- octeontx2-pf: handle otx2_mbox_get_rsp errors in cn10k.c {CVE-2024-56726} - octeontx2-pf: handle otx2_mbox_get_rsp errors in otx2_common.c {CVE-2024-56679} - USB: chipidea: fix memory leak with using debugfs_lookup() {CVE-2023-53334} - drivers: serial: jsm: fix some leaks in probe {CVE-2022-50312} - drm: amd: display: Fix memory leakage {CVE-2023-53605} - netfilter: ctnetlink: zero expect NAT fields when CTA_EXPECT_NAT absent {CVE-2026-43026} - net: Drop the lock in skb_may_tx_timestamp() {CVE-2026-43216} - nouveau/dpcd: return EBUSY for aux xfer if the device is asleep {CVE-2026-43381} - ext4: avoid allocate block from corrupted group in ext4_mb_find_by_goal() {CVE-2026-43068} - net: mdio: unexport __init-annotated mdio_bus_init() {CVE-2022-49350} - netfilter: ipset: Rework long task execution when adding/deleting entries {CVE-2023-53549} - ALSA: hda: fix a possible null-pointer dereference due to data race in snd_hdac_regmap_sync() {CVE-2023-53275} - thermal: intel_powerclamp: Use get_cpu() instead of smp_processor_id() to avoid crash {CVE-2022-50494} - can: ems_usb: ems_usb_read_bulk_callback(): check the proper length of a message {CVE-2026-23307} - usb: image: mdc800: kill download URB on timeout {CVE-2026-43425} - tipc: fix divide-by-zero in tipc_sk_filter_connect() {CVE-2026-43411} - cgroup/cpuset: Fix wrong check in update_parent_subparts_cpumask() {CVE-2023-52942} - net/usb: kalmia: Don't pass act_len in usb_bulk_msg error path {CVE-2023-52703} - usb: typec: tcpci: fix of node refcount leak in tcpci_register_port() {CVE-2022-50246} - bus: mhi: host: Range check CHDBOFF and ERDBOFF {CVE-2023-53598} - hwmon: (coretemp) Simplify platform device handling {CVE-2023-53612} - scsi: mpi3mr: Avoid memcpy field-spanning write WARNING {CVE-2024-36920} - dm crypt: add cond_resched() to dmcrypt_write() {CVE-2023-53051} - xfrm: account XFRMA_IF_ID in aevent size calculation {CVE-2026-43107} - wifi: cfg80211: handle 2x996 RU allocation in cfg80211_calculate_bitrate_he() {CVE-2024-43879} - RDMA/cxgb4: Fix potential null-ptr-deref in pass_establish() {CVE-2023-53335} - regulator: check that dummy regulator has been probed before using it {CVE-2025-22008} - HID: prodikeys: Check presence of pm->input_ep82 {CVE-2026-43251} - perf/smmuv3: Fix hotplug callback leak in arm_smmu_pmu_init() {CVE-2022-50510} - wifi: ath11k: fix dfs radar event locking {CVE-2023-52798} - trace/blktrace: fix memory leak with using debugfs_lookup() {CVE-2023-53408} - dm-verity: correctly handle dm_bufio_client_create() failure {CVE-2026-43132} - pstore: ram_core: fix incorrect success return when vmap() fails {CVE-2026-43124} - crypto: af-alg - fix NULL pointer dereference in scatterwalk {CVE-2026-43043} - net: use skb_header_pointer() for TCPv4 GSO frag_off check {CVE-2026-43036} - scsi: mpi3mr: Fix config page DMA memory leak {CVE-2023-53120} - net/mlx5: handle errors in mlx5_chains_create_table() {CVE-2025-21975} - net/mlx5: DR, fix memory leak in mlx5dr_cmd_create_reformat_ctx {CVE-2023-53546} - drm/amdgpu: handle amdgpu_cgs_create_device() errors in amd_powerplay_create() {CVE-2025-37852} - bpf: Prevent decl_tag from being referenced in func_proto arg {CVE-2022-50883} - arm64: set __exception_irq_entry with __irq_entry as a default {CVE-2023-54322} - class: fix possible memory leak in __class_register() {CVE-2022-50578} - ALSA: usb-audio: Stop parsing channels bits when all channels are found. {CVE-2024-27436} - net/mlx5: fix potential memory leak in mlx5e_init_rep_rx {CVE-2023-54106} - net/mlx5: E-Switch, Fix an Oops in error handling code {CVE-2023-53058} - scsi: scsi_dh_alua: Fix memleak for 'qdata' in alua_activate() {CVE-2023-53078} - ice: xsk: disable txq irq before flushing hw {CVE-2023-53102} - selinux: fix memleak in security_read_state_kernel() {CVE-2022-50201} - efi: runtime: Fix potential overflow of soft-reserved region size {CVE-2024-26843} - drm/amdgpu: Fix potential null pointer derefernce {CVE-2023-52814} - ata: libata-core: Fix null pointer dereference on error {CVE-2024-41098} - atm: lec: fix null-ptr-deref in lec_arp_clear_vccs {CVE-2026-23286} - ipv6: fix NULL pointer deref in ip6_rt_get_dev_rcu() {CVE-2026-23304} - drm/amd/display: Fix system hang while resume with TBT monitor {CVE-2024-50003} - netfilter: nfnetlink_log: initialize nfgenmsg in NLMSG_DONE terminator {CVE-2026-43085} - KVM: SEV: Drop WARN on large size for KVM_MEMORY_ENCRYPT_REG_REGION {CVE-2026-31590} - l2tp: Drop large packets with UDP encap {CVE-2026-43080} - tun: limit printing rate when illegal packet received by tun dev {CVE-2024-27013} - xfrm: always flush state and policy upon NETDEV_UNREGISTER event {CVE-2026-43167} - KVM: nSVM: Remove a user-triggerable WARN on nested_svm_load_cr3() succeeding {CVE-2026-43315} - xenbus: Use kref to track req lifetime {CVE-2025-37949} - wifi: prevent A-MSDU attacks in mesh networks {CVE-2025-38512} - KVM: x86: Acquire kvm->srcu when handling KVM_SET_VCPU_EVENTS {CVE-2024-46830} - scsi: smartpqi: Fix disable_managed_interrupts {CVE-2024-26742} - IB/mlx5: Fix init stage error handling to avoid double free of same QP and UAF {CVE-2023-52851} - vhost-vdpa: fix use after free in vhost_vdpa_probe() {CVE-2023-52795} - ndisc: ndisc_send_redirect() cleanup - ndisc: ndisc_send_redirect() must use dev_get_by_index_rcu() - ipv4: use RCU protection in ip_dst_mtu_maybe_forward() - ipv6: icmp: convert to dev_net_rcu() - ipv4: icmp: convert to dev_net_rcu() - ipv4: use RCU protection in __ip_rt_update_pmtu() {CVE-2025-21766} - ipv6: use RCU protection in ip6_default_advmss() {CVE-2025-21765} - fix: ndisc: use RCU protection in ndisc_alloc_skb() {CVE-2025-21764} - neighbour: use RCU protection in __neigh_notify() {CVE-2025-21763} - arp: use RCU protection in arp_xmit() {CVE-2025-21762} - openvswitch: use RCU protection in ovs_vport_cmd_fill_info() {CVE-2025-21761} - ndisc: extend RCU protection in ndisc_send_skb() {CVE-2025-21760} - ipv6: mcast: extend RCU protection in igmp6_send() {CVE-2025-21759} - ipv6: mcast: add RCU protection to mld_newpack() {CVE-2025-21758} - ipv4: use RCU protection in rt_is_expired() - ipv4: use RCU protection in inet_select_addr() - ipv4: add RCU protection to ip4_dst_hoplimit() - flow_dissector: use RCU protection to fetch dev_net() - net: add dev_net_rcu() helper - net: treat possible_net_t net pointer as an RCU one and add read_pnet_rcu() - scsi: iscsi_tcp: Fix UAF during login when accessing the shost ipaddress {CVE-2023-52974} - RDMA/iwcm: Fix WARNING:at_kernel/workqueue.c:#check_flush_dependency {CVE-2024-47696} - perf/x86/amd/core: Always clear status for idx {CVE-2023-53073} - tcp_bpf: fix return value of tcp_bpf_sendmsg() {CVE-2024-46783} - RDMA/umem: Fix double dma_buf_unpin in failure path {CVE-2026-43128} - netfilter: nft_set_pipapo: fix stack out-of-bounds read in pipapo_drop() {CVE-2026-43453} - drm/ttm: Fix a NULL pointer dereference {CVE-2023-53095} - net: sched: cls_api: fix tc_chain_fill_node to initialize tcm_info to zero to prevent an info-leak {CVE-2026-43035} - fbcon: check return value of con2fb_acquire_newinfo() {CVE-2026-43123} - ipv4: prevent potential spectre v1 gadget in fib_metrics_match() {CVE-2023-52996} - perf/x86/intel/uncore: Skip discovery table for offline dies {CVE-2026-43079} - mm/page_alloc: clear page->private in free_pages_prepare() {CVE-2026-43303} - Bluetooth: SCO: Fix use-after-free in sco_recv_frame() due to missing sock_hold {CVE-2026-31408} - netfilter: nf_tables: fix inverted genmask check in nft_map_catchall_activate() {CVE-2026-23111} - netfilter: nf_tables: restore set elements when delete set fails {CVE-2024-27012} - drm/amdkfd: Correct the migration DMA map direction {CVE-2024-57897}