- net/ieee802154: don't warn zero-sized raw_sendmsg() {CVE-2022-50706} - scsi: target: iscsi: Fix buffer overflow in lio_target_nacl_info_show() {CVE-2023-53676} - ALSA: usb-audio: Fix potential overflow of PCM transfer buffer {CVE-2025-40269} - ipv6: reject malicious packets in ipv6_gso_segment() {CVE-2025-38572} - smb: client: Fix use-after-free in cifs_fill_dirent {CVE-2025-38051} - net: atm: fix /proc/net/atm/lec handling {CVE-2025-38180} - HID: intel-ish-hid: ipc: Fix potential use-after-free in work function {CVE-2023-53039} - Bluetooth: L2CAP: Fix use-after-free {CVE-2023-53305} - wifi: brcmfmac: fix use-after-free when rescheduling brcmf_btcoex_info work {CVE-2025-39863} - sched, cpuset: Fix dl_cpu_busy() panic due to empty cs->cpus_allowed {CVE-2022-50103} - nfsd: handle get_client_locked() failure in nfsd4_setclientid_confirm() {CVE-2025-38724} - xfrm: Duplicate SPI Handling {CVE-2025-39797} - scsi: lpfc: Prevent buffer overflow crashes in debugfs with malformed user input {CVE-2022-50030} - net/mlx5e: IPoIB, Block PKEY interfaces with less rx queues than parent {CVE-2022-48883} - net/mlx5e: Move representor neigh cleanup to profile cleanup_tx {CVE-2023-54148} - dm raid: fix address sanitizer warning in raid_resume {CVE-2022-50085} - ASoC: SOF: Intel: hda: Fix potential buffer overflow by snprintf() {CVE-2022-50050} - nfs: fix UAF in direct writes {CVE-2024-26958} - iomap: iomap: fix memory corruption when recording errors during writeback {CVE-2022-50406} - drm/amdkfd: Fix an illegal memory access {CVE-2023-53090} - scsi: target: Fix WRITE_SAME No Data Buffer crash {CVE-2022-21546} - ALSA: pcm: Fix potential data race at PCM memory allocation helpers {CVE-2023-54072} - drm/amd/display: fix shift-out-of-bounds in CalculateVMAndRowBytes {CVE-2023-53077} - net: bridge: use DEV_STATS_INC() {CVE-2023-52578} - loop: Fix use-after-free issues {CVE-2023-53111} - media: rc: fix races with imon_disconnect() {CVE-2025-39993} - fbcon: Make sure modelist not set on unregistered console {CVE-2025-38198} - vsock: Ignore signal/timeout on connect() if already established {CVE-2025-40248} - Bluetooth: hci_event: call disconnect callback before deleting conn {CVE-2023-53673} - ALSA: usb-audio: Validate UAC3 power domain descriptors, too {CVE-2025-38729} - libceph: fix potential use-after-free in have_mon_and_osd_map() {CVE-2025-68285} - firewire: net: fix use after free in fwnet_finish_incoming_packet() {CVE-2023-53432} - tracing: Fix wild-memory-access in register_synth_event() {CVE-2022-49799} - iommu/vt-d: avoid invalid memory access via node_online(NUMA_NO_NODE) {CVE-2022-50093} - drm/shmem-helper: Remove another errant put in error path {CVE-2023-53084} - wifi: mac80211: Fix UAF in ieee80211_scan_rx() {CVE-2022-49934} - drm/radeon: fix potential buffer overflow in ni_set_mc_special_registers() {CVE-2022-50185} - ext4: fix undefined behavior in bit shift for ext4_check_flag_values {CVE-2022-50403} - wifi: rtlwifi: Fix global-out-of-bounds bug in _rtl8812ae_phy_set_txpower_limit() {CVE-2022-50279} - nbd: fix incomplete validation of ioctl arg {CVE-2023-53513} - r8169: Fix possible ring buffer corruption on fragmented Tx packets. {CVE-2024-38586} - sctp: handle the error returned from sctp_auth_asoc_init_active_key {CVE-2022-50243} - crypto: qat - resolve race condition during AER recovery {CVE-2024-39493} - i40e: fix idx validation in config queues msg {CVE-2025-39971} - netfilter: nf_tables: prefer nft_chain_validate {CVE-2024-41042} - platform/x86: wmi: Fix opening of char device {CVE-2023-52864} - netfilter: validate user input for expected length {CVE-2024-35962} - wifi: ath9k: Fix potential array-index-out-of-bounds read in ath9k_htc_txstatus() {CVE-2023-52594} - Squashfs: check the inode number is not the invalid value of zero {CVE-2024-26982} - wifi: iwlwifi: fix a memory corruption {CVE-2024-26610} - pid: take a reference when initializing `cad_pid` {CVE-2021-47118} - wifi: cfg80211: check A-MSDU format more carefully {CVE-2024-35937} - net_sched: hfsc: Fix a UAF vulnerability in class handling {CVE-2025-37797} - wifi: iwlwifi: mvm: guard against invalid STA ID on removal {CVE-2024-36921} - HID: core: Harden s32ton() against conversion to 0 bits {CVE-2025-38556} - net: bridge: xmit: make sure we have at least eth header len bytes {CVE-2024-38538} - i2c: i801: Don't generate an interrupt on bus reset {CVE-2021-47153} - nvmet: avoid potential UAF in nvmet_req_complete() {CVE-2023-53116} - drm/dp_mst: Fix MST sideband message body length check {CVE-2024-56616} - ceph: avoid putting the realm twice when decoding snaps fails {CVE-2022-49770} - fs: prevent out-of-bounds array speculation when closing a file descriptor {CVE-2023-53117} - ipv6: addrlabel: fix infoleak when sending struct ifaddrlblmsg to network {CVE-2022-49865} - ring-buffer: Fix deadloop issue on reading trace_pipe {CVE-2023-53668} - binfmt_misc: fix shift-out-of-bounds in check_special_flags {CVE-2022-50497} - NFSv4/pNFS: Clear NFS_INO_LAYOUTCOMMIT in pnfs_mark_layout_stateid_invalid {CVE-2025-68349} - pptp: ensure minimal skb length in pptp_xmit() {CVE-2025-38574} - lib: cpu_rmap: Avoid use after free on rmap->obj array entries {CVE-2023-53484} - fbdev: fix potential buffer overflow in do_register_framebuffer() {CVE-2025-38702} - i40e: Fix potential invalid access when MAC list is empty {CVE-2025-39853} - media: uvcvideo: Fix 1-byte out-of-bounds read in uvc_parse_format() {CVE-2025-38680} - fs/buffer: fix use-after-free when call bh_read() helper {CVE-2025-39691} - ipv6: Fix infinite recursion in fib6_dump_done(). {CVE-2024-35886} - powercap: intel_rapl: fix UBSAN shift-out-of-bounds issue {CVE-2022-50366} - wifi: iwlwifi: mvm: fix double list_add at iwl_mvm_mac_wake_tx_queue {CVE-2022-50164} - sched/fair: Don't balance task to its current running CPU {CVE-2023-53215} - rbd: avoid use-after-free in do_rbd_add() when rbd_dev_create() fails {CVE-2023-53307} - mptcp: fix race condition in mptcp_schedule_work() {CVE-2025-40258} - fbdev: bitblit: bound-check glyph index in bit_putcs* {CVE-2025-40322} - mac802154: fix llsec key resources release in mac802154_llsec_key_del {CVE-2024-26961} - ftrace: Fix UAF when lookup kallsym after ftrace disabled {CVE-2025-38346} - net: atm: add lec_mutex {CVE-2025-38323} - netlink: prevent potential spectre v1 gadgets {CVE-2023-53000} - ath9k_htc: fix potential out of bounds access with invalid rxstatus->rs_keyix {CVE-2022-49503} - isofs: Prevent the use of too small fid {CVE-2025-37780} - bpf: Don't redirect packets with invalid pkt_len {CVE-2022-49975} - net: mdio: fix undefined behavior in bit shift for __mdiobus_register {CVE-2022-49907} - Bluetooth: btsdio: fix use after free bug in btsdio_remove due to race condition {CVE-2023-1989,CVE-2023-53145} - dm raid: fix address sanitizer warning in raid_status {CVE-2022-50084} - be2net: Fix buffer overflow in be_get_module_eeprom {CVE-2022-49581} - capabilities: fix undefined behavior in bit shift for CAP_TO_MASK {CVE-2022-49870} - drm/amd/display: Check num_valid_sets before accessing reader_wm_sets[] {CVE-2024-46815} - selinux: Add boundary check in put_entry() {CVE-2022-50200} - usbnet: Fix linkwatch use-after-free on disconnect {CVE-2022-50220} - ipc: fix to protect IPCS lookups using RCU {CVE-2025-38212} - wifi: cfg80211: Fix use after free for wext {CVE-2023-53153} - igb: Do not free q_vector unless new one was allocated {CVE-2022-50252} - tcp: Clear tcp_sk(sk)->fastopen_rsk in tcp_disconnect(). {CVE-2025-39955} - vsock/vmci: Clear the vmci transport packet properly when initializing it {CVE-2025-38403} - RDMA/rxe: Fix slab-use-after-free Read in rxe_queue_cleanup bug {CVE-2025-38024} - VMCI: check context->notify_page after call to get_user_pages_fast() to avoid GPF {CVE-2023-53259} - wifi: ath9k_htc: Abort software beacon handling if disabled {CVE-2025-38157} - atm: Release atm_dev_mutex after removing procfs in atm_dev_deregister(). {CVE-2025-38245} - Squashfs: check return result of sb_min_blocksize {CVE-2025-38415} - ftrace: Fix invalid address access in lookup_rec() when index is 0 {CVE-2023-53075} - ipvs: fix WARNING in ip_vs_app_net_cleanup() {CVE-2022-49917} - vt: Clear selection before changing the font {CVE-2022-49948} - dm raid: fix accesses beyond end of raid member array {CVE-2022-49674} - drm/amd/display: Check pipe offset before setting vblank {CVE-2024-42120} - ASoC: Intel: bytcr_rt5640: Fix invalid quirk input mapping {CVE-2025-40154} - drm/vmwgfx: Validate command header size against SVGA_CMD_MAX_DATASIZE {CVE-2025-40277} - scsi: lpfc: Prevent lpfc_debugfs_lockstat_write() buffer overflow {CVE-2023-54102} - net_sched: hfsc: Fix a potential UAF in hfsc_dequeue() too {CVE-2025-37823} - ata: libata-transport: fix double ata_host_put() in ata_tport_add() {CVE-2022-49826} - iommu/amd: Fix potential buffer overflow in parse_ivrs_acpihid {CVE-2025-37927} - tracing: Fix oob write in trace_seq_to_buffer() {CVE-2025-37923} - jbd2: remove wrong sb->s_sequence check {CVE-2025-37839} - RDMA/srpt: Do not register event handler until srpt device is fully setup {CVE-2024-26872} - net: ppp: Add bound checking for skb data on ppp_sync_txmung {CVE-2025-37749} - perf/core: Bail out early if the request AUX area is out of bound {CVE-2023-52835} - mlxsw: spectrum_acl_tcam: Fix possible use-after-free during activity update {CVE-2024-35855} - net: openvswitch: Fix Use-After-Free in ovs_ct_exit {CVE-2024-27395} - media: gspca: cpia1: shift-out-of-bounds in set_flicker {CVE-2023-52764} - net/mlx5: Discard command completions in internal error {CVE-2024-38555} - net/mlx5: Devcom, fix error flow in mlx5_devcom_register_device {CVE-2023-54015} - kobject_uevent: Fix OOB access within zap_modalias_env() {CVE-2024-42292} - stm class: Fix a double free in stm_register_device() {CVE-2024-38627} - leds: trigger: Unregister sysfs attributes before calling deactivate() {CVE-2024-43830} - bonding: Fix out-of-bounds read in bond_option_arp_ip_targets_set() {CVE-2024-39487} - SUNRPC: Fix UAF in svc_tcp_listen_data_ready() {CVE-2023-52885} - scsi: qedi: Fix crash while reading debugfs attribute {CVE-2024-40978}