CVE-2025-39981 Gustavo A. R. Silva (1): overflow: Fix direct struct member initialization in _DEFINE_FLEX() Jianpeng Chang (1): Bluetooth: MGMT: Fix memory leak in set_ssp_complete Kees Cook (2): overflow: Change DEFINE_FLEX to take __counted_by member overflow: Introduce __DEFINE_FLEX for having no initializer Luiz Augusto von Dentz (1): Bluetooth: MGMT: Fix possible UAFs Pauli Virtanen (1): Bluetooth: MGMT: fix crash in set_mesh_sync and set_mesh_complete Przemek Kitszel (1): overflow: add DEFINE_FLEX() for on-stack allocs Roman Smirnov (1): Bluetooth: mgmt: remove NULL check in mgmt_set_connectable_complete() include/linux/compiler_types.h | 36 +++-- include/linux/fortify-string.h | 4 - include/linux/overflow.h | 65 ++++++++ include/net/bluetooth/mgmt.h | 2 +- lib/overflow_kunit.c | 19 +++ net/bluetooth/mgmt.c | 263 +++++++++++++++++++++++---------- net/bluetooth/mgmt_util.c | 46 ++++++ net/bluetooth/mgmt_util.h | 3 + 8 files changed, 346 insertions(+), 92 deletions(-) -- 2.43.0