- crypto: af_alg - Fix incorrect boolean values in af_alg_ctx {CVE-2025-40022} - arm64: pensando: Must boot Ortano kernel with spin-table - net/sched: adjust device watchdog timer to detect stopped queue at right time - net/mlx5: Mark the mellanox graceful_period fix as out-of-tree change - infiniband/xsigo: Replace BUG_ON with WARN_ON_ONCE. - infiniband/xsigo: xsvnic_main: Remove unused functions - infiniband/xsigo: xve_cm: Fix mixed code warning - infiniband/xsigo: xve_ethtool: Remove unused variable 'priv' - infiniband/xsigo: xve_ib: Fix misleading indentation - infiniband/xsigo: xve_ib: Fix mixed code warning - infiniband/xsigo: xve_verbs: Remove unused label 'out_free_pd' - infiniband/xsigo: xve_main: Remove unused function 'xve_napi_del' - infiniband/xsigo: xve_main: Fix mixed code warning - infiniband/xsigo: xve_main: Fix misleading indentation - inifinibad/xsigo: xsvnic_main: Remove unused variable 'xsvnic_ethtool_ops' - infiniband/xsigo: xscore_impl: Remove unused label 'err_pd' - rds: Fix jiffies type in struct rds_conn_path - kernel: sysctl: Remove unused variable 'zero' - crypto: af_alg - Disallow concurrent writes in af_alg_sendmsg {CVE-2025-39964} - RDMA/cm: Base cm_id destruction timeout on CMA values - x86/its: Build fails with CONFIG_MITIGATION_ITS=n - LTS tag: v5.4.302 - Input: pegasus-notetaker - fix potential out-of-bounds access {CVE-2025-68217} - Input: remove third argument of usb_maxpacket() - usb: deprecate the third argument of usb_maxpacket() - fs/proc: fix uaf in proc_readdir_de() {CVE-2025-40271} - pmdomain: imx: Fix reference count leak in imx_gpc_remove - pmdomain: arm: scmi: Fix genpd leak on provider registration failure {CVE-2025-68204} - net: netpoll: fix incorrect refcount handling causing incorrect cleanup {CVE-2025-68245} - net: qede: Initialize qede_ll_ops with designated initializer - net: ethernet: ti: netcp: Standardize knav_dma_open_channel to return NULL on error {CVE-2025-68220} - ALSA: usb-audio: fix uac2 clock source at terminal parser - mm/page_alloc: fix hash table order logging in alloc_large_system_hash() - kconfig/nconf: Initialize the default locale at startup - kconfig/mconf: Initialize the default locale at startup - vsock: Ignore signal/timeout on connect() if already established {CVE-2025-40248} - s390/ctcm: Fix double-kfree {CVE-2025-40253} - net: openvswitch: remove never-working support for setting nsh fields {CVE-2025-40254} - mlxsw: spectrum: Fix memory leak in mlxsw_sp_flower_stats() - MIPS: Malta: Fix !EVA SOC-it PCI MMIO - scsi: target: tcm_loop: Fix segfault in tcm_loop_tpg_address_show() {CVE-2025-68229} - scsi: sg: Do not sleep in atomic context {CVE-2025-40259} - Input: cros_ec_keyb - fix an invalid memory access {CVE-2025-40263} - be2net: pass wrb_params in case of OS2BMC {CVE-2025-40264} - isdn: mISDN: hfcsusb: fix memory leak in hfcsusb_probe() {CVE-2025-68734} - EDAC/altera: Use INTTEST register for Ethernet and USB SBE injection - EDAC/altera: Handle OCRAM ECC enable after warm reset - spi: Try to get ACPI GPIO IRQ earlier - ipv4: route: Prevent rt_bind_exception() from rebinding stale fnhe {CVE-2025-68241} - strparser: Fix signed/unsigned mismatch bug - gcov: add support for GCC 15 - mm/ksm: fix flag-dropping behavior in ksm_madvise {CVE-2025-40040} - ALSA: usb-audio: Fix NULL pointer dereference in snd_usb_mixer_controls_badd {CVE-2025-40275} - drm/vmwgfx: Validate command header size against SVGA_CMD_MAX_DATASIZE {CVE-2025-40277} - ASoC: cs4271: Fix regulator leak on probe failure - regulator: fixed: fix GPIO descriptor leak on register failure - regulator: fixed: use dev_err_probe for register - Bluetooth: L2CAP: export l2cap_chan_hold for modules - net_sched: limit try_bulk_dequeue_skb() batches - net_sched: remove need_resched() from qdisc_run() - net/mlx5e: Fix wraparound in rate limiting for values above 255 Gbps - net/mlx5e: Fix maxrate wraparound in threshold between units - net: sched: act_ife: initialize struct tc_ife to fix KMSAN kernel-infoleak {CVE-2025-40278} - wifi: mac80211: skip rate verification for not captured PSDUs - net: mdio: fix resource leak in mdiobus_register_device() - tipc: Fix use-after-free in tipc_mon_reinit_self(). {CVE-2025-40280} - tipc: simplify the finalize work queue - sctp: prevent possible shift-out-of-bounds in sctp_transport_update_rto {CVE-2025-40281} - sctp: get netns from asoc and ep base - Bluetooth: 6lowpan: Don't hold spin lock over sleeping functions - Bluetooth: 6lowpan: fix BDADDR_LE vs ADDR_LE_DEV address type confusion - Bluetooth: 6lowpan: reset link-local header on ipv6 recv path {CVE-2025-40282} - Bluetooth: btusb: reorder cleanup in btusb_disconnect to avoid UAF {CVE-2025-40283} - net: fec: correct rx_bytes statistic for the case SHIFT16 is set - ASoC: max98090/91: fixed max98091 ALSA widget powering up/down - HID: quirks: avoid Cooler Master MM712 dongle wakeup bug - NFS4: Fix state renewals missing after boot - compiler_types: Move unused static inline functions warning to W=2 - extcon: adc-jack: Cleanup wakeup source only if it was enabled - tracing: Fix memory leaks in create_field_var() - net: usb: qmi_wwan: initialize MAC header offset in qmimux_rx_fixup {CVE-2025-68192} - sctp: Prevent TOCTOU out-of-bounds write {CVE-2025-40331} - sctp: Hold RCU read lock while iterating over address list - net: dsa: b53: stop reading ARL entries if search is done - net: dsa: b53: fix enabling ip multicast - net: dsa: b53: fix resetting speed and pause on forced link - net: dsa: b53: prevent GMII_PORT_OVERRIDE_CTRL access on BCM5325 - net: dsa/b53: change b53_force_port_config() pause argument - net: vlan: sync VLAN features with lower device - ceph: add checking of wait_for_completion_killable() return value - fbdev: Add bounds checking in bit_putcs to fix vmalloc-out-of-bounds {CVE-2025-40304} - ACPI: property: Return present device nodes only on fwnode interface - 9p: sysfs_init: don't hardcode error to ENOMEM - 9p: fix /sys/fs/9p/caches overwriting itself - fs/hpfs: Fix error code for new_inode() failure in mkdir/create/mknod/symlink - ACPICA: Update dsmethod.c to get rid of unused variable warning - orangefs: fix xattr related buffer overflow... {CVE-2025-40306} - page_pool: Clamp pool size to max 16K pages - Bluetooth: bcsp: receive data only if registered {CVE-2025-40308} - Bluetooth: SCO: Fix UAF on sco_conn_free {CVE-2025-40309} - net: macb: avoid dealing with endianness in macb_set_hwaddr() - nfs4_setup_readdir(): insufficient locking for ->d_parent->d_inode dereferencing {CVE-2025-68185} - NFSv4.1: fix mount hang after CREATE_SESSION failure - NFSv4: handle ERR_GRACE on delegation recalls - remoteproc: qcom: q6v5: Avoid handling handover twice - sparc/module: Add R_SPARC_UA64 relocation handling - net: intel: fm10k: Fix parameter idx set but not used - jfs: fix uninitialized waitqueue in transaction manager {CVE-2025-68168} - jfs: Verify inode mode when loading from disk {CVE-2025-40312} - ipv6: np->rxpmtu race annotation - usb: xhci: plat: Facilitate using autosuspend for xhci plat devices - usb: mon: Increase BUFF_MAX to 64 MiB to support multi-MB URBs - allow finish_no_open(file, ERR_PTR(-E...)) - scsi: lpfc: Define size of debugfs entry for xri rebalancing - scsi: lpfc: Check return status of lpfc_reset_flush_io_context during TGT_RESET - selftests/Makefile: include $(INSTALL_DEP_TARGETS) in clean target to clean net/lib dependency - net/cls_cgroup: Fix task_get_classid() during qdisc run - selftests: Replace sleep with slowwait - selftests: Disable dad for ipv6 in fcnal-test.sh - media: redrat3: use int type to store negative error codes - net: sh_eth: Disable WoL if system can not suspend - phy: cadence: cdns-dphy: Enable lower resolutions in dphy - usb: gadget: f_hid: Fix zero length packet transfer - net: call cond_resched() less often in __release_sock() - ALSA: usb-audio: apply quirk for MOONDROP Quark2 - net: nfc: nci: Increase NCI_DATA_TIMEOUT to 3000 ms - dmaengine: dw-edma: Set status for callback_result - dmaengine: mv_xor: match alloc_wc and free_wc - dmaengine: sh: setup_xref error handling - scsi: pm8001: Use int instead of u32 to store error codes - mips: lantiq: xway: sysctrl: rename stp clock - mips: lantiq: danube: add missing device_type in pci node - mips: lantiq: danube: add missing properties to cpu node - media: fix uninitialized symbol warnings - drm/amdkfd: Tie UNMAP_LATENCY to queue_preemption - extcon: adc-jack: Fix wakeup source leaks on device unbind - PCI/P2PDMA: Fix incorrect pointer usage in devm_kfree() call - net: Call trace_sock_exceed_buf_limit() for memcg failure with SK_MEM_RECV. - net: When removing nexthops, don't call synchronize_net if it is not necessary - char: misc: Does not request module for miscdevice with dynamic minor - usb: gadget: f_ncm: Fix MAC assignment NCM ethernet - iio: adc: spear_adc: mask SPEAR_ADC_STATUS channel and avg sample before setting register - media: imon: make send_packet() more robust {CVE-2025-68194} - net: ipv6: fix field-spanning memcpy warning in AH output {CVE-2025-40363} - bridge: Redirect to backup port when port is administratively down - powerpc/eeh: Use result of error_detected() in uevent - x86/vsyscall: Do not require X86_PF_INSTR to emulate vsyscall - media: pci: ivtv: Don't create fake v4l2_fh - drm/amdkfd: return -ENOTTY for unsupported IOCTLs - selftests/net: Ensure assert() triggers in psock_tpacket.c - selftests/net: Replace non-standard __WORDSIZE with sizeof(long) * 8 - PCI: Disable MSI on RDC PCI to PCIe bridges - drm/nouveau: replace snprintf() with scnprintf() in nvkm_snprintbf() - mfd: madera: Work around false-positive -Wininitialized warning - mfd: stmpe-i2c: Add missing MODULE_LICENSE - mfd: stmpe: Remove IRQ domain upon removal - tools/power x86_energy_perf_policy: Prefer driver HWP limits - tools/power x86_energy_perf_policy: Enhance HWP enable - tools/cpupower: Fix incorrect size in cpuidle_state_disable() - hwmon: (dell-smm) Add support for Dell OptiPlex 7040 - uprobe: Do not emulate/sstep original instruction when ip is changed - clocksource/drivers/vf-pit: Replace raw_readl/writel to readl/writel - video: backlight: lp855x_bl: Set correct EPROM start for LP8556 - tee: allow a driver to allocate a tee_device without a pool - ACPICA: dispatcher: Use acpi_ds_clear_operands() in acpi_ds_call_control_method() - mmc: sdhci-msm: Enable tuning for SDR50 mode for SD card - irqchip/gic-v2m: Handle Multiple MSI base IRQ Alignment - arc: Fix __fls() const-foldability via __builtin_clzl() - cpufreq/longhaul: handle NULL policy in longhaul_exit {CVE-2025-68177} - selftests/bpf: Fix bpf_prog_detach2 usage in test_lirc_mode2 - ACPI: video: force native for Lenovo 82K8 - memstick: Add timeout to prevent indefinite waiting - mmc: host: renesas_sdhi: Fix the actual clock - bpf: Don't use %pK through printk - spi: loopback-test: Don't use %pK through printk - soc: qcom: smem: Fix endian-unaware access of num_entries - usb: gadget: f_fs: Fix epfile null pointer access after ep enable. {CVE-2025-40315} - serial: 8250_dw: handle reset control deassert error - serial: 8250_dw: Use devm_add_action_or_reset() - serial: 8250_dw: Use devm_clk_get_optional() to get the input clock - can: gs_usb: increase max interface to U8_MAX - devcoredump: Fix circular locking dependency with devcd->mutex. - net: ravb: Enforce descriptor type ordering - x86/resctrl: Fix miscount of bandwidth event when reactivating previously unavailable RMID - wifi: brcmfmac: fix crash while sending Action Frames in standalone AP Mode {CVE-2025-40321} - net: phy: dp83867: Disable EEE support as not implemented - regmap: slimbus: fix bus_context pointer in regmap init calls {CVE-2025-40317} - drm/etnaviv: fix flush sequence logic - usbnet: Prevents free active kevent {CVE-2025-68312} - wifi: ath10k: Fix memory leak on unsupported WMI command - ASoC: qdsp6: q6asm: do not sleep while atomic - fbdev: valkyriefb: Fix reference count leak in valkyriefb_init - fbdev: pvr2fb: Fix leftover reference to ONCHIP_NR_DMA_CHANNELS - fbdev: bitblit: bound-check glyph index in bit_putcs* {CVE-2025-40322} - ACPI: video: Fix use-after-free in acpi_video_switch_brightness() {CVE-2025-40211} - fbdev: atyfb: Check if pll_ops->init_pll failed - net: usb: asix_devices: Check return value of usbnet_get_endpoints - btrfs: use smp_mb__after_atomic() when forcing COW in create_pending_snapshot() - x86/bugs: Fix reporting of LFENCE retpoline - net/sched: sch_qfq: Fix null-deref in agg_dequeue {CVE-2025-40083} - RDMA/cm: Rate limit destroy CM ID timeout error message - soc/pensando: giglio: hack dts to make things right - soc/pensando: Add AMD Pensando Giglio SoC support - soc/pensando: psci support - soc/pensando: Giglio SoC eMMC interrupt driver - Reapply "cpuidle: menu: Avoid discarding useful information" - fbcon: fix integer overflow in font allocation - uek-rpm: Introduce check function for uek-rpm/tools/kabi - rds: Add smp_rmb before reading c_destroy_in_prog - uio_hv_generic: Set event for all channels on the device - ata: libata-scsi: Fix system suspend for a security locked drive - HID: quirks: work around VID/PID conflict for 0x4c4a/0x4155 - scsi: megaraid_sas: Fix concurrent access to ISR between IRQ polling and real interrupt