| e3f88665a780 ("HSI: ssi_protocol: Fix use after free vulnerability in ssi_protocol Driver Due to Race Condition") |
| e4d4b8670c44 ("ring-buffer: Use flush_kernel_vmap_range() over flush_dcache_folio()") |
| fa37a8849634 ("net: mana: Switch to page pool for jumbo frames") |
| f6cb7828c8e1 ("misc: pci_endpoint_test: Avoid issue of interrupts remaining after request_irq error") |
| ef01cac401f1 ("KVM: x86: Acquire SRCU in KVM_GET_MP_STATE to protect guest memory accesses") |
| 09098e62e4be ("fuse: {io-uring} Fix a possible req cancellation race") |
| 2de510fccbca ("dm-verity: fix prefetch-vs-suspend race") |
| 9c565428788f ("dm-ebs: fix prefetch-vs-suspend race") |
| b4885bd5935b ("cifs: avoid NULL pointer dereference in dbg call") |
| dd941507a948 ("tracing: fprobe events: Fix possible UAF on modules") |
| d24fa977eec5 ("tracing: fprobe: Fix to lock module while registering fprobe") |
| f1a69a940de5 ("sctp: detect and prevent references to a freed transport in sendmsg") |
| fe4cdc2c4e24 ("mm/userfaultfd: fix release hang over concurrent GUP") |
| 937582ee8e8d ("mm/mremap: correctly handle partial mremap() of VMA starting at 0") |
| 442b1eca223b ("mm: make page_mapped_in_vma() hugetlb walk aware") |
| a1d416bf9faf ("sparc/mm: disable preemption in lazy mmu mode") |
| 688124cc541f ("iommu/vt-d: Don't clobber posted vCPU IRTE when host IRQ affinity changes") |
| 2bbc4a45e5eb ("btrfs: zoned: fix zone activation with missing devices") |
| 89f43e1ce6f6 ("arm64: mm: Correct the update of max_pfn") |
| a13bfa4fe0d6 ("arm64: mops: Do not dereference src reg for a set operation") |
| d027951dc85c ("mtd: inftlcore: Add error check for inftl_read_oob()") |
| 8b46fdaea819 ("lib: scatterlist: fix sg_split_phys to preserve original scatterlist offsets") |
| 4cdf1d2a816a ("mfd: ene-kb3930: Fix a potential NULL pointer dereference") |
| bd496a44f041 ("i3c: Add NULL pointer check in i3c_master_queue_ibi()") |
| c8222ef6cf29 ("soc: samsung: exynos-chipid: Add NULL pointer check in exynos_chipid_probe()") |
| 94824ac9a8aa ("ext4: fix off-by-one error in do_split") |
| 0686a818d77a ("bus: mhi: host: Fix race between unprepare and queue_buf") |
| d48b663f410f ("arm64/crc-t10dif: fix use of out-of-scope array in crc_t10dif_arch()") |
| 9a6f56762d23 ("accel/ivpu: Fix deadlock in ivpu_ms_cleanup()") |
| 3e330acf4efd ("ASoC: codecs: wcd937x: fix a potential memory leak in wcd937x_soc_codec_probe()") |
| 6889ae1b4df1 ("io_uring/net: fix io_req_post_cqe abuse by send bundle") |
| c60d101a226f ("net: stmmac: Fix accessing freed irq affinity_hint") |
| 6458d760a0c0 ("wifi: mt76: mt7925: fix country count limitation for CLC") |
| 4bc1da524b50 ("wifi: mt76: Add check for devm_kstrdup()") |
| 2aee30bb10d7 ("mtd: Add check for devm_kcalloc()") |
| fc0e982b8a3a ("block: make sure ->nr_integrity_segments is cloned in blk_rq_prep_clone") |
| 42eceae97935 ("media: i2c: imx219: Rectify runtime PM handling in probe and remove") |
| 9edaaa8e3e15 ("media: venus: hfi_parser: refactor hfi packet parsing logic") |
| 172bf5a9ef70 ("media: venus: hfi_parser: add check to avoid out of bound access") |
| 3edd1fc48d2c ("media: v4l2-dv-timings: prevent possible overflow in v4l2_detect_gtf()") |
| 549f6d348167 ("media: streamzap: prevent processing IR data on URB failure") |
| 4cd48565b0e5 ("KVM: arm64: Set HCR_EL2.TID1 unconditionally") |
| 250f25367b58 ("KVM: arm64: Tear down vGIC on failed vCPU creation") |
| 69baf245b23e ("media: venus: hfi: add check to handle incorrect queue size") |
| f4b211714bcc ("media: venus: hfi: add a check to handle OOB in sfr region") |
| 4936cd5817af ("media: mediatek: vcodec: Fix a resource leak related to the scp device in FW initialization") |
| 9b98a7d2e5f4 ("auxdisplay: hd44780: Fix an API misuse in hd44780.c") |
| 1f650dcec32d ("HID: pidff: Make sure to fetch pool before checking SIMULTANEOUS_MAX") |
| 41a0926e82f4 ("s390/pci: Fix s390_mmio_read/write syscall page fault handling") |
| d4bac0288a2b ("bpf: support SKF_NET_OFF and SKF_LL_OFF on skb frags") |
| 3e411827f31d ("fbdev: omapfb: Add 'plane' value check") |
| 0d9a95099dcb ("drm/amdgpu: grab an additional reference on the gang fence v2") |
| f844732e3ad9 ("drm/amdgpu: Fix the race condition for draining retry fault") |
| 29c1c20496a7 ("drm/amd/display: Prevent VStartup Overflow") |
| 1435e895d4fc ("drm/amdgpu: handle amdgpu_cgs_create_device() errors in amd_powerplay_create()") |
| fe9d0061c413 ("drm/amdkfd: debugfs hang_hws skip GPU with MES") |
| f0b4440cdc18 ("drm/amdkfd: Fix mode1 reset crash issue") |
| e90711946b53 ("drm/amdkfd: clamp queue size to minimum") |
| c87d202692de ("drm/amd/display: Guard Possible Null Pointer Dereference") |
| 27b918007d96 ("net: vlan: don't propagate flags on open") |
| a018d1cf990d ("scsi: st: Fix array overflow in st_setup()") |
| c8e008b60492 ("ext4: ignore xattrs past end") |
| 530fea29ef82 ("ext4: protect ext4_release_dquot against freezing") |
| e6494977bd4a ("f2fs: fix to avoid out-of-bounds access in f2fs_truncate_inode_blocks()") |
| 9a0dddfb30f1 ("wifi: ath12k: Fix invalid data access in ath12k_dp_rx_h_undecap_nwifi") |
| ddf2846f22e8 ("jfs: add sanity check for agwidth in dbMount") |
| 7fcbf789629c ("fs/jfs: Prevent integer overflow in AG size calculation") |
| 9629d7d66c62 ("jfs: Fix uninit-value access of imap allocated in the diMount() function") |
| 43130d02baa1 ("page_pool: avoid infinite loop to schedule delayed worker") |
| f195fc060c73 ("scsi: mpi3mr: Synchronous access b/w reset and tm thread for reply queue") |
| ecfc13138992 ("wifi: ath12k: Avoid memory leak while enabling statistics") |
| 63fdc4509bcf ("wifi: ath12k: Fix invalid entry fetch in ath12k_dp_mon_srng_process") |
| 1b24394ed5c8 ("wifi: ath12k: fix memory leak in ath12k_pci_remove()") |
| 1bcd20981834 ("wifi: ath11k: Fix DMA buffer allocation to resolve SWIOTLB issues") |
| 22a05462c3d0 ("HID: pidff: Fix null pointer dereference in pidff_find_fields") |
| c1fcf41cf37f ("x86/mm: Clear _PAGE_DIRTY for kernel mappings when we clear _PAGE_RW") |
| d31e31365b5b ("srcu: Force synchronization for srcu_get_delay()") |
| 56799bc03565 ("perf: Fix hang while freeing sigtrap event") |
| 38e8844005e6 ("iommu/mediatek: Fix NULL pointer deference in mtk_iommu_device_group") |
| eaa517b77e63 ("ethtool: cmis_cdb: Fix incorrect read / write length extension") |
| e042ed950d4e ("nft_set_pipapo: fix incorrect avx2 match of 5th field octet") |
| aabc6596ffb3 ("net: ppp: Add bound checking for skb data on ppp_sync_txmung") |
| 9502dd5c7029 ("smb: client: fix UAF in decryption with multichannel") |
| f0df00ebc57f ("x86/cpu: Avoid running off the end of an AMD erratum table") |
| b3bf8f63e617 ("net_sched: sch_sfq: move the limit validation") |
| aa1ac98268cd ("s390/cpumf: Fix double free on error in cpumf_pmu_event_init()") |
| 7f1ff1b38a7c ("net: libwx: handle page_pool_dev_alloc_pages error") |
| 69ae94725f4f ("tipc: fix memory leak in tipc_link_xmit") |
| ad320e408a8c ("ata: pata_pxa: Fix potential NULL pointer dereference in pxa_ata_probe()") |
| 6ee6bd5d4fce ("ublk: fix handling recovery & reissue in ublk_abort_queue()") |
| 5df5dafc171b ("Bluetooth: hci_uart: Fix another race during initialization") |
| 55c85fa7579d ("iommufd: Fail replace if device has not been attached") |
| 40369bfe717e ("spi: fsl-qspi: use devm function instead of driver remove") |
| 2ccd42b959aa ("s390/virtio_ccw: Don't allocate/assign airqs for non-existing queues") |
| e3260237aaad ("PCI: pciehp: Avoid unnecessary device replacement check") |
| bc52ae0a708c ("KVM: x86: Explicitly zero-initialize on-stack CPUID unions") |
| 8bde1033f9cf ("dm-integrity: fix non-constant-time tag verification") |
| a3672304abf2 ("dlm: fix error if active rsb is not hashed") |
| c0ebbb3841e0 ("mm: add missing release barrier on PGDAT_RECLAIM_LOCKED unlock") |
| bc3fe6805cf0 ("mm/rmap: reject hugetlb folios in folio_make_device_exclusive()") |
| 94ba17adaba0 ("mm/damon: avoid applying DAMOS action to same entity multiple times") |
| 0bb2f7a1ad1f ("net: Fix null-ptr-deref by sock_lock_init_class_and_name() and rmmod.") |
| 93ae6e68b6d6 ("iommu/vt-d: Fix possible circular locking dependency") |
| 35fec1089ebb ("btrfs: zoned: fix zone finishing with missing devices") |
| 4c782247b893 ("btrfs: fix non-empty delayed iputs list on unmount due to compressed write workers") |
| 276822a00db3 ("backlight: led_bl: Hold led_access lock when calling led_sysfs_disable()") |
| 443041deb5ef ("mptcp: fix NULL pointer in can_accept_new_subflow") |
| b365b9d404b7 ("smb311 client: fix missing tcon check when mounting with linux/posix extensions") |
| 750037aa0a9f ("svcrdma: do not unregister device for listeners") |
| 17d253af4c2c ("tpm: do not start chip while suspended") |
| a6097e0a54a5 ("vdpa/mlx5: Fix oversized null mkey longer than 32bit") |
| f098aeba04c9 ("f2fs: fix to avoid atomicity corruption of atomic file") |
| 201e07aec617 ("f2fs: fix the missing write pointer correction") |
| 3371f569223c ("arm/crc-t10dif: fix use of out-of-scope array in crc_t10dif_arch()") |
| f6a89bf5278d ("io_uring/net: fix accept multishot handling") |
| 040492ac2578 ("scsi: lpfc: Restore clearing of NLP_UNREG_INP in ndlp->nlp_flag") |
| 0ebb60da8416 ("wifi: mt76: mt7925: adjust rm BSS flow to prevent next connection failure") |
| d00c0c4105e5 ("wifi: mac80211: fix integer overflow in hwmp_route_info_get()") |
| a2c75e964e51 ("media: chips-media: wave5: Fix a hang after seeking") |
| ac35f7689866 ("media: chips-media: wave5: Avoid race condition in the interrupt handler") |
| d893da85e06e ("accel/ivpu: Fix PM related deadlocks in MS IOCTLs") |
| e403e8538359 ("arm64: errata: Assume that unknown CPUs _are_ vulnerable to Spectre BHB") |
| ed1ce841245d ("arm64: errata: Add QCOM_KRYO_4XX_GOLD to the spectre_bhb_k24_list") |
| e2fa0bdf08a7 ("HID: pidff: Fix set_device_control()") |
| 0c6673e3d17b ("HID: pidff: Clamp effect playback LOOP_COUNT value") |
| 642335f3ea2b ("ext4: don't treat fhandle lookup of ea_inode as FS corruption") |
| 928446a5302e ("pwm: fsl-ftm: Handle clk_get_rate() returning 0") |
| 7ca59947b5fc ("pwm: mediatek: Prevent divide-by-zero in pwm_mediatek_config()") |
| 18056a48669a ("PCI: vmd: Make vmd_dev::cfg_lock a raw_spinlock_t type") |
| b1a7f99967fc ("PCI: Check BAR index for validity") |
| 7919b4cad554 ("drm/amdkfd: Fix pqm_destroy_queue race with GPU reset") |
| 23b645231eef ("drm/amdgpu: Unlocked unmap only clear page table leaves") |
| 459777724d30 ("drm/xe/vf: Don't try to trigger a full GT reset if VF") |
| 366ceff495f9 ("Bluetooth: hci_uart: fix race during initialization") |
| 700014d3ad1f ("wifi: mac80211: fix userspace_selectors corruption") |
| 19426c4988aa ("Revert "f2fs: rebuild nat_bits during umount"") |
| b61e69bb1c04 ("jfs: Prevent copying of nlink with value 0 from disk inode") |
| 70ca3246ad20 ("fs/jfs: cast inactags to s64 to prevent potential overflow") |
| 6c93fd502023 ("wifi: mac80211: ensure sdata->work is canceled before initialized.") |
| 52323ed1444e ("PM: hibernate: Avoid deadlock in hibernate_compressor_param_set()") |
| 7f35b429802a ("perf/dwc_pcie: fix duplicate pci_dev devices") |
| 99deffc409b6 ("iommu/exynos: Fix suspend/resume with IDENTITY domain") |
| fc75ea20ffb4 ("net: phy: allow MDIO bus PM ops to start/stop state machine for phylink-controlled PHY") |
| e3ea2eae7069 ("drm/i915/huc: Fix fence not released on early probe errors") |
| 8d46a2708503 ("ata: sata_sx4: Add error handling in pdc20621_i2c_read()") |
| 5071a1e606b3 ("net: tls: explicitly disallow disconnect") |
| a22b3d54de94 ("cgroup/cpuset: Fix race between newly created partition and dying one") |
| 8bf450f3aec3 ("cgroup/cpuset: Fix error handling in remote_partition_disable()") |
| 42ea22e754ba ("ftrace: Add cond_resched() to ftrace_graph_set_hash()") |
| 7511e29cf135 ("btrfs: harden block_group::bg_list against list_del() races") |
