In the Linux kernel, the following vulnerability has been resolved: i40e: fix MMIO write access to an invalid page in i40e_clear_hw.

In the Linux kernel, the following vulnerability has been resolved: net_sched: hfsc: Fix a potential UAF in hfsc_dequeue() too.

In the Linux kernel, the following vulnerability has been resolved: RDMA/iwcm: Fix use-after-free of work objects after cm_id destruction.

A use-after-free (UAF) vulnerability was found in the Linux kernel's net/sched subsystem, specifically in the Credit-Based Shaper (CBS) qdisc implementation (sch_cbs). The vulnerability occurs because the CBS qdisc's reset function (qdisc_reset_queue()) only resets its internal queue but fails to reset its child qdisc recursively. As a result, a mismatch in queue length (qlen) occurs between CBS and its children during interface resets, eventually allowing attackers to trigger UAF on a parent HFSC scheduler.

In the Linux kernel, the following vulnerability has been resolved: vsock: Transport assignment may race with module unload.

In the Linux kernel, the following vulnerability has been resolved: tipc: Fix use-after-free in tipc_conn_close().

In the Linux kernel, the following vulnerability has been resolved: xfrm: interface: fix use-after-free after changing collect_md.