cve/review/done/v6.14.2-lee - pub/scm/linux/security/vulns - Git at Google

 a121798ae669 x86/resctrl: Fix allocation of cleanest CLOSID on platforms with no monitors
 2d117e67f318 RISC-V: KVM: Teardown riscv specific bits after kvm_exit [auto: cve already created]
 de74ec718e07 ASoC: simple-card-utils: Don't use __free(device_node) at graph_util_parse_dai()
 3424c8f53bc6 ALSA: timer: Don't take register_mutex with copy_from/to_user() [auto: cve already created]
 933ab187e679 wifi: ath11k: update channel list in reg notifier instead reg worker [auto: cve already created]
 eb85c2410d6f f2fs: quota: fix to avoid warning in dquot_writeback_dquots() [auto: cve already created]
 8e2bad543eca dlm: prevent NPD when writing a positive value to event_done [auto: cve already created]
 16c6c35c03ea wifi: ath11k: fix RCU stall while reaping monitor destination ring [auto: cve already created]
 63b7af49496d wifi: ath11k: add srng->lock for ath11k_hal_srng_* in monitor mode [auto: cve already created]
 48ea8b200414 f2fs: fix to avoid panic once fallocation fails for pinfile [auto: cve already created]
 8c3f9a70d2d4 jfs: reject on-disk inodes of an unsupported type
 0176e69743ec jfs: add check read-only before txBeginAnon() call [auto: cve already created]
 b5799dd77054 jfs: add check read-only before truncation in jfs_truncate_nolock() [auto: cve already created]
 68410c5bd381 wifi: ath11k: Clear affinity hint before calling ath11k_pcic_free_irq() in error path [auto: cve already created]
 b43b1e2c52db wifi: ath12k: Clear affinity hint before calling ath12k_pci_free_irq() in error path [auto: cve already created]
 3147ee567dd9 f2fs: fix potential deadloop in prepare_compress_overwrite() [auto: cve already created]
 8542870237c3 md: fix mddev uaf while iterating all_mddevs list [auto: cve already created]
 e879a0d9cb08 md/raid1,raid10: don't ignore IO flags [auto: cve already created]
 6130825f34d4 md/md-bitmap: fix wrong bitmap_limit for clustermd when write sb [auto: cve already created]
 3db440443539 md/raid10: wait barrier before returning discard request with REQ_NOWAIT
 986c50f6bca1 f2fs: fix to avoid accessing uninitialized curseg [auto: cve already created]
 26064d3e2b4d block: fix adding folio to bio [auto: cve already created]
 5701875f9609 ext4: fix out-of-bound read in ext4_xattr_inode_dec_ref_all() [auto: cve already created]
 7e91ae31e2d2 ext4: goto right label 'out_mmap_sem' in ext4_setattr() [auto: cve already created]
 fc88dee89d7b wifi: cfg80211: init wiphy_work before allocating rfkill fails [auto: cve already created]
 e2f7d3f7331b ice: validate queue quanta parameters to prevent OOB access [auto: cve already created]
 1388dd564183 ice: fix using untrusted value of pkt_len in ice_vc_fdir_parse_raw() [auto: cve already created]
 680811c67906 idpf: check error for register_netdev() on init [auto: cve already created]
 2d8e5168d48a btrfs: fix block group refcount race in btrfs_create_pending_block_groups() [auto: cve already created]
 9db9c7dd5b4e btrfs: don't clobber ret in btrfs_validate_super() [auto: cve already created]
 ce2f26e73783 ext4: avoid journaling sb update on error if journal is destroying [auto: cve already created]
 919f9f497dbc eth: bnxt: fix out-of-range access of vnic_info array [auto: cve already created]
 ed3ba9b6e280 net: Remove RTNL dance for SIOCBRADDIF and SIOCBRDELIF. [auto: cve already created]
 778b09d91baa netfilter: nfnetlink_queue: Initialize ctx to avoid memory allocation error [auto: cve already created]
 2f6efbabceb6 ax25: Remove broken autobind [auto: cve already created]
 107b25db6112 bnxt_en: Mask the bd_cnt field in the TX BD properly [auto: cve already created]
 5f2b28b79d2d net: dsa: sja1105: fix kasan out-of-bounds warning in sja1105_table_delete_entry() [auto: cve already created]
 0dd765fae295 vmxnet3: unregister xdp rxq info in the reset path [auto: cve already created]
 094ee6017ea0 bonding: check xdp prog when set bond mode [auto: cve already created]
 d93a6caab5d7 ibmvnic: Use kernel helpers for hex dumps [auto: cve already created]
 0032c99e83b9 net: fix NULL pointer dereference in l3mdev_l3_rcv [auto: cve already created]
 1f77c05408c9 Bluetooth: btnxpuart: Fix kernel panic during FW release [auto: cve already created]
 c7d82913d5f9 net: libwx: fix Tx L4 checksum [auto: cve already created]
 47a60391ae0e rwonce: fix crash by removing READ_ONCE() for unaligned read
 0590c94c3596 drm/panthor: Fix race condition when gathering fdinfo group samples [auto: cve already created]
 d0660f9c588a drm: xlnx: zynqmp_dpsub: Add NULL check in zynqmp_audio_init [auto: cve already created]
 f887685ee0eb drm: zynqmp_dp: Fix a deadlock in zynqmp_dp_ignore_hpd_set() [auto: cve already created]
 ed15511a773d drm/vkms: Fix use after free and double free on init error [auto: cve already created]
 dc0297f3198b drm/amdgpu: Replace Mutex with Spinlock for RLCG register access to avoid Priority Inversion in SRIOV
 cbf937dcadfd PCI/ASPM: Fix link state exit during switch upstream function removal [auto: cve already created]
 0b305b7cadce drm/msm/gem: Fix error code msm_parse_deps() [auto: cve already created]
 3651ad5249c5 PCI: brcmstb: Fix error path after a call to regulator_bulk_get() [auto: cve already created]
 ff99d5b6a246 powerpc/perf: Fix ref-counting on the PMU 'vpa_pmu' [auto: cve already created]
 106a6de46cf4 drm/mediatek: dp: drm_err => dev_err in HPD path to avoid NULL ptr
 42d9d7bed270 drm/amd/display: avoid NPD when ASIC does not support DMUB [auto: cve already created]
 04d50d953ab4 PCI: Fix NULL dereference in SR-IOV VF creation error path [auto: cve already created]
 2df2c0caaecf fbdev: au1100fb: Move a variable assignment behind a null pointer check
 f0c2427412b4 RDMA/mlx5: Fix page_size variable overflow [auto: cve already created]
 efdde3d73ab2 remoteproc: core: Clear table_sz when rproc_shutdown
 dc84bc2aba85 x86/mm/pat: Fix VM_PAT handling when fork() fails in copy_page_range() [auto: cve already created]
 d19d7345a7bc clk: samsung: Fix UBSAN panic in samsung_clk_init()
 a1ecb30f9085 RDMA/core: Don't expose hw_counters outside of init net namespace [auto: cve already created]
 83437689249e RDMA/erdma: Prevent use-after-free in erdma_accept_newconn() [auto: cve already created]
 6ebc5030e0c5 bpf: Fix array bounds error with may_goto [auto: cve already created]
 5ed3b0cb3f82 RDMA/mlx5: Fix mlx5_poll_one() cur_qp update flow [auto: cve already created]
 1d6a9e7449e2 RDMA/core: Fix use-after-free when rename device name [auto: cve already created]
 0dd6770a72f1 w1: fix NULL pointer dereference in probe [auto: cve already created]
 c1baf6528bcf staging: gpib: Fix cb7210 pcmcia Oops
 5dd639a1646e vhost-scsi: Fix handling of multiple calls to vhost_scsi_set_endpoint [auto: cve already created]
 035b4989211d iio: backend: make sure to NULL terminate stack buffer [auto: cve already created]
 5ad414f4df22 fs/ntfs3: Fix a couple integer overflows on 32bit systems [auto: cve already created]
 6bb81b94f7a9 fs/ntfs3: Prevent integer overflow in hdr_first_de() [auto: cve already created]
 fa70c4c3c580 dmaengine: fsl-edma: free irq correctly in remove path
 ee735aa33db1 iio: light: Add check for array bounds in veml6075_read_int_time_ms
 a406aff8c051 ocfs2: validate l_tree_depth to avoid out-of-bounds access [auto: cve already created]
 3db89bc6d973 staging: vchiq_arm: Fix possible NPR of keep-alive thread [auto: cve already created]
 76e51db43fe4 objtool, spi: amd: Fix out-of-bounds stack access in amd_set_spi_freq()
 107a23185d99 objtool, nvmet: Fix out-of-bounds stack access in nvmet_ctrl_state_show()
 e63d465f5901 objtool, media: dib8000: Prevent divide-by-zero in dib8000_set_dds()
 4e7f1644f2ac smb: client: Fix netns refcount imbalance causing leaks and use-after-free [auto: cve already created]
 47e35366bc6f exfat: fix missing shutdown check [auto: cve already created]
 23f00807619d rtnetlink: Allocate vfinfo size for VF GUIDs when supported [auto: cve already created]
 ddb7ea36ba71 ksmbd: fix r_count dec/increment mismatch [auto: cve already created]
 46caeae23035 ksmbd: use aead_request_free to match aead_request_alloc
 d1ca8698ca13 spufs: fix a leak on spufs_new_file() failure [auto: cve already created]
 c134deabf478 spufs: fix gang directory lifetimes [auto: cve already created]
 0f5cce3fc55b spufs: fix a leak in spufs_create_context() [auto: cve already created]
 3f61ac7c65bd fs/9p: fix NULL pointer dereference on mkdir [auto: cve already created]
 de203da734fa ntb_hw_switchtec: Fix shift-out-of-bounds in switchtec_ntb_mw_set_trans [auto: cve already created]
 67a5ba8f742f riscv: fgraph: Fix stack layout to match __arch_ftrace_regs argument of ftrace_return_to_handler [auto: cve already created]
 8741d0737921 ublk: make sure ubq->canceling is set when queue is frozen [auto: cve already created]
 7ba0847fa1c2 spi: cadence: Fix out-of-bounds array access in cdns_mrvl_xspi_setup_clock() [auto: cve already created]
 93d34608fd16 ASoC: imx-card: Add NULL check in imx_card_probe() [auto: cve already created]
 4c9106f4906a idpf: fix adapter NULL pointer dereference on reboot [auto: cve already created]
 688c15017d5c netfilter: nf_tables: don't unregister hook when table is dormant [auto: cve already created]
 078aabd567de netlabel: Fix NULL pointer exception caused by CALIPSO on IPv4 sockets [auto: cve already created]
 ce8fe975fd99 net_sched: skbprio: Remove overly strict queue assertions
 10206302af85 sctp: add mutual exclusion in proc_sctp_do_udp_port() [auto: cve already created]
 57b290d97c61 net: airoha: Fix qid report in airoha_tc_get_htb_get_leaf_queue() [auto: cve already created]
 96844075226b net: mvpp2: Prevent parser TCAM memory corruption [auto: cve already created]
 5a465a0da13e udp: Fix multiple wraparounds of sk->sk_rmem_alloc. [auto: cve already created]
 df207de9d9e7 udp: Fix memory accounting leak. [auto: cve already created]
 3a0a3ff6593d net: decrease cached dst counters in dst_release [auto: cve already created]
 1b755d8eb1ac netfilter: nft_tunnel: fix geneve_opt type confusion addition [auto: cve already created]
 8241ecec1cdc sfc: fix NULL dereferences in ef100_process_design_param()
 b27055a08ad4 net: fix geneve_opt length integer overflow [auto: cve already created]
 fda8c491db2a arcnet: Add NULL check in com20020pci_probe() [auto: cve already created]
 053f3ff67d7f net: ibmveth: make veth_pool_store stop hanging [auto: cve already created]
 a239c6e91b66 staging: gpib: Fix Oops after disconnect in ni_usb [auto: cve already created]
 8491e73a5223 staging: gpib: Fix Oops after disconnect in agilent usb [auto: cve already created]
 51de36000934 usbnet:fix NPE during rx_complete [auto: cve already created]
 4103cfe9dcb8 LoongArch: Increase ARCH_DMA_MINALIGN up to 16 [auto: cve already created]
 7e2586991e36 LoongArch: BPF: Fix off-by-one error in build_prologue()
 60f3caff1492 LoongArch: BPF: Don't override subprog's return value [auto: cve already created]
 31ab12df7235 x86/microcode/AMD: Fix __apply_microcode_amd()'s return value [auto: cve already created]
 1a15bb8303b6 x86/mce: use is_copy_from_user() to determine copy-from-user context
 fa6192adc32f uprobes/x86: Harden uretprobe syscall trampoline check [auto: cve already created]
 707549600c4a bcachefs: bch2_ioctl_subvolume_destroy() fixes [auto: cve already created]
 3ef938c35035 x86/mm: Fix flush_tlb_range() when used for zapping normal PMDs [auto: cve already created]
 2ff0e408db36 acpi: nfit: fix narrowing conversion in acpi_nfit_ctl [auto: cve already created]
 542027e123fc ksmbd: add bounds check for durable handle context [auto: cve already created]
 bab703ed8472 ksmbd: add bounds check for create lease context [auto: cve already created]
 15a9605f8d69 ksmbd: fix use-after-free in ksmbd_sessions_deregister() [auto: cve already created]
 fa4cdb8cbca7 ksmbd: fix session use-after-free in multichannel connection [auto: cve already created]
 beff0bc9d69b ksmbd: fix overflow in dacloffset bounds check [auto: cve already created]
 bf21e29d78cd ksmbd: validate zero num_subauth before sub_auth is accessed [auto: cve already created]
 c8b5b7c5da7d ksmbd: fix null pointer dereference in alloc_preauth_hash() [auto: cve already created]
 1bb7ff4204b6 exfat: fix random stack corruption after get_block [auto: cve already created]
 7f81f27b1093 tracing: Fix use-after-free in print_graph_function_flags during tracer switching [auto: cve already created]
 8977752c8056 mm/gup: reject FOLL_SPLIT_PMD with hugetlb VMAs [auto: cve already created]
 c28f31deeacd arm64: Don't call NULL in do_compat_alignment_fixup() [auto: cve already created]
 adc3fd2a2277 wifi: mt76: mt7921: fix kernel panic due to null pointer dereference [auto: cve already created]
 d5e206778e96 ext4: fix OOB read when checking dotdot dir
 667f053b05f0 PCI/bwctrl: Fix NULL pointer dereference on bus number exhaustion [auto: cve already created]
 fdf480da5837 jfs: fix slab-out-of-bounds read in ea_get()
 a8dfb2168906 jfs: add index corruption check to DT_GETPAGE()
 c11bcbc0a517 mm: zswap: fix crypto_free_acomp() deadlock in zswap_cpu_comp_dead() [auto: cve already created]
 af7bb0d2ca45 exec: fix the racy usage of fs_struct->in_exec [auto: cve already created]
 36cef585e2a3 media: vimc: skip .s_stream() for stopped entities [auto: cve already created]
 f656cfbc7a29 media: streamzap: fix race between device disconnection and urb callback [auto: cve already created]
 930b64ca0c51 nfsd: don't ignore the return code of svc_proc_register() [auto: cve already created]
 d1bc15b147d3 nfsd: allow SC_STATUS_FREEABLE when searching via nfs4_lookup_stateid()
 230ca758453c nfsd: put dl_stid if fail to queue dl_recall [auto: cve already created]
 d093c9089260 nfsd: fix management of listener transports [auto: cve already created]
	a121798ae669 x86/resctrl: Fix allocation of cleanest CLOSID on platforms with no monitors
	2d117e67f318 RISC-V: KVM: Teardown riscv specific bits after kvm_exit [auto: cve already created]
	de74ec718e07 ASoC: simple-card-utils: Don't use __free(device_node) at graph_util_parse_dai()
	3424c8f53bc6 ALSA: timer: Don't take register_mutex with copy_from/to_user() [auto: cve already created]
	933ab187e679 wifi: ath11k: update channel list in reg notifier instead reg worker [auto: cve already created]
	eb85c2410d6f f2fs: quota: fix to avoid warning in dquot_writeback_dquots() [auto: cve already created]
	8e2bad543eca dlm: prevent NPD when writing a positive value to event_done [auto: cve already created]
	16c6c35c03ea wifi: ath11k: fix RCU stall while reaping monitor destination ring [auto: cve already created]
	63b7af49496d wifi: ath11k: add srng->lock for ath11k_hal_srng_* in monitor mode [auto: cve already created]
	48ea8b200414 f2fs: fix to avoid panic once fallocation fails for pinfile [auto: cve already created]
	8c3f9a70d2d4 jfs: reject on-disk inodes of an unsupported type
	0176e69743ec jfs: add check read-only before txBeginAnon() call [auto: cve already created]
	b5799dd77054 jfs: add check read-only before truncation in jfs_truncate_nolock() [auto: cve already created]
	68410c5bd381 wifi: ath11k: Clear affinity hint before calling ath11k_pcic_free_irq() in error path [auto: cve already created]
	b43b1e2c52db wifi: ath12k: Clear affinity hint before calling ath12k_pci_free_irq() in error path [auto: cve already created]
	3147ee567dd9 f2fs: fix potential deadloop in prepare_compress_overwrite() [auto: cve already created]
	8542870237c3 md: fix mddev uaf while iterating all_mddevs list [auto: cve already created]
	e879a0d9cb08 md/raid1,raid10: don't ignore IO flags [auto: cve already created]
	6130825f34d4 md/md-bitmap: fix wrong bitmap_limit for clustermd when write sb [auto: cve already created]
	3db440443539 md/raid10: wait barrier before returning discard request with REQ_NOWAIT
	986c50f6bca1 f2fs: fix to avoid accessing uninitialized curseg [auto: cve already created]
	26064d3e2b4d block: fix adding folio to bio [auto: cve already created]
	5701875f9609 ext4: fix out-of-bound read in ext4_xattr_inode_dec_ref_all() [auto: cve already created]
	7e91ae31e2d2 ext4: goto right label 'out_mmap_sem' in ext4_setattr() [auto: cve already created]
	fc88dee89d7b wifi: cfg80211: init wiphy_work before allocating rfkill fails [auto: cve already created]
	e2f7d3f7331b ice: validate queue quanta parameters to prevent OOB access [auto: cve already created]
	1388dd564183 ice: fix using untrusted value of pkt_len in ice_vc_fdir_parse_raw() [auto: cve already created]
	680811c67906 idpf: check error for register_netdev() on init [auto: cve already created]
	2d8e5168d48a btrfs: fix block group refcount race in btrfs_create_pending_block_groups() [auto: cve already created]
	9db9c7dd5b4e btrfs: don't clobber ret in btrfs_validate_super() [auto: cve already created]
	ce2f26e73783 ext4: avoid journaling sb update on error if journal is destroying [auto: cve already created]
	919f9f497dbc eth: bnxt: fix out-of-range access of vnic_info array [auto: cve already created]
	ed3ba9b6e280 net: Remove RTNL dance for SIOCBRADDIF and SIOCBRDELIF. [auto: cve already created]
	778b09d91baa netfilter: nfnetlink_queue: Initialize ctx to avoid memory allocation error [auto: cve already created]
	2f6efbabceb6 ax25: Remove broken autobind [auto: cve already created]
	107b25db6112 bnxt_en: Mask the bd_cnt field in the TX BD properly [auto: cve already created]
	5f2b28b79d2d net: dsa: sja1105: fix kasan out-of-bounds warning in sja1105_table_delete_entry() [auto: cve already created]
	0dd765fae295 vmxnet3: unregister xdp rxq info in the reset path [auto: cve already created]
	094ee6017ea0 bonding: check xdp prog when set bond mode [auto: cve already created]
	d93a6caab5d7 ibmvnic: Use kernel helpers for hex dumps [auto: cve already created]
	0032c99e83b9 net: fix NULL pointer dereference in l3mdev_l3_rcv [auto: cve already created]
	1f77c05408c9 Bluetooth: btnxpuart: Fix kernel panic during FW release [auto: cve already created]
	c7d82913d5f9 net: libwx: fix Tx L4 checksum [auto: cve already created]
	47a60391ae0e rwonce: fix crash by removing READ_ONCE() for unaligned read
	0590c94c3596 drm/panthor: Fix race condition when gathering fdinfo group samples [auto: cve already created]
	d0660f9c588a drm: xlnx: zynqmp_dpsub: Add NULL check in zynqmp_audio_init [auto: cve already created]
	f887685ee0eb drm: zynqmp_dp: Fix a deadlock in zynqmp_dp_ignore_hpd_set() [auto: cve already created]
	ed15511a773d drm/vkms: Fix use after free and double free on init error [auto: cve already created]
	dc0297f3198b drm/amdgpu: Replace Mutex with Spinlock for RLCG register access to avoid Priority Inversion in SRIOV
	cbf937dcadfd PCI/ASPM: Fix link state exit during switch upstream function removal [auto: cve already created]
	0b305b7cadce drm/msm/gem: Fix error code msm_parse_deps() [auto: cve already created]
	3651ad5249c5 PCI: brcmstb: Fix error path after a call to regulator_bulk_get() [auto: cve already created]
	ff99d5b6a246 powerpc/perf: Fix ref-counting on the PMU 'vpa_pmu' [auto: cve already created]
	106a6de46cf4 drm/mediatek: dp: drm_err => dev_err in HPD path to avoid NULL ptr
	42d9d7bed270 drm/amd/display: avoid NPD when ASIC does not support DMUB [auto: cve already created]
	04d50d953ab4 PCI: Fix NULL dereference in SR-IOV VF creation error path [auto: cve already created]
	2df2c0caaecf fbdev: au1100fb: Move a variable assignment behind a null pointer check
	f0c2427412b4 RDMA/mlx5: Fix page_size variable overflow [auto: cve already created]
	efdde3d73ab2 remoteproc: core: Clear table_sz when rproc_shutdown
	dc84bc2aba85 x86/mm/pat: Fix VM_PAT handling when fork() fails in copy_page_range() [auto: cve already created]
	d19d7345a7bc clk: samsung: Fix UBSAN panic in samsung_clk_init()
	a1ecb30f9085 RDMA/core: Don't expose hw_counters outside of init net namespace [auto: cve already created]
	83437689249e RDMA/erdma: Prevent use-after-free in erdma_accept_newconn() [auto: cve already created]
	6ebc5030e0c5 bpf: Fix array bounds error with may_goto [auto: cve already created]
	5ed3b0cb3f82 RDMA/mlx5: Fix mlx5_poll_one() cur_qp update flow [auto: cve already created]
	1d6a9e7449e2 RDMA/core: Fix use-after-free when rename device name [auto: cve already created]
	0dd6770a72f1 w1: fix NULL pointer dereference in probe [auto: cve already created]
	c1baf6528bcf staging: gpib: Fix cb7210 pcmcia Oops
	5dd639a1646e vhost-scsi: Fix handling of multiple calls to vhost_scsi_set_endpoint [auto: cve already created]
	035b4989211d iio: backend: make sure to NULL terminate stack buffer [auto: cve already created]
	5ad414f4df22 fs/ntfs3: Fix a couple integer overflows on 32bit systems [auto: cve already created]
	6bb81b94f7a9 fs/ntfs3: Prevent integer overflow in hdr_first_de() [auto: cve already created]
	fa70c4c3c580 dmaengine: fsl-edma: free irq correctly in remove path
	ee735aa33db1 iio: light: Add check for array bounds in veml6075_read_int_time_ms
	a406aff8c051 ocfs2: validate l_tree_depth to avoid out-of-bounds access [auto: cve already created]
	3db89bc6d973 staging: vchiq_arm: Fix possible NPR of keep-alive thread [auto: cve already created]
	76e51db43fe4 objtool, spi: amd: Fix out-of-bounds stack access in amd_set_spi_freq()
	107a23185d99 objtool, nvmet: Fix out-of-bounds stack access in nvmet_ctrl_state_show()
	e63d465f5901 objtool, media: dib8000: Prevent divide-by-zero in dib8000_set_dds()
	4e7f1644f2ac smb: client: Fix netns refcount imbalance causing leaks and use-after-free [auto: cve already created]
	47e35366bc6f exfat: fix missing shutdown check [auto: cve already created]
	23f00807619d rtnetlink: Allocate vfinfo size for VF GUIDs when supported [auto: cve already created]
	ddb7ea36ba71 ksmbd: fix r_count dec/increment mismatch [auto: cve already created]
	46caeae23035 ksmbd: use aead_request_free to match aead_request_alloc
	d1ca8698ca13 spufs: fix a leak on spufs_new_file() failure [auto: cve already created]
	c134deabf478 spufs: fix gang directory lifetimes [auto: cve already created]
	0f5cce3fc55b spufs: fix a leak in spufs_create_context() [auto: cve already created]
	3f61ac7c65bd fs/9p: fix NULL pointer dereference on mkdir [auto: cve already created]
	de203da734fa ntb_hw_switchtec: Fix shift-out-of-bounds in switchtec_ntb_mw_set_trans [auto: cve already created]
	67a5ba8f742f riscv: fgraph: Fix stack layout to match __arch_ftrace_regs argument of ftrace_return_to_handler [auto: cve already created]
	8741d0737921 ublk: make sure ubq->canceling is set when queue is frozen [auto: cve already created]
	7ba0847fa1c2 spi: cadence: Fix out-of-bounds array access in cdns_mrvl_xspi_setup_clock() [auto: cve already created]
	93d34608fd16 ASoC: imx-card: Add NULL check in imx_card_probe() [auto: cve already created]
	4c9106f4906a idpf: fix adapter NULL pointer dereference on reboot [auto: cve already created]
	688c15017d5c netfilter: nf_tables: don't unregister hook when table is dormant [auto: cve already created]
	078aabd567de netlabel: Fix NULL pointer exception caused by CALIPSO on IPv4 sockets [auto: cve already created]
	ce8fe975fd99 net_sched: skbprio: Remove overly strict queue assertions
	10206302af85 sctp: add mutual exclusion in proc_sctp_do_udp_port() [auto: cve already created]
	57b290d97c61 net: airoha: Fix qid report in airoha_tc_get_htb_get_leaf_queue() [auto: cve already created]
	96844075226b net: mvpp2: Prevent parser TCAM memory corruption [auto: cve already created]
	5a465a0da13e udp: Fix multiple wraparounds of sk->sk_rmem_alloc. [auto: cve already created]
	df207de9d9e7 udp: Fix memory accounting leak. [auto: cve already created]
	3a0a3ff6593d net: decrease cached dst counters in dst_release [auto: cve already created]
	1b755d8eb1ac netfilter: nft_tunnel: fix geneve_opt type confusion addition [auto: cve already created]
	8241ecec1cdc sfc: fix NULL dereferences in ef100_process_design_param()
	b27055a08ad4 net: fix geneve_opt length integer overflow [auto: cve already created]
	fda8c491db2a arcnet: Add NULL check in com20020pci_probe() [auto: cve already created]
	053f3ff67d7f net: ibmveth: make veth_pool_store stop hanging [auto: cve already created]
	a239c6e91b66 staging: gpib: Fix Oops after disconnect in ni_usb [auto: cve already created]
	8491e73a5223 staging: gpib: Fix Oops after disconnect in agilent usb [auto: cve already created]
	51de36000934 usbnet:fix NPE during rx_complete [auto: cve already created]
	4103cfe9dcb8 LoongArch: Increase ARCH_DMA_MINALIGN up to 16 [auto: cve already created]
	7e2586991e36 LoongArch: BPF: Fix off-by-one error in build_prologue()
	60f3caff1492 LoongArch: BPF: Don't override subprog's return value [auto: cve already created]
	31ab12df7235 x86/microcode/AMD: Fix __apply_microcode_amd()'s return value [auto: cve already created]
	1a15bb8303b6 x86/mce: use is_copy_from_user() to determine copy-from-user context
	fa6192adc32f uprobes/x86: Harden uretprobe syscall trampoline check [auto: cve already created]
	707549600c4a bcachefs: bch2_ioctl_subvolume_destroy() fixes [auto: cve already created]
	3ef938c35035 x86/mm: Fix flush_tlb_range() when used for zapping normal PMDs [auto: cve already created]
	2ff0e408db36 acpi: nfit: fix narrowing conversion in acpi_nfit_ctl [auto: cve already created]
	542027e123fc ksmbd: add bounds check for durable handle context [auto: cve already created]
	bab703ed8472 ksmbd: add bounds check for create lease context [auto: cve already created]
	15a9605f8d69 ksmbd: fix use-after-free in ksmbd_sessions_deregister() [auto: cve already created]
	fa4cdb8cbca7 ksmbd: fix session use-after-free in multichannel connection [auto: cve already created]
	beff0bc9d69b ksmbd: fix overflow in dacloffset bounds check [auto: cve already created]
	bf21e29d78cd ksmbd: validate zero num_subauth before sub_auth is accessed [auto: cve already created]
	c8b5b7c5da7d ksmbd: fix null pointer dereference in alloc_preauth_hash() [auto: cve already created]
	1bb7ff4204b6 exfat: fix random stack corruption after get_block [auto: cve already created]
	7f81f27b1093 tracing: Fix use-after-free in print_graph_function_flags during tracer switching [auto: cve already created]
	8977752c8056 mm/gup: reject FOLL_SPLIT_PMD with hugetlb VMAs [auto: cve already created]
	c28f31deeacd arm64: Don't call NULL in do_compat_alignment_fixup() [auto: cve already created]
	adc3fd2a2277 wifi: mt76: mt7921: fix kernel panic due to null pointer dereference [auto: cve already created]
	d5e206778e96 ext4: fix OOB read when checking dotdot dir
	667f053b05f0 PCI/bwctrl: Fix NULL pointer dereference on bus number exhaustion [auto: cve already created]
	fdf480da5837 jfs: fix slab-out-of-bounds read in ea_get()
	a8dfb2168906 jfs: add index corruption check to DT_GETPAGE()
	c11bcbc0a517 mm: zswap: fix crypto_free_acomp() deadlock in zswap_cpu_comp_dead() [auto: cve already created]
	af7bb0d2ca45 exec: fix the racy usage of fs_struct->in_exec [auto: cve already created]
	36cef585e2a3 media: vimc: skip .s_stream() for stopped entities [auto: cve already created]
	f656cfbc7a29 media: streamzap: fix race between device disconnection and urb callback [auto: cve already created]
	930b64ca0c51 nfsd: don't ignore the return code of svc_proc_register() [auto: cve already created]
	d1bc15b147d3 nfsd: allow SC_STATUS_FREEABLE when searching via nfs4_lookup_stateid()
	230ca758453c nfsd: put dl_stid if fail to queue dl_recall [auto: cve already created]
	d093c9089260 nfsd: fix management of listener transports [auto: cve already created]