- drm/amd/display: Skip on writeback when it's not applicable {CVE-2024-36914} - ASoC: topology: Fix references to freed memory {CVE-2024-41069} - Bluetooth: RFCOMM: Fix not validating setsockopt user input {CVE-2024-35966} - Bluetooth: SCO: Fix not validating setsockopt user input - drm/dp_mst: Fix MST sideband message body length check {CVE-2024-56616} - xfs: don't walk off the end of a directory data block {CVE-2024-41013} - wifi: cfg80211: check A-MSDU format more carefully {CVE-2024-35937} - Reapply "wifi: mac80211: Update skb's control block key in ieee80211_tx_dequeue()" - net/rds: Fix rs_recv_pending counting issue - LTS tag: v5.4.301 - net: rtnetlink: fix module reference count leak issue in rtnetlink_rcv_msg - media: s5p-mfc: remove an unused/uninitialized variable - NFSD: Fix last write offset handling in layoutcommit - NFSD: Minor cleanup in layoutcommit processing - padata: Reset next CPU when reorder sequence wraps around - KEYS: trusted_tpm1: Compare HMAC values in constant time - NFSD: Define a proc_layoutcommit for the FlexFiles layout type {CVE-2025-40087} - vfs: Don't leak disconnected dentries on umount {CVE-2025-40105} - jbd2: ensure that all ongoing I/O complete before freeing blocks - ext4: detect invalid INLINE_DATA + EXTENTS flag combination {CVE-2025-40167} - drm/amdgpu: use atomic functions with memory barriers for vm fault info - ext4: avoid potential buffer over-read in parse_apply_sb_mount_options() {CVE-2025-40198} - spi: cadence-quadspi: Flush posted register writes before DAC access - spi: cadence-quadspi: Flush posted register writes before INDAC access - memory: samsung: exynos-srom: Fix of_iomap leak in exynos_srom_probe - memory: samsung: exynos-srom: Correct alignment - arm64: errata: Apply workarounds for Neoverse-V3AE - arm64: cputype: Add Neoverse-V3AE definitions - comedi: fix divide-by-zero in comedi_buf_munge() {CVE-2025-40106} - binder: remove "invalid inc weak" check - xhci: dbc: enable back DbC in resume if it was enabled before suspend - usb/core/quirks: Add Huawei ME906S to wakeup quirk - USB: serial: option: add Telit FN920C04 ECM compositions - USB: serial: option: add Quectel RG255C - USB: serial: option: add UNISOC UIS7720 - net: ravb: Ensure memory write completes before ringing TX doorbell - net: usb: rtl8150: Fix frame padding - ocfs2: clear extent cache after moving/defragmenting extents - MIPS: Malta: Fix keyboard resource preventing i8042 driver from registering - Revert "cpuidle: menu: Avoid discarding useful information" - net: bonding: fix possible peer notify event loss or dup issue - sctp: avoid NULL dereference when chunk data buffer is missing - arm64, mm: avoid always making PTE dirty in pte_mkwrite() - net: enetc: correct the value of ENETC_RXB_TRUESIZE - rtnetlink: Allow deleting FDB entries in user namespace - net: rtnetlink: add NLM_F_BULK support to rtnl_fdb_del - net: add ndo_fdb_del_bulk - net: rtnetlink: add bulk delete support flag - net: netlink: add NLM_F_BULK delete request modifier - net: rtnetlink: use BIT for flag values - net: rtnetlink: add helper to extract msg type's kind - net: rtnetlink: add msg kind names - net: rtnetlink: remove redundant assignment to variable err - m68k: bitops: Fix find_*_bit() signatures - hfsplus: return EIO when type of hidden directory mismatch in hfsplus_fill_super() - hfs: fix KMSAN uninit-value issue in hfs_find_set_zero_bits() - dlm: check for defined force value in dlm_lockspace_release - hfsplus: fix KMSAN uninit-value issue in hfsplus_delete_cat() - hfs: validate record offset in hfsplus_bmap_alloc - hfsplus: fix KMSAN uninit-value issue in __hfsplus_ext_cache_extent() - hfs: make proper initalization of struct hfs_find_data - hfs: clear offset and space out of valid records in b-tree node - exec: Fix incorrect type for ret - hfsplus: fix slab-out-of-bounds read in hfsplus_strcasecmp() {CVE-2025-40088} - ALSA: firewire: amdtp-stream: fix enum kernel-doc warnings - sched/fair: Fix pelt lost idle time detection - sched/balancing: Rename newidle_balance() => sched_balance_newidle() - sched/fair: Trivial correction of the newidle_balance() comment - sched: Make newidle_balance() static again - tls: don't rely on tx_work during send() - tls: always set record_type in tls_process_cmsg - tg3: prevent use of uninitialized remote_adv and local_adv variables - tcp: fix tcp_tso_should_defer() vs large RTT - amd-xgbe: Avoid spurious link down messages during interface toggle - net/ip6_tunnel: Prevent perpetual tunnel growth {CVE-2025-40173} - net: dlink: handle dma_map_single() failure properly - net: dl2k: switch from 'pci_' to 'dma_' API - media: pci: ivtv: Add missing check after DMA map - media: pci/ivtv: switch from 'pci_' to 'dma_' API {CVE-2024-43877} - xen/events: Update virq_to_irq on migration - media: lirc: Fix error handling in lirc_register() - media: rc: Directly use ida_free() - drm/exynos: exynos7_drm_decon: remove ctx->suspended - btrfs: avoid potential out-of-bounds in btrfs_encode_fh() {CVE-2025-40205} - pwm: berlin: Fix wrong register in suspend/resume {CVE-2025-40188} - media: cx18: Add missing check after DMA map - xen/events: Cleanup find_virq() return codes - cramfs: Verify inode mode when loading from disk - fs: Add 'initramfs_options' to set initramfs mount options - pid: Add a judgment for ns null in pid_nr_ns {CVE-2025-40178} - minixfs: Verify inode mode when loading from disk - tracing: Fix race condition in kprobe initialization causing NULL pointer dereference {CVE-2025-40042} - dm: fix NULL pointer dereference in __dm_suspend() {CVE-2025-40134} - mfd: intel_soc_pmic_chtdc_ti: Set use_single_read regmap_config flag - mfd: intel_soc_pmic_chtdc_ti: Drop unneeded assignment for cache_type - mfd: intel_soc_pmic_chtdc_ti: Fix invalid regmap-config max_register value - Squashfs: reject negative file sizes in squashfs_read_inode() {CVE-2025-40200} - Squashfs: add additional inode sanity checking - media: mc: Clear minor number before put device {CVE-2025-40197} - mfd: vexpress-sysreg: Check the return value of devm_gpiochip_add_data() - fs: udf: fix OOB read in lengthAllocDescs handling {CVE-2025-40044} - KVM: x86: Don't (re)check L1 intercepts when completing userspace I/O {CVE-2025-40026} - net/9p: fix double req put in p9_fd_cancelled {CVE-2025-40027} - ext4: guard against EA inode refcount underflow in xattr update {CVE-2025-40190} - ext4: correctly handle queries for metadata mappings - ext4: increase i_disksize to offset + len in ext4_update_disksize_before_punch() - nfsd: nfserr_jukebox in nlm_fopen should lead to a retry - x86/umip: Fix decoding of register forms of 0F 01 (SGDT and SIDT aliases) - x86/umip: Check that the instruction opcode is at least two bytes - PCI: keystone: Use devm_request_irq() to free "ks-pcie-error-irq" on exit - PCI/AER: Fix missing uevent on recovery when a reset is requested - PCI/IOV: Add PCI rescan-remove locking when enabling/disabling SR-IOV - rseq/selftests: Use weak symbol reference, not definition, to link with glibc - rtc: interface: Fix long-standing race when setting alarm - rtc: interface: Ensure alarm irq is enabled when UIE is enabled - mmc: core: SPI mode remove cmd7 - mtd: rawnand: fsmc: Default to autodetect buswidth - sparc: fix error handling in scan_one_device() - sparc64: fix hugetlb for sun4u - sctp: Fix MAC comparison to be constant-time {CVE-2025-40204} - scsi: hpsa: Fix potential memory leak in hpsa_big_passthru_ioctl() - parisc: don't reference obsolete termio struct for TC* constants - lib/genalloc: fix device leak in of_gen_pool_get() - iio: frequency: adf4350: Fix prescaler usage. - iio: dac: ad5421: use int type to store negative error codes - iio: dac: ad5360: use int type to store negative error codes - crypto: atmel - Fix dma_unmap_sg() direction - cpufreq: intel_pstate: Fix object lifecycle issue in update_qos_request() {CVE-2025-40194} - drm/nouveau: fix bad ret code in nouveau_bo_move_prep - media: i2c: mt9v111: fix incorrect type for ret - firmware: meson_sm: fix device leak at probe - xen/manage: Fix suspend error path - arm64: dts: qcom: msm8916: Add missing MDSS reset - ACPI: debug: fix signedness issues in read/write helpers - ACPI: TAD: Add missing sysfs_remove_group() for ACPI_TAD_RT - tpm_tis: Fix incorrect arguments in tpm_tis_probe_irq_single - tpm, tpm_tis: Claim locality before writing interrupt registers - crypto: essiv - Check ssize for decryption and in-place encryption {CVE-2025-40019} - mailbox: zynqmp-ipi: Remove dev.parent check in zynqmp_ipi_free_mboxes - mailbox: zynqmp-ipi: Remove redundant mbox_controller_unregister() call - tools build: Align warning options with perf - net: fsl_pq_mdio: Fix device node reference leak in fsl_pq_mdio_probe - tcp: Don't call reqsk_fastopen_remove() in tcp_conn_request(). {CVE-2025-40186} - net/sctp: fix a null dereference in sctp_disposition sctp_sf_do_5_1D_ce() {CVE-2025-40187} - drm/vmwgfx: Fix Use-after-free in validation {CVE-2025-40111} - net/mlx4: prevent potential use after free in mlx4_en_do_uc_filter() - scsi: mvsas: Fix use-after-free bugs in mvs_work_queue {CVE-2025-40001} - scsi: mvsas: Use sas_task_find_rq() for tagging - scsi: mvsas: Delete mvs_tag_init() - scsi: libsas: Add sas_task_find_rq() - clk: nxp: Fix pll0 rate check condition in LPC18xx CGU driver - clk: nxp: lpc18xx-cgu: convert from round_rate() to determine_rate() - perf session: Fix handling when buffer exceeds 2 GiB - rtc: x1205: Fix Xicor X1205 vendor prefix - perf util: Fix compression checks returning -1 as bool - iio: frequency: adf4350: Fix ADF4350_REG3_12BIT_CLKDIV_MODE - clocksource/drivers/clps711x: Fix resource leaks in error paths - pinctrl: check the return value of pinmux_ops::get_function_name() {CVE-2025-40030} - Input: uinput - zero-initialize uinput_ff_upload_compat to avoid info leak {CVE-2025-40035} - mm: hugetlb: avoid soft lockup when mprotect to large memory area {CVE-2025-40153} - uio_hv_generic: Let userspace take care of interrupt mask {CVE-2025-40048} - Squashfs: fix uninit-value in squashfs_get_parent {CVE-2025-40049} - net: ena: return 0 in ena_get_rxfh_key_size() when RSS hash key is not configurable - nfp: fix RSS hash key size when RSS is not supported - drivers/base/node: fix double free in register_one_node() - ocfs2: fix double free in user_cluster_connect() {CVE-2025-40055} - net: usb: Remove disruptive netif_wake_queue in rtl8150_set_multicast {CVE-2025-40140} - RDMA/siw: Always report immediate post SQ errors - usb: vhci-hcd: Prevent suspending virtually attached devices - scsi: mpt3sas: Fix crash in transport port remove by using ioc_info() {CVE-2025-40115} - ipvs: Defer ip_vs_ftp unregister during netns cleanup {CVE-2025-40018} - NFSv4.1: fix backchannel max_resp_sz verification check - remoteproc: qcom: q6v5: Avoid disabling handover IRQ twice - sparc: fix accurate exception reporting in copy_{from,to}_user for M7 - sparc: fix accurate exception reporting in copy_to_user for Niagara 4 - sparc: fix accurate exception reporting in copy_{from_to}_user for Niagara {CVE-2025-40112} - sparc: fix accurate exception reporting in copy_{from_to}_user for UltraSPARC III {CVE-2025-40124} - sparc: fix accurate exception reporting in copy_{from_to}_user for UltraSPARC {CVE-2025-40126} - IB/sa: Fix sa_local_svc_timeout_ms read race - RDMA/core: Resolve MAC of next-hop device without ARP support - wifi: mt76: fix potential memory leak in mt76_wmac_probe() - drivers/base/node: handle error properly in register_one_node() - watchdog: mpc8xxx_wdt: Reload the watchdog timer when enabling the watchdog - netfilter: ipset: Remove unused htable_bits in macro ahash_region - iio: consumers: Fix offset handling in iio_convert_raw_to_processed() - ASoC: Intel: bytcr_rt5651: Fix invalid quirk input mapping {CVE-2025-40121} - ASoC: Intel: bytcr_rt5640: Fix invalid quirk input mapping {CVE-2025-40154} - ASoC: Intel: bytcht_es8316: Fix invalid quirk input mapping - pps: fix warning in pps_register_cdev when register device fail {CVE-2025-40070} - misc: genwqe: Fix incorrect cmd field being reported in error - usb: gadget: configfs: Correctly set use_os_string at bind - usb: phy: twl6030: Fix incorrect type for ret - tcp: fix __tcp_close() to only send RST when required - PCI: tegra: Fix devm_kcalloc() argument order for port->phys allocation - wifi: mwifiex: send world regulatory domain to driver - ALSA: lx_core: use int type to store negative error codes - media: rj54n1cb0c: Fix memleak in rj54n1_probe() - scsi: myrs: Fix dma_alloc_coherent() error check - scsi: pm80xx: Fix array-index-out-of-of-bounds on rmmod {CVE-2025-40118} - serial: max310x: Add error checking in probe() - usb: host: max3421-hcd: Fix error pointer dereference in probe cleanup {CVE-2025-40116} - drm/radeon/r600_cs: clean up of dead code in r600_cs - i2c: designware: Add disabling clocks when probe fails - i2c: mediatek: fix potential incorrect use of I2C_MASTER_WRRD - bpf: Explicitly check accesses to bpf_sock_addr {CVE-2025-40078} - selftests: watchdog: skip ping loop if WDIOF_KEEPALIVEPING not supported - pwm: tiehrpwm: Fix corner case in clock divisor calculation - block: use int to store blk_stack_limits() return value - blk-mq: check kobject state_in_sysfs before deleting in blk_mq_unregister_hctx {CVE-2025-40125} - pinctrl: meson-gxl: add missing i2c_d pinmux - soc: qcom: rpmh-rsc: Unconditionally clear _TRIGGER bit for TCS - ACPI: processor: idle: Fix memory leak when register cpuidle device failed - regmap: Remove superfluous check for !config in __regmap_init() - x86/vdso: Fix output operand size of RDPID - perf: arm_spe: Prevent overflow in PERF_IDX2OFF() {CVE-2025-40081} - driver core/PM: Set power.no_callbacks along with power.no_pm - staging: axis-fifo: flush RX FIFO on read errors - staging: axis-fifo: fix maximum TX packet length check - perf subcmd: avoid crash in exclude_cmds when excludes is empty - dm-integrity: limit MAX_TAG_SIZE to 255 - wifi: rtlwifi: rtl8192cu: Don't claim USB ID 07b8:8188 - USB: serial: option: add SIMCom 8230C compositions - media: rc: fix races with imon_disconnect() {CVE-2025-39993} - media: imon: grab lock earlier in imon_ir_change_protocol() - media: imon: reorganize serialization - media: rc: Add support for another iMON 0xffdc device - media: i2c: tc358743: Fix use-after-free bugs caused by orphan timer in probe {CVE-2025-39995} - media: tuner: xc5000: Fix use-after-free in xc5000_release {CVE-2025-39994} - media: tunner: xc5000: Refactor firmware load - udp: Fix memory accounting leak. {CVE-2025-22058} - media: b2c2: Fix use-after-free causing by irq_check_work in flexcop_pci_remove {CVE-2025-39996} - scsi: target: target_core_configfs: Add length check to avoid buffer overflow {CVE-2025-39998} - LTS tag: v5.4.300 - KVM: SVM: Sync TPR from LAPIC into VMCB::V_TPR even if AVIC is active - mm/hugetlb: fix folio is still mapped when deleted {CVE-2025-40006} - i40e: add mask to apply valid bits for itr_idx - i40e: fix validation of VF state in get resources {CVE-2025-39969} - i40e: fix idx validation in config queues msg {CVE-2025-39971} - i40e: add validation for ring_len param {CVE-2025-39973} - i40e: increase max descriptors for XL710 - mm/migrate_device: don't add folio to be freed to LRU in migrate_device_finalize() {CVE-2025-21861} - fbcon: Fix OOB access in font allocation - fbcon: fix integer overflow in fbcon_do_set_font {CVE-2025-39967} - i40e: add max boundary check for VF filters {CVE-2025-39968} - i40e: fix input validation logic for action_meta {CVE-2025-39970} - i40e: fix idx validation in i40e_validate_queue_map {CVE-2025-39972} - drm/gma500: Fix null dereference in hdmi teardown {CVE-2025-40011} - can: peak_usb: fix shift-out-of-bounds issue {CVE-2025-40020} - can: mcba_usb: populate ndo_change_mtu() to prevent buffer overflow {CVE-2025-39985} - can: sun4i_can: populate ndo_change_mtu() to prevent buffer overflow {CVE-2025-39986} - can: hi311x: populate ndo_change_mtu() to prevent buffer overflow {CVE-2025-39987} - can: rcar_can: rcar_can_resume(): fix s2ram with PSCI - IB/mlx5: Fix obj_type mismatch for SRQ event subscriptions - usb: core: Add 0x prefix to quirks debug output - ALSA: usb-audio: Fix build with CONFIG_INPUT=n - ALSA: usb-audio: Convert comma to semicolon - ALSA: usb-audio: Add mixer quirk for Sony DualSense PS5 - ALSA: usb-audio: Remove unneeded wmb() in mixer_quirks - ALSA: usb-audio: Simplify NULL comparison in mixer_quirks - ALSA: usb-audio: Avoid multiple assignments in mixer_quirks - ALSA: usb-audio: Fix block comments in mixer_quirks - net: rfkill: gpio: Fix crash due to dereferencering uninitialized pointer {CVE-2025-39937} - net: rfkill: gpio: add DT support - serial: sc16is7xx: fix bug in flow control levels init - USB: gadget: dummy-hcd: Fix locking bug in RT-enabled kernels - usb: gadget: dummy_hcd: remove usage of list iterator past the loop body - ASoC: SOF: Intel: hda-stream: Fix incorrect variable used in error message - ASoC: wm8974: Correct PLL rate rounding - ASoC: wm8940: Correct typo in control name - mmc: mvsdio: Fix dma_unmap_sg() nents value - nilfs2: fix CFI failure when accessing /sys/fs/nilfs2/features/* - cnic: Fix use-after-free bugs in cnic_delete_task {CVE-2025-39945} - net: liquidio: fix overflow in octeon_init_instr_queue() - tcp: Clear tcp_sk(sk)->fastopen_rsk in tcp_disconnect(). {CVE-2025-39955} - i40e: remove redundant memory barrier when cleaning Tx descs - net: natsemi: fix `rx_dropped` double accounting on `netif_rx()` failure - cgroup: split cgroup_destroy_wq into 3 workqueues {CVE-2025-39953} - pcmcia: omap_cf: Mark driver struct with __refdata to prevent section mismatch - wifi: mac80211: fix incorrect type for ret - ALSA: firewire-motu: drop EPOLLOUT from poll return values as write is not supported - mm/memory-failure: fix VM_BUG_ON_PAGE(PagePoisoned(page)) when unpoison memory {CVE-2025-39883} - phy: ti-pipe3: fix device leak at unbind - dmaengine: qcom: bam_dma: Fix DT error handling for num-channels/ees {CVE-2025-39923} - dmaengine: ti: edma: Fix memory allocation size for queue_priority_map {CVE-2025-39869} - can: j1939: j1939_local_ecu_get(): undo increment when j1939_local_ecu_get() fails - can: j1939: j1939_sk_bind(): call j1939_priv_put() immediately when j1939_local_ecu_get() failed - i40e: fix IRQ freeing in i40e_vsi_request_irq_msix error path {CVE-2025-39911} - i40e: Use irq_update_affinity_hint() - genirq: Provide new interfaces for affinity hints - genirq: Export affinity setter for modules - genirq/affinity: Add irq_update_affinity_desc() - igb: fix link test skipping when interface is admin down - net: fec: Fix possible NPD in fec_enet_phy_reset_after_clk_enable() {CVE-2025-39876} - USB: serial: option: add Telit Cinterion LE910C4-WWX new compositions - USB: serial: option: add Telit Cinterion FN990A w/audio compositions - tty: hvc_console: Call hvc_kick in hvc_write unconditionally - mtd: nand: raw: atmel: Respect tAR, tCLR in read setup timing - mtd: nand: raw: atmel: Fix comment in timings preparation - mtd: rawnand: stm32_fmc2: avoid overlapping mappings on ECC buffer {CVE-2025-39907} - mm/khugepaged: fix the address passed to notifier on testing young - fuse: prevent overflow in copy_file_range return value - fuse: check if copy_file_range() returns larger than requested size - mtd: rawnand: stm32_fmc2: fix ECC overwrite - ocfs2: fix recursive semaphore deadlock in fiemap call {CVE-2025-39885} - EDAC/altera: Delete an inappropriate dma_free_coherent() call - tcp_bpf: Call sk_msg_free() when tcp_bpf_send_verdict() fails to allocate psock->cork. {CVE-2025-39913} - net: Fix null-ptr-deref by sock_lock_init_class_and_name() and rmmod. {CVE-2025-23143} - device-dax: correct pgoff align in dax_set_mapping() {CVE-2024-50022} - Revert "net/mlx5e: Update and set Xon/Xoff upon MTU set" - KVM: x86: Take irqfds.lock when adding/deleting IRQ bypass producer - rds: Free all frags when rds_ib_recv_cache_put() fails - bpf/bpf_get,set_sockopt: add option to set TCP-BPF sock ops flags - NFSv4: Don't clear capabilities that won't be reset - power: supply: bq27xxx: restrict no-battery detection to bq27000 - power: supply: bq27xxx: fix error return in case of no bq27000 hdq battery - usb: hub: Fix flushing of delayed work used for post resume purposes - soc: qcom: mdt_loader: Deal with zero e_shentsize - Revert "net/mlx5e: Update and set Xon/Xoff upon port speed set" - LTS tag: v5.4.299 - scsi: lpfc: Fix buffer free/clear order in deferred receive path {CVE-2025-39841} - dmaengine: mediatek: Fix a flag reuse error in mtk_cqdma_tx_status() - cifs: fix integer overflow in match_server() - spi: spi-fsl-lpspi: Reset FIFO and disable module on transfer abort - spi: spi-fsl-lpspi: Set correct chip-select polarity bit - spi: spi-fsl-lpspi: Fix transmissions when using CONT - pcmcia: Add error handling for add_interval() in do_validate_mem() {CVE-2025-39920} - ALSA: hda/hdmi: Add pin fix for another HP EliteDesk 800 G4 model - randstruct: gcc-plugin: Fix attribute addition - randstruct: gcc-plugin: Remove bogus void member - vmxnet3: update MTU after device quiesce - net: dsa: microchip: linearize skb for tail-tagging switches - net: dsa: microchip: update tag_ksz masks for KSZ9477 family - dmaengine: mediatek: Fix a possible deadlock error in mtk_cqdma_tx_status() - ALSA: hda/realtek - Add new HP ZBook laptop with micmute led fixup - gpio: pca953x: fix IRQ storm on system wake up - iio: light: opt3001: fix deadlock due to concurrent flag access {CVE-2025-37968} - iio: chemical: pms7003: use aligned_s64 for timestamp - cpufreq/sched: Explicitly synchronize limits_changed flag handling - mm/slub: avoid accessing metadata when pointer is invalid in object_err() {CVE-2025-39902} - mm/khugepaged: fix ->anon_vma race {CVE-2023-52935} - e1000e: fix heap overflow in e1000_set_eeprom {CVE-2025-39898} - batman-adv: fix OOB read/write in network-coding decode {CVE-2025-39839} - drm/amdgpu: drop hw access in non-DC audio fini - wifi: mwifiex: Initialize the chan_stats array to zero {CVE-2025-39891} - pcmcia: Fix a NULL pointer dereference in __iodyn_find_io_region() {CVE-2025-39846} - ALSA: usb-audio: Add mute TLV for playback volumes on some devices - ppp: fix memory leak in pad_compress_skb {CVE-2025-39847} - net: atm: fix memory leak in atm_register_sysfs when device_register fail - ax25: properly unshare skbs in ax25_kiss_rcv() {CVE-2025-39848} - ipv4: Fix NULL vs error pointer check in inet_blackhole_dev_init() - net: thunder_bgx: add a missing of_node_put - wifi: libertas: cap SSID len in lbs_associate() - wifi: cw1200: cap SSID length in cw1200_do_join() - net: ethernet: mtk_eth_soc: fix tx vlan tag for llc packets - i40e: Fix potential invalid access when MAC list is empty {CVE-2025-39853} - icmp: fix icmp_ndo_send address translation for reply direction - mISDN: Fix memory leak in dsp_hwec_enable() - xirc2ps_cs: fix register access when enabling FullDuplex - Bluetooth: Fix use-after-free in l2cap_sock_cleanup_listen() {CVE-2025-39860} - netfilter: conntrack: helper: Replace -EEXIST by -EBUSY - wifi: cfg80211: fix use-after-free in cmp_bss() {CVE-2025-39864} - powerpc: boot: Remove leading zero in label in udelay() - hugetlbfs: take read_lock on i_mmap for PMD sharing - kallsyms: add module_kallsyms_on_each_symbol_locked - kallsyms: export module_kallsyms_on_each_symbol - clone_private_mnt(): make sure that caller has CAP_SYS_ADMIN in the right userns {CVE-2025-38499} - x86/vmscape: Warn when STIBP is disabled with SMT - x86/bugs: Move cpu_bugs_smt_update() down - x86/vmscape: Enable the mitigation - x86/vmscape: Add conditional IBPB mitigation - x86/vmscape: Add old Intel CPUs to affected list - x86/vmscape: Enumerate VMSCAPE bug - Documentation/hw-vuln: Add VMSCAPE documentation - LTS tag: v5.4.298 - Revert "drm/dp: Change AUX DPCD probe address from DPCD_REV to LANE0_1_STATUS" - net: usb: qmi_wwan: add Telit Cinterion LE910C4-WWX new compositions - Revert "drm/amdgpu: fix incorrect vm flags to map bo" - HID: hid-ntrig: fix unable to handle page fault in ntrig_report_version() {CVE-2025-39808} - HID: wacom: Add a new Art Pen 2 - HID: asus: fix UAF via HID_CLAIMED_INPUT validation {CVE-2025-39824} - efivarfs: Fix slab-out-of-bounds in efivarfs_d_compare {CVE-2025-39817} - sctp: initialize more fields in sctp_v6_from_sk() {CVE-2025-39812} - net: stmmac: xgmac: Do not enable RX FIFO Overflow interrupts - net/mlx5e: Set local Xoff after FW update - net/mlx5e: Update and set Xon/Xoff upon port speed set - net/mlx5e: Update and set Xon/Xoff upon MTU set - net: dlink: fix multicast stats being counted incorrectly - atm: atmtcp: Prevent arbitrary write in atmtcp_recv_control(). {CVE-2025-39828} - net/atm: remove the atmdev_ops {get, set}sockopt methods - Bluetooth: hci_event: Detect if HCI_EV_NUM_COMP_PKTS is unbalanced - powerpc/kvm: Fix ifdef to remove build warning - net: ipv4: fix regression in local-broadcast routes - vhost/net: Protect ubufs with rcu read lock in vhost_net_ubuf_put() - scsi: core: sysfs: Correct sysfs attributes access rights - ftrace: Fix potential warning in trace_printk_seq during ftrace_dump {CVE-2025-39813} - pinctrl: STMFX: add missing HAS_IOMEM dependency - LTS tag: v5.4.297 - alloc_fdtable(): change calling conventions. - s390/hypfs: Enable limited access during lockdown - s390/hypfs: Avoid unnecessary ioctl registration in debugfs - ALSA: usb-audio: Use correct sub-type for UAC3 feature unit validation - net/sched: Remove unnecessary WARNING condition for empty child qdisc in htb_activate - net/sched: Make cake_enqueue return NET_XMIT_CN when past buffer_limit {CVE-2025-39766} - ixgbe: xsk: resolve the negative overflow of budget in ixgbe_xmit_zc - ipv6: sr: validate HMAC algorithm ID in seg6_hmac_info_add - ALSA: usb-audio: Fix size validation in convert_chmap_v3() - scsi: qla4xxx: Prevent a potential error pointer dereference {CVE-2025-39676} - usb: xhci: Fix slot_id resource race conflict - nfs: fix UAF in direct writes {CVE-2024-26958} - NFS: Fix up commit deadlocks - cifs: Fix UAF in cifs_demultiplex_thread() {CVE-2023-52572} - Bluetooth: fix use-after-free in device_for_each_child() {CVE-2024-53237} - act_mirred: use the backlog for nested calls to mirred ingress {CVE-2022-4269} - net/sched: act_mirred: better wording on protection against excessive stack growth - net/sched: act_mirred: refactor the handle of xmit - selftests: forwarding: tc_actions.sh: add matchall mirror test - net: sched: don't expose action qstats to skb_tc_reinsert() - net: sched: extract qstats update code into functions - net: sched: extract bstats update code into function - net: sched: extract common action counters update code into function - mm: perform the mapping_map_writable() check after call_mmap() - mm: update memfd seal write check to include F_SEAL_WRITE - mm: drop the assumption that VM_SHARED always implies writable - codel: remove sch->q.qlen check before qdisc_tree_reduce_backlog() {CVE-2025-37798} - sch_qfq: make qfq_qlen_notify() idempotent - sch_hfsc: make hfsc_qlen_notify() idempotent {CVE-2025-38177} - sch_drr: make drr_qlen_notify() idempotent - btrfs: populate otime when logging an inode item - media: venus: hfi: explicitly release IRQ during teardown - f2fs: fix to avoid out-of-boundary access in dnode page {CVE-2025-38677} - media: venus: protect against spurious interrupts during probe {CVE-2025-39709} - media: qcom: camss: cleanup media device allocated resource on error path - media: venus: vdec: Clamp param smaller than 1fps and bigger than 240. - drm/dp: Change AUX DPCD probe address from DPCD_REV to LANE0_1_STATUS - pwm: mediatek: Fix duty and period setting - pwm: mediatek: Handle hardware enable and clock enable separately - pwm: mediatek: Implement .apply() callback - media: rainshadow-cec: fix TOCTOU race condition in rain_interrupt() {CVE-2025-39713} - media: v4l2-ctrls: Don't reset handler's error in v4l2_ctrl_handler_free() - media: v4l2-ctrls: always copy the controls on completion - ata: Fix SATA_MOBILE_LPM_POLICY description in Kconfig - soc: qcom: mdt_loader: Ensure we don't read past the ELF header {CVE-2025-39787} - rtc: ds1307: handle oscillator stop flag (OSF) for ds1341 - usb: musb: omap2430: fix device leak at unbind - NFS: Fix the setting of capabilities when automounting a new filesystem {CVE-2025-39798} - NFS: Fix up handling of outstanding layoutcommit in nfs_update_inode() - NFSv4: Fix nfs4_bitmap_copy_adjust() - usb: typec: fusb302: cache PD RX state - cdc-acm: fix race between initial clearing halt and open - USB: cdc-acm: do not log successful probe on later errors - mm/kmemleak: avoid deadlock by moving pr_warn() outside kmemleak_lock {CVE-2025-39736} - mm/kmemleak: turn kmemleak_lock and object->lock to raw_spinlock_t - ALSA: scarlett2: Add retry on -EPROTO from scarlett2_usb_tx() - x86/fpu: Delay instruction pointer fixup until after warning - mm/hmm: move pmd_to_hmm_pfn_flags() to the respective #ifdeffery - nfsd: handle get_client_locked() failure in nfsd4_setclientid_confirm() {CVE-2025-38724} - pmdomain: governor: Consider CPU latency tolerance from pm_domain_cpu_gov - tracing: Add down_write(trace_event_sem) when adding trace event {CVE-2025-38539} - usb: hub: Don't try to recover devices lost during warm reset. - usb: hub: avoid warm port reset during USB3 disconnect - x86/mce/amd: Add default names for MCA banks and blocks - iio: hid-sensor-prox: Fix incorrect OFFSET calculation - f2fs: fix to do sanity check on ino and xnid {CVE-2025-38347} - mm/zsmalloc: do not pass __GFP_MOVABLE if CONFIG_COMPACTION=n - mm/zsmalloc.c: convert to use kmem_cache_zalloc in cache_alloc_zspage() - drm/sched: Remove optimization that causes hang when killing dependent jobs - ice: Fix a null pointer dereference in ice_copy_and_init_pkg() {CVE-2025-38664} - net: usbnet: Fix the wrong netif_carrier_on() call - net: usbnet: Avoid potential RCU stall on LINK_CHANGE event - PCI/ACPI: Fix runtime PM ref imbalance on Hot-Plug Capable ports - ACPI: processor: idle: Check acpi_fetch_acpi_dev() return value {CVE-2022-50327} - comedi: Fail COMEDI_INSNLIST ioctl if n_insns is too large {CVE-2025-38481} - comedi: Fix initialization of data for instructions that write to subdevice {CVE-2025-38478} - kbuild: Add KBUILD_CPPFLAGS to as-option invocation - kbuild: add $(CLANG_FLAGS) to KBUILD_CPPFLAGS - kbuild: Add CLANG_FLAGS to as-instr - mips: Include KBUILD_CPPFLAGS in CHECKFLAGS invocation - kbuild: Update assembler calls to use proper flags and language target - ARM: 9448/1: Use an absolute path to unified.h in KBUILD_AFLAGS - usb: dwc3: Ignore late xferNotReady event to prevent halt timeout - USB: storage: Ignore driver CD mode for Realtek multi-mode Wi-Fi dongles - usb: storage: realtek_cr: Use correct byte order for bcs->Residue - USB: storage: Add unusual-devs entry for Novatek NTK96550-based camera - usb: quirks: Add DELAY_INIT quick for another SanDisk 3.2Gen1 Flash Drive - iio: proximity: isl29501: fix buffered read on big-endian systems - ftrace: Also allocate and copy hash for reading of filter files {CVE-2025-39689} - fpga: zynq_fpga: Fix the wrong usage of dma_map_sgtable() - use uniform permission checks for all mount propagation changes - move_mount: allow to add a mount into an existing group - fs/buffer: fix use-after-free when call bh_read() helper {CVE-2025-39691} - drm/amd/display: Find first CRTC and its line time in dce110_fill_display_configs - drm/amd/display: Fix fractional fb divider in set_pixel_clock_v3 - memstick: Fix deadlock by moving removing flag earlier - media: venus: Add a check for packet size after reading from shared memory {CVE-2025-39710} - media: ov2659: Fix memory leaks in ov2659_probe() - media: usbtv: Lock resolution while streaming {CVE-2025-39714} - media: imx: fix a potential memory leak in imx_media_csc_scaler_device_init() - media: gspca: Add bounds checking to firmware parser - soc/tegra: pmc: Ensure power-domains are in a known state - jbd2: prevent softlockup in jbd2_log_do_checkpoint() {CVE-2025-39782} - PCI: endpoint: Fix configfs group removal on driver teardown - PCI: endpoint: Fix configfs group list head handling {CVE-2025-39783} - mtd: rawnand: fsmc: Add missing check after DMA map - pwm: imx-tpm: Reset counter if CMOD is 0 - wifi: brcmsmac: Remove const from tbl_ptr parameter in wlc_lcnphy_common_read_table() - zynq_fpga: use sgtable-based scatterlist wrappers - ata: libata-scsi: Fix ata_to_sense_error() status handling - ext4: fix reserved gdt blocks handling in fsmap - ext4: fix fsmap end of range reporting with bigalloc - ext4: check fast symlink for ea_inode correctly - vt: defkeymap: Map keycodes above 127 to K_HOLE - vt: keyboard: Don't process Unicode characters in K_OFF mode - usb: dwc3: meson-g12a: fix device leaks at unbind - usb: gadget: udc: renesas_usb3: fix device leak at unbind - usb: atm: cxacru: Merge cxacru_upload_firmware() into cxacru_heavy_init() - m68k: Fix lost column on framebuffer debug console - cpufreq: armada-8k: Fix off by one in armada_8k_cpufreq_free_table() - serial: 8250: fix panic due to PSLVERR {CVE-2025-39724} - media: uvcvideo: Do not mark valid metadata as invalid - media: uvcvideo: Fix 1-byte out-of-bounds read in uvc_parse_format() {CVE-2025-38680} - mm/kmemleak: avoid soft lockup in __kmemleak_do_cleanup() {CVE-2025-39737} - parisc: Makefile: fix a typo in palo.conf - btrfs: fix log tree replay failure due to file with 0 links and extents - thunderbolt: Fix copy+paste error in match_service_id() - comedi: fix race between polling and detaching {CVE-2025-38687} - misc: rtsx: usb: Ensure mmc child device is active when card is present - drm/amdgpu: fix incorrect vm flags to map bo - scsi: lpfc: Remove redundant assignment to avoid memory leak - rtc: ds1307: remove clear of oscillator stop flag (OSF) in probe - pNFS: Fix uninited ptr deref in block/scsi layout {CVE-2025-38691} - pNFS: Handle RPC size limit for layoutcommits - pNFS: Fix disk addr range check in block/scsi layout - pNFS: Fix stripe mapping in block/scsi layout - net: phy: smsc: add proper reset flags for LAN8710A - ipmi: Fix strcpy source and destination the same - kconfig: lxdialog: fix 'space' to (de)select options - kconfig: gconf: fix potential memory leak in renderer_edited() - kconfig: gconf: avoid hardcoding model2 in on_treeview2_cursor_changed() - ipmi: Use dev_warn_ratelimited() for incorrect message warnings - scsi: aacraid: Stop using PCI_IRQ_AFFINITY - scsi: Fix sas_user_scan() to handle wildcard and multi-channel scans - kconfig: nconf: Ensure null termination where strncpy is used - kconfig: lxdialog: replace strcpy() with strncpy() in inputbox.c - i3c: don't fail if GETHDRCAP is unsupported - PCI: pnv_php: Work around switches with broken presence detection - i3c: add missing include to internal header - media: uvcvideo: Fix bandwidth issue for Alcor camera - media: dvb-frontends: w7090p: fix null-ptr-deref in w7090p_tuner_write_serpar and w7090p_tuner_read_serpar {CVE-2025-38693} - media: dvb-frontends: dib7090p: fix null-ptr-deref in dib7090p_rw_on_apb() {CVE-2025-38694} - media: usb: hdpvr: disable zero-length read messages - media: tc358743: Increase FIFO trigger level to 374 - media: tc358743: Return an appropriate colorspace from tc358743_set_fmt - media: tc358743: Check I2C succeeded during probe - pinctrl: stm32: Manage irq affinity settings - scsi: mpt3sas: Correctly handle ATA device errors - scsi: lpfc: Check for hdwq null ptr when cleaning up lpfc_vport structure {CVE-2025-38695} - RDMA: hfi1: fix possible divide-by-zero in find_hw_thread_mask() {CVE-2025-39742} - MIPS: Don't crash in stack_top() for tasks without ABI or vDSO {CVE-2025-38696} - jfs: upper bound check of tree index in dbAllocAG {CVE-2025-38697} - jfs: Regular file corruption check {CVE-2025-38698} - jfs: truncate good inode pages when hard link is 0 {CVE-2025-39743} - scsi: bfa: Double-free fix {CVE-2025-38699} - MIPS: vpe-mt: add missing prototypes for vpe_{alloc,start,stop,free} - watchdog: dw_wdt: Fix default timeout - fs/orangefs: use snprintf() instead of sprintf() - scsi: libiscsi: Initialize iscsi_conn->dd_data only if memory is allocated {CVE-2025-38700} - ext4: do not BUG when INLINE_DATA_FL lacks system.data xattr {CVE-2025-38701} - cifs: Fix calling CIFSFindFirst() for root path without msearch - vhost: fail early when __vhost_add_used() fails - net: dsa: b53: fix IP_MULTICAST_CTRL on BCM5325 - uapi: in6: restore visibility of most IPv6 socket options - net: ncsi: Fix buffer overflow in fetching version id - net: dsa: b53: prevent SWITCH_CTRL access on BCM5325 - net: dsa: b53: fix b53_imp_vlan_setup for BCM5325 - net: vlan: Replace BUG() with WARN_ON_ONCE() in vlan_dev_* stubs - wifi: iwlegacy: Check rate_idx range after addition - netmem: fix skb_frag_address_safe with unreadable skbs - wifi: rtlwifi: fix possible skb memory leak in `_rtl_pci_rx_interrupt()`. - wifi: iwlwifi: fw: Fix possible memory leak in iwl_fw_dbg_collect - wifi: iwlwifi: dvm: fix potential overflow in rs_fill_link_cmd() - net: fec: allow disable coalescing - (powerpc/512) Fix possible `dma_unmap_single()` on uninitialized pointer - s390/stp: Remove udelay from stp_sync_clock() - wifi: iwlwifi: mvm: fix scan request validation - net: thunderx: Fix format-truncation warning in bgx_acpi_match_id() - net: ipv4: fix incorrect MTU in broadcast routes - wifi: cfg80211: Fix interface type validation - rcu: Protect ->defer_qs_iw_pending from data race {CVE-2025-39749} - net: ag71xx: Add missing check after DMA map - et131x: Add missing check after DMA map - be2net: Use correct byte order and format string for TCP seq and ack_seq - s390/time: Use monotonic clock in get_cycles() - wifi: cfg80211: reject HTC bit for management frames - ktest.pl: Prevent recursion of default variable options - ASoC: codecs: rt5640: Retry DEVICE_ID verification - ALSA: usb-audio: Avoid precedence issues in mixer_quirks macros - ALSA: hda/ca0132: Fix buffer overflow in add_tuning_control {CVE-2025-39751} - platform/x86: thinkpad_acpi: Handle KCOV __init vs inline mismatches - pm: cpupower: Fix the snapshot-order of tsc,mperf, clock in mperf_stop() - usb: core: usb_submit_urb: downgrade type check - ALSA: intel8x0: Fix incorrect codec index usage in mixer for ICH4 - ASoC: hdac_hdmi: Rate limit logging on connection and disconnection - mmc: rtsx_usb_sdmmc: Fix error-path in sd_set_power_mode() - ACPI: APEI: GHES: add TAINT_MACHINE_CHECK on GHES panic path - ACPI: processor: fix acpi_object initialization - PM: sleep: console: Fix the black screen issue - thermal: sysfs: Return ENODATA instead of EAGAIN for reads - PM: runtime: Clear power.needs_force_resume in pm_runtime_reinit() - selftests: tracing: Use mutex_unlock for testing glob filter - ARM: tegra: Use I/O memcpy to write to IRAM {CVE-2025-39794} - gpio: tps65912: check the return value of regmap_update_bits() - ASoC: soc-dapm: set bias_level if snd_soc_dapm_set_bias_level() was successed - ARM: rockchip: fix kernel hang during smp initialization {CVE-2025-39752} - cpufreq: Exit governor when failed to start old governor - usb: xhci: Avoid showing errors during surprise removal - usb: xhci: Set avg_trb_len = 8 for EP0 during Address Device Command - usb: xhci: Avoid showing warnings for dying controller - selftests/futex: Define SYS_futex on 32-bit architectures with 64-bit time_t - usb: xhci: print xhci->xhc_state when queue_command failed - securityfs: don't pin dentries twice, once is enough... - hfs: fix not erasing deleted b-tree node issue - drbd: add missing kref_get in handle_write_conflicts {CVE-2025-38708} - udf: Verify partition map count - arm64: Handle KCOV __init vs inline mismatches - hfsplus: don't use BUG_ON() in hfsplus_create_attributes_file() {CVE-2025-38712} - hfsplus: fix slab-out-of-bounds read in hfsplus_uni2asc() {CVE-2025-40082} - hfsplus: fix slab-out-of-bounds in hfsplus_bnode_read() {CVE-2025-38714} - hfs: fix slab-out-of-bounds in hfs_bnode_read() {CVE-2025-38715} - sctp: linearize cloned gso packets in sctp_rcv {CVE-2025-38718} - netfilter: ctnetlink: fix refcount leak on table dump {CVE-2025-38721} - udp: also consider secpath when evaluating ipsec use for checksumming - ACPI: processor: perflib: Move problematic pr->performance check {CVE-2025-39799} - ACPI: processor: perflib: Fix initial _PPC limit application - Documentation: ACPI: Fix parent device references - fs: Prevent file descriptor table allocations exceeding INT_MAX {CVE-2025-39756} - sunvdc: Balance device refcount in vdc_port_mpgroup_check - NFSD: detect mismatch of file handle and delegation stateid in OPEN op - net: dpaa: fix device leak when querying time stamp info - net: gianfar: fix device leak when querying time stamp info - netlink: avoid infinite retry looping in netlink_unicast() {CVE-2025-38727} - ALSA: usb-audio: Validate UAC3 cluster segment descriptors {CVE-2025-39757} - ALSA: usb-audio: Validate UAC3 power domain descriptors, too {CVE-2025-38729} - io_uring: don't use int for ABI - usb: gadget : fix use-after-free in composite_dev_cleanup() {CVE-2025-38555} - MIPS: mm: tlb-r4k: Uniquify TLB entries on init - USB: serial: option: add Foxconn T99W709 - vsock: Do not allow binding to VMADDR_PORT_ANY {CVE-2025-38618} - net/packet: fix a race in packet_set_ring() and packet_notifier() {CVE-2025-38617} - perf/core: Prevent VMA split of buffer mappings {CVE-2025-38563} - perf/core: Exit early on perf_mmap() fail {CVE-2025-38565} - perf/core: Don't leak AUX buffer refcount on allocation failure - pptp: fix pptp_xmit() error path - smb: client: let recv_done() cleanup before notifying the callers. - benet: fix BUG when creating VFs {CVE-2025-38569} - net: drop UFO packets in udp_rcv_segment() {CVE-2025-38622} - ipv6: reject malicious packets in ipv6_gso_segment() {CVE-2025-38572} - pptp: ensure minimal skb length in pptp_xmit() {CVE-2025-38574} - netpoll: prevent hanging NAPI when netcons gets enabled - NFS: Fix filehandle bounds checking in nfs_fh_to_dentry() {CVE-2025-39730} - pci/hotplug/pnv-php: Wrap warnings in macro - pci/hotplug/pnv-php: Improve error msg on power state change failure - usb: chipidea: udc: fix sleeping function called from invalid context - f2fs: fix to avoid out-of-boundary access in devs.path {CVE-2025-38652} - f2fs: fix to avoid panic in f2fs_evict_inode {CVE-2025-38577} - f2fs: fix to avoid UAF in f2fs_sync_inode_meta() {CVE-2025-38578} - rtc: pcf8563: fix incorrect maximum clock rate handling - rtc: hym8563: fix incorrect maximum clock rate handling - rtc: ds1307: fix incorrect maximum clock rate handling - module: Restore the moduleparam prefix length check - bpf: Check flow_dissector ctx accesses are aligned - mtd: rawnand: atmel: set pmecc data setup time - mtd: rawnand: atmel: Fix dma_mapping_error() address - jfs: fix metapage reference count leak in dbAllocCtl - fbdev: imxfb: Check fb_add_videomode to prevent null-ptr-deref {CVE-2025-38630} - crypto: qat - fix seq_file position update in adf_ring_next() - dmaengine: nbpfaxi: Add missing check after DMA map - dmaengine: mv_xor: Fix missing check after DMA map and missing unmap - fs/orangefs: Allow 2 more characters in do_c_string() - soundwire: stream: restore params when prepare ports fail - crypto: img-hash - Fix dma_unmap_sg() nents value - hwrng: mtk - handle devm_pm_runtime_enable errors - watchdog: ziirave_wdt: check record length in ziirave_firm_verify() - scsi: isci: Fix dma_unmap_sg() nents value - scsi: mvsas: Fix dma_unmap_sg() nents value - scsi: ibmvscsi_tgt: Fix dma_unmap_sg() nents value - clk: sunxi-ng: v3s: Fix de clock definition - perf tests bp_account: Fix leaked file descriptor - crypto: ccp - Fix crash when rebind ccp device for ccp.ko {CVE-2025-38581} - pinctrl: sunxi: Fix memory leak on krealloc failure - power: supply: max14577: Handle NULL pdata when CONFIG_OF is not set - clk: davinci: Add NULL check in davinci_lpsc_clk_register() {CVE-2025-38635} - mtd: fix possible integer overflow in erase_xfer() - crypto: marvell/cesa - Fix engine load inaccuracy - PCI: rockchip-host: Fix "Unexpected Completion" log message - vrf: Drop existing dst reference in vrf_ip6_input_dst - selftests: rtnetlink.sh: remove esp4_offload after test - netfilter: xt_nfacct: don't assume acct name is null-terminated {CVE-2025-38639} - can: kvaser_usb: Assign netdev.dev_port based on device channel index - can: kvaser_pciefd: Store device channel index - wifi: brcmfmac: fix P2P discovery failure in P2P peer due to missing P2P IE - mwl8k: Add missing check after DMA map - wifi: rtl8xxxu: Fix RX skb size for aggregation disabled - net/sched: Restrict conditions for adding duplicating netems to qdisc tree {CVE-2025-38553} - arch: powerpc: defconfig: Drop obsolete CONFIG_NET_CLS_TCINDEX - drm/amd/pm/powerplay/hwmgr/smu_helper: fix order of mask and value - m68k: Don't unregister boot console needlessly - tcp: fix tcp_ofo_queue() to avoid including too much DUP SACK range - iwlwifi: Add missing check for alloc_ordered_workqueue {CVE-2025-38656} - wifi: iwlwifi: Fix memory leak in iwl_mvm_init() - wifi: rtl818x: Kill URBs before clearing tx status queue {CVE-2025-38604} - caif: reduce stack size, again - bpftool: Fix memory leak in dump_xx_nlmsg on realloc failure - bpf, ktls: Fix data corruption when using bpf_msg_pop_data() in ktls {CVE-2025-38608} - staging: nvec: Fix incorrect null termination of battery manufacturer - samples: mei: Fix building on musl libc - cpufreq: Init policy->rwsem before it may be possibly used - ARM: dts: imx6ul-kontron-bl-common: Fix RTS polarity for RS485 interface - usb: early: xhci-dbc: Fix early_ioremap leak - Revert "vmci: Prevent the dispatching of uninitialized payloads" {CVE-2025-38611} - pps: fix poll support - vmci: Prevent the dispatching of uninitialized payloads {CVE-2025-38611} - staging: fbtft: fix potential memory leak in fbtft_framebuffer_alloc() {CVE-2025-38612} - ARM: dts: vfxxx: Correctly use two tuples for timer address - hfsplus: remove mutex_lock check in hfsplus_free_extents {CVE-2025-38650} - ASoC: Intel: fix SND_SOC_SOF dependencies - ethernet: intel: fix building with large NR_CPUS - usb: phy: mxs: disconnect line when USB charger is attached - usb: chipidea: add USB PHY event - usb: chipidea: introduce CI_HDRC_CONTROLLER_VBUS_EVENT glue layer use - usb: chipidea: udc: protect usb interrupt enable - usb: chipidea: udc: add new API ci_hdrc_gadget_connect - ALSA: hda: Add missing NVIDIA HDA codec IDs - comedi: comedi_test: Fix possible deletion of uninitialized timers - nilfs2: reject invalid file types when reading inodes {CVE-2025-38663} - i2c: qup: jump out of the loop in case of timeout {CVE-2025-38671} - net/sched: sch_qfq: Avoid triggering might_sleep in atomic context in qfq_delete_class - net: appletalk: Fix use-after-free in AARP proxy probe {CVE-2025-38666} - net: appletalk: fix kerneldoc warnings - RDMA/core: Rate limit GID cache warning messages - regulator: core: fix NULL dereference on unbind due to stale coupling data {CVE-2025-38668} - usb: hub: Fix flushing and scheduling of delayed work that tunes runtime pm - usb: hub: fix detection of high tier USB3 devices behind suspended hubs - net_sched: sch_sfq: reject invalid perturb period {CVE-2025-38193} - power: supply: bq24190: Fix use after free bug in bq24190_remove due to race condition {CVE-2023-33288} - power: supply: bq24190_charger: using pm_runtime_resume_and_get instead of pm_runtime_get_sync - power: supply: bq24190_charger: Fix runtime PM imbalance on error - xhci: Disable stream for xHC controller with XHCI_BROKEN_STREAMS - virtio-net: ensure the received length does not exceed allocated size {CVE-2025-38375} - ASoC: fsl_sai: Force a software reset when starting in consumer mode - usb: dwc3: qcom: Don't leave BCR asserted - usb: musb: fix gadget state on disconnect - net/sched: Return NULL when htb_lookup_leaf encounters an empty rbtree {CVE-2025-38468} - net: vlan: fix VLAN 0 refcount imbalance of toggling filtering during runtime {CVE-2025-38470} - Bluetooth: L2CAP: Fix attempting to adjust outgoing MTU - Bluetooth: SMP: Fix using HCI_ERROR_REMOTE_USER_TERM on timeout - Bluetooth: SMP: If an unallowed command is received consider it a failure - Bluetooth: Fix null-ptr-deref in l2cap_sock_resume_cb() {CVE-2025-38473} - usb: net: sierra: check for no status endpoint {CVE-2025-38474} - net/sched: sch_qfq: Fix race condition on qfq_aggregate {CVE-2025-38477} - net: emaclite: Fix missing pointer increment in aligned_read() - comedi: Fix use of uninitialized data in insn_rw_emulate_bits() {CVE-2025-38480} - comedi: Fix some signed shift left operations - comedi: das6402: Fix bit shift out of bounds {CVE-2025-38482} - comedi: das16m1: Fix bit shift out of bounds {CVE-2025-38483} - comedi: aio_iiro_16: Fix bit shift out of bounds {CVE-2025-38529} - comedi: pcl812: Fix bit shift out of bounds {CVE-2025-38530} - iio: adc: stm32-adc: Fix race in installing chained IRQ handler - iio: adc: max1363: Reorder mode_list[] entries - iio: adc: max1363: Fix MAX1363_4X_CHANS/MAX1363_8X_CHANS[] - soc: aspeed: lpc-snoop: Don't disable channels that aren't enabled {CVE-2025-38487} - soc: aspeed: lpc-snoop: Cleanup resources in stack-order - mmc: sdhci_am654: Workaround for Errata i2312 - mmc: sdhci-pci: Quirk for broken command queuing on Intel GLK-based Positivo models - mmc: bcm2835: Fix dma_unmap_sg() nents value - memstick: core: Zero initialize id_reg in h_memstick_read_dev_id() - isofs: Verify inode mode when loading from disk - dmaengine: nbpfaxi: Fix memory corruption in probe() {CVE-2025-38538} - af_packet: fix soft lockup issue caused by tpacket_snd() - af_packet: fix the SO_SNDTIMEO constraint not effective on tpacked_snd() - phonet/pep: Move call to pn_skb_get_dst_sockaddr() earlier in pep_sock_accept() - HID: core: do not bypass hid_hw_raw_request {CVE-2025-38494} - HID: core: ensure __hid_request reserves the report ID as the first byte - HID: core: ensure the allocated report buffer can contain the reserved report ID {CVE-2025-38495} - pch_uart: Fix dma_sync_sg_for_device() nents value - Input: xpad - set correct controller type for Acer NGR200 - i2c: stm32: fix the device used for the DMA map - usb: gadget: configfs: Fix OOB read on empty string write {CVE-2025-38497} - USB: serial: ftdi_sio: add support for NDI EMGUIDE GEMINI - USB: serial: option: add Foxconn T99W640 - USB: serial: option: add Telit Cinterion FE910C04 (ECM) composition - LTS tag: v5.4.296 - x86/mm: Disable hugetlb page table sharing on 32-bit - Input: atkbd - do not skip atkbd_deactivate() when skipping ATKBD_CMD_GETID - HID: quirks: Add quirk for 2 Chicony Electronics HP 5MP Cameras {CVE-2025-38540} - HID: Add IGNORE quirk for SMARTLINKTECHNOLOGY - vt: add missing notification when switching back to text mode - net: usb: qmi_wwan: add SIMCom 8230C composition - atm: idt77252: Add missing `dma_map_error()` - bnxt_en: Set DMA unmap len correctly for XDP_REDIRECT {CVE-2025-38439} - bnxt_en: Fix DCB ETS validation - can: m_can: m_can_handle_lost_msg(): downgrade msg lost in rx message to debug level - net: phy: microchip: limit 100M workaround to link-down events on LAN88xx - net: appletalk: Fix device refcount leak in atrtr_create() {CVE-2025-38542} - md/raid1: Fix stack memory use after return in raid1_reshape {CVE-2025-38445} - wifi: zd1211rw: Fix potential NULL pointer dereference in zd_mac_tx_to_dev() {CVE-2025-38513} - dma-buf: fix timeout handling in dma_resv_wait_timeout v2 - Input: xpad - support Acer NGR 200 Controller - Input: xpad - add VID for Turtle Beach controllers - Input: xpad - add support for Amazon Game Controller - NFSv4/flexfiles: Fix handling of NFS level errors in I/O - flexfiles/pNFS: update stats on NFS4ERR_DELAY for v4.1 DSes - RDMA/mlx5: Fix vport loopback for MPV device - netlink: Fix rmem check in netlink_broadcast_deliver(). - netlink: make sure we allow at least one dump skb - Revert "ACPI: battery: negate current when discharging" - usb: gadget: u_serial: Fix race condition in TTY wakeup {CVE-2025-38448} - drm/sched: Increment job count before swapping tail spsc queue {CVE-2025-38515} - pinctrl: qcom: msm: mark certain pins as invalid for interrupts {CVE-2025-38516} - x86/mce: Make sure CMCI banks are cleared during shutdown on Intel - x86/mce: Don't remove sysfs if thresholding sysfs init fails - x86/mce/amd: Fix threshold limit reset - rxrpc: Fix oops due to non-existence of prealloc backlog struct {CVE-2025-38514} - net/sched: Abort __tc_modify_qdisc if parent class does not exist {CVE-2025-38457} - atm: clip: Fix NULL pointer dereference in vcc_sendmsg() {CVE-2025-38458} - atm: clip: Fix infinite recursive call of clip_push(). {CVE-2025-38459} - atm: clip: Fix memory leak of struct clip_vcc. {CVE-2025-38546} - atm: clip: Fix potential null-ptr-deref in to_atmarpd(). {CVE-2025-38460} - tipc: Fix use-after-free in tipc_conn_close(). {CVE-2025-38464} - netlink: Fix wraparounds of sk->sk_rmem_alloc. {CVE-2025-38465} - fix proc_sys_compare() handling of in-lookup dentries - proc: Clear the pieces of proc_inode that proc_evict_inode cares about - drm/exynos: exynos7_drm_decon: add vblank check in IRQ handling {CVE-2025-38467} - staging: rtl8723bs: Avoid memset() in aes_cipher() and aes_decipher() - media: uvcvideo: Rollback non processed entities on error - media: uvcvideo: Send control events for partial succeeds - media: uvcvideo: Return the number of processed controls - ACPI: PAD: fix crash in exit_round_robin() {CVE-2024-49935} - usb: typec: displayport: Fix potential deadlock {CVE-2025-38404} - Logitech C-270 even more broken - rose: fix dangling neighbour pointers in rose_rt_device_down() {CVE-2025-38377} - net: rose: Fix fall-through warnings for Clang - drm/i915/gt: Fix timeline left held on VMA alloc error {CVE-2025-38389} - drm/i915/selftests: Change mock_request() to return error pointers - spi: spi-fsl-dspi: Clear completion counter before initiating transfer - spi: spi-fsl-dspi: Fix interrupt-less DMA mode taking an XSPI code path - spi: spi-fsl-dspi: Rename fifo_{read,write} and {tx,cmd}_fifo_write - dpaa2-eth: fix xdp_rxq_info leak - ethernet: atl1: Add missing DMA mapping error checks and count errors - btrfs: use btrfs_record_snapshot_destroy() during rmdir - btrfs: propagate last_unlink_trans earlier when doing a rmdir - RDMA/mlx5: Fix CC counters query for MPV - RDMA/core: Create and destroy counters in the ib_core - scsi: ufs: core: Fix spelling of a sysfs attribute name - drm/v3d: Disable interrupts before resetting the GPU {CVE-2025-38371} - mtk-sd: reset host->mrq on prepare_data() error - mtk-sd: Prevent memory corruption from DMA map failure {CVE-2025-38401} - mmc: mediatek: use data instead of mrq parameter from msdc_{un}prepare_data() - regulator: gpio: Fix the out-of-bounds access to drvdata::gpiods {CVE-2025-38395} - regulator: gpio: Add input_supply support in gpio_regulator_config - ACPICA: Refuse to evaluate a method if arguments are missing {CVE-2025-38386} - wifi: ath6kl: remove WARN on bad firmware input {CVE-2025-38406} - wifi: mac80211: drop invalid source address OCB frames - powerpc: Fix struct termio related ioctl macros - ata: pata_cs5536: fix build on 32-bit UML - ALSA: sb: Force to disable DMAs once when DMA mode is changed - nui: Fix dma_mapping_error() check - enic: fix incorrect MTU comparison in enic_change_mtu() - amd-xgbe: align CL37 AN sequence as per databook - lib: test_objagg: Set error message in check_expect_hints_stats() - drm/exynos: fimd: Guard display clock control with runtime PM calls - btrfs: fix missing error handling when searching for inode refs during log replay - scsi: qla4xxx: Fix missing DMA mapping error in qla4xxx_alloc_pdu() - nfs: Clean up /proc/net/rpc/nfs when nfs_fs_proc_net_init() fails. {CVE-2025-38400} - RDMA/mlx5: Initialize obj_event->obj_sub_list before xa_insert {CVE-2025-38387} - platform/mellanox: mlxbf-tmfifo: fix vring_desc.len assignment - mtk-sd: Fix a pagefault in dma_unmap_sg() for not prepared data - usb: typec: altmodes/displayport: do not index invalid pin_assignments {CVE-2025-38391} - mmc: sdhci: Add a helper function for dump register in dynamic debug mode - vsock/vmci: Clear the vmci transport packet properly when initializing it {CVE-2025-38403} - btrfs: don't abort filesystem when attempting to snapshot deleted subvolume {CVE-2024-26644} - arm64: Restrict pagetable teardown to avoid false warning - s390: Add '-std=gnu11' to decompressor and purgatory CFLAGS - drm/bridge: cdns-dsi: Check return value when getting default PHY config - drm/bridge: cdns-dsi: Fix connecting to next bridge - drm/bridge: cdns-dsi: Fix the clock variable for mode_valid() - drm/tegra: Assign plane type before registration - HID: wacom: fix kobject reference count leak - HID: wacom: fix memory leak on sysfs attribute creation failure - HID: wacom: fix memory leak on kobject creation failure - dm-raid: fix variable in journal device check - Bluetooth: L2CAP: Fix L2CAP MTU negotiation - atm: Release atm_dev_mutex after removing procfs in atm_dev_deregister(). {CVE-2025-38245} - net: enetc: Correct endianness handling in _enetc_rd_reg64 - um: ubd: Add missing error check in start_io_thread() - vsock/uapi: fix linux/vm_sockets.h userspace compilation errors - wifi: mac80211: fix beacon interval calculation overflow - attach_recursive_mnt(): do not lock the covering tree when sliding something under it - ALSA: usb-audio: Fix out-of-bounds read in snd_usb_get_audioformat_uac3() {CVE-2025-38249} - i2c: robotfuzz-osif: disable zero-length read messages - i2c: tiny-usb: disable zero-length read messages - RDMA/iwcm: Fix use-after-free of work objects after cm_id destruction {CVE-2025-38211} - RDMA/core: Use refcount_t instead of atomic_t on refcount of iwcm_id_private - media: vivid: Change the siize of the composing {CVE-2025-38226} - media: omap3isp: use sgtable-based scatterlist wrappers - media: cxusb: no longer judge rbuf when the write fails {CVE-2025-38229} - media: cxusb: use dev_dbg() rather than hand-rolled debug - jfs: validate AG parameters in dbMount() to prevent crashes {CVE-2025-38230} - fs/jfs: consolidate sanity checking in dbMount - ASoC: meson: meson-card-utils: use of_property_present() for DT parsing - of: Add of_property_present() helper - of: property: define of_property_read_u{8,16,32,64}_array() unconditionally - kbuild: hdrcheck: fix cross build with clang - kbuild: add --target to correctly cross-compile UAPI headers with Clang - bpfilter: match bit size of bpfilter_umh to that of the kernel - kbuild: use -MMD instead of -MD to exclude system headers from dependency - VMCI: fix race between vmci_host_setup_notify and vmci_ctx_unset_notify {CVE-2025-38102} - VMCI: check context->notify_page after call to get_user_pages_fast() to avoid GPF {CVE-2023-53259} - ovl: Check for NULL d_inode() in ovl_dentry_upper() - ceph: fix possible integer overflow in ceph_zero_objects() - ALSA: hda: Ignore unsol events for cards being shut down - usb: typec: displayport: Receive DP Status Update NAK request exit dp altmode {CVE-2025-38404} - usb: cdc-wdm: avoid setting WDM_READ for ZLP-s - usb: Add checks for snprintf() calls in usb_alloc_dev() - tty: serial: uartlite: register uart driver in init {CVE-2025-38262} - usb: potential integer overflow in usbg_make_tpg() - iio: pressure: zpa2326: Use aligned_s64 for the timestamp - md/md-bitmap: fix dm-raid max_write_behind setting - dmaengine: xilinx_dma: Set dma_device directions - mfd: max14577: Fix wakeup source leaks on device unbind - mailbox: Not protect module_put with spin_lock_irqsave - cifs: Fix cifs_query_path_info() for Windows NT servers - net/rds: Fix rs_recv_pending counting issue - LTS tag: v5.4.301 - net: rtnetlink: fix module reference count leak issue in rtnetlink_rcv_msg - media: s5p-mfc: remove an unused/uninitialized variable - NFSD: Fix last write offset handling in layoutcommit - NFSD: Minor cleanup in layoutcommit processing - padata: Reset next CPU when reorder sequence wraps around - KEYS: trusted_tpm1: Compare HMAC values in constant time - NFSD: Define a proc_layoutcommit for the FlexFiles layout type - vfs: Don't leak disconnected dentries on umount - jbd2: ensure that all ongoing I/O complete before freeing blocks - ext4: detect invalid INLINE_DATA + EXTENTS flag combination - drm/amdgpu: use atomic functions with memory barriers for vm fault info - ext4: avoid potential buffer over-read in parse_apply_sb_mount_options() - spi: cadence-quadspi: Flush posted register writes before DAC access - spi: cadence-quadspi: Flush posted register writes before INDAC access - memory: samsung: exynos-srom: Fix of_iomap leak in exynos_srom_probe - memory: samsung: exynos-srom: Correct alignment - arm64: errata: Apply workarounds for Neoverse-V3AE - arm64: cputype: Add Neoverse-V3AE definitions - comedi: fix divide-by-zero in comedi_buf_munge() - binder: remove "invalid inc weak" check - xhci: dbc: enable back DbC in resume if it was enabled before suspend - usb/core/quirks: Add Huawei ME906S to wakeup quirk - USB: serial: option: add Telit FN920C04 ECM compositions - USB: serial: option: add Quectel RG255C - USB: serial: option: add UNISOC UIS7720 - net: ravb: Ensure memory write completes before ringing TX doorbell - net: usb: rtl8150: Fix frame padding - ocfs2: clear extent cache after moving/defragmenting extents - MIPS: Malta: Fix keyboard resource preventing i8042 driver from registering - Revert "cpuidle: menu: Avoid discarding useful information" - net: bonding: fix possible peer notify event loss or dup issue - sctp: avoid NULL dereference when chunk data buffer is missing - arm64, mm: avoid always making PTE dirty in pte_mkwrite() - net: enetc: correct the value of ENETC_RXB_TRUESIZE - rtnetlink: Allow deleting FDB entries in user namespace - net: rtnetlink: add NLM_F_BULK support to rtnl_fdb_del - net: add ndo_fdb_del_bulk - net: rtnetlink: add bulk delete support flag - net: netlink: add NLM_F_BULK delete request modifier - net: rtnetlink: use BIT for flag values - net: rtnetlink: add helper to extract msg type's kind - net: rtnetlink: add msg kind names - net: rtnetlink: remove redundant assignment to variable err - m68k: bitops: Fix find_*_bit() signatures - hfsplus: return EIO when type of hidden directory mismatch in hfsplus_fill_super() - hfs: fix KMSAN uninit-value issue in hfs_find_set_zero_bits() - dlm: check for defined force value in dlm_lockspace_release - hfsplus: fix KMSAN uninit-value issue in hfsplus_delete_cat() - hfs: validate record offset in hfsplus_bmap_alloc - hfsplus: fix KMSAN uninit-value issue in __hfsplus_ext_cache_extent() - hfs: make proper initalization of struct hfs_find_data - hfs: clear offset and space out of valid records in b-tree node - exec: Fix incorrect type for ret - hfsplus: fix slab-out-of-bounds read in hfsplus_strcasecmp() - ALSA: firewire: amdtp-stream: fix enum kernel-doc warnings - sched/fair: Fix pelt lost idle time detection - sched/balancing: Rename newidle_balance() => sched_balance_newidle() - sched/fair: Trivial correction of the newidle_balance() comment - sched: Make newidle_balance() static again - tls: don't rely on tx_work during send() - tls: always set record_type in tls_process_cmsg - tg3: prevent use of uninitialized remote_adv and local_adv variables - tcp: fix tcp_tso_should_defer() vs large RTT - amd-xgbe: Avoid spurious link down messages during interface toggle - net/ip6_tunnel: Prevent perpetual tunnel growth - net: dlink: handle dma_map_single() failure properly - net: dl2k: switch from 'pci_' to 'dma_' API - media: pci: ivtv: Add missing check after DMA map - media: pci/ivtv: switch from 'pci_' to 'dma_' API - xen/events: Update virq_to_irq on migration - media: lirc: Fix error handling in lirc_register() - media: rc: Directly use ida_free() - drm/exynos: exynos7_drm_decon: remove ctx->suspended - btrfs: avoid potential out-of-bounds in btrfs_encode_fh() - pwm: berlin: Fix wrong register in suspend/resume - media: cx18: Add missing check after DMA map - xen/events: Cleanup find_virq() return codes - cramfs: Verify inode mode when loading from disk - fs: Add 'initramfs_options' to set initramfs mount options - pid: Add a judgment for ns null in pid_nr_ns - minixfs: Verify inode mode when loading from disk - tracing: Fix race condition in kprobe initialization causing NULL pointer dereference - dm: fix NULL pointer dereference in __dm_suspend() - mfd: intel_soc_pmic_chtdc_ti: Set use_single_read regmap_config flag - mfd: intel_soc_pmic_chtdc_ti: Drop unneeded assignment for cache_type - mfd: intel_soc_pmic_chtdc_ti: Fix invalid regmap-config max_register value - Squashfs: reject negative file sizes in squashfs_read_inode() - Squashfs: add additional inode sanity checking - media: mc: Clear minor number before put device - mfd: vexpress-sysreg: Check the return value of devm_gpiochip_add_data() - fs: udf: fix OOB read in lengthAllocDescs handling - KVM: x86: Don't (re)check L1 intercepts when completing userspace I/O - net/9p: fix double req put in p9_fd_cancelled - ext4: guard against EA inode refcount underflow in xattr update - ext4: correctly handle queries for metadata mappings - ext4: increase i_disksize to offset + len in ext4_update_disksize_before_punch() - nfsd: nfserr_jukebox in nlm_fopen should lead to a retry - x86/umip: Fix decoding of register forms of 0F 01 (SGDT and SIDT aliases) - x86/umip: Check that the instruction opcode is at least two bytes - PCI: keystone: Use devm_request_irq() to free "ks-pcie-error-irq" on exit - PCI/AER: Fix missing uevent on recovery when a reset is requested - PCI/IOV: Add PCI rescan-remove locking when enabling/disabling SR-IOV - rseq/selftests: Use weak symbol reference, not definition, to link with glibc - rtc: interface: Fix long-standing race when setting alarm - rtc: interface: Ensure alarm irq is enabled when UIE is enabled - mmc: core: SPI mode remove cmd7 - mtd: rawnand: fsmc: Default to autodetect buswidth - sparc: fix error handling in scan_one_device() - sparc64: fix hugetlb for sun4u - sctp: Fix MAC comparison to be constant-time - scsi: hpsa: Fix potential memory leak in hpsa_big_passthru_ioctl() - parisc: don't reference obsolete termio struct for TC* constants - lib/genalloc: fix device leak in of_gen_pool_get() - iio: frequency: adf4350: Fix prescaler usage. - iio: dac: ad5421: use int type to store negative error codes - iio: dac: ad5360: use int type to store negative error codes - crypto: atmel - Fix dma_unmap_sg() direction - cpufreq: intel_pstate: Fix object lifecycle issue in update_qos_request() - drm/nouveau: fix bad ret code in nouveau_bo_move_prep - media: i2c: mt9v111: fix incorrect type for ret - firmware: meson_sm: fix device leak at probe - xen/manage: Fix suspend error path - arm64: dts: qcom: msm8916: Add missing MDSS reset - ACPI: debug: fix signedness issues in read/write helpers - ACPI: TAD: Add missing sysfs_remove_group() for ACPI_TAD_RT - tpm_tis: Fix incorrect arguments in tpm_tis_probe_irq_single - tpm, tpm_tis: Claim locality before writing interrupt registers - crypto: essiv - Check ssize for decryption and in-place encryption - mailbox: zynqmp-ipi: Remove dev.parent check in zynqmp_ipi_free_mboxes - mailbox: zynqmp-ipi: Remove redundant mbox_controller_unregister() call - tools build: Align warning options with perf - net: fsl_pq_mdio: Fix device node reference leak in fsl_pq_mdio_probe - tcp: Don't call reqsk_fastopen_remove() in tcp_conn_request(). - net/sctp: fix a null dereference in sctp_disposition sctp_sf_do_5_1D_ce() - drm/vmwgfx: Fix Use-after-free in validation - net/mlx4: prevent potential use after free in mlx4_en_do_uc_filter() - scsi: mvsas: Fix use-after-free bugs in mvs_work_queue - scsi: mvsas: Use sas_task_find_rq() for tagging - scsi: mvsas: Delete mvs_tag_init() - scsi: libsas: Add sas_task_find_rq() - clk: nxp: Fix pll0 rate check condition in LPC18xx CGU driver - clk: nxp: lpc18xx-cgu: convert from round_rate() to determine_rate() - perf session: Fix handling when buffer exceeds 2 GiB - rtc: x1205: Fix Xicor X1205 vendor prefix - perf util: Fix compression checks returning -1 as bool - iio: frequency: adf4350: Fix ADF4350_REG3_12BIT_CLKDIV_MODE - clocksource/drivers/clps711x: Fix resource leaks in error paths - pinctrl: check the return value of pinmux_ops::get_function_name() - Input: uinput - zero-initialize uinput_ff_upload_compat to avoid info leak - mm: hugetlb: avoid soft lockup when mprotect to large memory area - uio_hv_generic: Let userspace take care of interrupt mask - Squashfs: fix uninit-value in squashfs_get_parent - net: ena: return 0 in ena_get_rxfh_key_size() when RSS hash key is not configurable - nfp: fix RSS hash key size when RSS is not supported - drivers/base/node: fix double free in register_one_node() - ocfs2: fix double free in user_cluster_connect() - net: usb: Remove disruptive netif_wake_queue in rtl8150_set_multicast - RDMA/siw: Always report immediate post SQ errors - usb: vhci-hcd: Prevent suspending virtually attached devices - scsi: mpt3sas: Fix crash in transport port remove by using ioc_info() - ipvs: Defer ip_vs_ftp unregister during netns cleanup - NFSv4.1: fix backchannel max_resp_sz verification check - remoteproc: qcom: q6v5: Avoid disabling handover IRQ twice - sparc: fix accurate exception reporting in copy_{from,to}_user for M7 - sparc: fix accurate exception reporting in copy_to_user for Niagara 4 - sparc: fix accurate exception reporting in copy_{from_to}_user for Niagara - sparc: fix accurate exception reporting in copy_{from_to}_user for UltraSPARC III - sparc: fix accurate exception reporting in copy_{from_to}_user for UltraSPARC - IB/sa: Fix sa_local_svc_timeout_ms read race - RDMA/core: Resolve MAC of next-hop device without ARP support - wifi: mt76: fix potential memory leak in mt76_wmac_probe() - drivers/base/node: handle error properly in register_one_node() - watchdog: mpc8xxx_wdt: Reload the watchdog timer when enabling the watchdog - netfilter: ipset: Remove unused htable_bits in macro ahash_region - iio: consumers: Fix offset handling in iio_convert_raw_to_processed() - ASoC: Intel: bytcr_rt5651: Fix invalid quirk input mapping - ASoC: Intel: bytcr_rt5640: Fix invalid quirk input mapping - ASoC: Intel: bytcht_es8316: Fix invalid quirk input mapping - pps: fix warning in pps_register_cdev when register device fail - misc: genwqe: Fix incorrect cmd field being reported in error - usb: gadget: configfs: Correctly set use_os_string at bind - usb: phy: twl6030: Fix incorrect type for ret - tcp: fix __tcp_close() to only send RST when required - PCI: tegra: Fix devm_kcalloc() argument order for port->phys allocation - wifi: mwifiex: send world regulatory domain to driver - ALSA: lx_core: use int type to store negative error codes - media: rj54n1cb0c: Fix memleak in rj54n1_probe() - scsi: myrs: Fix dma_alloc_coherent() error check - scsi: pm80xx: Fix array-index-out-of-of-bounds on rmmod - serial: max310x: Add error checking in probe() - usb: host: max3421-hcd: Fix error pointer dereference in probe cleanup - drm/radeon/r600_cs: clean up of dead code in r600_cs - i2c: designware: Add disabling clocks when probe fails - i2c: mediatek: fix potential incorrect use of I2C_MASTER_WRRD - bpf: Explicitly check accesses to bpf_sock_addr - selftests: watchdog: skip ping loop if WDIOF_KEEPALIVEPING not supported - pwm: tiehrpwm: Fix corner case in clock divisor calculation - block: use int to store blk_stack_limits() return value - blk-mq: check kobject state_in_sysfs before deleting in blk_mq_unregister_hctx - pinctrl: meson-gxl: add missing i2c_d pinmux - soc: qcom: rpmh-rsc: Unconditionally clear _TRIGGER bit for TCS - ACPI: processor: idle: Fix memory leak when register cpuidle device failed - regmap: Remove superfluous check for !config in __regmap_init() - x86/vdso: Fix output operand size of RDPID - perf: arm_spe: Prevent overflow in PERF_IDX2OFF() - driver core/PM: Set power.no_callbacks along with power.no_pm - staging: axis-fifo: flush RX FIFO on read errors - staging: axis-fifo: fix maximum TX packet length check - perf subcmd: avoid crash in exclude_cmds when excludes is empty - dm-integrity: limit MAX_TAG_SIZE to 255 - wifi: rtlwifi: rtl8192cu: Don't claim USB ID 07b8:8188 - USB: serial: option: add SIMCom 8230C compositions - media: rc: fix races with imon_disconnect() - media: imon: grab lock earlier in imon_ir_change_protocol() - media: imon: reorganize serialization - media: rc: Add support for another iMON 0xffdc device - media: i2c: tc358743: Fix use-after-free bugs caused by orphan timer in probe - media: tuner: xc5000: Fix use-after-free in xc5000_release - media: tunner: xc5000: Refactor firmware load - udp: Fix memory accounting leak. - media: b2c2: Fix use-after-free causing by irq_check_work in flexcop_pci_remove - scsi: target: target_core_configfs: Add length check to avoid buffer overflow - LTS tag: v5.4.300 - KVM: SVM: Sync TPR from LAPIC into VMCB::V_TPR even if AVIC is active - mm/hugetlb: fix folio is still mapped when deleted - i40e: add mask to apply valid bits for itr_idx - i40e: fix validation of VF state in get resources - i40e: fix idx validation in config queues msg - i40e: add validation for ring_len param - i40e: increase max descriptors for XL710 - mm/migrate_device: don't add folio to be freed to LRU in migrate_device_finalize() - fbcon: Fix OOB access in font allocation - fbcon: fix integer overflow in fbcon_do_set_font - i40e: add max boundary check for VF filters - i40e: fix input validation logic for action_meta - i40e: fix idx validation in i40e_validate_queue_map - drm/gma500: Fix null dereference in hdmi teardown - can: peak_usb: fix shift-out-of-bounds issue - can: mcba_usb: populate ndo_change_mtu() to prevent buffer overflow - can: sun4i_can: populate ndo_change_mtu() to prevent buffer overflow - can: hi311x: populate ndo_change_mtu() to prevent buffer overflow - can: rcar_can: rcar_can_resume(): fix s2ram with PSCI - IB/mlx5: Fix obj_type mismatch for SRQ event subscriptions - usb: core: Add 0x prefix to quirks debug output - ALSA: usb-audio: Fix build with CONFIG_INPUT=n - ALSA: usb-audio: Convert comma to semicolon - ALSA: usb-audio: Add mixer quirk for Sony DualSense PS5 - ALSA: usb-audio: Remove unneeded wmb() in mixer_quirks - ALSA: usb-audio: Simplify NULL comparison in mixer_quirks - ALSA: usb-audio: Avoid multiple assignments in mixer_quirks - ALSA: usb-audio: Fix block comments in mixer_quirks - net: rfkill: gpio: Fix crash due to dereferencering uninitialized pointer - net: rfkill: gpio: add DT support - serial: sc16is7xx: fix bug in flow control levels init - USB: gadget: dummy-hcd: Fix locking bug in RT-enabled kernels - usb: gadget: dummy_hcd: remove usage of list iterator past the loop body - ASoC: SOF: Intel: hda-stream: Fix incorrect variable used in error message - ASoC: wm8974: Correct PLL rate rounding - ASoC: wm8940: Correct typo in control name - mmc: mvsdio: Fix dma_unmap_sg() nents value - nilfs2: fix CFI failure when accessing /sys/fs/nilfs2/features/* - cnic: Fix use-after-free bugs in cnic_delete_task - net: liquidio: fix overflow in octeon_init_instr_queue() - tcp: Clear tcp_sk(sk)->fastopen_rsk in tcp_disconnect(). - i40e: remove redundant memory barrier when cleaning Tx descs - net: natsemi: fix `rx_dropped` double accounting on `netif_rx()` failure - cgroup: split cgroup_destroy_wq into 3 workqueues - pcmcia: omap_cf: Mark driver struct with __refdata to prevent section mismatch - wifi: mac80211: fix incorrect type for ret - ALSA: firewire-motu: drop EPOLLOUT from poll return values as write is not supported - mm/memory-failure: fix VM_BUG_ON_PAGE(PagePoisoned(page)) when unpoison memory - phy: ti-pipe3: fix device leak at unbind - dmaengine: qcom: bam_dma: Fix DT error handling for num-channels/ees - dmaengine: ti: edma: Fix memory allocation size for queue_priority_map - can: j1939: j1939_local_ecu_get(): undo increment when j1939_local_ecu_get() fails - can: j1939: j1939_sk_bind(): call j1939_priv_put() immediately when j1939_local_ecu_get() failed - i40e: fix IRQ freeing in i40e_vsi_request_irq_msix error path - i40e: Use irq_update_affinity_hint() - genirq: Provide new interfaces for affinity hints - genirq: Export affinity setter for modules - genirq/affinity: Add irq_update_affinity_desc() - igb: fix link test skipping when interface is admin down - net: fec: Fix possible NPD in fec_enet_phy_reset_after_clk_enable() - USB: serial: option: add Telit Cinterion LE910C4-WWX new compositions - USB: serial: option: add Telit Cinterion FN990A w/audio compositions - tty: hvc_console: Call hvc_kick in hvc_write unconditionally - mtd: nand: raw: atmel: Respect tAR, tCLR in read setup timing - mtd: nand: raw: atmel: Fix comment in timings preparation - mtd: rawnand: stm32_fmc2: avoid overlapping mappings on ECC buffer - mm/khugepaged: fix the address passed to notifier on testing young - fuse: prevent overflow in copy_file_range return value - fuse: check if copy_file_range() returns larger than requested size - mtd: rawnand: stm32_fmc2: fix ECC overwrite - ocfs2: fix recursive semaphore deadlock in fiemap call - EDAC/altera: Delete an inappropriate dma_free_coherent() call - tcp_bpf: Call sk_msg_free() when tcp_bpf_send_verdict() fails to allocate psock->cork. - net: Fix null-ptr-deref by sock_lock_init_class_and_name() and rmmod. - device-dax: correct pgoff align in dax_set_mapping() {CVE-2024-50022} - Revert "net/mlx5e: Update and set Xon/Xoff upon MTU set" - KVM: x86: Take irqfds.lock when adding/deleting IRQ bypass producer - rds: Free all frags when rds_ib_recv_cache_put() fails - bpf/bpf_get,set_sockopt: add option to set TCP-BPF sock ops flags - NFSv4: Don't clear capabilities that won't be reset - power: supply: bq27xxx: restrict no-battery detection to bq27000 - power: supply: bq27xxx: fix error return in case of no bq27000 hdq battery - usb: hub: Fix flushing of delayed work used for post resume purposes - soc: qcom: mdt_loader: Deal with zero e_shentsize - Revert "net/mlx5e: Update and set Xon/Xoff upon port speed set" - LTS tag: v5.4.299 - scsi: lpfc: Fix buffer free/clear order in deferred receive path - dmaengine: mediatek: Fix a flag reuse error in mtk_cqdma_tx_status() - cifs: fix integer overflow in match_server() - spi: spi-fsl-lpspi: Reset FIFO and disable module on transfer abort - spi: spi-fsl-lpspi: Set correct chip-select polarity bit - spi: spi-fsl-lpspi: Fix transmissions when using CONT - pcmcia: Add error handling for add_interval() in do_validate_mem() - ALSA: hda/hdmi: Add pin fix for another HP EliteDesk 800 G4 model - randstruct: gcc-plugin: Fix attribute addition - randstruct: gcc-plugin: Remove bogus void member - vmxnet3: update MTU after device quiesce - net: dsa: microchip: linearize skb for tail-tagging switches - net: dsa: microchip: update tag_ksz masks for KSZ9477 family - dmaengine: mediatek: Fix a possible deadlock error in mtk_cqdma_tx_status() - ALSA: hda/realtek - Add new HP ZBook laptop with micmute led fixup - gpio: pca953x: fix IRQ storm on system wake up - iio: light: opt3001: fix deadlock due to concurrent flag access - iio: chemical: pms7003: use aligned_s64 for timestamp - cpufreq/sched: Explicitly synchronize limits_changed flag handling - mm/slub: avoid accessing metadata when pointer is invalid in object_err() - mm/khugepaged: fix ->anon_vma race - e1000e: fix heap overflow in e1000_set_eeprom - batman-adv: fix OOB read/write in network-coding decode - drm/amdgpu: drop hw access in non-DC audio fini - wifi: mwifiex: Initialize the chan_stats array to zero - pcmcia: Fix a NULL pointer dereference in __iodyn_find_io_region() - ALSA: usb-audio: Add mute TLV for playback volumes on some devices - ppp: fix memory leak in pad_compress_skb - net: atm: fix memory leak in atm_register_sysfs when device_register fail - ax25: properly unshare skbs in ax25_kiss_rcv() - ipv4: Fix NULL vs error pointer check in inet_blackhole_dev_init() - net: thunder_bgx: add a missing of_node_put - wifi: libertas: cap SSID len in lbs_associate() - wifi: cw1200: cap SSID length in cw1200_do_join() - net: ethernet: mtk_eth_soc: fix tx vlan tag for llc packets - i40e: Fix potential invalid access when MAC list is empty - icmp: fix icmp_ndo_send address translation for reply direction - mISDN: Fix memory leak in dsp_hwec_enable() - xirc2ps_cs: fix register access when enabling FullDuplex - Bluetooth: Fix use-after-free in l2cap_sock_cleanup_listen() - netfilter: conntrack: helper: Replace -EEXIST by -EBUSY - wifi: cfg80211: fix use-after-free in cmp_bss() - powerpc: boot: Remove leading zero in label in udelay() - hugetlbfs: take read_lock on i_mmap for PMD sharing - kallsyms: add module_kallsyms_on_each_symbol_locked - kallsyms: export module_kallsyms_on_each_symbol - uek-rpm: Move ifb module to nano modules - clone_private_mnt(): make sure that caller has CAP_SYS_ADMIN in the right userns {CVE-2025-38499} - x86/vmscape: Warn when STIBP is disabled with SMT - x86/bugs: Move cpu_bugs_smt_update() down - x86/vmscape: Enable the mitigation - x86/vmscape: Add conditional IBPB mitigation - x86/vmscape: Add old Intel CPUs to affected list - x86/vmscape: Enumerate VMSCAPE bug - Documentation/hw-vuln: Add VMSCAPE documentation - LTS tag: v5.4.298 - Revert "drm/dp: Change AUX DPCD probe address from DPCD_REV to LANE0_1_STATUS" - net: usb: qmi_wwan: add Telit Cinterion LE910C4-WWX new compositions - Revert "drm/amdgpu: fix incorrect vm flags to map bo" - HID: hid-ntrig: fix unable to handle page fault in ntrig_report_version() - HID: wacom: Add a new Art Pen 2 - HID: asus: fix UAF via HID_CLAIMED_INPUT validation - efivarfs: Fix slab-out-of-bounds in efivarfs_d_compare - sctp: initialize more fields in sctp_v6_from_sk() - net: stmmac: xgmac: Do not enable RX FIFO Overflow interrupts - net/mlx5e: Set local Xoff after FW update - net/mlx5e: Update and set Xon/Xoff upon port speed set - net/mlx5e: Update and set Xon/Xoff upon MTU set - net: dlink: fix multicast stats being counted incorrectly - atm: atmtcp: Prevent arbitrary write in atmtcp_recv_control(). - net/atm: remove the atmdev_ops {get, set}sockopt methods - Bluetooth: hci_event: Detect if HCI_EV_NUM_COMP_PKTS is unbalanced - powerpc/kvm: Fix ifdef to remove build warning - net: ipv4: fix regression in local-broadcast routes - vhost/net: Protect ubufs with rcu read lock in vhost_net_ubuf_put() - scsi: core: sysfs: Correct sysfs attributes access rights - ftrace: Fix potential warning in trace_printk_seq during ftrace_dump - pinctrl: STMFX: add missing HAS_IOMEM dependency - LTS tag: v5.4.297 - alloc_fdtable(): change calling conventions. - s390/hypfs: Enable limited access during lockdown - s390/hypfs: Avoid unnecessary ioctl registration in debugfs - ALSA: usb-audio: Use correct sub-type for UAC3 feature unit validation - net/sched: Remove unnecessary WARNING condition for empty child qdisc in htb_activate - net/sched: Make cake_enqueue return NET_XMIT_CN when past buffer_limit - ixgbe: xsk: resolve the negative overflow of budget in ixgbe_xmit_zc - ipv6: sr: validate HMAC algorithm ID in seg6_hmac_info_add - ALSA: usb-audio: Fix size validation in convert_chmap_v3() - scsi: qla4xxx: Prevent a potential error pointer dereference - usb: xhci: Fix slot_id resource race conflict - nfs: fix UAF in direct writes - NFS: Fix up commit deadlocks - cifs: Fix UAF in cifs_demultiplex_thread() - Bluetooth: fix use-after-free in device_for_each_child() - act_mirred: use the backlog for nested calls to mirred ingress - net/sched: act_mirred: better wording on protection against excessive stack growth - net/sched: act_mirred: refactor the handle of xmit - selftests: forwarding: tc_actions.sh: add matchall mirror test - net: sched: don't expose action qstats to skb_tc_reinsert() - net: sched: extract qstats update code into functions - net: sched: extract bstats update code into function - net: sched: extract common action counters update code into function - mm: perform the mapping_map_writable() check after call_mmap() - mm: update memfd seal write check to include F_SEAL_WRITE - mm: drop the assumption that VM_SHARED always implies writable - codel: remove sch->q.qlen check before qdisc_tree_reduce_backlog() - sch_qfq: make qfq_qlen_notify() idempotent - sch_hfsc: make hfsc_qlen_notify() idempotent - sch_drr: make drr_qlen_notify() idempotent - btrfs: populate otime when logging an inode item - media: venus: hfi: explicitly release IRQ during teardown - f2fs: fix to avoid out-of-boundary access in dnode page - media: venus: protect against spurious interrupts during probe - media: qcom: camss: cleanup media device allocated resource on error path - media: venus: vdec: Clamp param smaller than 1fps and bigger than 240. - drm/dp: Change AUX DPCD probe address from DPCD_REV to LANE0_1_STATUS - pwm: mediatek: Fix duty and period setting - pwm: mediatek: Handle hardware enable and clock enable separately - pwm: mediatek: Implement .apply() callback - media: rainshadow-cec: fix TOCTOU race condition in rain_interrupt() - media: v4l2-ctrls: Don't reset handler's error in v4l2_ctrl_handler_free() - media: v4l2-ctrls: always copy the controls on completion - ata: Fix SATA_MOBILE_LPM_POLICY description in Kconfig - soc: qcom: mdt_loader: Ensure we don't read past the ELF header - rtc: ds1307: handle oscillator stop flag (OSF) for ds1341 - usb: musb: omap2430: fix device leak at unbind - NFS: Fix the setting of capabilities when automounting a new filesystem - NFS: Fix up handling of outstanding layoutcommit in nfs_update_inode() - NFSv4: Fix nfs4_bitmap_copy_adjust() - usb: typec: fusb302: cache PD RX state - cdc-acm: fix race between initial clearing halt and open - USB: cdc-acm: do not log successful probe on later errors - mm/kmemleak: avoid deadlock by moving pr_warn() outside kmemleak_lock - mm/kmemleak: turn kmemleak_lock and object->lock to raw_spinlock_t - ALSA: scarlett2: Add retry on -EPROTO from scarlett2_usb_tx() - x86/fpu: Delay instruction pointer fixup until after warning - mm/hmm: move pmd_to_hmm_pfn_flags() to the respective #ifdeffery - nfsd: handle get_client_locked() failure in nfsd4_setclientid_confirm() - pmdomain: governor: Consider CPU latency tolerance from pm_domain_cpu_gov - tracing: Add down_write(trace_event_sem) when adding trace event - usb: hub: Don't try to recover devices lost during warm reset. - usb: hub: avoid warm port reset during USB3 disconnect - x86/mce/amd: Add default names for MCA banks and blocks - iio: hid-sensor-prox: Fix incorrect OFFSET calculation - f2fs: fix to do sanity check on ino and xnid - mm/zsmalloc: do not pass __GFP_MOVABLE if CONFIG_COMPACTION=n - mm/zsmalloc.c: convert to use kmem_cache_zalloc in cache_alloc_zspage() - drm/sched: Remove optimization that causes hang when killing dependent jobs - ice: Fix a null pointer dereference in ice_copy_and_init_pkg() - net: usbnet: Fix the wrong netif_carrier_on() call - net: usbnet: Avoid potential RCU stall on LINK_CHANGE event - PCI/ACPI: Fix runtime PM ref imbalance on Hot-Plug Capable ports - ACPI: processor: idle: Check acpi_fetch_acpi_dev() return value - comedi: Fail COMEDI_INSNLIST ioctl if n_insns is too large - comedi: Fix initialization of data for instructions that write to subdevice - kbuild: Add KBUILD_CPPFLAGS to as-option invocation - kbuild: add $(CLANG_FLAGS) to KBUILD_CPPFLAGS - kbuild: Add CLANG_FLAGS to as-instr - mips: Include KBUILD_CPPFLAGS in CHECKFLAGS invocation - kbuild: Update assembler calls to use proper flags and language target - ARM: 9448/1: Use an absolute path to unified.h in KBUILD_AFLAGS - usb: dwc3: Ignore late xferNotReady event to prevent halt timeout - USB: storage: Ignore driver CD mode for Realtek multi-mode Wi-Fi dongles - usb: storage: realtek_cr: Use correct byte order for bcs->Residue - USB: storage: Add unusual-devs entry for Novatek NTK96550-based camera - usb: quirks: Add DELAY_INIT quick for another SanDisk 3.2Gen1 Flash Drive - iio: proximity: isl29501: fix buffered read on big-endian systems - ftrace: Also allocate and copy hash for reading of filter files - fpga: zynq_fpga: Fix the wrong usage of dma_map_sgtable() - use uniform permission checks for all mount propagation changes - move_mount: allow to add a mount into an existing group - fs/buffer: fix use-after-free when call bh_read() helper - drm/amd/display: Find first CRTC and its line time in dce110_fill_display_configs - drm/amd/display: Fix fractional fb divider in set_pixel_clock_v3 - memstick: Fix deadlock by moving removing flag earlier - media: venus: Add a check for packet size after reading from shared memory - media: ov2659: Fix memory leaks in ov2659_probe() - media: usbtv: Lock resolution while streaming - media: imx: fix a potential memory leak in imx_media_csc_scaler_device_init() - media: gspca: Add bounds checking to firmware parser - soc/tegra: pmc: Ensure power-domains are in a known state - jbd2: prevent softlockup in jbd2_log_do_checkpoint() - PCI: endpoint: Fix configfs group removal on driver teardown - PCI: endpoint: Fix configfs group list head handling - mtd: rawnand: fsmc: Add missing check after DMA map - pwm: imx-tpm: Reset counter if CMOD is 0 - wifi: brcmsmac: Remove const from tbl_ptr parameter in wlc_lcnphy_common_read_table() - zynq_fpga: use sgtable-based scatterlist wrappers - ata: libata-scsi: Fix ata_to_sense_error() status handling - ext4: fix reserved gdt blocks handling in fsmap - ext4: fix fsmap end of range reporting with bigalloc - ext4: check fast symlink for ea_inode correctly - vt: defkeymap: Map keycodes above 127 to K_HOLE - vt: keyboard: Don't process Unicode characters in K_OFF mode - usb: dwc3: meson-g12a: fix device leaks at unbind - usb: gadget: udc: renesas_usb3: fix device leak at unbind - usb: atm: cxacru: Merge cxacru_upload_firmware() into cxacru_heavy_init() - m68k: Fix lost column on framebuffer debug console - cpufreq: armada-8k: Fix off by one in armada_8k_cpufreq_free_table() - serial: 8250: fix panic due to PSLVERR - media: uvcvideo: Do not mark valid metadata as invalid - media: uvcvideo: Fix 1-byte out-of-bounds read in uvc_parse_format() - mm/kmemleak: avoid soft lockup in __kmemleak_do_cleanup() - parisc: Makefile: fix a typo in palo.conf - btrfs: fix log tree replay failure due to file with 0 links and extents - thunderbolt: Fix copy+paste error in match_service_id() - comedi: fix race between polling and detaching - misc: rtsx: usb: Ensure mmc child device is active when card is present - drm/amdgpu: fix incorrect vm flags to map bo - scsi: lpfc: Remove redundant assignment to avoid memory leak - rtc: ds1307: remove clear of oscillator stop flag (OSF) in probe - pNFS: Fix uninited ptr deref in block/scsi layout - pNFS: Handle RPC size limit for layoutcommits - pNFS: Fix disk addr range check in block/scsi layout - pNFS: Fix stripe mapping in block/scsi layout - net: phy: smsc: add proper reset flags for LAN8710A - ipmi: Fix strcpy source and destination the same - kconfig: lxdialog: fix 'space' to (de)select options - kconfig: gconf: fix potential memory leak in renderer_edited() - kconfig: gconf: avoid hardcoding model2 in on_treeview2_cursor_changed() - ipmi: Use dev_warn_ratelimited() for incorrect message warnings - scsi: aacraid: Stop using PCI_IRQ_AFFINITY - scsi: Fix sas_user_scan() to handle wildcard and multi-channel scans - kconfig: nconf: Ensure null termination where strncpy is used - kconfig: lxdialog: replace strcpy() with strncpy() in inputbox.c - i3c: don't fail if GETHDRCAP is unsupported - PCI: pnv_php: Work around switches with broken presence detection - i3c: add missing include to internal header - media: uvcvideo: Fix bandwidth issue for Alcor camera - media: dvb-frontends: w7090p: fix null-ptr-deref in w7090p_tuner_write_serpar and w7090p_tuner_read_serpar - media: dvb-frontends: dib7090p: fix null-ptr-deref in dib7090p_rw_on_apb() - media: usb: hdpvr: disable zero-length read messages - media: tc358743: Increase FIFO trigger level to 374 - media: tc358743: Return an appropriate colorspace from tc358743_set_fmt - media: tc358743: Check I2C succeeded during probe - pinctrl: stm32: Manage irq affinity settings - scsi: mpt3sas: Correctly handle ATA device errors - scsi: lpfc: Check for hdwq null ptr when cleaning up lpfc_vport structure - RDMA: hfi1: fix possible divide-by-zero in find_hw_thread_mask() - MIPS: Don't crash in stack_top() for tasks without ABI or vDSO - jfs: upper bound check of tree index in dbAllocAG - jfs: Regular file corruption check - jfs: truncate good inode pages when hard link is 0 - scsi: bfa: Double-free fix - MIPS: vpe-mt: add missing prototypes for vpe_{alloc,start,stop,free} - watchdog: dw_wdt: Fix default timeout - fs/orangefs: use snprintf() instead of sprintf() - scsi: libiscsi: Initialize iscsi_conn->dd_data only if memory is allocated - ext4: do not BUG when INLINE_DATA_FL lacks system.data xattr - cifs: Fix calling CIFSFindFirst() for root path without msearch - vhost: fail early when __vhost_add_used() fails - net: dsa: b53: fix IP_MULTICAST_CTRL on BCM5325 - uapi: in6: restore visibility of most IPv6 socket options - net: ncsi: Fix buffer overflow in fetching version id - net: dsa: b53: prevent SWITCH_CTRL access on BCM5325 - net: dsa: b53: fix b53_imp_vlan_setup for BCM5325 - net: vlan: Replace BUG() with WARN_ON_ONCE() in vlan_dev_* stubs - wifi: iwlegacy: Check rate_idx range after addition - netmem: fix skb_frag_address_safe with unreadable skbs - wifi: rtlwifi: fix possible skb memory leak in `_rtl_pci_rx_interrupt()`. - wifi: iwlwifi: fw: Fix possible memory leak in iwl_fw_dbg_collect - wifi: iwlwifi: dvm: fix potential overflow in rs_fill_link_cmd() - net: fec: allow disable coalescing - (powerpc/512) Fix possible `dma_unmap_single()` on uninitialized pointer - s390/stp: Remove udelay from stp_sync_clock() - wifi: iwlwifi: mvm: fix scan request validation - net: thunderx: Fix format-truncation warning in bgx_acpi_match_id() - net: ipv4: fix incorrect MTU in broadcast routes - wifi: cfg80211: Fix interface type validation - rcu: Protect ->defer_qs_iw_pending from data race - net: ag71xx: Add missing check after DMA map - et131x: Add missing check after DMA map - be2net: Use correct byte order and format string for TCP seq and ack_seq - s390/time: Use monotonic clock in get_cycles() - wifi: cfg80211: reject HTC bit for management frames - ktest.pl: Prevent recursion of default variable options - ASoC: codecs: rt5640: Retry DEVICE_ID verification - ALSA: usb-audio: Avoid precedence issues in mixer_quirks macros - ALSA: hda/ca0132: Fix buffer overflow in add_tuning_control - platform/x86: thinkpad_acpi: Handle KCOV __init vs inline mismatches - pm: cpupower: Fix the snapshot-order of tsc,mperf, clock in mperf_stop() - usb: core: usb_submit_urb: downgrade type check - ALSA: intel8x0: Fix incorrect codec index usage in mixer for ICH4 - ASoC: hdac_hdmi: Rate limit logging on connection and disconnection - mmc: rtsx_usb_sdmmc: Fix error-path in sd_set_power_mode() - ACPI: APEI: GHES: add TAINT_MACHINE_CHECK on GHES panic path - ACPI: processor: fix acpi_object initialization - PM: sleep: console: Fix the black screen issue - thermal: sysfs: Return ENODATA instead of EAGAIN for reads - PM: runtime: Clear power.needs_force_resume in pm_runtime_reinit() - selftests: tracing: Use mutex_unlock for testing glob filter - ARM: tegra: Use I/O memcpy to write to IRAM - gpio: tps65912: check the return value of regmap_update_bits() - ASoC: soc-dapm: set bias_level if snd_soc_dapm_set_bias_level() was successed - ARM: rockchip: fix kernel hang during smp initialization - cpufreq: Exit governor when failed to start old governor - usb: xhci: Avoid showing errors during surprise removal - usb: xhci: Set avg_trb_len = 8 for EP0 during Address Device Command - usb: xhci: Avoid showing warnings for dying controller - selftests/futex: Define SYS_futex on 32-bit architectures with 64-bit time_t - usb: xhci: print xhci->xhc_state when queue_command failed - securityfs: don't pin dentries twice, once is enough... - hfs: fix not erasing deleted b-tree node issue - drbd: add missing kref_get in handle_write_conflicts - udf: Verify partition map count - arm64: Handle KCOV __init vs inline mismatches - hfsplus: don't use BUG_ON() in hfsplus_create_attributes_file() - hfsplus: fix slab-out-of-bounds read in hfsplus_uni2asc() - hfsplus: fix slab-out-of-bounds in hfsplus_bnode_read() - hfs: fix slab-out-of-bounds in hfs_bnode_read() - sctp: linearize cloned gso packets in sctp_rcv - netfilter: ctnetlink: fix refcount leak on table dump - udp: also consider secpath when evaluating ipsec use for checksumming - ACPI: processor: perflib: Move problematic pr->performance check - ACPI: processor: perflib: Fix initial _PPC limit application - Documentation: ACPI: Fix parent device references - fs: Prevent file descriptor table allocations exceeding INT_MAX - sunvdc: Balance device refcount in vdc_port_mpgroup_check - NFSD: detect mismatch of file handle and delegation stateid in OPEN op - net: dpaa: fix device leak when querying time stamp info - net: gianfar: fix device leak when querying time stamp info - netlink: avoid infinite retry looping in netlink_unicast() - ALSA: usb-audio: Validate UAC3 cluster segment descriptors - ALSA: usb-audio: Validate UAC3 power domain descriptors, too - io_uring: don't use int for ABI - usb: gadget : fix use-after-free in composite_dev_cleanup() - MIPS: mm: tlb-r4k: Uniquify TLB entries on init - USB: serial: option: add Foxconn T99W709 - vsock: Do not allow binding to VMADDR_PORT_ANY - net/packet: fix a race in packet_set_ring() and packet_notifier() - perf/core: Prevent VMA split of buffer mappings - perf/core: Exit early on perf_mmap() fail - perf/core: Don't leak AUX buffer refcount on allocation failure - pptp: fix pptp_xmit() error path - smb: client: let recv_done() cleanup before notifying the callers. - benet: fix BUG when creating VFs - net: drop UFO packets in udp_rcv_segment() - ipv6: reject malicious packets in ipv6_gso_segment() - pptp: ensure minimal skb length in pptp_xmit() - netpoll: prevent hanging NAPI when netcons gets enabled - NFS: Fix filehandle bounds checking in nfs_fh_to_dentry() - pci/hotplug/pnv-php: Wrap warnings in macro - pci/hotplug/pnv-php: Improve error msg on power state change failure - usb: chipidea: udc: fix sleeping function called from invalid context - f2fs: fix to avoid out-of-boundary access in devs.path - f2fs: fix to avoid panic in f2fs_evict_inode - f2fs: fix to avoid UAF in f2fs_sync_inode_meta() - rtc: pcf8563: fix incorrect maximum clock rate handling - rtc: hym8563: fix incorrect maximum clock rate handling - rtc: ds1307: fix incorrect maximum clock rate handling - module: Restore the moduleparam prefix length check - bpf: Check flow_dissector ctx accesses are aligned - mtd: rawnand: atmel: set pmecc data setup time - mtd: rawnand: atmel: Fix dma_mapping_error() address - jfs: fix metapage reference count leak in dbAllocCtl - fbdev: imxfb: Check fb_add_videomode to prevent null-ptr-deref - crypto: qat - fix seq_file position update in adf_ring_next() - dmaengine: nbpfaxi: Add missing check after DMA map - dmaengine: mv_xor: Fix missing check after DMA map and missing unmap - fs/orangefs: Allow 2 more characters in do_c_string() - soundwire: stream: restore params when prepare ports fail - crypto: img-hash - Fix dma_unmap_sg() nents value - hwrng: mtk - handle devm_pm_runtime_enable errors - watchdog: ziirave_wdt: check record length in ziirave_firm_verify() - scsi: isci: Fix dma_unmap_sg() nents value - scsi: mvsas: Fix dma_unmap_sg() nents value - scsi: ibmvscsi_tgt: Fix dma_unmap_sg() nents value - clk: sunxi-ng: v3s: Fix de clock definition - perf tests bp_account: Fix leaked file descriptor - crypto: ccp - Fix crash when rebind ccp device for ccp.ko - pinctrl: sunxi: Fix memory leak on krealloc failure - power: supply: max14577: Handle NULL pdata when CONFIG_OF is not set - clk: davinci: Add NULL check in davinci_lpsc_clk_register() - mtd: fix possible integer overflow in erase_xfer() - crypto: marvell/cesa - Fix engine load inaccuracy - PCI: rockchip-host: Fix "Unexpected Completion" log message - vrf: Drop existing dst reference in vrf_ip6_input_dst - selftests: rtnetlink.sh: remove esp4_offload after test - netfilter: xt_nfacct: don't assume acct name is null-terminated - can: kvaser_usb: Assign netdev.dev_port based on device channel index - can: kvaser_pciefd: Store device channel index - wifi: brcmfmac: fix P2P discovery failure in P2P peer due to missing P2P IE - Reapply "wifi: mac80211: Update skb's control block key in ieee80211_tx_dequeue()" - mwl8k: Add missing check after DMA map - wifi: rtl8xxxu: Fix RX skb size for aggregation disabled - net/sched: Restrict conditions for adding duplicating netems to qdisc tree - arch: powerpc: defconfig: Drop obsolete CONFIG_NET_CLS_TCINDEX - drm/amd/pm/powerplay/hwmgr/smu_helper: fix order of mask and value - m68k: Don't unregister boot console needlessly - tcp: fix tcp_ofo_queue() to avoid including too much DUP SACK range - iwlwifi: Add missing check for alloc_ordered_workqueue - wifi: iwlwifi: Fix memory leak in iwl_mvm_init() - wifi: rtl818x: Kill URBs before clearing tx status queue - caif: reduce stack size, again - bpftool: Fix memory leak in dump_xx_nlmsg on realloc failure - bpf, ktls: Fix data corruption when using bpf_msg_pop_data() in ktls - staging: nvec: Fix incorrect null termination of battery manufacturer - samples: mei: Fix building on musl libc - cpufreq: Init policy->rwsem before it may be possibly used - ARM: dts: imx6ul-kontron-bl-common: Fix RTS polarity for RS485 interface - usb: early: xhci-dbc: Fix early_ioremap leak - Revert "vmci: Prevent the dispatching of uninitialized payloads" - pps: fix poll support - vmci: Prevent the dispatching of uninitialized payloads - staging: fbtft: fix potential memory leak in fbtft_framebuffer_alloc() - ARM: dts: vfxxx: Correctly use two tuples for timer address - hfsplus: remove mutex_lock check in hfsplus_free_extents - ASoC: Intel: fix SND_SOC_SOF dependencies - ethernet: intel: fix building with large NR_CPUS - usb: phy: mxs: disconnect line when USB charger is attached - usb: chipidea: add USB PHY event - usb: chipidea: introduce CI_HDRC_CONTROLLER_VBUS_EVENT glue layer use - usb: chipidea: udc: protect usb interrupt enable - usb: chipidea: udc: add new API ci_hdrc_gadget_connect - ALSA: hda: Add missing NVIDIA HDA codec IDs - comedi: comedi_test: Fix possible deletion of uninitialized timers - nilfs2: reject invalid file types when reading inodes - i2c: qup: jump out of the loop in case of timeout - net/sched: sch_qfq: Avoid triggering might_sleep in atomic context in qfq_delete_class - net: appletalk: Fix use-after-free in AARP proxy probe - net: appletalk: fix kerneldoc warnings - RDMA/core: Rate limit GID cache warning messages - regulator: core: fix NULL dereference on unbind due to stale coupling data - usb: hub: Fix flushing and scheduling of delayed work that tunes runtime pm - usb: hub: fix detection of high tier USB3 devices behind suspended hubs - net_sched: sch_sfq: reject invalid perturb period - power: supply: bq24190: Fix use after free bug in bq24190_remove due to race condition - power: supply: bq24190_charger: using pm_runtime_resume_and_get instead of pm_runtime_get_sync - power: supply: bq24190_charger: Fix runtime PM imbalance on error - xhci: Disable stream for xHC controller with XHCI_BROKEN_STREAMS - virtio-net: ensure the received length does not exceed allocated size - ASoC: fsl_sai: Force a software reset when starting in consumer mode - usb: dwc3: qcom: Don't leave BCR asserted - usb: musb: fix gadget state on disconnect - net/sched: Return NULL when htb_lookup_leaf encounters an empty rbtree - net: vlan: fix VLAN 0 refcount imbalance of toggling filtering during runtime - Bluetooth: L2CAP: Fix attempting to adjust outgoing MTU - Bluetooth: SMP: Fix using HCI_ERROR_REMOTE_USER_TERM on timeout - Bluetooth: SMP: If an unallowed command is received consider it a failure - Bluetooth: Fix null-ptr-deref in l2cap_sock_resume_cb() - usb: net: sierra: check for no status endpoint - net/sched: sch_qfq: Fix race condition on qfq_aggregate - net: emaclite: Fix missing pointer increment in aligned_read() - comedi: Fix use of uninitialized data in insn_rw_emulate_bits() - comedi: Fix some signed shift left operations - comedi: das6402: Fix bit shift out of bounds - comedi: das16m1: Fix bit shift out of bounds - comedi: aio_iiro_16: Fix bit shift out of bounds - comedi: pcl812: Fix bit shift out of bounds - iio: adc: stm32-adc: Fix race in installing chained IRQ handler - iio: adc: max1363: Reorder mode_list[] entries - iio: adc: max1363: Fix MAX1363_4X_CHANS/MAX1363_8X_CHANS[] - soc: aspeed: lpc-snoop: Don't disable channels that aren't enabled - soc: aspeed: lpc-snoop: Cleanup resources in stack-order - mmc: sdhci_am654: Workaround for Errata i2312 - mmc: sdhci-pci: Quirk for broken command queuing on Intel GLK-based Positivo models - mmc: bcm2835: Fix dma_unmap_sg() nents value - memstick: core: Zero initialize id_reg in h_memstick_read_dev_id() - isofs: Verify inode mode when loading from disk - dmaengine: nbpfaxi: Fix memory corruption in probe() - af_packet: fix soft lockup issue caused by tpacket_snd() - af_packet: fix the SO_SNDTIMEO constraint not effective on tpacked_snd() - phonet/pep: Move call to pn_skb_get_dst_sockaddr() earlier in pep_sock_accept() - HID: core: do not bypass hid_hw_raw_request - HID: core: ensure __hid_request reserves the report ID as the first byte - HID: core: ensure the allocated report buffer can contain the reserved report ID - pch_uart: Fix dma_sync_sg_for_device() nents value - Input: xpad - set correct controller type for Acer NGR200 - i2c: stm32: fix the device used for the DMA map - usb: gadget: configfs: Fix OOB read on empty string write - USB: serial: ftdi_sio: add support for NDI EMGUIDE GEMINI - USB: serial: option: add Foxconn T99W640 - USB: serial: option: add Telit Cinterion FE910C04 (ECM) composition - LTS tag: v5.4.296 - x86/mm: Disable hugetlb page table sharing on 32-bit - Input: atkbd - do not skip atkbd_deactivate() when skipping ATKBD_CMD_GETID - HID: quirks: Add quirk for 2 Chicony Electronics HP 5MP Cameras - HID: Add IGNORE quirk for SMARTLINKTECHNOLOGY - vt: add missing notification when switching back to text mode - net: usb: qmi_wwan: add SIMCom 8230C composition - atm: idt77252: Add missing `dma_map_error()` - bnxt_en: Set DMA unmap len correctly for XDP_REDIRECT - bnxt_en: Fix DCB ETS validation - can: m_can: m_can_handle_lost_msg(): downgrade msg lost in rx message to debug level - net: phy: microchip: limit 100M workaround to link-down events on LAN88xx - net: appletalk: Fix device refcount leak in atrtr_create() - md/raid1: Fix stack memory use after return in raid1_reshape - wifi: zd1211rw: Fix potential NULL pointer dereference in zd_mac_tx_to_dev() - dma-buf: fix timeout handling in dma_resv_wait_timeout v2 - Input: xpad - support Acer NGR 200 Controller - Input: xpad - add VID for Turtle Beach controllers - Input: xpad - add support for Amazon Game Controller - NFSv4/flexfiles: Fix handling of NFS level errors in I/O - flexfiles/pNFS: update stats on NFS4ERR_DELAY for v4.1 DSes - RDMA/mlx5: Fix vport loopback for MPV device - netlink: Fix rmem check in netlink_broadcast_deliver(). - netlink: make sure we allow at least one dump skb - Revert "ACPI: battery: negate current when discharging" - usb: gadget: u_serial: Fix race condition in TTY wakeup - drm/sched: Increment job count before swapping tail spsc queue - pinctrl: qcom: msm: mark certain pins as invalid for interrupts - x86/mce: Make sure CMCI banks are cleared during shutdown on Intel - x86/mce: Don't remove sysfs if thresholding sysfs init fails - x86/mce/amd: Fix threshold limit reset - rxrpc: Fix oops due to non-existence of prealloc backlog struct - net/sched: Abort __tc_modify_qdisc if parent class does not exist - atm: clip: Fix NULL pointer dereference in vcc_sendmsg() - atm: clip: Fix infinite recursive call of clip_push(). - atm: clip: Fix memory leak of struct clip_vcc. - atm: clip: Fix potential null-ptr-deref in to_atmarpd(). - tipc: Fix use-after-free in tipc_conn_close(). - netlink: Fix wraparounds of sk->sk_rmem_alloc. - fix proc_sys_compare() handling of in-lookup dentries - proc: Clear the pieces of proc_inode that proc_evict_inode cares about - drm/exynos: exynos7_drm_decon: add vblank check in IRQ handling - staging: rtl8723bs: Avoid memset() in aes_cipher() and aes_decipher() - media: uvcvideo: Rollback non processed entities on error - media: uvcvideo: Send control events for partial succeeds - media: uvcvideo: Return the number of processed controls - ACPI: PAD: fix crash in exit_round_robin() - usb: typec: displayport: Fix potential deadlock - Logitech C-270 even more broken - rose: fix dangling neighbour pointers in rose_rt_device_down() - net: rose: Fix fall-through warnings for Clang - drm/i915/gt: Fix timeline left held on VMA alloc error - drm/i915/selftests: Change mock_request() to return error pointers - spi: spi-fsl-dspi: Clear completion counter before initiating transfer - spi: spi-fsl-dspi: Fix interrupt-less DMA mode taking an XSPI code path - spi: spi-fsl-dspi: Rename fifo_{read,write} and {tx,cmd}_fifo_write - dpaa2-eth: fix xdp_rxq_info leak - ethernet: atl1: Add missing DMA mapping error checks and count errors - btrfs: use btrfs_record_snapshot_destroy() during rmdir - btrfs: propagate last_unlink_trans earlier when doing a rmdir - RDMA/mlx5: Fix CC counters query for MPV - RDMA/core: Create and destroy counters in the ib_core - scsi: ufs: core: Fix spelling of a sysfs attribute name - drm/v3d: Disable interrupts before resetting the GPU - mtk-sd: reset host->mrq on prepare_data() error - mtk-sd: Prevent memory corruption from DMA map failure - mmc: mediatek: use data instead of mrq parameter from msdc_{un}prepare_data() - regulator: gpio: Fix the out-of-bounds access to drvdata::gpiods - regulator: gpio: Add input_supply support in gpio_regulator_config - ACPICA: Refuse to evaluate a method if arguments are missing - wifi: ath6kl: remove WARN on bad firmware input - wifi: mac80211: drop invalid source address OCB frames - powerpc: Fix struct termio related ioctl macros - ata: pata_cs5536: fix build on 32-bit UML - ALSA: sb: Force to disable DMAs once when DMA mode is changed - nui: Fix dma_mapping_error() check - enic: fix incorrect MTU comparison in enic_change_mtu() - amd-xgbe: align CL37 AN sequence as per databook - lib: test_objagg: Set error message in check_expect_hints_stats() - drm/exynos: fimd: Guard display clock control with runtime PM calls - btrfs: fix missing error handling when searching for inode refs during log replay - scsi: qla4xxx: Fix missing DMA mapping error in qla4xxx_alloc_pdu() - nfs: Clean up /proc/net/rpc/nfs when nfs_fs_proc_net_init() fails. - RDMA/mlx5: Initialize obj_event->obj_sub_list before xa_insert - platform/mellanox: mlxbf-tmfifo: fix vring_desc.len assignment - mtk-sd: Fix a pagefault in dma_unmap_sg() for not prepared data - usb: typec: altmodes/displayport: do not index invalid pin_assignments - mmc: sdhci: Add a helper function for dump register in dynamic debug mode - vsock/vmci: Clear the vmci transport packet properly when initializing it - btrfs: don't abort filesystem when attempting to snapshot deleted subvolume - arm64: Restrict pagetable teardown to avoid false warning - s390: Add '-std=gnu11' to decompressor and purgatory CFLAGS - drm/bridge: cdns-dsi: Check return value when getting default PHY config - drm/bridge: cdns-dsi: Fix connecting to next bridge - drm/bridge: cdns-dsi: Fix the clock variable for mode_valid() - drm/tegra: Assign plane type before registration - HID: wacom: fix kobject reference count leak - HID: wacom: fix memory leak on sysfs attribute creation failure - HID: wacom: fix memory leak on kobject creation failure - dm-raid: fix variable in journal device check - Bluetooth: L2CAP: Fix L2CAP MTU negotiation - atm: Release atm_dev_mutex after removing procfs in atm_dev_deregister(). - net: enetc: Correct endianness handling in _enetc_rd_reg64 - um: ubd: Add missing error check in start_io_thread() - vsock/uapi: fix linux/vm_sockets.h userspace compilation errors - wifi: mac80211: fix beacon interval calculation overflow - attach_recursive_mnt(): do not lock the covering tree when sliding something under it - ALSA: usb-audio: Fix out-of-bounds read in snd_usb_get_audioformat_uac3() - i2c: robotfuzz-osif: disable zero-length read messages - i2c: tiny-usb: disable zero-length read messages - RDMA/iwcm: Fix use-after-free of work objects after cm_id destruction - RDMA/core: Use refcount_t instead of atomic_t on refcount of iwcm_id_private - media: vivid: Change the siize of the composing - media: omap3isp: use sgtable-based scatterlist wrappers - media: cxusb: no longer judge rbuf when the write fails - media: cxusb: use dev_dbg() rather than hand-rolled debug - jfs: validate AG parameters in dbMount() to prevent crashes - fs/jfs: consolidate sanity checking in dbMount - ASoC: meson: meson-card-utils: use of_property_present() for DT parsing - of: Add of_property_present() helper - of: property: define of_property_read_u{8,16,32,64}_array() unconditionally - kbuild: hdrcheck: fix cross build with clang - kbuild: add --target to correctly cross-compile UAPI headers with Clang - bpfilter: match bit size of bpfilter_umh to that of the kernel - kbuild: use -MMD instead of -MD to exclude system headers from dependency - VMCI: fix race between vmci_host_setup_notify and vmci_ctx_unset_notify - VMCI: check context->notify_page after call to get_user_pages_fast() to avoid GPF - ovl: Check for NULL d_inode() in ovl_dentry_upper() - ceph: fix possible integer overflow in ceph_zero_objects() - ALSA: hda: Ignore unsol events for cards being shut down - usb: typec: displayport: Receive DP Status Update NAK request exit dp altmode - usb: cdc-wdm: avoid setting WDM_READ for ZLP-s - usb: Add checks for snprintf() calls in usb_alloc_dev() - tty: serial: uartlite: register uart driver in init - usb: potential integer overflow in usbg_make_tpg() - iio: pressure: zpa2326: Use aligned_s64 for the timestamp - md/md-bitmap: fix dm-raid max_write_behind setting - dmaengine: xilinx_dma: Set dma_device directions - mfd: max14577: Fix wakeup source leaks on device unbind - mailbox: Not protect module_put with spin_lock_irqsave - cifs: Fix cifs_query_path_info() for Windows NT servers