- i40e: remove read access to debugfs files {CVE-2025-39901} - e1000: fix OOB in e1000_tbi_should_accept() {CVE-2025-71093} - ext4: fix bug_on in __es_tree_search caused by bad boot loader inode {CVE-2022-50638} - usbip: validate number_of_packets in usbip_pack_ret_submit() {CVE-2026-31607} - md: fix resync softlockup when bitmap size is less than array size {CVE-2023-53357} - media: ngene: Fix out-of-bounds bug in ngene_command_config_free_buf() {CVE-2021-47288} - md/raid10: check slab-out-of-bounds in md_bitmap_get_counter {CVE-2023-53357} - HID: wacom: fix out-of-bounds read in wacom_intuos_bt_irq {CVE-2026-43051} - netfilter: ip6t_eui64: reject invalid MAC header for all packets {CVE-2026-31685} - scsi: pm8001: Fix use-after-free for aborted TMF sas_task {CVE-2022-48791} - media: dvb-net: fix OOB access in ULE extension header tables {CVE-2026-31405} - wifi: brcmfmac: validate bsscfg indices in IF events {CVE-2026-43110} - powercap: intel_rapl: fix UBSAN shift-out-of-bounds issue {CVE-2022-50366} - netfilter: nf_conntrack_h323: check for zero length in DecodeQ931() {CVE-2026-23455} - netfilter: xt_tcpmss: check remaining length before reading optlen {CVE-2026-43190} - selinux: Add boundary check in put_entry() {CVE-2022-50200} - tracing: Only have rmmod clear buffers that its events were active in {CVE-2022-49006} - ASoC: core: Fix use-after-free in snd_soc_exit() {CVE-2022-49842} - nvme: fix a possible use-after-free in controller reset during load {CVE-2022-48790} - scsi: qla4xxx: Add length check when parsing nlattrs {CVE-2023-53456} - net: usb: cdc_ncm: add ndpoffset to NDP16 nframes bounds check {CVE-2026-23448} - xen/privcmd: fix double free via VMA splitting {CVE-2026-31787} - ext4: block range must be validated before use in ext4_mb_clear_bb() {CVE-2022-50021} - ext4: convert inline data to extents when truncate exceeds inline size {CVE-2026-31452} - igb: Fix igb_down hung on surprise removal {CVE-2023-53148} - dm raid: fix accesses beyond end of raid member array {CVE-2022-49674} - md: suspend array while updating raid_disks via sysfs {CVE-2025-71225} - usb: class: cdc-wdm: fix reordering issue in read code path {CVE-2026-43427} - atm: lec: fix use-after-free in sock_def_readable() {CVE-2026-43050} - cifs: Fix UAF in cifs_demultiplex_thread() {CVE-2023-52572} - drivers: base: Free devm resources when unregistering a device {CVE-2023-53596} - wifi: mac80211: check tdls flag in ieee80211_tdls_oper {CVE-2026-43052} - Bluetooth: MGMT: validate LTK enc_size on load {CVE-2026-43020} - usb: gadget: f_uac1_legacy: validate control request size {CVE-2026-31720} - iommu/vt-d: avoid invalid memory access via node_online(NUMA_NO_NODE) {CVE-2022-50093} - ext4: add bounds checking in get_max_inline_xattr_value_size() {CVE-2023-53285} - ACPICA: Add AML_NO_OPERAND_RESOLVE flag to Timer {CVE-2023-53395} - scsi: target: iscsi: Fix buffer overflow in lio_target_nacl_info_show() {CVE-2023-53676} - sysfs: Add sysfs_emit and sysfs_emit_at to format sysfs output {CVE-2023-53676} - mmc: vub300: fix warning - do not call blocking ops when !TASK_RUNNING {CVE-2022-50430}