- Bluetooth: hci_sysfs: Fix attempting to call device_add multiple times {CVE-2022-50419} - firewire: net: fix use after free in fwnet_finish_incoming_packet() {CVE-2023-53432} - wifi: brcmfmac: fix use-after-free bug in brcmf_netdev_start_xmit() {CVE-2022-50408} - wifi: brcmfmac: slab-out-of-bounds read in brcmf_get_assoc_ies() {CVE-2023-1380} - wifi: mac80211_hwsim: drop short frames {CVE-2023-53321} - wifi: cfg80211: Fix use after free for wext {CVE-2023-53153} - scsi: libsas: Fix use-after-free bug in smp_execute_task_sg() {CVE-2022-50422} - wifi: brcmfmac: fix use-after-free when rescheduling brcmf_btcoex_info work {CVE-2025-39863} - NFSD: Protect against send buffer overflow in NFSv2 READ {CVE-2022-43945} - can: bcm: add locking for bcm_op runtime updates {CVE-2025-38004} - Squashfs: check return result of sb_min_blocksize {CVE-2025-38415} - scsi: qla2xxx: Wait for io return on terminate rport {CVE-2023-53322} - fs: fix UAF/GPF bug in nilfs_mdt_destroy {CVE-2022-2978} - ipv6: Fix infinite recursion in fib6_dump_done(). {CVE-2024-35886} - wifi: ath9k_htc: Abort software beacon handling if disabled {CVE-2025-38157} - atm: Release atm_dev_mutex after removing procfs in atm_dev_deregister(). {CVE-2025-38245} - atm: clip: Fix infinite recursive call of clip_push(). {CVE-2025-38459} - smb: client: Fix use-after-free in cifs_fill_dirent {CVE-2025-38051} - spec: merge oraclelinux6els changes - ip6mr: Fix skb_under_panic in ip6mr_cache_report() {CVE-2023-53365} - ipvs: fix WARNING in ip_vs_app_net_cleanup() {CVE-2022-49917} - ipvs: fix WARNING in __ip_vs_cleanup_batch() {CVE-2022-49918} - ipvs: use explicitly signed chars - HID: core: Harden s32ton() against conversion to 0 bits {CVE-2025-38556} - net_sched: hfsc: Fix a potential UAF in hfsc_dequeue() too {CVE-2025-37823} - xen/netfront: react properly to failing gnttab_end_foreign_access_ref() {CVE-2022-48900} - netlink: prevent potential spectre v1 gadgets {CVE-2023-53000} - mtd: inftlcore: Add error check for inftl_read_oob() {CVE-2025-37892} - igb: Do not free q_vector unless new one was allocated {CVE-2022-50252} - scsi: target: Fix WRITE_SAME No Data Buffer crash {CVE-2022-21546} - net: mdio: fix undefined behavior in bit shift for __mdiobus_register {CVE-2022-49907} - capabilities: fix undefined behavior in bit shift for CAP_TO_MASK {CVE-2022-49870} - wifi: brcmfmac: Fix potential stack-out-of-bounds in brcmf_c_preinit_dcmds() {CVE-2022-50258} - md-raid10: fix KASAN warning {CVE-2022-50211} - usb: xhci: Fix isochronous Ring Underrun/Overrun event handling {CVE-2025-37882} - ALSA: hda/ca0132: Fix buffer overflow in add_tuning_control {CVE-2025-39751} - crypto: seqiv - Handle EBUSY correctly {CVE-2023-53373} - wifi: brcmsmac: add gain range check to wlc_phy_iqcal_gainparams_nphy() {CVE-2024-58014} - isofs: Prevent the use of too small fid {CVE-2025-37780} - net: openvswitch: fix nested key length validation in the set() action {CVE-2025-37789} - partitions: mac: fix handling of bogus partition table {CVE-2025-21772}