- nfs: fix UAF in direct writes {CVE-2024-26958} - NFSD: Fix the behavior of READ near OFFSET_MAX {CVE-2022-48827} - thermal: core: prevent potential string overflow {CVE-2023-52868} - ath5k: fix OOB in ath5k_eeprom_read_pcal_info_5111 {CVE-2021-47633} - RDMA/cma: Ensure rdma_addr_cancel() happens before issuing more requests {CVE-2021-47391} - drm/dp_mst: Fix MST sideband message body length check {CVE-2024-56616} - Squashfs: check the inode number is not the invalid value of zero {CVE-2024-26982} - wifi: mac80211: fix potential key use-after-free {CVE-2023-52530} - crypto: qat - resolve race condition during AER recovery {CVE-2024-26974} - netfilter: validate user input for expected length {CVE-2024-35896} - wifi: cfg80211: check A-MSDU format more carefully {CVE-2024-35937} - net: bridge: xmit: make sure we have at least eth header len bytes {CVE-2024-38538} - bonding: Fix out-of-bounds read in bond_option_arp_ip_targets_set() {CVE-2024-39487} - SUNRPC: Fix UAF in svc_tcp_listen_data_ready() {CVE-2023-52885} - tty: Fix out-of-bound vmalloc access in imageblit {CVE-2021-47383} - watchdog: Fix possible use-after-free by calling del_timer_sync() {CVE-2021-47321} - virtio-net: Add validation for used length {CVE-2021-47352} - USB: core: Fix hang in usb_kill_urb by adding memory barriers {CVE-2022-48760} - scsi: mpt3sas: Avoid test/set_bit() operating in non-allocated memory {CVE-2024-40901} - xfs: add bounds checking to xlog_recover_process_data {CVE-2024-41014} - scsi: mpt3sas: Fix use-after-free warning {CVE-2022-48695} - jffs2: prevent xattr node from overflowing the eraseblock {CVE-2024-38599} - ecryptfs: Fix buffer size for tag 66 packet {CVE-2024-38578} - dlm: fix plock invalid read {CVE-2022-49407} - media: gspca: cpia1: shift-out-of-bounds in set_flicker {CVE-2023-52764} - igb: Fix potential invalid memory access in igb_init_module() {CVE-2024-52332} - jfs: fix shift-out-of-bounds in dbSplit {CVE-2024-56597} - wifi: ath9k: Fix potential array-index-out-of-bounds read in ath9k_htc_txstatus() {CVE-2023-52594} - pid: take a reference when initializing `cad_pid` {CVE-2021-47118} - Bluetooth: af_bluetooth: Fix Use-After-Free in bt_sock_recvmsg {CVE-2023-51779} - sched/rt: pick_next_rt_entity(): check list_entry {CVE-2023-1077} - media: dm1105: Fix use after free bug in dm1105_remove due to race condition {CVE-2023-35824} - xen/grant-table: add gnttab_try_end_foreign_access() {CVE-2022-23038} - media: dvb-core: Fix use-after-free due to race at dvb_register_device() {CVE-2022-45884} - media: dvb-core: Fix use-after-free due on race condition at dvb_net {CVE-2022-45886} - media: dvb-core: Fix use-after-free on race condition at dvb_frontend {CVE-2022-45885} - media: dvb-core: Fix use-after-free due to race condition at dvb_ca_en50221 {CVE-2022-45919} - x86/elf: Disable automatic READ_IMPLIES_EXEC on 64-bit {CVE-2022-25265} - x86/elf: Split READ_IMPLIES_EXEC from executable PT_GNU_STACK {CVE-2022-25265} - x86/elf: Add table to document READ_IMPLIES_EXEC {CVE-2022-25265} - i2c: i801: Don't generate an interrupt on bus reset {CVE-2021-47153}