- Bluetooth: af_bluetooth: Fix Use-After-Free in bt_sock_recvmsg {CVE-2024-21803} - net: defer final 'struct net' free in netns dismantle {CVE-2024-56658} - netfilter: validate user input for expected length {CVE-2024-35896} - drm/amd/display: Fix out-of-bounds access in 'dcn21_link_encoder_create' {CVE-2024-56608} - smb: client: fix UAF in async decryption {CVE-2024-50047} - drm/amdgpu: fix usage slab after free {CVE-2024-56551} - nvme: avoid double free special payload {CVE-2024-41073} - xfs: add bounds checking to xlog_recover_process_data {CVE-2024-41014} - net/sched: act_mirred: don't override retval if we already lost the skb {CVE-2024-26739} - ext4: fix timer use-after-free on failed mount {CVE-2024-49960} - smb: client: fix potential UAF in cifs_stats_proc_show() {CVE-2024-35867} - smb: client: fix potential UAF in cifs_debug_files_proc_show() {CVE-2024-26928} - RDMA/mlx5: Fix fortify source warning while accessing Eth segment {CVE-2024-26907} - stddef: Introduce DECLARE_FLEX_ARRAY() helper - nvme-tcp: fix potential memory corruption in nvme_tcp_recv_pdu() {CVE-2025-21927} - net_sched: sch_sfq: move the limit validation {CVE-2024-57996} - net_sched: sch_sfq: use a temporary work area for validating configuration - net_sched: sch_sfq: don't allow 1 packet limit {CVE-2024-57996} - net_sched: sch_sfq: handle bigger packets - net_sched: sch_sfq: annotate data-races around q->perturb_period - squashfs: fix memory leak in squashfs_fill_super - netfilter: nf_tables: adjust lockdep assertions handling - Revert "vgacon: Add check for vc_origin address range in vgacon_scroll()" - ASoC: ops: dynamically allocate struct snd_ctl_elem_value - KVM: x86: use array_index_nospec with indices that come from guest - KVM: APIC: add helper func to remove duplicate code in kvm_pv_send_ipi - rds: Fix NULL ptr deref in xas_start - mm: make page_mapped_in_vma() hugetlb walk aware - mm/rmap: Fix handling of hugetlbfs pages in page_vma_mapped_walk - net_sched: sch_sfq: move the limit validation {CVE-2025-37752} - net_sched: sch_sfq: use a temporary work area for validating configuration - net_sched: sch_sfq: don't allow 1 packet limit {CVE-2024-57996} - net_sched: sch_sfq: handle bigger packets - net_sched: sch_sfq: annotate data-races around q->perturb_period - squashfs: fix memory leak in squashfs_fill_super - netfilter: nf_tables: adjust lockdep assertions handling - Revert "vgacon: Add check for vc_origin address range in vgacon_scroll()" - ASoC: ops: dynamically allocate struct snd_ctl_elem_value - KVM: x86: use array_index_nospec with indices that come from guest - KVM: APIC: add helper func to remove duplicate code in kvm_pv_send_ipi - rds: Fix NULL ptr deref in xas_start - mm: make page_mapped_in_vma() hugetlb walk aware - mm/rmap: Fix handling of hugetlbfs pages in page_vma_mapped_walk