- ASoC: topology: Clean up route loading {CVE-2024-41069} - ASoC: topology: Fix references to freed memory {CVE-2024-41069} - drm/dp_mst: Fix MST sideband message body length check {CVE-2024-56616} - Bluetooth: L2CAP: Fix not validating setsockopt user input {CVE-2024-35965} - Bluetooth: L2CAP: uninitialized variables in l2cap_sock_setsockopt() {CVE-2024-35965} - usb: cdc-acm: Check control transfer buffer size before access {CVE-2025-21704} - igb: Fix potential invalid memory access in igb_init_module() {CVE-2024-52332} - vfio/pci: Properly hide first-in-list PCIe extended capability {CVE-2024-53214} - Bluetooth: RFCOMM: Fix not validating setsockopt user input {CVE-2024-35966} - Bluetooth: SCO: Fix not validating setsockopt user input {CVE-2024-35966} - media: stk1160: fix bounds checking in stk1160_copy_video() {CVE-2024-38621} - net/sched: Always pass notifications when child class becomes empty {CVE-2025-38350} - sch_htb: make htb_qlen_notify() idempotent {CVE-2025-37932} - codel: remove sch->q.qlen check before qdisc_tree_reduce_backlog() {CVE-2025-37798} - sch_qfq: make qfq_qlen_notify() idempotent {CVE-2025-38350} - sch_drr: make drr_qlen_notify() idempotent {CVE-2025-38350} - sch_htb: make htb_deactivate() idempotent {CVE-2025-38350} - sch_cbq: make cbq_qlen_notify() idempotent {CVE-2025-38000} - inet: fully convert sk->sk_rx_dst to RCU rules {CVE-2021-47103} - scsi: mpt3sas: Fix use-after-free warning {CVE-2022-48695} - scsi: mpt3sas: Avoid test/set_bit() operating in non-allocated memory {CVE-2024-40901} - vmci: prevent speculation leaks by sanitizing event in event_deliver() {CVE-2024-39499} - USB: core: Fix hang in usb_kill_urb by adding memory barriers {CVE-2022-48760} - nvmem: Fix shift-out-of-bound (UBSAN) with byte size cells {CVE-2021-47497} - virtio-net: Add validation for used length {CVE-2021-47352} - watchdog: Fix possible use-after-free by calling del_timer_sync() {CVE-2021-47321} - scsi: qedi: Fix crash while reading debugfs attribute {CVE-2024-40978} - wifi: iwlwifi: mvm: check n_ssids before accessing the ssids {CVE-2024-40929} - wifi: iwlwifi: mvm: guard against invalid STA ID on removal {CVE-2024-36921} - mac802154: fix llsec key resources release in mac802154_llsec_key_del {CVE-2024-26961} - platform/x86: wmi: Fix opening of char device {CVE-2023-52864} - media: gspca: cpia1: shift-out-of-bounds in set_flicker {CVE-2023-52764} - wifi: mac80211: fix potential key use-after-free {CVE-2023-52530} - net: fix information leakage in /proc/net/ptype {CVE-2022-48757} - crypto: qat - resolve race condition during AER recovery {CVE-2024-26974} - perf/core: Bail out early if the request AUX area is out of bound {CVE-2023-52835} - net: ti: fix UAF in tlan_remove_one {CVE-2021-47310} - wifi: ath9k: Fix potential array-index-out-of-bounds read in ath9k_htc_txstatus() {CVE-2023-52594} - net: bridge: use DEV_STATS_INC() {CVE-2023-52578} - net: add atomic_long_t to net_device_stats fields {CVE-2023-52578} - media: dvb-core: Fix use-after-free due to race at dvb_register_device() {CVE-2022-45884} - media: dvb-core: Fix use-after-free on race condition at dvb_frontend {CVE-2022-45885} - xen/gntalloc: don't use gnttab_query_foreign_access() {CVE-2022-23039} - xen/netfront: don't use gnttab_query_foreign_access() for mapped status {CVE-2022-23037} - xen/grant-table: add gnttab_try_end_foreign_access() {CVE-2022-23038} - ovl: fail on invalid uid/gid mapping at copy up {CVE-2023-0386} - ALSA: oss: Fix PCM OSS buffer allocation overflow {CVE-2022-49292} - gfs2: Fix length of holes reported at end-of-file - gfs2: Only do glock put in gfs2_create_inode for free inodes - gfs2: Fix use-after-free in gfs2_logd after withdraw - gfs2: fix use-after-free in trans_drain - gfs2: Clean up revokes on normal withdraws - GFS2: gfs2_free_extlen can return an extent that is too long - gfs2: Wipe jdata and ail1 in gfs2_journal_wipe, formerly gfs2_meta_wipe - GFS2: Refactor gfs2_remove_from_journal - GFS2: Only set PageChecked for jdata pages - gfs2: keep bios separate for each journal - gfs2: Remove active journal side effect from gfs2_write_log_header - gfs2: clean_journal improperly set sd_log_flush_head - partial "GFS2: Introduce new gfs2_log_header_v2" - gfs2: change from write to read lock for sd_log_flush_lock in journal replay - GFS2: Reduce code redundancy writing log headers - gfs2: Grab glock reference sooner in gfs2_add_revoke - gfs2: fix glock reference problem in gfs2_trans_remove_revoke - gfs2: Fix occasional glock use-after-free - gfs2: Make sure we don't miss any delayed withdraws - gfs2: Fix bad comment for trans_drain - gfs2: add some much needed cleanup for log flushes that fail - gfs2: fix trans slab error when withdraw occurs inside log_flush - gfs2: initialize transaction tr_ailX_lists earlier - GFS2: Remove extra "if" in gfs2_log_flush() - gfs2: fix use-after-free on transaction ail lists - gfs2: Trim the ordered write list in gfs2_ordered_write() - GFS2: Clean up releasepage - gfs2: Only set PageChecked if we have a transaction - gfs2: Fix case in which ail writes are done to jdata holes - gfs2: simplify gfs2_block_map - gfs2: Remove unused gfs2_iomap_alloc argument - gfs2: Be more careful with the quota sync generation - gfs2: Get rid of some unnecessary quota locking - gfs2: Add some missing quota locking - gfs2: Fold qd_fish into gfs2_quota_sync - gfs2: quota need_sync cleanup - gfs2: Fix and clean up function do_qc - gfs2: Revert "Add quota_change type" - gfs2: Revert "ignore negated quota changes" - gfs2: qd_check_sync cleanups - gfs2: Check quota consistency on mount - gfs2: Minor gfs2_quota_init error path cleanup - gfs2: fix kernel BUG in gfs2_quota_cleanup - gfs2: Clean up quota.c:print_message - gfs2: Clean up gfs2_alloc_parms initializers - gfs2: Two quota=account mode fixes - gfs2: Remove useless assignment - gfs2: simplify slot_get - gfs2: Simplify qd2offset - gfs2: Remove quota allocation info from quota file - gfs2: use constant for array size - gfs2: Set qd_sync_gen in do_sync - gfs2: Remove useless err set - gfs2: Small gfs2_quota_lock cleanup - gfs2: move qdsb_put and reduce redundancy - gfs2: Don't try to sync non-changes - gfs2: Simplify function need_sync - gfs2: remove unneeded pg_oflow variable - gfs2: remove unneeded variable done - gfs2: pass sdp to gfs2_write_buf_to_page - gfs2: pass sdp in to gfs2_write_disk_quota - gfs2: Pass sdp to gfs2_adjust_quota - gfs2: remove dead code for quota writes - gfs2: Use qd_sbd more consequently - gfs2: replace 'found' with dedicated list iterator variable - gfs2: Some whitespace cleanups - gfs2: Fix gfs2_qa_get imbalance in gfs2_quota_hold