- x86/kvm: Disable kvmclock on all CPUs on shutdown {CVE-2021-47110} - posix-cpu-timers: fix race between handle_posix_cpu_timers() and posix_cpu_timer_del() {CVE-2025-38352} - cifs: fix double free race when mount fails in cifs_get_root() {CVE-2022-48919} - aio: mark AIO pseudo-fs noexec {CVE-2016-10044} - cifs: potential buffer overflow in handling symlinks {CVE-2022-49058} - NFSD: fix race between nfsd registration and exports_proc {CVE-2025-38232} - nfsd: register pernet ops last, unregister first {CVE-2025-38232} - do_change_type(): refuse to operate on unmounted/not ours mounts {CVE-2025-38498} - net: atm: fix /proc/net/atm/lec handling {CVE-2025-38180} - net: atm: add lec_mutex {CVE-2025-38180} - SUNRPC: make sure cache entry active before cache_show {CVE-2024-53174} - scsi: target: Fix NULL pointer dereference in core_scsi3_decode_spec_i_port() {CVE-2025-38399} - scsi: target: Fix crash during SPEC_I_PT handling {CVE-2025-38399} - mm/hugetlb: fix huge_pmd_unshare() vs GUP-fast race {CVE-2025-38085} - drivers:md:fix a potential use-after-free bug {CVE-2022-50022} - ext4: avoid resizing to a partial cluster size {CVE-2022-50020} - HID: intel-ish-hid: Fix use-after-free issue in ishtp_hid_remove() {CVE-2025-21928} - net/sched: Abort __tc_modify_qdisc if parent class does not exist {CVE-2025-38457} - misc/vmw_vmci: fix an infoleak in vmci_host_do_receive_datagram() {CVE-2022-49788} - dlm: fix plock invalid read {CVE-2022-49407} - net: usb: smsc75xx: Limit packet length to skb->len {CVE-2023-53125} - scsi: libfc: Fix use after free in fc_exch_abts_resp() {CVE-2022-49114} - crypto: algif_hash - fix double free in hash_accept {CVE-2025-38079} - HID: core: Harden s32ton() against conversion to 0 bits {CVE-2025-38556} - HID: core: ensure the allocated report buffer can contain the reserved report ID {CVE-2025-38495} - ext4: Fix possible corruption when moving a directory {CVE-2023-53137} - ceph: avoid putting the realm twice when decoding snaps fails {CVE-2022-49770} - vsock/vmci: Clear the vmci transport packet properly when initializing it {CVE-2025-38403} - HID: core: do not bypass hid_hw_raw_request {CVE-2025-38494} - sch_hfsc: make hfsc_qlen_notify() idempotent {CVE-2025-38177} - ext4: check dot and dotdot of dx_root before making dir indexed {CVE-2024-42305} - ALSA: bcd2000: Fix a UAF bug on the error path of probing {CVE-2022-50229} - dm ioctl: prevent potential spectre v1 gadget {CVE-2022-49122} - net_sched: hfsc: Fix a potential UAF in hfsc_dequeue() too {CVE-2025-37823} - md-raid10: fix KASAN warning {CVE-2022-50211} - scsi: lpfc: Use memcpy() for BIOS version {CVE-2025-38332} - ACPICA: Refuse to evaluate a method if arguments are missing {CVE-2025-38386} - media: cxusb: no longer judge rbuf when the write fails {CVE-2025-38229} - ipc: fix to protect IPCS lookups using RCU {CVE-2025-38212} - ext4: fix off-by-one error in do_split {CVE-2025-23150} - perf/core: Fix WARN_ON(!ctx) in __free_event() for partial init {CVE-2025-37878} - sch_hfsc: Fix qlen accounting bug when using peek in hfsc_enqueue() {CVE-2025-38000} - i40e: fix MMIO write access to an invalid page in i40e_clear_hw {CVE-2025-38200}