CLSA-2025-1764085382

drm/amd/display: Skip on writeback when it's not applicable {CVE-2024-36914}
ASoC: topology: Fix references to freed memory {CVE-2024-41069}
Bluetooth: RFCOMM: Fix not validating setsockopt user input {CVE-2024-35966}
Bluetooth: SCO: Fix not validating setsockopt user input
drm/dp_mst: Fix MST sideband message body length check {CVE-2024-56616}
xfs: don't walk off the end of a directory data block {CVE-2024-41013}
wifi: cfg80211: check A-MSDU format more carefully {CVE-2024-35937}
Reapply "wifi: mac80211: Update skb's control block key in ieee80211txdequeue()"
net/rds: Fix rsrecvpending counting issue
LTS tag: v5.4.301
net: rtnetlink: fix module reference count leak issue in rtnetlinkrcvmsg
media: s5p-mfc: remove an unused/uninitialized variable
NFSD: Fix last write offset handling in layoutcommit
NFSD: Minor cleanup in layoutcommit processing
padata: Reset next CPU when reorder sequence wraps around
KEYS: trusted_tpm1: Compare HMAC values in constant time
NFSD: Define a proc_layoutcommit for the FlexFiles layout type {CVE-2025-40087}
vfs: Don't leak disconnected dentries on umount {CVE-2025-40105}
jbd2: ensure that all ongoing I/O complete before freeing blocks
ext4: detect invalid INLINE_DATA + EXTENTS flag combination {CVE-2025-40167}
drm/amdgpu: use atomic functions with memory barriers for vm fault info
ext4: avoid potential buffer over-read in parseapplysbmountoptions() {CVE-2025-40198}
spi: cadence-quadspi: Flush posted register writes before DAC access
spi: cadence-quadspi: Flush posted register writes before INDAC access
memory: samsung: exynos-srom: Fix ofiomap leak in exynossrom_probe
memory: samsung: exynos-srom: Correct alignment
arm64: errata: Apply workarounds for Neoverse-V3AE
arm64: cputype: Add Neoverse-V3AE definitions
comedi: fix divide-by-zero in comedibufmunge() {CVE-2025-40106}
binder: remove "invalid inc weak" check
xhci: dbc: enable back DbC in resume if it was enabled before suspend
usb/core/quirks: Add Huawei ME906S to wakeup quirk
USB: serial: option: add Telit FN920C04 ECM compositions
USB: serial: option: add Quectel RG255C
USB: serial: option: add UNISOC UIS7720
net: ravb: Ensure memory write completes before ringing TX doorbell
net: usb: rtl8150: Fix frame padding
ocfs2: clear extent cache after moving/defragmenting extents
MIPS: Malta: Fix keyboard resource preventing i8042 driver from registering
Revert "cpuidle: menu: Avoid discarding useful information"
net: bonding: fix possible peer notify event loss or dup issue
sctp: avoid NULL dereference when chunk data buffer is missing
arm64, mm: avoid always making PTE dirty in pte_mkwrite()
net: enetc: correct the value of ENETCRXBTRUESIZE
rtnetlink: Allow deleting FDB entries in user namespace
net: rtnetlink: add NLMFBULK support to rtnlfdbdel
net: add ndofdbdel_bulk
net: rtnetlink: add bulk delete support flag
net: netlink: add NLMFBULK delete request modifier
net: rtnetlink: use BIT for flag values
net: rtnetlink: add helper to extract msg type's kind
net: rtnetlink: add msg kind names
net: rtnetlink: remove redundant assignment to variable err
m68k: bitops: Fix find_*_bit() signatures
hfsplus: return EIO when type of hidden directory mismatch in hfsplusfillsuper()
hfs: fix KMSAN uninit-value issue in hfsfindsetzerobits()
dlm: check for defined force value in dlmlockspacerelease
hfsplus: fix KMSAN uninit-value issue in hfsplusdeletecat()
hfs: validate record offset in hfsplusbmapalloc
hfsplus: fix KMSAN uninit-value issue in _hfsplusextcacheextent()
hfs: make proper initalization of struct hfsfinddata
hfs: clear offset and space out of valid records in b-tree node
exec: Fix incorrect type for ret
hfsplus: fix slab-out-of-bounds read in hfsplus_strcasecmp() {CVE-2025-40088}
ALSA: firewire: amdtp-stream: fix enum kernel-doc warnings
sched/fair: Fix pelt lost idle time detection
sched/balancing: Rename newidlebalance() => schedbalance_newidle()
sched/fair: Trivial correction of the newidle_balance() comment
sched: Make newidle_balance() static again
tls: don't rely on tx_work during send()
tls: always set recordtype in tlsprocess_cmsg
tg3: prevent use of uninitialized remoteadv and localadv variables
tcp: fix tcptsoshould_defer() vs large RTT
amd-xgbe: Avoid spurious link down messages during interface toggle
net/ip6_tunnel: Prevent perpetual tunnel growth {CVE-2025-40173}
net: dlink: handle dmamapsingle() failure properly
net: dl2k: switch from 'pci_' to 'dma_' API
media: pci: ivtv: Add missing check after DMA map
media: pci/ivtv: switch from 'pci_' to 'dma_' API {CVE-2024-43877}
xen/events: Update virqtoirq on migration
media: lirc: Fix error handling in lirc_register()
media: rc: Directly use ida_free()
drm/exynos: exynos7drmdecon: remove ctx->suspended
btrfs: avoid potential out-of-bounds in btrfsencodefh() {CVE-2025-40205}
pwm: berlin: Fix wrong register in suspend/resume {CVE-2025-40188}
media: cx18: Add missing check after DMA map
xen/events: Cleanup find_virq() return codes
cramfs: Verify inode mode when loading from disk
fs: Add 'initramfs_options' to set initramfs mount options
pid: Add a judgment for ns null in pidnrns {CVE-2025-40178}
minixfs: Verify inode mode when loading from disk
tracing: Fix race condition in kprobe initialization causing NULL pointer dereference {CVE-2025-40042}
dm: fix NULL pointer dereference in _dmsuspend() {CVE-2025-40134}
mfd: intelsocpmicchtdcti: Set usesingleread regmap_config flag
mfd: intelsocpmicchtdcti: Drop unneeded assignment for cache_type
mfd: intelsocpmicchtdcti: Fix invalid regmap-config max_register value
Squashfs: reject negative file sizes in squashfsreadinode() {CVE-2025-40200}
Squashfs: add additional inode sanity checking
media: mc: Clear minor number before put device {CVE-2025-40197}
mfd: vexpress-sysreg: Check the return value of devmgpiochipadd_data()
fs: udf: fix OOB read in lengthAllocDescs handling {CVE-2025-40044}
KVM: x86: Don't (re)check L1 intercepts when completing userspace I/O {CVE-2025-40026}
net/9p: fix double req put in p9fdcancelled {CVE-2025-40027}
ext4: guard against EA inode refcount underflow in xattr update {CVE-2025-40190}
ext4: correctly handle queries for metadata mappings
ext4: increase idisksize to offset + len in ext4updatedisksizebefore_punch()
nfsd: nfserrjukebox in nlmfopen should lead to a retry
x86/umip: Fix decoding of register forms of 0F 01 (SGDT and SIDT aliases)
x86/umip: Check that the instruction opcode is at least two bytes
PCI: keystone: Use devmrequestirq() to free "ks-pcie-error-irq" on exit
PCI/AER: Fix missing uevent on recovery when a reset is requested
PCI/IOV: Add PCI rescan-remove locking when enabling/disabling SR-IOV
rseq/selftests: Use weak symbol reference, not definition, to link with glibc
rtc: interface: Fix long-standing race when setting alarm
rtc: interface: Ensure alarm irq is enabled when UIE is enabled
mmc: core: SPI mode remove cmd7
mtd: rawnand: fsmc: Default to autodetect buswidth
sparc: fix error handling in scanonedevice()
sparc64: fix hugetlb for sun4u
sctp: Fix MAC comparison to be constant-time {CVE-2025-40204}
scsi: hpsa: Fix potential memory leak in hpsabigpassthru_ioctl()
parisc: don't reference obsolete termio struct for TC* constants
lib/genalloc: fix device leak in ofgenpool_get()
iio: frequency: adf4350: Fix prescaler usage.
iio: dac: ad5421: use int type to store negative error codes
iio: dac: ad5360: use int type to store negative error codes
crypto: atmel - Fix dmaunmapsg() direction
cpufreq: intelpstate: Fix object lifecycle issue in updateqos_request() {CVE-2025-40194}
drm/nouveau: fix bad ret code in nouveaubomove_prep
media: i2c: mt9v111: fix incorrect type for ret
firmware: meson_sm: fix device leak at probe
xen/manage: Fix suspend error path
arm64: dts: qcom: msm8916: Add missing MDSS reset
ACPI: debug: fix signedness issues in read/write helpers
ACPI: TAD: Add missing sysfsremovegroup() for ACPITADRT
tpmtis: Fix incorrect arguments in tpmtisprobeirq_single
tpm, tpm_tis: Claim locality before writing interrupt registers
crypto: essiv - Check ssize for decryption and in-place encryption {CVE-2025-40019}
mailbox: zynqmp-ipi: Remove dev.parent check in zynqmpipifree_mboxes
mailbox: zynqmp-ipi: Remove redundant mboxcontrollerunregister() call
tools build: Align warning options with perf
net: fslpqmdio: Fix device node reference leak in fslpqmdio_probe
tcp: Don't call reqskfastopenremove() in tcpconnrequest(). {CVE-2025-40186}
net/sctp: fix a null dereference in sctpdisposition sctpsfdo51Dce() {CVE-2025-40187}
drm/vmwgfx: Fix Use-after-free in validation {CVE-2025-40111}
net/mlx4: prevent potential use after free in mlx4endoucfilter()
scsi: mvsas: Fix use-after-free bugs in mvsworkqueue {CVE-2025-40001}
scsi: mvsas: Use sastaskfind_rq() for tagging
scsi: mvsas: Delete mvstaginit()
scsi: libsas: Add sastaskfind_rq()
clk: nxp: Fix pll0 rate check condition in LPC18xx CGU driver
clk: nxp: lpc18xx-cgu: convert from roundrate() to determinerate()
perf session: Fix handling when buffer exceeds 2 GiB
rtc: x1205: Fix Xicor X1205 vendor prefix
perf util: Fix compression checks returning -1 as bool
iio: frequency: adf4350: Fix ADF4350REG312BITCLKDIVMODE
clocksource/drivers/clps711x: Fix resource leaks in error paths
pinctrl: check the return value of pinmuxops::getfunction_name() {CVE-2025-40030}
Input: uinput - zero-initialize uinputffupload_compat to avoid info leak {CVE-2025-40035}
mm: hugetlb: avoid soft lockup when mprotect to large memory area {CVE-2025-40153}
uiohvgeneric: Let userspace take care of interrupt mask {CVE-2025-40048}
Squashfs: fix uninit-value in squashfsgetparent {CVE-2025-40049}
net: ena: return 0 in enagetrxfhkeysize() when RSS hash key is not configurable
nfp: fix RSS hash key size when RSS is not supported
drivers/base/node: fix double free in registeronenode()
ocfs2: fix double free in userclusterconnect() {CVE-2025-40055}
net: usb: Remove disruptive netifwakequeue in rtl8150setmulticast {CVE-2025-40140}
RDMA/siw: Always report immediate post SQ errors
usb: vhci-hcd: Prevent suspending virtually attached devices
scsi: mpt3sas: Fix crash in transport port remove by using ioc_info() {CVE-2025-40115}
ipvs: Defer ipvsftp unregister during netns cleanup {CVE-2025-40018}
NFSv4.1: fix backchannel maxrespsz verification check
remoteproc: qcom: q6v5: Avoid disabling handover IRQ twice
sparc: fix accurate exception reporting in copy_{from,to}_user for M7
sparc: fix accurate exception reporting in copytouser for Niagara 4
sparc: fix accurate exception reporting in copy_{from_to}_user for Niagara {CVE-2025-40112}
sparc: fix accurate exception reporting in copy_{from_to}_user for UltraSPARC III {CVE-2025-40124}
sparc: fix accurate exception reporting in copy_{from_to}_user for UltraSPARC {CVE-2025-40126}
IB/sa: Fix salocalsvctimeoutms read race
RDMA/core: Resolve MAC of next-hop device without ARP support
wifi: mt76: fix potential memory leak in mt76wmacprobe()
drivers/base/node: handle error properly in registeronenode()
watchdog: mpc8xxx_wdt: Reload the watchdog timer when enabling the watchdog
netfilter: ipset: Remove unused htablebits in macro ahashregion
iio: consumers: Fix offset handling in iioconvertrawtoprocessed()
ASoC: Intel: bytcr_rt5651: Fix invalid quirk input mapping {CVE-2025-40121}
ASoC: Intel: bytcr_rt5640: Fix invalid quirk input mapping {CVE-2025-40154}
ASoC: Intel: bytcht_es8316: Fix invalid quirk input mapping
pps: fix warning in ppsregistercdev when register device fail {CVE-2025-40070}
misc: genwqe: Fix incorrect cmd field being reported in error
usb: gadget: configfs: Correctly set useosstring at bind
usb: phy: twl6030: Fix incorrect type for ret
tcp: fix _tcpclose() to only send RST when required
PCI: tegra: Fix devm_kcalloc() argument order for port->phys allocation
wifi: mwifiex: send world regulatory domain to driver
ALSA: lx_core: use int type to store negative error codes
media: rj54n1cb0c: Fix memleak in rj54n1_probe()
scsi: myrs: Fix dmaalloccoherent() error check
scsi: pm80xx: Fix array-index-out-of-of-bounds on rmmod {CVE-2025-40118}
serial: max310x: Add error checking in probe()
usb: host: max3421-hcd: Fix error pointer dereference in probe cleanup {CVE-2025-40116}
drm/radeon/r600cs: clean up of dead code in r600cs
i2c: designware: Add disabling clocks when probe fails
i2c: mediatek: fix potential incorrect use of I2CMASTERWRRD
bpf: Explicitly check accesses to bpfsockaddr {CVE-2025-40078}
selftests: watchdog: skip ping loop if WDIOF_KEEPALIVEPING not supported
pwm: tiehrpwm: Fix corner case in clock divisor calculation
block: use int to store blkstacklimits() return value
blk-mq: check kobject stateinsysfs before deleting in blkmqunregister_hctx {CVE-2025-40125}
pinctrl: meson-gxl: add missing i2c_d pinmux
soc: qcom: rpmh-rsc: Unconditionally clear _TRIGGER bit for TCS
ACPI: processor: idle: Fix memory leak when register cpuidle device failed
regmap: Remove superfluous check for !config in _regmapinit()
x86/vdso: Fix output operand size of RDPID
perf: armspe: Prevent overflow in PERFIDX2OFF() {CVE-2025-40081}
driver core/PM: Set power.nocallbacks along with power.nopm
staging: axis-fifo: flush RX FIFO on read errors
staging: axis-fifo: fix maximum TX packet length check
perf subcmd: avoid crash in exclude_cmds when excludes is empty
dm-integrity: limit MAXTAGSIZE to 255
wifi: rtlwifi: rtl8192cu: Don't claim USB ID 07b8:8188
USB: serial: option: add SIMCom 8230C compositions
media: rc: fix races with imon_disconnect() {CVE-2025-39993}
media: imon: grab lock earlier in imonirchange_protocol()
media: imon: reorganize serialization
media: rc: Add support for another iMON 0xffdc device
media: i2c: tc358743: Fix use-after-free bugs caused by orphan timer in probe {CVE-2025-39995}
media: tuner: xc5000: Fix use-after-free in xc5000_release {CVE-2025-39994}
media: tunner: xc5000: Refactor firmware load
udp: Fix memory accounting leak. {CVE-2025-22058}
media: b2c2: Fix use-after-free causing by irqcheckwork in flexcoppciremove {CVE-2025-39996}
scsi: target: targetcoreconfigfs: Add length check to avoid buffer overflow {CVE-2025-39998}
LTS tag: v5.4.300
KVM: SVM: Sync TPR from LAPIC into VMCB::V_TPR even if AVIC is active
mm/hugetlb: fix folio is still mapped when deleted {CVE-2025-40006}
i40e: add mask to apply valid bits for itr_idx
i40e: fix validation of VF state in get resources {CVE-2025-39969}
i40e: fix idx validation in config queues msg {CVE-2025-39971}
i40e: add validation for ring_len param {CVE-2025-39973}
i40e: increase max descriptors for XL710
mm/migratedevice: don't add folio to be freed to LRU in migratedevice_finalize() {CVE-2025-21861}
fbcon: Fix OOB access in font allocation
fbcon: fix integer overflow in fbcondoset_font {CVE-2025-39967}
i40e: add max boundary check for VF filters {CVE-2025-39968}
i40e: fix input validation logic for action_meta {CVE-2025-39970}
i40e: fix idx validation in i40evalidatequeue_map {CVE-2025-39972}
drm/gma500: Fix null dereference in hdmi teardown {CVE-2025-40011}
can: peak_usb: fix shift-out-of-bounds issue {CVE-2025-40020}
can: mcbausb: populate ndochange_mtu() to prevent buffer overflow {CVE-2025-39985}
can: sun4ican: populate ndochange_mtu() to prevent buffer overflow {CVE-2025-39986}
can: hi311x: populate ndochangemtu() to prevent buffer overflow {CVE-2025-39987}
can: rcarcan: rcarcan_resume(): fix s2ram with PSCI
IB/mlx5: Fix obj_type mismatch for SRQ event subscriptions
usb: core: Add 0x prefix to quirks debug output
ALSA: usb-audio: Fix build with CONFIG_INPUT=n
ALSA: usb-audio: Convert comma to semicolon
ALSA: usb-audio: Add mixer quirk for Sony DualSense PS5
ALSA: usb-audio: Remove unneeded wmb() in mixer_quirks
ALSA: usb-audio: Simplify NULL comparison in mixer_quirks
ALSA: usb-audio: Avoid multiple assignments in mixer_quirks
ALSA: usb-audio: Fix block comments in mixer_quirks
net: rfkill: gpio: Fix crash due to dereferencering uninitialized pointer {CVE-2025-39937}
net: rfkill: gpio: add DT support
serial: sc16is7xx: fix bug in flow control levels init
USB: gadget: dummy-hcd: Fix locking bug in RT-enabled kernels
usb: gadget: dummy_hcd: remove usage of list iterator past the loop body
ASoC: SOF: Intel: hda-stream: Fix incorrect variable used in error message
ASoC: wm8974: Correct PLL rate rounding
ASoC: wm8940: Correct typo in control name
mmc: mvsdio: Fix dmaunmapsg() nents value
nilfs2: fix CFI failure when accessing /sys/fs/nilfs2/features/*
cnic: Fix use-after-free bugs in cnicdeletetask {CVE-2025-39945}
net: liquidio: fix overflow in octeoninitinstr_queue()
tcp: Clear tcpsk(sk)->fastopenrsk in tcp_disconnect(). {CVE-2025-39955}
i40e: remove redundant memory barrier when cleaning Tx descs
net: natsemi: fix rx_dropped double accounting on netif_rx() failure
cgroup: split cgroupdestroywq into 3 workqueues {CVE-2025-39953}
pcmcia: omap_cf: Mark driver struct with __refdata to prevent section mismatch
wifi: mac80211: fix incorrect type for ret
ALSA: firewire-motu: drop EPOLLOUT from poll return values as write is not supported
mm/memory-failure: fix VMBUGON_PAGE(PagePoisoned(page)) when unpoison memory {CVE-2025-39883}
phy: ti-pipe3: fix device leak at unbind
dmaengine: qcom: bam_dma: Fix DT error handling for num-channels/ees {CVE-2025-39923}
dmaengine: ti: edma: Fix memory allocation size for queueprioritymap {CVE-2025-39869}
can: j1939: j1939localecuget(): undo increment when j1939localecuget() fails
can: j1939: j1939skbind(): call j1939privput() immediately when j1939localecu_get() failed
i40e: fix IRQ freeing in i40evsirequestirqmsix error path {CVE-2025-39911}
i40e: Use irqupdateaffinity_hint()
genirq: Provide new interfaces for affinity hints
genirq: Export affinity setter for modules
genirq/affinity: Add irqupdateaffinity_desc()
igb: fix link test skipping when interface is admin down
net: fec: Fix possible NPD in fecenetphyresetafterclkenable() {CVE-2025-39876}
USB: serial: option: add Telit Cinterion LE910C4-WWX new compositions
USB: serial: option: add Telit Cinterion FN990A w/audio compositions
tty: hvcconsole: Call hvckick in hvc_write unconditionally
mtd: nand: raw: atmel: Respect tAR, tCLR in read setup timing
mtd: nand: raw: atmel: Fix comment in timings preparation
mtd: rawnand: stm32_fmc2: avoid overlapping mappings on ECC buffer {CVE-2025-39907}
mm/khugepaged: fix the address passed to notifier on testing young
fuse: prevent overflow in copyfilerange return value
fuse: check if copyfilerange() returns larger than requested size
mtd: rawnand: stm32_fmc2: fix ECC overwrite
ocfs2: fix recursive semaphore deadlock in fiemap call {CVE-2025-39885}
EDAC/altera: Delete an inappropriate dmafreecoherent() call
tcpbpf: Call skmsgfree() when tcpbpfsendverdict() fails to allocate psock->cork. {CVE-2025-39913}
net: Fix null-ptr-deref by socklockinitclassand_name() and rmmod. {CVE-2025-23143}
device-dax: correct pgoff align in daxsetmapping() {CVE-2024-50022}
Revert "net/mlx5e: Update and set Xon/Xoff upon MTU set"
KVM: x86: Take irqfds.lock when adding/deleting IRQ bypass producer
rds: Free all frags when rdsibrecvcacheput() fails
bpf/bpfget,setsockopt: add option to set TCP-BPF sock ops flags
NFSv4: Don't clear capabilities that won't be reset
power: supply: bq27xxx: restrict no-battery detection to bq27000
power: supply: bq27xxx: fix error return in case of no bq27000 hdq battery
usb: hub: Fix flushing of delayed work used for post resume purposes
soc: qcom: mdtloader: Deal with zero eshentsize
Revert "net/mlx5e: Update and set Xon/Xoff upon port speed set"
LTS tag: v5.4.299
scsi: lpfc: Fix buffer free/clear order in deferred receive path {CVE-2025-39841}
dmaengine: mediatek: Fix a flag reuse error in mtkcqdmatx_status()
cifs: fix integer overflow in match_server()
spi: spi-fsl-lpspi: Reset FIFO and disable module on transfer abort
spi: spi-fsl-lpspi: Set correct chip-select polarity bit
spi: spi-fsl-lpspi: Fix transmissions when using CONT
pcmcia: Add error handling for addinterval() in dovalidate_mem() {CVE-2025-39920}
ALSA: hda/hdmi: Add pin fix for another HP EliteDesk 800 G4 model
randstruct: gcc-plugin: Fix attribute addition
randstruct: gcc-plugin: Remove bogus void member
vmxnet3: update MTU after device quiesce
net: dsa: microchip: linearize skb for tail-tagging switches
net: dsa: microchip: update tag_ksz masks for KSZ9477 family
dmaengine: mediatek: Fix a possible deadlock error in mtkcqdmatx_status()
ALSA: hda/realtek - Add new HP ZBook laptop with micmute led fixup
gpio: pca953x: fix IRQ storm on system wake up
iio: light: opt3001: fix deadlock due to concurrent flag access {CVE-2025-37968}
iio: chemical: pms7003: use aligned_s64 for timestamp
cpufreq/sched: Explicitly synchronize limits_changed flag handling
mm/slub: avoid accessing metadata when pointer is invalid in object_err() {CVE-2025-39902}
mm/khugepaged: fix ->anon_vma race {CVE-2023-52935}
e1000e: fix heap overflow in e1000seteeprom {CVE-2025-39898}
batman-adv: fix OOB read/write in network-coding decode {CVE-2025-39839}
drm/amdgpu: drop hw access in non-DC audio fini
wifi: mwifiex: Initialize the chan_stats array to zero {CVE-2025-39891}
pcmcia: Fix a NULL pointer dereference in _iodynfindioregion() {CVE-2025-39846}
ALSA: usb-audio: Add mute TLV for playback volumes on some devices
ppp: fix memory leak in padcompressskb {CVE-2025-39847}
net: atm: fix memory leak in atmregistersysfs when device_register fail
ax25: properly unshare skbs in ax25kissrcv() {CVE-2025-39848}
ipv4: Fix NULL vs error pointer check in inetblackholedev_init()
net: thunderbgx: add a missing ofnode_put
wifi: libertas: cap SSID len in lbs_associate()
wifi: cw1200: cap SSID length in cw1200dojoin()
net: ethernet: mtkethsoc: fix tx vlan tag for llc packets
i40e: Fix potential invalid access when MAC list is empty {CVE-2025-39853}
icmp: fix icmpndosend address translation for reply direction
mISDN: Fix memory leak in dsphwecenable()
xirc2ps_cs: fix register access when enabling FullDuplex
Bluetooth: Fix use-after-free in l2capsockcleanup_listen() {CVE-2025-39860}
netfilter: conntrack: helper: Replace -EEXIST by -EBUSY
wifi: cfg80211: fix use-after-free in cmp_bss() {CVE-2025-39864}
powerpc: boot: Remove leading zero in label in udelay()
hugetlbfs: take readlock on immap for PMD sharing
kallsyms: add modulekallsymsoneachsymbol_locked
kallsyms: export modulekallsymsoneachsymbol
cloneprivatemnt(): make sure that caller has CAPSYSADMIN in the right userns {CVE-2025-38499}
x86/vmscape: Warn when STIBP is disabled with SMT
x86/bugs: Move cpubugssmt_update() down
x86/vmscape: Enable the mitigation
x86/vmscape: Add conditional IBPB mitigation
x86/vmscape: Add old Intel CPUs to affected list
x86/vmscape: Enumerate VMSCAPE bug
Documentation/hw-vuln: Add VMSCAPE documentation
LTS tag: v5.4.298
Revert "drm/dp: Change AUX DPCD probe address from DPCDREV to LANE01_STATUS"
net: usb: qmi_wwan: add Telit Cinterion LE910C4-WWX new compositions
Revert "drm/amdgpu: fix incorrect vm flags to map bo"
HID: hid-ntrig: fix unable to handle page fault in ntrigreportversion() {CVE-2025-39808}
HID: wacom: Add a new Art Pen 2
HID: asus: fix UAF via HIDCLAIMEDINPUT validation {CVE-2025-39824}
efivarfs: Fix slab-out-of-bounds in efivarfsdcompare {CVE-2025-39817}
sctp: initialize more fields in sctpv6from_sk() {CVE-2025-39812}
net: stmmac: xgmac: Do not enable RX FIFO Overflow interrupts
net/mlx5e: Set local Xoff after FW update
net/mlx5e: Update and set Xon/Xoff upon port speed set
net/mlx5e: Update and set Xon/Xoff upon MTU set
net: dlink: fix multicast stats being counted incorrectly
atm: atmtcp: Prevent arbitrary write in atmtcprecvcontrol(). {CVE-2025-39828}
net/atm: remove the atmdev_ops {get, set}sockopt methods
Bluetooth: hcievent: Detect if HCIEVNUMCOMP_PKTS is unbalanced
powerpc/kvm: Fix ifdef to remove build warning
net: ipv4: fix regression in local-broadcast routes
vhost/net: Protect ubufs with rcu read lock in vhostnetubuf_put()
scsi: core: sysfs: Correct sysfs attributes access rights
ftrace: Fix potential warning in traceprintkseq during ftrace_dump {CVE-2025-39813}
pinctrl: STMFX: add missing HAS_IOMEM dependency
LTS tag: v5.4.297
alloc_fdtable(): change calling conventions.
s390/hypfs: Enable limited access during lockdown
s390/hypfs: Avoid unnecessary ioctl registration in debugfs
ALSA: usb-audio: Use correct sub-type for UAC3 feature unit validation
net/sched: Remove unnecessary WARNING condition for empty child qdisc in htb_activate
net/sched: Make cakeenqueue return NETXMITCN when past bufferlimit {CVE-2025-39766}
ixgbe: xsk: resolve the negative overflow of budget in ixgbexmitzc
ipv6: sr: validate HMAC algorithm ID in seg6hmacinfo_add
ALSA: usb-audio: Fix size validation in convertchmapv3()
scsi: qla4xxx: Prevent a potential error pointer dereference {CVE-2025-39676}
usb: xhci: Fix slot_id resource race conflict
nfs: fix UAF in direct writes {CVE-2024-26958}
NFS: Fix up commit deadlocks
cifs: Fix UAF in cifsdemultiplexthread() {CVE-2023-52572}
Bluetooth: fix use-after-free in deviceforeach_child() {CVE-2024-53237}
act_mirred: use the backlog for nested calls to mirred ingress {CVE-2022-4269}
net/sched: act_mirred: better wording on protection against excessive stack growth
net/sched: act_mirred: refactor the handle of xmit
selftests: forwarding: tc_actions.sh: add matchall mirror test
net: sched: don't expose action qstats to skbtcreinsert()
net: sched: extract qstats update code into functions
net: sched: extract bstats update code into function
net: sched: extract common action counters update code into function
mm: perform the mappingmapwritable() check after call_mmap()
mm: update memfd seal write check to include FSEALWRITE
mm: drop the assumption that VM_SHARED always implies writable
codel: remove sch->q.qlen check before qdisctreereduce_backlog() {CVE-2025-37798}
schqfq: make qfqqlen_notify() idempotent
schhfsc: make hfscqlen_notify() idempotent {CVE-2025-38177}
schdrr: make drrqlen_notify() idempotent
btrfs: populate otime when logging an inode item
media: venus: hfi: explicitly release IRQ during teardown
f2fs: fix to avoid out-of-boundary access in dnode page {CVE-2025-38677}
media: venus: protect against spurious interrupts during probe {CVE-2025-39709}
media: qcom: camss: cleanup media device allocated resource on error path
media: venus: vdec: Clamp param smaller than 1fps and bigger than 240.
drm/dp: Change AUX DPCD probe address from DPCDREV to LANE01_STATUS
pwm: mediatek: Fix duty and period setting
pwm: mediatek: Handle hardware enable and clock enable separately
pwm: mediatek: Implement .apply() callback
media: rainshadow-cec: fix TOCTOU race condition in rain_interrupt() {CVE-2025-39713}
media: v4l2-ctrls: Don't reset handler's error in v4l2ctrlhandler_free()
media: v4l2-ctrls: always copy the controls on completion
ata: Fix SATAMOBILELPM_POLICY description in Kconfig
soc: qcom: mdt_loader: Ensure we don't read past the ELF header {CVE-2025-39787}
rtc: ds1307: handle oscillator stop flag (OSF) for ds1341
usb: musb: omap2430: fix device leak at unbind
NFS: Fix the setting of capabilities when automounting a new filesystem {CVE-2025-39798}
NFS: Fix up handling of outstanding layoutcommit in nfsupdateinode()
NFSv4: Fix nfs4bitmapcopy_adjust()
usb: typec: fusb302: cache PD RX state
cdc-acm: fix race between initial clearing halt and open
USB: cdc-acm: do not log successful probe on later errors
mm/kmemleak: avoid deadlock by moving prwarn() outside kmemleaklock {CVE-2025-39736}
mm/kmemleak: turn kmemleaklock and object->lock to rawspinlock_t
ALSA: scarlett2: Add retry on -EPROTO from scarlett2usbtx()
x86/fpu: Delay instruction pointer fixup until after warning
mm/hmm: move pmdtohmmpfnflags() to the respective #ifdeffery
nfsd: handle getclientlocked() failure in nfsd4setclientidconfirm() {CVE-2025-38724}
pmdomain: governor: Consider CPU latency tolerance from pmdomaincpu_gov
tracing: Add downwrite(traceevent_sem) when adding trace event {CVE-2025-38539}
usb: hub: Don't try to recover devices lost during warm reset.
usb: hub: avoid warm port reset during USB3 disconnect
x86/mce/amd: Add default names for MCA banks and blocks
iio: hid-sensor-prox: Fix incorrect OFFSET calculation
f2fs: fix to do sanity check on ino and xnid {CVE-2025-38347}
mm/zsmalloc: do not pass __GFPMOVABLE if CONFIGCOMPACTION=n
mm/zsmalloc.c: convert to use kmemcachezalloc in cachealloczspage()
drm/sched: Remove optimization that causes hang when killing dependent jobs
ice: Fix a null pointer dereference in icecopyandinitpkg() {CVE-2025-38664}
net: usbnet: Fix the wrong netifcarrieron() call
net: usbnet: Avoid potential RCU stall on LINK_CHANGE event
PCI/ACPI: Fix runtime PM ref imbalance on Hot-Plug Capable ports
ACPI: processor: idle: Check acpifetchacpi_dev() return value {CVE-2022-50327}
comedi: Fail COMEDIINSNLIST ioctl if ninsns is too large {CVE-2025-38481}
comedi: Fix initialization of data for instructions that write to subdevice {CVE-2025-38478}
kbuild: Add KBUILD_CPPFLAGS to as-option invocation
kbuild: add $(CLANGFLAGS) to KBUILDCPPFLAGS
kbuild: Add CLANG_FLAGS to as-instr
mips: Include KBUILD_CPPFLAGS in CHECKFLAGS invocation
kbuild: Update assembler calls to use proper flags and language target
ARM: 9448/1: Use an absolute path to unified.h in KBUILD_AFLAGS
usb: dwc3: Ignore late xferNotReady event to prevent halt timeout
USB: storage: Ignore driver CD mode for Realtek multi-mode Wi-Fi dongles
usb: storage: realtek_cr: Use correct byte order for bcs->Residue
USB: storage: Add unusual-devs entry for Novatek NTK96550-based camera
usb: quirks: Add DELAY_INIT quick for another SanDisk 3.2Gen1 Flash Drive
iio: proximity: isl29501: fix buffered read on big-endian systems
ftrace: Also allocate and copy hash for reading of filter files {CVE-2025-39689}
fpga: zynqfpga: Fix the wrong usage of dmamap_sgtable()
use uniform permission checks for all mount propagation changes
move_mount: allow to add a mount into an existing group
fs/buffer: fix use-after-free when call bh_read() helper {CVE-2025-39691}
drm/amd/display: Find first CRTC and its line time in dce110filldisplay_configs
drm/amd/display: Fix fractional fb divider in setpixelclock_v3
memstick: Fix deadlock by moving removing flag earlier
media: venus: Add a check for packet size after reading from shared memory {CVE-2025-39710}
media: ov2659: Fix memory leaks in ov2659_probe()
media: usbtv: Lock resolution while streaming {CVE-2025-39714}
media: imx: fix a potential memory leak in imxmediacscscalerdevice_init()
media: gspca: Add bounds checking to firmware parser
soc/tegra: pmc: Ensure power-domains are in a known state
jbd2: prevent softlockup in jbd2logdo_checkpoint() {CVE-2025-39782}
PCI: endpoint: Fix configfs group removal on driver teardown
PCI: endpoint: Fix configfs group list head handling {CVE-2025-39783}
mtd: rawnand: fsmc: Add missing check after DMA map
pwm: imx-tpm: Reset counter if CMOD is 0
wifi: brcmsmac: Remove const from tblptr parameter in wlclcnphycommonread_table()
zynq_fpga: use sgtable-based scatterlist wrappers
ata: libata-scsi: Fix atatosense_error() status handling
ext4: fix reserved gdt blocks handling in fsmap
ext4: fix fsmap end of range reporting with bigalloc
ext4: check fast symlink for ea_inode correctly
vt: defkeymap: Map keycodes above 127 to K_HOLE
vt: keyboard: Don't process Unicode characters in K_OFF mode
usb: dwc3: meson-g12a: fix device leaks at unbind
usb: gadget: udc: renesas_usb3: fix device leak at unbind
usb: atm: cxacru: Merge cxacruuploadfirmware() into cxacruheavyinit()
m68k: Fix lost column on framebuffer debug console
cpufreq: armada-8k: Fix off by one in armada8kcpufreqfreetable()
serial: 8250: fix panic due to PSLVERR {CVE-2025-39724}
media: uvcvideo: Do not mark valid metadata as invalid
media: uvcvideo: Fix 1-byte out-of-bounds read in uvcparseformat() {CVE-2025-38680}
mm/kmemleak: avoid soft lockup in __kmemleakdocleanup() {CVE-2025-39737}
parisc: Makefile: fix a typo in palo.conf
btrfs: fix log tree replay failure due to file with 0 links and extents
thunderbolt: Fix copy+paste error in matchserviceid()
comedi: fix race between polling and detaching {CVE-2025-38687}
misc: rtsx: usb: Ensure mmc child device is active when card is present
drm/amdgpu: fix incorrect vm flags to map bo
scsi: lpfc: Remove redundant assignment to avoid memory leak
rtc: ds1307: remove clear of oscillator stop flag (OSF) in probe
pNFS: Fix uninited ptr deref in block/scsi layout {CVE-2025-38691}
pNFS: Handle RPC size limit for layoutcommits
pNFS: Fix disk addr range check in block/scsi layout
pNFS: Fix stripe mapping in block/scsi layout
net: phy: smsc: add proper reset flags for LAN8710A
ipmi: Fix strcpy source and destination the same
kconfig: lxdialog: fix 'space' to (de)select options
kconfig: gconf: fix potential memory leak in renderer_edited()
kconfig: gconf: avoid hardcoding model2 in ontreeview2cursor_changed()
ipmi: Use devwarnratelimited() for incorrect message warnings
scsi: aacraid: Stop using PCIIRQAFFINITY
scsi: Fix sasuserscan() to handle wildcard and multi-channel scans
kconfig: nconf: Ensure null termination where strncpy is used
kconfig: lxdialog: replace strcpy() with strncpy() in inputbox.c
i3c: don't fail if GETHDRCAP is unsupported
PCI: pnv_php: Work around switches with broken presence detection
i3c: add missing include to internal header
media: uvcvideo: Fix bandwidth issue for Alcor camera
media: dvb-frontends: w7090p: fix null-ptr-deref in w7090ptunerwriteserpar and w7090ptunerreadserpar {CVE-2025-38693}
media: dvb-frontends: dib7090p: fix null-ptr-deref in dib7090prwon_apb() {CVE-2025-38694}
media: usb: hdpvr: disable zero-length read messages
media: tc358743: Increase FIFO trigger level to 374
media: tc358743: Return an appropriate colorspace from tc358743setfmt
media: tc358743: Check I2C succeeded during probe
pinctrl: stm32: Manage irq affinity settings
scsi: mpt3sas: Correctly handle ATA device errors
scsi: lpfc: Check for hdwq null ptr when cleaning up lpfc_vport structure {CVE-2025-38695}
RDMA: hfi1: fix possible divide-by-zero in findhwthread_mask() {CVE-2025-39742}
MIPS: Don't crash in stack_top() for tasks without ABI or vDSO {CVE-2025-38696}
jfs: upper bound check of tree index in dbAllocAG {CVE-2025-38697}
jfs: Regular file corruption check {CVE-2025-38698}
jfs: truncate good inode pages when hard link is 0 {CVE-2025-39743}
scsi: bfa: Double-free fix {CVE-2025-38699}
MIPS: vpe-mt: add missing prototypes for vpe_{alloc,start,stop,free}
watchdog: dw_wdt: Fix default timeout
fs/orangefs: use snprintf() instead of sprintf()
scsi: libiscsi: Initialize iscsiconn->dddata only if memory is allocated {CVE-2025-38700}
ext4: do not BUG when INLINEDATAFL lacks system.data xattr {CVE-2025-38701}
cifs: Fix calling CIFSFindFirst() for root path without msearch
vhost: fail early when __vhostaddused() fails
net: dsa: b53: fix IPMULTICASTCTRL on BCM5325
uapi: in6: restore visibility of most IPv6 socket options
net: ncsi: Fix buffer overflow in fetching version id
net: dsa: b53: prevent SWITCH_CTRL access on BCM5325
net: dsa: b53: fix b53impvlan_setup for BCM5325
net: vlan: Replace BUG() with WARNONONCE() in vlandev* stubs
wifi: iwlegacy: Check rate_idx range after addition
netmem: fix skbfragaddress_safe with unreadable skbs
wifi: rtlwifi: fix possible skb memory leak in _rtl_pci_rx_interrupt().
wifi: iwlwifi: fw: Fix possible memory leak in iwlfwdbg_collect
wifi: iwlwifi: dvm: fix potential overflow in rsfilllink_cmd()
net: fec: allow disable coalescing
(powerpc/512) Fix possible dma_unmap_single() on uninitialized pointer
s390/stp: Remove udelay from stpsyncclock()
wifi: iwlwifi: mvm: fix scan request validation
net: thunderx: Fix format-truncation warning in bgxacpimatch_id()
net: ipv4: fix incorrect MTU in broadcast routes
wifi: cfg80211: Fix interface type validation
rcu: Protect ->deferqsiw_pending from data race {CVE-2025-39749}
net: ag71xx: Add missing check after DMA map
et131x: Add missing check after DMA map
be2net: Use correct byte order and format string for TCP seq and ack_seq
s390/time: Use monotonic clock in get_cycles()
wifi: cfg80211: reject HTC bit for management frames
ktest.pl: Prevent recursion of default variable options
ASoC: codecs: rt5640: Retry DEVICE_ID verification
ALSA: usb-audio: Avoid precedence issues in mixer_quirks macros
ALSA: hda/ca0132: Fix buffer overflow in addtuningcontrol {CVE-2025-39751}
platform/x86: thinkpad_acpi: Handle KCOV __init vs inline mismatches
pm: cpupower: Fix the snapshot-order of tsc,mperf, clock in mperf_stop()
usb: core: usbsubmiturb: downgrade type check
ALSA: intel8x0: Fix incorrect codec index usage in mixer for ICH4
ASoC: hdac_hdmi: Rate limit logging on connection and disconnection
mmc: rtsxusbsdmmc: Fix error-path in sdsetpower_mode()
ACPI: APEI: GHES: add TAINTMACHINECHECK on GHES panic path
ACPI: processor: fix acpi_object initialization
PM: sleep: console: Fix the black screen issue
thermal: sysfs: Return ENODATA instead of EAGAIN for reads
PM: runtime: Clear power.needsforceresume in pmruntimereinit()
selftests: tracing: Use mutex_unlock for testing glob filter
ARM: tegra: Use I/O memcpy to write to IRAM {CVE-2025-39794}
gpio: tps65912: check the return value of regmapupdatebits()
ASoC: soc-dapm: set biaslevel if sndsocdapmsetbiaslevel() was successed
ARM: rockchip: fix kernel hang during smp initialization {CVE-2025-39752}
cpufreq: Exit governor when failed to start old governor
usb: xhci: Avoid showing errors during surprise removal
usb: xhci: Set avgtrblen = 8 for EP0 during Address Device Command
usb: xhci: Avoid showing warnings for dying controller
selftests/futex: Define SYSfutex on 32-bit architectures with 64-bit timet
usb: xhci: print xhci->xhcstate when queuecommand failed
securityfs: don't pin dentries twice, once is enough...
hfs: fix not erasing deleted b-tree node issue
drbd: add missing krefget in handlewrite_conflicts {CVE-2025-38708}
udf: Verify partition map count
arm64: Handle KCOV __init vs inline mismatches
hfsplus: don't use BUGON() in hfspluscreateattributesfile() {CVE-2025-38712}
hfsplus: fix slab-out-of-bounds read in hfsplus_uni2asc() {CVE-2025-40082}
hfsplus: fix slab-out-of-bounds in hfsplusbnoderead() {CVE-2025-38714}
hfs: fix slab-out-of-bounds in hfsbnoderead() {CVE-2025-38715}
sctp: linearize cloned gso packets in sctp_rcv {CVE-2025-38718}
netfilter: ctnetlink: fix refcount leak on table dump {CVE-2025-38721}
udp: also consider secpath when evaluating ipsec use for checksumming
ACPI: processor: perflib: Move problematic pr->performance check {CVE-2025-39799}
ACPI: processor: perflib: Fix initial _PPC limit application
Documentation: ACPI: Fix parent device references
fs: Prevent file descriptor table allocations exceeding INT_MAX {CVE-2025-39756}
sunvdc: Balance device refcount in vdcportmpgroup_check
NFSD: detect mismatch of file handle and delegation stateid in OPEN op
net: dpaa: fix device leak when querying time stamp info
net: gianfar: fix device leak when querying time stamp info
netlink: avoid infinite retry looping in netlink_unicast() {CVE-2025-38727}
ALSA: usb-audio: Validate UAC3 cluster segment descriptors {CVE-2025-39757}
ALSA: usb-audio: Validate UAC3 power domain descriptors, too {CVE-2025-38729}
io_uring: don't use int for ABI
usb: gadget : fix use-after-free in compositedevcleanup() {CVE-2025-38555}
MIPS: mm: tlb-r4k: Uniquify TLB entries on init
USB: serial: option: add Foxconn T99W709
vsock: Do not allow binding to VMADDRPORTANY {CVE-2025-38618}
net/packet: fix a race in packetsetring() and packet_notifier() {CVE-2025-38617}
perf/core: Prevent VMA split of buffer mappings {CVE-2025-38563}
perf/core: Exit early on perf_mmap() fail {CVE-2025-38565}
perf/core: Don't leak AUX buffer refcount on allocation failure
pptp: fix pptp_xmit() error path
smb: client: let recv_done() cleanup before notifying the callers.
benet: fix BUG when creating VFs {CVE-2025-38569}
net: drop UFO packets in udprcvsegment() {CVE-2025-38622}
ipv6: reject malicious packets in ipv6gsosegment() {CVE-2025-38572}
pptp: ensure minimal skb length in pptp_xmit() {CVE-2025-38574}
netpoll: prevent hanging NAPI when netcons gets enabled
NFS: Fix filehandle bounds checking in nfsfhto_dentry() {CVE-2025-39730}
pci/hotplug/pnv-php: Wrap warnings in macro
pci/hotplug/pnv-php: Improve error msg on power state change failure
usb: chipidea: udc: fix sleeping function called from invalid context
f2fs: fix to avoid out-of-boundary access in devs.path {CVE-2025-38652}
f2fs: fix to avoid panic in f2fsevictinode {CVE-2025-38577}
f2fs: fix to avoid UAF in f2fssyncinode_meta() {CVE-2025-38578}
rtc: pcf8563: fix incorrect maximum clock rate handling
rtc: hym8563: fix incorrect maximum clock rate handling
rtc: ds1307: fix incorrect maximum clock rate handling
module: Restore the moduleparam prefix length check
bpf: Check flow_dissector ctx accesses are aligned
mtd: rawnand: atmel: set pmecc data setup time
mtd: rawnand: atmel: Fix dmamappingerror() address
jfs: fix metapage reference count leak in dbAllocCtl
fbdev: imxfb: Check fbaddvideomode to prevent null-ptr-deref {CVE-2025-38630}
crypto: qat - fix seqfile position update in adfring_next()
dmaengine: nbpfaxi: Add missing check after DMA map
dmaengine: mv_xor: Fix missing check after DMA map and missing unmap
fs/orangefs: Allow 2 more characters in docstring()
soundwire: stream: restore params when prepare ports fail
crypto: img-hash - Fix dmaunmapsg() nents value
hwrng: mtk - handle devmpmruntime_enable errors
watchdog: ziiravewdt: check record length in ziiravefirm_verify()
scsi: isci: Fix dmaunmapsg() nents value
scsi: mvsas: Fix dmaunmapsg() nents value
scsi: ibmvscsitgt: Fix dmaunmap_sg() nents value
clk: sunxi-ng: v3s: Fix de clock definition
perf tests bp_account: Fix leaked file descriptor
crypto: ccp - Fix crash when rebind ccp device for ccp.ko {CVE-2025-38581}
pinctrl: sunxi: Fix memory leak on krealloc failure
power: supply: max14577: Handle NULL pdata when CONFIG_OF is not set
clk: davinci: Add NULL check in davincilpscclk_register() {CVE-2025-38635}
mtd: fix possible integer overflow in erase_xfer()
crypto: marvell/cesa - Fix engine load inaccuracy
PCI: rockchip-host: Fix "Unexpected Completion" log message
vrf: Drop existing dst reference in vrfip6input_dst
selftests: rtnetlink.sh: remove esp4_offload after test
netfilter: xt_nfacct: don't assume acct name is null-terminated {CVE-2025-38639}
can: kvaserusb: Assign netdev.devport based on device channel index
can: kvaser_pciefd: Store device channel index
wifi: brcmfmac: fix P2P discovery failure in P2P peer due to missing P2P IE
mwl8k: Add missing check after DMA map
wifi: rtl8xxxu: Fix RX skb size for aggregation disabled
net/sched: Restrict conditions for adding duplicating netems to qdisc tree {CVE-2025-38553}
arch: powerpc: defconfig: Drop obsolete CONFIGNETCLS_TCINDEX
drm/amd/pm/powerplay/hwmgr/smu_helper: fix order of mask and value
m68k: Don't unregister boot console needlessly
tcp: fix tcpofoqueue() to avoid including too much DUP SACK range
iwlwifi: Add missing check for allocorderedworkqueue {CVE-2025-38656}
wifi: iwlwifi: Fix memory leak in iwlmvminit()
wifi: rtl818x: Kill URBs before clearing tx status queue {CVE-2025-38604}
caif: reduce stack size, again
bpftool: Fix memory leak in dumpxxnlmsg on realloc failure
bpf, ktls: Fix data corruption when using bpfmsgpop_data() in ktls {CVE-2025-38608}
staging: nvec: Fix incorrect null termination of battery manufacturer
samples: mei: Fix building on musl libc
cpufreq: Init policy->rwsem before it may be possibly used
ARM: dts: imx6ul-kontron-bl-common: Fix RTS polarity for RS485 interface
usb: early: xhci-dbc: Fix early_ioremap leak
Revert "vmci: Prevent the dispatching of uninitialized payloads" {CVE-2025-38611}
pps: fix poll support
vmci: Prevent the dispatching of uninitialized payloads {CVE-2025-38611}
staging: fbtft: fix potential memory leak in fbtftframebufferalloc() {CVE-2025-38612}
ARM: dts: vfxxx: Correctly use two tuples for timer address
hfsplus: remove mutexlock check in hfsplusfree_extents {CVE-2025-38650}
ASoC: Intel: fix SNDSOCSOF dependencies
ethernet: intel: fix building with large NR_CPUS
usb: phy: mxs: disconnect line when USB charger is attached
usb: chipidea: add USB PHY event
usb: chipidea: introduce CIHDRCCONTROLLERVBUSEVENT glue layer use
usb: chipidea: udc: protect usb interrupt enable
usb: chipidea: udc: add new API cihdrcgadget_connect
ALSA: hda: Add missing NVIDIA HDA codec IDs
comedi: comedi_test: Fix possible deletion of uninitialized timers
nilfs2: reject invalid file types when reading inodes {CVE-2025-38663}
i2c: qup: jump out of the loop in case of timeout {CVE-2025-38671}
net/sched: schqfq: Avoid triggering mightsleep in atomic context in qfqdeleteclass
net: appletalk: Fix use-after-free in AARP proxy probe {CVE-2025-38666}
net: appletalk: fix kerneldoc warnings
RDMA/core: Rate limit GID cache warning messages
regulator: core: fix NULL dereference on unbind due to stale coupling data {CVE-2025-38668}
usb: hub: Fix flushing and scheduling of delayed work that tunes runtime pm
usb: hub: fix detection of high tier USB3 devices behind suspended hubs
netsched: schsfq: reject invalid perturb period {CVE-2025-38193}
power: supply: bq24190: Fix use after free bug in bq24190_remove due to race condition {CVE-2023-33288}
power: supply: bq24190charger: using pmruntimeresumeandget instead of pmruntimegetsync
power: supply: bq24190_charger: Fix runtime PM imbalance on error
xhci: Disable stream for xHC controller with XHCIBROKENSTREAMS
virtio-net: ensure the received length does not exceed allocated size {CVE-2025-38375}
ASoC: fsl_sai: Force a software reset when starting in consumer mode
usb: dwc3: qcom: Don't leave BCR asserted
usb: musb: fix gadget state on disconnect
net/sched: Return NULL when htblookupleaf encounters an empty rbtree {CVE-2025-38468}
net: vlan: fix VLAN 0 refcount imbalance of toggling filtering during runtime {CVE-2025-38470}
Bluetooth: L2CAP: Fix attempting to adjust outgoing MTU
Bluetooth: SMP: Fix using HCIERRORREMOTEUSERTERM on timeout
Bluetooth: SMP: If an unallowed command is received consider it a failure
Bluetooth: Fix null-ptr-deref in l2capsockresume_cb() {CVE-2025-38473}
usb: net: sierra: check for no status endpoint {CVE-2025-38474}
net/sched: schqfq: Fix race condition on qfqaggregate {CVE-2025-38477}
net: emaclite: Fix missing pointer increment in aligned_read()
comedi: Fix use of uninitialized data in insnrwemulate_bits() {CVE-2025-38480}
comedi: Fix some signed shift left operations
comedi: das6402: Fix bit shift out of bounds {CVE-2025-38482}
comedi: das16m1: Fix bit shift out of bounds {CVE-2025-38483}
comedi: aioiiro16: Fix bit shift out of bounds {CVE-2025-38529}
comedi: pcl812: Fix bit shift out of bounds {CVE-2025-38530}
iio: adc: stm32-adc: Fix race in installing chained IRQ handler
iio: adc: max1363: Reorder mode_list[] entries
iio: adc: max1363: Fix MAX13634XCHANS/MAX13638XCHANS[]
soc: aspeed: lpc-snoop: Don't disable channels that aren't enabled {CVE-2025-38487}
soc: aspeed: lpc-snoop: Cleanup resources in stack-order
mmc: sdhci_am654: Workaround for Errata i2312
mmc: sdhci-pci: Quirk for broken command queuing on Intel GLK-based Positivo models
mmc: bcm2835: Fix dmaunmapsg() nents value
memstick: core: Zero initialize idreg in hmemstickreaddev_id()
isofs: Verify inode mode when loading from disk
dmaengine: nbpfaxi: Fix memory corruption in probe() {CVE-2025-38538}
afpacket: fix soft lockup issue caused by tpacketsnd()
afpacket: fix the SOSNDTIMEO constraint not effective on tpacked_snd()
phonet/pep: Move call to pnskbgetdstsockaddr() earlier in pepsockaccept()
HID: core: do not bypass hidhwraw_request {CVE-2025-38494}
HID: core: ensure _hidrequest reserves the report ID as the first byte
HID: core: ensure the allocated report buffer can contain the reserved report ID {CVE-2025-38495}
pchuart: Fix dmasyncsgfor_device() nents value
Input: xpad - set correct controller type for Acer NGR200
i2c: stm32: fix the device used for the DMA map
usb: gadget: configfs: Fix OOB read on empty string write {CVE-2025-38497}
USB: serial: ftdi_sio: add support for NDI EMGUIDE GEMINI
USB: serial: option: add Foxconn T99W640
USB: serial: option: add Telit Cinterion FE910C04 (ECM) composition
LTS tag: v5.4.296
x86/mm: Disable hugetlb page table sharing on 32-bit
Input: atkbd - do not skip atkbddeactivate() when skipping ATKBDCMD_GETID
HID: quirks: Add quirk for 2 Chicony Electronics HP 5MP Cameras {CVE-2025-38540}
HID: Add IGNORE quirk for SMARTLINKTECHNOLOGY
vt: add missing notification when switching back to text mode
net: usb: qmi_wwan: add SIMCom 8230C composition
atm: idt77252: Add missing dma_map_error()
bnxten: Set DMA unmap len correctly for XDPREDIRECT {CVE-2025-38439}
bnxt_en: Fix DCB ETS validation
can: mcan: mcanhandlelost_msg(): downgrade msg lost in rx message to debug level
net: phy: microchip: limit 100M workaround to link-down events on LAN88xx
net: appletalk: Fix device refcount leak in atrtr_create() {CVE-2025-38542}
md/raid1: Fix stack memory use after return in raid1_reshape {CVE-2025-38445}
wifi: zd1211rw: Fix potential NULL pointer dereference in zdmactxtodev() {CVE-2025-38513}
dma-buf: fix timeout handling in dmaresvwait_timeout v2
Input: xpad - support Acer NGR 200 Controller
Input: xpad - add VID for Turtle Beach controllers
Input: xpad - add support for Amazon Game Controller
NFSv4/flexfiles: Fix handling of NFS level errors in I/O
flexfiles/pNFS: update stats on NFS4ERR_DELAY for v4.1 DSes
RDMA/mlx5: Fix vport loopback for MPV device
netlink: Fix rmem check in netlinkbroadcastdeliver().
netlink: make sure we allow at least one dump skb
Revert "ACPI: battery: negate current when discharging"
usb: gadget: u_serial: Fix race condition in TTY wakeup {CVE-2025-38448}
drm/sched: Increment job count before swapping tail spsc queue {CVE-2025-38515}
pinctrl: qcom: msm: mark certain pins as invalid for interrupts {CVE-2025-38516}
x86/mce: Make sure CMCI banks are cleared during shutdown on Intel
x86/mce: Don't remove sysfs if thresholding sysfs init fails
x86/mce/amd: Fix threshold limit reset
rxrpc: Fix oops due to non-existence of prealloc backlog struct {CVE-2025-38514}
net/sched: Abort __tcmodifyqdisc if parent class does not exist {CVE-2025-38457}
atm: clip: Fix NULL pointer dereference in vcc_sendmsg() {CVE-2025-38458}
atm: clip: Fix infinite recursive call of clip_push(). {CVE-2025-38459}
atm: clip: Fix memory leak of struct clip_vcc. {CVE-2025-38546}
atm: clip: Fix potential null-ptr-deref in to_atmarpd(). {CVE-2025-38460}
tipc: Fix use-after-free in tipcconnclose(). {CVE-2025-38464}
netlink: Fix wraparounds of sk->skrmemalloc. {CVE-2025-38465}
fix procsyscompare() handling of in-lookup dentries
proc: Clear the pieces of procinode that procevict_inode cares about
drm/exynos: exynos7drmdecon: add vblank check in IRQ handling {CVE-2025-38467}
staging: rtl8723bs: Avoid memset() in aescipher() and aesdecipher()
media: uvcvideo: Rollback non processed entities on error
media: uvcvideo: Send control events for partial succeeds
media: uvcvideo: Return the number of processed controls
ACPI: PAD: fix crash in exitroundrobin() {CVE-2024-49935}
usb: typec: displayport: Fix potential deadlock {CVE-2025-38404}
Logitech C-270 even more broken
rose: fix dangling neighbour pointers in rosertdevice_down() {CVE-2025-38377}
net: rose: Fix fall-through warnings for Clang
drm/i915/gt: Fix timeline left held on VMA alloc error {CVE-2025-38389}
drm/i915/selftests: Change mock_request() to return error pointers
spi: spi-fsl-dspi: Clear completion counter before initiating transfer
spi: spi-fsl-dspi: Fix interrupt-less DMA mode taking an XSPI code path
spi: spi-fsl-dspi: Rename fifo_{read,write} and {tx,cmd}fifowrite
dpaa2-eth: fix xdprxqinfo leak
ethernet: atl1: Add missing DMA mapping error checks and count errors
btrfs: use btrfsrecordsnapshot_destroy() during rmdir
btrfs: propagate lastunlinktrans earlier when doing a rmdir
RDMA/mlx5: Fix CC counters query for MPV
RDMA/core: Create and destroy counters in the ib_core
scsi: ufs: core: Fix spelling of a sysfs attribute name
drm/v3d: Disable interrupts before resetting the GPU {CVE-2025-38371}
mtk-sd: reset host->mrq on prepare_data() error
mtk-sd: Prevent memory corruption from DMA map failure {CVE-2025-38401}
mmc: mediatek: use data instead of mrq parameter from msdc_{un}prepare_data()
regulator: gpio: Fix the out-of-bounds access to drvdata::gpiods {CVE-2025-38395}
regulator: gpio: Add inputsupply support in gpioregulator_config
ACPICA: Refuse to evaluate a method if arguments are missing {CVE-2025-38386}
wifi: ath6kl: remove WARN on bad firmware input {CVE-2025-38406}
wifi: mac80211: drop invalid source address OCB frames
powerpc: Fix struct termio related ioctl macros
ata: pata_cs5536: fix build on 32-bit UML
ALSA: sb: Force to disable DMAs once when DMA mode is changed
nui: Fix dmamappingerror() check
enic: fix incorrect MTU comparison in enicchangemtu()
amd-xgbe: align CL37 AN sequence as per databook
lib: testobjagg: Set error message in checkexpecthintsstats()
drm/exynos: fimd: Guard display clock control with runtime PM calls
btrfs: fix missing error handling when searching for inode refs during log replay
scsi: qla4xxx: Fix missing DMA mapping error in qla4xxxallocpdu()
nfs: Clean up /proc/net/rpc/nfs when nfsfsprocnetinit() fails. {CVE-2025-38400}
RDMA/mlx5: Initialize objevent->objsublist before xainsert {CVE-2025-38387}
platform/mellanox: mlxbf-tmfifo: fix vring_desc.len assignment
mtk-sd: Fix a pagefault in dmaunmapsg() for not prepared data
usb: typec: altmodes/displayport: do not index invalid pin_assignments {CVE-2025-38391}
mmc: sdhci: Add a helper function for dump register in dynamic debug mode
vsock/vmci: Clear the vmci transport packet properly when initializing it {CVE-2025-38403}
btrfs: don't abort filesystem when attempting to snapshot deleted subvolume {CVE-2024-26644}
arm64: Restrict pagetable teardown to avoid false warning
s390: Add '-std=gnu11' to decompressor and purgatory CFLAGS
drm/bridge: cdns-dsi: Check return value when getting default PHY config
drm/bridge: cdns-dsi: Fix connecting to next bridge
drm/bridge: cdns-dsi: Fix the clock variable for mode_valid()
drm/tegra: Assign plane type before registration
HID: wacom: fix kobject reference count leak
HID: wacom: fix memory leak on sysfs attribute creation failure
HID: wacom: fix memory leak on kobject creation failure
dm-raid: fix variable in journal device check
Bluetooth: L2CAP: Fix L2CAP MTU negotiation
atm: Release atmdevmutex after removing procfs in atmdevderegister(). {CVE-2025-38245}
net: enetc: Correct endianness handling in enetcrd_reg64
um: ubd: Add missing error check in startiothread()
vsock/uapi: fix linux/vm_sockets.h userspace compilation errors
wifi: mac80211: fix beacon interval calculation overflow
attachrecursivemnt(): do not lock the covering tree when sliding something under it
ALSA: usb-audio: Fix out-of-bounds read in sndusbgetaudioformatuac3() {CVE-2025-38249}
i2c: robotfuzz-osif: disable zero-length read messages
i2c: tiny-usb: disable zero-length read messages
RDMA/iwcm: Fix use-after-free of work objects after cm_id destruction {CVE-2025-38211}
RDMA/core: Use refcountt instead of atomict on refcount of iwcmidprivate
media: vivid: Change the siize of the composing {CVE-2025-38226}
media: omap3isp: use sgtable-based scatterlist wrappers
media: cxusb: no longer judge rbuf when the write fails {CVE-2025-38229}
media: cxusb: use dev_dbg() rather than hand-rolled debug
jfs: validate AG parameters in dbMount() to prevent crashes {CVE-2025-38230}
fs/jfs: consolidate sanity checking in dbMount
ASoC: meson: meson-card-utils: use ofpropertypresent() for DT parsing
of: Add ofpropertypresent() helper
of: property: define ofpropertyread_u{8,16,32,64}_array() unconditionally
kbuild: hdrcheck: fix cross build with clang
kbuild: add --target to correctly cross-compile UAPI headers with Clang
bpfilter: match bit size of bpfilter_umh to that of the kernel
kbuild: use -MMD instead of -MD to exclude system headers from dependency
VMCI: fix race between vmcihostsetupnotify and vmcictxunsetnotify {CVE-2025-38102}
VMCI: check context->notifypage after call to getuserpagesfast() to avoid GPF {CVE-2023-53259}
ovl: Check for NULL dinode() in ovldentry_upper()
ceph: fix possible integer overflow in cephzeroobjects()
ALSA: hda: Ignore unsol events for cards being shut down
usb: typec: displayport: Receive DP Status Update NAK request exit dp altmode {CVE-2025-38404}
usb: cdc-wdm: avoid setting WDM_READ for ZLP-s
usb: Add checks for snprintf() calls in usballocdev()
tty: serial: uartlite: register uart driver in init {CVE-2025-38262}
usb: potential integer overflow in usbgmaketpg()
iio: pressure: zpa2326: Use aligned_s64 for the timestamp
md/md-bitmap: fix dm-raid maxwritebehind setting
dmaengine: xilinxdma: Set dmadevice directions
mfd: max14577: Fix wakeup source leaks on device unbind
mailbox: Not protect moduleput with spinlock_irqsave
cifs: Fix cifsquerypath_info() for Windows NT servers
net/rds: Fix rsrecvpending counting issue
LTS tag: v5.4.301
net: rtnetlink: fix module reference count leak issue in rtnetlinkrcvmsg
media: s5p-mfc: remove an unused/uninitialized variable
NFSD: Fix last write offset handling in layoutcommit
NFSD: Minor cleanup in layoutcommit processing
padata: Reset next CPU when reorder sequence wraps around
KEYS: trusted_tpm1: Compare HMAC values in constant time
NFSD: Define a proc_layoutcommit for the FlexFiles layout type
vfs: Don't leak disconnected dentries on umount
jbd2: ensure that all ongoing I/O complete before freeing blocks
ext4: detect invalid INLINE_DATA + EXTENTS flag combination
drm/amdgpu: use atomic functions with memory barriers for vm fault info
ext4: avoid potential buffer over-read in parseapplysbmountoptions()
spi: cadence-quadspi: Flush posted register writes before DAC access
spi: cadence-quadspi: Flush posted register writes before INDAC access
memory: samsung: exynos-srom: Fix ofiomap leak in exynossrom_probe
memory: samsung: exynos-srom: Correct alignment
arm64: errata: Apply workarounds for Neoverse-V3AE
arm64: cputype: Add Neoverse-V3AE definitions
comedi: fix divide-by-zero in comedibufmunge()
binder: remove "invalid inc weak" check
xhci: dbc: enable back DbC in resume if it was enabled before suspend
usb/core/quirks: Add Huawei ME906S to wakeup quirk
USB: serial: option: add Telit FN920C04 ECM compositions
USB: serial: option: add Quectel RG255C
USB: serial: option: add UNISOC UIS7720
net: ravb: Ensure memory write completes before ringing TX doorbell
net: usb: rtl8150: Fix frame padding
ocfs2: clear extent cache after moving/defragmenting extents
MIPS: Malta: Fix keyboard resource preventing i8042 driver from registering
Revert "cpuidle: menu: Avoid discarding useful information"
net: bonding: fix possible peer notify event loss or dup issue
sctp: avoid NULL dereference when chunk data buffer is missing
arm64, mm: avoid always making PTE dirty in pte_mkwrite()
net: enetc: correct the value of ENETCRXBTRUESIZE
rtnetlink: Allow deleting FDB entries in user namespace
net: rtnetlink: add NLMFBULK support to rtnlfdbdel
net: add ndofdbdel_bulk
net: rtnetlink: add bulk delete support flag
net: netlink: add NLMFBULK delete request modifier
net: rtnetlink: use BIT for flag values
net: rtnetlink: add helper to extract msg type's kind
net: rtnetlink: add msg kind names
net: rtnetlink: remove redundant assignment to variable err
m68k: bitops: Fix find_*_bit() signatures
hfsplus: return EIO when type of hidden directory mismatch in hfsplusfillsuper()
hfs: fix KMSAN uninit-value issue in hfsfindsetzerobits()
dlm: check for defined force value in dlmlockspacerelease
hfsplus: fix KMSAN uninit-value issue in hfsplusdeletecat()
hfs: validate record offset in hfsplusbmapalloc
hfsplus: fix KMSAN uninit-value issue in _hfsplusextcacheextent()
hfs: make proper initalization of struct hfsfinddata
hfs: clear offset and space out of valid records in b-tree node
exec: Fix incorrect type for ret
hfsplus: fix slab-out-of-bounds read in hfsplus_strcasecmp()
ALSA: firewire: amdtp-stream: fix enum kernel-doc warnings
sched/fair: Fix pelt lost idle time detection
sched/balancing: Rename newidlebalance() => schedbalance_newidle()
sched/fair: Trivial correction of the newidle_balance() comment
sched: Make newidle_balance() static again
tls: don't rely on tx_work during send()
tls: always set recordtype in tlsprocess_cmsg
tg3: prevent use of uninitialized remoteadv and localadv variables
tcp: fix tcptsoshould_defer() vs large RTT
amd-xgbe: Avoid spurious link down messages during interface toggle
net/ip6_tunnel: Prevent perpetual tunnel growth
net: dlink: handle dmamapsingle() failure properly
net: dl2k: switch from 'pci_' to 'dma_' API
media: pci: ivtv: Add missing check after DMA map
media: pci/ivtv: switch from 'pci_' to 'dma_' API
xen/events: Update virqtoirq on migration
media: lirc: Fix error handling in lirc_register()
media: rc: Directly use ida_free()
drm/exynos: exynos7drmdecon: remove ctx->suspended
btrfs: avoid potential out-of-bounds in btrfsencodefh()
pwm: berlin: Fix wrong register in suspend/resume
media: cx18: Add missing check after DMA map
xen/events: Cleanup find_virq() return codes
cramfs: Verify inode mode when loading from disk
fs: Add 'initramfs_options' to set initramfs mount options
pid: Add a judgment for ns null in pidnrns
minixfs: Verify inode mode when loading from disk
tracing: Fix race condition in kprobe initialization causing NULL pointer dereference
dm: fix NULL pointer dereference in _dmsuspend()
mfd: intelsocpmicchtdcti: Set usesingleread regmap_config flag
mfd: intelsocpmicchtdcti: Drop unneeded assignment for cache_type
mfd: intelsocpmicchtdcti: Fix invalid regmap-config max_register value
Squashfs: reject negative file sizes in squashfsreadinode()
Squashfs: add additional inode sanity checking
media: mc: Clear minor number before put device
mfd: vexpress-sysreg: Check the return value of devmgpiochipadd_data()
fs: udf: fix OOB read in lengthAllocDescs handling
KVM: x86: Don't (re)check L1 intercepts when completing userspace I/O
net/9p: fix double req put in p9fdcancelled
ext4: guard against EA inode refcount underflow in xattr update
ext4: correctly handle queries for metadata mappings
ext4: increase idisksize to offset + len in ext4updatedisksizebefore_punch()
nfsd: nfserrjukebox in nlmfopen should lead to a retry
x86/umip: Fix decoding of register forms of 0F 01 (SGDT and SIDT aliases)
x86/umip: Check that the instruction opcode is at least two bytes
PCI: keystone: Use devmrequestirq() to free "ks-pcie-error-irq" on exit
PCI/AER: Fix missing uevent on recovery when a reset is requested
PCI/IOV: Add PCI rescan-remove locking when enabling/disabling SR-IOV
rseq/selftests: Use weak symbol reference, not definition, to link with glibc
rtc: interface: Fix long-standing race when setting alarm
rtc: interface: Ensure alarm irq is enabled when UIE is enabled
mmc: core: SPI mode remove cmd7
mtd: rawnand: fsmc: Default to autodetect buswidth
sparc: fix error handling in scanonedevice()
sparc64: fix hugetlb for sun4u
sctp: Fix MAC comparison to be constant-time
scsi: hpsa: Fix potential memory leak in hpsabigpassthru_ioctl()
parisc: don't reference obsolete termio struct for TC* constants
lib/genalloc: fix device leak in ofgenpool_get()
iio: frequency: adf4350: Fix prescaler usage.
iio: dac: ad5421: use int type to store negative error codes
iio: dac: ad5360: use int type to store negative error codes
crypto: atmel - Fix dmaunmapsg() direction
cpufreq: intelpstate: Fix object lifecycle issue in updateqos_request()
drm/nouveau: fix bad ret code in nouveaubomove_prep
media: i2c: mt9v111: fix incorrect type for ret
firmware: meson_sm: fix device leak at probe
xen/manage: Fix suspend error path
arm64: dts: qcom: msm8916: Add missing MDSS reset
ACPI: debug: fix signedness issues in read/write helpers
ACPI: TAD: Add missing sysfsremovegroup() for ACPITADRT
tpmtis: Fix incorrect arguments in tpmtisprobeirq_single
tpm, tpm_tis: Claim locality before writing interrupt registers
crypto: essiv - Check ssize for decryption and in-place encryption
mailbox: zynqmp-ipi: Remove dev.parent check in zynqmpipifree_mboxes
mailbox: zynqmp-ipi: Remove redundant mboxcontrollerunregister() call
tools build: Align warning options with perf
net: fslpqmdio: Fix device node reference leak in fslpqmdio_probe
tcp: Don't call reqskfastopenremove() in tcpconnrequest().
net/sctp: fix a null dereference in sctpdisposition sctpsfdo51Dce()
drm/vmwgfx: Fix Use-after-free in validation
net/mlx4: prevent potential use after free in mlx4endoucfilter()
scsi: mvsas: Fix use-after-free bugs in mvsworkqueue
scsi: mvsas: Use sastaskfind_rq() for tagging
scsi: mvsas: Delete mvstaginit()
scsi: libsas: Add sastaskfind_rq()
clk: nxp: Fix pll0 rate check condition in LPC18xx CGU driver
clk: nxp: lpc18xx-cgu: convert from roundrate() to determinerate()
perf session: Fix handling when buffer exceeds 2 GiB
rtc: x1205: Fix Xicor X1205 vendor prefix
perf util: Fix compression checks returning -1 as bool
iio: frequency: adf4350: Fix ADF4350REG312BITCLKDIVMODE
clocksource/drivers/clps711x: Fix resource leaks in error paths
pinctrl: check the return value of pinmuxops::getfunction_name()
Input: uinput - zero-initialize uinputffupload_compat to avoid info leak
mm: hugetlb: avoid soft lockup when mprotect to large memory area
uiohvgeneric: Let userspace take care of interrupt mask
Squashfs: fix uninit-value in squashfsgetparent
net: ena: return 0 in enagetrxfhkeysize() when RSS hash key is not configurable
nfp: fix RSS hash key size when RSS is not supported
drivers/base/node: fix double free in registeronenode()
ocfs2: fix double free in userclusterconnect()
net: usb: Remove disruptive netifwakequeue in rtl8150setmulticast
RDMA/siw: Always report immediate post SQ errors
usb: vhci-hcd: Prevent suspending virtually attached devices
scsi: mpt3sas: Fix crash in transport port remove by using ioc_info()
ipvs: Defer ipvsftp unregister during netns cleanup
NFSv4.1: fix backchannel maxrespsz verification check
remoteproc: qcom: q6v5: Avoid disabling handover IRQ twice
sparc: fix accurate exception reporting in copy_{from,to}_user for M7
sparc: fix accurate exception reporting in copytouser for Niagara 4
sparc: fix accurate exception reporting in copy_{from_to}_user for Niagara
sparc: fix accurate exception reporting in copy_{from_to}_user for UltraSPARC III
sparc: fix accurate exception reporting in copy_{from_to}_user for UltraSPARC
IB/sa: Fix salocalsvctimeoutms read race
RDMA/core: Resolve MAC of next-hop device without ARP support
wifi: mt76: fix potential memory leak in mt76wmacprobe()
drivers/base/node: handle error properly in registeronenode()
watchdog: mpc8xxx_wdt: Reload the watchdog timer when enabling the watchdog
netfilter: ipset: Remove unused htablebits in macro ahashregion
iio: consumers: Fix offset handling in iioconvertrawtoprocessed()
ASoC: Intel: bytcr_rt5651: Fix invalid quirk input mapping
ASoC: Intel: bytcr_rt5640: Fix invalid quirk input mapping
ASoC: Intel: bytcht_es8316: Fix invalid quirk input mapping
pps: fix warning in ppsregistercdev when register device fail
misc: genwqe: Fix incorrect cmd field being reported in error
usb: gadget: configfs: Correctly set useosstring at bind
usb: phy: twl6030: Fix incorrect type for ret
tcp: fix _tcpclose() to only send RST when required
PCI: tegra: Fix devm_kcalloc() argument order for port->phys allocation
wifi: mwifiex: send world regulatory domain to driver
ALSA: lx_core: use int type to store negative error codes
media: rj54n1cb0c: Fix memleak in rj54n1_probe()
scsi: myrs: Fix dmaalloccoherent() error check
scsi: pm80xx: Fix array-index-out-of-of-bounds on rmmod
serial: max310x: Add error checking in probe()
usb: host: max3421-hcd: Fix error pointer dereference in probe cleanup
drm/radeon/r600cs: clean up of dead code in r600cs
i2c: designware: Add disabling clocks when probe fails
i2c: mediatek: fix potential incorrect use of I2CMASTERWRRD
bpf: Explicitly check accesses to bpfsockaddr
selftests: watchdog: skip ping loop if WDIOF_KEEPALIVEPING not supported
pwm: tiehrpwm: Fix corner case in clock divisor calculation
block: use int to store blkstacklimits() return value
blk-mq: check kobject stateinsysfs before deleting in blkmqunregister_hctx
pinctrl: meson-gxl: add missing i2c_d pinmux
soc: qcom: rpmh-rsc: Unconditionally clear _TRIGGER bit for TCS
ACPI: processor: idle: Fix memory leak when register cpuidle device failed
regmap: Remove superfluous check for !config in _regmapinit()
x86/vdso: Fix output operand size of RDPID
perf: armspe: Prevent overflow in PERFIDX2OFF()
driver core/PM: Set power.nocallbacks along with power.nopm
staging: axis-fifo: flush RX FIFO on read errors
staging: axis-fifo: fix maximum TX packet length check
perf subcmd: avoid crash in exclude_cmds when excludes is empty
dm-integrity: limit MAXTAGSIZE to 255
wifi: rtlwifi: rtl8192cu: Don't claim USB ID 07b8:8188
USB: serial: option: add SIMCom 8230C compositions
media: rc: fix races with imon_disconnect()
media: imon: grab lock earlier in imonirchange_protocol()
media: imon: reorganize serialization
media: rc: Add support for another iMON 0xffdc device
media: i2c: tc358743: Fix use-after-free bugs caused by orphan timer in probe
media: tuner: xc5000: Fix use-after-free in xc5000_release
media: tunner: xc5000: Refactor firmware load
udp: Fix memory accounting leak.
media: b2c2: Fix use-after-free causing by irqcheckwork in flexcoppciremove
scsi: target: targetcoreconfigfs: Add length check to avoid buffer overflow
LTS tag: v5.4.300
KVM: SVM: Sync TPR from LAPIC into VMCB::V_TPR even if AVIC is active
mm/hugetlb: fix folio is still mapped when deleted
i40e: add mask to apply valid bits for itr_idx
i40e: fix validation of VF state in get resources
i40e: fix idx validation in config queues msg
i40e: add validation for ring_len param
i40e: increase max descriptors for XL710
mm/migratedevice: don't add folio to be freed to LRU in migratedevice_finalize()
fbcon: Fix OOB access in font allocation
fbcon: fix integer overflow in fbcondoset_font
i40e: add max boundary check for VF filters
i40e: fix input validation logic for action_meta
i40e: fix idx validation in i40evalidatequeue_map
drm/gma500: Fix null dereference in hdmi teardown
can: peak_usb: fix shift-out-of-bounds issue
can: mcbausb: populate ndochange_mtu() to prevent buffer overflow
can: sun4ican: populate ndochange_mtu() to prevent buffer overflow
can: hi311x: populate ndochangemtu() to prevent buffer overflow
can: rcarcan: rcarcan_resume(): fix s2ram with PSCI
IB/mlx5: Fix obj_type mismatch for SRQ event subscriptions
usb: core: Add 0x prefix to quirks debug output
ALSA: usb-audio: Fix build with CONFIG_INPUT=n
ALSA: usb-audio: Convert comma to semicolon
ALSA: usb-audio: Add mixer quirk for Sony DualSense PS5
ALSA: usb-audio: Remove unneeded wmb() in mixer_quirks
ALSA: usb-audio: Simplify NULL comparison in mixer_quirks
ALSA: usb-audio: Avoid multiple assignments in mixer_quirks
ALSA: usb-audio: Fix block comments in mixer_quirks
net: rfkill: gpio: Fix crash due to dereferencering uninitialized pointer
net: rfkill: gpio: add DT support
serial: sc16is7xx: fix bug in flow control levels init
USB: gadget: dummy-hcd: Fix locking bug in RT-enabled kernels
usb: gadget: dummy_hcd: remove usage of list iterator past the loop body
ASoC: SOF: Intel: hda-stream: Fix incorrect variable used in error message
ASoC: wm8974: Correct PLL rate rounding
ASoC: wm8940: Correct typo in control name
mmc: mvsdio: Fix dmaunmapsg() nents value
nilfs2: fix CFI failure when accessing /sys/fs/nilfs2/features/*
cnic: Fix use-after-free bugs in cnicdeletetask
net: liquidio: fix overflow in octeoninitinstr_queue()
tcp: Clear tcpsk(sk)->fastopenrsk in tcp_disconnect().
i40e: remove redundant memory barrier when cleaning Tx descs
net: natsemi: fix rx_dropped double accounting on netif_rx() failure
cgroup: split cgroupdestroywq into 3 workqueues
pcmcia: omap_cf: Mark driver struct with __refdata to prevent section mismatch
wifi: mac80211: fix incorrect type for ret
ALSA: firewire-motu: drop EPOLLOUT from poll return values as write is not supported
mm/memory-failure: fix VMBUGON_PAGE(PagePoisoned(page)) when unpoison memory
phy: ti-pipe3: fix device leak at unbind
dmaengine: qcom: bam_dma: Fix DT error handling for num-channels/ees
dmaengine: ti: edma: Fix memory allocation size for queueprioritymap
can: j1939: j1939localecuget(): undo increment when j1939localecuget() fails
can: j1939: j1939skbind(): call j1939privput() immediately when j1939localecu_get() failed
i40e: fix IRQ freeing in i40evsirequestirqmsix error path
i40e: Use irqupdateaffinity_hint()
genirq: Provide new interfaces for affinity hints
genirq: Export affinity setter for modules
genirq/affinity: Add irqupdateaffinity_desc()
igb: fix link test skipping when interface is admin down
net: fec: Fix possible NPD in fecenetphyresetafterclkenable()
USB: serial: option: add Telit Cinterion LE910C4-WWX new compositions
USB: serial: option: add Telit Cinterion FN990A w/audio compositions
tty: hvcconsole: Call hvckick in hvc_write unconditionally
mtd: nand: raw: atmel: Respect tAR, tCLR in read setup timing
mtd: nand: raw: atmel: Fix comment in timings preparation
mtd: rawnand: stm32_fmc2: avoid overlapping mappings on ECC buffer
mm/khugepaged: fix the address passed to notifier on testing young
fuse: prevent overflow in copyfilerange return value
fuse: check if copyfilerange() returns larger than requested size
mtd: rawnand: stm32_fmc2: fix ECC overwrite
ocfs2: fix recursive semaphore deadlock in fiemap call
EDAC/altera: Delete an inappropriate dmafreecoherent() call
tcpbpf: Call skmsgfree() when tcpbpfsendverdict() fails to allocate psock->cork.
net: Fix null-ptr-deref by socklockinitclassand_name() and rmmod.
device-dax: correct pgoff align in daxsetmapping() {CVE-2024-50022}
Revert "net/mlx5e: Update and set Xon/Xoff upon MTU set"
KVM: x86: Take irqfds.lock when adding/deleting IRQ bypass producer
rds: Free all frags when rdsibrecvcacheput() fails
bpf/bpfget,setsockopt: add option to set TCP-BPF sock ops flags
NFSv4: Don't clear capabilities that won't be reset
power: supply: bq27xxx: restrict no-battery detection to bq27000
power: supply: bq27xxx: fix error return in case of no bq27000 hdq battery
usb: hub: Fix flushing of delayed work used for post resume purposes
soc: qcom: mdtloader: Deal with zero eshentsize
Revert "net/mlx5e: Update and set Xon/Xoff upon port speed set"
LTS tag: v5.4.299
scsi: lpfc: Fix buffer free/clear order in deferred receive path
dmaengine: mediatek: Fix a flag reuse error in mtkcqdmatx_status()
cifs: fix integer overflow in match_server()
spi: spi-fsl-lpspi: Reset FIFO and disable module on transfer abort
spi: spi-fsl-lpspi: Set correct chip-select polarity bit
spi: spi-fsl-lpspi: Fix transmissions when using CONT
pcmcia: Add error handling for addinterval() in dovalidate_mem()
ALSA: hda/hdmi: Add pin fix for another HP EliteDesk 800 G4 model
randstruct: gcc-plugin: Fix attribute addition
randstruct: gcc-plugin: Remove bogus void member
vmxnet3: update MTU after device quiesce
net: dsa: microchip: linearize skb for tail-tagging switches
net: dsa: microchip: update tag_ksz masks for KSZ9477 family
dmaengine: mediatek: Fix a possible deadlock error in mtkcqdmatx_status()
ALSA: hda/realtek - Add new HP ZBook laptop with micmute led fixup
gpio: pca953x: fix IRQ storm on system wake up
iio: light: opt3001: fix deadlock due to concurrent flag access
iio: chemical: pms7003: use aligned_s64 for timestamp
cpufreq/sched: Explicitly synchronize limits_changed flag handling
mm/slub: avoid accessing metadata when pointer is invalid in object_err()
mm/khugepaged: fix ->anon_vma race
e1000e: fix heap overflow in e1000seteeprom
batman-adv: fix OOB read/write in network-coding decode
drm/amdgpu: drop hw access in non-DC audio fini
wifi: mwifiex: Initialize the chan_stats array to zero
pcmcia: Fix a NULL pointer dereference in _iodynfindioregion()
ALSA: usb-audio: Add mute TLV for playback volumes on some devices
ppp: fix memory leak in padcompressskb
net: atm: fix memory leak in atmregistersysfs when device_register fail
ax25: properly unshare skbs in ax25kissrcv()
ipv4: Fix NULL vs error pointer check in inetblackholedev_init()
net: thunderbgx: add a missing ofnode_put
wifi: libertas: cap SSID len in lbs_associate()
wifi: cw1200: cap SSID length in cw1200dojoin()
net: ethernet: mtkethsoc: fix tx vlan tag for llc packets
i40e: Fix potential invalid access when MAC list is empty
icmp: fix icmpndosend address translation for reply direction
mISDN: Fix memory leak in dsphwecenable()
xirc2ps_cs: fix register access when enabling FullDuplex
Bluetooth: Fix use-after-free in l2capsockcleanup_listen()
netfilter: conntrack: helper: Replace -EEXIST by -EBUSY
wifi: cfg80211: fix use-after-free in cmp_bss()
powerpc: boot: Remove leading zero in label in udelay()
hugetlbfs: take readlock on immap for PMD sharing
kallsyms: add modulekallsymsoneachsymbol_locked
kallsyms: export modulekallsymsoneachsymbol
uek-rpm: Move ifb module to nano modules
cloneprivatemnt(): make sure that caller has CAPSYSADMIN in the right userns {CVE-2025-38499}
x86/vmscape: Warn when STIBP is disabled with SMT
x86/bugs: Move cpubugssmt_update() down
x86/vmscape: Enable the mitigation
x86/vmscape: Add conditional IBPB mitigation
x86/vmscape: Add old Intel CPUs to affected list
x86/vmscape: Enumerate VMSCAPE bug
Documentation/hw-vuln: Add VMSCAPE documentation
LTS tag: v5.4.298
Revert "drm/dp: Change AUX DPCD probe address from DPCDREV to LANE01_STATUS"
net: usb: qmi_wwan: add Telit Cinterion LE910C4-WWX new compositions
Revert "drm/amdgpu: fix incorrect vm flags to map bo"
HID: hid-ntrig: fix unable to handle page fault in ntrigreportversion()
HID: wacom: Add a new Art Pen 2
HID: asus: fix UAF via HIDCLAIMEDINPUT validation
efivarfs: Fix slab-out-of-bounds in efivarfsdcompare
sctp: initialize more fields in sctpv6from_sk()
net: stmmac: xgmac: Do not enable RX FIFO Overflow interrupts
net/mlx5e: Set local Xoff after FW update
net/mlx5e: Update and set Xon/Xoff upon port speed set
net/mlx5e: Update and set Xon/Xoff upon MTU set
net: dlink: fix multicast stats being counted incorrectly
atm: atmtcp: Prevent arbitrary write in atmtcprecvcontrol().
net/atm: remove the atmdev_ops {get, set}sockopt methods
Bluetooth: hcievent: Detect if HCIEVNUMCOMP_PKTS is unbalanced
powerpc/kvm: Fix ifdef to remove build warning
net: ipv4: fix regression in local-broadcast routes
vhost/net: Protect ubufs with rcu read lock in vhostnetubuf_put()
scsi: core: sysfs: Correct sysfs attributes access rights
ftrace: Fix potential warning in traceprintkseq during ftrace_dump
pinctrl: STMFX: add missing HAS_IOMEM dependency
LTS tag: v5.4.297
alloc_fdtable(): change calling conventions.
s390/hypfs: Enable limited access during lockdown
s390/hypfs: Avoid unnecessary ioctl registration in debugfs
ALSA: usb-audio: Use correct sub-type for UAC3 feature unit validation
net/sched: Remove unnecessary WARNING condition for empty child qdisc in htb_activate
net/sched: Make cakeenqueue return NETXMITCN when past bufferlimit
ixgbe: xsk: resolve the negative overflow of budget in ixgbexmitzc
ipv6: sr: validate HMAC algorithm ID in seg6hmacinfo_add
ALSA: usb-audio: Fix size validation in convertchmapv3()
scsi: qla4xxx: Prevent a potential error pointer dereference
usb: xhci: Fix slot_id resource race conflict
nfs: fix UAF in direct writes
NFS: Fix up commit deadlocks
cifs: Fix UAF in cifsdemultiplexthread()
Bluetooth: fix use-after-free in deviceforeach_child()
act_mirred: use the backlog for nested calls to mirred ingress
net/sched: act_mirred: better wording on protection against excessive stack growth
net/sched: act_mirred: refactor the handle of xmit
selftests: forwarding: tc_actions.sh: add matchall mirror test
net: sched: don't expose action qstats to skbtcreinsert()
net: sched: extract qstats update code into functions
net: sched: extract bstats update code into function
net: sched: extract common action counters update code into function
mm: perform the mappingmapwritable() check after call_mmap()
mm: update memfd seal write check to include FSEALWRITE
mm: drop the assumption that VM_SHARED always implies writable
codel: remove sch->q.qlen check before qdisctreereduce_backlog()
schqfq: make qfqqlen_notify() idempotent
schhfsc: make hfscqlen_notify() idempotent
schdrr: make drrqlen_notify() idempotent
btrfs: populate otime when logging an inode item
media: venus: hfi: explicitly release IRQ during teardown
f2fs: fix to avoid out-of-boundary access in dnode page
media: venus: protect against spurious interrupts during probe
media: qcom: camss: cleanup media device allocated resource on error path
media: venus: vdec: Clamp param smaller than 1fps and bigger than 240.
drm/dp: Change AUX DPCD probe address from DPCDREV to LANE01_STATUS
pwm: mediatek: Fix duty and period setting
pwm: mediatek: Handle hardware enable and clock enable separately
pwm: mediatek: Implement .apply() callback
media: rainshadow-cec: fix TOCTOU race condition in rain_interrupt()
media: v4l2-ctrls: Don't reset handler's error in v4l2ctrlhandler_free()
media: v4l2-ctrls: always copy the controls on completion
ata: Fix SATAMOBILELPM_POLICY description in Kconfig
soc: qcom: mdt_loader: Ensure we don't read past the ELF header
rtc: ds1307: handle oscillator stop flag (OSF) for ds1341
usb: musb: omap2430: fix device leak at unbind
NFS: Fix the setting of capabilities when automounting a new filesystem
NFS: Fix up handling of outstanding layoutcommit in nfsupdateinode()
NFSv4: Fix nfs4bitmapcopy_adjust()
usb: typec: fusb302: cache PD RX state
cdc-acm: fix race between initial clearing halt and open
USB: cdc-acm: do not log successful probe on later errors
mm/kmemleak: avoid deadlock by moving prwarn() outside kmemleaklock
mm/kmemleak: turn kmemleaklock and object->lock to rawspinlock_t
ALSA: scarlett2: Add retry on -EPROTO from scarlett2usbtx()
x86/fpu: Delay instruction pointer fixup until after warning
mm/hmm: move pmdtohmmpfnflags() to the respective #ifdeffery
nfsd: handle getclientlocked() failure in nfsd4setclientidconfirm()
pmdomain: governor: Consider CPU latency tolerance from pmdomaincpu_gov
tracing: Add downwrite(traceevent_sem) when adding trace event
usb: hub: Don't try to recover devices lost during warm reset.
usb: hub: avoid warm port reset during USB3 disconnect
x86/mce/amd: Add default names for MCA banks and blocks
iio: hid-sensor-prox: Fix incorrect OFFSET calculation
f2fs: fix to do sanity check on ino and xnid
mm/zsmalloc: do not pass __GFPMOVABLE if CONFIGCOMPACTION=n
mm/zsmalloc.c: convert to use kmemcachezalloc in cachealloczspage()
drm/sched: Remove optimization that causes hang when killing dependent jobs
ice: Fix a null pointer dereference in icecopyandinitpkg()
net: usbnet: Fix the wrong netifcarrieron() call
net: usbnet: Avoid potential RCU stall on LINK_CHANGE event
PCI/ACPI: Fix runtime PM ref imbalance on Hot-Plug Capable ports
ACPI: processor: idle: Check acpifetchacpi_dev() return value
comedi: Fail COMEDIINSNLIST ioctl if ninsns is too large
comedi: Fix initialization of data for instructions that write to subdevice
kbuild: Add KBUILD_CPPFLAGS to as-option invocation
kbuild: add $(CLANGFLAGS) to KBUILDCPPFLAGS
kbuild: Add CLANG_FLAGS to as-instr
mips: Include KBUILD_CPPFLAGS in CHECKFLAGS invocation
kbuild: Update assembler calls to use proper flags and language target
ARM: 9448/1: Use an absolute path to unified.h in KBUILD_AFLAGS
usb: dwc3: Ignore late xferNotReady event to prevent halt timeout
USB: storage: Ignore driver CD mode for Realtek multi-mode Wi-Fi dongles
usb: storage: realtek_cr: Use correct byte order for bcs->Residue
USB: storage: Add unusual-devs entry for Novatek NTK96550-based camera
usb: quirks: Add DELAY_INIT quick for another SanDisk 3.2Gen1 Flash Drive
iio: proximity: isl29501: fix buffered read on big-endian systems
ftrace: Also allocate and copy hash for reading of filter files
fpga: zynqfpga: Fix the wrong usage of dmamap_sgtable()
use uniform permission checks for all mount propagation changes
move_mount: allow to add a mount into an existing group
fs/buffer: fix use-after-free when call bh_read() helper
drm/amd/display: Find first CRTC and its line time in dce110filldisplay_configs
drm/amd/display: Fix fractional fb divider in setpixelclock_v3
memstick: Fix deadlock by moving removing flag earlier
media: venus: Add a check for packet size after reading from shared memory
media: ov2659: Fix memory leaks in ov2659_probe()
media: usbtv: Lock resolution while streaming
media: imx: fix a potential memory leak in imxmediacscscalerdevice_init()
media: gspca: Add bounds checking to firmware parser
soc/tegra: pmc: Ensure power-domains are in a known state
jbd2: prevent softlockup in jbd2logdo_checkpoint()
PCI: endpoint: Fix configfs group removal on driver teardown
PCI: endpoint: Fix configfs group list head handling
mtd: rawnand: fsmc: Add missing check after DMA map
pwm: imx-tpm: Reset counter if CMOD is 0
wifi: brcmsmac: Remove const from tblptr parameter in wlclcnphycommonread_table()
zynq_fpga: use sgtable-based scatterlist wrappers
ata: libata-scsi: Fix atatosense_error() status handling
ext4: fix reserved gdt blocks handling in fsmap
ext4: fix fsmap end of range reporting with bigalloc
ext4: check fast symlink for ea_inode correctly
vt: defkeymap: Map keycodes above 127 to K_HOLE
vt: keyboard: Don't process Unicode characters in K_OFF mode
usb: dwc3: meson-g12a: fix device leaks at unbind
usb: gadget: udc: renesas_usb3: fix device leak at unbind
usb: atm: cxacru: Merge cxacruuploadfirmware() into cxacruheavyinit()
m68k: Fix lost column on framebuffer debug console
cpufreq: armada-8k: Fix off by one in armada8kcpufreqfreetable()
serial: 8250: fix panic due to PSLVERR
media: uvcvideo: Do not mark valid metadata as invalid
media: uvcvideo: Fix 1-byte out-of-bounds read in uvcparseformat()
mm/kmemleak: avoid soft lockup in __kmemleakdocleanup()
parisc: Makefile: fix a typo in palo.conf
btrfs: fix log tree replay failure due to file with 0 links and extents
thunderbolt: Fix copy+paste error in matchserviceid()
comedi: fix race between polling and detaching
misc: rtsx: usb: Ensure mmc child device is active when card is present
drm/amdgpu: fix incorrect vm flags to map bo
scsi: lpfc: Remove redundant assignment to avoid memory leak
rtc: ds1307: remove clear of oscillator stop flag (OSF) in probe
pNFS: Fix uninited ptr deref in block/scsi layout
pNFS: Handle RPC size limit for layoutcommits
pNFS: Fix disk addr range check in block/scsi layout
pNFS: Fix stripe mapping in block/scsi layout
net: phy: smsc: add proper reset flags for LAN8710A
ipmi: Fix strcpy source and destination the same
kconfig: lxdialog: fix 'space' to (de)select options
kconfig: gconf: fix potential memory leak in renderer_edited()
kconfig: gconf: avoid hardcoding model2 in ontreeview2cursor_changed()
ipmi: Use devwarnratelimited() for incorrect message warnings
scsi: aacraid: Stop using PCIIRQAFFINITY
scsi: Fix sasuserscan() to handle wildcard and multi-channel scans
kconfig: nconf: Ensure null termination where strncpy is used
kconfig: lxdialog: replace strcpy() with strncpy() in inputbox.c
i3c: don't fail if GETHDRCAP is unsupported
PCI: pnv_php: Work around switches with broken presence detection
i3c: add missing include to internal header
media: uvcvideo: Fix bandwidth issue for Alcor camera
media: dvb-frontends: w7090p: fix null-ptr-deref in w7090ptunerwriteserpar and w7090ptunerreadserpar
media: dvb-frontends: dib7090p: fix null-ptr-deref in dib7090prwon_apb()
media: usb: hdpvr: disable zero-length read messages
media: tc358743: Increase FIFO trigger level to 374
media: tc358743: Return an appropriate colorspace from tc358743setfmt
media: tc358743: Check I2C succeeded during probe
pinctrl: stm32: Manage irq affinity settings
scsi: mpt3sas: Correctly handle ATA device errors
scsi: lpfc: Check for hdwq null ptr when cleaning up lpfc_vport structure
RDMA: hfi1: fix possible divide-by-zero in findhwthread_mask()
MIPS: Don't crash in stack_top() for tasks without ABI or vDSO
jfs: upper bound check of tree index in dbAllocAG
jfs: Regular file corruption check
jfs: truncate good inode pages when hard link is 0
scsi: bfa: Double-free fix
MIPS: vpe-mt: add missing prototypes for vpe_{alloc,start,stop,free}
watchdog: dw_wdt: Fix default timeout
fs/orangefs: use snprintf() instead of sprintf()
scsi: libiscsi: Initialize iscsiconn->dddata only if memory is allocated
ext4: do not BUG when INLINEDATAFL lacks system.data xattr
cifs: Fix calling CIFSFindFirst() for root path without msearch
vhost: fail early when __vhostaddused() fails
net: dsa: b53: fix IPMULTICASTCTRL on BCM5325
uapi: in6: restore visibility of most IPv6 socket options
net: ncsi: Fix buffer overflow in fetching version id
net: dsa: b53: prevent SWITCH_CTRL access on BCM5325
net: dsa: b53: fix b53impvlan_setup for BCM5325
net: vlan: Replace BUG() with WARNONONCE() in vlandev* stubs
wifi: iwlegacy: Check rate_idx range after addition
netmem: fix skbfragaddress_safe with unreadable skbs
wifi: rtlwifi: fix possible skb memory leak in _rtl_pci_rx_interrupt().
wifi: iwlwifi: fw: Fix possible memory leak in iwlfwdbg_collect
wifi: iwlwifi: dvm: fix potential overflow in rsfilllink_cmd()
net: fec: allow disable coalescing
(powerpc/512) Fix possible dma_unmap_single() on uninitialized pointer
s390/stp: Remove udelay from stpsyncclock()
wifi: iwlwifi: mvm: fix scan request validation
net: thunderx: Fix format-truncation warning in bgxacpimatch_id()
net: ipv4: fix incorrect MTU in broadcast routes
wifi: cfg80211: Fix interface type validation
rcu: Protect ->deferqsiw_pending from data race
net: ag71xx: Add missing check after DMA map
et131x: Add missing check after DMA map
be2net: Use correct byte order and format string for TCP seq and ack_seq
s390/time: Use monotonic clock in get_cycles()
wifi: cfg80211: reject HTC bit for management frames
ktest.pl: Prevent recursion of default variable options
ASoC: codecs: rt5640: Retry DEVICE_ID verification
ALSA: usb-audio: Avoid precedence issues in mixer_quirks macros
ALSA: hda/ca0132: Fix buffer overflow in addtuningcontrol
platform/x86: thinkpad_acpi: Handle KCOV __init vs inline mismatches
pm: cpupower: Fix the snapshot-order of tsc,mperf, clock in mperf_stop()
usb: core: usbsubmiturb: downgrade type check
ALSA: intel8x0: Fix incorrect codec index usage in mixer for ICH4
ASoC: hdac_hdmi: Rate limit logging on connection and disconnection
mmc: rtsxusbsdmmc: Fix error-path in sdsetpower_mode()
ACPI: APEI: GHES: add TAINTMACHINECHECK on GHES panic path
ACPI: processor: fix acpi_object initialization
PM: sleep: console: Fix the black screen issue
thermal: sysfs: Return ENODATA instead of EAGAIN for reads
PM: runtime: Clear power.needsforceresume in pmruntimereinit()
selftests: tracing: Use mutex_unlock for testing glob filter
ARM: tegra: Use I/O memcpy to write to IRAM
gpio: tps65912: check the return value of regmapupdatebits()
ASoC: soc-dapm: set biaslevel if sndsocdapmsetbiaslevel() was successed
ARM: rockchip: fix kernel hang during smp initialization
cpufreq: Exit governor when failed to start old governor
usb: xhci: Avoid showing errors during surprise removal
usb: xhci: Set avgtrblen = 8 for EP0 during Address Device Command
usb: xhci: Avoid showing warnings for dying controller
selftests/futex: Define SYSfutex on 32-bit architectures with 64-bit timet
usb: xhci: print xhci->xhcstate when queuecommand failed
securityfs: don't pin dentries twice, once is enough...
hfs: fix not erasing deleted b-tree node issue
drbd: add missing krefget in handlewrite_conflicts
udf: Verify partition map count
arm64: Handle KCOV __init vs inline mismatches
hfsplus: don't use BUGON() in hfspluscreateattributesfile()
hfsplus: fix slab-out-of-bounds read in hfsplus_uni2asc()
hfsplus: fix slab-out-of-bounds in hfsplusbnoderead()
hfs: fix slab-out-of-bounds in hfsbnoderead()
sctp: linearize cloned gso packets in sctp_rcv
netfilter: ctnetlink: fix refcount leak on table dump
udp: also consider secpath when evaluating ipsec use for checksumming
ACPI: processor: perflib: Move problematic pr->performance check
ACPI: processor: perflib: Fix initial _PPC limit application
Documentation: ACPI: Fix parent device references
fs: Prevent file descriptor table allocations exceeding INT_MAX
sunvdc: Balance device refcount in vdcportmpgroup_check
NFSD: detect mismatch of file handle and delegation stateid in OPEN op
net: dpaa: fix device leak when querying time stamp info
net: gianfar: fix device leak when querying time stamp info
netlink: avoid infinite retry looping in netlink_unicast()
ALSA: usb-audio: Validate UAC3 cluster segment descriptors
ALSA: usb-audio: Validate UAC3 power domain descriptors, too
io_uring: don't use int for ABI
usb: gadget : fix use-after-free in compositedevcleanup()
MIPS: mm: tlb-r4k: Uniquify TLB entries on init
USB: serial: option: add Foxconn T99W709
vsock: Do not allow binding to VMADDRPORTANY
net/packet: fix a race in packetsetring() and packet_notifier()
perf/core: Prevent VMA split of buffer mappings
perf/core: Exit early on perf_mmap() fail
perf/core: Don't leak AUX buffer refcount on allocation failure
pptp: fix pptp_xmit() error path
smb: client: let recv_done() cleanup before notifying the callers.
benet: fix BUG when creating VFs
net: drop UFO packets in udprcvsegment()
ipv6: reject malicious packets in ipv6gsosegment()
pptp: ensure minimal skb length in pptp_xmit()
netpoll: prevent hanging NAPI when netcons gets enabled
NFS: Fix filehandle bounds checking in nfsfhto_dentry()
pci/hotplug/pnv-php: Wrap warnings in macro
pci/hotplug/pnv-php: Improve error msg on power state change failure
usb: chipidea: udc: fix sleeping function called from invalid context
f2fs: fix to avoid out-of-boundary access in devs.path
f2fs: fix to avoid panic in f2fsevictinode
f2fs: fix to avoid UAF in f2fssyncinode_meta()
rtc: pcf8563: fix incorrect maximum clock rate handling
rtc: hym8563: fix incorrect maximum clock rate handling
rtc: ds1307: fix incorrect maximum clock rate handling
module: Restore the moduleparam prefix length check
bpf: Check flow_dissector ctx accesses are aligned
mtd: rawnand: atmel: set pmecc data setup time
mtd: rawnand: atmel: Fix dmamappingerror() address
jfs: fix metapage reference count leak in dbAllocCtl
fbdev: imxfb: Check fbaddvideomode to prevent null-ptr-deref
crypto: qat - fix seqfile position update in adfring_next()
dmaengine: nbpfaxi: Add missing check after DMA map
dmaengine: mv_xor: Fix missing check after DMA map and missing unmap
fs/orangefs: Allow 2 more characters in docstring()
soundwire: stream: restore params when prepare ports fail
crypto: img-hash - Fix dmaunmapsg() nents value
hwrng: mtk - handle devmpmruntime_enable errors
watchdog: ziiravewdt: check record length in ziiravefirm_verify()
scsi: isci: Fix dmaunmapsg() nents value
scsi: mvsas: Fix dmaunmapsg() nents value
scsi: ibmvscsitgt: Fix dmaunmap_sg() nents value
clk: sunxi-ng: v3s: Fix de clock definition
perf tests bp_account: Fix leaked file descriptor
crypto: ccp - Fix crash when rebind ccp device for ccp.ko
pinctrl: sunxi: Fix memory leak on krealloc failure
power: supply: max14577: Handle NULL pdata when CONFIG_OF is not set
clk: davinci: Add NULL check in davincilpscclk_register()
mtd: fix possible integer overflow in erase_xfer()
crypto: marvell/cesa - Fix engine load inaccuracy
PCI: rockchip-host: Fix "Unexpected Completion" log message
vrf: Drop existing dst reference in vrfip6input_dst
selftests: rtnetlink.sh: remove esp4_offload after test
netfilter: xt_nfacct: don't assume acct name is null-terminated
can: kvaserusb: Assign netdev.devport based on device channel index
can: kvaser_pciefd: Store device channel index
wifi: brcmfmac: fix P2P discovery failure in P2P peer due to missing P2P IE
Reapply "wifi: mac80211: Update skb's control block key in ieee80211txdequeue()"
mwl8k: Add missing check after DMA map
wifi: rtl8xxxu: Fix RX skb size for aggregation disabled
net/sched: Restrict conditions for adding duplicating netems to qdisc tree
arch: powerpc: defconfig: Drop obsolete CONFIGNETCLS_TCINDEX
drm/amd/pm/powerplay/hwmgr/smu_helper: fix order of mask and value
m68k: Don't unregister boot console needlessly
tcp: fix tcpofoqueue() to avoid including too much DUP SACK range
iwlwifi: Add missing check for allocorderedworkqueue
wifi: iwlwifi: Fix memory leak in iwlmvminit()
wifi: rtl818x: Kill URBs before clearing tx status queue
caif: reduce stack size, again
bpftool: Fix memory leak in dumpxxnlmsg on realloc failure
bpf, ktls: Fix data corruption when using bpfmsgpop_data() in ktls
staging: nvec: Fix incorrect null termination of battery manufacturer
samples: mei: Fix building on musl libc
cpufreq: Init policy->rwsem before it may be possibly used
ARM: dts: imx6ul-kontron-bl-common: Fix RTS polarity for RS485 interface
usb: early: xhci-dbc: Fix early_ioremap leak
Revert "vmci: Prevent the dispatching of uninitialized payloads"
pps: fix poll support
vmci: Prevent the dispatching of uninitialized payloads
staging: fbtft: fix potential memory leak in fbtftframebufferalloc()
ARM: dts: vfxxx: Correctly use two tuples for timer address
hfsplus: remove mutexlock check in hfsplusfree_extents
ASoC: Intel: fix SNDSOCSOF dependencies
ethernet: intel: fix building with large NR_CPUS
usb: phy: mxs: disconnect line when USB charger is attached
usb: chipidea: add USB PHY event
usb: chipidea: introduce CIHDRCCONTROLLERVBUSEVENT glue layer use
usb: chipidea: udc: protect usb interrupt enable
usb: chipidea: udc: add new API cihdrcgadget_connect
ALSA: hda: Add missing NVIDIA HDA codec IDs
comedi: comedi_test: Fix possible deletion of uninitialized timers
nilfs2: reject invalid file types when reading inodes
i2c: qup: jump out of the loop in case of timeout
net/sched: schqfq: Avoid triggering mightsleep in atomic context in qfqdeleteclass
net: appletalk: Fix use-after-free in AARP proxy probe
net: appletalk: fix kerneldoc warnings
RDMA/core: Rate limit GID cache warning messages
regulator: core: fix NULL dereference on unbind due to stale coupling data
usb: hub: Fix flushing and scheduling of delayed work that tunes runtime pm
usb: hub: fix detection of high tier USB3 devices behind suspended hubs
netsched: schsfq: reject invalid perturb period
power: supply: bq24190: Fix use after free bug in bq24190_remove due to race condition
power: supply: bq24190charger: using pmruntimeresumeandget instead of pmruntimegetsync
power: supply: bq24190_charger: Fix runtime PM imbalance on error
xhci: Disable stream for xHC controller with XHCIBROKENSTREAMS
virtio-net: ensure the received length does not exceed allocated size
ASoC: fsl_sai: Force a software reset when starting in consumer mode
usb: dwc3: qcom: Don't leave BCR asserted
usb: musb: fix gadget state on disconnect
net/sched: Return NULL when htblookupleaf encounters an empty rbtree
net: vlan: fix VLAN 0 refcount imbalance of toggling filtering during runtime
Bluetooth: L2CAP: Fix attempting to adjust outgoing MTU
Bluetooth: SMP: Fix using HCIERRORREMOTEUSERTERM on timeout
Bluetooth: SMP: If an unallowed command is received consider it a failure
Bluetooth: Fix null-ptr-deref in l2capsockresume_cb()
usb: net: sierra: check for no status endpoint
net/sched: schqfq: Fix race condition on qfqaggregate
net: emaclite: Fix missing pointer increment in aligned_read()
comedi: Fix use of uninitialized data in insnrwemulate_bits()
comedi: Fix some signed shift left operations
comedi: das6402: Fix bit shift out of bounds
comedi: das16m1: Fix bit shift out of bounds
comedi: aioiiro16: Fix bit shift out of bounds
comedi: pcl812: Fix bit shift out of bounds
iio: adc: stm32-adc: Fix race in installing chained IRQ handler
iio: adc: max1363: Reorder mode_list[] entries
iio: adc: max1363: Fix MAX13634XCHANS/MAX13638XCHANS[]
soc: aspeed: lpc-snoop: Don't disable channels that aren't enabled
soc: aspeed: lpc-snoop: Cleanup resources in stack-order
mmc: sdhci_am654: Workaround for Errata i2312
mmc: sdhci-pci: Quirk for broken command queuing on Intel GLK-based Positivo models
mmc: bcm2835: Fix dmaunmapsg() nents value
memstick: core: Zero initialize idreg in hmemstickreaddev_id()
isofs: Verify inode mode when loading from disk
dmaengine: nbpfaxi: Fix memory corruption in probe()
afpacket: fix soft lockup issue caused by tpacketsnd()
afpacket: fix the SOSNDTIMEO constraint not effective on tpacked_snd()
phonet/pep: Move call to pnskbgetdstsockaddr() earlier in pepsockaccept()
HID: core: do not bypass hidhwraw_request
HID: core: ensure _hidrequest reserves the report ID as the first byte
HID: core: ensure the allocated report buffer can contain the reserved report ID
pchuart: Fix dmasyncsgfor_device() nents value
Input: xpad - set correct controller type for Acer NGR200
i2c: stm32: fix the device used for the DMA map
usb: gadget: configfs: Fix OOB read on empty string write
USB: serial: ftdi_sio: add support for NDI EMGUIDE GEMINI
USB: serial: option: add Foxconn T99W640
USB: serial: option: add Telit Cinterion FE910C04 (ECM) composition
LTS tag: v5.4.296
x86/mm: Disable hugetlb page table sharing on 32-bit
Input: atkbd - do not skip atkbddeactivate() when skipping ATKBDCMD_GETID
HID: quirks: Add quirk for 2 Chicony Electronics HP 5MP Cameras
HID: Add IGNORE quirk for SMARTLINKTECHNOLOGY
vt: add missing notification when switching back to text mode
net: usb: qmi_wwan: add SIMCom 8230C composition
atm: idt77252: Add missing dma_map_error()
bnxten: Set DMA unmap len correctly for XDPREDIRECT
bnxt_en: Fix DCB ETS validation
can: mcan: mcanhandlelost_msg(): downgrade msg lost in rx message to debug level
net: phy: microchip: limit 100M workaround to link-down events on LAN88xx
net: appletalk: Fix device refcount leak in atrtr_create()
md/raid1: Fix stack memory use after return in raid1_reshape
wifi: zd1211rw: Fix potential NULL pointer dereference in zdmactxtodev()
dma-buf: fix timeout handling in dmaresvwait_timeout v2
Input: xpad - support Acer NGR 200 Controller
Input: xpad - add VID for Turtle Beach controllers
Input: xpad - add support for Amazon Game Controller
NFSv4/flexfiles: Fix handling of NFS level errors in I/O
flexfiles/pNFS: update stats on NFS4ERR_DELAY for v4.1 DSes
RDMA/mlx5: Fix vport loopback for MPV device
netlink: Fix rmem check in netlinkbroadcastdeliver().
netlink: make sure we allow at least one dump skb
Revert "ACPI: battery: negate current when discharging"
usb: gadget: u_serial: Fix race condition in TTY wakeup
drm/sched: Increment job count before swapping tail spsc queue
pinctrl: qcom: msm: mark certain pins as invalid for interrupts
x86/mce: Make sure CMCI banks are cleared during shutdown on Intel
x86/mce: Don't remove sysfs if thresholding sysfs init fails
x86/mce/amd: Fix threshold limit reset
rxrpc: Fix oops due to non-existence of prealloc backlog struct
net/sched: Abort __tcmodifyqdisc if parent class does not exist
atm: clip: Fix NULL pointer dereference in vcc_sendmsg()
atm: clip: Fix infinite recursive call of clip_push().
atm: clip: Fix memory leak of struct clip_vcc.
atm: clip: Fix potential null-ptr-deref in to_atmarpd().
tipc: Fix use-after-free in tipcconnclose().
netlink: Fix wraparounds of sk->skrmemalloc.
fix procsyscompare() handling of in-lookup dentries
proc: Clear the pieces of procinode that procevict_inode cares about
drm/exynos: exynos7drmdecon: add vblank check in IRQ handling
staging: rtl8723bs: Avoid memset() in aescipher() and aesdecipher()
media: uvcvideo: Rollback non processed entities on error
media: uvcvideo: Send control events for partial succeeds
media: uvcvideo: Return the number of processed controls
ACPI: PAD: fix crash in exitroundrobin()
usb: typec: displayport: Fix potential deadlock
Logitech C-270 even more broken
rose: fix dangling neighbour pointers in rosertdevice_down()
net: rose: Fix fall-through warnings for Clang
drm/i915/gt: Fix timeline left held on VMA alloc error
drm/i915/selftests: Change mock_request() to return error pointers
spi: spi-fsl-dspi: Clear completion counter before initiating transfer
spi: spi-fsl-dspi: Fix interrupt-less DMA mode taking an XSPI code path
spi: spi-fsl-dspi: Rename fifo_{read,write} and {tx,cmd}fifowrite
dpaa2-eth: fix xdprxqinfo leak
ethernet: atl1: Add missing DMA mapping error checks and count errors
btrfs: use btrfsrecordsnapshot_destroy() during rmdir
btrfs: propagate lastunlinktrans earlier when doing a rmdir
RDMA/mlx5: Fix CC counters query for MPV
RDMA/core: Create and destroy counters in the ib_core
scsi: ufs: core: Fix spelling of a sysfs attribute name
drm/v3d: Disable interrupts before resetting the GPU
mtk-sd: reset host->mrq on prepare_data() error
mtk-sd: Prevent memory corruption from DMA map failure
mmc: mediatek: use data instead of mrq parameter from msdc_{un}prepare_data()
regulator: gpio: Fix the out-of-bounds access to drvdata::gpiods
regulator: gpio: Add inputsupply support in gpioregulator_config
ACPICA: Refuse to evaluate a method if arguments are missing
wifi: ath6kl: remove WARN on bad firmware input
wifi: mac80211: drop invalid source address OCB frames
powerpc: Fix struct termio related ioctl macros
ata: pata_cs5536: fix build on 32-bit UML
ALSA: sb: Force to disable DMAs once when DMA mode is changed
nui: Fix dmamappingerror() check
enic: fix incorrect MTU comparison in enicchangemtu()
amd-xgbe: align CL37 AN sequence as per databook
lib: testobjagg: Set error message in checkexpecthintsstats()
drm/exynos: fimd: Guard display clock control with runtime PM calls
btrfs: fix missing error handling when searching for inode refs during log replay
scsi: qla4xxx: Fix missing DMA mapping error in qla4xxxallocpdu()
nfs: Clean up /proc/net/rpc/nfs when nfsfsprocnetinit() fails.
RDMA/mlx5: Initialize objevent->objsublist before xainsert
platform/mellanox: mlxbf-tmfifo: fix vring_desc.len assignment
mtk-sd: Fix a pagefault in dmaunmapsg() for not prepared data
usb: typec: altmodes/displayport: do not index invalid pin_assignments
mmc: sdhci: Add a helper function for dump register in dynamic debug mode
vsock/vmci: Clear the vmci transport packet properly when initializing it
btrfs: don't abort filesystem when attempting to snapshot deleted subvolume
arm64: Restrict pagetable teardown to avoid false warning
s390: Add '-std=gnu11' to decompressor and purgatory CFLAGS
drm/bridge: cdns-dsi: Check return value when getting default PHY config
drm/bridge: cdns-dsi: Fix connecting to next bridge
drm/bridge: cdns-dsi: Fix the clock variable for mode_valid()
drm/tegra: Assign plane type before registration
HID: wacom: fix kobject reference count leak
HID: wacom: fix memory leak on sysfs attribute creation failure
HID: wacom: fix memory leak on kobject creation failure
dm-raid: fix variable in journal device check
Bluetooth: L2CAP: Fix L2CAP MTU negotiation
atm: Release atmdevmutex after removing procfs in atmdevderegister().
net: enetc: Correct endianness handling in enetcrd_reg64
um: ubd: Add missing error check in startiothread()
vsock/uapi: fix linux/vm_sockets.h userspace compilation errors
wifi: mac80211: fix beacon interval calculation overflow
attachrecursivemnt(): do not lock the covering tree when sliding something under it
ALSA: usb-audio: Fix out-of-bounds read in sndusbgetaudioformatuac3()
i2c: robotfuzz-osif: disable zero-length read messages
i2c: tiny-usb: disable zero-length read messages
RDMA/iwcm: Fix use-after-free of work objects after cm_id destruction
RDMA/core: Use refcountt instead of atomict on refcount of iwcmidprivate
media: vivid: Change the siize of the composing
media: omap3isp: use sgtable-based scatterlist wrappers
media: cxusb: no longer judge rbuf when the write fails
media: cxusb: use dev_dbg() rather than hand-rolled debug
jfs: validate AG parameters in dbMount() to prevent crashes
fs/jfs: consolidate sanity checking in dbMount
ASoC: meson: meson-card-utils: use ofpropertypresent() for DT parsing
of: Add ofpropertypresent() helper
of: property: define ofpropertyread_u{8,16,32,64}_array() unconditionally
kbuild: hdrcheck: fix cross build with clang
kbuild: add --target to correctly cross-compile UAPI headers with Clang
bpfilter: match bit size of bpfilter_umh to that of the kernel
kbuild: use -MMD instead of -MD to exclude system headers from dependency
VMCI: fix race between vmcihostsetupnotify and vmcictxunsetnotify
VMCI: check context->notifypage after call to getuserpagesfast() to avoid GPF
ovl: Check for NULL dinode() in ovldentry_upper()
ceph: fix possible integer overflow in cephzeroobjects()
ALSA: hda: Ignore unsol events for cards being shut down
usb: typec: displayport: Receive DP Status Update NAK request exit dp altmode
usb: cdc-wdm: avoid setting WDM_READ for ZLP-s
usb: Add checks for snprintf() calls in usballocdev()
tty: serial: uartlite: register uart driver in init
usb: potential integer overflow in usbgmaketpg()
iio: pressure: zpa2326: Use aligned_s64 for the timestamp
md/md-bitmap: fix dm-raid maxwritebehind setting
dmaengine: xilinxdma: Set dmadevice directions
mfd: max14577: Fix wakeup source leaks on device unbind
mailbox: Not protect moduleput with spinlock_irqsave
cifs: Fix cifsquerypath_info() for Windows NT servers

References

https://errata.tuxcare.com/els_os/oraclelinux7els/CLSA-2025-1764085382.html

CLSA-2025-1764085382

Affected packages