CLSA-2025-1757963029
See a problem?- Import Source
- https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/oraclelinux7els/CLSA-2025-1757963029.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CLSA-2025-1757963029
- Upstream
- Published
- 2025-09-15T19:03:53Z
- Modified
- 2026-05-27T11:35:55.680785833Z
- Summary
- kernel-uek: Fix of 194 CVEs
- Details
-
- rds: tcp: block BH in TCP callbacks
- kexec: Improve & fix crashexcludemem_range() to handle overlapping ranges
- module: correctly exit modulekallsymsoneachsymbol when fn() != 0
- module: potential uninitialized return in modulekallsymsoneachsymbol()
- module: use RCU to synchronize find_module
- kallsyms: refactor {,module_}kallsymsoneach_symbol
- LTS tag: v5.4.295
- scsi: qedf: Use designated initializer for struct qedfcoecb_ops
- arm64/ptrace: Fix stack-out-of-bounds read in regsgetkernelstacknth() {CVE-2025-38320}
- perf: Fix sample vs do_exit() {CVE-2025-38424}
- s390/pci: Fix __pcilgmioinuser() inline assembly
- rtc: test: Fix invalid format specifier.
- jbd2: fix data-race and null-ptr-deref in jbd2journaldirty_metadata() {CVE-2025-38337}
- mm/huge_memory: fix dereferencing invalid pmd migration entry {CVE-2025-37958}
- rtc: Make rtctime64to_tm() support dates before 1970
- rtc: Improve performance of rtctime64to_tm(). Add tests.
- xprtrdma: fix pointer derefs in error cases of rpcrdmaepcreate {CVE-2022-48773}
- posix-cpu-timers: fix race between handleposixcputimers() and posixcputimerdel() {CVE-2025-38352}
- ARM: dts: am335x-bone-common: Increase MDIO reset deassert delay to 50ms
- ARM: dts: am335x-bone-common: Increase MDIO reset deassert time
- ARM: dts: am335x-bone-common: Add GPIO PHY reset on revision C3 board
- net: atm: fix /proc/net/atm/lec handling {CVE-2025-38180}
- net: atm: add lec_mutex {CVE-2025-38323}
- calipso: Fix null-ptr-deref in calipsoreq{set,del}attr(). {CVE-2025-38181}
- tipc: fix null-ptr-deref when acquiring remote ip of ethernet bearer {CVE-2025-38184}
- tcp: fix tcppacketdelayed() for tcpisnonsackpreventing_reopen() behavior
- atm: atmtcp: Free invalid length skb in atmtcpcsend(). {CVE-2025-38185}
- mpls: Use rcudereferencertnl() in mplsrouteinput_rcu(). {CVE-2025-38324}
- wifi: carl9170: do not ping device which has failed to load firmware {CVE-2025-38420}
- aoe: clean device rqlist in aoedevdowndev() {CVE-2025-38326}
- hwmon: (occ) fix unaligned accesses
- drm/nouveau/bl: increase buffer size to avoid truncate warning
- erofs: remove unused trace event erofsdestroyinode
- ALSA: hda/realtek: enable headset mic on Latitude 5420 Rugged
- ALSA: hda/intel: Add Thinkpad E15 to PM deny list
- Input: sparcspkr - avoid unannotated fall-through
- HID: usbhid: Eliminate recurrent out-of-bounds bug in usbhid_parse() {CVE-2025-38103}
- atm: Revert atmaccounttx() if copyfromiter_full() fails. {CVE-2025-38190}
- selinux: fix selinuxxfrmallocuser() to set correct ctxlen
- scsi: s390: zfcp: Ensure synchronous unit_add
- scsi: storvsc: Increase the timeouts to storvsc_timeout
- jffs2: check jffs2preallocrawnoderefs() result in few other places {CVE-2025-38328}
- jffs2: check that raw node were preallocated before writing summary {CVE-2025-38194}
- drivers/rapidio/rio_cm.c: prevent possible heap overwrite {CVE-2025-38090}
- powerpc/eeh: Fix missing PE bridge reconfiguration during VFIO EEH recovery
- platform/x86: dell_rbu: Stop overwriting data buffer
- platform: Add Surface platform directory
- Revert "bus: ti-sysc: Probe for l4wkup and l4cfg interconnect devices first"
- tee: Prevent size calculation wraparound on 32-bit kernels
- ARM: OMAP2+: Fix l4ls clk domain handling in STANDBY
- bus: fsl-mc: increase MCCMDCOMPLETIONTIMEOUTMS value
- watchdog: da9052_wdt: respect TWDMIN
- i40e: fix MMIO write access to an invalid page in i40eclearhw {CVE-2025-38200}
- sock: Correct error checking condition for (assign|release)protoidx()
- scsi: lpfc: Use memcpy() for BIOS version {CVE-2025-38332}
- vxlan: Do not treat dst cache initialization errors as fatal
- clk: rockchip: rk3036: mark ddrphy as critical
- wifi: mac80211: do not offer a mesh path if forwarding is disabled
- net: mlx4: add SOFTIMESTAMPINGTX_SOFTWARE flag when getting ts info
- pinctrl: armada-37xx: propagate error from armada37xxgpio_get()
- pinctrl: armada-37xx: propagate error from armada37xxpmxgpioset_direction()
- pinctrl: armada-37xx: propagate error from armada37xxgpiogetdirection()
- pinctrl: armada-37xx: propagate error from armada37xxpmxsetby_name()
- ipv4/route: Use thiscpuinc() for stats on PREEMPT_RT
- tcp: fix initial tp->rcvq_space.space value for passive TS enabled flows
- tcp: always seek for minimal rtt in tcprcvrtt_update()
- net: dlink: add synchronization for stats update
- sctp: Do not wake readers in __sctpwritespace()
- emulex/benet: correct command version selection in becmdget_stats()
- i2c: designware: Invoke runtime suspend on quick slave re-registration
- net: macb: Check return value of dmasetmaskandcoherent()
- cpufreq: Force sync policy boost with global boost on sysfs update
- nios2: force updatemmucache on spurious tlb-permission--related pagefaults
- media: platform: exynos4-is: Add hardware sync wait to fimcishwchangemode() {CVE-2025-38237}
- media: tc358743: ignore video while HPD is low
- drm/amdkfd: Set SDMARLCxIBCNTL/SWITCHINSIDE_IB
- jfs: Fix null-ptr-deref in jfsioctrim {CVE-2025-38203}
- drm/amdgpu/gfx9: fix CSIB handling
- drm/amdgpu/gfx8: fix CSIB handling
- jfs: fix array-index-out-of-bounds read in addmissingindices {CVE-2025-38204}
- drm/amdgpu/gfx7: fix CSIB handling
- drm/amdgpu/gfx10: fix CSIB handling
- drm/msm/a6xx: Increase HFI response timeout
- drm/amd/display: Add NULL pointer checks in dmforceatomic_commit()
- media: uapi: v4l: Fix V4L2TYPEIS_OUTPUT condition
- drm/msm/hdmi: add runtime PM calls to DDC transfer function
- drm/bridge: analogixdp: Add irq flag IRQFNOAUTOEN instead of calling disableirq()
- sunrpc: update nextcheck time when adding new cache entries
- drm/amdgpu/gfx6: fix CSIB handling
- ACPI: battery: negate current when discharging
- PM: runtime: fix denying of auto suspend in pmsuspendtimer_fn()
- power: supply: bq27xxx: Retrieve again when busy
- ACPICA: fix acpi parse and parseext cache leaks {CVE-2025-38344}
- ACPICA: Avoid sequence overread in call to strncmp()
- ACPICA: fix acpi operand cache leak in dswstate.c {CVE-2025-38345}
- iio: adc: ad7606_spi: fix reg write value mask
- PCI: Fix lock symmetry in pcislotunlock()
- PCI: Add ACS quirk for Loongson PCIe
- uiohvgeneric: Use correct size for interrupt and monitor pages
- regulator: max14577: Add error check for max14577readreg()
- mips: Add -std= flag specified in KBUILD_CFLAGS to vdso CFLAGS
- staging: iio: ad5933: Correct settling cycles encoding per datasheet
- net: ch9200: fix uninitialised access during miinwayrestart {CVE-2025-38086}
- ftrace: Fix UAF when lookup kallsym after ftrace disabled {CVE-2025-38346}
- dm-mirror: fix a tiny race condition
- mtd: nand: sunxi: Add randomizer configuration before randomizer enable
- mtd: rawnand: sunxi: Add randomizer configuration in sunxinfchweccwrite_chunk
- mm: fix ratelimitpages update error in dirtyratio_handler()
- ipc: fix to protect IPCS lookups using RCU {CVE-2025-38212}
- parisc: fix building with gcc-15
- vgacon: Add check for vcorigin address range in vgaconscroll() {CVE-2025-38213}
- fbdev: Fix fbsetvar to prevent null-ptr-deref in fbvideomodeto_var {CVE-2025-38214}
- EDAC/altera: Use correct write width with the INTTEST register
- NFC: nci: uart: Set tty->disc_data only in success path {CVE-2025-38416}
- f2fs: prevent kernel warning due to negative i_nlink from corrupted image {CVE-2025-38219}
- Input: ims-pcu - check record size in imspcuflash_firmware() {CVE-2025-38428}
- ext4: fix calculation of credits for extent tree modification
- ext4: inline: fix len overflow in ext4prepareinline_data {CVE-2025-38222}
- bus: fsl-mc: do not add a device-link for the UAPI used DPMCP device
- ata: pata_via: Force PIO for ATAPI devices on VT6415/VT6330 {CVE-2025-38336}
- ARM: 9447/1: arm/memremap: fix archmemremapcanramremap()
- media: v4l2-dev: fix error handling in __videoregisterdevice()
- media: gspca: Add error handling for stv06xxreadsensor()
- wifi: rtlwifi: disable ASPM for RTL8723BE with subsystem ID 11ad:1723
- nfsd: nfsd4spomust_allow() must check this is a v4 compound request {CVE-2025-38430}
- wifi: p54: prevent buffer-overflow in p54rxeeprom_readback() {CVE-2025-38348}
- gfs2: move msleep to sleepable context
- configfs: Do not override creating attribute file failure in populate_attrs()
- net: usb: aqc111: debug info before sanitation
- calipso: unlock rcu before returning -EAFNOSUPPORT
- xen/arm: call uaccessttbr0enable for dm_op hypercall
- usb: Flush altsetting 0 endpoints before reinitializating them after reset.
- fs/filesystems: Fix potential unsigned integer underflow in fs_name()
- net/mdiobus: Fix potential out-of-bounds read/write access {CVE-2025-38111}
- drm/amd/display: Do not add '-mhard-float' to dcn2{1,0}_resource.o for clang
- drm/amd/display: Do not add '-mhard-float' to dml_ccflags for clang
- MIPS: Move '-Wa,-msoft-float' check from as-option to cc-option
- x86/boot/compressed: prefer cc-option for CFLAGS additions
- net: mdio: C22 is now optional, EOPNOTSUPP if not provided
- netsched: tbf: fix a race in tbfchange()
- net_sched: red: fix a race in _redchange() {CVE-2025-38108}
- netsched: prio: fix a race in priotune() {CVE-2025-38083}
- net/mlx5: Fix return value when searching for existing flow group
- net/mlx5: Wait for inactive autogroups
- i40e: retry VFLR handling if there is ongoing VF reset
- i40e: return false from i40eresetvf if reset is in progress
- netsched: schsfq: fix a potential crash on gso_skb handling {CVE-2025-38115}
- scsi: iscsi: Fix incorrect error path labels for flashnode operations
- NFSD: Fix NFSv3 SETATTR/CREATE's handling of large file sizes {CVE-2022-48829}
- NFSD: Fix ia_size underflow {CVE-2022-48828}
- Input: synaptics-rmi - fix crash with unsupported versions of F34
- Input: synaptics-rmi4 - convert to use sysfs_emit() APIs
- pmdomain: core: Fix error checking in genpddevpmattachby_id()
- dochangetype(): refuse to operate on unmounted/not ours mounts {CVE-2025-38498}
- ice: create new Tx scheduler nodes for new queues only
- Bluetooth: L2CAP: Fix not responding with L2CAPCRLE_ENCRYPTION
- net/mlx4_en: Prevent potential integer overflow calculating Hz
- vt: remove VTRESIZE and VTRESIZEX from vtcompatioctl()
- serial: Fix potential null-ptr-deref in mlbusioprobe() {CVE-2025-38135}
- usb: renesas_usbhs: Reorder clock handling and power management in probe {CVE-2025-38136}
- rtc: Fix offset calculation for .start_secs < 0
- rtc: sh: assign correct interrupts with DT
- perf record: Fix incorrect --user-regs comments
- perf tests switch-tracking: Fix timestamp comparison
- mfd: stmpe-spi: Correct the name used in MODULEDEVICETABLE
- mfd: exynos-lpass: Avoid calling exynoslpassdisable() twice in exynoslpassremove()
- rpmsg: qcom_smd: Fix uninitialized return variable in __qcomsmdsend()
- perf scripts python: exported-sql-viewer.py: Fix pattern matching with Python 3
- perf ui browser hists: Set actions->thread before calling dozoomthread()
- fbdev: core: fbcvt: avoid division by 0 in fbcvthperiod() {CVE-2025-38312}
- soc: aspeed: Add NULL check in aspeedlpcenable_snoop() {CVE-2025-38145}
- soc: aspeed: lpc: Fix impossible judgment condition
- arm64: dts: rockchip: disable unrouted USB controllers and PHY on RK3399 Puma with Haikou
- ARM: dts: qcom: apq8064 merge hw splinlock into corresponding syscon device
- bus: fsl-mc: fix double-free on mc_dev {CVE-2025-38313}
- nilfs2: do not propagate ENOENT error from nilfsbtreepropagate()
- nilfs2: add pointer check for nilfsdirectpropagate()
- Squashfs: check return result of sbminblocksize {CVE-2025-38415}
- ARM: dts: at91: at91sam9263: fix NAND chip selects
- ARM: dts: at91: usb_a9263: fix GPIO for Dataflash chip select
- f2fs: fix to correct check conditions in f2fscrossrename
- f2fs: use dinode(dentry) cleanup dentry->dinode
- calipso: Don't call calipso functions for AF_INET sk. {CVE-2025-38147}
- net: lan743x: rename lan743xresetphy to lan743xhwreset_phy
- net: usb: aqc111: fix error handling of usbnet read calls {CVE-2025-38153}
- netfilter: nftables: nftfib_ipv6: fix VRF ipv4/ipv6 result discrepancy
- wifi: ath9k_htc: Abort software beacon handling if disabled {CVE-2025-38157}
- bpf: Fix WARN() in getbpfrawtpregs {CVE-2025-38285}
- pinctrl: at91: Fix possible out-of-boundary access {CVE-2025-38286}
- ktls, sockmap: Fix missing uncharge operation
- netfilter: bridge: Move specific fragmented packet to slow_path instead of dropping it
- f2fs: clean up w/ fscryptisbounce_page()
- RDMA/hns: Include hnae3.h in hnsrocehw_v2.h
- wifi: rtw88: do not ignore hardware read error during DPK
- net: ncsi: Fix GCPS 64-bit member variables
- f2fs: fix to do sanity check on sbi->totalvalidblock_count {CVE-2025-38163}
- drm/tegra: rgb: Fix the unbound reference count
- drm/vkms: Adjust vkmsstate->activeplanes allocation type
- drm: rcar-du: Fix memory leak in rcarduvsps_init()
- selftests/seccomp: fix syscall_restart test for arm compat
- firmware: psci: Fix refcount leak in pscidtinit
- m68k: mac: Fix macintosh_config for Mac II
- drm/vmwgfx: Add seqno waiter for sync_files
- spi: sh-msiof: Fix maximum DMA transfer size
- ACPI: OSI: Stop advertising support for "3.0 _SCP Extensions"
- x86/mtrr: Check if fixed-range MTRRs exist in mtrrsavefixed_ranges()
- PM: wakeup: Delete space in the end of string shown by pmshowwakelocks()
- EDAC/skx_common: Fix general protection fault {CVE-2025-38298}
- crypto: marvell/cesa - Avoid empty transfer descriptor
- crypto: marvell/cesa - Handle zero-length skcipher requests {CVE-2025-38173}
- x86/cpu: Sanitize CPUID(0x80000000) output
- perf/core: Fix broken throttling when maxsamplesper_tick=1
- gfs2: gfs2createinode error handling fix
- netfilter: nft_socket: fix sk refcount leaks {CVE-2024-46855}
- thunderbolt: Do not double dequeue a configuration request {CVE-2025-38174}
- usb: usbtmc: Fix timeout value in get_stb
- usb: storage: Ignore UAS driver for SanDisk 3.2 Gen2 storage device
- usb: quirks: Add NO_LPM quirk for SanDisk Extreme 55AE
- pinctrl: armada-37xx: set GPIO output value before setting direction
- pinctrl: armada-37xx: use correct OUTPUT_VAL register for GPIOs > 31
- net/mlx5: Add poll-eq API to be used by ULP's
- net/rds: poll eq during user-reset
- perf: Fix perfeventvalidate_size() lockdep splat {CVE-2023-6931}
- perf: Fix perfeventvalidate_size() {CVE-2023-6931}
- net/mlx5: set graceful_period to 0 to allow multiple transmission queue recovery
- pwm: mediatek: Ensure to disable clocks in error path
- Revert "mmc: sdhci: Disable SD card clock before changing parameters"
- net/sched: Always pass notifications when child class becomes empty {CVE-2025-38350}
- x86/bpf: Classic BPF program can fail when BHB barrier is used
- Add Zen34 clients {CVE-2024-36350}
- x86/process: Move the buffer clearing before MONITOR {CVE-2024-36350}
- KVM: SVM: Advertize TSA CPUID bits to guests {CVE-2024-36350}
- x86/bugs: Add a Transient Scheduler Attacks mitigation {CVE-2024-36350}
- KVM: x86: add support for CPUID leaf 0x80000021 {CVE-2024-36350}
- x86/bugs: Rename MDS machinery to something more generic {CVE-2024-36350}
- x86/CPU/AMD: Add ZenX generations flags {CVE-2024-36350}
- x86/bugs: Free X86BUGAMDAPICC1E and X86BUGAMD_E400 bits {CVE-2024-36350}
- Revert "x86/bugs: Make spectre user default depend on MITIGATIONSPECTREV2" on v6.6 and older
- tracing: Fix compilation warning on arm32
- PM: sleep: Fix power.is_suspended cleanup for direct-complete devices
- LTS tag: v5.4.294
- platform/x86: thinkpad_acpi: Ignore battery threshold change event notification
- platform/x86: fujitsu-laptop: Support Lifebook S2110 hotkeys
- spi: spi-sun4i: fix early activation
- um: let 'make clean' properly clean underlying SUBARCH as well
- platform/x86: thinkpad_acpi: Support also NEC Lavie X1475JAS
- nfs: don't share pNFS DS connections between net namespaces
- HID: quirks: Add ADATA XPG alpha wireless mouse support
- coredump: hand a pidfd to the usermode coredump helper
- fork: use pidfd_prepare()
- pid: add pidfd_prepare()
- pidfd: check pid has attached task in fdinfo
- coredump: fix error handling for replace_fd()
- net_sched: hfsc: Address reentrant enqueue adding class to eltree twice {CVE-2025-38001}
- smb: client: Reset all search buffer pointers when releasing buffer
- smb: client: Fix use-after-free in cifsfilldirent {CVE-2025-38051}
- drm/i915/gvt: fix unterminated-string-initialization warning
- netfilter: nftables: do not defer rule destruction via callrcu {CVE-2024-56655}
- netfilter: nftables: wait for rcu grace period on netdevice removal {CVE-2024-56655}
- netfilter: nftables: pass nftchain to destroy function, not nft_ctx
- kbuild: Disable -Wdefault-const-init-unsafe
- spi: spi-fsl-dspi: restrict register range for regmap access
- mm/page_alloc.c: avoid infinite retries caused by cpuset race
- drm/edid: fixed the bug that hdr metadata was not reset
- llc: fix data loss when reading from a socket in llcuirecvmsg()
- ALSA: pcm: Fix race of buffer access at PCM OSS layer {CVE-2025-38078}
- can: bcm: add missing rcu read protection for procfs content {CVE-2025-38003}
- can: bcm: add locking for bcm_op runtime updates {CVE-2025-38004}
- crypto: algifhash - fix double free in hashaccept {CVE-2025-38079}
- schhfsc: Fix qlen accounting bug when using peek in hfscenqueue() {CVE-2025-38000}
- net: dwmac-sun8i: Use parsed internal PHY address instead of 1
- bridge: netfilter: Fix forwarding of fragmented packets
- xfrm: Sanitize marks before insert
- __legitimizemnt(): check for MNTSYNCUMOUNT should be under mountlock {CVE-2025-38058}
- xenbus: Allow PVH dom0 a non-local xenstore
- btrfs: correct the order of prelimref arguments in btrfsprelimref {CVE-2025-38034}
- nvmet-tcp: don't restore null skstatechange {CVE-2025-38035}
- ASoC: Intel: bytcr_rt5640: Add DMI quirk for Acer Aspire SW3-013
- pinctrl: meson: define the pull up/down resistor value as 60 kOhm
- drm: Add valid clones check
- drm/atomic: clarify the rules around drmatomicstate->allow_modeset
- regulator: ad5398: Add device tree support
- wifi: rtw88: Don't use static local variable in rtw8822bsettxpowerindexbyrate
- bpftool: Fix readlink usage in getfdtype
- HID: usbkbd: Fix the bit shift number for LED_KANA
- scsi: st: Restore some drive settings after reset
- scsi: lpfc: Handle duplicate DIDs in ndlp search-by DID routine
- rcu: fix header guard for rcuallqs()
- rcu: handle quiescent states for PREEMPTRCU=n, PREEMPTCOUNT=y
- vxlan: Annotate FDB data races {CVE-2025-38037}
- hwmon: (xgene-hwmon) use appropriate type for the latency value
- ip: fibrules: Fetch net from fibrule in fib[46]ruleconfigure().
- net/mlx5e: reduce rep rxq depth to 256 for ECPF
- net/mlx5e: set the txqueuelen for pfifo_fast
- net/mlx5: Extend Ethtool loopback selftest to support non-linear SKB
- phy: core: don't require setmode() callback for phyget_mode() to work
- net/mlx4core: Avoid impossible mlx4db_alloc() order value
- smack: recognize ipv4 CIPSO w/o categories
- pinctrl: devicetree: do not goto err when probing hogs in pinctrldtto_map
- ASoC: ops: Enforce platform maximum on initial value
- net/mlx5: Apply rate-limiting to high temperature warning
- net/mlx5: Modify LSB bitmask in temperature event to include only the first bit
- ACPI: HED: Always initialize before evged
- PCI: Fix oldsize lower bound in calculateiosize() too
- EDAC/ie31200: work around false positive build warning
- net: pktgen: fix access outside of user given buffer in pktgenthreadwrite() {CVE-2025-38061}
- wifi: rtw88: Fix rtwinitht_cap() for RTL8814AU
- scsi: mpt3sas: Send a diag reset if target reset fails
- MIPS: pm-cps: Use per-CPU variables as per-CPU, not per-core
- MIPS: Use arch specific syscall name match function
- cpuidle: menu: Avoid discarding useful information
- x86/nmi: Add an emergency handler in nmidesc & use it in nmishootdown_cpus()
- bonding: report duplicate MAC address in all situations
- net: xgene-v2: remove incorrect ACPI_PTR annotation
- drm/amdkfd: KFD release_work possible circular locking
- net/mlx5: Avoid report two health errors on same syndrome
- fpga: altera-cvp: Increase credit timeout
- drm/mediatek: mtkdpi: Add checks for reghfrecon existence
- hwmon: (gpio-fan) Add missing mutex locks
- x86/bugs: Make spectre user default depend on MITIGATIONSPECTREV2
- net: pktgen: fix mpls maximum labels list parsing
- pinctrl: bcm281xx: Use "unsigned int" instead of bare "unsigned"
- media: cx231xx: set device_caps for 417 {CVE-2025-38044}
- orangefs: Do not truncate file size {CVE-2025-38065}
- dm cache: prevent BUG_ON by blocking retries on failed device resumes {CVE-2025-38066}
- media: c8sectpfe: Call ofnodeput(i2cbus) only once in c8sectpfeprobe()
- ARM: tegra: Switch DSI-B clock parent to PLLD on Tegra114
- ieee802154: ca8210: Use proper setters and getters for bitwise types
- rtc: ds1307: stop disabling alarms on probe
- powerpc/prom_init: Fixup missing #size-cells on PowerBook6,7
- mmc: sdhci: Disable SD card clock before changing parameters
- netfilter: conntrack: Bound nf_conntrack sysctl writes
- posix-timers: Add condresched() to posixtimer_add() search loop
- xen: Add support for XenServer 6.1 platform device {CVE-2025-38046}
- dm: restrict dm device size to 2^63-512 bytes
- kbuild: fix argument parsing in scripts/config
- scsi: st: ERASE does not change tape location
- scsi: st: Tighten the page format heuristics with MODE SELECT
- ext4: reorder capability check last
- um: Update minlowpfn to match changes in uml_reserved
- um: Store full CSGSFS and SS register from mcontext
- btrfs: send: return -ENAMETOOLONG when attempting a path that is too long
- btrfs: avoid linker error in btrfsfindcreatetreeblock()
- i2c: pxa: fix call balance of i2c->clk handling routines
- mmc: host: Wait for Vdd to settle on card power off
- libnvdimm/labels: Fix divide error in ndlabeldata_init() {CVE-2025-38072}
- pNFS/flexfiles: Report ENETDOWN as a connection error
- tools/build: Don't pass test log files to linker
- dql: Fix dql->limit value when reset.
- SUNRPC: rpcclntset_transport() must not change the autobind setting
- NFSv4: Treat ENETUNREACH errors as fatal for state recovery
- fbdev: core: tileblit: Implement missing margin clearing for tileblit
- fbdev: fsl-diu-fb: add missing deviceremovefile()
- mailbox: use error ret code of ofparsephandlewithargs()
- kconfig: merge_config: use an empty file as initfile
- cgroup: Fix compilation issue due to cgroup_mutex not being exported
- dma-mapping: avoid potential unused data compilation warning
- scsi: target: iscsi: Fix timeout on deleted connection {CVE-2025-38075}
- openvswitch: Fix unsafe attribute parsing in output_userspace() {CVE-2025-37998}
- Input: synaptics - enable InterTouch on TUXEDO InfinityBook Pro 14 v5
- Input: synaptics - enable SMBus for HP Elitebook 850 G1
- clocksource/i8253: Use rawspinlockirqsave() in clockeventi8253disable()
- phy: renesas: rcar-gen3-usb2: Set timing registers only once
- phy: Fix error handling in tegraxusbport_init
- ALSA: es1968: Add error handling for sndpcmhwconstraintpow2()
- NFSv4/pnfs: Reset the layout state after a layoutreturn
- NFSv4/pnfs: pnfssetlayout_stateid() should update the layout cred
- qlcnic: fix memory leak in qlcnicsriovchannelcfgcmd()
- ALSA: sh: SNDAICA should depend on SHDMA_API
- net: dsa: sja1105: discard incoming frames in BRSTATELISTENING
- spi: loopback-test: Do not split 1024-byte hexdumps
- nfs: handle failure of nfsgetlock_context in unlock path {CVE-2025-38023}
- RDMA/rxe: Fix slab-use-after-free Read in rxequeuecleanup bug {CVE-2025-38024}
- iio: chemical: sps30: use aligned_s64 for timestamp
- iio: adc: ad7768-1: Fix insufficient alignment of timestamp.
- staging: axis-fifo: Correct handling of txfifodepth for size validation
- staging: axis-fifo: avoid parsing ignored device tree properties
- staging: axis-fifo: Remove hardware resets for user errors
- staging: axis-fifo: replace spinlock with mutex
- platform/x86: asus-wmi: Fix wlanctrlby_user detection
- do_umount(): add missing barrier before refcount checks in sync case
- MIPS: Fix MAXREGOFFSET
- iio: adc: dln2: Use aligned_s64 for timestamp
- types: Complement the aligned types with signed 64-bit one
- usb: usbtmc: Fix erroneous generic_read ioctl return
- usb: usbtmc: Fix erroneous wait_srq ioctl return
- usb: usbtmc: Fix erroneous get_stb ioctl error returns
- USB: usbtmc: use interruptible sleep in usbtmc_read
- usb: typec: ucsi: displayport: Fix NULL pointer access {CVE-2025-37994}
- usb: typec: tcpm: delay SNKTRYWAITDEBOUNCE to SRCTRYWAIT transition
- ocfs2: stop quota recovery before disabling quotas
- ocfs2: implement handshaking with ocfs2 recovery thread
- ocfs2: switch osb->disable_recovery to enum
- module: ensure that kobject_put() is safe for module type kobjects {CVE-2025-37995}
- xenbus: Use kref to track req lifetime {CVE-2025-37949}
- usb: uhci-platform: Make the clock really optional
- iio: imu: stlsm6dsx: fix possible lockup in stlsm6dsxreadtagged_fifo {CVE-2025-37969}
- iio: imu: stlsm6dsx: fix possible lockup in stlsm6dsxreadfifo {CVE-2025-37970}
- iio: adis16201: Correct inclinometer channel resolution
- iio: adc: ad7606: fix serial register access
- staging: iio: adc: ad7816: Correct conditional logic for store mode
- Input: synaptics - enable InterTouch on Dell Precision M3800
- Input: synaptics - enable InterTouch on Dynabook Portege X30L-G
- Input: synaptics - enable InterTouch on Dynabook Portege X30-D
- net: dsa: b53: fix learning on VLAN unaware bridges
- netfilter: ipset: fix region locking in hash types {CVE-2025-37997}
- schhtb: make htbdeactivate() idempotent {CVE-2025-37953}
- dm: fix copying after src array boundaries {CVE-2025-37902}
- iommu/amd: Fix potential buffer overflow in parseivrsacpihid {CVE-2025-37927}
- arm64: dts: rockchip: fix iface clock-name on px30 iommus
- usb: chipidea: cihdrcimx: implement usbphyinit() error handling
- usb: chipidea: cihdrcimx: use deverrprobe()
- usb: chipidea: imx: refine the error handling for hsic
- usb: chipidea: imx: change hsic power regulator as optional
- irqchip/gic-v2m: Prevent use after free of gicv2mgetfwnode() {CVE-2025-37819}
- irqchip/gic-v2m: Mark a few functions __init
- irqchip/gic-v2m: Add const to ofdeviceid
- schhtb: make htbqlen_notify() idempotent {CVE-2025-37953}
- of: module: add buffer overflow check in of_modalias() {CVE-2024-38541}
- PCI: imx6: Skip controller_id generation logic for i.MX7D
- net: fec: ERR007885 Workaround for conventional TX
- net: lan743x: Fix memleak issue when GSO enabled {CVE-2025-37909}
- lan743x: fix endianness when accessing descriptors
- lan743x: remove redundant initialization of variable currentheadindex
- nvme-tcp: fix premature queue removal and I/O failover
- net: dlink: Correct endianness handling of led_mode
- net_sched: qfq: Fix double list add in class with netem as child qdisc {CVE-2025-37913}
- net_sched: hfsc: Fix a UAF vulnerability in class with netem as child qdisc {CVE-2025-37890}
- net_sched: drr: Fix double list add in class with netem as child qdisc {CVE-2025-37915}
- net/mlx5: E-Switch, Initialize MAC Address for Default GID
- tracing: Fix oob write in traceseqto_buffer() {CVE-2025-37923}
- dm: always update the array size in realloc_argv on success {CVE-2025-37902}
- dm-integrity: fix a warning on invalid table line
- wifi: brcm80211: fmac: Add error handling for brcmfusbdl_writeimage() {CVE-2025-37990}
- amd-xgbe: Fix to ensure dependent features are toggled with RX checksum offload
- parisc: Fix double SIGFPE crash {CVE-2025-37991}
- i2c: imx-lpi2c: Fix clock count when probe defers
- EDAC/altera: Set DDR and SDMMC interrupt mask before registration
- EDAC/altera: Test the correct error reg offset
- scsi: qedf: Wait for stag work during unload
- scsi: qedf: Don't process stag work during unload and recovery
- rds: ib: Add cm_id generation scheme in order to detect new ones
- x86/its: BPF can crash in bpfjitcomp.c when ITS is enabled
- shmem: add support to ignore swap
- shmem: update documentation
- mm: hold the source mmap write lock when copying PTEs
- mm: do not write protect COW mappings when preserving across exec
- mm: differentiate copying PTEs for preservation from copying for fork
- mm/fork: Pass new vma pointer into copypagerange()
- xen/swiotlb: relax alignment requirements
- Reapply "xen/swiotlb: add alignment check for dma buffers"
- dmaengine: Revert "dmaengine: dmatest: Fix dmatest waiting less when interrupted"
- nvme: unblock ctrl state transition for firmware update
- memcg: always call cond_resched() after fn()
- ACPI: PPTT: Fix processor subtable walk
- LTS tag: v5.4.293
- MIPS: cm: Fix warning if MIPS_CM is disabled
- crypto: atmel-sha204a - Set hwrng quality to lowest possible
- comedi: jr3_pci: Fix synchronous deletion of timer
- md/raid1: Add check for missing source disk in process_checks()
- scsi: pm80xx: Set phy_attached to zero when device is gone
- ACPI PPTT: Fix coding mistakes in a couple of sizeof() calls
- selftests: ublk: fix teststripe04
- udmabuf: fix a buf size overflow issue during udmabuf creation {CVE-2025-37803}
- KVM: s390: Don't use %pK through tracepoints
- sched/isolation: Make CONFIGCPUISOLATION depend on CONFIG_SMP
- ntb: reduce stack usage in idtscanmws
- qibfs: fix another leak {CVE-2025-37983}
- usb: gadget: aspeed: Add NULL pointer check in astvhubinit_dev() {CVE-2025-37881}
- dmaengine: dmatest: Fix dmatest waiting less when interrupted
- usb: host: max3421-hcd: Add missing spideviceid table
- parisc: PDT: Fix missing prototype warning
- clk: check for disabled clock-provider in ofclkgethwfrom_clkspec()
- crypto: null - Use spin lock instead of mutex {CVE-2025-37808}
- MIPS: cm: Detect CM quirks from device tree
- USB: VLI disk crashes if LPM is used
- usb: quirks: Add delay init quirk for SanDisk 3.2Gen1 Flash Drive
- usb: quirks: add DELAY_INIT quirk for Silicon Motion Flash Drive
- usb: dwc3: gadget: check that event count does not exceed event buffer length {CVE-2025-37810}
- USB: OHCI: Add quirk for LS7A OHCI controller (rev 0x02)
- usb: cdns3: Fix deadlock when using NCM gadget {CVE-2025-37812}
- USB: serial: simple: add OWON HDS200 series oscilloscope support
- USB: serial: option: add Sierra Wireless EM9291
- USB: serial: ftdi_sio: add support for Abacus Electrics Optical Probe
- serial: sifive: lock port in startup()/shutdown() callbacks
- USB: storage: quirk for ADATA Portable HDD CH94
- mcb: fix a double free bug in chameleonparsegdd() {CVE-2025-37817}
- virtio_console: fix missing byte order handling for cols and rows
- netsched: hfsc: Fix a potential UAF in hfscdequeue() too {CVE-2025-37823}
- net_sched: hfsc: Fix a UAF vulnerability in class handling {CVE-2025-37797}
- tipc: fix NULL pointer dereference in tipcmonreinit_self() {CVE-2025-37824}
- net: phy: leds: fix memory leak {CVE-2025-37989}
- cpufreq: scpi: Fix null-ptr-deref in scpicpufreqget_rate() {CVE-2025-37829}
- drm/amd/pm: Prevent division by zero {CVE-2025-37766}
- misc: pciendpointtest: Fix displaying 'irqtype' after 'requestirq' error
- misc: pciendpointtest: Use INTX instead of LEGACY
- PCI: Rename PCIIRQLEGACY to PCIIRQINTX
- iio: adc: ad7768-1: Fix conversion result sign
- iio: adc: ad7768-1: Move setting of val a bit later to avoid unnecessary return value check
- net: dsa: mv88e6xxx: fix VTU methods for 6320 family
- media: vim2m: print device name after registering device
- ext4: fix OOB read when checking dotdot dir {CVE-2025-37785}
- ext4: optimize _ext4checkdirentry()
- ext4: don't over-report free space or inodes in statvfs
- ext4: code cleanup for ext4statfsproject()
- ext4: simplify checking quota limits in ext4_statfs()
- platform/x86: ISST: Correct command storage data length
- MIPS: ds1287: Match ds1287setbase_clock() function types
- MIPS: cevt-ds1287: Add missing ds1287.h include
- MIPS: dec: Declare which_prom() as static
- virtio-net: Add validation for used length {CVE-2021-47352}
- RDMA/srpt: Support specifying the srptserviceguid parameter {CVE-2024-26744}
- openvswitch: fix lockup on tx to unregistering netdev with carrier {CVE-2025-21681}
- net: openvswitch: fix race on port output {CVE-2025-21681}
- mmc: cqhci: Fix checking of CQHCI_HALT state
- nvmet-fc: Remove unused functions
- usb: dwc3: support continuous runtime PM with dual role
- misc: pciendpointtest: Fix 'irq_type' to convey the correct type
- misc: pciendpointtest: Avoid issue of interrupts remaining after request_irq error {CVE-2025-23140}
- tcp/dccp: Don't use timerpending() in reqskqueue_unlink(). {CVE-2024-50154}
- powerpc/prom_init: Use -ffreestanding to avoid a reference to bcmp
- kbuild: Add '-fno-builtin-wcslen'
- cpufreq: Reference count policy in cpufrequpdatelimits()
- drm/sti: remove duplicate object names
- drm/nouveau: prime: fix ttmbodelayed_delete oops {CVE-2025-37765}
- drm/repaper: fix integer overflows in repeat functions
- module: sign with sha512 instead of sha1 by default
- perf/x86/intel/uncore: Fix the scale of IIO free running counters on SNR
- perf/x86/intel: Allow to update user space GPRs from PEBS records
- virtiofs: add filesystem context source name check {CVE-2025-37773}
- riscv: Avoid fortify warning in syscallgetarguments()
- isofs: Prevent the use of too small fid {CVE-2025-37780}
- i2c: cros-ec-tunnel: defer probe if parent EC is not present {CVE-2025-37781}
- hfs/hfsplus: fix slab-out-of-bounds in hfsbnoderead_key {CVE-2025-37782}
- btrfs: correctly escape subvol in btrfsshowoptions()
- nfs: add missing selections of CONFIG_CRC32
- nfs: move nfsfhandlehash to common include file
- NFSD: Constify @fh argument of knfsdfhhash()
- asus-laptop: Fix an uninitialized variable
- writeback: fix false warning in inodetowb()
- net: b53: enable BPDU reception for management port
- net: openvswitch: fix nested key length validation in the set() action {CVE-2025-37789}
- Revert "wifi: mac80211: Update skb's control block key in ieee80211txdequeue()" {CVE-2025-37795}
- Bluetooth: btrtl: Prevent potential NULL dereference {CVE-2025-37792}
- Bluetooth: hcievent: Fix sending MGMTEVDEVICEFOUND for invalid address
- RDMA/usnic: Fix passing zero to PTRERR in usnicibpciprobe()
- scsi: iscsi: Fix missing scsihostput() in error path
- wifi: wl1251: fix memory leak in wl1251txwork {CVE-2025-37982}
- wifi: mac80211: Purge vif txq in ieee80211dostop() {CVE-2025-37794}
- wifi: mac80211: Update skb's control block key in ieee80211txdequeue() {CVE-2025-37795}
- wifi: at76c50x: fix use after free access in at76_disconnect {CVE-2025-37796}
- HSI: ssiprotocol: Fix use after free vulnerability in ssiprotocol Driver Due to Race Condition {CVE-2025-37838}
- pwm: mediatek: always use bus clock for PWM on MT7622
- Bluetooth: hci_uart: Fix another race during initialization {CVE-2025-23139}
- x86/e820: Fix handling of subpage regions when calculating nosave ranges in e820__registernosaveregions()
- PCI: Fix reference leak in pciallocchild_bus()
- of/irq: Fix device node refcount leakages in ofirqinit()
- of/irq: Fix device node refcount leakage in API irqofparseandmap()
- of/irq: Fix device node refcount leakages in ofirqcount()
- ntb: use 64-bit arithmetic for the MSI doorbell mask
- gpio: zynq: Fix wakeup source leaks on device unbind
- ftrace: Add condresched() to ftracegraphsethash() {CVE-2025-37940}
- dm-integrity: set ti->error on memory allocation failure
- crypto: ccp - Fix check for the primary ASP device
- thermal/drivers/rockchip: Add missing rk3328 mapping entry
- sctp: detect and prevent references to a freed transport in sendmsg {CVE-2025-23142}
- mm: add missing release barrier on PGDATRECLAIMLOCKED unlock
- sparc/mm: disable preemption in lazy mmu mode
- arm64: dts: mediatek: mt8173: Fix disp-pwm compatible string
- mtd: rawnand: Add status chack in r852_ready()
- mtd: inftlcore: Add error check for inftlreadoob() {CVE-2025-37892}
- lib: scatterlist: fix sgsplitphys to preserve original scatterlist offsets
- locking/lockdep: Decrease nrunusedlocks if lock unused in zap_class()
- jbd2: remove wrong sb->s_sequence check {CVE-2025-37839}
- i3c: Add NULL pointer check in i3cmasterqueue_ibi() {CVE-2025-23147}
- ext4: fix off-by-one error in do_split {CVE-2025-23150}
- wifi: mac80211: fix integer overflow in hwmprouteinfo_get()
- net: dsa: mv88e6xxx: workaround RGMII transmit delay erratum for 6320 family
- media: venus: hfi_parser: add check to avoid out of bound access {CVE-2025-23157}
- media: i2c: ov7251: Introduce 1 ms delay between regulators and en GPIO
- media: i2c: ov7251: Set enable GPIO low in probe
- media: v4l2-dv-timings: prevent possible overflow in v4l2detectgtf()
- media: streamzap: prevent processing IR data on URB failure
- mtd: rawnand: brcmnand: fix PM resume warning {CVE-2025-37840}
- arm64: cputype: Add MIDRCORTEXA76AE
- xenfs/xensyms: respect hypervisor's "next" indication
- media: siano: Fix error handling in smsdvbmoduleinit()
- media: venus: hfi: add check to handle incorrect queue size {CVE-2025-23158}
- media: venus: hfi: add a check to handle OOB in sfr region {CVE-2025-23159}
- media: i2c: adv748x: Fix test pattern selection mask
- ext4: don't treat fhandle lookup of ea_inode as FS corruption
- ext4: reject casefold inode flag without casefold feature
- bpf: support SKFNETOFF and SKFLLOFF on skb frags
- bpf: Add endian modifiers to fix endian warnings
- pwm: fsl-ftm: Handle clkgetrate() returning 0
- pwm: mediatek: Prevent divide-by-zero in pwmmediatekconfig() {CVE-2025-37850}
- pwm: mediatek: Always use bus clock
- fbdev: omapfb: Add 'plane' value check {CVE-2025-37851}
- drm/mediatek: mtk_dpi: Explicitly manage TVD clock in power on/off
- drm/amdkfd: Fix pqmdestroyqueue race with GPU reset
- drm/amdkfd: clamp queue size to minimum
- drm: panel-orientation-quirks: Add new quirk for GPD Win 2
- drm: panel-orientation-quirks: Add support for AYANEO 2S
- drm: allow encoder mode_set even when connectors change for crtc
- Bluetooth: hci_uart: fix race during initialization {CVE-2025-23139}
- tracing: fix return value in _ftraceeventenabledisable for TRACEREGUNREGISTER
- net: vlan: don't propagate flags on open {CVE-2025-23163}
- wifi: mt76: mt76x2u: add TP-Link TL-WDN6200 ID to device table
- scsi: st: Fix array overflow in st_setup() {CVE-2025-37857}
- ext4: ignore xattrs past end {CVE-2025-37738}
- ext4: protect ext4releasedquot against freezing
- ahci: add PCI ID for Marvell 88SE9215 SATA Controller
- ata: libata-eh: Do not use ATAPI DMA for a device limited to PIO mode
- jfs: add sanity check for agwidth in dbMount {CVE-2025-37740}
- jfs: Prevent copying of nlink with value 0 from disk inode {CVE-2025-37741}
- fs/jfs: Prevent integer overflow in AG size calculation {CVE-2025-37858}
- fs/jfs: cast inactags to s64 to prevent potential overflow
- page_pool: avoid infinite loop to schedule delayed worker {CVE-2025-37859}
- ALSA: usb-audio: Fix CME quirk for UF series keyboards
- ALSA: hda: intel: Fix Optimus when GPU has no sound
- HID: pidff: Fix null pointer dereference in pidfffindfields {CVE-2025-37862}
- HID: pidff: Do not send effect envelope if it's empty
- HID: pidff: Convert infinite length from Linux API to PID standard
- xen/mcelog: Add __nonstring annotations for unterminated strings
- perf: armpmu: Don't disable counter in armpmuadd()
- x86/cpu: Don't clear X86FEATURELAHFLM flag in initamd_k8() on AMD when running in a virtual machine
- pm: cpupower: bench: Prevent NULL dereference on malloc failure {CVE-2025-37841}
- net: ppp: Add bound checking for skb data on pppsynctxmung {CVE-2025-37749}
- ata: satasx4: Add error handling in pdc20621i2c_read()
- ata: sata_sx4: Drop pointless VPRINTK() calls and convert the remaining ones
- tipc: fix memory leak in tipclinkxmit {CVE-2025-37757}
- ata: patapxa: Fix potential NULL pointer dereference in pxaata_probe() {CVE-2025-37758}
- x86/bhi: Do not set BHIDISS in 32-bit mode
- x86/bpf: Add IBHF call at end of classic BPF
- x86/bpf: Call branch history clearing sequence on exit
- certs: Reference revocation list for all keyrings
- RDS: use getuserpagesfast() in rdmapin_pages()
- x86/bugs: Enabling Retbleed and SRSO mitigation can taint the kernel
- selftest/x86/bugs: Add selftests for ITS {CVE-2024-28956}
- x86/its: Align RETs in BHB clear sequence to avoid thunking {CVE-2024-28956}
- x86/its: Add "vmexit" option to skip mitigation on some CPUs {CVE-2024-28956}
- x86/its: Enable Indirect Target Selection mitigation {CVE-2024-28956}
- x86/its: Add support for ITS-safe return thunk {CVE-2024-28956}
- x86/its: Add support for ITS-safe indirect thunk {CVE-2024-28956}
- x86/its: Enumerate Indirect Target Selection (ITS) bug {CVE-2024-28956}
- Documentation: x86/bugs/its: Add ITS documentation {CVE-2024-28956}
- certs: Add new Oracle Linux Driver Signing (key 1) certificate
- net/mlx5e: Don't call cleanup on profile rollback failure {CVE-2024-50146}
- net/mlx5e: Fix NULL deref in mlx5etirbuilder_alloc() {CVE-2024-50000}
- net/mlx5: Fix error path in multi-packet WQE transmit {CVE-2024-50001}
- net/mlx5: Discard command completions in internal error {CVE-2024-38555}
- net/mlx5e: fix a potential double-free in fsanycreate_groups {CVE-2023-52667}
- net/mlx5: Reclaim max 50K pages at once
- LTS tag: v5.4.292
- jfs: add index corruption check to DT_GETPAGE()
- tracing: Fix use-after-free in printgraphfunction_flags during tracer switching {CVE-2025-22035}
- mmc: sdhci-pxav3: set NEEDRSPBUSY capability
- ACPI: resource: Skip IRQ override on ASUS Vivobook 14 X1404VAP
- x86/mm: Fix flushtlbrange() when used for zapping normal PMDs {CVE-2025-22045}
- x86/tsc: Always save/restore TSC sched_clock() on suspend/resume
- ntbperf: Delete duplicate dmaengineunmapput() call in perfcopy_chunk()
- can: flexcan: only change CAN state when link up in system PM
- arcnet: Add NULL check in com20020pci_probe() {CVE-2025-22054}
- net: dsa: mv88e6xxx: propperly shutdown PPU re-enable timer on destroy
- ipv6: fix omitted netlink attributes when using RTEXTFILTERSKIP_STATS
- vsock: avoid timeout during connect() if the socket is closing
- net_sched: skbprio: Remove overly strict queue assertions {CVE-2025-38637}
- netlabel: Fix NULL pointer exception caused by CALIPSO on IPv4 sockets {CVE-2025-22063}
- ntb: intel: Fix using link status DB's
- ntbhwswitchtec: Fix shift-out-of-bounds in switchtecntbmwsettrans {CVE-2023-53034}
- spufs: fix a leak in spufscreatecontext() {CVE-2025-22071}
- spufs: fix a leak on spufsnewfile() failure {CVE-2025-22073}
- hwmon: (nct6775-core) Fix out of bounds access for NCT679{8,9}
- can: statistics: use atomic access in hot path
- locking/semaphore: Use wake_q to wake up processes outside lock critical section
- sched/deadline: Use online cpus for validating runtime
- affs: don't write overlarge OFS data block size fields
- affs: generate OFS sequence numbers starting at 1
- wifi: iwlwifi: fw: allocate chained SG tables for dump
- sched/smt: Always inline schedsmtactive()
- octeontx2-af: Fix mbox INTR handler when num VFs > 64
- ring-buffer: Fix bytes_dropped calculation issue
- objtool, media: dib8000: Prevent divide-by-zero in dib8000setdds() {CVE-2025-37937}
- fs/procfs: fix the comment above procpidwchan()
- perf python: Check if there is space to copy all the event
- perf python: Decrement the refcount of just created event on failure
- perf python: Fixup description of sample.id event member
- ocfs2: validate ltreedepth to avoid out-of-bounds access {CVE-2025-22079}
- kexec: initialize ELF lowest address to ULONG_MAX
- perf units: Fix insufficient array space
- iio: accel: mma8452: Ensure error return on failure to matching oversampling ratio
- coresight: catu: Fix number of pages while using 64k pages
- isofs: fix KMSAN uninit-value bug in doisofsreaddir()
- x86/dumpstack: Fix inaccurate unwinding from exception stacks due to misplaced assignment
- mfd: sm501: Switch to BIT() to mitigate integer overflows
- RDMA/mlx5: Fix mlx5pollone() cur_qp update flow {CVE-2025-22086}
- power: supply: max77693: Fix wrong conversion of charge input threshold value
- x86/entry: Fix ORC unwinder for PUSHREGS with saveret=1
- clk: amlogic: g12a: fix mmc A peripheral clock
- clk: amlogic: gxbb: drop non existing 32k clock parent
- clk: amlogic: g12b: fix cluster A parent data
- IB/mad: Check available slots before posting receive WRs
- clk: rockchip: rk3328: fix wrong clkrefusb3otg parent
- pinctrl: renesas: rza2: Fix missing ofnodeput() call
- lib: 842: Improve error handling in sw842_compress()
- clk: amlogic: gxbb: drop incorrect flag on 32k clock
- fbdev: sm501fb: Add some geometry checks.
- mdacon: rework dependency list
- fbdev: au1100fb: Move a variable assignment behind a null pointer check
- PCI: pciehp: Don't enable HPIE when resuming in poll mode
- PCI: Remove stray putdevice() in pciregisterhostbridge()
- PCI/portdrv: Only disable pciehp interrupts early when needed
- PCI/ASPM: Fix link state exit during switch upstream function removal {CVE-2024-58093}
- drm/mediatek: mtkhdmi: Fix typo for audsampe_size member
- ALSA: hda/realtek: Always honor noshutuppins
- perf/ring_buffer: Allow the EPOLLRDNORM flag for poll
- lockdep: Don't disable interrupts on RT in disableirqnosync_lockdep.*()
- PM: sleep: Fix handling devices with direct_complete set on errors
- thermal: int340x: Add NULL check for adev {CVE-2025-23136}
- EDAC/ie31200: Fix the error path order of ie31200_init()
- EDAC/ie31200: Fix the DIMM size mask for several SoCs
- EDAC/ie31200: Fix the size of EDACMCLAYERCHIPSELECT layer
- selinux: Chain up tool resolving errors in install_policy.sh
- x86/platform: Only allow CONFIG_EISA for 32-bit
- x86/fpu: Avoid copying dynamic FP state from inittask in archduptaskstruct()
- cpufreq: governor: Fix negative 'idletime' handling in dbsupdate()
- x86/mm/pat: cpa-test: fix length for CPA_ARRAY test
- memstick: rtsxusbms: Fix slab-use-after-free in rtsxusbmsdrvremove {CVE-2025-22020}
- net: usb: qmi_wwan: add Telit Cinterion FE990B composition
- net: usb: qmi_wwan: add Telit Cinterion FN990B composition
- tty: serial: 8250: Add some more device IDs
- counter: stm32-lptimer-cnt: fix error handling when enabling
- netfilter: socket: Lookup orig tuple for IPv6 SNAT {CVE-2025-22021}
- ARM: Remove address checking for MMUless devices
- ARM: 9351/1: fault: Add "cut here" line for prefetch aborts
- ARM: 9350/1: fault: Implement copyfromkernelnofaultallowed()
- atm: Fix NULL pointer dereference {CVE-2025-22018}
- HID: hid-plantronics: Add mic mute mapping and generalize quirks
- ALSA: usb-audio: Add quirk for Plantronics headsets to fix control names
- drm/radeon: fix uninitialized size issue in radeonvcecs_parse() {CVE-2025-21996}
- batman-adv: Ignore own maximum aggregation size during RX
- ARM: shmobile: smp: Enforce shmobilesmp* alignment
- mmc: atmel-mci: Add missing clkdisableunprepare()
- drm/v3d: Don't run jobs that have errors flagged in its fence
- i2c: omap: fix IRQ storms
- net/neighbor: add missing policy for NDTPAQUEUELENBYTES
- net: atm: fix use after free in lec_send() {CVE-2025-22004}
- ipv6: Set errno after ipfibmetricsinit() in ip6routeinfocreate().
- ipv6: Fix memleak of nhcpcpurthoutput in fibchecknhv6_gw(). {CVE-2025-22005}
- Bluetooth: Fix error code in chanallocskb_cb() {CVE-2025-22007}
- RDMA/hns: Fix wrong value of maxsgerd
- RDMA/bnxtre: Avoid clearing VLANID mask in modify qp path
- xfrm_output: Force software GSO only in tunnel mode
- firmware: imx-scu: fix OF node leak in .probe()
- i2c: sis630: Fix an error handling path in sis630_probe()
- i2c: ali15x3: Fix an error handling path in ali15x3_probe()
- i2c: ali1535: Fix an error handling path in ali1535_probe()
- ASoC: codecs: wm0010: Fix error handling path in wm0010spiprobe()
- drm/gma500: Add NULL check for pcigfxroot in midgetvbt_data()
- qlcnic: fix memory leak issues in qlcnicsriovcommon.c
- drm/amd/display: Assign normalizedpixclk when color depth = 14 {CVE-2025-21956}
- drm/atomic: Filter out redundant DPMS calls
- x86/microcode/AMD: Fix out-of-bounds on systems with CPU-less NUMA nodes {CVE-2025-21991}
- USB: serial: option: match on interface class for Telit FN990B
- USB: serial: option: fix Telit Cinterion FE990A name
- USB: serial: option: add Telit Cinterion FE990B compositions
- USB: serial: ftdi_sio: add support for Altera USB Blaster 3
- block: fix 'kmem_cache of name 'bio-108' already exists'
- drm/nouveau: Do not override forced connector status
- x86/irq: Define trace events conditionally
- fuse: don't truncate cached, mutated symlink
- nvme: only allow entering LIVE from CONNECTING state
- sctp: Fix undefined behavior in left shift operation
- nvmet-rdma: recheck queue state is LIVE in state lock in recv done
- ASoC: rsnd: don't indicate warning on rsndkctrlaccept_runtime()
- s390/cio: Fix CHPID "configure" attribute caching
- HID: ignore non-functional sensor in HP 5MP Camera {CVE-2025-21992}
- HID: intel-ish-hid: fix the length of MNGSYNCFW_CLOCK in doorbell
- ACPI: resource: IRQ override for Eluktronics MECH-17
- scsi: qla1280: Fix kernel oops when debug level > 2 {CVE-2025-21957}
- iscsiibft: Fix UBSAN shift-out-of-bounds warning in ibftattrshownic() {CVE-2025-21993}
- powercap: call putdevice() on an error path in powercapregistercontroltype()
- hrtimers: Mark ismigrationbase() with _alwaysinline
- nvme-fc: go straight to connecting state when initializing
- net/mlx5e: Prevent bridge link show failure for non-eswitch-allowed devices
- netfilter: nftexthdr: fix offset with ipv4find_option()
- netsched: Prevent creation of classes with TCH_ROOT {CVE-2025-21971}
- ipvs: prevent integer overflow in doipvsgetctl()
- netfilter: nfconncount: Fully initialize struct nfconncounttuple in inserttree() {CVE-2025-21959}
- Drivers: hv: vmbus: Don't release fbmmio resource in vmbusfree_mmio()
- drivers/hv: Replace binary semaphore with mutex
- netpoll: hold rcu read lock in __netpollsendskb()
- netpoll: netpollsendskb() returns transmit status
- netpoll: move netpollsendskb() out of line
- netpoll: remove dev argument from netpollsendskbondev()
- netpoll: Fix use correct return type for ndostartxmit()
- pinctrl: bcm281xx: Fix incorrect regmap max_registers value
- sched/isolation: Prevent boot crash when the boot CPU is nohz_full
- clockevents/drivers/i8253: Fix stop sequence for timer 0
- RDS: avoid using offlined CPU during reconnect
- x86/microcode/AMD: Clean the cache if update did not load microcode
- x86/microcode/AMD: Add finalizelateload() microcode_op
- x86/microcode/AMD: Extend the SHA check to Zen5, block loading of any unreleased standalone Zen5 microcode patches
- x86/microcode/AMD: Add some forgotten models to the SHA check
- x86/microcode/AMD: Load only SHA256-checksummed patches {CVE-2025-22047}
- x86/microcode/AMD: Flush patch buffer mapping after application
- x86/microcode/AMD: Stash BSP's CPUID(1).EAX and patch size
- nvme: fix deadlock between reset and scan
- References