ELSA-2025-20553

Описание

[5.4.17-2136.347.6]

• net_sched: sch_sfq: move the limit validation (Octavian Purdila) [Orabug: 38377926] {CVE-2025-37752}
• net_sched: sch_sfq: use a temporary work area for validating configuration (Octavian Purdila) [Orabug: 38377926]
• net_sched: sch_sfq: don't allow 1 packet limit (Octavian Purdila) [Orabug: 38377926] {CVE-2024-57996}
• net_sched: sch_sfq: handle bigger packets (Eric Dumazet) [Orabug: 38377926]
• net_sched: sch_sfq: annotate data-races around q->perturb_period (Eric Dumazet) [Orabug: 38377926]

[5.4.17-2136.347.5]

• squashfs: fix memory leak in squashfs_fill_super (Phillip Lougher)
• netfilter: nf_tables: adjust lockdep assertions handling (Fedor Pchelkin)
• Revert 'vgacon: Add check for vc_origin address range in vgacon_scroll()' (Helge Deller)
• ASoC: ops: dynamically allocate struct snd_ctl_elem_value (Arnd Bergmann)

[5.4.17-2136.347.4]

• KVM: x86: use array_index_nospec with indices that come from guest (Thijs Raymakers) [Orabug: 38319938]
• KVM: APIC: add helper func to remove duplicate code in kvm_pv_send_ipi (Miaohe Lin) [Orabug: 38319938]
• rds: Fix NULL ptr deref in xas_start (Hakon Bugge) [Orabug: 38169303]

[5.4.17-2136.347.3]

• mm: make page_mapped_in_vma() hugetlb walk aware (Jane Chu) [Orabug: 38146326]
• mm/rmap: Fix handling of hugetlbfs pages in page_vma_mapped_walk (Zhenwei Pi) [Orabug: 38146326]

[5.4.17-2136.347.2]

• rds: tcp: block BH in TCP callbacks (Eric Dumazet) [Orabug: 38236847]
• kexec: Improve & fix crash_exclude_mem_range() to handle overlapping ranges (Lianbo Jiang) [Orabug: 38134902]
• module: correctly exit module_kallsyms_on_each_symbol when fn() != 0 (Jon Mediero) [Orabug: 37820709]
• module: potential uninitialized return in module_kallsyms_on_each_symbol() (Dan Carpenter) [Orabug: 37820709]
• module: use RCU to synchronize find_module (Christoph Hellwig) [Orabug: 37820709]
• kallsyms: refactor {,module_}kallsyms_on_each_symbol (Christoph Hellwig) [Orabug: 37820709]

[5.4.17-2136.347.1]

• LTS tag: v5.4.295 (Alok Tiwari)
• scsi: qedf: Use designated initializer for struct qed_fcoe_cb_ops (Kees Cook)
• arm64/ptrace: Fix stack-out-of-bounds read in regs_get_kernel_stack_nth() (Tengda Wu) [Orabug: 38180596] {CVE-2025-38320}
• perf: Fix sample vs do_exit() (Peter Zijlstra) [Orabug: 38254030] {CVE-2025-38424}
• s390/pci: Fix __pcilg_mio_inuser() inline assembly (Heiko Carstens)
• rtc: test: Fix invalid format specifier. (David Gow)
• jbd2: fix data-race and null-ptr-deref in jbd2_journal_dirty_metadata() (Jeongjun Park) [Orabug: 38180707] {CVE-2025-38337}
• mm/huge_memory: fix dereferencing invalid pmd migration entry (Gavin Guo) [Orabug: 37976985] {CVE-2025-37958}
• rtc: Make rtc_time64_to_tm() support dates before 1970 (Alexandre Mergnat)
• rtc: Improve performance of rtc_time64_to_tm(). Add tests. (Cassio Neri)
• xprtrdma: fix pointer derefs in error cases of rpcrdma_ep_create (Dan Aloni) [Orabug: 37101886] {CVE-2022-48773}
• posix-cpu-timers: fix race between handle_posix_cpu_timers() and posix_cpu_timer_del() (Oleg Nesterov) [Orabug: 38223087] {CVE-2025-38352}
• ARM: dts: am335x-bone-common: Increase MDIO reset deassert delay to 50ms (Geert Uytterhoeven)
• ARM: dts: am335x-bone-common: Increase MDIO reset deassert time (Colin Foster)
• ARM: dts: am335x-bone-common: Add GPIO PHY reset on revision C3 board (Shengyu Qu)
• net: atm: fix /proc/net/atm/lec handling (Eric Dumazet) [Orabug: 38158407] {CVE-2025-38180}
• net: atm: add lec_mutex (Eric Dumazet) [Orabug: 38180612] {CVE-2025-38323}
• calipso: Fix null-ptr-deref in calipso_req_{set,del}attr(). (Kuniyuki Iwashima) [Orabug: 38158413] {CVE-2025-38181}
• tipc: fix null-ptr-deref when acquiring remote ip of ethernet bearer (Haixia Qu) [Orabug: 38158425] {CVE-2025-38184}
• tcp: fix tcp_packet_delayed() for tcp_is_non_sack_preventing_reopen() behavior (Neal Cardwell)
• atm: atmtcp: Free invalid length skb in atmtcp_c_send(). (Kuniyuki Iwashima) [Orabug: 38158434] {CVE-2025-38185}
• mpls: Use rcu_dereference_rtnl() in mpls_route_input_rcu(). (Kuniyuki Iwashima) [Orabug: 38180618] {CVE-2025-38324}
• wifi: carl9170: do not ping device which has failed to load firmware (Dmitry Antipov) [Orabug: 38254011] {CVE-2025-38420}
• aoe: clean device rq_list in aoedev_downdev() (Justin Sanders) [Orabug: 38180629] {CVE-2025-38326}
• hwmon: (occ) fix unaligned accesses (Arnd Bergmann)
• drm/nouveau/bl: increase buffer size to avoid truncate warning (Jacob Keller)
• erofs: remove unused trace event erofs_destroy_inode (Gao Xiang)
• ALSA: hda/realtek: enable headset mic on Latitude 5420 Rugged (Jonathan Lane)
• ALSA: hda/intel: Add Thinkpad E15 to PM deny list (Takashi Iwai)
• Input: sparcspkr - avoid unannotated fall-through (Yuli Wang)
• HID: usbhid: Eliminate recurrent out-of-bounds bug in usbhid_parse() (Terry Junge) [Orabug: 38152878] {CVE-2025-38103}
• atm: Revert atm_account_tx() if copy_from_iter_full() fails. (Kuniyuki Iwashima) [Orabug: 38158458] {CVE-2025-38190}
• selinux: fix selinux_xfrm_alloc_user() to set correct ctx_len (Stephen Smalley)
• scsi: s390: zfcp: Ensure synchronous unit_add (Peter Oberparleiter)
• scsi: storvsc: Increase the timeouts to storvsc_timeout (Dexuan Cui)
• jffs2: check jffs2_prealloc_raw_node_refs() result in few other places (Fedor Pchelkin) [Orabug: 38180636] {CVE-2025-38328}
• jffs2: check that raw node were preallocated before writing summary (Artem Sadovnikov) [Orabug: 38158484] {CVE-2025-38194}
• drivers/rapidio/rio_cm.c: prevent possible heap overwrite (Andrew Morton) [Orabug: 38137454] {CVE-2025-38090}
• powerpc/eeh: Fix missing PE bridge reconfiguration during VFIO EEH recovery (Narayana Murty N)
• platform/x86: dell_rbu: Stop overwriting data buffer (Stuart Hayes)
• platform: Add Surface platform directory (Maximilian Luz)
• Revert 'bus: ti-sysc: Probe for l4_wkup and l4_cfg interconnect devices first' (Alexander Sverdlin)
• tee: Prevent size calculation wraparound on 32-bit kernels (Jann Horn)
• ARM: OMAP2+: Fix l4ls clk domain handling in STANDBY (Sukrut Bellary)
• bus: fsl-mc: increase MC_CMD_COMPLETION_TIMEOUT_MS value (Laurentiu Tudor)
• watchdog: da9052_wdt: respect TWDMIN (Marcus Folkesson)
• i40e: fix MMIO write access to an invalid page in i40e_clear_hw (Kyungwook Boo) [Orabug: 38158518] {CVE-2025-38200}
• sock: Correct error checking condition for (assign|release)_proto_idx() (Zijun Hu)
• scsi: lpfc: Use memcpy() for BIOS version (Daniel Wagner) [Orabug: 38180668] {CVE-2025-38332}
• vxlan: Do not treat dst cache initialization errors as fatal (Ido Schimmel)
• clk: rockchip: rk3036: mark ddrphy as critical (Heiko Stuebner)
• wifi: mac80211: do not offer a mesh path if forwarding is disabled (Benjamin Berg)
• net: mlx4: add SOF_TIMESTAMPING_TX_SOFTWARE flag when getting ts info (Jason Xing)
• pinctrl: armada-37xx: propagate error from armada_37xx_gpio_get() (Gabor Juhos)
• pinctrl: armada-37xx: propagate error from armada_37xx_pmx_gpio_set_direction() (Gabor Juhos)
• pinctrl: armada-37xx: propagate error from armada_37xx_gpio_get_direction() (Gabor Juhos)
• pinctrl: armada-37xx: propagate error from armada_37xx_pmx_set_by_name() (Gabor Juhos)
• ipv4/route: Use this_cpu_inc() for stats on PREEMPT_RT (Sebastian Andrzej Siewior)
• tcp: fix initial tp->rcvq_space.space value for passive TS enabled flows (Eric Dumazet)
• tcp: always seek for minimal rtt in tcp_rcv_rtt_update() (Eric Dumazet)
• net: dlink: add synchronization for stats update (Moon Yeounsu)
• sctp: Do not wake readers in __sctp_write_space() (Petr Malat)
• emulex/benet: correct command version selection in be_cmd_get_stats() (Alok Tiwari)
• i2c: designware: Invoke runtime suspend on quick slave re-registration (Tan En De)
• net: macb: Check return value of dma_set_mask_and_coherent() (Sergio Perez Gonzalez)
• cpufreq: Force sync policy boost with global boost on sysfs update (Viresh Kumar)
• nios2: force update_mmu_cache on spurious tlb-permission--related pagefaults (Simon Schuster)
• media: platform: exynos4-is: Add hardware sync wait to fimc_is_hw_change_mode() (Xu Wang) [Orabug: 38175014] {CVE-2025-38237}
• media: tc358743: ignore video while HPD is low (Hans Verkuil)
• drm/amdkfd: Set SDMA_RLCx_IB_CNTL/SWITCH_INSIDE_IB (Amber Lin)
• jfs: Fix null-ptr-deref in jfs_ioc_trim (Dylan Wolff) [Orabug: 38158546] {CVE-2025-38203}
• drm/amdgpu/gfx9: fix CSIB handling (Alex Deucher)
• drm/amdgpu/gfx8: fix CSIB handling (Alex Deucher)
• jfs: fix array-index-out-of-bounds read in add_missing_indices (Aditya Dutt) [Orabug: 38158553] {CVE-2025-38204}
• drm/amdgpu/gfx7: fix CSIB handling (Alex Deucher)
• drm/amdgpu/gfx10: fix CSIB handling (Alex Deucher)
• drm/msm/a6xx: Increase HFI response timeout (Akhil P Oommen)
• drm/amd/display: Add NULL pointer checks in dm_force_atomic_commit() (Srinivasan Shanmugam)
• media: uapi: v4l: Fix V4L2_TYPE_IS_OUTPUT condition (Nas Chung)
• drm/msm/hdmi: add runtime PM calls to DDC transfer function (Dmitry Baryshkov)
• drm/bridge: analogix_dp: Add irq flag IRQF_NO_AUTOEN instead of calling disable_irq() (Damon Ding)
• sunrpc: update nextcheck time when adding new cache entries (Long Li)
• drm/amdgpu/gfx6: fix CSIB handling (Alex Deucher)
• ACPI: battery: negate current when discharging (Peter Marheine)
• PM: runtime: fix denying of auto suspend in pm_suspend_timer_fn() (Charan Teja Kalla)
• power: supply: bq27xxx: Retrieve again when busy (Jerry Lv)
• ACPICA: fix acpi parse and parseext cache leaks (Seunghun Han) [Orabug: 38180748] {CVE-2025-38344}
• ACPICA: Avoid sequence overread in call to strncmp() (Ahmed Salem)
• ACPICA: fix acpi operand cache leak in dswstate.c (Seunghun Han) [Orabug: 38180756] {CVE-2025-38345}
• iio: adc: ad7606_spi: fix reg write value mask (David Lechner)
• PCI: Fix lock symmetry in pci_slot_unlock() (Ilpo Jarvinen)
• PCI: Add ACS quirk for Loongson PCIe (Huacai Chen)
• uio_hv_generic: Use correct size for interrupt and monitor pages (Long Li)
• regulator: max14577: Add error check for max14577_read_reg() (Xu Wang)
• mips: Add -std= flag specified in KBUILD_CFLAGS to vdso CFLAGS (Khem Raj)
• staging: iio: ad5933: Correct settling cycles encoding per datasheet (Gabriel)
• net: ch9200: fix uninitialised access during mii_nway_restart (Qasim Ijaz) [Orabug: 38132189] {CVE-2025-38086}
• ftrace: Fix UAF when lookup kallsym after ftrace disabled (Ye Bin) [Orabug: 38180768] {CVE-2025-38346}
• dm-mirror: fix a tiny race condition (Mikulas Patocka)
• mtd: nand: sunxi: Add randomizer configuration before randomizer enable (Xu Wang)
• mtd: rawnand: sunxi: Add randomizer configuration in sunxi_nfc_hw_ecc_write_chunk (Xu Wang)
• mm: fix ratelimit_pages update error in dirty_ratio_handler() (Jinliang Zheng)
• ipc: fix to protect IPCS lookups using RCU (Jeongjun Park) [Orabug: 38158598] {CVE-2025-38212}
• parisc: fix building with gcc-15 (Arnd Bergmann)
• vgacon: Add check for vc_origin address range in vgacon_scroll() (Gong, Ruiqi)
• fbdev: Fix fb_set_var to prevent null-ptr-deref in fb_videomode_to_var (Murad Masimov) [Orabug: 38158615] {CVE-2025-38214}
• EDAC/altera: Use correct write width with the INTTEST register (Niravkumar L Rabara)
• NFC: nci: uart: Set tty->disc_data only in success path (Krzysztof Kozlowski) [Orabug: 38253992] {CVE-2025-38416}
• f2fs: prevent kernel warning due to negative i_nlink from corrupted image (Jaegeuk Kim) [Orabug: 38158649] {CVE-2025-38219}
• Input: ims-pcu - check record size in ims_pcu_flash_firmware() (Dan Carpenter) [Orabug: 38254054] {CVE-2025-38428}
• ext4: fix calculation of credits for extent tree modification (Jan Kara)
• ext4: inline: fix len overflow in ext4_prepare_inline_data (Thadeu Lima de Souza Cascardo) [Orabug: 38158662] {CVE-2025-38222}
• bus: fsl-mc: do not add a device-link for the UAPI used DPMCP device (Ioana Ciornei)
• ata: pata_via: Force PIO for ATAPI devices on VT6415/VT6330 (Tasos Sahanidis) [Orabug: 38180697] {CVE-2025-38336}
• ARM: 9447/1: arm/memremap: fix arch_memremap_can_ram_remap() (Ross Stutterheim)
• media: v4l2-dev: fix error handling in __video_register_device() (Ma Ke)
• media: gspca: Add error handling for stv06xx_read_sensor() (Xu Wang)
• wifi: rtlwifi: disable ASPM for RTL8723BE with subsystem ID 11ad:1723 (Mingcong Bai)
• nfsd: nfsd4_spo_must_allow() must check this is a v4 compound request (Neil Brown) [Orabug: 38254062] {CVE-2025-38430}
• wifi: p54: prevent buffer-overflow in p54_rx_eeprom_readback() (Christian Lamparter) [Orabug: 38180783] {CVE-2025-38348}
• gfs2: move msleep to sleepable context (Alexander Aring)
• configfs: Do not override creating attribute file failure in populate_attrs() (Zijun Hu)
• net: usb: aqc111: debug info before sanitation (Oliver Neukum)
• calipso: unlock rcu before returning -EAFNOSUPPORT (Eric Dumazet)
• xen/arm: call uaccess_ttbr0_enable for dm_op hypercall (Stefano Stabellini)
• usb: Flush altsetting 0 endpoints before reinitializating them after reset. (Mathias Nyman)
• fs/filesystems: Fix potential unsigned integer underflow in fs_name() (Zijun Hu)
• net/mdiobus: Fix potential out-of-bounds read/write access (Jakub Raczynski)
• drm/amd/display: Do not add '-mhard-float' to dcn2{1,0}_resource.o for clang (Nathan Chancellor)
• drm/amd/display: Do not add '-mhard-float' to dml_ccflags for clang (Nathan Chancellor)
• MIPS: Move '-Wa,-msoft-float' check from as-option to cc-option (Nathan Chancellor)
• x86/boot/compressed: prefer cc-option for CFLAGS additions (Nick Desaulniers)
• net: mdio: C22 is now optional, EOPNOTSUPP if not provided (Andrew Lunn)
• net_sched: tbf: fix a race in tbf_change() (Eric Dumazet)
• net_sched: red: fix a race in __red_change() (Eric Dumazet) [Orabug: 38152899] {CVE-2025-38108}
• net_sched: prio: fix a race in prio_tune() (Eric Dumazet) [Orabug: 38105335] {CVE-2025-38083}
• net/mlx5: Fix return value when searching for existing flow group (Patrisious Haddad)
• net/mlx5: Wait for inactive autogroups (Paul Blakey)
• i40e: retry VFLR handling if there is ongoing VF reset (Robert Malz)
• i40e: return false from i40e_reset_vf if reset is in progress (Robert Malz)
• net_sched: sch_sfq: fix a potential crash on gso_skb handling (Eric Dumazet) [Orabug: 38152923] {CVE-2025-38115}
• scsi: iscsi: Fix incorrect error path labels for flashnode operations (Alok Tiwari)
• NFSD: Fix NFSv3 SETATTR/CREATE's handling of large file sizes (Chuck Lever) [Orabug: 36954169] {CVE-2022-48829}
• NFSD: Fix ia_size underflow (Chuck Lever) [Orabug: 36954164] {CVE-2022-48828}
• Input: synaptics-rmi - fix crash with unsupported versions of F34 (Dmitry Torokhov)
• Input: synaptics-rmi4 - convert to use sysfs_emit() APIs (Zhang Songyi)
• pmdomain: core: Fix error checking in genpd_dev_pm_attach_by_id() (Dan Carpenter)
• do_change_type(): refuse to operate on unmounted/not ours mounts (Al Viro) [Orabug: 38256450] {CVE-2025-38498}
• ice: create new Tx scheduler nodes for new queues only (Michal Kubiak)
• Bluetooth: L2CAP: Fix not responding with L2CAP_CR_LE_ENCRYPTION (Luiz Augusto von Dentz)
• net/mlx4_en: Prevent potential integer overflow calculating Hz (Dan Carpenter)
• vt: remove VT_RESIZE and VT_RESIZEX from vt_compat_ioctl() (Nicolas Pitre)
• serial: Fix potential null-ptr-deref in mlb_usio_probe() (Henry Martin) [Orabug: 38153012] {CVE-2025-38135}
• usb: renesas_usbhs: Reorder clock handling and power management in probe (Lad Prabhakar) [Orabug: 38153017] {CVE-2025-38136}
• rtc: Fix offset calculation for .start_secs < 0 (Alexandre Mergnat)
• rtc: sh: assign correct interrupts with DT (Wolfram Sang)
• perf record: Fix incorrect --user-regs comments (Dapeng Mi)
• perf tests switch-tracking: Fix timestamp comparison (Leo Yan)
• mfd: stmpe-spi: Correct the name used in MODULE_DEVICE_TABLE (Alexey Gladkov)
• mfd: exynos-lpass: Avoid calling exynos_lpass_disable() twice in exynos_lpass_remove() (Christophe Jaillet)
• rpmsg: qcom_smd: Fix uninitialized return variable in __qcom_smd_send() (Dan Carpenter)
• perf scripts python: exported-sql-viewer.py: Fix pattern matching with Python 3 (Adrian Hunter)
• perf ui browser hists: Set actions->thread before calling do_zoom_thread() (Arnaldo Carvalho de Melo)
• fbdev: core: fbcvt: avoid division by 0 in fb_cvt_hperiod() (Sergey Shtylyov) [Orabug: 38180566] {CVE-2025-38312}
• soc: aspeed: Add NULL check in aspeed_lpc_enable_snoop() (Henry Martin) [Orabug: 38153060] {CVE-2025-38145}
• soc: aspeed: lpc: Fix impossible judgment condition (Su Hui)
• arm64: dts: rockchip: disable unrouted USB controllers and PHY on RK3399 Puma with Haikou (Quentin Schulz)
• ARM: dts: qcom: apq8064 merge hw splinlock into corresponding syscon device (Dmitry Baryshkov)
• bus: fsl-mc: fix double-free on mc_dev (Ioana Ciornei) [Orabug: 38180573] {CVE-2025-38313}
• nilfs2: do not propagate ENOENT error from nilfs_btree_propagate() (Ryusuke Konishi)
• nilfs2: add pointer check for nilfs_direct_propagate() (Xu Wang)
• Squashfs: check return result of sb_min_blocksize (Phillip Lougher) [Orabug: 38253985] {CVE-2025-38415}
• ARM: dts: at91: at91sam9263: fix NAND chip selects (Wolfram Sang)
• ARM: dts: at91: usb_a9263: fix GPIO for Dataflash chip select (Wolfram Sang)
• f2fs: fix to correct check conditions in f2fs_cross_rename (Zhiguo Niu)
• f2fs: use d_inode(dentry) cleanup dentry->d_inode (Zhiguo Niu)
• calipso: Don't call calipso functions for AF_INET sk. (Kuniyuki Iwashima) [Orabug: 38153070] {CVE-2025-38147}
• net: lan743x: rename lan743x_reset_phy to lan743x_hw_reset_phy (Thangaraj Samynathan)
• net: usb: aqc111: fix error handling of usbnet read calls (Nikita Zhandarovich) [Orabug: 38153090] {CVE-2025-38153}
• netfilter: nf_tables: nft_fib_ipv6: fix VRF ipv4/ipv6 result discrepancy (Florian Westphal)
• wifi: ath9k_htc: Abort software beacon handling if disabled (Toke Hoiland-Jorgensen) [Orabug: 38153110] {CVE-2025-38157}
• bpf: Fix WARN() in get_bpf_raw_tp_regs (Tao Chen) [Orabug: 38180489] {CVE-2025-38285}
• pinctrl: at91: Fix possible out-of-boundary access (Andy Shevchenko) [Orabug: 38180495] {CVE-2025-38286}
• ktls, sockmap: Fix missing uncharge operation (Jiayuan Chen)
• netfilter: bridge: Move specific fragmented packet to slow_path instead of dropping it (Huajian Yang)
• f2fs: clean up w/ fscrypt_is_bounce_page() (Chao Yu)
• RDMA/hns: Include hnae3.h in hns_roce_hw_v2.h (Junxian Huang)
• wifi: rtw88: do not ignore hardware read error during DPK (Dmitry Antipov)
• net: ncsi: Fix GCPS 64-bit member variables (Hari Kalavakunta)
• f2fs: fix to do sanity check on sbi->total_valid_block_count (Chao Yu) [Orabug: 38153150] {CVE-2025-38163}
• drm/tegra: rgb: Fix the unbound reference count (Biju Das)
• drm/vkms: Adjust vkms_state->active_planes allocation type (Kees Cook)
• drm: rcar-du: Fix memory leak in rcar_du_vsps_init() (Biju Das)
• selftests/seccomp: fix syscall_restart test for arm compat (Neill Kapron)
• firmware: psci: Fix refcount leak in psci_dt_init (Miaoqian Lin)
• m68k: mac: Fix macintosh_config for Mac II (Finn Thain)
• drm/vmwgfx: Add seqno waiter for sync_files (Ian Forbes)
• spi: sh-msiof: Fix maximum DMA transfer size (Geert Uytterhoeven)
• ACPI: OSI: Stop advertising support for '3.0 _SCP Extensions' (Armin Wolf)
• x86/mtrr: Check if fixed-range MTRRs exist in mtrr_save_fixed_ranges() (Jiaqing Zhao)
• PM: wakeup: Delete space in the end of string shown by pm_show_wakelocks() (Zijun Hu)
• EDAC/skx_common: Fix general protection fault (Qiuxu Zhuo) [Orabug: 38180525] {CVE-2025-38298}
• crypto: marvell/cesa - Avoid empty transfer descriptor (Herbert Xu)
• crypto: marvell/cesa - Handle zero-length skcipher requests (Herbert Xu) [Orabug: 38153190] {CVE-2025-38173}
• x86/cpu: Sanitize CPUID(0x80000000) output (Ahmed S. Darwish)
• perf/core: Fix broken throttling when max_samples_per_tick=1 (Qing Wang)
• gfs2: gfs2_create_inode error handling fix (Andreas Gruenbacher)
• netfilter: nft_socket: fix sk refcount leaks (Florian Westphal) [Orabug: 37116555] {CVE-2024-46855}
• thunderbolt: Do not double dequeue a configuration request (Sergey Senozhatsky) [Orabug: 38158384] {CVE-2025-38174}
• usb: usbtmc: Fix timeout value in get_stb (Dave Penkler)
• usb: storage: Ignore UAS driver for SanDisk 3.2 Gen2 storage device (Hongyu Xie)
• usb: quirks: Add NO_LPM quirk for SanDisk Extreme 55AE (Jiayi Li)
• pinctrl: armada-37xx: set GPIO output value before setting direction (Gabor Juhos)
• pinctrl: armada-37xx: use correct OUTPUT_VAL register for GPIOs > 31 (Gabor Juhos)