In the Linux kernel, the following vulnerability has been resolved: s390/sclp: Fix SCCB present check.

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix use-after-free in cifs_oplock_break.

A logic bug in the kTLS receive path mishandles zero-length records taken from the rx_list, allowing a mixed record-type sequence to slip past the per-recvmsg() type constraint and proceed to data processing. The fix initializes and checks the per-call content type (using 0 as “unset”) and bails out when a non-DATA record is encountered after DATA. This can be remotely triggered only when kernel TLS (CONFIG_TLS with the TLS ULP) is in use. This issue can only be triggered when the kernel TLS ULP (kTLS, enabled via CONFIG_TLS and attached to TCP sockets with SOL_TLS) is in use.

A flaw in io_uring’s futex path freed io_futex_data on error but left req->async_data and the REQ_F_ASYNC_DATA flag inconsistent, creating a window for use-after-free. This issue is reachable by any unprivileged local user via io_uring futex operations. The most plausible impact is denial of service, since the freed structure is small and not directly attacker-controlled, making exploitation for privilege escalation very unlikely. Still, as with any use-after-free in kernel space, a worst-case impact would be privileges escalation.

In the Linux kernel, the following vulnerability has been resolved: fs: export anon_inode_make_secure_inode() and fix secretmem LSM bypass.

In the Linux kernel, the following vulnerability has been resolved: cifs: Fix the smbd_response slab to allow usercopy.