Grafana-PCP, FreeRDP, Kernel, and more updates for Oracle Linux

Oracle Linux 6450 Published 2026-02-24 08:03 by Philipp Esselbach

News

ELSA-2026-3092 Important: Oracle Linux 10 golang-github-openprinting-ipp-usb security update

Oracle Linux Security Advisory ELSA-2026-3092

http://linux.oracle.com/errata/ELSA-2026-3092.html

The following updated rpms for Oracle Linux 10 have been uploaded to the Unbreakable Linux Network:

x86_64:
ipp-usb-0.9.27-5.el10_1.x86_64.rpm

aarch64:
ipp-usb-0.9.27-5.el10_1.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol10/SRPMS-updates/golang-github-openprinting-ipp-usb-0.9.27-5.el10_1.src.rpm

Related CVEs:

CVE-2025-61726
CVE-2025-68121

Description of changes:

[0.9.27-5]
- rebuilt to fix CVE-2025-68121, CVE-2025-61726

ELSA-2026-3035 Important: Oracle Linux 10 grafana-pcp security update

Oracle Linux Security Advisory ELSA-2026-3035

http://linux.oracle.com/errata/ELSA-2026-3035.html

The following updated rpms for Oracle Linux 10 have been uploaded to the Unbreakable Linux Network:

x86_64:
grafana-pcp-5.3.0-2.el10_1.x86_64.rpm

aarch64:
grafana-pcp-5.3.0-2.el10_1.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol10/SRPMS-updates/grafana-pcp-5.3.0-2.el10_1.src.rpm

Related CVEs:

CVE-2025-61726
CVE-2025-61729
CVE-2025-68121

Description of changes:

[5.3.0-2]
- Resolves RHEL-146722: CVE-2025-61726
- Resolves RHEL-146927: CVE-2025-61729
- Resolves RHEL-149228: CVE-2025-68121

ELSA-2026-3068 Important: Oracle Linux 10 freerdp security update

Oracle Linux Security Advisory ELSA-2026-3068

http://linux.oracle.com/errata/ELSA-2026-3068.html

The following updated rpms for Oracle Linux 10 have been uploaded to the Unbreakable Linux Network:

x86_64:
freerdp-3.10.3-5.el10_1.2.x86_64.rpm
freerdp-devel-3.10.3-5.el10_1.2.x86_64.rpm
freerdp-libs-3.10.3-5.el10_1.2.x86_64.rpm
freerdp-server-3.10.3-5.el10_1.2.x86_64.rpm
libwinpr-3.10.3-5.el10_1.2.x86_64.rpm
libwinpr-devel-3.10.3-5.el10_1.2.x86_64.rpm

aarch64:
freerdp-3.10.3-5.el10_1.2.aarch64.rpm
freerdp-devel-3.10.3-5.el10_1.2.aarch64.rpm
freerdp-libs-3.10.3-5.el10_1.2.aarch64.rpm
freerdp-server-3.10.3-5.el10_1.2.aarch64.rpm
libwinpr-3.10.3-5.el10_1.2.aarch64.rpm
libwinpr-devel-3.10.3-5.el10_1.2.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol10/SRPMS-updates/freerdp-3.10.3-5.el10_1.2.src.rpm

Related CVEs:

CVE-2026-22853
CVE-2026-22855
CVE-2026-22858
CVE-2026-22859
CVE-2026-24678

Description of changes:

[2:3.10.3-5.2]
- Backport several CVE fixes
Resolves: RHEL-147912, RHEL-148815, RHEL-148859, RHEL-148892, RHEL-148973

ELSA-2026-3094 Important: Oracle Linux 10 protobuf security update

Oracle Linux Security Advisory ELSA-2026-3094

http://linux.oracle.com/errata/ELSA-2026-3094.html

The following updated rpms for Oracle Linux 10 have been uploaded to the Unbreakable Linux Network:

x86_64:
protobuf-3.19.6-15.el10_1.x86_64.rpm
protobuf-compiler-3.19.6-15.el10_1.x86_64.rpm
protobuf-devel-3.19.6-15.el10_1.x86_64.rpm
protobuf-lite-3.19.6-15.el10_1.x86_64.rpm
protobuf-lite-devel-3.19.6-15.el10_1.x86_64.rpm
python3-protobuf-3.19.6-15.el10_1.x86_64.rpm

aarch64:
protobuf-3.19.6-15.el10_1.aarch64.rpm
protobuf-compiler-3.19.6-15.el10_1.aarch64.rpm
protobuf-devel-3.19.6-15.el10_1.aarch64.rpm
protobuf-lite-3.19.6-15.el10_1.aarch64.rpm
protobuf-lite-devel-3.19.6-15.el10_1.aarch64.rpm
python3-protobuf-3.19.6-15.el10_1.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol10/SRPMS-updates/protobuf-3.19.6-15.el10_1.src.rpm

Related CVEs:

CVE-2026-0994

Description of changes:

[3.19.6-15]
- Fix CVE-2026-0994: nested Any messages bypassing recursion depth limits

[3.19.6-14]
- Disable tests during build that are flaky

[3.19.6-13]
- Rebuilt for tests directory

[3.19.6-12]
- Copy patch from c9s to make emacs dependency optional
Resolves: RHEL-93236

ELSA-2026-50112 Important: Unbreakable Enterprise kernel security update

Oracle Linux Security Advisory ELSA-2026-50112

http://linux.oracle.com/errata/ELSA-2026-50112.html

The following updated rpms for have been uploaded to the Unbreakable Linux Network:

x86_64:
kernel-uek-6.12.0-108.64.6.3.el10uek.x86_64.rpm
kernel-uek-core-6.12.0-108.64.6.3.el10uek.x86_64.rpm
kernel-uek-devel-6.12.0-108.64.6.3.el10uek.x86_64.rpm
kernel-uek-doc-6.12.0-108.64.6.3.el10uek.noarch.rpm
kernel-uek-modules-6.12.0-108.64.6.3.el10uek.x86_64.rpm
kernel-uek-modules-core-6.12.0-108.64.6.3.el10uek.x86_64.rpm
kernel-uek-modules-deprecated-6.12.0-108.64.6.3.el10uek.x86_64.rpm
kernel-uek-modules-desktop-6.12.0-108.64.6.3.el10uek.x86_64.rpm
kernel-uek-modules-extra-6.12.0-108.64.6.3.el10uek.x86_64.rpm
kernel-uek-modules-extra-netfilter-6.12.0-108.64.6.3.el10uek.x86_64.rpm
kernel-uek-modules-usb-6.12.0-108.64.6.3.el10uek.x86_64.rpm
kernel-uek-modules-wireless-6.12.0-108.64.6.3.el10uek.x86_64.rpm
kernel-uek-tools-6.12.0-108.64.6.3.el10uek.x86_64.rpm
kernel-uek-debug-6.12.0-108.64.6.3.el10uek.x86_64.rpm
kernel-uek-debug-core-6.12.0-108.64.6.3.el10uek.x86_64.rpm
kernel-uek-debug-devel-6.12.0-108.64.6.3.el10uek.x86_64.rpm
kernel-uek-debug-modules-6.12.0-108.64.6.3.el10uek.x86_64.rpm
kernel-uek-debug-modules-core-6.12.0-108.64.6.3.el10uek.x86_64.rpm
kernel-uek-debug-modules-deprecated-6.12.0-108.64.6.3.el10uek.x86_64.rpm
kernel-uek-debug-modules-desktop-6.12.0-108.64.6.3.el10uek.x86_64.rpm
kernel-uek-debug-modules-extra-6.12.0-108.64.6.3.el10uek.x86_64.rpm
kernel-uek-debug-modules-extra-netfilter-6.12.0-108.64.6.3.el10uek.x86_64.rpm
kernel-uek-debug-modules-usb-6.12.0-108.64.6.3.el10uek.x86_64.rpm
kernel-uek-debug-modules-wireless-6.12.0-108.64.6.3.el10uek.x86_64.rpm

aarch64:
kernel-uek-6.12.0-108.64.6.3.el10uek.aarch64.rpm
kernel-uek-core-6.12.0-108.64.6.3.el10uek.aarch64.rpm
kernel-uek-devel-6.12.0-108.64.6.3.el10uek.aarch64.rpm
kernel-uek-modules-6.12.0-108.64.6.3.el10uek.aarch64.rpm
kernel-uek-modules-core-6.12.0-108.64.6.3.el10uek.aarch64.rpm
kernel-uek-modules-deprecated-6.12.0-108.64.6.3.el10uek.aarch64.rpm
kernel-uek-modules-desktop-6.12.0-108.64.6.3.el10uek.aarch64.rpm
kernel-uek-modules-extra-6.12.0-108.64.6.3.el10uek.aarch64.rpm
kernel-uek-modules-extra-netfilter-6.12.0-108.64.6.3.el10uek.aarch64.rpm
kernel-uek-modules-usb-6.12.0-108.64.6.3.el10uek.aarch64.rpm
kernel-uek-modules-wireless-6.12.0-108.64.6.3.el10uek.aarch64.rpm
kernel-uek-tools-6.12.0-108.64.6.3.el10uek.aarch64.rpm
kernel-uek-debug-6.12.0-108.64.6.3.el10uek.aarch64.rpm
kernel-uek-debug-core-6.12.0-108.64.6.3.el10uek.aarch64.rpm
kernel-uek-debug-devel-6.12.0-108.64.6.3.el10uek.aarch64.rpm
kernel-uek-debug-modules-6.12.0-108.64.6.3.el10uek.aarch64.rpm
kernel-uek-debug-modules-core-6.12.0-108.64.6.3.el10uek.aarch64.rpm
kernel-uek-debug-modules-deprecated-6.12.0-108.64.6.3.el10uek.aarch64.rpm
kernel-uek-debug-modules-desktop-6.12.0-108.64.6.3.el10uek.aarch64.rpm
kernel-uek-debug-modules-extra-6.12.0-108.64.6.3.el10uek.aarch64.rpm
kernel-uek-debug-modules-extra-netfilter-6.12.0-108.64.6.3.el10uek.aarch64.rpm
kernel-uek-debug-modules-usb-6.12.0-108.64.6.3.el10uek.aarch64.rpm
kernel-uek-debug-modules-wireless-6.12.0-108.64.6.3.el10uek.aarch64.rpm
kernel-uek64k-6.12.0-108.64.6.3.el10uek.aarch64.rpm
kernel-uek64k-core-6.12.0-108.64.6.3.el10uek.aarch64.rpm
kernel-uek64k-devel-6.12.0-108.64.6.3.el10uek.aarch64.rpm
kernel-uek64k-modules-6.12.0-108.64.6.3.el10uek.aarch64.rpm
kernel-uek64k-modules-core-6.12.0-108.64.6.3.el10uek.aarch64.rpm
kernel-uek64k-modules-deprecated-6.12.0-108.64.6.3.el10uek.aarch64.rpm
kernel-uek64k-modules-desktop-6.12.0-108.64.6.3.el10uek.aarch64.rpm
kernel-uek64k-modules-extra-6.12.0-108.64.6.3.el10uek.aarch64.rpm
kernel-uek64k-modules-extra-netfilter-6.12.0-108.64.6.3.el10uek.aarch64.rpm
kernel-uek64k-modules-usb-6.12.0-108.64.6.3.el10uek.aarch64.rpm
kernel-uek64k-modules-wireless-6.12.0-108.64.6.3.el10uek.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol10/SRPMS-updates/kernel-uek-6.12.0-108.64.6.3.el10uek.src.rpm

Related CVEs:

CVE-2018-1000204
CVE-2025-38234
CVE-2025-38276
CVE-2025-38357
CVE-2025-40034
CVE-2025-40075
CVE-2025-40149
CVE-2025-40164
CVE-2025-40170
CVE-2025-40215
CVE-2025-40246
CVE-2025-40248
CVE-2025-40251
CVE-2025-40252
CVE-2025-40254
CVE-2025-40257
CVE-2025-40258
CVE-2025-40259
CVE-2025-40261
CVE-2025-40263
CVE-2025-40264
CVE-2025-40266
CVE-2025-40325
CVE-2025-40330
CVE-2025-40345
CVE-2025-68197
CVE-2025-68206
CVE-2025-68209
CVE-2025-68213
CVE-2025-68214
CVE-2025-68215
CVE-2025-68218
CVE-2025-68219
CVE-2025-68223
CVE-2025-68224
CVE-2025-68227
CVE-2025-68229
CVE-2025-68230
CVE-2025-68231
CVE-2025-68233
CVE-2025-68235
CVE-2025-68237
CVE-2025-68259
CVE-2025-68261
CVE-2025-68264
CVE-2025-68265
CVE-2025-68282
CVE-2025-68283
CVE-2025-68284
CVE-2025-68285
CVE-2025-68286
CVE-2025-68288
CVE-2025-68292
CVE-2025-68293
CVE-2025-68295
CVE-2025-68296
CVE-2025-68297
CVE-2025-68298
CVE-2025-68300
CVE-2025-68301
CVE-2025-68305
CVE-2025-68306
CVE-2025-68307
CVE-2025-68308
CVE-2025-68324
CVE-2025-68325
CVE-2025-68329
CVE-2025-68330
CVE-2025-68331
CVE-2025-68337
CVE-2025-68340
CVE-2025-68341
CVE-2025-68342
CVE-2025-68343
CVE-2025-68348
CVE-2025-68349
CVE-2025-68354
CVE-2025-68356
CVE-2025-68357
CVE-2025-68362
CVE-2025-68363
CVE-2025-68364
CVE-2025-68366
CVE-2025-68367
CVE-2025-68371
CVE-2025-68372
CVE-2025-68374
CVE-2025-68378
CVE-2025-68379
CVE-2025-68380
CVE-2025-68724
CVE-2025-68732
CVE-2025-68740
CVE-2025-68741
CVE-2025-68742
CVE-2025-68744
CVE-2025-68746
CVE-2025-68756
CVE-2025-68757
CVE-2025-68759
CVE-2025-68764
CVE-2025-68770
CVE-2025-68771
CVE-2025-68775
CVE-2025-68776
CVE-2025-68778
CVE-2025-68780
CVE-2025-68782
CVE-2025-68783
CVE-2025-68784
CVE-2025-68785
CVE-2025-68788
CVE-2025-68789
CVE-2025-68794
CVE-2025-68795
CVE-2025-68798
CVE-2025-68803
CVE-2025-68810
CVE-2025-68811
CVE-2025-68813
CVE-2025-68814
CVE-2025-68815
CVE-2025-68816
CVE-2025-68818
CVE-2025-68819
CVE-2025-68820
CVE-2025-68821
CVE-2025-68822
CVE-2025-71066
CVE-2025-71068
CVE-2025-71072
CVE-2025-71075
CVE-2025-71077
CVE-2025-71080
CVE-2025-71082
CVE-2025-71083
CVE-2025-71084
CVE-2025-71085
CVE-2025-71087
CVE-2025-71089
CVE-2025-71091
CVE-2025-71093
CVE-2025-71094
CVE-2025-71095
CVE-2025-71096
CVE-2025-71097
CVE-2025-71098
CVE-2025-71100
CVE-2025-71101
CVE-2025-71104
CVE-2025-71108
CVE-2025-71111
CVE-2025-71113
CVE-2025-71114
CVE-2025-71116
CVE-2025-71118
CVE-2025-71120
CVE-2025-71123
CVE-2025-71125
CVE-2025-71126
CVE-2025-71130
CVE-2025-71131
CVE-2025-71132
CVE-2025-71133
CVE-2025-71135
CVE-2025-71138
CVE-2025-71143
CVE-2025-71146
CVE-2025-71147
CVE-2025-71148
CVE-2025-71149
CVE-2025-71151
CVE-2025-71154
CVE-2025-71156
CVE-2025-71157

Description of changes:

[6.12.0-108.64.6.3]
- net/rds: Fix issue with a revert in rds_send_queue_rm (Sharath Srinivasan) [Orabug: 38937451]

[6.12.0-108.64.6.2]
- Revert "net/rds: fix crash by expanding kref coverage to rds_incoming.i_conn" (Sharath Srinivasan) [Orabug: 38937451]
- Revert "net/rds: expand kref coverage to rds_notifier->n_conn" (Sharath Srinivasan) [Orabug: 38937451]

[6.12.0-108.64.6.1]
- net: mana: Reduce waiting time if HWC not responding (Haiyang Zhang) [Orabug: 38899652]

[6.12.0-108.64.6]
- tls: Use __sk_dst_get() and dst_dev_rcu() in get_netdev_for_sock(). (Kuniyuki Iwashima) [Orabug: 38649136] {CVE-2025-40149}

[6.12.0-108.64.5]
- net/mlx5: Update mlx5_ifc to support FEC for 200G per lane link modes (Jianbo Liu) [Orabug: 38859067]

[6.12.0-108.64.4]
- fuse: fix runtime warning on truncate_folio_batch_exceptionals() (Haiyue Wang) [Orabug: 38516705] {CVE-2025-38357}
- PCI/AER: Avoid NULL pointer dereference in aer_ratelimit() (Breno Leitao) [Orabug: 38597009] {CVE-2025-40034}
- bnxt_en: Shutdown FW DMA in bnxt_shutdown() (Michael Chan) [Orabug: 38747442] {CVE-2025-40330}
- mlx5: Fix default values in create CQ (Akiva Goldberger) [Orabug: 38750222,38773368] {CVE-2025-68209}
- RDMA/cm: Base cm_id destruction timeout on CMA values (Håkon Bugge) [Orabug: 38753653]
- bnxt_en: Fix null pointer dereference in bnxt_bs_trace_check_wrap() (Gautam R A) [Orabug: 38773315] {CVE-2025-68197}
- LTS version: v6.12.64 (Jack Vogel)
- block: fix NULL pointer dereference in blk_zone_reset_all_bio_endio() (Damien Le Moal)
- iomap: allocate s_dio_done_wq for async reads as well (Christoph Hellwig) [Orabug: 38798795] {CVE-2025-68357}
- mm/damon/tests/vaddr-kunit: handle alloc failures on damon_do_test_apply_three_regions() (Seongjae Park)
- mm/damon/tests/core-kunit: handle alloc failres in damon_test_new_filter() (Seongjae Park)
- mm/damon/tests/core-kunit: handle alloc failures on damon_test_split_regions_of() (Seongjae Park)
- vfio/pci: Disable qword access to the PCI ROM bar (Kevin Tian)
- media: amphion: Remove vpu_vb_is_codecconfig (Ming Qian)
- media: amphion: Make some vpu_v4l2 functions static (Laurent Pinchart)
- media: amphion: Add a frame flush mode for decoder (Ming Qian)
- media: mediatek: vcodec: Use spinlock for context list protection lock (Chen-Yu Tsai)
- powerpc/pseries/cmm: adjust BALLOON_MIGRATE when migrating pages (David Hildenbrand)
- mm/balloon_compaction: convert balloon_page_delete() to balloon_page_finalize() (David Hildenbrand)
- mm/balloon_compaction: we cannot have isolated pages in the balloon list (David Hildenbrand)
- PCI: brcmstb: Fix disabling L0s capability (Jim Quinlan)
- PCI: brcmstb: Set MLW based on "num-lanes" DT property if present (Jim Quinlan)
- PCI: brcmstb: Reuse pcie_cfg_data structure (Stanimir Varbanov)
- ASoC: renesas: rz-ssi: Fix rz_ssi_priv::hw_params_cache::sample_width (Biju Das)
- ASoC: qcom: sdw: fix memory leak for sdw_stream_runtime (Srinivas Kandagatla)
- soundwire: stream: extend sdw_alloc_stream() to take 'type' parameter (Pierre-Louis Bossart)
- block: handle zone management operations completions (Damien Le Moal)
- ASoC: renesas: rz-ssi: Fix channel swap issue in full duplex mode (Biju Das)
- gve: defer interrupt enabling until NAPI registration (Ankit Garg)
- hrtimers: Make hrtimer_update_function() less expensive (Thomas Gleixner)
- idpf: remove obsolete stashing code (Joshua Hay)
- idpf: stop Tx if there are insufficient buffer resources (Joshua Hay)
- idpf: replace flow scheduling buffer ring with buffer pool (Joshua Hay)
- idpf: simplify and fix splitq Tx packet rollback error path (Joshua Hay)
- idpf: improve when to set RE bit logic (Joshua Hay)
- idpf: add support for Tx refillqs in flow scheduling mode (Joshua Hay)
- idpf: trigger SW interrupt when exiting wb_on_itr mode (Joshua Hay)
- idpf: add support for SW triggered interrupts (Joshua Hay)
- wifi: mt76: mt7925: add handler to hif suspend/resume event (Quan Zhou)
- wifi: mt76: mt7925: fix CLC command timeout when suspend/resume (Quan Zhou)
- wifi: mt76: mt7925: fix the unfinished command of regd_notifier before suspend (Quan Zhou)
- media: i2c: imx219: Fix 1920x1080 mode to use 1:1 pixel aspect ratio (Dave Stevenson)
- x86/microcode/AMD: Select which microcode patch to load (Borislav Petkov)
- tty: fix tty_port_tty_*hangup() kernel-doc (Jiri Slaby)
- serial: core: Fix serial device initialization (Alexander Stein)
- usbnet: Fix using smp_processor_id() in preemptible code warnings (Zqiang) [Orabug: 38649205] {CVE-2025-40164}
- net: use dst_dev_rcu() in sk_setup_caps() (Eric Dumazet) [Orabug: 38649240] {CVE-2025-40170}
- ipv6: adopt dst_dev() helper (Eric Dumazet)
- net: ipv6: ioam6: use consistent dst names (Justin Iurman)
- drm/panthor: Flush shmem writes before mapping buffers CPU-uncached (Boris Brezillon)
- md/raid10: wait barrier before returning discard request with REQ_NOWAIT (Xiao Ni) [Orabug: 37855392] {CVE-2025-40325}
- netfilter: nft_ct: add seqadj extension for natted connections (Andrii Melnychenko) [Orabug: 38773355] {CVE-2025-68206}
- gpiolib: acpi: Add quirk for Dell Precision 7780 (Askar Safin)
- gpiolib: acpi: Add quirk for ASUS ProArt PX13 (Mario Limonciello)
- gpiolib: acpi: Add a quirk for Acer Nitro V15 (Mario Limonciello)
- gpiolib: acpi: Move quirks to a separate file (Andy Shevchenko)
- gpiolib: acpi: Add acpi_gpio_need_run_edge_events_on_boot() getter (Andy Shevchenko)
- gpiolib: acpi: Handle deferred list via new API (Andy Shevchenko)
- gpiolib: acpi: Switch to use enum in acpi_gpio_in_ignore_list() (Andy Shevchenko)
- f2fs: fix to propagate error from f2fs_enable_checkpoint() (Chao Yu)
- f2fs: dump more information for f2fs_{enable,disable}_checkpoint() (Chao Yu)
- f2fs: add timeout in f2fs_enable_checkpoint() (Chao Yu)
- f2fs: clear SBI_POR_DOING before initing inmem curseg (Sheng Yong)
- serial: xilinx_uartps: fix rs485 delay_rts_after_send (Jakub Turek)
- serial: xilinx_uartps: Use helper function hrtimer_update_function() (Nam Cao)
- hrtimers: Introduce hrtimer_update_function() (Nam Cao)
- drm/displayid: add quirk to ignore DisplayID checksum errors (Jani Nikula)
- sched_ext: Fix missing post-enqueue handling in move_local_task_to_local_dsq() (Tejun Heo)
- sched_ext: Factor out local_dsq_post_enq() from dispatch_enqueue() (Tejun Heo)
- tpm2-sessions: Fix tpm2_read_public range checks (Jarkko Sakkinen)
- block: freeze queue when updating zone resources (Damien Le Moal)
- ARM: dts: microchip: sama7g5: fix uart fifo size to 32 (Nicolas Ferre)
- svcrdma: bound check rq_pages index in inline path (Joshua Rogers) [Orabug: 38847975] {CVE-2025-71068}
- mm/ksm: fix exec/fork inheritance support for prctl (Xu Xin)
- mptcp: pm: ignore unknown endpoint flags (Matthieu Baerts)
- serial: core: Restore sysfs fwnode information (Andy Shevchenko)
- serial: core: fix OF node leak (Johan Hovold)
- f2fs: fix to avoid updating compression context during writeback (Chao Yu)
- f2fs: drop inode from the donation list when the last file is closed (Jaegeuk Kim)
- f2fs: use global inline_xattr_slab instead of per-sb slab cache (Chao Yu)
- f2fs: fix to detect recoverable inode during dryrun of find_fsync_dnodes() (Chao Yu)
- xhci: dbgtty: fix device unregister: fixup (Łukasz Bartosik)
- tty: introduce and use tty_port_tty_vhangup() helper (Jiri Slaby)
- jbd2: fix the inconsistency between checksum and data in memory for journal sb (Ye Bin)
- sched_ext: Fix incorrect sched_class settings for per-cpu migration tasks (Zqiang)
- erofs: fix unexpected EIO under memory pressure (Junbeom Yeom)
- sched/eevdf: Fix min_vruntime vs avg_vruntime (Peter Zijlstra)
- btrfs: don't rewrite ret from inode_permission (Josef Bacik)
- gfs2: fix freeze error handling (Alexey Velichayshiy)
- lib/crypto: riscv/chacha: Avoid s0/fp register (Vivian Wang)
- drm/imagination: Disallow exporting of PM/FW protected objects (Alessio Belle)
- drm/nouveau/dispnv50: Don't call drm_atomic_get_crtc_state() in prepare_fb (Lyude Paul)
- drm/i915/gem: Zero-initialize the eb.vma array in i915_gem_do_execbuffer (Niemiec, Krzysztof) [Orabug: 38852366] {CVE-2025-71130}
- drm/msm/dpu: Add missing NULL pointer check for pingpong interface (Nikolay Kuratov) [Orabug: 38852395] {CVE-2025-71138}
- drm/xe: Drop preempt-fences when destroying imported dma-bufs. (Thomas Hellström)
- drm/xe: Use usleep_range for accurate long-running workload timeslicing (Matthew Brost)
- drm/xe: Adjust long-running workload timeslices to reasonable values (Matthew Brost)
- drm/xe/oa: Disallow 0 OA property values (Ashutosh Dixit)
- drm/xe/bo: Don't include the CCS metadata in the dma-buf sg-table (Thomas Hellström)
- drm/mgag200: Fix big-endian support (René Rebe)
- drm/ttm: Avoid NULL pointer deref for evicted BOs (Simon Richter) [Orabug: 38848051] {CVE-2025-71083}
- drm/i915: Fix format string truncation warning (Ard Biesheuvel)
- drm/amdkfd: Trap handler support for expert scheduling mode (Jay Cornwall)
- drm/amdkfd: bump minimum vgpr size for gfx1151 (Jonathan Kim)
- drm/amdkfd: Export the cwsr_size and ctl_stack_size to userspace (Mario Limonciello)
- drm/mediatek: Fix probe device leaks (Johan Hovold)
- drm/mediatek: Fix probe memory leak (Johan Hovold)
- drm/mediatek: Fix probe resource leaks (Johan Hovold)
- drm/mediatek: Fix device node reference leak in mtk_dp_dt_parse() (Miaoqian Lin)
- drm/xe/oa: Fix potential UAF in xe_oa_add_config_ioctl() (Sanjay Yadav)
- drm/edid: add DRM_EDID_IDENT_INIT() to initialize struct drm_edid_ident (Jani Nikula)
- drm/gma500: Remove unused helper psb_fbdev_fb_setcolreg() (Thomas Zimmermann)
- drm/buddy: Separate clear and dirty free block trees (Arunpravin Paneer Selvam)
- drm/buddy: Optimize free block management with RB tree (Arunpravin Paneer Selvam)
- drm/msm/a6xx: Fix out of bound IO access in a6xx_get_gmu_registers (Akhil P Oommen)
- drm/amdgpu/gmc11: add amdgpu_vm_handle_fault() handling (Alex Deucher)
- drm/amdgpu: add missing lock to amdgpu_ttm_access_memory_sdma (Pierre-Eric Pelloux-Prayer)
- drm/amdgpu/gmc12: add amdgpu_vm_handle_fault() handling (Alex Deucher)
- Revert "drm/amd: Skip power ungate during suspend for VPE" (Mario Limonciello)
- net: macb: Relocate mog_init_rings() callback from macb_mac_link_up() to macb_open() (Xiaolei Wang)
- net: nfc: fix deadlock between nfc_unregister_device and rfkill_fop_write (Deepanshu Kartikey)
- net: usb: sr9700: fix incorrect command used to write single register (Ethan Nelson-Moore)
- nfsd: Drop the client reference in client_states_open() (Haoxiang Li)
- LoongArch: BPF: Sign extend kfunc call arguments (Hengqi Chen)
- LoongArch: BPF: Zero-extend bpf_tail_call() index (Hengqi Chen)
- LoongArch: Refactor register restoration in ftrace_common_return (Duan Chenghao)
- fjes: Add missing iounmap in fjes_hw_init() (Haoxiang Li)
- e1000: fix OOB in e1000_tbi_should_accept() (Guangshuo Li) [Orabug: 38848098] {CVE-2025-71093}
- RDMA/cm: Fix leaking the multicast GID table reference (Jason Gunthorpe) [Orabug: 38848057] {CVE-2025-71084}
- RDMA/core: Check for the presence of LS_NLA_TYPE_DGID correctly (Jason Gunthorpe) [Orabug: 38848116] {CVE-2025-71096}
- samples/ftrace: Adjust LoongArch register restore order in direct calls (Duan Chenghao)
- tools/mm/page_owner_sort: fix timestamp comparison for stable sorting (Kaushlendra Kumar)
- x86/microcode/AMD: Fix Entrysign revision check for Zen5/Strix Halo (Rongrong)
- mm/page_owner: fix memory leak in page_owner_stack_fops->release() (Ran Xiaokai)
- idr: fix idr_alloc() returning an ID out of range (Matthew Wilcox)
- lockd: fix vfs_test_lock() calls (Neil Brown)
- kasan: unpoison vms[area] addresses with a common tag (Maciej Wieczor-Retman)
- kasan: refactor pcpu kasan vmalloc unpoison (Maciej Wieczor-Retman)
- compiler_types.h: add "auto" as a macro for "__auto_type" (H. Peter Anvin)
- pmdomain: imx: Fix reference count leak in imx_gpc_probe() (Xu Wang)
- mm/damon/tests/core-kunit: handle alloc failure on damon_test_set_attrs() (Seongjae Park)
- mm/damon/tests/core-kunit: handle alloc failures in damon_test_ops_registration() (Seongjae Park)
- mm/damon/tests/core-kunit: handle alloc failures in damon_test_update_monitoring_result() (Seongjae Park)
- mm/damon/tests/core-kunit: handle alloc failures in damon_test_set_regions() (Seongjae Park)
- mm/damon/tests/core-kunit: handle alloc failures on damon_test_merge_two() (Seongjae Park)
- mm/damon/tests/core-kunit: handle alloc failures on dasmon_test_merge_regions_of() (Seongjae Park)
- mm/damon/tests/core-kunit: handle memory alloc failure from damon_test_aggregate() (Seongjae Park)
- mm/damon/tests/core-kunit: handle memory failure from damon_test_target() (Seongjae Park)
- mm/damon/tests/core-kunit: handle allocation failures in damon_test_regions() (Seongjae Park)
- mm/damon/tests/core-kunit: handle alloc failures on damon_test_split_at() (Seongjae Park)
- mm/damon/tests/vaddr-kunit: handle alloc failures on damon_test_split_evenly_succ() (Seongjae Park)
- mm/damon/tests/vaddr-kunit: handle alloc failures in damon_test_split_evenly_fail() (Seongjae Park)
- mm/damon/tests/sysfs-kunit: handle alloc failures on damon_sysfs_test_add_targets() (Seongjae Park)
- LoongArch: Use unsigned long for _end and _text (Tiezhu Yang)
- LoongArch: Use __pmd()/__pte() for swap entry conversions (Wangyuli)
- LoongArch: Fix build errors for CONFIG_RANDSTRUCT (Huacai Chen)
- LoongArch: Correct the calculation logic of thread_count (Maqiang)
- LoongArch: Add new PCI ID for pci_fixup_vgadev() (Huacai Chen)
- media: mediatek: vcodec: Fix a reference leak in mtk_vcodec_fw_vpu_init() (Haoxiang Li)
- media: i2c: adv7842: Remove redundant cancel_delayed_work in probe (Duoming Zhou)
- media: i2c: ADV7604: Remove redundant cancel_delayed_work in probe (Duoming Zhou)
- media: amphion: Cancel message work before releasing the VPU core (Ming Qian)
- media: vpif_display: fix section mismatch (Johan Hovold)
- media: vpif_capture: fix section mismatch (Johan Hovold)
- media: videobuf2: Fix device reference leak in vb2_dc_alloc error path (Xu Wang)
- media: verisilicon: Protect G2 HEVC decoder against invalid DPB index (Nicolas Dufresne)
- media: TDA1997x: Remove redundant cancel_delayed_work in probe (Duoming Zhou)
- media: samsung: exynos4-is: fix potential ABBA deadlock on init (Marek Szyprowski)
- media: renesas: rcar_drif: fix device node reference leak in rcar_drif_bond_enabled (Miaoqian Lin)
- media: platform: mtk-mdp3: fix device leaks at probe (Johan Hovold)
- media: msp3400: Avoid possible out-of-bounds array accesses in msp3400c_thread() (Ivan Abramov)
- media: cec: Fix debugfs leak on bus_register() failure (Xu Wang)
- fbdev: tcx.c fix mem_map to correct smem_start offset (René Rebe)
- fbdev: pxafb: Fix multiple clamped values in pxafb_adjust_timing (Thorsten Blum)
- fbdev: gbefb: fix to use physical address instead of dma address (René Rebe)
- dm-bufio: align write boundary on physical block size (Mikulas Patocka)
- dm-ebs: Mark full buffer dirty even on partial write (Uladzislau Rezki)
- firmware: stratix10-svc: Add mutex in stratix10 memory management (Mahesh Rao)
- media: adv7842: Avoid possible out-of-bounds array accesses in adv7842_cp_log_status() (Ivan Abramov)
- powerpc/pseries/cmm: call balloon_devinfo_init() also without CONFIG_BALLOON_COMPACTION (David Hildenbrand)
- perf/x86/amd/uncore: Fix the return value of amd_uncore_df_event_init() on error (Sandipan Das)
- parisc: entry: set W bit for !compat tasks in syscall_restore_rfi() (Sven Schnelle)
- parisc: entry.S: fix space adjustment on interruption for 64-bit userspace (Sven Schnelle)
- mtd: spi-nor: winbond: Add support for W25H02NWxxAM chips (Miquel Raynal)
- mtd: spi-nor: winbond: Add support for W25H01NWxxAM chips (Miquel Raynal)
- mtd: spi-nor: winbond: Add support for W25H512NWxxAM chips (Miquel Raynal)
- mtd: spi-nor: winbond: Add support for W25Q02NWxxIM chips (Miquel Raynal)
- mtd: spi-nor: winbond: Add support for W25Q01NWxxIM chips (Miquel Raynal)
- mtd: spi-nor: winbond: Add support for W25Q01NWxxIQ chips (Miquel Raynal)
- mtd: mtdpart: ignore error -ENOENT from parsers on subpartitions (Christian Marangi)
- media: verisilicon: Fix CPU stalls on G2 bus error (Nicolas Dufresne)
- media: rc: st_rc: Fix reset control resource leak (Xu Wang)
- mfd: max77620: Fix potential IRQ chip conflict when probing two devices (Krzysztof Kozlowski)
- mfd: altera-sysmgr: Fix device leak on sysmgr regmap lookup (Johan Hovold)
- clk: samsung: exynos-clkout: Assign .num before accessing .hws (Nathan Chancellor) [Orabug: 38852404] {CVE-2025-71143}
- block: Clear BLK_ZONE_WPLUG_PLUGGED when aborting plugged BIOs (Damien Le Moal)
- leds: leds-lp50xx: Enable chip before any communication (Christian Hitz)
- leds: leds-lp50xx: LP5009 supports 3 modules for a total of 9 LEDs (Christian Hitz)
- leds: leds-lp50xx: Allow LED 0 to be added to module bank (Christian Hitz)
- leds: leds-cros_ec: Skip LEDs without color components (Thomas Weißschuh)
- powerpc/64s/slb: Fix SLB multihit issue during SLB preload (Donet Tom)
- powerpc, mm: Fix mprotect on book3s 32-bit (Dave Vasilevsky)
- arm64: dts: ti: k3-j721e-sk: Fix pinmux for pin Y1 used by power regulator (Siddharth Vadapalli)
- PCI/PM: Reinstate clearing state_saved in legacy and !PM codepaths (Lukas Wunner)
- fgraph: Check ftrace_pids_enabled on registration for early filtering (Shengming Hu)
- fgraph: Initialize ftrace_ops->private for function graph ops (Shengming Hu)
- HID: logitech-dj: Remove duplicate error logging (Hans de Goede)
- iommu: disable SVA when CONFIG_X86 is set (Lu Baolu) [Orabug: 38848082] {CVE-2025-71089}
- iommu/tegra: fix device leak on probe_device() (Johan Hovold)
- iommu/sun50i: fix device leak on of_xlate() (Johan Hovold)
- iommu/qcom: fix device leak on of_xlate() (Johan Hovold)
- iommu/omap: fix device leaks on probe_device() (Johan Hovold)
- iommu/mediatek: fix device leak on of_xlate() (Johan Hovold)
- iommu/mediatek-v1: fix device leaks on probe() (Johan Hovold)
- iommu/mediatek-v1: fix device leak on probe_device() (Johan Hovold)
- iommu/ipmmu-vmsa: fix device leak on of_xlate() (Johan Hovold)
- iommu/exynos: fix device leak on of_xlate() (Johan Hovold)
- iommu/apple-dart: fix device leak on of_xlate() (Johan Hovold)
- iommu/amd: Propagate the error code returned by __modify_irte_ga() in modify_irte_ga() (Jinhui Guo)
- iommu/amd: Fix pci_segment memleak in alloc_pci_segment() (Jinhui Guo)
- ASoC: qcom: qdsp6: q6asm-dai: set 10 ms period and buffer alignment. (Srinivas Kandagatla)
- ASoC: qcom: q6adm: the the copp device only during last instance (Srinivas Kandagatla)
- ASoC: qcom: q6asm-dai: perform correct state check before closing (Srinivas Kandagatla)
- ASoC: qcom: q6apm-dai: set flags to reflect correct operation of appl_ptr (Srinivas Kandagatla)
- ASoC: codecs: lpass-tx-macro: fix SM6115 support (Srinivas Kandagatla)
- ASoC: stm32: sai: fix OF node leak on probe (Johan Hovold)
- ASoC: stm32: sai: fix clk prepare imbalance on probe failure (Johan Hovold)
- ASoC: stm32: sai: fix device leak on probe (Johan Hovold)
- ASoC: codecs: wcd939x: fix regmap leak on probe failure (Johan Hovold)
- ntfs: Do not overwrite uptodate pages (Matthew Wilcox)
- selftests/ftrace: traceonoff_triggers: strip off names (Yipeng Zou)
- blk-mq: skip CPU offline notify on unmapped hctx (Cong Zhang)
- RDMA/bnxt_re: fix dma_free_coherent() pointer (Thomas Fourier)
- RDMA/rtrs: Fix clt_path::max_pages_per_mr calculation (Lihonggang)
- ksmbd: Fix memory leak in get_file_all_info() (Zilin Guan)
- md/raid5: fix possible null-pointer dereferences in raid5_store_group_thread_cnt() (Tuo Li) [Orabug: 38852384] {CVE-2025-71135}
- md: Fix static checker warning in analyze_sbs (Li Nan)
- RDMA/bnxt_re: Fix to use correct page size for PDE table (Kalesh Ap)
- RDMA/bnxt_re: Fix IB_SEND_IP_CSUM handling in post_send (Alok Tiwari)
- RDMA/core: always drop device refcount in ib_del_sub_device_and_put() (Tetsuo Handa)
- RDMA/bnxt_re: Fix incorrect BAR check in bnxt_qplib_map_creq_db() (Alok Tiwari)
- RDMA/core: Fix logic error in ib_get_gids_from_rdma_hdr() (Jang Ingyu)
- RDMA/efa: Remove possible negative shift (Michael Margolin)
- RDMA/irdma: avoid invalid read in irdma_net_event (Michal Schmidt) [Orabug: 38852378] {CVE-2025-71133}
- ipv6: fix a BUG in rt6_get_pcpu_route() under PREEMPT_RT (Jiayuan Chen) [Orabug: 38848033] {CVE-2025-71080}
- net: rose: fix invalid array index in rose_kill_by_device() (Pwnverse)
- ipv4: Fix reference count leak when using error routes with nexthop objects (Ido Schimmel) [Orabug: 38848124] {CVE-2025-71097}
- ipv6: BUG() in pskb_expand_head() as part of calipso_skbuff_setattr() (Will Rosenberg) [Orabug: 38848060] {CVE-2025-71085}
- net: stmmac: fix the crash issue for zero copy XDP_TX action (Wei Fang) [Orabug: 38848110] {CVE-2025-71095}
- octeontx2-pf: fix "UBSAN: shift-out-of-bounds error" (Anshumali Gaur)
- platform/x86: hp-bioscfg: Fix out-of-bounds array access in ACPI package parsing (Junrui Luo) [Orabug: 38848146] {CVE-2025-71101}
- vfio/pds: Fix memory leak in pds_vfio_dirty_enable() (Zilin Guan)
- net: bridge: Describe @tunnel_hash member in net_bridge_vlan_group struct (Bagas Sanjaya)
- net: usb: asix: validate PHY address before use (Deepanshu Kartikey) [Orabug: 38848106] {CVE-2025-71094}
- kbuild: fix compilation of dtb specified on command-line without make rule (Thomas De Schampheleire)
- net: dsa: b53: skip multicast entries for fdb_dump() (Jonas Gorski)
- firewire: nosy: Fix dma_free_coherent() size (Thomas Fourier)
- genalloc.h: fix htmldocs warning (Andrew Morton)
- smc91x: fix broken irq-context in PREEMPT_RT (Levi Yun) [Orabug: 38852375] {CVE-2025-71132}
- selftests: net: fix "buffer overflow detected" for tap.c (Alice C. Munduruca)
- net: usb: rtl8150: fix memory leak on usb_submit_urb() failure (Deepakkumar Karn)
- amd-xgbe: reset retries and mode on RX adapt failures (Raju Rangoju)
- net: dsa: fix missing put_device() in dsa_tree_find_first_conduit() (Vladimir Oltean)
- team: fix check for port enabled in team_queue_override_port_prio_changed() (Jiri Pirko) [Orabug: 38848087] {CVE-2025-71091}
- platform/x86: ibm_rtl: fix EBDA signature search pointer arithmetic (Junrui Luo)
- platform/x86: msi-laptop: add missing sysfs_remove_group() (Thomas Fourier)
- platform/mellanox: mlxbf-pmc: Remove trailing whitespaces from event names (Shravan Kumar Ramani)
- ip6_gre: make ip6gre_header() robust (Eric Dumazet) [Orabug: 38848130] {CVE-2025-71098}
- net: openvswitch: Avoid needlessly taking the RTNL on vport destroy (Toke Høiland-Jørgensen)
- net: mdio: aspeed: add dummy read to avoid read-after-write issue (Jacky Chou)
- Bluetooth: btusb: revert use of devm_kzalloc in btusb (Raphael Pinsonneault-Thibeault) [Orabug: 38848042] {CVE-2025-71082}
- crypto: seqiv - Do not use req->iv after crypto_aead_encrypt (Herbert Xu) [Orabug: 38852369] {CVE-2025-71131}
- idpf: reduce mbx_task schedule delay to 300us (Brian Vazquez)
- iavf: fix off-by-one issues in iavf_config_rss_reg() (Kohei Enju) [Orabug: 38848072] {CVE-2025-71087}
- i40e: validate ring_len parameter against hardware-specific values (Gregory Herrero)
- i40e: fix scheduling in set_rx_mode (Przemyslaw Korba)
- wifi: mac80211: do not use old MBSSID elements (Aloka Dixit)
- wifi: cfg80211: sme: store capped length in __cfg80211_connect_result() (Dan Carpenter)
- wifi: rtlwifi: 8192cu: fix tid out of range in rtl92cu_tx_fill_desc() (Morning Star) [Orabug: 38848143] {CVE-2025-71100}
- wifi: rtw88: limit indirect IO under powered off for RTL8822CS (Ping-Ke Shih)
- fuse: fix readahead reclaim deadlock (Joanne Koong) [Orabug: 38847945] {CVE-2025-68821}
- iommu/mediatek: fix use-after-free on probe deferral (Johan Hovold)
- x86/msi: Make irq_retrigger() functional for posted MSI (Thomas Gleixner)
- ARM: dts: microchip: sama5d2: fix spi flexcom fifo size to 32 (Nicolas Ferre)
- hwmon: (w83l786ng) Convert macros to functions to avoid TOCTOU (Gui-Dong Han)
- hwmon: (w83791d) Convert macros to functions to avoid TOCTOU (Gui-Dong Han) [Orabug: 38852299] {CVE-2025-71111}
- hwmon: (max6697) fix regmap leak on probe failure (Johan Hovold)
- hwmon: (max16065) Use local variable to avoid TOCTOU (Gui-Dong Han)
- interconnect: qcom: sdx75: Drop QPIC interconnect and BCM nodes (Raviteja Laggyshetty)
- i2c: amd-mp2: fix reference leak in MP2 PCI device (Ma Ke)
- platform/x86: intel: chtwc_int33fe: don't dereference swnode args (Bartosz Golaszewski)
- rpmsg: glink: fix rpmsg device leak (Srinivas Kandagatla)
- soc: amlogic: canvas: fix device leak on lookup (Johan Hovold)
- soc: apple: mailbox: fix device leak on lookup (Johan Hovold)
- soc: qcom: ocmem: fix device leak on lookup (Johan Hovold)
- soc: qcom: pbs: fix device leak on lookup (Johan Hovold)
- soc: samsung: exynos-pmu: fix device leak on regmap lookup (Johan Hovold)
- tracing: Fix fixed array of synthetic event (Steven Rostedt)
- virtio: vdpa: Fix reference count leak in octep_sriov_enable() (Miaoqian Lin)
- amba: tegra-ahb: Fix device leak on SMMU enable (Johan Hovold)
- crypto: caam - Add check for kcalloc() in test_len() (Guangshuo Li)
- crypto: af_alg - zero initialize memory allocated via sock_kmalloc (Shivani Agarwal) [Orabug: 38852311] {CVE-2025-71113}
- dt-bindings: PCI: qcom,pcie-sm8550: Add missing required power-domains and resets (Krzysztof Kozlowski)
- dt-bindings: PCI: qcom,pcie-sm8450: Add missing required power-domains and resets (Krzysztof Kozlowski)
- dt-bindings: PCI: qcom,pcie-sm8350: Add missing required power-domains and resets (Krzysztof Kozlowski)
- dt-bindings: PCI: qcom,pcie-sm8250: Add missing required power-domains and resets (Krzysztof Kozlowski)
- dt-bindings: PCI: qcom,pcie-sm8150: Add missing required power-domains and resets (Krzysztof Kozlowski)
- dt-bindings: PCI: qcom,pcie-sc8280xp: Add missing required power-domains and resets (Krzysztof Kozlowski)
- dt-bindings: PCI: qcom,pcie-sc7280: Add missing required power-domains and resets (Krzysztof Kozlowski)
- arm64: Revamp HCR_EL2.E2H RES1 detection (Marc Zyngier)
- KVM: arm64: Initialize SCTLR_EL1 in __kvm_hyp_init_cpu() (Ahmed Genidi)
- KVM: arm64: Initialize HCR_EL2.E2H early (Mark Rutland)
- sched/rt: Fix race in push_rt_task (Harshit Agarwal) [Orabug: 38158721] {CVE-2025-38234}
- hsr: hold rcu and dev lock for hsr_get_port_ndev (Hangbin Liu)
- pinctrl: renesas: rzg2l: Fix ISEL restore on resume (Claudiu Beznea)
- ALSA: wavefront: Clear substream pointers on close (Junrui Luo)
- ALSA: wavefront: Use guard() for spin locks (Takashi Iwai)
- ALSA: hda: cs35l41: Fix NULL pointer dereference in cs35l41_hda_read_acpi() (Denis Arefev)
- drm/displayid: pass iter to drm_find_displayid_extension() (Jani Nikula)
- drm/amd/display: Fix scratch registers offsets for DCN351 (Ray Wu)
- drm/amd/display: Fix scratch registers offsets for DCN35 (Ray Wu)
- drm/amd/display: Use GFP_ATOMIC in dc_create_plane_state() (Alex Deucher)
- Revert "drm/amd/display: Fix pbn to kbps Conversion" (Mario Limonciello)
- io_uring: fix min_wait wakeups for SQPOLL (Jens Axboe)
- io_uring/poll: correctly handle io_poll_add() return value on update (Jens Axboe)
- gpio: regmap: Fix memleak in error path in gpio_regmap_register() (Guan Wentao)
- s390/ipl: Clear SBP flag when bootprog is set (Sven Schnelle)
- btrfs: don't log conflicting inode if it's a dir moved in the current transaction (Filipe Manana) [Orabug: 38847745] {CVE-2025-68778}
- powerpc/kexec: Enable SMT before waking offline CPUs (Nysal Jan K.A.)
- SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (Joshua Rogers) [Orabug: 38852340] {CVE-2025-71120}
- svcrdma: use rc_pageoff for memcpy byte offset (Joshua Rogers) [Orabug: 38847896] {CVE-2025-68811}
- svcrdma: return 0 on success from svc_rdma_copy_inline_range (Joshua Rogers)
- nfsd: Mark variable __maybe_unused to avoid W=1 build break (Andy Shevchenko)
- NFSD: NFSv4 file creation neglects setting ACL (Chuck Lever) [Orabug: 38847871] {CVE-2025-68803}
- NFSD: Clear SECLABEL in the suppattr_exclcreat bitmap (Chuck Lever)
- net/handshake: restore destructor on submit failure (Caoping)
- fsnotify: do not generate ACCESS/MODIFY events on child for special files (Amir Goldstein) [Orabug: 38847799] {CVE-2025-68788}
- net: phy: marvell-88q2xxx: Fix clamped value in mv88q2xxx_hwmon_write (Thorsten Blum)
- r8169: fix RTL8117 Wake-on-Lan in DASH mode (René Rebe)
- PM: runtime: Do not clear needs_force_resume with enabled runtime PM (Rafael J. Wysocki)
- tracing: Do not register unsupported perf events (Steven Rostedt) [Orabug: 38852354] {CVE-2025-71125}
- xfs: fix a UAF problem in xattr repair (Darrick J. Wong) [Orabug: 38847781] {CVE-2025-68784}
- xfs: fix stupid compiler warning (Darrick J. Wong)
- xfs: fix a memory leak in xfs_buf_item_init() (Haoxiang Li)
- KVM: nSVM: Clear exit_code_hi in VMCB when synthesizing nested VM-Exits (Sean Christopherson)
- KVM: nSVM: Set exit_code_hi to -1 when synthesizing SVM_EXIT_ERR (failed VMRUN) (Sean Christopherson)
- KVM: nVMX: Immediately refresh APICv controls as needed on nested VM-Exit (Dongli Zhang)
- KVM: SVM: Mark VMCB_PERM_MAP as dirty on nested VMRUN (Jim Mattson)
- KVM: nSVM: Propagate SVM_EXIT_CR0_SEL_WRITE correctly for LMSW emulation (Yosry Ahmed)
- KVM: SVM: Mark VMCB_NPT as dirty on nested VMRUN (Jim Mattson)
- KVM: nSVM: Avoid incorrect injection of SVM_EXIT_CR0_SEL_WRITE (Yosry Ahmed)
- KVM: x86: Fix VM hard lockup after prolonged inactivity with periodic HV timer (Fuqiang Wang) [Orabug: 38852272] {CVE-2025-71104}
- KVM: x86: Explicitly set new periodic hrtimer expiration in apic_timer_fn() (Fuqiang Wang)
- KVM: x86: WARN if hrtimer callback for periodic APIC timer fires with period=0 (Sean Christopherson)
- powerpc: Add reloc_offset() to font bitmap pointer used for bootx_printf() (Finn Thain)
- libceph: make decode_pool() more resilient against corrupted osdmaps (Ilya Dryomov) [Orabug: 38852324] {CVE-2025-71116}
- parisc: Do not reprogram affinitiy on ASP chip (Helge Deller)
- scs: fix a wrong parameter in __scs_magic (Zhichi Lin)
- platform/chrome: cros_ec_ishtp: Fix UAF after unbinding driver (Tzung-Bi Shih)
- KVM: x86: Don't clear async #PF queue when CR0.PG is disabled (e.g. on #SMI) (Maxim Levitsky)
- ocfs2: fix kernel BUG in ocfs2_find_victim_chain (Prithvi Tambewagh) [Orabug: 38847687] {CVE-2025-68771}
- media: vidtv: initialize local pointers upon transfer of memory ownership (Jeongjun Park)
- KVM: Disallow toggling KVM_MEM_GUEST_MEMFD on an existing memslot (Sean Christopherson) [Orabug: 38847894] {CVE-2025-68810}
- tools/testing/nvdimm: Use per-DIMM device handle (Alison Schofield)
- f2fs: fix return value of f2fs_recover_fsync_data() (Chao Yu)
- f2fs: fix uninitialized one_time_gc in victim_sel_policy (Xiaole He)
- f2fs: fix age extent cache insertion skip on counter overflow (Xiaole He)
- f2fs: invalidate dentry cache on failed whiteout creation (Deepanshu Kartikey)
- f2fs: fix to avoid updating zero-sized extent in extent cache (Chao Yu)
- f2fs: fix to avoid potential deadlock (Chao Yu)
- f2fs: ensure node page reads complete before f2fs_put_super() finishes (Jan Prusakowski)
- scsi: ufs: core: Add ufshcd_update_evt_hist() for UFS suspend error (Seunghwan Baek)
- scsi: mpi3mr: Read missing IOCFacts flag for reply queue full overflow (Chandrakanth Patil)
- scsi: target: Reset t_task_cdb pointer in error case (Andrey Vatoropin) [Orabug: 38847769] {CVE-2025-68782}
- NFSD: use correct reservation type in nfsd4_scsi_fence_client (Dai Ngo)
- scsi: aic94xx: fix use-after-free in device removal path (Junrui Luo) [Orabug: 38848008] {CVE-2025-71075}
- scsi: Revert "scsi: qla2xxx: Perform lockless command completion in abort path" (Tony Battersby) [Orabug: 38847928] {CVE-2025-68818}
- cpufreq: nforce2: fix reference count leak in nforce2 (Miaoqian Lin)
- cpuidle: governors: teo: Drop misguided target residency check (Rafael J. Wysocki)
- serial: sh-sci: Check that the DMA cookie is valid (Claudiu Beznea)
- mei: gsc: add dependency on Xe driver (Junxiao Chang)
- intel_th: Fix error handling in intel_th_output_open (Ma Ke)
- char: applicom: fix NULL pointer dereference in ac_ioctl (Tianchu Chen)
- usb: renesas_usbhs: Fix a resource leak in usbhs_pipe_malloc() (Haoxiang Li)
- usb: dwc3: keep susphy enabled during exit to avoid controller faults (Udipto Goswami)
- usb: dwc3: of-simple: fix clock resource leak in dwc3_of_simple_probe (Miaoqian Lin)
- usb: gadget: lpc32xx_udc: fix clock imbalance in error path (Johan Hovold)
- usb: phy: isp1301: fix non-OF device reference imbalance (Johan Hovold)
- usb: phy: fsl-usb: Fix use-after-free in delayed work during device removal (Duoming Zhou)
- USB: lpc32xx_udc: Fix error handling in probe (Ma Ke)
- usb: typec: altmodes/displayport: Drop the device reference in dp_altmode_probe() (Haoxiang Li)
- usb: ohci-nxp: fix device leak on probe failure (Johan Hovold)
- phy: broadcom: bcm63xx-usbh: fix section mismatches (Johan Hovold)
- media: pvrusb2: Fix incorrect variable used in trace message (Colin Ian King)
- media: dvb-usb: dtv5100: fix out-of-bounds in dtv5100_i2c_msg() (Jeongjun Park) [Orabug: 38847936] {CVE-2025-68819}
- usb: usb-storage: Maintain minimal modifications to the bcdDevice range. (Chenchangcheng)
- mptcp: avoid deadlock on fallback while reinjecting (Paolo Abeni) [Orabug: 38852415] {CVE-2025-71126}
- mptcp: schedule rtx timer only after pushing data (Paolo Abeni)
- selftests: mptcp: pm: ensure unknown flags are ignored (Matthieu Baerts)
- media: v4l2-mem2mem: Fix outdated documentation (Laurent Pinchart)
- jbd2: use a weaker annotation in journal handling (Byungchul Park)
- jbd2: use a per-journal lock_class_key for jbd2_trans_commit_key (Tetsuo Handa)
- ext4: align max orphan file size with e2fsprogs limit (Baokun Li)
- ext4: fix incorrect group number assertion in mb_check_buddy (Yongjian Sun)
- ext4: clear i_state_flags when alloc inode (Haibo Chen)
- ext4: xattr: fix null pointer deref in ext4_raw_inode() (Karina Yankevich) [Orabug: 38848274] {CVE-2025-68820}
- ext4: fix string copying in parse_apply_sb_mount_options() (Fedor Pchelkin) [Orabug: 38852413] {CVE-2025-71123}
- tpm: Cap the number of PCR banks (Jarkko Sakkinen) [Orabug: 38848016] {CVE-2025-71077}
- ktest.pl: Fix uninitialized var in config-bisect.pl (Steven Rostedt)
- fs/ntfs3: fix mount failure for sparse runs in run_unpack() (Konstantin Komarov)
- kallsyms: Fix wrong "big" kernel symbol type read from procfs (Zheng Yejian)
- floppy: fix for PAGE_SIZE != 4KB (René Rebe)
- block: rate-limit capacity change info log (Li Chen)
- wifi: mt76: Fix DTS power-limits on little endian systems (Sven Eckelmann)
- s390/dasd: Fix gendisk parent after copy pair swap (Stefan Haberland)
- lib/crypto: x86/blake2s: Fix 32-bit arg treated as 64-bit (Eric Biggers)
- perf: arm_cspmu: fix error handling in arm_cspmu_impl_unregister() (Ma Ke)
- mmc: sdhci-msm: Avoid early clock doubling during HS400 transition (Sarthak Garg)
- x86/mce: Do not clear bank's poll bit in mce_poll_banks on AMD SMCA systems (Avadhut Naik)
- io_uring: fix filename leak in __io_openat_prep() (Prithvi Tambewagh) [Orabug: 38847904] {CVE-2025-68814}
- KEYS: trusted: Fix a memory leak in tpm2_load_cmd (Jarkko Sakkinen)
- cifs: Fix memory and information leak in smb3_reconfigure() (Zilin Guan)
- vhost/vsock: improve RCU read sections around vhost_vsock_get() (Stefano Garzarella)
- block: rnbd-clt: Fix signedness bug in init_dev() (Dan Carpenter)
- scsi: scsi_debug: Fix atomic write enable module param description (John Garry)
- MIPS: ftrace: Fix memory corruption when kernel is located beyond 32 bits (Gregory Clement)
- platform/x86/intel/hid: Add Dell Pro Rugged 10/12 tablet to VGBS DMI quirks (Chia-Lin Kao)
- nvme-fabrics: add ENOKEY to no retry criteria for authentication failures (Justin Tee)
- nvme-fc: don't hold rport lock when putting ctrl (Daniel Wagner)
- i2c: designware: Disable SMBus interrupts to prevent storms from mis-configured firmware (Jinhui Guo)
- clk: qcom: dispcc-sm7150: Fix dispcc_mdss_pclk0_clk_src (Jens Reidel)
- libperf cpumap: Fix perf_cpu_map__max for an empty/NULL map (Ian Rogers)
- serial: sprd: Return -EPROBE_DEFER when uart clock is not ready (Wenhua Lin)
- usb: usb-storage: No additional quirks need to be added to the EL-R12 optical drive. (Chenchangcheng)
- usb: xhci: limit run_graceperiod for only usb 3.0 devices (Hongyu Xie)
- iio: adc: ti_am335x_adc: Limit step_avg to valid range for gcc complains (Pei Xiao)
- usb: typec: ucsi: Handle incorrect num_connectors capability (Mark Pearson) [Orabug: 38852284] {CVE-2025-71108}
- usbip: Fix locking bug in RT-enabled kernels (Lizhi Xu)
- exfat: zero out post-EOF page cache on file extension (Yuezhang Mo)
- exfat: fix remount failure in different process environments (Yuezhang Mo)
- reset: fix BIT macro reference (Yongchao Jia)
- via_wdt: fix critical boot hang due to unnamed resource allocation (Li Qiang) [Orabug: 38852317] {CVE-2025-71114}
- fuse: Invalidate the page cache after FOPEN_DIRECT_IO write (Bernd Schubert)
- fuse: Always flush the page cache before FOPEN_DIRECT_IO write (Bernd Schubert)
- scsi: qla2xxx: Use reinit_completion on mbx_intr_comp (Tony Battersby)
- scsi: qla2xxx: Fix initiator mode with qlini_mode=exclusive (Tony Battersby)
- scsi: qla2xxx: Fix lost interrupts with qlini_mode=disabled (Tony Battersby)
- powerpc/addnote: Fix overflow on 32-bit builds (Ben Collins)
- clk: mvebu: cp110 add CLK_IGNORE_UNUSED to pcie_x10, pcie_x11 & pcie_x4 (Josua Mayer)
- scsi: smartpqi: Add support for Hurray Data new controller PCI device (David Strahan)
- ti-sysc: allow OMAP2 and OMAP4 timers to be reserved on AM33xx (Matthias Schiffer)
- firmware: imx: scu-irq: Init workqueue before request mbox channel (Peng Fan)
- scsi: ufs: host: mediatek: Fix shutdown/suspend race condition (Peter Wang)
- ipmi: Fix __scan_channels() failing to rescan channels (Jinhui Guo)
- ipmi: Fix the race between __scan_channels() and deliver_response() (Jinhui Guo)
- nfsd: fix memory leak in nfsd_create_serv error paths (Shardul Bankar)
- nfsd: rename nfsd_serv_ prefixed methods and variables with nfsd_net_ (Mike Snitzer)
- nfsd: update percpu_ref to manage references on nfsd_net (Mike Snitzer)
- ASoC: ak4458: remove the reset operation in probe and remove (Shengjiu Wang)
- ALSA: usb-mixer: us16x08: validate meter packet indices (Shipei Qu) [Orabug: 38847774] {CVE-2025-68783}
- ALSA: pcmcia: Fix resource leak in snd_pdacf_probe error path (Xu Wang)
- ALSA: vxpocket: Fix resource leak in vxpocket_probe error path (Xu Wang)
- x86/fpu: Fix FPU state core dump truncation on CPUs with no extended xfeatures (Yongxin Liu)
- net/hsr: fix NULL pointer dereference in prp_get_untagged_frame() (Shaurya Rane) [Orabug: 38847723] {CVE-2025-68776}
- dt-bindings: mmc: sdhci-of-aspeed: Switch ref to sdhci-common.yaml (Andrew Jeffery)
- mmc: sdhci-of-arasan: Increase CD stable timeout to 2 seconds (Sai Krishna Potthuri)
- mmc: sdhci-esdhc-imx: add alternate ARCH_S32 dependency to Kconfig (Jared Kangas)
- spi: fsl-cpm: Check length parity before switching to 16 bit mode (Christophe Leroy)
- ACPI: CPPC: Fix missing PCC check for guaranteed_perf (Pengjie Zhang)
- ACPI: PCC: Fix race condition by removing static qualifier (Pengjie Zhang)
- soc/tegra: fuse: Do not register SoC device on ACPI boot (Kartik)
- can: gs_usb: gs_can_open(): fix error handling (Marc Kleine-Budde)
- xfs: don't leak a locked dquot when xfs_dquot_attach_buf fails (Christoph Hellwig)
- Input: i8042 - add TUXEDO InfinityBook Max Gen10 AMD to i8042 quirk table (Christoffer Sandberg)
- Input: alps - fix use-after-free bugs caused by dev3_register_work (Duoming Zhou) [Orabug: 38847948] {CVE-2025-68822}
- Input: lkkbd - disable pending work before freeing device (Minseong Kim)
- Input: ti_am335x_tsc - fix off-by-one error in wire_order validation (Junjie Cao)
- HID: input: map HID_GD_Z to ABS_DISTANCE for stylus/pen (Ping Cheng)
- ksmbd: fix buffer validation by including null terminator size in EA length (Namjae Jeon)
- ksmbd: Fix refcount leak when invalid session is found on session lookup (Namjae Jeon)
- ksmbd: skip lock-range check on equal size to avoid size==0 underflow (Qianchang Zhao)
- hwmon: (ltc4282): Fix reset_history file permissions (Nuno Sa)
- drm/xe/oa: Limit num_syncs to prevent oversized allocations (Shuicheng Lin)
- drm/xe: Limit num_syncs to prevent oversized allocations (Shuicheng Lin)
- block: rnbd-clt: Fix leaked ID in init_dev() (Thomas Fourier)
- spi: cadence-quadspi: Fix clock disable on probe failure path (Anurag Dutta)
- arm64: kdump: Fix elfcorehdr overlap caused by reserved memory processing reorder (Jianpeng Chang)
- x86/xen: Fix sparse warning in enlighten_pv.c (Juergen Gross)
- x86/xen: Move Xen upcall handler (Brian Gerst)
- drm/panel: sony-td4353-jdi: Enable prepare_prev_first (Marijn Suijten)
- MIPS: Fix a reference leak bug in ip22_check_gio() (Haoxiang Li)
- drm/xe: Restore engine registers before restarting schedulers after GT reset (Jan Maslak)
- drm/me/gsc: mei interrupt top half should be in irq disabled context (Junxiao Chang)
- hwmon: (tmp401) fix overflow caused by default conversion rate value (Alexey Simakov)
- hwmon: (ibmpex) fix use-after-free in high/low store (Junrui Luo) [Orabug: 38847806] {CVE-2025-68789}
- hwmon: (dell-smm) Limit fan multiplier to avoid overflow (Denis Sergeev)
- net: hns3: add VLAN id validation before using (Jian Shen)
- net: hns3: using the num_tqps to check whether tqp_index is out of range when vf get ring info from mbx (Jian Shen)
- net: hns3: using the num_tqps in the vf driver to apply for resources (Jian Shen)
- net: enetc: do not transmit redirected XDP frames when the link is down (Wei Fang)
- net/handshake: duplicate handshake cancellations leak socket (Scott Mayhew) [Orabug: 38847719] {CVE-2025-68775}
- net/mlx5: Serialize firmware reset with devlink (Shay Drory)
- net/mlx5: fw_tracer, Handle escaped percent properly (Shay Drory)
- net/mlx5: fw_tracer, Validate format string parameters (Shay Drory) [Orabug: 38847913] {CVE-2025-68816}
- net/mlx5: Drain firmware reset in shutdown callback (Moshe Shemesh)
- net/mlx5: fw reset, clear reset requested on drain_fw_reset (Moshe Shemesh)
- ethtool: Avoid overflowing userspace buffer on stats query (Gal Pressman) [Orabug: 38847825] {CVE-2025-68795}
- iommufd/selftest: Check for overflow in IOMMU_TEST_OP_ADD_RESERVED (Jason Gunthorpe)
- iommufd/selftest: Make it clearer to gcc that the access is not out of bounds (Jason Gunthorpe)
- iommufd/selftest: Update hw_info coverage for an input data_type (Nicolin Chen)
- iommufd/selftest: Add coverage for reporting max_pasid_log2 via IOMMU_HW_INFO (Yi Liu)
- selftests: netfilter: packetdrill: avoid failure on HZ=100 kernel (Florian Westphal)
- netfilter: nf_tables: remove redundant chain validation on register store (Pablo Neira Ayuso)
- netfilter: nf_nat: remove bogus direction check (Florian Westphal)
- nfc: pn533: Fix error code in pn533_acr122_poweron_rdr() (Dan Carpenter)
- net/sched: ets: Remove drr class from the active list if it changes to strict (Victor Nogueira) [Orabug: 38847909] {CVE-2025-68815}
- caif: fix integer underflow in cffrml_receive() (Junrui Luo)
- ipvs: fix ipv4 null-ptr-deref in route error path (Slavin Liu) [Orabug: 38847899] {CVE-2025-68813}
- netfilter: nf_conncount: fix leaked ct in error paths (Fernando Fernandez Mancera)
- broadcom: b44: prevent uninitialized value usage (Alexey Simakov)
- net: openvswitch: fix middle attribute validation in push_nsh() action (Ilya Maximets) [Orabug: 38847783] {CVE-2025-68785}
- bnxt_en: Fix XDP_TX path (Michael Chan) [Orabug: 38847683] {CVE-2025-68770}
- mlxsw: spectrum_mr: Fix use-after-free when updating multicast route stats (Ido Schimmel)
- mlxsw: spectrum_router: Fix neighbour use-after-free (Ido Schimmel)
- mlxsw: spectrum_router: Fix possible neighbour reference count leak (Ido Schimmel)
- ipvlan: Ignore PACKET_LOOPBACK in handle_mode_l2() (Dmitry Skorodumov)
- net/sched: ets: Always remove class from active list before deleting in ets_qdisc_change (Jamal Hadi Salim) [Orabug: 38847964] {CVE-2025-71066}
- netrom: Fix memory leak in nr_sendmsg() (Wang Liang)
- net: fec: ERR007885 Workaround for XDP TX path (Wei Fang)
- gfs2: Fix use of bio_chain (Andreas Gruenbacher)
- Bluetooth: btusb: Add new VID/PID 0x0489/0xE12F for RTL8852BE-VT (Max Chou)
- Bluetooth: btusb: Add new VID/PID 13d3/3533 for RTL8821CE (Gongwei Li)
- Bluetooth: btusb: MT7920: Add VID/PID 0489/e135 (Chris Lu)
- Bluetooth: btusb: MT7922: Add VID/PID 0489/e170 (Chris Lu)
- Bluetooth: btusb: Add new VID/PID 2b89/6275 for RTL8761BUV (Chingbin Li)
- ksmbd: vfs: fix race on m_flags in vfs_cache (Qianchang Zhao)
- ksmbd: fix use-after-free in ksmbd_tree_connect_put under concurrency (Namjae Jeon)
- smb/server: fix return value of smb2_ioctl() (Chenxiaosong)
- gfs2: Fix "gfs2: Switch to wait_event in gfs2_quotad" (Andreas Gruenbacher)
- gfs2: fix remote evict for read-only filesystems (Andreas Gruenbacher)
- btrfs: scrub: always update btrfs_scrub_progress::last_physical (Qu Wenruo)
- wifi: brcmfmac: Add DMI nvram filename quirk for Acer A1 840 tablet (Hans de Goede)
- wifi: mt76: mt792x: fix wifi init fail by setting MCU_RUNNING after CLC load (Quan Zhou)
- wifi: cfg80211: use cfg80211_leave() in iftype change (Johannes Berg)
- wifi: cfg80211: stop radar detection in cfg80211_leave() (Johannes Berg)
- wifi: rtl8xxxu: Fix HT40 channel config for RTL8192CU, RTL8723AU (Bitterblue Smith)
- fs/ntfs3: check for shutdown in fsync (Konstantin Komarov)
- hfsplus: fix volume corruption issue for generic/073 (Viacheslav Dubeyko)
- hfsplus: Verify inode mode when loading from disk (Tetsuo Handa)
- hfsplus: fix missing hfs_bnode_get() in __hfs_bnode_create (Yang Chenzhi)
- hfsplus: fix volume corruption issue for generic/070 (Viacheslav Dubeyko)
- ntfs: set dummy blocksize to read boot_block when mounting (Pedro Demarchi Gomes)
- kbuild: Use objtree for module signing key path (Mikhail Malyshev)
- fs/ntfs3: Support timestamps prior to epoch (Konstantin Komarov)
- livepatch: Match old_sympos 0 and 1 in klp_find_func() (Song Liu)
- cpuidle: menu: Use residency threshold in polling state override decisions (Aboorva Devarajan)
- cpufreq: s5pv210: fix refcount leak (Shuhao Fu)
- ACPI: fan: Workaround for 64-bit firmware bug (Armin Wolf)
- cpufreq: dt-platdev: Add JH7110S SOC to the allowlist (Hal Feng)
- ACPI: property: Use ACPI functions in acpi_graph_get_next_endpoint() only (Sakari Ailus)
- ACPICA: Avoid walking the Namespace if start_node is NULL (Cryolitia Pukngae) [Orabug: 38852332] {CVE-2025-71118}
- x86/ptrace: Always inline trivial accessors (Peter Zijlstra)
- sched/deadline: only set free_cpus for online runqueues (Doug Berger) [Orabug: 38847752] {CVE-2025-68780}
- perf/x86/amd: Check event before enable to avoid GPF (George Kennedy) [Orabug: 38847848] {CVE-2025-68798}
- scripts/faddr2line: Fix "Argument list too long" error (Pankaj Raghav)
- iomap: account for unaligned end offsets when truncating read range (Joanne Koong)
- iomap: adjust read range correctly for non-block-aligned positions (Joanne Koong) [Orabug: 38847819] {CVE-2025-68794}
- shmem: fix recovery on rename failures (Al Viro) [Orabug: 38847988] {CVE-2025-71072}
- btrfs: fix memory leak of fs_devices in degraded seed device path (Deepanshu Kartikey)
- bpf, arm64: Do not audit capability check in do_jit() (Ondrej Mosnacek)
- btrfs: fix a potential path leak in print_data_reloc_error() (Qu Wenruo)
- btrfs: do not skip logging new dentries when logging a new name (Filipe Manana)

[6.12.0-108.63.3]
- x86/its: Build fails with CONFIG_MITIGATION_ITS=n (Alexandre Chartre) [Orabug: 38756944]

[6.12.0-108.63.2]
- LTS version: v6.12.63 (Jack Vogel)
- ASoC: codecs: nau8325: Silence uninitialized variables warnings (Krzysztof Kozlowski)
- ALSA: wavefront: Fix integer overflow in sample size validation (Junrui Luo)
- ALSA: dice: fix buffer overflow in detect_stream_formats() (Junrui Luo)
- usb: dwc3: dwc3_power_off_all_roothub_ports: Use ioremap_np when required (Sven Peter)
- usb: phy: Initialize struct usb_phy list_head (Diogo Ivo)
- usb: gadget: tegra-xudc: Always reinitialize data toggle when clear halt (Haotien Hsu)
- tcp_metrics: use dst_dev_net_rcu() (Eric Dumazet) [Orabug: 38592188] {CVE-2025-40075}
- net: dst: introduce dst->dev_rcu (Eric Dumazet)
- net: lan743x: Allocate rings outside ZONE_DMA (Thangaraj Samynathan)
- LoongArch: Add machine_kexec_mask_interrupts() implementation (Huacai Chen)
- ocfs2: fix memory leak in ocfs2_merge_rec_left() (Dmitry Antipov)
- irqchip/mchp-eic: Fix error code in mchp_eic_domain_alloc() (Dan Carpenter)
- scsi: imm: Fix use-after-free bug caused by unfinished delayed work (Duoming Zhou) [Orabug: 38783113] {CVE-2025-68324}
- efi/cper: align ARM CPER type with UEFI 2.9A/2.10 specs (Mauro Carvalho Chehab)
- efi/cper: Adjust infopfx size to accept an extra space (Mauro Carvalho Chehab)
- efi/cper: Add a new helper function to print bitmasks (Mauro Carvalho Chehab)
- dm log-writes: Add missing set_freezable() for freezable kthread (Xu Wang)
- dm-raid: fix possible NULL dereference with undefined raid type (Alexey Simakov)
- block: return unsigned int from queue_dma_alignment (Christoph Hellwig)
- block: Use RCU in blk_mq_[un]quiesce_tagset() instead of set->tag_list_lock (Mohamed Khalfella) [Orabug: 38818209] {CVE-2025-68756}
- ARM: 9464/1: fix input-only operand modification in load_unaligned_zeropad() (Pangliyuan)
- ALSA: firewire-motu: add bounds check in put_user loop for DSP events (Junrui Luo)
- rtc: gamecube: Check the return value of ioremap() (Xu Wang)
- drm/amdkfd: Use huge page size to check split svm range alignment (Xiaogang Chen)
- ALSA: uapi: Fix typo in asound.h comment (Andres J Rosa)
- docs: hwmon: fix link to g762 devicetree binding (Kathara Sasikumar)
- cifs: Fix handling of a beyond-EOF DIO/unbuffered read over SMB2 (David Howells)
- drm/nouveau: refactor deprecated strcpy (Madhur Kumar)
- ALSA: firewire-motu: fix buffer overflow in hwdep read for DSP events (Junrui Luo)
- regulator: fixed: Rely on the core freeing the enable GPIO (Mark Brown)
- drm/plane: Fix IS_ERR() vs NULL check in drm_plane_create_hotspot_properties() (Dan Carpenter)
- nvme-auth: use kvfree() for memory allocated with kvcalloc() (Israel Rukshin)
- block: fix memory leak in __blkdev_issue_zero_pages (Shaurya Rane) [Orabug: 38798772] {CVE-2025-68348}
- block: fix comment for op_is_zone_mgmt() to include RESET_ALL (Shechenglong)
- blk-mq: Abort suspend when wakeup events are pending (Cong Zhang)
- ASoC: ak5558: Disable regulator when error happens (Shengjiu Wang)
- ASoC: ak4458: Disable regulator when error happens (Shengjiu Wang)
- ASoC: bcm: bcm63xx-pcm-whistler: Check return value of of_dma_configure() (Xu Wang)
- platform/x86: asus-wmi: use brightness_set_blocking() for kbd led (Anton Khirnov)
- fs/nls: Fix inconsistency between utf8_to_utf32() and utf32_to_utf8() (Armin Wolf)
- NFS: Fix inheritance of the block sizes when automounting (Trond Myklebust)
- Expand the type of nfs_fattr->valid (Trond Myklebust)
- NFS: Automounted filesystems should inherit ro,noexec,nodev,sync flags (Trond Myklebust) [Orabug: 38818236] {CVE-2025-68764}
- Revert "nfs: ignore SB_RDONLY when mounting nfs" (Trond Myklebust)
- Revert "nfs: clear SB_RDONLY before getting superblock" (Trond Myklebust)
- Revert "nfs: ignore SB_RDONLY when remounting nfs" (Trond Myklebust)
- NFSv4/pNFS: Clear NFS_INO_LAYOUTCOMMIT in pnfs_mark_layout_stateid_invalid (Jonathan Curley) [Orabug: 38798774] {CVE-2025-68349}
- NFS: Initialise verifiers for visible dentries in _nfs4_open_and_get_state (Trond Myklebust)
- nfs/vfs: discard d_exact_alias() (Neil Brown)
- NFS: Initialise verifiers for visible dentries in nfs_atomic_open() (Trond Myklebust)
- NFS: Initialise verifiers for visible dentries in readdir and lookup (Trond Myklebust)
- fs/nls: Fix utf16 to utf8 conversion (Armin Wolf)
- NFS: Avoid changing nlink when file removes and attribute updates race (Trond Myklebust)
- f2fs: maintain one time GC mode is enabled during whole zoned GC cycle (Daeho Jeong)
- f2fs: add gc_boost_gc_greedy sysfs node (Daeho Jeong)
- f2fs: add gc_boost_gc_multiple sysfs node (Daeho Jeong)
- f2fs: introduce reserved_pin_section sysfs entry (Chao Yu)
- f2fs: sysfs: add encoding_flags entry (Chao Yu)
- f2fs: add carve_out sysfs node (Daeho Jeong)
- f2fs: fix to avoid running out of free segments (Chao Yu)
- f2fs: add a sysfs entry to reclaim POSIX_FADV_NOREUSE pages (Jaegeuk Kim)
- f2fs: keep POSIX_FADV_NOREUSE ranges (Jaegeuk Kim)
- platform/x86:intel/pmc: Update Arrow Lake telemetry GUID (Xi Pardee)
- sched/fair: Fix unfairness caused by stalled tg_load_avg_contrib when the last task migrates out (Xupengbo)
- 9p: fix cache/debug options printing in v9fs_show_options (Eric Sandeen)
- fbdev: ssd1307fb: fix potential page leak in ssd1307fb_probe() (Abdun Nihaal)
- pinctrl: single: Fix incorrect type for error return variable (Xu Wang)
- perf hist: In init, ensure mem_info is put on error paths (Ian Rogers)
- perf tools: Fix split kallsyms DSO counting (Namhyung Kim)
- perf tools: Mark split kallsyms DSOs as loaded (Namhyung Kim)
- net/sched: sch_cake: Fix incorrect qlen reduction in cake_drop (Xiang Mei) [Orabug: 38783136] {CVE-2025-68325}
- net: dsa: xrs700x: reject unsupported HSR configurations (Vladimir Oltean)
- net: hsr: create an API to get hsr port type (Xiaoliang Yang)
- net: hsr: Create and export hsr_get_port_ndev() (Md Danish Anwar)
- net: hsr: remove synchronize_rcu() from hsr_add_port() (Eric Dumazet)
- net: hsr: remove one synchronize_rcu() from hsr_del_port() (Eric Dumazet)
- clk: keystone: fix compile testing (Johan Hovold)
- md/raid5: fix IO hang when array is broken with IO inflight (Yu Kuai)
- remoteproc: qcom_q6v5_wcss: fix parsing of qcom,halt-regs (Alexandru Gagniuc)
- mtd: lpddr_cmds: fix signed shifts in lpddr_cmds (Ivan Stepchenko)
- selftests: bonding: add delay before each xvlan_over_bond connectivity check (Hangbin Liu)
- selftests: bonding: add ipvlan over bond testing (Etienne Champetier)
- net: phy: aquantia: check for NVMEM deferral (Robert Marko)
- vfio/pci: Use RCU for error/request triggers to avoid circular locking (Alex Williamson)
- spi: ch341: fix out-of-bounds memory access in ch341_transfer_one (Tianchu Chen)
- mtd: rawnand: renesas: Handle devm_pm_runtime_enable() errors (Xu Wang)
- net: stmmac: fix rx limit check in stmmac_rx_zc() (Alexey Kodanev)
- netfilter: nft_connlimit: update the count if add was skipped (Fernando Fernandez Mancera)
- netfilter: nf_conncount: rework API to use sk_buff directly (Fernando Fernandez Mancera)
- netfilter: flowtable: check for maximum number of encapsulations in bridge vlan (Pablo Neira Ayuso)
- Reinstate "resource: avoid unnecessary lookups in find_next_iomem_res()" (Ilias Stamatis)
- resource: introduce is_type_match() helper and use it (Andy Shevchenko)
- resource: replace open coded resource_intersection() (Andy Shevchenko)
- regulator: core: Protect regulator_supply_alias_list with regulator_list_mutex (Sparkhuang) [Orabug: 38798786] {CVE-2025-68354}
- ARM: dts: samsung: exynos4412-midas: turn off SDIO WLAN chip during system suspend (Marek Szyprowski)
- ARM: dts: samsung: exynos4210-trats: turn off SDIO WLAN chip during system suspend (Marek Szyprowski)
- ARM: dts: samsung: exynos4210-i9100: turn off SDIO WLAN chip during system suspend (Marek Szyprowski)
- ARM: dts: samsung: universal_c210: turn off SDIO WLAN chip during system suspend (Marek Szyprowski)
- spi: airoha-snfi: en7523: workaround flash damaging if UART_TXD was short to GND (Mikhail Kshevetskiy)
- ASoC: Intel: catpt: Fix error path in hw_params() (Cezary Rojewski)
- vdpa/pds: use %pe for ERR_PTR() in event handler registration (Alok Tiwari)
- vhost: Fix kthread worker cgroup failure handling (Mike Christie)
- vdpa/mlx5: Fix incorrect error code reporting in query_virtqueues (Alok Tiwari)
- virtio: fix virtqueue_set_affinity() docs (Michael S. Tsirkin)
- virtio: fix grammar in virtio_queue_info docs (Michael S. Tsirkin)
- virtio: fix whitespace in virtio_config_ops (Michael S. Tsirkin)
- virtio: fix typo in virtio_device_ready() comment (Michael S. Tsirkin)
- virtio_vdpa: fix misleading return in void function (Alok Tiwari)
- of: Skip devicetree kunit tests when RISCV+ACPI doesn't populate root node (Guenter Roeck)
- ext4: improve integrity checking in __mb_check_buddy by enhancing order-0 validation (Yongjian Sun)
- ublk: prevent invalid access with DEBUG (Kevin Brodsky)
- ACPI: processor_core: fix map_x2apic_id for amd-pstate on am4 (René Rebe)
- hwmon: sy7636a: Fix regulator_enable resource leak on error path (Xu Wang)
- drm/amd/display: Fix logical vs bitwise bug in get_embedded_panel_info_v2_1() (Dan Carpenter)
- greybus: gb-beagleplay: Fix timeout handling in bootloader functions (Xu Wang)
- firmware_loader: make RUST_FW_LOADER_ABSTRACTIONS select FW_LOADER (Alexandre Courbot)
- ASoC: fsl_xcvr: clear the channel status control memory (Shengjiu Wang)
- gfs2: Prevent recursive memory reclaim (Andreas Gruenbacher) [Orabug: 38798793] {CVE-2025-68356}
- ASoC: nau8325: add missing build config (Jaroslav Kysela)
- ASoC: nau8325: use simple i2c probe function (Jaroslav Kysela)
- drm/panthor: Avoid adding of kernel BOs to extobj list (Akash Goel)
- RDMA/irdma: Do not directly rely on IB_PD_UNSAFE_GLOBAL_RKEY (Jacob Moroni)
- RDMA/irdma: Fix data race in irdma_free_pble (Krzysztof Czurylo)
- RDMA/irdma: Fix data race in irdma_sc_ccq_arm (Krzysztof Czurylo)
- iommu/arm-smmu-qcom: Enable use of all SMR groups when running bare-metal (Stephan Gerhold)
- backlight: lp855x: Fix lp855x.h kernel-doc warnings (Randy Dunlap)
- backlight: led-bl: Add devlink to supplier LEDs (Luca Ceresoli)
- wifi: ieee80211: correct FILS status codes (Ria Thomas)
- iomap: always run error completions in user context (Christoph Hellwig)
- iomap: factor out a iomap_dio_done helper (Christoph Hellwig)
- um: Don't rename vmap to kernel_vmap (David Gow)
- drm/nouveau: restrict the flush page to a 32-bit address (Timur Tabi)
- PCI: dwc: Fix wrong PORT_LOGIC_LTSSM_STATE_MASK definition (Shawn Lin)
- btrfs: fix leaf leak in an error path in btrfs_del_items() (Filipe Manana)
- iommu/arm-smmu-v3: Fix error check in arm_smmu_alloc_cd_tables (Ryan Huang)
- staging: fbtft: core: fix potential memory leak in fbtft_probe_common() (Jianglei Nie)
- firmware: stratix10-svc: fix make htmldocs warning for stratix10_svc (Dinh Nguyen)
- mt76: mt7615: Fix memory leak in mt7615_mcu_wtbl_sta_add() (Zilin Guan)
- ASoC: tas2781: correct the wrong period (Shenghao Ding)
- RDMA/bnxt_re: Pass correct flag for dma mr creation (Selvin Xavier)
- RDMA/bnxt_re: Fix the inline size for GenP7 devices (Selvin Xavier)
- erofs: limit the level of fs stacking for file-backed mounts (Gao Xiang)
- RISC-V: KVM: Fix guest page fault within HLV* instructions (Fangyu Yu)
- crypto: ccree - Correctly handle return of sg_nents_for_len (Xu Wang)
- crypto: starfive - Correctly handle return of sg_nents_for_len (Xu Wang)
- selftests/bpf: Improve reliability of test_perf_branches_no_hw() (Matt Bobrowski)
- selftests/bpf: skip test_perf_branches_hw() on unsupported platforms (Matt Bobrowski)
- usb: raw-gadget: cap raw_io transfer length to KMALLOC_MAX_SIZE (Gopi Krishna Menon)
- usb: dwc2: fix hang during suspend if set as peripheral (Jisheng Zhang)
- usb: dwc2: fix hang during shutdown if set as peripheral (Jisheng Zhang)
- usb: dwc2: disable platform lowlevel hw resources during shutdown (Jisheng Zhang)
- usb: chaoskey: fix locking for O_NONBLOCK (Oliver Neukum)
- ima: Handle error code returned by ima_filter_rule_match() (Zhao Yipeng) [Orabug: 38798921] {CVE-2025-68740}
- RAS: Report all ARM processor CPER information to userspace (Jason Tian)
- wifi: rtl818x: rtl8187: Fix potential buffer underflow in rtl8187_rx_cb() (Seungjin Bae) [Orabug: 38798814] {CVE-2025-68362}
- cpuset: Treat cpusets in attaching as populated (Chen Ridong)
- net: phy: adin1100: Fix software power-down ready condition (Alexander Dahl)
- phy: rockchip: samsung-hdptx: Prevent Inter-Pair Skew from exceeding the limits (Cristian Ciocaltea)
- phy: rockchip: samsung-hdptx: Reduce ROPLL loop bandwidth (Cristian Ciocaltea)
- phy: freescale: Initialize priv->lock (Xiaolei Wang)
- phy: renesas: rcar-gen3-usb2: Fix an error handling path in rcar_gen3_phy_usb2_probe() (Christophe Jaillet)
- leds: rgb: leds-qcom-lpg: Don't enable TRILED when configuring PWM (Fenglin Wu)
- mfd: mt6358-irq: Fix missing irq_domain_remove() in error path (Xu Wang)
- mfd: mt6397-irq: Fix missing irq_domain_remove() in error path (Xu Wang)
- wifi: mac80211: fix CMAC functions not handling errors (Chien Wong)
- iommu/vt-d: Fix unused invalidation hint in qi_desc_iotlb (Aashish Sharma)
- scsi: qla2xxx: Fix improper freeing of purex item (Zilin Guan) [Orabug: 38798928] {CVE-2025-68741}
- pwm: bcm2835: Make sure the channel is enabled after pwm_request() (Uwe Kleine-König)
- perf arm_spe: Fix memset subclass in operation (Leo Yan)
- perf arm-spe: Extend branch operations (Leo Yan)
- ipv6: clear RA flags when adding a static route (Fernando Fernandez Mancera)
- drm/msm/a6xx: Improve MX rail fallback in RPMH vote init (Akhil P Oommen)
- drm/msm/a6xx: Fix the gemnoc workaround (Akhil P Oommen)
- drm/msm/a6xx: Flush LRZ cache before PT switch (Akhil P Oommen)
- drm/mediatek: Fix CCORR mtk_ctm_s31_32_to_s1_n function issue (Jay Liu)
- fs/ntfs3: Prevent memory leaks in add sub record (Edward Adam Davis)
- fs/ntfs3: out1 also needs to put mi (Edward Adam Davis)
- powerpc/64s/ptdump: Fix kernel_hash_pagetable dump for ISA v3.00 HPTE format (Ritesh Harjani)
- powerpc/64s/hash: Restrict stress_hpt_struct memblock region to within RMA limit (Ritesh Harjani)
- bpf: Fix invalid prog->stats access when update_effective_progs fails (Pu Lehui) [Orabug: 38798931] {CVE-2025-68742}
- wifi: rtl818x: Fix potential memory leaks in rtl8180_init_rx_ring() (Abdun Nihaal) [Orabug: 38818221] {CVE-2025-68759}
- drm/msm/a2xx: stop over-complaining about the legacy firmware (Dmitry Baryshkov)
- block/blk-throttle: Fix throttle slice time for SSDs (Guenter Roeck)
- NFSD/blocklayout: Fix minlength check in proc_layoutget (Sergey Bashirov)
- tracefs: fix a leak in eventfs_create_events_dir() (Al Viro)
- watchdog: starfive: Fix resource leak in probe error path (Xu Wang)
- watchdog: wdat_wdt: Fix ACPI table leak in probe function (Xu Wang)
- bpf: Check skb->transport_header is set in bpf_skb_check_mtu (Martin Kafai Lau) [Orabug: 38798820] {CVE-2025-68363}
- selftests/bpf: Fix failure paths in send_signal test (Alexei Starovoitov)
- bpf: Handle return value of ftrace_set_filter_ip in register_fentry (Menglong Dong)
- ps3disk: use memcpy_{from,to}_bvec index (René Rebe)
- drm/msm/dpu: drop dpu_hw_dsc_destroy() prototype (Dmitry Baryshkov)
- crypto: iaa - Fix incorrect return value in save_iaa_wq() (Zilin Guan)
- arm64: dts: rockchip: Add eeprom vcc-supply for Radxa ROCK 3C (Fukaumi Naoki)
- arm64: dts: rockchip: Add eeprom vcc-supply for Radxa ROCK 5A (Fukaumi Naoki)
- arm64: dts: rockchip: Move the EEPROM to correct I2C bus on Radxa ROCK 5A (Fukaumi Naoki)
- PCI: keystone: Exit ks_pcie_probe() for invalid mode (Siddharth Vadapalli)
- bpf: Free special fields when update [lru_,]percpu_hash maps (Leon Hwang) [Orabug: 38798936] {CVE-2025-68744}
- leds: netxbig: Fix GPIO descriptor leak in error paths (Xu Wang)
- scsi: sim710: Fix resource leak by adding missing ioport_unmap() calls (Xu Wang)
- ACPI: property: Fix fwnode refcount leak in acpi_fwnode_graph_parse_endpoint() (Xu Wang)
- ocfs2: relax BUG() to ocfs2_error() in __ocfs2_move_extent() (Dmitry Antipov) [Orabug: 38798823] {CVE-2025-68364}
- lib/vsprintf: Check pointer before dereferencing in time_and_date() (Andy Shevchenko)
- clk: renesas: r9a06g032: Fix memory leak in error path (Xu Wang)
- coresight: etm4x: Add context synchronization before enabling trace (Leo Yan)
- coresight: etm4x: Extract the trace unit controlling (Leo Yan)
- coresight: etm4x: Correct polling IDLE bit (Leo Yan)
- coresight: Change device mode to atomic type (Leo Yan)
- nbd: defer config unlock in nbd_genl_connect (Zheng Qixing) [Orabug: 38798832] {CVE-2025-68366}
- wifi: cw1200: Fix potential memory leak in cw1200_bh_rx_helper() (Abdun Nihaal)
- macintosh/mac_hid: fix race condition in mac_hid_toggle_emumouse (Long Li) [Orabug: 38798837] {CVE-2025-68367}
- powerpc/32: Fix unpaired stwcx. on interrupt exit (Christophe Leroy)
- powerpc/kdump: Fix size calculation for hot-removed memory ranges (Sourabh Jain)
- cpufreq/amd-pstate: Call cppc_set_auto_sel() only for online CPUs (Gautham R. Shenoy)
- scsi: ufs: core: fix incorrect buffer duplication in ufshcd_read_string_desc() (Bean Huo)
- drm/panthor: Fix potential memleak of vma structure (Akash Goel)
- ntfs3: init run lock for extend inode (Edward Adam Davis)
- ARM: dts: stm32: stm32mp157c-phycore: Fix STMPE811 touchscreen node properties (Jihed Chaibi)
- RDMA/rtrs: server: Fix error handling in get_or_create_srv (Ma Ke)
- dt-bindings: PCI: amlogic: Fix the register name of the DBI region (Manivannan Sadhasivam)
- scsi: smartpqi: Fix device resources accessed after device removal (Mike Mcgowen) [Orabug: 38798847] {CVE-2025-68371}
- scsi: stex: Fix reboot_notifier leak in probe error path (Xu Wang)
- nbd: defer config put in recv_work (Zheng Qixing) [Orabug: 38798850] {CVE-2025-68372}
- md: fix rcu protection in md_wakeup_thread (Yun Zhou) [Orabug: 38798857] {CVE-2025-68374}
- regulator: core: disable supply if enabling main regulator fails (Gabor Juhos)
- perf/x86/intel: Correct large PEBS flag check (Dapeng Mi)
- ext4: correct the checking of quota files before moving extents (Zhang Yi)
- mfd: da9055: Fix missing regmap_del_irq_chip() in error path (Xu Wang)
- locktorture: Fix memory leak in param_set_cpumask() (Wang Liang)
- efi/libstub: Fix page table access in 5-level to 4-level paging transition (Usama Arif)
- x86/boot: Fix page table access in 5-level to 4-level paging transition (Usama Arif)
- ARM: dts: omap3: n900: Correct obsolete TWL4030 power compatible (Jihed Chaibi)
- ARM: dts: omap3: beagle-xm: Correct obsolete TWL4030 power compatible (Jihed Chaibi)
- ARM: dts: am335x-netcom-plus-2xx: add missing GPIO labels (Yegor Yefremov)
- libbpf: Fix parsing of multi-split BTF (Alan Maguire)
- spi: tegra210-quad: Fix timeout handling (Vishwaroop A) [Orabug: 38798943] {CVE-2025-68746}
- drm/panthor: Fix UAF on kernel BO VA nodes (Boris Brezillon)
- drm/panthor: Fix race with suspend during unplug (Ketil Johnsen)
- drm/panthor: Fix UAF race between device unplug and FW event processing (Ketil Johnsen)
- drm/panthor: Fix group_free_queue() for partially initialized queues (Boris Brezillon)
- drm/panthor: Handle errors returned by drm_sched_entity_init() (Boris Brezillon)
- fs/9p: Don't open remote file with APPEND mode when writeback cache is used (Tingmao Wang)
- scsi: target: Do not write NUL characters into ASCII configfs output (Bart Van Assche)
- power: supply: apm_power: only unset own apm_get_power_status (Ahelenia Ziemiańska)
- power: supply: wm831x: Check wm831x_set_bits() return value (Ivan Abramov)
- power: supply: rt9467: Prevent using uninitialized local variable in rt9467_set_value_from_ranges() (Murad Masimov)
- power: supply: rt9467: Return error on failure in rt9467_set_value_from_ranges() (Ivan Abramov)
- power: supply: max17040: Check iio_read_channel_processed() return code (Ivan Abramov)
- power: supply: cw2015: Check devm_delayed_work_autocancel() return code (Ivan Abramov)
- power: supply: rt5033_charger: Fix device node reference leaks (Xu Wang)
- perf record: skip synthesize event when open evsel failed (Shuai Xue)
- perf lock contention: Load kernel map before lookup (Namhyung Kim)
- drm/imagination: Fix reference to devm_platform_get_and_ioremap_resource() (Geert Uytterhoeven)
- interconnect: debugfs: Fix incorrect error handling for NULL path (Kuan-Wei Chiu)
- arm64: dts: qcom: msm8996: add interconnect paths to USB2 controller (Dmitry Baryshkov)
- interconnect: qcom: msm8996: add missing link to SLAVE_USB_HS (Dmitry Baryshkov)
- wifi: ath12k: fix potential memory leak in ath12k_wow_arp_ns_offload() (Abdun Nihaal)
- i3c: master: svc: Prevent incomplete IBI transaction (Stanley Chu)
- i3c: fix refcount inconsistency in i3c_master_register (Frank Li)
- pinctrl: stm32: fix hwspinlock resource leak in probe function (Xu Wang)
- soc: qcom: smem: fix hwspinlock resource leak in probe error paths (Xu Wang)
- tools/nolibc/stdio: let perror work when NOLIBC_IGNORE_ERRNO is set (Benjamin Berg)
- x86/dumpstack: Prevent KASAN false positive warnings in __show_regs() (Tengda Wu)
- task_work: Fix NMI race condition (Peter Zijlstra)
- perf/x86/intel/cstate: Remove PC3 support from LunarLake (Zhang Rui)
- bpf: Fix stackmap overflow check in __bpf_get_stackid() (Arnaud Lecomte) [Orabug: 38798864] {CVE-2025-68378}
- bpf: Refactor stack map trace depth calculation into helper function (Arnaud Lecomte)
- perf: Remove get_perf_callchain() init_nr argument (Josh Poimboeuf)
- mtd: rawnand: lpc32xx_slc: fix GPIO descriptor leak on probe error and remove (Xu Wang)
- mtd: nand: relax ECC parameter validation check (Aryan Srivastava)
- Revert "mtd: rawnand: marvell: fix layouts" (Aryan Srivastava)
- ARM: dts: renesas: r9a06g032-rzn1d400-db: Drop invalid #cells properties (Wolfram Sang)
- ARM: dts: renesas: gose: Remove superfluous port property (Wolfram Sang)
- RDMA/rxe: Fix null deref on srq->rq.queue after resize failure (Zhu Yanjun) [Orabug: 38798867] {CVE-2025-68379}
- sctp: Defer SCTP_DBG_OBJCNT_DEC() to sctp_destroy_sock(). (Kuniyuki Iwashima)
- phy: mscc: Fix PTP for VSC8574 and VSC8572 (Horatiu Vultur)
- arm64: dts: qcom: qcm6490-shift-otter: Add missing reserved-memory (Alexander Martinz)
- arm64: dts: qcom: sm8650: set ufs as dma coherent (Neil Armstrong)
- arm64: dts: qcom: sdm845-oneplus: Correct gpio used for slider (Gergo Koteles)
- arm64: dts: qcom: x1e80100: Add missing quirk for HS only USB controller (Krishna Kurapati)
- arm64: dts: qcom: x1e80100: Fix compile warnings for USB HS controller (Krishna Kurapati)
- firmware: imx: scu-irq: fix OF node leak in (Peng Fan)
- arm64: dts: ti: k3-am62p: Fix memory ranges for GPU (Randolph Sapp)
- s390/ap: Don't leak debug feature files if AP instructions are not available (Heiko Carstens)
- s390/smp: Fix fallback CPU detection (Heiko Carstens)
- wifi: ath11k: fix peer HE MCS assignment (Baochen Qiang) [Orabug: 38798872] {CVE-2025-68380}
- wifi: ath11k: fix VHT MCS assignment (Baochen Qiang)
- crypto: hisilicon/qm - restore original qos values (Nieweiqiang)
- crypto: asymmetric_keys - prevent overflow in asymmetric_key_generate_id (Thorsten Blum) [Orabug: 38798874] {CVE-2025-68724}
- soc: qcom: gsbi: fix double disable caused by devm (Xu Wang)
- soc: Switch back to struct platform_driver::remove() (Uwe Kleine-König)
- clk: qcom: camcc-sm7150: Fix PLL config of PLL2 (Luca Weiss)
- clk: qcom: camcc-sm6350: Fix PLL config of PLL2 (Luca Weiss)
- clk: qcom: camcc-sm6350: Specify Titan GDSC power domain as a parent to other (Vladimir Zapolskiy)
- clk: qcom: camcc-sm8550: Specify Titan GDSC power domain as a parent to other (Vladimir Zapolskiy)
- uio: uio_fsl_elbc_gpcm:: Add null pointer check to uio_fsl_elbc_gpcm_probe (Li Qiang)
- PCI: rcar-gen2: Drop ARM dependency from PCI_RCAR_GEN2 (Geert Uytterhoeven)
- arm64: dts: exynos: gs101: fix sysreg_apm reg property (Peter Griffin)
- perf annotate: Check return value of evsel__get_arch() properly (Tianyou Li)
- arm64: dts: imx8mp-venice-gw702x: remove off-board sdhc1 (Tim Harvey)
- arm64: dts: imx8mp-venice-gw702x: remove off-board uart (Tim Harvey)
- arm64: dts: imx8mm-venice-gw72xx: remove unused sdhc1 pinctrl (Tim Harvey)
- arm64: dts: freescale: imx8mp-venice-gw7905-2x: remove duplicate usdhc1 props (Tim Harvey)
- block/mq-deadline: Switch back to a single dispatch list (Bart Van Assche)
- block/mq-deadline: Introduce dd_start_request() (Bart Van Assche)
- firmware: qcom: tzmem: fix qcom_tzmem_policy kernel-doc (Randy Dunlap)
- iio: imu: st_lsm6dsx: Fix measurement unit for odr struct member (Francesco Lavra)
- inet: Avoid ehash lookup race in inet_twsk_hashdance_schedule() (Luoxuanqiang)
- inet: Avoid ehash lookup race in inet_ehash_insert() (Luoxuanqiang)
- rculist: Add hlist_nulls_replace_rcu() and hlist_nulls_replace_init_rcu() (Luoxuanqiang)
- clk: qcom: gcc-x1e80100: Add missing USB4 clocks/resets (Konrad Dybcio)
- dt-bindings: clock: qcom,x1e80100-gcc: Add missing USB4 clocks/resets (Konrad Dybcio)
- dt-bindings: clock: qcom,x1e80100-gcc: Add missing video resets (Stephan Gerhold)
- ntfs3: Fix uninit buffer allocated by __getname() (Sidharth Seela)
- ntfs3: fix uninit memory after failed mi_read in mi_format_new (Raphael Pinsonneault-Thibeault)
- crypto: authenc - Correctly pass EINPROGRESS back up to the caller (Herbert Xu)
- irqchip/qcom-irq-combiner: Fix section mismatch (Johan Hovold)
- irqchip/starfive-jh8100: Fix section mismatch (Johan Hovold)
- irqchip/renesas-rzg2l: Fix section mismatch (Johan Hovold)
- irqchip/imx-mu-msi: Fix section mismatch (Johan Hovold)
- irqchip/irq-brcmstb-l2: Fix section mismatch (Johan Hovold)
- irqchip/irq-bcm7120-l2: Fix section mismatch (Johan Hovold)
- irqchip/irq-bcm7038-l1: Fix section mismatch (Johan Hovold)
- sched/fair: Forfeit vruntime on yield (Fernand Sieber)
- wifi: ath11k: restore register window after global reset (Baochen Qiang)
- wifi: ath10k: move recovery check logic into a new work (Kang Yang)
- wifi: ath10k: Add missing include of export.h (Jeff Johnson)
- wifi: ath10k: Avoid vdev delete timeout when firmware is already down (Loic Poulain)
- objtool: Fix weak symbol detection (Josh Poimboeuf)
- objtool: Fix standalone --hacks=jump_label (Dylan Hatch)
- HID: logitech-hidpp: Do not assume FAP in hidpp_send_message_sync() (Mavroudis Chatzilazaridis)
- drm: atmel-hlcdc: fix atmel_xlcdc_plane_setup_scaler() (Cyrille Pitchen)
- clk: renesas: cpg-mssr: Read back reset registers to assure values latched (Marek Vasut)
- clk: renesas: Pass sub struct of cpg_mssr_priv to cpg_clk_register (Thierry Bultel)
- clk: renesas: Use str_on_off() helper (Geert Uytterhoeven)
- clk: renesas: cpg-mssr: Add missing 1ms delay into reset toggle callback (Marek Vasut)
- pinctrl: renesas: rzg2l: Fix PMC restore (Biju Das)
- USB: Fix descriptor count when handling invalid MBIM extended descriptor (Seungjin Bae)
- drm/vgem-fence: Fix potential deadlock on release (Janusz Krzysztofik) [Orabug: 38818211] {CVE-2025-68757}
- accel/ivpu: Fix DCT active percent format (Karol Wachowski)
- accel/ivpu: Make function parameter names consistent (Jacek Lawrynowicz)
- drm/panel: visionox-rm69299: Don't clear all mode flags (Guido Günther)
- accel/ivpu: Ensure rpm_runtime_put in case of engine reset/resume fail (Karol Wachowski)
- accel/ivpu: Prevent runtime suspend during context abort work (Andrzej Kacprowski)
- gpu: host1x: Fix race in syncpt alloc/free (Mainak Sen) [Orabug: 38798898] {CVE-2025-68732}
- smack: fix bug: setting task label silently ignores input garbage (Konstantin Andreev)
- smack: fix bug: unprivileged task can create labels (Konstantin Andreev)
- smack: fix bug: invalid label of unix socket file (Konstantin Andreev)
- smack: always "instantiate" inode in smack_inode_init_security() (Konstantin Andreev)
- smack: deduplicate xattr setting in smack_inode_init_security() (Konstantin Andreev)
- smack: fix bug: SMACK64TRANSMUTE set on non-directory (Konstantin Andreev)
- smack: deduplicate "does access rule request transmutation" (Konstantin Andreev)
- net/mlx5e: Set default burst period for TX and RX reporters (Shahar Shitrit) [Orabug: 38636804]
- devlink: Make health reporter burst period configurable (Shahar Shitrit) [Orabug: 38636804]
- devlink: Introduce burst period for health reporter (Shahar Shitrit) [Orabug: 38636804]
- devlink: Move health reporter recovery abort logic to a separate function (Shahar Shitrit) [Orabug: 38636804]
- devlink: Move graceful period parameter to reporter ops (Shahar Shitrit) [Orabug: 38636804]
- devlink: use devlink_nl_put_u64() helper (Przemek Kitszel) [Orabug: 38636804]
- devlink: introduce devlink_nl_put_u64() (Przemek Kitszel) [Orabug: 38636804]
- Revert "net/mlx5: set graceful_period to 0 to allow multiple transmission queue recovery" (Qing Huang) [Orabug: 38636804]
- net/rds: improve conn destroy printk message (Sharath Srinivasan) [Orabug: 38728739]
- net/rds: expand kref coverage to rds_notifier->n_conn (Sharath Srinivasan) [Orabug: 38728739]
- net/rds: fix crash by expanding kref coverage to rds_incoming.i_conn (Sharath Srinivasan) [Orabug: 38728739]
- net/rds: rds_sendmsg must use rs_conn only when not being destroyed (Sharath Srinivasan) [Orabug: 38728742]
- Revert "iommu/amd: Skip enabling command/event buffers for kdump" (Dongli Zhang) [Orabug: 38766139]
- mm: list_lru: avoid using NULL list_lru_one. (Imran Khan) [Orabug: 38787957]

[6.12.0-108.62.1]
- uek-rpm: Allow disabling kabichk at command line (Yifei Liu) [Orabug: 38733049]
- Revert "xfrm: Use xdo.dev instead of xdo.real_dev" (Jack Vogel) [Orabug: 38718730]
- Revert "net/mlx5: Fix IPsec cleanup over MPV device" (Jack Vogel) [Orabug: 38718730]
- LTS version: v6.12.62 (Jack Vogel)
- bus: mhi: host: pci_generic: Add Telit FN990B40 modem support (Daniele Palmas)
- bus: mhi: host: pci_generic: Add Telit FN920C04 modem support (Daniele Palmas)
- staging: rtl8723bs: fix out-of-bounds read in OnBeacon ESR IE parsing (Navaneeth K)
- staging: rtl8723bs: fix stack buffer overflow in OnAssocReq IE parsing (Navaneeth K)
- staging: rtl8723bs: fix out-of-bounds read in rtw_get_ie() parser (Navaneeth K)
- comedi: check device's attached status in compat ioctls (Nikita Zhandarovich)
- comedi: multiq3: sanitize config options in multiq3_attach() (Nikita Zhandarovich)
- comedi: c6xdigio: Fix invalid PNP driver unregistration (Ian Abbott)
- wifi: rtw88: Add USB ID 2001:3329 for D-Link AC13U rev. A1 (Zenm Chen)
- wifi: rtl8xxxu: Add USB ID 2001:3328 for D-Link AN3U rev. A1 (Zenm Chen)
- samples: work around glibc redefining some of our defines wrong (Linus Torvalds)
- LoongArch: Mask all interrupts during kexec/kdump (Huacai Chen)
- HID: elecom: Add support for ELECOM M-XT3URBK (018F) (Naoki Ueki)
- platform/x86/amd/pmc: Add spurious_8042 to Xbox Ally (Antheas Kapenekakis)
- platform/x86/amd: pmc: Add Lenovo Legion Go 2 to pmc quirk list (Antheas Kapenekakis)
- platform/x86: huawei-wmi: add keys for HONOR models (Ston Jia)
- HID: apple: Add SONiX AK870 PRO to non_apple_keyboards quirk list (April Grimoire)
- platform/x86: acer-wmi: Ignore backlight event (Armin Wolf)
- pinctrl: qcom: msm: Fix deadlock in pinmux configuration (Praveen Talari)
- nvme: fix admin request_queue lifetime (Keith Busch) [Orabug: 38773611] {CVE-2025-68265}
- HID: hid-input: Extend Elan ignore battery quirk to USB (Mario Limonciello)
- bfs: Reconstruct file type when loading from disk (Tetsuo Handa)
- ALSA: usb-audio: Add native DSD quirks for PureAudio DAC series (Lushih Hsieh)
- drm/amdkfd: Fix GPU mappings for APU after prefetch (Harish Kasiviswanathan)
- smb: fix invalid username check in smb3_fs_context_parse_param() (Yiqi Sun)
- Bluetooth: btrtl: Avoid loading the config file on security chips (Max Chou)
- drm/vmwgfx: Use kref in vmw_bo_dirty (Ian Forbes)
- spi: imx: keep dma request disabled before dma transfer setup (Robin Gong)
- spi: xilinx: increase number of retries before declaring stall (Alvaro Gamez Machado)
- ftrace: bpf: Fix IPMODIFY + DIRECT in modify_ftrace_direct() (Song Liu)
- USB: serial: kobil_sct: fix TIOCMBIS and TIOCMBIC (Johan Hovold)
- USB: serial: belkin_sa: fix TIOCMBIS and TIOCMBIC (Johan Hovold)
- serial: add support of CPCI cards (Magne Bruno)
- USB: serial: ftdi_sio: match on interface number for jtag (Johan Hovold)
- USB: serial: option: move Telit 0x10c7 composition in the right place (Fabio Porcedda)
- USB: serial: option: add Telit Cinterion FE910C04 new compositions (Fabio Porcedda)
- USB: serial: option: add Foxconn T99W760 (Slark Xiao)
- KVM: SVM: Don't skip unrelated instruction if INT3/INTO is replaced (Omar Sandoval) [Orabug: 38773578] {CVE-2025-68259}
- comedi: pcl818: fix null-ptr-deref in pcl818_ai_cancel() (Nikita Zhandarovich)
- ext4: add i_data_sem protection in ext4_destroy_inline_data_nolock() (Alexey Nepomnyashih) [Orabug: 38773586] {CVE-2025-68261}
- locking/spinlock/debug: Fix data-race in do_raw_write_lock (Alexander Sverdlin)
- ksmbd: ipc: fix use-after-free in ipc_msg_send_request (Qianchang Zhao)
- ext4: refresh inline data size before write operations (Deepanshu Kartikey) [Orabug: 38773602] {CVE-2025-68264}
- jbd2: avoid bug_on in jbd2_journal_get_create_access() when file system corrupted (Ye Bin) [Orabug: 38792632] {CVE-2025-68337}
- Documentation: process: Also mention Sasha Levin as stable tree maintainer (Bagas Sanjaya)
- xfrm: flush all states in xfrm_state_fini (Sabrina Dubroca)
- xfrm: also call xfrm_state_delete_tunnel at destroy time for states that were never added (Sabrina Dubroca)
- Revert "xfrm: destroy xfrm_state synchronously on net exit path" (Sabrina Dubroca)
- xfrm: delete x->tunnel as we delete x (Sabrina Dubroca) [Orabug: 38730491,38854317] {CVE-2025-40215}
- LTS version: v6.12.61 (Jack Vogel)
- spi: spi-nxp-fspi: Check return value of devm_mutex_init() (Thomas Weißschuh)
- drm/i915/dp: Initialize the source OUI write timestamp always (Imre Deak)
- Revert "ACPI: Suppress misleading SPCR console message when SPCR table is absent" (Punit Agrawal)
- wifi: ath12k: correctly handle mcast packets for clients (Sarika Sharma)
- net: dsa: microchip: Free previously initialized ports on init failures (Bastien Curutchet)
- net: dsa: microchip: Do not execute PTP driver code for unsupported switches (Tristram Ha)
- drm, fbcon, vga_switcheroo: Avoid race condition in fbcon setup (Thomas Zimmermann) [Orabug: 38773709] {CVE-2025-68296}
- net: dsa: microchip: Fix symetry in ksz_ptp_msg_irq_{setup/free}() (Bastien Curutchet)
- KVM: SVM: Fix redundant updates of LBR MSR intercepts (Yosry Ahmed)
- KVM: nSVM: Fix and simplify LBR virtualization handling with nested (Yosry Ahmed)
- KVM: nSVM: Always recalculate LBR MSR intercepts in svm_update_lbrv() (Yosry Ahmed)
- KVM: SVM: Introduce svm_recalc_lbr_msr_intercepts() (Yosry Ahmed)
- mm/huge_memory: fix NULL pointer deference when splitting folio (Wei Yang) [Orabug: 38773700] {CVE-2025-68293}
- usb: gadget: udc: fix use-after-free in usb_gadget_state_work (Jimmy Hu) [Orabug: 38773635] {CVE-2025-68282}
- usb: udc: Add trace event for usb_gadget_set_state (Kuen-Han Tsai)
- can: rcar_canfd: Fix CAN-FD mode as default (Biju Das)
- usb: typec: ucsi: psy: Set max current to zero when disconnected (Jameson Thies)
- nfsd: Replace clamp_t in nfsd4_get_drc_mem() (Neil Brown)
- staging: rtl8712: Remove driver using deprecated API wext (Philipp Hortmann)
- libceph: replace BUG_ON with bounds check for map->max_osd (Ziming Zhang) [Orabug: 38773641] {CVE-2025-68283}
- libceph: prevent potential out-of-bounds writes in handle_auth_session_key() (Ziming Zhang) [Orabug: 38773648] {CVE-2025-68284}
- libceph: fix potential use-after-free in have_mon_and_osd_map() (Ilya Dryomov) [Orabug: 38773654] {CVE-2025-68285}
- net: dsa: microchip: Don't free uninitialized ksz_irq (Bastien Curutchet)
- net: dsa: microchip: ptp: Fix checks on irq_find_mapping() (Bastien Curutchet)
- net: dsa: microchip: common: Fix checks on irq_find_mapping() (Bastien Curutchet)
- drm/amd/display: Don't change brightness for disabled connectors (Mario Limonciello)
- drm/amd/display: Check NULL before accessing (Alex Hung) [Orabug: 38773661] {CVE-2025-68286}
- drm/amd/amdgpu: reserve vm invalidation engine for uni_mes (Michael Chen)
- drm: sti: fix device leaks at component probe (Johan Hovold)
- USB: serial: option: add support for Rolling RW101R-GL (Vanillan Wang)
- USB: serial: ftdi_sio: add support for u-blox EVK-M101 (Oleksandr Suvorov)
- xhci: dbgtty: fix device unregister (Łukasz Bartosik)
- xhci: dbgtty: Fix data corruption when transmitting data form DbC to host (Mathias Nyman)
- xhci: fix stale flag preventig URBs after link state error is cleared (Mathias Nyman)
- usb: dwc3: Fix race condition between concurrent dwc3_remove_requests() call paths (Manish Nagar)
- usb: dwc3: pci: Sort out the Intel device IDs (Krogerus Heikki)
- usb: dwc3: pci: add support for the Intel Nova Lake -S (Krogerus Heikki)
- usb: uas: fix urb unmapping issue when the uas device is remove during ongoing data transfer (Owen Gu) [Orabug: 38792592] {CVE-2025-68331}
- usb: storage: sddr55: Reject out-of-bound new_pba (Tianchu Chen) [Orabug: 38762728] {CVE-2025-40345}
- USB: storage: Remove subclass and protocol overrides from Novatek quirk (Alan Stern)
- usb: storage: Fix memory leak in USB bulk transport (Desnes Nunes) [Orabug: 38773676] {CVE-2018-1000204,CVE-2025-68288}
- usb: renesas_usbhs: Fix synchronous external abort on unbind (Claudiu Beznea)
- usb: gadget: f_eem: Fix memory leak in eem_unwrap (Kuen-Han Tsai)
- usb: cdns3: Fix double resource release in cdns3_pci_probe (Miaoqian Lin)
- most: usb: fix double free on late probe failure (Johan Hovold)
- serial: amba-pl011: prefer dma_mapping_error() over explicit address checking (Miaoqian Lin)
- mptcp: Initialise rcv_mss before calling tcp_send_active_reset() in mptcp_do_fastclose(). (Kuniyuki Iwashima)
- mptcp: clear scheduled subflows on retransmit (Paolo Abeni)
- mmc: sdhci-of-dwcmshc: Promote the th1520 reset handling to ip level (Jisheng Zhang)
- mm/memfd: fix information leak in hugetlb folios (Deepanshu Kartikey) [Orabug: 38773697] {CVE-2025-68292}
- firmware: stratix10-svc: fix bug in saving controller data (Khairul Anuar Romli)
- nvmem: layouts: fix nvmem_layout_bus_uevent (Guan Wentao)
- slimbus: ngd: Fix reference count leak in qcom_slim_ngd_notify_slaves (Miaoqian Lin)
- thunderbolt: Add support for Intel Wildcat Lake (Alan Borzeszkowski)
- smb: client: fix memory leak in cifs_construct_tcon() (Paulo Alcantara) [Orabug: 38773703] {CVE-2025-68295}
- drivers/usb/dwc3: fix PCI parent check (Jamie Iles)
- dm-verity: fix unreliable memory allocation (Mikulas Patocka)
- ceph: fix crash in process_v2_sparse_read() for encrypted directories (Viacheslav Dubeyko) [Orabug: 38773716] {CVE-2025-68297}
- can: sun4i_can: sun4i_can_interrupt(): fix max irq loop handling (Marc Kleine-Budde)
- can: sja1000: fix max irq loop handling (Thomas Mühlbacher)
- Bluetooth: btusb: mediatek: Avoid btusb_mtk_claim_iso_intf() NULL deref (Douglas Anderson) [Orabug: 38773723] {CVE-2025-68298}
- atm/fore200e: Fix possible data race in fore200e_open() (Gui-Dong Han)
- ARM: dts: nxp: imx6ul: correct SAI3 interrupt line (Maarten Zanders)
- arm64: dts: imx8qm-mek: fix mux-controller select/enable-gpios polarity (Xu Yang)
- arm64: dts: imx8dxl-ss-conn: swap interrupts number of eqos (Frank Li)
- ALSA: usb-audio: Add DSD quirk for LEAK Stereo 230 (Ivan Zhaldak)
- tracing: Fix WARN_ON in tracing_buffers_mmap_close for split VMAs (Deepanshu Kartikey) [Orabug: 38792583] {CVE-2025-68329}
- MIPS: mm: kmalloc tlb_vpn array to avoid stack overflow (Thomas Bogendoerfer)
- MIPS: mm: Prevent a TLB shutdown on initial uniquification (Maciej W. Rozycki)
- iio: adc: rtq6056: Correct the sign bit index (Chiyuan Huang)
- iio: adc: ad7280a: fix ad7280_store_balance_timer() (David Lechner)
- iio: accel: fix ADXL355 startup race condition (Valek Andrej)
- iio: accel: bmc150: Fix irq assumption regression (Linus Walleij) [Orabug: 38792585] {CVE-2025-68330}
- iio: adc: stm32-dfsdm: fix st,adc-alt-channel property handling (Olivier Moysan)
- iio:common:ssp_sensors: Fix an error handling path ssp_probe() (Christophe Jaillet)
- iio: imu: st_lsm6dsx: fix array size for st_lsm6dsx_settings fields (Francesco Lavra)
- iio: humditiy: hdc3020: fix units for thresholds and hysteresis (Dimitri Fedrau)
- iio: humditiy: hdc3020: fix units for temperature and humidity measurement (Dimitri Fedrau)
- iio: buffer: support getting dma channel from the buffer (Nuno Sa)
- iio: buffer-dmaengine: enable .get_dma_dev() (Nuno Sa)
- iio: buffer-dma: support getting the DMA channel (Nuno Sa)
- Revert "perf/x86: Always store regs->ip in perf_callchain_kernel()" (Jiri Olsa)
- Revert "drm/amd/display: Move setup_stream_attribute" (Alex Deucher)
- spi: bcm63xx: fix premature CS deassertion on RX-only transactions (Hang Zhou)
- spi: nxp-fspi: Propagate fwnode in ACPI case as well (Andy Shevchenko)
- spi: spi-nxp-fspi: Add OCT-DTR mode support (Haibo Chen)
- spi: spi-nxp-fspi: remove the goto in probe (Haibo Chen)
- spi: nxp-fspi: Support per spi-mem operation frequency switches (Miquel Raynal)
- spi: spi-mem: Add a new controller capability (Miquel Raynal)
- spi: spi-mem: Extend spi-mem operations with a per-operation maximum frequency (Miquel Raynal)
- spi: spi-mem: Allow specifying the byte order in Octal DTR mode (Tudor Ambarus)
- spi: amlogic-spifc-a1: Handle devm_pm_runtime_enable() errors (Xu Wang)
- spi: tegra114: remove Kconfig dependency on TEGRA20_APB_DMA (Francesco Lavra)
- fs/namespace: fix reference leak in grab_requested_mnt_ns (Andrei Vagin) [Orabug: 38773950] {CVE-2025-68300}
- mailbox: pcc: don't zero error register (Jamie Iles)
- mailbox: pcc: Refactor error handling in irq handler into separate function (Sudeep Holla)
- mailbox: mtk-cmdq: Refine DMA address handling for the command buffer (Jason-JH Lin)
- mailbox: mailbox-test: Fix debugfs_create_dir error checking (Xu Wang)
- usb: gadget: renesas_usbf: Handle devm_pm_runtime_enable() errors (Xu Wang)
- iio: st_lsm6dsx: Fixed calibrated timestamp calculation (Mario Tesi)
- net: fec: do not register PPS event for PEROUT (Wei Fang)
- net: fec: do not allow enabling PPS and PEROUT simultaneously (Wei Fang)
- net: fec: do not update PEROUT if it is enabled (Wei Fang)
- net: fec: cancel perout_timer when PEROUT is disabled (Wei Fang)
- net: atlantic: fix fragment overflow handling in RX path (Jiefeng Zhang) [Orabug: 38773728] {CVE-2025-68301}
- eth: fbnic: Fix counter roll-over issue (Mohsin Bashir)
- net: dsa: sja1105: fix SGMII linking at 10M or 100M but not passing traffic (Vladimir Oltean)
- net: dsa: sja1105: simplify static configuration reload (Russell King)
- net: wwan: mhi: Keep modem name match with Foxconn T99W640 (Slark Xiao)
- drm/amdgpu: fix cyan_skillfish2 gpu info fw handling (Alex Deucher)
- net: sxgbe: fix potential NULL dereference in sxgbe_rx() (Alexey Kodanev)
- team: Move team device type change at the end of team_port_add (Nikola Z. Ivanov) [Orabug: 38796270] {CVE-2025-68340}
- net/mlx5e: Fix validation logic in rate limiting (Danielle Costantino)
- drm/xe: Fix conversion from clock ticks to milliseconds (Harish Chegondi)
- net: lan966x: Fix the initialization of taprio (Horatiu Vultur)
- net: aquantia: Add missing descriptor cache invalidation on ATL2 (Kai-Heng Feng)
- platform/x86: intel: punit_ipc: fix memory corruption (Dan Carpenter)
- net: phy: mxl-gpy: fix bogus error on USXGMII and integrated PHY (Daniel Golle)
- veth: reduce XDP no_direct return section to fix race (Jesper Dangaard Brouer) [Orabug: 38796276] {CVE-2025-68341}
- veth: more robust handing of race to avoid txq getting stuck (Jesper Dangaard Brouer)
- veth: prevent NULL pointer dereference in veth_xdp_rcv (Jesper Dangaard Brouer)
- veth: apply qdisc backpressure on full ptr_ring to reduce TX drops (Jesper Dangaard Brouer)
- net: sched: generalize check for no-queue qdisc on TX queue (Jesper Dangaard Brouer)
- Bluetooth: SMP: Fix not generating mackey and ltk when repairing (Luiz Augusto von Dentz)
- Bluetooth: hci_sock: Prevent race in socket write iter and sock bind (Edward Adam Davis) [Orabug: 38773949] {CVE-2025-68305}
- Bluetooth: hci_core: Fix triggering cmd_timer for HCI_OP_NOP (Luiz Augusto von Dentz)
- Bluetooth: btusb: mediatek: Fix kernel crash when releasing mtk iso interface (Chris Lu) [Orabug: 38773748] {CVE-2025-68306}
- can: gs_usb: gs_usb_receive_bulk_callback(): check actual_length before accessing data (Marc Kleine-Budde) [Orabug: 38796278] {CVE-2025-68342}
- can: gs_usb: gs_usb_receive_bulk_callback(): check actual_length before accessing header (Marc Kleine-Budde) [Orabug: 38796285] {CVE-2025-68343}
- can: gs_usb: gs_usb_xmit_callback(): fix handling of failed transmitted URBs (Marc Kleine-Budde) [Orabug: 38773751] {CVE-2025-68307}
- can: kvaser_usb: leaf: Fix potential infinite loop in command parsers (Seungjin Bae) [Orabug: 38773759] {CVE-2025-68308}
- LTS version: v6.12.60 (Jack Vogel)
- Revert "gpio: swnode: don't use the swnode's name as the key for GPIO lookup" (Charles Keepax)
- drm/amd/display: Prevent Gating DTBCLK before It Is Properly Latched (Fangzhi Zuo)
- drm/amd/display: Insert dccg log for easy debug (Charlene Liu)
- drm/amd/display: disable DPP RCG before DPP CLK enable (Charlene Liu)
- drm/amd/display: avoid reset DTBCLK at clock init (Charlene Liu)
- xfs: fix out of bounds memory read error in symlink repair (Darrick J. Wong) [Orabug: 38730602] {CVE-2025-40246}
- xfs: Replace strncpy with memcpy (Marcelo Moreira)
- mptcp: fix a race in mptcp_pm_del_add_timer() (Eric Dumazet) [Orabug: 38730655] {CVE-2025-40257}
- drm/i915/dp_mst: Disable Panel Replay (Imre Deak)
- maple_tree: fix tracepoint string pointers (Martin Kaiser)
- tty/vt: fix up incorrect backport to stable releases (Jari Ruusu)
- smb: client: fix incomplete backport in cfids_invalidation_worker() (Henrique Carvalho)
- drm/amdgpu: fix gpu page fault after hibernation on PF passthrough (Samuel Zhang) [Orabug: 38773445] {CVE-2025-68230}
- tracing/tools: Fix incorrcet short option in usage text for --threads (Zhang Chujun)
- net: ethernet: ti: netcp: Standardize knav_dma_open_channel to return NULL on error (Nishanth Menon)
- ALSA: usb-audio: fix uac2 clock source at terminal parser (René Rebe)
- s390/mm: Fix __ptep_rdp() inline assembly (Heiko Carstens)
- drm/xe: Prevent BIT() overflow when handling invalid prefetch region (Shuicheng Lin)
- Revert "RDMA/irdma: Update Kconfig" (Guan Wentao)
- KVM: arm64: Make all 32bit ID registers fully writable (Marc Zyngier)
- ALSA: usb-audio: Fix missing unlock at error path of maxpacksize check (Takashi Iwai)
- kconfig/nconf: Initialize the default locale at startup (Jakub Horký)
- kconfig/mconf: Initialize the default locale at startup (Jakub Horký)
- net: tls: Cancel RX async resync request on rcd_delta overflow (Shahar Shitrit)
- blk-crypto: use BLK_STS_INVAL for alignment errors (Carlos Llamas)
- net: tls: Change async resync helpers argument (Shahar Shitrit)
- selftests: net: use BASH for bareudp testing (Po-Hsu Lin)
- x86/microcode/AMD: Limit Entrysign signature checking to known generations (Borislav Petkov)
- scsi: core: Fix a regression triggered by scsi_host_busy() (Bart Van Assche) [Orabug: 38773425] {CVE-2025-68224}
- cifs: fix typo in enable_gcm_256 module parameter (Steve French)
- bcma: don't register devices disabled in OF (Rafał Miłecki)
- vsock: Ignore signal/timeout on connect() if already established (Michal Luczaj) [Orabug: 38730610] {CVE-2025-40248}
- cifs: fix memory leak in smb3_fs_context_parse_param error path (Shaurya Rane) [Orabug: 38773403] {CVE-2025-68219}
- LoongArch: Use UAPI types in ptrace UAPI header (Thomas Weißschuh)
- af_unix: Read sk_peek_offset() again after sleeping in unix_stream_read_generic(). (Kuniyuki Iwashima)
- af_unix: Cache state->msg in unix_stream_read_generic(). (Kuniyuki Iwashima)
- devlink: rate: Unset parent pointer in devl_rate_nodes_destroy (Shay Drory) [Orabug: 38730623] {CVE-2025-40251}
- pinctrl: s32cc: initialize gpio_pin_config::list after kmalloc() (Jared Kangas)
- pinctrl: s32cc: fix uninitialized memory in s32_pinctrl_desc (Jared Kangas)
- ice: fix PTP cleanup on driver removal in error path (Grzegorz Nitka) [Orabug: 38773389] {CVE-2025-68215}
- idpf: fix possible vport_config NULL pointer deref in remove (Emil Tantilov) [Orabug: 38773956] {CVE-2025-68213}
- net: qlogic/qede: fix potential out-of-bounds read in qede_tpa_cont() and qede_tpa_end() (Pavel Zhigulin) [Orabug: 38730628] {CVE-2025-40252}
- platform/x86/intel/speed_select_if: Convert PCIBIOS_* return codes to errnos (Xu Wang)
- selftests: net: lib: Do not overwrite error messages (Ido Schimmel)
- s390/ctcm: Fix double-kfree (Aleksei Nikiforov)
- nvme-multipath: fix lockdep WARN due to partition scan work (Shin'Ichiro Kawasaki) [Orabug: 38773400] {CVE-2025-68218}
- tools: riscv: Fixed misalignment of CSR related definitions (Chen Pei)
- net: openvswitch: remove never-working support for setting nsh fields (Ilya Maximets) [Orabug: 38730647] {CVE-2025-40254}
- net: mlxsw: linecards: fix missing error check in mlxsw_linecard_devlink_info_get() (Pavel Zhigulin)
- net: dsa: hellcreek: fix missing error handling in LED registration (Pavel Zhigulin)
- drm/tegra: Add call to put_pid() (Prateek Agarwal) [Orabug: 38773463] {CVE-2025-68233}
- mlxsw: spectrum: Fix memory leak in mlxsw_sp_flower_stats() (Zilin Guan)
- platform/x86: msi-wmi-platform: Fix typo in WMI GUID (Armin Wolf)
- platform/x86: msi-wmi-platform: Only load on MSI devices (Armin Wolf)
- pinctrl: cirrus: Fix fwnode leak in cs42l43_pin_probe() (Xu Wang)
- xfrm: Prevent locally generated packets from direct output in tunnel mode (Jianbo Liu)
- xfrm: Determine inner GSO type from packet inner protocol (Jianbo Liu)
- pinctrl: realtek: Select REGMAP_MMIO for RTD driver (Yu-Chun Lin)
- xfrm: set err and extack on failure to create pcpu SA (Sabrina Dubroca)
- xfrm: drop SA reference in xfrm_state_update if dir doesn't match (Sabrina Dubroca)
- drm/amd/display: Clear the CUR_ENABLE register on DCN20 on DPP5 (Ivan Lipski)
- drm/amd/display: Fix pbn to kbps Conversion (Fangzhi Zuo)
- drm/amd/display: Move sleep into each retry for retrieve_link_cap() (Mario Limonciello)
- drm/amd/display: Increase DPCD read retries (Mario Limonciello)
- drm/amdgpu: Skip emit de meta data on gfx11 with rs64 enabled (Yifan Zha)
- drm/amd: Skip power ungate during suspend for VPE (Mario Limonciello)
- drm/radeon: delete radeon_fence_process in is_signaled, no deadlock (Robert Mcclinton) [Orabug: 38773418] {CVE-2025-68223}
- drm/tegra: dc: Fix reference leak in tegra_dc_couple() (Ma Ke)
- mptcp: do not fallback when OoO is present (Paolo Abeni)
- mptcp: decouple mptcp fastclose from tcp close (Paolo Abeni)
- mptcp: avoid unneeded subflow-level drops (Paolo Abeni)
- selftests: mptcp: join: userspace: longer timeout (Matthieu Baerts)
- selftests: mptcp: join: endpoints: longer timeout (Matthieu Baerts)
- mptcp: fix premature close in case of fallback (Paolo Abeni)
- mptcp: fix duplicate reset on fastclose (Paolo Abeni)
- mptcp: fix ack generation for fallback msk (Paolo Abeni)
- mptcp: fix race condition in mptcp_schedule_work() (Eric Dumazet) [Orabug: 38730658] {CVE-2025-40258}
- LoongArch: Don't panic if no valid cache info for PCI (Huacai Chen)
- dt-bindings: pinctrl: toshiba,visconti: Fix number of items in groups (Krzysztof Kozlowski)
- MIPS: Malta: Fix !EVA SOC-it PCI MMIO (Maciej W. Rozycki)
- scsi: target: tcm_loop: Fix segfault in tcm_loop_tpg_address_show() (Hamza Mahfooz) [Orabug: 38773439] {CVE-2025-68229}
- scsi: sg: Do not sleep in atomic context (Bart Van Assche) [Orabug: 38730661] {CVE-2025-40259}
- nvme: nvme-fc: Ensure ->ioerr_work is cancelled in nvme_fc_delete_ctrl() (Ewan D. Milne) [Orabug: 38730672] {CVE-2025-40261}
- nvme: nvme-fc: move tagset removal to nvme_fc_delete_ctrl() (Ewan D. Milne)
- nouveau/firmware: Add missing kfree() of nvkm_falcon_fw::boot (Nam Cao) [Orabug: 38773467] {CVE-2025-68235}
- mm/mempool: fix poisoning order>0 pages with HIGHMEM (Vlastimil Babka) [Orabug: 38773453] {CVE-2025-68231}
- Input: pegasus-notetaker - fix potential out-of-bounds access (Seungjin Bae)
- Input: imx_sc_key - fix memory corruption on unload (Dan Carpenter)
- Input: goodix - add support for ACPI ID GDIX1003 (Hans de Goede)
- Input: cros_ec_keyb - fix an invalid memory access (Tzung-Bi Shih) [Orabug: 38730679] {CVE-2025-40263}
- Revert "drm/tegra: dsi: Clear enable register if powered by bootloader" (Diogo Ivo)
- net: dsa: microchip: lan937x: Fix RGMII delay tuning (Oleksij Rempel)
- be2net: pass wrb_params in case of OS2BMC (Andrey Vatoropin) [Orabug: 38730688] {CVE-2025-40264}
- ata: libata-scsi: Add missing scsi_device_put() in ata_scsi_dev_rescan() (Yihang Li)
- smb: client: introduce close_cached_dir_locked() (Henrique Carvalho)
- ata: libata-scsi: Fix system suspend for a security locked drive (Niklas Cassel)
- mptcp: Fix proto fallback detection with BPF (Jiayuan Chen) [Orabug: 38773434] {CVE-2025-68227}
- mptcp: Disallow MPTCP subflows from sockmap (Jiayuan Chen)
- exfat: check return value of sb_min_blocksize in exfat_read_boot_sector (Yongpeng Yang)
- shmem: fix tmpfs reconfiguration (remount) when noswap is set (Mike Yuan)
- isofs: check the return value of sb_min_blocksize() in isofs_fill_super (Yongpeng Yang)
- mtdchar: fix integer overflow in read/write ioctls (Dan Carpenter) [Orabug: 38773476] {CVE-2025-68237}
- mtd: rawnand: cadence: fix DMA device NULL pointer dereference (Niravkumar L Rabara)
- arm64: dts: rockchip: disable HS400 on RK3588 Tiger (Quentin Schulz)
- arm64: dts: rockchip: include rk3399-base instead of rk3399 in rk3399-op1 (Quentin Schulz)
- arm64: dts: rockchip: fix PCIe 3.3V regulator voltage on orangepi-5 (Mykola Kvach)
- arm64: dts: rockchip: Fix vccio4-supply on rk3566-pinetab2 (Diederik de Haas)
- HID: quirks: work around VID/PID conflict for 0x4c4a/0x4155 (Zhang Heng)
- HID: amd_sfh: Stop sensor before starting (Mario Limonciello)
- timers: Fix NULL function pointer race in timer_shutdown_sync() (Yipeng Zou) [Orabug: 38773387] {CVE-2025-68214}
- KVM: arm64: Check the untrusted offset in FF-A memory share (Sebastian Ene) [Orabug: 38730696] {CVE-2025-40266}

ELSA-2026-50112 Important: Oracle Linux 9 Unbreakable Enterprise kernel security update

Oracle Linux Security Advisory ELSA-2026-50112

http://linux.oracle.com/errata/ELSA-2026-50112.html

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

x86_64:
kernel-uek-6.12.0-108.64.6.3.el9uek.x86_64.rpm
kernel-uek-core-6.12.0-108.64.6.3.el9uek.x86_64.rpm
kernel-uek-debug-6.12.0-108.64.6.3.el9uek.x86_64.rpm
kernel-uek-debug-core-6.12.0-108.64.6.3.el9uek.x86_64.rpm
kernel-uek-debug-devel-6.12.0-108.64.6.3.el9uek.x86_64.rpm
kernel-uek-debug-modules-6.12.0-108.64.6.3.el9uek.x86_64.rpm
kernel-uek-debug-modules-core-6.12.0-108.64.6.3.el9uek.x86_64.rpm
kernel-uek-debug-modules-deprecated-6.12.0-108.64.6.3.el9uek.x86_64.rpm
kernel-uek-debug-modules-desktop-6.12.0-108.64.6.3.el9uek.x86_64.rpm
kernel-uek-debug-modules-extra-6.12.0-108.64.6.3.el9uek.x86_64.rpm
kernel-uek-debug-modules-extra-netfilter-6.12.0-108.64.6.3.el9uek.x86_64.rpm
kernel-uek-debug-modules-usb-6.12.0-108.64.6.3.el9uek.x86_64.rpm
kernel-uek-debug-modules-wireless-6.12.0-108.64.6.3.el9uek.x86_64.rpm
kernel-uek-devel-6.12.0-108.64.6.3.el9uek.x86_64.rpm
kernel-uek-doc-6.12.0-108.64.6.3.el9uek.noarch.rpm
kernel-uek-modules-6.12.0-108.64.6.3.el9uek.x86_64.rpm
kernel-uek-modules-core-6.12.0-108.64.6.3.el9uek.x86_64.rpm
kernel-uek-modules-deprecated-6.12.0-108.64.6.3.el9uek.x86_64.rpm
kernel-uek-modules-desktop-6.12.0-108.64.6.3.el9uek.x86_64.rpm
kernel-uek-modules-extra-6.12.0-108.64.6.3.el9uek.x86_64.rpm
kernel-uek-modules-extra-netfilter-6.12.0-108.64.6.3.el9uek.x86_64.rpm
kernel-uek-modules-usb-6.12.0-108.64.6.3.el9uek.x86_64.rpm
kernel-uek-modules-wireless-6.12.0-108.64.6.3.el9uek.x86_64.rpm
kernel-uek-tools-6.12.0-108.64.6.3.el9uek.x86_64.rpm

aarch64:
kernel-uek-6.12.0-108.64.6.3.el9uek.aarch64.rpm
kernel-uek-core-6.12.0-108.64.6.3.el9uek.aarch64.rpm
kernel-uek-debug-6.12.0-108.64.6.3.el9uek.aarch64.rpm
kernel-uek-debug-core-6.12.0-108.64.6.3.el9uek.aarch64.rpm
kernel-uek-debug-devel-6.12.0-108.64.6.3.el9uek.aarch64.rpm
kernel-uek-debug-modules-6.12.0-108.64.6.3.el9uek.aarch64.rpm
kernel-uek-debug-modules-core-6.12.0-108.64.6.3.el9uek.aarch64.rpm
kernel-uek-debug-modules-deprecated-6.12.0-108.64.6.3.el9uek.aarch64.rpm
kernel-uek-debug-modules-desktop-6.12.0-108.64.6.3.el9uek.aarch64.rpm
kernel-uek-debug-modules-extra-6.12.0-108.64.6.3.el9uek.aarch64.rpm
kernel-uek-debug-modules-extra-netfilter-6.12.0-108.64.6.3.el9uek.aarch64.rpm
kernel-uek-debug-modules-usb-6.12.0-108.64.6.3.el9uek.aarch64.rpm
kernel-uek-debug-modules-wireless-6.12.0-108.64.6.3.el9uek.aarch64.rpm
kernel-uek-devel-6.12.0-108.64.6.3.el9uek.aarch64.rpm
kernel-uek-modules-6.12.0-108.64.6.3.el9uek.aarch64.rpm
kernel-uek-modules-extra-6.12.0-108.64.6.3.el9uek.aarch64.rpm
kernel-uek-modules-core-6.12.0-108.64.6.3.el9uek.aarch64.rpm
kernel-uek-modules-deprecated-6.12.0-108.64.6.3.el9uek.aarch64.rpm
kernel-uek-modules-desktop-6.12.0-108.64.6.3.el9uek.aarch64.rpm
kernel-uek-modules-extra-netfilter-6.12.0-108.64.6.3.el9uek.aarch64.rpm
kernel-uek-modules-usb-6.12.0-108.64.6.3.el9uek.aarch64.rpm
kernel-uek-modules-wireless-6.12.0-108.64.6.3.el9uek.aarch64.rpm
kernel-uek-tools-6.12.0-108.64.6.3.el9uek.aarch64.rpm
kernel-uek64k-6.12.0-108.64.6.3.el9uek.aarch64.rpm
kernel-uek64k-core-6.12.0-108.64.6.3.el9uek.aarch64.rpm
kernel-uek64k-devel-6.12.0-108.64.6.3.el9uek.aarch64.rpm
kernel-uek64k-modules-6.12.0-108.64.6.3.el9uek.aarch64.rpm
kernel-uek64k-modules-core-6.12.0-108.64.6.3.el9uek.aarch64.rpm
kernel-uek64k-modules-deprecated-6.12.0-108.64.6.3.el9uek.aarch64.rpm
kernel-uek64k-modules-desktop-6.12.0-108.64.6.3.el9uek.aarch64.rpm
kernel-uek64k-modules-extra-6.12.0-108.64.6.3.el9uek.aarch64.rpm
kernel-uek64k-modules-extra-netfilter-6.12.0-108.64.6.3.el9uek.aarch64.rpm
kernel-uek64k-modules-usb-6.12.0-108.64.6.3.el9uek.aarch64.rpm
kernel-uek64k-modules-wireless-6.12.0-108.64.6.3.el9uek.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates/kernel-uek-6.12.0-108.64.6.3.el9uek.src.rpm

Related CVEs:

CVE-2018-1000204
CVE-2025-38234
CVE-2025-38276
CVE-2025-38357
CVE-2025-40034
CVE-2025-40075
CVE-2025-40149
CVE-2025-40164
CVE-2025-40170
CVE-2025-40215
CVE-2025-40246
CVE-2025-40248
CVE-2025-40251
CVE-2025-40252
CVE-2025-40254
CVE-2025-40257
CVE-2025-40258
CVE-2025-40259
CVE-2025-40261
CVE-2025-40263
CVE-2025-40264
CVE-2025-40266
CVE-2025-40325
CVE-2025-40330
CVE-2025-40345
CVE-2025-68197
CVE-2025-68206
CVE-2025-68209
CVE-2025-68213
CVE-2025-68214
CVE-2025-68215
CVE-2025-68218
CVE-2025-68219
CVE-2025-68223
CVE-2025-68224
CVE-2025-68227
CVE-2025-68229
CVE-2025-68230
CVE-2025-68231
CVE-2025-68233
CVE-2025-68235
CVE-2025-68237
CVE-2025-68259
CVE-2025-68261
CVE-2025-68264
CVE-2025-68265
CVE-2025-68282
CVE-2025-68283
CVE-2025-68284
CVE-2025-68285
CVE-2025-68286
CVE-2025-68288
CVE-2025-68292
CVE-2025-68293
CVE-2025-68295
CVE-2025-68296
CVE-2025-68297
CVE-2025-68298
CVE-2025-68300
CVE-2025-68301
CVE-2025-68305
CVE-2025-68306
CVE-2025-68307
CVE-2025-68308
CVE-2025-68324
CVE-2025-68325
CVE-2025-68329
CVE-2025-68330
CVE-2025-68331
CVE-2025-68337
CVE-2025-68340
CVE-2025-68341
CVE-2025-68342
CVE-2025-68343
CVE-2025-68348
CVE-2025-68349
CVE-2025-68354
CVE-2025-68356
CVE-2025-68357
CVE-2025-68362
CVE-2025-68363
CVE-2025-68364
CVE-2025-68366
CVE-2025-68367
CVE-2025-68371
CVE-2025-68372
CVE-2025-68374
CVE-2025-68378
CVE-2025-68379
CVE-2025-68380
CVE-2025-68724
CVE-2025-68732
CVE-2025-68740
CVE-2025-68741
CVE-2025-68742
CVE-2025-68744
CVE-2025-68746
CVE-2025-68756
CVE-2025-68757
CVE-2025-68759
CVE-2025-68764
CVE-2025-68770
CVE-2025-68771
CVE-2025-68775
CVE-2025-68776
CVE-2025-68778
CVE-2025-68780
CVE-2025-68782
CVE-2025-68783
CVE-2025-68784
CVE-2025-68785
CVE-2025-68788
CVE-2025-68789
CVE-2025-68794
CVE-2025-68795
CVE-2025-68798
CVE-2025-68803
CVE-2025-68810
CVE-2025-68811
CVE-2025-68813
CVE-2025-68814
CVE-2025-68815
CVE-2025-68816
CVE-2025-68818
CVE-2025-68819
CVE-2025-68820
CVE-2025-68821
CVE-2025-68822
CVE-2025-71066
CVE-2025-71068
CVE-2025-71072
CVE-2025-71075
CVE-2025-71077
CVE-2025-71080
CVE-2025-71082
CVE-2025-71083
CVE-2025-71084
CVE-2025-71085
CVE-2025-71087
CVE-2025-71089
CVE-2025-71091
CVE-2025-71093
CVE-2025-71094
CVE-2025-71095
CVE-2025-71096
CVE-2025-71097
CVE-2025-71098
CVE-2025-71100
CVE-2025-71101
CVE-2025-71104
CVE-2025-71108
CVE-2025-71111
CVE-2025-71113
CVE-2025-71114
CVE-2025-71116
CVE-2025-71118
CVE-2025-71120
CVE-2025-71123
CVE-2025-71125
CVE-2025-71126
CVE-2025-71130
CVE-2025-71131
CVE-2025-71132
CVE-2025-71133
CVE-2025-71135
CVE-2025-71138
CVE-2025-71143
CVE-2025-71146
CVE-2025-71147
CVE-2025-71148
CVE-2025-71149
CVE-2025-71151
CVE-2025-71154
CVE-2025-71156
CVE-2025-71157

Description of changes:

[6.12.0-108.64.6.3]
- net/rds: Fix issue with a revert in rds_send_queue_rm (Sharath Srinivasan) [Orabug: 38937451]

[6.12.0-108.64.6.2]
- Revert "net/rds: fix crash by expanding kref coverage to rds_incoming.i_conn" (Sharath Srinivasan) [Orabug: 38937451]
- Revert "net/rds: expand kref coverage to rds_notifier->n_conn" (Sharath Srinivasan) [Orabug: 38937451]

[6.12.0-108.64.6.1]
- net: mana: Reduce waiting time if HWC not responding (Haiyang Zhang) [Orabug: 38899652]

[6.12.0-108.64.6]
- tls: Use __sk_dst_get() and dst_dev_rcu() in get_netdev_for_sock(). (Kuniyuki Iwashima) [Orabug: 38649136] {CVE-2025-40149}

[6.12.0-108.64.5]
- net/mlx5: Update mlx5_ifc to support FEC for 200G per lane link modes (Jianbo Liu) [Orabug: 38859067]

[6.12.0-108.64.4]
- fuse: fix runtime warning on truncate_folio_batch_exceptionals() (Haiyue Wang) [Orabug: 38516705] {CVE-2025-38357}
- PCI/AER: Avoid NULL pointer dereference in aer_ratelimit() (Breno Leitao) [Orabug: 38597009] {CVE-2025-40034}
- bnxt_en: Shutdown FW DMA in bnxt_shutdown() (Michael Chan) [Orabug: 38747442] {CVE-2025-40330}
- mlx5: Fix default values in create CQ (Akiva Goldberger) [Orabug: 38750222,38773368] {CVE-2025-68209}
- RDMA/cm: Base cm_id destruction timeout on CMA values (Håkon Bugge) [Orabug: 38753653]
- bnxt_en: Fix null pointer dereference in bnxt_bs_trace_check_wrap() (Gautam R A) [Orabug: 38773315] {CVE-2025-68197}
- LTS version: v6.12.64 (Jack Vogel)
- block: fix NULL pointer dereference in blk_zone_reset_all_bio_endio() (Damien Le Moal)
- iomap: allocate s_dio_done_wq for async reads as well (Christoph Hellwig) [Orabug: 38798795] {CVE-2025-68357}
- mm/damon/tests/vaddr-kunit: handle alloc failures on damon_do_test_apply_three_regions() (Seongjae Park)
- mm/damon/tests/core-kunit: handle alloc failres in damon_test_new_filter() (Seongjae Park)
- mm/damon/tests/core-kunit: handle alloc failures on damon_test_split_regions_of() (Seongjae Park)
- vfio/pci: Disable qword access to the PCI ROM bar (Kevin Tian)
- media: amphion: Remove vpu_vb_is_codecconfig (Ming Qian)
- media: amphion: Make some vpu_v4l2 functions static (Laurent Pinchart)
- media: amphion: Add a frame flush mode for decoder (Ming Qian)
- media: mediatek: vcodec: Use spinlock for context list protection lock (Chen-Yu Tsai)
- powerpc/pseries/cmm: adjust BALLOON_MIGRATE when migrating pages (David Hildenbrand)
- mm/balloon_compaction: convert balloon_page_delete() to balloon_page_finalize() (David Hildenbrand)
- mm/balloon_compaction: we cannot have isolated pages in the balloon list (David Hildenbrand)
- PCI: brcmstb: Fix disabling L0s capability (Jim Quinlan)
- PCI: brcmstb: Set MLW based on "num-lanes" DT property if present (Jim Quinlan)
- PCI: brcmstb: Reuse pcie_cfg_data structure (Stanimir Varbanov)
- ASoC: renesas: rz-ssi: Fix rz_ssi_priv::hw_params_cache::sample_width (Biju Das)
- ASoC: qcom: sdw: fix memory leak for sdw_stream_runtime (Srinivas Kandagatla)
- soundwire: stream: extend sdw_alloc_stream() to take 'type' parameter (Pierre-Louis Bossart)
- block: handle zone management operations completions (Damien Le Moal)
- ASoC: renesas: rz-ssi: Fix channel swap issue in full duplex mode (Biju Das)
- gve: defer interrupt enabling until NAPI registration (Ankit Garg)
- hrtimers: Make hrtimer_update_function() less expensive (Thomas Gleixner)
- idpf: remove obsolete stashing code (Joshua Hay)
- idpf: stop Tx if there are insufficient buffer resources (Joshua Hay)
- idpf: replace flow scheduling buffer ring with buffer pool (Joshua Hay)
- idpf: simplify and fix splitq Tx packet rollback error path (Joshua Hay)
- idpf: improve when to set RE bit logic (Joshua Hay)
- idpf: add support for Tx refillqs in flow scheduling mode (Joshua Hay)
- idpf: trigger SW interrupt when exiting wb_on_itr mode (Joshua Hay)
- idpf: add support for SW triggered interrupts (Joshua Hay)
- wifi: mt76: mt7925: add handler to hif suspend/resume event (Quan Zhou)
- wifi: mt76: mt7925: fix CLC command timeout when suspend/resume (Quan Zhou)
- wifi: mt76: mt7925: fix the unfinished command of regd_notifier before suspend (Quan Zhou)
- media: i2c: imx219: Fix 1920x1080 mode to use 1:1 pixel aspect ratio (Dave Stevenson)
- x86/microcode/AMD: Select which microcode patch to load (Borislav Petkov)
- tty: fix tty_port_tty_*hangup() kernel-doc (Jiri Slaby)
- serial: core: Fix serial device initialization (Alexander Stein)
- usbnet: Fix using smp_processor_id() in preemptible code warnings (Zqiang) [Orabug: 38649205] {CVE-2025-40164}
- net: use dst_dev_rcu() in sk_setup_caps() (Eric Dumazet) [Orabug: 38649240] {CVE-2025-40170}
- ipv6: adopt dst_dev() helper (Eric Dumazet)
- net: ipv6: ioam6: use consistent dst names (Justin Iurman)
- drm/panthor: Flush shmem writes before mapping buffers CPU-uncached (Boris Brezillon)
- md/raid10: wait barrier before returning discard request with REQ_NOWAIT (Xiao Ni) [Orabug: 37855392] {CVE-2025-40325}
- netfilter: nft_ct: add seqadj extension for natted connections (Andrii Melnychenko) [Orabug: 38773355] {CVE-2025-68206}
- gpiolib: acpi: Add quirk for Dell Precision 7780 (Askar Safin)
- gpiolib: acpi: Add quirk for ASUS ProArt PX13 (Mario Limonciello)
- gpiolib: acpi: Add a quirk for Acer Nitro V15 (Mario Limonciello)
- gpiolib: acpi: Move quirks to a separate file (Andy Shevchenko)
- gpiolib: acpi: Add acpi_gpio_need_run_edge_events_on_boot() getter (Andy Shevchenko)
- gpiolib: acpi: Handle deferred list via new API (Andy Shevchenko)
- gpiolib: acpi: Switch to use enum in acpi_gpio_in_ignore_list() (Andy Shevchenko)
- f2fs: fix to propagate error from f2fs_enable_checkpoint() (Chao Yu)
- f2fs: dump more information for f2fs_{enable,disable}_checkpoint() (Chao Yu)
- f2fs: add timeout in f2fs_enable_checkpoint() (Chao Yu)
- f2fs: clear SBI_POR_DOING before initing inmem curseg (Sheng Yong)
- serial: xilinx_uartps: fix rs485 delay_rts_after_send (Jakub Turek)
- serial: xilinx_uartps: Use helper function hrtimer_update_function() (Nam Cao)
- hrtimers: Introduce hrtimer_update_function() (Nam Cao)
- drm/displayid: add quirk to ignore DisplayID checksum errors (Jani Nikula)
- sched_ext: Fix missing post-enqueue handling in move_local_task_to_local_dsq() (Tejun Heo)
- sched_ext: Factor out local_dsq_post_enq() from dispatch_enqueue() (Tejun Heo)
- tpm2-sessions: Fix tpm2_read_public range checks (Jarkko Sakkinen)
- block: freeze queue when updating zone resources (Damien Le Moal)
- ARM: dts: microchip: sama7g5: fix uart fifo size to 32 (Nicolas Ferre)
- svcrdma: bound check rq_pages index in inline path (Joshua Rogers) [Orabug: 38847975] {CVE-2025-71068}
- mm/ksm: fix exec/fork inheritance support for prctl (Xu Xin)
- mptcp: pm: ignore unknown endpoint flags (Matthieu Baerts)
- serial: core: Restore sysfs fwnode information (Andy Shevchenko)
- serial: core: fix OF node leak (Johan Hovold)
- f2fs: fix to avoid updating compression context during writeback (Chao Yu)
- f2fs: drop inode from the donation list when the last file is closed (Jaegeuk Kim)
- f2fs: use global inline_xattr_slab instead of per-sb slab cache (Chao Yu)
- f2fs: fix to detect recoverable inode during dryrun of find_fsync_dnodes() (Chao Yu)
- xhci: dbgtty: fix device unregister: fixup (Łukasz Bartosik)
- tty: introduce and use tty_port_tty_vhangup() helper (Jiri Slaby)
- jbd2: fix the inconsistency between checksum and data in memory for journal sb (Ye Bin)
- sched_ext: Fix incorrect sched_class settings for per-cpu migration tasks (Zqiang)
- erofs: fix unexpected EIO under memory pressure (Junbeom Yeom)
- sched/eevdf: Fix min_vruntime vs avg_vruntime (Peter Zijlstra)
- btrfs: don't rewrite ret from inode_permission (Josef Bacik)
- gfs2: fix freeze error handling (Alexey Velichayshiy)
- lib/crypto: riscv/chacha: Avoid s0/fp register (Vivian Wang)
- drm/imagination: Disallow exporting of PM/FW protected objects (Alessio Belle)
- drm/nouveau/dispnv50: Don't call drm_atomic_get_crtc_state() in prepare_fb (Lyude Paul)
- drm/i915/gem: Zero-initialize the eb.vma array in i915_gem_do_execbuffer (Niemiec, Krzysztof) [Orabug: 38852366] {CVE-2025-71130}
- drm/msm/dpu: Add missing NULL pointer check for pingpong interface (Nikolay Kuratov) [Orabug: 38852395] {CVE-2025-71138}
- drm/xe: Drop preempt-fences when destroying imported dma-bufs. (Thomas Hellström)
- drm/xe: Use usleep_range for accurate long-running workload timeslicing (Matthew Brost)
- drm/xe: Adjust long-running workload timeslices to reasonable values (Matthew Brost)
- drm/xe/oa: Disallow 0 OA property values (Ashutosh Dixit)
- drm/xe/bo: Don't include the CCS metadata in the dma-buf sg-table (Thomas Hellström)
- drm/mgag200: Fix big-endian support (René Rebe)
- drm/ttm: Avoid NULL pointer deref for evicted BOs (Simon Richter) [Orabug: 38848051] {CVE-2025-71083}
- drm/i915: Fix format string truncation warning (Ard Biesheuvel)
- drm/amdkfd: Trap handler support for expert scheduling mode (Jay Cornwall)
- drm/amdkfd: bump minimum vgpr size for gfx1151 (Jonathan Kim)
- drm/amdkfd: Export the cwsr_size and ctl_stack_size to userspace (Mario Limonciello)
- drm/mediatek: Fix probe device leaks (Johan Hovold)
- drm/mediatek: Fix probe memory leak (Johan Hovold)
- drm/mediatek: Fix probe resource leaks (Johan Hovold)
- drm/mediatek: Fix device node reference leak in mtk_dp_dt_parse() (Miaoqian Lin)
- drm/xe/oa: Fix potential UAF in xe_oa_add_config_ioctl() (Sanjay Yadav)
- drm/edid: add DRM_EDID_IDENT_INIT() to initialize struct drm_edid_ident (Jani Nikula)
- drm/gma500: Remove unused helper psb_fbdev_fb_setcolreg() (Thomas Zimmermann)
- drm/buddy: Separate clear and dirty free block trees (Arunpravin Paneer Selvam)
- drm/buddy: Optimize free block management with RB tree (Arunpravin Paneer Selvam)
- drm/msm/a6xx: Fix out of bound IO access in a6xx_get_gmu_registers (Akhil P Oommen)
- drm/amdgpu/gmc11: add amdgpu_vm_handle_fault() handling (Alex Deucher)
- drm/amdgpu: add missing lock to amdgpu_ttm_access_memory_sdma (Pierre-Eric Pelloux-Prayer)
- drm/amdgpu/gmc12: add amdgpu_vm_handle_fault() handling (Alex Deucher)
- Revert "drm/amd: Skip power ungate during suspend for VPE" (Mario Limonciello)
- net: macb: Relocate mog_init_rings() callback from macb_mac_link_up() to macb_open() (Xiaolei Wang)
- net: nfc: fix deadlock between nfc_unregister_device and rfkill_fop_write (Deepanshu Kartikey)
- net: usb: sr9700: fix incorrect command used to write single register (Ethan Nelson-Moore)
- nfsd: Drop the client reference in client_states_open() (Haoxiang Li)
- LoongArch: BPF: Sign extend kfunc call arguments (Hengqi Chen)
- LoongArch: BPF: Zero-extend bpf_tail_call() index (Hengqi Chen)
- LoongArch: Refactor register restoration in ftrace_common_return (Duan Chenghao)
- fjes: Add missing iounmap in fjes_hw_init() (Haoxiang Li)
- e1000: fix OOB in e1000_tbi_should_accept() (Guangshuo Li) [Orabug: 38848098] {CVE-2025-71093}
- RDMA/cm: Fix leaking the multicast GID table reference (Jason Gunthorpe) [Orabug: 38848057] {CVE-2025-71084}
- RDMA/core: Check for the presence of LS_NLA_TYPE_DGID correctly (Jason Gunthorpe) [Orabug: 38848116] {CVE-2025-71096}
- samples/ftrace: Adjust LoongArch register restore order in direct calls (Duan Chenghao)
- tools/mm/page_owner_sort: fix timestamp comparison for stable sorting (Kaushlendra Kumar)
- x86/microcode/AMD: Fix Entrysign revision check for Zen5/Strix Halo (Rongrong)
- mm/page_owner: fix memory leak in page_owner_stack_fops->release() (Ran Xiaokai)
- idr: fix idr_alloc() returning an ID out of range (Matthew Wilcox)
- lockd: fix vfs_test_lock() calls (Neil Brown)
- kasan: unpoison vms[area] addresses with a common tag (Maciej Wieczor-Retman)
- kasan: refactor pcpu kasan vmalloc unpoison (Maciej Wieczor-Retman)
- compiler_types.h: add "auto" as a macro for "__auto_type" (H. Peter Anvin)
- pmdomain: imx: Fix reference count leak in imx_gpc_probe() (Xu Wang)
- mm/damon/tests/core-kunit: handle alloc failure on damon_test_set_attrs() (Seongjae Park)
- mm/damon/tests/core-kunit: handle alloc failures in damon_test_ops_registration() (Seongjae Park)
- mm/damon/tests/core-kunit: handle alloc failures in damon_test_update_monitoring_result() (Seongjae Park)
- mm/damon/tests/core-kunit: handle alloc failures in damon_test_set_regions() (Seongjae Park)
- mm/damon/tests/core-kunit: handle alloc failures on damon_test_merge_two() (Seongjae Park)
- mm/damon/tests/core-kunit: handle alloc failures on dasmon_test_merge_regions_of() (Seongjae Park)
- mm/damon/tests/core-kunit: handle memory alloc failure from damon_test_aggregate() (Seongjae Park)
- mm/damon/tests/core-kunit: handle memory failure from damon_test_target() (Seongjae Park)
- mm/damon/tests/core-kunit: handle allocation failures in damon_test_regions() (Seongjae Park)
- mm/damon/tests/core-kunit: handle alloc failures on damon_test_split_at() (Seongjae Park)
- mm/damon/tests/vaddr-kunit: handle alloc failures on damon_test_split_evenly_succ() (Seongjae Park)
- mm/damon/tests/vaddr-kunit: handle alloc failures in damon_test_split_evenly_fail() (Seongjae Park)
- mm/damon/tests/sysfs-kunit: handle alloc failures on damon_sysfs_test_add_targets() (Seongjae Park)
- LoongArch: Use unsigned long for _end and _text (Tiezhu Yang)
- LoongArch: Use __pmd()/__pte() for swap entry conversions (Wangyuli)
- LoongArch: Fix build errors for CONFIG_RANDSTRUCT (Huacai Chen)
- LoongArch: Correct the calculation logic of thread_count (Maqiang)
- LoongArch: Add new PCI ID for pci_fixup_vgadev() (Huacai Chen)
- media: mediatek: vcodec: Fix a reference leak in mtk_vcodec_fw_vpu_init() (Haoxiang Li)
- media: i2c: adv7842: Remove redundant cancel_delayed_work in probe (Duoming Zhou)
- media: i2c: ADV7604: Remove redundant cancel_delayed_work in probe (Duoming Zhou)
- media: amphion: Cancel message work before releasing the VPU core (Ming Qian)
- media: vpif_display: fix section mismatch (Johan Hovold)
- media: vpif_capture: fix section mismatch (Johan Hovold)
- media: videobuf2: Fix device reference leak in vb2_dc_alloc error path (Xu Wang)
- media: verisilicon: Protect G2 HEVC decoder against invalid DPB index (Nicolas Dufresne)
- media: TDA1997x: Remove redundant cancel_delayed_work in probe (Duoming Zhou)
- media: samsung: exynos4-is: fix potential ABBA deadlock on init (Marek Szyprowski)
- media: renesas: rcar_drif: fix device node reference leak in rcar_drif_bond_enabled (Miaoqian Lin)
- media: platform: mtk-mdp3: fix device leaks at probe (Johan Hovold)
- media: msp3400: Avoid possible out-of-bounds array accesses in msp3400c_thread() (Ivan Abramov)
- media: cec: Fix debugfs leak on bus_register() failure (Xu Wang)
- fbdev: tcx.c fix mem_map to correct smem_start offset (René Rebe)
- fbdev: pxafb: Fix multiple clamped values in pxafb_adjust_timing (Thorsten Blum)
- fbdev: gbefb: fix to use physical address instead of dma address (René Rebe)
- dm-bufio: align write boundary on physical block size (Mikulas Patocka)
- dm-ebs: Mark full buffer dirty even on partial write (Uladzislau Rezki)
- firmware: stratix10-svc: Add mutex in stratix10 memory management (Mahesh Rao)
- media: adv7842: Avoid possible out-of-bounds array accesses in adv7842_cp_log_status() (Ivan Abramov)
- powerpc/pseries/cmm: call balloon_devinfo_init() also without CONFIG_BALLOON_COMPACTION (David Hildenbrand)
- perf/x86/amd/uncore: Fix the return value of amd_uncore_df_event_init() on error (Sandipan Das)
- parisc: entry: set W bit for !compat tasks in syscall_restore_rfi() (Sven Schnelle)
- parisc: entry.S: fix space adjustment on interruption for 64-bit userspace (Sven Schnelle)
- mtd: spi-nor: winbond: Add support for W25H02NWxxAM chips (Miquel Raynal)
- mtd: spi-nor: winbond: Add support for W25H01NWxxAM chips (Miquel Raynal)
- mtd: spi-nor: winbond: Add support for W25H512NWxxAM chips (Miquel Raynal)
- mtd: spi-nor: winbond: Add support for W25Q02NWxxIM chips (Miquel Raynal)
- mtd: spi-nor: winbond: Add support for W25Q01NWxxIM chips (Miquel Raynal)
- mtd: spi-nor: winbond: Add support for W25Q01NWxxIQ chips (Miquel Raynal)
- mtd: mtdpart: ignore error -ENOENT from parsers on subpartitions (Christian Marangi)
- media: verisilicon: Fix CPU stalls on G2 bus error (Nicolas Dufresne)
- media: rc: st_rc: Fix reset control resource leak (Xu Wang)
- mfd: max77620: Fix potential IRQ chip conflict when probing two devices (Krzysztof Kozlowski)
- mfd: altera-sysmgr: Fix device leak on sysmgr regmap lookup (Johan Hovold)
- clk: samsung: exynos-clkout: Assign .num before accessing .hws (Nathan Chancellor) [Orabug: 38852404] {CVE-2025-71143}
- block: Clear BLK_ZONE_WPLUG_PLUGGED when aborting plugged BIOs (Damien Le Moal)
- leds: leds-lp50xx: Enable chip before any communication (Christian Hitz)
- leds: leds-lp50xx: LP5009 supports 3 modules for a total of 9 LEDs (Christian Hitz)
- leds: leds-lp50xx: Allow LED 0 to be added to module bank (Christian Hitz)
- leds: leds-cros_ec: Skip LEDs without color components (Thomas Weißschuh)
- powerpc/64s/slb: Fix SLB multihit issue during SLB preload (Donet Tom)
- powerpc, mm: Fix mprotect on book3s 32-bit (Dave Vasilevsky)
- arm64: dts: ti: k3-j721e-sk: Fix pinmux for pin Y1 used by power regulator (Siddharth Vadapalli)
- PCI/PM: Reinstate clearing state_saved in legacy and !PM codepaths (Lukas Wunner)
- fgraph: Check ftrace_pids_enabled on registration for early filtering (Shengming Hu)
- fgraph: Initialize ftrace_ops->private for function graph ops (Shengming Hu)
- HID: logitech-dj: Remove duplicate error logging (Hans de Goede)
- iommu: disable SVA when CONFIG_X86 is set (Lu Baolu) [Orabug: 38848082] {CVE-2025-71089}
- iommu/tegra: fix device leak on probe_device() (Johan Hovold)
- iommu/sun50i: fix device leak on of_xlate() (Johan Hovold)
- iommu/qcom: fix device leak on of_xlate() (Johan Hovold)
- iommu/omap: fix device leaks on probe_device() (Johan Hovold)
- iommu/mediatek: fix device leak on of_xlate() (Johan Hovold)
- iommu/mediatek-v1: fix device leaks on probe() (Johan Hovold)
- iommu/mediatek-v1: fix device leak on probe_device() (Johan Hovold)
- iommu/ipmmu-vmsa: fix device leak on of_xlate() (Johan Hovold)
- iommu/exynos: fix device leak on of_xlate() (Johan Hovold)
- iommu/apple-dart: fix device leak on of_xlate() (Johan Hovold)
- iommu/amd: Propagate the error code returned by __modify_irte_ga() in modify_irte_ga() (Jinhui Guo)
- iommu/amd: Fix pci_segment memleak in alloc_pci_segment() (Jinhui Guo)
- ASoC: qcom: qdsp6: q6asm-dai: set 10 ms period and buffer alignment. (Srinivas Kandagatla)
- ASoC: qcom: q6adm: the the copp device only during last instance (Srinivas Kandagatla)
- ASoC: qcom: q6asm-dai: perform correct state check before closing (Srinivas Kandagatla)
- ASoC: qcom: q6apm-dai: set flags to reflect correct operation of appl_ptr (Srinivas Kandagatla)
- ASoC: codecs: lpass-tx-macro: fix SM6115 support (Srinivas Kandagatla)
- ASoC: stm32: sai: fix OF node leak on probe (Johan Hovold)
- ASoC: stm32: sai: fix clk prepare imbalance on probe failure (Johan Hovold)
- ASoC: stm32: sai: fix device leak on probe (Johan Hovold)
- ASoC: codecs: wcd939x: fix regmap leak on probe failure (Johan Hovold)
- ntfs: Do not overwrite uptodate pages (Matthew Wilcox)
- selftests/ftrace: traceonoff_triggers: strip off names (Yipeng Zou)
- blk-mq: skip CPU offline notify on unmapped hctx (Cong Zhang)
- RDMA/bnxt_re: fix dma_free_coherent() pointer (Thomas Fourier)
- RDMA/rtrs: Fix clt_path::max_pages_per_mr calculation (Lihonggang)
- ksmbd: Fix memory leak in get_file_all_info() (Zilin Guan)
- md/raid5: fix possible null-pointer dereferences in raid5_store_group_thread_cnt() (Tuo Li) [Orabug: 38852384] {CVE-2025-71135}
- md: Fix static checker warning in analyze_sbs (Li Nan)
- RDMA/bnxt_re: Fix to use correct page size for PDE table (Kalesh Ap)
- RDMA/bnxt_re: Fix IB_SEND_IP_CSUM handling in post_send (Alok Tiwari)
- RDMA/core: always drop device refcount in ib_del_sub_device_and_put() (Tetsuo Handa)
- RDMA/bnxt_re: Fix incorrect BAR check in bnxt_qplib_map_creq_db() (Alok Tiwari)
- RDMA/core: Fix logic error in ib_get_gids_from_rdma_hdr() (Jang Ingyu)
- RDMA/efa: Remove possible negative shift (Michael Margolin)
- RDMA/irdma: avoid invalid read in irdma_net_event (Michal Schmidt) [Orabug: 38852378] {CVE-2025-71133}
- ipv6: fix a BUG in rt6_get_pcpu_route() under PREEMPT_RT (Jiayuan Chen) [Orabug: 38848033] {CVE-2025-71080}
- net: rose: fix invalid array index in rose_kill_by_device() (Pwnverse)
- ipv4: Fix reference count leak when using error routes with nexthop objects (Ido Schimmel) [Orabug: 38848124] {CVE-2025-71097}
- ipv6: BUG() in pskb_expand_head() as part of calipso_skbuff_setattr() (Will Rosenberg) [Orabug: 38848060] {CVE-2025-71085}
- net: stmmac: fix the crash issue for zero copy XDP_TX action (Wei Fang) [Orabug: 38848110] {CVE-2025-71095}
- octeontx2-pf: fix "UBSAN: shift-out-of-bounds error" (Anshumali Gaur)
- platform/x86: hp-bioscfg: Fix out-of-bounds array access in ACPI package parsing (Junrui Luo) [Orabug: 38848146] {CVE-2025-71101}
- vfio/pds: Fix memory leak in pds_vfio_dirty_enable() (Zilin Guan)
- net: bridge: Describe @tunnel_hash member in net_bridge_vlan_group struct (Bagas Sanjaya)
- net: usb: asix: validate PHY address before use (Deepanshu Kartikey) [Orabug: 38848106] {CVE-2025-71094}
- kbuild: fix compilation of dtb specified on command-line without make rule (Thomas De Schampheleire)
- net: dsa: b53: skip multicast entries for fdb_dump() (Jonas Gorski)
- firewire: nosy: Fix dma_free_coherent() size (Thomas Fourier)
- genalloc.h: fix htmldocs warning (Andrew Morton)
- smc91x: fix broken irq-context in PREEMPT_RT (Levi Yun) [Orabug: 38852375] {CVE-2025-71132}
- selftests: net: fix "buffer overflow detected" for tap.c (Alice C. Munduruca)
- net: usb: rtl8150: fix memory leak on usb_submit_urb() failure (Deepakkumar Karn)
- amd-xgbe: reset retries and mode on RX adapt failures (Raju Rangoju)
- net: dsa: fix missing put_device() in dsa_tree_find_first_conduit() (Vladimir Oltean)
- team: fix check for port enabled in team_queue_override_port_prio_changed() (Jiri Pirko) [Orabug: 38848087] {CVE-2025-71091}
- platform/x86: ibm_rtl: fix EBDA signature search pointer arithmetic (Junrui Luo)
- platform/x86: msi-laptop: add missing sysfs_remove_group() (Thomas Fourier)
- platform/mellanox: mlxbf-pmc: Remove trailing whitespaces from event names (Shravan Kumar Ramani)
- ip6_gre: make ip6gre_header() robust (Eric Dumazet) [Orabug: 38848130] {CVE-2025-71098}
- net: openvswitch: Avoid needlessly taking the RTNL on vport destroy (Toke Høiland-Jørgensen)
- net: mdio: aspeed: add dummy read to avoid read-after-write issue (Jacky Chou)
- Bluetooth: btusb: revert use of devm_kzalloc in btusb (Raphael Pinsonneault-Thibeault) [Orabug: 38848042] {CVE-2025-71082}
- crypto: seqiv - Do not use req->iv after crypto_aead_encrypt (Herbert Xu) [Orabug: 38852369] {CVE-2025-71131}
- idpf: reduce mbx_task schedule delay to 300us (Brian Vazquez)
- iavf: fix off-by-one issues in iavf_config_rss_reg() (Kohei Enju) [Orabug: 38848072] {CVE-2025-71087}
- i40e: validate ring_len parameter against hardware-specific values (Gregory Herrero)
- i40e: fix scheduling in set_rx_mode (Przemyslaw Korba)
- wifi: mac80211: do not use old MBSSID elements (Aloka Dixit)
- wifi: cfg80211: sme: store capped length in __cfg80211_connect_result() (Dan Carpenter)
- wifi: rtlwifi: 8192cu: fix tid out of range in rtl92cu_tx_fill_desc() (Morning Star) [Orabug: 38848143] {CVE-2025-71100}
- wifi: rtw88: limit indirect IO under powered off for RTL8822CS (Ping-Ke Shih)
- fuse: fix readahead reclaim deadlock (Joanne Koong) [Orabug: 38847945] {CVE-2025-68821}
- iommu/mediatek: fix use-after-free on probe deferral (Johan Hovold)
- x86/msi: Make irq_retrigger() functional for posted MSI (Thomas Gleixner)
- ARM: dts: microchip: sama5d2: fix spi flexcom fifo size to 32 (Nicolas Ferre)
- hwmon: (w83l786ng) Convert macros to functions to avoid TOCTOU (Gui-Dong Han)
- hwmon: (w83791d) Convert macros to functions to avoid TOCTOU (Gui-Dong Han) [Orabug: 38852299] {CVE-2025-71111}
- hwmon: (max6697) fix regmap leak on probe failure (Johan Hovold)
- hwmon: (max16065) Use local variable to avoid TOCTOU (Gui-Dong Han)
- interconnect: qcom: sdx75: Drop QPIC interconnect and BCM nodes (Raviteja Laggyshetty)
- i2c: amd-mp2: fix reference leak in MP2 PCI device (Ma Ke)
- platform/x86: intel: chtwc_int33fe: don't dereference swnode args (Bartosz Golaszewski)
- rpmsg: glink: fix rpmsg device leak (Srinivas Kandagatla)
- soc: amlogic: canvas: fix device leak on lookup (Johan Hovold)
- soc: apple: mailbox: fix device leak on lookup (Johan Hovold)
- soc: qcom: ocmem: fix device leak on lookup (Johan Hovold)
- soc: qcom: pbs: fix device leak on lookup (Johan Hovold)
- soc: samsung: exynos-pmu: fix device leak on regmap lookup (Johan Hovold)
- tracing: Fix fixed array of synthetic event (Steven Rostedt)
- virtio: vdpa: Fix reference count leak in octep_sriov_enable() (Miaoqian Lin)
- amba: tegra-ahb: Fix device leak on SMMU enable (Johan Hovold)
- crypto: caam - Add check for kcalloc() in test_len() (Guangshuo Li)
- crypto: af_alg - zero initialize memory allocated via sock_kmalloc (Shivani Agarwal) [Orabug: 38852311] {CVE-2025-71113}
- dt-bindings: PCI: qcom,pcie-sm8550: Add missing required power-domains and resets (Krzysztof Kozlowski)
- dt-bindings: PCI: qcom,pcie-sm8450: Add missing required power-domains and resets (Krzysztof Kozlowski)
- dt-bindings: PCI: qcom,pcie-sm8350: Add missing required power-domains and resets (Krzysztof Kozlowski)
- dt-bindings: PCI: qcom,pcie-sm8250: Add missing required power-domains and resets (Krzysztof Kozlowski)
- dt-bindings: PCI: qcom,pcie-sm8150: Add missing required power-domains and resets (Krzysztof Kozlowski)
- dt-bindings: PCI: qcom,pcie-sc8280xp: Add missing required power-domains and resets (Krzysztof Kozlowski)
- dt-bindings: PCI: qcom,pcie-sc7280: Add missing required power-domains and resets (Krzysztof Kozlowski)
- arm64: Revamp HCR_EL2.E2H RES1 detection (Marc Zyngier)
- KVM: arm64: Initialize SCTLR_EL1 in __kvm_hyp_init_cpu() (Ahmed Genidi)
- KVM: arm64: Initialize HCR_EL2.E2H early (Mark Rutland)
- sched/rt: Fix race in push_rt_task (Harshit Agarwal) [Orabug: 38158721] {CVE-2025-38234}
- hsr: hold rcu and dev lock for hsr_get_port_ndev (Hangbin Liu)
- pinctrl: renesas: rzg2l: Fix ISEL restore on resume (Claudiu Beznea)
- ALSA: wavefront: Clear substream pointers on close (Junrui Luo)
- ALSA: wavefront: Use guard() for spin locks (Takashi Iwai)
- ALSA: hda: cs35l41: Fix NULL pointer dereference in cs35l41_hda_read_acpi() (Denis Arefev)
- drm/displayid: pass iter to drm_find_displayid_extension() (Jani Nikula)
- drm/amd/display: Fix scratch registers offsets for DCN351 (Ray Wu)
- drm/amd/display: Fix scratch registers offsets for DCN35 (Ray Wu)
- drm/amd/display: Use GFP_ATOMIC in dc_create_plane_state() (Alex Deucher)
- Revert "drm/amd/display: Fix pbn to kbps Conversion" (Mario Limonciello)
- io_uring: fix min_wait wakeups for SQPOLL (Jens Axboe)
- io_uring/poll: correctly handle io_poll_add() return value on update (Jens Axboe)
- gpio: regmap: Fix memleak in error path in gpio_regmap_register() (Guan Wentao)
- s390/ipl: Clear SBP flag when bootprog is set (Sven Schnelle)
- btrfs: don't log conflicting inode if it's a dir moved in the current transaction (Filipe Manana) [Orabug: 38847745] {CVE-2025-68778}
- powerpc/kexec: Enable SMT before waking offline CPUs (Nysal Jan K.A.)
- SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf (Joshua Rogers) [Orabug: 38852340] {CVE-2025-71120}
- svcrdma: use rc_pageoff for memcpy byte offset (Joshua Rogers) [Orabug: 38847896] {CVE-2025-68811}
- svcrdma: return 0 on success from svc_rdma_copy_inline_range (Joshua Rogers)
- nfsd: Mark variable __maybe_unused to avoid W=1 build break (Andy Shevchenko)
- NFSD: NFSv4 file creation neglects setting ACL (Chuck Lever) [Orabug: 38847871] {CVE-2025-68803}
- NFSD: Clear SECLABEL in the suppattr_exclcreat bitmap (Chuck Lever)
- net/handshake: restore destructor on submit failure (Caoping)
- fsnotify: do not generate ACCESS/MODIFY events on child for special files (Amir Goldstein) [Orabug: 38847799] {CVE-2025-68788}
- net: phy: marvell-88q2xxx: Fix clamped value in mv88q2xxx_hwmon_write (Thorsten Blum)
- r8169: fix RTL8117 Wake-on-Lan in DASH mode (René Rebe)
- PM: runtime: Do not clear needs_force_resume with enabled runtime PM (Rafael J. Wysocki)
- tracing: Do not register unsupported perf events (Steven Rostedt) [Orabug: 38852354] {CVE-2025-71125}
- xfs: fix a UAF problem in xattr repair (Darrick J. Wong) [Orabug: 38847781] {CVE-2025-68784}
- xfs: fix stupid compiler warning (Darrick J. Wong)
- xfs: fix a memory leak in xfs_buf_item_init() (Haoxiang Li)
- KVM: nSVM: Clear exit_code_hi in VMCB when synthesizing nested VM-Exits (Sean Christopherson)
- KVM: nSVM: Set exit_code_hi to -1 when synthesizing SVM_EXIT_ERR (failed VMRUN) (Sean Christopherson)
- KVM: nVMX: Immediately refresh APICv controls as needed on nested VM-Exit (Dongli Zhang)
- KVM: SVM: Mark VMCB_PERM_MAP as dirty on nested VMRUN (Jim Mattson)
- KVM: nSVM: Propagate SVM_EXIT_CR0_SEL_WRITE correctly for LMSW emulation (Yosry Ahmed)
- KVM: SVM: Mark VMCB_NPT as dirty on nested VMRUN (Jim Mattson)
- KVM: nSVM: Avoid incorrect injection of SVM_EXIT_CR0_SEL_WRITE (Yosry Ahmed)
- KVM: x86: Fix VM hard lockup after prolonged inactivity with periodic HV timer (Fuqiang Wang) [Orabug: 38852272] {CVE-2025-71104}
- KVM: x86: Explicitly set new periodic hrtimer expiration in apic_timer_fn() (Fuqiang Wang)
- KVM: x86: WARN if hrtimer callback for periodic APIC timer fires with period=0 (Sean Christopherson)
- powerpc: Add reloc_offset() to font bitmap pointer used for bootx_printf() (Finn Thain)
- libceph: make decode_pool() more resilient against corrupted osdmaps (Ilya Dryomov) [Orabug: 38852324] {CVE-2025-71116}
- parisc: Do not reprogram affinitiy on ASP chip (Helge Deller)
- scs: fix a wrong parameter in __scs_magic (Zhichi Lin)
- platform/chrome: cros_ec_ishtp: Fix UAF after unbinding driver (Tzung-Bi Shih)
- KVM: x86: Don't clear async #PF queue when CR0.PG is disabled (e.g. on #SMI) (Maxim Levitsky)
- ocfs2: fix kernel BUG in ocfs2_find_victim_chain (Prithvi Tambewagh) [Orabug: 38847687] {CVE-2025-68771}
- media: vidtv: initialize local pointers upon transfer of memory ownership (Jeongjun Park)
- KVM: Disallow toggling KVM_MEM_GUEST_MEMFD on an existing memslot (Sean Christopherson) [Orabug: 38847894] {CVE-2025-68810}
- tools/testing/nvdimm: Use per-DIMM device handle (Alison Schofield)
- f2fs: fix return value of f2fs_recover_fsync_data() (Chao Yu)
- f2fs: fix uninitialized one_time_gc in victim_sel_policy (Xiaole He)
- f2fs: fix age extent cache insertion skip on counter overflow (Xiaole He)
- f2fs: invalidate dentry cache on failed whiteout creation (Deepanshu Kartikey)
- f2fs: fix to avoid updating zero-sized extent in extent cache (Chao Yu)
- f2fs: fix to avoid potential deadlock (Chao Yu)
- f2fs: ensure node page reads complete before f2fs_put_super() finishes (Jan Prusakowski)
- scsi: ufs: core: Add ufshcd_update_evt_hist() for UFS suspend error (Seunghwan Baek)
- scsi: mpi3mr: Read missing IOCFacts flag for reply queue full overflow (Chandrakanth Patil)
- scsi: target: Reset t_task_cdb pointer in error case (Andrey Vatoropin) [Orabug: 38847769] {CVE-2025-68782}
- NFSD: use correct reservation type in nfsd4_scsi_fence_client (Dai Ngo)
- scsi: aic94xx: fix use-after-free in device removal path (Junrui Luo) [Orabug: 38848008] {CVE-2025-71075}
- scsi: Revert "scsi: qla2xxx: Perform lockless command completion in abort path" (Tony Battersby) [Orabug: 38847928] {CVE-2025-68818}
- cpufreq: nforce2: fix reference count leak in nforce2 (Miaoqian Lin)
- cpuidle: governors: teo: Drop misguided target residency check (Rafael J. Wysocki)
- serial: sh-sci: Check that the DMA cookie is valid (Claudiu Beznea)
- mei: gsc: add dependency on Xe driver (Junxiao Chang)
- intel_th: Fix error handling in intel_th_output_open (Ma Ke)
- char: applicom: fix NULL pointer dereference in ac_ioctl (Tianchu Chen)
- usb: renesas_usbhs: Fix a resource leak in usbhs_pipe_malloc() (Haoxiang Li)
- usb: dwc3: keep susphy enabled during exit to avoid controller faults (Udipto Goswami)
- usb: dwc3: of-simple: fix clock resource leak in dwc3_of_simple_probe (Miaoqian Lin)
- usb: gadget: lpc32xx_udc: fix clock imbalance in error path (Johan Hovold)
- usb: phy: isp1301: fix non-OF device reference imbalance (Johan Hovold)
- usb: phy: fsl-usb: Fix use-after-free in delayed work during device removal (Duoming Zhou)
- USB: lpc32xx_udc: Fix error handling in probe (Ma Ke)
- usb: typec: altmodes/displayport: Drop the device reference in dp_altmode_probe() (Haoxiang Li)
- usb: ohci-nxp: fix device leak on probe failure (Johan Hovold)
- phy: broadcom: bcm63xx-usbh: fix section mismatches (Johan Hovold)
- media: pvrusb2: Fix incorrect variable used in trace message (Colin Ian King)
- media: dvb-usb: dtv5100: fix out-of-bounds in dtv5100_i2c_msg() (Jeongjun Park) [Orabug: 38847936] {CVE-2025-68819}
- usb: usb-storage: Maintain minimal modifications to the bcdDevice range. (Chenchangcheng)
- mptcp: avoid deadlock on fallback while reinjecting (Paolo Abeni) [Orabug: 38852415] {CVE-2025-71126}
- mptcp: schedule rtx timer only after pushing data (Paolo Abeni)
- selftests: mptcp: pm: ensure unknown flags are ignored (Matthieu Baerts)
- media: v4l2-mem2mem: Fix outdated documentation (Laurent Pinchart)
- jbd2: use a weaker annotation in journal handling (Byungchul Park)
- jbd2: use a per-journal lock_class_key for jbd2_trans_commit_key (Tetsuo Handa)
- ext4: align max orphan file size with e2fsprogs limit (Baokun Li)
- ext4: fix incorrect group number assertion in mb_check_buddy (Yongjian Sun)
- ext4: clear i_state_flags when alloc inode (Haibo Chen)
- ext4: xattr: fix null pointer deref in ext4_raw_inode() (Karina Yankevich) [Orabug: 38848274] {CVE-2025-68820}
- ext4: fix string copying in parse_apply_sb_mount_options() (Fedor Pchelkin) [Orabug: 38852413] {CVE-2025-71123}
- tpm: Cap the number of PCR banks (Jarkko Sakkinen) [Orabug: 38848016] {CVE-2025-71077}
- ktest.pl: Fix uninitialized var in config-bisect.pl (Steven Rostedt)
- fs/ntfs3: fix mount failure for sparse runs in run_unpack() (Konstantin Komarov)
- kallsyms: Fix wrong "big" kernel symbol type read from procfs (Zheng Yejian)
- floppy: fix for PAGE_SIZE != 4KB (René Rebe)
- block: rate-limit capacity change info log (Li Chen)
- wifi: mt76: Fix DTS power-limits on little endian systems (Sven Eckelmann)
- s390/dasd: Fix gendisk parent after copy pair swap (Stefan Haberland)
- lib/crypto: x86/blake2s: Fix 32-bit arg treated as 64-bit (Eric Biggers)
- perf: arm_cspmu: fix error handling in arm_cspmu_impl_unregister() (Ma Ke)
- mmc: sdhci-msm: Avoid early clock doubling during HS400 transition (Sarthak Garg)
- x86/mce: Do not clear bank's poll bit in mce_poll_banks on AMD SMCA systems (Avadhut Naik)
- io_uring: fix filename leak in __io_openat_prep() (Prithvi Tambewagh) [Orabug: 38847904] {CVE-2025-68814}
- KEYS: trusted: Fix a memory leak in tpm2_load_cmd (Jarkko Sakkinen)
- cifs: Fix memory and information leak in smb3_reconfigure() (Zilin Guan)
- vhost/vsock: improve RCU read sections around vhost_vsock_get() (Stefano Garzarella)
- block: rnbd-clt: Fix signedness bug in init_dev() (Dan Carpenter)
- scsi: scsi_debug: Fix atomic write enable module param description (John Garry)
- MIPS: ftrace: Fix memory corruption when kernel is located beyond 32 bits (Gregory Clement)
- platform/x86/intel/hid: Add Dell Pro Rugged 10/12 tablet to VGBS DMI quirks (Chia-Lin Kao)
- nvme-fabrics: add ENOKEY to no retry criteria for authentication failures (Justin Tee)
- nvme-fc: don't hold rport lock when putting ctrl (Daniel Wagner)
- i2c: designware: Disable SMBus interrupts to prevent storms from mis-configured firmware (Jinhui Guo)
- clk: qcom: dispcc-sm7150: Fix dispcc_mdss_pclk0_clk_src (Jens Reidel)
- libperf cpumap: Fix perf_cpu_map__max for an empty/NULL map (Ian Rogers)
- serial: sprd: Return -EPROBE_DEFER when uart clock is not ready (Wenhua Lin)
- usb: usb-storage: No additional quirks need to be added to the EL-R12 optical drive. (Chenchangcheng)
- usb: xhci: limit run_graceperiod for only usb 3.0 devices (Hongyu Xie)
- iio: adc: ti_am335x_adc: Limit step_avg to valid range for gcc complains (Pei Xiao)
- usb: typec: ucsi: Handle incorrect num_connectors capability (Mark Pearson) [Orabug: 38852284] {CVE-2025-71108}
- usbip: Fix locking bug in RT-enabled kernels (Lizhi Xu)
- exfat: zero out post-EOF page cache on file extension (Yuezhang Mo)
- exfat: fix remount failure in different process environments (Yuezhang Mo)
- reset: fix BIT macro reference (Yongchao Jia)
- via_wdt: fix critical boot hang due to unnamed resource allocation (Li Qiang) [Orabug: 38852317] {CVE-2025-71114}
- fuse: Invalidate the page cache after FOPEN_DIRECT_IO write (Bernd Schubert)
- fuse: Always flush the page cache before FOPEN_DIRECT_IO write (Bernd Schubert)
- scsi: qla2xxx: Use reinit_completion on mbx_intr_comp (Tony Battersby)
- scsi: qla2xxx: Fix initiator mode with qlini_mode=exclusive (Tony Battersby)
- scsi: qla2xxx: Fix lost interrupts with qlini_mode=disabled (Tony Battersby)
- powerpc/addnote: Fix overflow on 32-bit builds (Ben Collins)
- clk: mvebu: cp110 add CLK_IGNORE_UNUSED to pcie_x10, pcie_x11 & pcie_x4 (Josua Mayer)
- scsi: smartpqi: Add support for Hurray Data new controller PCI device (David Strahan)
- ti-sysc: allow OMAP2 and OMAP4 timers to be reserved on AM33xx (Matthias Schiffer)
- firmware: imx: scu-irq: Init workqueue before request mbox channel (Peng Fan)
- scsi: ufs: host: mediatek: Fix shutdown/suspend race condition (Peter Wang)
- ipmi: Fix __scan_channels() failing to rescan channels (Jinhui Guo)
- ipmi: Fix the race between __scan_channels() and deliver_response() (Jinhui Guo)
- nfsd: fix memory leak in nfsd_create_serv error paths (Shardul Bankar)
- nfsd: rename nfsd_serv_ prefixed methods and variables with nfsd_net_ (Mike Snitzer)
- nfsd: update percpu_ref to manage references on nfsd_net (Mike Snitzer)
- ASoC: ak4458: remove the reset operation in probe and remove (Shengjiu Wang)
- ALSA: usb-mixer: us16x08: validate meter packet indices (Shipei Qu) [Orabug: 38847774] {CVE-2025-68783}
- ALSA: pcmcia: Fix resource leak in snd_pdacf_probe error path (Xu Wang)
- ALSA: vxpocket: Fix resource leak in vxpocket_probe error path (Xu Wang)
- x86/fpu: Fix FPU state core dump truncation on CPUs with no extended xfeatures (Yongxin Liu)
- net/hsr: fix NULL pointer dereference in prp_get_untagged_frame() (Shaurya Rane) [Orabug: 38847723] {CVE-2025-68776}
- dt-bindings: mmc: sdhci-of-aspeed: Switch ref to sdhci-common.yaml (Andrew Jeffery)
- mmc: sdhci-of-arasan: Increase CD stable timeout to 2 seconds (Sai Krishna Potthuri)
- mmc: sdhci-esdhc-imx: add alternate ARCH_S32 dependency to Kconfig (Jared Kangas)
- spi: fsl-cpm: Check length parity before switching to 16 bit mode (Christophe Leroy)
- ACPI: CPPC: Fix missing PCC check for guaranteed_perf (Pengjie Zhang)
- ACPI: PCC: Fix race condition by removing static qualifier (Pengjie Zhang)
- soc/tegra: fuse: Do not register SoC device on ACPI boot (Kartik)
- can: gs_usb: gs_can_open(): fix error handling (Marc Kleine-Budde)
- xfs: don't leak a locked dquot when xfs_dquot_attach_buf fails (Christoph Hellwig)
- Input: i8042 - add TUXEDO InfinityBook Max Gen10 AMD to i8042 quirk table (Christoffer Sandberg)
- Input: alps - fix use-after-free bugs caused by dev3_register_work (Duoming Zhou) [Orabug: 38847948] {CVE-2025-68822}
- Input: lkkbd - disable pending work before freeing device (Minseong Kim)
- Input: ti_am335x_tsc - fix off-by-one error in wire_order validation (Junjie Cao)
- HID: input: map HID_GD_Z to ABS_DISTANCE for stylus/pen (Ping Cheng)
- ksmbd: fix buffer validation by including null terminator size in EA length (Namjae Jeon)
- ksmbd: Fix refcount leak when invalid session is found on session lookup (Namjae Jeon)
- ksmbd: skip lock-range check on equal size to avoid size==0 underflow (Qianchang Zhao)
- hwmon: (ltc4282): Fix reset_history file permissions (Nuno Sa)
- drm/xe/oa: Limit num_syncs to prevent oversized allocations (Shuicheng Lin)
- drm/xe: Limit num_syncs to prevent oversized allocations (Shuicheng Lin)
- block: rnbd-clt: Fix leaked ID in init_dev() (Thomas Fourier)
- spi: cadence-quadspi: Fix clock disable on probe failure path (Anurag Dutta)
- arm64: kdump: Fix elfcorehdr overlap caused by reserved memory processing reorder (Jianpeng Chang)
- x86/xen: Fix sparse warning in enlighten_pv.c (Juergen Gross)
- x86/xen: Move Xen upcall handler (Brian Gerst)
- drm/panel: sony-td4353-jdi: Enable prepare_prev_first (Marijn Suijten)
- MIPS: Fix a reference leak bug in ip22_check_gio() (Haoxiang Li)
- drm/xe: Restore engine registers before restarting schedulers after GT reset (Jan Maslak)
- drm/me/gsc: mei interrupt top half should be in irq disabled context (Junxiao Chang)
- hwmon: (tmp401) fix overflow caused by default conversion rate value (Alexey Simakov)
- hwmon: (ibmpex) fix use-after-free in high/low store (Junrui Luo) [Orabug: 38847806] {CVE-2025-68789}
- hwmon: (dell-smm) Limit fan multiplier to avoid overflow (Denis Sergeev)
- net: hns3: add VLAN id validation before using (Jian Shen)
- net: hns3: using the num_tqps to check whether tqp_index is out of range when vf get ring info from mbx (Jian Shen)
- net: hns3: using the num_tqps in the vf driver to apply for resources (Jian Shen)
- net: enetc: do not transmit redirected XDP frames when the link is down (Wei Fang)
- net/handshake: duplicate handshake cancellations leak socket (Scott Mayhew) [Orabug: 38847719] {CVE-2025-68775}
- net/mlx5: Serialize firmware reset with devlink (Shay Drory)
- net/mlx5: fw_tracer, Handle escaped percent properly (Shay Drory)
- net/mlx5: fw_tracer, Validate format string parameters (Shay Drory) [Orabug: 38847913] {CVE-2025-68816}
- net/mlx5: Drain firmware reset in shutdown callback (Moshe Shemesh)
- net/mlx5: fw reset, clear reset requested on drain_fw_reset (Moshe Shemesh)
- ethtool: Avoid overflowing userspace buffer on stats query (Gal Pressman) [Orabug: 38847825] {CVE-2025-68795}
- iommufd/selftest: Check for overflow in IOMMU_TEST_OP_ADD_RESERVED (Jason Gunthorpe)
- iommufd/selftest: Make it clearer to gcc that the access is not out of bounds (Jason Gunthorpe)
- iommufd/selftest: Update hw_info coverage for an input data_type (Nicolin Chen)
- iommufd/selftest: Add coverage for reporting max_pasid_log2 via IOMMU_HW_INFO (Yi Liu)
- selftests: netfilter: packetdrill: avoid failure on HZ=100 kernel (Florian Westphal)
- netfilter: nf_tables: remove redundant chain validation on register store (Pablo Neira Ayuso)
- netfilter: nf_nat: remove bogus direction check (Florian Westphal)
- nfc: pn533: Fix error code in pn533_acr122_poweron_rdr() (Dan Carpenter)
- net/sched: ets: Remove drr class from the active list if it changes to strict (Victor Nogueira) [Orabug: 38847909] {CVE-2025-68815}
- caif: fix integer underflow in cffrml_receive() (Junrui Luo)
- ipvs: fix ipv4 null-ptr-deref in route error path (Slavin Liu) [Orabug: 38847899] {CVE-2025-68813}
- netfilter: nf_conncount: fix leaked ct in error paths (Fernando Fernandez Mancera)
- broadcom: b44: prevent uninitialized value usage (Alexey Simakov)
- net: openvswitch: fix middle attribute validation in push_nsh() action (Ilya Maximets) [Orabug: 38847783] {CVE-2025-68785}
- bnxt_en: Fix XDP_TX path (Michael Chan) [Orabug: 38847683] {CVE-2025-68770}
- mlxsw: spectrum_mr: Fix use-after-free when updating multicast route stats (Ido Schimmel)
- mlxsw: spectrum_router: Fix neighbour use-after-free (Ido Schimmel)
- mlxsw: spectrum_router: Fix possible neighbour reference count leak (Ido Schimmel)
- ipvlan: Ignore PACKET_LOOPBACK in handle_mode_l2() (Dmitry Skorodumov)
- net/sched: ets: Always remove class from active list before deleting in ets_qdisc_change (Jamal Hadi Salim) [Orabug: 38847964] {CVE-2025-71066}
- netrom: Fix memory leak in nr_sendmsg() (Wang Liang)
- net: fec: ERR007885 Workaround for XDP TX path (Wei Fang)
- gfs2: Fix use of bio_chain (Andreas Gruenbacher)
- Bluetooth: btusb: Add new VID/PID 0x0489/0xE12F for RTL8852BE-VT (Max Chou)
- Bluetooth: btusb: Add new VID/PID 13d3/3533 for RTL8821CE (Gongwei Li)
- Bluetooth: btusb: MT7920: Add VID/PID 0489/e135 (Chris Lu)
- Bluetooth: btusb: MT7922: Add VID/PID 0489/e170 (Chris Lu)
- Bluetooth: btusb: Add new VID/PID 2b89/6275 for RTL8761BUV (Chingbin Li)
- ksmbd: vfs: fix race on m_flags in vfs_cache (Qianchang Zhao)
- ksmbd: fix use-after-free in ksmbd_tree_connect_put under concurrency (Namjae Jeon)
- smb/server: fix return value of smb2_ioctl() (Chenxiaosong)
- gfs2: Fix "gfs2: Switch to wait_event in gfs2_quotad" (Andreas Gruenbacher)
- gfs2: fix remote evict for read-only filesystems (Andreas Gruenbacher)
- btrfs: scrub: always update btrfs_scrub_progress::last_physical (Qu Wenruo)
- wifi: brcmfmac: Add DMI nvram filename quirk for Acer A1 840 tablet (Hans de Goede)
- wifi: mt76: mt792x: fix wifi init fail by setting MCU_RUNNING after CLC load (Quan Zhou)
- wifi: cfg80211: use cfg80211_leave() in iftype change (Johannes Berg)
- wifi: cfg80211: stop radar detection in cfg80211_leave() (Johannes Berg)
- wifi: rtl8xxxu: Fix HT40 channel config for RTL8192CU, RTL8723AU (Bitterblue Smith)
- fs/ntfs3: check for shutdown in fsync (Konstantin Komarov)
- hfsplus: fix volume corruption issue for generic/073 (Viacheslav Dubeyko)
- hfsplus: Verify inode mode when loading from disk (Tetsuo Handa)
- hfsplus: fix missing hfs_bnode_get() in __hfs_bnode_create (Yang Chenzhi)
- hfsplus: fix volume corruption issue for generic/070 (Viacheslav Dubeyko)
- ntfs: set dummy blocksize to read boot_block when mounting (Pedro Demarchi Gomes)
- kbuild: Use objtree for module signing key path (Mikhail Malyshev)
- fs/ntfs3: Support timestamps prior to epoch (Konstantin Komarov)
- livepatch: Match old_sympos 0 and 1 in klp_find_func() (Song Liu)
- cpuidle: menu: Use residency threshold in polling state override decisions (Aboorva Devarajan)
- cpufreq: s5pv210: fix refcount leak (Shuhao Fu)
- ACPI: fan: Workaround for 64-bit firmware bug (Armin Wolf)
- cpufreq: dt-platdev: Add JH7110S SOC to the allowlist (Hal Feng)
- ACPI: property: Use ACPI functions in acpi_graph_get_next_endpoint() only (Sakari Ailus)
- ACPICA: Avoid walking the Namespace if start_node is NULL (Cryolitia Pukngae) [Orabug: 38852332] {CVE-2025-71118}
- x86/ptrace: Always inline trivial accessors (Peter Zijlstra)
- sched/deadline: only set free_cpus for online runqueues (Doug Berger) [Orabug: 38847752] {CVE-2025-68780}
- perf/x86/amd: Check event before enable to avoid GPF (George Kennedy) [Orabug: 38847848] {CVE-2025-68798}
- scripts/faddr2line: Fix "Argument list too long" error (Pankaj Raghav)
- iomap: account for unaligned end offsets when truncating read range (Joanne Koong)
- iomap: adjust read range correctly for non-block-aligned positions (Joanne Koong) [Orabug: 38847819] {CVE-2025-68794}
- shmem: fix recovery on rename failures (Al Viro) [Orabug: 38847988] {CVE-2025-71072}
- btrfs: fix memory leak of fs_devices in degraded seed device path (Deepanshu Kartikey)
- bpf, arm64: Do not audit capability check in do_jit() (Ondrej Mosnacek)
- btrfs: fix a potential path leak in print_data_reloc_error() (Qu Wenruo)
- btrfs: do not skip logging new dentries when logging a new name (Filipe Manana)

[6.12.0-108.63.3]
- x86/its: Build fails with CONFIG_MITIGATION_ITS=n (Alexandre Chartre) [Orabug: 38756944]

[6.12.0-108.63.2]
- LTS version: v6.12.63 (Jack Vogel)
- ASoC: codecs: nau8325: Silence uninitialized variables warnings (Krzysztof Kozlowski)
- ALSA: wavefront: Fix integer overflow in sample size validation (Junrui Luo)
- ALSA: dice: fix buffer overflow in detect_stream_formats() (Junrui Luo)
- usb: dwc3: dwc3_power_off_all_roothub_ports: Use ioremap_np when required (Sven Peter)
- usb: phy: Initialize struct usb_phy list_head (Diogo Ivo)
- usb: gadget: tegra-xudc: Always reinitialize data toggle when clear halt (Haotien Hsu)
- tcp_metrics: use dst_dev_net_rcu() (Eric Dumazet) [Orabug: 38592188] {CVE-2025-40075}
- net: dst: introduce dst->dev_rcu (Eric Dumazet)
- net: lan743x: Allocate rings outside ZONE_DMA (Thangaraj Samynathan)
- LoongArch: Add machine_kexec_mask_interrupts() implementation (Huacai Chen)
- ocfs2: fix memory leak in ocfs2_merge_rec_left() (Dmitry Antipov)
- irqchip/mchp-eic: Fix error code in mchp_eic_domain_alloc() (Dan Carpenter)
- scsi: imm: Fix use-after-free bug caused by unfinished delayed work (Duoming Zhou) [Orabug: 38783113] {CVE-2025-68324}
- efi/cper: align ARM CPER type with UEFI 2.9A/2.10 specs (Mauro Carvalho Chehab)
- efi/cper: Adjust infopfx size to accept an extra space (Mauro Carvalho Chehab)
- efi/cper: Add a new helper function to print bitmasks (Mauro Carvalho Chehab)
- dm log-writes: Add missing set_freezable() for freezable kthread (Xu Wang)
- dm-raid: fix possible NULL dereference with undefined raid type (Alexey Simakov)
- block: return unsigned int from queue_dma_alignment (Christoph Hellwig)
- block: Use RCU in blk_mq_[un]quiesce_tagset() instead of set->tag_list_lock (Mohamed Khalfella) [Orabug: 38818209] {CVE-2025-68756}
- ARM: 9464/1: fix input-only operand modification in load_unaligned_zeropad() (Pangliyuan)
- ALSA: firewire-motu: add bounds check in put_user loop for DSP events (Junrui Luo)
- rtc: gamecube: Check the return value of ioremap() (Xu Wang)
- drm/amdkfd: Use huge page size to check split svm range alignment (Xiaogang Chen)
- ALSA: uapi: Fix typo in asound.h comment (Andres J Rosa)
- docs: hwmon: fix link to g762 devicetree binding (Kathara Sasikumar)
- cifs: Fix handling of a beyond-EOF DIO/unbuffered read over SMB2 (David Howells)
- drm/nouveau: refactor deprecated strcpy (Madhur Kumar)
- ALSA: firewire-motu: fix buffer overflow in hwdep read for DSP events (Junrui Luo)
- regulator: fixed: Rely on the core freeing the enable GPIO (Mark Brown)
- drm/plane: Fix IS_ERR() vs NULL check in drm_plane_create_hotspot_properties() (Dan Carpenter)
- nvme-auth: use kvfree() for memory allocated with kvcalloc() (Israel Rukshin)
- block: fix memory leak in __blkdev_issue_zero_pages (Shaurya Rane) [Orabug: 38798772] {CVE-2025-68348}
- block: fix comment for op_is_zone_mgmt() to include RESET_ALL (Shechenglong)
- blk-mq: Abort suspend when wakeup events are pending (Cong Zhang)
- ASoC: ak5558: Disable regulator when error happens (Shengjiu Wang)
- ASoC: ak4458: Disable regulator when error happens (Shengjiu Wang)
- ASoC: bcm: bcm63xx-pcm-whistler: Check return value of of_dma_configure() (Xu Wang)
- platform/x86: asus-wmi: use brightness_set_blocking() for kbd led (Anton Khirnov)
- fs/nls: Fix inconsistency between utf8_to_utf32() and utf32_to_utf8() (Armin Wolf)
- NFS: Fix inheritance of the block sizes when automounting (Trond Myklebust)
- Expand the type of nfs_fattr->valid (Trond Myklebust)
- NFS: Automounted filesystems should inherit ro,noexec,nodev,sync flags (Trond Myklebust) [Orabug: 38818236] {CVE-2025-68764}
- Revert "nfs: ignore SB_RDONLY when mounting nfs" (Trond Myklebust)
- Revert "nfs: clear SB_RDONLY before getting superblock" (Trond Myklebust)
- Revert "nfs: ignore SB_RDONLY when remounting nfs" (Trond Myklebust)
- NFSv4/pNFS: Clear NFS_INO_LAYOUTCOMMIT in pnfs_mark_layout_stateid_invalid (Jonathan Curley) [Orabug: 38798774] {CVE-2025-68349}
- NFS: Initialise verifiers for visible dentries in _nfs4_open_and_get_state (Trond Myklebust)
- nfs/vfs: discard d_exact_alias() (Neil Brown)
- NFS: Initialise verifiers for visible dentries in nfs_atomic_open() (Trond Myklebust)
- NFS: Initialise verifiers for visible dentries in readdir and lookup (Trond Myklebust)
- fs/nls: Fix utf16 to utf8 conversion (Armin Wolf)
- NFS: Avoid changing nlink when file removes and attribute updates race (Trond Myklebust)
- f2fs: maintain one time GC mode is enabled during whole zoned GC cycle (Daeho Jeong)
- f2fs: add gc_boost_gc_greedy sysfs node (Daeho Jeong)
- f2fs: add gc_boost_gc_multiple sysfs node (Daeho Jeong)
- f2fs: introduce reserved_pin_section sysfs entry (Chao Yu)
- f2fs: sysfs: add encoding_flags entry (Chao Yu)
- f2fs: add carve_out sysfs node (Daeho Jeong)
- f2fs: fix to avoid running out of free segments (Chao Yu)
- f2fs: add a sysfs entry to reclaim POSIX_FADV_NOREUSE pages (Jaegeuk Kim)
- f2fs: keep POSIX_FADV_NOREUSE ranges (Jaegeuk Kim)
- platform/x86:intel/pmc: Update Arrow Lake telemetry GUID (Xi Pardee)
- sched/fair: Fix unfairness caused by stalled tg_load_avg_contrib when the last task migrates out (Xupengbo)
- 9p: fix cache/debug options printing in v9fs_show_options (Eric Sandeen)
- fbdev: ssd1307fb: fix potential page leak in ssd1307fb_probe() (Abdun Nihaal)
- pinctrl: single: Fix incorrect type for error return variable (Xu Wang)
- perf hist: In init, ensure mem_info is put on error paths (Ian Rogers)
- perf tools: Fix split kallsyms DSO counting (Namhyung Kim)
- perf tools: Mark split kallsyms DSOs as loaded (Namhyung Kim)
- net/sched: sch_cake: Fix incorrect qlen reduction in cake_drop (Xiang Mei) [Orabug: 38783136] {CVE-2025-68325}
- net: dsa: xrs700x: reject unsupported HSR configurations (Vladimir Oltean)
- net: hsr: create an API to get hsr port type (Xiaoliang Yang)
- net: hsr: Create and export hsr_get_port_ndev() (Md Danish Anwar)
- net: hsr: remove synchronize_rcu() from hsr_add_port() (Eric Dumazet)
- net: hsr: remove one synchronize_rcu() from hsr_del_port() (Eric Dumazet)
- clk: keystone: fix compile testing (Johan Hovold)
- md/raid5: fix IO hang when array is broken with IO inflight (Yu Kuai)
- remoteproc: qcom_q6v5_wcss: fix parsing of qcom,halt-regs (Alexandru Gagniuc)
- mtd: lpddr_cmds: fix signed shifts in lpddr_cmds (Ivan Stepchenko)
- selftests: bonding: add delay before each xvlan_over_bond connectivity check (Hangbin Liu)
- selftests: bonding: add ipvlan over bond testing (Etienne Champetier)
- net: phy: aquantia: check for NVMEM deferral (Robert Marko)
- vfio/pci: Use RCU for error/request triggers to avoid circular locking (Alex Williamson)
- spi: ch341: fix out-of-bounds memory access in ch341_transfer_one (Tianchu Chen)
- mtd: rawnand: renesas: Handle devm_pm_runtime_enable() errors (Xu Wang)
- net: stmmac: fix rx limit check in stmmac_rx_zc() (Alexey Kodanev)
- netfilter: nft_connlimit: update the count if add was skipped (Fernando Fernandez Mancera)
- netfilter: nf_conncount: rework API to use sk_buff directly (Fernando Fernandez Mancera)
- netfilter: flowtable: check for maximum number of encapsulations in bridge vlan (Pablo Neira Ayuso)
- Reinstate "resource: avoid unnecessary lookups in find_next_iomem_res()" (Ilias Stamatis)
- resource: introduce is_type_match() helper and use it (Andy Shevchenko)
- resource: replace open coded resource_intersection() (Andy Shevchenko)
- regulator: core: Protect regulator_supply_alias_list with regulator_list_mutex (Sparkhuang) [Orabug: 38798786] {CVE-2025-68354}
- ARM: dts: samsung: exynos4412-midas: turn off SDIO WLAN chip during system suspend (Marek Szyprowski)
- ARM: dts: samsung: exynos4210-trats: turn off SDIO WLAN chip during system suspend (Marek Szyprowski)
- ARM: dts: samsung: exynos4210-i9100: turn off SDIO WLAN chip during system suspend (Marek Szyprowski)
- ARM: dts: samsung: universal_c210: turn off SDIO WLAN chip during system suspend (Marek Szyprowski)
- spi: airoha-snfi: en7523: workaround flash damaging if UART_TXD was short to GND (Mikhail Kshevetskiy)
- ASoC: Intel: catpt: Fix error path in hw_params() (Cezary Rojewski)
- vdpa/pds: use %pe for ERR_PTR() in event handler registration (Alok Tiwari)
- vhost: Fix kthread worker cgroup failure handling (Mike Christie)
- vdpa/mlx5: Fix incorrect error code reporting in query_virtqueues (Alok Tiwari)
- virtio: fix virtqueue_set_affinity() docs (Michael S. Tsirkin)
- virtio: fix grammar in virtio_queue_info docs (Michael S. Tsirkin)
- virtio: fix whitespace in virtio_config_ops (Michael S. Tsirkin)
- virtio: fix typo in virtio_device_ready() comment (Michael S. Tsirkin)
- virtio_vdpa: fix misleading return in void function (Alok Tiwari)
- of: Skip devicetree kunit tests when RISCV+ACPI doesn't populate root node (Guenter Roeck)
- ext4: improve integrity checking in __mb_check_buddy by enhancing order-0 validation (Yongjian Sun)
- ublk: prevent invalid access with DEBUG (Kevin Brodsky)
- ACPI: processor_core: fix map_x2apic_id for amd-pstate on am4 (René Rebe)
- hwmon: sy7636a: Fix regulator_enable resource leak on error path (Xu Wang)
- drm/amd/display: Fix logical vs bitwise bug in get_embedded_panel_info_v2_1() (Dan Carpenter)
- greybus: gb-beagleplay: Fix timeout handling in bootloader functions (Xu Wang)
- firmware_loader: make RUST_FW_LOADER_ABSTRACTIONS select FW_LOADER (Alexandre Courbot)
- ASoC: fsl_xcvr: clear the channel status control memory (Shengjiu Wang)
- gfs2: Prevent recursive memory reclaim (Andreas Gruenbacher) [Orabug: 38798793] {CVE-2025-68356}
- ASoC: nau8325: add missing build config (Jaroslav Kysela)
- ASoC: nau8325: use simple i2c probe function (Jaroslav Kysela)
- drm/panthor: Avoid adding of kernel BOs to extobj list (Akash Goel)
- RDMA/irdma: Do not directly rely on IB_PD_UNSAFE_GLOBAL_RKEY (Jacob Moroni)
- RDMA/irdma: Fix data race in irdma_free_pble (Krzysztof Czurylo)
- RDMA/irdma: Fix data race in irdma_sc_ccq_arm (Krzysztof Czurylo)
- iommu/arm-smmu-qcom: Enable use of all SMR groups when running bare-metal (Stephan Gerhold)
- backlight: lp855x: Fix lp855x.h kernel-doc warnings (Randy Dunlap)
- backlight: led-bl: Add devlink to supplier LEDs (Luca Ceresoli)
- wifi: ieee80211: correct FILS status codes (Ria Thomas)
- iomap: always run error completions in user context (Christoph Hellwig)
- iomap: factor out a iomap_dio_done helper (Christoph Hellwig)
- um: Don't rename vmap to kernel_vmap (David Gow)
- drm/nouveau: restrict the flush page to a 32-bit address (Timur Tabi)
- PCI: dwc: Fix wrong PORT_LOGIC_LTSSM_STATE_MASK definition (Shawn Lin)
- btrfs: fix leaf leak in an error path in btrfs_del_items() (Filipe Manana)
- iommu/arm-smmu-v3: Fix error check in arm_smmu_alloc_cd_tables (Ryan Huang)
- staging: fbtft: core: fix potential memory leak in fbtft_probe_common() (Jianglei Nie)
- firmware: stratix10-svc: fix make htmldocs warning for stratix10_svc (Dinh Nguyen)
- mt76: mt7615: Fix memory leak in mt7615_mcu_wtbl_sta_add() (Zilin Guan)
- ASoC: tas2781: correct the wrong period (Shenghao Ding)
- RDMA/bnxt_re: Pass correct flag for dma mr creation (Selvin Xavier)
- RDMA/bnxt_re: Fix the inline size for GenP7 devices (Selvin Xavier)
- erofs: limit the level of fs stacking for file-backed mounts (Gao Xiang)
- RISC-V: KVM: Fix guest page fault within HLV* instructions (Fangyu Yu)
- crypto: ccree - Correctly handle return of sg_nents_for_len (Xu Wang)
- crypto: starfive - Correctly handle return of sg_nents_for_len (Xu Wang)
- selftests/bpf: Improve reliability of test_perf_branches_no_hw() (Matt Bobrowski)
- selftests/bpf: skip test_perf_branches_hw() on unsupported platforms (Matt Bobrowski)
- usb: raw-gadget: cap raw_io transfer length to KMALLOC_MAX_SIZE (Gopi Krishna Menon)
- usb: dwc2: fix hang during suspend if set as peripheral (Jisheng Zhang)
- usb: dwc2: fix hang during shutdown if set as peripheral (Jisheng Zhang)
- usb: dwc2: disable platform lowlevel hw resources during shutdown (Jisheng Zhang)
- usb: chaoskey: fix locking for O_NONBLOCK (Oliver Neukum)
- ima: Handle error code returned by ima_filter_rule_match() (Zhao Yipeng) [Orabug: 38798921] {CVE-2025-68740}
- RAS: Report all ARM processor CPER information to userspace (Jason Tian)
- wifi: rtl818x: rtl8187: Fix potential buffer underflow in rtl8187_rx_cb() (Seungjin Bae) [Orabug: 38798814] {CVE-2025-68362}
- cpuset: Treat cpusets in attaching as populated (Chen Ridong)
- net: phy: adin1100: Fix software power-down ready condition (Alexander Dahl)
- phy: rockchip: samsung-hdptx: Prevent Inter-Pair Skew from exceeding the limits (Cristian Ciocaltea)
- phy: rockchip: samsung-hdptx: Reduce ROPLL loop bandwidth (Cristian Ciocaltea)
- phy: freescale: Initialize priv->lock (Xiaolei Wang)
- phy: renesas: rcar-gen3-usb2: Fix an error handling path in rcar_gen3_phy_usb2_probe() (Christophe Jaillet)
- leds: rgb: leds-qcom-lpg: Don't enable TRILED when configuring PWM (Fenglin Wu)
- mfd: mt6358-irq: Fix missing irq_domain_remove() in error path (Xu Wang)
- mfd: mt6397-irq: Fix missing irq_domain_remove() in error path (Xu Wang)
- wifi: mac80211: fix CMAC functions not handling errors (Chien Wong)
- iommu/vt-d: Fix unused invalidation hint in qi_desc_iotlb (Aashish Sharma)
- scsi: qla2xxx: Fix improper freeing of purex item (Zilin Guan) [Orabug: 38798928] {CVE-2025-68741}
- pwm: bcm2835: Make sure the channel is enabled after pwm_request() (Uwe Kleine-König)
- perf arm_spe: Fix memset subclass in operation (Leo Yan)
- perf arm-spe: Extend branch operations (Leo Yan)
- ipv6: clear RA flags when adding a static route (Fernando Fernandez Mancera)
- drm/msm/a6xx: Improve MX rail fallback in RPMH vote init (Akhil P Oommen)
- drm/msm/a6xx: Fix the gemnoc workaround (Akhil P Oommen)
- drm/msm/a6xx: Flush LRZ cache before PT switch (Akhil P Oommen)
- drm/mediatek: Fix CCORR mtk_ctm_s31_32_to_s1_n function issue (Jay Liu)
- fs/ntfs3: Prevent memory leaks in add sub record (Edward Adam Davis)
- fs/ntfs3: out1 also needs to put mi (Edward Adam Davis)
- powerpc/64s/ptdump: Fix kernel_hash_pagetable dump for ISA v3.00 HPTE format (Ritesh Harjani)
- powerpc/64s/hash: Restrict stress_hpt_struct memblock region to within RMA limit (Ritesh Harjani)
- bpf: Fix invalid prog->stats access when update_effective_progs fails (Pu Lehui) [Orabug: 38798931] {CVE-2025-68742}
- wifi: rtl818x: Fix potential memory leaks in rtl8180_init_rx_ring() (Abdun Nihaal) [Orabug: 38818221] {CVE-2025-68759}
- drm/msm/a2xx: stop over-complaining about the legacy firmware (Dmitry Baryshkov)
- block/blk-throttle: Fix throttle slice time for SSDs (Guenter Roeck)
- NFSD/blocklayout: Fix minlength check in proc_layoutget (Sergey Bashirov)
- tracefs: fix a leak in eventfs_create_events_dir() (Al Viro)
- watchdog: starfive: Fix resource leak in probe error path (Xu Wang)
- watchdog: wdat_wdt: Fix ACPI table leak in probe function (Xu Wang)
- bpf: Check skb->transport_header is set in bpf_skb_check_mtu (Martin Kafai Lau) [Orabug: 38798820] {CVE-2025-68363}
- selftests/bpf: Fix failure paths in send_signal test (Alexei Starovoitov)
- bpf: Handle return value of ftrace_set_filter_ip in register_fentry (Menglong Dong)
- ps3disk: use memcpy_{from,to}_bvec index (René Rebe)
- drm/msm/dpu: drop dpu_hw_dsc_destroy() prototype (Dmitry Baryshkov)
- crypto: iaa - Fix incorrect return value in save_iaa_wq() (Zilin Guan)
- arm64: dts: rockchip: Add eeprom vcc-supply for Radxa ROCK 3C (Fukaumi Naoki)
- arm64: dts: rockchip: Add eeprom vcc-supply for Radxa ROCK 5A (Fukaumi Naoki)
- arm64: dts: rockchip: Move the EEPROM to correct I2C bus on Radxa ROCK 5A (Fukaumi Naoki)
- PCI: keystone: Exit ks_pcie_probe() for invalid mode (Siddharth Vadapalli)
- bpf: Free special fields when update [lru_,]percpu_hash maps (Leon Hwang) [Orabug: 38798936] {CVE-2025-68744}
- leds: netxbig: Fix GPIO descriptor leak in error paths (Xu Wang)
- scsi: sim710: Fix resource leak by adding missing ioport_unmap() calls (Xu Wang)
- ACPI: property: Fix fwnode refcount leak in acpi_fwnode_graph_parse_endpoint() (Xu Wang)
- ocfs2: relax BUG() to ocfs2_error() in __ocfs2_move_extent() (Dmitry Antipov) [Orabug: 38798823] {CVE-2025-68364}
- lib/vsprintf: Check pointer before dereferencing in time_and_date() (Andy Shevchenko)
- clk: renesas: r9a06g032: Fix memory leak in error path (Xu Wang)
- coresight: etm4x: Add context synchronization before enabling trace (Leo Yan)
- coresight: etm4x: Extract the trace unit controlling (Leo Yan)
- coresight: etm4x: Correct polling IDLE bit (Leo Yan)
- coresight: Change device mode to atomic type (Leo Yan)
- nbd: defer config unlock in nbd_genl_connect (Zheng Qixing) [Orabug: 38798832] {CVE-2025-68366}
- wifi: cw1200: Fix potential memory leak in cw1200_bh_rx_helper() (Abdun Nihaal)
- macintosh/mac_hid: fix race condition in mac_hid_toggle_emumouse (Long Li) [Orabug: 38798837] {CVE-2025-68367}
- powerpc/32: Fix unpaired stwcx. on interrupt exit (Christophe Leroy)
- powerpc/kdump: Fix size calculation for hot-removed memory ranges (Sourabh Jain)
- cpufreq/amd-pstate: Call cppc_set_auto_sel() only for online CPUs (Gautham R. Shenoy)
- scsi: ufs: core: fix incorrect buffer duplication in ufshcd_read_string_desc() (Bean Huo)
- drm/panthor: Fix potential memleak of vma structure (Akash Goel)
- ntfs3: init run lock for extend inode (Edward Adam Davis)
- ARM: dts: stm32: stm32mp157c-phycore: Fix STMPE811 touchscreen node properties (Jihed Chaibi)
- RDMA/rtrs: server: Fix error handling in get_or_create_srv (Ma Ke)
- dt-bindings: PCI: amlogic: Fix the register name of the DBI region (Manivannan Sadhasivam)
- scsi: smartpqi: Fix device resources accessed after device removal (Mike Mcgowen) [Orabug: 38798847] {CVE-2025-68371}
- scsi: stex: Fix reboot_notifier leak in probe error path (Xu Wang)
- nbd: defer config put in recv_work (Zheng Qixing) [Orabug: 38798850] {CVE-2025-68372}
- md: fix rcu protection in md_wakeup_thread (Yun Zhou) [Orabug: 38798857] {CVE-2025-68374}
- regulator: core: disable supply if enabling main regulator fails (Gabor Juhos)
- perf/x86/intel: Correct large PEBS flag check (Dapeng Mi)
- ext4: correct the checking of quota files before moving extents (Zhang Yi)
- mfd: da9055: Fix missing regmap_del_irq_chip() in error path (Xu Wang)
- locktorture: Fix memory leak in param_set_cpumask() (Wang Liang)
- efi/libstub: Fix page table access in 5-level to 4-level paging transition (Usama Arif)
- x86/boot: Fix page table access in 5-level to 4-level paging transition (Usama Arif)
- ARM: dts: omap3: n900: Correct obsolete TWL4030 power compatible (Jihed Chaibi)
- ARM: dts: omap3: beagle-xm: Correct obsolete TWL4030 power compatible (Jihed Chaibi)
- ARM: dts: am335x-netcom-plus-2xx: add missing GPIO labels (Yegor Yefremov)
- libbpf: Fix parsing of multi-split BTF (Alan Maguire)
- spi: tegra210-quad: Fix timeout handling (Vishwaroop A) [Orabug: 38798943] {CVE-2025-68746}
- drm/panthor: Fix UAF on kernel BO VA nodes (Boris Brezillon)
- drm/panthor: Fix race with suspend during unplug (Ketil Johnsen)
- drm/panthor: Fix UAF race between device unplug and FW event processing (Ketil Johnsen)
- drm/panthor: Fix group_free_queue() for partially initialized queues (Boris Brezillon)
- drm/panthor: Handle errors returned by drm_sched_entity_init() (Boris Brezillon)
- fs/9p: Don't open remote file with APPEND mode when writeback cache is used (Tingmao Wang)
- scsi: target: Do not write NUL characters into ASCII configfs output (Bart Van Assche)
- power: supply: apm_power: only unset own apm_get_power_status (Ahelenia Ziemiańska)
- power: supply: wm831x: Check wm831x_set_bits() return value (Ivan Abramov)
- power: supply: rt9467: Prevent using uninitialized local variable in rt9467_set_value_from_ranges() (Murad Masimov)
- power: supply: rt9467: Return error on failure in rt9467_set_value_from_ranges() (Ivan Abramov)
- power: supply: max17040: Check iio_read_channel_processed() return code (Ivan Abramov)
- power: supply: cw2015: Check devm_delayed_work_autocancel() return code (Ivan Abramov)
- power: supply: rt5033_charger: Fix device node reference leaks (Xu Wang)
- perf record: skip synthesize event when open evsel failed (Shuai Xue)
- perf lock contention: Load kernel map before lookup (Namhyung Kim)
- drm/imagination: Fix reference to devm_platform_get_and_ioremap_resource() (Geert Uytterhoeven)
- interconnect: debugfs: Fix incorrect error handling for NULL path (Kuan-Wei Chiu)
- arm64: dts: qcom: msm8996: add interconnect paths to USB2 controller (Dmitry Baryshkov)
- interconnect: qcom: msm8996: add missing link to SLAVE_USB_HS (Dmitry Baryshkov)
- wifi: ath12k: fix potential memory leak in ath12k_wow_arp_ns_offload() (Abdun Nihaal)
- i3c: master: svc: Prevent incomplete IBI transaction (Stanley Chu)
- i3c: fix refcount inconsistency in i3c_master_register (Frank Li)
- pinctrl: stm32: fix hwspinlock resource leak in probe function (Xu Wang)
- soc: qcom: smem: fix hwspinlock resource leak in probe error paths (Xu Wang)
- tools/nolibc/stdio: let perror work when NOLIBC_IGNORE_ERRNO is set (Benjamin Berg)
- x86/dumpstack: Prevent KASAN false positive warnings in __show_regs() (Tengda Wu)
- task_work: Fix NMI race condition (Peter Zijlstra)
- perf/x86/intel/cstate: Remove PC3 support from LunarLake (Zhang Rui)
- bpf: Fix stackmap overflow check in __bpf_get_stackid() (Arnaud Lecomte) [Orabug: 38798864] {CVE-2025-68378}
- bpf: Refactor stack map trace depth calculation into helper function (Arnaud Lecomte)
- perf: Remove get_perf_callchain() init_nr argument (Josh Poimboeuf)
- mtd: rawnand: lpc32xx_slc: fix GPIO descriptor leak on probe error and remove (Xu Wang)
- mtd: nand: relax ECC parameter validation check (Aryan Srivastava)
- Revert "mtd: rawnand: marvell: fix layouts" (Aryan Srivastava)
- ARM: dts: renesas: r9a06g032-rzn1d400-db: Drop invalid #cells properties (Wolfram Sang)
- ARM: dts: renesas: gose: Remove superfluous port property (Wolfram Sang)
- RDMA/rxe: Fix null deref on srq->rq.queue after resize failure (Zhu Yanjun) [Orabug: 38798867] {CVE-2025-68379}
- sctp: Defer SCTP_DBG_OBJCNT_DEC() to sctp_destroy_sock(). (Kuniyuki Iwashima)
- phy: mscc: Fix PTP for VSC8574 and VSC8572 (Horatiu Vultur)
- arm64: dts: qcom: qcm6490-shift-otter: Add missing reserved-memory (Alexander Martinz)
- arm64: dts: qcom: sm8650: set ufs as dma coherent (Neil Armstrong)
- arm64: dts: qcom: sdm845-oneplus: Correct gpio used for slider (Gergo Koteles)
- arm64: dts: qcom: x1e80100: Add missing quirk for HS only USB controller (Krishna Kurapati)
- arm64: dts: qcom: x1e80100: Fix compile warnings for USB HS controller (Krishna Kurapati)
- firmware: imx: scu-irq: fix OF node leak in (Peng Fan)
- arm64: dts: ti: k3-am62p: Fix memory ranges for GPU (Randolph Sapp)
- s390/ap: Don't leak debug feature files if AP instructions are not available (Heiko Carstens)
- s390/smp: Fix fallback CPU detection (Heiko Carstens)
- wifi: ath11k: fix peer HE MCS assignment (Baochen Qiang) [Orabug: 38798872] {CVE-2025-68380}
- wifi: ath11k: fix VHT MCS assignment (Baochen Qiang)
- crypto: hisilicon/qm - restore original qos values (Nieweiqiang)
- crypto: asymmetric_keys - prevent overflow in asymmetric_key_generate_id (Thorsten Blum) [Orabug: 38798874] {CVE-2025-68724}
- soc: qcom: gsbi: fix double disable caused by devm (Xu Wang)
- soc: Switch back to struct platform_driver::remove() (Uwe Kleine-König)
- clk: qcom: camcc-sm7150: Fix PLL config of PLL2 (Luca Weiss)
- clk: qcom: camcc-sm6350: Fix PLL config of PLL2 (Luca Weiss)
- clk: qcom: camcc-sm6350: Specify Titan GDSC power domain as a parent to other (Vladimir Zapolskiy)
- clk: qcom: camcc-sm8550: Specify Titan GDSC power domain as a parent to other (Vladimir Zapolskiy)
- uio: uio_fsl_elbc_gpcm:: Add null pointer check to uio_fsl_elbc_gpcm_probe (Li Qiang)
- PCI: rcar-gen2: Drop ARM dependency from PCI_RCAR_GEN2 (Geert Uytterhoeven)
- arm64: dts: exynos: gs101: fix sysreg_apm reg property (Peter Griffin)
- perf annotate: Check return value of evsel__get_arch() properly (Tianyou Li)
- arm64: dts: imx8mp-venice-gw702x: remove off-board sdhc1 (Tim Harvey)
- arm64: dts: imx8mp-venice-gw702x: remove off-board uart (Tim Harvey)
- arm64: dts: imx8mm-venice-gw72xx: remove unused sdhc1 pinctrl (Tim Harvey)
- arm64: dts: freescale: imx8mp-venice-gw7905-2x: remove duplicate usdhc1 props (Tim Harvey)
- block/mq-deadline: Switch back to a single dispatch list (Bart Van Assche)
- block/mq-deadline: Introduce dd_start_request() (Bart Van Assche)
- firmware: qcom: tzmem: fix qcom_tzmem_policy kernel-doc (Randy Dunlap)
- iio: imu: st_lsm6dsx: Fix measurement unit for odr struct member (Francesco Lavra)
- inet: Avoid ehash lookup race in inet_twsk_hashdance_schedule() (Luoxuanqiang)
- inet: Avoid ehash lookup race in inet_ehash_insert() (Luoxuanqiang)
- rculist: Add hlist_nulls_replace_rcu() and hlist_nulls_replace_init_rcu() (Luoxuanqiang)
- clk: qcom: gcc-x1e80100: Add missing USB4 clocks/resets (Konrad Dybcio)
- dt-bindings: clock: qcom,x1e80100-gcc: Add missing USB4 clocks/resets (Konrad Dybcio)
- dt-bindings: clock: qcom,x1e80100-gcc: Add missing video resets (Stephan Gerhold)
- ntfs3: Fix uninit buffer allocated by __getname() (Sidharth Seela)
- ntfs3: fix uninit memory after failed mi_read in mi_format_new (Raphael Pinsonneault-Thibeault)
- crypto: authenc - Correctly pass EINPROGRESS back up to the caller (Herbert Xu)
- irqchip/qcom-irq-combiner: Fix section mismatch (Johan Hovold)
- irqchip/starfive-jh8100: Fix section mismatch (Johan Hovold)
- irqchip/renesas-rzg2l: Fix section mismatch (Johan Hovold)
- irqchip/imx-mu-msi: Fix section mismatch (Johan Hovold)
- irqchip/irq-brcmstb-l2: Fix section mismatch (Johan Hovold)
- irqchip/irq-bcm7120-l2: Fix section mismatch (Johan Hovold)
- irqchip/irq-bcm7038-l1: Fix section mismatch (Johan Hovold)
- sched/fair: Forfeit vruntime on yield (Fernand Sieber)
- wifi: ath11k: restore register window after global reset (Baochen Qiang)
- wifi: ath10k: move recovery check logic into a new work (Kang Yang)
- wifi: ath10k: Add missing include of export.h (Jeff Johnson)
- wifi: ath10k: Avoid vdev delete timeout when firmware is already down (Loic Poulain)
- objtool: Fix weak symbol detection (Josh Poimboeuf)
- objtool: Fix standalone --hacks=jump_label (Dylan Hatch)
- HID: logitech-hidpp: Do not assume FAP in hidpp_send_message_sync() (Mavroudis Chatzilazaridis)
- drm: atmel-hlcdc: fix atmel_xlcdc_plane_setup_scaler() (Cyrille Pitchen)
- clk: renesas: cpg-mssr: Read back reset registers to assure values latched (Marek Vasut)
- clk: renesas: Pass sub struct of cpg_mssr_priv to cpg_clk_register (Thierry Bultel)
- clk: renesas: Use str_on_off() helper (Geert Uytterhoeven)
- clk: renesas: cpg-mssr: Add missing 1ms delay into reset toggle callback (Marek Vasut)
- pinctrl: renesas: rzg2l: Fix PMC restore (Biju Das)
- USB: Fix descriptor count when handling invalid MBIM extended descriptor (Seungjin Bae)
- drm/vgem-fence: Fix potential deadlock on release (Janusz Krzysztofik) [Orabug: 38818211] {CVE-2025-68757}
- accel/ivpu: Fix DCT active percent format (Karol Wachowski)
- accel/ivpu: Make function parameter names consistent (Jacek Lawrynowicz)
- drm/panel: visionox-rm69299: Don't clear all mode flags (Guido Günther)
- accel/ivpu: Ensure rpm_runtime_put in case of engine reset/resume fail (Karol Wachowski)
- accel/ivpu: Prevent runtime suspend during context abort work (Andrzej Kacprowski)
- gpu: host1x: Fix race in syncpt alloc/free (Mainak Sen) [Orabug: 38798898] {CVE-2025-68732}
- smack: fix bug: setting task label silently ignores input garbage (Konstantin Andreev)
- smack: fix bug: unprivileged task can create labels (Konstantin Andreev)
- smack: fix bug: invalid label of unix socket file (Konstantin Andreev)
- smack: always "instantiate" inode in smack_inode_init_security() (Konstantin Andreev)
- smack: deduplicate xattr setting in smack_inode_init_security() (Konstantin Andreev)
- smack: fix bug: SMACK64TRANSMUTE set on non-directory (Konstantin Andreev)
- smack: deduplicate "does access rule request transmutation" (Konstantin Andreev)
- net/mlx5e: Set default burst period for TX and RX reporters (Shahar Shitrit) [Orabug: 38636804]
- devlink: Make health reporter burst period configurable (Shahar Shitrit) [Orabug: 38636804]
- devlink: Introduce burst period for health reporter (Shahar Shitrit) [Orabug: 38636804]
- devlink: Move health reporter recovery abort logic to a separate function (Shahar Shitrit) [Orabug: 38636804]
- devlink: Move graceful period parameter to reporter ops (Shahar Shitrit) [Orabug: 38636804]
- devlink: use devlink_nl_put_u64() helper (Przemek Kitszel) [Orabug: 38636804]
- devlink: introduce devlink_nl_put_u64() (Przemek Kitszel) [Orabug: 38636804]
- Revert "net/mlx5: set graceful_period to 0 to allow multiple transmission queue recovery" (Qing Huang) [Orabug: 38636804]
- net/rds: improve conn destroy printk message (Sharath Srinivasan) [Orabug: 38728739]
- net/rds: expand kref coverage to rds_notifier->n_conn (Sharath Srinivasan) [Orabug: 38728739]
- net/rds: fix crash by expanding kref coverage to rds_incoming.i_conn (Sharath Srinivasan) [Orabug: 38728739]
- net/rds: rds_sendmsg must use rs_conn only when not being destroyed (Sharath Srinivasan) [Orabug: 38728742]
- Revert "iommu/amd: Skip enabling command/event buffers for kdump" (Dongli Zhang) [Orabug: 38766139]
- mm: list_lru: avoid using NULL list_lru_one. (Imran Khan) [Orabug: 38787957]

[6.12.0-108.62.1]
- uek-rpm: Allow disabling kabichk at command line (Yifei Liu) [Orabug: 38733049]
- Revert "xfrm: Use xdo.dev instead of xdo.real_dev" (Jack Vogel) [Orabug: 38718730]
- Revert "net/mlx5: Fix IPsec cleanup over MPV device" (Jack Vogel) [Orabug: 38718730]
- LTS version: v6.12.62 (Jack Vogel)
- bus: mhi: host: pci_generic: Add Telit FN990B40 modem support (Daniele Palmas)
- bus: mhi: host: pci_generic: Add Telit FN920C04 modem support (Daniele Palmas)
- staging: rtl8723bs: fix out-of-bounds read in OnBeacon ESR IE parsing (Navaneeth K)
- staging: rtl8723bs: fix stack buffer overflow in OnAssocReq IE parsing (Navaneeth K)
- staging: rtl8723bs: fix out-of-bounds read in rtw_get_ie() parser (Navaneeth K)
- comedi: check device's attached status in compat ioctls (Nikita Zhandarovich)
- comedi: multiq3: sanitize config options in multiq3_attach() (Nikita Zhandarovich)
- comedi: c6xdigio: Fix invalid PNP driver unregistration (Ian Abbott)
- wifi: rtw88: Add USB ID 2001:3329 for D-Link AC13U rev. A1 (Zenm Chen)
- wifi: rtl8xxxu: Add USB ID 2001:3328 for D-Link AN3U rev. A1 (Zenm Chen)
- samples: work around glibc redefining some of our defines wrong (Linus Torvalds)
- LoongArch: Mask all interrupts during kexec/kdump (Huacai Chen)
- HID: elecom: Add support for ELECOM M-XT3URBK (018F) (Naoki Ueki)
- platform/x86/amd/pmc: Add spurious_8042 to Xbox Ally (Antheas Kapenekakis)
- platform/x86/amd: pmc: Add Lenovo Legion Go 2 to pmc quirk list (Antheas Kapenekakis)
- platform/x86: huawei-wmi: add keys for HONOR models (Ston Jia)
- HID: apple: Add SONiX AK870 PRO to non_apple_keyboards quirk list (April Grimoire)
- platform/x86: acer-wmi: Ignore backlight event (Armin Wolf)
- pinctrl: qcom: msm: Fix deadlock in pinmux configuration (Praveen Talari)
- nvme: fix admin request_queue lifetime (Keith Busch) [Orabug: 38773611] {CVE-2025-68265}
- HID: hid-input: Extend Elan ignore battery quirk to USB (Mario Limonciello)
- bfs: Reconstruct file type when loading from disk (Tetsuo Handa)
- ALSA: usb-audio: Add native DSD quirks for PureAudio DAC series (Lushih Hsieh)
- drm/amdkfd: Fix GPU mappings for APU after prefetch (Harish Kasiviswanathan)
- smb: fix invalid username check in smb3_fs_context_parse_param() (Yiqi Sun)
- Bluetooth: btrtl: Avoid loading the config file on security chips (Max Chou)
- drm/vmwgfx: Use kref in vmw_bo_dirty (Ian Forbes)
- spi: imx: keep dma request disabled before dma transfer setup (Robin Gong)
- spi: xilinx: increase number of retries before declaring stall (Alvaro Gamez Machado)
- ftrace: bpf: Fix IPMODIFY + DIRECT in modify_ftrace_direct() (Song Liu)
- USB: serial: kobil_sct: fix TIOCMBIS and TIOCMBIC (Johan Hovold)
- USB: serial: belkin_sa: fix TIOCMBIS and TIOCMBIC (Johan Hovold)
- serial: add support of CPCI cards (Magne Bruno)
- USB: serial: ftdi_sio: match on interface number for jtag (Johan Hovold)
- USB: serial: option: move Telit 0x10c7 composition in the right place (Fabio Porcedda)
- USB: serial: option: add Telit Cinterion FE910C04 new compositions (Fabio Porcedda)
- USB: serial: option: add Foxconn T99W760 (Slark Xiao)
- KVM: SVM: Don't skip unrelated instruction if INT3/INTO is replaced (Omar Sandoval) [Orabug: 38773578] {CVE-2025-68259}
- comedi: pcl818: fix null-ptr-deref in pcl818_ai_cancel() (Nikita Zhandarovich)
- ext4: add i_data_sem protection in ext4_destroy_inline_data_nolock() (Alexey Nepomnyashih) [Orabug: 38773586] {CVE-2025-68261}
- locking/spinlock/debug: Fix data-race in do_raw_write_lock (Alexander Sverdlin)
- ksmbd: ipc: fix use-after-free in ipc_msg_send_request (Qianchang Zhao)
- ext4: refresh inline data size before write operations (Deepanshu Kartikey) [Orabug: 38773602] {CVE-2025-68264}
- jbd2: avoid bug_on in jbd2_journal_get_create_access() when file system corrupted (Ye Bin) [Orabug: 38792632] {CVE-2025-68337}
- Documentation: process: Also mention Sasha Levin as stable tree maintainer (Bagas Sanjaya)
- xfrm: flush all states in xfrm_state_fini (Sabrina Dubroca)
- xfrm: also call xfrm_state_delete_tunnel at destroy time for states that were never added (Sabrina Dubroca)
- Revert "xfrm: destroy xfrm_state synchronously on net exit path" (Sabrina Dubroca)
- xfrm: delete x->tunnel as we delete x (Sabrina Dubroca) [Orabug: 38730491,38854317] {CVE-2025-40215}
- LTS version: v6.12.61 (Jack Vogel)
- spi: spi-nxp-fspi: Check return value of devm_mutex_init() (Thomas Weißschuh)
- drm/i915/dp: Initialize the source OUI write timestamp always (Imre Deak)
- Revert "ACPI: Suppress misleading SPCR console message when SPCR table is absent" (Punit Agrawal)
- wifi: ath12k: correctly handle mcast packets for clients (Sarika Sharma)
- net: dsa: microchip: Free previously initialized ports on init failures (Bastien Curutchet)
- net: dsa: microchip: Do not execute PTP driver code for unsupported switches (Tristram Ha)
- drm, fbcon, vga_switcheroo: Avoid race condition in fbcon setup (Thomas Zimmermann) [Orabug: 38773709] {CVE-2025-68296}
- net: dsa: microchip: Fix symetry in ksz_ptp_msg_irq_{setup/free}() (Bastien Curutchet)
- KVM: SVM: Fix redundant updates of LBR MSR intercepts (Yosry Ahmed)
- KVM: nSVM: Fix and simplify LBR virtualization handling with nested (Yosry Ahmed)
- KVM: nSVM: Always recalculate LBR MSR intercepts in svm_update_lbrv() (Yosry Ahmed)
- KVM: SVM: Introduce svm_recalc_lbr_msr_intercepts() (Yosry Ahmed)
- mm/huge_memory: fix NULL pointer deference when splitting folio (Wei Yang) [Orabug: 38773700] {CVE-2025-68293}
- usb: gadget: udc: fix use-after-free in usb_gadget_state_work (Jimmy Hu) [Orabug: 38773635] {CVE-2025-68282}
- usb: udc: Add trace event for usb_gadget_set_state (Kuen-Han Tsai)
- can: rcar_canfd: Fix CAN-FD mode as default (Biju Das)
- usb: typec: ucsi: psy: Set max current to zero when disconnected (Jameson Thies)
- nfsd: Replace clamp_t in nfsd4_get_drc_mem() (Neil Brown)
- staging: rtl8712: Remove driver using deprecated API wext (Philipp Hortmann)
- libceph: replace BUG_ON with bounds check for map->max_osd (Ziming Zhang) [Orabug: 38773641] {CVE-2025-68283}
- libceph: prevent potential out-of-bounds writes in handle_auth_session_key() (Ziming Zhang) [Orabug: 38773648] {CVE-2025-68284}
- libceph: fix potential use-after-free in have_mon_and_osd_map() (Ilya Dryomov) [Orabug: 38773654] {CVE-2025-68285}
- net: dsa: microchip: Don't free uninitialized ksz_irq (Bastien Curutchet)
- net: dsa: microchip: ptp: Fix checks on irq_find_mapping() (Bastien Curutchet)
- net: dsa: microchip: common: Fix checks on irq_find_mapping() (Bastien Curutchet)
- drm/amd/display: Don't change brightness for disabled connectors (Mario Limonciello)
- drm/amd/display: Check NULL before accessing (Alex Hung) [Orabug: 38773661] {CVE-2025-68286}
- drm/amd/amdgpu: reserve vm invalidation engine for uni_mes (Michael Chen)
- drm: sti: fix device leaks at component probe (Johan Hovold)
- USB: serial: option: add support for Rolling RW101R-GL (Vanillan Wang)
- USB: serial: ftdi_sio: add support for u-blox EVK-M101 (Oleksandr Suvorov)
- xhci: dbgtty: fix device unregister (Łukasz Bartosik)
- xhci: dbgtty: Fix data corruption when transmitting data form DbC to host (Mathias Nyman)
- xhci: fix stale flag preventig URBs after link state error is cleared (Mathias Nyman)
- usb: dwc3: Fix race condition between concurrent dwc3_remove_requests() call paths (Manish Nagar)
- usb: dwc3: pci: Sort out the Intel device IDs (Krogerus Heikki)
- usb: dwc3: pci: add support for the Intel Nova Lake -S (Krogerus Heikki)
- usb: uas: fix urb unmapping issue when the uas device is remove during ongoing data transfer (Owen Gu) [Orabug: 38792592] {CVE-2025-68331}
- usb: storage: sddr55: Reject out-of-bound new_pba (Tianchu Chen) [Orabug: 38762728] {CVE-2025-40345}
- USB: storage: Remove subclass and protocol overrides from Novatek quirk (Alan Stern)
- usb: storage: Fix memory leak in USB bulk transport (Desnes Nunes) [Orabug: 38773676] {CVE-2018-1000204,CVE-2025-68288}
- usb: renesas_usbhs: Fix synchronous external abort on unbind (Claudiu Beznea)
- usb: gadget: f_eem: Fix memory leak in eem_unwrap (Kuen-Han Tsai)
- usb: cdns3: Fix double resource release in cdns3_pci_probe (Miaoqian Lin)
- most: usb: fix double free on late probe failure (Johan Hovold)
- serial: amba-pl011: prefer dma_mapping_error() over explicit address checking (Miaoqian Lin)
- mptcp: Initialise rcv_mss before calling tcp_send_active_reset() in mptcp_do_fastclose(). (Kuniyuki Iwashima)
- mptcp: clear scheduled subflows on retransmit (Paolo Abeni)
- mmc: sdhci-of-dwcmshc: Promote the th1520 reset handling to ip level (Jisheng Zhang)
- mm/memfd: fix information leak in hugetlb folios (Deepanshu Kartikey) [Orabug: 38773697] {CVE-2025-68292}
- firmware: stratix10-svc: fix bug in saving controller data (Khairul Anuar Romli)
- nvmem: layouts: fix nvmem_layout_bus_uevent (Guan Wentao)
- slimbus: ngd: Fix reference count leak in qcom_slim_ngd_notify_slaves (Miaoqian Lin)
- thunderbolt: Add support for Intel Wildcat Lake (Alan Borzeszkowski)
- smb: client: fix memory leak in cifs_construct_tcon() (Paulo Alcantara) [Orabug: 38773703] {CVE-2025-68295}
- drivers/usb/dwc3: fix PCI parent check (Jamie Iles)
- dm-verity: fix unreliable memory allocation (Mikulas Patocka)
- ceph: fix crash in process_v2_sparse_read() for encrypted directories (Viacheslav Dubeyko) [Orabug: 38773716] {CVE-2025-68297}
- can: sun4i_can: sun4i_can_interrupt(): fix max irq loop handling (Marc Kleine-Budde)
- can: sja1000: fix max irq loop handling (Thomas Mühlbacher)
- Bluetooth: btusb: mediatek: Avoid btusb_mtk_claim_iso_intf() NULL deref (Douglas Anderson) [Orabug: 38773723] {CVE-2025-68298}
- atm/fore200e: Fix possible data race in fore200e_open() (Gui-Dong Han)
- ARM: dts: nxp: imx6ul: correct SAI3 interrupt line (Maarten Zanders)
- arm64: dts: imx8qm-mek: fix mux-controller select/enable-gpios polarity (Xu Yang)
- arm64: dts: imx8dxl-ss-conn: swap interrupts number of eqos (Frank Li)
- ALSA: usb-audio: Add DSD quirk for LEAK Stereo 230 (Ivan Zhaldak)
- tracing: Fix WARN_ON in tracing_buffers_mmap_close for split VMAs (Deepanshu Kartikey) [Orabug: 38792583] {CVE-2025-68329}
- MIPS: mm: kmalloc tlb_vpn array to avoid stack overflow (Thomas Bogendoerfer)
- MIPS: mm: Prevent a TLB shutdown on initial uniquification (Maciej W. Rozycki)
- iio: adc: rtq6056: Correct the sign bit index (Chiyuan Huang)
- iio: adc: ad7280a: fix ad7280_store_balance_timer() (David Lechner)
- iio: accel: fix ADXL355 startup race condition (Valek Andrej)
- iio: accel: bmc150: Fix irq assumption regression (Linus Walleij) [Orabug: 38792585] {CVE-2025-68330}
- iio: adc: stm32-dfsdm: fix st,adc-alt-channel property handling (Olivier Moysan)
- iio:common:ssp_sensors: Fix an error handling path ssp_probe() (Christophe Jaillet)
- iio: imu: st_lsm6dsx: fix array size for st_lsm6dsx_settings fields (Francesco Lavra)
- iio: humditiy: hdc3020: fix units for thresholds and hysteresis (Dimitri Fedrau)
- iio: humditiy: hdc3020: fix units for temperature and humidity measurement (Dimitri Fedrau)
- iio: buffer: support getting dma channel from the buffer (Nuno Sa)
- iio: buffer-dmaengine: enable .get_dma_dev() (Nuno Sa)
- iio: buffer-dma: support getting the DMA channel (Nuno Sa)
- Revert "perf/x86: Always store regs->ip in perf_callchain_kernel()" (Jiri Olsa)
- Revert "drm/amd/display: Move setup_stream_attribute" (Alex Deucher)
- spi: bcm63xx: fix premature CS deassertion on RX-only transactions (Hang Zhou)
- spi: nxp-fspi: Propagate fwnode in ACPI case as well (Andy Shevchenko)
- spi: spi-nxp-fspi: Add OCT-DTR mode support (Haibo Chen)
- spi: spi-nxp-fspi: remove the goto in probe (Haibo Chen)
- spi: nxp-fspi: Support per spi-mem operation frequency switches (Miquel Raynal)
- spi: spi-mem: Add a new controller capability (Miquel Raynal)
- spi: spi-mem: Extend spi-mem operations with a per-operation maximum frequency (Miquel Raynal)
- spi: spi-mem: Allow specifying the byte order in Octal DTR mode (Tudor Ambarus)
- spi: amlogic-spifc-a1: Handle devm_pm_runtime_enable() errors (Xu Wang)
- spi: tegra114: remove Kconfig dependency on TEGRA20_APB_DMA (Francesco Lavra)
- fs/namespace: fix reference leak in grab_requested_mnt_ns (Andrei Vagin) [Orabug: 38773950] {CVE-2025-68300}
- mailbox: pcc: don't zero error register (Jamie Iles)
- mailbox: pcc: Refactor error handling in irq handler into separate function (Sudeep Holla)
- mailbox: mtk-cmdq: Refine DMA address handling for the command buffer (Jason-JH Lin)
- mailbox: mailbox-test: Fix debugfs_create_dir error checking (Xu Wang)
- usb: gadget: renesas_usbf: Handle devm_pm_runtime_enable() errors (Xu Wang)
- iio: st_lsm6dsx: Fixed calibrated timestamp calculation (Mario Tesi)
- net: fec: do not register PPS event for PEROUT (Wei Fang)
- net: fec: do not allow enabling PPS and PEROUT simultaneously (Wei Fang)
- net: fec: do not update PEROUT if it is enabled (Wei Fang)
- net: fec: cancel perout_timer when PEROUT is disabled (Wei Fang)
- net: atlantic: fix fragment overflow handling in RX path (Jiefeng Zhang) [Orabug: 38773728] {CVE-2025-68301}
- eth: fbnic: Fix counter roll-over issue (Mohsin Bashir)
- net: dsa: sja1105: fix SGMII linking at 10M or 100M but not passing traffic (Vladimir Oltean)
- net: dsa: sja1105: simplify static configuration reload (Russell King)
- net: wwan: mhi: Keep modem name match with Foxconn T99W640 (Slark Xiao)
- drm/amdgpu: fix cyan_skillfish2 gpu info fw handling (Alex Deucher)
- net: sxgbe: fix potential NULL dereference in sxgbe_rx() (Alexey Kodanev)
- team: Move team device type change at the end of team_port_add (Nikola Z. Ivanov) [Orabug: 38796270] {CVE-2025-68340}
- net/mlx5e: Fix validation logic in rate limiting (Danielle Costantino)
- drm/xe: Fix conversion from clock ticks to milliseconds (Harish Chegondi)
- net: lan966x: Fix the initialization of taprio (Horatiu Vultur)
- net: aquantia: Add missing descriptor cache invalidation on ATL2 (Kai-Heng Feng)
- platform/x86: intel: punit_ipc: fix memory corruption (Dan Carpenter)
- net: phy: mxl-gpy: fix bogus error on USXGMII and integrated PHY (Daniel Golle)
- veth: reduce XDP no_direct return section to fix race (Jesper Dangaard Brouer) [Orabug: 38796276] {CVE-2025-68341}
- veth: more robust handing of race to avoid txq getting stuck (Jesper Dangaard Brouer)
- veth: prevent NULL pointer dereference in veth_xdp_rcv (Jesper Dangaard Brouer)
- veth: apply qdisc backpressure on full ptr_ring to reduce TX drops (Jesper Dangaard Brouer)
- net: sched: generalize check for no-queue qdisc on TX queue (Jesper Dangaard Brouer)
- Bluetooth: SMP: Fix not generating mackey and ltk when repairing (Luiz Augusto von Dentz)
- Bluetooth: hci_sock: Prevent race in socket write iter and sock bind (Edward Adam Davis) [Orabug: 38773949] {CVE-2025-68305}
- Bluetooth: hci_core: Fix triggering cmd_timer for HCI_OP_NOP (Luiz Augusto von Dentz)
- Bluetooth: btusb: mediatek: Fix kernel crash when releasing mtk iso interface (Chris Lu) [Orabug: 38773748] {CVE-2025-68306}
- can: gs_usb: gs_usb_receive_bulk_callback(): check actual_length before accessing data (Marc Kleine-Budde) [Orabug: 38796278] {CVE-2025-68342}
- can: gs_usb: gs_usb_receive_bulk_callback(): check actual_length before accessing header (Marc Kleine-Budde) [Orabug: 38796285] {CVE-2025-68343}
- can: gs_usb: gs_usb_xmit_callback(): fix handling of failed transmitted URBs (Marc Kleine-Budde) [Orabug: 38773751] {CVE-2025-68307}
- can: kvaser_usb: leaf: Fix potential infinite loop in command parsers (Seungjin Bae) [Orabug: 38773759] {CVE-2025-68308}
- LTS version: v6.12.60 (Jack Vogel)
- Revert "gpio: swnode: don't use the swnode's name as the key for GPIO lookup" (Charles Keepax)
- drm/amd/display: Prevent Gating DTBCLK before It Is Properly Latched (Fangzhi Zuo)
- drm/amd/display: Insert dccg log for easy debug (Charlene Liu)
- drm/amd/display: disable DPP RCG before DPP CLK enable (Charlene Liu)
- drm/amd/display: avoid reset DTBCLK at clock init (Charlene Liu)
- xfs: fix out of bounds memory read error in symlink repair (Darrick J. Wong) [Orabug: 38730602] {CVE-2025-40246}
- xfs: Replace strncpy with memcpy (Marcelo Moreira)
- mptcp: fix a race in mptcp_pm_del_add_timer() (Eric Dumazet) [Orabug: 38730655] {CVE-2025-40257}
- drm/i915/dp_mst: Disable Panel Replay (Imre Deak)
- maple_tree: fix tracepoint string pointers (Martin Kaiser)
- tty/vt: fix up incorrect backport to stable releases (Jari Ruusu)
- smb: client: fix incomplete backport in cfids_invalidation_worker() (Henrique Carvalho)
- drm/amdgpu: fix gpu page fault after hibernation on PF passthrough (Samuel Zhang) [Orabug: 38773445] {CVE-2025-68230}
- tracing/tools: Fix incorrcet short option in usage text for --threads (Zhang Chujun)
- net: ethernet: ti: netcp: Standardize knav_dma_open_channel to return NULL on error (Nishanth Menon)
- ALSA: usb-audio: fix uac2 clock source at terminal parser (René Rebe)
- s390/mm: Fix __ptep_rdp() inline assembly (Heiko Carstens)
- drm/xe: Prevent BIT() overflow when handling invalid prefetch region (Shuicheng Lin)
- Revert "RDMA/irdma: Update Kconfig" (Guan Wentao)
- KVM: arm64: Make all 32bit ID registers fully writable (Marc Zyngier)
- ALSA: usb-audio: Fix missing unlock at error path of maxpacksize check (Takashi Iwai)
- kconfig/nconf: Initialize the default locale at startup (Jakub Horký)
- kconfig/mconf: Initialize the default locale at startup (Jakub Horký)
- net: tls: Cancel RX async resync request on rcd_delta overflow (Shahar Shitrit)
- blk-crypto: use BLK_STS_INVAL for alignment errors (Carlos Llamas)
- net: tls: Change async resync helpers argument (Shahar Shitrit)
- selftests: net: use BASH for bareudp testing (Po-Hsu Lin)
- x86/microcode/AMD: Limit Entrysign signature checking to known generations (Borislav Petkov)
- scsi: core: Fix a regression triggered by scsi_host_busy() (Bart Van Assche) [Orabug: 38773425] {CVE-2025-68224}
- cifs: fix typo in enable_gcm_256 module parameter (Steve French)
- bcma: don't register devices disabled in OF (Rafał Miłecki)
- vsock: Ignore signal/timeout on connect() if already established (Michal Luczaj) [Orabug: 38730610] {CVE-2025-40248}
- cifs: fix memory leak in smb3_fs_context_parse_param error path (Shaurya Rane) [Orabug: 38773403] {CVE-2025-68219}
- LoongArch: Use UAPI types in ptrace UAPI header (Thomas Weißschuh)
- af_unix: Read sk_peek_offset() again after sleeping in unix_stream_read_generic(). (Kuniyuki Iwashima)
- af_unix: Cache state->msg in unix_stream_read_generic(). (Kuniyuki Iwashima)
- devlink: rate: Unset parent pointer in devl_rate_nodes_destroy (Shay Drory) [Orabug: 38730623] {CVE-2025-40251}
- pinctrl: s32cc: initialize gpio_pin_config::list after kmalloc() (Jared Kangas)
- pinctrl: s32cc: fix uninitialized memory in s32_pinctrl_desc (Jared Kangas)
- ice: fix PTP cleanup on driver removal in error path (Grzegorz Nitka) [Orabug: 38773389] {CVE-2025-68215}
- idpf: fix possible vport_config NULL pointer deref in remove (Emil Tantilov) [Orabug: 38773956] {CVE-2025-68213}
- net: qlogic/qede: fix potential out-of-bounds read in qede_tpa_cont() and qede_tpa_end() (Pavel Zhigulin) [Orabug: 38730628] {CVE-2025-40252}
- platform/x86/intel/speed_select_if: Convert PCIBIOS_* return codes to errnos (Xu Wang)
- selftests: net: lib: Do not overwrite error messages (Ido Schimmel)
- s390/ctcm: Fix double-kfree (Aleksei Nikiforov)
- nvme-multipath: fix lockdep WARN due to partition scan work (Shin'Ichiro Kawasaki) [Orabug: 38773400] {CVE-2025-68218}
- tools: riscv: Fixed misalignment of CSR related definitions (Chen Pei)
- net: openvswitch: remove never-working support for setting nsh fields (Ilya Maximets) [Orabug: 38730647] {CVE-2025-40254}
- net: mlxsw: linecards: fix missing error check in mlxsw_linecard_devlink_info_get() (Pavel Zhigulin)
- net: dsa: hellcreek: fix missing error handling in LED registration (Pavel Zhigulin)
- drm/tegra: Add call to put_pid() (Prateek Agarwal) [Orabug: 38773463] {CVE-2025-68233}
- mlxsw: spectrum: Fix memory leak in mlxsw_sp_flower_stats() (Zilin Guan)
- platform/x86: msi-wmi-platform: Fix typo in WMI GUID (Armin Wolf)
- platform/x86: msi-wmi-platform: Only load on MSI devices (Armin Wolf)
- pinctrl: cirrus: Fix fwnode leak in cs42l43_pin_probe() (Xu Wang)
- xfrm: Prevent locally generated packets from direct output in tunnel mode (Jianbo Liu)
- xfrm: Determine inner GSO type from packet inner protocol (Jianbo Liu)
- pinctrl: realtek: Select REGMAP_MMIO for RTD driver (Yu-Chun Lin)
- xfrm: set err and extack on failure to create pcpu SA (Sabrina Dubroca)
- xfrm: drop SA reference in xfrm_state_update if dir doesn't match (Sabrina Dubroca)
- drm/amd/display: Clear the CUR_ENABLE register on DCN20 on DPP5 (Ivan Lipski)
- drm/amd/display: Fix pbn to kbps Conversion (Fangzhi Zuo)
- drm/amd/display: Move sleep into each retry for retrieve_link_cap() (Mario Limonciello)
- drm/amd/display: Increase DPCD read retries (Mario Limonciello)
- drm/amdgpu: Skip emit de meta data on gfx11 with rs64 enabled (Yifan Zha)
- drm/amd: Skip power ungate during suspend for VPE (Mario Limonciello)
- drm/radeon: delete radeon_fence_process in is_signaled, no deadlock (Robert Mcclinton) [Orabug: 38773418] {CVE-2025-68223}
- drm/tegra: dc: Fix reference leak in tegra_dc_couple() (Ma Ke)
- mptcp: do not fallback when OoO is present (Paolo Abeni)
- mptcp: decouple mptcp fastclose from tcp close (Paolo Abeni)
- mptcp: avoid unneeded subflow-level drops (Paolo Abeni)
- selftests: mptcp: join: userspace: longer timeout (Matthieu Baerts)
- selftests: mptcp: join: endpoints: longer timeout (Matthieu Baerts)
- mptcp: fix premature close in case of fallback (Paolo Abeni)
- mptcp: fix duplicate reset on fastclose (Paolo Abeni)
- mptcp: fix ack generation for fallback msk (Paolo Abeni)
- mptcp: fix race condition in mptcp_schedule_work() (Eric Dumazet) [Orabug: 38730658] {CVE-2025-40258}
- LoongArch: Don't panic if no valid cache info for PCI (Huacai Chen)
- dt-bindings: pinctrl: toshiba,visconti: Fix number of items in groups (Krzysztof Kozlowski)
- MIPS: Malta: Fix !EVA SOC-it PCI MMIO (Maciej W. Rozycki)
- scsi: target: tcm_loop: Fix segfault in tcm_loop_tpg_address_show() (Hamza Mahfooz) [Orabug: 38773439] {CVE-2025-68229}
- scsi: sg: Do not sleep in atomic context (Bart Van Assche) [Orabug: 38730661] {CVE-2025-40259}
- nvme: nvme-fc: Ensure ->ioerr_work is cancelled in nvme_fc_delete_ctrl() (Ewan D. Milne) [Orabug: 38730672] {CVE-2025-40261}
- nvme: nvme-fc: move tagset removal to nvme_fc_delete_ctrl() (Ewan D. Milne)
- nouveau/firmware: Add missing kfree() of nvkm_falcon_fw::boot (Nam Cao) [Orabug: 38773467] {CVE-2025-68235}
- mm/mempool: fix poisoning order>0 pages with HIGHMEM (Vlastimil Babka) [Orabug: 38773453] {CVE-2025-68231}
- Input: pegasus-notetaker - fix potential out-of-bounds access (Seungjin Bae)
- Input: imx_sc_key - fix memory corruption on unload (Dan Carpenter)
- Input: goodix - add support for ACPI ID GDIX1003 (Hans de Goede)
- Input: cros_ec_keyb - fix an invalid memory access (Tzung-Bi Shih) [Orabug: 38730679] {CVE-2025-40263}
- Revert "drm/tegra: dsi: Clear enable register if powered by bootloader" (Diogo Ivo)
- net: dsa: microchip: lan937x: Fix RGMII delay tuning (Oleksij Rempel)
- be2net: pass wrb_params in case of OS2BMC (Andrey Vatoropin) [Orabug: 38730688] {CVE-2025-40264}
- ata: libata-scsi: Add missing scsi_device_put() in ata_scsi_dev_rescan() (Yihang Li)
- smb: client: introduce close_cached_dir_locked() (Henrique Carvalho)
- ata: libata-scsi: Fix system suspend for a security locked drive (Niklas Cassel)
- mptcp: Fix proto fallback detection with BPF (Jiayuan Chen) [Orabug: 38773434] {CVE-2025-68227}
- mptcp: Disallow MPTCP subflows from sockmap (Jiayuan Chen)
- exfat: check return value of sb_min_blocksize in exfat_read_boot_sector (Yongpeng Yang)
- shmem: fix tmpfs reconfiguration (remount) when noswap is set (Mike Yuan)
- isofs: check the return value of sb_min_blocksize() in isofs_fill_super (Yongpeng Yang)
- mtdchar: fix integer overflow in read/write ioctls (Dan Carpenter) [Orabug: 38773476] {CVE-2025-68237}
- mtd: rawnand: cadence: fix DMA device NULL pointer dereference (Niravkumar L Rabara)
- arm64: dts: rockchip: disable HS400 on RK3588 Tiger (Quentin Schulz)
- arm64: dts: rockchip: include rk3399-base instead of rk3399 in rk3399-op1 (Quentin Schulz)
- arm64: dts: rockchip: fix PCIe 3.3V regulator voltage on orangepi-5 (Mykola Kvach)
- arm64: dts: rockchip: Fix vccio4-supply on rk3566-pinetab2 (Diederik de Haas)
- HID: quirks: work around VID/PID conflict for 0x4c4a/0x4155 (Zhang Heng)
- HID: amd_sfh: Stop sensor before starting (Mario Limonciello)
- timers: Fix NULL function pointer race in timer_shutdown_sync() (Yipeng Zou) [Orabug: 38773387] {CVE-2025-68214}
- KVM: arm64: Check the untrusted offset in FF-A memory share (Sebastian Ene) [Orabug: 38730696] {CVE-2025-40266}

ELSA-2026-3033 Important: Oracle Linux 10 munge security update

Oracle Linux Security Advisory ELSA-2026-3033

http://linux.oracle.com/errata/ELSA-2026-3033.html

The following updated rpms for Oracle Linux 10 have been uploaded to the Unbreakable Linux Network:

x86_64:
munge-0.5.15-11.el10_1.x86_64.rpm
munge-devel-0.5.15-11.el10_1.x86_64.rpm
munge-libs-0.5.15-11.el10_1.x86_64.rpm

aarch64:
munge-0.5.15-11.el10_1.aarch64.rpm
munge-devel-0.5.15-11.el10_1.aarch64.rpm
munge-libs-0.5.15-11.el10_1.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol10/SRPMS-updates/munge-0.5.15-11.el10_1.src.rpm

Related CVEs:

CVE-2026-25506

Description of changes:

[0.5.15-11]
- Fix CVE-2026-25506

ELSA-2026-2914 Important: Oracle Linux 10 grafana security update

Oracle Linux Security Advisory ELSA-2026-2914

http://linux.oracle.com/errata/ELSA-2026-2914.html

The following updated rpms for Oracle Linux 10 have been uploaded to the Unbreakable Linux Network:

x86_64:
grafana-10.2.6-22.el10_1.x86_64.rpm
grafana-selinux-10.2.6-22.el10_1.x86_64.rpm

aarch64:
grafana-10.2.6-22.el10_1.aarch64.rpm
grafana-selinux-10.2.6-22.el10_1.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol10/SRPMS-updates/grafana-10.2.6-22.el10_1.src.rpm

Related CVEs:

CVE-2025-61726
CVE-2025-61728
CVE-2025-61729
CVE-2025-68121
CVE-2026-21721

Description of changes:

[10.2.6-22]
- Resolves RHEL-144948: CVE-2026-21721
- Resolves RHEL-146721: CVE-2025-61726
- Resolves RHEL-146926: CVE-2025-61729
- Resolves RHEL-147351: CVE-2025-61728
- Resolves RHEL-149227: CVE-2025-68121

ELSA-2026-3095 Important: Oracle Linux 9 protobuf security update

Oracle Linux Security Advisory ELSA-2026-3095

http://linux.oracle.com/errata/ELSA-2026-3095.html

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

x86_64:
protobuf-3.14.0-17.el9_7.i686.rpm
protobuf-3.14.0-17.el9_7.x86_64.rpm
protobuf-compiler-3.14.0-17.el9_7.i686.rpm
protobuf-compiler-3.14.0-17.el9_7.x86_64.rpm
protobuf-devel-3.14.0-17.el9_7.i686.rpm
protobuf-devel-3.14.0-17.el9_7.x86_64.rpm
protobuf-lite-3.14.0-17.el9_7.i686.rpm
protobuf-lite-3.14.0-17.el9_7.x86_64.rpm
protobuf-lite-devel-3.14.0-17.el9_7.i686.rpm
protobuf-lite-devel-3.14.0-17.el9_7.x86_64.rpm
python3-protobuf-3.14.0-17.el9_7.noarch.rpm

aarch64:
protobuf-3.14.0-17.el9_7.aarch64.rpm
protobuf-compiler-3.14.0-17.el9_7.aarch64.rpm
protobuf-devel-3.14.0-17.el9_7.aarch64.rpm
protobuf-lite-3.14.0-17.el9_7.aarch64.rpm
protobuf-lite-devel-3.14.0-17.el9_7.aarch64.rpm
python3-protobuf-3.14.0-17.el9_7.noarch.rpm

SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates/protobuf-3.14.0-17.el9_7.src.rpm

Related CVEs:

CVE-2026-0994

Description of changes:

[3.14.0-17]
- Fix CVE-2026-0994: nested Any messages bypassing recursion depth limits

ELSA-2026-3067 Important: Oracle Linux 9 freerdp security update

Oracle Linux Security Advisory ELSA-2026-3067

http://linux.oracle.com/errata/ELSA-2026-3067.html

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

x86_64:
freerdp-2.11.7-1.el9_7.2.x86_64.rpm
freerdp-devel-2.11.7-1.el9_7.2.i686.rpm
freerdp-devel-2.11.7-1.el9_7.2.x86_64.rpm
freerdp-libs-2.11.7-1.el9_7.2.i686.rpm
freerdp-libs-2.11.7-1.el9_7.2.x86_64.rpm
libwinpr-2.11.7-1.el9_7.2.i686.rpm
libwinpr-2.11.7-1.el9_7.2.x86_64.rpm
libwinpr-devel-2.11.7-1.el9_7.2.i686.rpm
libwinpr-devel-2.11.7-1.el9_7.2.x86_64.rpm

aarch64:
freerdp-2.11.7-1.el9_7.2.aarch64.rpm
freerdp-devel-2.11.7-1.el9_7.2.aarch64.rpm
freerdp-libs-2.11.7-1.el9_7.2.aarch64.rpm
libwinpr-2.11.7-1.el9_7.2.aarch64.rpm
libwinpr-devel-2.11.7-1.el9_7.2.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates/freerdp-2.11.7-1.el9_7.2.src.rpm

Related CVEs:

CVE-2026-22855
CVE-2026-22858
CVE-2026-22859

Description of changes:

[2:2.11.7-1.2]
- Backport several CVE fixes
Resolves: RHEL-148847, RHEL-148887, RHEL-149020

ELSA-2026-3040 Important: Oracle Linux 9 grafana-pcp security update

Oracle Linux Security Advisory ELSA-2026-3040

http://linux.oracle.com/errata/ELSA-2026-3040.html

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

x86_64:
grafana-pcp-5.1.1-12.el9_7.x86_64.rpm

aarch64:
grafana-pcp-5.1.1-12.el9_7.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates/grafana-pcp-5.1.1-12.el9_7.src.rpm

Related CVEs:

CVE-2025-61726
CVE-2025-61729
CVE-2025-68121

Description of changes:

[5.1.1-12]
- Resolves RHEL-146864: CVE-2025-61726
- Resolves RHEL-147082: CVE-2025-61729
- Resolves RHEL-149622: CVE-2025-68121

ELSA-2026-2920 Important: Oracle Linux 9 grafana security update

Oracle Linux Security Advisory ELSA-2026-2920

http://linux.oracle.com/errata/ELSA-2026-2920.html

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

x86_64:
grafana-10.2.6-18.el9_7.x86_64.rpm
grafana-selinux-10.2.6-18.el9_7.x86_64.rpm

aarch64:
grafana-10.2.6-18.el9_7.aarch64.rpm
grafana-selinux-10.2.6-18.el9_7.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates/grafana-10.2.6-18.el9_7.src.rpm

Related CVEs:

CVE-2025-61726
CVE-2025-61728
CVE-2025-61729
CVE-2025-68121
CVE-2026-21721

Description of changes:

[10.2.6-17]
- Resolves RHEL-144959: CVE-2026-21721
- Resolves RHEL-146863: CVE-2025-61726
- Resolves RHEL-147081: CVE-2025-61729
- Resolves RHEL-147370: CVE-2025-61728
- Resolves RHEL-149621: CVE-2025-68121

[10.2.6-17]
- Resolves RHEL-125692: CVE-2025-58183
- Resolves RHEL-120426: Grafana-selinux prevents plugins from searching cgroups

[10.2.6-15]
- Resolves RHEL-97518: Rework grafana-selinux spec file sections
- Resolves RHEL-87861: Add additional SELinux rules for grafana-selinux package to allow LDAP connections

[10.2.6-13]
- Resolves RHEL-89953: CVE-2025-4123

[10.2.6-12]
- Resolves RHEL-85419: Move grafana home directory to /var/lib/grafana

[10.2.6-11]
- Resolves RHEL-84636: CVE-2025-30204

[10.2.6-10]
- Resolves RHEL-75919: grafana selinux issue with autofs_t

[10.2.6-9]
- Resolves RHEL-69939: allow mssql datasource in selinux policy

[10.2.6-8]
- Resolves RHEL-62312: CVE-2024-47875

[10.2.6-5]
- Resolves RHEL-47185

ELSA-2026-3034 Important: Oracle Linux 9 munge security update

Oracle Linux Security Advisory ELSA-2026-3034

http://linux.oracle.com/errata/ELSA-2026-3034.html

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

x86_64:
munge-0.5.13-14.0.1.el9_7.x86_64.rpm
munge-devel-0.5.13-14.0.1.el9_7.i686.rpm
munge-devel-0.5.13-14.0.1.el9_7.x86_64.rpm
munge-libs-0.5.13-14.0.1.el9_7.i686.rpm
munge-libs-0.5.13-14.0.1.el9_7.x86_64.rpm

aarch64:
munge-0.5.13-14.0.1.el9_7.aarch64.rpm
munge-devel-0.5.13-14.0.1.el9_7.aarch64.rpm
munge-libs-0.5.13-14.0.1.el9_7.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates/munge-0.5.13-14.0.1.el9_7.src.rpm

Related CVEs:

CVE-2026-25506

Description of changes:

[0.5.13-14.0.1]
- Updated path for removal of unneeded init file

[0.5.13-14]
- Fix CVE-2026-25506
- Resolved: RHEL-148533

ELSA-2026-2783 Important: Oracle Linux 9 nodejs:20 security update

Oracle Linux Security Advisory ELSA-2026-2783

http://linux.oracle.com/errata/ELSA-2026-2783.html

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

x86_64:
nodejs-20.20.0-1.module+el9.7.0+90815+f9676ed4.x86_64.rpm
nodejs-devel-20.20.0-1.module+el9.7.0+90815+f9676ed4.x86_64.rpm
nodejs-docs-20.20.0-1.module+el9.7.0+90815+f9676ed4.noarch.rpm
nodejs-full-i18n-20.20.0-1.module+el9.7.0+90815+f9676ed4.x86_64.rpm
nodejs-nodemon-3.0.1-1.module+el9.7.0+90815+f9676ed4.noarch.rpm
nodejs-packaging-2021.06-5.module+el9.7.0+90815+f9676ed4.noarch.rpm
nodejs-packaging-bundler-2021.06-5.module+el9.7.0+90815+f9676ed4.noarch.rpm
npm-10.8.2-1.20.20.0.1.module+el9.7.0+90815+f9676ed4.x86_64.rpm

aarch64:
nodejs-20.20.0-1.module+el9.7.0+90815+f9676ed4.aarch64.rpm
nodejs-devel-20.20.0-1.module+el9.7.0+90815+f9676ed4.aarch64.rpm
nodejs-docs-20.20.0-1.module+el9.7.0+90815+f9676ed4.noarch.rpm
nodejs-full-i18n-20.20.0-1.module+el9.7.0+90815+f9676ed4.aarch64.rpm
nodejs-nodemon-3.0.1-1.module+el9.7.0+90815+f9676ed4.noarch.rpm
nodejs-packaging-2021.06-5.module+el9.7.0+90815+f9676ed4.noarch.rpm
nodejs-packaging-bundler-2021.06-5.module+el9.7.0+90815+f9676ed4.noarch.rpm
npm-10.8.2-1.20.20.0.1.module+el9.7.0+90815+f9676ed4.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates/nodejs-20.20.0-1.module+el9.7.0+90815+f9676ed4.src.rpm
http://oss.oracle.com/ol9/SRPMS-updates/nodejs-nodemon-3.0.1-1.module+el9.7.0+90815+f9676ed4.src.rpm
http://oss.oracle.com/ol9/SRPMS-updates/nodejs-packaging-2021.06-5.module+el9.7.0+90815+f9676ed4.src.rpm

Related CVEs:

CVE-2025-55130
CVE-2025-55131
CVE-2025-55132
CVE-2025-59465
CVE-2025-59466
CVE-2026-21637

Description of changes:

nodejs
[1:20.20.0-1]
- Update to version 20.20.0
Resolves: RHEL-141917

nodejs-nodemon
[3.0.1-1]
- Rebase to 3.0.1
- Resolves: CVE-2022-25883

[2.0.20-2]
- Patch bundled glob-parent
- Resolves: CVE-2021-35065

[2.0.20-1]
- Rebase to 2.0.20
Resolves: CVE-2022-3517

[2.0.15-1]
- Resolves: RHBZ#2005419
- Resolves CVE-2020-28469
- Rebase to newest version
- Change source to npmjs.com

nodejs-packaging
[2021.06-5]
- nodejs.req to properly detect bundled deps

ELSA-2026-3031 Important: Oracle Linux 9 libpng15 security update

Oracle Linux Security Advisory ELSA-2026-3031

http://linux.oracle.com/errata/ELSA-2026-3031.html

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

x86_64:
libpng15-1.5.30-14.el9_7.1.i686.rpm
libpng15-1.5.30-14.el9_7.1.x86_64.rpm

aarch64:
libpng15-1.5.30-14.el9_7.1.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates/libpng15-1.5.30-14.el9_7.1.src.rpm

Related CVEs:

CVE-2026-25646

Description of changes:

[1.5.30-14.1]
- fix CVE-2026-25646: heap buffer overflow in png_set_quantize (RHEL-148404)

ELSA-2026-2782 Important: Oracle Linux 9 nodejs:22 security update

Oracle Linux Security Advisory ELSA-2026-2782

http://linux.oracle.com/errata/ELSA-2026-2782.html

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

x86_64:
nodejs-22.22.0-1.module+el9.7.0+90816+ad59ca7b.x86_64.rpm
nodejs-devel-22.22.0-1.module+el9.7.0+90816+ad59ca7b.x86_64.rpm
nodejs-docs-22.22.0-1.module+el9.7.0+90816+ad59ca7b.noarch.rpm
nodejs-full-i18n-22.22.0-1.module+el9.7.0+90816+ad59ca7b.x86_64.rpm
nodejs-libs-22.22.0-1.module+el9.7.0+90816+ad59ca7b.x86_64.rpm
nodejs-nodemon-3.0.1-1.module+el9.7.0+90816+ad59ca7b.noarch.rpm
nodejs-packaging-2021.06-5.module+el9.7.0+90816+ad59ca7b.noarch.rpm
nodejs-packaging-bundler-2021.06-5.module+el9.7.0+90816+ad59ca7b.noarch.rpm
npm-10.9.4-1.22.22.0.1.module+el9.7.0+90816+ad59ca7b.x86_64.rpm
v8-12.4-devel-12.4.254.21-1.22.22.0.1.module+el9.7.0+90816+ad59ca7b.x86_64.rpm

aarch64:
nodejs-22.22.0-1.module+el9.7.0+90816+ad59ca7b.aarch64.rpm
nodejs-devel-22.22.0-1.module+el9.7.0+90816+ad59ca7b.aarch64.rpm
nodejs-docs-22.22.0-1.module+el9.7.0+90816+ad59ca7b.noarch.rpm
nodejs-full-i18n-22.22.0-1.module+el9.7.0+90816+ad59ca7b.aarch64.rpm
nodejs-libs-22.22.0-1.module+el9.7.0+90816+ad59ca7b.aarch64.rpm
nodejs-nodemon-3.0.1-1.module+el9.7.0+90816+ad59ca7b.noarch.rpm
nodejs-packaging-2021.06-5.module+el9.7.0+90816+ad59ca7b.noarch.rpm
nodejs-packaging-bundler-2021.06-5.module+el9.7.0+90816+ad59ca7b.noarch.rpm
npm-10.9.4-1.22.22.0.1.module+el9.7.0+90816+ad59ca7b.aarch64.rpm
v8-12.4-devel-12.4.254.21-1.22.22.0.1.module+el9.7.0+90816+ad59ca7b.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates/nodejs-22.22.0-1.module+el9.7.0+90816+ad59ca7b.src.rpm
http://oss.oracle.com/ol9/SRPMS-updates/nodejs-nodemon-3.0.1-1.module+el9.7.0+90816+ad59ca7b.src.rpm
http://oss.oracle.com/ol9/SRPMS-updates/nodejs-packaging-2021.06-5.module+el9.7.0+90816+ad59ca7b.src.rpm

Related CVEs:

CVE-2025-55130
CVE-2025-55131
CVE-2025-55132
CVE-2025-59465
CVE-2025-59466
CVE-2026-21637

Description of changes:

nodejs
[1:22.22.0-1]
- Update to 22.22.0
Resolves: RHEL-141879

nodejs-nodemon
[3.0.1-1]
- Rebase to 3.0.1
- Resolves: CVE-2022-25883

[2.0.20-2]
- Patch bundled glob-parent
- Resolves: CVE-2021-35065

[2.0.20-1]
- Rebase to 2.0.20
Resolves: CVE-2022-3517

[2.0.15-1]
- Resolves: RHBZ#2005419
- Resolves CVE-2020-28469
- Rebase to newest version
- Change source to npmjs.com

nodejs-packaging
[2021.06-5]
- nodejs.req to properly detect bundled deps

ELBA-2026-2779 Oracle Linux 9 redis bug fix and enhancement update

Oracle Linux Bug Fix Advisory ELBA-2026-2779

http://linux.oracle.com/errata/ELBA-2026-2779.html

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

x86_64:
redis-6.2.20-3.el9_7.x86_64.rpm
redis-devel-6.2.20-3.el9_7.i686.rpm
redis-devel-6.2.20-3.el9_7.x86_64.rpm
redis-doc-6.2.20-3.el9_7.noarch.rpm

aarch64:
redis-6.2.20-3.el9_7.aarch64.rpm
redis-devel-6.2.20-3.el9_7.aarch64.rpm
redis-doc-6.2.20-3.el9_7.noarch.rpm

SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates/redis-6.2.20-3.el9_7.src.rpm

Description of changes:

[6.2.20-3]
- add sysusers.d file for user management
- add tmpfiles.d file for temporary dir management

ELBA-2026-50127 Oracle Linux 9 oracle-database-preinstall-19c bug fix update

Oracle Linux Bug Fix Advisory ELBA-2026-50127

http://linux.oracle.com/errata/ELBA-2026-50127.html

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

x86_64:
oracle-database-preinstall-19c-1.0-2.el9.x86_64.rpm

SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates/oracle-database-preinstall-19c-1.0-2.el9.src.rpm

Description of changes:

[[1.0-2.el9]]
- Use primary group of 'oracle' user for setting the vm.hugetlb_shm_group [Orabug: 37791318]
- Set ip_local_port_range to different polarity [Orabug: 36382466]
- Add the sysctl parameter vm.hugetlb_shm_group [Orabug: 37567490]
- Do not set /etc/sysconfig/network parameter [Orabug: 36605619]
- Use grubby to set boot parameters [Orabug: 36605614]
- Use systemd service for setting boot params on firstboot [Orabug: 36607029]

ELBA-2026-50117 Oracle Linux 9 udisks2 bug fix update

Oracle Linux Bug Fix Advisory ELBA-2026-50117

http://linux.oracle.com/errata/ELBA-2026-50117.html

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

x86_64:
libudisks2-2.9.4-12.0.1.el9_7.i686.rpm
libudisks2-2.9.4-12.0.1.el9_7.x86_64.rpm
udisks2-2.9.4-12.0.1.el9_7.x86_64.rpm
udisks2-btrfs-2.9.4-12.0.1.el9_7.x86_64.rpm
udisks2-iscsi-2.9.4-12.0.1.el9_7.x86_64.rpm
udisks2-lsm-2.9.4-12.0.1.el9_7.x86_64.rpm
udisks2-lvm2-2.9.4-12.0.1.el9_7.x86_64.rpm
libudisks2-devel-2.9.4-12.0.1.el9_7.i686.rpm
libudisks2-devel-2.9.4-12.0.1.el9_7.x86_64.rpm

aarch64:
libudisks2-2.9.4-12.0.1.el9_7.aarch64.rpm
udisks2-2.9.4-12.0.1.el9_7.aarch64.rpm
udisks2-btrfs-2.9.4-12.0.1.el9_7.aarch64.rpm
udisks2-iscsi-2.9.4-12.0.1.el9_7.aarch64.rpm
udisks2-lsm-2.9.4-12.0.1.el9_7.aarch64.rpm
udisks2-lvm2-2.9.4-12.0.1.el9_7.aarch64.rpm
libudisks2-devel-2.9.4-12.0.1.el9_7.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates/udisks2-2.9.4-12.0.1.el9_7.src.rpm

Description of changes:

[2.9.4-12.0.1]
- Enable btrfs support for OL supported arches [Orabug: 37464632]

[2.9.4-12]
- udiskslinuxmanager: Add lower bounds check to fd_index (CVE-2025-8067) (RHEL-109413)

ELBA-2026-2720-1 Oracle Linux 8 kernel bug fix update

Oracle Linux Bug Fix Advisory ELBA-2026-2720-1

http://linux.oracle.com/errata/ELBA-2026-2720-1.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

x86_64:
bpftool-4.18.0-553.105.1.0.1.el8_10.x86_64.rpm
kernel-4.18.0-553.105.1.0.1.el8_10.x86_64.rpm
kernel-abi-stablelists-4.18.0-553.105.1.0.1.el8_10.noarch.rpm
kernel-core-4.18.0-553.105.1.0.1.el8_10.x86_64.rpm
kernel-cross-headers-4.18.0-553.105.1.0.1.el8_10.x86_64.rpm
kernel-debug-4.18.0-553.105.1.0.1.el8_10.x86_64.rpm
kernel-debug-core-4.18.0-553.105.1.0.1.el8_10.x86_64.rpm
kernel-debug-devel-4.18.0-553.105.1.0.1.el8_10.x86_64.rpm
kernel-debug-modules-4.18.0-553.105.1.0.1.el8_10.x86_64.rpm
kernel-debug-modules-extra-4.18.0-553.105.1.0.1.el8_10.x86_64.rpm
kernel-devel-4.18.0-553.105.1.0.1.el8_10.x86_64.rpm
kernel-doc-4.18.0-553.105.1.0.1.el8_10.noarch.rpm
kernel-headers-4.18.0-553.105.1.0.1.el8_10.x86_64.rpm
kernel-modules-4.18.0-553.105.1.0.1.el8_10.x86_64.rpm
kernel-modules-extra-4.18.0-553.105.1.0.1.el8_10.x86_64.rpm
kernel-tools-4.18.0-553.105.1.0.1.el8_10.x86_64.rpm
kernel-tools-libs-4.18.0-553.105.1.0.1.el8_10.x86_64.rpm
kernel-tools-libs-devel-4.18.0-553.105.1.0.1.el8_10.x86_64.rpm
perf-4.18.0-553.105.1.0.1.el8_10.x86_64.rpm
python3-perf-4.18.0-553.105.1.0.1.el8_10.x86_64.rpm

SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates/kernel-4.18.0-553.105.1.0.1.el8_10.src.rpm

Description of changes:

[4.18.0-553.105.1.0.1]
- scsi: core: Restrict legal sdev_state transitions via sysfs (Uday Shankar) [Orabug: 37778230]

[4.18.0-553.105.1]
- Update Oracle Linux certificates (Kevin Lyons)
- Disable signing for aarch64 (Ilya Okomin)
- Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237]
- Update x509.genkey [Orabug: 24817676]
- Conflict with shim-ia32 and shim-x64 lock when cleanup hci_conn (David Marlin) [RHEL-137111] {CVE-2023-53762}
- Bluetooth: Move hci_abort_conn to hci_conn.c (David Marlin) [RHEL-137111] {CVE-2023-53762}
- Bluetooth: mgmt: Fix using hci_conn_abort (David Marlin) [RHEL-137111] {CVE-2023-53762}
- Bluetooth: hci_conn: Fix hci_connect_le_sync (David Marlin) [RHEL-137111] {CVE-2023-53762}
- Bluetooth: hci_sync: Cleanup hci_conn if it cannot be aborted (David Marlin) [RHEL-137111] {CVE-2023-53762}
- Bluetooth: hci_event: Fix checking for invalid handle on error status (David Marlin) [RHEL-137111] {CVE-2023-53762}
- Bluetooth: call hci_le_conn_failed with hdev lock in hci_le_conn_failed (David Marlin) [RHEL-137111] {CVE-2023-53762}
- Bluetooth: hci_sync: fix undefined return of hci_disconnect_all_sync() (David Marlin) [RHEL-137111] {CVE-2023-53762}
- Bluetooth: hci_event: Ignore multiple conn complete events (David Marlin) [RHEL-137111] {CVE-2023-53762}
- Bluetooth: fix null ptr deref on hci_sync_conn_complete_evt (David Marlin) [RHEL-137111] {CVE-2023-53762}
- fbdev: Add bounds checking in bit_putcs to fix vmalloc-out-of-bounds (CKI Backport Bot) [RHEL-137678] {CVE-2025-40304}
- gfs2: Fix duplicate should_fault_in_pages() call (Andreas Gruenbacher) [RHEL-130505]
- smc: Use __sk_dst_get() and dst_dev_rcu() in smc_clc_prfx_match(). (Mete Durlu) [RHEL-130012] {CVE-2025-40168}

ELSA-2026-2231 Important: Oracle Linux 7 firefox security update

Oracle Linux Security Advisory ELSA-2026-2231

http://linux.oracle.com/errata/ELSA-2026-2231.html

The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network:

x86_64:
firefox-140.7.0-1.0.1.el7_9.x86_64.rpm

SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/firefox-140.7.0-1.0.1.el7_9.src.rpm

Related CVEs:

CVE-2025-14327
CVE-2026-0877
CVE-2026-0878
CVE-2026-0879
CVE-2026-0880
CVE-2026-0882
CVE-2026-0883
CVE-2026-0884
CVE-2026-0885
CVE-2026-0886
CVE-2026-0887
CVE-2026-0890
CVE-2026-0891

Description of changes:

[140.7.0-1.0.1]
- Update to 140.7.0 ESR [Orabug: 38940976][CVE-2025-14327][CVE-2026-0877]
[CVE-2026-0878][CVE-2026-0879][CVE-2026-0880][CVE-2026-0882][CVE-2026-0883]
[CVE-2026-0884][CVE-2026-0885][CVE-2026-0886][CVE-2026-0887][CVE-2026-0890]
[CVE-2026-0891]

[140.6.0-1.0.1]
- Update to 140.6.0 ESR [Orabug: 38813993][CVE-2025-14321][CVE-2025-14322]
[CVE-2025-14323][CVE-2025-14324][CVE-2025-14325][CVE-2025-14328]
[CVE-2025-14329][CVE-2025-14330][CVE-2025-14331][CVE-2025-14333]

[140.5.0-1.0.1]
- Update to 140.5.0 ESR [Orabug: 38708474][CVE-2025-13012][CVE-2025-13013]
[CVE-2025-13014][CVE-2025-13015][CVE-2025-13016][CVE-2025-13017]
[CVE-2025-13018][CVE-2025-13019][CVE-2025-13020]

[140.4.0-4.0.1]
- Update to 140.4.0 ESR [Orabug: 38595697][CVE-2025-11708][CVE-2025-11709]
[CVE-2025-11710][CVE-2025-11711][CVE-2025-11712][CVE-2025-11714]
[CVE-2025-11715]

[140.3.0-1.0.1]
- Update to 140.3.0 [Orabug: 38509157][CVE-2025-10527][CVE-2025-10528]
[CVE-2025-10529][CVE-2025-10532][CVE-2025-10533][CVE-2025-10536]
[CVE-2025-10537]
- Disable SVE parts of libyuv if not supported [Orabug: 38509157]

[128.14.0-2.0.1]
- Update to 128.14.0 [Orabug: 38400668][CVE-2025-9179][CVE-2025-9180]
[CVE-2025-9181][CVE-2025-9182][CVE-2025-9185]

[128.13.0-1.0.1]
- Update to 128.13.0 [Orabug: 38256809][CVE-2025-8027][CVE-2025-8028]
[CVE-2025-8029][CVE-2025-8030][CVE-2025-8031][CVE-2025-8032][CVE-2025-8033]
[CVE-2025-8034][CVE-2025-8035]

[128.12.0-1.0.1]
- Update to 128.12.0 [Orabug: 38141310][CVE-2025-6424][CVE-2025-6425]
[CVE-2025-6429][CVE-2025-6430]

[128.11.0-1.0.1]
- Update to 128.11.0 [Orabug: 38077559][CVE-2025-5263][CVE-2025-5264]
[CVE-2025-5266][CVE-2025-5267][CVE-2025-5268][CVE-2025-5269]

[128.10.1-1.0.1]
- Update to 128.10.1 [Orabug: 38028280][CVE-2025-4918][CVE-2025-4919]

ELSA-2026-0847 Important: Oracle Linux 7 java-11-openjdk security update

Oracle Linux Security Advisory ELSA-2026-0847

http://linux.oracle.com/errata/ELSA-2026-0847.html

The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network:

x86_64:
java-11-openjdk-11.0.31.0.1-1.0.1.el7_9.x86_64.rpm
java-11-openjdk-11.0.31.0.1-1.0.1.el7_9.i686.rpm
java-11-openjdk-demo-11.0.31.0.1-1.0.1.el7_9.i686.rpm
java-11-openjdk-demo-11.0.31.0.1-1.0.1.el7_9.x86_64.rpm
java-11-openjdk-devel-11.0.31.0.1-1.0.1.el7_9.i686.rpm
java-11-openjdk-devel-11.0.31.0.1-1.0.1.el7_9.x86_64.rpm
java-11-openjdk-headless-11.0.31.0.1-1.0.1.el7_9.i686.rpm
java-11-openjdk-headless-11.0.31.0.1-1.0.1.el7_9.x86_64.rpm
java-11-openjdk-javadoc-11.0.31.0.1-1.0.1.el7_9.i686.rpm
java-11-openjdk-javadoc-11.0.31.0.1-1.0.1.el7_9.x86_64.rpm
java-11-openjdk-javadoc-zip-11.0.31.0.1-1.0.1.el7_9.i686.rpm
java-11-openjdk-javadoc-zip-11.0.31.0.1-1.0.1.el7_9.x86_64.rpm
java-11-openjdk-jmods-11.0.31.0.1-1.0.1.el7_9.i686.rpm
java-11-openjdk-jmods-11.0.31.0.1-1.0.1.el7_9.x86_64.rpm
java-11-openjdk-src-11.0.31.0.1-1.0.1.el7_9.i686.rpm
java-11-openjdk-src-11.0.31.0.1-1.0.1.el7_9.x86_64.rpm
java-11-openjdk-static-libs-11.0.31.0.1-1.0.1.el7_9.i686.rpm
java-11-openjdk-static-libs-11.0.31.0.1-1.0.1.el7_9.x86_64.rpm

SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/java-11-openjdk-11.0.31.0.1-1.0.1.el7_9.src.rpm

Related CVEs:

CVE-2025-64720
CVE-2025-65018
CVE-2026-21925
CVE-2026-21933
CVE-2026-21945

Description of changes:

[1:11.0.31.0.1-1.0.1]
- Update to jdk-11.0.31+1 [Orabug: 38950473]
- Fixes CVE-2025-64720 CVE-2025-65018 CVE-2026-21925
- CVE-2026-21933 CVE-2026-21945

ELSA-2026-1677 Important: Oracle Linux 7 gnupg2 security update

Oracle Linux Security Advisory ELSA-2026-1677

http://linux.oracle.com/errata/ELSA-2026-1677.html

The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network:

x86_64:
gnupg2-2.0.22-5.0.1.el7_5.x86_64.rpm
gnupg2-smime-2.0.22-5.0.1.el7_5.x86_64.rpm

SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/gnupg2-2.0.22-5.0.1.el7_5.src.rpm

Related CVEs:

CVE-2025-68973

Description of changes:

[2.0.22-5.0.1]
- Fix CVE-2025-68973 (gpg.fail/memcpy) [Orabug: 38914175]

ELSA-2026-0755 Important: Oracle Linux 7 kernel security update

Oracle Linux Security Advisory ELSA-2026-0755

http://linux.oracle.com/errata/ELSA-2026-0755.html

The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network:

x86_64:
bpftool-3.10.0-1160.119.1.0.17.el7.x86_64.rpm
kernel-3.10.0-1160.119.1.0.17.el7.x86_64.rpm
kernel-abi-whitelists-3.10.0-1160.119.1.0.17.el7.noarch.rpm
kernel-debug-3.10.0-1160.119.1.0.17.el7.x86_64.rpm
kernel-debug-devel-3.10.0-1160.119.1.0.17.el7.x86_64.rpm
kernel-devel-3.10.0-1160.119.1.0.17.el7.x86_64.rpm
kernel-doc-3.10.0-1160.119.1.0.17.el7.noarch.rpm
kernel-headers-3.10.0-1160.119.1.0.17.el7.x86_64.rpm
kernel-tools-3.10.0-1160.119.1.0.17.el7.x86_64.rpm
kernel-tools-libs-3.10.0-1160.119.1.0.17.el7.x86_64.rpm
kernel-tools-libs-devel-3.10.0-1160.119.1.0.17.el7.x86_64.rpm
perf-3.10.0-1160.119.1.0.17.el7.x86_64.rpm
python-perf-3.10.0-1160.119.1.0.17.el7.x86_64.rpm

SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/kernel-3.10.0-1160.119.1.0.17.el7.src.rpm

Related CVEs:

CVE-2023-53675
CVE-2023-53705
CVE-2025-37823
CVE-2025-68285

Description of changes:

[3.10.0-1160.119.1.0.17]
- scsi: ses: Fix possible desc_ptr out-of-bounds accesses {CVE-2023-53675} [Orabug: 38860426]
- ipv6: Fix out-of-bounds access in ipv6_find_tlv() {CVE-2023-53705} [Orabug: 38860426]
- net_sched: hfsc: Fix a potential UAF in hfsc_dequeue() too {CVE-2025-37823} [Orabug: 38860426]
- libceph: fix potential use-after-free in have_mon_and_osd_map() {CVE-2025-68285} [Orabug: 38860426]

[3.10.0-1160.119.1.0.16]
- net: sched: sfb: fix null pointer access issue when sfb_init() fails {CVE-2022-50356} [Orabug: 38790244]
- fs: fix UAF/GPF bug in nilfs_mdt_destroy {CVE-2022-50367} [Orabug: 38790244]
- iomap: iomap: fix memory corruption when recording {CVE-2022-50406} [Orabug: 38790244]
- mm: fix zswap writeback race condition {CVE-2023-53178} [Orabug: 38790244]
- Bluetooth: L2CAP: fix "bad unlock balance" in l2cap_disconnect_rsp {CVE-2023-53297} [Orabug: 38790244]
- scsi: qla2xxx: Wait for io return on terminate rport {CVE-2023-53322} [Orabug: 38790244]
- ALSA: usb-audio: Validate UAC3 power domain descriptors, too {CVE-2025-38729} [Orabug: 38790244]
- ALSA: usb-audio: Validate UAC3 cluster segment descriptors {CVE-2025-39757} [Orabug: 38790244]
- tcp: fix potential double free issue for fastopen_req [Orabug: 38790244]
- tcp: Clear tcp_sk(sk)->fastopen_rsk in tcp_disconnect() {CVE-2025-39955} [Orabug: 38790244]
- NFSD: Protect against send buffer overflow in NFSv2 READ {CVE-2022-50410} [Orabug: 38790244]
- ext4: fix undefined behavior in bit shift for ext4_check_flag_values {CVE-2022-50403} [Orabug: 38790244]

[3.10.0-1160.119.1.0.15]
- Bluetooth: L2CAP: fix use-after-free in l2cap_conn_del() {CVE-2022-3640} [Orabug: 38742878]
- Bluetooth: L2CAP: Fix use-after-free caused by l2cap_chan_put [Orabug: 38742878]
- Bluetooth: L2CAP: Fix user-after-free {CVE-2022-50386} [Orabug: 38742878]
- wifi: brcmfmac: fix use-after-free bug in brcmf_netdev_start_xmit() {CVE-2022-50408} [Orabug: 38742878]
- Bluetooth: L2CAP: Fix use-after-free {CVE-2023-53305} [Orabug: 38742878]
- ip6mr: Fix skb_under_panic in ip6mr_cache_report() {CVE-2023-53365} [Orabug: 38742878]
- sctp: linearize cloned gso packets in sctp_rcv {CVE-2025-38718} [Orabug: 38742878]

[3.10.0-1160.119.1.0.14]
- HID: core: fix shift-out-of-bounds in hid_report_raw_event {CVE-2022-48978} [Orabug: 38644370]
- crypto: seqiv - Handle EBUSY correctly {CVE-2023-53373} [Orabug: 38644370]
- nfsd: don't ignore the return code of svc_proc_register() {CVE-2025-22026} [Orabug: 38644370]
- net_sched: hfsc: Fix a UAF vulnerability in class handling {CVE-2025-37797} [Orabug: 38644370]
- HID: core: Harden s32ton() against conversion to 0 bits {CVE-2025-38556} [Orabug: 38644370]
- ALSA: hda/ca0132: Fix buffer overflow in add_tuning_control {CVE-2025-39751} [Orabug: 38644370]

[3.10.0-1160.119.1.0.13]
- ALSA: usb-audio: Fix an out-of-bounds bug in __snd_usb_parse_audio_interface() {CVE-2022-48701} [Orabug: 38493400]
- md-raid10: fix KASAN warning {CVE-2022-50211} [Orabug: 38493400]
- ALSA: bcd2000: Fix a UAF bug on the error path of probing {CVE-2022-50229} [Orabug: 38493400]
- net: usb: smsc75xx: Limit packet length to skb->len {CVE-2023-53125} [Orabug: 38493400]
- i40e: fix MMIO write access to an invalid page in i40e_clear_hw {CVE-2025-38200} [Orabug: 38493400]
- net/sched: sch_qfq: Fix race condition on qfq_aggregate {CVE-2025-38477} [Orabug: 38493400]

[3.10.0-1160.119.1.0.12]
- scsi: lpfc: Use memcpy() for BIOS version (CVE-2025-38332) [Orabug: 38414589]
- posix-cpu-timers: fix race between handle_posix_cpu_timers() and posix_cpu_timer_del() (CVE-2025-38352) [Orabug: 38414589]

[3.10.0-1160.119.1.0.11]
- kernel: media: uvcvideo: Fix double free in error path (CVE-2024-57980)
- kernel: HID: intel-ish-hid: Fix use-after-free issue in ishtp_hid_remove() (CVE-2025-21928)
- kernel: ext4: fix off-by-one error in do_split (CVE-2025-23150)
- kernel: misc/vmw_vmci: fix an infoleak in vmci_host_do_receive_datagram() (CVE-2022-49788)
- kernel: sch_hfsc: Fix qlen accounting bug when using peek in hfsc_enqueue() (CVE-2025-38000)
- kernel: ext4: avoid resizing to a partial cluster size (CVE-2022-50020)
- kernel: drivers:md:fix a potential use-after-free bug (CVE-2022-50022)
- kernel: sch_hfsc: make hfsc_qlen_notify() idempotent (CVE-2025-38177)
- kernel: net/sched: Always pass notifications when child class becomes empty (CVE-2025-38350)
- crypto: algif_hash - fix double free in hash_accept (CVE-2025-38079)

[3.10.0-1160.119.1.0.10]
- net: atlantic: fix aq_vec index out of range error (Chia-Lin Kao) {CVE-2022-50066} [Orabug: 38201271]
- net: atm: fix use after free in lec_send() (Dan Carpenter) {CVE-2025-22004} [Orabug: 38201271]

[3.10.0-1160.119.1.0.9]
- netfilter: ipset: add missing range check in bitmap_ip_uadt (Jeongjun Park) {CVE-2024-53141} [Orabug: 37964173]
- Update OL SB certificates
- Add new Oracle Linux Driver Signing (key 1) certificate [Orabug: 37985797]

[3.10.0-1160.119.1.0.8]
- ALSA: usb-audio: Fix out of bounds reads when finding clock sources (Takashi Iwai) {CVE-2024-53150} [Orabug: 37830084]

Glib2.0 security update for Debian 11 LTS

FreeRDP, Kernel, Grafana, and more updates for RHEL

Grafana-PCP, FreeRDP, Kernel, and more updates for Oracle Linux

ELSA-2026-3092 Important: Oracle Linux 10 golang-github-openprinting-ipp-usb security update

ELSA-2026-3035 Important: Oracle Linux 10 grafana-pcp security update

ELSA-2026-3068 Important: Oracle Linux 10 freerdp security update

ELSA-2026-3094 Important: Oracle Linux 10 protobuf security update

ELSA-2026-50112 Important: Unbreakable Enterprise kernel security update

ELSA-2026-50112 Important: Oracle Linux 9 Unbreakable Enterprise kernel security update

ELSA-2026-3033 Important: Oracle Linux 10 munge security update

ELSA-2026-2914 Important: Oracle Linux 10 grafana security update

ELSA-2026-3095 Important: Oracle Linux 9 protobuf security update

ELSA-2026-3067 Important: Oracle Linux 9 freerdp security update

ELSA-2026-3040 Important: Oracle Linux 9 grafana-pcp security update

ELSA-2026-2920 Important: Oracle Linux 9 grafana security update

ELSA-2026-3034 Important: Oracle Linux 9 munge security update

ELSA-2026-2783 Important: Oracle Linux 9 nodejs:20 security update

ELSA-2026-3031 Important: Oracle Linux 9 libpng15 security update

ELSA-2026-2782 Important: Oracle Linux 9 nodejs:22 security update

ELBA-2026-2779 Oracle Linux 9 redis bug fix and enhancement update

ELBA-2026-50127 Oracle Linux 9 oracle-database-preinstall-19c bug fix update

ELBA-2026-50117 Oracle Linux 9 udisks2 bug fix update

ELBA-2026-2720-1 Oracle Linux 8 kernel bug fix update

ELSA-2026-2231 Important: Oracle Linux 7 firefox security update

ELSA-2026-0847 Important: Oracle Linux 7 java-11-openjdk security update

ELSA-2026-1677 Important: Oracle Linux 7 gnupg2 security update

ELSA-2026-0755 Important: Oracle Linux 7 kernel security update

Windows

Linux

macOS

Community