- firmware: cs_dsp: Return error if block header overflows file {CVE-2024-42238} - scsi: qedf: Make qedf_execute_tmf() non-preemptible {CVE-2024-42124} - ftruncate: pass a signed offset {CVE-2024-42084} - firmware: cs_dsp: Use strnlen() on name fields in V1 wmfw files {CVE-2024-41056} - firmware: cs_dsp: Prevent buffer overrun when processing V2 alg headers {CVE-2024-41038} - USB: core: Fix duplicate endpoint bug by clearing reserved bits in the descriptor {CVE-2024-41035} - xfs: add bounds checking to xlog_recover_process_data {CVE-2024-41014} - netpoll: Fix race condition in netpoll_owner_active {CVE-2024-41005} - drm/radeon: fix UBSAN warning in kv_dpm.c {CVE-2024-40988} - ring-buffer: Fix a race between readers and resize checks {CVE-2024-38601} - scsi: mpi3mr: Avoid memcpy field-spanning write WARNING {CVE-2024-36920} - dmaengine: idxd: Fix oops during rmmod on single-CPU platforms {CVE-2024-35989} - udp: do not accept non-tunnel GSO skbs landing in a tunnel {CVE-2024-35884} - nvme-fc: do not wait in vain when unloading module {CVE-2024-26846} - drm/amdgpu: Fix the null pointer when load rlc firmware {CVE-2024-26649} - Input: cyapa - add missing input core locking to suspend/resume functions {CVE-2023-52884} - Input: synaptics-rmi4 - fix use after free in rmi_unregister_function() {CVE-2023-52840} - wifi: ath11k: fix htt pktlog locking {CVE-2023-52800} - wifi: ath11k: fix dfs radar event locking {CVE-2023-52798} - ACPI: LPIT: Avoid u32 multiplication overflow {CVE-2023-52683} - ACPI: extlog: fix NULL pointer dereference check {CVE-2023-52605} - HID: logitech-hidpp: Fix kernel crash on receiver USB disconnect {CVE-2023-52478} - USB: core: Fix hang in usb_kill_urb by adding memory barriers {CVE-2022-48760} - phylib: fix potential use-after-free {CVE-2022-48754} - serial: core: fix transmit-buffer reset and memleak {CVE-2021-47527} - nvmem: Fix shift-out-of-bound (UBSAN) with byte size cells {CVE-2021-47497} - mlxsw: thermal: Fix out-of-bounds memory accesses {CVE-2021-47441} - hwmon: (mlxreg-fan) Return non-zero value when fan current state is enforced from sysfs {CVE-2021-47393} - hwmon: (w83791d) Fix NULL pointer dereference by removing unnecessary structure field {CVE-2021-47386} - hwmon: (w83792d) Fix NULL pointer dereference by removing unnecessary structure field {CVE-2021-47385} - hwmon: (w83793) Fix NULL pointer dereference by removing unnecessary structure field {CVE-2021-47384} - virtio-net: Add validation for used length {CVE-2021-47352} - fbmem: Do not delete the mode that is still in use {CVE-2021-47338} - watchdog: Fix possible use-after-free by calling del_timer_sync() {CVE-2021-47321} - ACPI: fix NULL pointer dereference {CVE-2021-47289} - driver core: auxiliary bus: Fix memory leak when driver_register() fail {CVE-2021-47287} - Input: elantech - fix stack out of bound access in elantech_change_report_id() {CVE-2021-47097} - HID: hid-thrustmaster: fix OOB read in thrustmaster_interrupts {CVE-2022-48866} - ipv6: prevent possible NULL dereference in rt6_probe() {CVE-2024-40960} - xfrm6: check ip6_dst_idev() return value in xfrm6_get_saddr() {CVE-2024-40959} - wifi: iwlwifi: mvm: don't read past the mfuart notifcation {CVE-2024-40941} - wifi: iwlwifi: mvm: check n_ssids before accessing the ssids {CVE-2024-40929} - wifi: mac80211: Fix deadlock in ieee80211_sta_ps_deliver_wakeup() {CVE-2024-40912} - wifi: cfg80211: Lock wiphy in cfg80211_get_station {CVE-2024-40911} - USB: class: cdc-wdm: Fix CPU lockup caused by excessive log messages {CVE-2024-40904} - scsi: mpt3sas: Avoid test/set_bit() operating in non-allocated memory {CVE-2024-40901} - liquidio: Adjust a NULL pointer handling path in lio_vf_rep_copy_packet {CVE-2024-39506} - vmci: prevent speculation leaks by sanitizing event in event_deliver() {CVE-2024-39499} - crypto: bcm - Fix pointer arithmetic {CVE-2024-38579} - scsi: qedf: Ensure the copied buf is NUL terminated {CVE-2024-38559} - net: openvswitch: fix overwriting ct original tuple for ICMPv6 {CVE-2024-38558} - tcp: Fix shift-out-of-bounds in dctcp_update_alpha(). {CVE-2024-37356} - scsi: lpfc: Move NPIV's transport unregistration to after resource clean up {CVE-2024-36952} - scsi: lpfc: Release hbalock before calling lpfc_worker_wake_up() {CVE-2024-36924} - wifi: iwlwifi: read txq->read_ptr under lock {CVE-2024-36922} - scsi: bnx2fc: Remove spin_lock_bh while releasing resources after upload {CVE-2024-36919} - netfilter: complete validation of user input {CVE-2024-35962} - VMCI: Fix memcpy() run-time warning in dg_dispatch_as_host() {CVE-2024-35944} - ACPI: processor_idle: Fix memory leak in acpi_processor_power_exit() {CVE-2024-26894} - dm: call the resume method on internal suspend {CVE-2024-26880} - net: ice: Fix potential NULL pointer dereference in ice_bridge_setlink() {CVE-2024-26855} - mm/writeback: fix possible divide-by-zero in wb_dirty_limits(), again {CVE-2024-26720} - tracing: Ensure visibility when inserting an element into tracing_map {CVE-2024-26645} - scsi: libfc: Fix potential NULL pointer dereference in fc_lport_ptp_setup() {CVE-2023-52809} - perf/x86/lbr: Filter vsyscall addresses {CVE-2023-52476} - drm/radeon: check the alloc_workqueue return value in radeon_crtc_init() {CVE-2023-52470} - Input: add bounds checking to input_set_capability() {CVE-2022-48619} - tty: Fix out-of-bound vmalloc access in imageblit {CVE-2021-47383} - tcp: make sure init the accept_queue's spinlocks once {CVE-2024-26614} - bnx2x: Fix multiple UBSAN array-index-out-of-bounds {CVE-2024-42148} - net: do not leave a dangling sk pointer, when socket creation fails {CVE-2024-40954} - media: xc2028: avoid use-after-free in load_firmware_cb() {CVE-2024-43900} - fou: remove warn in gue_gro_receive on unsupported protocol {CVE-2024-44940} - net/sched: Fix UAF when resolving a clash {CVE-2024-41040} - PCI/MSI: Fix UAF in msi_capability_init {CVE-2024-41096}