- rds: tcp: block BH in TCP callbacks - kexec: Improve & fix crash_exclude_mem_range() to handle overlapping ranges - module: correctly exit module_kallsyms_on_each_symbol when fn() != 0 - module: potential uninitialized return in module_kallsyms_on_each_symbol() - module: use RCU to synchronize find_module - kallsyms: refactor {,module_}kallsyms_on_each_symbol - LTS tag: v5.4.295 - scsi: qedf: Use designated initializer for struct qed_fcoe_cb_ops - arm64/ptrace: Fix stack-out-of-bounds read in regs_get_kernel_stack_nth() {CVE-2025-38320} - perf: Fix sample vs do_exit() {CVE-2025-38424} - s390/pci: Fix __pcilg_mio_inuser() inline assembly - rtc: test: Fix invalid format specifier. - jbd2: fix data-race and null-ptr-deref in jbd2_journal_dirty_metadata() {CVE-2025-38337} - mm/huge_memory: fix dereferencing invalid pmd migration entry {CVE-2025-37958} - rtc: Make rtc_time64_to_tm() support dates before 1970 - rtc: Improve performance of rtc_time64_to_tm(). Add tests. - xprtrdma: fix pointer derefs in error cases of rpcrdma_ep_create {CVE-2022-48773} - posix-cpu-timers: fix race between handle_posix_cpu_timers() and posix_cpu_timer_del() {CVE-2025-38352} - ARM: dts: am335x-bone-common: Increase MDIO reset deassert delay to 50ms - ARM: dts: am335x-bone-common: Increase MDIO reset deassert time - ARM: dts: am335x-bone-common: Add GPIO PHY reset on revision C3 board - net: atm: fix /proc/net/atm/lec handling {CVE-2025-38180} - net: atm: add lec_mutex {CVE-2025-38323} - calipso: Fix null-ptr-deref in calipso_req_{set,del}attr(). {CVE-2025-38181} - tipc: fix null-ptr-deref when acquiring remote ip of ethernet bearer {CVE-2025-38184} - tcp: fix tcp_packet_delayed() for tcp_is_non_sack_preventing_reopen() behavior - atm: atmtcp: Free invalid length skb in atmtcp_c_send(). {CVE-2025-38185} - mpls: Use rcu_dereference_rtnl() in mpls_route_input_rcu(). {CVE-2025-38324} - wifi: carl9170: do not ping device which has failed to load firmware {CVE-2025-38420} - aoe: clean device rq_list in aoedev_downdev() {CVE-2025-38326} - hwmon: (occ) fix unaligned accesses - drm/nouveau/bl: increase buffer size to avoid truncate warning - erofs: remove unused trace event erofs_destroy_inode - ALSA: hda/realtek: enable headset mic on Latitude 5420 Rugged - ALSA: hda/intel: Add Thinkpad E15 to PM deny list - Input: sparcspkr - avoid unannotated fall-through - HID: usbhid: Eliminate recurrent out-of-bounds bug in usbhid_parse() {CVE-2025-38103} - atm: Revert atm_account_tx() if copy_from_iter_full() fails. {CVE-2025-38190} - selinux: fix selinux_xfrm_alloc_user() to set correct ctx_len - scsi: s390: zfcp: Ensure synchronous unit_add - scsi: storvsc: Increase the timeouts to storvsc_timeout - jffs2: check jffs2_prealloc_raw_node_refs() result in few other places {CVE-2025-38328} - jffs2: check that raw node were preallocated before writing summary {CVE-2025-38194} - drivers/rapidio/rio_cm.c: prevent possible heap overwrite {CVE-2025-38090} - powerpc/eeh: Fix missing PE bridge reconfiguration during VFIO EEH recovery - platform/x86: dell_rbu: Stop overwriting data buffer - platform: Add Surface platform directory - Revert "bus: ti-sysc: Probe for l4_wkup and l4_cfg interconnect devices first" - tee: Prevent size calculation wraparound on 32-bit kernels - ARM: OMAP2+: Fix l4ls clk domain handling in STANDBY - bus: fsl-mc: increase MC_CMD_COMPLETION_TIMEOUT_MS value - watchdog: da9052_wdt: respect TWDMIN - i40e: fix MMIO write access to an invalid page in i40e_clear_hw {CVE-2025-38200} - sock: Correct error checking condition for (assign|release)_proto_idx() - scsi: lpfc: Use memcpy() for BIOS version {CVE-2025-38332} - vxlan: Do not treat dst cache initialization errors as fatal - clk: rockchip: rk3036: mark ddrphy as critical - wifi: mac80211: do not offer a mesh path if forwarding is disabled - net: mlx4: add SOF_TIMESTAMPING_TX_SOFTWARE flag when getting ts info - pinctrl: armada-37xx: propagate error from armada_37xx_gpio_get() - pinctrl: armada-37xx: propagate error from armada_37xx_pmx_gpio_set_direction() - pinctrl: armada-37xx: propagate error from armada_37xx_gpio_get_direction() - pinctrl: armada-37xx: propagate error from armada_37xx_pmx_set_by_name() - ipv4/route: Use this_cpu_inc() for stats on PREEMPT_RT - tcp: fix initial tp->rcvq_space.space value for passive TS enabled flows - tcp: always seek for minimal rtt in tcp_rcv_rtt_update() - net: dlink: add synchronization for stats update - sctp: Do not wake readers in __sctp_write_space() - emulex/benet: correct command version selection in be_cmd_get_stats() - i2c: designware: Invoke runtime suspend on quick slave re-registration - net: macb: Check return value of dma_set_mask_and_coherent() - cpufreq: Force sync policy boost with global boost on sysfs update - nios2: force update_mmu_cache on spurious tlb-permission--related pagefaults - media: platform: exynos4-is: Add hardware sync wait to fimc_is_hw_change_mode() {CVE-2025-38237} - media: tc358743: ignore video while HPD is low - drm/amdkfd: Set SDMA_RLCx_IB_CNTL/SWITCH_INSIDE_IB - jfs: Fix null-ptr-deref in jfs_ioc_trim {CVE-2025-38203} - drm/amdgpu/gfx9: fix CSIB handling - drm/amdgpu/gfx8: fix CSIB handling - jfs: fix array-index-out-of-bounds read in add_missing_indices {CVE-2025-38204} - drm/amdgpu/gfx7: fix CSIB handling - drm/amdgpu/gfx10: fix CSIB handling - drm/msm/a6xx: Increase HFI response timeout - drm/amd/display: Add NULL pointer checks in dm_force_atomic_commit() - media: uapi: v4l: Fix V4L2_TYPE_IS_OUTPUT condition - drm/msm/hdmi: add runtime PM calls to DDC transfer function - drm/bridge: analogix_dp: Add irq flag IRQF_NO_AUTOEN instead of calling disable_irq() - sunrpc: update nextcheck time when adding new cache entries - drm/amdgpu/gfx6: fix CSIB handling - ACPI: battery: negate current when discharging - PM: runtime: fix denying of auto suspend in pm_suspend_timer_fn() - power: supply: bq27xxx: Retrieve again when busy - ACPICA: fix acpi parse and parseext cache leaks {CVE-2025-38344} - ACPICA: Avoid sequence overread in call to strncmp() - ACPICA: fix acpi operand cache leak in dswstate.c {CVE-2025-38345} - iio: adc: ad7606_spi: fix reg write value mask - PCI: Fix lock symmetry in pci_slot_unlock() - PCI: Add ACS quirk for Loongson PCIe - uio_hv_generic: Use correct size for interrupt and monitor pages - regulator: max14577: Add error check for max14577_read_reg() - mips: Add -std= flag specified in KBUILD_CFLAGS to vdso CFLAGS - staging: iio: ad5933: Correct settling cycles encoding per datasheet - net: ch9200: fix uninitialised access during mii_nway_restart {CVE-2025-38086} - ftrace: Fix UAF when lookup kallsym after ftrace disabled {CVE-2025-38346} - dm-mirror: fix a tiny race condition - mtd: nand: sunxi: Add randomizer configuration before randomizer enable - mtd: rawnand: sunxi: Add randomizer configuration in sunxi_nfc_hw_ecc_write_chunk - mm: fix ratelimit_pages update error in dirty_ratio_handler() - ipc: fix to protect IPCS lookups using RCU {CVE-2025-38212} - parisc: fix building with gcc-15 - vgacon: Add check for vc_origin address range in vgacon_scroll() {CVE-2025-38213} - fbdev: Fix fb_set_var to prevent null-ptr-deref in fb_videomode_to_var {CVE-2025-38214} - EDAC/altera: Use correct write width with the INTTEST register - NFC: nci: uart: Set tty->disc_data only in success path {CVE-2025-38416} - f2fs: prevent kernel warning due to negative i_nlink from corrupted image {CVE-2025-38219} - Input: ims-pcu - check record size in ims_pcu_flash_firmware() {CVE-2025-38428} - ext4: fix calculation of credits for extent tree modification - ext4: inline: fix len overflow in ext4_prepare_inline_data {CVE-2025-38222} - bus: fsl-mc: do not add a device-link for the UAPI used DPMCP device - ata: pata_via: Force PIO for ATAPI devices on VT6415/VT6330 {CVE-2025-38336} - ARM: 9447/1: arm/memremap: fix arch_memremap_can_ram_remap() - media: v4l2-dev: fix error handling in __video_register_device() - media: gspca: Add error handling for stv06xx_read_sensor() - wifi: rtlwifi: disable ASPM for RTL8723BE with subsystem ID 11ad:1723 - nfsd: nfsd4_spo_must_allow() must check this is a v4 compound request {CVE-2025-38430} - wifi: p54: prevent buffer-overflow in p54_rx_eeprom_readback() {CVE-2025-38348} - gfs2: move msleep to sleepable context - configfs: Do not override creating attribute file failure in populate_attrs() - net: usb: aqc111: debug info before sanitation - calipso: unlock rcu before returning -EAFNOSUPPORT - xen/arm: call uaccess_ttbr0_enable for dm_op hypercall - usb: Flush altsetting 0 endpoints before reinitializating them after reset. - fs/filesystems: Fix potential unsigned integer underflow in fs_name() - net/mdiobus: Fix potential out-of-bounds read/write access {CVE-2025-38111} - drm/amd/display: Do not add '-mhard-float' to dcn2{1,0}_resource.o for clang - drm/amd/display: Do not add '-mhard-float' to dml_ccflags for clang - MIPS: Move '-Wa,-msoft-float' check from as-option to cc-option - x86/boot/compressed: prefer cc-option for CFLAGS additions - net: mdio: C22 is now optional, EOPNOTSUPP if not provided - net_sched: tbf: fix a race in tbf_change() - net_sched: red: fix a race in __red_change() {CVE-2025-38108} - net_sched: prio: fix a race in prio_tune() {CVE-2025-38083} - net/mlx5: Fix return value when searching for existing flow group - net/mlx5: Wait for inactive autogroups - i40e: retry VFLR handling if there is ongoing VF reset - i40e: return false from i40e_reset_vf if reset is in progress - net_sched: sch_sfq: fix a potential crash on gso_skb handling {CVE-2025-38115} - scsi: iscsi: Fix incorrect error path labels for flashnode operations - NFSD: Fix NFSv3 SETATTR/CREATE's handling of large file sizes {CVE-2022-48829} - NFSD: Fix ia_size underflow {CVE-2022-48828} - Input: synaptics-rmi - fix crash with unsupported versions of F34 - Input: synaptics-rmi4 - convert to use sysfs_emit() APIs - pmdomain: core: Fix error checking in genpd_dev_pm_attach_by_id() - do_change_type(): refuse to operate on unmounted/not ours mounts {CVE-2025-38498} - ice: create new Tx scheduler nodes for new queues only - Bluetooth: L2CAP: Fix not responding with L2CAP_CR_LE_ENCRYPTION - net/mlx4_en: Prevent potential integer overflow calculating Hz - vt: remove VT_RESIZE and VT_RESIZEX from vt_compat_ioctl() - serial: Fix potential null-ptr-deref in mlb_usio_probe() {CVE-2025-38135} - usb: renesas_usbhs: Reorder clock handling and power management in probe {CVE-2025-38136} - rtc: Fix offset calculation for .start_secs < 0 - rtc: sh: assign correct interrupts with DT - perf record: Fix incorrect --user-regs comments - perf tests switch-tracking: Fix timestamp comparison - mfd: stmpe-spi: Correct the name used in MODULE_DEVICE_TABLE - mfd: exynos-lpass: Avoid calling exynos_lpass_disable() twice in exynos_lpass_remove() - rpmsg: qcom_smd: Fix uninitialized return variable in __qcom_smd_send() - perf scripts python: exported-sql-viewer.py: Fix pattern matching with Python 3 - perf ui browser hists: Set actions->thread before calling do_zoom_thread() - fbdev: core: fbcvt: avoid division by 0 in fb_cvt_hperiod() {CVE-2025-38312} - soc: aspeed: Add NULL check in aspeed_lpc_enable_snoop() {CVE-2025-38145} - soc: aspeed: lpc: Fix impossible judgment condition - arm64: dts: rockchip: disable unrouted USB controllers and PHY on RK3399 Puma with Haikou - ARM: dts: qcom: apq8064 merge hw splinlock into corresponding syscon device - bus: fsl-mc: fix double-free on mc_dev {CVE-2025-38313} - nilfs2: do not propagate ENOENT error from nilfs_btree_propagate() - nilfs2: add pointer check for nilfs_direct_propagate() - Squashfs: check return result of sb_min_blocksize {CVE-2025-38415} - ARM: dts: at91: at91sam9263: fix NAND chip selects - ARM: dts: at91: usb_a9263: fix GPIO for Dataflash chip select - f2fs: fix to correct check conditions in f2fs_cross_rename - f2fs: use d_inode(dentry) cleanup dentry->d_inode - calipso: Don't call calipso functions for AF_INET sk. {CVE-2025-38147} - net: lan743x: rename lan743x_reset_phy to lan743x_hw_reset_phy - net: usb: aqc111: fix error handling of usbnet read calls {CVE-2025-38153} - netfilter: nf_tables: nft_fib_ipv6: fix VRF ipv4/ipv6 result discrepancy - wifi: ath9k_htc: Abort software beacon handling if disabled {CVE-2025-38157} - bpf: Fix WARN() in get_bpf_raw_tp_regs {CVE-2025-38285} - pinctrl: at91: Fix possible out-of-boundary access {CVE-2025-38286} - ktls, sockmap: Fix missing uncharge operation - netfilter: bridge: Move specific fragmented packet to slow_path instead of dropping it - f2fs: clean up w/ fscrypt_is_bounce_page() - RDMA/hns: Include hnae3.h in hns_roce_hw_v2.h - wifi: rtw88: do not ignore hardware read error during DPK - net: ncsi: Fix GCPS 64-bit member variables - f2fs: fix to do sanity check on sbi->total_valid_block_count {CVE-2025-38163} - drm/tegra: rgb: Fix the unbound reference count - drm/vkms: Adjust vkms_state->active_planes allocation type - drm: rcar-du: Fix memory leak in rcar_du_vsps_init() - selftests/seccomp: fix syscall_restart test for arm compat - firmware: psci: Fix refcount leak in psci_dt_init - m68k: mac: Fix macintosh_config for Mac II - drm/vmwgfx: Add seqno waiter for sync_files - spi: sh-msiof: Fix maximum DMA transfer size - ACPI: OSI: Stop advertising support for "3.0 _SCP Extensions" - x86/mtrr: Check if fixed-range MTRRs exist in mtrr_save_fixed_ranges() - PM: wakeup: Delete space in the end of string shown by pm_show_wakelocks() - EDAC/skx_common: Fix general protection fault {CVE-2025-38298} - crypto: marvell/cesa - Avoid empty transfer descriptor - crypto: marvell/cesa - Handle zero-length skcipher requests {CVE-2025-38173} - x86/cpu: Sanitize CPUID(0x80000000) output - perf/core: Fix broken throttling when max_samples_per_tick=1 - gfs2: gfs2_create_inode error handling fix - netfilter: nft_socket: fix sk refcount leaks {CVE-2024-46855} - thunderbolt: Do not double dequeue a configuration request {CVE-2025-38174} - usb: usbtmc: Fix timeout value in get_stb - usb: storage: Ignore UAS driver for SanDisk 3.2 Gen2 storage device - usb: quirks: Add NO_LPM quirk for SanDisk Extreme 55AE - pinctrl: armada-37xx: set GPIO output value before setting direction - pinctrl: armada-37xx: use correct OUTPUT_VAL register for GPIOs > 31 - net/mlx5: Add poll-eq API to be used by ULP's - net/rds: poll eq during user-reset - perf: Fix perf_event_validate_size() lockdep splat {CVE-2023-6931} - perf: Fix perf_event_validate_size() {CVE-2023-6931} - net/mlx5: set graceful_period to 0 to allow multiple transmission queue recovery - pwm: mediatek: Ensure to disable clocks in error path - Revert "mmc: sdhci: Disable SD card clock before changing parameters" - net/sched: Always pass notifications when child class becomes empty {CVE-2025-38350} - x86/bpf: Classic BPF program can fail when BHB barrier is used - Add Zen34 clients {CVE-2024-36350} - x86/process: Move the buffer clearing before MONITOR {CVE-2024-36350} - KVM: SVM: Advertize TSA CPUID bits to guests {CVE-2024-36350} - x86/bugs: Add a Transient Scheduler Attacks mitigation {CVE-2024-36350} - KVM: x86: add support for CPUID leaf 0x80000021 {CVE-2024-36350} - x86/bugs: Rename MDS machinery to something more generic {CVE-2024-36350} - x86/CPU/AMD: Add ZenX generations flags {CVE-2024-36350} - x86/bugs: Free X86_BUG_AMD_APIC_C1E and X86_BUG_AMD_E400 bits {CVE-2024-36350} - Revert "x86/bugs: Make spectre user default depend on MITIGATION_SPECTRE_V2" on v6.6 and older - tracing: Fix compilation warning on arm32 - PM: sleep: Fix power.is_suspended cleanup for direct-complete devices - LTS tag: v5.4.294 - platform/x86: thinkpad_acpi: Ignore battery threshold change event notification - platform/x86: fujitsu-laptop: Support Lifebook S2110 hotkeys - spi: spi-sun4i: fix early activation - um: let 'make clean' properly clean underlying SUBARCH as well - platform/x86: thinkpad_acpi: Support also NEC Lavie X1475JAS - nfs: don't share pNFS DS connections between net namespaces - HID: quirks: Add ADATA XPG alpha wireless mouse support - coredump: hand a pidfd to the usermode coredump helper - fork: use pidfd_prepare() - pid: add pidfd_prepare() - pidfd: check pid has attached task in fdinfo - coredump: fix error handling for replace_fd() - net_sched: hfsc: Address reentrant enqueue adding class to eltree twice {CVE-2025-38001} - smb: client: Reset all search buffer pointers when releasing buffer - smb: client: Fix use-after-free in cifs_fill_dirent {CVE-2025-38051} - drm/i915/gvt: fix unterminated-string-initialization warning - netfilter: nf_tables: do not defer rule destruction via call_rcu {CVE-2024-56655} - netfilter: nf_tables: wait for rcu grace period on net_device removal {CVE-2024-56655} - netfilter: nf_tables: pass nft_chain to destroy function, not nft_ctx - kbuild: Disable -Wdefault-const-init-unsafe - spi: spi-fsl-dspi: restrict register range for regmap access - mm/page_alloc.c: avoid infinite retries caused by cpuset race - drm/edid: fixed the bug that hdr metadata was not reset - llc: fix data loss when reading from a socket in llc_ui_recvmsg() - ALSA: pcm: Fix race of buffer access at PCM OSS layer {CVE-2025-38078} - can: bcm: add missing rcu read protection for procfs content {CVE-2025-38003} - can: bcm: add locking for bcm_op runtime updates {CVE-2025-38004} - crypto: algif_hash - fix double free in hash_accept {CVE-2025-38079} - sch_hfsc: Fix qlen accounting bug when using peek in hfsc_enqueue() {CVE-2025-38000} - net: dwmac-sun8i: Use parsed internal PHY address instead of 1 - bridge: netfilter: Fix forwarding of fragmented packets - xfrm: Sanitize marks before insert - __legitimize_mnt(): check for MNT_SYNC_UMOUNT should be under mount_lock {CVE-2025-38058} - xenbus: Allow PVH dom0 a non-local xenstore - btrfs: correct the order of prelim_ref arguments in btrfs__prelim_ref {CVE-2025-38034} - nvmet-tcp: don't restore null sk_state_change {CVE-2025-38035} - ASoC: Intel: bytcr_rt5640: Add DMI quirk for Acer Aspire SW3-013 - pinctrl: meson: define the pull up/down resistor value as 60 kOhm - drm: Add valid clones check - drm/atomic: clarify the rules around drm_atomic_state->allow_modeset - regulator: ad5398: Add device tree support - wifi: rtw88: Don't use static local variable in rtw8822b_set_tx_power_index_by_rate - bpftool: Fix readlink usage in get_fd_type - HID: usbkbd: Fix the bit shift number for LED_KANA - scsi: st: Restore some drive settings after reset - scsi: lpfc: Handle duplicate D_IDs in ndlp search-by D_ID routine - rcu: fix header guard for rcu_all_qs() - rcu: handle quiescent states for PREEMPT_RCU=n, PREEMPT_COUNT=y - vxlan: Annotate FDB data races {CVE-2025-38037} - hwmon: (xgene-hwmon) use appropriate type for the latency value - ip: fib_rules: Fetch net from fib_rule in fib[46]_rule_configure(). - net/mlx5e: reduce rep rxq depth to 256 for ECPF - net/mlx5e: set the tx_queue_len for pfifo_fast - net/mlx5: Extend Ethtool loopback selftest to support non-linear SKB - phy: core: don't require set_mode() callback for phy_get_mode() to work - net/mlx4_core: Avoid impossible mlx4_db_alloc() order value - smack: recognize ipv4 CIPSO w/o categories - pinctrl: devicetree: do not goto err when probing hogs in pinctrl_dt_to_map - ASoC: ops: Enforce platform maximum on initial value - net/mlx5: Apply rate-limiting to high temperature warning - net/mlx5: Modify LSB bitmask in temperature event to include only the first bit - ACPI: HED: Always initialize before evged - PCI: Fix old_size lower bound in calculate_iosize() too - EDAC/ie31200: work around false positive build warning - net: pktgen: fix access outside of user given buffer in pktgen_thread_write() {CVE-2025-38061} - wifi: rtw88: Fix rtw_init_ht_cap() for RTL8814AU - scsi: mpt3sas: Send a diag reset if target reset fails - MIPS: pm-cps: Use per-CPU variables as per-CPU, not per-core - MIPS: Use arch specific syscall name match function - cpuidle: menu: Avoid discarding useful information - x86/nmi: Add an emergency handler in nmi_desc & use it in nmi_shootdown_cpus() - bonding: report duplicate MAC address in all situations - net: xgene-v2: remove incorrect ACPI_PTR annotation - drm/amdkfd: KFD release_work possible circular locking - net/mlx5: Avoid report two health errors on same syndrome - fpga: altera-cvp: Increase credit timeout - drm/mediatek: mtk_dpi: Add checks for reg_h_fre_con existence - hwmon: (gpio-fan) Add missing mutex locks - x86/bugs: Make spectre user default depend on MITIGATION_SPECTRE_V2 - net: pktgen: fix mpls maximum labels list parsing - pinctrl: bcm281xx: Use "unsigned int" instead of bare "unsigned" - media: cx231xx: set device_caps for 417 {CVE-2025-38044} - orangefs: Do not truncate file size {CVE-2025-38065} - dm cache: prevent BUG_ON by blocking retries on failed device resumes {CVE-2025-38066} - media: c8sectpfe: Call of_node_put(i2c_bus) only once in c8sectpfe_probe() - ARM: tegra: Switch DSI-B clock parent to PLLD on Tegra114 - ieee802154: ca8210: Use proper setters and getters for bitwise types - rtc: ds1307: stop disabling alarms on probe - powerpc/prom_init: Fixup missing #size-cells on PowerBook6,7 - mmc: sdhci: Disable SD card clock before changing parameters - netfilter: conntrack: Bound nf_conntrack sysctl writes - posix-timers: Add cond_resched() to posix_timer_add() search loop - xen: Add support for XenServer 6.1 platform device {CVE-2025-38046} - dm: restrict dm device size to 2^63-512 bytes - kbuild: fix argument parsing in scripts/config - scsi: st: ERASE does not change tape location - scsi: st: Tighten the page format heuristics with MODE SELECT - ext4: reorder capability check last - um: Update min_low_pfn to match changes in uml_reserved - um: Store full CSGSFS and SS register from mcontext - btrfs: send: return -ENAMETOOLONG when attempting a path that is too long - btrfs: avoid linker error in btrfs_find_create_tree_block() - i2c: pxa: fix call balance of i2c->clk handling routines - mmc: host: Wait for Vdd to settle on card power off - libnvdimm/labels: Fix divide error in nd_label_data_init() {CVE-2025-38072} - pNFS/flexfiles: Report ENETDOWN as a connection error - tools/build: Don't pass test log files to linker - dql: Fix dql->limit value when reset. - SUNRPC: rpc_clnt_set_transport() must not change the autobind setting - NFSv4: Treat ENETUNREACH errors as fatal for state recovery - fbdev: core: tileblit: Implement missing margin clearing for tileblit - fbdev: fsl-diu-fb: add missing device_remove_file() - mailbox: use error ret code of of_parse_phandle_with_args() - kconfig: merge_config: use an empty file as initfile - cgroup: Fix compilation issue due to cgroup_mutex not being exported - dma-mapping: avoid potential unused data compilation warning - scsi: target: iscsi: Fix timeout on deleted connection {CVE-2025-38075} - openvswitch: Fix unsafe attribute parsing in output_userspace() {CVE-2025-37998} - Input: synaptics - enable InterTouch on TUXEDO InfinityBook Pro 14 v5 - Input: synaptics - enable SMBus for HP Elitebook 850 G1 - clocksource/i8253: Use raw_spinlock_irqsave() in clockevent_i8253_disable() - phy: renesas: rcar-gen3-usb2: Set timing registers only once - phy: Fix error handling in tegra_xusb_port_init - ALSA: es1968: Add error handling for snd_pcm_hw_constraint_pow2() - NFSv4/pnfs: Reset the layout state after a layoutreturn - NFSv4/pnfs: pnfs_set_layout_stateid() should update the layout cred - qlcnic: fix memory leak in qlcnic_sriov_channel_cfg_cmd() - ALSA: sh: SND_AICA should depend on SH_DMA_API - net: dsa: sja1105: discard incoming frames in BR_STATE_LISTENING - spi: loopback-test: Do not split 1024-byte hexdumps - nfs: handle failure of nfs_get_lock_context in unlock path {CVE-2025-38023} - RDMA/rxe: Fix slab-use-after-free Read in rxe_queue_cleanup bug {CVE-2025-38024} - iio: chemical: sps30: use aligned_s64 for timestamp - iio: adc: ad7768-1: Fix insufficient alignment of timestamp. - staging: axis-fifo: Correct handling of tx_fifo_depth for size validation - staging: axis-fifo: avoid parsing ignored device tree properties - staging: axis-fifo: Remove hardware resets for user errors - staging: axis-fifo: replace spinlock with mutex - platform/x86: asus-wmi: Fix wlan_ctrl_by_user detection - do_umount(): add missing barrier before refcount checks in sync case - MIPS: Fix MAX_REG_OFFSET - iio: adc: dln2: Use aligned_s64 for timestamp - types: Complement the aligned types with signed 64-bit one - usb: usbtmc: Fix erroneous generic_read ioctl return - usb: usbtmc: Fix erroneous wait_srq ioctl return - usb: usbtmc: Fix erroneous get_stb ioctl error returns - USB: usbtmc: use interruptible sleep in usbtmc_read - usb: typec: ucsi: displayport: Fix NULL pointer access {CVE-2025-37994} - usb: typec: tcpm: delay SNK_TRY_WAIT_DEBOUNCE to SRC_TRYWAIT transition - ocfs2: stop quota recovery before disabling quotas - ocfs2: implement handshaking with ocfs2 recovery thread - ocfs2: switch osb->disable_recovery to enum - module: ensure that kobject_put() is safe for module type kobjects {CVE-2025-37995} - xenbus: Use kref to track req lifetime {CVE-2025-37949} - usb: uhci-platform: Make the clock really optional - iio: imu: st_lsm6dsx: fix possible lockup in st_lsm6dsx_read_tagged_fifo {CVE-2025-37969} - iio: imu: st_lsm6dsx: fix possible lockup in st_lsm6dsx_read_fifo {CVE-2025-37970} - iio: adis16201: Correct inclinometer channel resolution - iio: adc: ad7606: fix serial register access - staging: iio: adc: ad7816: Correct conditional logic for store mode - Input: synaptics - enable InterTouch on Dell Precision M3800 - Input: synaptics - enable InterTouch on Dynabook Portege X30L-G - Input: synaptics - enable InterTouch on Dynabook Portege X30-D - net: dsa: b53: fix learning on VLAN unaware bridges - netfilter: ipset: fix region locking in hash types {CVE-2025-37997} - sch_htb: make htb_deactivate() idempotent {CVE-2025-37953} - dm: fix copying after src array boundaries {CVE-2025-37902} - iommu/amd: Fix potential buffer overflow in parse_ivrs_acpihid {CVE-2025-37927} - arm64: dts: rockchip: fix iface clock-name on px30 iommus - usb: chipidea: ci_hdrc_imx: implement usb_phy_init() error handling - usb: chipidea: ci_hdrc_imx: use dev_err_probe() - usb: chipidea: imx: refine the error handling for hsic - usb: chipidea: imx: change hsic power regulator as optional - irqchip/gic-v2m: Prevent use after free of gicv2m_get_fwnode() {CVE-2025-37819} - irqchip/gic-v2m: Mark a few functions __init - irqchip/gic-v2m: Add const to of_device_id - sch_htb: make htb_qlen_notify() idempotent {CVE-2025-37953} - of: module: add buffer overflow check in of_modalias() {CVE-2024-38541} - PCI: imx6: Skip controller_id generation logic for i.MX7D - net: fec: ERR007885 Workaround for conventional TX - net: lan743x: Fix memleak issue when GSO enabled {CVE-2025-37909} - lan743x: fix endianness when accessing descriptors - lan743x: remove redundant initialization of variable current_head_index - nvme-tcp: fix premature queue removal and I/O failover - net: dlink: Correct endianness handling of led_mode - net_sched: qfq: Fix double list add in class with netem as child qdisc {CVE-2025-37913} - net_sched: hfsc: Fix a UAF vulnerability in class with netem as child qdisc {CVE-2025-37890} - net_sched: drr: Fix double list add in class with netem as child qdisc {CVE-2025-37915} - net/mlx5: E-Switch, Initialize MAC Address for Default GID - tracing: Fix oob write in trace_seq_to_buffer() {CVE-2025-37923} - dm: always update the array size in realloc_argv on success {CVE-2025-37902} - dm-integrity: fix a warning on invalid table line - wifi: brcm80211: fmac: Add error handling for brcmf_usb_dl_writeimage() {CVE-2025-37990} - amd-xgbe: Fix to ensure dependent features are toggled with RX checksum offload - parisc: Fix double SIGFPE crash {CVE-2025-37991} - i2c: imx-lpi2c: Fix clock count when probe defers - EDAC/altera: Set DDR and SDMMC interrupt mask before registration - EDAC/altera: Test the correct error reg offset - scsi: qedf: Wait for stag work during unload - scsi: qedf: Don't process stag work during unload and recovery - rds: ib: Add cm_id generation scheme in order to detect new ones - x86/its: BPF can crash in bpf_jit_comp.c when ITS is enabled - shmem: add support to ignore swap - shmem: update documentation - mm: hold the source mmap write lock when copying PTEs - mm: do not write protect COW mappings when preserving across exec - mm: differentiate copying PTEs for preservation from copying for fork - mm/fork: Pass new vma pointer into copy_page_range() - xen/swiotlb: relax alignment requirements - Reapply "xen/swiotlb: add alignment check for dma buffers" - dmaengine: Revert "dmaengine: dmatest: Fix dmatest waiting less when interrupted" - nvme: unblock ctrl state transition for firmware update - memcg: always call cond_resched() after fn() - ACPI: PPTT: Fix processor subtable walk - LTS tag: v5.4.293 - MIPS: cm: Fix warning if MIPS_CM is disabled - crypto: atmel-sha204a - Set hwrng quality to lowest possible - comedi: jr3_pci: Fix synchronous deletion of timer - md/raid1: Add check for missing source disk in process_checks() - scsi: pm80xx: Set phy_attached to zero when device is gone - ACPI PPTT: Fix coding mistakes in a couple of sizeof() calls - selftests: ublk: fix test_stripe_04 - udmabuf: fix a buf size overflow issue during udmabuf creation {CVE-2025-37803} - KVM: s390: Don't use %pK through tracepoints - sched/isolation: Make CONFIG_CPU_ISOLATION depend on CONFIG_SMP - ntb: reduce stack usage in idt_scan_mws - qibfs: fix _another_ leak {CVE-2025-37983} - usb: gadget: aspeed: Add NULL pointer check in ast_vhub_init_dev() {CVE-2025-37881} - dmaengine: dmatest: Fix dmatest waiting less when interrupted - usb: host: max3421-hcd: Add missing spi_device_id table - parisc: PDT: Fix missing prototype warning - clk: check for disabled clock-provider in of_clk_get_hw_from_clkspec() - crypto: null - Use spin lock instead of mutex {CVE-2025-37808} - MIPS: cm: Detect CM quirks from device tree - USB: VLI disk crashes if LPM is used - usb: quirks: Add delay init quirk for SanDisk 3.2Gen1 Flash Drive - usb: quirks: add DELAY_INIT quirk for Silicon Motion Flash Drive - usb: dwc3: gadget: check that event count does not exceed event buffer length {CVE-2025-37810} - USB: OHCI: Add quirk for LS7A OHCI controller (rev 0x02) - usb: cdns3: Fix deadlock when using NCM gadget {CVE-2025-37812} - USB: serial: simple: add OWON HDS200 series oscilloscope support - USB: serial: option: add Sierra Wireless EM9291 - USB: serial: ftdi_sio: add support for Abacus Electrics Optical Probe - serial: sifive: lock port in startup()/shutdown() callbacks - USB: storage: quirk for ADATA Portable HDD CH94 - mcb: fix a double free bug in chameleon_parse_gdd() {CVE-2025-37817} - virtio_console: fix missing byte order handling for cols and rows - net_sched: hfsc: Fix a potential UAF in hfsc_dequeue() too {CVE-2025-37823} - net_sched: hfsc: Fix a UAF vulnerability in class handling {CVE-2025-37797} - tipc: fix NULL pointer dereference in tipc_mon_reinit_self() {CVE-2025-37824} - net: phy: leds: fix memory leak {CVE-2025-37989} - cpufreq: scpi: Fix null-ptr-deref in scpi_cpufreq_get_rate() {CVE-2025-37829} - drm/amd/pm: Prevent division by zero {CVE-2025-37766} - misc: pci_endpoint_test: Fix displaying 'irq_type' after 'request_irq' error - misc: pci_endpoint_test: Use INTX instead of LEGACY - PCI: Rename PCI_IRQ_LEGACY to PCI_IRQ_INTX - iio: adc: ad7768-1: Fix conversion result sign - iio: adc: ad7768-1: Move setting of val a bit later to avoid unnecessary return value check - net: dsa: mv88e6xxx: fix VTU methods for 6320 family - media: vim2m: print device name after registering device - ext4: fix OOB read when checking dotdot dir {CVE-2025-37785} - ext4: optimize __ext4_check_dir_entry() - ext4: don't over-report free space or inodes in statvfs - ext4: code cleanup for ext4_statfs_project() - ext4: simplify checking quota limits in ext4_statfs() - platform/x86: ISST: Correct command storage data length - MIPS: ds1287: Match ds1287_set_base_clock() function types - MIPS: cevt-ds1287: Add missing ds1287.h include - MIPS: dec: Declare which_prom() as static - virtio-net: Add validation for used length {CVE-2021-47352} - RDMA/srpt: Support specifying the srpt_service_guid parameter {CVE-2024-26744} - openvswitch: fix lockup on tx to unregistering netdev with carrier {CVE-2025-21681} - net: openvswitch: fix race on port output {CVE-2025-21681} - mmc: cqhci: Fix checking of CQHCI_HALT state - nvmet-fc: Remove unused functions - usb: dwc3: support continuous runtime PM with dual role - misc: pci_endpoint_test: Fix 'irq_type' to convey the correct type - misc: pci_endpoint_test: Avoid issue of interrupts remaining after request_irq error {CVE-2025-23140} - tcp/dccp: Don't use timer_pending() in reqsk_queue_unlink(). {CVE-2024-50154} - powerpc/prom_init: Use -ffreestanding to avoid a reference to bcmp - kbuild: Add '-fno-builtin-wcslen' - cpufreq: Reference count policy in cpufreq_update_limits() - drm/sti: remove duplicate object names - drm/nouveau: prime: fix ttm_bo_delayed_delete oops {CVE-2025-37765} - drm/repaper: fix integer overflows in repeat functions - module: sign with sha512 instead of sha1 by default - perf/x86/intel/uncore: Fix the scale of IIO free running counters on SNR - perf/x86/intel: Allow to update user space GPRs from PEBS records - virtiofs: add filesystem context source name check {CVE-2025-37773} - riscv: Avoid fortify warning in syscall_get_arguments() - isofs: Prevent the use of too small fid {CVE-2025-37780} - i2c: cros-ec-tunnel: defer probe if parent EC is not present {CVE-2025-37781} - hfs/hfsplus: fix slab-out-of-bounds in hfs_bnode_read_key {CVE-2025-37782} - btrfs: correctly escape subvol in btrfs_show_options() - nfs: add missing selections of CONFIG_CRC32 - nfs: move nfs_fhandle_hash to common include file - NFSD: Constify @fh argument of knfsd_fh_hash() - asus-laptop: Fix an uninitialized variable - writeback: fix false warning in inode_to_wb() - net: b53: enable BPDU reception for management port - net: openvswitch: fix nested key length validation in the set() action {CVE-2025-37789} - Revert "wifi: mac80211: Update skb's control block key in ieee80211_tx_dequeue()" {CVE-2025-37795} - Bluetooth: btrtl: Prevent potential NULL dereference {CVE-2025-37792} - Bluetooth: hci_event: Fix sending MGMT_EV_DEVICE_FOUND for invalid address - RDMA/usnic: Fix passing zero to PTR_ERR in usnic_ib_pci_probe() - scsi: iscsi: Fix missing scsi_host_put() in error path - wifi: wl1251: fix memory leak in wl1251_tx_work {CVE-2025-37982} - wifi: mac80211: Purge vif txq in ieee80211_do_stop() {CVE-2025-37794} - wifi: mac80211: Update skb's control block key in ieee80211_tx_dequeue() {CVE-2025-37795} - wifi: at76c50x: fix use after free access in at76_disconnect {CVE-2025-37796} - HSI: ssi_protocol: Fix use after free vulnerability in ssi_protocol Driver Due to Race Condition {CVE-2025-37838} - pwm: mediatek: always use bus clock for PWM on MT7622 - Bluetooth: hci_uart: Fix another race during initialization {CVE-2025-23139} - x86/e820: Fix handling of subpage regions when calculating nosave ranges in e820__register_nosave_regions() - PCI: Fix reference leak in pci_alloc_child_bus() - of/irq: Fix device node refcount leakages in of_irq_init() - of/irq: Fix device node refcount leakage in API irq_of_parse_and_map() - of/irq: Fix device node refcount leakages in of_irq_count() - ntb: use 64-bit arithmetic for the MSI doorbell mask - gpio: zynq: Fix wakeup source leaks on device unbind - ftrace: Add cond_resched() to ftrace_graph_set_hash() {CVE-2025-37940} - dm-integrity: set ti->error on memory allocation failure - crypto: ccp - Fix check for the primary ASP device - thermal/drivers/rockchip: Add missing rk3328 mapping entry - sctp: detect and prevent references to a freed transport in sendmsg {CVE-2025-23142} - mm: add missing release barrier on PGDAT_RECLAIM_LOCKED unlock - sparc/mm: disable preemption in lazy mmu mode - arm64: dts: mediatek: mt8173: Fix disp-pwm compatible string - mtd: rawnand: Add status chack in r852_ready() - mtd: inftlcore: Add error check for inftl_read_oob() {CVE-2025-37892} - lib: scatterlist: fix sg_split_phys to preserve original scatterlist offsets - locking/lockdep: Decrease nr_unused_locks if lock unused in zap_class() - jbd2: remove wrong sb->s_sequence check {CVE-2025-37839} - i3c: Add NULL pointer check in i3c_master_queue_ibi() {CVE-2025-23147} - ext4: fix off-by-one error in do_split {CVE-2025-23150} - wifi: mac80211: fix integer overflow in hwmp_route_info_get() - net: dsa: mv88e6xxx: workaround RGMII transmit delay erratum for 6320 family - media: venus: hfi_parser: add check to avoid out of bound access {CVE-2025-23157} - media: i2c: ov7251: Introduce 1 ms delay between regulators and en GPIO - media: i2c: ov7251: Set enable GPIO low in probe - media: v4l2-dv-timings: prevent possible overflow in v4l2_detect_gtf() - media: streamzap: prevent processing IR data on URB failure - mtd: rawnand: brcmnand: fix PM resume warning {CVE-2025-37840} - arm64: cputype: Add MIDR_CORTEX_A76AE - xenfs/xensyms: respect hypervisor's "next" indication - media: siano: Fix error handling in smsdvb_module_init() - media: venus: hfi: add check to handle incorrect queue size {CVE-2025-23158} - media: venus: hfi: add a check to handle OOB in sfr region {CVE-2025-23159} - media: i2c: adv748x: Fix test pattern selection mask - ext4: don't treat fhandle lookup of ea_inode as FS corruption - ext4: reject casefold inode flag without casefold feature - bpf: support SKF_NET_OFF and SKF_LL_OFF on skb frags - bpf: Add endian modifiers to fix endian warnings - pwm: fsl-ftm: Handle clk_get_rate() returning 0 - pwm: mediatek: Prevent divide-by-zero in pwm_mediatek_config() {CVE-2025-37850} - pwm: mediatek: Always use bus clock - fbdev: omapfb: Add 'plane' value check {CVE-2025-37851} - drm/mediatek: mtk_dpi: Explicitly manage TVD clock in power on/off - drm/amdkfd: Fix pqm_destroy_queue race with GPU reset - drm/amdkfd: clamp queue size to minimum - drm: panel-orientation-quirks: Add new quirk for GPD Win 2 - drm: panel-orientation-quirks: Add support for AYANEO 2S - drm: allow encoder mode_set even when connectors change for crtc - Bluetooth: hci_uart: fix race during initialization {CVE-2025-23139} - tracing: fix return value in __ftrace_event_enable_disable for TRACE_REG_UNREGISTER - net: vlan: don't propagate flags on open {CVE-2025-23163} - wifi: mt76: mt76x2u: add TP-Link TL-WDN6200 ID to device table - scsi: st: Fix array overflow in st_setup() {CVE-2025-37857} - ext4: ignore xattrs past end {CVE-2025-37738} - ext4: protect ext4_release_dquot against freezing - ahci: add PCI ID for Marvell 88SE9215 SATA Controller - ata: libata-eh: Do not use ATAPI DMA for a device limited to PIO mode - jfs: add sanity check for agwidth in dbMount {CVE-2025-37740} - jfs: Prevent copying of nlink with value 0 from disk inode {CVE-2025-37741} - fs/jfs: Prevent integer overflow in AG size calculation {CVE-2025-37858} - fs/jfs: cast inactags to s64 to prevent potential overflow - page_pool: avoid infinite loop to schedule delayed worker {CVE-2025-37859} - ALSA: usb-audio: Fix CME quirk for UF series keyboards - ALSA: hda: intel: Fix Optimus when GPU has no sound - HID: pidff: Fix null pointer dereference in pidff_find_fields {CVE-2025-37862} - HID: pidff: Do not send effect envelope if it's empty - HID: pidff: Convert infinite length from Linux API to PID standard - xen/mcelog: Add __nonstring annotations for unterminated strings - perf: arm_pmu: Don't disable counter in armpmu_add() - x86/cpu: Don't clear X86_FEATURE_LAHF_LM flag in init_amd_k8() on AMD when running in a virtual machine - pm: cpupower: bench: Prevent NULL dereference on malloc failure {CVE-2025-37841} - net: ppp: Add bound checking for skb data on ppp_sync_txmung {CVE-2025-37749} - ata: sata_sx4: Add error handling in pdc20621_i2c_read() - ata: sata_sx4: Drop pointless VPRINTK() calls and convert the remaining ones - tipc: fix memory leak in tipc_link_xmit {CVE-2025-37757} - ata: pata_pxa: Fix potential NULL pointer dereference in pxa_ata_probe() {CVE-2025-37758} - x86/bhi: Do not set BHI_DIS_S in 32-bit mode - x86/bpf: Add IBHF call at end of classic BPF - x86/bpf: Call branch history clearing sequence on exit - certs: Reference revocation list for all keyrings - RDS: use get_user_pages_fast() in rdma_pin_pages() - x86/bugs: Enabling Retbleed and SRSO mitigation can taint the kernel - selftest/x86/bugs: Add selftests for ITS {CVE-2024-28956} - x86/its: Align RETs in BHB clear sequence to avoid thunking {CVE-2024-28956} - x86/its: Add "vmexit" option to skip mitigation on some CPUs {CVE-2024-28956} - x86/its: Enable Indirect Target Selection mitigation {CVE-2024-28956} - x86/its: Add support for ITS-safe return thunk {CVE-2024-28956} - x86/its: Add support for ITS-safe indirect thunk {CVE-2024-28956} - x86/its: Enumerate Indirect Target Selection (ITS) bug {CVE-2024-28956} - Documentation: x86/bugs/its: Add ITS documentation {CVE-2024-28956} - certs: Add new Oracle Linux Driver Signing (key 1) certificate - net/mlx5e: Don't call cleanup on profile rollback failure {CVE-2024-50146} - net/mlx5e: Fix NULL deref in mlx5e_tir_builder_alloc() {CVE-2024-50000} - net/mlx5: Fix error path in multi-packet WQE transmit {CVE-2024-50001} - net/mlx5: Discard command completions in internal error {CVE-2024-38555} - net/mlx5e: fix a potential double-free in fs_any_create_groups {CVE-2023-52667} - net/mlx5: Reclaim max 50K pages at once - LTS tag: v5.4.292 - jfs: add index corruption check to DT_GETPAGE() - tracing: Fix use-after-free in print_graph_function_flags during tracer switching {CVE-2025-22035} - mmc: sdhci-pxav3: set NEED_RSP_BUSY capability - ACPI: resource: Skip IRQ override on ASUS Vivobook 14 X1404VAP - x86/mm: Fix flush_tlb_range() when used for zapping normal PMDs {CVE-2025-22045} - x86/tsc: Always save/restore TSC sched_clock() on suspend/resume - ntb_perf: Delete duplicate dmaengine_unmap_put() call in perf_copy_chunk() - can: flexcan: only change CAN state when link up in system PM - arcnet: Add NULL check in com20020pci_probe() {CVE-2025-22054} - net: dsa: mv88e6xxx: propperly shutdown PPU re-enable timer on destroy - ipv6: fix omitted netlink attributes when using RTEXT_FILTER_SKIP_STATS - vsock: avoid timeout during connect() if the socket is closing - net_sched: skbprio: Remove overly strict queue assertions {CVE-2025-38637} - netlabel: Fix NULL pointer exception caused by CALIPSO on IPv4 sockets {CVE-2025-22063} - ntb: intel: Fix using link status DB's - ntb_hw_switchtec: Fix shift-out-of-bounds in switchtec_ntb_mw_set_trans {CVE-2023-53034} - spufs: fix a leak in spufs_create_context() {CVE-2025-22071} - spufs: fix a leak on spufs_new_file() failure {CVE-2025-22073} - hwmon: (nct6775-core) Fix out of bounds access for NCT679{8,9} - can: statistics: use atomic access in hot path - locking/semaphore: Use wake_q to wake up processes outside lock critical section - sched/deadline: Use online cpus for validating runtime - affs: don't write overlarge OFS data block size fields - affs: generate OFS sequence numbers starting at 1 - wifi: iwlwifi: fw: allocate chained SG tables for dump - sched/smt: Always inline sched_smt_active() - octeontx2-af: Fix mbox INTR handler when num VFs > 64 - ring-buffer: Fix bytes_dropped calculation issue - objtool, media: dib8000: Prevent divide-by-zero in dib8000_set_dds() {CVE-2025-37937} - fs/procfs: fix the comment above proc_pid_wchan() - perf python: Check if there is space to copy all the event - perf python: Decrement the refcount of just created event on failure - perf python: Fixup description of sample.id event member - ocfs2: validate l_tree_depth to avoid out-of-bounds access {CVE-2025-22079} - kexec: initialize ELF lowest address to ULONG_MAX - perf units: Fix insufficient array space - iio: accel: mma8452: Ensure error return on failure to matching oversampling ratio - coresight: catu: Fix number of pages while using 64k pages - isofs: fix KMSAN uninit-value bug in do_isofs_readdir() - x86/dumpstack: Fix inaccurate unwinding from exception stacks due to misplaced assignment - mfd: sm501: Switch to BIT() to mitigate integer overflows - RDMA/mlx5: Fix mlx5_poll_one() cur_qp update flow {CVE-2025-22086} - power: supply: max77693: Fix wrong conversion of charge input threshold value - x86/entry: Fix ORC unwinder for PUSH_REGS with save_ret=1 - clk: amlogic: g12a: fix mmc A peripheral clock - clk: amlogic: gxbb: drop non existing 32k clock parent - clk: amlogic: g12b: fix cluster A parent data - IB/mad: Check available slots before posting receive WRs - clk: rockchip: rk3328: fix wrong clk_ref_usb3otg parent - pinctrl: renesas: rza2: Fix missing of_node_put() call - lib: 842: Improve error handling in sw842_compress() - clk: amlogic: gxbb: drop incorrect flag on 32k clock - fbdev: sm501fb: Add some geometry checks. - mdacon: rework dependency list - fbdev: au1100fb: Move a variable assignment behind a null pointer check - PCI: pciehp: Don't enable HPIE when resuming in poll mode - PCI: Remove stray put_device() in pci_register_host_bridge() - PCI/portdrv: Only disable pciehp interrupts early when needed - PCI/ASPM: Fix link state exit during switch upstream function removal {CVE-2024-58093} - drm/mediatek: mtk_hdmi: Fix typo for aud_sampe_size member - ALSA: hda/realtek: Always honor no_shutup_pins - perf/ring_buffer: Allow the EPOLLRDNORM flag for poll - lockdep: Don't disable interrupts on RT in disable_irq_nosync_lockdep.*() - PM: sleep: Fix handling devices with direct_complete set on errors - thermal: int340x: Add NULL check for adev {CVE-2025-23136} - EDAC/ie31200: Fix the error path order of ie31200_init() - EDAC/ie31200: Fix the DIMM size mask for several SoCs - EDAC/ie31200: Fix the size of EDAC_MC_LAYER_CHIP_SELECT layer - selinux: Chain up tool resolving errors in install_policy.sh - x86/platform: Only allow CONFIG_EISA for 32-bit - x86/fpu: Avoid copying dynamic FP state from init_task in arch_dup_task_struct() - cpufreq: governor: Fix negative 'idle_time' handling in dbs_update() - x86/mm/pat: cpa-test: fix length for CPA_ARRAY test - memstick: rtsx_usb_ms: Fix slab-use-after-free in rtsx_usb_ms_drv_remove {CVE-2025-22020} - net: usb: qmi_wwan: add Telit Cinterion FE990B composition - net: usb: qmi_wwan: add Telit Cinterion FN990B composition - tty: serial: 8250: Add some more device IDs - counter: stm32-lptimer-cnt: fix error handling when enabling - netfilter: socket: Lookup orig tuple for IPv6 SNAT {CVE-2025-22021} - ARM: Remove address checking for MMUless devices - ARM: 9351/1: fault: Add "cut here" line for prefetch aborts - ARM: 9350/1: fault: Implement copy_from_kernel_nofault_allowed() - atm: Fix NULL pointer dereference {CVE-2025-22018} - HID: hid-plantronics: Add mic mute mapping and generalize quirks - ALSA: usb-audio: Add quirk for Plantronics headsets to fix control names - drm/radeon: fix uninitialized size issue in radeon_vce_cs_parse() {CVE-2025-21996} - batman-adv: Ignore own maximum aggregation size during RX - ARM: shmobile: smp: Enforce shmobile_smp_* alignment - mmc: atmel-mci: Add missing clk_disable_unprepare() - drm/v3d: Don't run jobs that have errors flagged in its fence - i2c: omap: fix IRQ storms - net/neighbor: add missing policy for NDTPA_QUEUE_LENBYTES - net: atm: fix use after free in lec_send() {CVE-2025-22004} - ipv6: Set errno after ip_fib_metrics_init() in ip6_route_info_create(). - ipv6: Fix memleak of nhc_pcpu_rth_output in fib_check_nh_v6_gw(). {CVE-2025-22005} - Bluetooth: Fix error code in chan_alloc_skb_cb() {CVE-2025-22007} - RDMA/hns: Fix wrong value of max_sge_rd - RDMA/bnxt_re: Avoid clearing VLAN_ID mask in modify qp path - xfrm_output: Force software GSO only in tunnel mode - firmware: imx-scu: fix OF node leak in .probe() - i2c: sis630: Fix an error handling path in sis630_probe() - i2c: ali15x3: Fix an error handling path in ali15x3_probe() - i2c: ali1535: Fix an error handling path in ali1535_probe() - ASoC: codecs: wm0010: Fix error handling path in wm0010_spi_probe() - drm/gma500: Add NULL check for pci_gfx_root in mid_get_vbt_data() - qlcnic: fix memory leak issues in qlcnic_sriov_common.c - drm/amd/display: Assign normalized_pix_clk when color depth = 14 {CVE-2025-21956} - drm/atomic: Filter out redundant DPMS calls - x86/microcode/AMD: Fix out-of-bounds on systems with CPU-less NUMA nodes {CVE-2025-21991} - USB: serial: option: match on interface class for Telit FN990B - USB: serial: option: fix Telit Cinterion FE990A name - USB: serial: option: add Telit Cinterion FE990B compositions - USB: serial: ftdi_sio: add support for Altera USB Blaster 3 - block: fix 'kmem_cache of name 'bio-108' already exists' - drm/nouveau: Do not override forced connector status - x86/irq: Define trace events conditionally - fuse: don't truncate cached, mutated symlink - nvme: only allow entering LIVE from CONNECTING state - sctp: Fix undefined behavior in left shift operation - nvmet-rdma: recheck queue state is LIVE in state lock in recv done - ASoC: rsnd: don't indicate warning on rsnd_kctrl_accept_runtime() - s390/cio: Fix CHPID "configure" attribute caching - HID: ignore non-functional sensor in HP 5MP Camera {CVE-2025-21992} - HID: intel-ish-hid: fix the length of MNG_SYNC_FW_CLOCK in doorbell - ACPI: resource: IRQ override for Eluktronics MECH-17 - scsi: qla1280: Fix kernel oops when debug level > 2 {CVE-2025-21957} - iscsi_ibft: Fix UBSAN shift-out-of-bounds warning in ibft_attr_show_nic() {CVE-2025-21993} - powercap: call put_device() on an error path in powercap_register_control_type() - hrtimers: Mark is_migration_base() with __always_inline - nvme-fc: go straight to connecting state when initializing - net/mlx5e: Prevent bridge link show failure for non-eswitch-allowed devices - netfilter: nft_exthdr: fix offset with ipv4_find_option() - net_sched: Prevent creation of classes with TC_H_ROOT {CVE-2025-21971} - ipvs: prevent integer overflow in do_ip_vs_get_ctl() - netfilter: nf_conncount: Fully initialize struct nf_conncount_tuple in insert_tree() {CVE-2025-21959} - Drivers: hv: vmbus: Don't release fb_mmio resource in vmbus_free_mmio() - drivers/hv: Replace binary semaphore with mutex - netpoll: hold rcu read lock in __netpoll_send_skb() - netpoll: netpoll_send_skb() returns transmit status - netpoll: move netpoll_send_skb() out of line - netpoll: remove dev argument from netpoll_send_skb_on_dev() - netpoll: Fix use correct return type for ndo_start_xmit() - pinctrl: bcm281xx: Fix incorrect regmap max_registers value - sched/isolation: Prevent boot crash when the boot CPU is nohz_full - clockevents/drivers/i8253: Fix stop sequence for timer 0 - RDS: avoid using offlined CPU during reconnect - x86/microcode/AMD: Clean the cache if update did not load microcode - x86/microcode/AMD: Add finalize_late_load() microcode_op - x86/microcode/AMD: Extend the SHA check to Zen5, block loading of any unreleased standalone Zen5 microcode patches - x86/microcode/AMD: Add some forgotten models to the SHA check - x86/microcode/AMD: Load only SHA256-checksummed patches {CVE-2025-22047} - x86/microcode/AMD: Flush patch buffer mapping after application - x86/microcode/AMD: Stash BSP's CPUID(1).EAX and patch size - nvme: fix deadlock between reset and scan