CVE dashboard by TuxСare

- sctp: sysctl: auth_enable: avoid using current->nsproxy - sctp: sysctl: cookie_hmac_alg: avoid using current->nsproxy {CVE-2025-21640} - bpf: Use preempt_count() directly in bpf_send_signal_common() - Revert "sctp: sysctl: cookie_hmac_alg: avoid using current->nsproxy" - jfs: fix slab-out-of-bounds read in ea_get() - serial: 8250_dma: terminate correct DMA in tx_dma_flush() - Revert "sctp: sysctl: auth_enable: avoid using current->nsproxy" - net: usb: usbnet: restore usb%d name exception for local mac addresses - vlan: fix memory leak in vlan_newlink() {CVE-2022-49636} - rds: ib: Fix NULL ptr deref in rds_ib_cq_follow_affinity - LTS tag: v5.4.291 - eeprom: digsy_mtc: Make GPIO lookup table match the device - slimbus: messaging: Free transaction ID in delayed interrupt scenario {CVE-2025-21914} - intel_th: pci: Add Panther Lake-P/U support - intel_th: pci: Add Panther Lake-H support - intel_th: pci: Add Arrow Lake support - Squashfs: check the inode number is not the invalid value of zero {CVE-2024-26982} - xhci: pci: Fix indentation in the PCI device ID definitions - usb: gadget: Check bmAttributes only if configuration is valid - usb: gadget: Fix setting self-powered state on suspend - usb: gadget: Set self-powered based on MaxPower and bmAttributes - usb: typec: tcpci_rt1711h: Unmask alert interrupts to fix functionality - usb: typec: ucsi: increase timeout for PPM reset operations - usb: atm: cxacru: fix a flaw in existing endpoint checks {CVE-2025-21916} - usb: renesas_usbhs: Flush the notify_hotplug_work {CVE-2025-21917} - usb: quirks: Add DELAY_INIT and NO_LPM for Prolific Mass Storage Card Reader - usb: renesas_usbhs: Use devm_usb_get_phy() - usb: renesas_usbhs: Call clk_put() - Revert "drivers/card_reader/rtsx_usb: Restore interrupt based detection" - gpio: rcar: Fix missing of_node_put() call - net: ipv6: fix missing dst ref drop in ila lwtunnel - net: ipv6: fix dst ref loop in ila lwtunnel - net-timestamp: support TCP GSO case for a few missing flags - vlan: enforce underlying device type {CVE-2025-21920} - ppp: Fix KMSAN uninit-value warning with bpf {CVE-2025-21922} - be2net: fix sleeping while atomic bugs in be_ndo_bridge_getlink - drm/sched: Fix preprocessor guard - hwmon: fix a NULL vs IS_ERR_OR_NULL() check in xgene_hwmon_probe() - llc: do not use skb_get() before dev_queue_xmit() {CVE-2025-21925} - hwmon: (ad7314) Validate leading zero bits and return error - hwmon: (ntc_thermistor) Fix the ncpXXxh103 sensor table - hwmon: (pmbus) Initialise page count in pmbus_identify() - caif_virtio: fix wrong pointer check in cfv_probe() {CVE-2025-21904} - net: gso: fix ownership in __udp_gso_segment {CVE-2025-21926} - HID: intel-ish-hid: Fix use-after-free issue in ishtp_hid_remove() {CVE-2025-21928} - HID: google: fix unused variable warning under !CONFIG_ACPI - wifi: iwlwifi: limit printed string from FW file {CVE-2025-21905} - mm/page_alloc: fix uninitialized variable - rapidio: fix an API misues when rio_add_net() fails {CVE-2025-21934} - rapidio: add check for rio_add_net() in rio_scan_alloc_net() - wifi: nl80211: reject cooked mode if it is set along with other flags {CVE-2025-21909} - wifi: cfg80211: regulatory: improve invalid hints checking {CVE-2025-21910} - x86/cpu: Properly parse CPUID leaf 0x2 TLB descriptor 0x63 - x86/cpu: Validate CPUID leaf 0x2 EDX output - x86/cacheinfo: Validate CPUID leaf 0x2 EDX output - platform/x86: thinkpad_acpi: Add battery quirk for ThinkPad X131e - drm/radeon: Fix rs400_gpu_init for ATI mobility radeon Xpress 200M - ALSA: hda/realtek: update ALC222 depop optimize - ALSA: hda: intel: Add Dell ALC3271 to power_save denylist - HID: appleir: Fix potential NULL dereference at raw event handle {CVE-2025-21948} - Revert "of: reserved-memory: Fix using wrong number of cells to get property 'alignment'" - drm/amdgpu: disable BAR resize on Dell G5 SE - drm/amdgpu: Check extended configuration space register when system uses large bar - drm/amdgpu: skip BAR resizing if the bios already did it - acct: perform last write from workqueue {CVE-2025-21846} - kernel/acct.c: use dedicated helper to access rlimit values - kernel/acct.c: use #elif instead of #end and #elif - drop_monitor: fix incorrect initialization order {CVE-2025-21862} - pfifo_tail_enqueue: Drop new packet when sch->limit == 0 {CVE-2025-21702} - sched/core: Prevent rescheduling when interrupts are disabled {CVE-2024-58090} - phy: exynos5-usbdrd: fix MPLL_MULTIPLIER and SSC_REFCLKSEL masks in refclk - phy: tegra: xusb: reset VBUS & ID OVERRIDE - usbnet: gl620a: fix endpoint checking in genelink_bind() {CVE-2025-21877} - perf/core: Fix low freq setting via IOC_PERIOD - ftrace: Avoid potential division by zero in function_stat_show() - x86/CPU: Fix warm boot hang regression on AMD SC1100 SoC systems - net: mvpp2: cls: Fixed Non IP flow, with vlan tag flow defination. - ipvs: Always clear ipvs_property flag in skb_scrub_packet() - ASoC: es8328: fix route from DAC to output - net: cadence: macb: Synchronize stats calculations - sunrpc: suppress warnings for unused procfs functions - batman-adv: Drop unmanaged ELP metric worker {CVE-2025-21823} - batman-adv: Ignore neighbor throughput metrics in error case - acct: block access to kernel internal filesystems - ALSA: hda/conexant: Add quirk for HP ProBook 450 G4 mute LED - nfp: bpf: Add check for nfp_app_ctrl_msg_alloc() {CVE-2025-21848} - tee: optee: Fix supplicant wait loop {CVE-2025-21871} - power: supply: da9150-fg: fix potential overflow - flow_dissector: Fix port range key handling in BPF conversion - flow_dissector: Fix handling of mixed port and port-range keys - net: extract port range fields from fl_flow_key - geneve: Suppress list corruption splat in geneve_destroy_tunnels(). - geneve: Fix use-after-free in geneve_find_dev(). {CVE-2025-21858} - powerpc/code-patching: Fix KASAN hit by not flagging text patching area as VM_ALLOC - powerpc/64s: Rewrite __real_pte() and __rpte_to_hidx() as static inline - powerpc/64s/mm: Move __real_pte stubs into hash-4k.h - USB: gadget: f_midi: f_midi_complete to call queue_work {CVE-2025-21859} - usb/gadget: f_midi: Replace tasklet with work - usb/gadget: f_midi: convert tasklets to use new tasklet_setup() API - usb: dwc3: Fix timeout issue during controller enter/exit from halt state - usb: dwc3: Increase DWC3 controller halt timeout - memcg: fix soft lockup in the OOM process {CVE-2024-57977} - mm: update mark_victim tracepoints fields - crypto: testmgr - some more fixes to RSA test vectors - crypto: testmgr - populate RSA CRT parameters in RSA test vectors - crypto: testmgr - fix version number of RSA tests - crypto: testmgr - Fix wrong test case of RSA - crypto: testmgr - fix wrong key length for pkcs1pad - driver core: bus: Fix double free in driver API bus_register() {CVE-2024-50055} - scsi: storvsc: Set correct data length for sending SCSI command without payload - vlan: move dev_put into vlan_dev_uninit - vlan: introduce vlan_dev_free_egress_priority - pps: Fix a use-after-free {CVE-2024-57979} - btrfs: avoid monopolizing a core when activating a swap file - x86/i8253: Disable PIT timer 0 when not in use - parport_pc: add support for ASIX AX99100 - serial: 8250_pci: add support for ASIX AX99100 - can: ems_pci: move ASIX AX99100 ids to pci_ids.h - nilfs2: protect access to buffers with no active references {CVE-2025-21811} - nilfs2: do not force clear folio if buffer is referenced {CVE-2025-21722} - nilfs2: do not output warnings when clearing dirty buffers - alpha: replace hardcoded stack offsets with autogenerated ones - ndisc: extend RCU protection in ndisc_send_skb() {CVE-2025-21760} - openvswitch: use RCU protection in ovs_vport_cmd_fill_info() - arp: use RCU protection in arp_xmit() {CVE-2025-21762} - neighbour: use RCU protection in __neigh_notify() {CVE-2025-21763} - neighbour: delete redundant judgment statements - ndisc: use RCU protection in ndisc_alloc_skb() {CVE-2025-21764} - ipv6: use RCU protection in ip6_default_advmss() {CVE-2025-21765} - ipv4: use RCU protection in inet_select_addr() - ipv4: use RCU protection in rt_is_expired() - net: add dev_net_rcu() helper - net: treat possible_net_t net pointer as an RCU one and add read_pnet_rcu() - regmap-irq: Add missing kfree() - partitions: mac: fix handling of bogus partition table {CVE-2025-21772} - gpio: stmpe: Check return value of stmpe_reg_read in stmpe_gpio_irq_sync_unlock - alpha: align stack for page fault and user unaligned trap handlers - serial: 8250: Fix fifo underflow on flush - alpha: make stack 16-byte aligned (most cases) - can: j1939: j1939_sk_send_loop(): fix unable to send messages with data length zero - can: c_can: fix unbalanced runtime PM disable in error path - USB: serial: option: drop MeiG Smart defines - USB: serial: option: fix Telit Cinterion FN990A name - USB: serial: option: add Telit Cinterion FN990B compositions - USB: serial: option: add MeiG Smart SLM828 - usb: cdc-acm: Fix handling of oversized fragments - usb: cdc-acm: Check control transfer buffer size before access {CVE-2025-21704} - USB: cdc-acm: Fill in Renesas R-Car D3 USB Download mode quirk - USB: hub: Ignore non-compliant devices with too many configs or interfaces {CVE-2025-21776} - usb: gadget: f_midi: fix MIDI Streaming descriptor lengths {CVE-2025-21835} - USB: Add USB_QUIRK_NO_LPM quirk for sony xperia xz1 smartphone - USB: quirks: add USB_QUIRK_NO_LPM quirk for Teclast dist - USB: pci-quirks: Fix HCCPARAMS register error for LS7A EHCI - usb: dwc2: gadget: remove of_node reference upon udc_stop - usb: gadget: udc: renesas_usb3: Fix compiler warning - usb: roles: set switch registered flag early on - batman-adv: fix panic during interface removal {CVE-2025-21781} - ASoC: Intel: bytcr_rt5640: Add DMI quirk for Vexia Edu Atla 10 tablet 5V - orangefs: fix a oob in orangefs_debug_write {CVE-2025-21782} - Grab mm lock before grabbing pt lock - vfio/pci: Enable iowrite64 and ioread64 for vfio pci - media: cxd2841er: fix 64-bit division on gcc-9 - gpio: bcm-kona: Add missing newline to dev_err format string - gpio: bcm-kona: Make sure GPIO bits are unlocked when requesting IRQ - gpio: bcm-kona: Fix GPIO lock/unlock for banks above bank 0 - arm64: cacheinfo: Avoid out-of-bounds write to cacheinfo array {CVE-2025-21785} - team: better TEAM_OPTION_TYPE_STRING validation {CVE-2025-21787} - vrf: use RCU protection in l3mdev_l3_out() {CVE-2025-21791} - ndisc: ndisc_send_redirect() must use dev_get_by_index_rcu() - HID: multitouch: Add NULL check in mt_input_configured - ocfs2: check dir i_size in ocfs2_find_entry - MIPS: ftrace: Declare ftrace_get_parent_ra_addr() as static - ptp: Ensure info->enable callback is always set {CVE-2025-21814} - net/ncsi: wait for the last response to Deselect Package before configuring channel - misc: fastrpc: Fix registered buffer page address - mtd: onenand: Fix uninitialized retlen in do_otp_read() - NFC: nci: Add bounds checking in nci_hci_create_pipe() - nilfs2: fix possible int overflows in nilfs_fiemap() {CVE-2025-21736} - ocfs2: handle a symlink read error correctly {CVE-2024-58001} - vfio/platform: check the bounds of read/write syscalls {CVE-2025-21687} - nvmem: core: improve range check for nvmem_cell_write() - crypto: qce - unregister previously registered algos in error path - crypto: qce - fix goto jump in error path - media: uvcvideo: Remove redundant NULL assignment - media: uvcvideo: Fix event flags in uvc_ctrl_send_events - media: ov5640: fix get_light_freq on auto - soc: qcom: smem_state: fix missing of_node_put in error path - kbuild: Move -Wenum-enum-conversion to W=2 - powerpc/pseries/eeh: Fix get PE state translation - serial: sh-sci: Do not probe the serial port if its slot in sci_ports[] is in use - serial: sh-sci: Drop __initdata macro for port_cfg - soc: qcom: socinfo: Avoid out of bounds read of serial number {CVE-2024-58007} - usb: gadget: f_tcm: Don't prepare BOT write request twice - usb: gadget: f_tcm: ep_autoconfig with fullspeed endpoint - usb: gadget: f_tcm: Decrement command ref count on cleanup - usb: gadget: f_tcm: Translate error to sense - wifi: brcmfmac: fix NULL pointer dereference in brcmf_txfinalize() {CVE-2025-21744} - HID: hid-sensor-hub: don't use stale platform-data on remove - of: reserved-memory: Fix using wrong number of cells to get property 'alignment' - of: Fix of_find_node_opts_by_path() handling of alias+path+options - of: Correct child specifier used as input of the 2nd nexus node - perf bench: Fix undefined behavior in cmpworker() - clk: qcom: clk-rpmh: prevent integer overflow in recalc_rate - clk: qcom: clk-alpha-pll: fix alpha mode configuration - drm/komeda: Add check for komeda_get_layer_fourcc_list() - KVM: s390: vsie: fix some corner-cases when grabbing vsie pages - KVM: Explicitly verify target vCPU is online in kvm_get_vcpu() {CVE-2024-58083} - arm64: dts: rockchip: increase gmac rx_delay on rk3399-puma - binfmt_flat: Fix integer overflow bug on 32 bit systems {CVE-2024-58010} - m68k: vga: Fix I/O defines - s390/futex: Fix FUTEX_OP_ANDN implementation - leds: lp8860: Write full EEPROM, not only half of it - cpufreq: s3c64xx: Fix compilation warning - tun: revert fix group permission check - net: rose: lock the socket in rose_bind() {CVE-2025-21749} - udp: gso: do not drop small packets when PMTU reduces - tg3: Disable tg3 PCIe AER on system reboot - gpu: drm_dp_cec: fix broken CEC adapter properties check - firmware: iscsi_ibft: fix ISCSI_IBFT Kconfig entry - nvme: handle connectivity loss in nvme_set_queue_count - usb: xhci: Fix NULL pointer dereference on certain command aborts {CVE-2024-57981} - usb: xhci: Add timeout argument in address_device USB HCD callback - net: usb: rtl8150: enable basic endpoint checking {CVE-2025-21708} - net: usb: rtl8150: use new tasklet API - tasklet: Introduce new initialization API - kbuild: userprogs: use correct lld when linking through clang - media: uvcvideo: Remove dangling pointers {CVE-2024-58002} - media: uvcvideo: Only save async fh if success - nilfs2: handle errors that nilfs_prepare_chunk() may return {CVE-2025-21721} - nilfs2: eliminate staggered calls to kunmap in nilfs_rename - nilfs2: move page release outside of nilfs_delete_entry and nilfs_set_link - spi-mxs: Fix chipselect glitch - x86/mm: Don't disable PCID when INVLPG has been fixed by microcode - APEI: GHES: Have GHES honor the panic= setting - HID: Wacom: Add PCI Wacom device support - mfd: lpc_ich: Add another Gemini Lake ISA bridge PCI device-id - tomoyo: don't emit warning in tomoyo_write_control() {CVE-2024-58085} - wifi: brcmsmac: add gain range check to wlc_phy_iqcal_gainparams_nphy() - mmc: core: Respect quirk_max_rate for non-UHS SDIO card - tun: fix group permission check - printk: Fix signed integer overflow when defining LOG_BUF_LEN_MAX {CVE-2024-58017} - x86/amd_nb: Restrict init function to AMD-based systems - sched: Don't try to catch up excess steal time. - btrfs: convert BUG_ON in btrfs_reloc_cow_block() to proper error handling - btrfs: fix use-after-free when attempting to join an aborted transaction {CVE-2025-21753} - btrfs: output the reason for open_ctree() failure - usb: gadget: f_tcm: Don't free command immediately {CVE-2024-58055} - media: uvcvideo: Fix double free in error path {CVE-2024-57980} - HID: core: Fix assumption that Resolution Multipliers must be in Logical Collections - usb: typec: tcpm: set SRC_SEND_CAPABILITIES timeout to PD_T_SENDER_RESPONSE - drivers/card_reader/rtsx_usb: Restore interrupt based detection - ktest.pl: Check kernelrelease return in get_version - NFSD: Reset cb_seq_status after NFS4ERR_DELAY - hexagon: Fix unbalanced spinlock in die() - hexagon: fix using plain integer as NULL pointer warning in cmpxchg - genksyms: fix memory leak when the same symbol is read from *.symref file - genksyms: fix memory leak when the same symbol is added from source - net: sh_eth: Fix missing rtnl lock in suspend/resume path - vsock: Allow retrying on connect() failure - perf trace: Fix runtime error of index out of bounds - net: davicom: fix UAF in dm9000_drv_remove {CVE-2025-21715} - net: rose: fix timer races against user threads {CVE-2025-21718} - PM: hibernate: Add error handling for syscore_suspend() - ipmr: do not call mr_mfc_uses_dev() for unres entries {CVE-2025-21719} - net: fec: implement TSO descriptor cleanup - ubifs: skip dumping tnc tree when zroot is null {CVE-2024-58058} - rtc: pcf85063: fix potential OOB write in PCF85063 NVMEM read {CVE-2024-58069} - dmaengine: ti: edma: fix OF node reference leaks in edma_driver - module: Extend the preempt disabled section in dereference_symbol_descriptor(). - ocfs2: mark dquot as inactive if failed to start trans while releasing dquot - scsi: ufs: bsg: Delete bsg_dev when setting up bsg fails - scsi: mpt3sas: Set ioc->manu_pg11.EEDPTagMode directly to 1 - staging: media: imx: fix OF node leak in imx_media_add_of_subdevs() - media: uvcvideo: Propagate buf->error to userspace - media: camif-core: Add check for clk_enable() - media: mipi-csis: Add check for clk_enable() - PCI: endpoint: Destroy the EPC device in devm_pci_epc_destroy() - media: lmedm04: Handle errors for lme2510_int_read - media: lmedm04: Use GFP_KERNEL for URB allocation/submission. - media: rc: iguanair: handle timeouts - fbdev: omapfb: Fix an OF node leak in dss_of_port_get_parent_device() - ARM: dts: mediatek: mt7623: fix IR nodename - arm64: dts: mediatek: mt8173-evb: Fix MT6397 PMIC sub-node names - arm64: dts: mediatek: mt8173-evb: Drop regulator-compatible property - rdma/cxgb4: Prevent potential integer overflow on 32bit {CVE-2024-57973} - RDMA/mlx4: Avoid false error about access to uninitialized gids array - bpf: Send signals asynchronously if !preemptible {CVE-2025-21728} - perf report: Fix misleading help message about --demangle - perf top: Don't complain about lack of vmlinux when not resolving some kernel samples - padata: fix sysfs store callback check - ktest.pl: Remove unused declarations in run_bisect_test function - perf header: Fix one memory leakage in process_bpf_prog_info() - perf header: Fix one memory leakage in process_bpf_btf() - ASoC: sun4i-spdif: Add clock multiplier settings - tools/testing/selftests/bpf/test_tc_tunnel.sh: Fix wait for server bind - net: sched: Disallow replacing of child qdisc from one parent to another {CVE-2025-21700} - net/mlxfw: Drop hard coded max FW flash image size - net: let net.core.dev_weight always be non-zero {CVE-2025-21806} - clk: analogbits: Fix incorrect calculation of vco rate delta - selftests: harness: fix printing of mismatch values in __EXPECT() - selftests/harness: Display signed values correctly - wifi: wlcore: fix unbalanced pm_runtime calls - regulator: of: Implement the unwind path of of_regulator_match() - team: prevent adding a device which is already a team device lower {CVE-2024-58071} - cpupower: fix TSC MHz calculation - wifi: rtlwifi: pci: wait for firmware loading before releasing memory - wifi: rtlwifi: fix memory leaks and invalid access at probe error path {CVE-2024-58063} - wifi: rtlwifi: remove unused check_buddy_priv {CVE-2024-58072} - wifi: rtlwifi: remove unused dualmac control leftovers - wifi: rtlwifi: remove unused timer and related code - rtlwifi: replace usage of found with dedicated list iterator variable - dt-bindings: mmc: controller: clarify the address-cells description - wifi: rtlwifi: usb: fix workqueue leak when probe fails - wifi: rtlwifi: rtl8192se: rise completion of firmware loading as last step - rtlwifi: rtl8192se Rename RT_TRACE to rtl_dbg - wifi: rtlwifi: do not complete firmware loading needlessly - ipmi: ipmb: Add check devm_kasprintf() returned value {CVE-2024-58051} - drm/amdgpu: Fix potential NULL pointer dereference in atomctrl_get_smc_sclk_range_table - drm/etnaviv: Fix page property being used for non writecombine buffers - partitions: ldm: remove the initial kernel-doc notation - nbd: don't allow reconnect after disconnect {CVE-2025-21731} - afs: Fix directory format encoding struct - overflow: Allow mixed type arguments - overflow: Correct check_shl_overflow() comment - overflow: Add __must_check attribute to check_*() helpers - rds: ib: Do not attempt to insert RDMA exthdr twice - net: mana: Fix TX CQE error handling {CVE-2023-52532} - net/mlx5: Stop waiting for PCI if pci channel is offline - rds: ib: Fix racy send affinity work cancellation - rds: ib: Make traffic_class visible to user-space - rds: ib: Remove incorrect update of the path record sl and qos_class fields - net: core: reject skb_copy(_expand) for fraglist GSO skbs {CVE-2024-36929} - udp: do not accept non-tunnel GSO skbs landing in a tunnel {CVE-2024-35884} - udp: never accept GSO_FRAGLIST packets - udp: initialize is_flist with 0 in udp_gro_receive - ima: Fix use-after-free on a dentry's dname.name {CVE-2024-39494} - sched: sch_cake: add bounds checks to host bulk flow fairness counts {CVE-2025-21647} - udf: Fix use of check_add_overflow() with mixed type arguments - x86/xen: allow larger contiguous memory regions in PV guests - xen: remove a confusing comment on auto-translated guest I/O - ALSA: hda/realtek: Fixup ALC225 depop procedure - ALSA: hda/realtek - Add type for ALC287 - net: loopback: Avoid sending IP packets without an Ethernet header - netem: Update sch->q.qlen before qdisc_tree_reduce_backlog() - ocfs2: fix incorrect CPU endianness conversion causing mount failure - Revert "btrfs: avoid monopolizing a core when activating a swap file" - gtp: Suppress list corruption splat in gtp_net_exit_batch_rtnl(). - Bluetooth: L2CAP: handle NULL sock pointer in l2cap_sock_alloc {CVE-2024-58009} - rds: Make sure transmit path and connection tear-down does not run concurrently - NFSv4: Prevent NULL-pointer dereference in nfs42_complete_copies() - LTS tag: v5.4.290 - Partial revert of xhci: use pm_ptr() instead #ifdef for CONFIG_PM conditionals - xhci: use pm_ptr() instead of #ifdef for CONFIG_PM conditionals - drm/v3d: Assign job pointer to NULL before signaling the fence {CVE-2025-21688} - Input: xpad - add support for wooting two he (arm) - Input: xpad - add unofficial Xbox 360 wireless receiver clone - Input: atkbd - map F23 key to support default copilot shortcut - Revert "usb: gadget: u_serial: Disable ep before setting port to null to fix the crash caused by port being null" - USB: serial: quatech2: fix null-ptr-deref in qt2_process_read_urb() - ext4: fix slab-use-after-free in ext4_split_extent_at() - ext4: avoid ext4_error()'s caused by ENOMEM in the truncate path - vfio/platform: check the bounds of read/write syscalls {CVE-2025-21687} - net/xen-netback: prevent UAF in xenvif_flush_hash() {CVE-2024-49936} - net: xen-netback: hash.c: Use built-in RCU list checking - signal/m68k: Use force_sigsegv(SIGSEGV) in fpsp040_die - m68k: Add missing mmap_read_lock() to sys_cacheflush() - m68k: Update ->thread.esp0 before calling syscall_trace() in ret_from_signal - gfs2: Truncate address space when flipping GFS2_DIF_JDATA flag - irqchip/sunxi-nmi: Add missing SKIP_WAKE flag - scsi: iscsi: Fix redundant response for ISCSI_UEVENT_GET_HOST_STATS request - ASoC: wm8994: Add depends on MFD core - net: fix data-races around sk->sk_forward_alloc {CVE-2024-53124} - scsi: sg: Fix slab-use-after-free read in sg_release() {CVE-2024-56631} - ipv6: avoid possible NULL deref in rt6_uncached_list_flush_dev() - irqchip/gic-v3: Handle CPU_PM_ENTER_FAILED correctly - fs/proc: fix softlockup in __read_vmcore (part 2) {CVE-2025-21694} - net: ethernet: xgbe: re-add aneg to supported features in PHY quirks - nvmet: propagate npwg topology - poll_wait: add mb() to fix theoretical race between waitqueue_active() and .poll() - kheaders: Ignore silly-rename files - hfs: Sanity check the root record - mac802154: check local interfaces before deleting sdata list {CVE-2024-57948} - i2c: mux: demux-pinctrl: check initial mux selection, too - drm/v3d: Ensure job pointer is set to NULL after job completion {CVE-2025-21697} - nfp: bpf: prevent integer overflow in nfp_bpf_event_output() - gtp: Destroy device along with udp socket's netns dismantle. {CVE-2025-21678} - gtp: Use for_each_netdev_rcu() in gtp_genl_dump_pdp(). - gtp: use exit_batch_rtnl() method - net: add exit_batch_rtnl() method - net: net_namespace: Optimize the code - net: ethernet: ti: cpsw_ale: Fix cpsw_ale_get_field() - sctp: sysctl: rto_min/max: avoid using current->nsproxy - ocfs2: fix slab-use-after-free due to dangling pointer dqi_priv {CVE-2024-57892} - ocfs2: correct return value of ocfs2_local_free_info() - phy: core: Fix that API devm_of_phy_provider_unregister() fails to unregister the phy provider - phy: core: fix code style in devm_of_phy_provider_unregister - arm64: dts: rockchip: add hevc power domain clock to rk3328 - arm64: dts: rockchip: add #power-domain-cells to power domain nodes - arm64: dts: rockchip: fix pd_tcpc0 and pd_tcpc1 node position on rk3399 - arm64: dts: rockchip: fix defines in pd_vio node for rk3399 - iio: inkern: call iio_device_put() only on mapped devices - iio: adc: at91: call input_free_device() on allocated iio_dev {CVE-2024-57904} - iio: adc: ti-ads124s08: Use gpiod_set_value_cansleep() - iio: gyro: fxas21002c: Fix missing data update in trigger handler - iio: adc: ti-ads8688: fix information leak in triggered buffer {CVE-2024-57906} - iio: imu: kmx61: fix information leak in triggered buffer {CVE-2024-57908} - iio: light: vcnl4035: fix information leak in triggered buffer {CVE-2024-57910} - iio: dummy: iio_simply_dummy_buffer: fix information leak in triggered buffer - iio: pressure: zpa2326: fix information leak in triggered buffer {CVE-2024-57912} - usb: gadget: f_fs: Remove WARN_ON in functionfs_bind {CVE-2024-57913} - usb: fix reference leak in usb_new_device() - USB: core: Disable LPM only for non-suspended ports - USB: usblp: return error when setting unsupported protocol - usb: gadget: u_serial: Disable ep before setting port to null to fix the crash caused by port being null - USB: serial: cp210x: add Phoenix Contact UPS Device - usb-storage: Add max sectors quirk for Nokia 208 - staging: iio: ad9832: Correct phase range check - staging: iio: ad9834: Correct phase range check - USB: serial: option: add Neoway N723-EA support - USB: serial: option: add MeiG Smart SRM815 - drm/amd/display: increase MAX_SURFACES to the value supported by hw - ACPI: resource: Add Asus Vivobook X1504VAP to irq1_level_low_skip_override[] - ACPI: resource: Add TongFang GM5HG0A to irq1_edge_low_force_override[] - drm/amd/display: Add check for granularity in dml ceil/floor helpers {CVE-2024-57922} - sctp: sysctl: auth_enable: avoid using current->nsproxy - sctp: sysctl: cookie_hmac_alg: avoid using current->nsproxy {CVE-2025-21640} - dm thin: make get_first_thin use rcu-safe list first function {CVE-2025-21664} - tls: Fix tls_sw_sendmsg error handling - net_sched: cls_flow: validate TCA_FLOW_RSHIFT attribute {CVE-2025-21653} - tcp/dccp: allow a connection when sk_max_ack_backlog is zero - tcp/dccp: complete lockless accesses to sk->sk_max_ack_backlog - net: 802: LLC+SNAP OID:PID lookup on start of skb data - ieee802154: ca8210: Add missing check for kfifo_alloc() in ca8210_probe() - dm array: fix cursor index when skipping across block boundaries - dm array: fix unreleased btree blocks on closing a faulty array cursor - dm array: fix releasing a faulty array block twice in dm_array_cursor_end {CVE-2024-57929} - jbd2: flush filesystem device before updating tail sequence - Revert "NFSD: Limit the number of concurrent async COPY operations" - rds: ib: Avoid sleeping function inside RCU region by using sampled values instead - dm rq: don't queue request to blk-mq during DM suspend {CVE-2021-47498} - dm: rearrange core declarations for extended use from dm-zone.c - cgroup: Make operations on the cgroup root_list RCU safe - uek: kabi: Fix build error for HIDE_INCLUDE macro - oracleasm: Fix PI when use_logical_block_size is set - oracleasm: Add support for per-I/O block size selection - perf/x86/intel/uncore: Fix NULL pointer dereference issue in upi_fill_topology() - io_uring: fix possible deadlock in io_register_iowq_max_workers() - io_uring/rw: fix missing NOWAIT check for O_DIRECT start write {CVE-2024-53052} - io_uring: use kiocb_{start,end}_write() helpers - fs: create kiocb_{start,end}_write() helpers - io_uring: rename kiocb_end_write() local helper - io_uring/sqpoll: close race on waiting for sqring entries - io_uring/sqpoll: do not put cpumask on stack - io_uring/sqpoll: retain test for whether the CPU is valid - io_uring/sqpoll: do not allow pinning outside of cpuset - io_uring/io-wq: limit retrying worker initialisation - vfs: check dentry is still valid in get_link() - RDS: avoid queueing delayed work on an offlined cpu - NFSD: Limit the number of concurrent async COPY operations {CVE-2024-49974} - LTS tag: v5.4.289 - mm: vmscan: account for free pages to prevent infinite Loop in throttle_direct_reclaim() - drm: adv7511: Drop dsi single lane support - net/sctp: Prevent autoclose integer overflow in sctp_association_init() - sky2: Add device ID 11ab:4373 for Marvell 88E8075 - pinctrl: mcp23s08: Fix sleeping in atomic context due to regmap locking {CVE-2024-57889} - RDMA/uverbs: Prevent integer overflow issue {CVE-2024-57890} - modpost: fix the missed iteration for the max bit in do_input() - modpost: fix input MODULE_DEVICE_TABLE() built for 64-bit on 32-bit host - ARC: build: Try to guess GCC variant of cross compiler - irqchip/gic: Correct declaration of *percpu_base pointer in union gic_base - net: usb: qmi_wwan: add Telit FE910C04 compositions - bpf: fix potential error return - sound: usb: format: don't warn that raw DSD is unsupported - wifi: mac80211: wake the queues in case of failure in resume - ila: serialize calls to nf_register_net_hooks() {CVE-2024-57900} - ALSA: usb-audio: US16x08: Initialize array before use - net: llc: reset skb->transport_header - netfilter: nft_set_hash: unaligned atomic read on struct nft_set_ext {CVE-2024-54031} - netfilter: Replace zero-length array with flexible-array member - netrom: check buffer length before accessing it {CVE-2024-57802} - drm/bridge: adv7511_audio: Update Audio InfoFrame properly - drm: bridge: adv7511: Enable SPDIF DAI - RDMA/bnxt_re: Fix max_qp_wrs reported - RDMA/bnxt_re: Fix reporting hw_ver in query_device - RDMA/bnxt_re: Add check for path mtu in modify_qp - RDMA/mlx5: Enforce same type port association for multiport RoCE - net/mlx5: Make API mlx5_core_is_ecpf accept const pointer - IB/mlx5: Introduce and use mlx5_core_is_vf() - Drivers: hv: util: Avoid accessing a ringbuffer not initialized yet {CVE-2024-55916} - selinux: ignore unknown extended permissions {CVE-2024-57931} - ipv6: prevent possible UAF in ip6_xmit() {CVE-2024-44985} - skb_expand_head() adjust skb->truesize incorrectly - btrfs: avoid monopolizing a core when activating a swap file - tracing: Constify string literal data member in struct trace_event_call - bpf: fix recursive lock when verdict program return SK_PASS {CVE-2024-56694} - ipv6: fix possible UAF in ip6_finish_output2() - ipv6: use skb_expand_head in ip6_xmit - ipv6: use skb_expand_head in ip6_finish_output2 - skbuff: introduce skb_expand_head() - MIPS: Probe toolchain support of -msym32 - epoll: Add synchronous wakeup support for ep_poll_callback - virtio-blk: don't keep queue frozen during system suspend {CVE-2024-57946} - scsi: mpt3sas: Diag-Reset when Doorbell-In-Use bit is set during driver load time - platform/x86: asus-nb-wmi: Ignore unknown event 0xCF - regmap: Use correct format specifier for logging range errors - scsi: megaraid_sas: Fix for a potential deadlock {CVE-2024-57807} - scsi: qla1280: Fix hw revision numbering for ISP1020/1040 - tracing/kprobe: Make trace_kprobe's module callback called after jump_label update - dmaengine: at_xdmac: avoid null_prt_deref in at_xdmac_prep_dma_memset - dmaengine: mv_xor: fix child node refcount handling in early exit - phy: core: Fix that API devm_phy_destroy() fails to destroy the phy - phy: core: Fix that API devm_phy_put() fails to release the phy - phy: core: Fix an OF node refcount leakage in of_phy_provider_lookup() - phy: core: Fix an OF node refcount leakage in _of_phy_get() - mtd: diskonchip: Cast an operand to prevent potential overflow - bpf: Check negative offsets in __bpf_skb_min_len() - media: dvb-frontends: dib3000mb: fix uninit-value in dib3000_write_reg {CVE-2024-56769} - of: Fix refcount leakage for OF node returned by __of_get_dma_parent() - of: Fix error path in of_parse_phandle_with_args_map() - udmabuf: also check for F_SEAL_FUTURE_WRITE - nilfs2: prevent use of deleted inode {CVE-2024-53690} - NFS/pnfs: Fix a live lock between recalled layouts and layoutget - btrfs: tree-checker: reject inline extent items with 0 ref count - zram: refuse to use zero sized block device as backing device - sh: clk: Fix clk_enable() to return 0 on NULL clk - USB: serial: option: add Telit FE910C04 rmnet compositions - USB: serial: option: add MediaTek T7XX compositions - USB: serial: option: add Netprisma LCUK54 modules for WWAN Ready - USB: serial: option: add MeiG Smart SLM770A - USB: serial: option: add TCL IK512 MBIM & ECM - efivarfs: Fix error on non-existent file - i2c: riic: Always round-up when calculating bus period - chelsio/chtls: prevent potential integer overflow on 32bit - mmc: sdhci-tegra: Remove SDHCI_QUIRK_BROKEN_ADMA_ZEROLEN_DESC quirk - netfilter: ipset: Fix for recursive locking warning - net: ethernet: bgmac-platform: fix an OF node reference leak - net: hinic: Fix cleanup in create_rxqs/txqs() - ionic: use ee->offset when returning sprom data - net/smc: check sndbuf_space again after NOSPACE flag is set in smc_poll - erofs: fix incorrect symlink detection in fast symlink - erofs: fix order >= MAX_ORDER warning due to crafted negative i_size - drm/i915: Fix memory leak by correcting cache object name in error handler - PCI: Add ACS quirk for Broadcom BCM5760X NIC - ALSA: usb: Fix UBSAN warning in parse_audio_unit() - PCI/AER: Disable AER service on suspend - usb: dwc2: gadget: Don't write invalid mapped sg entries into dma_desc with iommu enabled - net: sched: fix ordering of qlen adjustment {CVE-2024-53164} - kpcimgr: fix flush_icache_range arguments - ftrace: use preempt_enable/disable notrace macros to avoid double fault - nfsd: restore callback functionality for NFSv4.0 - i2c: pnx: Fix timeout in wait functions - of/irq: Fix using uninitialized variable @addr_len in API of_irq_parse_one() - af_packet: fix vlan_get_tci() vs MSG_PEEK {CVE-2024-57902} - af_packet: fix vlan_get_protocol_dgram() vs MSG_PEEK {CVE-2024-57901} - mtd: rawnand: fix double free in atmel_pmecc_create_user() - Revert "xen/swiotlb: add alignment check for dma buffers" - vfio/iommu_type1: Fix some sanity checks in detach group - Revert "vfio/iommu_type1: Fix some sanity checks in detach group" - rds: ib: Avoid UAF on RDS Socket's rs_trans_lock - rds: ib: Fix blocked processes related to race in rds_rdma_free_dev_rs_worker() - rds: ib: Fix deterministic UAF in rds_rdma_free_dev_rs_worker() - Revert "KVM: SVM: Add a module parameter to override iommu AVIC usage" - LTS tag: v5.4.288 - ALSA: usb-audio: Fix a DMA to stack memory bug - xen/netfront: fix crash when removing device {CVE-2024-53240} - KVM: arm64: Ignore PMCNTENSET_EL0 while checking for overflow status - blk-iocost: Avoid using clamp() on inuse in __propagate_weights() - blk-iocost: fix weight updates of inner active iocgs - blk-iocost: clamp inuse and skip noops in __propagate_weights() - ACPICA: events/evxfregn: don't release the ContextMutex that was never acquired - net/sched: netem: account for backlog updates from child qdisc {CVE-2024-56770} - qca_spi: Make driver probing reliable - qca_spi: Fix clock speed for multiple QCA7000 - ACPI: resource: Fix memory resource type union access - net: lapb: increase LAPB_HEADER_LEN {CVE-2024-56659} - tipc: fix NULL deref in cleanup_bearer() {CVE-2024-56661} - batman-adv: Do not let TT changes list grows indefinitely - batman-adv: Remove uninitialized data in full table TT response - batman-adv: Do not send uninitialized TT changes - bpf, sockmap: Fix update element with same - xfs: don't drop errno values when we fail to ficlone the entire range - usb: gadget: u_serial: Fix the issue that gs_start_io crashed due to accessing null pointer - usb: ehci-hcd: fix call balance of clocks handling routines - usb: dwc2: hcd: Fix GetPortStatus & SetPortFeature - ata: sata_highbank: fix OF node reference leak in highbank_initialize_phys() - usb: host: max3421-hcd: Correctly abort a USB request. - LTS tag: v5.4.287 - bpf, xdp: Update devmap comments to reflect napi/rcu usage - ALSA: usb-audio: Fix out of bounds reads when finding clock sources {CVE-2024-53150} - PCI: rockchip-ep: Fix address translation unit programming - Revert "drm/amdgpu: add missing size check in amdgpu_debugfs_gprwave_read()" - modpost: Add .irqentry.text to OTHER_SECTIONS - jffs2: Fix rtime decompressor - jffs2: Prevent rtime decompress memory corruption {CVE-2024-57850} - KVM: arm64: vgic-its: Clear ITE when DISCARD frees an ITE - KVM: arm64: vgic-its: Clear DTE when MAPD unmaps a device - KVM: arm64: vgic-its: Add a data length check in vgic_its_save_* - perf/x86/intel/pt: Fix buffer full but size is 0 case - bpf: fix OOB devmap writes when deleting elements {CVE-2024-56615} - xdp: Simplify devmap cleanup - misc: eeprom: eeprom_93cx6: Add quirk for extra read clock cycle - powerpc/prom_init: Fixup missing powermac #size-cells {CVE-2024-56781} - usb: chipidea: udc: handle USB Error Interrupt if IOC not set - i3c: Use i3cdev->desc->info instead of calling i3c_device_get_info() to avoid deadlock - PCI: Add ACS quirk for Wangxun FF5xxx NICs - PCI: Add 'reset_subordinate' to reset hierarchy below bridge - f2fs: fix f2fs_bug_on when uninstalling filesystem call f2fs_evict_inode. {CVE-2024-56586} - nvdimm: rectify the illogical code within nd_dax_probe() - pinctrl: qcom-pmic-gpio: add support for PM8937 - scsi: st: Add MTIOCGET and MTLOAD to ioctls allowed after device reset - scsi: st: Don't modify unknown block number in MTIOCGET - leds: class: Protect brightness_show() with led_cdev->led_access mutex - tracing: Use atomic64_inc_return() in trace_clock_counter() - netpoll: Use rcu_access_pointer() in __netpoll_setup - net/neighbor: clear error in case strict check is not set - rocker: fix link status detection in rocker_carrier_init() - ASoC: hdmi-codec: reorder channel allocation list - Bluetooth: btusb: Add RTL8852BE device 0489:e123 to device tables - wifi: brcmfmac: Fix oops due to NULL pointer dereference in brcmf_sdiod_sglist_rw() - wifi: ipw2x00: libipw_rx_any(): fix bad alignment - drm/amdgpu: set the right AMDGPU sg segment limitation {CVE-2024-56594} - jfs: add a check to prevent array-index-out-of-bounds in dbAdjTree {CVE-2024-56595} - jfs: fix array-index-out-of-bounds in jfs_readdir {CVE-2024-56596} - jfs: fix shift-out-of-bounds in dbSplit {CVE-2024-56597} - jfs: array-index-out-of-bounds fix in dtReadFirst {CVE-2024-56598} - wifi: ath5k: add PCI ID for Arcadyan devices - wifi: ath5k: add PCI ID for SX76X - net: inet6: do not leave a dangling sk pointer in inet6_create() {CVE-2024-40954} - net: inet: do not leave a dangling sk pointer in inet_create() {CVE-2024-40954} - net: ieee802154: do not leave a dangling sk pointer in ieee802154_create() {CVE-2024-40954} - net: af_can: do not leave a dangling sk pointer in can_create() {CVE-2024-40954} - Bluetooth: L2CAP: do not leave dangling sk pointer on error in l2cap_sock_create() - af_packet: avoid erroring out after sock_init_data() in packet_create() {CVE-2024-40954} - net/sched: cbs: Fix integer overflow in cbs_set_port_rate() - net: ethernet: fs_enet: Use %pa to format resource_size_t - net: fec_mpc52xx_phy: Use %pa to format resource_size_t - samples/bpf: Fix a resource leak - drm/radeon/r600_cs: Fix possible int overflow in r600_packet3_check() - drm/mcde: Enable module autoloading - drm: panel-orientation-quirks: Add quirk for AYA NEO 2 model - media: cx231xx: Add support for Dexatek USB Video Grabber 1d19:6108 - media: uvcvideo: Add a quirk for the Kaiweets KTI-W02 infrared camera - s390/cpum_sf: Handle CPU hotplug remove during sampling {CVE-2024-57849} - mmc: core: Further prevent card detect during shutdown - regmap: detach regmap from dev on regmap_exit - dma-buf: fix dma_fence_array_signaled v4 - bcache: revert replacing IS_ERR_OR_NULL with IS_ERR again {CVE-2024-48881} - nilfs2: fix potential out-of-bounds memory access in nilfs_find_entry() {CVE-2024-56619} - scsi: qla2xxx: Remove check req_sg_cnt should be equal to rsp_sg_cnt - scsi: qla2xxx: Supported speed displayed incorrectly for VPorts - scsi: qla2xxx: Fix NVMe and NPIV connect issue - ocfs2: update seq_file index in ocfs2_dlm_seq_next - tracing: Fix cmp_entries_dup() to respect sort() comparison rules - HID: wacom: fix when get product name maybe null pointer {CVE-2024-56629} - bpf: Fix exact match conditions in trie_get_next_key() - bpf: Handle BPF_EXIST and BPF_NOEXIST for LPM trie - ocfs2: free inode when ocfs2_get_init_inode() fails {CVE-2024-56630} - spi: mpc52xx: Add cancel_work_sync before module remove {CVE-2024-50051} - tcp_bpf: Fix the sk_mem_uncharge logic in tcp_bpf_sendmsg {CVE-2024-56633} - drm/sti: Add __iomem for mixer_dbg_mxn's parameter - gpio: grgpio: Add NULL check in grgpio_probe {CVE-2024-56634} - gpio: grgpio: use a helper variable to store the address of ofdev->dev - crypto: x86/aegis128 - access 32-bit arguments as 32-bit - x86/asm: Reorder early variables - xen: Fix the issue of resource not being properly released in xenbus_dev_probe() - xen/xenbus: fix locking - xenbus/backend: Protect xenbus callback with lock - xenbus/backend: Add memory pressure handler callback - xen/xenbus: reference count registered modules - netfilter: nft_set_hash: skip duplicated elements pending gc run - netfilter: ipset: Hold module reference while requesting a module {CVE-2024-56637} - igb: Fix potential invalid memory access in igb_init_module() {CVE-2024-52332} - net/qed: allow old cards not supporting "num_images" to work - tipc: Fix use-after-free of kernel socket in cleanup_bearer(). {CVE-2024-56642} - tipc: add new AEAD key structure for user API - tipc: enable creating a "preliminary" node - tipc: add reference counter to bearer - dccp: Fix memory leak in dccp_feat_change_recv {CVE-2024-56643} - can: j1939: j1939_session_new(): fix skb reference counting {CVE-2024-56645} - net/sched: tbf: correct backlog statistic for GSO packets - netfilter: x_tables: fix LED ID check in led_tg_check() {CVE-2024-56650} - ipvs: fix UB due to uninitialized stack access in ip_vs_protocol_init() {CVE-2024-53680} - can: sun4i_can: sun4i_can_err(): fix {rx,tx}_errors statistics - can: sun4i_can: sun4i_can_err(): call can_change_state() even if cf is NULL - watchdog: mediatek: Make sure system reset gets asserted in mtk_wdt_restart() - iTCO_wdt: mask NMI_NOW bit for update_no_reboot_bit() call - drm/etnaviv: flush shader L1 cache after user commandstream - nfsd: fix nfs4_openowner leak when concurrent nfsd4_open occur {CVE-2024-56779} - nfsd: make sure exp active before svc_export_show {CVE-2024-56558} - dm thin: Add missing destroy_work_on_stack() - i3c: master: Fix miss free init_dyn_addr at i3c_master_put_i3c_addrs() - util_macros.h: fix/rework find_closest() macros - ad7780: fix division by zero in ad7780_write_raw() {CVE-2024-56567} - clk: qcom: gcc-qcs404: fix initial rate of GPLL3 - ftrace: Fix regression with module command in stack_trace_filter {CVE-2024-56569} - ovl: Filter invalid inodes with missing lookup function {CVE-2024-56570} - media: platform: allegro-dvt: Fix possible memory leak in allocate_buffers_internal() - media: gspca: ov534-ov772x: Fix off-by-one error in set_frame_rate() - media: venus: Fix pm_runtime_set_suspended() with runtime pm enabled - media: ts2020: fix null-ptr-deref in ts2020_probe() {CVE-2024-56574} - media: i2c: tc358743: Fix crash in the probe error path when using polling - btrfs: ref-verify: fix use-after-free after invalid ref action {CVE-2024-56581} - quota: flush quota_release_work upon quota writeback {CVE-2024-56780} - ASoC: fsl_micfil: fix the naming style for mask definition - sh: intc: Fix use-after-free bug in register_intc_controller() - sunrpc: clear XPRT_SOCK_UPD_TIMEOUT when reset transport {CVE-2024-56688} - SUNRPC: Replace internal use of SOCKWQ_ASYNC_NOSPACE - SUNRPC: correct error code comment in xs_tcp_setup_socket() - modpost: remove incorrect code in do_eisa_entry() - rtc: ab-eoz9: don't fail temperature reads on undervoltage notification - 9p/xen: fix release of IRQ {CVE-2024-56704} - 9p/xen: fix init sequence - block: return unsigned int from bdev_io_min - jffs2: fix use of uninitialized variable - ubifs: authentication: Fix use-after-free in ubifs_tnc_end_commit - ubi: fastmap: Fix duplicate slab cache names while attaching {CVE-2024-53172} - ubifs: Correct the total block count by deducting journal reservation - rtc: check if __rtc_read_time was successful in rtc_timer_do_work() {CVE-2024-56739} - rtc: abx80x: Fix WDT bit position of the status register - rtc: st-lpc: Use IRQF_NO_AUTOEN flag in request_irq() - NFSv4.0: Fix a use-after-free problem in the asynchronous open() - um: Always dump trace for specified task in show_stack - um: Clean up stacktrace dump - um: add show_stack_loglvl() - um/sysrq: remove needless variable sp - um: Fix the return value of elf_core_copy_task_fpregs - um: Fix potential integer overflow during physmem setup {CVE-2024-53145} - rpmsg: glink: Propagate TX failures in intentless mode as well - SUNRPC: make sure cache entry active before cache_show {CVE-2024-53174} - NFSD: Prevent a potential integer overflow {CVE-2024-53146} - lib: string_helpers: silence snprintf() output truncation warning - usb: dwc3: gadget: Fix checking for number of TRBs left - ALSA: hda/realtek: Apply quirk for Medion E15433 - ALSA: hda/realtek: Fix Internal Speaker and Mic boost of Infinix Y4 Max - ALSA: hda/realtek: Set PCBeep to default value for ALC274 - ALSA: hda/realtek: Update ALC225 depop procedure - media: wl128x: Fix atomicity violation in fmc_send_cmd() {CVE-2024-56700} - HID: wacom: Interpret tilt data from Intuos Pro BT as signed values - block: fix ordering between checking BLK_MQ_S_STOPPED request adding - arm64: tls: Fix context-switching of tpidrro_el0 when kpti is enabled - sh: cpuinfo: Fix a warning for CONFIG_CPUMASK_OFFSTACK - um: vector: Do not use drvdata in release {CVE-2024-53181} - serial: 8250: omap: Move pm_runtime_get_sync - um: net: Do not use drvdata in release {CVE-2024-53183} - um: ubd: Do not use drvdata in release {CVE-2024-53184} - ubi: wl: Put source PEB into correct list if trying locking LEB failed - spi: Fix acpi deferred irq probe - netfilter: ipset: add missing range check in bitmap_ip_uadt {CVE-2024-53141} - Revert "serial: sh-sci: Clean sci_ports[0] after at earlycon exit" - serial: sh-sci: Clean sci_ports[0] after at earlycon exit - Bluetooth: Fix type of len in rfcomm_sock_getsockopt{,_old}() - tty: ldsic: fix tty_ldisc_autoload sysctl's proc_handler - comedi: Flush partial mappings in error case {CVE-2024-53148} - PCI: Fix use-after-free of slot->bus on hot remove {CVE-2024-53194} - ASoC: codecs: Fix atomicity violation in snd_soc_component_get_drvdata() - jfs: xattr: check invalid xattr size more strictly - ext4: fix FS_IOC_GETFSMAP handling - ext4: supress data-race warnings in ext4_free_inodes_{count,set}() - ALSA: usb-audio: Fix potential out-of-bound accesses for Extigy and Mbox devices - soc: qcom: socinfo: fix revision check in qcom_socinfo_probe() - usb: ehci-spear: fix call balance of sehci clk handling routines - apparmor: fix 'Do simple duplicate message elimination' - staging: greybus: uart: clean up TIOCGSERIAL - misc: apds990x: Fix missing pm_runtime_disable() - USB: chaoskey: Fix possible deadlock chaoskey_list_lock - USB: chaoskey: fail open after removal - usb: yurex: make waiting on yurex_write interruptible - usb: using mutex lock and supporting O_NONBLOCK flag in iowarrior_read() - ipmr: fix tables suspicious RCU usage - ipmr: convert /proc handlers to rcu_read_lock() - net: stmmac: dwmac-socfpga: Set RX watchdog interrupt as broken - marvell: pxa168_eth: fix call balance of pep->clk handling routines - net: usb: lan78xx: Fix refcounting and autosuspend on invalid WoL configuration - tg3: Set coherent DMA mask bits to 31 for BCM57766 chipsets - net: usb: lan78xx: Fix memory leak on device unplug by freeing PHY device - power: supply: core: Remove might_sleep() from power_supply_put() - vfio/pci: Properly hide first-in-list PCIe extended capability {CVE-2024-53214} - NFSD: Fix nfsd4_shutdown_copy() - NFSD: Cap the number of bytes copied by nfs4_reset_recoverydir() - NFSD: Prevent NULL dereference in nfsd4_process_cb_update() - rpmsg: glink: use only lower 16-bits of param2 for CMD_OPEN name length - rpmsg: glink: Fix GLINK command prefix - rpmsg: glink: Send READ_NOTIFY command in FIFO full case - rpmsg: glink: Add TX_DATA_CONT command while sending - perf trace: Avoid garbage when not printing a syscall's arguments - perf trace: Do not lose last events in a race - m68k: coldfire/device.c: only build FEC when HW macros are defined - m68k: mcfgpio: Fix incorrect register offset for CONFIG_M5441x - PCI: cpqphp: Fix PCIBIOS_* return value confusion - PCI: cpqphp: Use PCI_POSSIBLE_ERROR() to check config reads - perf probe: Correct demangled symbols in C++ program - perf cs-etm: Don't flush when packet_queue fills up - clk: clk-axi-clkgen: make sure to enable the AXI bus clock - clk: axi-clkgen: use devm_platform_ioremap_resource() short-hand - dt-bindings: clock: axi-clkgen: include AXI clk - dt-bindings: clock: adi,axi-clkgen: convert old binding to yaml format - fbdev: sh7760fb: Fix a possible memory leak in sh7760fb_alloc_mem() - fbdev/sh7760fb: Alloc DMA memory from hardware device - powerpc/sstep: make emulate_vsx_load and emulate_vsx_store static - ocfs2: fix uninitialized value in ocfs2_file_read_iter() - scsi: qedi: Fix a possible memory leak in qedi_alloc_and_init_sb() - scsi: qedf: Fix a possible memory leak in qedf_alloc_and_init_sb() - scsi: fusion: Remove unused variable 'rc' - scsi: bfa: Fix use-after-free in bfad_im_module_exit() - mfd: rt5033: Fix missing regmap_del_irq_chip() - mtd: rawnand: atmel: Fix possible memory leak - cpufreq: loongson2: Unregister platform_driver on failure - mfd: intel_soc_pmic_bxtwc: Use IRQ domain for PMIC devices {CVE-2024-56723} - mfd: intel_soc_pmic_bxtwc: Use IRQ domain for TMU device {CVE-2024-56724} - mfd: intel_soc_pmic_bxtwc: Use IRQ domain for USB Type-C device {CVE-2024-56691} - mfd: intel_soc_pmic_bxtwc: Use dev_err_probe() - mfd: da9052-spi: Change read-mask to write-mask - mfd: tps65010: Use IRQF_NO_AUTOEN flag in request_irq() to fix race - trace/trace_event_perf: remove duplicate samples on the first tracepoint event - netpoll: Use rcu_access_pointer() in netpoll_poll_lock - ALSA: 6fire: Release resources at card release {CVE-2024-53239} - ALSA: caiaq: Use snd_card_free_when_closed() at disconnection {CVE-2024-56531} - ALSA: us122l: Use snd_card_free_when_closed() at disconnection {CVE-2024-56532} - net: rfkill: gpio: Add check for clk_enable() - selftests: net: really check for bg process completion - bpf, sockmap: Fix sk_msg_reset_curr - bpf, sockmap: Several fixes to bpf_msg_pop_data {CVE-2024-56720} - bpf, sockmap: Several fixes to bpf_msg_push_data - drm/etnaviv: hold GPU lock across perfmon sampling - drm/etnaviv: fix power register offset on GC300 - drm/etnaviv: dump: fix sparse warnings - drm/msm/adreno: Use IRQF_NO_AUTOEN flag in request_irq() - drm/panfrost: Remove unused id_mask from struct panfrost_model - wifi: mwifiex: Fix memcpy() field-spanning write warning in mwifiex_config_scan() - bpf: Fix the xdp_adjust_tail sample prog issue - ASoC: fsl_micfil: fix regmap_write_bits usage - ASoC: fsl_micfil: use GENMASK to define register bit fields - ASoC: fsl_micfil: do not define SHIFT/MASK for single bits - ASoC: fsl_micfil: Drop unnecessary register read - dt-bindings: vendor-prefixes: Add NeoFidelity, Inc - drm/imx/ipuv3: Use IRQF_NO_AUTOEN flag in request_irq() - wifi: mwifiex: Use IRQF_NO_AUTOEN flag in request_irq() - wifi: p54: Use IRQF_NO_AUTOEN flag in request_irq() - drm/omap: Fix locking in omap_gem_new_dmabuf() - wifi: ath9k: add range check for conn_rsp_epid in htc_connect_service() {CVE-2024-53156} - drm/mm: Mark drm_mm_interval_tree*() functions with __maybe_unused - firmware: arm_scpi: Check the DVFS OPP count returned by the firmware {CVE-2024-53157} - regmap: irq: Set lockdep class for hierarchical IRQ domains - ARM: dts: cubieboard4: Fix DCDC5 regulator constraints - tpm: fix signed/unsigned bug when checking event logs - efi/tpm: Pass correct address to memblock_reserve - mmc: mmc_spi: drop buggy snprintf() - soc: qcom: geni-se: fix array underflow in geni_se_clk_tbl_get() - soc: ti: smartreflex: Use IRQF_NO_AUTOEN flag in request_irq() - time: Fix references to _msecs_to_jiffies() handling of values - crypto: cavium - Fix an error handling path in cpt_ucode_load_fw() - crypto: bcm - add error check in the ahash_hmac_init function {CVE-2024-56681} - crypto: cavium - Fix the if condition to exit loop after timeout - crypto: pcrypt - Call crypto layer directly when padata_do_parallel() return -EBUSY - EDAC/fsl_ddr: Fix bad bit shift operations - EDAC/bluefield: Fix potential integer overflow {CVE-2024-53161} - firmware: google: Unregister driver_info on failure - firmware: google: Unregister driver_info on failure and exit in gsmi - hfsplus: don't query the device logical block size multiple times {CVE-2024-56548} - s390/syscalls: Avoid creation of arch/arch/ directory - acpi/arm64: Adjust error handling procedure in gtdt_parse_timer_block() - m68k: mvme147: Reinstate early console - m68k: mvme16x: Add and use "mvme16x.h" - m68k: mvme147: Fix SCSI controller IRQ numbers - nvme-pci: fix freeing of the HMB descriptor table {CVE-2024-56756} - initramfs: avoid filename buffer overrun {CVE-2024-53142} - mips: asm: fix warning when disabling MIPS_FP_SUPPORT - x86/xen/pvh: Annotate indirect branch as safe - nvme: fix metadata handling in nvme-passthrough - cifs: Fix buffer overflow when parsing NFS reparse points {CVE-2024-49996} - ipmr: Fix access to mfc_cache_list without lock held - proc/softirqs: replace seq_printf with seq_put_decimal_ull_width - ASoC: stm: Prevent potential division by zero in stm32_sai_get_clk_div() - ASoC: stm: Prevent potential division by zero in stm32_sai_mclk_round_rate() - regulator: rk808: Add apply_bit for BUCK3 on RK809 - soc: qcom: Add check devm_kasprintf() returned value - net: usb: qmi_wwan: add Quectel RG650V - x86/amd_nb: Fix compile-testing without CONFIG_AMD_NB - ALSA: hda/realtek: Add subwoofer quirk for Infinix ZERO BOOK 13 - selftests/watchdog-test: Fix system accidentally reset after watchdog-test - mac80211: fix user-power when emulating chanctx - ASoC: Intel: bytcr_rt5640: Add DMI quirk for Vexia Edu Atla 10 tablet - kbuild: Use uname for LINUX_COMPILE_HOST detection - media: dvbdev: fix the logic when DVB_DYNAMIC_MINORS is not set - nilfs2: fix null-ptr-deref in block_dirty_buffer tracepoint {CVE-2024-53130} - ocfs2: fix UBSAN warning in ocfs2_verify_volume() - nilfs2: fix null-ptr-deref in block_touch_buffer tracepoint {CVE-2024-53131} - KVM: VMX: Bury Intel PT virtualization (guest/host mode) behind CONFIG_BROKEN - ocfs2: uncache inode which has failed entering the group {CVE-2024-53112} - net/mlx5e: kTLS, Fix incorrect page refcounting {CVE-2024-53138} - net/mlx5: fs, lock FTE when checking if active {CVE-2024-53121} - netlink: terminate outstanding dump on socket close {CVE-2024-53140} - LTS tag: v5.4.286 - 9p: fix slab cache name creation for real - md/raid10: improve code of mrdev in raid10_sync_request - net: usb: qmi_wwan: add Fibocom FG132 0x0112 composition - fs: Fix uninitialized value issue in from_kuid and from_kgid {CVE-2024-53101} - powerpc/powernv: Free name on error in opal_event_init() - sound: Make CONFIG_SND depend on INDIRECT_IOMEM instead of UML - bpf: use kvzmalloc to allocate BPF verifier environment - HID: multitouch: Add quirk for HONOR MagicBook Art 14 touchpad - 9p: Avoid creating multiple slab caches with the same name - ALSA: usb-audio: Add endianness annotations - vsock/virtio: Initialization of the dangling pointer occurring in vsk->trans {CVE-2024-50264} - hv_sock: Initializing vsk->trans to NULL to prevent a dangling pointer {CVE-2024-53103} - ftrace: Fix possible use-after-free issue in ftrace_location() {CVE-2024-38588} - NFSD: Fix NFSv4's PUTPUBFH operation - ALSA: usb-audio: Add quirks for Dell WD19 dock - ALSA: usb-audio: Support jack detection on Dell dock - ocfs2: remove entry once instead of null-ptr-dereference in ocfs2_xa_remove() - irqchip/gic-v3: Force propagation of the active state with a read-back - USB: serial: option: add Quectel RG650V - USB: serial: option: add Fibocom FG132 0x0112 composition - USB: serial: qcserial: add support for Sierra Wireless EM86xx - USB: serial: io_edgeport: fix use after free in debug printk {CVE-2024-50267} - usb: musb: sunxi: Fix accessing an released usb phy {CVE-2024-50269} - fs/proc: fix compile warning about variable 'vmcore_mmap_ops' - media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format - net: bridge: xmit: make sure we have at least eth header len bytes {CVE-2024-38538} - spi: fix use-after-free of the add_lock mutex {CVE-2021-47195} - spi: Fix deadlock when adding SPI controllers on SPI buses {CVE-2021-47469} - mtd: rawnand: protect access to rawnand devices while in suspend - btrfs: reinitialize delayed ref list after deleting it from the list {CVE-2024-50273} - nfs: Fix KMSAN warning in decode_getfattr_attrs() {CVE-2024-53066} - dm-unstriped: cast an operand to sector_t to prevent potential uint32_t overflow - dm cache: fix potential out-of-bounds access on the first resume {CVE-2024-50278} - dm cache: optimize dirty bit checking with find_next_bit when resizing - dm cache: fix out-of-bounds access to the dirty bitset when resizing {CVE-2024-50279} - dm cache: correct the number of origin blocks to match the target length - drm/amdgpu: add missing size check in amdgpu_debugfs_gprwave_read() - pwm: imx-tpm: Use correct MODULO value for EPWM mode - media: v4l2-tpg: prevent the risk of a division by zero {CVE-2024-50287} - media: cx24116: prevent overflows on SNR calculus {CVE-2024-50290} - media: s5p-jpeg: prevent buffer overflows {CVE-2024-53061} - ALSA: firewire-lib: fix return value on fail in amdtp_tscm_init() - media: adv7604: prevent underflow condition when reporting colorspace - media: dvb_frontend: don't play tricks with underflow values - media: dvbdev: prevent the risk of out of memory access {CVE-2024-53063} - media: stb0899_algo: initialize cfr before using it - net: hns3: fix kernel crash when uninstalling driver {CVE-2024-50296} - can: c_can: fix {rx,tx}_errors statistics - sctp: properly validate chunk size in sctp_sf_ootb() {CVE-2024-50299} - net: enetc: set MAC address to the VF net_device - enetc: simplify the return expression of enetc_vf_set_mac_addr() - security/keys: fix slab-out-of-bounds in key_task_permission - HID: core: zero-initialize the report buffer {CVE-2024-50302} - ARM: dts: rockchip: Fix the realtek audio codec on rk3036-kylin - ARM: dts: rockchip: Fix the spi controller on rk3036 - ARM: dts: rockchip: drop grf reference from rk3036 hdmi - ARM: dts: rockchip: fix rk3036 acodec node - arm64: dts: rockchip: Remove #cooling-cells from fan on Theobroma lion - arm64: dts: rockchip: Fix bluetooth properties on Rock960 boards - arm64: dts: rockchip: Remove hdmi's 2nd interrupt on rk3328 - arm64: dts: rockchip: Fix rt5651 compatible value on rk3399-sapphire-excavator - rds/ib: avoid scq/rcq polling during rds connection shutdown - RDMA/mlx5: Send UAR page index as ioctl attribute - RDMA: Pass entire uverbs attr bundle to create cq function - IB/uverbs: Enable CQ ioctl commands by default - tracing/kprobes: Skip symbol counting logic for module symbols in create_local_trace_kprobe() - RDMA/bnxt_re: Check cqe flags to know imm_data vs inv_irkey - Revert "mmc: dw_mmc: Fix IDMAC operation with pages bigger than 4K" {CVE-2024-53127} - mm: revert "mm: shmem: fix data-race in shmem_getattr()" - net/ipv6: release expired exception dst cached in socket {CVE-2024-56644} - Revert "unicode: Don't special case ignorable code points" - powerpc/vdso: Flag VDSO64 entry points as functions - Revert "usb: gadget: composite: fix OS descriptors w_value logic" - rds: recv_payload_bad_checksum was not 0 after running rds-stress on UEK6 - rds: If RDS Checksums are enabled for RDMA RDS operations, the extension headers will overflow causing incorrect operation - rds: rds_message_alloc() needlessly zeroes m_used_sgs - rds: tracepoint in rds_receive_csum_err() prints pointless information - rds: rds_inc_init() should initialize the inc->i_conn_path field - rds: Race condition in adding RDS payload checksum extension header may result in RDS header corruption - md/raid10: fix task hung in raid10d - md/raid10: factor out code from wait_barrier() to stop_waiting_barrier() - md/raid10: avoid deadlock on recovery. - arm64/cpu_errata: Spectre-BHB mitigation for AMPERE1 expects a loop of 11 iterations. - net/rds: report pending-messages count in RDS_INQ response - net/rds: Introduce RDS-INQ feature to RDS protocol - net/rds: Supporting SIOCOUTQ to read pending sends - mm/memory-failure: pass the folio and the page to collect_procs() - KVM: x86: Stop compiling vmenter.S with OBJECT_FILES_NON_STANDARD - KVM: SVM: Create a stack frame in __svm_vcpu_run() for unwinding - objtool: Default ignore INT3 for unreachable - x86/spec_ctrl: AMD AutoIBRS cannot be dynamically enabled or disabled - x86/msr: Add functions to set/clear the bit of an MSR on all cpus

Release Info

Changelog

Update

Packages list

CVEs