- wifi: iwlwifi: mvm: guard against invalid STA ID on removal {CVE-2024-36921} - ASoC: topology: Fix references to freed memory {CVE-2024-41069} - net/sched: act_mirred: don't override retval if we already lost the skb {CVE-2024-26739} - drivers: base: Free devm resources when unregistering a device {CVE-2023-53596} - usb: core: config: Prevent OOB read in SS endpoint companion parsing {CVE-2025-39760} - fbdev: Fix vmalloc out-of-bounds write in fast_imageblit {CVE-2025-38685} - net/mlx5e: Avoid field-overflowing memcpy() {CVE-2022-48744} - ext4: fix use-after-free in ext4_orphan_cleanup {CVE-2022-50673} - xfrm: fix slab-use-after-free in decode_session6 {CVE-2023-53500} - net: bridge: xmit: make sure we have at least eth header len bytes {CVE-2024-38538} - NFSD: Avoid calling OPDESC() with ops->opnum == OP_ILLEGAL {CVE-2023-53680} - perf/core: Exit early on perf_mmap() fail {CVE-2025-38565} - i40e: fix IRQ freeing in i40e_vsi_request_irq_msix error path {CVE-2025-39911} - fs/proc: fix uaf in proc_readdir_de() {CVE-2025-40271} - virtio_net: fix xdp_rxq_info bug after suspend/resume {CVE-2022-49687} - NFSD: Fix the behavior of READ near OFFSET_MAX {CVE-2022-48827} - usb: xhci: Apply the link chain quirk on NEC isoc endpoints {CVE-2025-22022} - Bluetooth: RFCOMM: Fix not validating setsockopt user input {CVE-2024-35966} - Bluetooth: L2CAP: Fix not validating setsockopt user input {CVE-2024-35965} - Bluetooth: SCO: Fix not validating setsockopt user input {CVE-2024-35967} - netfilter: nf_tables: prefer nft_chain_validate {CVE-2024-41042} - netfilter: validate user input for expected length {CVE-2024-35896} - erspan: do not use skb_mac_header() in ndo_start_xmit() {CVE-2023-53053} - scsi: libsas: Fix use-after-free bug in smp_execute_task_sg() {CVE-2022-50422} - i40e: remove read access to debugfs files {CVE-2025-39901} - wifi: cfg80211: check A-MSDU format more carefully {CVE-2024-35937} - Bluetooth: hci_sock: Prevent race in socket write iter and sock bind {CVE-2025-68305} - RDMA/core: Fix "KASAN: slab-use-after-free Read in ib_register_device" problem {CVE-2025-38022} - netfilter: allow exp not to be removed in nf_ct_find_expectation {CVE-2023-52927} - dm-bufio: don't schedule in atomic context {CVE-2025-37928} - HID: multitouch: Add NULL check in mt_input_configured {CVE-2024-58020} - netfilter: nft_set_pipapo: clamp maximum map bucket size to INT_MAX {CVE-2025-38201} - fs: writeback: fix use-after-free in __mark_inode_dirty() {CVE-2025-39866} - tracing/histograms: Add histograms to hist_vars if they have referenced variables {CVE-2023-53560} - netfilter: conntrack: Avoid nf_ct_helper_hash uses after free {CVE-2023-53619} - drm/dp_mst: Fix MST sideband message body length check {CVE-2024-56616} - KVM: SVM: Flush pages under kvm->lock to fix UAF in svm_register_enc_region() {CVE-2024-35791} - scsi: ses: Fix slab-out-of-bounds in ses_intf_remove() {CVE-2023-53521} - dm cache: Fix UAF in destroy() {CVE-2022-50496} - xhci: Remove device endpoints from bandwidth list when freeing the device {CVE-2022-50470} - Bluetooth: L2CAP: Fix user-after-free {CVE-2022-50386} - mlxsw: spectrum_mr: Fix use-after-free when updating multicast route stats {CVE-2025-68800} - net/sched: Enforce that teql can only be used as root qdisc {CVE-2026-23074} - igb: Do not bring the device up after non-fatal error {CVE-2024-50040} - wifi: mwifiex: Initialize the chan_stats array to zero {CVE-2025-39891} - HID: asus: fix UAF via HID_CLAIMED_INPUT validation {CVE-2025-39824} - fbdev: Add bounds checking in bit_putcs to fix vmalloc-out-of-bounds {CVE-2025-40304} - HID: multitouch: Correct devm device reference for hidinput input_dev name {CVE-2023-53454} - udf: Do not bother merging very long extents {CVE-2023-53506} - wifi: brcmfmac: Fix potential shift-out-of-bounds in brcmf_fw_alloc_request() {CVE-2022-50551} - ring-buffer: Sync IRQ works before buffer destruction {CVE-2023-53587} - dm integrity: call kmem_cache_destroy() in dm_integrity_init() error path {CVE-2023-53604} - gfs2: Fix possible data races in gfs2_show_options() {CVE-2023-53622} - iavf: Fix use-after-free in free_netdev {CVE-2023-53556} - cnic: Fix use-after-free bugs in cnic_delete_task {CVE-2025-39945} - kernfs: fix use-after-free in __kernfs_remove {CVE-2022-50432} - tcp_bpf: Call sk_msg_free() when tcp_bpf_send_verdict() fails to allocate psock->cork. {CVE-2025-39913} - tcp: fix a signed-integer-overflow bug in tcp_add_backlog() {CVE-2022-50865} - HID: core: do not bypass hid_hw_raw_request {CVE-2025-38494} - drm/amdgpu/gfx: disable gfx9 cp_ecc_error_irq only when enabling legacy gfx ras {CVE-2023-53471} - wifi: iwlwifi: pcie: Fix integer overflow in iwl_write_to_user_buf {CVE-2023-53524} - scsi: lpfc: Fix use-after-free KFENCE violation during sysfs firmware write {CVE-2023-53282} - rcu: Fix rcu_read_unlock() deadloop due to IRQ work {CVE-2025-39744} - smb: client: let recv_done verify data_offset, data_length and remaining_data_length {CVE-2025-39933} - mm/memory-failure: fix VM_BUG_ON_PAGE(PagePoisoned(page)) when unpoison memory {CVE-2025-39883} - ceph: avoid putting the realm twice when decoding snaps fails {CVE-2022-49770} - wifi: iwlwifi: fix a memory corruption {CVE-2024-26610} - asix: fix uninit-value in asix_mdio_read() {CVE-2021-47101} - igb: Fix igb_down hung on surprise removal {CVE-2023-53148} - VMCI: fix race between vmci_host_setup_notify and vmci_ctx_unset_notify {CVE-2025-38102}