- af_unix: Fix garbage collector racing against connect() {CVE-2024-26923} - netfilter: nft_limit: reject configurations that cause integer overflow {CVE-2024-26668} - libbpf: Fix use-after-free in btf_dump_name_dups {CVE-2022-3534} - bpf: Fix partial dynptr stack slot reads/writes {CVE-2023-39191} - ima: Fix use-after-free on a dentry's dname.name {CVE-2024-39494} - ima: define ima_max_digest_data struct without a flexible array variable - ima: detect changes to the backing overlay file - tpm: fix reference counting for struct tpm_chip {CVE-2022-2977} - tty: n_gsm: fix the UAF caused by race condition in gsm_cleanup_mux {CVE-2023-6546} - tty: n_gsm: fix restart handling via CLD command - r8169: Fix possible ring buffer corruption on fragmented Tx packets. {CVE-2024-38586} - netfilter: tproxy: bail out if IP has been disabled on the device {CVE-2024-36270} - tcp: Use refcount_inc_not_zero() in tcp_twsk_unique(). {CVE-2024-36904} - Bluetooth: Fix double free in hci_conn_cleanup {CVE-2023-28464} - fs,hugetlb: fix NULL pointer dereference in hugetlbs_fill_super {CVE-2024-0841} - net/ipv6: avoid possible UAF in ip6_route_mpath_notify() {CVE-2024-26852} - tipc: fix UAF in error path {CVE-2024-36886} - Bluetooth: af_bluetooth: Fix deadlock {CVE-2024-26886} - Bluetooth: af_bluetooth: Fix Use-After-Free in bt_sock_recvmsg {CVE-2023-51779} - dma-mapping: benchmark: handle NUMA_NO_NODE correctly {CVE-2024-39277} - net/mlx5e: Prevent deadlock while disabling aRFS {CVE-2024-27014} - net/mlx5e: Introduce flow steering API {CVE-2024-27014} - x86/sev: Harden #VC instruction emulation somewhat {CVE-2024-25742} - x86/coco: Disable 32-bit emulation by default on TDX and SEV {CVE-2024-25742} - x86: Introduce ia32_enabled() {CVE-2024-25742} - x86/entry: Do not allow external 0x80 interrupts {CVE-2024-25742} - x86/entry: Convert INT 0x80 emulation to IDTENTRY {CVE-2024-25742} - RDMA/srpt: Support specifying the srpt_service_guid parameter {CVE-2024-26744} - platform/x86: think-lmi: Fix reference leak {CVE-2023-52520} - USB: usb-storage: Prevent divide-by-0 error in isd200_ata_command {CVE-2024-27059} - fat: fix uninitialized field in nostale filehandles {CVE-2024-26973} - usb: xhci: Add error handling in xhci_map_urb_for_dma {CVE-2024-26964} - wifi: ath9k: delay all of ath9k_wmi_event_tasklet() until init is complete {CVE-2024-26897} - wifi: mac80211: fix race condition on enabling fast-xmit {CVE-2024-26779} - RDMA/qedr: Fix qedr_create_user_qp error flow {CVE-2024-26743} - wifi: iwlwifi: fix a memory corruption {CVE-2024-26610} - x86/fpu: Stop relying on userspace for info to fault in xsave buffer {CVE-2024-26603} - wifi: rt2x00: restart beacon queue when hardware reset {CVE-2023-52595} - wifi: ath9k: Fix potential array-index-out-of-bounds read in ath9k_htc_txstatus() {CVE-2023-52594} - net: usb: smsc75xx: Fix uninit-value access in __smsc75xx_read_reg {CVE-2023-52528} - RDMA/siw: Fix connection failure handling {CVE-2023-52513} - usb: hub: Guard against accesses to uninitialized BOS descriptors {CVE-2023-52477} - tty: tty_buffer: Fix the softlockup issue in flush_to_ldisc {CVE-2021-47185} - sctp: fail if no bound addresses can be used for a given scope {CVE-2023-1074} - memcg: enable accounting for file lock caches {CVE-2022-0480} - net/tls: do not free tls_rec on async operation in bpf_exec_tx_verdict() {CVE-2023-6176} - RDMA/srpt: Do not register event handler until srpt device is fully setup {CVE-2024-26872} - drm/amd/display: Atom Integrated System Info v2_2 for DCN35 {CVE-2024-36897} - net/mlx5e: fix a potential double-free in fs_any_create_groups {CVE-2023-52667} - ipv6: fib6_rules: avoid possible NULL dereference in fib6_rule_action() {CVE-2024-36902} - ipv6: prevent NULL dereference in ip6_output() {CVE-2024-36901} - vt: fix memory overlapping when deleting chars in the buffer {CVE-2022-48627} - hwmon: (coretemp) Fix out-of-bounds memory access {CVE-2024-26664} - i2c: Fix a potential use after free {CVE-2019-25162} - net/smc: fix illegal rmb_desc access in SMC-D connection dump {CVE-2024-26615}