode()

geneve: Fix use-after-free in geneve_find_dev().

geneve: Suppress list corruption splat in geneve_destroy_tunnels().

ovl: fix UAF in ovl_dentry_update_reval by moving dput() in ovl_link_up

ksmbd: fix use-after-free in smb2_lock

HID: intel-ish-hid: Fix use-after-free issue in ishtp_hid_remove()

vlan: enforce underlying device type

sched/fair: Fix potential memory corruption in child_cfs_rq_on_list

fs/ntfs3: Add rough attr alloc_size check

iscsi_ibft: Fix UBSAN shift-out-of-bounds warning in ibft_attr_show_nic()

Squashfs: check the inode number is not the invalid value of zero

block, bfq: fix bfqq uaf in bfq_limit_depth()

media: uvcvideo: Remove dangling pointers

media: uvcvideo: Remove dangling pointers

media: uvcvideo: Remove dangling pointers

of: module: add buffer overflow check in of_modalias()

net/sched: act_mirred: don't override retval if we already lost the skb

openvswitch: Fix unsafe attribute parsing in output_userspace()

netfilter: ipset: fix region locking in hash types

module: ensure that kobject_put() is safe for module type kobjects

usb: typec: ucsi: displayport: Fix NULL pointer access

ksmbd: fix use-after-free in ksmbd_sessions_deregister()

tracing: Fix use-after-free in print_graph_function_flags during tracer switching

RDMA/erdma: Prevent use-after-free in erdma_accept_newconn()

Out of scope as the patch is for powerpc arch only, x86_64 is not affected

bpf: Prevent tail call between progs attached to different hooks

bpf: Prevent tail call between progs attached to different hooks

HSI: ssi_protocol: Fix use after free vulnerability in ssi_protocol Driver Due to Race Condition

codel: remove sch->q.qlen check before qdisc_tree_reduce_backlog()

tracing: Fix oob write in trace_seq_to_buffer()

dm-bufio: don't schedule in atomic context

wifi: plfxlc: Remove erroneous assert in plfxlc_mac_release

net: ethernet: mtk-star-emac: fix spinlock recursion issues on rx/tx poll

net_sched: drr: Fix double list add in class with netem as child qdisc

iio: imu: st_lsm6dsx: fix possible lockup in st_lsm6dsx_read_fifo

Out of scope: not affected

iio: imu: st_lsm6dsx: fix possible lockup in st_lsm6dsx_read_tagged_fifo

perf/x86/intel: KVM: Mask PEBS_ENABLE loaded for guest with vCPU's value.

vxlan: vnifilter: Fix unlocked deletion of default FDB entry

bnxt_en: Fix out-of-bound memcpy() during ethtool -w

sch_htb: make htb_qlen_notify() idempotent

sch_qfq: make qfq_qlen_notify() idempotent

sch_drr: make drr_qlen_notify() idempotent

sch_hfsc: make hfsc_qlen_notify() idempotent

sch_ets: make est_qlen_notify() idempotent

drm/v3d: Add job to pending list if the reset was skipped

ipv4: Drop tos parameter from flowi4_update_output() (dependency)

ipvs: fix uninit-value for saddr in do_output_route4

wifi: brcm80211: fmac: Add error handling for brcmf_usb_dl_writeimage()

net_sched: ets: Fix double list add in class with netem as child qdisc

net_sched: qfq: Fix double list add in class with netem as child qdisc

ice: Check VF VSI Pointer Value in ice_vc_add_fdir_fltr()

dm: fix copying after src array boundaries

sch_htb: make htb_deactivate() idempotent

bpf: Scrub packet on bpf_redirect_peer

Postponed: complex analysis and adaptation required

usb: typec: fix potential array underflow in ucsi_ccg_sync_control()

usb: typec: ucsi: displayport: Fix deadlock

firmware: arm_ffa: Set dma_mask for ffa devices

firmware: arm_ffa: Set dma_mask for ffa devices

platform/x86: dell-wmi-sysman: Avoid buffer overflow in current_password_store()

virtio_ring: Fix data race by tagging event_triggered as racy for KCSAN

dm: fix unconditional IO throttle caused by REQ_PREFLUSH

crypto: algif_hash - fix double free in hash_accept

btrfs: check folio mapping after unlock in relocate_one_folio()

net: pktgen: fix access outside of user given buffer in pktgen_thread_write()

dm cache: prevent BUG_ON by blocking retries on failed device resumes

smb: client: Fix use-after-free in cifs_fill_dirent

Affects only 32bit systems

ALSA: pcm: Fix race of buffer access at PCM OSS layer

nvmet-tcp: don't restore null sk_state_change

media: cx231xx: set device_caps for 417

__legitimize_mnt(): check for MNT_SYNC_UMOUNT should be under mount_lock

libnvdimm/labels: Fix divide error in nd_label_data_init()

scsi: target: iscsi: Fix timeout on deleted connection

vxlan: Annotate FDB data races

thunderbolt: Do not double dequeue a configuration request

crypto: sun8i-ce-cipher - fix error handling in sun8i_ce_cipher_prepare()

crypto: marvell/cesa - Handle zero-length skcipher requests

EDAC/skx_common: Fix general protection fault

drm/amd/pp: Fix potential NULL pointer dereference in atomctrl_initialize_mc_reg_table

arm64/fpsimd: Discard stale CPU state when handling SME traps

wifi: ath11k: fix node corruption in ar->arvifs list

bpf, sockmap: Fix panic when calling skb_linearize

clk: bcm: rpi: Add NULL check in raspberrypi_clk_register()

bpf: Fix WARN() in get_bpf_raw_tp_regs

wifi: rtw88: fix the 'para' buffer size to avoid reading out of bounds

wifi: ath9k_htc: Abort software beacon handling if disabled

bpf, sockmap: Avoid using sk_socket after free when sending

bpf: Avoid __bpf_prog_ret0_warn when jit fails

calipso: Don't call calipso functions for AF_INET sk.

calipso: unlock rcu before returning -EAFNOSUPPORT

net: openvswitch: Fix the dead loop of MPLS parse

Squashfs: check return result of sb_min_blocksize

bus: fsl-mc: fix double-free on mc_dev

fbdev: core: fbcvt: avoid division by 0 in fb_cvt_hperiod()

dmaengine: ti: Add NULL check in udma_probe()

net: stmmac: make sure that ptp_rate is not 0 before configuring timestamping

net: fix udp gso skb_segment after pull from frag_list

do_change_type(): refuse to operate on unmounted/not ours mounts

scsi: core: ufs: Fix a hang in the error handler

net_sched: sch_sfq: fix a potential crash on gso_skb handling

ACPI: CPPC: Fix NULL pointer dereference when nosmp is used

net: Fix TOCTOU issue in sk_is_readable()

net/mdiobus: Fix potential out-of-bounds read/write access

Bluetooth: Fix NULL pointer deference on eir_get_service_data

net_sched: prio: fix a race in prio_tune()

net_sched: red: fix a race in __red_change()

net_sched: ets: fix a race in ets_qdisc_change()

posix-cpu-timers: fix race between handle_posix_cpu_timers() and posix_cpu_timer_del()

x86/iopl: Cure TIF_IO_BITMAP inconsistencies

nfsd: nfsd4_spo_must_allow() must check this is a v4 compound request

nfsd: Initialize ssc before laundromat_work to prevent NULL dereference

jbd2: fix data-race and null-ptr-deref in jbd2_journal_dirty_metadata()

media: cxusb: no longer judge rbuf when the write fails

ata: pata_via: Force PIO for ATAPI devices on VT6415/VT6330

fbdev: Fix fb_set_var to prevent null-ptr-deref in fb_videomode_to_var

ipc: fix to protect IPCS lookups using RCU

net: lan743x: Modify the EEPROM and OTP size for PCI1xxxx devices

i2c: tegra: check msg length in SMBUS block read

x86/sgx: Prevent attempts to reclaim poisoned pages

software node: Correct a OOB check in software_node_get_reference_args()

scsi: lpfc: Use memcpy() for BIOS version

i40e: fix MMIO write access to an invalid page in i40e_clear_hw

platform/x86: dell_rbu: Fix list usage

drivers/rapidio/rio_cm.c: prevent possible heap overwrite

jffs2: check that raw node were preallocated before writing summary

jffs2: check jffs2_prealloc_raw_node_refs() result in few other places

net_sched: sch_sfq: reject invalid perturb period

atm: Revert atm_account_tx() if copy_from_iter_full() fails.

Complex adaptation required

mm/hugetlb: unshare page tables during VMA split, not before

mm/hugetlb: fix huge_pmd_unshare() vs GUP-fast race

mm/huge_memory: fix dereferencing invalid pmd migration entry

wifi: carl9170: do not ping device which has failed to load firmware

mpls: Use rcu_dereference_rtnl() in mpls_route_input_rcu().

tipc: fix null-ptr-deref when acquiring remote ip of ethernet bearer

net: lan743x: fix potential out-of-bounds write in lan743x_ptp_io_event_clock_get()

net: lan743x: fix potential out-of-bounds write in lan743x_ptp_io_event_clock_get()

calipso: Fix null-ptr-deref in calipso_req_{set,del}attr().

net: atm: add lec_mutex

net: atm: fix /proc/net/atm/lec handling

perf: Fix sample vs do_exit()

arm64/ptrace: Fix stack-out-of-bounds read in regs_get_kernel_stack_nth()

jfs: add sanity check for agwidth in dbMount

jfs: validate AG parameters in dbMount() to prevent crashes

fbdev: Fix do_register_framebuffer to prevent null-ptr-deref in fb_videomode_to_var

Drivers: hv: vmbus: Leak pages if set_memory_encrypted() fails

Complex adaptation required. Livepatching of this vulnerability can harm the network subsystem..

atm: clip: prevent NULL deref in clip_push()

drm/tegra: Fix a possible null pointer dereference

vsock/vmci: Clear the vmci transport packet properly when initializing it

RDMA/mlx5: Initialize obj_event->obj_sub_list before xa_insert

platform/x86: dell-wmi-sysman: Fix WMI data block retrieval in sysfs callbacks

net/sched: Always pass notifications when child class becomes empty

scsi: target: Fix NULL pointer dereference in core_scsi3_decode_spec_i_port()

ACPICA: Refuse to evaluate a method if arguments are missing

virtio-net: ensure the received length does not exceed allocated size

net: usb: lan78xx: fix WARN in __netif_napi_del_locked on disconnect

i2c/designware: Fix an initialization issue

perf: Revert to requiring CAP_SYS_ADMIN for uprobes

tipc: Fix use-after-free in tipc_conn_close().

vsock: Fix transport_{g2h,h2g} TOCTOU

vsock: Fix transport_* TOCTOU

atm: clip: Fix potential null-ptr-deref in to_atmarpd().

atm: clip: Fix infinite recursive call of clip_push().

atm: clip: Fix NULL pointer dereference in vcc_sendmsg()

atm: clip: Fix NULL pointer dereference in vcc_sendmsg() kpatch

net/sched: Abort __tc_modify_qdisc if parent class does not exist

KVM: SVM: Reject SEV{-ES} intra host migration if vCPU creation is in-flight

wifi: prevent A-MSDU attacks in mesh networks

md/raid1: Fix stack memory use after return in raid1_reshape

nbd: fix uaf in nbd_genl_connect() error path

bnxt_en: Set DMA unmap len correctly for XDP_REDIRECT

vhost-scsi: protect vq->log_used with vq->mutex

usb: gadget: configfs: Fix OOB read on empty string write

HID: core: ensure the allocated report buffer can contain the reserved report ID

HID: core: do not bypass hid_hw_raw_request

net/sched: sch_qfq: Fix race condition on qfq_aggregate

net/sched: sch_qfq: Avoid triggering might_sleep in atomic context in qfq_delete_class

usb: net: sierra: check for no status endpoint

Bluetooth: Fix null-ptr-deref in l2cap_sock_resume_cb()

tls: always refresh the queue when reading sock

net/sched: Return NULL when htb_lookup_leaf encounters an empty rbtree

clone_private_mnt(): make sure that caller has CAP_SYS_ADMIN in the right userns

net: ch9200: fix uninitialised access during mii_nway_restart

PEEMPT_RT config isn't enabled

regulator: core: fix NULL dereference on unbind due to stale coupling data

xfrm: interface: fix use-after-free after changing collect_md xfrm interface

xfrm: interface: fix use-after-free after changing collect_md xfrm interface

ice: Fix a null pointer dereference in ice_copy_and_init_pkg()

hfsplus: remove mutex_lock check in hfsplus_free_extents

PM / devfreq: Check governor before using governor->name

wifi: rtl818x: Kill URBs before clearing tx status queue

iwlwifi: Add missing check for alloc_ordered_workqueue

NFS: Fix filehandle bounds checking in nfs_fh_to_dentry()

ipv6: reject malicious packets in ipv6_gso_segment()

can: netlink: can_changelink(): fix NULL pointer deref of struct can_priv::do_set_mode

vmci: Prevent the dispatching of uninitialized payloads

Out of scope: powerpc: PowerNV PCI Hotplug: not supported

Out of scope: powerpc: PowerNV PCI Hotplug: not supported

Out of scope: PowerPC architecture isn't supported for current kernel

ksmbd: fix null pointer dereference error in generate_encryptionkey

ksmbd: fix Preauh_HashValue race condition

ALSA: usb-audio: Validate UAC3 power domain descriptors, too

ALSA: usb-audio: Validate UAC3 power domain descriptors, too

hfsplus: fix slab-out-of-bounds read in hfsplus_uni2asc()

ASoC: core: Check for rtd == NULL in snd_soc_remove_pcm_runtime()

ALSA: hda/ca0132: Fix buffer overflow in add_tuning_control

fbdev: fix potential buffer overflow in do_register_framebuffer()

ext4: do not BUG when INLINE_DATA_FL lacks system.data xattr

scsi: libiscsi: Initialize iscsi_conn->dd_data only if memory is allocated

scsi: bfa: Double-free fix

jfs: Regular file corruption check

jfs: upper bound check of tree index in dbAllocAG

RDMA: hfi1: fix possible divide-by-zero in find_hw_thread_mask()

scsi: lpfc: Check for hdwq null ptr when cleaning up lpfc_vport structure

pNFS: Fix uninited ptr deref in block/scsi layout

fbdev: Fix vmalloc out-of-bounds write in fast_imageblit

PCI: endpoint: Fix configfs group list head handling

media: rainshadow-cec: fix TOCTOU race condition in rain_interrupt()

net, hsr: reject HSR frame if skb can't hold tag

mm/ptdump: take the memory hotplug lock inside ptdump_walk_pgd()

fs/buffer: fix use-after-free when call bh_read() helper

net: gso: Forbid IPv6 TSO with extensions on devices with only IPV6_CSUM

gve: prevent ethtool ops after shutdown

efivarfs: Fix slab-out-of-bounds in efivarfs_d_compare

HID: asus: fix UAF via HID_CLAIMED_INPUT validation

iio: light: opt3001: fix deadlock due to concurrent flag access

media: uvcvideo: Fix 1-byte out-of-bounds read in uvc_parse_format()

jfs: truncate good inode pages when hard link is 0

tee: fix NULL pointer dereference in tee_shm_put

fs: writeback: fix use-after-free in __mark_inode_dirty()

Out of scope: boot time issue

Out of scope: boot time issue

wifi: ath11k: clear initialized flag for deinit-ed srng lists

net/mlx5: Check device memory pointer before usage

net/sched: Restrict conditions for adding duplicating netems to qdisc tree

wifi: mac80211: reject TDLS operations when station is not associated

crypto: ccp - Fix crash when rebind ccp device for ccp.ko

pptp: ensure minimal skb length in pptp_xmit()

pptp: ensure minimal skb length in pptp_xmit()

net/packet: fix a race in packet_set_ring() and packet_notifier()