ip6_gre: make ip6gre_header() robust

...

ASoC: stm32: sai: fix OF node leak on probe

...

char: applicom: fix NULL pointer dereference in ac_ioctl

...

net/handshake: duplicate handshake cancellations leak socket

...

mptcp: fallback earlier on simult connection

...

Input: ti_am335x_tsc - fix off-by-one error in wire_order validation

...

fsnotify: do not generate ACCESS/MODIFY events on child for special files

...

hfsplus: fix missing hfs_bnode_get() in __hfs_bnode_create

...

net: hns3: using the num_tqps in the vf driver to apply for resources

...

tpm: Cap the number of PCR banks

...

ksmbd: fix use-after-free in ksmbd_tree_connect_put under concurrency

...

media: dvb-usb: dtv5100: fix out-of-bounds in dtv5100_i2c_msg()

...

net/mlx5: fw_tracer, Validate format string parameters

...

net/sched: ets: Remove drr class from the active list if it changes to strict

...

ksmbd: vfs: fix race on m_flags in vfs_cache

...

RDMA/cm: Fix leaking the multicast GID table reference

...

spi: fsl-cpm: Check length parity before switching to 16 bit mode

...

ethtool: Avoid overflowing userspace buffer on stats query

...

scsi: Revert "scsi: qla2xxx: Perform lockless command completion in abort path"

...

ipv4: Fix reference count leak when using error routes with nexthop objects

...

ntfs: set dummy blocksize to read boot_block when mounting

...

scsi: aic94xx: fix use-after-free in device removal path

...

f2fs: fix return value of f2fs_recover_fsync_data()

...

net/sched: ets: Always remove class from active list before deleting in ets_qdisc_change

...

netrom: Fix memory leak in nr_sendmsg()

...

f2fs: fix to avoid updating compression context during writeback

...

f2fs: fix to avoid potential deadlock

...

io_uring: fix filename leak in __io_openat_prep()

...

mlxsw: spectrum_mr: Fix use-after-free when updating multicast route stats

...

svcrdma: bound check rq_pages index in inline path

...

ALSA: usb-mixer: us16x08: validate meter packet indices

...

drm/ttm: Avoid NULL pointer deref for evicted BOs

...

mlxsw: spectrum_router: Fix neighbour use-after-free

...

scsi: target: Reset t_task_cdb pointer in error case

...

inet: frags: flush pending skbs in fqdir_pre_exit()

...

perf/x86/amd: Check event before enable to avoid GPF

...

RDMA/core: Check for the presence of LS_NLA_TYPE_DGID correctly

...

btrfs: don't log conflicting inode if it's a dir moved in the current transaction

...

media: vidtv: initialize local pointers upon transfer of memory ownership

...

Bluetooth: btusb: revert use of devm_kzalloc in btusb

...

net: nfc: fix deadlock between nfc_unregister_device and rfkill_fop_write

...

net: openvswitch: fix middle attribute validation in push_nsh() action

...

e1000: fix OOB in e1000_tbi_should_accept()

...

iommu: disable SVA when CONFIG_X86 is set

...

caif: fix integer underflow in cffrml_receive()

...

iavf: fix off-by-one issues in iavf_config_rss_reg()

...

hwmon: (ibmpex) fix use-after-free in high/low store

...

usb: phy: fsl-usb: Fix use-after-free in delayed work during device removal

...

hfsplus: Verify inode mode when loading from disk

...

ksmbd: fix buffer validation by including null terminator size in EA length

...