Alerts This Week
Warning Icon 1 485
Alerts This Week
Warning Icon 1 485

Oracle Linux 9 Kernel Important Security Fix ELSA-2026-50372

oracle
Calendar Grey July 6, 2026
Oracle Linux Logo Esm H88
Oracle Linux 9 has released security advisories for kernel vulnerabilities. Critical updates are essential to protect systems.
The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

Summary

[6.12.0-204.92.4.2] - KVM: x86: Fix shadow paging use-after-free due to unexpected role (Paolo Bonzini) [Orabug: 39673880] - net/sched: fix pedit partial COW leading to page cache corruption (Rajat Gupta) {CVE-2026-46331} - net_sched: act_pedit: use RCU in tcf_pedit_dump() (Eric Dumazet) [Orabug: 39668752] - eventpoll: fix ep_remove struct eventpoll / struct file UAF (Christian Brauner) [Orabug: 39668743] {CVE-2026-46242} - eventpoll: move epi_fget() up (Christian Brauner) [Orabug: 39668743] - eventpoll: rename ep_remove_safe() back to ep_remove() (Christian Brauner) [Orabug: 39668743] - eventpoll: drop vestigial __ prefix from ep_remove_{file,epi}() (Christian Brauner) [Orabug: 39668743] - eventpoll: kill __ep_remove() (Christian Brauner) [Orabug: 39668743] - eventpoll: split __ep_remove() (Christian Brauner) [Orabug: 39668743] - eventpoll: use hlist_is_singular_node() in __ep_remove() (Christian Brauner) [Orabug: 39668743] [6.12.0-204.92.4.1] - net: skbuff: fix missi...

Read the Full Advisory

SRPMs

http://oss.oracle.com/ol9/SRPMS-updates/kernel-uek-6.12.0-204.92.4.2.el9uek.src.rpm

x86_64

kernel-uek-6.12.0-204.92.4.2.el9uek.x86_64.rpm kernel-uek-core-6.12.0-204.92.4.2.el9uek.x86_64.rpm kernel-uek-debug-6.12.0-204.92.4.2.el9uek.x86_64.rpm kernel-uek-debug-core-6.12.0-204.92.4.2.el9uek.x86_64.rpm kernel-uek-debug-devel-6.12.0-204.92.4.2.el9uek.x86_64.rpm kernel-uek-debug-modules-6.12.0-204.92.4.2.el9uek.x86_64.rpm kernel-uek-debug-modules-core-6.12.0-204.92.4.2.el9uek.x86_64.rpm kernel-uek-debug-modules-deprecated-6.12.0-204.92.4.2.el9uek.x86_64.rpm kernel-uek-debug-modules-desktop-6.12.0-204.92.4.2.el9uek.x86_64.rpm kernel-uek-debug-modules-extra-6.12.0-204.92.4.2.el9uek.x86_64.rpm kernel-uek-debug-modules-extra-netfilter-6.12.0-204.92.4.2.el9uek.x86_64.rpm kernel-uek-debug-modules-usb-6.12.0-204.92.4.2.el9uek.x86_64.rpm kernel-uek-debug-modules-wireless-6.12.0-204.92.4.2.el9uek.x86_64.rpm kernel-uek-devel-6.12.0-204.92.4.2.el9uek.x86_64.rpm kernel-uek-doc-6.12.0-204.92.4.2.el9uek.noarch.rpm kernel-uek-modules-6.12.0-204.92.4.2.el9uek.x86_64.rpm kernel-uek-modules-cor...

Read the Full Advisory

aarch64

kernel-uek-6.12.0-204.92.4.2.el9uek.aarch64.rpm kernel-uek-core-6.12.0-204.92.4.2.el9uek.aarch64.rpm kernel-uek-debug-6.12.0-204.92.4.2.el9uek.aarch64.rpm kernel-uek-debug-core-6.12.0-204.92.4.2.el9uek.aarch64.rpm kernel-uek-debug-devel-6.12.0-204.92.4.2.el9uek.aarch64.rpm kernel-uek-debug-modules-6.12.0-204.92.4.2.el9uek.aarch64.rpm kernel-uek-debug-modules-core-6.12.0-204.92.4.2.el9uek.aarch64.rpm kernel-uek-debug-modules-deprecated-6.12.0-204.92.4.2.el9uek.aarch64.rpm kernel-uek-debug-modules-desktop-6.12.0-204.92.4.2.el9uek.aarch64.rpm kernel-uek-debug-modules-extra-6.12.0-204.92.4.2.el9uek.aarch64.rpm kernel-uek-debug-modules-extra-netfilter-6.12.0-204.92.4.2.el9uek.aarch64.rpm kernel-uek-debug-modules-usb-6.12.0-204.92.4.2.el9uek.aarch64.rpm kernel-uek-debug-modules-wireless-6.12.0-204.92.4.2.el9uek.aarch64.rpm kernel-uek-devel-6.12.0-204.92.4.2.el9uek.aarch64.rpm kernel-uek-doc-6.12.0-204.92.4.2.el9uek.noarch.rpm kernel-uek-modules-6.12.0-204.92.4.2.el9uek.aarch64.rpm kernel-uek-modules-extra-6.12.0-204.92.4.2.el9uek.aarch64.rpm kernel-uek-modules-core-6.12.0-204.92.4.2.el9uek.aarch64.rpm kernel-uek-modules-deprecated-6.12.0-204.92.4.2.el9uek.aarch64.rpm kernel-uek-modules-desktop-6.12.0-204.92.4.2.el9uek.aarch64.rpm kernel-uek-modules-extra-netfilter-6.12.0-204.92.4.2.el9uek.aarch64.rpm kernel-uek-modules-usb-6.12.0-204.92.4.2.el9uek.aarch64.rpm kernel-uek-modules-wireless-6.12.0-204.92.4.2.el9uek.aarch64.rpm kernel-uek-tools-6.12.0-204.92.4.2.el9uek.aarch64.rpm kernel-uek64k-6.12.0-204.92.4.2.el9uek.aarch64.rpm kernel-uek64k-core-6.12.0-204.92.4.2.el9uek.aarch64.rpm kernel-uek64k-devel-6.12.0-204.92.4.2.el9uek.aarch64.rpm kernel-uek64k-modules-6.12.0-204.92.4.2.el9uek.aarch64.rpm kernel-uek64k-modules-core-6.12.0-204.92.4.2.el9uek.aarch64.rpm kernel-uek64k-modules-deprecated-6.12.0-204.92.4.2.el9uek.aarch64.rpm kernel-uek64k-modules-desktop-6.12.0-204.92.4.2.el9uek.aarch64.rpm kernel-uek64k-modules-extra-6.12.0-204.92.4.2.el9uek.aarch64.rpm kernel-uek64k-modules-extra-netfilter-6.12.0-204.92.4.2.el9uek.aarch64.rpm kernel-uek64k-modules-usb-6.12.0-204.92.4.2.el9uek.aarch64.rpm kernel-uek64k-modules-wireless-6.12.0-204.92.4.2.el9uek.aarch64.rpm - uek-rpm/config-aarch64: Enable Vera firmware and memory attribute support (Vijay Kumar) [Orabug: 39387242] - NVIDIA: VR: SAUCE: arm64: Add workaround to convert MT_NORMAL_NC to Device-nGnRE (Shanker Donthineni) [Orabug: 39387242] - NVIDIA: VR: SAUCE: firmware: smccc: lfa: fix work item re-initialization race (Nirmoy Das) [Orabug: 39387242] - NVIDIA: VR: SAUCE: firmware: smccc: lfa: handle LFA_BUSY and improve SMC retry pacing (Vedashree Vidwans) [Orabug: 39387242] - NVIDIA: VR: CCA: SAUCE: arm_pmu: Provide a mechanism for disabling the physical IRQ (Steven Price) [Orabug: 39387242] - NVIDIA: VR: SAUCE: firmware: smccc: register as platform driver (Vedashree Vidwans) [Orabug: 39387242] - NVIDIA: VR: SAUCE: firmware: smccc: add timeout, touch wdt (Vedashree Vidwans) [Orabug: 39387242] - NVIDIA: VR: SAUCE: firmware: smccc: add support for Live Firmware Activation (LFA) (Salman Nabi) [Orabug: 39387242] - NVIDIA: VR: SAUCE: iommu/arm-smmu-v3: Allow ATS to be always on (Nicolin Chen) [Orabug: 39387242] - NVIDIA: VR: SAUCE: PCI: Allow ATS to be always on for non-CXL NVIDIA GPUs (Nicolin Chen) [Orabug: 39387242] - NVIDIA: VR: SAUCE: PCI: Allow ATS to be always on for CXL.cache capable devices (Nicolin Chen) [Orabug: 39387242] - NVIDIA: VR: SAUCE: soc/tegra: pmc: Add PMC support for Tegra410 (Kartik Rajput) [Orabug: 39387242] - soc/tegra: pmc: Add Tegra264 support (Thierry Reding) [Orabug: 39387242] - NVIDIA: VR: SAUCE: soc/tegra: misc: Use SMCCC to get chipid (Kartik Rajput) [Orabug: 39387242] - tun: free page on build_skb failure in tun_xdp_one() (Weiming Shi) [Orabug: 39429137] - tap: free page on error paths in tap_get_user_xdp() (Weiming Shi) [Orabug: 39429137] - tun: free page on short-frame rejection in tun_xdp_one() (Weiming Shi) [Orabug: 39429137] - uek-rpm: disable kABI size checks in debug configs (Saeed Mirzamohammadi) [Orabug: 39442662] - smb: client: reject userspace cifs.spnego descriptions (Asim Viladi Oglu Manizada) [Orabug: 39463671] {CVE-2026-46243} [6.12.0-204.87.2] - Reapply "x86/kexec: add a sanity check on previous kernel's ima kexec buffer" (Harshit Mogalapalli) [Orabug: 39419018] - net: skbuff: propagate shared-frag marker through frag-transfer helpers (Hyunwoo Kim) [Orabug: 39368826,39441323] {CVE-2026-43503,CVE-2026-46300} - net: skbuff: preserve shared-frag marker during coalescing (William Bowling) [Orabug: 39368826] {CVE-2026-46300} - LTS version: v6.12.87 (Sherry Yang) - LTS version: v6.12.86 (Sherry Yang) - netfilter: reject zero shift in nft_bitwise (Kai Ma) [Orabug: 39452464] {CVE-2026-46101} - net: ipv6: fix NOREF dst use in seg6 and rpl lwtunnels (Andrea Mayer) [Orabug: 39452457] {CVE-2026-46099} - ALSA: caiaq: fix usb_dev refcount leak on probe failure (Deepanshu Kartikey) [Orabug: 39452739] {CVE-2026-46048} - drm/amdgpu: fix zero-size GDS range init on RDNA4 (Arjan van de Ven) - ipv6: rpl: reserve mac_len headroom when recompressed SRH grows (Greg Kroah-Hartman) [Orabug: 39426003] {CVE-2026-43501} - ALSA: caiaq: Don't abort when no input device is available (Takashi Iwai) - ALSA: caiaq: Fix potentially leftover ep1_in_urb at error path (Takashi Iwai) [Orabug: 39452746] {CVE-2026-45992} - net: bonding: fix use-after-free in bond_xmit_broadcast() (Xiang Mei) [Orabug: 39205989] {CVE-2026-31419} - crypto: authencesn - reject short ahash digests during instance creation (Yucheng Lu) [Orabug: 39452231] {CVE-2026-46033} - mm: prevent droppable mappings from being locked (Anthony Yznaga) - spi: fix resource leaks on device setup failure (Johan Hovold) [Orabug: 39452400] {CVE-2026-46083} - net: qrtr: ns: Limit the total number of nodes (Manivannan Sadhasivam) [Orabug: 39452123] {CVE-2026-46003} - net: mctp: fix don't require received header reserved bits to be zero (Yuanzhaoming) - net: bridge: use a stable FDB dst snapshot in RCU readers (Zhengchuan Liang) [Orabug: 39452411] {CVE-2026-46086} - net: qrtr: ns: Limit the maximum number of lookups (Manivannan Sadhasivam) [Orabug: 39452207] {CVE-2026-46026} - net: qrtr: ns: Limit the maximum server registration per node (Manivannan Sadhasivam) [Orabug: 39410851] {CVE-2026-43491} - iio: frequency: admv1013: fix NULL pointer dereference on str (Antoniu Miclaus) - iio: frequency: admv1013: add dev variable (Antoniu Miclaus) - block: relax pgmap check in bio_add_page for compatible zone device pages (Naman Jain) - RDMA/mana_ib: Disable RX steering on RSS QP destroy (Long Li) [Orabug: 39452406] {CVE-2026-46084} - media: rc: igorplugusb: heed coherency rules (Oliver Neukum) [Orabug: 39452432] {CVE-2026-46091} - ALSA: aoa: Skip devices with no codecs in i2sbus_resume() (Thorsten Blum) - media: rc: ttusbir: respect DMA coherency rules (Oliver Neukum) - mm/zsmalloc: copy KMSAN metadata in zs_page_migrate() (Shigeru Yoshida) - ALSA: aoa: i2sbus: clear stale prepared state (Cássio Gabriel) - ALSA: aoa: Use guard() for mutex locks (Takashi Iwai) - mm: migrate: requeue destination folio on deferred split queue (Usama Arif) - mm/migrate: move movable_ops page handling out of move_to_new_folio() (David Hildenbrand) - mm/migrate: factor out movable_ops page handling into migrate_movable_ops_page() (David Hildenbrand) - wifi: mwifiex: fix use-after-free in mwifiex_adapter_cleanup() (Daniel Hodges) [Orabug: 39452343] {CVE-2026-46069} - wifi: mt76: mt792x: fix mt7925u USB WFSYS reset handling (Sean Wang) - wifi: mt76: mt792x: describe USB WFSYS reset with a descriptor (Sean Wang) - thermal: core: Fix thermal zone governor cleanup issues (Rafael J. Wysocki) [Orabug: 39452186] {CVE-2026-46021} - ksmbd: reset rcount per connection in ksmbd_conn_wait_idle_sess_id() (Daemyung Kang) - ksmbd: replace connection list with hash table (Namjae Jeon) - ksmbd: use msleep instaed of schedule_timeout_interruptible() (Namjae Jeon) - f2fs: fix to do sanity check on dcc->discard_cmd_cnt conditionally (Chao Yu) - lib: test_hmm: evict device pages on file close to avoid use-after-free (Alistair Popple) - f2fs: fix UAF caused by decrementing sbi->nr_pages[] in f2fs_write_end_io() (Yongpeng Yang) - smb: client: validate the whole DACL before rewriting it in cifsacl (Michael Bommarito) [Orabug: 39300611] {CVE-2026-31709} - seg6: fix seg6 lwtunnel output redirect for L2 reduced encap mode (Andrea Mayer) - scsi: sd: fix missing put_disk() when device_add(&disk_dev) fails (Yang Xiuwei) [Orabug: 39452100] {CVE-2026-45997} - rtmutex: Use waiter::task instead of current in remove_waiter() (Keenan Dong) [Orabug: 39425998] {CVE-2026-43499} - ntfs3: fix integer overflow in run_unpack() volume boundary check (Tobi Gaertner) - ntfs3: add buffer boundary checks to run_unpack() (Tobi Gaertner) - ktest: Fix the month in the name of the failure directory (Steven Rostedt) - ceph: only d_add() negative dentries when they are unhashed (Max Kellermann) [Orabug: 39452291] {CVE-2026-46052} - dm mirror: fix integer overflow in create_dirty_log() (Junrui Luo) [Orabug: 39452196] {CVE-2026-46023} - crypto: nx - Fix packed layout in struct nx842_crypto_header (Gustavo A R Silva) - crypto: atmel-sha204a - Fix uninitialized data access on OTP read error (Thorsten Blum) - crypto: atmel-sha204a - Fix potential UAF and memory leak in remove path (Thorsten Blum) - crypto: atmel-sha204a - Fix error codes in OTP reads (Thorsten Blum) - crypto: atmel-tdes - fix DMA sync direction (Thorsten Blum) - crypto: ccree - fix a memory leak in cc_mac_digest() (Haoxiang Li) - crypto: hisilicon - Fix dma_unmap_single() direction (Thomas Fourier) - crypto: atmel-ecc - Release client on allocation failure (Thorsten Blum) - crypto: atmel-aes - Fix 3-page memory leak in atmel_aes_buff_cleanup (Thorsten Blum) - crypto: arm64/aes - Fix 32-bit aes_mac_update() arg treated as 64-bit (Eric Biggers) - can: ucan: fix devres lifetime (Johan Hovold) - bus: mhi: host: pci_generic: Switch to async power up to avoid boot delays (Qiang Yu) - Bluetooth: hci_event: fix potential UAF in SSP passkey handlers (Shuvam Pandey) [Orabug: 39452304] {CVE-2026-46056} - apparmor: use target task's context in apparmor_getprocattr() (Cengiz Can) - mfd: core: Preserve OF node when ACPI handle is present (Brian Mak) - taskstats: set version in TGID exit notifications (Yiyang Chen) - tcp: call sk_data_ready() after listener migration (Zhenzhong Wu) [Orabug: 39452159] {CVE-2026-46015} - wifi: rtl8xxxu: fix potential use of uninitialized value (Yi Cong) - x86/cpu: Disable FRED when PTI is forced on (Dave Hansen) - inotify: fix watch count leak when fsnotify_add_inode_mark_locked() fails (Chia-Ming Chang) [Orabug: 39452250] {CVE-2026-46040} - HID: apple: ensure the keyboard backlight is off if suspending (Aditya Garg) - check-uapi: link into shared objects (Arnd Bergmann) - md/raid5: validate payload size before accessing journal metadata (Junrui Luo) [Orabug: 39452349] {CVE-2026-46070} - md/raid5: fix soft lockup in retry_aligned_read() (Chia-Ming Chang) [Orabug: 39452287] {CVE-2026-46051} - amdgpu/jpeg: fix deepsleep register for jpeg 5_0_0 and 5_0_2 (David (Ming Qiang) Wu) - mtd: spi-nor: sst: Fix write enable before AAI sequence (Sanjaikumar V S) - ext4: fix missing brelse() in ext4_xattr_inode_dec_ref_all() (Sohei Koyama) [Orabug: 39452269] {CVE-2026-46046} - ext4: fix bounds check in check_xattrs() to prevent out-of-bounds access (Deepanshu Kartikey) [Orabug: 39452442] {CVE-2026-46094} - perf annotate: Use jump__delete when freeing LoongArch jumps (Rong Bao) - io_uring/poll: fix multishot recv missing EOF on wakeup race (Jens Axboe) {CVE-2026-23473} - KVM: nSVM: Always intercept VMMCALL when L2 is active (Sean Christopherson) - KVM: nSVM: Raise #UD if unhandled VMMCALL isn't intercepted by L1 (Kevin Cheng) [Orabug: 39452372] {CVE-2026-46076} - KVM: nSVM: Add missing consistency check for nCR3 validity (Yosry Ahmed) - KVM: nSVM: Add missing consistency check for EFER, CR0, CR4, and CS (Yosry Ahmed) - KVM: nSVM: Clear tracking of L1->L2 NMI and soft IRQ on nested #VMEXIT (Yosry Ahmed) - KVM: nSVM: Clear EVENTINJ fields in vmcb12 on nested #VMEXIT (Yosry Ahmed) - KVM: nSVM: Clear GIF on nested #VMEXIT(INVALID) (Yosry Ahmed) - KVM: nSVM: Always inject a #GP if mapping VMCB12 fails on nested VMRUN (Yosry Ahmed) - KVM: nSVM: Use vcpu->arch.cr2 when updating vmcb12 on nested #VMEXIT (Yosry Ahmed) - KVM: nSVM: Ensure AVIC is inhibited when restoring a vCPU to guest mode (Yosry Ahmed) - KVM: SVM: Explicitly mark vmcb01 dirty after modifying VMCB intercepts (Sean Christopherson) - KVM: SVM: Inject #UD for INVLPGA if EFER.SVME=0 (Kevin Cheng) [Orabug: 39452394] {CVE-2026-46082} - KVM: nSVM: Sync interrupt shadow to cached vmcb12 after VMRUN of L2 (Yosry Ahmed) [Orabug: 39452061] {CVE-2026-45987} - KVM: nSVM: Sync NextRIP to cached vmcb12 after VMRUN of L2 (Yosry Ahmed) - KVM: nSVM: Mark all of vmcb02 dirty when restoring nested state (Yosry Ahmed) - KVM: x86: Defer non-architectural deliver of exception payload to userspace read (Sean Christopherson) - userfaultfd: allow registration of ranges below mmap_min_addr (Denis M. Karpov) - mm/damon/core: use time_in_range_open() for damos quota window start (Seongjae Park) - rtc: ntxec: fix OF node reference imbalance (Johan Hovold) - tpm: tpm_tis: stop transmit if retries are exhausted (Jacqueline Wong) - tpm: tpm_tis: add error logging for data transfer (Jacqueline Wong) - tpm: Use kfree_sensitive() to free auth session in tpm_dev_release() (Gunnar Kudrjavets) - tpm: Fix auth session leak in tpm2_get_random() error path (Gunnar Kudrjavets) - pwm: imx-tpm: Count the number of enabled channels in probe (Viorel Suman) - crypto: talitos - rename first/last to first_desc/last_desc (Paul Louvel) - crypto: talitos - fix SEC1 32k ahash request limitation (Paul Louvel) - firmware: google: framebuffer: Do not unregister platform device (Thomas Zimmermann) - xfs: fix a resource leak in xfs_alloc_buftarg() (Haoxiang Li) [Orabug: 39452131] {CVE-2026-46005} - arm64: dts: ti: am62-verdin: Enable pullup for eMMC data pins (Francesco Dolcini) - mmc: sdhci-of-dwcmshc: Disable clock before DLL configuration (Shawn Lin) - mmc: block: use single block write in retry (Bin Liu) - randomize_kstack: Maintain kstack_offset per task (Ryan Roberts) - hwmon: (pt5161l) Fix bugs in pt5161l_read_block_data() (Sanman Pradhan) - power: supply: axp288_charger: Do not cancel work before initializing it (Krzysztof Kozlowski) - LoongArch: Show CPU vulnerabilites correctly (Huacai Chen) - tpm: avoid -Wunused-but-set-variable (Arnd Bergmann) - extract-cert: Wrap key_pass with '#ifdef USE_PKCS11_ENGINE' (Nathan Chancellor) - libceph: Prevent potential null-ptr-deref in ceph_handle_auth_reply() (Raphael Zimmer) [Orabug: 39452201] {CVE-2026-46024} - ipv4: icmp: validate reply type before using icmp_pointers (Ruide Cao) [Orabug: 39452243] {CVE-2026-46037} - RDMA/rxe: Validate pad and ICRC before payload_size() in rxe_rcv (Hkbinbin) [Orabug: 39452259] {CVE-2026-46043} - drm/arcpgu: fix device node leak (Luca Ceresoli) - net: ks8851: Avoid excess softirq scheduling (Marek Vasut) - netconsole: avoid out-of-bounds access on empty string in trim_newline() (Breno Leitao) - net: ks8851: Reinstate disabling of BHs around IRQ handler (Marek Vasut) - net/smc: avoid early lgr access in smc_clc_wait_msg (Ruijie Li) - net: txgbe: fix firmware version check (Jiawen Wu) - net: qrtr: ns: Free the node during ctrl_cmd_bye() (Manivannan Sadhasivam) [Orabug: 39452246] {CVE-2026-46038} - arm64: dts: marvell: uDPU: add ethernet aliases (Robert Marko) - tools/accounting: handle truncated taskstats netlink messages (Yiyang Chen) - rxrpc: Fix rxkad crypto unalignment handling (David Howells) [Orabug: 39452728] {CVE-2026-46085} - rxrpc: Fix memory leaks in rxkad_verify_response() (David Howells) - iio: adc: ad7768-1: fix one-shot mode data acquisition (Jonathan Santos) - ALSA: pcmtest: Fix resource leaks in module init error paths (Cássio Gabriel) - ALSA: pcmtest: fix reference leak on failed device registration (Guangshuo Li) - ALSA: 6fire: Fix input volume change detection (Cássio Gabriel) - ALSA: caiaq: Handle probe errors properly (Takashi Iwai) [Orabug: 39452126] {CVE-2026-46004} - ALSA: caiaq: Fix control_put() result and cache rollback (Cássio Gabriel) - ALSA: core: Fix potential data race at fasync handling (Takashi Iwai) - io_uring/poll: ensure EPOLL_ONESHOT is propagated for EPOLL_URING_WAKE (Jens Axboe) - io_uring/poll: fix signed comparison in io_poll_get_ownership() (Longxuan Yu) - iio: adc: ti-ads7950: use iio_push_to_buffers_with_ts_unaligned() (David Lechner) - io_uring/timeout: check unused sqe fields (Pavel Begunkov) - block: fix zone write plugs refcount handling in disk_zone_wplug_schedule_bio_work() (Damien Le Moal) - rbd: fix null-ptr-deref when device_add_disk() fails (Dawei Feng) [Orabug: 39452385] {CVE-2026-46079} - selftests/landlock: Fix format warning for __u64 in net_test (Mickaël Salaün) - selftests/mqueue: Fix incorrectly named file (Simon Liebold) - sched: Use u64 for bandwidth ratio calculations (Joseph Salisbury) - remoteproc: xlnx: Only access buffer information if IPI is buffered (Ben Levinsky) - parisc: _llseek syscall is only available for 32-bit userspace (Helge Deller) - nvme: respect NVME_QUIRK_DISABLE_WRITE_ZEROES when wzsl is set (Robert Beckett) - nvme-pci: add NVME_QUIRK_DISABLE_WRITE_ZEROES for Kingston OM3SGP4 (Robert Beckett) - mtd: docg3: fix use-after-free in docg3_release() (James Kim) - mfd: stpmic1: Attempt system shutdown twice in case PMIC is confused (Marek Vasut) - md/raid10: fix deadlock with check operation and nowait requests (Josh Hunt) [Orabug: 39452284] {CVE-2026-46050} - jbd2: fix deadlock in jbd2_journal_cancel_revoke() (Zhang Yi) [Orabug: 39452318] {CVE-2026-46061} - erofs: fix the out-of-bounds nameoff handling for trailing dirents (Gao Xiang) [Orabug: 39452380] {CVE-2026-46078} - ALSA: seq_oss: return full count for successful SEQ_FULLSIZE writes (Cássio Gabriel) - ALSA: ctxfi: Add fallback to default RSR for S/PDIF (Harin Lee) [Orabug: 39452280] {CVE-2026-46049} - ALSA: aoa: i2sbus: fix OF node lifetime handling (Cássio Gabriel) - ext2: reject inodes with zero i_nlink and valid mode in ext2_iget() (Vasiliy Kovalev) [Orabug: 39452119] {CVE-2026-46002} - net: qrtr: ns: Fix use-after-free in driver remove() (Manivannan Sadhasivam) [Orabug: 39452274] {CVE-2026-46047} - media: i2c: imx219: Check return value of devm_gpiod_get_optional() in imx219_probe() (Chen Ni) - lib/ts_kmp: fix integer overflow in pattern length calculation (Josh Law) - PCI: epf-mhi: Return 0, not remaining timeout, when eDMA ops complete (Daniel Hodges) - Revert "ALSA: usb: Increase volume range that triggers a warning" (Rongrong) - PCI: endpoint: pci-epf-ntb: Remove duplicate resource teardown (Koichiro Den) - crypto: atmel-sha204a - Fix OTP sysfs read and error handling (Thorsten Blum) - media: mtk-jpeg: fix use-after-free in release path due to uncancelled work (Fan Wu) - net: strparser: fix skb_head leak in strp_abort_strp() (Luxiao Xu) [Orabug: 39452468] {CVE-2026-46102} - net: caif: clear client service pointer on teardown (Zhengchuan Liang) - ALSA: control: Validate buf_len before strnlen() in snd_ctl_elem_init_enum_names() (Ziqing Chen) [Orabug: 39452416] {CVE-2026-46088} - media: amphion: Fix race between m2m job_abort and device_run (Ming Qian) - hwmon: (powerz) Fix missing usb_kill_urb() on signal interrupt (Sanman Pradhan) - of: unittest: fix use-after-free in testdrv_probe() (Xu Wang) - of: unittest: fix use-after-free in of_unittest_changeset() (Xu Wang) - crypto: pcrypt - Fix handling of MAY_BACKLOG requests (Herbert Xu) [Orabug: 39410863] {CVE-2026-43493} - mm/memory_hotplug: fix hwpoisoned large folio handling in do_migrate_range() (Tu Jinjiang) - spi: ch341: fix memory leaks on probe failures (Johan Hovold) - spi: imx: fix use-after-free on unbind (Johan Hovold) - um: drivers: call kernel_strrchr() explicitly in cow_user.c (Michael Bommarito) - vfio/cdx: Fix NULL pointer dereference in interrupt trigger path (Prasanna Kumar T S M) - vfio/cdx: Serialize VFIO_DEVICE_SET_IRQS with a per-device mutex (Alex Williamson) - wifi: rtw88: check for PCI upstream bridge existence (Fedor Pchelkin) [Orabug: 39452437] {CVE-2026-46092} - zram: do not forget to endio for partial discard requests (Sergey Senozhatsky) [Orabug: 39452420] {CVE-2026-46089} - ocfs2: split transactions in dio completion to avoid credit exhaustion (Heming Zhao) [Orabug: 39452388] {CVE-2026-46080} - device property: Make modifications of fwnode "flags" thread safe (Douglas Anderson) - drm/amdgpu: Limit BO list entry count to prevent resource exhaustion (Jesse Zhang) [Orabug: 39167551] {CVE-2026-23468} - drm/amdgpu: Use vmemdup_array_user in amdgpu_bo_create_list_entry_array (Tvrtko Ursulin) - rust: init: fix clippy::undocumented_unsafe_blocks warnings (Miguel Ojeda) - padata: Remove comment for reorder_work (Herbert Xu) - padata: Fix pd UAF once and for all (Herbert Xu) [Orabug: 38335055] {CVE-2025-38584} - arm64/mm: Enable batched TLB flush in unmap_hotplug_range() (Anshuman Khandual) - firmware: google: framebuffer: Do not mark framebuffer as busy (Thomas Zimmermann) - kbuild: rust: allow clippy::uninlined_format_args (Miguel Ojeda) - drm/nouveau: fix nvkm_device leak on aperture removal failure (David Carlier) - ibmasm: fix heap over-read in ibmasm_send_i2o_message() (Tyllis Xu) - ibmasm: fix OOB reads in command_file_write due to missing size checks (Tyllis Xu) - misc: ibmasm: fix OOB MMIO read in ibmasm_handle_mouse_interrupt() (Tyllis Xu) - greybus: gb-beagleplay: fix sleep in atomic context in hdlc_tx_frames() (Weigang He) - greybus: gb-beagleplay: bound bootloader receive buffering (Pengpeng Hou) - leds: qcom-lpg: Check for array overflow when selecting the high resolution (Greg Kroah-Hartman) - drm/nouveau: fix u32 overflow in pushbuf reloc bounds check (Greg Kroah-Hartman) [Orabug: 39452133] {CVE-2026-46006} - LoongArch: Add spectre boundry for syscall dispatch table (Greg Kroah-Hartman) - ALSA: usb-audio: Evaluate packsize caps at the right place (Takashi Iwai) - usb: chipidea: core: allow ci_irq_handler() handle both ID and VBUS change (Xu Yang) - usb: chipidea: otg: not wait vbus drop if use role_switch (Xu Yang) - usb: xhci: Make usb_host_endpoint.hcpriv survive endpoint_disable() (Michał Pecio) - ALSA: usb-audio: Fix Audio Advantage Micro II SPDIF switch (Cássio Gabriel) - ALSA: usb-audio: Avoid false E-MU sample-rate notifications (Cássio Gabriel) - ALSA: usb-audio: stop parsing UAC2 rates at MAX_NR_RATES (Cássio Gabriel) [Orabug: 39452170] {CVE-2026-46018} - LTS version: v6.12.85 (Sherry Yang) - Buffer overflow in drivers/xen/sys-hypervisor.c (Juergen Gross) [Orabug: 39305898] {CVE-2026-31786} - xen/privcmd: fix double free via VMA splitting (Juergen Gross) [Orabug: 39305908] {CVE-2026-31787} - LTS version: v6.12.84 (Sherry Yang) - rxrpc: Fix missing validation of ticket length in non-XDR key preparsing (Anderson Nascimento) [Orabug: 39300563] {CVE-2026-31696} - crypto: ccp: Don't attempt to copy ID to userspace if PSP command failed (Sean Christopherson) {CVE-2026-31697} - crypto: ccp: Don't attempt to copy PDH cert to userspace if PSP command failed (Sean Christopherson) {CVE-2026-31698} - crypto: ccp: Don't attempt to copy CSR to userspace if PSP command failed (Sean Christopherson) {CVE-2026-31699} - net/packet: fix TOCTOU race on mmap'd vnet_hdr in tpacket_snd() (Bingquan Chen) {CVE-2026-31700} - ALSA: caiaq: take a reference on the USB device in create_card() (Berk Cem Goksel) [Orabug: 39300586] {CVE-2026-31701} - ALSA: usb-audio: apply quirk for MOONDROP JU Jiu (Cryolitia Pukngae) - f2fs: fix use-after-free of sbi in f2fs_compress_write_end_io() (George Saad) - ksmbd: use check_add_overflow() to prevent u16 DACL size overflow (Tristan Madani) - ksmbd: fix out-of-bounds write in smb2_get_ea() EA alignment (Tristan Madani) - ksmbd: validate num_aces and harden ACE walk in smb_inherit_dacl() (Michael Bommarito) - ksmbd: validate response sizes in ipc_validate_msg() (Michael Bommarito) - smb: client: fix OOB read in smb2_ioctl_query_info QUERY_INFO path (Michael Bommarito) [Orabug: 39300607] {CVE-2026-31708} - smb: client: require a full NFS mode SID before reading mode bits (Michael Bommarito) [Orabug: 39343707] {CVE-2026-43350} - smb: server: fix max_connections off-by-one in tcp accept path (Daemyung Kang) - smb: server: fix active_num_conn leak on transport allocation failure (Michael Bommarito) - ksmbd: require minimum ACE size in smb_check_perm_dacl() (Michael Bommarito) - fuse: quiet down complaints in fuse_conn_limit_write (Darrick J. Wong) - fuse: Check for large folio with SPLICE_F_MOVE (Bernd Schubert) - fuse: reject oversized dirents in page cache (Samuel Page) [Orabug: 39300556] {CVE-2026-31694} - f2fs: fix to avoid memory leak in f2fs_rename() (Chao Yu) - fs/ntfs3: validate rec->used in journal-replay file record check (Greg Kroah-Hartman) - scripts/dtc: Remove unused dts_version in dtc-lexer.l (Nathan Chancellor) - ksmbd: fix use-after-free in __ksmbd_close_fd() via durable scavenger (Namjae Jeon) - mm/pagewalk: fix race between concurrent split and refault (Max Boone) [Orabug: 39250782] {CVE-2026-31456} - scripts: generate_rust_analyzer.py: define scripts (Tamir Duberstein) - drm/amdgpu: replace PASID IDR with XArray (Mikhail Gavrilov) - net: ethernet: mtk_eth_soc: initialize PPE per-tag-layer MTU registers (Daniel Golle) - rust: warn on bindgen < 0.69.5 and libclang >= 19.1 (Miguel Ojeda) - wifi: mac80211: always free skb on ieee80211_tx_prepare_skb() failure (Felix Fietkau) [Orabug: 39167472] {CVE-2026-23444} - ima: do not copy measurement list to kdump kernel (Steven Chen) - ima: verify if the segment size has changed (Steven Chen) - PCI: endpoint: pci-epf-vntb: Remove duplicate resource teardown (Koichiro Den) - mm/userfaultfd: fix hugetlb fault mutex hash calculation (Jianhui Zhou) [Orabug: 39273453] {CVE-2026-31575} - LTS version: v6.12.83 (Sherry Yang) - ipv6: add NULL checks for idev in SRv6 paths (Heminhong) [Orabug: 39167467] {CVE-2026-23442} - PCI: Fix placement of pci_save_state() in pci_bus_add_device() (Lukas Wunner) - rxrpc: Fix key quota calculation for multitoken keys (David Howells) - ocfs2: fix out-of-bounds write in ocfs2_write_end_inline (Joseph Qi) [Orabug: 39331090] {CVE-2026-43075} - ocfs2: validate inline data i_size during inode read (Deepanshu Kartikey) [Orabug: 39331097] {CVE-2026-43076} - ocfs2: add inline inode consistency check to ocfs2_validate_inode_block() (Dmitry Antipov) - media: hackrf: fix to not free memory after the device is registered in hackrf_probe() (Jeongjun Park) - media: vidtv: fix pass-by-value structs causing MSAN warnings (Abd-Alrhman Masalkhi) - nilfs2: fix NULL i_assoc_inode dereference in nilfs_mdt_save_to_shadow_map (Deepanshu Kartikey) - media: as102: fix to not free memory after the device is registered in as102_usb_probe() (Jeongjun Park) [Orabug: 39273467] {CVE-2026-31578} - bcache: fix cached_dev.sb_bio use-after-free and crash (Mingzhe Zou) [Orabug: 39273481] {CVE-2026-31580} - ALSA: 6fire: fix use-after-free on disconnect (Berk Cem Goksel) [Orabug: 39273486] {CVE-2026-31581} - hwmon: (powerz) Fix use-after-free on USB disconnect (Sanman Pradhan) - media: em28xx: fix use-after-free in em28xx_v4l2_open() (Abhishek Kumar) [Orabug: 39273493] {CVE-2026-31583} - media: mediatek: vcodec: fix use-after-free in encoder release path (Fan Wu) - media: vidtv: fix nfeeds state corruption on start_streaming failure (Ruslan Valiyev) - mm: blk-cgroup: fix use-after-free in cgwb_release_workfn() (Breno Leitao) [Orabug: 39273507] {CVE-2026-31586} - mm/kasan: fix double free for kasan pXds (Ritesh Harjani) - ASoC: qcom: q6apm: move component registration to unmanaged version (Srinivas Kandagatla) - KVM: x86: Use scratch field in MMIO fragment to hold small write values (Sean Christopherson) [Orabug: 39273521] {CVE-2026-31588} - x86-64/arm64/powerpc: clean up and rename __copy_from_user_flushcache (Linus Torvalds) - x86: rename and clean up __copy_from_user_inatomic_nocache() (Linus Torvalds) - x86-64: rename misleadingly named '__copy_user_nocache()' function (Linus Torvalds) [Orabug: 39323162] {CVE-2026-43073} - checkpatch: add support for Assisted-by tag (Sasha Levin) - KVM: x86: Use __DECLARE_FLEX_ARRAY() for UAPI structures with VLAs (David Woodhouse) - KVM: Remove subtle "struct kvm_stats_desc" pseudo-overlay (Sean Christopherson) - kernel: be more careful about dup_mmap() failures and uprobe registering (Liam R. Howlett) {CVE-2025-21709} - net: sched: fix TCF_LAYER_TRANSPORT handling in tcf_get_base_ptr() (Eric Dumazet) - gpiolib: fix race condition for gdev->srcu (Paweł Narewski) [Orabug: 38887677] {CVE-2026-22986} - gpiolib: unify two loops initializing GPIO descriptors (Bartosz Golaszewski) - KVM: SEV: Drop WARN on large size for KVM_MEMORY_ENCRYPT_REG_REGION (Sean Christopherson) [Orabug: 39273529] {CVE-2026-31590} - KVM: SEV: Disallow LAUNCH_FINISH if vCPUs are actively being created (Sean Christopherson) - KVM: SEV: Reject attempts to sync VMSA of an already-launched/encrypted vCPU (Sean Christopherson) [Orabug: 39273553] {CVE-2026-31593} - PCI: endpoint: pci-epf-vntb: Stop cmd_handler work in epf_ntb_epc_cleanup (Koichiro Den) - ocfs2: handle invalid dinode in ocfs2_group_extend (Zhengyuan Huang) [Orabug: 39273569] {CVE-2026-31596} - ocfs2: fix use-after-free in ocfs2_fault() when VM_FAULT_RETRY (Tejas Bharambe) [Orabug: 39273578] {CVE-2026-31597} - ocfs2: fix possible deadlock between unlink and dio_end_io_write (Joseph Qi) [Orabug: 39273586] {CVE-2026-31598} - media: vidtv: fix NULL pointer dereference in vidtv_channel_pmt_match_sections (Ruslan Valiyev) - dcache: Limit the minimal number of bucket to two (Zhihao Cheng) [Orabug: 39323133] {CVE-2026-43071} - ALSA: ctxfi: Limit PTP to a single page (Harin Lee) [Orabug: 39273608] {CVE-2026-31602} - Docs/admin-guide/mm/damon/reclaim: warn commit_inputs vs param updates race (Seongjae Park) - USB: serial: option: add Telit Cinterion FN990A MBIM composition (Fabio Porcedda) - staging: sm750fb: fix division by zero in ps_to_hz() (Junrui Luo) - wifi: rtw88: fix device leak on probe failure (Johan Hovold) [Orabug: 39273620] {CVE-2026-31604} - scripts: generate_rust_analyzer.py: avoid FD leak (Tamir Duberstein) - fbdev: udlfb: avoid divide-by-zero on FBIOPUT_VSCREENINFO (Greg Kroah-Hartman) - usb: port: add delay after usb_hub_set_port_power() (Xu Yang) - usb: gadget: f_hid: don't call cdev_init while cdev in use (Michael Zimmermann) - USB: cdc-acm: Add quirks for Yoga Book 9 14IAH10 INGENIC touchscreen (Dave Carey) - usb: storage: Expand range of matched versions for VL817 quirks entry (Daniel Brát) - usbip: validate number_of_packets in usbip_pack_ret_submit() (Nathan Rebello) [Orabug: 39273631] {CVE-2026-31607} - ksmbd: fix mechToken leak when SPNEGO decode fails after token alloc (Greg Kroah-Hartman) - ksmbd: require 3 sub-authorities before reading sub_auth[2] (Greg Kroah-Hartman) - ksmbd: validate EaNameLength in smb2_get_ea() (Greg Kroah-Hartman) - smb: client: fix off-by-8 bounds check in check_wsl_eas() (Greg Kroah-Hartman) [Orabug: 39273654] {CVE-2026-31614} - usb: gadget: renesas_usb3: validate endpoint index in standard request handlers (Greg Kroah-Hartman) - usb: gadget: f_phonet: fix skb frags[] overflow in pn_rx_complete() (Greg Kroah-Hartman) - usb: gadget: f_ncm: validate minimum block_len in ncm_unwrap_ntb() (Greg Kroah-Hartman) - fbdev: tdfxfb: avoid divide-by-zero on FBIOPUT_VSCREENINFO (Greg Kroah-Hartman) - ALSA: fireworks: bound device-supplied status before string array lookup (Greg Kroah-Hartman) - drm/vc4: platform_get_irq_byname() returns an int (Greg Kroah-Hartman) [Orabug: 39323149] {CVE-2026-43072} - NFC: digital: Bounds check NFC-A cascade depth in SDD response handler (Greg Kroah-Hartman) - net: usb: cdc-phonet: fix skb frags[] overflow in rx_complete() (Greg Kroah-Hartman) - HID: core: clamp report_size in s32ton() to avoid undefined shift (Greg Kroah-Hartman) [Orabug: 39273696] {CVE-2026-31624} - HID: alps: fix NULL pointer dereference in alps_raw_event() (Greg Kroah-Hartman) [Orabug: 39273704] {CVE-2026-31625} - staging: rtl8723bs: initialize le_tmp64 in rtw_BIP_verify() (Lin Yu Chen) - i2c: s3c24xx: check the size of the SMBUS message before using it (Greg Kroah-Hartman) - can: raw: fix ro->uniq use-after-free in raw_rcv() (Samuel Page) [Orabug: 39273446] {CVE-2026-31532} - nfc: llcp: add missing return after LLCP_CLOSED checks (Junxi Qian) - idpf: fix PREEMPT_RT raw/bh spinlock nesting for async VC handling (Emil Tantilov) [Orabug: 39262348] {CVE-2026-31647} - ALSA: usb-audio: Improve Focusrite sample rate filtering (Geoffrey D. Bennett) - thermal: core: Address thermal zone removal races with resume (Rafael J. Wysocki) [Orabug: 39300675] {CVE-2026-31731} - thermal: core: Mark thermal zones as exiting before unregistration (Rafael J. Wysocki) - netfilter: conntrack: add missing netlink policy validations (Florian Westphal) [Orabug: 39171449] {CVE-2026-31407} - crypto: algif_aead - Fix minimum RX size check for decryption (Herbert Xu) [Orabug: 39331103] {CVE-2026-43077} - perf/x86/intel/uncore: Skip discovery table for offline dies (Zide Chen) [Orabug: 39331114] {CVE-2026-43079} - crypto: af_alg - limit RX SG extraction by receive buffer budget (Douya Le) [Orabug: 39263372] {CVE-2026-31677} - gpio: tegra: fix irq_release_resources calling enable instead of disable (Samasth Norway Ananda) - l2tp: Drop large packets with UDP encap (Alice Mikityanska) [Orabug: 39331124] {CVE-2026-43080} - net: ipa: fix event ring index not programmed for IPA v5.0+ (Alexander Koskovich) - net: ipa: fix GENERIC_CMD register field masks for IPA v5.0+ (Alexander Koskovich) - af_unix: read UNIX_DIAG_VFS data under unix_state_lock (Jiexun Wang) [Orabug: 39263355] {CVE-2026-31673} - net: txgbe: leave space for null terminators on property_entry (Fabio Baltieri) - netfilter: ip6t_eui64: reject invalid MAC header for all packets (Zhengchuan Liang) [Orabug: 39263405] {CVE-2026-31685} - netfilter: xt_multiport: validate range encoding in checkentry (Ao Zhou) [Orabug: 39263387] {CVE-2026-31681} - netfilter: nfnetlink_log: initialize nfgenmsg in NLMSG_DONE terminator (Xiang Mei) [Orabug: 39331144] {CVE-2026-43085} - ipvs: fix NULL deref in ip_vs_add_service error path (Weiming Shi) [Orabug: 39331151] {CVE-2026-43086} - selftests: net: bridge_vlan_mcast: wait for h1 before querier check (Daniel Golle) - xfrm_user: fix info leak in build_mapping() (Greg Kroah-Hartman) [Orabug: 39331162] {CVE-2026-43089} - xfrm: fix refcount leak in xfrm_migrate_policy_find (Kotlyarov Mihail) [Orabug: 39331168] {CVE-2026-43090} - xfrm: Wait for RCU readers during policy netns exit (Steffen Klassert) [Orabug: 39331170] {CVE-2026-43091} - xsk: validate MTU against usable frame size on bind (Maciej Fijalkowski) [Orabug: 39331178] {CVE-2026-43092} - xsk: fix XDP_UMEM_SG_FLAG issues (Maciej Fijalkowski) - xsk: respect tailroom for ZC setups (Maciej Fijalkowski) - xsk: tighten UMEM headroom validation to account for tailroom and min frame (Maciej Fijalkowski) [Orabug: 39331180] {CVE-2026-43093} - e1000: check return value of e1000_read_eeprom (Agalakov Daniil) - ixgbevf: add missing negotiate_features op to Hyper-V ops table (Michal Schmidt) [Orabug: 39331185] {CVE-2026-43094} - tracing/probe: reject non-closed empty immediate strings (Pengpeng Hou) - dt-bindings: net: Fix Tegra234 MGBE PTP clock (Jonathan Hunter) - net: stmmac: Fix PTP ref clock for Tegra234 (Jonathan Hunter) - nfc: s3fwrn5: allocate rx skb before consuming bytes (Pengpeng Hou) - net: increase IP_TUNNEL_RECURSION_LIMIT to 5 (Chris J Arges) - ipv4: icmp: fix null-ptr-deref in icmp_build_probe() (Yiqi Sun) [Orabug: 39331197] {CVE-2026-43099} - ipv4: nexthop: allocate skb dynamically in rtm_get_nexthop() (Fernando Fernandez Mancera) [Orabug: 39257881] {CVE-2026-31531} - ipv4: nexthop: avoid duplicate NHA_HW_STATS_ENABLE on nexthop group dump (Fernando Fernandez Mancera) - net: lapbether: handle NETDEV_PRE_TYPE_CHANGE (Eric Dumazet) - net: sched: act_csum: validate nested VLAN headers (Ruide Cao) [Orabug: 39263400] {CVE-2026-31684} - eventpoll: defer struct eventpoll free to RCU grace period (Nicholas Carlini) [Orabug: 39331087] {CVE-2026-43074} - drm/vc4: Protect madv read in vc4_gem_object_mmap() with madv_lock (Maíra Canal) - drm/vc4: Fix a memory leak in hang state error path (Maíra Canal) [Orabug: 39331211] {CVE-2026-43104} - drm/vc4: Fix memory leak of BO array in hang state (Maíra Canal) [Orabug: 39331215] {CVE-2026-43105} - drm/vc4: Release runtime PM reference after binding V3D (Maíra Canal) - xfrm: account XFRMA_IF_ID in aevent size calculation (Keenan Dong) [Orabug: 39331223] {CVE-2026-43107} - HID: amd_sfh: don't log error when device discovery fails with -EOPNOTSUPP (Maximilian Pezzullo) - PCI: hv: Set default NUMA node to 0 for devices without affinity info (Long Li) - tools/power/turbostat: Fix microcode patch level output for AMD/Hygon (Serhii Pievniev) - soc: qcom: pd-mapper: Fix element length in servreg_loc_pfr_req_ei (Mukesh Ojha) - arm64: dts: imx93-tqma9352: improve eMMC pad configuration (Markus Niebel) - arm64: dts: imx93-9x9-qsb: change usdhc tuning step for eMMC and SD (Luke Wang) - arm64: dts: imx8mq: Set the correct gpu_ahb clock frequency (Sebastian Krzyszkowiak) - arm64: dts: qcom: hamoa/x1: fix idle exit latency (Daniel J Blueman) - soc: aspeed: socinfo: Mask table entries for accurate SoC ID matching (Potin Lai) - ASoC: stm32_sai: fix incorrect BCLK polarity for DSP_A/B, LEFT_J (Tomasz Merta) - net: sfp: add quirks for Hisense and HSGQ GPON ONT SFP modules (John Pavlick) - wifi: brcmfmac: validate bsscfg indices in IF events (Pengpeng Hou) [Orabug: 39331236] {CVE-2026-43110} - ata: ahci: force 32-bit DMA for JMicron JMB582/JMB585 (Arthur Husband) - HID: roccat: fix use-after-free in roccat_report_event (Benoît Sevens) [Orabug: 39331243] {CVE-2026-43111} - ALSA: hda/realtek: Add quirk for Lenovo Yoga Pro 7 14IAH10 (Songxiebing) - HID: quirks: add HID_QUIRK_ALWAYS_POLL for 8BitDo Pro 3 (Leo Vriska) - platform/x86/amd: pmc: Add Thinkpad L14 Gen3 to quirk_s2idle_bug (Mario Limonciello) - pinctrl: intel: Fix the revision for new features (1kOhm PD, HW debouncer) (Andy Shevchenko) - ALSA: hda/realtek: Add quirk for Lenovo Yoga Pro 7 14IMH9 (Alexander Savenko) - ASoC: amd: yc: Add DMI entry for HP Laptop 15-fc0xxx (Gilson Marquato Júnior) - fs/smb/client: fix out-of-bounds read in cifs_sanitize_prepath (Fredric Cover) [Orabug: 39331248] {CVE-2026-43112} - ALSA: usb-audio: Fix quirk flags for NeuralDSP Quad Cortex (Phil Willoughby) - ALSA: hda/realtek: Add quirk for Samsung Book2 Pro 360 (NP950QED) (Takashi Iwai) - ASoC: soc-core: call missing INIT_LIST_HEAD() for card_aux_list (Kuninori Morimoto) - wifi: wl1251: validate packet IDs before indexing tx_frames (Pengpeng Hou) [Orabug: 39331253] {CVE-2026-43113} - ALSA: hda/realtek: add quirk for Framework F111:000F (Dustin L. Howett) - netfilter: nft_set_pipapo_avx2: don't return non-matching entry on expiry (Florian Westphal) {CVE-2026-43114} - drm/amdgpu: Handle GPU page faults correctly on non-4K page systems (Donet Tom) - ALSA: hda/realtek: Add mute LED quirk for HP Pavilion 15-eg0xxx (César Montoya) - btrfs: tracepoints: get correct superblock from dentry in event btrfs_sync_file() (Goldwyn Rodrigues) [Orabug: 39331279] {CVE-2026-43117} - platform/x86: asus-nb-wmi: add DMI quirk for ASUS ROG Flow Z13-KJP GZ302EAC (Matthew Schwartz) - can: mcp251x: add error handling for power enable in open and resume (Wenyuan Li) - ASoC: SOF: topology: reject invalid vendor array size in token parser (Cássio Gabriel) - ASoC: amd: yc: Add DMI quirk for Thin A15 B7VF (Zhang Heng) - Bluetooth: hci_sync: annotate data-races around hdev->req_status (Cen Zhang) [Orabug: 39331291] {CVE-2026-43119} - ALSA: asihpi: avoid write overflow check warning (Arnd Bergmann) - media: rkvdec: reduce stack usage in rkvdec_init_v4l2_vp9_count_tbl() (Arnd Bergmann) - ALSA: hda/realtek: Add quirk for ASUS ROG Flow Z13-KJP GZ302EAC (Matthew Schwartz) - ALSA: hda/realtek: Add HP ENVY Laptop 13-ba0xxx quirk (Andrii Kovalchuk) - ASoC: amd: yc: Add DMI quirk for ASUS EXPERTBOOK BM1403CDA (Vee Satayamas) - RDMA/irdma: Fix double free related to rereg_user_mr (Jacob Moroni) [Orabug: 39331295] {CVE-2026-43120} - LTS version: v6.12.82 (Sherry Yang) - ALSA: hda/hdmi: Add quirk for TUXEDO IBS14G6 (Aaron Erhardt) - net: skb: fix cross-cache free of KFENCE-allocated skb head (Jiayuan Chen) [Orabug: 39238726] {CVE-2026-31429} - rxrpc: Fix missing error checks for rxkad encryption/decryption failure (David Howells) - rxrpc: Fix key/keyring checks in setsockopt(RXRPC_SECURITY_KEY/KEYRING) (David Howells) - rxrpc: fix reference count leak in rxrpc_server_keyring() (Luxiao Xu) [Orabug: 39262320] {CVE-2026-31634} - rxrpc: reject undecryptable rxkad response tickets (Yuqi Xu) - rxrpc: Only put the call ref if one was acquired (Douya Le) [Orabug: 39262331] {CVE-2026-31638} - rxrpc: Fix key reference count leak from call->key (Anderson Nascimento) [Orabug: 39262333] {CVE-2026-31639} - rxrpc: Fix call removal to use RCU safe deletion (David Howells) [Orabug: 39262337] {CVE-2026-31642} - rxrpc: Fix anonymous key handling (David Howells) - net: lan966x: fix use-after-free and leak in lan966x_fdma_reload() (David Carlier) - net: lan966x: fix page pool leak in error paths (David Carlier) - net: lan966x: fix page_pool error handling in lan966x_fdma_rx_alloc_page_pool() (David Carlier) - idpf: set the payload size before calling the async handler (Emil Tantilov) - idpf: improve locking around idpf_vc_xn_push_free() (Emil Tantilov) - mm: filemap: fix nr_pages calculation overflow in filemap_map_pages() (Baolin Wang) [Orabug: 39262350] {CVE-2026-31648} - net: stmmac: fix integer underflow in chain mode (Tyllis Xu) [Orabug: 39262352] {CVE-2026-31649} - net: qualcomm: qca_uart: report the consumed byte on RX skb allocation failure (Pengpeng Hou) - mmc: vub300: fix NULL-deref on disconnect (Johan Hovold) [Orabug: 39262358] {CVE-2026-31651} - pmdomain: imx8mp-blk-ctrl: Keep the NOC_HDCP clock enabled (Jacky Bai) - net/mlx5: Update the list of the PCI supported devices (Michael Guralnik) - drm/i915/psr: Do not use pipe_src as borders for SU area (Jouni Högander) - drm/i915/gt: fix refcount underflow in intel_engine_park_heartbeat (Sebastian Brzezinka) [Orabug: 39262370] {CVE-2026-31656} - batman-adv: hold claim backbone gateways by reference (Haoze Xie) [Orabug: 39262373] {CVE-2026-31657} - net: altera-tse: fix skb leak on DMA mapping error in tse_start_xmit() (David Carlier) [Orabug: 39262377] {CVE-2026-31658} - net/tls: fix use-after-free in -EBUSY error path of tls_do_encryption (M A Ramdhan) [Orabug: 39257890] {CVE-2026-31533} - EDAC/mc: Fix error path ordering in edac_mc_alloc() (Borislav Petkov) [Orabug: 39273747] {CVE-2026-31689} - X.509: Fix out-of-bounds access when parsing extensions (Lukas Wunner) [Orabug: 39238730] {CVE-2026-31430} - batman-adv: reject oversized global TT response buffers (Ruide Cao) [Orabug: 39262381] {CVE-2026-31659} - nfc: pn533: allocate rx skb before consuming bytes (Pengpeng Hou) - arm64: dts: hisilicon: hi3798cv200: Add missing dma-ranges (Shawn Guo) - arm64: dts: hisilicon: poplar: Correct PCIe reset GPIO polarity (Shawn Guo) - arm64: dts: imx8mq-librem5: Bump BUCK1 suspend voltage up to 0.85V (Sebastian Krzyszkowiak) - Revert "arm64: dts: imx8mq-librem5: Set the DVS voltages lower" (Sebastian Krzyszkowiak) - platform/x86/intel-uncore-freq: Handle autonomous UFS status bit (Srinivas Pandruvada) - wifi: brcmsmac: Fix dma_free_coherent() size (Thomas Fourier) [Orabug: 39262389] {CVE-2026-31661} - tipc: fix bc_ackers underflow on duplicate GRP_ACK_MSG (Oleh Konko) [Orabug: 39262393] {CVE-2026-31662} - xfrm: clear trailing padding in build_polexpire() (Yasuaki Torimaru) [Orabug: 39262401] {CVE-2026-31664} - workqueue: Add pool_workqueue to pending_pwqs list when unplugging multiple inactive works (Matthew Brost) - netfilter: nft_ct: fix use-after-free in timeout object destroy (Tuan Do) [Orabug: 39262406] {CVE-2026-31665} - LoongArch: Handle percpu handler address for ORC unwinder (Tiezhu Yang) - LoongArch: Remove unnecessary checks for ORC unwinder (Tiezhu Yang) - net: annotate data-races around sk->sk_{data_ready,write_space} (Eric Dumazet) [Orabug: 39130795] {CVE-2026-23302} - Revert "mptcp: add needs_id for netlink appending addr" (Matthieu Baerts) - sched_ext: Fix stale direct dispatch state in ddsp_dsq_id (Andrea Righi) [Orabug: 39300679] {CVE-2026-31733} - misc: fastrpc: check qcom_scm_assign_mem() return in rpmsg_probe (Xingjing Deng) - arm64: dts: renesas: white-hawk-cpu-common: Add pin control for DSI-eDP IRQ (Geert Uytterhoeven) - nfc: nci: complete pending data exchange on device close (Jakub Kicinski) - blktrace: fix __this_cpu_read/write in preemptible context (Chaitanya Kulkarni) [Orabug: 39131032] {CVE-2026-23374} - btrfs: fix incorrect return value after changing leaf in lookup_extent_data_ref() (Robbie Ko) [Orabug: 39262410] {CVE-2026-31666} - btrfs: remove pointless out labels from extent-tree.c (Filipe Manana) - btrfs: remove unused flag EXTENT_BUFFER_CORRUPT (Daniel Vacek) - btrfs: remove unused flag EXTENT_BUFFER_READAHEAD (Daniel Vacek) - btrfs: split waiting from read_extent_buffer_pages(), drop parameter wait (David Sterba) - btrfs: remove unused define WAIT_PAGE_LOCK for extent io (David Sterba) - btrfs: make wait_on_extent_buffer_writeback() static inline (David Sterba) - ASoC: simple-card-utils: Don't use __free(device_node) at graph_util_parse_dai() (Kuninori Morimoto) - MIPS: mm: Rewrite TLB uniquification for the hidden bit feature (Maciej W. Rozycki) - MIPS: mm: Suppress TLB uniquification on EHINV hardware (Maciej W. Rozycki) - MIPS: Always record SEGBITS in cpu_data.vmbits (Maciej W. Rozycki) - Input: uinput - take event lock when submitting FF request "event" (Dmitry Torokhov) - Input: uinput - fix circular locking dependency with ff-core (Mikhail Gavrilov) [Orabug: 39262412] {CVE-2026-31667} - seg6: separate dst_cache for input and output paths in seg6 lwtunnel (Andrea Mayer) [Orabug: 39262416] {CVE-2026-31668} - mptcp: fix slab-use-after-free in __inet_lookup_established (Jiayuan Chen) [Orabug: 39262421] {CVE-2026-31669} - net: rfkill: prevent unlimited numbers of rfkill events from being created (Greg Kroah-Hartman) [Orabug: 39262424] {CVE-2026-31670} - xfrm_user: fix info leak in build_report() (Greg Kroah-Hartman) [Orabug: 39262428] {CVE-2026-31671} - wifi: rt2x00usb: fix devres lifetime (Johan Hovold) [Orabug: 39262432] {CVE-2026-31672} - usb: typec: ucsi: skip connector validation before init (Nathan Rebello) - lib/crypto: chacha: Zeroize permuted_state before it leaves scope (Eric Biggers) [Orabug: 39343666] {CVE-2026-43336} - LTS version: v6.12.81 (Sherry Yang) - selftests/bpf: test refining u32/s32 bounds when ranges cross min/max boundary (Eduard Zingerman) - bpf: Fix u32/s32 bounds when ranges cross min/max boundary (Eduard Zingerman) - bpf: Add third round of bounds deduction (Paul Chaignon) - selftests/bpf: Test invariants on JSLT crossing sign (Paul Chaignon) - selftests/bpf: Test cross-sign 64bits range refinement (Paul Chaignon) - bpf: Improve bounds when s64 crosses sign boundary (Paul Chaignon) - drm/amd/display: Correct logic check error for fastboot (Charlene Liu) - drm/amd: Disable ASPM on SI (Timur Kristóf) - drm/amd/display: Disable scaling on DCE6 for now (Timur Kristóf) - drm/amd/display: Adjust DCE 8-10 clock, don't overclock by 15% (Timur Kristóf) - drm/amd/display: Fix DCE 6.0 and 6.4 PLL programming. (Timur Kristóf) - drm/amd/display: Keep PLL0 running on DCE 6.0 and 6.4 (Timur Kristóf) - drm/amd/display: Disable fastboot on DCE 6 too (Timur Kristóf) - drm/amd/amdgpu: disable ASPM in some situations (Kenneth Feng) - drm/amd/amdgpu: decouple ASPM with pcie dpm (Kenneth Feng) - x86/CPU/AMD: Add additional fixed RDSEED microcode revisions (Mario Limonciello) - MPTCP: fix lock class name family in pm_nl_create_listen_socket (Li Xiasong) - s390/cpum_sf: Cap sampling rate to prevent lsctl exception (Thomas Richter) - s390/perf_cpum_sf: Convert to use try_cmpxchg128() (Heiko Carstens) - ext4: publish jinode after initialization (Li Chen) [Orabug: 39250748] {CVE-2026-31450} - drm/amd/pm: disable OD_FAN_CURVE if temp or pwm range invalid for smu v13 (Yang Wang) - mm/memory: fix PMD/PUD checks in follow_pfnmap_start() (David Hildenbrand) - mm: replace READ_ONCE() with standard page table accessors (Anshuman Khandual) - mm/huge_memory: fix folio isn't locked in softleaf_to_folio() (Tu Jinjiang) {CVE-2026-31466} - x86/fred: Fix early boot failures on SEV-ES/SNP guests (Nikunj A Dadhania) - scsi: target: tcm_loop: Drain commands in target_reset handler (Josef Bacik) [Orabug: 39300989] {CVE-2026-43054} - net: mana: fix use-after-free in add_adev() error path (Guangshuo Li) [Orabug: 39302308] {CVE-2026-43056} - net: correctly handle tunneled traffic on IPV6_CSUM GSO fallback (Willem de Bruijn) [Orabug: 39302311] {CVE-2026-43057} - spi: cadence-qspi: Fix exec_mem_op error handling (Emanuele Ghidoli) - wifi: virt_wifi: remove SET_NETDEV_DEV to avoid use-after-free (Alexander Popov) - usb: gadget: f_uac1_legacy: validate control request size (Taegu Ha) - usb: gadget: f_hid: move list and spinlock inits from bind to alloc (Michael Zimmermann) - usb: gadget: f_rndis: Fix net_device lifecycle with device_move (Kuen-Han Tsai) - usb: gadget: f_subset: Fix net_device lifecycle with device_move (Kuen-Han Tsai) - usb: gadget: f_eem: Fix net_device lifecycle with device_move (Kuen-Han Tsai) - usb: gadget: f_ecm: Fix net_device lifecycle with device_move (Kuen-Han Tsai) - usb: gadget: f_rndis: Protect RNDIS options with mutex (Kuen-Han Tsai) - usb: gadget: f_subset: Fix unbalanced refcnt in geth_free (Kuen-Han Tsai) - usb: gadget: uvc: fix NULL pointer dereference during unbind race (Jimmy Hu) - usb: gadget: u_ether: Fix NULL pointer deref in eth_get_drvinfo (Kuen-Han Tsai) - usb: gadget: u_ether: Fix race between gether_disconnect and eth_stop (Kuen-Han Tsai) - btrfs: do not free data reservation in fallback from inline due to -ENOSPC (Filipe Manana) [Orabug: 39103088] {CVE-2025-71269} - btrfs: fix the qgroup data free range for inline data extents (Qu Wenruo) - ice: Fix memory leak in ice_set_ringparam() (Zilin Guan) [Orabug: 39131082] {CVE-2026-23389} - usb: typec: ucsi: validate connector number in ucsi_notify_common() (Nathan Rebello) [Orabug: 39300670] {CVE-2026-31729} - usb: gadget: dummy_hcd: fix premature URB completion when ZLP follows partial transfer (Sebastian Urban) - USB: dummy-hcd: Fix interrupt synchronization error (Alan Stern) - USB: dummy-hcd: Fix locking/synchronization error (Alan Stern) - thunderbolt: Fix property read in nhi_wake_supported() (Konrad Dybcio) - misc: fastrpc: possible double-free of cctx->remote_heap (Xingjing Deng) - thermal: core: Fix thermal zone device registration error path (Rafael J. Wysocki) [Orabug: 39343655] {CVE-2026-43332} - gpio: mxc: map Both Edge pad wakeup to Rising Edge (Shenwei Wang) - cpufreq: governor: fix double free in cpufreq_dbs_governor_init() error path (Guangshuo Li) [Orabug: 39343644] {CVE-2026-43328} - net: ethernet: mtk_ppe: avoid NULL deref when gmac0 is disabled (Sven Eckelmann) - net: ftgmac100: fix ring allocation unwind on open failure (Yufan Chen) - vxlan: validate ND option lengths in vxlan_na_create (Ao Zhou) [Orabug: 39300689] {CVE-2026-31738} - crypto: tegra - Add missing CRYPTO_ALG_ASYNC (Eric Biggers) - counter: rz-mtu3-cnt: do not use struct rz_mtu3_channel's dev member (Cosmin Tanislav) - counter: rz-mtu3-cnt: prevent counter from being toggled multiple times (Cosmin Tanislav) - netfilter: ipset: drop logically empty buckets in mtype_del (Yifan Wu) [Orabug: 39205984] {CVE-2026-31418} - nvmem: zynqmp_nvmem: Fix buffer size in DMA and memcpy (Ivan Vera) - nvmem: imx: assign nvmem_cell_info::raw_len (Christian Eggers) - dt-bindings: connector: add pd-disable dependency (Xu Yang) - firmware: microchip: fail auto-update probe if no flash found (Conor Dooley) - comedi: me4000: Fix potential overrun of firmware buffer (Ian Abbott) - comedi: me_daq: Fix potential overrun of firmware buffer (Ian Abbott) - comedi: ni_atmio16d: Fix invalid clean-up after failed attach (Ian Abbott) - comedi: Reinit dev->spinlock between attachments to low-level drivers (Ian Abbott) - comedi: dt2815: add hardware detection to prevent crash (Deepanshu Kartikey) - cdc-acm: new quirk for EPSON HMD (Oliver Neukum) - bridge: br_nd_send: validate ND option lengths (Ao Zhou) [Orabug: 39300723] {CVE-2026-31752} - Revert "LoongArch/orc: Use RCU in all users of __module_address()." (Sasha Levin) - Revert "LoongArch: Remove unnecessary checks for ORC unwinder" (Sasha Levin) - Revert "LoongArch: Handle percpu handler address for ORC unwinder" (Sasha Levin) - usb: cdns3: gadget: fix state inconsistency on gadget init failure (Yongchao Wu) - usb: cdns3: gadget: fix NULL pointer dereference in ep_queue (Yongchao Wu) - usb: core: phy: avoid double use of 'usb3-phy' (Gabor Juhos) - usb: dwc2: gadget: Fix spin_lock/unlock mismatch in dwc2_hsotg_udc_stop() (Juneho Choi) - usb: ehci-brcm: fix sleep during atomic (Justin Chen) - usb: usbtmc: Flush anchored URBs in usbtmc_release (Heitor Alves de Siqueira) [Orabug: 39300741] {CVE-2026-31758} - usb: ulpi: fix double free in ulpi_register_interface() error path (Guangshuo Li) [Orabug: 39300745] {CVE-2026-31759} - usb: quirks: add DELAY_INIT quirk for another Silicon Motion flash drive (Miao Li) - iio: gyro: mpu3050: Fix out-of-sequence free_irq() (Ethan Tidmore) - iio: gyro: mpu3050: Move iio_device_register() to correct location (Ethan Tidmore) [Orabug: 39300750] {CVE-2026-31761} - iio: gyro: mpu3050: Fix irq resource leak (Ethan Tidmore) [Orabug: 39300755] {CVE-2026-31762} - iio: gyro: mpu3050: Fix incorrect free_irq() variable (Ethan Tidmore) [Orabug: 39300760] {CVE-2026-31763} - iio: imu: st_lsm6dsx: Set FIFO ODR for accelerometer and gyroscope only (Francesco Lavra) - iio: imu: bmi160: Remove potential undefined behavior in bmi160_config_pin() (Josh Poimboeuf) - iio: light: vcnl4035: fix scan buffer on big-endian (David Lechner) - iio: dac: ad5770r: fix error return in ad5770r_read_raw() (Antoniu Miclaus) - iio: accel: adxl380: fix FIFO watermark bit 8 always written as 0 (Antoniu Miclaus) - iio: accel: fix ADXL355 temperature signature value (Valek Andrej) - iio: adc: aspeed: clear reference voltage bits before configuring vref (Billy Tsai) - Input: xpad - add support for Razer Wolverine V3 Pro (Zoltan Illes) - Input: xpad - add support for BETOP BTP-KP50B/C controller's wireless mode (Shengyu Qu) - Input: bcm5974 - recover from failed mode switch (Liam Mitchell) - Input: i8042 - add TUXEDO InfinityBook Max 16 Gen10 AMD to i8042 quirk table (Christoffer Sandberg) - Input: synaptics-rmi4 - fix a locking bug in an error path (Bart Van Assche) - USB: core: add NO_LPM quirk for Razer Kiyo Pro webcam (Jp Hein) - USB: serial: option: add support for Rolling Wireless RW135R-GL (Wanquan Zhong) - USB: serial: io_edgeport: add support for Blackbox IC135A (Frej Drejhammar) - drm/amdgpu/pm: drop SMU driver if version not matched messages (Alex Deucher) - drm/amdgpu: Change AMDGPU_VA_RESERVED_TRAP_SIZE to 64KB (Donet Tom) [Orabug: 39300766] {CVE-2026-31765} - drm/i915/dp: Use crtc_state->enhanced_framing properly on ivb/hsw CPU eDP (Ville Syrjälä) - drm/i915/dsi: Don't do DSC horizontal timing adjustments in command mode (Ville Syrjälä) {CVE-2026-31767} - drm/ast: dp501: Fix initialization of SCU2C (Thomas Zimmermann) - iio: adc: ti-ads1119: Replace IRQF_ONESHOT with IRQF_NO_THREAD (Felix Gu) - iio: adc: ti-ads1119: Reinit completion before wait_for_completion_timeout() (Felix Gu) - iio: adc: ti-ads1119: Fix unbalanced pm reference count in ds1119_single_conversion() (Felix Gu) - iio: adc: ti-adc161s626: use DMA-safe memory for spi_read() (David Lechner) - iio: adc: ti-adc161s626: fix buffer read on big-endian (David Lechner) - drm/amdgpu: fix the idr allocation flags (Prike Liang) - mips: mm: Allocate tlb_vpn array atomically (Stefan Wiehler) - hwmon: (occ) Fix division by zero in occ_show_power_1() (Sanman Pradhan) - MIPS: Fix the GCC version check for __multi3' workaround (Maciej W. Rozycki) - MIPS: SiByte: Bring back cache initialisation (Maciej W. Rozycki) - ksmbd: fix OOB write in QUERY_INFO for compound requests (Asim Viladi Oglu Manizada) - Bluetooth: hci_sync: fix stack buffer overflow in hci_le_big_create_sync (Hkbinbin) [Orabug: 39300788] {CVE-2026-31772} - Bluetooth: SMP: force responder MITM requirements before building the pairing response (Oleh Konko) [Orabug: 39343661] {CVE-2026-43334} - Bluetooth: SMP: derive legacy responder STK authentication from MITM state (Oleh Konko) [Orabug: 39300792] {CVE-2026-31773} - io_uring/net: fix slab-out-of-bounds read in io_bundle_nbufs() (Junxi Qian) [Orabug: 39300796] {CVE-2026-31774} - ALSA: ctxfi: Fix missing SPDIFI1 index handling (Takashi Iwai) [Orabug: 39300799] {CVE-2026-31776} - ALSA: caiaq: fix stack out-of-bounds read in init_card (Berk Cem Goksel) [Orabug: 39300807] {CVE-2026-31778} - USB: serial: option: add MeiG Smart SRM825WN (Ernestas Kulik) - wifi: iwlwifi: mvm: fix potential out-of-bounds read in iwl_mvm_nd_match_info_handler() (Alexey Velichayshiy) [Orabug: 39300811] {CVE-2026-31779} - wifi: wilc1000: fix u8 overflow in SSID scan buffer size calculation (Yasuaki Torimaru) - drm/ioc32: stop speculation on the drm_compat_ioctl path (Greg Kroah-Hartman) [Orabug: 39300819] {CVE-2026-31781} - riscv: kgdb: fix several debug register assignment bugs (Paul Walmsley) - sched/fair: Fix zero_vruntime tracking fix (Peter Zijlstra) - sched/fair: Use protect_slice() instead of direct comparison (Vincent Guittot) - mips: ralink: update CPU clock index (Shiji Yang) - hwmon: (occ) Fix missing newline in occ_show_extended() (Sanman Pradhan) - hwmon: (tps53679) Fix device ID comparison and printing in tps53676_identify() (Sanman Pradhan) - dt-bindings: gpio: fix microchip #interrupt-cells (Jamie Gibbons) - hwmon: (ltc4286) Add missing MODULE_IMPORT_NS("PMBUS") (Sanman Pradhan) - hwmon: (pxe1610) Check return value of page-select write in probe (Sanman Pradhan) - accel/qaic: Handle DBC deactivation if the owner went away (Youssef Samir) - iio: imu: bno055: fix BNO055_SCAN_CH_COUNT off by one (David Lechner) - Revert "drm: Fix use-after-free on framebuffers and property blobs when calling drm_dev_unplug" (Maarten Lankhorst) - bpf: reject direct access to nullable PTR_TO_BUF pointers (Qi Tang) [Orabug: 39343658] {CVE-2026-43333} - ipv6: avoid overflows in ip6_datagram_send_ctl() (Eric Dumazet) [Orabug: 39205970] {CVE-2026-31415} - net: hsr: fix VLAN add unwind on slave errors (Luka Gejak) - net/sched: cls_flow: fix NULL pointer dereference on shared blocks (Xiang Mei) [Orabug: 39206002] {CVE-2026-31422} - net/sched: cls_fw: fix NULL pointer dereference on shared blocks (Xiang Mei) [Orabug: 39205998] {CVE-2026-31421} - net/x25: Fix overflow when accumulating packets (Martin Schiller) - net/x25: Fix potential double free of skb (Martin Schiller) - bnxt_en: Restore default stat ctxs for ULP when resource is available (Pavan Chebbi) - net/mlx5: Fix switchdev mode rollback in case of failure (Saeed Mahameed) [Orabug: 39300842] {CVE-2026-43012} - net/mlx5: Avoid "No data available" when FW version queries fail (Saeed Mahameed) - net/mlx5: lag: Check for LAG device before creating debugfs (Shay Drory) [Orabug: 39300845] {CVE-2026-43013} - net: macb: properly unregister fixed rate clocks (Fedor Pchelkin) [Orabug: 39300848] {CVE-2026-43014} - net: macb: fix clk handling on PCI glue driver removal (Fedor Pchelkin) [Orabug: 39300852] {CVE-2026-43015} - net/sched: sch_netem: fix out-of-bounds access in packet corruption (Yucheng Lu) [Orabug: 39263363] {CVE-2026-31675} - bpf: sockmap: Fix use-after-free of sk->sk_socket in sk_psock_verdict_data_ready(). (Kuniyuki Iwashima) [Orabug: 39300856] {CVE-2026-43016} - Bluetooth: MGMT: validate mesh send advertising payload length (Keenan Dong) [Orabug: 39300859] {CVE-2026-43017} - Bluetooth: hci_event: fix potential UAF in hci_le_remote_conn_param_req_evt (Pauli Virtanen) [Orabug: 39300861] {CVE-2026-43018} - Bluetooth: hci_conn: fix potential UAF in set_cig_params_sync (Pauli Virtanen) [Orabug: 39300863] {CVE-2026-43019} - Bluetooth: MGMT: validate LTK enc_size on load (Keenan Dong) [Orabug: 39300865] {CVE-2026-43020} - Bluetooth: SCO: fix race conditions in sco_sock_connect() (Cen Zhang) [Orabug: 39300878] {CVE-2026-43023} - Bluetooth: hci_sync: call destroy in hci_cmd_sync_run if immediate (Pauli Virtanen) - netfilter: nf_tables: reject immediate NF_QUEUE verdict (Pablo Neira Ayuso) [Orabug: 39300880] {CVE-2026-43024} - netfilter: x_tables: restrict xt_check_match/xt_check_target extensions for NFPROTO_ARP (Pablo Neira Ayuso) [Orabug: 39206016] {CVE-2026-31424} - netfilter: ctnetlink: ignore explicit helper on new expectations (Pablo Neira Ayuso) [Orabug: 39300884] {CVE-2026-43025} - netfilter: nf_conntrack_expect: store netns and zone in expectation (Pablo Neira Ayuso) - netfilter: nf_conntrack_expect: use expect->helper (Pablo Neira Ayuso) [Orabug: 39205964] {CVE-2026-31414} - netfilter: nf_conntrack_expect: honor expectation helper field (Pablo Neira Ayuso) - netfilter: ctnetlink: zero expect NAT fields when CTA_EXPECT_NAT absent (Qi Tang) [Orabug: 39300888] {CVE-2026-43026} - netfilter: nf_conntrack_helper: pass helper to expect cleanup (Qi Tang) [Orabug: 39300892] {CVE-2026-43027} - netfilter: ipset: use nla_strcmp for IPSET_ATTR_NAME attr (Florian Westphal) - netfilter: x_tables: ensure names are nul-terminated (Florian Westphal) [Orabug: 39300896] {CVE-2026-43028} - netfilter: nfnetlink_log: account for netlink header size (Florian Westphal) [Orabug: 39205975] {CVE-2026-31416} - netfilter: flowtable: strictly check for maximum number of actions (Pablo Neira Ayuso) [Orabug: 39343648] {CVE-2026-43329} - net: ipv6: flowlabel: defer exclusive option free until RCU teardown (Zhengchuan Liang) [Orabug: 39263383] {CVE-2026-31680} - bpf: Fix regsafe() for pointers to packet (Alexei Starovoitov) [Orabug: 39300902] {CVE-2026-43030} - net: xilinx: axienet: Correct BD length masks to match AXIDMA IP spec (Suraj Gupta) - NFC: pn533: bound the UART receive buffer (Pengpeng Hou) - net: sched: cls_api: fix tc_chain_fill_node to initialize tcm_info to zero to prevent an info-leak (Yochai Eisenrich) [Orabug: 39300916] {CVE-2026-43035} - net: use skb_header_pointer() for TCPv4 GSO frag_off check (Guoyu Su) [Orabug: 39300920] {CVE-2026-43036} - net: introduce mangleid_features (Paolo Abeni) - net: airoha: Add missing cleanup bits in airoha_qdma_cleanup_rx_queue() (Lorenzo Bianconi) - ipv6: prevent possible UaF in addrconf_permanent_addr() (Paolo Abeni) [Orabug: 39343676] {CVE-2026-43339} - ASoC: ep93xx: Fix unchecked clk_prepare_enable() and add rollback on failure (Jihed Chaibi) - net: enetc: check whether the RSS algorithm is Toeplitz (Wei Fang) - net: sfp: Fix Ubiquiti U-Fiber Instant SFP module on mvneta (Marek Behún) - net/sched: sch_hfsc: fix divide-by-zero in rtsc_min() (Xiang Mei) [Orabug: 39206010] {CVE-2026-31423} - bridge: br_nd_send: linearize skb before parsing ND options (Ao Zhou) [Orabug: 39263392] {CVE-2026-31682} - eth: fbnic: Account for page fragments when updating BDQ tail (Dimitri Daskalakis) - ip6_tunnel: clear skb2->cb[] in ip4ip6_err() (Eric Dumazet) [Orabug: 39300924] {CVE-2026-43037} - ipv6: icmp: clear skb2->cb[] in ip6_err_gen_icmpv6_unreach() (Eric Dumazet) [Orabug: 39300928] {CVE-2026-43038} - tg3: Fix race for querying speed/duplex (Thomas Bogendoerfer) - net/ipv6: ioam6: prevent schema length wraparound in trace fill (Pengpeng Hou) [Orabug: 39343684] {CVE-2026-43341} - net: ipv6: ndisc: fix ndisc_ra_useropt to initialize nduseropt_padX fields to zero to prevent an info-leak (Yochai Eisenrich) [Orabug: 39300933] {CVE-2026-43040} - net: qrtr: replace qrtr_tx_flow radix_tree with xarray to fix memory leak (Jiayuan Chen) [Orabug: 39300937] {CVE-2026-43041} - net: fec: fix the PTP periodic output sysfs interface (Csaba Buday) - crypto: af-alg - fix NULL pointer dereference in scatterwalk (Norbert Szetei) [Orabug: 39300945] {CVE-2026-43043} - crypto: caam - fix overflow on long hmac keys (Horia Geantă) - crypto: caam - fix DMA corruption on long hmac keys (Horia Geantă) - wifi: ath11k: Pass the correct value of each TID during a stop AMPDU session (Reshma Immaculate Rajkumar) - dt-bindings: auxdisplay: ht16k33: Use unevaluatedProperties to fix common property warning (Frank Li) - spi: geni-qcom: Check DMA interrupts early in ISR (Praveen Talari) - btrfs: reject root items with drop_progress and zero drop_level (Zhengyuan Huang) [Orabug: 39300957] {CVE-2026-43046} - i2c: tegra: Don't mark devices with pins as IRQ safe (Mikko Perttunen) - btrfs: reserve enough transaction items for qgroup ioctls (Filipe Manana) [Orabug: 39343672] {CVE-2026-43338} - HID: multitouch: Check to ensure report responses match the request (Lee Jones) [Orabug: 39300961] {CVE-2026-43047} - HID: logitech-hidpp: Prevent use-after-free on force feedback initialisation failure (Lee Jones) [Orabug: 39300969] {CVE-2026-43049} - objtool: Fix Clang jump table detection (Josh Poimboeuf) - tg3: replace placeholder MAC address with device property (Paul Sage) - btrfs: don't take device_list_mutex when querying zone info (Johannes Thumshirn) - atm: lec: fix use-after-free in sock_def_readable() (Deepanshu Kartikey) [Orabug: 39300973] {CVE-2026-43050} - HID: wacom: fix out-of-bounds read in wacom_intuos_bt_irq (Benoît Sevens) [Orabug: 39300977] {CVE-2026-43051} - wifi: mac80211: check tdls flag in ieee80211_tdls_oper (Deepanshu Kartikey) [Orabug: 39300981] {CVE-2026-43052} - HID: logitech-hidpp: Enable MX Master 4 over bluetooth (Adrian Freund) - arm64/scs: Fix handling of advance_loc4 (Pepper Gray) - io_uring/kbuf: propagate BUF_MORE through early buffer commit path (Jens Axboe) - io_uring/kbuf: fix missing BUF_MORE for incremental buffers at EOF (Jens Axboe) - io_uring/kbuf: use WRITE_ONCE() for userspace-shared buffer ring fields (Joanne Koong) - io_uring/kbuf: use READ_ONCE() for userspace-mapped memory (Caleb Sander) - io_uring/kbuf: always use READ_ONCE() to read ring provided buffer lengths (Jens Axboe) [Orabug: 38440272] {CVE-2025-39816} - io_uring/kbuf: enable bundles for incrementally consumed buffers (Jens Axboe) - io_uring/rw: check for NULL io_br_sel when putting a buffer (Jens Axboe) - io_uring/net: correct type for min_not_zero() cast (Jens Axboe) - io_uring: remove async/poll related provided buffer recycles (Jens Axboe) - io_uring/kbuf: switch to storing struct io_buffer_list locally (Jens Axboe) - io_uring/net: use struct io_br_sel->val as the send finish value (Jens Axboe) - io_uring/net: use struct io_br_sel->val as the recv finish value (Jens Axboe) - io_uring/kbuf: use struct io_br_sel for multiple buffers picking (Jens Axboe) - io_uring/kbuf: introduce struct io_br_sel (Jens Axboe) - io_uring/kbuf: pass in struct io_buffer_list to commit/recycle helpers (Jens Axboe) - io_uring/net: clarify io_recv_buf_select() return value (Jens Axboe) - io_uring/net: don't use io_net_kbuf_recyle() for non-provided cases (Jens Axboe) - io_uring/kbuf: drop 'issue_flags' from io_put_kbuf(s)() arguments (Jens Axboe) - io_uring/kbuf: uninline __io_put_kbufs (Pavel Begunkov) - io_uring/kbuf: introduce io_kbuf_drop_legacy() (Pavel Begunkov) - io_uring/kbuf: open code __io_put_kbuf() (Pavel Begunkov) - io_uring/kbuf: remove legacy kbuf caching (Pavel Begunkov) - io_uring/kbuf: simplify __io_put_kbuf (Pavel Begunkov) - io_uring/kbuf: remove legacy kbuf kmem cache (Pavel Begunkov) - io_uring/kbuf: remove legacy kbuf bulk allocation (Pavel Begunkov) - LTS version: v6.12.80 (Sherry Yang) - idpf: nullify pointers after they are freed (Li Li) - net: bcmasp: Fix network filter wake for asp-3.0 (Justin Chen) - net: bcmasp: Restore programming of TX map vector register (Florian Fainelli) - dmaengine: idxd: Fix leaking event log memory (Vinicius Costa Gomes) [Orabug: 39250715] {CVE-2026-31440} - futex: Require sys_futex_requeue() to have identical flags (Peter Zijlstra) [Orabug: 39262271] {CVE-2026-31554} - xen/privcmd: unregister xenstore notifier on module exit (Guohan Zhao) - btrfs: fix lost error when running device stats on multiple devices fs (Filipe Manana) - btrfs: fix leak of kobject name for sub-group space_info (Shin'Ichiro Kawasaki) [Orabug: 39250698] {CVE-2026-31434} - btrfs: fix super block offset in error message in btrfs_validate_super() (Mark Harmstone) - dmaengine: xilinx_dma: Fix reset related timeout with two-channel AXIDMA (Tomi Valkeinen) - dmaengine: xilinx: xilinx_dma: Fix unmasked residue subtraction (Marek Vasut) - dmaengine: xilinx: xilinx_dma: Fix residue calculation for cyclic DMA (Marek Vasut) - dmaengine: xilinx: xilinx_dma: Fix dma_device directions (Marek Vasut) - dmaengine: idxd: fix possible wrong descriptor completion in llist_abort_desc() (Tuo Li) [Orabug: 39250704] {CVE-2026-31436} - netfs: Fix kernel BUG in netfs_limit_iter() for ITER_KVEC iterators (Deepanshu Kartikey) [Orabug: 39250710] {CVE-2026-31438} - dmaengine: xilinx: xdma: Fix regmap init error handling (Alexander Stein) - dmaengine: dw-edma: Fix multiple times setting of the CYCLE_STATE and CYCLE_BIT bits for HDMA. (Luo Haowen) - phy: ti: j721e-wiz: Fix device node reference leak in wiz_get_lane_phy_types() (Felix Gu) - dmaengine: idxd: Fix freeing the allocated ida too late (Vinicius Costa Gomes) - dmaengine: idxd: Fix memory leak when a wq is reset (Vinicius Costa Gomes) [Orabug: 39250719] {CVE-2026-31441} - dmaengine: idxd: Fix not releasing workqueue on .release() (Vinicius Costa Gomes) [Orabug: 39323059] {CVE-2026-43064} - ASoC: ak4458: Convert to RUNTIME_PM_OPS() & co (Takashi Iwai) - idpf: Fix RSS LUT NULL ptr issue after soft reset (Sreedevi Joshi) [Orabug: 38887699] {CVE-2026-22993} - idpf: Fix RSS LUT NULL pointer crash on early ethtool operations (Sreedevi Joshi) [Orabug: 38887675] {CVE-2026-22985} - idpf: detach and close netdevs while handling a reset (Emil Tantilov) [Orabug: 38887666] {CVE-2026-22981} - idpf: check error for register_netdev() on init (Emil Tantilov) [Orabug: 37844511] {CVE-2025-22116} - ice: Fix PTP NULL pointer dereference during VSI rebuild (Aaron Ma) [Orabug: 38970514] {CVE-2026-23210} - landlock: Fix handling of disconnected directories (Mickaël Salaün) [Orabug: 38798915] {CVE-2025-68736} - landlock: Optimize file path walks and prepare for audit support (Mickaël Salaün) - net: add proper RCU protection to /proc/net/ptype (Eric Dumazet) [Orabug: 39103146] {CVE-2026-23255} - virt: tdx-guest: Fix handling of host controlled 'quote' buffer length (Zubin Mithra) [Orabug: 39250829] {CVE-2026-31470} - xfs: avoid dereferencing log items after push callbacks (Yuto Ohnuki) [Orabug: 39250765] {CVE-2026-31453} - ovl: make fsync after metadata copy-up opt-in mount option (Fei Lv) - ovl: Use str_on_off() helper in ovl_show_options() (Thorsten Blum) - rust: pin-init: internal: init: document load-bearing fact of field accessors (Benno Lossin) - rust: pin-init: add references to previously initialized fields (Benno Lossin) - mm/damon/sysfs: check contexts->nr before accessing contexts_arr[0] (Josh Law) [Orabug: 39250786] {CVE-2026-31458} - media: nxp: imx8-isi: Fix streaming cleanup on release (Richard Leitner) - LoongArch: vDSO: Emit GNU_EH_FRAME correctly (Xi Ruoyao) - drm/xe: always keep track of remap prev/next (Matthew Auld) [Orabug: 39250860] {CVE-2026-31479} - tracing: Fix potential deadlock in cpu hotplug with osnoise (Luo Haiyang) [Orabug: 39250862] {CVE-2026-31480} - tracing: Switch trace_osnoise.c code over to use guard() and __free() (Steven Rostedt) - ksmbd: fix use-after-free and NULL deref in smb_grant_oplock() (Werner Kasselman) - powerpc64/bpf: do not increment tailcall count when prog is NULL (Hari Bathini) - arm64: dts: imx8mn-tqma8mqnl: fix LDO5 power off (Markus Niebel) - ext4: always drain queued discard work in ext4_mb_release() (Theodore Ts'O) [Orabug: 39323070] {CVE-2026-43065} - ext4: fix iloc.bh leak in ext4_fc_replay_inode() error paths (Baokun Li) [Orabug: 39323077] {CVE-2026-43066} - ext4: handle wraparound when searching for blocks for indirect mapped blocks (Theodore Ts'O) - ext4: fix the might_sleep() warnings in kvfree() (Zqiang) - ext4: fix use-after-free in update_super_work when racing with umount (Jiayuan Chen) [Orabug: 39250726] {CVE-2026-31446} - ext4: reject mount if bigalloc with s_first_data_block != 0 (Helen Koike) [Orabug: 39250729] {CVE-2026-31447} - ext4: avoid allocate block from corrupted group in ext4_mb_find_by_goal() (Ye Bin) [Orabug: 39323085] {CVE-2026-43068} - ext4: avoid infinite loops caused by residual data (Edward Adam Davis) [Orabug: 39250734] {CVE-2026-31448} - ext4: validate p_idx bounds in ext4_ext_correct_indexes (Tejas Bharambe) [Orabug: 39250743] {CVE-2026-31449} - ext4: replace BUG_ON with proper error handling in ext4_read_inline_folio (Yuto Ohnuki) [Orabug: 39250756] {CVE-2026-31451} - ext4: make recently_deleted() properly work with lazy itable initialization (Jan Kara) - ext4: fix fsync(2) for nojournal mode (Jan Kara) - ext4: fix stale xarray tags after writeback (Jan Kara) - ext4: convert inline data to extents when truncate exceeds inline size (Deepanshu Kartikey) [Orabug: 39250761] {CVE-2026-31452} - ext4: fix journal credit check when setting fscrypt context (Simon Weber) - xfs: remove file_path tracepoint data (Darrick J. Wong) - xfs: don't irele after failing to iget in xfs_attri_recover_work (Darrick J. Wong) {CVE-2026-43063} - xfs: fix ri_total validation in xlog_recover_attri_commit_pass2 (Long Li) - xfs: scrub: unlock dquot before early return in quota scrub (Hongao) [Orabug: 39262277] {CVE-2026-31556} - xfs: save ailp before dropping the AIL lock in push callbacks (Yuto Ohnuki) [Orabug: 39250774] {CVE-2026-31454} - xfs: stop reclaim before pushing AIL during unmount (Yuto Ohnuki) [Orabug: 39250777] {CVE-2026-31455} - LoongArch: KVM: Make kvm_get_vcpu_by_cpuid() more robust (Huacai Chen) - LoongArch: Workaround LS2K/LS7A GPU DMA hang bug (Huacai Chen) - LoongArch: Fix missing NULL checks for kstrdup() (Lijun) - drm/i915/dp_tunnel: Fix error handling when clearing stream BW in atomic state (Imre Deak) - drm/amdgpu: prevent immediate PASID reuse case (Eric Huang) [Orabug: 39250796] {CVE-2026-31462} - dmaengine: sh: rz-dmac: Move CHCTRL updates under spinlock (Claudiu Beznea) - dmaengine: sh: rz-dmac: Protect the driver specific lists (Claudiu Beznea) - dmaengine: fsl-edma: fix channel parameter config for fixed channel requests (Joy Zou) - futex: Clear stale exiting pointer in futex_lock_pi() retry path (Davidlohr Bueso) [Orabug: 39262273] {CVE-2026-31555} - irqchip/qcom-mpm: Add missing mailbox TX done acknowledgment (Jassi Brar) - jbd2: gracefully abort on checkpointing state corruptions (Milos Nikic) - net: macb: Use dev_consume_skb_any() to free TX SKBs (Kevin Hao) [Orabug: 39262293] {CVE-2026-31563} - net: macb: Protect access to net_device::ip_ptr with RCU lock (Kevin Hao) - net: macb: Move devm_{free,request}_irq() out of spin lock area (Kevin Hao) - scsi: ses: Handle positive SCSI error from ses_recv_diag() (Greg Kroah-Hartman) - scsi: ibmvfc: Fix OOB access in ibmvfc_discover_targets_done() (Tyllis Xu) - ovl: fix wrong detection of 32bit inode numbers (Amir Goldstein) - phy: qcom: qmp-ufs: Fix SM8650 PCS table for Gear 4 (Abel Vesa) - x86/cpu: Remove X86_CR4_FRED from the CR4 pinned bits mask (Borislav Petkov) [Orabug: 39262289] {CVE-2026-31561} - x86/cpu: Enable FSGSBASE early in cpu_init_exception_handling() (Nikunj A Dadhania) - alarmtimer: Fix argument order in alarm_timer_forward() (Zhan Xusheng) - erofs: add GFP_NOIO in the bio completion if needed (Jiucheng Xu) [Orabug: 39250817] {CVE-2026-31467} - virtio_net: Fix UAF on dst_ops when IFF_XMIT_DST_RELEASE is cleared and napi_tx is false (Xietangxin) [Orabug: 39250824] {CVE-2026-31469} - media: mc, v4l2: serialize REINIT and REQBUFS with req_queue_mutex (Yuchan Nam) [Orabug: 39250836] {CVE-2026-31473} - hwmon: (peci/cputemp) Fix off-by-one in cputemp_is_visible() (Sanman Pradhan) - hwmon: (peci/cputemp) Fix crit_hyst returning delta instead of absolute temperature (Sanman Pradhan) - hwmon: (pmbus/isl68137) Add mutex protection for AVS enable sysfs attributes (Sanman Pradhan) - KVM: arm64: Discard PC update state on vcpu reset (Marc Zyngier) - platform/x86: ISST: Correct locked bit width (Srinivas Pandruvada) - cpufreq: conservative: Reset requested_freq on limits change (Viresh Kumar) - can: isotp: fix tx.buf use-after-free in isotp_sendmsg() (Oliver Hartkopp) [Orabug: 39250840] {CVE-2026-31474} - can: gw: fix OOB heap access in cgw_csum_crc8_rel() (Ali Norouzi) [Orabug: 39262306] {CVE-2026-31570} - ALSA: firewire-lib: fix uninitialized local variable (Alexey Nepomnyashih) - ksmbd: do not expire session on binding failure (Hyunwoo Kim) - ksmbd: fix memory leaks and NULL deref in smb2_lock() (Werner Kasselman) - ksmbd: fix potencial OOB in get_file_all_info() for compound requests (Namjae Jeon) - ksmbd: replace hardcoded hdr2_len with offsetof() in smb2_calc_max_out_buf_len() (Namjae Jeon) - s390/entry: Scrub r12 register on kernel entry (Vasily Gorbik) - s390/barrier: Make array_index_mask_nospec() __always_inline (Vasily Gorbik) - s390/syscalls: Add spectre boundary for syscall dispatch table (Greg Kroah-Hartman) - spi: spi-fsl-lpspi: fix teardown order issue (UAF) (Marc Kleine-Budde) - ASoC: adau1372: Fix clock leak on PLL lock failure (Jihed Chaibi) - ASoC: adau1372: Fix unchecked clk_prepare_enable() return value (Jihed Chaibi) - sysctl: fix uninitialized variable in proc_do_large_bitmap (Marc Buerg) - hwmon: (pmbus) Introduce the concept of "write-only" attributes (Guenter Roeck) - hwmon: (pmbus) Mark lowest/average/highest/rated attributes as read-only (Guenter Roeck) - hwmon: (pmbus/core) Fix various coding style issues (Guenter Roeck) - hwmon: (adm1177) fix sysfs ABI violation and current unit conversion (Sanman Pradhan) - drm/amdgpu: Fix fence put before wait in amdgpu_amdkfd_submit_ib (Srinivasan Shanmugam) [Orabug: 39262299] {CVE-2026-31566} - ACPI: EC: clean up handlers on probe failure in acpi_ec_setup() (Weiming Shi) [Orabug: 39206026] {CVE-2026-31426} - spi: use generic driver_override infrastructure (Danilo Krummrich) [Orabug: 39250884] {CVE-2026-31487} - spi: Group CS related fields in struct spi_device (Andy Shevchenko) - drm/amd/display: Do not skip unrelated mode changes in DSC validation (Yussuf Khalil) [Orabug: 39250888] {CVE-2026-31488} - spi: meson-spicc: Fix double-put in remove path (Felix Gu) [Orabug: 39250890] {CVE-2026-31489} - ASoC: Intel: catpt: Fix the device initialization (Cezary Rojewski) - spi: sn-f-ospi: Fix resource leak in f_ospi_probe() (Felix Gu) - PM: hibernate: Drain trailing zero pages on userspace restore (Alberto Garcia) - drm/i915/gmbus: fix spurious timeout on 512-byte burst reads (Samasth Norway Ananda) - x86/efi: efi_unmap_boot_services: fix calculation of ranges_to_free size (Mike Rapoport) - scsi: scsi_transport_sas: Fix the maximum channel scanning issue (Yihang Li) - RDMA/irdma: Return EINVAL for invalid arp index error (Tatyana Nikolova) - RDMA/irdma: Fix deadlock during netdev reset with active connections (Anil Samal) [Orabug: 39262296] {CVE-2026-31565} - RDMA/irdma: Remove reset check from irdma_modify_qp_to_err() (Tatyana Nikolova) - RDMA/irdma: Clean up unnecessary dereference of event->cm_node (Ivan Barrera) - RDMA/irdma: Remove a NOP wait_event() in irdma_modify_qp_roce() (Tatyana Nikolova) - RDMA/irdma: Update ibqp state to error if QP is already in error state (Tatyana Nikolova) - RDMA/irdma: Initialize free_qp completion before using it (Jacob Moroni) [Orabug: 39250897] {CVE-2026-31492} - RDMA/rw: Fall back to direct SGE on MR pool exhaustion (Chuck Lever) - ALSA: hda/realtek: Sequence GPIO2 on Star Labs StarFighter (Sean Rhodes) - regmap: Synchronize cache for the page selector (Andy Shevchenko) - net: macb: use the current queue number for stats (Paolo Valerio) [Orabug: 39250905] {CVE-2026-31494} - netfilter: ctnetlink: use netlink policy range checks (David Carlier) [Orabug: 39250911] {CVE-2026-31495} - netfilter: nf_conntrack_sip: fix use of uninitialized rtp_addr in process_sdp (Weiming Shi) [Orabug: 39206029] {CVE-2026-31427} - netfilter: nf_conntrack_expect: skip expectations in other netns via proc (Pablo Neira Ayuso) [Orabug: 39250915] {CVE-2026-31496} - netfilter: ip6t_rt: reject oversized addrnr in rt_mt6_check() (Ao Zhou) [Orabug: 39263359] {CVE-2026-31674} - netfilter: nfnetlink_log: fix uninitialized padding leak in NFULA_PAYLOAD (Weiming Shi) [Orabug: 39206033] {CVE-2026-31428} - tls: Purge async_hold in tls_decrypt_async_wait() (Chuck Lever) [Orabug: 39164144] {CVE-2026-23414} - Bluetooth: btusb: clamp SCO altsetting table indices (Pengpeng Hou) [Orabug: 39250921] {CVE-2026-31497} - Bluetooth: L2CAP: Fix ERTM re-init and zero pdu_len infinite loop (Hyunwoo Kim) [Orabug: 39250925] {CVE-2026-31498} - Bluetooth: btintel: serialize btintel_hw_error() with hci_req_sync_lock (Cen Zhang) [Orabug: 39250931] {CVE-2026-31500} - Bluetooth: L2CAP: Fix send LE flow credits in ACL link (Zhang Chen) - dma-mapping: add missing inline for dma_free_attrs (Miguel Ojeda) - net: lan743x: fix duplex configuration in mac_link_up (Thangaraj Samynathan) - net: enetc: fix the output issue of 'ethtool --show-ring' (Wei Fang) - udp: Fix wildcard bind conflict check when using hash2 (Martin Kafai Lau) [Orabug: 39250946] {CVE-2026-31503} - tcp: optimize inet_use_bhash2_on_bind() (Eric Dumazet) - net: fix fanout UAF in packet_release() via NETDEV_UP race (Yochai Eisenrich) [Orabug: 39250951] {CVE-2026-31504} - ipv6: Don't remove permanent routes with exceptions from tb6_gc_hlist. (Kuniyuki Iwashima) - ipv6: Remove permanent routes from tb6_gc_hlist when all exceptions expire. (Kuniyuki Iwashima) - iavf: fix out-of-bounds writes in iavf_get_ethtool_stats() (Kohei Enju) [Orabug: 39250955] {CVE-2026-31505} - ice: use ice_update_eth_stats() for representor stats (Petr Oros) - ice: fix inverted ready check for VF representors (Petr Oros) - platform/x86: intel-hid: disable wakeup_mode during hibernation (David Mcfarland) - platform/olpc: olpc-xo175-ec: Fix overflow error message to print inlen (Alok Tiwari) - net: bcmasp: fix double disable of clk (Justin Chen) - net: bcmasp: Add support for asp-v3.0 (Justin Chen) - net: bcmasp: fix double free of WoL irq (Justin Chen) [Orabug: 39250960] {CVE-2026-31506} - net: bcmasp: streamline early exit in probe (Justin Chen) - net: bcmasp: Remove support for asp-v2.0 (Justin Chen) - net: bcm: asp2: convert to phylib managed EEE (Russell King) - net: bcm: asp2: remove tx_lpi_enabled (Russell King) - net: bcm: asp2: fix LPI timer handling (Russell King) - rtnetlink: count IFLA_INFO_SLAVE_KIND in if_nlmsg_size (Sabrina Dubroca) - net/smc: fix double-free of smc_spd_priv when tee() duplicates splice pipe buffer (Qi Tang) - openvswitch: validate MPLS set/set_masked payload length (Ao Zhou) [Orabug: 39263380] {CVE-2026-31679} - openvswitch: defer tunnel netdev_put to RCU release (Ao Zhou) [Orabug: 39263376] {CVE-2026-31678} - net: openvswitch: Avoid releasing netdev before teardown completes (Toke Høiland-Jørgensen) [Orabug: 39251167] {CVE-2026-31508} - nfc: nci: fix circular locking dependency in nci_close_device (Jakub Kicinski) - ionic: fix persistent MAC address override on PF (Mohammad Heib) - pinctrl: mediatek: common: Fix probe failure for devices without EINT (Luca Leonardo Scorcia) - Bluetooth: L2CAP: Fix null-ptr-deref on l2cap_sock_ready_cb (Helen Koike) [Orabug: 39250972] {CVE-2026-31510} - Bluetooth: hci_ll: Fix firmware leak on error path (Anas Iqbal) [Orabug: 39323106] {CVE-2026-43069} - Bluetooth: MGMT: Fix dangling pointer on mgmt_add_adv_patterns_monitor_complete (Luiz Augusto von Dentz) [Orabug: 39250978] {CVE-2026-31511} - Bluetooth: SCO: Fix use-after-free in sco_recv_frame() due to missing sock_hold (Hyunwoo Kim) [Orabug: 39171453] {CVE-2026-31408} - Bluetooth: L2CAP: Validate PDU length before reading SDU length in l2cap_ecred_data_rcv() (Hyunwoo Kim) [Orabug: 39250981] {CVE-2026-31512} - can: statistics: add missing atomic access in hot path (Oliver Hartkopp) - dma: swiotlb: add KMSAN annotations to swiotlb_bounce() (Shigeru Yoshida) - af_key: validate families in pfkey_send_migrate() (Eric Dumazet) [Orabug: 39250996] {CVE-2026-31515} - xfrm: prevent policy_hthresh.work from racing with netns teardown (Minwoo Ra) [Orabug: 39251000] {CVE-2026-31516} - xfrm: Fix work re-schedule after cancel in xfrm_nat_keepalive_net_fini() (Hyunwoo Kim) [Orabug: 39171446] {CVE-2026-31406} - esp: fix skb leak with espintcp and async crypto (Sabrina Dubroca) [Orabug: 39251008] {CVE-2026-31518} - xfrm: Fix the usage of skb->sk (Steffen Klassert) - xfrm: call xdo_dev_state_delete during state update (Sabrina Dubroca) - xfrm: fix the condition on x->pcpu_num in xfrm_sa_len (Sabrina Dubroca) - xfrm: add missing extack for XFRMA_SA_PCPU in add_acquire and allocspi (Sabrina Dubroca) - i3c: master: dw-i3c: Fix missing of_node for virtual I2C adapter (Peter Yin) - ALSA: hda/realtek: add quirk for ASUS UM6702RC (Zhang Heng) - spi: intel-pci: Add support for Nova Lake mobile SPI flash (Alan Borzeszkowski) - usb: core: new quirk to handle devices with zero configurations (Jie Deng) - drm/amdgpu: fix gpu idle power consumption issue for gfx v12 (Yang Wang) - nvmet: move async event work off nvmet-wq (Chaitanya Kulkarni) [Orabug: 39262279] {CVE-2026-31557} - objtool: Handle Clang RSP musical chairs (Josh Poimboeuf) - ALSA: hda/realtek: Add headset jack quirk for Thinkpad X390 (Uzair Mughal) - ALSA: hda/realtek: add HP Laptop 14s-dr5xxx mute LED quirk (Liucheng Lu) - btrfs: set BTRFS_ROOT_ORPHAN_CLEANUP during subvol create (Boris Burkov) [Orabug: 39251012] {CVE-2026-31519} - sched_ext: Use WRITE_ONCE() for the write side of dsq->seq update (Zhidao Su) - HID: apple: avoid memory leak in apple_report_fixup() (Günther Noack) [Orabug: 39251018] {CVE-2026-31520} - drm/ttm/tests: Fix build failure on PREEMPT_RT (Maarten Lankhorst) - ALSA: hda/senary: Ensure EAPD is enabled during init (Wangdicheng) - dma-buf: Include ioctl.h in UAPI header (Isaac J. Manjarres) - ASoC: fsl_easrc: Fix event generation in fsl_easrc_iec958_put_bits() (Mark Brown) - scsi: devinfo: Add BLIST_SKIP_IO_HINTS for Iomega ZIP (Florian Fuchs) - scsi: mpi3mr: Clear reset history on ready and recheck state after timeout (Ranjan Kumar) - ASoC: fsl_easrc: Fix event generation in fsl_easrc_iec958_set_reg() (Mark Brown) - module: Fix kernel panic when a symbol st_shndx is out of bounds (Ihor Solodrai) [Orabug: 39251025] {CVE-2026-31521} - HID: asus: add xg mobile 2023 external hardware support (Denis Benato) - HID: mcp2221: cancel last I2C command on read error (Romain Sioen) - kbuild: install-extmod-build: Package resolve_btfids if necessary (Thomas Weißschuh) - net: usb: r8152: add TRENDnet TUC-ET2G (Valentin Spreckels) - HID: apple: Add EPOMAKER TH87 to the non-apple keyboards list (Takashi Iwai) - HID: magicmouse: avoid memory leak in magicmouse_report_fixup() (Günther Noack) [Orabug: 39251031] {CVE-2026-31522} - HID: magicmouse: fix battery reporting for Apple Magic Trackpad 2 (Julius Lehmann) - nvme-pci: ensure we're polling a polled queue (Keith Busch) {CVE-2026-31523} - platform/x86: touchscreen_dmi: Add quirk for y-inverted Goodix touchscreen on SUPI S10 (Hans de Goede) - platform/x86: intel-hid: Enable 5-button array on ThinkPad X1 Fold 16 Gen 1 (Leif Skunberg) - nvme-fabrics: use kfree_sensitive() for DHCHAP secrets (Daniel Hodges) - nvme-pci: cap queue creation to used queues (Keith Busch) - platform/x86: intel-hid: Add Dell 14 Plus 2-in-1 to dmi_vgbs_allow_list (Peter Metz) - HID: asus: avoid memory leak in asus_report_fixup() (Günther Noack) [Orabug: 39251044] {CVE-2026-31524} - bpf: Fix undefined behavior in interpreter sdiv/smod for INT_MIN (Jenny Guanni Qu) [Orabug: 39251049] {CVE-2026-31525} - bpf: Release module BTF IDR before module unload (Kumar Kartikeya Dwivedi) - driver core: platform: use generic driver_override infrastructure (Danilo Krummrich) [Orabug: 39251055] {CVE-2026-31527} - driver core: generalize driver_override in struct device (Danilo Krummrich) - sh: platform_early: remove pdev->driver_override check (Danilo Krummrich) - hwmon: axi-fan: don't use driver_override as IRQ name (Danilo Krummrich) - cxl/hdm: Avoid incorrect DVSEC fallback when HDM decoders are enabled (Smita Koralahalli) - perf: Make sure to use pmu_ctx->pmu for groups (Peter Zijlstra) [Orabug: 39251060] {CVE-2026-31528} - bpf: Fix constant blinding for PROBE_MEM32 stores (Sachin Kumar) [Orabug: 39164149] {CVE-2026-23417} - cxl/port: Fix use after free of parent_port in cxl_detach_ep() (Alison Schofield) [Orabug: 39251064] {CVE-2026-31530} - LTS version: v6.12.79 (Sherry Yang) - Revert "LoongArch: Add machine_kexec_mask_interrupts() implementation" (Huacai Chen) - LTS version: v6.12.78 (Sherry Yang) - xen/privcmd: add boot control for restricted usage in domU (Juergen Gross) - xen/privcmd: restrict usage in unprivileged domU (Juergen Gross) [Orabug: 39142871] {CVE-2026-31788} - perf/x86/intel: Add missing branch counters constraint apply (Dapeng Mi) - hwmon: (max6639) Fix pulses-per-revolution implementation (Guenter Roeck) - tools/bootconfig: fix fd leak in load_xbc_file() on fstat failure (Josh Law) - lib/bootconfig: check xbc_init_node() return in override path (Josh Law) - fs/tests: exec: Remove bad test vector (Kees Cook) - drm/i915/gt: Check set_default_submission() before deferencing (Rahul Bukte) [Orabug: 39262234] {CVE-2026-31540} - ksmbd: fix use-after-free in durable v2 replay of active file handles (Hyunwoo Kim) - ksmbd: fix use-after-free of share_conf in compound request (Hyunwoo Kim) - drm/amd: fix dcn 2.01 check (Andy Nguyen) - drm/amd/display: Fix DisplayID not-found handling in parse_edid_displayid_vrr() (Srinivasan Shanmugam) - mtd: rawnand: brcmnand: skip DMA during panic write (Kamal Dasu) - mtd: rawnand: serialize lock/unlock against other NAND operations (Kamal Dasu) [Orabug: 39167445] {CVE-2026-23434} - mm/shmem, swap: avoid redundant Xarray lookup during swapin (Kairui Song) - mm/shmem, swap: improve cached mTHP handling and fix potential hang (Kairui Song) - mm: shmem: avoid unpaired folio_unlock() in shmem_swapin_folio() (Kemeng Shi) - mm: shmem: fix potential data corruption during shmem swapin (Baolin Wang) - mtd: spi-nor: core: avoid odd length/address writes in 8D-8D-8D mode (Pratyush Yadav) - mtd: spi-nor: core: avoid odd length/address reads on 8D-8D-8D mode (Pratyush Yadav) - x86/platform/uv: Handle deconfigured sockets (Kyle Meyer) [Orabug: 39262240] {CVE-2026-31542} - ring-buffer: Fix to update per-subbuf entries of persistent ring buffer (Masami Hiramatsu) - i2c: pxa: defer reset on Armada 3700 when recovery is used (Gabor Juhos) - i2c: fsi: Fix a potential leak in fsi_i2c_probe() (Christophe Jaillet) - i2c: cp2615: fix serial string NULL-deref at probe (Johan Hovold) - USB: serial: f81232: fix incomplete serial port generation (Ji-Ze Hong) - drm/i915/psr: Compute PSR entry_setup_frames into intel_crtc_state (Jouni Högander) - hwmon: (pmbus/isl68137) Fix unchecked return value and use sysfs_emit() (Sanman Pradhan) - hwmon: (pmbus/mp2975) Add error check for pmbus_read_word_data() return value (Sanman Pradhan) - icmp: fix NULL pointer dereference in icmp_tag_validation() (Weiming Shi) [Orabug: 39136286] {CVE-2026-23398} - net: dsa: bcm_sf2: fix missing clk_disable_unprepare() in error paths (Anas Iqbal) - net: mvpp2: guard flow control update with global_tx_fc in buffer switching (Muhammad Hammad Ijaz) [Orabug: 39167454] {CVE-2026-23438} - nfnetlink_osf: validate individual option lengths in fingerprints (Weiming Shi) [Orabug: 39136282] {CVE-2026-23397} - netfilter: nf_tables: release flowtable after rcu grace period on error (Pablo Neira Ayuso) [Orabug: 39131092] {CVE-2026-23392} - netfilter: bpf: defer hook memory release until rcu readers are done (Florian Westphal) [Orabug: 39164139] {CVE-2026-23412} - net: bonding: fix NULL deref in bond_debug_rlb_hash_show (Xiang Mei) [Orabug: 39262249] {CVE-2026-31546} - udp_tunnel: fix NULL deref caused by udp_sock_create6 when CONFIG_IPV6=n (Xiang Mei) [Orabug: 39167457] {CVE-2026-23439} - net/mlx5e: Fix race condition during IPSec ESN update (Jianbo Liu) [Orabug: 39167461] {CVE-2026-23440} - net/mlx5e: Prevent concurrent access to IPSec ASO context (Jianbo Liu) [Orabug: 39167464] {CVE-2026-23441} - net/mlx5: qos: Restrict RTNL area to avoid a lock cycle (Cosmin Ratiu) - net: macb: fix uninitialized rx_fs_lock (Fedor Pchelkin) - wifi: mac80211: fix NULL deref in mesh_matches_local() (Xiang Mei) [Orabug: 39136278] {CVE-2026-23396} - iavf: fix VLAN filter lost on add/delete race (Petr Oros) - igc: fix page fault in XDP TX timestamps handling (Zdenek Bouska) [Orabug: 39167476] {CVE-2026-23445} - igc: fix missing update of skb->tail in igc_xmit_frame() (Kohei Enju) - net: usb: aqc111: Do not perform PM inside suspend callback (Nikola Z. Ivanov) - clsact: Fix use-after-free in init/destroy rollback asymmetry (Daniel Borkmann) [Orabug: 39164141] {CVE-2026-23413} - net: usb: cdc_ncm: add ndpoffset to NDP32 nframes bounds check (Tobi Gaertner) [Orabug: 39167482] {CVE-2026-23447} - net: usb: cdc_ncm: add ndpoffset to NDP16 nframes bounds check (Tobi Gaertner) [Orabug: 39167487] {CVE-2026-23448} - net: airoha: Remove airoha_dev_stop() in airoha_remove() (Lorenzo Bianconi) - net: airoha: Read completion queue data in airoha_qdma_tx_napi_poll() (Lorenzo Bianconi) - net: airoha: fix PSE memory configuration in airoha_fe_pse_ports_init() (Lorenzo Bianconi) - net: airoha: read default PSE reserved pages value before updating (Lorenzo Bianconi) - net/sched: teql: Fix double-free in teql_master_xmit (Jamal Hadi Salim) [Orabug: 39167491] {CVE-2026-23449} - net/smc: fix NULL dereference and UAF in smc_tcp_syn_recv_sock() (Jiayuan Chen) - PM: runtime: Fix a race condition related to device removal (Bart Van Assche) [Orabug: 39167500] {CVE-2026-23452} - sched: idle: Consolidate the handling of two special cases (Rafael J. Wysocki) - net: mana: fix use-after-free in mana_hwc_destroy_channel() by reordering teardown (Dipayaan Roy) [Orabug: 39167505] {CVE-2026-23454} - net: bcmgenet: increase WoL poll timeout (Justin Chen) - netfilter: nf_conntrack_h323: check for zero length in DecodeQ931() (Jenny Guanni Qu) [Orabug: 39167509] {CVE-2026-23455} - netfilter: xt_time: use unsigned int for monthday bit shift (Jenny Guanni Qu) - netfilter: xt_CT: drop pending enqueued packets on template removal (Pablo Neira Ayuso) [Orabug: 39131088] {CVE-2026-23391} - netfilter: nft_ct: drop pending enqueued packets on removal (Pablo Neira Ayuso) [Orabug: 39322991] {CVE-2026-43060} - nf_tables: nft_dynset: fix possible stateful expression memleak in error path (Pablo Neira Ayuso) [Orabug: 39139839] {CVE-2026-23399} - netfilter: nf_conntrack_h323: fix OOB read in decode_int() CONS case (Jenny Guanni Qu) [Orabug: 39167513] {CVE-2026-23456} - netfilter: nf_conntrack_sip: fix Content-Length u32 truncation in sip_help_tcp() (Lukas Johannes Möller) [Orabug: 39167517] {CVE-2026-23457} - netfilter: ctnetlink: fix use-after-free in ctnetlink_dump_exp_ct() (Hyunwoo Kim) [Orabug: 39167521] {CVE-2026-23458} - netfilter: ctnetlink: remove refcounting in expectation dumpers (Florian Westphal) [Orabug: 38423445] {CVE-2025-39764} - mpls: add missing unregister_netdevice_notifier to mpls_init (Sabrina Dubroca) - net/rose: fix NULL pointer dereference in rose_transmit_link on reconnect (Jiayuan Chen) - bridge: cfm: Fix race condition in peer_mep deletion (Hyunwoo Kim) - Bluetooth: qca: fix ROM version reading on WCN3998 chips (Dmitry Baryshkov) - Bluetooth: L2CAP: Fix use-after-free in l2cap_unregister_user (Shaurya Rane) [Orabug: 39167531] {CVE-2026-23461} - Bluetooth: HIDP: Fix possible UAF (Luiz Augusto von Dentz) [Orabug: 39167533] {CVE-2026-23462} - Bluetooth: MGMT: Fix list corruption and UAF in command complete handlers (Wang Tao) [Orabug: 39322983] {CVE-2026-43059} - Bluetooth: hci_sync: Fix hci_le_create_conn_sync (Michael Grzeschik) - Bluetooth: ISO: Fix defer tests being unstable (Luiz Augusto von Dentz) - Bluetooth: SMP: make SM/PER/KDU/BI-04-C happy (Christian Eggers) - Bluetooth: LE L2CAP: Disconnect if sum of payload sizes exceed SDU (Christian Eggers) - Bluetooth: LE L2CAP: Disconnect if received packet's SDU exceeds IMTU (Christian Eggers) - firmware: arm_scpi: Fix device_node reference leak in probe path (Felix Gu) - firmware: arm_ffa: Remove vm_id argument in ffa_rxtx_unmap() (Levi Yun) - arm64: dts: renesas: r9a09g057: Remove wdt{0,2,3} nodes (Fabrizio Castro) - arm64: dts: renesas: r9a09g057: Add RTC node (Ovidiu Panait) - wifi: cfg80211: cancel pmsr_free_wk in cfg80211_pmsr_wdev_down (Peddolla Harshavardhan Reddy) [Orabug: 39262255] {CVE-2026-31548} - wifi: mac80211: Fix static_branch_dec() underflow for aql_disable. (Kuniyuki Iwashima) [Orabug: 39262266] {CVE-2026-31551} - soc: fsl: cpm1: qmc: Fix error check for devm_ioremap_resource() in qmc_qe_init_resources() (Chen Ni) - soc: fsl: qbman: fix race condition in qman_destroy_fq (Richard Genoud) - cache: ax45mp: Fix device node reference leak in ax45mp_cache_init() (Felix Gu) - cache: starfive: fix device node leak in starlink_cache_init() (Felix Gu) - soc: microchip: mpfs: Fix memory leak in mpfs_sys_controller_probe() (Zilin Guan) - btrfs: tree-checker: fix misleading root drop_level error message (Zhengyuan Huang) - btrfs: log new dentries when logging parent dir of a conflicting inode (Filipe Manana) [Orabug: 39167544] {CVE-2026-23465} - ata: libata-scsi: report correct sense field pointer in ata_scsiop_maint_in() (Damien Le Moal) - ata: libata-scsi: Return residual for emulated SCSI commands (Damien Le Moal) - Bluetooth: L2CAP: Fix accepting multiple L2CAP_ECRED_CONN_REQ (Luiz Augusto von Dentz) [Orabug: 39131104] {CVE-2026-23395} - drm/xe: Open-code GGTT MMIO access protection (Matthew Brost) - drm/xe/oa: Allow reading after disabling OA stream (Ashutosh Dixit) - drm/amdgpu: apply state adjust rules to some additional HAINAN vairants (Alex Deucher) - drm/radeon: apply state adjust rules to some additional HAINAN vairants (Alex Deucher) - drm/imagination: Fix deadlock in soft reset sequence (Alessio Belle) - drm/amdgpu/mmhub4.1.0: add bounds checking for cid (Alex Deucher) - drm/amdgpu/mmhub3.0: add bounds checking for cid (Alex Deucher) - drm/amdgpu/mmhub3.0.2: add bounds checking for cid (Alex Deucher) - drm/amdgpu/mmhub3.0.1: add bounds checking for cid (Alex Deucher) - drm/amdgpu/mmhub2.3: add bounds checking for cid (Alex Deucher) - drm/amdgpu/mmhub2.0: add bounds checking for cid (Alex Deucher) - drm/amdgpu/gmc9.0: add bounds checking for cid (Alex Deucher) - drm/amd/display: Wrap dcn32_override_min_req_memclk() in DC_FP_{START, END} (Xi Ruoyao) - drm: Fix use-after-free on framebuffers and property blobs when calling drm_dev_unplug (Maarten Lankhorst) - io_uring/kbuf: propagate BUF_MORE through early buffer commit path (Jens Axboe) - serial: uartlite: fix PM runtime usage count underflow on probe (Maciej Andrzejewski Iceye) - serial: 8250: Add late synchronize_irq() to shutdown to handle DW UART BUSY (Ilpo Järvinen) - serial: 8250: Fix TX deadlock when using DMA (Raul E Rangel) [Orabug: 39323000] {CVE-2026-43061} - serial: 8250_pci: add support for the AX99100 (Martin Roukala) - iommu/vt-d: Fix intel iommu iotlb sync hardlockup and retry (Guanghui Feng) - mtd: Avoid boot crash in RedBoot partition table parser (Finn Thain) [Orabug: 39167570] {CVE-2026-23474} - mtd: rawnand: cadence: Fix error check for dma_alloc_coherent() in cadence_nand_init() (Chen Ni) - mtd: rawnand: pl353: make sure optimal timings are applied (Olivier Sobrie) - spi: fix statistics allocation (Johan Hovold) [Orabug: 39167574] {CVE-2026-23475} - spi: fix use-after-free on controller registration failure (Johan Hovold) [Orabug: 39167576] {CVE-2026-31389} - pmdomain: bcm: bcm2835-power: Increase ASB control timeout (Maíra Canal) [Orabug: 39262262] {CVE-2026-31550} - mmc: sdhci: fix timing selection for 1-bit bus width (Luke Wang) - mmc: sdhci-pci-gli: fix GL9750 DMA write corruption (Matthew Schwartz) - ata: libata-core: disable LPM on ADATA SU680 SSD (Damien Le Moal) - batman-adv: avoid OGM aggregation when skb tailroom is insufficient (Ao Zhou) [Orabug: 39263396] {CVE-2026-31683} - btrfs: fix transaction abort when snapshotting received subvolumes (Filipe Manana) [Orabug: 39343743] {CVE-2026-43361} - kprobes: Remove unneeded warnings from __arm_kprobe_ftrace() (Masami Hiramatsu) - kprobes: Remove unneeded goto (Masami Hiramatsu) - powerpc64/bpf: fix kfunc call support (Hari Bathini) - powerpc64/bpf: Fold bpf_jit_emit_func_call_hlp() into bpf_jit_emit_func_call_rel() (Naveen N Rao) - s390/zcrypt: Enable AUTOSEL_DOM for CCA serialnr sysfs attribute (Harald Freudenberger) - drm/i915/psr: Write DSC parameters on Selective Update in ET mode (Jouni Högander) - drm/i915/dsc: Add helper for writing DSC Selective Update ET parameters (Jouni Högander) - drm/i915/dsc: Add Selective Update register definitions (Jouni Högander) - ksmbd: use volume UUID in FS_OBJECT_ID_INFORMATION (Namjae Jeon) - ksmbd: unset conn->binding on failed binding request (Namjae Jeon) - smb: client: fix krb5 mount with username option (Paulo Alcantara) [Orabug: 39167586] {CVE-2026-31392} - Bluetooth: L2CAP: Validate L2CAP_INFO_RSP payload length before access (Lukas Johannes Möller) [Orabug: 39167590] {CVE-2026-31393} - Bluetooth: L2CAP: Fix type confusion in l2cap_ecred_reconf_rsp() (Lukas Johannes Möller) [Orabug: 39323031] {CVE-2026-43062} - mac80211: fix crash in ieee80211_chan_bw_change for AP_VLAN stations (Felix Fietkau) [Orabug: 39167595] {CVE-2026-31394} - parisc: Flush correct cache in cacheflush() syscall (Helge Deller) - net: macb: fix use-after-free access to PTP clock (Fedor Pchelkin) [Orabug: 39167599] {CVE-2026-31396} - NFC: nxp-nci: allow GPIOs to sleep (Ian Ray) - LoongArch: Give more information if kmem access failed (Tiezhu Yang) - nvdimm/bus: Fix potential use after free in asynchronous initialization (Ira Weiny) [Orabug: 39167605] {CVE-2026-31399} - sunrpc: fix cache_request leak in cache_release (Jeff Layton) [Orabug: 39167609] {CVE-2026-31400} - HID: bpf: prevent buffer overflow in hid_hw_request (Benjamin Tissoires) - selftests/hid: fix compilation when bpf_wq and hid_device are not exported (Benjamin Tissoires) - NFSD: Hold net reference for the lifetime of /proc/fs/nfs/exports fd (Chuck Lever) [Orabug: 39167619] {CVE-2026-31403} - drm/amdgpu: Add basic validation for RAS header (Lijo Lazar) [Orabug: 38254044] {CVE-2025-38426} - drm/amd/pm: Use pm_display_cfg in legacy DPM (v2) (Timur Kristóf) - drm/amd/display: Add pixel_clock to amd_pp_display_configuration (Timur Kristóf) - drm/i915/psr: Repeat Selective Update area alignment (Jouni Högander) - drm/i915/alpm: ALPM disable fixes (Jouni Högander) - s390/xor: Fix xor_xc_2() inline assembly constraints (Heiko Carstens) - s390/stackleak: Fix __stackleak_poison() inline assembly constraint (Heiko Carstens) - sched/fair: Fix zero_vruntime tracking (Peter Zijlstra) - sched_ext: Remove redundant css_put() in scx_cgroup_init() (Cheng-Yang Chou) [Orabug: 39343945] {CVE-2026-43438} - mm: thp: deny THP for files on anonymous inodes (Deepanshu Kartikey) [Orabug: 39131037] {CVE-2026-23375} - erofs: fix inline data read failure for ztailpacking pclusters (Gao Xiang) [Orabug: 39451908] {CVE-2026-45943} - xfs: get rid of the xchk_xfile_*_descr calls (Darrick J. Wong) [Orabug: 39103135] {CVE-2026-23252} - binfmt_misc: restore write access before closing files opened by open_exec() (Zilin Guan) [Orabug: 38773484] {CVE-2025-68239} - net: dsa: properly keep track of conduit reference (Vladimir Oltean) [Orabug: 38887610] {CVE-2025-71152} - dmaengine: mmp_pdma: Fix race condition in mmp_pdma_residue() (Guodong Xu) - blk-throttle: fix access race during throttle policy activation (Han Guangjiang) [Orabug: 38649132] {CVE-2025-40147} - f2fs: fix to avoid migrating empty section (Chao Yu) - f2fs: compress: fix UAF of f2fs_inode_info in f2fs_free_dic (Zhiguo Niu) - f2fs: compress: change the first parameter of page_array_{alloc,free} to sbi (Zhiguo Niu) - net: stmmac: remove support for lpi_intr_o (Russell King) - mptcp: pm: in-kernel: always set ID as avail when rm endp (Matthieu Baerts) [Orabug: 39331851] {CVE-2026-43252} - platform/x86/amd/pmc: Add support for Van Gogh SoC (Antheas Kapenekakis) [Orabug: 38792613] {CVE-2025-68334} - x86/uprobes: Fix XOL allocation failure for 32-bit tasks (Oleg Nesterov) - io_uring/uring_cmd: fix too strict requirement on ioctl (Asbjoern Sloth Toennesen) - tracing: Add recursion protection in kernel stack trace recording (Steven Rostedt) [Orabug: 38970274] {CVE-2026-23138} - ice: fix devlink reload call trace (Paul Greenwalt) [Orabug: 38931107] {CVE-2026-23104} - btrfs: do not strictly require dirty metadata threshold for metadata writepages (Qu Wenruo) [Orabug: 38970327] {CVE-2026-23157} - rxrpc: Fix recvmsg() unconditional requeue (David Howells) - dm-verity: disable recursive forward error correction (Mikulas Patocka) [Orabug: 38887636] {CVE-2025-71161} - drm/xe/sync: Cleanup partially initialized sync on parse failure (Shuicheng Lin) [Orabug: 39343830] {CVE-2026-43395} - xfs: fix integer overflow in bmap intent sort comparator (Long Li) - crypto: atmel-sha204a - Fix OOM ->tfm_count leak (Thorsten Blum) - cifs: open files should not hold ref on superblock (Shyam Prasad N) - drm/bridge: ti-sn65dsi83: halve horizontal syncs for dual LVDS output (Luca Ceresoli) - ksmbd: Don't log keys in SMB3 signing and encryption key generation (Thorsten Blum) - KVM: x86: Introduce KVM_X86_QUIRK_VMCS12_ALLOW_FREEZE_IN_SMM (Jim Mattson) - KVM: nVMX: Add consistency checks for CR0.WP and CR4.CET (Chao Gao) - fgraph: Fix thresh_return clear per-task notrace (Shengming Hu) - iomap: reject delalloc mappings during writeback (Darrick J. Wong) - sched_ext: Fix starvation of scx_enable() under fair-class saturation (Tejun Heo) [Orabug: 39343824] {CVE-2026-43392} - sched_ext: Disable preemption between scx_claim_exit() and kicking helper work (Tejun Heo) [Orabug: 39386852] {CVE-2026-43482} - nsfs: tighten permission checks for ns iteration ioctls (Christian Brauner) [Orabug: 39343840] {CVE-2026-43403} - mm/kfence: fix KASAN hardware tag faults during late enablement (Alexander Potapenko) - mm/page_alloc: forward the gfp flags from alloc_contig_range() to post_alloc_hook() (David Hildenbrand) - mm/page_alloc: sort out the alloc_contig_range() gfp flags mess (David Hildenbrand) - mm/page_alloc: move set_page_refcounted() to callers of post_alloc_hook() (Matthew Wilcox) - mmc: dw_mmc-rockchip: Fix runtime PM support for internal phase support (Shawn Lin) - mmc: dw_mmc-rockchip: Add memory clock auto-gating support (Shawn Lin) - mmc: dw_mmc-rockchip: use modern PM macros (Jisheng Zhang) - KVM: SVM: Set/clear CR8 write interception when AVIC is (de)activated (Sean Christopherson) [Orabug: 39386854] {CVE-2026-43483} - KVM: SVM: Add a helper to look up the max physical ID for AVIC (Naveen N Rao) - KVM: SVM: Limit AVIC physical max index based on configured max_vcpu_ids (Naveen N Rao) - usb: gadget: f_tcm: Fix NULL pointer dereferences in nexus handling (Jiasheng Jiang) - usb: gadget: f_ncm: Fix net_device lifecycle with device_move (Kuen-Han Tsai) - cleanup: Provide retain_and_null_ptr() (Thomas Gleixner) - can: gs_usb: gs_can_open(): always configure bitrates before starting device (Marc Kleine-Budde) - xfs: Fix error pointer dereference (Ethan Tidmore) - net/sched: act_gate: snapshot parameters with RCU on replace (Paul Moses) [Orabug: 39103117] {CVE-2026-23245} - selftests: mptcp: join: check RM_ADDR not sent over same subflow (Matthieu Baerts) - selftests: mptcp: add a check for 'add_addr_accepted' (Gang Yan) - drm/amd/display: Use GFP_ATOMIC in dc_create_stream_for_sink (Natalie Vock) - mptcp: pm: avoid sending RM_ADDR over same subflow (Matthieu Baerts) - mptcp: pm: in-kernel: always mark signal+subflow endp as used (Matthieu Baerts) [Orabug: 39130868] {CVE-2026-23321} - perf/x86/intel/uncore: Add per-scheduler IMC CAS count events (Zide Chen) - perf/x86/intel/uncore: Support more units on Granite Rapids (Kan Liang) - wifi: libertas: fix use-after-free in lbs_free_adapter() (Daniel Hodges) [Orabug: 39130708] {CVE-2026-23281} - platform/x86: hp-bioscfg: Support allocations of larger data (Mario Limonciello) - x86/sev: Allow IBPB-on-Entry feature for SNP guests (Kim Phillips) - net: phy: register phy led_triggers during probe to avoid AB-BA deadlock (Andrew Lunn) [Orabug: 39131008] {CVE-2026-23368} - gve: fix incorrect buffer cleanup in gve_tx_clean_pending_packets for QPL (Ankit Garg) [Orabug: 39131072] {CVE-2026-23386} - spi: cadence-quadspi: Implement refcount to handle unbind during busy (Khairul Anuar Romli) - ksmbd: call ksmbd_vfs_kern_path_end_removing() on some error paths (Fedor Pchelkin) - smb: client: Compare MACs in constant time (Eric Biggers) - ksmbd: Compare MACs in constant time (Eric Biggers) - net/tcp-md5: Fix MAC comparison to be constant-time (Eric Biggers) [Orabug: 39343805] {CVE-2026-43383} - drm/bridge: ti-sn65dsi86: Add support for DisplayPort mode with HPD (John Ripple) - i3c: mipi-i3c-hci: Add missing TID field to no-op command descriptor (Adrian Hunter) - i3c: mipi-i3c-hci: Restart DMA ring correctly after dequeue abort (Adrian Hunter) - i3c: mipi-i3c-hci: Use ETIMEDOUT instead of ETIME for timeout errors (Adrian Hunter) - iio: proximity: hx9023s: Protect against division by zero in set_samp_freq (Yasin Lee) - iio: imu: inv_icm42600: fix odr switch when turning buffer off (Jean-Baptiste Maneyrol) - iio: imu: inv_icm42600: fix odr switch to the same value (Jean-Baptiste Maneyrol) - iio: gyro: mpu3050-i2c: fix pm_runtime error handling (Antoniu Miclaus) - iio: gyro: mpu3050-core: fix pm_runtime error handling (Antoniu Miclaus) [Orabug: 39343731] {CVE-2026-43357} - iio: buffer: Fix wait_queue not being removed (Nuno Sa) - iio: chemical: bme680: Fix measurement wait duration calculation (Chris Spencer) - iio: potentiometer: mcp4131: fix double application of wiper shift (Lukas Schmid) - iio: chemical: sps30_i2c: fix buffer size in sps30_i2c_read_meas() (Antoniu Miclaus) - iio: chemical: sps30_serial: fix buffer size in sps30_serial_read_meas() (Antoniu Miclaus) - iio: frequency: adf4377: Fix duplicated soft reset mask (Seungju Cheon) - iio: dac: ds4424: reject -128 RAW value (Oleksij Rempel) - btrfs: abort transaction on failure to update root in the received subvol ioctl (Filipe Manana) - btrfs: fix transaction abort on set received ioctl due to item overflow (Filipe Manana) [Orabug: 39343736] {CVE-2026-43359} - btrfs: fix transaction abort on file creation due to name hash collision (Filipe Manana) [Orabug: 39343740] {CVE-2026-43360} - smb: client: fix iface port assignment in parse_server_interfaces (Henrique Carvalho) - smb: client: fix in-place encryption corruption in SMB2_write() (Bharath Sm) [Orabug: 39343749] {CVE-2026-43362} - smb: client: fix atomic open with O_DIRECT & O_SYNC (Paulo Alcantara) - lib/bootconfig: check bounds before writing in __xbc_open_brace() (Josh Law) - lib/bootconfig: fix snprintf truncation check in xbc_node_compose_key_after() (Josh Law) - x86/apic: Disable x2apic on resume if the kernel expects so (Shashank Balaji) [Orabug: 39343755] {CVE-2026-43363} - lib/bootconfig: fix off-by-one in xbc_verify_tree() unclosed brace error (Josh Law) - s390/dasd: Copy detected format information to secondary device (Stefan Haberland) - s390/dasd: Move quiesce state with pprc swap (Stefan Haberland) - xfs: ensure dquot item is deleted from AIL only after log shutdown (Long Li) - xfs: fix undersized l_iclog_roundoff values (Darrick J. Wong) [Orabug: 39343760] {CVE-2026-43365} - xfs: fix returned valued from xfs_defer_can_append (Carlos Maiolino) - cifs: make default value of retrans as zero (Shyam Prasad N) - tracing: Fix trace_buf_size= cmdline parameter with sizes >= 2G (Calvin Owens) - tracing: Fix enabling multiple events on the kernel command line and bootconfig (Andrei-Alexandru Tachici) - drm/msm: Fix dma_free_attrs() buffer size (Thomas Fourier) - drm/i915: Fix potential overflow of shmem scatterlist length (Janusz Krzysztofik) [Orabug: 39343766] {CVE-2026-43368} - drm/bridge: ti-sn65dsi83: fix CHA_DSI_CLK_RANGE rounding (Luca Ceresoli) - drm/amd: Set num IP blocks to 0 if discovery fails (Mario Limonciello) - drm/amdgpu: Fix use-after-free race in VM acquire (Alysa Liu) [Orabug: 39343769] {CVE-2026-43370} - drm/amd/pm: remove invalid gpu_metrics.energy_accumulator on smu v13.0.x (Yang Wang) - net: dsa: microchip: Fix error path in PTP IRQ setup (Bastien Curutchet) - net: ethernet: arc: emac: quiesce interrupts before requesting IRQ (Fan Wu) - net: ncsi: fix skb leak in error paths (Jian Zhang) - net: nexthop: fix percpu use-after-free in remove_nh_grp_entry (Mehul Rao) [Orabug: 39343780] {CVE-2026-43374} - ksmbd: fix use-after-free by using call_rcu() for oplock_info (Namjae Jeon) - smb: server: fix use-after-free in smb2_open() (Marios Makassikis) - ksmbd: fix use-after-free in smb_lazy_parent_lease_break_close() (Namjae Jeon) - drm/amd/display: Fallback to boot snapshot for dispclk (Dillon Varone) - ata: libata-core: Disable LPM on ST1000DM010-2EP102 (Maximilian Pezzullo) [Orabug: 39386866] {CVE-2026-43487} - pmdomain: bcm: bcm2835-power: Fix broken reset status read (Maíra Canal) - parisc: Check kernel mapping earlier at bootup (Helge Deller) - parisc: Fix initial page table creation for boot (Helge Deller) - hwmon: (pmbus/q54sj108a2) fix stack overflow in debugfs read (Sanman Pradhan) - arm64: mm: Add PTE_DIRTY back to PAGE_KERNEL* to fix kexec/hibernation (Catalin Marinas) - nouveau/dpcd: return EBUSY for aux xfer if the device is asleep (Dave Airlie) [Orabug: 39343796] {CVE-2026-43381} - parisc: Increase initial mapping to 64 MB with KALLSYMS (Helge Deller) - batman-adv: Avoid double-rtnl_lock ELP metric worker (Sven Eckelmann) [Orabug: 39343801] {CVE-2026-43382} - net/tcp-ao: Fix MAC comparison to be constant-time (Eric Biggers) - tracing: Fix syscall events activation by ensuring refcount hits zero (Huiwen He) - ice: fix retry for AQ command 0x06EE (Jakub Staniszewski) - net: mana: Ring doorbell at 4 CQ wraparounds (Long Li) - media: dvb-net: fix OOB access in ULE extension header tables (Ariel Silver) [Orabug: 39171441] {CVE-2026-31405} - staging: rtl8723bs: fix potential out-of-bounds read in rtw_restruct_wmm_ie (Luka Gejak) - staging: rtl8723bs: properly validate the data in rtw_get_ie_ex() (Greg Kroah-Hartman) - ixgbevf: fix link setup issue (Jedrzej Jagielski) - ice: reintroduce retry mechanism for indirect AQ (Jakub Staniszewski) - btrfs: fix chunk map leak in btrfs_map_block() after btrfs_chunk_map_num_copies() (Mark Harmstone) [Orabug: 39343826] {CVE-2026-43393} - irqchip/gic-v3-its: Limit number of per-device MSIs to the range the ITS supports (Marc Zyngier) - device property: Allow secondary lookup in fwnode_get_next_child_node() (Andy Shevchenko) - nfsd: Fix cred ref leak in nfsd_nl_listener_set_doit(). (Kuniyuki Iwashima) [Orabug: 39343828] {CVE-2026-43394} - s390/pfault: Fix virtual vs physical address confusion (Alexander Gordeev) - drm/bridge: ti-sn65dsi86: Enable HPD polling if IRQ is not used (Franz Schnyder) - drm/bridge: samsung-dsim: Fix memory leak in error path (Osama Abdelkader) [Orabug: 39343833] {CVE-2026-43397} - drm/amd: Disable MES LR compute W/A (Mario Limonciello) - Revert "tcpm: allow looking for role_sw device in the main node" (Xu Yang) - Fix CC_HAS_ASM_GOTO_OUTPUT on non-x86 architectures (Linus Torvalds) - kbuild: Disable CC_HAS_ASM_GOTO_OUTPUT on clang < 17 (Thomas Gleixner) - scsi: hisi_sas: Fix NULL pointer exception during user_scan() (Xingui Yang) [Orabug: 39343866] {CVE-2026-43413} - scsi: hisi_sas: Use macro instead of magic number (Yihang Li) - scsi: hisi_sas: Add time interval between two H2D FIS following soft reset spec (Xingui Yang) - scsi: ufs: core: Fix SError in ufshcd_rtc_work() during UFS suspend (Wangshuaiwei) [Orabug: 39343873] {CVE-2026-43415} - i3c: dw-i3c-master: Set SIR_REJECT in DAT on device attach and reattach (Adrian Ng Ho Yin) - time/jiffies: Mark jiffies_64_to_clock_t() notrace (Steven Rostedt) - ceph: fix memory leaks in ceph_mdsc_build_path() (Max Kellermann) [Orabug: 39343881] {CVE-2026-43419} - ceph: fix i_nlink underrun during async unlink (Max Kellermann) [Orabug: 39343883] {CVE-2026-43420} - libceph: admit message frames only in CEPH_CON_S_OPEN state (Ilya Dryomov) - libceph: Use u32 for non-negative values in ceph_monmap_decode() (Raphael Zimmer) [Orabug: 39343843] {CVE-2026-43405} - libceph: prevent potential out-of-bounds reads in process_message_header() (Ilya Dryomov) [Orabug: 39343846] {CVE-2026-43406} - libceph: reject preamble if control segment is empty (Ilya Dryomov) - libceph: Fix potential out-of-bounds access in ceph_handle_auth_reply() (Raphael Zimmer) [Orabug: 39343849] {CVE-2026-43407} - ceph: add a bunch of missing ceph_path_info initializers (Max Kellermann) [Orabug: 39343853] {CVE-2026-43408} - kprobes: avoid crash when rmmod/insmod after ftrace killed (Masami Hiramatsu) [Orabug: 39343855] {CVE-2026-43409} - tipc: fix divide-by-zero in tipc_sk_filter_connect() (Mehul Rao) [Orabug: 39343860] {CVE-2026-43411} - ASoC: qcom: qdsp6: Fix q6apm remove ordering during ADSP stop and start (Ravi Hothi) - mmc: core: Avoid bitfield RMW for claim/retune flags (Penghe Geng) [Orabug: 39386858] {CVE-2026-43484} - mm/kfence: disable KFENCE upon KASAN HW tags enablement (Alexander Potapenko) - mmc: mmci: Fix device_node reference leak in of_get_dml_pipe_index() (Felix Gu) - mm/tracing: rss_stat: ensure curr is false from kthread context (Kalesh Singh) - rust: kbuild: allow unused_features (Miguel Ojeda) - usb: image: mdc800: kill download URB on timeout (Ziyi Guo) [Orabug: 39343896] {CVE-2026-43425} - usb: mdc800: handle signal and read racing (Oliver Neukum) - usb: renesas_usbhs: fix use-after-free in ISR during device removal (Fan Wu) - usb: class: cdc-wdm: fix reordering issue in read code path (Oliver Neukum) [Orabug: 39343905] {CVE-2026-43427} - USB: core: Limit the length of unkillable synchronous timeouts (Alan Stern) [Orabug: 39343910] {CVE-2026-43428} - USB: usbtmc: Use usb_bulk_msg_killable() with user-specified timeouts (Alan Stern) [Orabug: 39343916] {CVE-2026-43429} - USB: usbcore: Introduce usb_bulk_msg_killable() (Alan Stern) - usb: typec: altmode/displayport: set displayport signaling rate in configure message (Rd Babiera) - usb: roles: get usb role switch from parent only for usb-b-connector (Xu Yang) - usb: cdc-acm: Restore CAP_BRK functionnality to CH343 (Marc Zyngier) - usb: core: don't power off roothub PHYs if phy_set_mode() fails (Gabor Juhos) - usb: misc: uss720: properly clean up reference in uss720_probe() (Greg Kroah-Hartman) - usb: dwc3: pci: add support for the Intel Nova Lake -H (Krogerus Heikki) - usb: yurex: fix race in probe (Oliver Neukum) [Orabug: 39343920] {CVE-2026-43430} - usb: xhci: Prevent interrupt storm on host controller error (HCE) (Dayu Jiang) [Orabug: 39386868] {CVE-2026-43488} - usb: xhci: Fix memory leak in xhci_disable_slot() (Zilin Guan) [Orabug: 39343929] {CVE-2026-43432} - USB: ezcap401 needs USB_QUIRK_NO_BOS to function on 10gbs usb speed (Vyacheslav Vahnenko) - usb/core/quirks: Add Huawei ME906S-device to wakeup quirk (Christoffer Sandberg) - USB: add QUIRK_NO_BOS for video capture several devices (A1Rm4X) - KVM: SVM: Initialize AVIC VMCB fields if AVIC is enabled with in-kernel APIC (Sean Christopherson) - ASoC: amd: yc: Add DMI quirk for ASUS EXPERTBOOK PM1503CDA (Zhang Heng) - ata: libata-core: Add BRIDGE_OK quirk for QEMU drives (Pedro Falcato) - net: usb: lan78xx: skip LTM configuration for LAN7850 (Oleksij Rempel) - net: usb: lan78xx: fix TX byte statistics for small packets (Oleksij Rempel) - net: usb: lan78xx: fix silent drop of packets with checksum errors (Oleksij Rempel) - ALSA: usb-audio: Check endpoint numbers at parsing Scarlett2 mixer interfaces (Takashi Iwai) [Orabug: 39343938] {CVE-2026-43436} - ALSA: pcm: fix use-after-free on linked stream runtime in snd_pcm_drain() (Mehul Rao) [Orabug: 39343941] {CVE-2026-43437} - cgroup: fix race between task migration and iteration (Qingye Zhao) [Orabug: 39343947] {CVE-2026-43439} - usb: gadget: f_mass_storage: Fix potential integer overflow in check_command_size_in_blocks() (Seungjin Bae) - iio: imu: inv-mpu9150: fix irq ack preventing irq storms (Andreas Kemnade) - net: prevent NULL deref in ip[6]tunnel_xmit() (Eric Dumazet) - octeontx2-af: devlink: fix NIX RAS reporter to use RAS interrupt status (Alok Tiwari) - octeontx2-af: devlink: fix NIX RAS reporter recovery condition (Alok Tiwari) - net: dsa: realtek: Fix LED group port bit for non-zero LED group (Marek Behún) - net: bonding: Fix nd_tbl NULL dereference when IPv6 is disabled (Ricardo B. Marlière) [Orabug: 39343952] {CVE-2026-43441} - drm/amdkfd: Unreserve bo if queue update failed (Philip Yang) [Orabug: 39343958] {CVE-2026-43444} - ASoC: detect empty DMI strings (Casey Connolly) - ASoC: amd: acp3x-rt5682-max9836: Add missing error check for clock acquisition (Chen Ni) - ACPI: OSL: fix __iomem type on return from acpi_os_map_generic_address() (Ben Dooks) - net: bcmgenet: fix broken EEE by converting to phylib-managed state (Nicolai Buchwitz) - e1000/e1000e: Fix leak in DMA error cleanup (Matt Vollrath) [Orabug: 39343960] {CVE-2026-43445} - i40e: fix src IP mask checks and memcpy argument names in cloud filter (Alok Tiwari) - nvme-pci: Fix race bug in nvme_poll_irqdisable() (Sungwoo Kim) [Orabug: 39343966] {CVE-2026-43448} - nvme-pci: Fix slab-out-of-bounds in nvme_dbbuf_set (Sungwoo Kim) [Orabug: 39343971] {CVE-2026-43449} - perf ftrace: Fix hashmap__new() error checking (Chen Ni) - regulator: pca9450: Correct interrupt type (Peng Fan) - perf annotate: Fix hashmap__new() error checking (Chen Ni) - netfilter: xt_IDLETIMER: reject rev0 reuse of ALARM timer labels (Yuan Tan) [Orabug: 39110655] {CVE-2026-23274} - netfilter: nfnetlink_cthelper: fix OOB read in nfnl_cthelper_dump_table() (Hyunwoo Kim) [Orabug: 39343975] {CVE-2026-43450} - netfilter: nfnetlink_queue: fix entry leak in bridge verdict error path (Hyunwoo Kim) [Orabug: 39343979] {CVE-2026-43451} - netfilter: x_tables: guard option walkers against 1-byte tail reads (David Dull) [Orabug: 39343983] {CVE-2026-43452} - netfilter: nft_set_pipapo: fix stack out-of-bounds read in pipapo_drop() (Jenny Guanni Qu) [Orabug: 39343987] {CVE-2026-43453} - net: add xmit recursion limit to tunnel xmit functions (Weiming Shi) [Orabug: 39110659] {CVE-2026-23276} - xdp: register system page pool as an XDP memory model (Toke Høiland-Jørgensen) - xdp: allow attaching already registered memory model to xdp_rxq_info (Alexander Lobakin) - amd-xgbe: prevent CRC errors during RX adaptation with AN disabled (Raju Rangoju) - amd-xgbe: fix link status handling in xgbe_rx_adaptation (Raju Rangoju) - mctp: route: hold key->lock in mctp_flow_prepare_output() (Chengfeng Ye) - bonding: fix type confusion in bond_setup_by_slave() (Jiayuan Chen) [Orabug: 39343993] {CVE-2026-43456} - bonding: use common function to compute the features (Hangbin Liu) - net: add a common function to compute features for upper devices (Hangbin Liu) - bonding: Correctly support GSO ESP offload (Cosmin Ratiu) - bonding: add ESP offload features when slaves support (Jianbo Liu) - can: hi311x: hi3110_open(): add check for hi3110_power_enable() return value (Wenyuan Li) - mctp: i2c: fix skb memory leak in receive path (Haiyue Wang) - bnxt_en: Fix RSS table size check when changing ethtool channels (Pavan Chebbi) - serial: caif: hold tty->link reference in ldisc_open and ser_release (Shuangpeng Bai) - net: sfp: improve Huawei MA5671a fixup (Álvaro Fernández Rojas) - ASoC: simple-card-utils: fix graph_util_is_ports0() for DT overlays (Sen Wang) - ASoC: simple-card-utils: use __free(device_node) for device node (Kuninori Morimoto) - ASoC: soc-core: flush delayed work before removing DAIs and widgets (Matteo Cotifava) [Orabug: 39344003] {CVE-2026-43459} - ASoC: soc-core: drop delayed_work_pending() check before flush (Matteo Cotifava) - drm/sitronix/st7586: fix bad pixel data due to byte swap (David Lechner) - net/sched: teql: fix NULL pointer dereference in iptunnel_xmit on TEQL slave xmit (Weiming Shi) [Orabug: 39110665] {CVE-2026-23277} - net/mlx5e: Fix DMA FIFO desync on error CQE SQ recovery (Gal Pressman) [Orabug: 39344016] {CVE-2026-43466} - net/mlx5: Fix deadlock between devlink lock and esw->wq (Cosmin Ratiu) [Orabug: 39344022] {CVE-2026-43468} - net/mlx5: Query to see if host PF is disabled (Daniel Jurgens) - net/mlx5: IFC updates for disabled host PF (Daniel Jurgens) - bonding: handle BOND_LINK_FAIL, BOND_LINK_BACK as valid link states (Hangbin Liu) - drm/amd/pm: add missing od setting PP_OD_FEATURE_ZERO_FAN_BIT for smu v14 (Yang Wang) - drm/msm/dsi: fix pclk rate calculation for bonded dsi (Pengyu Luo) - net: dsa: realtek: rtl8365mb: remove ifOutDiscards from rx_packets (Mieczyslaw Nalewaj) - perf disasm: Fix off-by-one bug in outside check (Peter Collingbourne) - workqueue: Use POOL_BH instead of WQ_BH when checking pool flags (Breno Leitao) - btrfs: hold space_info->lock when clearing periodic reclaim ready (Sun Yangkai) - xprtrdma: Decrement re_receiving on the early exit paths (Eric Badger) [Orabug: 39344025] {CVE-2026-43469} - drm/msm/dsi: fix hdisplay calculation when programming dsi registers (Pengyu Luo) - nfs: return EISDIR on nfs3_proc_create if d_alias is a dir (Roberto Bergantinos Corpas) [Orabug: 39344029] {CVE-2026-43470} - smb/server: Fix another refcount leak in smb2_open() (Guenter Roeck) - powerpc: 83xx: km83xx: Fix keymile vendor prefix (Jonathan Neuschäfer) - remoteproc: sysmon: Correct subsys_name_len type in QMI request (Bjorn Andersson) - powerpc/crash: adjust the elfcorehdr size (Sourabh Jain) - powerpc/kexec/core: use big-endian types for crash variables (Sourabh Jain) - kexec: Include kernel-end even without crashkernel (Ben Collins) - kexec: Consolidate machine_kexec_mask_interrupts() implementation (Eliav Farber) - powerpc/uaccess: Fix inline assembly for clang build on PPC32 (Christophe Leroy) - ALSA: usb-audio: Check max frame size for implicit feedback mode, too (Takashi Iwai) - drm/amdgpu/vcn5: Add SMU dpm interface type (Sguttula) - ALSA: usb-audio: Avoid implicit feedback mode on DIYINHK USB Audio 2.0 (Takashi Iwai) - scsi: ufs: core: Fix shift out of bounds when MAXQ=32 (Wangshuaiwei) - scsi: ufs: core: Fix possible NULL pointer dereference in ufshcd_add_command_trace() (Peter Wang) [Orabug: 39344031] {CVE-2026-43471} - ASoC: cs42l43: Report insert for exotic peripherals (Charles Keepax) - ASoC: amd: yc: Add ASUS EXPERTBOOK BM1503CDA to quirk table (Azamat Almazbek Uulu) - scsi: ses: Fix devices attaching to different hosts (Tomas Henzl) - ACPI: OSI: Add DMI quirk for Acer Aspire One D255 (Sofia Schneider) - wifi: mac80211: set default WMM parameters on all links (Ramanathan Choodamani) - unshare: fix unshare_fs() handling (Al Viro) [Orabug: 39344033] {CVE-2026-43472} - ALSA: hda/realtek: Fix speaker pop on Star Labs StarFighter (Sean Rhodes) - scsi: mpi3mr: Add NULL checks when resetting request and reply queues (Ranjan Kumar) [Orabug: 39344037] {CVE-2026-43473} - ACPI: PM: Save NVS memory on Lenovo G70-35 (Piotr Mazek) - scsi: storvsc: Fix scheduling while atomic on PREEMPT_RT (Jan Kiszka) [Orabug: 39344042] {CVE-2026-43475} - LTS version: v6.12.77 (Sherry Yang) - ata: libata-eh: Fix detection of deferred qc timeouts (Guenter Roeck) - ata: libata: cancel pending work after clearing deferred_qc (Niklas Cassel) - ata: libata-eh: correctly handle deferred qc timeouts (Damien Le Moal) - ata: libata-core: fix cancellation of a port deferred qc work (Damien Le Moal) - ext4: fix potential null deref in ext4_mb_init() (Baokun Li) - apparmor: fix race between freeing data and fs accessing it (John Johansen) - apparmor: fix race on rawdata dereference (John Johansen) - apparmor: fix differential encoding verification (John Johansen) - apparmor: fix unprivileged local user can do privileged policy management (John Johansen) - apparmor: Fix double free of ns_name in aa_replace_profiles() (John Johansen) - apparmor: fix missing bounds check on DEFAULT table in verify_dfa() (Massimiliano Pellizzer) - apparmor: fix side-effect bug in match_char() macro usage (Massimiliano Pellizzer) - apparmor: fix: limit the number of levels of policy namespaces (John Johansen) - apparmor: replace recursive profile removal with iterative approach (Massimiliano Pellizzer) - apparmor: fix memory leak in verify_header (Massimiliano Pellizzer) - apparmor: validate DFA start states are in bounds in unpack_pdb (Massimiliano Pellizzer) - selftest/arm64: Fix sve2p1_sigill() to hwcap test (Yifan Wu) - xdp: produce a warning when calculated tailroom is negative (Larysa Zaremba) [Orabug: 39130928] {CVE-2026-23343} - i40e: use xdp.frame_sz as XDP RxQ info frag_size (Larysa Zaremba) - i40e: fix registering XDP RxQ info (Larysa Zaremba) - xsk: introduce helper to determine rxq->frag_size (Larysa Zaremba) - xdp: use modulo operation to calculate XDP frag tailroom (Larysa Zaremba) - net/sched: act_ife: Fix metalist update behavior (Jamal Hadi Salim) - net: ipv6: fix panic when IPv4 route references loopback IPv6 nexthop (Jiayuan Chen) [Orabug: 39130788] {CVE-2026-23300} - net: vxlan: fix nd_tbl NULL dereference when IPv6 is disabled (Fernando Fernandez Mancera) [Orabug: 39130766] {CVE-2026-23293} - selftests/harness: order TEST_F and XFAIL_ADD constructors (Sun Jian) - kselftest/harness: Use helper to avoid zero-size memset warning (Wake Liu) - net: ethernet: mtk_eth_soc: Reset prog ptr to old_prog in case of error in mtk_xdp_setup() (Lorenzo Bianconi) - netfilter: nft_set_pipapo: split gc into unlink and reclaim phase (Florian Westphal) [Orabug: 39130948] {CVE-2026-23351} - net: stmmac: Fix error handling in VLAN add and delete paths (Ovidiu Panait) - nfc: rawsock: cancel tx_work before socket teardown (Jakub Kicinski) - nfc: nci: clear NCI_DATA_EXCHANGE before calling completion callback (Jakub Kicinski) - nfc: nci: free skb on nci_transceive early error paths (Jakub Kicinski) - net_sched: sch_fq: clear q->band_pkt_count[] in fq_reset() (Eric Dumazet) - net: nfc: nci: Fix zero-length proprietary notifications (Ian Ray) - net: sched: avoid qdisc_reset_all_tx_gt() vs dequeue race for lockless qdiscs (Koichiro Den) [Orabug: 39130922] {CVE-2026-23340} - hwmon: (max6639) fix inverted polarity (Olivier Sobrie) - hwmon: (max6639) : Configure based on DT property (Naresh Solanki) - nvme: fix memory allocation in nvme_pr_read_keys() (Sungwoo Kim) [Orabug: 39103115] {CVE-2026-23244} - nvme: reject invalid pr_read_keys() num_keys values (Stefan Hajnoczi) - drm/xe/reg_sr: Fix leak on xa_store failure (Shuicheng Lin) - i2c: i801: Revert "i2c: i801: replace acpi_lock with I2C bus lock" (Charles Haithcock) [Orabug: 39131012] {CVE-2026-23369} - drm/sched: Fix kernel-doc warning for drm_sched_job_done() (Kernel Test Robot) - amd-xgbe: fix sleep while atomic on suspend/resume (Raju Rangoju) - net: ipv4: fix ARM64 alignment fault in multipath hash seed (Yung Chih Su) [Orabug: 39130846] {CVE-2026-23316} - ipv6: fix NULL pointer deref in ip6_rt_get_dev_rcu() (Jakub Kicinski) [Orabug: 39130806] {CVE-2026-23304} - smb/client: fix buffer size for smb311_posix_qinfo in SMB311_posix_query_info() (Zhangguodong) - smb/client: fix buffer size for smb311_posix_qinfo in smb2_compound_op() (Zhangguodong) - bpf: Fix a UAF issue in bpf_trampoline_link_cgroup_shim (Lang Xu) [Orabug: 39130859] {CVE-2026-23319} - iavf: fix netdev->max_mtu to respect actual hardware limit (Kohei Enju) - xen/acpi-processor: fix _CST detection using undersized evaluation buffer (David Thomson) - indirect_call_wrapper: do not reevaluate function pointer (Eric Dumazet) - wifi: mt76: Fix possible oob access in mt76_connac2_mac_write_txwi_80211() (Lorenzo Bianconi) [Orabug: 39130843] {CVE-2026-23315} - wifi: mt76: mt7925: Fix possible oob access in mt7925_mac_write_txwi_80211() (Lorenzo Bianconi) - wifi: mt76: mt7996: Fix possible oob access in mt7996_mac_write_txwi_80211() (Lorenzo Bianconi) - wifi: wlcore: Fix a locking bug (Bart Van Assche) [Orabug: 39167424] {CVE-2026-23420} - wifi: cw1200: Fix locking in error paths (Bart Van Assche) - octeon_ep_vf: avoid compiler and IQ/OQ reordering (Vimlesh Kumar) - octeon_ep_vf: Relocate counter updates before NAPI (Vimlesh Kumar) - octeon_ep: avoid compiler and IQ/OQ reordering (Vimlesh Kumar) - octeon_ep: Relocate counter updates before NAPI (Vimlesh Kumar) - bpf/bonding: reject vlan+srcmac xmit_hash_policy change when XDP is loaded (Jiayuan Chen) [Orabug: 39130827] {CVE-2026-23310} - net: dsa: realtek: rtl8365mb: fix rtl8365mb_phy_ocp_write return value (Mieczyslaw Nalewaj) - kunit: tool: copy caller args in run_kernel to prevent mutation (Shuvam Pandey) - rust: kunit: fix warning when !CONFIG_PRINTK (Alexandre Courbot) - drm/xe: Do not preempt fence signaling CS instructions (Matthew Brost) - wifi: rsi: Don't default to -EOPNOTSUPP in rsi_mac80211_config (Sebastian Krzyszkowiak) {CVE-2026-23373} - can: mcp251x: fix deadlock in error path of mcp251x_open (Alban Bedel) [Orabug: 39130970] {CVE-2026-23357} - can: bcm: fix locking for bcm_op runtime updates (Oliver Hartkopp) [Orabug: 39131186] {CVE-2026-23362} - amd-xgbe: fix MAC_TCR_SS register width for 2.5G and 10M speeds (Raju Rangoju) - net: ti: icssg-prueth: Fix ping failure after offload mode setup when link speed is not 1G (Md Danish Anwar) - atm: lec: fix null-ptr-deref in lec_arp_clear_vccs (Jiayuan Chen) [Orabug: 39130725] {CVE-2026-23286} - xsk: Fix zero-copy AF_XDP fragment drop (Nikhil P. Rao) - xsk: Fix fragment node deletion to prevent buffer leak (Nikhil P. Rao) - xsk: s/free_list_node/list_node/ (Maciej Fijalkowski) - xsk: Get rid of xdp_buff_xsk::xskb_list_node (Maciej Fijalkowski) - net: ethernet: ti: am65-cpsw-nuss/cpsw-ale: Fix multicast entry handling in ALE table (Chintan Vankar) - drm/solomon: Fix page start when updating rectangle in page addressing mode (Francesco Lavra) - e1000e: clear DPG_EN after reset to avoid autonomous power-gating (Vitaly Lifshits) - i40e: Fix preempt count leak in napi poll tracepoint (Thomas Gleixner) [Orabug: 39130838] {CVE-2026-23313} - idpf: change IRQ naming to match netdev and ethtool queue numbering (Brian Vazquez) - hwmon: (it87) Check the it87_lock() return value (Bart Van Assche) - pinctrl: cirrus: cs42l43: Fix double-put in cs42l43_pin_probe() (Felix Gu) - HID: multitouch: new class MT_CLS_EGALAX_P80H84 (Ian Ray) - HID: multitouch: add quirks for Lenovo Yoga Book 9i (Brian Howard) - platform/x86: thinkpad_acpi: Fix errors reading battery thresholds (Jonathan Teh) - pinctrl: equilibrium: fix warning trace on load (Florian Eckert) - pinctrl: equilibrium: rename irq_chip function callbacks (Florian Eckert) - hwmon: (aht10) Fix initialization commands for AHT20 (Hao Yu) - hwmon: (aht10) Add support for dht20 (Akhilesh Patil) - nvme: fix admin queue leak on controller reset (Ming Lei) [Orabug: 39131191] {CVE-2026-23360} - ACPI: APEI: GHES: Disable KASAN instrumentation when compile testing with clang < 18 (Nathan Chancellor) - btrfs: always fallback to buffered write if the inode requires checksum (Qu Wenruo) - net: stmmac: dwmac-loongson: Set clk_csr_i to 100-150MHz (Huacai Chen) - ARM: clean up the memset64() C wrapper (Thomas Weißschuh) - xattr: switch to CLASS(fd) (Al Viro) [Orabug: 39073878] {CVE-2024-14027} - selftests: mptcp: join: check removing signal+subflow endp (Matthieu Baerts) - selftests: mptcp: more stable simult_flows tests (Paolo Abeni) - smb: client: Don't log plaintext credentials in cifs_set_cifscreds (Thorsten Blum) {CVE-2026-23303} - smb: client: fix broken multichannel with krb5+signing (Paulo Alcantara) - smb: client: fix cifs_pick_channel when channels are equally loaded (Henrique Carvalho) - drbd: fix null-pointer dereference on local read error (Christoph Böhmwalder) [Orabug: 39130720] {CVE-2026-23285} - drbd: fix "LOGIC BUG" in drbd_al_begin_io_nonblock() (Lars Ellenberg) [Orabug: 39130964] {CVE-2026-23356} - Squashfs: check metadata block offset is within range (Phillip Lougher) [Orabug: 39131078] {CVE-2026-23388} - scsi: target: Fix recursive locking in __configfs_open_file() (Prithvi Tambewagh) [Orabug: 39130762] {CVE-2026-23292} - tracing: Fix WARN_ON in tracing_buffers_mmap_close (Qing Wang) [Orabug: 39131052] {CVE-2026-23380} - nfsd: Fix cred ref leak in nfsd_nl_threads_set_doit(). (Kuniyuki Iwashima) [Orabug: 39130777] {CVE-2026-23297} - net/sched: ets: fix divide by zero in the offload path (Davide Caratti) [Orabug: 39131048] {CVE-2026-23379} - RDMA/irdma: Fix kernel stack leak in irdma_create_user_ah() (Jason Gunthorpe) [Orabug: 39130901] {CVE-2026-23335} - IB/mthca: Add missed mthca_unmap_user_db() for mthca_create_srq() (Jason Gunthorpe) [Orabug: 39130741] {CVE-2026-23289} - wifi: mac80211: fix NULL pointer dereference in mesh_rx_csa_frame() (Vahagn Vardanian) [Orabug: 39130699] {CVE-2026-23279} - wifi: mac80211: bounds-check link_id in ieee80211_ml_reconfiguration (Ariel Silver) [Orabug: 39103120] {CVE-2026-23246} - wifi: cfg80211: cancel rfkill_block work in wiphy_unregister() (Daniil Dulov) [Orabug: 39130904] {CVE-2026-23336} - wifi: radiotap: reject radiotap with unknown bits (Johannes Berg) [Orabug: 39131004] {CVE-2026-23367} - ALSA: usb-audio: Use correct version for UAC3 header validation (Jun Seo) [Orabug: 39130853] {CVE-2026-23318} - platform/x86: dell-wmi: Add audio/mic mute key codes (Kurt Borja) - platform/x86: dell-wmi-sysman: Don't hex dump plaintext password data (Thorsten Blum) {CVE-2026-23370} - x86/efi: defer freeing of boot services memory (Mike Rapoport) [Orabug: 39130952] {CVE-2026-23352} - HID: Add HID_CLAIMED_INPUT guards in raw_event callbacks missing them (Greg Kroah-Hartman) [Orabug: 39131060] {CVE-2026-23382} - can: usb: f81604: handle bulk write errors properly (Greg Kroah-Hartman) - can: usb: f81604: handle short interrupt urb messages properly (Greg Kroah-Hartman) - can: usb: etas_es58x: correctly anchor the urb in the read bulk callback (Greg Kroah-Hartman) - can: ucan: Fix infinite loop from zero-length messages (Greg Kroah-Hartman) - can: usb: f81604: correctly anchor the urb in the read bulk callback (Greg Kroah-Hartman) - can: ems_usb: ems_usb_read_bulk_callback(): check the proper length of a message (Greg Kroah-Hartman) [Orabug: 39130814] {CVE-2026-23307} - net: usb: pegasus: validate USB endpoints (Greg Kroah-Hartman) [Orabug: 39130748] {CVE-2026-23290} - net: usb: kalmia: validate USB endpoints (Greg Kroah-Hartman) [Orabug: 39130996] {CVE-2026-23365} - net: usb: kaweth: validate USB endpoints (Greg Kroah-Hartman) [Orabug: 39130831] {CVE-2026-23312} - nfc: pn533: properly drop the usb interface reference on disconnect (Greg Kroah-Hartman) - media: dvb-core: fix wrong reinitialization of ringbuffer on reopen (Jens Axboe) [Orabug: 39103137] {CVE-2026-23253} - namespace: fix proc mount iteration (Christian Brauner) - eventpoll: Fix integer overflow in ep_loop_check_proc() (Jann Horn) - net: arcnet: com20020-pci: fix support for 2.5Mbit cards (Ethan Nelson-Moore) - ALSA: hda/conexant: Fix headphone jack handling on Acer Swift SF314 (Takashi Iwai) - ALSA: hda/realtek: Add quirk for Samsung Galaxy Book3 Pro 360 (NP965QFG) (Lewis Mason) - ALSA: hda/realtek: Add quirk for Gigabyte G5 KF5 (2023) (Eric Naim) - LoongArch: Remove some extern variables in source files (Tiezhu Yang) - LoongArch: Handle percpu handler address for ORC unwinder (Tiezhu Yang) - LoongArch: Remove unnecessary checks for ORC unwinder (Tiezhu Yang) - LoongArch/orc: Use RCU in all users of __module_address(). (Sebastian Andrzej Siewior) - ksmbd: add chann_lock to protect ksmbd_chann_list xarray (Namjae Jeon) - ksmbd: check return value of xa_store() in krb5_authenticate (Namjae Jeon) - hwmon: (max16065) Use READ/WRITE_ONCE to avoid compiler optimization induced race (Gui-Dong Han) - ALSA: hda/conexant: Add quirk for HP ZBook Studio G4 (Takashi Iwai) - drm/amd: Fix hang on amdgpu unload by using pci_dev_is_disconnected() (Mario Limonciello) - usb: cdns3: fix role switching during resume (Thomas Richard) - usb: cdns3: call cdns_power_is_lost() only once in cdns_resume() (Théo Lebrun) - usb: cdns3: remove redundant if branch (Hongyu Xie) - btrfs: zoned: fixup last alloc pointer after extent removal for RAID0/10 (Naohiro Aota) - btrfs: define the AUTO_KFREE/AUTO_KVFREE helper macros (Miquel Sabaté Solà) - btrfs: zoned: fix stripe width calculation (Naohiro Aota) - btrfs: zoned: fixup last alloc pointer after extent removal for DUP (Naohiro Aota) - btrfs: zoned: fixup last alloc pointer after extent removal for RAID1 (Naohiro Aota) - btrfs: zoned: fix alloc_offset calculation for partly conventional block groups (Johannes Thumshirn) - btrfs: fix periodic reclaim condition (Sun Yangkai) - btrfs: fix reclaimed bytes accounting after automatic block group reclaim (Filipe Manana) - btrfs: get used bytes while holding lock at btrfs_reclaim_bgs_work() (Filipe Manana) - btrfs: drop unused parameter fs_info from do_reclaim_sweep() (David Sterba) - uprobes: Fix incorrect lockdep condition in filter_chain() (Breno Leitao) - uprobes: switch to RCU Tasks Trace flavor for better performance (Andrii Nakryiko) - drm/exynos: vidi: use ctx->lock to protect struct vidi_context member variables related to memory alloc/free (Jeongjun Park) - drm/exynos/vidi: Remove redundant error handling in vidi_get_modes() (Xu Wang) - drm/exynos: vidi: fix to avoid directly dereferencing user pointer (Jeongjun Park) - ima: kexec: define functions to copy IMA log at soft boot (Steven Chen) - kexec: define functions to map and unmap segments (Steven Chen) - ima: define and call ima_alloc_kexec_file_buf() (Steven Chen) - ima: rename variable the seq_file "file" to "ima_kexec_file" (Steven Chen) - ima: kexec: silence RCU list traversal warning (Breno Leitao) - clk: tegra: tegra124-emc: fix device leak on set_rate() (Johan Hovold) - arm64: dts: rockchip: Fix rk3588 PCIe range mappings (Shawn Lin) - arm64: dts: rockchip: Fix rk356x PCIe range mappings (Shawn Lin) - iommu/vt-d: Skip dev-iotlb flush for inaccessible PCIe device without scalable mode (Jinhui Guo) [Orabug: 39331474] {CVE-2026-43161} - Input: synaptics_i2c - guard polling restart in resume (Minseong Kim) - Input: synaptics_i2c - replace use of system_wq with system_dfl_wq (Marco Crivellari) - workqueue: Add system_percpu_wq and system_dfl_wq (Marco Crivellari) - ext4: always allocate blocks only from groups inode can use (Jan Kara) - ext4: implement linear-like traversal across order xarrays (Baokun Li) - ext4: refactor choose group to scan group (Baokun Li) - ext4: convert free groups order lists to xarrays (Baokun Li) - ext4: factor out ext4_mb_scan_group() (Baokun Li) - ext4: factor out ext4_mb_might_prefetch() (Baokun Li) - ext4: factor out __ext4_mb_scan_group() (Baokun Li) - ext4: add ext4_try_lock_group() to skip busy groups (Baokun Li) - mailbox: Prevent out-of-bounds access in fw_mbox_index_xlate() (Joonwon Kang) [Orabug: 39331965] {CVE-2026-43281} - mailbox: Allow controller specific mapping using fwnode (Anup Patel) - mailbox: Use guard/scoped_guard for con_mutex (Peng Fan) - mailbox: Use dev_err when there is error (Peng Fan) - mailbox: remove unused header files (Tudor Ambarus) - mailbox: sort headers alphabetically (Tudor Ambarus) - mailbox: don't protect of_parse_phandle_with_args with con_mutex (Tudor Ambarus) - ext4: don't set EXT4_GET_BLOCKS_CONVERT when splitting before submitting I/O (Zhang Yi) [Orabug: 39452050] {CVE-2026-45985} - ext4: correct the comments place for EXT4_EXT_MAY_ZEROOUT (Yangerkun) - drm/tegra: dsi: fix device leak on probe (Johan Hovold) - ata: libata-scsi: avoid Non-NCQ command starvation (Damien Le Moal) [Orabug: 39451561] {CVE-2026-45855} - ata: libata: Introduce ata_port_eh_scheduled() (Damien Le Moal) - ata: libata: Remove ATA_DFLAG_ZAC device flag (Damien Le Moal) - ata: libata-scsi: Remove struct ata_scsi_args (Damien Le Moal) - ata: libata-scsi: Document all VPD page inquiry actors (Damien Le Moal) - ata: libata-scsi: Refactor ata_scsiop_maint_in() (Damien Le Moal) - ata: libata-scsi: Refactor ata_scsiop_read_cap() (Damien Le Moal) - ata: libata-scsi: Refactor ata_scsi_simulate() (Damien Le Moal) - KVM: x86: Ignore -EBUSY when checking nested events from vcpu_block() (Sean Christopherson) [Orabug: 39331893] {CVE-2026-43265} - media: dw9714: Fix powerup sequence (Ricardo Ribalda) - media: dw9714: add support for powerdown pin (Matthias Fend) - media: dw9714: move power sequences to dedicated functions (Matthias Fend) - media: tegra-video: Fix memory leak in __tegra_channel_try_format() (Zilin Guan) - PCI: Use resource_set_range() that correctly sets ->end (Ilpo Järvinen) - resource: Add resource set range and size helpers (Ilpo Järvinen) - Revert "PCI: qcom: Don't wait for link if we can detect Link Up" (Niklas Cassel) - PCI: qcom: Don't wait for link if we can detect Link Up (Krishna Chaitanya Chundru) - Revert "PCI: dw-rockchip: Don't wait for link since we can detect Link Up" (Niklas Cassel) - PCI: dw-rockchip: Don't wait for link since we can detect Link Up (Niklas Cassel) - memory: mtk-smi: fix device leak on larb probe (Johan Hovold) - memory: mtk-smi: fix device leaks on common probe (Johan Hovold) - x86/acpi/boot: Correct acpi_is_processor_usable() check again (Yazen Ghannam) - PCI: Correct PCI_CAP_EXP_ENDPOINT_SIZEOF_V2 value (Bjorn Helgaas) - bpf: Fix stack-out-of-bounds write in devmap (Kohei Enju) [Orabug: 39130977] {CVE-2026-23359} - bpf, arm64: Force 8-byte alignment for JIT buffer to prevent atomic tearing (Fuad Tabba) [Orabug: 39131066] {CVE-2026-23383} - btrfs: fix compat mask in error messages in btrfs_check_features() (Mark Harmstone) - btrfs: print correct subvol num if active swapfile prevents deletion (Mark Harmstone) - btrfs: fix warning in scrub_verify_one_metadata() (Mark Harmstone) - btrfs: fix objectid value in error message in check_extent_data_ref() (Mark Harmstone) - btrfs: fix incorrect key offset in error message in check_dev_extent_item() (Mark Harmstone) - ALSA: hda: cs35l56: Fix signedness error in cs35l56_hda_posture_put() (Richard Fitzgerald) - ALSA: pci: hda: use snd_kcontrol_chip() (Kuninori Morimoto) - drm/amdgpu: Fix locking bugs in error paths (Bart Van Assche) - drm/amdgpu: Replace kzalloc + copy_from_user with memdup_user (Thorsten Blum) - drm/amdgpu: Unlock a mutex before destroying it (Bart Van Assche) - PCI: dwc: ep: Flush MSI-X write before unmapping its ATU entry (Niklas Cassel) - PCI: dwc: ep: Use align addr function for dw_pcie_ep_raise_{msi,msix}_irq() (Niklas Cassel) - PCI: dwc: endpoint: Implement the pci_epc_ops::align_addr() operation (Damien Le Moal) - PCI: endpoint: Introduce pci_epc_mem_map()/unmap() (Damien Le Moal) - PCI: endpoint: Introduce pci_epc_function_is_valid() (Damien Le Moal) - s390/vtime: Fix virtual timer forwarding (Heiko Carstens) - s390/idle: Fix cpu idle exit cpu time accounting (Heiko Carstens) - perf: Fix __perf_event_overflow() vs perf_remove_from_context() race (Peter Zijlstra) [Orabug: 39110643] {CVE-2026-23271} - ALSA: usb-audio: Use inclusive terms (Takashi Iwai) - ALSA: usb-audio: Cap the packet size pre-calculations (Takashi Iwai) - scsi: ufs: core: Move link recovery for hibern8 exit failure to wl_resume (Peter Wang) - cgroup/cpuset: Fix incorrect use of cpuset_update_tasks_cpumask() in update_cpumasks_hier() (Waiman Long) - rseq: Clarify rseq registration rseq_size bound check comment (Mathieu Desnoyers) - x86/fred: Correct speculative safety in fred_extint() (Andrew Cooper) [Orabug: 39130960] {CVE-2026-23354} - ALSA: usb-audio: Remove VALIDATE_RATES quirk for Focusrite devices (Geoffrey D. Bennett) - ALSA: scarlett2: Fix DSP filter control array handling (Geoffrey D. Bennett) - ALSA: scarlett2: Fix redeclaration of loop variable (Geoffrey D. Bennett) - scsi: pm8001: Fix use-after-free in pm8001_queue_command() (Salomon Dushimirimana) [Orabug: 39130811] {CVE-2026-23306} - scsi: lpfc: Properly set WC for DPP mapping (Mathias Krause) - irqchip/sifive-plic: Fix frozen interrupt due to affinity setting (Nam Cao) - KVM: arm64: Hide S1POE from guests when not supported by the host (Fuad Tabba) - drm/logicvc: Fix device node reference leak in logicvc_drm_config_parse() (Felix Gu) - drm/vmwgfx: Return the correct value in vmw_translate_ptr functions (Ian Forbes) [Orabug: 39130850] {CVE-2026-23317} - drm/vmwgfx: Fix invalid kref_put callback in vmw_bo_dirty_release (Brad Spengler) [6.12.0-204.76.1] - uek-rpm: BF3: Enable CONFIG_DMI (Jeremy Tang) [Orabug: 39360834] - kabi: update FIPS kABI files (Saeed Mirzamohammadi) [Orabug: 39334603] - KEYS: Reserve key usage values (Saeed Mirzamohammadi) [Orabug: 39334603] - crypto: keep FIPS MPI helpers private (Saeed Mirzamohammadi) [Orabug: 39334603] - crypto: keep FIPS compression helpers private (Saeed Mirzamohammadi) [Orabug: 39334603] - crypto: keep FIPS helper library symbols private (Saeed Mirzamohammadi) [Orabug: 39334603] - crypto: tcrypt - clamp num_mb to avoid divide-by-zero (Saeed Mirzamohammadi) [Orabug: 39334603] - crypto: tcrypt - stop ahash speed tests when setkey fails (Saeed Mirzamohammadi) [Orabug: 39334603] - crypto: add x86 GHASH CLMUL to FIPS module (Saeed Mirzamohammadi) [Orabug: 39334603] - crypto: add fixed-time AES to FIPS module (Saeed Mirzamohammadi) [Orabug: 39334603] - fips: add scatterwalk to FIPS module (Saeed Mirzamohammadi) [Orabug: 39334603] - crypto: avoid auto-load for arch specific impls (Saeed Mirzamohammadi) [Orabug: 39334603] - arm64/crypto: wire up FIPS aliases and helpers (Saeed Mirzamohammadi) [Orabug: 39334603] - crypto: share alg registry between FIPS and base kernel (Saeed Mirzamohammadi) [Orabug: 39334603] - crypto: keep crypto_user out of the FIPS module (Saeed Mirzamohammadi) [Orabug: 39334603] - crypto: tcrypt - skip retest in FIPS mode (Saeed Mirzamohammadi) [Orabug: 39334603] - crypto: skip redundant FIPS self-module signature check (Saeed Mirzamohammadi) [Orabug: 39334603] - scripts: fail cleanly on arm64 boot image formats (Saeed Mirzamohammadi) [Orabug: 39334603] - crypto/hkdf: Skip tests with keys too short in FIPS mode (Saeed Mirzamohammadi) [Orabug: 39334603] - uek-rpm: build module symvers before fips140.ko (Saeed Mirzamohammadi) [Orabug: 39334603] - crypto: add crc64_rocksoft_generic to the FIPS module (Saeed Mirzamohammadi) [Orabug: 39334603] - crypto: add keywrap to the FIPS module (Saeed Mirzamohammadi) [Orabug: 39334603] - crypto: add cts to the FIPS module (Saeed Mirzamohammadi) [Orabug: 39334603] - crypto: convert kdf_sp800108 to CRYPTO_API() (Saeed Mirzamohammadi) [Orabug: 39334603] - fips: drop ansi_cprng and revert ansi_cprng FIPS hooks (Saeed Mirzamohammadi) [Orabug: 39334603] - crypto/testmgr: mark xxhash64 as fips disallowed (Saeed Mirzamohammadi) [Orabug: 39334603] - Revert "fips: add xxhash64-generic to FIPS module" (Saeed Mirzamohammadi) [Orabug: 39334603] - asm-generic/vmlinux.lds.h: remove unreachable FIPS140 branch (Saeed Mirzamohammadi) [Orabug: 39334603] - btrfs: switch to library APIs for checksums (Eric Biggers) [Orabug: 39334603] - lib/crypto: blake2b: Add BLAKE2b library functions (Eric Biggers) [Orabug: 39334603] - byteorder: Add le64_to_cpu_array() and cpu_to_le64_array() (Eric Biggers) [Orabug: 39334603] - iommu/amd: reduce GA Log overflow printk noise (Alejandro Jimenez) [Orabug: 39209026] - iommu/amd: add reschedule points to GA Log draining (Alejandro Jimenez) [Orabug: 39209026] - iommu/amd: Rework GAInt handling in overflow case (Joao Martins) [Orabug: 39209026] - iommu/amd: Use GA Log-aware handler for legacy MSI interrupts (Joao Martins) [Orabug: 39209026] - iommu/amd: Disable GAInt while GA Log is processed (Joao Martins) [Orabug: 39209026] - iommu/amd: Add GA Log-aware primary IRQ handler (Joao Martins) [Orabug: 39209026] - iommu/amd: Allow x2APIC interrupt setup to use primary IRQ handlers (Alejandro Jimenez) [Orabug: 39209026] - iommu/amd: Increase GA Log buffer size to 8192 entries (Joao Martins) [Orabug: 39209026] - iommu/amd: Use core's primary handler and set IRQF_ONESHOT (Sebastian Andrzej Siewior) [Orabug: 39209026] [6.12.0-203.76.5] - ptrace: slightly saner 'get_dumpable()' logic (Linus Torvalds) [Orabug: 39384273,39391434,39407652] {CVE-2026-46333} [6.12.0-203.76.4] - x86/CPU/AMD: Add a fix for AMD-SB-7052 (Prathyushi Nangia) [Orabug: 39218893] {CVE-2025-54518} - rxrpc: Also unshare DATA/RESPONSE packets when paged frags are present (Hyunwoo Kim) [Orabug: 39334587,39356061] {CVE-2026-43500} - rxrpc: Fix conn-level packet handling to unshare RESPONSE packets (David Howells) [Orabug: 39334587,39452112] {CVE-2026-46000} - rxrpc: only handle RESPONSE during service challenge (Jie Wang) [Orabug: 39263367,39334587] {CVE-2026-31676} - rxrpc: Fix rxrpc_input_call_event() to only unshare DATA packets (David Howells) [Orabug: 39334587] - rxrpc: Fix potential UAF after skb_unshare() failure (David Howells) [Orabug: 39334587,39452107] {CVE-2026-45998} - rxrpc: Fix re-decryption of RESPONSE packets (David Howells) [Orabug: 39334587,39452067] {CVE-2026-45988} - xfrm: esp: avoid in-place decrypt on shared skb frags (Kuan-Ting Chen) [Orabug: 39334587,39367145] {CVE-2026-43284} - bcm-hsdk-gpl: Fix build issues for HSDK 6.5.34 (Vijay Kumar) [Orabug: 39342234] - bcm-hsdk-gpl: Update BCM HSDK GPL driver to 6.5.34 (Vijay Kumar) [Orabug: 39342234] - minke-fan-cpld: Avoid logging 'unknown fan id' when no fan is present (Arista-Hpandya) [Orabug: 39335238] - exadata: tools: perf: update column to comm_nodigit (Stephen Brennan) [Orabug: 39327035] - perf report: Add comm_nodigit sort key (Stephen Brennan) [Orabug: 39327035] - Revert "tools: perf: add comm_ignore_digit column" (Stephen Brennan) [Orabug: 39327035] - octeontx2-af: cn20k: Fix RVU AF interrupt handler (Geetha Sowjanya) [Orabug: 39318904] - octeontx2-af: Move QMEM allocations from GFP_KERNEL to ATOMIC (Sunil Kovvuri Goutham) [Orabug: 39318904] - bphy-pf: CNF20Ka: poll MHABs based on cpri_mask instead of fixed count (Viswajith Murali) [Orabug: 39318904] - octeontx2-af: Add devlink param for NIX RQ caching (Nishok A) [Orabug: 39318904] - octeontx2-af: cn20k: Fix the RVUAF->PF mbox address (Geetha Sowjanya) [Orabug: 39318904] - octeontx2-af: Add devlink and debugfs support for NPA DWRR registers. (Anshumali Gaur) [Orabug: 39318904] - cn20k-af: psw: Fix build warning (Srujana Challa) [Orabug: 39318904] - octeontx2-af: npc: cn20k: Fix AI review comments. (Ratheesh Kannoth) [Orabug: 39318904] - cn20k-af: psw: add mailbox to write to PSW MSIX registers (Srujana Challa) [Orabug: 39318904] - cn20k-af: psw: add debugfs support for psw (Srujana Challa) [Orabug: 39318904] - cn20k-af: psw: introduce a mailbox to program PSW mbox msix vector (Srujana Challa) [Orabug: 39318904] - cn20k-af: psw: add PSW AF API Notification queue support (Srujana Challa) [Orabug: 39318904] - cn20k-af: psw: add FLR handler for PSW (Srujana Challa) [Orabug: 39318904] - cn20k-af: psw: setup PSW timed polling structure tables (Srujana Challa) [Orabug: 39318904] - cn20k-af: psw: add mailbox for PSW PCIe configuration (Srujana Challa) [Orabug: 39318904] - cn20k-af: psw: add mailbox for PSW LF mapping (Srujana Challa) [Orabug: 39318904] - cn20k-af: psw: add new mailbox for PSW doorbell configuration (Srujana Challa) [Orabug: 39318904] - cn20k-af: psw: setups PSW FID resources (Srujana Challa) [Orabug: 39318904] - cn20k-af: psw: setup PSW GID resources (Srujana Challa) [Orabug: 39318904] - cn20k-af: psw: add mailbox to get PSW capabilities (Srujana Challa) [Orabug: 39318904] - cn20k-af: psw: register PSW AF interrupts (Srujana Challa) [Orabug: 39318904] - cn20k-af: psw: introduce PSW block (Srujana Challa) [Orabug: 39318904] - octeontx2-af: limit max periodic timers for cn20k (Shijith Thotton) [Orabug: 39318904] - octeontx2-af: npc: cn20k: Make default entries as x4. (Ratheesh Kannoth) [Orabug: 39318904] - octeonxt2-af: npc: Fix bugs (Ratheesh Kannoth) [Orabug: 39318904] - octeontx2-pf: cn20ka: fix call trace in otx2_unregister_dl() after kernel reboot. (Anshumali Gaur) [Orabug: 39318904] - octeontx2-pf: cn20ka: fix call trace in otx2vf_remove after kernel reboot. (Anshumali Gaur) [Orabug: 39318904] - octeontx2-af: cn20k: Configure default CPT_AF_UCC_CTL for IPsec error codes (Amit Singh Tomar) [Orabug: 39318904] - octeontx2-af: CN20k: add support for RFOE4 on half MP (Sai Krishna) [Orabug: 39318904] - octeontx2-pf: Fix kernel crash during eswitch creation (Suman Ghosh) [Orabug: 39318904] - octeontx2-af: Use ZERO_OR_NULL_PTR for cgxchan2link_map (Subbaraya Sundeep) [Orabug: 39318904] - octeontx2-af: cn20K: mcs: Add parser configuration for VLAN extraction (Geetha Sowjanya) [Orabug: 39318904] - octeontx2-af: Add support for single SBTAG parsing (Kiran Kumar K) [Orabug: 39318904] - octeontx2-af: Fix SDP channel base (Geetha Sowjanya) [Orabug: 39318904] - octeontx2-af: cn20K: mcs: Add MCS DSA tag parsing configuration support (Geetha Sowjanya) [Orabug: 39318904] - octeontx2-af: Avoid any false positives for Altaf (Linu Cherian) [Orabug: 39318904] - octeontx2-af: npc: Fix broadcast MCAM entry type on CN10K (Rakesh Kudurumalla) [Orabug: 39318904] - octeontx2-af: cn20k: Add platform check. (Anshumali Gaur) [Orabug: 39318904] - octeontx2-bphy-netdev: add get_link_ksettings to fix SIOCETHTOOL error (Sai Krishna) [Orabug: 39318904] - octeontx2-af: npc: cn20k: dont free default mcam indexes (Ratheesh Kannoth) [Orabug: 39318904] - bphy-pf: CNF20ka: Replace deprecated MSI-X API in CPRI netdev driver (Viswajith Murali) [Orabug: 39318904] - octeontx2-af: npc: cn20k: Fix kernel warn. (Ratheesh Kannoth) [Orabug: 39318904] - octeontx2-af: npc: cn20k: Mismatch stats. (Ratheesh Kannoth) [Orabug: 39318904] - octeontx2-af: npc: cn20k: Dont free PF default mcam indexes. (Ratheesh Kannoth) [Orabug: 39318904] - octeontx2-af: npc: cn20k: FIx invalid access (Ratheesh Kannoth) [Orabug: 39318904] - octeontx2-af: npc: cn20k: dstats (Ratheesh Kannoth) [Orabug: 39318904] - octeonxt2-af: npc: cn20k: show enable/disable status. (Ratheesh Kannoth) [Orabug: 39318904] - octeontx2-af: npc: cn20k: debugfs for virtual indexes (Ratheesh Kannoth) [Orabug: 39318904] - octeontx2-af: npc: cn20k: Fix AI reviews (Ratheesh Kannoth) [Orabug: 39318904] - octeontx2-af: npc: cn20k: Alloc default indexes during nix lf alloc (Ratheesh Kannoth) [Orabug: 39318904] - octeontx2-af: npc: cn20k: Fix default mcam idx free (Ratheesh Kannoth) [Orabug: 39318904] - octeontx2-af: npc: Remove SoC specific local variables. (Ratheesh Kannoth) [Orabug: 39318904] - octeontx2-af: mcs: Fix SC resource cleanup loop (Geetha Sowjanya) [Orabug: 39318904] - octeontx2-af: cn20k: mcs: Add SC CAM bypass entry (Geetha Sowjanya) [Orabug: 39318904] - octeontx2-af: Modify the pcifunc VF mask (Subbaraya Sundeep) [Orabug: 39318904] - octeontx2-af: cn20k: update the AFPFX_TRIGX reg offset (Geetha Sowjanya) [Orabug: 39318904] - octeontx2-af: cn20K: Fix rvu mbox registers offset (Geetha Sowjanya) [Orabug: 39318904] - octeontx2: sdp: Display backpressure status in debugfs (Subbaraya Sundeep) [Orabug: 39318904] - octeontx2-pf: Fix aura BPID assignment when CONFIG_DCB is enabled (Geetha Sowjanya) [Orabug: 39318904] - octeontx2-af: add bounds check in nix_bp_enable (Rakesh Kudurumalla) [Orabug: 39318904] - octeontx2-af: cn20k: Set a default value for res_meta_offset (Tanmay Jagdale) [Orabug: 39318904] - octeontx2-af: Support mapping of individual slots to RVU block LFs (Subbaraya Sundeep) [Orabug: 39318904] - cn20k-af: ml: improve AF register access control (Srikanth Yalavarthi) [Orabug: 39318904] - cn20k-af: ml: fetch list of LF IDs attached (Srikanth Yalavarthi) [Orabug: 39318904] - cn20k-af: ml: fix using uninitialized partition ID (Srikanth Yalavarthi) [Orabug: 39318904] - cn20k-af: ml: enable mapping LF to partition ID (Srikanth Yalavarthi) [Orabug: 39318904] - cn20k-af: ml: enable mapping LF with partitions (Srikanth Yalavarthi) [Orabug: 39318904] - cn20k-af: ml: support ML lf alloc and free (Srikanth Yalavarthi) [Orabug: 39318904] - cn20k-af: ml: support fetching msix offset for ML (Srikanth Yalavarthi) [Orabug: 39318904] - cn20k-af: ml: support attach and detach of ML LFs (Srikanth Yalavarthi) [Orabug: 39318904] - cn20k-af: ml: add support to fetch ML capabilities (Srikanth Yalavarthi) [Orabug: 39318904] - cn20k-af: ml: implement ML mbox message handler (Srikanth Yalavarthi) [Orabug: 39318904] - cn20k-af: ml: register ML interrupt handlers (Srikanth Yalavarthi) [Orabug: 39318904] - cn20k-af: ml: implement hw resource setup and free (Srikanth Yalavarthi) [Orabug: 39318904] - cn20k-af: ml: enable ML block probe and remove (Srikanth Yalavarthi) [Orabug: 39318904] - cn20k-af: ml: add skeleton code for ML EB driver (Prince Takkar) [Orabug: 39318904] - octeontx2-pf: cn20k: Add CN20K TX SecY policy bit support (Subrat Pandey) [Orabug: 39318904] - octeontx2-af: cn20k: mcs: Set default mcs Id to 0. (Subrat Pandey) [Orabug: 39318904] - octeontx2-af: cn20k: Fix memleak in npc_install flow (Suman Ghosh) [Orabug: 39318904] - octeontx2-af: Fix flags for HWWQE period timers (Mikko Suni) [Orabug: 39318904] - octeontx2-af: cn20k: Use physical address for AF->PF mbox (Geetha Sowjanya) [Orabug: 39318904] - octeontx2-af: cn20k: update fields of CPT_AF_LFX_CTL (Rahul Bhansali) [Orabug: 39318904] - octeontx2-af: cn20k: configure RX inline replay (Shashank Gupta) [Orabug: 39318904] - Octeontx2-af: cn20k: configure inline RQ mask (Bharat Bhushan) [Orabug: 39318904] - octeontx2-pf: Don't initialize ipsec queues for representor PF. (Geetha Sowjanya) [Orabug: 39318904] - octeontx2-bphy-pf: CNF20ka: BPHY NIC PF driver for chiplet based BPHY NIX bypass mode (Naveen Mamindlapalli) [Orabug: 39318904] - octeontx2-af: fix npc mbox structure defination (Mohit Kumar Parjapat) [Orabug: 39318904] - octeontx2-af: npc: cn20k: Avoid SoC specific structures (Ratheesh Kannoth) [Orabug: 39318904] - octeontx2-af: npc: cn20k: Fix get number of kw (Ratheesh Kannoth) [Orabug: 39318904] - octeontx2-pf: switch: cancel work before destroying wq. (Ratheesh Kannoth) [Orabug: 39318904] - octeontx: switch: Fix compiler warnings. (Ratheesh Kannoth) [Orabug: 39318904] - octeontx2-pf: selftest: Use unique mbox ids (Linu Cherian) [Orabug: 39318904] - octeontx: pan: Disable WQ after unregister notifier (Ratheesh Kannoth) [Orabug: 39318904] - octeontx2-af: switch: Define new flag (Ratheesh Kannoth) [Orabug: 39318904] - octeontx2-pf: switch: Fix bugs. (Ratheesh Kannoth) [Orabug: 39318904] - octeontx2-af: switch: Update mcam_idx for reply flow (Ratheesh Kannoth) [Orabug: 39318904] - octeontx2-pf: switch: Support ovs offloading (Ratheesh Kannoth) [Orabug: 39318904] - octeontx2-pf: switch: Support mask as well for flow. (Ratheesh Kannoth) [Orabug: 39318904] - octeontx2-af: switch: Pass tuple mask as well to flow. (Ratheesh Kannoth) [Orabug: 39318904] - octeontx2-pf: switch: Retrieve VLAN infor for L3 routing (Ratheesh Kannoth) [Orabug: 39318904] - octeontx2-af: switch: Add vlan tag as part of message (Ratheesh Kannoth) [Orabug: 39318904] - octeontx2-af: switch: Dont process events if switchdev is not up (Ratheesh Kannoth) [Orabug: 39318904] - octeontx2-pf: switch: make functions static (Ratheesh Kannoth) [Orabug: 39318904] - octeontx2-pf: switch: Fix graceful shutdown. (Ratheesh Kannoth) [Orabug: 39318904] - octeontx2-pf: switch: Notify switchdev on NF table callback (Ratheesh Kannoth) [Orabug: 39318904] - octeontx2-af: switch: Support SNAT/DNAT routing (Ratheesh Kannoth) [Orabug: 39318904] - octeontx2-pf: switch: Reject acceleration for invalid bridge (Ratheesh Kannoth) [Orabug: 39318904] - octeontx2-af: switch: Fix buffer overflow (Ratheesh Kannoth) [Orabug: 39318904] - octeontx2-pf: switch: Fix below kernel splat (Ratheesh Kannoth) [Orabug: 39318904] - octeontx2-pf: switchdev: Register for Route events. (Ratheesh Kannoth) [Orabug: 39318904] - octeontx2-af: switchdev: Forward route notifications. (Ratheesh Kannoth) [Orabug: 39318904] - octeontx2-pf: switchdev: Add driver support (Ratheesh Kannoth) [Orabug: 39318904] - octeontx2-af: switchdev: L2 offload support (Ratheesh Kannoth) [Orabug: 39318904] - octeontx2-pf: Remove devlink support for SDP VF NIC driver (Anshumali Gaur) [Orabug: 39318904] - octeontx2-af: Handle pool context address update in Aura context write (Ashwin Sekhar T K) [Orabug: 39318904] - octeontx2-af: CN20k: fix unused-function warning (Amit Singh Tomar) [Orabug: 39318904] - octeontx2-pf: Move representor event handling into common file (Geetha Sowjanya) [Orabug: 39318904] - octeontx2-af: Fix Rep link state sync up with PF/VFs (Geetha Sowjanya) [Orabug: 39318904] - octeontx2-af: npa: cn20k: Fix DPC config mbox (Ashwin Sekhar T K) [Orabug: 39318904] - Octeontx2-pf: Fix transceiver details corruption (Hariprasad Kelam) [Orabug: 39318904] - octeontx2-af: change GEN PF device ID (Sai Krishna) [Orabug: 39318904] - octeontx2-af: CN20K: Fetch LBK supported channels (Hariprasad Kelam) [Orabug: 39318904] - octeontx2-af: Fix limiting SRIOV VF count logic (Sunil Kovvuri Goutham) [Orabug: 39318904] - octeontx2-af: Fix KASAN slab-out-of-bounds error (Anshumali Gaur) [Orabug: 39318904] - octeontx2-af: Update irq affinity for mbox and flr (Linu Cherian) [Orabug: 39318904] - octeontx2-af: cn20k: Add FLR/ME support (Linu Cherian) [Orabug: 39318904] - octeontx2-af: Fix possible memleak while mbox init (Sai Krishna) [Orabug: 39318904] - octeontx2-af: Map alternative AF NIX_AF_GINT only for CN10K (Geetha Sowjanya) [Orabug: 39318904] - octeontx2-af: Add support to forward error interrupts to alt AF (Anil Kumar Reddy) [Orabug: 39318904] - octeontx2-af: Add support to forward flr to alternative AF (Anil Kumar Reddy) [Orabug: 39318904] - octeontx2-af: Update Alternative AF status (Linu Cherian) [Orabug: 39318904] - octeontx2-af: cn20k: Cleanup AF interrupt vector (Linu Cherian) [Orabug: 39318904] - octeontx2-af: Do not hardcode AF bus number in debugfs (Subbaraya Sundeep) [Orabug: 39318904] - octeontx2-af: Fix rsrc_alloc debugfs file (Subbaraya Sundeep) [Orabug: 39318904] - octeontx2-pf: Add devlink option to reset MAC stats for debugging (Viswajith Murali) [Orabug: 39318904] - octeontx2-af: npc: cn20k: Add devlink for defrag initiation (Ratheesh Kannoth) [Orabug: 39318904] - net: octeontx2: Fix coding style issues (Subrat Pandey) [Orabug: 39318904] - octeontx2-af: Fix mcs string buffer size (Stefan Wiehler) [Orabug: 39318904] - octeontx2-af: Skip TM tree print for disabled SQs (Anshumali Gaur) [Orabug: 39318904] - octeontx2-af: debugfs: Add cn20k sdp rings info (Subbaraya Sundeep) [Orabug: 39318904] - octeontx2-af: Fix kernel crash during NIX TM register dump (Anshumali Gaur) [Orabug: 39318904] - octeontx2-af: cpt: Add debug support for more than 64 engines. (Bharat Bhushan) [Orabug: 39318904] - octeontx2-af: cn20k: cpt: Update engine offset calculation (Bharat Bhushan) [Orabug: 39318904] - octeontx2-pf: Add support to display "Autoneg" (Hariprasad Kelam) [Orabug: 39318904] - octeontx2-vf: Set tc filter flag on vf netdev (Suman Ghosh) [Orabug: 39318904] - Octeontx2-pf: Update link mode mapping (Hariprasad Kelam) [Orabug: 39318904] - Octeontx2-pf: Fix ethtool eeprom read logic (Hariprasad Kelam) [Orabug: 39318904] - octeontx2-pf: ethtool: Display physical connector type (Hariprasad Kelam) [Orabug: 39318904] - octeontx2-pf: restart interface when link settings are changed by user (Naveen Mamindlapalli) [Orabug: 39318904] - octeontx2-sdpvf: Fix PTP options for SDP interfaces (Roy Franz) [Orabug: 39318904] - octeontx2-vf: Add partial ethtool support for SDP VFs (Hariprasad Kelam) [Orabug: 39318904] - octeontx2-pf: Add page pool stats to ethtool (Ratheesh Kannoth) [Orabug: 39318904] - octeontx2-pf: Add missing changes in otx2_ethtool.c (Suman Ghosh) [Orabug: 39318904] - Octeontx2-pf: tc: fix egress ratelimiting (Hariprasad Kelam) [Orabug: 39318904] - octeontx2-pf: Support to enable EDSA/Higig2 pkts parsing (Hariprasad Kelam) [Orabug: 39318904] - octeontx2-pf: Using compound/head page ref count (Geetha Sowjanya) [Orabug: 39318904] - octeontx2-pf: Fix NDC sync operation errors (Geetha Sowjanya) [Orabug: 39318904] - octeontx2-pf: cn20k: fix target address (Juan Garcia) [Orabug: 39318904] - octeontx2-pf: Check address for Null before free (Geetha Sowjanya) [Orabug: 39318904] - octeontx2-af: mcs: Add soft reset sequence in mcs_global_cfg() (Viswajith Murali) [Orabug: 39318904] - octeontx2-pf: mcs: Don't account field alignment when installing TX SecY policy (Geetha Sowjanya) [Orabug: 39318904] - octeontx2-af: Fix start and end bit for scan config (Ratheesh Kannoth) [Orabug: 39318904] - octeontx2: npc: cn20k: Remove function (Ratheesh Kannoth) [Orabug: 39318904] - octeontx2: npc: cn20k: refactor code (Ratheesh Kannoth) [Orabug: 39318904] - octeontx2-af: cgx: misc changes (Hariprasad Kelam) [Orabug: 39318904] - octeontx2-af: reset TL1 SW_XOFF before returning from link mode change (Naveen Mamindlapalli) [Orabug: 39318904] - octeontx2-af: Remove MAC address validation check (Suman Ghosh) [Orabug: 39318904] - octeontx2-af: Show count of dropped packets by DMAC filters (Hariprasad Kelam) [Orabug: 39318904] - octeontx2-af: Update mbox version (Sunil Kovvuri Goutham) [Orabug: 39318904] - cn10k-ipsec: Fix compilation with XFRM_OFFLOAD enabled (Sunil Kovvuri Goutham) [Orabug: 39318904] - octeontx2-vf: Register dummy netdev for host PF VFs (Subbaraya Sundeep) [Orabug: 39318904] - octeontx2-pf: cn20k: Configure SQ default channel based on UP message (Subbaraya Sundeep) [Orabug: 39318904] - octeontx2-pf: Dereference only a valid pointer (Suman Ghosh) [Orabug: 39318904] - octeontx2-vf: Fix VF mbox up message error on PTP RX enable (Sai Krishna) [Orabug: 39318904] - octeontx2-pf: Add support for creating netdev interfaces for SDP VFs (Suman Ghosh) [Orabug: 39318904] - octeontx2-pf: Add more debug messages (Geetha Sowjanya) [Orabug: 39318904] - octeontx2-pf: Send UP messages to VF only when VF is up. (Subbaraya Sundeep) [Orabug: 39318904] - octeontx2-pf: Avoid null pointer dereference (Subbaraya Sundeep) [Orabug: 39318904] - cn10k-ipsec: fix uninitialized send queue during ESP offload (Shashank Gupta) [Orabug: 39318904] - cn10k-ipsec: Initialize ipsec queues on enabling IPsec (Bharat Bhushan) [Orabug: 39318904] - octeontx2-pf: cn10k/cn20k: Update count_eot in NPA_LF_AURA_BATCH_FREE0 (Geetha Sowjanya) [Orabug: 39318904] - octeontx2-pf: persist netdev stats across routine operations (Anshumali Gaur) [Orabug: 39318904] - octeontx2-pf: Add self test (Linu Cherian) [Orabug: 39318904] - octeontx2-pf: Add ethtool -m option support (Suman Ghosh) [Orabug: 39318904] - octeontx2-pf: Skip dma map and unmap when IOMMU is bypassed (Sunil Kovvuri Goutham) [Orabug: 39318904] - octeontx2-pf: Add NIXLF error/poison interrupt handlers (Naveen Mamindlapalli) [Orabug: 39318904] - octeontx2-pf: Validation for TL1 Round robin priority (Hariprasad Kelam) [Orabug: 39318904] - octeontx2-pf: devlink param support to modify physical interface links. (Rakesh Babu Saladi) [Orabug: 39318904] - octeontx2-pf: Add devlink param to vary rbuf size (Subbaraya Sundeep) [Orabug: 39318904] - octeontx2-pf: Add devlink param to vary cqe size (Subbaraya Sundeep) [Orabug: 39318904] - octeontx2-af: CN20k: add multi chiplet support to NIX path (Sai Krishna) [Orabug: 39318904] - octeontx2-af: CN20k: Enable TX PTP timestamping on BPHY NIX link (Sai Krishna) [Orabug: 39318904] - octeontx2-af: cn10k: Fix accessing invalid CSRs (Sai Krishna) [Orabug: 39318904] - octeontx2-af: CN20k: fix fwdata NULL pointer dereference when RPM probe fails (Sai Krishna) [Orabug: 39318904] - octeontx2-af: CN20k: Map BPHY chiplet RPMs followed by compute chiplet RPMs (Sai Krishna) [Orabug: 39318904] - octeontx2-af: CN20k: Add chiplet RPM AF mbox support for port ready, get channel info messages. (Sai Krishna) [Orabug: 39318904] - octeontx2-af: cnf20k: account for XCB RPM links in CGX link calculation (Naveen Mamindlapalli) [Orabug: 39318904] - octeontx2-af: Add support for chiplet based BPHY RPM driver as AF RVU extension block module (Sai Krishna) [Orabug: 39318904] - octeontx2-af: Add BPHY chiplet, RPM, LMAC data to fwdata (Sai Krishna) [Orabug: 39318904] - bphy-pf: CNF20ka: Register driver with PCI subsys ID (Anshumali Gaur) [Orabug: 39318904] - bphy-pf: CNF20ka: Fix MSI-X init failure by setting both DMA masks (Viswajith Murali) [Orabug: 39318904] - bphy-pf: CNF20K: Add build and config support for CPRI PF driver to avoid module conflicts (Viswajith Murali) [Orabug: 39318904] - bphy-pf: CNF20ka: Fix CPRI MSI-X initialization failure (Viswajith Murali) [Orabug: 39318904] - bphy-pf: CNF20ka: Add workaround for gpint issue for CPRI pkt path (Viswajith Murali) [Orabug: 39318904] - bphy-pf: CNF20ka: Add cpri netdev driver support (Viswajith Murali) [Orabug: 39318904] - octeontx-bphy-netdev: Fix unexpected packet in netdev by ensuring proper PSW hardware write handling (Viswajith Murali) [Orabug: 39318904] - octeontx2-bphy-netdev: allow forcing ts steps cnt (Baha Mesleh) [Orabug: 39318904] - octeontx2-bphy-netdev: fix fec counters reporting (Baha Mesleh) [Orabug: 39318904] - octeontx2-bphy-netdev: fix ecpri pkt stats update (Baha Mesleh) [Orabug: 39318904] - octeontx2-bphy-netdev: fix ecpri type5 handling (Baha Mesleh) [Orabug: 39318904] - octeontx2-bphy-netdev: fix a deadlock in cpri (Baha Mesleh) [Orabug: 39318904] - octeontx2-bphy-netdev: Fix race condition for timestamp packets (Sai Krishna) [Orabug: 39318904] - octeontx2-bphy-netdev: Fix kernel crash by using proper max PSM queue count (Sai Krishna) [Orabug: 39318904] - octeontx2-bphy-netdev: protect psm queue access (Baha Mesleh) [Orabug: 39318904] - octeontx2-bphy-netdev: fix debugfs memleak (Baha Mesleh) [Orabug: 39318904] - octeontx2-bphy-netdev: Detect DL circular buffer full (Naveen Mamindlapalli) [Orabug: 39318904] - octeontx2-bphy-netdev: fix rsfec stats reading (Baha Mesleh) [Orabug: 39318904] - octeontx2-bphy-netdev: Support for eCPRI MsgType5 timestamping (Sai Krishna) [Orabug: 39318904] - octeontx2-bphy-netdev: Use correct netdev priv structure for debugging (Baha Mesleh) [Orabug: 39318904] - octeontx2-bphy-netdev: disable CPRI RX on cleanup (Baha Mesleh) [Orabug: 39318904] - octeontx2-bphy-netdev: ignore mcs untagged error (Baha Mesleh) [Orabug: 39318904] - octeontx2-bphy-netdev: disable rx on RFOEs on exit (Baha Mesleh) [Orabug: 39318904] - octeontx2-bphy-netdev: Fix crash issue during initialization of cpri, rfoe interfaces on set MAC address (Sai Krishna) [Orabug: 39318904] - octeontx2-bphy-netdev: OcteonTX2 Base PHY RFOE netdev driver (Sai Krishna) [Orabug: 39318904] - octeontx2-af: CN20k DPI AF driver msix, interrupt handling (Sai Krishna) [Orabug: 39318904] - octeontx2-af: Move DPI block reset handling to AF extension block driver (Sai Krishna) [Orabug: 39318904] - octeontx2-af: CN20k DPI AF driver channel table mbox support (Sai Krishna) [Orabug: 39318904] - octeontx2-af: CN20k DPI AF driver mbox support (Sai Krishna) [Orabug: 39318904] - octeontx2-af: CN20k DPI AF driver initial support (Sai Krishna) [Orabug: 39318904] - octeontx2-af: cn20k: Don't reset the PF_DISC register (Geetha Sowjanya) [Orabug: 39318904] - octeontx2-af: CN20K: update RPM links (Hariprasad Kelam) [Orabug: 39318904] - octeontx2-af: cn20k: Add block discovery register (Geetha Sowjanya) [Orabug: 39318904] - octeontx2-af: Fix PTP RX enable mbox fail issue over NIC VF (Sai Krishna) [Orabug: 39318904] - octeontx2-af: Modify NIX register offset value for CN20K (Subbaraya Sundeep) [Orabug: 39318904] - octeontx2-af: Validate NIX maximum LFs correctly (Subbaraya Sundeep) [Orabug: 39318904] - octeontx2-af: Fix incorrect BPID initialization for CPT channels (Geetha Sowjanya) [Orabug: 39318904] - octeontx2-af: cn20k: Allow CPT PF access to CPT_AF_GRPX_THR (Shashank Gupta) [Orabug: 39318904] - octeontx2-af: cn20k: support packet data buffer (pdb) configuration (Bharat Bhushan) [Orabug: 39318904] - octeontx2-af: cn20k: Set LBK channels (Hariprasad Kelam) [Orabug: 39318904] - octeontx2-af: cn20k: Fix config parameter check when disable inline queue (Bharat Bhushan) [Orabug: 39318904] - octeontx2-af: cn20k: Enable CPT parse and Frag info header byte swap (Bharat Bhushan) [Orabug: 39318904] - octeontx2-af: Add an MCAM entry to count CPT 2nd pass miss packets (Naveen Mamindlapalli) [Orabug: 39318904] - octeontx2-af: support overriding aura to zero for second pass (Nithin Dabilpuram) [Orabug: 39318904] - octeontx2-af: cn20k: cpt: Use proper mask to get max CPT LF's (Amit Singh Tomar) [Orabug: 39318904] - octeontx2-af: allow mbox access from CPT VFs for backward compatibility (Amit Singh Tomar) [Orabug: 39318904] - octeontx2-af: Drop CPT PF/VF check for relevant mboxes (Amit Singh Tomar) [Orabug: 39318904] - octeontx2-af: cn20k: Change CPT channels configuration (Bharat Bhushan) [Orabug: 39318904] - octeontx2-af: cn20k: Allow CPT PF access to CPTX_AF_CTX_PSP_TIMER_CTL (Shashank Gupta) [Orabug: 39318904] - octeontx2-af: cn20k: change CPT register address as per latest csr (Bharat Bhushan) [Orabug: 39318904] - octeontx2-af: cn20k: Allow access to CPT_AF_UCCX_CTL (Tanmay Jagdale) [Orabug: 39318904] - octeontx2-af: CN20K channel configuration (Sunil Kovvuri Goutham) [Orabug: 39318904] - octeontx2-af: cn20k: Enable RXC on inline inbound cptlf (Bharat Bhushan) [Orabug: 39318904] - octeontx2-af: cn20k: Fix RXC flush and cleanup sequence (Bharat Bhushan) [Orabug: 39318904] - octeontx2-af: cn20k: Add CPT CTX flush support (Tanmay Jagdale) [Orabug: 39318904] - octeontx2-af: fix CPT ctx flush (Srujana Challa) [Orabug: 39318904] - octeontx2-af: cn20k: Setup CPT reassembly Queue Configuration Register (Amit Singh Tomar) [Orabug: 39318904] - octeontx2-af: cn20k: Move RXC specific functions (Tanmay Jagdale) [Orabug: 39318904] - octeontx2-af: cn20k: handle multi-queue reassembly teardown (Amit Singh Tomar) [Orabug: 39318904] - octeontx2-af: cn20k: add mbox for NIX RX inline configuration (Amit Singh Tomar) [Orabug: 39318904] - octeontx2-af: cn20k: add mbox for CPT RX inline configuration (Amit Singh Tomar) [Orabug: 39318904] - octeontx2-af: cn20k: add mbox for CPT RX queue allocation (Amit Singh Tomar) [Orabug: 39318904] - octeontx2-af: cn20k: Add mbox to configure rx inline nixlf (Bharat Bhushan) [Orabug: 39318904] - octeontx2-af: cn20k: Add mbox to configure rx inline profile (Bharat Bhushan) [Orabug: 39318904] - crypto: octeontx2: Add new mailbox to set queue priority (Amit Singh Tomar) [Orabug: 39318904] - octeontx2-af: cn20k: Add rxc teardown support (Bharat Bhushan) [Orabug: 39318904] - octeontx2-af: cn20k: Add queue id to rxc time config mbox (Bharat Bhushan) [Orabug: 39318904] - octeontx2-af: cn20k: Add cpt stats mailbox support (Bharat Bhushan) [Orabug: 39318904] - octeontx2-af: cn20k: add FLT interrupts (Amit Singh Tomar) [Orabug: 39318904] - octeontx2-af: Unify HW interrupt APIs (Amit Singh Tomar) [Orabug: 39318904] - octeontx-af: cpt: Get CPT PF number using PF Device ID (Bharat Bhushan) [Orabug: 39318904] - octeontx2-af: cn20k: cpt: Update max engine calculation (Bharat Bhushan) [Orabug: 39318904] - octeontx2-pf: Add TC rules support for CN20K (Subbaraya Sundeep) [Orabug: 39318904] - octeontx2-pf: Set correct sequence for carrier off and tx queue stop (Suman Ghosh) [Orabug: 39318904] - octeontx2: Fix klockwork issues. (Suman Ghosh) [Orabug: 39318904] - octeontx2-pf: Free queue memory allocated sq timestamp (Ratheesh Kannoth) [Orabug: 39318904] - octeontx2-pf: Check for DMAC extraction support before setting DMAC based hardware filter for a VF (Suman Ghosh) [Orabug: 39318904] - octeontx2-pf: Move REP devlink APIs to separate file (Geetha Sowjanya) [Orabug: 39318904] - octeontx2-af: Fix representor up notification events (Geetha Sowjanya) [Orabug: 39318904] - octeontx2-af: Use ews_rules value to update REP tcam rules (Geetha Sowjanya) [Orabug: 39318904] - Octeontx2-af: Change args for rvu_get_pf (Hariprasad Kelam) [Orabug: 39318904] - octeontx2-af: Add validation before accessing fwdata (Hariprasad Kelam) [Orabug: 39318904] - octeontx2-af: map management port always to first PF (Hariprasad Kelam) [Orabug: 39318904] - octeontx2-af: replace generic error codes (Hariprasad Kelam) [Orabug: 39318904] - octeontx2-af: link mode mapping (Hariprasad Kelam) [Orabug: 39318904] - octeontx2-af: Assign CGX id from PCI revision id (Hariprasad Kelam) [Orabug: 39318904] - octeontx2-af: Remove MAC address validation check (Suman Ghosh) [Orabug: 39318904] - octeontx2-af: lmac validation with is_lmac_valid (Hariprasad Kelam) [Orabug: 39318904] - octeontx2-af: Fix compilation warning/klockwork issues (Hariprasad Kelam) [Orabug: 39318904] - octeontx2-af: configure 802.3 pause frames in SGMII/QSGMII mode (Hariprasad Kelam) [Orabug: 39318904] - octeontx2-af: Add new CGX_CMDs to set and get PHY modulation type (Hariprasad Kelam) [Orabug: 39318904] - octeontx2-af: Do not allow VFs to overwrite PKIND config (Hariprasad Kelam) [Orabug: 39318904] - octeontx2-af: Put CGX LMAC also in Higig2 mode (Hariprasad Kelam) [Orabug: 39318904] - octeontx2-sdp: Add FLR interrupts for Host PFs (Subbaraya Sundeep) [Orabug: 39318904] - octeontx2-sdp: Refactor SDP interrupts code (Subbaraya Sundeep) [Orabug: 39318904] - octeontx2-sdp: Fix SDP channel numbers in NPC rules (Subbaraya Sundeep) [Orabug: 39318904] - octeontx2-sdp: Check whether SDP block is present before access (Subbaraya Sundeep) [Orabug: 39318904] - octeontx2-af: sdp: Fix address range assignment logic (Hariprasad Kelam) [Orabug: 39318904] - octeontx2-af: sdp: Maintain host to RVU GEN PF mapping (Subbaraya Sundeep) [Orabug: 39318904] - octeontx2-sdp: misc SDP fixes (Hariprasad Kelam) [Orabug: 39318904] - octeontx-af: cn20k: Manage rings allocation and freeing (Hariprasad Kelam) [Orabug: 39318904] - octeontx2-af: CN20K: SDP mbox framework (Hariprasad Kelam) [Orabug: 39318904] - octeontx2-af: CN20K: SDP extension driver (Hariprasad Kelam) [Orabug: 39318904] - Octeontx2-pf: enable AF_XDP zero copy support (Hariprasad Kelam) [Orabug: 39318904] - octeontx2-af: Fix clearing TL3_TL2X_LINKX_CFG[ENA] during SMQ flush to drop packets (Naveen Mamindlapalli) [Orabug: 39318904] - octeontx2-af: Fix ROCEV2 RSS hashing QP ID length (Kiran Kumar K) [Orabug: 39318904] - octeontx2-af: Allow to set CPT result address offset (Bharat Bhushan) [Orabug: 39318904] - octeontx2-af: cn20k: add mbox for NIX flow vector configuration (Satheesh Paul A) [Orabug: 39318904] - octeontx2-af: add ROCEv2 header for RSS hashing (Kiran Kumar K) [Orabug: 39318904] - octeontx2-af: Update lbk maximum frame size as per CN20K (Subbaraya Sundeep) [Orabug: 39318904] - octeontx2-af: fix TX scheduler count (Satha Rao) [Orabug: 39318904] - octeontx2-af: Fix the issue of infinite loop in nix_aq_reset (Naveen Mamindlapalli) [Orabug: 39318904] - octeontx2-af: Misc changes in NIX block (Subbaraya Sundeep) [Orabug: 39318904] - octeontx2-af: Dump hw register state on error (Geetha Sowjanya) [Orabug: 39318904] - octeontx2-af: cn20k: Add new mailbox to configure LSO alt flags (Suman Ghosh) [Orabug: 39318904] - octeontx2-af: cn20k: Extend SPI to SA index translation (Bharat Bhushan) [Orabug: 39318904] - octeontx2-pf: notify VF about ptp event (Harman Kalra) [Orabug: 39318904] - octeontx2-af: Sending tsc value to the userspace (Harman Kalra) [Orabug: 39318904] - octeontx2-af: Support for PTP notification to PF (Hariprasad Kelam) [Orabug: 39318904] - octeontx2-af: npa: fix DPC permit register access (Ashwin Sekhar T K) [Orabug: 39318904] - octeontx2-af: npa: cn20k: Add DPC support (Linu Cherian) [Orabug: 39318904] - octeontx2-af: npa: cn20k: Add debugfs support for Halo (Linu Cherian) [Orabug: 39318904] - octeontx2-af: npa: cn20k: Add NPA Halo support (Linu Cherian) [Orabug: 39318904] - octeontx2-af: Fix number of entries in the kpu3 cam (Kiran Kumar K) [Orabug: 39318904] - octeontx2-af: npc: cn20k: Fix subbank count (Ratheesh Kannoth) [Orabug: 39318904] - octeontx2-af: Fix number of entries in the kpu2 cam (Kiran Kumar K) [Orabug: 39318904] - octeontx2-af: add mbox to read default rule (Satheesh Paul A) [Orabug: 39318904] - octeontx2-af: kpu: Input validation check. (Ratheesh Kannoth) [Orabug: 39318904] - octeontx2-af: kpu: Fix lodable profile issue (Ratheesh Kannoth) [Orabug: 39318904] - octeontx2-af: Convert to C99 flexible array (Anshumali Gaur) [Orabug: 39318904] - octeontx2-af: npc: cn20k: Restore stats in defrag (Ratheesh Kannoth) [Orabug: 39318904] - octeontx2-af: Flow delete and free mbox (Ratheesh Kannoth) [Orabug: 39318904] - octeontx2-af: Add traces in NPC mailboxes (Suman Ghosh) [Orabug: 39318904] - octeontx2-af: Fix KPU9 state variable for ROCEV2 (Kiran Kumar K) [Orabug: 39318904] - octeontx2-af: add support for ROCEv2 header parsing (Kiran Kumar K) [Orabug: 39318904] - octeontx2-af: add more VLAN tag parsing in case of E-tag (Kiran Kumar K) [Orabug: 39318904] - octeontx2-af: add changes to fragment flags for cn20k (Kiran Kumar K) [Orabug: 39318904] - octeontx2-af: Avoid updating cn10k registers during cn20k reboot (Suman Ghosh) [Orabug: 39318904] - octeontx2-af: Do not access match stats for cn20k (Subbaraya Sundeep) [Orabug: 39318904] - octeontx2-af: cn20k: Update NPC CSRs (Suman Ghosh) [Orabug: 39318904] - octeontx2-af: Fix out of bound access in entry2counter array (Ratheesh Kannoth) [Orabug: 39318904] - octeontx2-af: Fix initialization of mcam's entry2target_pffunc field (Suman Ghosh) [Orabug: 39318904] - octeontx2-af: add changes to fragment flag extraction in parse nibble (Kiran Kumar K) [Orabug: 39318904] - octeontx2-af: Fix CPT CGX channel mask for cn20k (Sai Krishna) [Orabug: 39318904] - octeontx2-af: add changes to fragment flag in KPU profile for CN20K (Kiran Kumar K) [Orabug: 39318904] - octeontx2-af: fix mcam hit counter (Satheesh Paul A) [Orabug: 39318904] - Revert "octeontx2-af: npc: cn20k: Get base steer rule index." (Rahul Bhansali) [Orabug: 39318904] - octeontx2-af: npc: cn20k: fix rule type for LBK VF (Rahul Bhansali) [Orabug: 39318904] - octeontx2-af: Fix failed to load custom pfl warning (Ratheesh Kannoth) [Orabug: 39318904] - octeontx2-af: add changes to update CPT pad length offset in KPU (Kiran Kumar K) [Orabug: 39318904] - octeontx2-af: npc: cn20k: Fix search order (Ratheesh Kannoth) [Orabug: 39318904] - octeontx2-af: npc: Use dev_dbg() (Ratheesh Kannoth) [Orabug: 39318904] - octeontx2-af: Fix compilation warnings (Sunil Kovvuri Goutham) [Orabug: 39318904] - octeontx2: cn20k: npc: Set action2 for x2 entries. (Ratheesh Kannoth) [Orabug: 39318904] - octeontx2-af: cn20k: Enable action2 programming in npc (Bharat Bhushan) [Orabug: 39318904] - octeontx2-af: npc: cn20k: Set default profile DYNAMIC (Ratheesh Kannoth) [Orabug: 39318904] - octeontx2-af: npc: cn20k: Fix csr register field offset. (Satheesh Paul A) [Orabug: 39318904] - octeontx2-af: npc: cn20k: Reject request for x4 entries in x2 profile. (Ratheesh Kannoth) [Orabug: 39318904] - octeontx2-af: npc: cn20k: Alloc mcam entry for install flow (Ratheesh Kannoth) [Orabug: 39318904] - octeontx2-af: Disable fw load faiure warning (Ratheesh Kannoth) [Orabug: 39318904] - octeontx2-af: Load custom kpu profile from filesystem. (Ratheesh Kannoth) [Orabug: 39318904] - octeontx2-af: npc: cn20k: Fix install flow priority (Kiran Kumar K) [Orabug: 39318904] - octeontx2-af: cn20k: Add support for custom mkex profiles (Suman Ghosh) [Orabug: 39318904] - octeontx2-af: npc: cn20k: Get base steer rule index. (Ratheesh Kannoth) [Orabug: 39318904] - octeontx2-af: npc: cn20k: Stats support (Ratheesh Kannoth) [Orabug: 39318904] - octeontx2-af: cn20k: Reject mcam alloc mbox with invalid keytype (Ratheesh Kannoth) [Orabug: 39318904] - octeontx2-pf: cn20k: Reserve x4 key mcam entries for ntuple (Ratheesh Kannoth) [Orabug: 39318904] - octeontx2-af: npc: cn20k: Get kex related info from PF. (Ratheesh Kannoth) [Orabug: 39318904] - octeontx2-af: npc: cn20k: Fix parse result nibble mask reading. (Ratheesh Kannoth) [Orabug: 39318904] - octeontx2-af: Set correct nibble bits for cn20k (Suman Ghosh) [Orabug: 39318904] - octeontx2-af: Fix parse nibble mask (Suman Ghosh) [Orabug: 39318904] - octeontx2-af: cn20k: Avoid accessing cn10k registers (Suman Ghosh) [Orabug: 39318904] - octeontx2-af: cn20k: Add new mailboxes for CN20K silicon (Suman Ghosh) [Orabug: 39318904] - octeontx2-af: Fix npc_mcam_get_hit_status mbox for cn10k (Ratheesh Kannoth) [Orabug: 39318904] - octeontx2-af: npc: cn20k: Convert vidx to mcam_idx in mbox handler (Ratheesh Kannoth) [Orabug: 39318904] - octeontx2-af: npc: cn20k: Add an mbox interface to defrag (Ratheesh Kannoth) [Orabug: 39318904] - octeontx2-af: npc: cn20k: defragmentation support (Ratheesh Kannoth) [Orabug: 39318904] - octeontx2-af: npc: cn20k: Introduce virtual mcam index (Ratheesh Kannoth) [Orabug: 39318904] - octeontx2-af: npc: cn20k: Validate mcam index before enable/disable (Ratheesh Kannoth) [Orabug: 39318904] - octeontx2-af: npc: cn20k: Add new mailboxes to get kex config and free counts (Suman Ghosh) [Orabug: 39318904] - octeontx2-af: npc: cn20k: Use common APIs to read/write/copy/enable mcam entry (Suman Ghosh) [Orabug: 39318904] - octeontx2-af: Add a new mbox to read/write MCAM hit status (Suman Ghosh) [Orabug: 39318904] - octeontx2-af: npc: cn20k: debugfs support (Ratheesh Kannoth) [Orabug: 39318904] - octeontx2-af: npc: cn20k: Use common APIs to alloc/free/get mcam index. (Ratheesh Kannoth) [Orabug: 39318904] - octeontx2-af: npc: cn20k: Allocate default mcam indexes. (Ratheesh Kannoth) [Orabug: 39318904] - octeontx2-af: npc: cn20k: Modify alloc entry mailbox (Suman Ghosh) [Orabug: 39318904] - ocetontx2-af: npc: cn20k: MKEX profile support (Suman Ghosh) [Orabug: 39318904] - octeontx2-af: npc: cn20k: KPM profile changes (Suman Ghosh) [Orabug: 39318904] - octeontx2-af: npc: cn20k: Index management. (Ratheesh Kannoth) [Orabug: 39318904] - octeontx2: Fix klockwork issues. (Suman Ghosh) [Orabug: 39318904] - octeontx2-af: Fix Support of FDSA tag (George Cherian) [Orabug: 39318904] - octeontx2-af: Support for FDSA tag (Hariprasad Kelam) [Orabug: 39318904] - octeontx2-af: Adding changes to parse stacked VLANs (Kiran Kumar K) [Orabug: 39318904] - Octeontx2-af: Skip overlap check for SPI field (Hariprasad Kelam) [Orabug: 39318904] - octeontx2-af: Fix issue with GRE parsing (Kiran Kumar K) [Orabug: 39318904] - octeontx2-af: Add support to parse more VLAN headers (Kiran Kumar K) [Orabug: 39318904] - octeontx2-af: Fix issue with IPV6 GRE and multi VLAN (Kiran Kumar K) [Orabug: 39318904] - octeontx2-af: Add KPU changes to parse fabric path header (Kiran Kumar K) [Orabug: 39318904] - octeontx2-af: Add few missing changes (Suman Ghosh) [Orabug: 39318904] - octeontx2-af: allow second pass pkts via default ucast entry (Nithin Dabilpuram) [Orabug: 39318904] - octeontx2-af: suppress kpu profile loading warning (Harman Kalra) [Orabug: 39318904] - octeontx2-af: use cpt channel mask in flow install path (Nithin Dabilpuram) [Orabug: 39318904] - octeontx2-af: Add NPC support to filter GTP-U and GTP-C packets based on TEID (Suman Ghosh) [Orabug: 39318904] - octeontx2: cn20k: Assign unique MCS IDs based on PCI enumeration (Subrat Pandey) [Orabug: 39318904] - octeontx2-pf: Choose macsec encryption offload per packet (Subbaraya Sundeep) [Orabug: 39318904] - octeontx2-af: mcs: Use new SCI CAM in hardware (Subbaraya Sundeep) [Orabug: 39318904] - octeontx2-pf: mcs: Fix mcs resources free on PF shutdown (Geetha Sowjanya) [Orabug: 39318904] - octeontx2-af: mcs: Add devlink parameter to toggle MCS bypass mode (Geetha Sowjanya) [Orabug: 39318904] - octeontx2-af: mcs: Display port mapped stats for cn20k (Subbaraya Sundeep) [Orabug: 39318904] - octeontx2-af: cn20k: Add MCS LMAC channel and count configuration (Geetha Sowjanya) [Orabug: 39318904] - octeontx2-af: cn20k: mcs set mcs id and silicon check (Geetha Sowjanya) [Orabug: 39318904] - octeontx2-af: cn20k: Fix mcs tx_sa_map API (Geetha Sowjanya) [Orabug: 39318904] - octeontx2-af: cn20k: Add mcs PN threshold support (Geetha Sowjanya) [Orabug: 39318904] - octeontx2-af: cn20k: MCS add port configure APIs (Geetha Sowjanya) [Orabug: 39318904] - octeontx2-af: cn20K: Add MCS parser configuration (Geetha Sowjanya) [Orabug: 39318904] - octeontx2-af: mcs: Fix mcs register offsets (Geetha Sowjanya) [Orabug: 39318904] - octeontx2-af: mcs: Fix unsupported secy stats read (Geetha Sowjanya) [Orabug: 39318904] - octeontx2-af: cn20k: Add MCS support (Linu Cherian) [Orabug: 39318904] - octeontx2-af: mcs: Remove SA stats support (Ratheesh Kannoth) [Orabug: 39318904] - octeontx2-af: cnf10k-b: mcs: Fix stats reg address (Geetha Sowjanya) [Orabug: 39318904] - octeontx2-af: rvu: enable mcs fips mailboxes (Ankur Dwivedi) [Orabug: 39318904] - octeontx2-af: mcs: add mailboxes for fips (Ankur Dwivedi) [Orabug: 39318904] - octeontx2-af: sso: clear all the sets on init (Pavan Nikhilesh) [Orabug: 39318904] - octeontx2-af: tim: add ring priority support (Pavan Nikhilesh) [Orabug: 39318904] - octeontx2-af: update TIM interval support (Pavan Nikhilesh) [Orabug: 39318904] - octeontx2-af: moderate SSO AF error interrupts (Shijith Thotton) [Orabug: 39318904] - octeontx2-af: lower TIM bucket skip IRQ log level (Pavan Nikhilesh) [Orabug: 39318904] - octeontx2-af: cn20k: remove GTI clock adjustment (Pavan Nikhilesh) [Orabug: 39318904] - octeontx2-af: cn20k: update xaq aura offset (Pavan Nikhilesh) [Orabug: 39318904] - octeontx2-af: cn20k: cleanup SSO EVA on LF reset (Pavan Nikhilesh) [Orabug: 39318904] - octeontx2-af: add SSO HW info mbox (Pavan Nikhilesh) [Orabug: 39318904] - octeontx2-af: add SSO AGGR config and stats mbox (Pavan Nikhilesh) [Orabug: 39318904] - octeontx2-af: add SSO EVA error interrupts (Pavan Nikhilesh) [Orabug: 39318904] - octeontx2-af: update masks for CN20K resources (Pavan Nikhilesh) [Orabug: 39318904] - octeontx2-af: Fixed compilation warnings (Sunil Kovvuri Goutham) [Orabug: 39318904] - octeontx2-af: fix interval flag check (Pavan Nikhilesh) [Orabug: 39318904] - octeontx2-af: add TIM hardware info mbox (Pavan Nikhilesh) [Orabug: 39318904] - octeontx2-af: add TIM HWWQE mbox support (Pavan Nikhilesh) [Orabug: 39318904] - octeontx2-af: add mbox to capture counters (Pavan Nikhilesh) [Orabug: 39318904] - octeontx2-af: reveal only TIM params that are available (Shijith Thotton) [Orabug: 39318904] - octeontx2-af: add TIM error af interrupt handlers (Pavan Nikhilesh) [Orabug: 39318904] - octeontx2-af: clear state on TIM ring disable (Pavan Nikhilesh) [Orabug: 39318904] - octeontx2-af: disable preemption when enabling TIM (Pavan Nikhilesh) [Orabug: 39318904] - octeontx2-af: account for cycle wraparound (Pavan Nikhilesh) [Orabug: 39318904] - octeontx2-af: prevent TIM register read reorder (Pavan Nikhilesh) [Orabug: 39318904] - octeontx2-af: fix arguments passed to XAQ aura deinit (Shijith Thotton) [Orabug: 39318904] - octeontx2-af: debugfs: fix undefined SSO register access (Shijith Thotton) [Orabug: 39318904] - octeontx2-af: update TIM adjust GTI errata silicons (Shijith Thotton) [Orabug: 39318904] - octeontx2-af: update TIM adjust GTI errata silicons (Shijith Thotton) [Orabug: 39318904] - octeontx2-af: add TIM adjust GTI errata workaround (Shijith Thotton) [Orabug: 39318904] - octeontx2-af: cn10k: devlink params to configure TIM (Shijith Thotton) [Orabug: 39318904] - octeontx2-af: TIM: Set conditional clock always on (Geetha Sowjanya) [Orabug: 39318904] - octeontx2-af: Apply relevant HW issue workarounds for 96xx B0 silicon (Sunil Kovvuri Goutham) [Orabug: 39318904] - octeontx2-af: Add SSO and TIM units support to the AF driver (Pavan Nikhilesh) [Orabug: 39318904] - octeontx2-af: enable rxc with lookaside cpt lf (Vidya Sagar Velumuri) [Orabug: 39318904] - octeontx2-af: fix issue with spitosa table teardown (Nithin Dabilpuram) [Orabug: 39318904] - octeontx2-af: fix cflags include paths (Wladislav Wiebe) [Orabug: 39318904] - octeontx2-af: Move out REE mbox messages (Linu Cherian) [Orabug: 39318904] - octeontx2-af: Add generic mbox handler for Eblock (Linu Cherian) [Orabug: 39318904] - octeontx2-af: Use AF extension block interface (Linu Cherian) [Orabug: 39318904] - octeontx2-af: Add RVU AF extension block interface (Linu Cherian) [Orabug: 39318904] - octeontx2-af: Introducing REE block for 98xx (Smadar Fuks) [Orabug: 39318904] - octeontx2-af: fix VF bringup affecting PF promiscous state (Harman Kalra) [Orabug: 39318904] - octeontx2-af: consider mode when using cpt base channel for bp (Nithin Dabilpuram) [Orabug: 39318904] - octeontx2-af: Update minimum receive frame size (Sathesh Edara) [Orabug: 39318904] - octeontx2-af: set default min and max rx len for CPT link (Nithin Dabilpuram) [Orabug: 39318904] - octeontx2-af: add NIX mbox message to get HW info (Shijith Thotton) [Orabug: 39318904] - octeontx2-af: fix inline inbound IPsec configuration (Srujana Challa) [Orabug: 39318904] - octeontx2-af: support for custom L2 header (Satheesh Paul A) [Orabug: 39318904] - octeontx2-af: fix to get different rq mask (Rakesh Kudurumalla) [Orabug: 39318904] - octeontx2-af: poll for tx link credits before link mode change (Naveen Mamindlapalli) [Orabug: 39318904] - octeontx2-af: Handle physical link state change requests (Hariprasad Kelam) [Orabug: 39318904] - octeontx2-af: Add mbox to alloc/free BPIDs (Geetha Sowjanya) [Orabug: 39318904] - octeontx2-af: Dynamically allocate bpids for CPT and LBK (Geetha Sowjanya) [Orabug: 39318904] - octeontx2-af: Add support for SPI to SA index translation (Kiran Kumar K) [Orabug: 39318904] - octeontx2-af: Update HW workarounds for 96xx C0, 98xx and F95xx B0 chips (Geetha Sowjanya) [Orabug: 39318904] - octeontx2-pf: Add devlink support to configure TL1 RR_PRIO (Hariprasad Kelam) [Orabug: 39318904] - octeontx2-af: add support for CPT second pass (Rakesh Kudurumalla) [Orabug: 39318904] - octeontx2-af: add new mbox to support sync cycle on rx path (Satha Rao) [Orabug: 39318904] - octeontx2-af: add support for changing vlan tpid (Nithin Dabilpuram) [Orabug: 39318904] - octeontx2-pf: Fix devm_kcalloc() error checking (Dan Carpenter) [Orabug: 39318904] - octeontx2-pf: Use new bandwidth profiles in receive queue (Subbaraya Sundeep) [Orabug: 39318904] - octeontx2-af: Display new bandwidth profiles too in debugfs (Subbaraya Sundeep) [Orabug: 39318904] - octeontx2-af: Accommodate more bandwidth profiles for cn20k (Subbaraya Sundeep) [Orabug: 39318904] - octeontx2-pf: Initialize new NIX SQ context for cn20k (Subbaraya Sundeep) [Orabug: 39318904] - octeontx2-pf: Initialize cn20k specific aura and pool contexts (Linu Cherian) [Orabug: 39318904] - octeontx2-af: Skip NDC operations for cn20k (Linu Cherian) [Orabug: 39318904] - octeontx2-af: Extend debugfs support for cn20k NPA (Linu Cherian) [Orabug: 39318904] - octeontx2-af: Add cn20k NPA block contexts (Linu Cherian) [Orabug: 39318904] - octeontx2-af: Extend debugfs support for cn20k NIX (Subbaraya Sundeep) [Orabug: 39318904] - octeontx2-af: Add cn20k NIX block contexts (Subbaraya Sundeep) [Orabug: 39318904] - octeontx2-af: Simplify context writing and reading to hardware (Subbaraya Sundeep) [Orabug: 39318904] - octeontx2: convert to ndo_hwtstamp API (Vadim Fedorenko) [Orabug: 39318904] - Octeontx2-af: Fix pci_alloc_irq_vectors() return value check (Harshit Mogalapalli) [Orabug: 39318904] - Octeontx2-af: Fix missing error code in cgx_probe() (Harshit Mogalapalli) [Orabug: 39318904] - octeontx2-pf: fix bitmap leak (Bo Sun) [Orabug: 39318904] - octeontx2-vf: fix bitmap leak (Bo Sun) [Orabug: 39318904] - octeontx2-af: Remove unused declarations (Yue Haibing) [Orabug: 39318904] - Octeontx2-af: Fix NIX X2P calibration failures (Hariprasad Kelam) [Orabug: 39318904] - Octeontx2-vf: Fix max packet length errors (Hariprasad Kelam) [Orabug: 39318904] - Octeontx2-af: Broadcast XON on all channels (Hariprasad Kelam) [Orabug: 39318904] - octeontx2-af: use unsigned int as iterator for unsigned values (Simon Horman) [Orabug: 39318904] - net: Fix typos (Bjorn Helgaas) [Orabug: 39318904] - Octeontx2-af: Debugfs support for firmware data (Hariprasad Kelam) [Orabug: 39318904] - Octeontx2-af: RPM: Update DMA mask (Hariprasad Kelam) [Orabug: 39318904] - Octeontx2-af: Disable stale DMAC filters (Subbaraya Sundeep) [Orabug: 39318904] - Octeontx2-af: Add programmed macaddr to RVU pfvf (Hariprasad Kelam) [Orabug: 39318904] - octeontx2-af: Fix error code in rvu_mbox_init() (Dan Carpenter) [Orabug: 39318904] - Octeontx2-pf: ethtool: support multi advertise mode (Hariprasad Kelam) [Orabug: 39318904] - Octeontx2-af: Introduce mode group index (Hariprasad Kelam) [Orabug: 39318904] - Octeontx-pf: Update SGMII mode mapping (Hariprasad Kelam) [Orabug: 39318904] - octeontx2-af: Fix rvu_mbox_init return path (Subbaraya Sundeep) [Orabug: 39318904] - Octeontx2-pf: Fix Backpresure configuration (Hariprasad Kelam) [Orabug: 39318904] - octeontx2-pf: CN20K mbox implementation between PF-VF (Sai Krishna) [Orabug: 39318904] - octeontx2-af: CN20K mbox implementation for AF's VF (Sai Krishna) [Orabug: 39318904] - octeontx2-pf: CN20K mbox REQ/ACK implementation for NIC PF (Sai Krishna) [Orabug: 39318904] - octeontx2-af: CN20k mbox to support AF REQ/ACK functionality (Sai Krishna) [Orabug: 39318904] - octeontx2-af: CN20k basic mbox operations and structures (Sai Krishna) [Orabug: 39318904] - octeontx2: Set appropriate PF, VF masks and shifts based on silicon (Subbaraya Sundeep) [Orabug: 39318904] - octeontx2-pf: Avoid typecasts by simplifying otx2_atomic64_add macro (Subbaraya Sundeep) [Orabug: 39318904] - octeontx2: Annotate mmio regions as __iomem (Subbaraya Sundeep) [Orabug: 39318904] - octeontx2-pf: macsec: Get MACSEC capability flag from AF (Subbaraya Sundeep) [Orabug: 39318904] - octeontx2-af: Add MACSEC capability flag (Subbaraya Sundeep) [Orabug: 39318904] - octeontx2-af: Send Link events one by one (Subbaraya Sundeep) [Orabug: 39318904] - octeontx2-af: NPC: Clear Unicast rule on nixlf detach (Hariprasad Kelam) [Orabug: 39318904] - octeontx2-pf: Avoid adding dcbnl_ops for LBK and SDP vf (Suman Ghosh) [Orabug: 39318904] - octeontx2-pf: Add tracepoint for NIX_PARSE_S (Subbaraya Sundeep) [Orabug: 39318904] - octeontx2: Add new tracepoint otx2_msg_status (Subbaraya Sundeep) [Orabug: 39318904] - octeontx2: Add pcifunc also to mailbox tracepoints (Subbaraya Sundeep) [Orabug: 39318904] - octeontx2-af: Display names for CPT and UP messages (Subbaraya Sundeep) [Orabug: 39318904] - octeontx2-af: convert dev_dbg to tracepoint in mbox (Subbaraya Sundeep) [Orabug: 39318904] - octeontx2-pf: Fix ethtool support for SDP representors (Hariprasad Kelam) [Orabug: 39318904] - net: octeontx2: Use pure PCI devres API (Philipp Stanner) [Orabug: 39318904] - octeontx2-pf: AF_XDP: code clean up (Hariprasad Kelam) [Orabug: 39318904] - octeontx2-af: Remove unused rvu_npc_enable_bcast_entry (Dr. David Alan Gilbert) [Orabug: 39318904] - xfrm: Add explicit dev to .xdo_dev_state_{add,delete,free} (Cosmin Ratiu) [Orabug: 39318904] - octeontx2-pf: handle otx2_mbox_get_rsp errors (Chenyuan Yang) [Orabug: 39318904] - net: octeontx2: Handle XDP_ABORTED and XDP invalid as XDP_DROP (Lorenzo Bianconi) [Orabug: 39318904] - octeontx2-af: mcs: Remove redundant 'flush_workqueue()' calls (Chen Ni) [Orabug: 39318904] - net: octeontx2: Add metadata support for xdp mode (Lorenzo Bianconi) [Orabug: 39318904] - xfrm: provide common xdo_dev_offload_ok callback implementation (Leon Romanovsky) [Orabug: 39318904] - octeontx2: hide unused label (Arnd Bergmann) [Orabug: 39318904] - octeontx2-pf: AF_XDP zero copy transmit support (Suman Ghosh) [Orabug: 39318904] - octeontx2-pf: Prepare for AF_XDP (Suman Ghosh) [Orabug: 39318904] - octeontx2-pf: Reconfigure RSS table after enabling AF_XDP zerocopy on rx queue (Suman Ghosh) [Orabug: 39318904] - octeontx2-pf: AF_XDP zero copy receive support (Suman Ghosh) [Orabug: 39318904] - octeontx2-pf: use xdp_return_frame() to free xdp buffers (Suman Ghosh) [Orabug: 39318904] - octeontx2-pf: mcs: Remove dead code and semi-colon from rsrc_name() (Nihar Chaithanya) [Orabug: 39318904] - octeontx2-pf: fix error handling of devlink port in rvu_rep_create() (Harshit Mogalapalli) [Orabug: 39318904] - octeontx2-pf: fix netdev memory leak in rvu_rep_create() (Harshit Mogalapalli) [Orabug: 39318904] - octeontx2-af: fix build regression without CONFIG_DCB (Arnd Bergmann) [Orabug: 39318904] - cn10k-ipsec: Fix compilation error when CONFIG_XFRM_OFFLOAD disabled (Bharat Bhushan) [Orabug: 39318904] - octeontx2-af: Fix installation of PF multicast rule (Geetha Sowjanya) [Orabug: 39318904] - cn10k-ipsec: Enable outbound ipsec crypto offload (Bharat Bhushan) [Orabug: 39318904] - cn10k-ipsec: Allow ipsec crypto offload for skb with SA (Bharat Bhushan) [Orabug: 39318904] - cn10k-ipsec: Process outbound ipsec crypto offload (Bharat Bhushan) [Orabug: 39318904] - cn10k-ipsec: Add SA add/del support for outb ipsec crypto offload (Bharat Bhushan) [Orabug: 39318904] - cn10k-ipsec: Init hardware for outbound ipsec crypto offload (Bharat Bhushan) [Orabug: 39318904] - octeontx2-af: Disable backpressure between CPT and NIX (Bharat Bhushan) [Orabug: 39318904] - octeontx2-pf: Move skb fragment map/unmap to common code (Bharat Bhushan) [Orabug: 39318904] - octeontx2-pf: map skb data as device writeable (Bharat Bhushan) [Orabug: 39318904] - octeontx2-af: Fix SDP MAC link credits configuration (Geetha Sowjanya) [Orabug: 39318904] - octeontx2-pf: Fix spelling mistake "reprentator" -> "representor" (Colin Ian King) [Orabug: 39318904] - octeontx2-pf: Adds TC offload support (Geetha Sowjanya) [Orabug: 39318904] - octeontx2-pf: Implement offload stats ndo for representors (Geetha Sowjanya) [Orabug: 39318904] - octeontx2-pf: Add devlink port support (Geetha Sowjanya) [Orabug: 39318904] - octeontx2-pf: Add representors for sdp MAC (Geetha Sowjanya) [Orabug: 39318904] - octeontx2-pf: Configure VF mtu via representor (Geetha Sowjanya) [Orabug: 39318904] - octeontx2-pf: Add support to sync link state between representor and VFs (Geetha Sowjanya) [Orabug: 39318904] - octeontx2-pf: Get VF stats via representor (Geetha Sowjanya) [Orabug: 39318904] - octeontx2-af: Add packet path between representor and VF (Geetha Sowjanya) [Orabug: 39318904] - octeontx2-pf: Add basic net_device_ops (Geetha Sowjanya) [Orabug: 39318904] - octeontx2-pf: Create representor netdev (Geetha Sowjanya) [Orabug: 39318904] - octeontx2-pf: RVU representor driver (Geetha Sowjanya) [Orabug: 39318904] - octeontx2-af: Knobs for NPC default rule counters (Linu Cherian) [Orabug: 39318904] - octeontx2-af: Refactor few NPC mcam APIs (Linu Cherian) [Orabug: 39318904] - octeontx2-pf: Move shared APIs to header file (Geetha Sowjanya) [Orabug: 39318904] - octeontx2-pf: Reuse PF max mtu value (Geetha Sowjanya) [Orabug: 39318904] - octeontx2-pf: Add new APIs for queue memory alloc/free. (Geetha Sowjanya) [Orabug: 39318904] - octeontx2-pf: Define common API for HW resources configuration (Geetha Sowjanya) [Orabug: 39318904] - net: marvell: use ethtool string helpers (Rosen Penev) [Orabug: 39318904] - uek: kabi: update kABI files for new symbols (Saeed Mirzamohammadi) [Orabug: 39268116] - nfsd: fix heap overflow in NFSv4.0 LOCK replay cache (Jeff Layton) [Orabug: 39167615,39361444] {CVE-2026-31402} - netfilter: nf_tables: always walk all pending catchall elements (Florian Westphal) [Orabug: 39110670,39361449] {CVE-2026-23278} - net/sched: Only allow act_ct to bind to clsact/ingress qdiscs and shared blocks (Victor Nogueira) [Orabug: 39103229,39361451] {CVE-2026-23270} [6.12.0-203.76.3] - sched/deadline: Use revised wakeup rule for dl_server (Peter Zijlstra) - netfilter: nfnetlink_queue: make hash table per queue (Florian Westphal) [Orabug: 39339273] {CVE-2026-43084} - netfilter: nfnetlink_queue: nfqnl_instance GFP_ATOMIC -> GFP_KERNEL_ACCOUNT allocation (Scott Mitchell) - Revert "drm/xe: Switch MMIO interface to take xe_mmio instead of xe_gt" (Sasha Levin) - Revert "drm/xe/mmio: Avoid double-adjust in 64-bit reads" (Sasha Levin) - iommu/amd: Fix ivrs_base memleak in early_amd_iommu_init() (Zhen Ni) [Orabug: 39145066] - iommu/amd: Fix header file (Vasant Hegde) [Orabug: 39145066] - iommu/amd: Preserve default DTE fields when updating Host Page Table Root (Alejandro Jimenez) [Orabug: 39145066] - iommu/amd: Enable support for up to 2K interrupts per function (Kishon Vijay Abraham I) [Orabug: 39145066] - iommu/amd: Rename DTE_INTTABLEN* and MAX_IRQS_PER_TABLE macro (Sairaj Kodilkar) [Orabug: 39145066] - iommu/amd: Replace slab cache allocator with page allocator (Sairaj Kodilkar) [Orabug: 39145066] - iommu/amd: Introduce generic function to set multibit feature value (Sairaj Kodilkar) [Orabug: 39145066] - iommu/amd: Remove amd_iommu_apply_erratum_63() (Suravee Suthikulpanit) [Orabug: 39145066] - iommu/amd: Lock DTE before updating the entry with WRITE_ONCE() (Suravee Suthikulpanit) [Orabug: 39145066] - iommu/amd: Modify clear_dte_entry() to avoid in-place update (Suravee Suthikulpanit) [Orabug: 39145066] - iommu/amd: Introduce helper function get_dte256() (Suravee Suthikulpanit) [Orabug: 39145066] - iommu/amd: Modify set_dte_entry() to use 256-bit DTE helpers (Suravee Suthikulpanit) [Orabug: 39145066] - iommu/amd: Introduce helper function to update 256-bit DTE (Suravee Suthikulpanit) [Orabug: 39145066] - iommu/amd: Introduce struct ivhd_dte_flags to store persistent DTE flags (Suravee Suthikulpanit) [Orabug: 39145066] - iommu/amd: Disable AMD IOMMU if CMPXCHG16B feature is not supported (Suravee Suthikulpanit) [Orabug: 39145066] - iommu/amd: Misc ACPI IVRS debug info clean up (Suravee Suthikulpanit) [Orabug: 39145066] - crypto: af_alg - Fix page reassignment overflow in af_alg_pull_tsgl (Herbert Xu) [Orabug: 39250685,39331108] {CVE-2026-43078} - crypto: authencesn - Fix src offset when decrypting in-place (Herbert Xu) [Orabug: 39250685] - crypto: authencesn - Do not place hiseq at end of dst for out-of-place decryption (Herbert Xu) [Orabug: 39250685,39300909] {CVE-2026-43033} - crypto: authenc - use memcpy_sglist() instead of null skcipher (Eric Biggers) [Orabug: 39250685] - crypto: algif_aead - snapshot IV for async AEAD requests (Douya Le) [Orabug: 39250685,39452215] {CVE-2026-46028} - crypto: algif_aead - Revert to operating out-of-place (Herbert Xu) [Orabug: 39250685,39283866,39291972,39292190] {CVE-2026-31431} - crypto: algif_aead - use memcpy_sglist() instead of null skcipher (Eric Biggers) [Orabug: 39250685] {CVE-2026-31431} - crypto: scatterwalk - Backport memcpy_sglist() (Eric Biggers) [Orabug: 39250685] - iommu/arm-smmu-v3: Handle zeroed A4-2C HTTU override settings (Joao Martins) [Orabug: 39260974] [6.12.0-203.76.2] - Revert "rds: Drop rds conn in connect worker if not in down state." (Vijayendra Suman) [Orabug: 39276980] - uek-rpm/config-aarch64: Enable NVIDIA-recommended Vera-Rubin configs (Vijay Kumar) [Orabug: 39157707] - kselftest/arm64: Add HWCAP test for FEAT_LS64 (Yicong Yang) [Orabug: 39157707] - arm64: Provide basic EL2 setup for FEAT_{LS64, LS64_V} usage at EL0/1 (Yicong Yang) [Orabug: 39157707] - perf: arm_spe: Relax period restriction (Leo Yan) [Orabug: 39157707] - perf/arm_cspmu: Add PMEVFILT2R support (Robin Murphy) [Orabug: 39157707] - ACPI: CPPC: Add IS_OPTIONAL_CPC_REG macro to judge if a cpc_reg is optional (Lifeng Zheng) [Orabug: 39157707] - dt-bindings: gpio: Add Tegra256 support (Prathamesh Shete) [Orabug: 39157707] - perf/arm_cspmu: nvidia: Add revision id matching (Besar Wicaksono) [Orabug: 39157707] - arm64: Handle BRBE booting requirements (Anshuman Khandual) [Orabug: 39157707] - arm64: el2_setup.h: Make __init_el2_fgt labels consistent, again (Rob Herring) [Orabug: 39157707] - arm64/gcs: Provide basic EL2 setup to allow GCS usage at EL0 and EL1 (Mark Brown) [Orabug: 39157707] - tools headers arm64: Add NVIDIA Olympus part (Besar Wicaksono) [Orabug: 39157707] - perf arm-spe: Add NVIDIA Olympus to neoverse list (Besar Wicaksono) [Orabug: 39157707] - perf arm_spe: Add CPU variants supporting common data source packet (Leo Yan) [Orabug: 39157707] - arch_topology: Provide a stub topology_core_has_smt() for !CONFIG_GENERIC_ARCH_TOPOLOGY (Yicong Yang) [Orabug: 39157707] - perf: arm_pmuv3: Don't use PMCCNTR_EL0 on SMT cores (Yicong Yang) [Orabug: 39157707] - perf: arm_pmuv3: Factor out PMCCNTR_EL0 use conditions (Yicong Yang) [Orabug: 39157707] - perf/arm_cspmu: nvidia: Add pmevfiltr2 support (Besar Wicaksono) [Orabug: 39157707] - perf/arm_cspmu: Add pmpidr support (Besar Wicaksono) [Orabug: 39157707] - perf/arm_cspmu: Move register definitons to header (Robin Murphy) [Orabug: 39157707] - perf/arm_cspmu: Add callback to reset filter config (Besar Wicaksono) [Orabug: 39157707] - perf/arm_cspmu: Generalise event filtering (Robin Murphy) [Orabug: 39157707] - perf: arm_pmuv3: Add support for the Branch Record Buffer Extension (BRBE) (Rob Herring) [Orabug: 39157707] - arm64/sysreg: Add BRBE registers and fields (Anshuman Khandual) [Orabug: 39157707] - perf: arm_pmu: Move PMUv3-specific data (Mark Rutland) [Orabug: 39157707] - perf: apple_m1: Don't disable counter in m1_pmu_enable_event() (Rob Herring) [Orabug: 39157707] - perf: arm_v7_pmu: Don't disable counter in (armv7|krait_|scorpion_)pmu_enable_event() (Rob Herring) [Orabug: 39157707] - perf: arm_v7_pmu: Drop obvious comments for enabling/disabling counters and interrupts (Rob Herring) [Orabug: 39157707] - perf: arm_pmuv3: Don't disable counter in armv8pmu_enable_event() (Mark Rutland) [Orabug: 39157707] - ACPI: CPPC: Rename EPP constants for clarity (Sumit Gupta) [Orabug: 39157707] - ACPI: CPPC: Add three functions related to autonomous selection (Lifeng Zheng) [Orabug: 39157707] - ACPI: CPPC: Modify cppc_get_auto_sel_caps() to cppc_get_auto_sel() (Lifeng Zheng) [Orabug: 39157707] - cpufreq/amd-pstate: Store the boost numerator as highest perf again (Mario Limonciello) [Orabug: 39157707] - ACPI: CPPC: Refactor register value get and set ABIs (Lifeng Zheng) [Orabug: 39157707] - ACPI: CPPC: Add cppc_set_reg_val() (Lifeng Zheng) [Orabug: 39157707] - ACPI: CPPC: Extract cppc_get_reg_val_in_pcc() (Lifeng Zheng) [Orabug: 39157707] - ACPI: CPPC: Rename cppc_get_perf() to cppc_get_reg_val() (Lifeng Zheng) [Orabug: 39157707] - ACPI: CPPC: Optimize cppc_get_perf() (Lifeng Zheng) [Orabug: 39157707] - ACPI: CPPC: Factor out and export per-cpu cppc_perf_ctrs_in_pcc_cpu() (Jie Zhan) [Orabug: 39157707] - ACPI: CPPC: Clean up cppc_perf_caps and cppc_perf_ctrls structs (Sumit Gupta) [Orabug: 39157707] - cpufreq: CPPC: Add generic helpers for sysfs show/store (Sumit Gupta) [Orabug: 39157707] - cpufreq: CPPC: Add support for autonomous selection (Lifeng Zheng) [Orabug: 39157707] - PCI: Add PCI_BRIDGE_NO_ALIAS quirk for ASPEED AST1150 (Nirmoy Das) [Orabug: 39157707] - PCI: Add ASPEED vendor ID to pci_ids.h (Nirmoy Das) [Orabug: 39157707] - i2c: tegra: Add support for SW mutex register (Kartik) [Orabug: 39157707] - i2c: tegra: Use internal reset when reset property is not available (Akhil R) [Orabug: 39157707] - i2c: tegra: Add HS mode support (Akhil R) [Orabug: 39157707] - i2c: tegra: Update Tegra256 timing parameters (Akhil R) [Orabug: 39157707] - i2c: tegra: Use separate variables for fast and fastplus (Akhil R) [Orabug: 39157707] - i2c: tegra: Add Tegra264 support (Akhil R) [Orabug: 39157707] - i2c: tegra: Add Tegra256 support (Akhil R) [Orabug: 39157707] - i2c: tegra: Do not configure DMA if not supported (Kartik) [Orabug: 39157707] - gpio: tegra186: Fix GPIO name collisions for Tegra410 (Kartik) [Orabug: 39157707] - gpio: tegra186: Use generic macro for port definitions (Kartik) [Orabug: 39157707] - gpio: tegra186: Add support for Tegra410 (Prathamesh Shete) [Orabug: 39157707] - gpio: tegra186: Add support for Tegra256 (Prathamesh Shete) [Orabug: 39157707] - arm64: acpi: Enable ACPI CCEL support (Suzuki K Poulose) [Orabug: 39157707] - arm64: Enable EFI secret area Securityfs support (Suzuki K Poulose) [Orabug: 39157707] - arm64: realm: ioremap: Allow mapping memory as encrypted (Suzuki K Poulose) [Orabug: 39157707] - arm64: Document Arm Confidential Compute (Steven Price) [Orabug: 39157707] - virt: arm-cca-guest: TSM_REPORT support for realms (Sami Mujawar) [Orabug: 39157707] - arm64: Enable memory encrypt for Realms (Suzuki K Poulose) [Orabug: 39157707] - arm64: mm: Avoid TLBI when marking pages as valid (Steven Price) [Orabug: 39157707] - arm64: Enforce bounce buffers for realm DMA (Steven Price) [Orabug: 39157707] - efi: arm64: Map Device with Prot Shared (Suzuki K Poulose) [Orabug: 39157707] - arm64: rsi: Map unprotected MMIO as decrypted (Suzuki K Poulose) [Orabug: 39157707] - arm64: rsi: Add support for checking whether an MMIO is protected (Suzuki K Poulose) [Orabug: 39157707] - arm64: realm: Query IPA size from the RMM (Steven Price) [Orabug: 39157707] - arm64: Detect if in a realm and set RIPAS RAM (Suzuki K Poulose) [Orabug: 39157707] - arm64: rsi: Add RSI definitions (Suzuki K Poulose) [Orabug: 39157707] - PCI/TPH: Add TPH documentation (Wei Huang) [Orabug: 39157707] - PCI/TPH: Add Steering Tag support (Wei Huang) [Orabug: 39157707] - PCI: Add TLP Processing Hints (TPH) support (Wei Huang) [Orabug: 39157707] - sched: Update rq->avg_idle when a task is moved to an idle CPU (Shubhang Kaushik) [Orabug: 39214522] - arm64: mte: Set TCMA1 whenever MTE is present in the kernel (Carl Worth) [Orabug: 39214522] - x86/CPU: Fix FPDSS on Zen1 (Borislav Petkov) [Orabug: 39241227,39273721] {CVE-2026-31628} - uek-rpm: Enable FWCTL modules for aarch64 (Dave Kleikamp) [Orabug: 39252919] - uek-rpm: CONFIG_INTEL_IOMMU_SCALABLE_MODE_DEFAULT_ON should be set (Dave Kleikamp) [Orabug: 39259550]

Severity
important
Lowest
Low
Medium
High
Critical

Related CVEs: CVE-2024-14027 CVE-2024-58096 CVE-2024-58097 CVE-2025-10263 CVE-2025-21709 CVE-2025-21717 CVE-2025-21882 CVE-2025-22116 CVE-2025-38426 CVE-2025-38431 CVE-2025-38584 CVE-2025-39764 CVE-2025-39816 CVE-2025-39832 CVE-2025-39858 CVE-2025-39979 CVE-2025-40135 CVE-2025-40147 CVE-2025-40219 CVE-2025-54518 CVE-2025-68209 CVE-2025-68239 CVE-2025-68333 CVE-2025-68334 CVE-2025-68351 CVE-2025-68358 CVE-2025-68725 CVE-2025-68736 CVE-2025-68737 CVE-2025-71152 CVE-2025-71161 CVE-2025-71197 CVE-2025-71222 CVE-2025-71224 CVE-2025-71225 CVE-2025-71229 CVE-2025-71231 CVE-2025-71232 CVE-2025-71234 CVE-2025-71235 CVE-2025-71236 CVE-2025-71238 CVE-2025-71268 CVE-2025-71269 CVE-2025-71273 CVE-2025-71274 CVE-2025-71286 CVE-2025-71294 CVE-2025-71295 CVE-2025-71297 CVE-2025-71305 CVE-2026-22981 CVE-2026-22985 CVE-2026-22986 CVE-2026-22993 CVE-2026-23004 CVE-2026-23057 CVE-2026-23058 CVE-2026-23059 CVE-2026-23060 CVE-2026-23061 CVE-2026-23062 CVE-2026-23069 CVE-2026-23071 CVE-2026-23072 CVE-2026-23073 CVE-2026-23074 CVE-2026-23076 CVE-2026-23078 CVE-2026-23082 CVE-2026-23083 CVE-2026-23084 CVE-2026-23085 CVE-2026-23086 CVE-2026-23087 CVE-2026-23088 CVE-2026-23089 CVE-2026-23091 CVE-2026-23095 CVE-2026-23097 CVE-2026-23099 CVE-2026-23100 CVE-2026-23101 CVE-2026-23103 CVE-2026-23104 CVE-2026-23105 CVE-2026-23107 CVE-2026-23108 CVE-2026-23110 CVE-2026-23111 CVE-2026-23112 CVE-2026-23113 CVE-2026-23119 CVE-2026-23120 CVE-2026-23123 CVE-2026-23124 CVE-2026-23125 CVE-2026-23126 CVE-2026-23128 CVE-2026-23129 CVE-2026-23131 CVE-2026-23133 CVE-2026-23138 CVE-2026-23146 CVE-2026-23148 CVE-2026-23151 CVE-2026-23154 CVE-2026-23155 CVE-2026-23156 CVE-2026-23157 CVE-2026-23159 CVE-2026-23161 CVE-2026-23163 CVE-2026-23164 CVE-2026-23166 CVE-2026-23168 CVE-2026-23173 CVE-2026-23177 CVE-2026-23178 CVE-2026-23179 CVE-2026-23188 CVE-2026-23189 CVE-2026-23190 CVE-2026-23191 CVE-2026-23193 CVE-2026-23198 CVE-2026-23199 CVE-2026-23200 CVE-2026-23201 CVE-2026-23202 CVE-2026-23204 CVE-2026-23205 CVE-2026-23207 CVE-2026-23209 CVE-2026-23210 CVE-2026-23212 CVE-2026-23213 CVE-2026-23214 CVE-2026-23215 CVE-2026-23216 CVE-2026-23219 CVE-2026-23223 CVE-2026-23229 CVE-2026-23230 CVE-2026-23231 CVE-2026-23237 CVE-2026-23240 CVE-2026-23243 CVE-2026-23244 CVE-2026-23245 CVE-2026-23246 CVE-2026-23249 CVE-2026-23250 CVE-2026-23251 CVE-2026-23252 CVE-2026-23253 CVE-2026-23254 CVE-2026-23255 CVE-2026-23260 CVE-2026-23261 CVE-2026-23262 CVE-2026-23264 CVE-2026-23266 CVE-2026-23270 CVE-2026-23271 CVE-2026-23273 CVE-2026-23274 CVE-2026-23276 CVE-2026-23277 CVE-2026-23278 CVE-2026-23279 CVE-2026-23281 CVE-2026-23285 CVE-2026-23286 CVE-2026-23289 CVE-2026-23290 CVE-2026-23292 CVE-2026-23293 CVE-2026-23296 CVE-2026-23297 CVE-2026-23300 CVE-2026-23302 CVE-2026-23303 CVE-2026-23304 CVE-2026-23306 CVE-2026-23307 CVE-2026-23309 CVE-2026-23310 CVE-2026-23312 CVE-2026-23313 CVE-2026-23315 CVE-2026-23316 CVE-2026-23317 CVE-2026-23318 CVE-2026-23319 CVE-2026-23321 CVE-2026-23335 CVE-2026-23336 CVE-2026-23340 CVE-2026-23343 CVE-2026-23351 CVE-2026-23352 CVE-2026-23354 CVE-2026-23356 CVE-2026-23357 CVE-2026-23359 CVE-2026-23360 CVE-2026-23362 CVE-2026-23365 CVE-2026-23367 CVE-2026-23368 CVE-2026-23369 CVE-2026-23370 CVE-2026-23373 CVE-2026-23374 CVE-2026-23375 CVE-2026-23379 CVE-2026-23380 CVE-2026-23381 CVE-2026-23382 CVE-2026-23383 CVE-2026-23386 CVE-2026-23388 CVE-2026-23389 CVE-2026-23390 CVE-2026-23391 CVE-2026-23392 CVE-2026-23395 CVE-2026-23396 CVE-2026-23397 CVE-2026-23398 CVE-2026-23399 CVE-2026-23401 CVE-2026-23412 CVE-2026-23413 CVE-2026-23414 CVE-2026-23417 CVE-2026-23420 CVE-2026-23434 CVE-2026-23438 CVE-2026-23439 CVE-2026-23440 CVE-2026-23441 CVE-2026-23442 CVE-2026-23443 CVE-2026-23444 CVE-2026-23445 CVE-2026-23447 CVE-2026-23448 CVE-2026-23449 CVE-2026-23452 CVE-2026-23454 CVE-2026-23455 CVE-2026-23456 CVE-2026-23457 CVE-2026-23458 CVE-2026-23461 CVE-2026-23462 CVE-2026-23465 CVE-2026-23468 CVE-2026-23473 CVE-2026-23474 CVE-2026-23475 CVE-2026-31389 CVE-2026-31392 CVE-2026-31393 CVE-2026-31394 CVE-2026-31396 CVE-2026-31399 CVE-2026-31400 CVE-2026-31402 CVE-2026-31403 CVE-2026-31405 CVE-2026-31406 CVE-2026-31407 CVE-2026-31408 CVE-2026-31411 CVE-2026-31413 CVE-2026-31414 CVE-2026-31415 CVE-2026-31416 CVE-2026-31418 CVE-2026-31419 CVE-2026-31421 CVE-2026-31422 CVE-2026-31423 CVE-2026-31424 CVE-2026-31426 CVE-2026-31427 CVE-2026-31428 CVE-2026-31429 CVE-2026-31430 CVE-2026-31431 CVE-2026-31434 CVE-2026-31436 CVE-2026-31438 CVE-2026-31440 CVE-2026-31441 CVE-2026-31446 CVE-2026-31447 CVE-2026-31448 CVE-2026-31449 CVE-2026-31450 CVE-2026-31451 CVE-2026-31452 CVE-2026-31453 CVE-2026-31454 CVE-2026-31455 CVE-2026-31456 CVE-2026-31458 CVE-2026-31462 CVE-2026-31466 CVE-2026-31467 CVE-2026-31469 CVE-2026-31470 CVE-2026-31473 CVE-2026-31474 CVE-2026-31479 CVE-2026-31480 CVE-2026-31487 CVE-2026-31488 CVE-2026-31489 CVE-2026-31492 CVE-2026-31494 CVE-2026-31495 CVE-2026-31496 CVE-2026-31497 CVE-2026-31498 CVE-2026-31500 CVE-2026-31503 CVE-2026-31504 CVE-2026-31505 CVE-2026-31506 CVE-2026-31508 CVE-2026-31510 CVE-2026-31511 CVE-2026-31512 CVE-2026-31513 CVE-2026-31514 CVE-2026-31515 CVE-2026-31516 CVE-2026-31518 CVE-2026-31519 CVE-2026-31520 CVE-2026-31521 CVE-2026-31522 CVE-2026-31523 CVE-2026-31524 CVE-2026-31525 CVE-2026-31527 CVE-2026-31528 CVE-2026-31530 CVE-2026-31531 CVE-2026-31532 CVE-2026-31533 CVE-2026-31540 CVE-2026-31542 CVE-2026-31546 CVE-2026-31548 CVE-2026-31550 CVE-2026-31551 CVE-2026-31552 CVE-2026-31554 CVE-2026-31555 CVE-2026-31556 CVE-2026-31557 CVE-2026-31561 CVE-2026-31563 CVE-2026-31565 CVE-2026-31566 CVE-2026-31570 CVE-2026-31575 CVE-2026-31578 CVE-2026-31580 CVE-2026-31581 CVE-2026-31583 CVE-2026-31586 CVE-2026-31588 CVE-2026-31590 CVE-2026-31593 CVE-2026-31596 CVE-2026-31597 CVE-2026-31598 CVE-2026-31602 CVE-2026-31604 CVE-2026-31607 CVE-2026-31614 CVE-2026-31624 CVE-2026-31625 CVE-2026-31628 CVE-2026-31634 CVE-2026-31638 CVE-2026-31639 CVE-2026-31642 CVE-2026-31647 CVE-2026-31648 CVE-2026-31649 CVE-2026-31651 CVE-2026-31656 CVE-2026-31657 CVE-2026-31658 CVE-2026-31659 CVE-2026-31661 CVE-2026-31662 CVE-2026-31664 CVE-2026-31665 CVE-2026-31666 CVE-2026-31667 CVE-2026-31668 CVE-2026-31669 CVE-2026-31670 CVE-2026-31671 CVE-2026-31672 CVE-2026-31673 CVE-2026-31674 CVE-2026-31675 CVE-2026-31676 CVE-2026-31677 CVE-2026-31678 CVE-2026-31679 CVE-2026-31680 CVE-2026-31681 CVE-2026-31682 CVE-2026-31683 CVE-2026-31684 CVE-2026-31685 CVE-2026-31688 CVE-2026-31689 CVE-2026-31693 CVE-2026-31694 CVE-2026-31696 CVE-2026-31697 CVE-2026-31698 CVE-2026-31699 CVE-2026-31700 CVE-2026-31701 CVE-2026-31708 CVE-2026-31709 CVE-2026-31729 CVE-2026-31731 CVE-2026-31733 CVE-2026-31738 CVE-2026-31752 CVE-2026-31758 CVE-2026-31759 CVE-2026-31761 CVE-2026-31762 CVE-2026-31763 CVE-2026-31765 CVE-2026-31767 CVE-2026-31772 CVE-2026-31773 CVE-2026-31774 CVE-2026-31776 CVE-2026-31778 CVE-2026-31779 CVE-2026-31781 CVE-2026-31786 CVE-2026-31787 CVE-2026-31788 CVE-2026-43012 CVE-2026-43013 CVE-2026-43014 CVE-2026-43015 CVE-2026-43016 CVE-2026-43017 CVE-2026-43018 CVE-2026-43019 CVE-2026-43020 CVE-2026-43023 CVE-2026-43024 CVE-2026-43025 CVE-2026-43026 CVE-2026-43027 CVE-2026-43028 CVE-2026-43030 CVE-2026-43033 CVE-2026-43035 CVE-2026-43036 CVE-2026-43037 CVE-2026-43038 CVE-2026-43040 CVE-2026-43041 CVE-2026-43043 CVE-2026-43046 CVE-2026-43047 CVE-2026-43049 CVE-2026-43050 CVE-2026-43051 CVE-2026-43052 CVE-2026-43054 CVE-2026-43056 CVE-2026-43057 CVE-2026-43059 CVE-2026-43060 CVE-2026-43061 CVE-2026-43062 CVE-2026-43063 CVE-2026-43064 CVE-2026-43065 CVE-2026-43066 CVE-2026-43068 CVE-2026-43069 CVE-2026-43071 CVE-2026-43072 CVE-2026-43073 CVE-2026-43074 CVE-2026-43075 CVE-2026-43076 CVE-2026-43077 CVE-2026-43078 CVE-2026-43079 CVE-2026-43080 CVE-2026-43084 CVE-2026-43085 CVE-2026-43086 CVE-2026-43089 CVE-2026-43090 CVE-2026-43091 CVE-2026-43092 CVE-2026-43093 CVE-2026-43094 CVE-2026-43099 CVE-2026-43104 CVE-2026-43105 CVE-2026-43107 CVE-2026-43110 CVE-2026-43111 CVE-2026-43112 CVE-2026-43113 CVE-2026-43114 CVE-2026-43117 CVE-2026-43119 CVE-2026-43120 CVE-2026-43123 CVE-2026-43124 CVE-2026-43125 CVE-2026-43126 CVE-2026-43128 CVE-2026-43129 CVE-2026-43130 CVE-2026-43132 CVE-2026-43133 CVE-2026-43134 CVE-2026-43135 CVE-2026-43136 CVE-2026-43137 CVE-2026-43139 CVE-2026-43140 CVE-2026-43143 CVE-2026-43147 CVE-2026-43150 CVE-2026-43152 CVE-2026-43153 CVE-2026-43156 CVE-2026-43158 CVE-2026-43161 CVE-2026-43163 CVE-2026-43167 CVE-2026-43168 CVE-2026-43169 CVE-2026-43170 CVE-2026-43171 CVE-2026-43177 CVE-2026-43178 CVE-2026-43180 CVE-2026-43186 CVE-2026-43187 CVE-2026-43189 CVE-2026-43190 CVE-2026-43194 CVE-2026-43199 CVE-2026-43201 CVE-2026-43206 CVE-2026-43210 CVE-2026-43211 CVE-2026-43214 CVE-2026-43215 CVE-2026-43218 CVE-2026-43220 CVE-2026-43223 CVE-2026-43231 CVE-2026-43233 CVE-2026-43238 CVE-2026-43239 CVE-2026-43243 CVE-2026-43246 CVE-2026-43248 CVE-2026-43251 CVE-2026-43252 CVE-2026-43253 CVE-2026-43255 CVE-2026-43257 CVE-2026-43260 CVE-2026-43261 CVE-2026-43262 CVE-2026-43264 CVE-2026-43265 CVE-2026-43266 CVE-2026-43271 CVE-2026-43273 CVE-2026-43275 CVE-2026-43277 CVE-2026-43278 CVE-2026-43279 CVE-2026-43281 CVE-2026-43284 CVE-2026-43287 CVE-2026-43288 CVE-2026-43289 CVE-2026-43292 CVE-2026-43304 CVE-2026-43306 CVE-2026-43313 CVE-2026-43314 CVE-2026-43315 CVE-2026-43316 CVE-2026-43318 CVE-2026-43319 CVE-2026-43320 CVE-2026-43328 CVE-2026-43329 CVE-2026-43332 CVE-2026-43333 CVE-2026-43334 CVE-2026-43336 CVE-2026-43338 CVE-2026-43339 CVE-2026-43341 CVE-2026-43350 CVE-2026-43357 CVE-2026-43359 CVE-2026-43360 CVE-2026-43361 CVE-2026-43362 CVE-2026-43363 CVE-2026-43365 CVE-2026-43366 CVE-2026-43368 CVE-2026-43370 CVE-2026-43371 CVE-2026-43374 CVE-2026-43381 CVE-2026-43382 CVE-2026-43383 CVE-2026-43392 CVE-2026-43393 CVE-2026-43394 CVE-2026-43395 CVE-2026-43397 CVE-2026-43403 CVE-2026-43405 CVE-2026-43406 CVE-2026-43407 CVE-2026-43408 CVE-2026-43409 CVE-2026-43411 CVE-2026-43413 CVE-2026-43415 CVE-2026-43419 CVE-2026-43420 CVE-2026-43425 CVE-2026-43427 CVE-2026-43428 CVE-2026-43429 CVE-2026-43430 CVE-2026-43432 CVE-2026-43436 CVE-2026-43437 CVE-2026-43438 CVE-2026-43439 CVE-2026-43441 CVE-2026-43444 CVE-2026-43445 CVE-2026-43448 CVE-2026-43449 CVE-2026-43450 CVE-2026-43451 CVE-2026-43452 CVE-2026-43453 CVE-2026-43456 CVE-2026-43459 CVE-2026-43466 CVE-2026-43468 CVE-2026-43469 CVE-2026-43470 CVE-2026-43471 CVE-2026-43472 CVE-2026-43473 CVE-2026-43475 CVE-2026-43482 CVE-2026-43483 CVE-2026-43484 CVE-2026-43486 CVE-2026-43487 CVE-2026-43488 CVE-2026-43491 CVE-2026-43493 CVE-2026-43499 CVE-2026-43500 CVE-2026-43501 CVE-2026-43503 CVE-2026-45847 CVE-2026-45851 CVE-2026-45852 CVE-2026-45853 CVE-2026-45855 CVE-2026-45856 CVE-2026-45857 CVE-2026-45858 CVE-2026-45859 CVE-2026-45860 CVE-2026-45861 CVE-2026-45862 CVE-2026-45868 CVE-2026-45870 CVE-2026-45871 CVE-2026-45872 CVE-2026-45873 CVE-2026-45877 CVE-2026-45878 CVE-2026-45886 CVE-2026-45888 CVE-2026-45890 CVE-2026-45892 CVE-2026-45894 CVE-2026-45895 CVE-2026-45898 CVE-2026-45899 CVE-2026-45905 CVE-2026-45910 CVE-2026-45912 CVE-2026-45913 CVE-2026-45914 CVE-2026-45915 CVE-2026-45916 CVE-2026-45917 CVE-2026-45919 CVE-2026-45920 CVE-2026-45922 CVE-2026-45923 CVE-2026-45925 CVE-2026-45933 CVE-2026-45941 CVE-2026-45942 CVE-2026-45943 CVE-2026-45947 CVE-2026-45948 CVE-2026-45949 CVE-2026-45957 CVE-2026-45962 CVE-2026-45964 CVE-2026-45968 CVE-2026-45970 CVE-2026-45972 CVE-2026-45973 CVE-2026-45974 CVE-2026-45976 CVE-2026-45982 CVE-2026-45983 CVE-2026-45984 CVE-2026-45985 CVE-2026-45987 CVE-2026-45988 CVE-2026-45992 CVE-2026-45997 CVE-2026-45998 CVE-2026-46000 CVE-2026-46002 CVE-2026-46003 CVE-2026-46004 CVE-2026-46005 CVE-2026-46006 CVE-2026-46015 CVE-2026-46018 CVE-2026-46021 CVE-2026-46023 CVE-2026-46024 CVE-2026-46026 CVE-2026-46028 CVE-2026-46033 CVE-2026-46037 CVE-2026-46038 CVE-2026-46040 CVE-2026-46043 CVE-2026-46046 CVE-2026-46047 CVE-2026-46048 CVE-2026-46049 CVE-2026-46050 CVE-2026-46051 CVE-2026-46052 CVE-2026-46056 CVE-2026-46061 CVE-2026-46069 CVE-2026-46070 CVE-2026-46076 CVE-2026-46078 CVE-2026-46079 CVE-2026-46080 CVE-2026-46082 CVE-2026-46083 CVE-2026-46084 CVE-2026-46085 CVE-2026-46086 CVE-2026-46088 CVE-2026-46089 CVE-2026-46091 CVE-2026-46092 CVE-2026-46094 CVE-2026-46099 CVE-2026-46101 CVE-2026-46102 CVE-2026-46109 CVE-2026-46165 CVE-2026-46242 CVE-2026-46243 CVE-2026-46300 CVE-2026-46331 CVE-2026-46333 CVE-2026-52943

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here