* CVE-2025-39683 - tracing: Remove unneeded goto out logic {CVE-2025-39683} - tracing: Limit access to parser->buffer when trace_get_user failed {CVE-2025-39683} * CVE-2025-38079 - crypto: algif_hash - fix double free in hash_accept {CVE-2025-38079} * CVE-2025-38159 - wifi: rtw88: fix the 'para' buffer size to avoid reading out of bounds {CVE-2025-38159} * CVE-2025-38211 - RDMA/iwcm: Fix use-after-free of work objects after cm_id destruction {CVE-2025-38211} * CVE-2025-38024 - RDMA/rxe: Fix slab-use-after-free Read in rxe_queue_cleanup bug {CVE-2025-38024} * CVE-2025-38103 - HID: hyperv: Correctly access fields declared as __le16 {CVE-2025-38103} - HID: usbhid: Eliminate recurrent out-of-bounds bug in usbhid_parse() {CVE-2025-38103} * CVE-2025-38157 - wifi: ath9k_htc: Abort software beacon handling if disabled {CVE-2025-38157} * CVE-2025-38230 - jfs: add sanity check for agwidth in dbMount {CVE-2025-38230} - fs/jfs: consolidate sanity checking in dbMount {CVE-2025-38230} - jfs: validate AG parameters in dbMount() to prevent crashes {CVE-2025-38230} * CVE-2025-39955 - tcp: Clear tcp_sk(sk)->fastopen_rsk in tcp_disconnect(). {CVE-2025-39955} * CVE-2025-38680 - media: uvcvideo: Fix 1-byte out-of-bounds read in uvc_parse_format() {CVE-2025-38680} * CVE-2025-38708 - drbd: add missing kref_get in handle_write_conflicts {CVE-2025-38708} * CVE-2025-39759 - btrfs: qgroup: introduce quota mode {CVE-2025-39759} - btrfs: qgroup: fix race between quota disable and quota rescan ioctl {CVE-2025-39759} * CVE-2025-38666 - net: appletalk: Fix use-after-free in AARP proxy probe {CVE-2025-38666} * CVE-2025-40269 - ALSA: usb-audio: Improve frames size computation {CVE-2025-40269} - ALSA: usb-audio: Replace s/frame/packet/ where appropriate {CVE-2025-40269} - ALSA: usb-audio: Fix potential overflow of PCM transfer buffer {CVE-2025-40269} * CVE-2025-40149 - net: netdevice: Add operation ndo_sk_get_lower_dev {CVE-2025-40149} - net/tls: Device offload to use lowest netdevice in chain {CVE-2025-40149} - tls: Use __sk_dst_get() and dst_dev_rcu() in get_netdev_for_sock(). {CVE-2025-40149} * CVE-2025-71089 - iommu: disable SVA when CONFIG_X86 is set {CVE-2025-71089} * CVE-2026-23234 - f2fs: fix to avoid UAF in f2fs_write_end_io() {CVE-2026-23234} * CVE-2026-23089 - ALSA: usb-audio: Fix use-after-free in snd_usb_mixer_free() {CVE-2026-23089} * CVE-2026-23074 - net/sched: Enforce that teql can only be used as root qdisc {CVE-2026-23074} * CVE-2026-23061 - can: kvaser_usb: kvaser_usb_read_bulk_callback(): fix URB memory leak {CVE-2026-23061} * CVE-2026-23060 - crypto: authencesn - reject too-short AAD (assoclen<8) to match ESP/ESN spec {CVE-2026-23060} * CVE-2026-22997 - net: can: j1939: j1939_xtp_rx_rts_session_active(): deactivate session upon receiving the second rts {CVE-2026-22997} * CVE-2026-22991 - libceph: make free_choose_arg_map() resilient to partial allocation {CVE-2026-22991} * CVE-2026-22990 - libceph: replace overzealous BUG_ON in osdmap_apply_incremental() {CVE-2026-22990} * CVE-2026-22978 - wifi: avoid kernel-infoleak from struct iw_point {CVE-2026-22978} * CVE-2026-22977 - net: sock: fix hardened usercopy panic in sock_recv_errqueue {CVE-2026-22977} * CVE-2025-71154 - net: usb: rtl8150: fix memory leak on usb_submit_urb() failure {CVE-2025-71154} * CVE-2025-71085 - ipv6: BUG() in pskb_expand_head() as part of calipso_skbuff_setattr() {CVE-2025-71085} * CVE-2025-68734 - isdn: mISDN: hfcsusb: fix memory leak in hfcsusb_probe() {CVE-2025-68734} * CVE-2025-68349 - NFSv4/pNFS: Clear NFS_INO_LAYOUTCOMMIT in pnfs_mark_layout_stateid_invalid {CVE-2025-68349} * CVE-2025-68340 - team: Move team device type change at the end of team_port_add {CVE-2025-68340} * CVE-2025-68325 - net/sched: sch_cake: Fix incorrect qlen reduction in cake_drop {CVE-2025-68325} * CVE-2025-68287 - usb: dwc3: Fix race condition between concurrent dwc3_remove_requests() call paths {CVE-2025-68287} * CVE-2025-68285 - libceph: fix potential use-after-free in have_mon_and_osd_map() {CVE-2025-68285} * CVE-2025-68241 - ipv4: route: Prevent rt_bind_exception() from rebinding stale fnhe {CVE-2025-68241} * CVE-2025-68229 - scsi: target: tcm_loop: Fix segfault in tcm_loop_tpg_address_show() {CVE-2025-68229} * CVE-2025-68220 - net: ethernet: ti: netcp: Standardize knav_dma_open_channel to return NULL on error {CVE-2025-68220} * CVE-2025-68194 - media: imon: make send_packet() more robust {CVE-2025-68194} * CVE-2025-68192 - net: usb: qmi_wwan: initialize MAC header offset in qmimux_rx_fixup {CVE-2025-68192} * CVE-2025-68185 - nfs4_setup_readdir(): insufficient locking for ->d_parent->d_inode dereferencing {CVE-2025-68185} * CVE-2025-68168 - jfs: fix uninitialized waitqueue in transaction manager {CVE-2025-68168} * CVE-2025-40363 - net: ipv6: fix field-spanning memcpy warning in AH output {CVE-2025-40363} * CVE-2025-40331 - sctp: Prevent TOCTOU out-of-bounds write {CVE-2025-40331} * CVE-2025-40322 - fbdev: bitblit: bound-check glyph index in bit_putcs* {CVE-2025-40322} * CVE-2025-40317 - regmap: slimbus: fix bus_context pointer in regmap init calls {CVE-2025-40317} * CVE-2025-40315 - usb: gadget: f_fs: Fix epfile null pointer access after ep enable. {CVE-2025-40315} * CVE-2025-40309 - Bluetooth: SCO: Fix UAF on sco_conn_free {CVE-2025-40309} * CVE-2025-40308 - Bluetooth: bcsp: receive data only if registered {CVE-2025-40308} * CVE-2025-40306 - orangefs: fix xattr related buffer overflow... {CVE-2025-40306} * CVE-2025-40304 - fbdev: Add bounds checking in bit_putcs to fix vmalloc-out-of-bounds {CVE-2025-40304} * CVE-2025-40283 - Bluetooth: btusb: reorder cleanup in btusb_disconnect to avoid UAF {CVE-2025-40283} * CVE-2025-40282 - Bluetooth: 6lowpan: reset link-local header on ipv6 recv path {CVE-2025-40282} * CVE-2025-40277 - drm/vmwgfx: Validate command header size against SVGA_CMD_MAX_DATASIZE {CVE-2025-40277} * CVE-2025-40275 - ALSA: usb-audio: Fix NULL pointer dereference in snd_usb_mixer_controls_badd {CVE-2025-40275} * CVE-2025-40264 - be2net: pass wrb_params in case of OS2BMC {CVE-2025-40264} * CVE-2025-40263 - Input: cros_ec_keyb - fix an invalid memory access {CVE-2025-40263} * CVE-2025-40259 - scsi: sg: Do not sleep in atomic context {CVE-2025-40259} * CVE-2025-40254 - net: openvswitch: remove never-working support for setting nsh fields {CVE-2025-40254} * CVE-2025-40248 - vsock: Ignore signal/timeout on connect() if already established {CVE-2025-40248} * CVE-2025-40211 - ACPI: video: Fix use-after-free in acpi_video_switch_brightness() {CVE-2025-40211} * CVE-2025-40106 - comedi: fix divide-by-zero in comedi_buf_munge() {CVE-2025-40106} * CVE-2025-40087 - NFSD: Define a proc_layoutcommit for the FlexFiles layout type {CVE-2025-40087} * CVE-2025-40055 - ocfs2: fix double free in user_cluster_connect() {CVE-2025-40055} * CVE-2025-39945 - cnic: Fix use-after-free bugs in cnic_delete_task {CVE-2025-39945} * CVE-2025-39738 - btrfs: do proper error handling in create_reloc_root {CVE-2025-39738} - btrfs: do not allow relocation of partially dropped subvolumes {CVE-2025-39738} * CVE-2025-39685 - comedi: pcl726: Prevent invalid irq number {CVE-2025-39685} * CVE-2024-46830 - KVM: x86: Acquire kvm->srcu when handling KVM_SET_VCPU_EVENTS {CVE-2024-46830} * CVE-2024-41014 - xfs: add bounds checking to xlog_recover_process_data {CVE-2024-41014} * CVE-2025-39866 - fs: writeback: fix use-after-free in __mark_inode_dirty() {CVE-2025-39866} * CVE-2025-39686 - comedi: Fix some signed shift left operations {CVE-2025-39686} - comedi: Make insn_rw_emulate_bits() do insn->n samples {CVE-2025-39686} * CVE-2025-39766 - net/sched: Make cake_enqueue return NET_XMIT_CN when past buffer_limit {CVE-2025-39766} * CVE-2025-39828 - net/atm: remove the atmdev_ops {get, set}sockopt methods {CVE-2025-39828} - atm: atmtcp: Free invalid length skb in atmtcp_c_send(). {CVE-2025-39828} - atm: Revert atm_account_tx() if copy_from_iter_full() fails. {CVE-2025-39828} - atm: atmtcp: Prevent arbitrary write in atmtcp_recv_control(). {CVE-2025-39828} * CVE-2022-49267 - mmc: core: Do not export MMC_NAME= and MODALIAS=mmc:block for SDIO cards {CVE-2022-49267} - mmc: core: Export device/vendor ids from Common CIS for SDIO cards {CVE-2022-49267} - mmc: sdio: Extend sdio_config_attr macro and use it also for modalias {CVE-2022-49267} - mmc: sdio: Export SDIO revision and info strings to userspace {CVE-2022-49267} - mmc: sdio: Parse CISTPL_VERS_1 major and minor revision numbers {CVE-2022-49267} - mmc: core: use sysfs_emit() instead of sprintf() {CVE-2022-49267} * CVE-2025-39967 - fbcon: fix integer overflow in fbcon_do_set_font {CVE-2025-39967} * CVE-2025-38108 - net_sched: red: fix a race in __red_change() {CVE-2025-38108} * CVE-2025-38212 - ipc: fix to protect IPCS lookups using RCU {CVE-2025-38212} * CVE-2025-38403 - vsock/vmci: Clear the vmci transport packet properly when initializing it {CVE-2025-38403} * CVE-2025-38464 - tipc: Fix use-after-free in tipc_conn_close(). {CVE-2025-38464} * CVE-2025-38555 - usb: gadget : fix use-after-free in composite_dev_cleanup() {CVE-2025-38555} * CVE-2025-38652 - f2fs: fix to avoid out-of-boundary access in devs.path {CVE-2025-38652} * CVE-2025-38677 - f2fs: fix to avoid out-of-boundary access in dnode page {CVE-2025-38677} * CVE-2025-38713 - hfsplus: fix slab-out-of-bounds read in hfsplus_uni2asc() {CVE-2025-38713} * CVE-2025-38714 - hfsplus: fix slab-out-of-bounds in hfsplus_bnode_read() {CVE-2025-38714} * CVE-2025-38715 - hfs: fix slab-out-of-bounds in hfs_bnode_read() {CVE-2025-38715} * CVE-2025-38729 - ALSA: usb-audio: Validate UAC3 power domain descriptors, too {CVE-2025-38729} * CVE-2025-39691 - fs/buffer: fix use-after-free when call bh_read() helper {CVE-2025-39691} * CVE-2025-39743 - jfs: truncate good inode pages when hard link is 0 {CVE-2025-39743} * CVE-2025-39783 - PCI: endpoint: Fix configfs group list head handling {CVE-2025-39783} * CVE-2025-39824 - HID: asus: fix UAF via HID_CLAIMED_INPUT validation {CVE-2025-39824} * CVE-2025-39839 - batman-adv: fix OOB read/write in network-coding decode {CVE-2025-39839} * CVE-2025-39913 - tcp_bpf: Call sk_msg_free() when tcp_bpf_send_verdict() fails to allocate psock->cork. {CVE-2025-39913} * CVE-2025-40240 - sctp: avoid NULL dereference when chunk data buffer is missing {CVE-2025-40240} * CVE-2025-38004 - can: bcm: add locking for bcm_op runtime updates {CVE-2025-38004} * Miscellaneous upstream changes - wifi: wilc1000: avoid buffer overflow in WID string configuration {CVE-2025-39952} - Revert "dm-bufio: don't schedule in atomic context {CVE-2025-37928}"