- fix: "vsock: Ignore signal/timeout on connect() if already established {CVE-2025-40248}" - gfs2: Fix possible data races in gfs2_show_options() {CVE-2023-53622} - ALSA: 6fire: fix use-after-free on disconnect {CVE-2026-31581} - nfnetlink_osf: validate individual option lengths in fingerprints {CVE-2026-23397} - netfilter: nfnetlink_osf: avoid OOB read {CVE-2026-23397} - Squashfs: check metadata block offset is within range {CVE-2026-23388} - scsi: target: iscsi: Fix use-after-free in iscsit_dec_conn_usage_count() {CVE-2026-23216} - can: usb_8dev: usb_8dev_read_bulk_callback(): fix URB memory leak {CVE-2026-23108} - net/sched: qfq: Use cl_is_active to determine whether class is active in qfq_rm_from_ag {CVE-2026-23105} - ALSA: ctxfi: Fix potential OOB access in audio mixer handling {CVE-2026-23076} - net: usb: pegasus: fix memory leak in update_eth_regs_async() {CVE-2026-23021} - ipv4: ip_gre: make ipgre_header() robust {CVE-2026-23011} - libceph: make decode_pool() more resilient against corrupted osdmaps {CVE-2025-71116} - via_wdt: fix critical boot hang due to unnamed resource allocation {CVE-2025-71114} - hwmon: (w83791d) Convert macros to functions to avoid TOCTOU {CVE-2025-71111} - Bluetooth: btusb: revert use of devm_kzalloc in btusb {CVE-2025-71082} - Revert "fbdev: bitblit: bound-check glyph index in bit_putcs* {CVE-2025-40322}" - driver core: fix potential null-ptr-deref in device_add() {CVE-2023-54321} - btrfs: output extra debug info if we failed to find an inline backref {CVE-2023-53672} - ring-buffer: Fix deadloop issue on reading trace_pipe {CVE-2023-53668} - netfilter: conntrack: Avoid nf_ct_helper_hash uses after free {CVE-2023-53619} - ring-buffer: Sync IRQ works before buffer destruction {CVE-2023-53587} - net: usbnet: Fix WARNING in usbnet_start_xmit/usb_submit_urb {CVE-2023-53548} - udf: Do not bother merging very long extents {CVE-2023-53506} - lib: cpu_rmap: Fix potential use-after-free in irq_cpu_rmap_release(CVE-2023-53484) - lib: cpu_rmap: Avoid use after free on rmap->obj array entries {CVE-2023-53484} - ext4: remove a BUG_ON in ext4_mb_release_group_pa() {CVE-2023-53450} - md/raid10: fix wrong setting of max_corr_read_errors {CVE-2023-53313} - platform/x86: mxm-wmi: fix memleak in mxm_wmi_call_mx[ds|mx]() {CVE-2022-50521} - binfmt_misc: fix shift-out-of-bounds in check_special_flags {CVE-2022-50497} - ntb_netdev: Use dev_kfree_skb_any() in interrupt context {CVE-2022-50476} - i2c: ismt: use correct length when copy buffer {CVE-2022-50394} - misc: tifm: fix possible memory leak in tifm_7xx1_switch_media() {CVE-2022-50349} - ata: ahci: Match EM_MAX_SLOTS with SATA_PMP_MAX_PORTS {CVE-2022-50315} - ipv6: addrlabel: fix infoleak when sending struct ifaddrlblmsg to network {CVE-2022-49865} - KVM: x86/mmu: make apf token non-zero to fix bug {CVE-2022-48943} - kvm: avoid speculation-based attacks from out-of-range memslot accesses {CVE-2021-47277} - scsi: scsi_debug: Fix out-of-bound read in resp_report_tgtpgs() {CVE-2021-47219} - scsi: scsi_debug: Fix out-of-bound read in resp_readcap16() {CVE-2021-47191} - USB: core: Add routines for endpoint checks in old drivers - xen: sync some headers with xen tree - squashfs: fix memory leak in squashfs_fill_super {CVE-2025-38415} - pptp: fix pptp_xmit() error path {CVE-2025-38574} - Revert "net/sched: sch_hfsc: Ensure inner classes have fsc curve" {CVE-2023-4623}