In the Linux kernel, the following vulnerability has been resolved: net_sched: hfsc: Fix a UAF vulnerability in class handling.

A flaw in the SCTP receive path failed to linearize cloned GSO sk_buffs before accessing fraglists, leading to reads of uninitialized memory as reported by KMSAN. An attacker sending SCTP traffic can trigger incorrect processing and potentially cause a kernel denial of service on the target under specific RX conditions. Stream Control Transmission Protocol (SCTP) is a transport-layer protocol (like TCP or UDP) primarily used in telecom signaling and some specialized applications. On most Linux systems it is disabled by default, and remote connectivity is only possible if SCTP support is enabled and listening services are configured (commonly using the IANA-assigned port 2905/tcp for M3UA or other protocol-specific ports). Therefore, the vulnerability is only exploitable when SCTP is enabled and reachable on the target system. Although KMSAN reports this issue as use of uninitialized memory (which deterministically crashes with KMSAN enabled), on production kernels the impact is still availability-related.

In the Linux kernel, the following vulnerability has been resolved: firmware: arm_scpi: Ensure scpi_info is not assigned if the probe fails.

In the Linux kernel, the following vulnerability has been resolved: nfsd: don't ignore the return code of svc_proc_register().