gve: add missing NULL check for gve_alloc_pending_packet() in TX DQO

scsi: core: ufs: Fix a hang in the error handler

Bluetooth: MGMT: Fix UAF on mgmt_remove_adv_monitor_complete

Bluetooth: MGMT: Protect mgmt_pending list with its own lock

net_sched: sch_sfq: fix a potential crash on gso_skb handling

ACPI: CPPC: Fix NULL pointer dereference when nosmp is used

net: Fix TOCTOU issue in sk_is_readable()

net/mdiobus: Fix potential out-of-bounds read/write access

net/mdiobus: Fix potential out-of-bounds clause 45 read/write access

net/mlx5: Fix ECVF vports unload on shutdown flow

net_sched: red: fix a race in __red_change()

net_sched: ets: fix a race in ets_qdisc_change()

ALSA: usb-audio: Kill timer properly at removal

drm/amdgpu: Replace Mutex with Spinlock for RLCG register access to avoid Priority Inversion in SRIOV

HID: usbhid: Eliminate recurrent out-of-bounds bug in usbhid_parse()

VMCI: fix race between vmci_host_setup_notify and vmci_ctx_unset_notify

x86/iopl: Cure TIF_IO_BITMAP inconsistencies

Bluetooth: Disable SCO support if READ_VOICE_SETTING is unsupported/broken

drm/amd/display: Don't treat wb connector as physical in create_validate_stream_for_sink

espintcp: remove encap socket caching to avoid reference leak