exit: prevent preemption of oopsing TASK_DEAD task

...

ipmi: Check event message buffer response for bad data

...

drm/amdkfd: Clear VRAM on allocation to prevent stale data exposure

...

usb: ulpi: fix memory leak on ulpi_register() error paths

...

net: stmmac: Prevent NULL deref when RX memory exhausted

...

smb: client: validate dacloffset before building DACL pointers

...

KVM: x86: check for nEPT/nNPT in slow flush hypercalls

...

Bluetooth: hci_conn: fix potential UAF in create_big_sync

...

wifi: b43legacy: enforce bounds check on firmware key index in RX path

...

batman-adv: fix integer overflow on buff_pos

...

mptcp: fix scheduling with atomic in timestamp sockopt

...

ipv6: xfrm6: release dst on error in xfrm6_rcv_encap()

...

Bluetooth: virtio_bt: validate rx pkt_type header length

...

drm/gem: Fix inconsistent plane dimension calculation in drm_gem_fb_init_with_funcs()

...

mptcp: pm: ADD_ADDR rtx: fix potential data-race

...

vsock/virtio: fix accept queue count leak on transport mismatch

...

batman-adv: bla: put backbone reference on failed claim hash insert

...

spi: mpc52xx: fix use-after-free on unbind

...

ext4: fix bounds check in check_xattrs() to prevent out-of-bounds access

...

net: qrtr: ns: Limit the total number of nodes

...

drm/nouveau: fix u32 overflow in pushbuf reloc bounds check

...

net: qrtr: ns: Limit the maximum number of lookups

...

rxrpc: Fix conn-level packet handling to unshare RESPONSE packets

...

remoteproc: xlnx: Only access buffer information if IPI is buffered

...

net: strparser: fix skb_head leak in strp_abort_strp()

...

LoongArch: Add spectre boundry for syscall dispatch table

...

misc: ibmasm: fix OOB MMIO read in ibmasm_handle_mouse_interrupt()

...

KVM: SVM: Inject #UD for INVLPGA if EFER.SVME=0

...

netfilter: arp_tables: fix IEEE1394 ARP payload parsing

...

dm mirror: fix integer overflow in create_dirty_log()

...

rxrpc: Fix potential UAF after skb_unshare() failure

...

libceph: Prevent potential null-ptr-deref in ceph_handle_auth_reply()

...

slip: bound decode() reads against the compressed packet length

...

tcp: call sk_data_ready() after listener migration

...

crypto: nx - fix bounce buffer leaks in nx842_crypto_{alloc,free}_ctx

...

KVM: nSVM: Sync interrupt shadow to cached vmcb12 after VMRUN of L2

...

Bluetooth: hci_event: fix potential UAF in SSP passkey handlers

...

spi: fix resource leaks on device setup failure

...

x86/shstk: Prevent deadlock during shstk sigreturn

...

crypto: atmel-tdes - fix DMA sync direction

...

net: ipv6: fix NOREF dst use in seg6 and rpl lwtunnels

...

rbd: fix null-ptr-deref when device_add_disk() fails

...

net: caif: clear client service pointer on teardown

...

fbdev: defio: Disconnect deferred I/O from the lifetime of struct fb_info

...

net: bridge: use a stable FDB dst snapshot in RCU readers

...

net/sched: taprio: fix NULL pointer dereference in class dump

...

netfilter: reject zero shift in nft_bitwise

...

ntfs3: add buffer boundary checks to run_unpack()

...

slip: reject VJ receive packets on instances with no rstate array

...

crypto: atmel-aes - Fix 3-page memory leak in atmel_aes_buff_cleanup

...