CLSA-2025-1746479711
See a problem?- Import Source
- https://github.com/cloudlinux/tuxcare-osv/tree/main/data/els_os/oraclelinux7els/CLSA-2025-1746479711.json
- JSON Data
- https://api.osv.dev/v1/vulns/CLSA-2025-1746479711
- Upstream
- Published
- 2025-05-05T21:36:22Z
- Modified
- 2026-06-01T00:32:44.917511946Z
- Summary
- kernel-uek: Fix of 218 CVEs
- Details
-
- sctp: sysctl: auth_enable: avoid using current->nsproxy
- sctp: sysctl: cookiehmacalg: avoid using current->nsproxy {CVE-2025-21640}
- bpf: Use preemptcount() directly in bpfsendsignalcommon()
- Revert "sctp: sysctl: cookiehmacalg: avoid using current->nsproxy"
- jfs: fix slab-out-of-bounds read in ea_get()
- serial: 8250dma: terminate correct DMA in txdma_flush()
- Revert "sctp: sysctl: auth_enable: avoid using current->nsproxy"
- net: usb: usbnet: restore usb%d name exception for local mac addresses
- vlan: fix memory leak in vlan_newlink() {CVE-2022-49636}
- rds: ib: Fix NULL ptr deref in rdsibcqfollowaffinity
- LTS tag: v5.4.291
- eeprom: digsy_mtc: Make GPIO lookup table match the device
- slimbus: messaging: Free transaction ID in delayed interrupt scenario {CVE-2025-21914}
- intel_th: pci: Add Panther Lake-P/U support
- intel_th: pci: Add Panther Lake-H support
- intel_th: pci: Add Arrow Lake support
- Squashfs: check the inode number is not the invalid value of zero {CVE-2024-26982}
- xhci: pci: Fix indentation in the PCI device ID definitions
- usb: gadget: Check bmAttributes only if configuration is valid
- usb: gadget: Fix setting self-powered state on suspend
- usb: gadget: Set self-powered based on MaxPower and bmAttributes
- usb: typec: tcpci_rt1711h: Unmask alert interrupts to fix functionality
- usb: typec: ucsi: increase timeout for PPM reset operations
- usb: atm: cxacru: fix a flaw in existing endpoint checks {CVE-2025-21916}
- usb: renesasusbhs: Flush the notifyhotplug_work {CVE-2025-21917}
- usb: quirks: Add DELAYINIT and NOLPM for Prolific Mass Storage Card Reader
- usb: renesasusbhs: Use devmusbgetphy()
- usb: renesasusbhs: Call clkput()
- Revert "drivers/cardreader/rtsxusb: Restore interrupt based detection"
- gpio: rcar: Fix missing ofnodeput() call
- net: ipv6: fix missing dst ref drop in ila lwtunnel
- net: ipv6: fix dst ref loop in ila lwtunnel
- net-timestamp: support TCP GSO case for a few missing flags
- vlan: enforce underlying device type {CVE-2025-21920}
- ppp: Fix KMSAN uninit-value warning with bpf {CVE-2025-21922}
- be2net: fix sleeping while atomic bugs in bendobridge_getlink
- drm/sched: Fix preprocessor guard
- hwmon: fix a NULL vs ISERRORNULL() check in xgenehwmon_probe()
- llc: do not use skbget() before devqueue_xmit() {CVE-2025-21925}
- hwmon: (ad7314) Validate leading zero bits and return error
- hwmon: (ntc_thermistor) Fix the ncpXXxh103 sensor table
- hwmon: (pmbus) Initialise page count in pmbus_identify()
- caifvirtio: fix wrong pointer check in cfvprobe() {CVE-2025-21904}
- net: gso: fix ownership in __udpgsosegment {CVE-2025-21926}
- HID: intel-ish-hid: Fix use-after-free issue in ishtphidremove() {CVE-2025-21928}
- HID: google: fix unused variable warning under !CONFIG_ACPI
- wifi: iwlwifi: limit printed string from FW file {CVE-2025-21905}
- mm/page_alloc: fix uninitialized variable
- rapidio: fix an API misues when rioaddnet() fails {CVE-2025-21934}
- rapidio: add check for rioaddnet() in rioscanalloc_net()
- wifi: nl80211: reject cooked mode if it is set along with other flags {CVE-2025-21909}
- wifi: cfg80211: regulatory: improve invalid hints checking {CVE-2025-21910}
- x86/cpu: Properly parse CPUID leaf 0x2 TLB descriptor 0x63
- x86/cpu: Validate CPUID leaf 0x2 EDX output
- x86/cacheinfo: Validate CPUID leaf 0x2 EDX output
- platform/x86: thinkpad_acpi: Add battery quirk for ThinkPad X131e
- drm/radeon: Fix rs400gpuinit for ATI mobility radeon Xpress 200M
- ALSA: hda/realtek: update ALC222 depop optimize
- ALSA: hda: intel: Add Dell ALC3271 to power_save denylist
- HID: appleir: Fix potential NULL dereference at raw event handle {CVE-2025-21948}
- Revert "of: reserved-memory: Fix using wrong number of cells to get property 'alignment'"
- drm/amdgpu: disable BAR resize on Dell G5 SE
- drm/amdgpu: Check extended configuration space register when system uses large bar
- drm/amdgpu: skip BAR resizing if the bios already did it
- acct: perform last write from workqueue {CVE-2025-21846}
- kernel/acct.c: use dedicated helper to access rlimit values
- kernel/acct.c: use #elif instead of #end and #elif
- drop_monitor: fix incorrect initialization order {CVE-2025-21862}
- pfifotailenqueue: Drop new packet when sch->limit == 0 {CVE-2025-21702}
- sched/core: Prevent rescheduling when interrupts are disabled {CVE-2024-58090}
- phy: exynos5-usbdrd: fix MPLLMULTIPLIER and SSCREFCLKSEL masks in refclk
- phy: tegra: xusb: reset VBUS & ID OVERRIDE
- usbnet: gl620a: fix endpoint checking in genelink_bind() {CVE-2025-21877}
- perf/core: Fix low freq setting via IOC_PERIOD
- ftrace: Avoid potential division by zero in functionstatshow()
- x86/CPU: Fix warm boot hang regression on AMD SC1100 SoC systems
- net: mvpp2: cls: Fixed Non IP flow, with vlan tag flow defination.
- ipvs: Always clear ipvsproperty flag in skbscrub_packet()
- ASoC: es8328: fix route from DAC to output
- net: cadence: macb: Synchronize stats calculations
- sunrpc: suppress warnings for unused procfs functions
- batman-adv: Drop unmanaged ELP metric worker {CVE-2025-21823}
- batman-adv: Ignore neighbor throughput metrics in error case
- acct: block access to kernel internal filesystems
- ALSA: hda/conexant: Add quirk for HP ProBook 450 G4 mute LED
- nfp: bpf: Add check for nfpappctrlmsgalloc() {CVE-2025-21848}
- tee: optee: Fix supplicant wait loop {CVE-2025-21871}
- power: supply: da9150-fg: fix potential overflow
- flow_dissector: Fix port range key handling in BPF conversion
- flow_dissector: Fix handling of mixed port and port-range keys
- net: extract port range fields from flflowkey
- geneve: Suppress list corruption splat in genevedestroytunnels().
- geneve: Fix use-after-free in genevefinddev(). {CVE-2025-21858}
- powerpc/code-patching: Fix KASAN hit by not flagging text patching area as VM_ALLOC
- powerpc/64s: Rewrite __real_pte() and __rptetohidx() as static inline
- powerpc/64s/mm: Move _realpte stubs into hash-4k.h
- USB: gadget: fmidi: fmidicomplete to call queuework {CVE-2025-21859}
- usb/gadget: f_midi: Replace tasklet with work
- usb/gadget: fmidi: convert tasklets to use new taskletsetup() API
- usb: dwc3: Fix timeout issue during controller enter/exit from halt state
- usb: dwc3: Increase DWC3 controller halt timeout
- memcg: fix soft lockup in the OOM process {CVE-2024-57977}
- mm: update mark_victim tracepoints fields
- crypto: testmgr - some more fixes to RSA test vectors
- crypto: testmgr - populate RSA CRT parameters in RSA test vectors
- crypto: testmgr - fix version number of RSA tests
- crypto: testmgr - Fix wrong test case of RSA
- crypto: testmgr - fix wrong key length for pkcs1pad
- driver core: bus: Fix double free in driver API bus_register() {CVE-2024-50055}
- scsi: storvsc: Set correct data length for sending SCSI command without payload
- vlan: move devput into vlandev_uninit
- vlan: introduce vlandevfreeegresspriority
- pps: Fix a use-after-free {CVE-2024-57979}
- btrfs: avoid monopolizing a core when activating a swap file
- x86/i8253: Disable PIT timer 0 when not in use
- parport_pc: add support for ASIX AX99100
- serial: 8250_pci: add support for ASIX AX99100
- can: emspci: move ASIX AX99100 ids to pciids.h
- nilfs2: protect access to buffers with no active references {CVE-2025-21811}
- nilfs2: do not force clear folio if buffer is referenced {CVE-2025-21722}
- nilfs2: do not output warnings when clearing dirty buffers
- alpha: replace hardcoded stack offsets with autogenerated ones
- ndisc: extend RCU protection in ndiscsendskb() {CVE-2025-21760}
- openvswitch: use RCU protection in ovsvportcmdfillinfo()
- arp: use RCU protection in arp_xmit() {CVE-2025-21762}
- neighbour: use RCU protection in _neighnotify() {CVE-2025-21763}
- neighbour: delete redundant judgment statements
- ndisc: use RCU protection in ndiscallocskb() {CVE-2025-21764}
- ipv6: use RCU protection in ip6defaultadvmss() {CVE-2025-21765}
- ipv4: use RCU protection in inetselectaddr()
- ipv4: use RCU protection in rtisexpired()
- net: add devnetrcu() helper
- net: treat possiblenett net pointer as an RCU one and add readpnetrcu()
- regmap-irq: Add missing kfree()
- partitions: mac: fix handling of bogus partition table {CVE-2025-21772}
- gpio: stmpe: Check return value of stmperegread in stmpegpioirqsyncunlock
- alpha: align stack for page fault and user unaligned trap handlers
- serial: 8250: Fix fifo underflow on flush
- alpha: make stack 16-byte aligned (most cases)
- can: j1939: j1939sksend_loop(): fix unable to send messages with data length zero
- can: c_can: fix unbalanced runtime PM disable in error path
- USB: serial: option: drop MeiG Smart defines
- USB: serial: option: fix Telit Cinterion FN990A name
- USB: serial: option: add Telit Cinterion FN990B compositions
- USB: serial: option: add MeiG Smart SLM828
- usb: cdc-acm: Fix handling of oversized fragments
- usb: cdc-acm: Check control transfer buffer size before access {CVE-2025-21704}
- USB: cdc-acm: Fill in Renesas R-Car D3 USB Download mode quirk
- USB: hub: Ignore non-compliant devices with too many configs or interfaces {CVE-2025-21776}
- usb: gadget: f_midi: fix MIDI Streaming descriptor lengths {CVE-2025-21835}
- USB: Add USBQUIRKNO_LPM quirk for sony xperia xz1 smartphone
- USB: quirks: add USBQUIRKNO_LPM quirk for Teclast dist
- USB: pci-quirks: Fix HCCPARAMS register error for LS7A EHCI
- usb: dwc2: gadget: remove ofnode reference upon udcstop
- usb: gadget: udc: renesas_usb3: Fix compiler warning
- usb: roles: set switch registered flag early on
- batman-adv: fix panic during interface removal {CVE-2025-21781}
- ASoC: Intel: bytcr_rt5640: Add DMI quirk for Vexia Edu Atla 10 tablet 5V
- orangefs: fix a oob in orangefsdebugwrite {CVE-2025-21782}
- Grab mm lock before grabbing pt lock
- vfio/pci: Enable iowrite64 and ioread64 for vfio pci
- media: cxd2841er: fix 64-bit division on gcc-9
- gpio: bcm-kona: Add missing newline to dev_err format string
- gpio: bcm-kona: Make sure GPIO bits are unlocked when requesting IRQ
- gpio: bcm-kona: Fix GPIO lock/unlock for banks above bank 0
- arm64: cacheinfo: Avoid out-of-bounds write to cacheinfo array {CVE-2025-21785}
- team: better TEAMOPTIONTYPE_STRING validation {CVE-2025-21787}
- vrf: use RCU protection in l3mdevl3out() {CVE-2025-21791}
- ndisc: ndiscsendredirect() must use devgetbyindexrcu()
- HID: multitouch: Add NULL check in mtinputconfigured
- ocfs2: check dir isize in ocfs2find_entry
- MIPS: ftrace: Declare ftracegetparentraaddr() as static
- ptp: Ensure info->enable callback is always set {CVE-2025-21814}
- net/ncsi: wait for the last response to Deselect Package before configuring channel
- misc: fastrpc: Fix registered buffer page address
- mtd: onenand: Fix uninitialized retlen in dootpread()
- NFC: nci: Add bounds checking in ncihcicreate_pipe()
- nilfs2: fix possible int overflows in nilfs_fiemap() {CVE-2025-21736}
- ocfs2: handle a symlink read error correctly {CVE-2024-58001}
- vfio/platform: check the bounds of read/write syscalls {CVE-2025-21687}
- nvmem: core: improve range check for nvmemcellwrite()
- crypto: qce - unregister previously registered algos in error path
- crypto: qce - fix goto jump in error path
- media: uvcvideo: Remove redundant NULL assignment
- media: uvcvideo: Fix event flags in uvcctrlsend_events
- media: ov5640: fix getlightfreq on auto
- soc: qcom: smemstate: fix missing ofnode_put in error path
- kbuild: Move -Wenum-enum-conversion to W=2
- powerpc/pseries/eeh: Fix get PE state translation
- serial: sh-sci: Do not probe the serial port if its slot in sci_ports[] is in use
- serial: sh-sci: Drop _initdata macro for portcfg
- soc: qcom: socinfo: Avoid out of bounds read of serial number {CVE-2024-58007}
- usb: gadget: f_tcm: Don't prepare BOT write request twice
- usb: gadget: ftcm: epautoconfig with fullspeed endpoint
- usb: gadget: f_tcm: Decrement command ref count on cleanup
- usb: gadget: f_tcm: Translate error to sense
- wifi: brcmfmac: fix NULL pointer dereference in brcmf_txfinalize() {CVE-2025-21744}
- HID: hid-sensor-hub: don't use stale platform-data on remove
- of: reserved-memory: Fix using wrong number of cells to get property 'alignment'
- of: Fix offindnodeoptsby_path() handling of alias+path+options
- of: Correct child specifier used as input of the 2nd nexus node
- perf bench: Fix undefined behavior in cmpworker()
- clk: qcom: clk-rpmh: prevent integer overflow in recalc_rate
- clk: qcom: clk-alpha-pll: fix alpha mode configuration
- drm/komeda: Add check for komedagetlayerfourcclist()
- KVM: s390: vsie: fix some corner-cases when grabbing vsie pages
- KVM: Explicitly verify target vCPU is online in kvmgetvcpu() {CVE-2024-58083}
- arm64: dts: rockchip: increase gmac rx_delay on rk3399-puma
- binfmt_flat: Fix integer overflow bug on 32 bit systems {CVE-2024-58010}
- m68k: vga: Fix I/O defines
- s390/futex: Fix FUTEXOPANDN implementation
- leds: lp8860: Write full EEPROM, not only half of it
- cpufreq: s3c64xx: Fix compilation warning
- tun: revert fix group permission check
- net: rose: lock the socket in rose_bind() {CVE-2025-21749}
- udp: gso: do not drop small packets when PMTU reduces
- tg3: Disable tg3 PCIe AER on system reboot
- gpu: drmdpcec: fix broken CEC adapter properties check
- firmware: iscsiibft: fix ISCSIIBFT Kconfig entry
- nvme: handle connectivity loss in nvmesetqueue_count
- usb: xhci: Fix NULL pointer dereference on certain command aborts {CVE-2024-57981}
- usb: xhci: Add timeout argument in address_device USB HCD callback
- net: usb: rtl8150: enable basic endpoint checking {CVE-2025-21708}
- net: usb: rtl8150: use new tasklet API
- tasklet: Introduce new initialization API
- kbuild: userprogs: use correct lld when linking through clang
- media: uvcvideo: Remove dangling pointers {CVE-2024-58002}
- media: uvcvideo: Only save async fh if success
- nilfs2: handle errors that nilfspreparechunk() may return {CVE-2025-21721}
- nilfs2: eliminate staggered calls to kunmap in nilfs_rename
- nilfs2: move page release outside of nilfsdeleteentry and nilfssetlink
- spi-mxs: Fix chipselect glitch
- x86/mm: Don't disable PCID when INVLPG has been fixed by microcode
- APEI: GHES: Have GHES honor the panic= setting
- HID: Wacom: Add PCI Wacom device support
- mfd: lpc_ich: Add another Gemini Lake ISA bridge PCI device-id
- tomoyo: don't emit warning in tomoyowritecontrol() {CVE-2024-58085}
- wifi: brcmsmac: add gain range check to wlcphyiqcalgainparamsnphy()
- mmc: core: Respect quirkmaxrate for non-UHS SDIO card
- tun: fix group permission check
- printk: Fix signed integer overflow when defining LOGBUFLEN_MAX {CVE-2024-58017}
- x86/amd_nb: Restrict init function to AMD-based systems
- sched: Don't try to catch up excess steal time.
- btrfs: convert BUGON in btrfsreloccowblock() to proper error handling
- btrfs: fix use-after-free when attempting to join an aborted transaction {CVE-2025-21753}
- btrfs: output the reason for open_ctree() failure
- usb: gadget: f_tcm: Don't free command immediately {CVE-2024-58055}
- media: uvcvideo: Fix double free in error path {CVE-2024-57980}
- HID: core: Fix assumption that Resolution Multipliers must be in Logical Collections
- usb: typec: tcpm: set SRCSENDCAPABILITIES timeout to PDTSENDER_RESPONSE
- drivers/cardreader/rtsxusb: Restore interrupt based detection
- ktest.pl: Check kernelrelease return in get_version
- NFSD: Reset cbseqstatus after NFS4ERR_DELAY
- hexagon: Fix unbalanced spinlock in die()
- hexagon: fix using plain integer as NULL pointer warning in cmpxchg
- genksyms: fix memory leak when the same symbol is read from *.symref file
- genksyms: fix memory leak when the same symbol is added from source
- net: sh_eth: Fix missing rtnl lock in suspend/resume path
- vsock: Allow retrying on connect() failure
- perf trace: Fix runtime error of index out of bounds
- net: davicom: fix UAF in dm9000drvremove {CVE-2025-21715}
- net: rose: fix timer races against user threads {CVE-2025-21718}
- PM: hibernate: Add error handling for syscore_suspend()
- ipmr: do not call mrmfcuses_dev() for unres entries {CVE-2025-21719}
- net: fec: implement TSO descriptor cleanup
- ubifs: skip dumping tnc tree when zroot is null {CVE-2024-58058}
- rtc: pcf85063: fix potential OOB write in PCF85063 NVMEM read {CVE-2024-58069}
- dmaengine: ti: edma: fix OF node reference leaks in edma_driver
- module: Extend the preempt disabled section in dereferencesymboldescriptor().
- ocfs2: mark dquot as inactive if failed to start trans while releasing dquot
- scsi: ufs: bsg: Delete bsg_dev when setting up bsg fails
- scsi: mpt3sas: Set ioc->manu_pg11.EEDPTagMode directly to 1
- staging: media: imx: fix OF node leak in imxmediaaddofsubdevs()
- media: uvcvideo: Propagate buf->error to userspace
- media: camif-core: Add check for clk_enable()
- media: mipi-csis: Add check for clk_enable()
- PCI: endpoint: Destroy the EPC device in devmpciepc_destroy()
- media: lmedm04: Handle errors for lme2510intread
- media: lmedm04: Use GFP_KERNEL for URB allocation/submission.
- media: rc: iguanair: handle timeouts
- fbdev: omapfb: Fix an OF node leak in dssofportgetparent_device()
- ARM: dts: mediatek: mt7623: fix IR nodename
- arm64: dts: mediatek: mt8173-evb: Fix MT6397 PMIC sub-node names
- arm64: dts: mediatek: mt8173-evb: Drop regulator-compatible property
- rdma/cxgb4: Prevent potential integer overflow on 32bit {CVE-2024-57973}
- RDMA/mlx4: Avoid false error about access to uninitialized gids array
- bpf: Send signals asynchronously if !preemptible {CVE-2025-21728}
- perf report: Fix misleading help message about --demangle
- perf top: Don't complain about lack of vmlinux when not resolving some kernel samples
- padata: fix sysfs store callback check
- ktest.pl: Remove unused declarations in runbisecttest function
- perf header: Fix one memory leakage in processbpfprog_info()
- perf header: Fix one memory leakage in processbpfbtf()
- ASoC: sun4i-spdif: Add clock multiplier settings
- tools/testing/selftests/bpf/testtctunnel.sh: Fix wait for server bind
- net: sched: Disallow replacing of child qdisc from one parent to another {CVE-2025-21700}
- net/mlxfw: Drop hard coded max FW flash image size
- net: let net.core.dev_weight always be non-zero {CVE-2025-21806}
- clk: analogbits: Fix incorrect calculation of vco rate delta
- selftests: harness: fix printing of mismatch values in __EXPECT()
- selftests/harness: Display signed values correctly
- wifi: wlcore: fix unbalanced pm_runtime calls
- regulator: of: Implement the unwind path of ofregulatormatch()
- team: prevent adding a device which is already a team device lower {CVE-2024-58071}
- cpupower: fix TSC MHz calculation
- wifi: rtlwifi: pci: wait for firmware loading before releasing memory
- wifi: rtlwifi: fix memory leaks and invalid access at probe error path {CVE-2024-58063}
- wifi: rtlwifi: remove unused checkbuddypriv {CVE-2024-58072}
- wifi: rtlwifi: remove unused dualmac control leftovers
- wifi: rtlwifi: remove unused timer and related code
- rtlwifi: replace usage of found with dedicated list iterator variable
- dt-bindings: mmc: controller: clarify the address-cells description
- wifi: rtlwifi: usb: fix workqueue leak when probe fails
- wifi: rtlwifi: rtl8192se: rise completion of firmware loading as last step
- rtlwifi: rtl8192se Rename RTTRACE to rtldbg
- wifi: rtlwifi: do not complete firmware loading needlessly
- ipmi: ipmb: Add check devm_kasprintf() returned value {CVE-2024-58051}
- drm/amdgpu: Fix potential NULL pointer dereference in atomctrlgetsmcsclkrange_table
- drm/etnaviv: Fix page property being used for non writecombine buffers
- partitions: ldm: remove the initial kernel-doc notation
- nbd: don't allow reconnect after disconnect {CVE-2025-21731}
- afs: Fix directory format encoding struct
- overflow: Allow mixed type arguments
- overflow: Correct checkshloverflow() comment
- overflow: Add __mustcheck attribute to check*() helpers
- rds: ib: Do not attempt to insert RDMA exthdr twice
- net: mana: Fix TX CQE error handling {CVE-2023-52532}
- net/mlx5: Stop waiting for PCI if pci channel is offline
- rds: ib: Fix racy send affinity work cancellation
- rds: ib: Make traffic_class visible to user-space
- rds: ib: Remove incorrect update of the path record sl and qos_class fields
- net: core: reject skb_copy(_expand) for fraglist GSO skbs {CVE-2024-36929}
- udp: do not accept non-tunnel GSO skbs landing in a tunnel {CVE-2024-35884}
- udp: never accept GSO_FRAGLIST packets
- udp: initialize isflist with 0 in udpgro_receive
- ima: Fix use-after-free on a dentry's dname.name {CVE-2024-39494}
- sched: sch_cake: add bounds checks to host bulk flow fairness counts {CVE-2025-21647}
- udf: Fix use of checkaddoverflow() with mixed type arguments
- x86/xen: allow larger contiguous memory regions in PV guests
- xen: remove a confusing comment on auto-translated guest I/O
- ALSA: hda/realtek: Fixup ALC225 depop procedure
- ALSA: hda/realtek - Add type for ALC287
- net: loopback: Avoid sending IP packets without an Ethernet header
- netem: Update sch->q.qlen before qdisctreereduce_backlog()
- ocfs2: fix incorrect CPU endianness conversion causing mount failure
- Revert "btrfs: avoid monopolizing a core when activating a swap file"
- gtp: Suppress list corruption splat in gtpnetexitbatchrtnl().
- Bluetooth: L2CAP: handle NULL sock pointer in l2capsockalloc {CVE-2024-58009}
- rds: Make sure transmit path and connection tear-down does not run concurrently
- NFSv4: Prevent NULL-pointer dereference in nfs42completecopies()
- LTS tag: v5.4.290
- Partial revert of xhci: use pmptr() instead #ifdef for CONFIGPM conditionals
- xhci: use pmptr() instead of #ifdef for CONFIGPM conditionals
- drm/v3d: Assign job pointer to NULL before signaling the fence {CVE-2025-21688}
- Input: xpad - add support for wooting two he (arm)
- Input: xpad - add unofficial Xbox 360 wireless receiver clone
- Input: atkbd - map F23 key to support default copilot shortcut
- Revert "usb: gadget: u_serial: Disable ep before setting port to null to fix the crash caused by port being null"
- USB: serial: quatech2: fix null-ptr-deref in qt2processread_urb()
- ext4: fix slab-use-after-free in ext4splitextent_at()
- ext4: avoid ext4_error()'s caused by ENOMEM in the truncate path
- vfio/platform: check the bounds of read/write syscalls {CVE-2025-21687}
- net/xen-netback: prevent UAF in xenvifflushhash() {CVE-2024-49936}
- net: xen-netback: hash.c: Use built-in RCU list checking
- signal/m68k: Use forcesigsegv(SIGSEGV) in fpsp040die
- m68k: Add missing mmapreadlock() to sys_cacheflush()
- m68k: Update ->thread.esp0 before calling syscalltrace() in retfrom_signal
- gfs2: Truncate address space when flipping GFS2DIFJDATA flag
- irqchip/sunxi-nmi: Add missing SKIP_WAKE flag
- scsi: iscsi: Fix redundant response for ISCSIUEVENTGETHOSTSTATS request
- ASoC: wm8994: Add depends on MFD core
- net: fix data-races around sk->skforwardalloc {CVE-2024-53124}
- scsi: sg: Fix slab-use-after-free read in sg_release() {CVE-2024-56631}
- ipv6: avoid possible NULL deref in rt6uncachedlistflushdev()
- irqchip/gic-v3: Handle CPUPMENTER_FAILED correctly
- fs/proc: fix softlockup in _readvmcore (part 2) {CVE-2025-21694}
- net: ethernet: xgbe: re-add aneg to supported features in PHY quirks
- nvmet: propagate npwg topology
- pollwait: add mb() to fix theoretical race between waitqueueactive() and .poll()
- kheaders: Ignore silly-rename files
- hfs: Sanity check the root record
- mac802154: check local interfaces before deleting sdata list {CVE-2024-57948}
- i2c: mux: demux-pinctrl: check initial mux selection, too
- drm/v3d: Ensure job pointer is set to NULL after job completion {CVE-2025-21697}
- nfp: bpf: prevent integer overflow in nfpbpfevent_output()
- gtp: Destroy device along with udp socket's netns dismantle. {CVE-2025-21678}
- gtp: Use foreachnetdevrcu() in gtpgenldumppdp().
- gtp: use exitbatchrtnl() method
- net: add exitbatchrtnl() method
- net: net_namespace: Optimize the code
- net: ethernet: ti: cpswale: Fix cpswalegetfield()
- sctp: sysctl: rto_min/max: avoid using current->nsproxy
- ocfs2: fix slab-use-after-free due to dangling pointer dqi_priv {CVE-2024-57892}
- ocfs2: correct return value of ocfs2localfree_info()
- phy: core: Fix that API devmofphyproviderunregister() fails to unregister the phy provider
- phy: core: fix code style in devmofphyproviderunregister
- arm64: dts: rockchip: add hevc power domain clock to rk3328
- arm64: dts: rockchip: add #power-domain-cells to power domain nodes
- arm64: dts: rockchip: fix pdtcpc0 and pdtcpc1 node position on rk3399
- arm64: dts: rockchip: fix defines in pd_vio node for rk3399
- iio: inkern: call iiodeviceput() only on mapped devices
- iio: adc: at91: call inputfreedevice() on allocated iio_dev {CVE-2024-57904}
- iio: adc: ti-ads124s08: Use gpiodsetvalue_cansleep()
- iio: gyro: fxas21002c: Fix missing data update in trigger handler
- iio: adc: ti-ads8688: fix information leak in triggered buffer {CVE-2024-57906}
- iio: imu: kmx61: fix information leak in triggered buffer {CVE-2024-57908}
- iio: light: vcnl4035: fix information leak in triggered buffer {CVE-2024-57910}
- iio: dummy: iiosimplydummy_buffer: fix information leak in triggered buffer
- iio: pressure: zpa2326: fix information leak in triggered buffer {CVE-2024-57912}
- usb: gadget: ffs: Remove WARNON in functionfs_bind {CVE-2024-57913}
- usb: fix reference leak in usbnewdevice()
- USB: core: Disable LPM only for non-suspended ports
- USB: usblp: return error when setting unsupported protocol
- usb: gadget: u_serial: Disable ep before setting port to null to fix the crash caused by port being null
- USB: serial: cp210x: add Phoenix Contact UPS Device
- usb-storage: Add max sectors quirk for Nokia 208
- staging: iio: ad9832: Correct phase range check
- staging: iio: ad9834: Correct phase range check
- USB: serial: option: add Neoway N723-EA support
- USB: serial: option: add MeiG Smart SRM815
- drm/amd/display: increase MAX_SURFACES to the value supported by hw
- ACPI: resource: Add Asus Vivobook X1504VAP to irq1levellowskipoverride[]
- ACPI: resource: Add TongFang GM5HG0A to irq1edgelowforceoverride[]
- drm/amd/display: Add check for granularity in dml ceil/floor helpers {CVE-2024-57922}
- sctp: sysctl: auth_enable: avoid using current->nsproxy
- sctp: sysctl: cookiehmacalg: avoid using current->nsproxy {CVE-2025-21640}
- dm thin: make getfirstthin use rcu-safe list first function {CVE-2025-21664}
- tls: Fix tlsswsendmsg error handling
- netsched: clsflow: validate TCAFLOWRSHIFT attribute {CVE-2025-21653}
- tcp/dccp: allow a connection when skmaxack_backlog is zero
- tcp/dccp: complete lockless accesses to sk->skmaxack_backlog
- net: 802: LLC+SNAP OID:PID lookup on start of skb data
- ieee802154: ca8210: Add missing check for kfifoalloc() in ca8210probe()
- dm array: fix cursor index when skipping across block boundaries
- dm array: fix unreleased btree blocks on closing a faulty array cursor
- dm array: fix releasing a faulty array block twice in dmarraycursor_end {CVE-2024-57929}
- jbd2: flush filesystem device before updating tail sequence
- Revert "NFSD: Limit the number of concurrent async COPY operations"
- rds: ib: Avoid sleeping function inside RCU region by using sampled values instead
- dm rq: don't queue request to blk-mq during DM suspend {CVE-2021-47498}
- dm: rearrange core declarations for extended use from dm-zone.c
- cgroup: Make operations on the cgroup root_list RCU safe
- uek: kabi: Fix build error for HIDE_INCLUDE macro
- oracleasm: Fix PI when uselogicalblock_size is set
- oracleasm: Add support for per-I/O block size selection
- perf/x86/intel/uncore: Fix NULL pointer dereference issue in upifilltopology()
- iouring: fix possible deadlock in ioregisteriowqmax_workers()
- iouring/rw: fix missing NOWAIT check for ODIRECT start write {CVE-2024-53052}
- iouring: use kiocb{start,end}_write() helpers
- fs: create kiocb_{start,end}_write() helpers
- iouring: rename kiocbend_write() local helper
- io_uring/sqpoll: close race on waiting for sqring entries
- io_uring/sqpoll: do not put cpumask on stack
- io_uring/sqpoll: retain test for whether the CPU is valid
- io_uring/sqpoll: do not allow pinning outside of cpuset
- io_uring/io-wq: limit retrying worker initialisation
- vfs: check dentry is still valid in get_link()
- RDS: avoid queueing delayed work on an offlined cpu
- NFSD: Limit the number of concurrent async COPY operations {CVE-2024-49974}
- LTS tag: v5.4.289
- mm: vmscan: account for free pages to prevent infinite Loop in throttledirectreclaim()
- drm: adv7511: Drop dsi single lane support
- net/sctp: Prevent autoclose integer overflow in sctpassociationinit()
- sky2: Add device ID 11ab:4373 for Marvell 88E8075
- pinctrl: mcp23s08: Fix sleeping in atomic context due to regmap locking {CVE-2024-57889}
- RDMA/uverbs: Prevent integer overflow issue {CVE-2024-57890}
- modpost: fix the missed iteration for the max bit in do_input()
- modpost: fix input MODULEDEVICETABLE() built for 64-bit on 32-bit host
- ARC: build: Try to guess GCC variant of cross compiler
- irqchip/gic: Correct declaration of *percpubase pointer in union gicbase
- net: usb: qmi_wwan: add Telit FE910C04 compositions
- bpf: fix potential error return
- sound: usb: format: don't warn that raw DSD is unsupported
- wifi: mac80211: wake the queues in case of failure in resume
- ila: serialize calls to nfregisternet_hooks() {CVE-2024-57900}
- ALSA: usb-audio: US16x08: Initialize array before use
- net: llc: reset skb->transport_header
- netfilter: nftsethash: unaligned atomic read on struct nftsetext {CVE-2024-54031}
- netfilter: Replace zero-length array with flexible-array member
- netrom: check buffer length before accessing it {CVE-2024-57802}
- drm/bridge: adv7511_audio: Update Audio InfoFrame properly
- drm: bridge: adv7511: Enable SPDIF DAI
- RDMA/bnxtre: Fix maxqp_wrs reported
- RDMA/bnxtre: Fix reporting hwver in query_device
- RDMA/bnxtre: Add check for path mtu in modifyqp
- RDMA/mlx5: Enforce same type port association for multiport RoCE
- net/mlx5: Make API mlx5coreis_ecpf accept const pointer
- IB/mlx5: Introduce and use mlx5coreis_vf()
- Drivers: hv: util: Avoid accessing a ringbuffer not initialized yet {CVE-2024-55916}
- selinux: ignore unknown extended permissions {CVE-2024-57931}
- ipv6: prevent possible UAF in ip6_xmit() {CVE-2024-44985}
- skbexpandhead() adjust skb->truesize incorrectly
- btrfs: avoid monopolizing a core when activating a swap file
- tracing: Constify string literal data member in struct traceeventcall
- bpf: fix recursive lock when verdict program return SK_PASS {CVE-2024-56694}
- ipv6: fix possible UAF in ip6finishoutput2()
- ipv6: use skbexpandhead in ip6_xmit
- ipv6: use skbexpandhead in ip6finishoutput2
- skbuff: introduce skbexpandhead()
- MIPS: Probe toolchain support of -msym32
- epoll: Add synchronous wakeup support for eppollcallback
- virtio-blk: don't keep queue frozen during system suspend {CVE-2024-57946}
- scsi: mpt3sas: Diag-Reset when Doorbell-In-Use bit is set during driver load time
- platform/x86: asus-nb-wmi: Ignore unknown event 0xCF
- regmap: Use correct format specifier for logging range errors
- scsi: megaraid_sas: Fix for a potential deadlock {CVE-2024-57807}
- scsi: qla1280: Fix hw revision numbering for ISP1020/1040
- tracing/kprobe: Make tracekprobe's module callback called after jumplabel update
- dmaengine: atxdmac: avoid nullprtderef in atxdmacprepdma_memset
- dmaengine: mv_xor: fix child node refcount handling in early exit
- phy: core: Fix that API devmphydestroy() fails to destroy the phy
- phy: core: Fix that API devmphyput() fails to release the phy
- phy: core: Fix an OF node refcount leakage in ofphyprovider_lookup()
- phy: core: Fix an OF node refcount leakage in ofphy_get()
- mtd: diskonchip: Cast an operand to prevent potential overflow
- bpf: Check negative offsets in _bpfskbminlen()
- media: dvb-frontends: dib3000mb: fix uninit-value in dib3000writereg {CVE-2024-56769}
- of: Fix refcount leakage for OF node returned by _ofgetdmaparent()
- of: Fix error path in ofparsephandlewithargs_map()
- udmabuf: also check for FSEALFUTURE_WRITE
- nilfs2: prevent use of deleted inode {CVE-2024-53690}
- NFS/pnfs: Fix a live lock between recalled layouts and layoutget
- btrfs: tree-checker: reject inline extent items with 0 ref count
- zram: refuse to use zero sized block device as backing device
- sh: clk: Fix clk_enable() to return 0 on NULL clk
- USB: serial: option: add Telit FE910C04 rmnet compositions
- USB: serial: option: add MediaTek T7XX compositions
- USB: serial: option: add Netprisma LCUK54 modules for WWAN Ready
- USB: serial: option: add MeiG Smart SLM770A
- USB: serial: option: add TCL IK512 MBIM & ECM
- efivarfs: Fix error on non-existent file
- i2c: riic: Always round-up when calculating bus period
- chelsio/chtls: prevent potential integer overflow on 32bit
- mmc: sdhci-tegra: Remove SDHCIQUIRKBROKENADMAZEROLEN_DESC quirk
- netfilter: ipset: Fix for recursive locking warning
- net: ethernet: bgmac-platform: fix an OF node reference leak
- net: hinic: Fix cleanup in create_rxqs/txqs()
- ionic: use ee->offset when returning sprom data
- net/smc: check sndbufspace again after NOSPACE flag is set in smcpoll
- erofs: fix incorrect symlink detection in fast symlink
- erofs: fix order >= MAXORDER warning due to crafted negative isize
- drm/i915: Fix memory leak by correcting cache object name in error handler
- PCI: Add ACS quirk for Broadcom BCM5760X NIC
- ALSA: usb: Fix UBSAN warning in parseaudiounit()
- PCI/AER: Disable AER service on suspend
- usb: dwc2: gadget: Don't write invalid mapped sg entries into dma_desc with iommu enabled
- net: sched: fix ordering of qlen adjustment {CVE-2024-53164}
- kpcimgr: fix flushicacherange arguments
- ftrace: use preempt_enable/disable notrace macros to avoid double fault
- nfsd: restore callback functionality for NFSv4.0
- i2c: pnx: Fix timeout in wait functions
- of/irq: Fix using uninitialized variable @addrlen in API ofirqparseone()
- afpacket: fix vlangettci() vs MSGPEEK {CVE-2024-57902}
- afpacket: fix vlangetprotocoldgram() vs MSG_PEEK {CVE-2024-57901}
- mtd: rawnand: fix double free in atmelpmecccreate_user()
- Revert "xen/swiotlb: add alignment check for dma buffers"
- vfio/iommu_type1: Fix some sanity checks in detach group
- Revert "vfio/iommu_type1: Fix some sanity checks in detach group"
- rds: ib: Avoid UAF on RDS Socket's rstranslock
- rds: ib: Fix blocked processes related to race in rdsrdmafreedevrs_worker()
- rds: ib: Fix deterministic UAF in rdsrdmafreedevrs_worker()
- Revert "KVM: SVM: Add a module parameter to override iommu AVIC usage"
- LTS tag: v5.4.288
- ALSA: usb-audio: Fix a DMA to stack memory bug
- xen/netfront: fix crash when removing device {CVE-2024-53240}
- KVM: arm64: Ignore PMCNTENSET_EL0 while checking for overflow status
- blk-iocost: Avoid using clamp() on inuse in _propagateweights()
- blk-iocost: fix weight updates of inner active iocgs
- blk-iocost: clamp inuse and skip noops in _propagateweights()
- ACPICA: events/evxfregn: don't release the ContextMutex that was never acquired
- net/sched: netem: account for backlog updates from child qdisc {CVE-2024-56770}
- qca_spi: Make driver probing reliable
- qca_spi: Fix clock speed for multiple QCA7000
- ACPI: resource: Fix memory resource type union access
- net: lapb: increase LAPBHEADERLEN {CVE-2024-56659}
- tipc: fix NULL deref in cleanup_bearer() {CVE-2024-56661}
- batman-adv: Do not let TT changes list grows indefinitely
- batman-adv: Remove uninitialized data in full table TT response
- batman-adv: Do not send uninitialized TT changes
- bpf, sockmap: Fix update element with same
- xfs: don't drop errno values when we fail to ficlone the entire range
- usb: gadget: userial: Fix the issue that gsstart_io crashed due to accessing null pointer
- usb: ehci-hcd: fix call balance of clocks handling routines
- usb: dwc2: hcd: Fix GetPortStatus & SetPortFeature
- ata: satahighbank: fix OF node reference leak in highbankinitialize_phys()
- usb: host: max3421-hcd: Correctly abort a USB request.
- LTS tag: v5.4.287
- bpf, xdp: Update devmap comments to reflect napi/rcu usage
- ALSA: usb-audio: Fix out of bounds reads when finding clock sources {CVE-2024-53150}
- PCI: rockchip-ep: Fix address translation unit programming
- Revert "drm/amdgpu: add missing size check in amdgpudebugfsgprwave_read()"
- modpost: Add .irqentry.text to OTHER_SECTIONS
- jffs2: Fix rtime decompressor
- jffs2: Prevent rtime decompress memory corruption {CVE-2024-57850}
- KVM: arm64: vgic-its: Clear ITE when DISCARD frees an ITE
- KVM: arm64: vgic-its: Clear DTE when MAPD unmaps a device
- KVM: arm64: vgic-its: Add a data length check in vgicitssave_*
- perf/x86/intel/pt: Fix buffer full but size is 0 case
- bpf: fix OOB devmap writes when deleting elements {CVE-2024-56615}
- xdp: Simplify devmap cleanup
- misc: eeprom: eeprom_93cx6: Add quirk for extra read clock cycle
- powerpc/prom_init: Fixup missing powermac #size-cells {CVE-2024-56781}
- usb: chipidea: udc: handle USB Error Interrupt if IOC not set
- i3c: Use i3cdev->desc->info instead of calling i3cdeviceget_info() to avoid deadlock
- PCI: Add ACS quirk for Wangxun FF5xxx NICs
- PCI: Add 'reset_subordinate' to reset hierarchy below bridge
- f2fs: fix f2fsbugon when uninstalling filesystem call f2fsevictinode. {CVE-2024-56586}
- nvdimm: rectify the illogical code within nddaxprobe()
- pinctrl: qcom-pmic-gpio: add support for PM8937
- scsi: st: Add MTIOCGET and MTLOAD to ioctls allowed after device reset
- scsi: st: Don't modify unknown block number in MTIOCGET
- leds: class: Protect brightnessshow() with ledcdev->led_access mutex
- tracing: Use atomic64increturn() in traceclockcounter()
- netpoll: Use rcuaccesspointer() in _netpollsetup
- net/neighbor: clear error in case strict check is not set
- rocker: fix link status detection in rockercarrierinit()
- ASoC: hdmi-codec: reorder channel allocation list
- Bluetooth: btusb: Add RTL8852BE device 0489:e123 to device tables
- wifi: brcmfmac: Fix oops due to NULL pointer dereference in brcmfsdiodsglist_rw()
- wifi: ipw2x00: libipwrxany(): fix bad alignment
- drm/amdgpu: set the right AMDGPU sg segment limitation {CVE-2024-56594}
- jfs: add a check to prevent array-index-out-of-bounds in dbAdjTree {CVE-2024-56595}
- jfs: fix array-index-out-of-bounds in jfs_readdir {CVE-2024-56596}
- jfs: fix shift-out-of-bounds in dbSplit {CVE-2024-56597}
- jfs: array-index-out-of-bounds fix in dtReadFirst {CVE-2024-56598}
- wifi: ath5k: add PCI ID for Arcadyan devices
- wifi: ath5k: add PCI ID for SX76X
- net: inet6: do not leave a dangling sk pointer in inet6_create() {CVE-2024-40954}
- net: inet: do not leave a dangling sk pointer in inet_create() {CVE-2024-40954}
- net: ieee802154: do not leave a dangling sk pointer in ieee802154_create() {CVE-2024-40954}
- net: afcan: do not leave a dangling sk pointer in cancreate() {CVE-2024-40954}
- Bluetooth: L2CAP: do not leave dangling sk pointer on error in l2capsockcreate()
- afpacket: avoid erroring out after sockinitdata() in packetcreate() {CVE-2024-40954}
- net/sched: cbs: Fix integer overflow in cbssetport_rate()
- net: ethernet: fsenet: Use %pa to format resourcesize_t
- net: fecmpc52xxphy: Use %pa to format resourcesizet
- samples/bpf: Fix a resource leak
- drm/radeon/r600cs: Fix possible int overflow in r600packet3_check()
- drm/mcde: Enable module autoloading
- drm: panel-orientation-quirks: Add quirk for AYA NEO 2 model
- media: cx231xx: Add support for Dexatek USB Video Grabber 1d19:6108
- media: uvcvideo: Add a quirk for the Kaiweets KTI-W02 infrared camera
- s390/cpum_sf: Handle CPU hotplug remove during sampling {CVE-2024-57849}
- mmc: core: Further prevent card detect during shutdown
- regmap: detach regmap from dev on regmap_exit
- dma-buf: fix dmafencearray_signaled v4
- bcache: revert replacing ISERRORNULL with ISERR again {CVE-2024-48881}
- nilfs2: fix potential out-of-bounds memory access in nilfsfindentry() {CVE-2024-56619}
- scsi: qla2xxx: Remove check reqsgcnt should be equal to rspsgcnt
- scsi: qla2xxx: Supported speed displayed incorrectly for VPorts
- scsi: qla2xxx: Fix NVMe and NPIV connect issue
- ocfs2: update seqfile index in ocfs2dlmseqnext
- tracing: Fix cmpentriesdup() to respect sort() comparison rules
- HID: wacom: fix when get product name maybe null pointer {CVE-2024-56629}
- bpf: Fix exact match conditions in triegetnext_key()
- bpf: Handle BPFEXIST and BPFNOEXIST for LPM trie
- ocfs2: free inode when ocfs2getinit_inode() fails {CVE-2024-56630}
- spi: mpc52xx: Add cancelworksync before module remove {CVE-2024-50051}
- tcpbpf: Fix the skmemuncharge logic in tcpbpf_sendmsg {CVE-2024-56633}
- drm/sti: Add __iomem for mixerdbgmxn's parameter
- gpio: grgpio: Add NULL check in grgpio_probe {CVE-2024-56634}
- gpio: grgpio: use a helper variable to store the address of ofdev->dev
- crypto: x86/aegis128 - access 32-bit arguments as 32-bit
- x86/asm: Reorder early variables
- xen: Fix the issue of resource not being properly released in xenbusdevprobe()
- xen/xenbus: fix locking
- xenbus/backend: Protect xenbus callback with lock
- xenbus/backend: Add memory pressure handler callback
- xen/xenbus: reference count registered modules
- netfilter: nftsethash: skip duplicated elements pending gc run
- netfilter: ipset: Hold module reference while requesting a module {CVE-2024-56637}
- igb: Fix potential invalid memory access in igbinitmodule() {CVE-2024-52332}
- net/qed: allow old cards not supporting "num_images" to work
- tipc: Fix use-after-free of kernel socket in cleanup_bearer(). {CVE-2024-56642}
- tipc: add new AEAD key structure for user API
- tipc: enable creating a "preliminary" node
- tipc: add reference counter to bearer
- dccp: Fix memory leak in dccpfeatchange_recv {CVE-2024-56643}
- can: j1939: j1939sessionnew(): fix skb reference counting {CVE-2024-56645}
- net/sched: tbf: correct backlog statistic for GSO packets
- netfilter: xtables: fix LED ID check in ledtg_check() {CVE-2024-56650}
- ipvs: fix UB due to uninitialized stack access in ipvsprotocol_init() {CVE-2024-53680}
- can: sun4ican: sun4ican_err(): fix {rx,tx}_errors statistics
- can: sun4ican: sun4icanerr(): call canchange_state() even if cf is NULL
- watchdog: mediatek: Make sure system reset gets asserted in mtkwdtrestart()
- iTCOwdt: mask NMINOW bit for updatenoreboot_bit() call
- drm/etnaviv: flush shader L1 cache after user commandstream
- nfsd: fix nfs4openowner leak when concurrent nfsd4open occur {CVE-2024-56779}
- nfsd: make sure exp active before svcexportshow {CVE-2024-56558}
- dm thin: Add missing destroyworkon_stack()
- i3c: master: Fix miss free initdynaddr at i3cmasterputi3caddrs()
- utilmacros.h: fix/rework findclosest() macros
- ad7780: fix division by zero in ad7780writeraw() {CVE-2024-56567}
- clk: qcom: gcc-qcs404: fix initial rate of GPLL3
- ftrace: Fix regression with module command in stacktracefilter {CVE-2024-56569}
- ovl: Filter invalid inodes with missing lookup function {CVE-2024-56570}
- media: platform: allegro-dvt: Fix possible memory leak in allocatebuffersinternal()
- media: gspca: ov534-ov772x: Fix off-by-one error in setframerate()
- media: venus: Fix pmruntimeset_suspended() with runtime pm enabled
- media: ts2020: fix null-ptr-deref in ts2020_probe() {CVE-2024-56574}
- media: i2c: tc358743: Fix crash in the probe error path when using polling
- btrfs: ref-verify: fix use-after-free after invalid ref action {CVE-2024-56581}
- quota: flush quotareleasework upon quota writeback {CVE-2024-56780}
- ASoC: fsl_micfil: fix the naming style for mask definition
- sh: intc: Fix use-after-free bug in registerintccontroller()
- sunrpc: clear XPRTSOCKUPD_TIMEOUT when reset transport {CVE-2024-56688}
- SUNRPC: Replace internal use of SOCKWQASYNCNOSPACE
- SUNRPC: correct error code comment in xstcpsetup_socket()
- modpost: remove incorrect code in doeisaentry()
- rtc: ab-eoz9: don't fail temperature reads on undervoltage notification
- 9p/xen: fix release of IRQ {CVE-2024-56704}
- 9p/xen: fix init sequence
- block: return unsigned int from bdeviomin
- jffs2: fix use of uninitialized variable
- ubifs: authentication: Fix use-after-free in ubifstncend_commit
- ubi: fastmap: Fix duplicate slab cache names while attaching {CVE-2024-53172}
- ubifs: Correct the total block count by deducting journal reservation
- rtc: check if _rtcreadtime was successful in rtctimerdowork() {CVE-2024-56739}
- rtc: abx80x: Fix WDT bit position of the status register
- rtc: st-lpc: Use IRQFNOAUTOEN flag in request_irq()
- NFSv4.0: Fix a use-after-free problem in the asynchronous open()
- um: Always dump trace for specified task in show_stack
- um: Clean up stacktrace dump
- um: add showstackloglvl()
- um/sysrq: remove needless variable sp
- um: Fix the return value of elfcorecopytaskfpregs
- um: Fix potential integer overflow during physmem setup {CVE-2024-53145}
- rpmsg: glink: Propagate TX failures in intentless mode as well
- SUNRPC: make sure cache entry active before cache_show {CVE-2024-53174}
- NFSD: Prevent a potential integer overflow {CVE-2024-53146}
- lib: string_helpers: silence snprintf() output truncation warning
- usb: dwc3: gadget: Fix checking for number of TRBs left
- ALSA: hda/realtek: Apply quirk for Medion E15433
- ALSA: hda/realtek: Fix Internal Speaker and Mic boost of Infinix Y4 Max
- ALSA: hda/realtek: Set PCBeep to default value for ALC274
- ALSA: hda/realtek: Update ALC225 depop procedure
- media: wl128x: Fix atomicity violation in fmcsendcmd() {CVE-2024-56700}
- HID: wacom: Interpret tilt data from Intuos Pro BT as signed values
- block: fix ordering between checking BLKMQS_STOPPED request adding
- arm64: tls: Fix context-switching of tpidrro_el0 when kpti is enabled
- sh: cpuinfo: Fix a warning for CONFIGCPUMASKOFFSTACK
- um: vector: Do not use drvdata in release {CVE-2024-53181}
- serial: 8250: omap: Move pmruntimeget_sync
- um: net: Do not use drvdata in release {CVE-2024-53183}
- um: ubd: Do not use drvdata in release {CVE-2024-53184}
- ubi: wl: Put source PEB into correct list if trying locking LEB failed
- spi: Fix acpi deferred irq probe
- netfilter: ipset: add missing range check in bitmapipuadt {CVE-2024-53141}
- Revert "serial: sh-sci: Clean sci_ports[0] after at earlycon exit"
- serial: sh-sci: Clean sci_ports[0] after at earlycon exit
- Bluetooth: Fix type of len in rfcommsockgetsockopt{,_old}()
- tty: ldsic: fix ttyldiscautoload sysctl's proc_handler
- comedi: Flush partial mappings in error case {CVE-2024-53148}
- PCI: Fix use-after-free of slot->bus on hot remove {CVE-2024-53194}
- ASoC: codecs: Fix atomicity violation in sndsoccomponentgetdrvdata()
- jfs: xattr: check invalid xattr size more strictly
- ext4: fix FSIOCGETFSMAP handling
- ext4: supress data-race warnings in ext4freeinodes_{count,set}()
- ALSA: usb-audio: Fix potential out-of-bound accesses for Extigy and Mbox devices
- soc: qcom: socinfo: fix revision check in qcomsocinfoprobe()
- usb: ehci-spear: fix call balance of sehci clk handling routines
- apparmor: fix 'Do simple duplicate message elimination'
- staging: greybus: uart: clean up TIOCGSERIAL
- misc: apds990x: Fix missing pmruntimedisable()
- USB: chaoskey: Fix possible deadlock chaoskeylistlock
- USB: chaoskey: fail open after removal
- usb: yurex: make waiting on yurex_write interruptible
- usb: using mutex lock and supporting ONONBLOCK flag in iowarriorread()
- ipmr: fix tables suspicious RCU usage
- ipmr: convert /proc handlers to rcureadlock()
- net: stmmac: dwmac-socfpga: Set RX watchdog interrupt as broken
- marvell: pxa168_eth: fix call balance of pep->clk handling routines
- net: usb: lan78xx: Fix refcounting and autosuspend on invalid WoL configuration
- tg3: Set coherent DMA mask bits to 31 for BCM57766 chipsets
- net: usb: lan78xx: Fix memory leak on device unplug by freeing PHY device
- power: supply: core: Remove mightsleep() from powersupply_put()
- vfio/pci: Properly hide first-in-list PCIe extended capability {CVE-2024-53214}
- NFSD: Fix nfsd4shutdowncopy()
- NFSD: Cap the number of bytes copied by nfs4resetrecoverydir()
- NFSD: Prevent NULL dereference in nfsd4processcb_update()
- rpmsg: glink: use only lower 16-bits of param2 for CMD_OPEN name length
- rpmsg: glink: Fix GLINK command prefix
- rpmsg: glink: Send READ_NOTIFY command in FIFO full case
- rpmsg: glink: Add TXDATACONT command while sending
- perf trace: Avoid garbage when not printing a syscall's arguments
- perf trace: Do not lose last events in a race
- m68k: coldfire/device.c: only build FEC when HW macros are defined
- m68k: mcfgpio: Fix incorrect register offset for CONFIG_M5441x
- PCI: cpqphp: Fix PCIBIOS_* return value confusion
- PCI: cpqphp: Use PCIPOSSIBLEERROR() to check config reads
- perf probe: Correct demangled symbols in C++ program
- perf cs-etm: Don't flush when packet_queue fills up
- clk: clk-axi-clkgen: make sure to enable the AXI bus clock
- clk: axi-clkgen: use devmplatformioremap_resource() short-hand
- dt-bindings: clock: axi-clkgen: include AXI clk
- dt-bindings: clock: adi,axi-clkgen: convert old binding to yaml format
- fbdev: sh7760fb: Fix a possible memory leak in sh7760fballocmem()
- fbdev/sh7760fb: Alloc DMA memory from hardware device
- powerpc/sstep: make emulatevsxload and emulatevsxstore static
- ocfs2: fix uninitialized value in ocfs2fileread_iter()
- scsi: qedi: Fix a possible memory leak in qediallocandinitsb()
- scsi: qedf: Fix a possible memory leak in qedfallocandinitsb()
- scsi: fusion: Remove unused variable 'rc'
- scsi: bfa: Fix use-after-free in bfadimmodule_exit()
- mfd: rt5033: Fix missing regmapdelirq_chip()
- mtd: rawnand: atmel: Fix possible memory leak
- cpufreq: loongson2: Unregister platform_driver on failure
- mfd: intelsocpmic_bxtwc: Use IRQ domain for PMIC devices {CVE-2024-56723}
- mfd: intelsocpmic_bxtwc: Use IRQ domain for TMU device {CVE-2024-56724}
- mfd: intelsocpmic_bxtwc: Use IRQ domain for USB Type-C device {CVE-2024-56691}
- mfd: intelsocpmicbxtwc: Use deverr_probe()
- mfd: da9052-spi: Change read-mask to write-mask
- mfd: tps65010: Use IRQFNOAUTOEN flag in request_irq() to fix race
- trace/traceeventperf: remove duplicate samples on the first tracepoint event
- netpoll: Use rcuaccesspointer() in netpollpolllock
- ALSA: 6fire: Release resources at card release {CVE-2024-53239}
- ALSA: caiaq: Use sndcardfreewhenclosed() at disconnection {CVE-2024-56531}
- ALSA: us122l: Use sndcardfreewhenclosed() at disconnection {CVE-2024-56532}
- net: rfkill: gpio: Add check for clk_enable()
- selftests: net: really check for bg process completion
- bpf, sockmap: Fix skmsgreset_curr
- bpf, sockmap: Several fixes to bpfmsgpop_data {CVE-2024-56720}
- bpf, sockmap: Several fixes to bpfmsgpush_data
- drm/etnaviv: hold GPU lock across perfmon sampling
- drm/etnaviv: fix power register offset on GC300
- drm/etnaviv: dump: fix sparse warnings
- drm/msm/adreno: Use IRQFNOAUTOEN flag in request_irq()
- drm/panfrost: Remove unused idmask from struct panfrostmodel
- wifi: mwifiex: Fix memcpy() field-spanning write warning in mwifiexconfigscan()
- bpf: Fix the xdpadjusttail sample prog issue
- ASoC: fslmicfil: fix regmapwrite_bits usage
- ASoC: fsl_micfil: use GENMASK to define register bit fields
- ASoC: fsl_micfil: do not define SHIFT/MASK for single bits
- ASoC: fsl_micfil: Drop unnecessary register read
- dt-bindings: vendor-prefixes: Add NeoFidelity, Inc
- drm/imx/ipuv3: Use IRQFNOAUTOEN flag in request_irq()
- wifi: mwifiex: Use IRQFNOAUTOEN flag in request_irq()
- wifi: p54: Use IRQFNOAUTOEN flag in request_irq()
- drm/omap: Fix locking in omapgemnew_dmabuf()
- wifi: ath9k: add range check for connrspepid in htcconnectservice() {CVE-2024-53156}
- drm/mm: Mark drmmminterval_tree*() functions with _maybeunused
- firmware: arm_scpi: Check the DVFS OPP count returned by the firmware {CVE-2024-53157}
- regmap: irq: Set lockdep class for hierarchical IRQ domains
- ARM: dts: cubieboard4: Fix DCDC5 regulator constraints
- tpm: fix signed/unsigned bug when checking event logs
- efi/tpm: Pass correct address to memblock_reserve
- mmc: mmc_spi: drop buggy snprintf()
- soc: qcom: geni-se: fix array underflow in geniseclktblget()
- soc: ti: smartreflex: Use IRQFNOAUTOEN flag in request_irq()
- time: Fix references to msecsto_jiffies() handling of values
- crypto: cavium - Fix an error handling path in cptucodeload_fw()
- crypto: bcm - add error check in the ahashhmacinit function {CVE-2024-56681}
- crypto: cavium - Fix the if condition to exit loop after timeout
- crypto: pcrypt - Call crypto layer directly when padatadoparallel() return -EBUSY
- EDAC/fsl_ddr: Fix bad bit shift operations
- EDAC/bluefield: Fix potential integer overflow {CVE-2024-53161}
- firmware: google: Unregister driver_info on failure
- firmware: google: Unregister driver_info on failure and exit in gsmi
- hfsplus: don't query the device logical block size multiple times {CVE-2024-56548}
- s390/syscalls: Avoid creation of arch/arch/ directory
- acpi/arm64: Adjust error handling procedure in gtdtparsetimer_block()
- m68k: mvme147: Reinstate early console
- m68k: mvme16x: Add and use "mvme16x.h"
- m68k: mvme147: Fix SCSI controller IRQ numbers
- nvme-pci: fix freeing of the HMB descriptor table {CVE-2024-56756}
- initramfs: avoid filename buffer overrun {CVE-2024-53142}
- mips: asm: fix warning when disabling MIPSFPSUPPORT
- x86/xen/pvh: Annotate indirect branch as safe
- nvme: fix metadata handling in nvme-passthrough
- cifs: Fix buffer overflow when parsing NFS reparse points {CVE-2024-49996}
- ipmr: Fix access to mfccachelist without lock held
- proc/softirqs: replace seqprintf with seqputdecimalull_width
- ASoC: stm: Prevent potential division by zero in stm32saigetclkdiv()
- ASoC: stm: Prevent potential division by zero in stm32saimclkroundrate()
- regulator: rk808: Add apply_bit for BUCK3 on RK809
- soc: qcom: Add check devm_kasprintf() returned value
- net: usb: qmi_wwan: add Quectel RG650V
- x86/amdnb: Fix compile-testing without CONFIGAMD_NB
- ALSA: hda/realtek: Add subwoofer quirk for Infinix ZERO BOOK 13
- selftests/watchdog-test: Fix system accidentally reset after watchdog-test
- mac80211: fix user-power when emulating chanctx
- ASoC: Intel: bytcr_rt5640: Add DMI quirk for Vexia Edu Atla 10 tablet
- kbuild: Use uname for LINUXCOMPILEHOST detection
- media: dvbdev: fix the logic when DVBDYNAMICMINORS is not set
- nilfs2: fix null-ptr-deref in blockdirtybuffer tracepoint {CVE-2024-53130}
- ocfs2: fix UBSAN warning in ocfs2verifyvolume()
- nilfs2: fix null-ptr-deref in blocktouchbuffer tracepoint {CVE-2024-53131}
- KVM: VMX: Bury Intel PT virtualization (guest/host mode) behind CONFIG_BROKEN
- ocfs2: uncache inode which has failed entering the group {CVE-2024-53112}
- net/mlx5e: kTLS, Fix incorrect page refcounting {CVE-2024-53138}
- net/mlx5: fs, lock FTE when checking if active {CVE-2024-53121}
- netlink: terminate outstanding dump on socket close {CVE-2024-53140}
- LTS tag: v5.4.286
- 9p: fix slab cache name creation for real
- md/raid10: improve code of mrdev in raid10syncrequest
- net: usb: qmi_wwan: add Fibocom FG132 0x0112 composition
- fs: Fix uninitialized value issue in fromkuid and fromkgid {CVE-2024-53101}
- powerpc/powernv: Free name on error in opaleventinit()
- sound: Make CONFIGSND depend on INDIRECTIOMEM instead of UML
- bpf: use kvzmalloc to allocate BPF verifier environment
- HID: multitouch: Add quirk for HONOR MagicBook Art 14 touchpad
- 9p: Avoid creating multiple slab caches with the same name
- ALSA: usb-audio: Add endianness annotations
- vsock/virtio: Initialization of the dangling pointer occurring in vsk->trans {CVE-2024-50264}
- hv_sock: Initializing vsk->trans to NULL to prevent a dangling pointer {CVE-2024-53103}
- ftrace: Fix possible use-after-free issue in ftrace_location() {CVE-2024-38588}
- NFSD: Fix NFSv4's PUTPUBFH operation
- ALSA: usb-audio: Add quirks for Dell WD19 dock
- ALSA: usb-audio: Support jack detection on Dell dock
- ocfs2: remove entry once instead of null-ptr-dereference in ocfs2xaremove()
- irqchip/gic-v3: Force propagation of the active state with a read-back
- USB: serial: option: add Quectel RG650V
- USB: serial: option: add Fibocom FG132 0x0112 composition
- USB: serial: qcserial: add support for Sierra Wireless EM86xx
- USB: serial: io_edgeport: fix use after free in debug printk {CVE-2024-50267}
- usb: musb: sunxi: Fix accessing an released usb phy {CVE-2024-50269}
- fs/proc: fix compile warning about variable 'vmcoremmapops'
- media: uvcvideo: Skip parsing frames of type UVCVSUNDEFINED in uvcparseformat
- net: bridge: xmit: make sure we have at least eth header len bytes {CVE-2024-38538}
- spi: fix use-after-free of the add_lock mutex {CVE-2021-47195}
- spi: Fix deadlock when adding SPI controllers on SPI buses {CVE-2021-47469}
- mtd: rawnand: protect access to rawnand devices while in suspend
- btrfs: reinitialize delayed ref list after deleting it from the list {CVE-2024-50273}
- nfs: Fix KMSAN warning in decodegetfattrattrs() {CVE-2024-53066}
- dm-unstriped: cast an operand to sectort to prevent potential uint32t overflow
- dm cache: fix potential out-of-bounds access on the first resume {CVE-2024-50278}
- dm cache: optimize dirty bit checking with findnextbit when resizing
- dm cache: fix out-of-bounds access to the dirty bitset when resizing {CVE-2024-50279}
- dm cache: correct the number of origin blocks to match the target length
- drm/amdgpu: add missing size check in amdgpudebugfsgprwave_read()
- pwm: imx-tpm: Use correct MODULO value for EPWM mode
- media: v4l2-tpg: prevent the risk of a division by zero {CVE-2024-50287}
- media: cx24116: prevent overflows on SNR calculus {CVE-2024-50290}
- media: s5p-jpeg: prevent buffer overflows {CVE-2024-53061}
- ALSA: firewire-lib: fix return value on fail in amdtptscminit()
- media: adv7604: prevent underflow condition when reporting colorspace
- media: dvb_frontend: don't play tricks with underflow values
- media: dvbdev: prevent the risk of out of memory access {CVE-2024-53063}
- media: stb0899_algo: initialize cfr before using it
- net: hns3: fix kernel crash when uninstalling driver {CVE-2024-50296}
- can: c_can: fix {rx,tx}_errors statistics
- sctp: properly validate chunk size in sctpsfootb() {CVE-2024-50299}
- net: enetc: set MAC address to the VF net_device
- enetc: simplify the return expression of enetcvfsetmacaddr()
- security/keys: fix slab-out-of-bounds in keytaskpermission
- HID: core: zero-initialize the report buffer {CVE-2024-50302}
- ARM: dts: rockchip: Fix the realtek audio codec on rk3036-kylin
- ARM: dts: rockchip: Fix the spi controller on rk3036
- ARM: dts: rockchip: drop grf reference from rk3036 hdmi
- ARM: dts: rockchip: fix rk3036 acodec node
- arm64: dts: rockchip: Remove #cooling-cells from fan on Theobroma lion
- arm64: dts: rockchip: Fix bluetooth properties on Rock960 boards
- arm64: dts: rockchip: Remove hdmi's 2nd interrupt on rk3328
- arm64: dts: rockchip: Fix rt5651 compatible value on rk3399-sapphire-excavator
- rds/ib: avoid scq/rcq polling during rds connection shutdown
- RDMA/mlx5: Send UAR page index as ioctl attribute
- RDMA: Pass entire uverbs attr bundle to create cq function
- IB/uverbs: Enable CQ ioctl commands by default
- tracing/kprobes: Skip symbol counting logic for module symbols in createlocaltrace_kprobe()
- RDMA/bnxtre: Check cqe flags to know immdata vs inv_irkey
- Revert "mmc: dw_mmc: Fix IDMAC operation with pages bigger than 4K" {CVE-2024-53127}
- mm: revert "mm: shmem: fix data-race in shmem_getattr()"
- net/ipv6: release expired exception dst cached in socket {CVE-2024-56644}
- Revert "unicode: Don't special case ignorable code points"
- powerpc/vdso: Flag VDSO64 entry points as functions
- Revert "usb: gadget: composite: fix OS descriptors w_value logic"
- rds: recvpayloadbad_checksum was not 0 after running rds-stress on UEK6
- rds: If RDS Checksums are enabled for RDMA RDS operations, the extension headers will overflow causing incorrect operation
- rds: rdsmessagealloc() needlessly zeroes musedsgs
- rds: tracepoint in rdsreceivecsum_err() prints pointless information
- rds: rdsincinit() should initialize the inc->iconnpath field
- rds: Race condition in adding RDS payload checksum extension header may result in RDS header corruption
- md/raid10: fix task hung in raid10d
- md/raid10: factor out code from waitbarrier() to stopwaiting_barrier()
- md/raid10: avoid deadlock on recovery.
- arm64/cpu_errata: Spectre-BHB mitigation for AMPERE1 expects a loop of 11 iterations.
- net/rds: report pending-messages count in RDS_INQ response
- net/rds: Introduce RDS-INQ feature to RDS protocol
- net/rds: Supporting SIOCOUTQ to read pending sends
- mm/memory-failure: pass the folio and the page to collect_procs()
- KVM: x86: Stop compiling vmenter.S with OBJECTFILESNON_STANDARD
- KVM: SVM: Create a stack frame in __svmvcpurun() for unwinding
- objtool: Default ignore INT3 for unreachable
- x86/spec_ctrl: AMD AutoIBRS cannot be dynamically enabled or disabled
- x86/msr: Add functions to set/clear the bit of an MSR on all cpus
- References