Google Git
Sign in
cos / mirrors / github.com / nluedtke / linux_kernel_cves / 0b661cb662ce9ff861bdf73426e033f24373514c / . / data / 4.1 / 4.1_security.txt
blob: c146af767bbf45e269a36d573d98aeb2cc673bd4 [file] [log] [blame]
CVEs fixed in 4.1.2:
CVE-2015-3212: bd0a0d20ebd08f250af9023530b5de4bc433ebaa sctp: fix ASCONF list handling
CVEs fixed in 4.1.4:
CVE-2015-1333: 4fd5dc9eece297f49f16f82422ead3a28b11ea70 KEYS: ensure we free the assoc array edit if edit is valid
CVE-2015-3288: c86df9fa76f914d84e02caf2aaf11a22ca1820c2 mm: avoid setting up anonymous pages into file mapping
CVE-2015-9289: 27b76178c496bdb4fc24278ff9e659dc0a5db10f cx24116: fix a buffer overflow when checking userspace params
CVEs fixed in 4.1.5:
CVE-2015-6252: fd1a8f57bfd8686709c17cbe878470bd43fb3c4e vhost: actually track log eventfd file
CVEs fixed in 4.1.6:
CVE-2015-3290: 60e6cbaf875edd9aef40948d0790decb8e1a77cc x86/nmi/64: Switch stacks on userspace NMI entry
CVE-2015-3291: 37df1cab0c4d4ec0f4bec868b2e26b84e725c478 x86/nmi/64: Use DF to avoid userspace RSP confusing nested NMI detection
CVE-2015-4692: f627ab0afcd983b3cb5f6d47c5006fd14cfc9a01 kvm: x86: fix kvm_apic_has_events to check for NULL pointer
CVE-2015-5157: 60e6cbaf875edd9aef40948d0790decb8e1a77cc x86/nmi/64: Switch stacks on userspace NMI entry
CVE-2015-5697: 33afeac21b9cb79ad8fc5caf239af89c79e25e1e md: use kzalloc() when bitmap is disabled
CVEs fixed in 4.1.9:
CVE-2015-8746: 87fbed4145998fbb3960c243c70cf78fbd7e5f42 NFS: Fix a NULL pointer dereference of migration recovery ops for v4.2 client
CVEs fixed in 4.1.10:
CVE-2015-5283: 5cadd6bac523e5e78ae18284e5f2b286ebff070b sctp: fix race on protocol/netns initialization
CVEs fixed in 4.1.11:
CVE-2015-2925: 6f4e45e35c02fd23589a62aab0dc84286cc1302c dcache: Handle escaped paths in prepend_path
CVE-2015-5257: 44f73be485f66dfeca7c6a5e334a7a11b97a4151 USB: whiteheat: fix potential null-deref at probe
CVE-2015-7613: 7983297d99ea11152a76420d4325f5d1925e2547 Initialize msg/shm IPC objects before doing ipc_addid()
CVEs fixed in 4.1.12:
CVE-2020-0066: e962218b42896856642f8d37bb69c4f1feaa8ad9 netlink: Trim skb to alloc size to avoid MSG_TRUNC
CVEs fixed in 4.1.13:
CVE-2015-8953: 7fd58acc9f6f751aebcee8288d020d959d815445 ovl: fix dentry reference leak
CVEs fixed in 4.1.14:
CVE-2015-5156: 152964690b41b91049d00eb8aea1d25880cd13f0 virtio-net: drop NETIF_F_FRAGLIST
CVE-2015-5307: b62c38079ebaa36c0ccd77647fd1fdd46315bc98 KVM: x86: work around infinite loop in microcode when #AC is delivered
CVE-2015-6937: dd5efc80af05cfd7ae77bb3229a35cc9bc09615d RDS: verify the underlying transport exists before creating a connection
CVEs fixed in 4.1.15:
CVE-2013-7446: 5c77e26862ce604edea05b3442ed765e9756fe0f unix: avoid use-after-free in ep_remove_wait_queue
CVE-2015-8374: f1008f6d21ec52d533f7473e2e46218408fb4580 Btrfs: fix truncation of compressed and inlined extents
CVE-2016-3841: 81ed463384847813faa59e692285fe775da7375f ipv6: add complete rcu protection around np->opt
CVEs fixed in 4.1.16:
CVE-2015-7550: 98fec5a2034454f004ca6471de4df4ded2c5f79f KEYS: Fix race between read and revoke
CVE-2015-7872: 3366472496482e75a83db93846226b8a360ff911 KEYS: Fix crash when attempt to garbage collect an uninstantiated keyring
CVE-2015-8543: bc8f79b522b57ca79a676615003d85b08162ff5a net: add validation for the socket syscall protocol argument
CVE-2015-8569: f167b6f4244fbc8d05fcc385b1bf8e70729c9e7c pptp: verify sockaddr_len in pptp_bind() and pptp_connect()
CVE-2015-8575: 1814295365a02ff174948159f1eececa55fe4f97 bluetooth: Validate socket address length in sco_sock_bind().
CVE-2016-0728: b71567e6c9a2b15b7be9cb8ca695e9c990c0513b KEYS: Fix keyring ref leak in join_session_keyring()
CVEs fixed in 4.1.17:
CVE-2013-4312: dc6b0ec667f67d4768e72c1b7f1bbc14ea52379c unix: properly account for FDs passed over unix sockets
CVE-2015-7799: 5984398539a2c47834caf1b00dc9f58b7bb2e67a isdn_ppp: Add checks for allocation failure in isdn_ppp_open()
CVE-2015-7884: b824d64b153a9683aed6730e9f093a7102c36799 media/vivid-osd: fix info leak in ioctl
CVE-2015-8104: 19eaffefc4b03d92e0adfd1870b10b9539916106 KVM: svm: unconditionally intercept #DB
CVE-2015-8767: 534e9016cd88ccd577b226b7172e5cd079f5fb02 sctp: Prevent soft lockup when sctp_accept() is called during a timeout event
CVE-2015-8816: a7e83b16c8d83a75c58989e845c664ecaa6e0aa6 USB: fix invalid memory access in hub_activate()
CVE-2015-8844: 567a215dd1586dae787f21b8f3e484018763a710 powerpc/tm: Block signal return setting invalid MSR state
CVE-2015-8845: a54d3a4234121d8a9749331f7b10e6ff02f886ba powerpc/tm: Check for already reclaimed tasks
CVE-2016-2069: ae535caf02c7e2e7feec62f4e07ac1f48ad5b336 x86/mm: Add barriers and document switch_mm()-vs-flush synchronization
CVE-2016-2543: 9a6003a362acb814fea7422209be344b822b047a ALSA: seq: Fix missing NULL check at remove_events ioctl
CVE-2016-2544: 49c9eb3db86407868a664ade6da041fabeb457f8 ALSA: seq: Fix race at timer setup and close
CVE-2016-2545: dc5697eb3297920e20b53fdf4c40891e1ed0eafd ALSA: timer: Fix double unlink of active_list
CVE-2016-2546: ac905ca58370789645e813d8abfa5871c93e9e36 ALSA: timer: Fix race among timer ioctls
CVE-2016-2547: 466c99bd815a1ae189d883b509b067c9a74a30f9 ALSA: timer: Harden slave timer list handling
CVE-2016-2548: 466c99bd815a1ae189d883b509b067c9a74a30f9 ALSA: timer: Harden slave timer list handling
CVE-2016-2549: 965b1203f399676ac4989a0876336e212a71085b ALSA: hrtimer: Fix stall by hrtimer_cancel()
CVEs fixed in 4.1.18:
CVE-2015-7566: 85491ceb50c4bc446127776714b41d2b9ca627f1 USB: serial: visor: fix crash on detecting device without write_urbs
CVE-2016-0723: 27055738c910ee29a9de4b496e198e17b38b0eed tty: Fix unsafe ldisc reference via ioctl(TIOCGETD)
CVE-2016-1575: c8e1bebf86dff9277e21e9a2769724ca05f40c02 ovl: setattr: check permissions before copy-up
CVE-2016-1576: c8e1bebf86dff9277e21e9a2769724ca05f40c02 ovl: setattr: check permissions before copy-up
CVE-2016-2782: 5c9cad0a726131934408f3a9e66fc381204a9ba2 USB: visor: fix null-deref at probe
CVEs fixed in 4.1.19:
CVE-2015-8970: 762330b161c49c6d88ab689a0ee2a1a959dc5b6b crypto: algif_skcipher - Require setkey before accept(2)
CVE-2016-2085: d185fa457006e98aa975ed6c0e7d2ddfe3d26695 EVM: Use crypto_memneq() for digest comparisons
CVE-2016-2383: 0f912f6700a3f14481c13cbda2b9cc1b636948ac bpf: fix branch offset adjustment on backjumps after patching ctx expansion
CVE-2016-2384: 1ea63b629c9c53af6cdde4daf166b3d31b3e9cfe ALSA: usb-audio: avoid freeing umidi object twice
CVE-2017-13167: 0163f1a71f10b25eae8d7019124cd7f1141b109a ALSA: timer: Fix race at concurrent reads
CVE-2021-20265: 8d988538da0c17711c0de0a53fc38cef49e3ed1b af_unix: fix struct pid memory leak
CVEs fixed in 4.1.20:
CVE-2015-8553: fda3e3e7b638f742149fb32aa9b691413bb91f41 xen/pciback: Don't allow MSI-X ops if PCI_COMMAND_MEMORY is not set.
CVEs fixed in 4.1.21:
CVE-2015-8839: 248766f068fd1d3d95479f470bc926d1136141d6 ext4: fix races between page faults and hole punching
CVE-2016-2143: 09b4fd2014b1ef7d46df8df553f94254ba2a0497 s390/mm: four page table levels vs. fork
CVE-2016-3044: 6d44ac3f884b220573b2d46c691127fb6fee0707 KVM: PPC: Book3S HV: Sanitize special-purpose register values on guest exit
CVEs fixed in 4.1.22:
CVE-2015-7513: 90352f3f473a29db1289ec31facc1ac18cc66e9e KVM: x86: Reload pit counters for all channels when restoring state
CVE-2015-8660: 2cadb57dff500076a87b934cac64bb5a2293b644 ovl: fix permission checking for setattr
CVE-2015-8785: ea44bf73d956729f3122bbed0661db7b18864277 fuse: break infinite loop in fuse_fill_write_pages()
CVE-2015-8812: dd25a5d97400cb10a85a09eac07d541975e39522 iw_cxgb3: Fix incorrectly returning error on success
CVE-2016-0821: 46460a03f44f1915ded434057fa46332438b3a6e include/linux/poison.h: fix LIST_POISON{1,2} offset
CVE-2016-2184: 6ed72ce6ab8b38803b12df8c62a3a52becf19017 ALSA: usb-audio: Fix NULL dereference in create_fixed_stream_quirk()
CVE-2016-2185: 4b586dc3d736a43659acb575c90d33370ba2fb0d Input: ati_remote2 - fix crashes on detecting device with invalid descriptor
CVE-2016-2186: 76b69dfeb5f1bf19a6bd65991506bbb00647716b Input: powermate - fix oops with malicious USB descriptors
CVE-2016-3138: a635bc779e7b7748c9b0b773eaf08a7f2184ec50 USB: cdc-acm: more sanity checking
CVE-2016-3157: 2cc58a1e06ea8b6c9aa6d25ec74d8d1671e500eb x86/iopl/64: Properly context-switch IOPL on Xen PV
CVE-2016-3689: 3ec245e8591a183e276df89cd7f9e7a15645b9da Input: ims-pcu - sanity check against missing interfaces
CVE-2016-6327: 179e72b561d3d331c850e1a5779688d7a7de5246 IB/srpt: Simplify srpt_handle_tsk_mgmt()
CVE-2016-9685: 594103da3005639712b3123a612791c8f4d3f4e9 xfs: fix two memory leaks in xfs_attr_list.c error paths
CVEs fixed in 4.1.23:
CVE-2016-3136: 4b8d00f5056e278b053ca183e15f4a8e48d79336 USB: mct_u232: add sanity checking in probe
CVE-2016-3137: 45f4b9ca0cf8e53df5adc20d11ffb4b2076dd2c5 USB: cypress_m8: add endpoint sanity check
CVE-2016-3140: 15f572246983bd2f733b82b35e013d7eaa801e94 USB: digi_acceleport: do sanity checking for the number of ports
CVE-2016-7914: 32d1b6727390b22cc58d28eb9d7b2d7055e588b7 assoc_array: don't call compare_object() on a node
CVEs fixed in 4.1.24:
CVE-2016-2187: 464508beeb30376f277fbfbfd9137cf19cbfa785 Input: gtco - fix crash on detecting device without endpoints
CVE-2016-3961: 936d0871135e41fba0dc15095319ca106f55a584 x86/mm/xen: Suppress hugetlbfs in PV guests
CVE-2016-7912: 0763ce11708553fc7b2124f184ce2e4bb0cb186d usb: gadget: f_fs: Fix use-after-free
CVEs fixed in 4.1.25:
CVE-2016-4565: 5d43a619be6f1960702daafafe87ceab415be6bc IB/security: Restrict use of the write() interface
CVE-2016-4581: 60f7e3a2dc30ae39574a7c7239a9a47c08b774bd propogate_mnt: Handle the first propogated copy being a slave
CVE-2016-4913: f1ee8222aed8d64bbf922ba9bf00dc7ac98ab63f get_rock_ridge_filename(): handle malformed NM entries
CVEs fixed in 4.1.26:
CVE-2016-9754: ab2cfdb8ef5da3d4cd237a3f15cc2d7ad4623260 ring-buffer: Prevent overflow of size in ring_buffer_resize()
CVEs fixed in 4.1.27:
CVE-2016-1583: c96e6bf5705254a4c93ca25d6d3c68a04fc7ab5b proc: prevent stacking filesystems on top
CVEs fixed in 4.1.28:
CVE-2016-2117: a2e388f2537a23348810b20ae82468f13d3fb123 atl2: Disable unimplemented scatter/gather feature
CVE-2016-2847: 2612a949cf5c2a868adee1ca6bcbf01cd4e2f01e pipe: limit the per-user amount of pages allocated in pipes
CVE-2016-3134: 850c377e0e2d76723884d610ff40827d26aa21eb netfilter: x_tables: fix unconditional helper
CVE-2016-3156: 86de8271be91cce66aace5a3ae8afd3f28094957 ipv4: Don't do expensive useless work during inetdev destroy.
CVE-2016-3955: 25c871c07f37b8cbaebc97403233185479af095d USB: usbip: fix potential out-of-bounds write
CVE-2016-4470: c262505cdb45765ddea20a1f85f0023990276772 KEYS: potential uninitialized variable
CVE-2016-4485: 5923f46563d1ce74c1f1178cba5a67735bb83e6d net: fix infoleak in llc
CVE-2016-4486: 9a9390bcf56680c487a8e4c89c813a48bfedc4b6 net: fix infoleak in rtnetlink
CVE-2016-4580: b2b95b3fbd93c910210922809f6c4d24be172b1c net: fix a kernel infoleak in x25 module
CVE-2016-4794: d273823dc63bb51e3adc11e0f7c324d86e2d2009 percpu: fix synchronization between chunk->map_extend_work and chunk destruction
CVE-2016-4805: fc74ace8df9bffbab3b886686db02f0809bdc5e9 ppp: take reference on channels netns
CVE-2016-4951: 49956430d3d55b47e4a2d2f5f777d641cae137d6 tipc: check nl sock before parsing nested attributes
CVE-2016-4997: 451e4403bc4abc51539376d4314baa739ab9e996 netfilter: x_tables: check for bogus target offset
CVE-2016-4998: 451e4403bc4abc51539376d4314baa739ab9e996 netfilter: x_tables: check for bogus target offset
CVE-2016-5828: 848be4770beb10fcc6f971c58e80aa2c2b6dad66 powerpc/tm: Always reclaim in start_thread() for exec() class syscalls
CVE-2016-5829: f67b6920a0cf03d363c5f3bfb14f5d258168dc8c HID: hiddev: validate num_values for HIDIOCGUSAGES, HIDIOCSUSAGES commands
CVE-2016-7117: 8ca7bf099ae0e6ff096b3910895b5285a112aeb5 net: Fix use after free in the recvmmsg exit path
CVE-2016-7916: 93c4863f4435023fcfdae542039860349189b334 proc: prevent accessing /proc/<PID>/environ until it's ready
CVE-2016-9806: e39cd93be0009ae4548a737756a947d2030956ab netlink: Fix dump skb leak/double free
CVEs fixed in 4.1.29:
CVE-2016-7911: 23c63b8c08fe3f0b21594ee1ac4de0fa52225f79 block: fix use-after-free in sys_ioprio_get()
CVEs fixed in 4.1.30:
CVE-2016-5400: ce05d315cec02835c77fa3f4b5119960e1654913 media: fix airspy usb probe error path
CVEs fixed in 4.1.31:
CVE-2015-8787: 6a468737c8c00bd6cdb208ca0b7f841e8970d466 netfilter: nf_nat_redirect: add missing NULL pointer check
CVE-2016-1237: 173f43c05f782df4fe42cc1152f9306ef76dc6eb posix_acl: Add set_posix_acl
CVE-2016-4569: 1b7d7bce7467cf10f21007a5c952688877ead95e ALSA: timer: Fix leak in SNDRV_TIMER_IOCTL_PARAMS
CVE-2016-4578: 1fbc4fd13bd04fd7c7fd033fdfde97e96d2865e5 ALSA: timer: Fix leak in events via snd_timer_user_ccallback
CVE-2016-5412: ae40dadbb81f553a053dcef39e5b0322f586c497 KVM: PPC: Book3S HV: Pull out TM state save/restore into separate procedures
CVE-2016-6136: 634a3fc5f16470e9b78ccd7ce643305122d5ebb2 audit: fix a double fetch in audit_log_single_execve_arg()
CVE-2016-6197: 6412c3ae6b415ca83264a2c11e24bfb63cd74629 ovl: verify upper dentry before unlink and rename
CVE-2016-7910: d9ee963b61b93366103b88f10495b4680b256273 block: fix use-after-free in seq file
CVE-2017-7495: 906d6f4d9cdc8509c505f29f6146ec627fef2f06 ext4: fix data exposure after a crash
CVEs fixed in 4.1.32:
CVE-2016-5696: 2b211174edd454376ab9bc85f7bae8e01016d87c tcp: make challenge acks less predictable
CVE-2016-6480: e989e0c9bba5c1f8987629e2880a512d7b15e852 aacraid: Check size values after double-fetch from user
CVEs fixed in 4.1.33:
CVE-2015-8966: 469a242127b181656cb0a07de4584215bd4494fb [PATCH] arm: fix handling of F_OFD_... in oabi_fcntl64()
CVEs fixed in 4.1.34:
CVE-2016-9178: 319fe11519401e8a5db191a0a93aa2c1d7bb59f4 fix minor infoleak in get_user_ex()
CVEs fixed in 4.1.35:
CVE-2016-5195: c865f98df72112a3997b219bf711bc46c1e90706 mm: remove gup_flags FOLL_WRITE games from __get_user_pages()
CVEs fixed in 4.1.36:
CVE-2016-7042: 3dc8f1f0decb5f022b3be2cc98c7163a376556c9 KEYS: Fix short sprintf buffer in /proc/keys show function
CVE-2016-8633: c604dec3d5a695efed5492fc463ef70ef8010bbe firewire: net: guard against rx buffer overflows
CVE-2016-9644: 7ea3d2e9c6aa73bc07d537ab4574d18bcfe2f680 x86/mm: Expand the exception table logic to allow new handling options
CVEs fixed in 4.1.37:
CVE-2015-1350: de42b9559d0c540152260d484dbc70b3e81f8738 fs: Avoid premature clearing of capabilities
CVE-2015-8956: 7abf32087c1dabacf707506585afc7b69aad21b3 Bluetooth: Fix potential NULL dereference in RFCOMM bind callback
CVE-2016-6213: 1171afc4a34e2926e6e8e27c896cf328c8825ac3 mnt: Add a per mount namespace limit on the number of mounts
CVE-2016-6828: 9a66bc6ee0f9908ba98a7d19b94d49ec231ab0e1 tcp: fix use after free in tcp_xmit_retransmit_queue()
CVE-2016-7039: fabaaaa96d54077b4a9f2c811e55dc09ff2874db net: add recursion limit to GRO
CVE-2016-7097: 62fa696b7b435e93ed114dd6a23aa0881d7f81b9 posix_acl: Clear SGID bit when setting file permissions
CVE-2016-7425: 8165fc3eb28cbd2e4cca07308f3a205ab347a9d1 scsi: arcmsr: Buffer overflow in arcmsr_iop_message_xfer()
CVE-2016-8399: efcf38bd40200212ef3de3d38e11c42958f8afaa net: ping: check minimum size on ICMP header length
CVE-2016-8632: 016d02981cceb7b0f3436278b71fe3ea87542e20 tipc: check minimum bearer MTU
CVE-2016-8655: e29fdf045048addaea61c837b60e3c4d2ec43614 packet: fix race condition in packet_set_ring
CVEs fixed in 4.1.38:
CVE-2016-10088: 3e3267311e3b6557206f293eeb9205b41e090625 sg_write()/bsg_write() is not fit to be called under KERNEL_DS
CVE-2016-8666: 066b300e5be43cb61697539e2a3a9aac5afb422f tunnels: Don't apply GRO to multiple layers of encapsulation.
CVE-2016-9588: dd5035276792edbd3dac21620d9b91d3a8e3785a kvm: nVMX: Allow L1 to intercept software exceptions (#BP and #OF)
CVEs fixed in 4.1.39:
CVE-2016-8405: a94f76f379dcc375f00d32194954f6c4dd1644c9 fbdev: color map copying bounds checking
CVE-2016-9191: 13d7adf646017517382ec541652eb7d3bc77742c sysctl: Drop reference added by grab_header in proc_sys_readdir
CVE-2017-18255: bd21c23d668307419b029bbe27ca67508161e59d perf/core: Fix the perf_cpu_time_max_percent check
CVE-2017-2618: 96e74ad7ac38ca330d16222e6da38c9a196deb40 selinux: fix off-by-one in setprocattr
CVE-2017-5549: 301242e3780413bffc7bbbd70cafb4ecee135080 USB: serial: kl5kusb105: fix line-state error handling
CVE-2017-7273: e0fb4ae61143bb6b218aa8bab1730bb156c4d457 HID: hid-cypress: validate length of report
CVEs fixed in 4.1.40:
CVE-2016-10229: 5c564705d3f0436ddc70d833b975b870ba560528 udp: properly support MSG_PEEK with truncated buffers
CVE-2016-2188: c4b51661231242b5b24431a31299c433934cad2e USB: iowarrior: fix NULL-deref at probe
CVE-2016-9604: 4ef48e49b1c550a511acb78d7b9e0b52bb43aba6 KEYS: Disallow keyrings beginning with '.' to be joined as session keyrings
CVE-2017-5669: c9cf983337a046e93f33c66c2707a704ec6440ac ipc/shm: Fix shmat mmap nil-page protection
CVE-2017-7187: 861b5c18bb146f3845dc52f64e7bc997d6cf8db3 scsi: sg: check length passed to SG_NEXT_CMD_LEN
CVE-2017-7261: 13b52a46a6778fe23e64a20499230738ed3d445b drm/vmwgfx: NULL pointer dereference in vmw_surface_define_ioctl()
CVE-2017-7294: d91a91d8f6ba1c98e0822e40b7e4a266d9567813 drm/vmwgfx: fix integer overflow in vmw_surface_define_ioctl()
CVE-2017-7472: a0f82864854a4511cd19f06436f0cf140fae2427 KEYS: fix keyctl_set_reqkey_keyring() to not leak thread keyrings
CVE-2017-7618: ce0e21e44f9766aeef6a8c18a750ef9d94c1ca8c crypto: ahash - Fix EINPROGRESS notification callback
CVE-2017-7645: c9bb9f02b0484703ca5d0da15a11f891954e1c31 nfsd: check for oversized NFSv2/v3 arguments
CVE-2017-7895: 5afff19d82af4e4ed66ce0320cd2f17053b78b25 nfsd: stricter decoding of write-like NFSv2/v3 ops
CVE-2017-8924: e0f57e1a406c091646d7f474572975aab4c6d1de USB: serial: io_ti: fix information leak in completion handler
CVE-2017-8925: 5dfb04937689e5f797506ee73f028f919cc9278d USB: serial: omninet: fix reference leaks at open
CVEs fixed in 4.1.41:
CVE-2016-7913: e21b00fe6cc7de57072cb89c87e43f33af866476 xc2028: avoid use after free
CVE-2016-9083: 073e9973d48b1a7fa6d610fde377f3d7f4171ad6 vfio/pci: Fix integer overflows, bitmask check
CVE-2016-9084: 073e9973d48b1a7fa6d610fde377f3d7f4171ad6 vfio/pci: Fix integer overflows, bitmask check
CVE-2016-9120: 9c90c093b98f210d9611fac2c1f9e4f28254a55c staging/android/ion : fix a race condition in the ion driver
CVE-2017-0750: c5ef0e9f70d182cda057417b98cb8f88cf1dea42 f2fs: do more integrity verification for superblock
CVE-2017-1000363: d0e929a4e63f5b4a95a7daaf68d3738d1ec06d8c char: lp: fix possible integer overflow in lp_setup()
CVE-2017-10661: db14464180fa453a8ba82bce8107884571d7db6d timerfd: Protect the might cancel mechanism proper
CVE-2017-10662: 46527f8d11fa64d3b493d03fc5c3b5ecc7d4d37a f2fs: sanity check segment count
CVE-2017-18221: 00fc586ea7410ee8664bfd4f4ea246c60ea0482c mlock: fix mlock count can not decrease in race condition
CVE-2017-18360: 2cd394cd10465fc0878958ba99e6080ac8ead559 USB: serial: io_ti: fix div-by-zero in set_termios
CVE-2017-2596: 68e9c254f662e4c2763e672b026a513d91f3a1c4 kvm: fix page struct leak in handle_vmon
CVE-2017-2671: 5f1cef9e823aa35c881745446ea3c865da338e4e ping: implement proper locking
CVE-2017-6074: 98442999b9671784e659b205be8b5b6be8e81629 dccp: fix freeing skb too early for IPV6_RECVPKTINFO
CVE-2017-7308: dd07486ceba48b5d2157b212bb9bd5ce9a46b593 net/packet: fix overflow in check for priv area size
CVE-2017-7487: e8701e0f6768291622b01a3083c3a7e6761f6c51 ipx: call ipxitf_put() in ioctl error path
CVE-2017-7616: aa612d59c08f52a1ee508a12d95deb012e2163d2 mm/mempolicy.c: fix error handling in set_mempolicy and mbind.
CVE-2017-7889: eb618d2eb22bb0e1843fb17431fdd18253918cb8 mm: Tighten x86 /dev/mem with zeroing reads
CVE-2017-8064: 4473dc376c48ea0be28a087922b97c90333f22ce dvb-usb-v2: avoid use-after-free
CVEs fixed in 4.1.42:
CVE-2017-1000364: 8b18c6b2a0dde5186ed83a60c4915c0909cbeb0a mm: larger stack guard gap, between vmas
CVE-2017-1000379: 8b18c6b2a0dde5186ed83a60c4915c0909cbeb0a mm: larger stack guard gap, between vmas
CVE-2017-1000380: 5d28ba6eecdeb3bbd0f78948ca3470918aad13fa ALSA: timer: Fix race between read and ioctl
CVE-2017-8890: 4e0ecb773276404a4a0788e1398bee22719336b4 dccp/tcp: do not inherit mc_list from parent
CVE-2017-9074: e7f05ff30b0cd72b00c8ca7be3cd48fedf96550f ipv6: Prevent overrun when parsing v6 header options
CVE-2017-9075: e7b4f3d39f46530f340af6eabbc60fbad9f94f05 sctp: do not inherit ipv6_{mc|ac|fl}_list from parent
CVE-2017-9242: d78ddec4e7fb482e27514466ae8a738ef61a9f53 ipv6: fix out of bound writes in __ip6_append_data()
CVEs fixed in 4.1.43:
CVE-2016-7915: f446a5928bc1ea8b6df8abbddd97674f58fe089c HID: core: prevent out-of-bound readings
CVE-2017-1000365: a9cea2f13c889658769ba50d46cb0e88900e6795 fs/exec.c: account for argv/envp pointers
CVE-2017-1000370: 5bb3ce649f8b42185922d90de13874d23f7ff37f binfmt_elf: use ELF_ET_DYN_BASE only for PIE
CVE-2017-1000371: 5bb3ce649f8b42185922d90de13874d23f7ff37f binfmt_elf: use ELF_ET_DYN_BASE only for PIE
CVE-2017-11089: e61d75e0d800c7f4469d391e3598b890be11d95c cfg80211: Define nla_policy for NL80211_ATTR_LOCAL_MESH_POWER_MODE
CVE-2017-11176: 89e4078c6ea15ea65e3d5aa3d72e7913b7b500da mqueue: fix a use-after-free in sys_mq_notify()
CVE-2017-12146: 5c387e92ec5c6e2d56b19f9ce4ca1cefef38d601 driver core: platform: fix race condition with driver_override
CVE-2017-18017: a7776b8815a90da464f045f7c24d9565ae9f1963 netfilter: xt_TCPMSS: add more sanity tests on tcph->doff
CVE-2017-7482: 84589c8b4819932f41313b7ed4c58881ab466a20 rxrpc: Fix several cases where a padded len isn't checked in ticket decode
CVE-2017-7541: e080a193465629231466067e4b5d945deaac29d5 brcmfmac: fix possible buffer overflow in brcmf_cfg80211_mgmt_tx()
CVE-2018-14634: d5e990d96459decaa24e5cb7918451f12c8582a9 exec: Limit arg stack to at most 75% of _STK_LIM
CVE-2019-9457: d5e990d96459decaa24e5cb7918451f12c8582a9 exec: Limit arg stack to at most 75% of _STK_LIM
CVEs fixed in 4.1.44:
CVE-2017-1000111: b7761b0cd80d832e40a46ec0078ab02596dbc350 packet: fix tp_reserve race in packet_set_ring
CVE-2017-10663: 604b43bbfe3bfd023d4cc6a4f9e8760f03346459 f2fs: sanity check checkpoint segno and blkoff
CVE-2017-11473: 424e53f1ee00891001808a1f5dd08a2c7efb9117 x86/acpi: Prevent out of bound access caused by broken ACPI tables
CVE-2017-18079: 6b4a5a2ee0e1cd861bd22b250197589d4b176bd0 Input: i8042 - fix crash at boot time
CVE-2017-7542: 0fc2ceadde169a55e531811bf4f0047fedd0a835 ipv6: avoid overflow of offset in ip6_find_1stfragopt
CVE-2017-8831: 0b3294aae7bc3940a659928e352ffb0588dfeb54 saa7164: fix double fetch PCIe access condition
CVEs fixed in 4.1.45:
CVE-2017-0627: 1e3bbc18904041cd230725cf711e12a888efa49f media: uvcvideo: Prevent heap overflow when accessing mapped controls
CVE-2017-1000251: 361e3cc44419cb9387c48ea993d0ba3f381667de Bluetooth: Properly check L2CAP config option output buffer length
CVE-2017-11600: ded415d815a17597d6de4555524f89ed7ea08923 xfrm: policy: check policy direction value
CVE-2017-14051: d1c2fe7dc88d9bc3a477d9dfc2aa623f9776372e scsi: qla2xxx: Fix an integer overflow in sysfs code
CVE-2017-14106: ea08a5642d93fd963d376c10c9fd9664373771b6 tcp: initialize rcv_mss to TCP_MIN_MSS instead of 0
CVE-2017-14340: d8f0ead1e72bcc040a858ddf5d1de0a9d6cce8ca xfs: XFS_IS_REALTIME_INODE() should be false if no rt device present
CVE-2017-14991: 68fa36ad00f522ff6bab272247b3bd28c1959f33 scsi: sg: fixup infoleak when using SG_GET_REQUEST_TABLE
CVE-2017-9984: 77425f99e279723ed8bccd0905ba415ab803ad8d ALSA: msnd: Optimize / harden DSP and MIDI loops
CVE-2017-9985: 77425f99e279723ed8bccd0905ba415ab803ad8d ALSA: msnd: Optimize / harden DSP and MIDI loops
CVE-2018-10675: fd30faeaf0f5163356ec053ba9eb1d3b7923062c mm/mempolicy: fix use after free when calling get_mempolicy
CVEs fixed in 4.1.46:
CVE-2017-0786: 90747f38a8873726d7efd81112967147098a2139 brcmfmac: add length check in brcmf_cfg80211_escan_handler()
CVE-2017-12153: 621e000d660bfe0311ab38c8d2b1a778dee45ae3 nl80211: check for the required netlink attributes presence
CVE-2017-12154: e480290da7987e37be86140792640f42b84e915b kvm: nVMX: Don't allow L2 to access the hardware CR8
CVE-2017-12190: 97c0249ef452b3ac850b812948dd992b37cdbd46 fix unbalanced page refcounting in bio_map_user_iov
CVE-2017-12192: f6df8c11a4c89da683a46505aac8a31fe98f5339 KEYS: prevent KEYCTL_READ on negative key
CVE-2017-12193: 34a5c6ecc7ae4470cc6f415cbc3c5b97c15023fe assoc_array: Fix a buggy node-splitting case
CVE-2017-14156: 92153256b2429e23a4f736cd1eab8dc18ad9883e video: fbdev: aty: do not leak uninitialized padding in clk to userspace
CVE-2017-14489: 74fbce9bea7351161fb5864e2fc31c02145fcab7 scsi: scsi_transport_iscsi: fix the issue that iscsi_if_rx doesn't parse nlmsg properly
CVE-2017-15265: 507bb1c783c2edc4ea481a6eab7a6d2d88627624 ALSA: seq: Fix use-after-free at creating a port
CVE-2017-15299: 7aeb11ac706537b29b704c344572c3f9ac908389 KEYS: don't let add_key() update an uninstantiated key
CVE-2017-15649: cafd2b53da565ca30c48a146635c95d385d83b81 packet: in packet_do_bind, test fanout with bind_lock held
CVE-2017-16525: 42651349f0207b8ba3b80b5bd868d9872fbcc6c1 USB: serial: console: fix use-after-free after failed setup
CVE-2017-16526: bd2ec3b5dd378b6d156d6b200faba82f9f087b16 uwb: properly check kthread_run return value
CVE-2017-16527: 44084551aa36a8f3899cc7e73c52846560d8de6a ALSA: usb-audio: Kill stray URB at exiting
CVE-2017-16529: b01117b7bc02923baebcff895609561c78559c08 ALSA: usb-audio: Check out-of-bounds access by corrupted buffer descriptor
CVE-2017-16530: 0078c8c1a6819a8badf212df782e090559055241 USB: uas: fix bug in handling of alternate settings
CVE-2017-16531: de5ffcc63dbdaffffd93934003fd527673f4da0a USB: fix out-of-bounds in usb_set_configuration
CVE-2017-16533: 439f76690d7d5dd212ea7bebc1f2fa077e3d645d HID: usbhid: fix out-of-bounds bug
CVE-2017-16535: e4e541386c2e0221a2325fc83b18ddf683db1f29 USB: core: fix out-of-bounds access bug in usb_get_bos_descriptor()
CVE-2017-16643: 500f156985a31f47a2eadb5b709b245af4c3a05b Input: gtco - fix potential out-of-bound access
CVE-2017-18270: a50a0faa10c6d83ba4a16c4d6245e90000e2f02d KEYS: prevent creating a different user's keyrings
CVE-2018-9568: 0a11ea32304f6ad6daf5589b6626775b7f00015c net: Set sk_prot_creator when cloning sockets to the right proto
CVE-2020-14353: a50a0faa10c6d83ba4a16c4d6245e90000e2f02d KEYS: prevent creating a different user's keyrings
CVEs fixed in 4.1.47:
CVE-2017-10911: 516e503b7e1ea541ea3eac082ad1ee165ca6756a xen-blkback: don't leak stack data via response ring
CVE-2017-13080: 003aa22c9619b49efe950aca3aebd1235a04940d mac80211: accept key reinstall without changing anything
CVE-2017-15115: e33c3b35af697c34d89086580386c768ca038623 sctp: do not peel off an assoc from one netns to another one
CVE-2017-16528: c617803955ec5ec9a0310e76e34e4e03e02ca803 ALSA: seq: Cancel pending autoload work at unbinding device
CVE-2017-16532: b3c0b63e11eda6ef786fc35e0126e6e5ff828913 usb: usbtest: fix NULL pointer dereference
CVE-2017-16537: 95dba59e4def2ccef608665ed2439e1f8ff38799 media: imon: Fix null-ptr-deref in imon_probe
CVE-2017-16645: 84513107dc8602c675ec871b616128b49c6e259e Input: ims-psu - check if CDC union descriptor is sane
CVE-2017-16646: 10e6847a353761dbd0c710feed6c530c3a5f62af media: dib0700: fix invalid dvb_detach argument
CVE-2017-16650: 8e3bc0d48890704abdac3d5e0eb81ebc599cb921 net: qmi_wwan: fix divide by 0 on bad descriptors
CVE-2017-16994: 610622cac573aef67811fbffc865d9fba1611050 mm/pagewalk.c: report holes in hugetlb ranges
CVE-2017-18204: 1a4fecae70240a7f41615a20d8e5982f833b7268 ocfs2: should wait dio before inode lock in ocfs2_setattr()
CVE-2017-7518: c39c42d6c9291e3541cffee226b028961d35a9fb KVM: x86: fix singlestepping over syscall
CVE-2018-7191: 9bcd3577312ffa7e52b42e94ef3cf74d06e7b42f tun: call dev_get_valid_name() before register_netdevice()
CVEs fixed in 4.1.48:
CVE-2017-1000405: 88c251ffb80e140339cbe74f320d6cba38360ab5 mm, thp: Do not make page table dirty unconditionally in touch_p[mu]d()
CVE-2017-16536: ee16c9ea4ef98684378e020df9a4efa32955d767 cx231xx-cards: fix NULL-deref on missing association descriptor
CVE-2017-16939: 5e80f6036c71f6ce1dbba0ad2925c331767f76ac ipsec: Fix aborted xfrm policy dump crash
CVE-2017-18203: 48e57f6ddb74d12b71b6edbf15ba4c94035caa02 dm: fix race between dm_get_from_kobject() and __dm_destroy()
CVE-2017-18208: 83c85849819bd60f2806b079a01f283f8ae27f37 mm/madvise.c: fix madvise() infinite loop under special circumstances
CVEs fixed in 4.1.49:
CVE-2017-0861: 0bde6f9d1faf3d4aaf8346d8a326cf02e7ea1a3a ALSA: pcm: prevent UAF in snd_pcm_info
CVE-2017-1000407: 6552b7695ca65e6ca412948d4aa0179df69dbc1d KVM: VMX: remove I/O port 0x80 bypass on Intel hosts
CVE-2017-15274: c19aa530105b0d780ad72a78a7ef271037bcb774 KEYS: fix dereferencing NULL payload with nonzero length
CVE-2017-16914: 5319d08ca465eec277d04b5a3cee34f80b601c74 usbip: fix stub_send_ret_submit() vulnerability to null transfer_buffer
CVE-2017-17558: 5b2323b62af18be000ef627f302b5bf167402de6 USB: core: prevent malicious bNumInterfaces overflow
CVE-2017-17805: bbda4c57b91619642a94b193531312fe01bc2398 crypto: salsa20 - fix blkcipher_walk API usage
CVE-2017-17806: bd7f57da8fff9b75204d6dd2b3ac6a30a6430a5c crypto: hmac - require that the underlying hash algorithm is unkeyed
CVE-2017-2636: 209fd3f3ef14e0b0a1d07d6ff27d75c49e656e84 tty: n_hdlc: get rid of racy n_hdlc.tbuf
CVE-2017-6345: 4fc8ff15e26ecfe974b7a3f386550bcfd259b8b1 net/llc: avoid BUG_ON() in skb_orphan()
CVE-2017-6346: 7babaac5d49ee7a88a5a324668dd13b575635d09 packet: fix races in fanout_add()
CVE-2017-6348: c9556862a64b5ac85bfee1cfd4313615dc21d6f8 irda: Fix lockdep annotations in hashbin_delete().
CVE-2017-7184: 438db92d7f2792e3bad17be70e6edf0f44a081f0 xfrm_user: validate XFRM_MSG_NEWAE XFRMA_REPLAY_ESN_VAL replay_window
CVE-2018-7492: dcd241dca9507cf4b3980505e2482ed6aba347b5 rds: Fix NULL pointer dereference in __rds_rdma_map
CVEs fixed in 4.1.50:
CVE-2016-10318: e68557814c7e9e4943caca924ff5537952bb3b4e fscrypto: add authorization check for setting encryption policy
CVE-2016-9793: f99fb439e6aff4e9f8b91a80d48b2a2d97aa2248 net: avoid signed overflows for SO_{SND|RCV}BUFFORCE
CVE-2017-1000410: 395cba875fa35b1a23d2bd1951c555d3d0a5d5be Bluetooth: Prevent stack info leak from the EFS element.
CVE-2017-13216: 700dbec6cafafbe5e018a90e8e92a4762c19884d staging: android: ashmem: fix a race condition in ASHMEM_SET_SIZE ioctl
CVE-2017-13305: 1f338384b46b16f9682c8e01f8d158e90e5d6cc2 KEYS: encrypted: fix buffer overread in valid_master_desc()
CVE-2017-16538: 596a157dfeef68f30e38d3a38e21b9d4d4c6b644 media: dvb-usb-v2: lmedm04: Improve logic checking of warm start
CVE-2017-16911: 8c2b2e645aa47c2e9910e168398f7d28d31a0dc3 usbip: prevent vhci_hcd driver from leaking a socket pointer address
CVE-2017-16912: fcd31102e7ff3c83c6a6cda08156393e18c5e8f3 usbip: fix stub_rx: get_pipe() to validate endpoint number
CVE-2017-16913: 41ab9559b047a8a3f958a89f0202772a1aeaf4e4 usbip: fix stub_rx: harden CMD_SUBMIT path to handle malicious input
CVE-2017-17448: 6d752a482cf7ce18ca96abaf0a159e801d4c38e8 netfilter: nfnetlink_cthelper: Add missing permission checks
CVE-2017-17449: e85c6629ac5fbef352ced9925d264965ebacdf20 netlink: Add netns check on taps
CVE-2017-17450: 6a45beb377097053f1b293db3d0e01f35b3a7cbf netfilter: xt_osf: Add missing permission checks
CVE-2017-17741: bec1dbb0f0a93d5eb9d6b2741ead4156408d8150 KVM: Fix stack-out-of-bounds read in write_mmio
CVE-2017-18344: 16cd05f25489459d10035ffab9cb7391512f1437 posix-timer: Properly check sigevent->sigev_notify
CVE-2017-18595: ca8476b2170d7500609f1fc6945a03e80eb58f6c tracing: Fix possible double free on failure of allocating trace buffer
CVE-2017-8824: 203e5dcc6edbe7248c9800689da3dd316f4c434a dccp: CVE-2017-8824: use-after-free in DCCP code
CVE-2018-1000004: f8a38ab4cd9624fc5ac8a7f965c7b20f5b62c03c ALSA: seq: Make ioctls race-free
CVE-2018-1000028: 48978a7cb8586c49875ccbc6d243c880e4cbaf44 nfsd: auth: Fix gid sorting when rootsquash enabled
CVE-2018-18386: 9820d89b1a266ac573dae8fa46e4aa43f277a302 n_tty: fix EXTPROC vs ICANON interaction with TIOCINQ (aka FIONREAD)
CVE-2018-5332: 4b1ffce255006f1220fce0f24772b9563ed91088 RDS: Heap OOB write in rds_message_alloc_sgs()
CVE-2018-5333: ad99858fa14a888b77dc2095f412e443639f953c RDS: null pointer dereference in rds_atomic_free_op
CVE-2018-5344: f3ddd4df852f8c2ed11d09086b64a3be76ea2aed loop: fix concurrent lo_open/lo_release
CVE-2018-5750: 4e5d88a911f6c610afe11b36c9b3b36f8928daf7 ACPI: sbshc: remove raw pointer from printk() message
CVE-2018-5873: 2ce8a62d862e3bcd16d12d6d7d71c0a343f4f99a nsfs: mark dentry with DCACHE_RCUACCESS
CVE-2018-6927: c3e715e4a45301380a1ae1f677de2f1a428b6349 futex: Prevent overflow by strengthen input validation
CVE-2018-7566: e78748b40e887c6e544dab71653858c370e283ea ALSA: seq: Fix racy pool initializations
CVEs fixed in 4.1.51:
CVE-2018-1068: 1829a59ba6e8fa6467ea4607cf086b5e2d8d6426 netfilter: ebtables: CONFIG_COMPAT: don't trust userland offsets
CVE-2018-5803: b434e837642049c96cf56c730279f410d520b33b sctp: verify size of a new chunk in _sctp_make_chunk()
CVE-2018-7480: 2191fc0f29b2d4e8e3e4aa5bf75df771aa7b1f88 blkcg: fix double free of new_blkg in blkcg_init_queue
CVE-2018-7995: 39a50471ea262c0a21d22d1c9a8d4c1bcac39865 x86/MCE: Serialize sysfs changes
CVE-2019-9456: eaca72671725b4bbaadfc3a0b07a3e26f285677c usb: usbmon: Read text within supplied buffer size
CVEs fixed in 4.1.52:
CVE-2017-17712: d61b40939ebdc84dad77dbc78c3e26ad9d2da68b net: ipv4: fix for a race condition in raw_sendmsg
CVE-2017-17975: 6291e1b9e71003fe84b902efa4c3994605d925df media: usbtv: prevent double free in error case
CVE-2018-1000199: 3e9eff8b3c9f0e886ffef7621673fde3bb629601 perf/hwbp: Simplify the perf-hwbp code, fix documentation
CVE-2018-1066: b0b6d2f2c5377d169598f0ca00c25a78db651d35 CIFS: Enable encryption during session setup phase
CVE-2018-1087: 4dc9ef4cf4830e6c001513b1a876ab32fe001b9a kvm/x86: fix icebp instruction handling
CVE-2018-10940: 888f807c68bc7a4d96429d28a12cba9a045e3c79 cdrom: information leak in cdrom_ioctl_media_changed()
CVE-2018-1130: b8415da3f6caf0842f86acbfa03b86eb4fbb3d4e dccp: check sk for closed state in dccp_sendmsg()
CVE-2018-7757: e0ef494d21a96b888cc8f878906a0c04238bf15d scsi: libsas: fix memory leak in sas_smp_get_phy_events()
CVE-2018-8781: 631334908d120129678f68cdcca333565748fde7 drm: udl: Properly check framebuffer mmap offsets
CVE-2018-8822: f67d1bdb52086230095895d6d0034953967cad78 staging: ncpfs: memory corruption in ncp_read_kernel()
CVE-2018-9385: dbb94eebe42ac07eaee43afc23acdd0bf5674036 ARM: amba: Don't read past the end of sysfs "driver_override" buffer
CVE-2018-9415: 1d4ddc30e2b52aeb1b42c1c1a35b4b3792ce162e ARM: amba: Fix race condition with driver_override
CVE-2018-9422: 1b58e046b7647bc44f83afd68e07c52c60d27bcc futex: Remove requirement for lock_page() in get_futex_key()
Outstanding CVEs:
CVE-2005-3660: (unk)
CVE-2007-3719: (unk)
CVE-2008-2544: (unk)
CVE-2008-4609: (unk)
CVE-2010-4563: (unk)
CVE-2010-5321: (unk)
CVE-2011-4916: (unk)
CVE-2011-4917: (unk)
CVE-2012-4542: (unk)
CVE-2013-7445: (unk)
CVE-2015-2877: (unk)
CVE-2015-4004: (unk) staging: ozwpan: Remove from tree
CVE-2015-7515: (unk) Input: aiptek - fix crash on detecting device without endpoints
CVE-2015-7885: (unk) staging/dgnc: fix info leak in ioctl
CVE-2015-8550: (unk) xen: Add RING_COPY_REQUEST()
CVE-2015-8551: (unk) xen/pciback: Return error on XEN_PCI_OP_enable_msi when device has MSI or MSI-X enabled
CVE-2015-8552: (unk) xen/pciback: Return error on XEN_PCI_OP_enable_msi when device has MSI or MSI-X enabled
CVE-2015-8709: (unk) mm: Add a user_ns owner to mm_struct and fix ptrace permission checks
CVE-2015-8952: (unk) ext2: convert to mbcache2
CVE-2015-8962: (unk) sg: Fix double-free when drives detach during SG_IO
CVE-2015-8963: (unk) perf: Fix race in swevent hash
CVE-2015-8964: (unk) tty: Prevent ldisc drivers from re-using stale tty fields
CVE-2015-9016: (unk) blk-mq: fix race between timeout and freeing request
CVE-2016-0758: (unk) KEYS: Fix ASN.1 indefinite length object parsing
CVE-2016-10044: (unk) aio: mark AIO pseudo-fs noexec
CVE-2016-10147: (unk) crypto: mcryptd - Check mcryptd algorithm compatibility
CVE-2016-10200: (unk) l2tp: fix racy SOCK_ZAPPED flag check in l2tp_ip{,6}_bind()
CVE-2016-10208: (unk) ext4: validate s_first_meta_bg at mount time
CVE-2016-10723: (unk) mm, oom: remove sleep from under oom_lock
CVE-2016-10741: (unk) xfs: don't BUG() on mixed direct and mapped I/O
CVE-2016-10905: (unk) GFS2: don't set rgrp gl_object until it's inserted into rgrp tree
CVE-2016-10906: (unk) net: arc_emac: fix koops caused by sk_buff free
CVE-2016-2053: (unk) ASN.1: Fix non-match detection failure on data overrun
CVE-2016-3070: (unk) mm: migrate dirty page without clear_page_dirty_for_io etc
CVE-2016-3672: (unk) x86/mm/32: Enable full randomization on i386 and X86_32
CVE-2016-3857: (unk) arm: oabi compat: add missing access checks
CVE-2016-3951: (unk) cdc_ncm: do not call usbnet_link_change from cdc_ncm_bind
CVE-2016-4482: (unk) USB: usbfs: fix potential infoleak in devio
CVE-2016-5243: (unk) tipc: fix an infoleak in tipc_nl_compat_link_dump
CVE-2016-5244: (unk) rds: fix an infoleak in rds_inc_info_copy
CVE-2016-5728: (unk) misc: mic: Fix for double fetch security bug in VOP driver
CVE-2016-6130: (unk) s390/sclp_ctl: fix potential information leak with /dev/sclp
CVE-2016-6198: (unk) vfs: add vfs_select_inode() helper
CVE-2016-7917: (unk) netfilter: nfnetlink: correctly validate length of batch messages
CVE-2016-8630: (unk) kvm: x86: Check memopp before dereference (CVE-2016-8630)
CVE-2016-8645: (unk) tcp: take care of truncations done by sk_filter()
CVE-2016-8646: (unk) crypto: algif_hash - Only export and import on sockets with data
CVE-2016-8650: (unk) mpi: Fix NULL ptr dereference in mpi_powm()
CVE-2016-8658: (unk) brcmfmac: avoid potential stack overflow in brcmf_cfg80211_start_ap()
CVE-2016-9555: (unk) sctp: validate chunk len before actually using it
CVE-2016-9756: (unk) KVM: x86: drop error recovery in em_jmp_far and em_ret_far
CVE-2016-9794: (unk) ALSA: pcm : Call kill_fasync() in stream lock
CVE-2017-0605: (unk) tracing: Use strlcpy() instead of strcpy() in __trace_find_cmdline()
CVE-2017-1000: (unk) udp: consistently apply ufo or fragmentation
CVE-2017-1000112: (unk) udp: consistently apply ufo or fragmentation
CVE-2017-10810: (unk) drm/virtio: don't leak bo on drm_gem_object_init failure
CVE-2017-11472: (unk) ACPICA: Namespace: fix operand cache leak
CVE-2017-12134: (unk) xen: fix bio vec merging
CVE-2017-12168: (unk) arm64: KVM: pmu: Fix AArch32 cycle counter access
CVE-2017-12762: (unk) isdn/i4l: fix buffer overflow
CVE-2017-13166: (unk) media: v4l2-ioctl.c: use check_fmt for enum/g/s/try_fmt
CVE-2017-13168: (unk) scsi: sg: mitigate read/write abuse
CVE-2017-13215: (unk) crypto: algif_skcipher - Load TX SG list after waiting
CVE-2017-13693: (unk)
CVE-2017-13694: (unk)
CVE-2017-13695: (unk) ACPICA: acpi: acpica: fix acpi operand cache leak in nseval.c
CVE-2017-14140: (unk) Sanitize 'move_pages()' permission checks
CVE-2017-15102: (unk) usb: misc: legousbtower: Fix NULL pointer deference
CVE-2017-15116: (unk) crypto: rng - Remove old low-level rng interface
CVE-2017-15129: (unk) net: Fix double free and memory corruption in get_net_ns_by_id()
CVE-2017-15537: (unk) x86/fpu: Don't let userspace set bogus xcomp_bv
CVE-2017-16648: (unk) dvb_frontend: don't use-after-free the frontend struct
CVE-2017-16649: (unk) net: cdc_ether: fix divide by 0 on bad descriptors
CVE-2017-16995: (unk) bpf: fix incorrect sign extension in check_alu_op()
CVE-2017-17807: (unk) KEYS: add missing permission check for request_key() destination
CVE-2017-17862: (unk) bpf: fix branch pruning logic
CVE-2017-18174: (unk) pinctrl: amd: Use devm_pinctrl_register() for pinctrl registration
CVE-2017-18193: (unk) f2fs: fix a bug caused by NULL extent tree
CVE-2017-18216: (unk) ocfs2: subsystem.su_mutex is required while accessing the item->ci_parent
CVE-2017-18232: (unk) scsi: libsas: direct call probe and destruct
CVE-2017-18241: (unk) f2fs: fix a panic caused by NULL flush_cmd_control
CVE-2017-18249: (unk) f2fs: fix race condition in between free nid allocator/initializer
CVE-2017-18261: (unk) clocksource/drivers/arm_arch_timer: Avoid infinite recursion when ftrace is enabled
CVE-2017-18509: (unk) ipv6: check sk sk_type and protocol early in ip_mroute_set/getsockopt
CVE-2017-18551: (unk) i2c: core-smbus: prevent stack corruption on read I2C_BLOCK_DATA
CVE-2017-18552: (unk) RDS: validate the requested traces user input against max supported
CVE-2017-2583: (unk) KVM: x86: fix emulation of "MOV SS, null selector"
CVE-2017-2584: (unk) KVM: x86: Introduce segmented_write_std
CVE-2017-5551: (unk) tmpfs: clear S_ISGID when setting posix ACLs
CVE-2017-5715: (unk) x86/cpufeatures: Add X86_BUG_SPECTRE_V[12]
CVE-2017-5753: (unk) x86/cpufeatures: Add X86_BUG_SPECTRE_V[12]
CVE-2017-5754: (unk) x86/cpufeatures: Add Intel feature bits for Speculation Control
CVE-2017-5897: (unk) ip6_gre: fix ip6gre_err() invalid reads
CVE-2017-5967: (unk) time: Remove CONFIG_TIMER_STATS
CVE-2017-5970: (unk) ipv4: keep skb->dst around in presence of IP options
CVE-2017-5972: (unk) tcp: do not lock listener to process SYN packets
CVE-2017-5986: (unk) sctp: avoid BUG_ON on sctp_wait_for_sndbuf
CVE-2017-6001: (unk) perf/core: Fix concurrent sys_perf_event_open() vs. 'move_group' race
CVE-2017-6214: (unk) tcp: avoid infinite loop in tcp_splice_read()
CVE-2017-6347: (unk) ip: fix IP_CHECKSUM handling
CVE-2017-6353: (unk) sctp: deny peeloff operation on asocs with threads sleeping on it
CVE-2017-7346: (unk) drm/vmwgfx: limit the number of mip levels in vmw_gb_surface_define_ioctl()
CVE-2017-7533: (unk) dentry name snapshots
CVE-2017-8065: (unk) crypto: ccm - move cbcmac input off the stack
CVE-2017-8797: (unk) nfsd: fix undefined behavior in nfsd4_layout_verify
CVE-2017-9076: (unk) ipv6/dccp: do not inherit ipv6_mc_list from parent
CVE-2017-9077: (unk) ipv6/dccp: do not inherit ipv6_mc_list from parent
CVE-2017-9605: (unk) drm/vmwgfx: Make sure backup_handle is always valid
CVE-2017-9725: (unk) mm: cma: fix incorrect type conversion for size during dma allocation
CVE-2017-9986: (unk) sound: Retire OSS
CVE-2018-1000026: (unk) bnx2x: disable GSO where gso_size is too big for hardware
CVE-2018-1000204: (unk) scsi: sg: allocate with __GFP_ZERO in sg_build_indirect()
CVE-2018-10021: (unk) scsi: libsas: defer ata device eh commands to libata
CVE-2018-10087: (unk) kernel/exit.c: avoid undefined behaviour when calling wait4()
CVE-2018-10124: (unk) kernel/signal.c: avoid undefined behaviour in kill_something_info
CVE-2018-10322: (unk) xfs: enhance dinode verifier
CVE-2018-10323: (unk) xfs: set format back to extents if xfs_bmap_extents_to_btree
CVE-2018-10876: (unk) ext4: only look at the bg_flags field if it is valid
CVE-2018-10877: (unk) ext4: verify the depth of extent tree in ext4_find_extent()
CVE-2018-10878: (unk) ext4: always check block group bounds in ext4_init_block_bitmap()
CVE-2018-10879: (unk) ext4: make sure bitmaps and the inode table don't overlap with bg descriptors
CVE-2018-10880: (unk) ext4: never move the system.data xattr out of the inode body
CVE-2018-10881: (unk) ext4: clear i_data in ext4_inode_info when removing inline data
CVE-2018-10882: (unk) ext4: add more inode number paranoia checks
CVE-2018-10883: (unk) jbd2: don't mark block as modified if the handle is out of credits
CVE-2018-10902: (unk) ALSA: rawmidi: Change resized buffers atomically
CVE-2018-1092: (unk) ext4: fail ext4_iget for root directory if unallocated
CVE-2018-1093: (unk) ext4: add validity checks for bitmap block numbers
CVE-2018-10938: (unk) Cipso: cipso_v4_optptr enter infinite loop
CVE-2018-1120: (unk) proc: do not access cmdline nor environ from file-backed areas
CVE-2018-1121: (unk)
CVE-2018-1128: (unk) libceph: add authorizer challenge
CVE-2018-1129: (unk) libceph: implement CEPHX_V2 calculation mode
CVE-2018-12126: (unk) s390/speculation: Support 'mitigations=' cmdline option
CVE-2018-12127: (unk) s390/speculation: Support 'mitigations=' cmdline option
CVE-2018-12130: (unk) s390/speculation: Support 'mitigations=' cmdline option
CVE-2018-12207: (unk) kvm: x86, powerpc: do not allow clearing largepages debugfs entry
CVE-2018-12233: (unk) jfs: Fix inconsistency between memory allocation and ea_buf->max_size
CVE-2018-12896: (unk) posix-timers: Sanitize overrun handling
CVE-2018-12928: (unk)
CVE-2018-12929: (unk)
CVE-2018-12930: (unk)
CVE-2018-12931: (unk)
CVE-2018-13053: (unk) alarmtimer: Prevent overflow for relative nanosleep
CVE-2018-13093: (unk) xfs: validate cached inodes are free when allocated
CVE-2018-13094: (unk) xfs: don't call xfs_da_shrink_inode with NULL bp
CVE-2018-13095: (unk) xfs: More robust inode extent count validation
CVE-2018-13096: (unk) f2fs: fix to do sanity check with node footer and iblocks
CVE-2018-13097: (unk) f2fs: fix to do sanity check with user_block_count
CVE-2018-13098: (unk) f2fs: fix to do sanity check with extra_attr feature
CVE-2018-13099: (unk) f2fs: fix to do sanity check with reserved blkaddr of inline inode
CVE-2018-13100: (unk) f2fs: fix to do sanity check with secs_per_zone
CVE-2018-13405: (unk) Fix up non-directory creation in SGID directories
CVE-2018-13406: (unk) video: uvesafb: Fix integer overflow in allocation
CVE-2018-14609: (unk) btrfs: relocation: Only remove reloc rb_trees if reloc control has been initialized
CVE-2018-14610: (unk) btrfs: Check that each block group has corresponding chunk at mount time
CVE-2018-14611: (unk) btrfs: validate type when reading a chunk
CVE-2018-14612: (unk) btrfs: tree-checker: Detect invalid and empty essential trees
CVE-2018-14613: (unk) btrfs: tree-checker: Verify block_group_item
CVE-2018-14614: (unk) f2fs: fix to do sanity check with cp_pack_start_sum
CVE-2018-14616: (unk) f2fs: fix to do sanity check with block address in main area v2
CVE-2018-14617: (unk) hfsplus: fix NULL dereference in hfsplus_lookup()
CVE-2018-14633: (unk) scsi: target: iscsi: Use hex2bin instead of a re-implementation
CVE-2018-14734: (unk) infiniband: fix a possible use-after-free bug
CVE-2018-15572: (unk) x86/speculation: Protect against userspace-userspace spectreRSB
CVE-2018-16276: (unk) USB: yurex: fix out-of-bounds uaccess in read handler
CVE-2018-16597: (unk) ovl: modify ovl_permission() to do checks on two inodes
CVE-2018-16658: (unk) cdrom: Fix info leak/OOB read in cdrom_ioctl_drive_status
CVE-2018-16862: (unk) mm: cleancache: fix corruption on missed inode invalidation
CVE-2018-16884: (unk) sunrpc: use-after-free in svc_process_common()
CVE-2018-17182: (unk) mm: get rid of vmacache_flush_all() entirely
CVE-2018-17972: (unk) proc: restrict kernel stack dumps to root
CVE-2018-17977: (unk)
CVE-2018-18021: (unk) arm64: KVM: Tighten guest core register access from userspace
CVE-2018-18281: (unk) mremap: properly flush TLB before releasing the page
CVE-2018-18690: (unk) xfs: don't fail when converting shortform attr to long form during ATTR_REPLACE
CVE-2018-18710: (unk) cdrom: fix improper type cast, which can leat to information leak.
CVE-2018-19824: (unk) ALSA: usb-audio: Fix UAF decrement if card has no live interfaces in card.c
CVE-2018-19985: (unk) USB: hso: Fix OOB memory access in hso_probe/hso_get_config_data
CVE-2018-20169: (unk) USB: check usb_get_extra_descriptor for proper size
CVE-2018-20509: (unk) binder: refactor binder ref inc/dec for thread safety
CVE-2018-20510: (unk) binder: replace "%p" with "%pK"
CVE-2018-20511: (unk) net/appletalk: fix minor pointer leak to userspace in SIOCFINDIPDDPRT
CVE-2018-20836: (unk) scsi: libsas: fix a race condition when smp task timeout
CVE-2018-20854: (unk) phy: ocelot-serdes: fix out-of-bounds read
CVE-2018-20855: (unk) IB/mlx5: Fix leaking stack memory to userspace
CVE-2018-20856: (unk) block: blk_init_allocated_queue() set q->fq as NULL in the fail case
CVE-2018-20976: (unk) xfs: clear sb->s_fs_info on mount failure
CVE-2018-21008: (unk) rsi: add fix for crash during assertions
CVE-2018-25020: (unk) bpf: fix truncated jump targets on heavy expansions
CVE-2018-3620: (unk) x86/microcode: Allow late microcode loading with SMT disabled
CVE-2018-3639: (unk) x86/nospec: Simplify alternative_msr_write()
CVE-2018-3646: (unk) x86/microcode: Allow late microcode loading with SMT disabled
CVE-2018-3693: (unk) ext4: fix spectre gadget in ext4_mb_regular_allocator()
CVE-2018-5391: (unk) ip: discard IPv4 datagrams with overlapping segments.
CVE-2018-5814: (unk) usbip: usbip_host: fix NULL-ptr deref and use-after-free errors
CVE-2018-5848: (unk) wil6210: missing length check in wmi_set_ie
CVE-2018-5953: (unk) printk: hash addresses printed with %p
CVE-2018-5995: (unk) printk: hash addresses printed with %p
CVE-2018-6412: (unk) fbdev: Fixing arbitrary kernel leak in case FBIOGETCMAP_SPARC in sbusfb_ioctl_helper().
CVE-2018-6554: (unk) staging: irda: remove the irda network stack and drivers
CVE-2018-6555: (unk) staging: irda: remove the irda network stack and drivers
CVE-2018-7273: (unk) printk: hash addresses printed with %p
CVE-2018-7754: (unk) printk: hash addresses printed with %p
CVE-2018-7755: (unk) floppy: Do not copy a kernel pointer to user memory in FDGETPRM ioctl
CVE-2018-8043: (unk) net: phy: mdio-bcm-unimac: fix potential NULL dereference in unimac_mdio_probe()
CVE-2018-8897: (unk) x86/entry/64: Don't use IST entry for #BP stack
CVE-2018-9363: (unk) Bluetooth: hidp: buffer overflow in hidp_process_report
CVE-2018-9465: (unk) binder: fix proc->files use-after-free
CVE-2018-9516: (unk) HID: debug: check length before copy_to_user()
CVE-2018-9517: (unk) l2tp: pass tunnel pointer to ->session_create()
CVE-2018-9518: (unk) NFC: llcp: Limit size of SDP URI
CVE-2019-0136: (unk) mac80211: drop robust management frames from unknown TA
CVE-2019-0148: (unk) i40e: Wrong truncation from u16 to u8
CVE-2019-0154: (unk) drm/i915: Lower RM timeout to avoid DSI hard hangs
CVE-2019-0155: (unk) drm/i915: Rename gen7 cmdparser tables
CVE-2019-10126: (unk) mwifiex: Fix heap overflow in mwifiex_uap_parse_tail_ies()
CVE-2019-10142: (unk) drivers/virt/fsl_hypervisor.c: prevent integer overflow in ioctl
CVE-2019-10207: (unk) Bluetooth: hci_uart: check for missing tty operations
CVE-2019-10220: (unk) Convert filldir[64]() from __put_user() to unsafe_put_user()
CVE-2019-10638: (unk) inet: switch IP ID generator to siphash
CVE-2019-10639: (unk) netns: provide pure entropy for net_hash_mix()
CVE-2019-11091: (unk) s390/speculation: Support 'mitigations=' cmdline option
CVE-2019-11135: (unk) x86/msr: Add the IA32_TSX_CTRL MSR
CVE-2019-11190: (unk) binfmt_elf: switch to new creds when switching to new mm
CVE-2019-11191: (unk) x86: Deprecate a.out support
CVE-2019-1125: (unk) x86/speculation: Prepare entry code for Spectre v1 swapgs mitigations
CVE-2019-11477: (unk) tcp: limit payload size of sacked skbs
CVE-2019-11478: (unk) tcp: tcp_fragment() should apply sane memory limits
CVE-2019-11479: (unk) tcp: add tcp_min_snd_mss sysctl
CVE-2019-11486: (unk) tty: mark Siemens R3964 line discipline as BROKEN
CVE-2019-11487: (unk) fs: prevent page refcount overflow in pipe_buf_get
CVE-2019-11599: (unk) coredump: fix race condition between mmget_not_zero()/get_task_mm() and core dumping
CVE-2019-11810: (unk) scsi: megaraid_sas: return error when create DMA pool failed
CVE-2019-11833: (unk) ext4: zero out the unused memory region in the extent tree block
CVE-2019-11884: (unk) Bluetooth: hidp: fix buffer overflow
CVE-2019-12378: (unk) ipv6_sockglue: Fix a missing-check bug in ip6_ra_control()
CVE-2019-12379: (unk) consolemap: Fix a memory leaking bug in drivers/tty/vt/consolemap.c
CVE-2019-12380: (unk) efi/x86/Add missing error handling to old_memmap 1:1 mapping code
CVE-2019-12381: (unk) ip_sockglue: Fix missing-check bug in ip_ra_control()
CVE-2019-12382: (unk) drm/edid: Fix a missing-check bug in drm_load_edid_firmware()
CVE-2019-12456: (unk)
CVE-2019-12614: (unk) powerpc/pseries/dlpar: Fix a missing check in dlpar_parse_cc_property()
CVE-2019-12615: (unk) mdesc: fix a missing-check bug in get_vdev_port_node_info()
CVE-2019-12818: (unk) net: nfc: Fix NULL dereference on nfc_llcp_build_tlv fails
CVE-2019-12819: (unk) mdio_bus: Fix use-after-free on device_register fails
CVE-2019-12881: (unk) drm/i915/userptr: reject zero user_size
CVE-2019-13272: (unk) ptrace: Fix ->ptracer_cred handling for PTRACE_TRACEME
CVE-2019-13631: (unk) Input: gtco - bounds check collection indent level
CVE-2019-13648: (unk) powerpc/tm: Fix oops on sigreturn on systems without TM
CVE-2019-14283: (unk) floppy: fix out-of-bounds read in copy_buffer
CVE-2019-14284: (unk) floppy: fix div-by-zero in setup_format_params
CVE-2019-14615: (unk) drm/i915/gen9: Clear residual context state on context switch
CVE-2019-14814: (unk) mwifiex: Fix three heap overflow at parsing element in cfg80211_ap_settings
CVE-2019-14816: (unk) mwifiex: Fix three heap overflow at parsing element in cfg80211_ap_settings
CVE-2019-14821: (unk) KVM: coalesced_mmio: add bounds checking
CVE-2019-14835: (unk) vhost: make sure log_num < in_num
CVE-2019-14895: (unk) mwifiex: fix possible heap overflow in mwifiex_process_country_ie()
CVE-2019-14896: (unk) libertas: Fix two buffer overflows at parsing bss descriptor
CVE-2019-14897: (unk) libertas: Fix two buffer overflows at parsing bss descriptor
CVE-2019-14901: (unk) mwifiex: Fix heap overflow in mmwifiex_process_tdls_action_frame()
CVE-2019-15098: (unk) ath6kl: fix a NULL-ptr-deref bug in ath6kl_usb_alloc_urb_from_pipe()
CVE-2019-15117: (unk) ALSA: usb-audio: Fix an OOB bug in parse_audio_mixer_unit
CVE-2019-15118: (unk) ALSA: usb-audio: Fix a stack buffer overflow bug in check_input_term
CVE-2019-15211: (unk) media: radio-raremono: change devm_k*alloc to k*alloc
CVE-2019-15212: (unk) USB: rio500: refuse more than one device at a time
CVE-2019-15214: (unk) ALSA: core: Fix card races between register and disconnect
CVE-2019-15215: (unk) media: cpia2_usb: first wake up, then free in disconnect
CVE-2019-15216: (unk) USB: yurex: Fix protection fault after device removal
CVE-2019-15217: (unk) media: usb:zr364xx:Fix KASAN:null-ptr-deref Read in zr364xx_vidioc_querycap
CVE-2019-15218: (unk) media: usb: siano: Fix general protection fault in smsusb
CVE-2019-15219: (unk) USB: sisusbvga: fix oops in error path of sisusb_probe
CVE-2019-15220: (unk) p54usb: Fix race between disconnect and firmware loading
CVE-2019-15221: (unk) ALSA: line6: Fix write on zero-sized buffer
CVE-2019-15222: (unk) ALSA: usb-audio: Fix gpf in snd_usb_pipe_sanity_check
CVE-2019-15223: (unk) ALSA: line6: Assure canceling delayed work at disconnection
CVE-2019-15239: (unk)
CVE-2019-15290: (unk)
CVE-2019-15291: (unk) media: b2c2-flexcop-usb: add sanity checking
CVE-2019-15292: (unk) appletalk: Fix use-after-free in atalk_proc_exit
CVE-2019-15505: (unk) media: technisat-usb2: break out of loop at end of buffer
CVE-2019-15666: (unk) xfrm: policy: Fix out-of-bound array accesses in __xfrm_policy_unlink
CVE-2019-15807: (unk) scsi: libsas: delete sas port if expander discover failed
CVE-2019-15902: (unk)
CVE-2019-15916: (unk) net-sysfs: Fix mem leak in netdev_register_kobject
CVE-2019-15917: (unk) Bluetooth: hci_ldisc: Postpone HCI_UART_PROTO_READY bit set in hci_uart_set_proto()
CVE-2019-15926: (unk) ath6kl: add some bounds checking
CVE-2019-15927: (unk) ALSA: usb-audio: Avoid access before bLength check in build_audio_procunit()
CVE-2019-16230: (unk) drm/amdkfd: fix a potential NULL pointer dereference (v2)
CVE-2019-16232: (unk) libertas: fix a potential NULL pointer dereference
CVE-2019-16233: (unk) scsi: qla2xxx: fix a potential NULL pointer dereference
CVE-2019-16413: (unk) 9p: use inode->i_lock to protect i_size_write() under 32-bit
CVE-2019-16746: (unk) nl80211: validate beacon head
CVE-2019-16921: (unk) RDMA/hns: Fix init resp when alloc ucontext
CVE-2019-16995: (unk) net: hsr: fix memory leak in hsr_dev_finalize()
CVE-2019-17052: (unk) ax25: enforce CAP_NET_RAW for raw sockets
CVE-2019-17053: (unk) ieee802154: enforce CAP_NET_RAW for raw sockets
CVE-2019-17054: (unk) appletalk: enforce CAP_NET_RAW for raw sockets
CVE-2019-17055: (unk) mISDN: enforce CAP_NET_RAW for raw sockets
CVE-2019-17056: (unk) nfc: enforce CAP_NET_RAW for raw sockets
CVE-2019-17075: (unk) RDMA/cxgb4: Do not dma memory off of the stack
CVE-2019-17133: (unk) cfg80211: wext: avoid copying malformed SSIDs
CVE-2019-17351: (unk) xen: let alloc_xenballooned_pages() fail if not enough memory free
CVE-2019-17666: (unk) rtlwifi: Fix potential overflow on P2P code
CVE-2019-18282: (unk) net/flow_dissector: switch to siphash
CVE-2019-18660: (unk) powerpc/book3s64: Fix link stack flush on context switch
CVE-2019-18675: (unk) mmap: introduce sane default mmap limits
CVE-2019-18680: (unk)
CVE-2019-18683: (unk) media: vivid: Fix wrong locking that causes race conditions on streaming stop
CVE-2019-18806: (unk) net: qlogic: Fix memory leak in ql_alloc_large_buffers
CVE-2019-18885: (unk) btrfs: merge btrfs_find_device and find_device
CVE-2019-19036: (unk) btrfs: Detect unbalanced tree with empty leaf before crashing btree operations
CVE-2019-19039: (unk) btrfs: Don't submit any btree write bio if the fs has errors
CVE-2019-19049: (unk) of: unittest: fix memory leak in unittest_data_add
CVE-2019-19052: (unk) can: gs_usb: gs_can_open(): prevent memory leak
CVE-2019-19054: (unk) media: rc: prevent memory leak in cx23888_ir_probe
CVE-2019-19056: (unk) mwifiex: pcie: Fix memory leak in mwifiex_pcie_alloc_cmdrsp_buf
CVE-2019-19057: (unk) mwifiex: pcie: Fix memory leak in mwifiex_pcie_init_evt_ring
CVE-2019-19060: (unk) iio: imu: adis16400: release allocated memory on failure
CVE-2019-19061: (unk) iio: imu: adis16400: fix memory leak
CVE-2019-19062: (unk) crypto: user - fix memory leak in crypto_report
CVE-2019-19063: (unk) rtlwifi: prevent memory leak in rtl_usb_probe
CVE-2019-19066: (unk) scsi: bfa: release allocated memory in case of error
CVE-2019-19073: (unk) ath9k_htc: release allocated buffer if timed out
CVE-2019-19074: (unk) ath9k: release allocated buffer if timed out
CVE-2019-19227: (unk) appletalk: Fix potential NULL pointer dereference in unregister_snap_client
CVE-2019-19241: (unk) io_uring: async workers should inherit the user creds
CVE-2019-19319: (unk) ext4: protect journal inode's blocks using block_validity
CVE-2019-19332: (unk) KVM: x86: fix out-of-bounds write in KVM_GET_EMULATED_CPUID (CVE-2019-19332)
CVE-2019-19377: (unk) btrfs: Don't submit any btree write bio if the fs has errors
CVE-2019-19378: (unk)
CVE-2019-19447: (unk) ext4: work around deleting a file with i_nlink == 0 safely
CVE-2019-19448: (unk) btrfs: only search for left_info if there is no right_info in try_merge_free_space
CVE-2019-19449: (unk) f2fs: fix to do sanity check on segment/section count
CVE-2019-19523: (unk) USB: adutux: fix use-after-free on disconnect
CVE-2019-19524: (unk) Input: ff-memless - kill timer in destroy()
CVE-2019-19527: (unk) HID: hiddev: do cleanup in failure of opening a device
CVE-2019-19528: (unk) USB: iowarrior: fix use-after-free on disconnect
CVE-2019-19530: (unk) usb: cdc-acm: make sure a refcount is taken early enough
CVE-2019-19531: (unk) usb: yurex: Fix use-after-free in yurex_delete
CVE-2019-19532: (unk) HID: Fix assumption that devices have inputs
CVE-2019-19533: (unk) media: ttusb-dec: Fix info-leak in ttusb_dec_send_command()
CVE-2019-19534: (unk) can: peak_usb: fix slab info leak
CVE-2019-19535: (unk) can: peak_usb: pcan_usb_fd: Fix info-leaks to USB devices
CVE-2019-19536: (unk) can: peak_usb: pcan_usb_pro: Fix info-leaks to USB devices
CVE-2019-19537: (unk) USB: core: Fix races in character device registration and deregistraion
CVE-2019-19768: (unk) blktrace: Protect q->blk_trace with RCU
CVE-2019-19813: (unk) btrfs: inode: Verify inode mode to avoid NULL pointer dereference
CVE-2019-19814: (unk)
CVE-2019-19815: (unk) f2fs: support swap file w/ DIO
CVE-2019-19816: (unk) btrfs: inode: Verify inode mode to avoid NULL pointer dereference
CVE-2019-19922: (unk) sched/fair: Fix low cpu usage with high throttling by removing expiration of cpu-local slices
CVE-2019-19927: (unk) drm/ttm: fix incrementing the page pointer for huge pages
CVE-2019-19965: (unk) scsi: libsas: stop discovering if oob mode is disconnected
CVE-2019-19966: (unk) media: cpia2: Fix use-after-free in cpia2_exit
CVE-2019-1999: (unk) binder: fix race between munmap() and direct reclaim
CVE-2019-20054: (unk) fs/proc/proc_sysctl.c: fix NULL pointer dereference in put_links
CVE-2019-20096: (unk) dccp: Fix memleak in __feat_register_sp
CVE-2019-2024: (unk) media: em28xx: Fix use-after-free when disconnecting
CVE-2019-2025: (unk) binder: fix race that allows malicious free of live buffer
CVE-2019-2054: (unk) arm/ptrace: run seccomp after ptrace
CVE-2019-20636: (unk) Input: add safety guards to input_set_keycode()
CVE-2019-20794: (unk)
CVE-2019-20806: (unk) media: tw5864: Fix possible NULL pointer dereference in tw5864_handle_frame
CVE-2019-20810: (unk) media: go7007: fix a miss of snd_card_free
CVE-2019-20811: (unk) net-sysfs: call dev_hold if kobject_init_and_add success
CVE-2019-20812: (unk) af_packet: set defaule value for tmo
CVE-2019-20908: (unk) efi: Restrict efivar_ssdt_load when the kernel is locked down
CVE-2019-20934: (unk) sched/fair: Don't free p->numa_faults with concurrent readers
CVE-2019-2101: (unk) media: uvcvideo: Fix 'type' check leading to overflow
CVE-2019-2181: (unk) binder: check for overflow when alloc for security context
CVE-2019-2213: (unk) binder: fix possible UAF when freeing buffer
CVE-2019-2215: (unk) ANDROID: binder: remove waitqueue when thread exits.
CVE-2019-3459: (unk) Bluetooth: Verify that l2cap_get_conf_opt provides large enough buffer
CVE-2019-3460: (unk) Bluetooth: Check L2CAP option sizes returned from l2cap_get_conf_opt
CVE-2019-3701: (unk) can: gw: ensure DLC boundaries after CAN frame modification
CVE-2019-3846: (unk) mwifiex: Fix possible buffer overflows at parsing bss descriptor
CVE-2019-3874: (unk) sctp: implement memory accounting on tx path
CVE-2019-3882: (unk) vfio/type1: Limit DMA mappings per container
CVE-2019-3892: (unk) coredump: fix race condition between mmget_not_zero()/get_task_mm() and core dumping
CVE-2019-3900: (unk) vhost_net: fix possible infinite loop
CVE-2019-3901: (unk) perf/core: Fix perf_event_open() vs. execve() race
CVE-2019-5108: (unk) mac80211: Do not send Layer 2 Update frame before authorization
CVE-2019-5489: (unk) Change mincore() to count "mapped" pages rather than "cached" pages
CVE-2019-6133: (unk) fork: record start_time late
CVE-2019-6974: (unk) kvm: fix kvm_ioctl_create_device() reference counting (CVE-2019-6974)
CVE-2019-7221: (unk) KVM: nVMX: unconditionally cancel preemption timer in free_nested (CVE-2019-7221)
CVE-2019-7222: (unk) KVM: x86: work around leak of uninitialized stack contents (CVE-2019-7222)
CVE-2019-7308: (unk) bpf: fix sanitation of alu op with pointer / scalar type from different paths
CVE-2019-9213: (unk) mm: enforce min addr even if capable() in expand_downwards()
CVE-2019-9445: (unk) f2fs: check if file namelen exceeds max value
CVE-2019-9453: (unk) f2fs: fix to avoid accessing xattr across the boundary
CVE-2019-9454: (unk) i2c: core-smbus: prevent stack corruption on read I2C_BLOCK_DATA
CVE-2019-9458: (unk) media: v4l: event: Prevent freeing event subscriptions while accessed
CVE-2019-9466: (unk) brcmfmac: add subtype check for event handling in data path
CVE-2019-9503: (unk) brcmfmac: add subtype check for event handling in data path
CVE-2019-9506: (unk) Bluetooth: Fix faulty expression for minimum encryption key size check
CVE-2020-0009: (unk) staging: android: ashmem: Disallow ashmem memory from being remapped
CVE-2020-0030: (unk) ANDROID: binder: synchronize_rcu() when using POLLFREE.
CVE-2020-0067: (unk) f2fs: fix to avoid memory leakage in f2fs_listxattr
CVE-2020-0255: (unk) selinux: properly handle multiple messages in selinux_netlink_send()
CVE-2020-0305: (unk) chardev: Avoid potential use-after-free in 'chrdev_open()'
CVE-2020-0347: (unk)
CVE-2020-0404: (unk) media: uvcvideo: Avoid cyclic entity chains due to malformed USB descriptors
CVE-2020-0427: (unk) pinctrl: devicetree: Avoid taking direct reference to device name string
CVE-2020-0429: (unk) l2tp: fix race between l2tp_session_delete() and l2tp_tunnel_closeall()
CVE-2020-0431: (unk) HID: hid-input: clear unmapped usages
CVE-2020-0432: (unk) staging: most: net: fix buffer overflow
CVE-2020-0433: (unk) blk-mq: sync the update nr_hw_queues with blk_mq_queue_tag_busy_iter
CVE-2020-0435: (unk) f2fs: fix to do sanity check with i_extra_isize
CVE-2020-0444: (unk) audit: fix error handling in audit_data_to_entry()
CVE-2020-0465: (unk) HID: core: Sanitize event code and type when mapping input
CVE-2020-0466: (unk) do_epoll_ctl(): clean the failure exits up a bit
CVE-2020-0543: (unk) x86/cpu: Add 'table' argument to cpu_matches()
CVE-2020-10135: (unk) Bluetooth: Consolidate encryption handling in hci_encrypt_cfm
CVE-2020-10690: (unk) ptp: fix the race between the release of ptp_clock and cdev
CVE-2020-10708: (unk)
CVE-2020-10711: (unk) netlabel: cope with NULL catmap
CVE-2020-10720: (unk) net-gro: fix use-after-free read in napi_gro_frags()
CVE-2020-10732: (unk) fs/binfmt_elf.c: allocate initialized memory in fill_thread_core_info()
CVE-2020-10751: (unk) selinux: properly handle multiple messages in selinux_netlink_send()
CVE-2020-10766: (unk) x86/speculation: Prevent rogue cross-process SSBD shutdown
CVE-2020-10767: (unk) x86/speculation: Avoid force-disabling IBPB based on STIBP and enhanced IBRS.
CVE-2020-10768: (unk) x86/speculation: PR_SPEC_FORCE_DISABLE enforcement for indirect branches.
CVE-2020-10769: (unk) crypto: authenc - fix parsing key with misaligned rta_len
CVE-2020-10773: (unk) s390/cmm: fix information leak in cmm_timeout_handler()
CVE-2020-10942: (unk) vhost: Check docket sk_family instead of call getname
CVE-2020-11494: (unk) slcan: Don't transmit uninitialized stack data in padding
CVE-2020-11565: (unk) mm: mempolicy: require at least one nodeid for MPOL_PREFERRED
CVE-2020-11608: (unk) media: ov519: add missing endpoint sanity checks
CVE-2020-11609: (unk) media: stv06xx: add missing descriptor sanity checks
CVE-2020-11668: (unk) media: xirlink_cit: add missing descriptor sanity checks
CVE-2020-11669: (unk) powerpc/powernv/idle: Restore AMR/UAMOR/AMOR after idle
CVE-2020-11725: (unk)
CVE-2020-12114: (unk) make struct mountpoint bear the dentry reference to mountpoint, not struct mount
CVE-2020-12352: (unk) Bluetooth: A2MP: Fix not initializing all members
CVE-2020-12362: (unk) drm/i915/guc: Update to use firmware v49.0.1
CVE-2020-12363: (unk) drm/i915/guc: Update to use firmware v49.0.1
CVE-2020-12364: (unk) drm/i915/guc: Update to use firmware v49.0.1
CVE-2020-12464: (unk) USB: core: Fix free-while-in-use bug in the USB S-Glibrary
CVE-2020-12652: (unk) scsi: mptfusion: Fix double fetch bug in ioctl
CVE-2020-12653: (unk) mwifiex: Fix possible buffer overflows in mwifiex_cmd_append_vsie_tlv()
CVE-2020-12654: (unk) mwifiex: Fix possible buffer overflows in mwifiex_ret_wmm_get_status()
CVE-2020-12655: (unk) xfs: add agf freeblocks verify in xfs_agf_verify
CVE-2020-12656: (unk) sunrpc: check that domain table is empty at module unload.
CVE-2020-12769: (unk) spi: spi-dw: Add lock protect dw_spi rx/tx to prevent concurrent calls
CVE-2020-12770: (unk) scsi: sg: add sg_remove_request in sg_write
CVE-2020-12771: (unk) bcache: fix potential deadlock problem in btree_gc_coalesce
CVE-2020-12826: (unk) signal: Extend exec_id to 64bits
CVE-2020-12888: (unk) vfio-pci: Invalidate mmaps and block MMIO access on disabled memory
CVE-2020-13143: (unk) USB: gadget: fix illegal array access in binding with UDC
CVE-2020-13974: (unk) vt: keyboard: avoid signed integer overflow in k_ascii
CVE-2020-14304: (unk)
CVE-2020-14305: (unk) netfilter: helpers: remove data_len usage for inkernel helpers
CVE-2020-14314: (unk) ext4: fix potential negative array index in do_split()
CVE-2020-14331: (unk) vgacon: Fix for missing check in scrollback handling
CVE-2020-14351: (unk) perf/core: Fix race in the perf_mmap_close() function
CVE-2020-14381: (unk) futex: Fix inode life-time issue
CVE-2020-14390: (unk) fbcon: remove soft scrollback code
CVE-2020-14416: (unk) can, slip: Protect tty->disc_data in write_wakeup and close with RCU
CVE-2020-15393: (unk) usb: usbtest: fix missing kfree(dev->buf) in usbtest_disconnect
CVE-2020-15436: (unk) block: Fix use-after-free in blkdev_get()
CVE-2020-15437: (unk) serial: 8250: fix null-ptr-deref in serial8250_start_tx()
CVE-2020-15802: (unk)
CVE-2020-16120: (unk) ovl: switch to mounter creds in readdir
CVE-2020-16166: (unk) random32: update the net random state on interrupt and activity
CVE-2020-1749: (unk) net: ipv6_stub: use ip6_dst_lookup_flow instead of ip6_dst_lookup
CVE-2020-24502: (unk)
CVE-2020-24503: (unk)
CVE-2020-24586: (unk) mac80211: prevent mixed key and fragment cache attacks
CVE-2020-24587: (unk) mac80211: prevent mixed key and fragment cache attacks
CVE-2020-24588: (unk) cfg80211: mitigate A-MSDU aggregation attacks
CVE-2020-25211: (unk) netfilter: ctnetlink: add a range check for l3/l4 protonum
CVE-2020-25212: (unk) nfs: Fix getxattr kernel panic and memory overflow
CVE-2020-25284: (unk) rbd: require global CAP_SYS_ADMIN for mapping and unmapping
CVE-2020-25285: (unk) mm/hugetlb: fix a race between hugetlb sysctl handlers
CVE-2020-25643: (unk) hdlc_ppp: add range checks in ppp_cp_parse_cr()
CVE-2020-25656: (unk) vt: keyboard, extend func_buf_lock to readers
CVE-2020-25668: (unk) tty: make FONTX ioctl use the tty pointer they were actually passed
CVE-2020-25669: (unk) Input: sunkbd - avoid use-after-free in teardown paths
CVE-2020-25670: (unk) nfc: fix refcount leak in llcp_sock_bind()
CVE-2020-25671: (unk) nfc: fix refcount leak in llcp_sock_connect()
CVE-2020-25672: (unk) nfc: fix memory leak in llcp_sock_connect()
CVE-2020-25673: (unk) nfc: Avoid endless loops caused by repeated llcp_sock_connect()
CVE-2020-25705: (unk) icmp: randomize the global rate limiter
CVE-2020-26088: (unk) net/nfc/rawsock.c: add CAP_NET_RAW check.
CVE-2020-26139: (unk) mac80211: do not accept/forward invalid EAPOL frames
CVE-2020-26140: (unk)
CVE-2020-26141: (unk) ath10k: Fix TKIP Michael MIC verification for PCIe
CVE-2020-26142: (unk)
CVE-2020-26143: (unk)
CVE-2020-26145: (unk) ath10k: drop fragments with multicast DA for PCIe
CVE-2020-26147: (unk) mac80211: assure all fragments are encrypted
CVE-2020-26541: (unk) certs: Add EFI_CERT_X509_GUID support for dbx entries
CVE-2020-26555: (unk) Bluetooth: SMP: Fail if remote and local public keys are identical
CVE-2020-26556: (unk)
CVE-2020-26557: (unk)
CVE-2020-26558: (unk) Bluetooth: SMP: Fail if remote and local public keys are identical
CVE-2020-26559: (unk)
CVE-2020-26560: (unk)
CVE-2020-27066: (unk) xfrm: policy: Fix doulbe free in xfrm_policy_timer
CVE-2020-27067: (unk) l2tp: fix l2tp_eth module loading
CVE-2020-27068: (unk) cfg80211: add missing policy for NL80211_ATTR_STATUS_CODE
CVE-2020-2732: (unk) KVM: nVMX: Don't emulate instructions in guest mode
CVE-2020-27673: (unk) xen/events: add a proper barrier to 2-level uevent unmasking
CVE-2020-27675: (unk) xen/events: avoid removing an event channel while handling it
CVE-2020-27777: (unk) powerpc/rtas: Restrict RTAS requests from userspace
CVE-2020-27784: (unk) usb: gadget: function: printer: fix use-after-free in __lock_acquire
CVE-2020-27786: (unk) ALSA: rawmidi: Fix racy buffer resize under concurrent accesses
CVE-2020-27815: (unk) jfs: Fix array index bounds check in dbAdjTree
CVE-2020-27820: (unk) drm/nouveau: use drm_dev_unplug() during device removal
CVE-2020-27825: (unk) tracing: Fix race in trace_open and buffer resize call
CVE-2020-28097: (unk) vgacon: remove software scrollback support
CVE-2020-28374: (unk) scsi: target: Fix XCOPY NAA identifier lookup
CVE-2020-28915: (unk) fbcon: Fix global-out-of-bounds read in fbcon_get_font()
CVE-2020-28974: (unk) vt: Disable KD_FONT_OP_COPY
CVE-2020-29371: (unk) romfs: fix uninitialized memory leak in romfs_dev_read()
CVE-2020-29374: (unk) gup: document and work around "COW can break either way" issue
CVE-2020-29568: (unk) xen/xenbus: Allow watches discard events before queueing
CVE-2020-29660: (unk) tty: Fix ->session locking
CVE-2020-29661: (unk) tty: Fix ->pgrp locking in tiocspgrp()
CVE-2020-35501: (unk)
CVE-2020-35508: (unk) fork: fix copy_process(CLONE_PARENT) race with the exiting ->real_parent
CVE-2020-35519: (unk) net/x25: prevent a couple of overflows
CVE-2020-36158: (unk) mwifiex: Fix possible buffer overflows in mwifiex_cmd_802_11_ad_hoc_start
CVE-2020-36310: (unk) KVM: SVM: avoid infinite loop on NPF from bad address
CVE-2020-36313: (unk) KVM: Fix out of range accesses to memslots
CVE-2020-36322: (unk) fuse: fix bad inode
CVE-2020-36385: (unk) RDMA/ucma: Rework ucma_migrate_id() to avoid races with destroy
CVE-2020-36386: (unk) Bluetooth: Fix slab-out-of-bounds read in hci_extended_inquiry_result_evt()
CVE-2020-36516: (unk) ipv4: avoid using shared IP generator for connected sockets
CVE-2020-36557: (unk) vt: vt_ioctl: fix VT_DISALLOCATE freeing in-use virtual console
CVE-2020-36558: (unk) vt: vt_ioctl: fix race in VT_RESIZEX
CVE-2020-36691: (unk) netlink: limit recursion depth in policy validation
CVE-2020-3702: (unk) ath: Use safer key clearing with key cache entries
CVE-2020-4788: (unk) powerpc/64s: flush L1D on kernel entry
CVE-2020-8647: (unk) vgacon: Fix a UAF in vgacon_invert_region
CVE-2020-8648: (unk) vt: selection, close sel_buffer race
CVE-2020-8649: (unk) vgacon: Fix a UAF in vgacon_invert_region
CVE-2020-8694: (unk) powercap: restrict energy meter to root access
CVE-2020-8832: (unk) drm/i915: Record the default hw state after reset upon load
CVE-2020-9383: (unk) floppy: check FDC index for errors before assigning it
CVE-2021-0129: (unk) Bluetooth: SMP: Fail if remote and local public keys are identical
CVE-2021-0399: (unk)
CVE-2021-0447: (unk) l2tp: protect sock pointer of struct pppol2tp_session with RCU
CVE-2021-0448: (unk) netfilter: ctnetlink: add a range check for l3/l4 protonum
CVE-2021-0512: (unk) HID: make arrays usage and value to be the same
CVE-2021-0605: (unk) af_key: pfkey_dump needs parameter validation
CVE-2021-0920: (unk) af_unix: fix garbage collect vs MSG_PEEK
CVE-2021-0929: (unk) staging/android/ion: delete dma_buf->kmap/unmap implemenation
CVE-2021-0937: (unk) netfilter: x_tables: fix compat match/target pad out-of-bound write
CVE-2021-0941: (unk) bpf: Remove MTU check in __bpf_skb_max_len
CVE-2021-1048: (unk) fix regression in "epoll: Keep a reference on files added to the check list"
CVE-2021-20261: (unk) floppy: fix lock_fdc() signal handling
CVE-2021-20292: (unk) drm/ttm/nouveau: don't call tt destroy callback on alloc failure.
CVE-2021-20317: (unk) lib/timerqueue: Rely on rbtree semantics for next timer
CVE-2021-20320: (unk) s390/bpf: Fix optimizing out zero-extensions
CVE-2021-20321: (unk) ovl: fix missing negative dentry check in ovl_rename()
CVE-2021-21781: (unk) ARM: ensure the signal page contains defined contents
CVE-2021-22543: (unk) KVM: do not allow mapping valid but non-reference-counted pages
CVE-2021-22555: (unk) netfilter: x_tables: fix compat match/target pad out-of-bound write
CVE-2021-26401: (unk) x86/speculation: Use generic retpoline by default on AMD
CVE-2021-26930: (unk) xen-blkback: fix error handling in xen_blkbk_map()
CVE-2021-26931: (unk) xen-blkback: don't "handle" error by BUG()
CVE-2021-26932: (unk) Xen/x86: don't bail early from clear_foreign_p2m_mapping()
CVE-2021-27363: (unk) scsi: iscsi: Restrict sessions and handles to admin capabilities
CVE-2021-27364: (unk) scsi: iscsi: Restrict sessions and handles to admin capabilities
CVE-2021-27365: (unk) scsi: iscsi: Ensure sysfs attributes are limited to PAGE_SIZE
CVE-2021-28038: (unk) Xen/gnttab: handle p2m update errors on a per-slot basis
CVE-2021-28660: (unk) staging: rtl8188eu: prevent ->ssid overflow in rtw_wx_set_scan()
CVE-2021-28688: (unk) xen-blkback: don't leak persistent grants from xen_blkbk_map()
CVE-2021-28711: (unk) xen/blkfront: harden blkfront against event channel storms
CVE-2021-28712: (unk) xen/netfront: harden netfront against event channel storms
CVE-2021-28713: (unk) xen/console: harden hvc_xen against event channel storms
CVE-2021-28715: (unk) xen/netback: don't queue unlimited number of packages
CVE-2021-28964: (unk) btrfs: fix race when cloning extent buffer during rewind of an old root
CVE-2021-28972: (unk) PCI: rpadlpar: Fix potential drc_name corruption in store functions
CVE-2021-29154: (unk) bpf, x86: Validate computation of branch displacements for x86-64
CVE-2021-29155: (unk) bpf: Use correct permission flag for mixed signed bounds arithmetic
CVE-2021-29265: (unk) usbip: fix stub_dev usbip_sockfd_store() races leading to gpf
CVE-2021-29650: (unk) netfilter: x_tables: Use correct memory barriers.
CVE-2021-30002: (unk) media: v4l: ioctl: Fix memory leak in video_usercopy
CVE-2021-3178: (unk) nfsd4: readdirplus shouldn't return parent of export
CVE-2021-31916: (unk) dm ioctl: fix out of bounds array access when no devices
CVE-2021-32078: (unk) ARM: footbridge: remove personal server platform
CVE-2021-32399: (unk) bluetooth: eliminate the potential race condition when removing the HCI controller
CVE-2021-33034: (unk) Bluetooth: verify AMP hci_chan before amp_destroy
CVE-2021-33061: (unk) ixgbe: add improvement for MDD response functionality
CVE-2021-33098: (unk) ixgbe: fix large MTU request from VF
CVE-2021-33655: (unk) fbcon: Disallow setting font bigger than screen size
CVE-2021-33656: (unk) vt: drop old FONT ioctls
CVE-2021-33909: (unk) seq_file: disallow extremely large seq buffer allocations
CVE-2021-34556: (unk) bpf: Introduce BPF nospec instruction for mitigating Spectre v4
CVE-2021-34693: (unk) can: bcm: fix infoleak in struct bcm_msg_head
CVE-2021-3483: (unk) firewire: nosy: Fix a use-after-free bug in nosy_ioctl()
CVE-2021-34981: (unk) Bluetooth: cmtp: fix file refcount when cmtp_attach_device fails
CVE-2021-3506: (unk) f2fs: fix to avoid out-of-bounds memory access
CVE-2021-3542: (unk)
CVE-2021-35477: (unk) bpf: Introduce BPF nospec instruction for mitigating Spectre v4
CVE-2021-3564: (unk) Bluetooth: fix the erroneous flush_work() order
CVE-2021-3573: (unk) Bluetooth: use correct lock to prevent UAF of hdev object
CVE-2021-3587: (unk) nfc: fix NULL ptr dereference in llcp_sock_getname() after failed connect
CVE-2021-3609: (unk) can: bcm: delay release of struct bcm_op after synchronize_rcu()
CVE-2021-3612: (unk) Input: joydev - prevent potential read overflow in ioctl
CVE-2021-3640: (unk) Bluetooth: sco: Fix lock_sock() blockage by memcpy_from_msg()
CVE-2021-3653: (unk) KVM: nSVM: avoid picking up unsupported bits from L2 in int_ctl (CVE-2021-3653)
CVE-2021-3655: (unk) sctp: validate from_addr_param return
CVE-2021-3659: (unk) net: mac802154: Fix general protection fault
CVE-2021-3669: (unk) ipc: replace costly bailout check in sysvipc_find_ipc()
CVE-2021-3679: (unk) tracing: Fix bug in rb_per_cpu_empty() that might cause deadloop.
CVE-2021-3714: (unk)
CVE-2021-3715: (unk) net_sched: cls_route: remove the right filter from hashtable
CVE-2021-37159: (unk) usb: hso: fix error handling code of hso_create_net_device
CVE-2021-3732: (unk) ovl: prevent private clone if bind mount is not allowed
CVE-2021-3752: (unk) Bluetooth: fix use-after-free error in lock_sock_nested()
CVE-2021-3753: (unk) vt_kdsetmode: extend console locking
CVE-2021-37576: (unk) KVM: PPC: Book3S: Fix H_RTAS rets buffer overflow
CVE-2021-3760: (unk) nfc: nci: fix the UAF of rf_conn_info object
CVE-2021-3772: (unk) sctp: use init_tag from inithdr for ABORT chunk
CVE-2021-38160: (unk) virtio_console: Assure used length from device is limited
CVE-2021-38198: (unk) KVM: X86: MMU: Use the correct inherited permissions to get shadow page
CVE-2021-38204: (unk) usb: max-3421: Prevent corruption of freed memory
CVE-2021-38205: (unk) net: xilinx_emaclite: Do not print real IOMEM pointer
CVE-2021-38208: (unk) nfc: fix NULL ptr dereference in llcp_sock_getname() after failed connect
CVE-2021-38300: (unk) bpf, mips: Validate conditional branch offsets
CVE-2021-3847: (unk)
CVE-2021-3864: (unk)
CVE-2021-3892: (unk)
CVE-2021-3896: (unk) isdn: cpai: check ctr->cnr to avoid array index out of bound
CVE-2021-39633: (unk) ip_gre: add validation for csum_start
CVE-2021-39634: (unk) epoll: do not insert into poll queues until all sanity checks are done
CVE-2021-39636: (unk) netfilter: x_tables: fix pointer leaks to userspace
CVE-2021-39648: (unk) usb: gadget: configfs: Fix use-after-free issue with udc_name
CVE-2021-39657: (unk) scsi: ufs: Correct the LUN used in eh_device_reset_handler() callback
CVE-2021-39685: (unk) USB: gadget: detect too-big endpoint 0 requests
CVE-2021-39686: (unk) binder: use euid from cred instead of using task
CVE-2021-39698: (unk) wait: add wake_up_pollfree()
CVE-2021-39714: (unk) staging: android: ion: Drop ion_map_kernel interface
CVE-2021-39800: (unk)
CVE-2021-39801: (unk)
CVE-2021-4002: (unk) hugetlbfs: flush TLBs correctly after huge_pmd_unshare
CVE-2021-4023: (unk) io-wq: fix cancellation on create-worker failure
CVE-2021-4037: (unk) xfs: fix up non-directory creation in SGID directories
CVE-2021-40490: (unk) ext4: fix race writing to an inline_data file while its xattrs are changing
CVE-2021-4083: (unk) fget: check that the fd still exists after getting a ref to it
CVE-2021-4149: (unk) btrfs: unlock newly allocated extent buffer after error
CVE-2021-4150: (unk) block: fix incorrect references to disk objects
CVE-2021-4155: (unk) xfs: map unwritten blocks in XFS_IOC_{ALLOC,FREE}SP just like fallocate
CVE-2021-4157: (unk) pNFS/flexfiles: fix incorrect size check in decode_nfs_fh()
CVE-2021-4159: (unk) bpf: Verifer, adjust_scalar_min_max_vals to always call update_reg_bounds()
CVE-2021-42008: (unk) net: 6pack: fix slab-out-of-bounds in decode_data
CVE-2021-4202: (unk) NFC: reorganize the functions in nci_request
CVE-2021-4203: (unk) af_unix: fix races in sk_peer_pid and sk_peer_cred accesses
CVE-2021-4218: (unk) sysctl: pass kernel pointers to ->proc_handler
CVE-2021-42739: (unk) media: firewire: firedtv-avc: fix a buffer overflow in avc_ca_pmt()
CVE-2021-43389: (unk) isdn: cpai: check ctr->cnr to avoid array index out of bound
CVE-2021-43975: (unk) atlantic: Fix OOB read and write in hw_atl_utils_fw_rpc_wait
CVE-2021-43976: (unk) mwifiex: Fix skb_over_panic in mwifiex_usb_recv()
CVE-2021-44879: (unk) f2fs: fix to do sanity check on inode type during garbage collection
CVE-2021-45095: (unk) phonet: refcount leak in pep_sock_accep
CVE-2021-45469: (unk) f2fs: fix to do sanity check on last xattr entry in __f2fs_setxattr()
CVE-2021-45485: (unk) ipv6: use prandom_u32() for ID generation
CVE-2021-45486: (unk) inet: use bigger hash table for IP ID generation
CVE-2021-45868: (unk) quota: check block number when reading the block in quota file
CVE-2022-0001: (unk) x86/speculation: Rename RETPOLINE_AMD to RETPOLINE_LFENCE
CVE-2022-0002: (unk) x86/speculation: Rename RETPOLINE_AMD to RETPOLINE_LFENCE
CVE-2022-0168: (unk) cifs: fix NULL ptr dereference in smb2_ioctl_query_info()
CVE-2022-0330: (unk) drm/i915: Flush TLBs before releasing backing store
CVE-2022-0382: (unk) net ticp:fix a kernel-infoleak in __tipc_sendmsg()
CVE-2022-0400: (unk)
CVE-2022-0480: (unk) memcg: enable accounting for file lock caches
CVE-2022-0487: (unk) moxart: fix potential use-after-free on remove path
CVE-2022-0492: (unk) cgroup-v1: Require capabilities to set release_agent
CVE-2022-0494: (unk) block-map: add __GFP_ZERO flag for alloc_page in function bio_copy_kern
CVE-2022-0850: (unk) ext4: fix kernel infoleak via ext4_extent_header
CVE-2022-1011: (unk) fuse: fix pipe buffer lifetime for direct_io
CVE-2022-1012: (unk) secure_seq: use the 64 bits of the siphash for port offset calculation
CVE-2022-1016: (unk) netfilter: nf_tables: initialize registers in nft_do_chain()
CVE-2022-1048: (unk) ALSA: pcm: Fix races among concurrent hw_params and hw_free calls
CVE-2022-1116: (unk)
CVE-2022-1184: (unk) ext4: verify dir block before splitting it
CVE-2022-1195: (unk) hamradio: improve the incomplete fix to avoid NPD
CVE-2022-1198: (unk) drivers: hamradio: 6pack: fix UAF bug caused by mod_timer()
CVE-2022-1199: (unk) ax25: Fix NULL pointer dereference in ax25_kill_by_device
CVE-2022-1204: (unk) ax25: Fix refcount leaks caused by ax25_cb_del()
CVE-2022-1247: (unk)
CVE-2022-1263: (unk) KVM: avoid NULL pointer dereference in kvm_dirty_ring_push
CVE-2022-1280: (unk) drm: avoid circular locks in drm_mode_getconnector
CVE-2022-1353: (unk) af_key: add __GFP_ZERO flag for compose_sadb_supported in function pfkey_register
CVE-2022-1419: (unk) drm/vgem: Close use-after-free race in vgem_gem_create
CVE-2022-1462: (unk) tty: use new tty_insert_flip_string_and_push_buffer() in pty_write()
CVE-2022-1508: (unk) io_uring: reexpand under-reexpanded iters
CVE-2022-1652: (unk) floppy: use a statically allocated error counter
CVE-2022-1679: (unk) ath9k: fix use-after-free in ath9k_hif_usb_rx_cb
CVE-2022-1729: (unk) perf: Fix sys_perf_event_open() race against self
CVE-2022-1786: (unk) io_uring: remove io_identity
CVE-2022-1836: (unk) floppy: disable FDRAWCMD by default
CVE-2022-1966: (unk) netfilter: nf_tables: disallow non-stateful expression in sets earlier
CVE-2022-1974: (unk) nfc: replace improper check device_is_registered() in netlink related functions
CVE-2022-1975: (unk) NFC: netlink: fix sleep in atomic bug when firmware download timeout
CVE-2022-20132: (unk) HID: add hid_is_usb() function to make it simpler for USB detection
CVE-2022-20141: (unk) igmp: Add ip_mc_list lock in ip_check_mc_rcu
CVE-2022-20148: (unk) f2fs: fix UAF in f2fs_available_free_memory
CVE-2022-20158: (unk) net/packet: fix slab-out-of-bounds access in packet_recvmsg()
CVE-2022-20166: (unk) drivers core: Use sysfs_emit and sysfs_emit_at for show(device *...) functions
CVE-2022-20368: (unk) net/packet: fix slab-out-of-bounds access in packet_recvmsg()
CVE-2022-20369: (unk) media: v4l2-mem2mem: Apply DST_QUEUE_OFF_BASE on MMAP buffers across ioctls
CVE-2022-20422: (unk) arm64: fix oops in concurrently setting insn_emulation sysctls
CVE-2022-20424: (unk) io_uring: remove io_identity
CVE-2022-20565: (unk) HID: core: Correctly handle ReportSize being zero
CVE-2022-20566: (unk) Bluetooth: L2CAP: Fix use-after-free caused by l2cap_chan_put
CVE-2022-20572: (unk) dm verity: set DM_TARGET_IMMUTABLE feature flag
CVE-2022-21123: (unk) x86/speculation/mmio: Add mitigation for Processor MMIO Stale Data
CVE-2022-21125: (unk) x86/speculation/mmio: Reuse SRBDS mitigation for SBDS
CVE-2022-21166: (unk) x86/speculation/mmio: Enable CPU Fill buffer clearing on idle
CVE-2022-21385: (unk) net/rds: fix warn in rds_message_alloc_sgs
CVE-2022-21499: (unk) lockdown: also lock down previous kgdb use
CVE-2022-2153: (unk) KVM: x86: Avoid theoretical NULL pointer dereference in kvm_irq_delivery_to_apic_fast()
CVE-2022-2209: (unk)
CVE-2022-23036: (unk) xen/grant-table: add gnttab_try_end_foreign_access()
CVE-2022-23037: (unk) xen/netfront: don't use gnttab_query_foreign_access() for mapped status
CVE-2022-23038: (unk) xen/grant-table: add gnttab_try_end_foreign_access()
CVE-2022-23039: (unk) xen/gntalloc: don't use gnttab_query_foreign_access()
CVE-2022-23040: (unk) xen/xenbus: don't let xenbus_grant_ring() remove grants in error case
CVE-2022-23042: (unk) xen/netfront: react properly to failing gnttab_end_foreign_access_ref()
CVE-2022-2318: (unk) net: rose: fix UAF bugs caused by timer handler
CVE-2022-23222: (unk) bpf: Replace PTR_TO_XXX_OR_NULL with PTR_TO_XXX | PTR_MAYBE_NULL
CVE-2022-2327: (unk) io_uring: remove any grabbing of context
CVE-2022-2380: (unk) video: fbdev: sm712fb: Fix crash in smtcfb_read()
CVE-2022-23816: (unk) x86/kvm/vmx: Make noinstr clean
CVE-2022-23825: (unk)
CVE-2022-23960: (unk) ARM: report Spectre v2 status through sysfs
CVE-2022-24448: (unk) NFSv4: Handle case where the lookup of a directory fails
CVE-2022-24958: (unk) usb: gadget: don't release an existing dev->buf
CVE-2022-2503: (unk) dm verity: set DM_TARGET_IMMUTABLE feature flag
CVE-2022-25258: (unk) USB: gadget: validate interface OS descriptor requests
CVE-2022-25265: (unk)
CVE-2022-25375: (unk) usb: gadget: rndis: check size of RNDIS_MSG_SET command
CVE-2022-2586: (unk) netfilter: nf_tables: do not allow SET_ID to refer to another table
CVE-2022-2588: (unk) net_sched: cls_route: remove from list when handle is 0
CVE-2022-26365: (unk) xen/blkfront: fix leaking data in shared pages
CVE-2022-26373: (unk) x86/speculation: Add RSB VM Exit protections
CVE-2022-26490: (unk) nfc: st21nfca: Fix potential buffer overflows in EVT_TRANSACTION
CVE-2022-2663: (unk) netfilter: nf_conntrack_irc: Fix forged IP logic
CVE-2022-26966: (unk) sr9700: sanity check for packet length
CVE-2022-27223: (unk) USB: gadget: validate endpoint index for xilinx udc
CVE-2022-27672: (unk) x86/speculation: Identify processors vulnerable to SMT RSB predictions
CVE-2022-28356: (unk) llc: fix netdevice reference leaks in llc_ui_bind()
CVE-2022-28388: (unk) can: usb_8dev: usb_8dev_start_xmit(): fix double dev_kfree_skb() in error path
CVE-2022-28390: (unk) can: ems_usb: ems_usb_start_xmit(): fix double dev_kfree_skb() in error path
CVE-2022-2961: (unk)
CVE-2022-2964: (unk) net: usb: ax88179_178a: Fix out-of-bounds accesses in RX fixup
CVE-2022-2978: (unk) fs: fix UAF/GPF bug in nilfs_mdt_destroy
CVE-2022-29900: (unk) x86/kvm/vmx: Make noinstr clean
CVE-2022-29901: (unk) x86/kvm/vmx: Make noinstr clean
CVE-2022-3028: (unk) af_key: Do not call xfrm_probe_algs in parallel
CVE-2022-3061: (unk) video: fbdev: i740fb: Error out if 'pixclock' equals zero
CVE-2022-3111: (unk) power: supply: wm8350-power: Add missing free in free_charger_irq
CVE-2022-3169: (unk) nvme: ensure subsystem reset is single threaded
CVE-2022-3202: (unk) jfs: prevent NULL deref in diFree
CVE-2022-32250: (unk) netfilter: nf_tables: disallow non-stateful expression in sets earlier
CVE-2022-32296: (unk) tcp: increase source port perturb table to 2^16
CVE-2022-3239: (unk) media: em28xx: initialize refcount before kref_get
CVE-2022-32981: (unk) powerpc/32: Fix overread/overwrite of thread_struct via ptrace
CVE-2022-3303: (unk) ALSA: pcm: oss: Fix race at SNDCTL_DSP_SYNC
CVE-2022-3344: (unk) KVM: x86: nSVM: harden svm_free_nested against freeing vmcb02 while still in use
CVE-2022-33740: (unk) xen/netfront: fix leaking data in shared pages
CVE-2022-33741: (unk) xen/netfront: force data bouncing when backend is untrusted
CVE-2022-33742: (unk) xen/blkfront: force data bouncing when backend is untrusted
CVE-2022-33744: (unk) xen/arm: Fix race in RB-tree based P2M accounting
CVE-2022-33981: (unk) floppy: disable FDRAWCMD by default
CVE-2022-3424: (unk) misc: sgi-gru: fix use-after-free error in gru_set_context_option, gru_fault and gru_handle_user_call_os
CVE-2022-34918: (unk) netfilter: nf_tables: stricter validation of element data
CVE-2022-3522: (unk) mm/hugetlb: use hugetlb_pte_stable in migration race check
CVE-2022-3523: (unk) mm/memory.c: fix race when faulting a device private page
CVE-2022-3524: (unk) tcp/udp: Fix memory leak in ipv6_renew_options().
CVE-2022-3534: (unk) libbpf: Fix use-after-free in btf_dump_name_dups
CVE-2022-3542: (unk) bnx2x: fix potential memory leak in bnx2x_tpa_stop()
CVE-2022-3545: (unk) nfp: fix use-after-free in area_cache_get()
CVE-2022-3564: (unk) Bluetooth: L2CAP: Fix use-after-free caused by l2cap_reassemble_sdu
CVE-2022-3565: (unk) mISDN: fix use-after-free bugs in l1oip timer handlers
CVE-2022-3566: (unk) tcp: Fix data races around icsk->icsk_af_ops.
CVE-2022-3567: (unk) ipv6: Fix data races around sk->sk_prot.
CVE-2022-3586: (unk) sch_sfb: Don't assume the skb is still around after enqueueing to child
CVE-2022-3594: (unk) r8152: Rate limit overflow messages
CVE-2022-3595: (unk) cifs: fix double-fault crash during ntlmssp
CVE-2022-36123: (unk) x86: Clear .brk area at early boot
CVE-2022-3621: (unk) nilfs2: fix NULL pointer dereference at nilfs_bmap_lookup_at_level()
CVE-2022-3624: (unk) bonding: fix reference count leak in balance-alb mode
CVE-2022-3628: (unk) wifi: brcmfmac: Fix potential buffer overflow in brcmf_fweh_event_worker()
CVE-2022-36280: (unk) drm/vmwgfx: Validate the box size for the snooped cursor
CVE-2022-3629: (unk) vsock: Fix memory leak in vsock_connect()
CVE-2022-3635: (unk) atm: idt77252: fix use-after-free bugs caused by tst_timer
CVE-2022-3636: (unk) net: ethernet: mtk_eth_soc: use after free in __mtk_ppe_check_skb()
CVE-2022-36402: (unk)
CVE-2022-3642: (unk)
CVE-2022-3643: (unk) xen/netback: Ensure protocol headers don't fall in the non-linear area
CVE-2022-3646: (unk) nilfs2: fix leak of nilfs_root in case of writer thread creation failure
CVE-2022-3649: (unk) nilfs2: fix use-after-free bug of struct nilfs_root
CVE-2022-36879: (unk) xfrm: xfrm_policy: fix a possible double xfrm_pols_put() in xfrm_bundle_lookup()
CVE-2022-36946: (unk) netfilter: nf_queue: do not allow packet truncation below transport header offset
CVE-2022-38096: (unk)
CVE-2022-3903: (unk) media: mceusb: Use new usb_control_msg_*() routines
CVE-2022-39188: (unk) mmu_gather: Force tlb-flush VM_PFNMAP vmas
CVE-2022-39842: (unk) video: fbdev: pxa3xx-gcu: Fix integer overflow in pxa3xx_gcu_write
CVE-2022-40768: (unk) scsi: stex: Properly zero out the passthrough command structure
CVE-2022-4095: (unk) staging: rtl8712: fix use after free bugs
CVE-2022-41218: (unk) media: dvb-core: Fix UAF due to refcount races at releasing
CVE-2022-41222: (unk) mm/mremap: hold the rmap lock in write mode when moving page table entries.
CVE-2022-4129: (unk) l2tp: Serialize access to sk_user_data with sk_callback_lock
CVE-2022-41848: (unk)
CVE-2022-41849: (unk) fbdev: smscufx: Fix use-after-free in ufx_ops_open()
CVE-2022-41850: (unk) HID: roccat: Fix use-after-free in roccat_read()
CVE-2022-41858: (unk) drivers: net: slip: fix NPD bug in sl_tx_timeout()
CVE-2022-42703: (unk) mm/rmap: Fix anon_vma->degree ambiguity leading to double-reuse
CVE-2022-42895: (unk) Bluetooth: L2CAP: Fix attempting to access uninitialized memory
CVE-2022-42896: (unk) Bluetooth: L2CAP: Fix accepting connection request for invalid SPSM
CVE-2022-43750: (unk) usb: mon: make mmapped memory read only
CVE-2022-44032: (unk)
CVE-2022-44033: (unk)
CVE-2022-4543: (unk)
CVE-2022-45884: (unk)
CVE-2022-45885: (unk)
CVE-2022-45886: (unk)
CVE-2022-45887: (unk)
CVE-2022-45919: (unk)
CVE-2022-45934: (unk) Bluetooth: L2CAP: Fix u8 overflow
CVE-2022-4662: (unk) USB: core: Prevent nested device-reset calls
CVE-2022-4744: (unk) tun: avoid double free in tun_free_netdev
CVE-2022-48502: (unk) fs/ntfs3: Check fields while reading
CVE-2023-0030: (unk) drm/nouveau/mmu: add more general vmm free/node handling functions
CVE-2023-0047: (unk) mm, oom: do not trigger out_of_memory from the #PF
CVE-2023-0160: (unk)
CVE-2023-0266: (unk) ALSA: pcm: Move rwsem lock inside snd_ctl_elem_read to prevent UAF
CVE-2023-0386: (unk) ovl: fail on invalid uid/gid mapping at copy up
CVE-2023-0394: (unk) ipv6: raw: Deduct extension header length in rawv6_push_pending_frames
CVE-2023-0458: (unk) prlimit: do_prlimit needs to have a speculation check
CVE-2023-0459: (unk) uaccess: Add speculation barrier to copy_from_user()
CVE-2023-0590: (unk) net: sched: fix race condition in qdisc_graft()
CVE-2023-0597: (unk) x86/mm: Randomize per-cpu entry area
CVE-2023-0615: (unk) media: vivid: dev->bitmap_cap wasn't freed in all cases
CVE-2023-1073: (unk) HID: check empty report_list in hid_validate_values()
CVE-2023-1074: (unk) sctp: fail if no bound addresses can be used for a given scope
CVE-2023-1077: (unk) sched/rt: pick_next_rt_entity(): check list_entry
CVE-2023-1095: (unk) netfilter: nf_tables: fix null deref due to zeroed list head
CVE-2023-1118: (unk) media: rc: Fix use-after-free bugs caused by ene_tx_irqsim()
CVE-2023-1206: (unk)
CVE-2023-1249: (unk) coredump: Use the vma snapshot in fill_files_note
CVE-2023-1380: (unk) wifi: brcmfmac: slab-out-of-bounds read in brcmf_get_assoc_ies()
CVE-2023-1382: (unk) tipc: set con sock in tipc_conn_alloc
CVE-2023-1513: (unk) kvm: initialize all of the kvm_debugregs structure before sending it to userspace
CVE-2023-1611: (unk) btrfs: fix race between quota disable and quota assign ioctls
CVE-2023-1670: (unk) xirc2ps_cs: Fix use after free bug in xirc2ps_detach
CVE-2023-1829: (unk) net/sched: Retire tcindex classifier
CVE-2023-1838: (unk) Fix double fget() in vhost_net_set_backend()
CVE-2023-1989: (unk) Bluetooth: btsdio: fix use after free bug in btsdio_remove due to unfinished work
CVE-2023-1990: (unk) nfc: st-nci: Fix use after free bug in ndlc_remove due to race condition
CVE-2023-2007: (unk) scsi: dpt_i2o: Remove obsolete driver
CVE-2023-20941: (unk)
CVE-2023-2124: (unk) xfs: verify buffer contents when we skip log replay
CVE-2023-2162: (unk) scsi: iscsi_tcp: Fix UAF during login when accessing the shost ipaddress
CVE-2023-2163: (unk) bpf: Fix incorrect verifier pruning due to missing register precision taints
CVE-2023-2176: (unk) RDMA/core: Refactor rdma_bind_addr
CVE-2023-2248: (unk) net: sched: sch_qfq: prevent slab-out-of-bounds in qfq_activate_agg
CVE-2023-2269: (unk) dm ioctl: fix nested locking in table_clear() to remove deadlock concern
CVE-2023-22995: (unk) usb: dwc3: dwc3-qcom: Add missing platform_device_put() in dwc3_qcom_acpi_register_core
CVE-2023-23039: (unk)
CVE-2023-23454: (unk) net: sched: cbq: dont intepret cls results when asked to drop
CVE-2023-23455: (unk) net: sched: atm: dont intepret cls results when asked to drop
CVE-2023-23559: (unk) wifi: rndis_wlan: Prevent buffer overflow in rndis_query_oid
CVE-2023-2430: (unk) io_uring/msg_ring: fix missing lock on overflow for IOPOLL
CVE-2023-2513: (unk) ext4: fix use-after-free in ext4_xattr_set_entry
CVE-2023-26545: (unk) net: mpls: fix stale pointer if allocation fails during device rename
CVE-2023-26607: (unk) ntfs: fix out-of-bounds read in ntfs_attr_find()
CVE-2023-28328: (unk) media: dvb-usb: az6027: fix null-ptr-deref in az6027_i2c_xfer()
CVE-2023-2860: (unk) ipv6: sr: fix out-of-bounds read when setting HMAC data.
CVE-2023-28772: (unk) seq_buf: Fix overflow in seq_buf_putmem_hex()
CVE-2023-2898: (unk)
CVE-2023-2985: (unk) fs: hfsplus: fix UAF issue in hfsplus_put_super
CVE-2023-3006: (unk) arm64: Add AMPERE1 to the Spectre-BHB affected list
CVE-2023-3022: (unk) ipv6: Use result arg in fib_lookup_arg consistently
CVE-2023-30456: (unk) KVM: nVMX: add missing consistency checks for CR0 and CR4
CVE-2023-30772: (unk) power: supply: da9150: Fix use after free bug in da9150_charger_remove due to race condition
CVE-2023-3090: (unk) ipvlan:Fix out-of-bounds caused by unclear skb->cb
CVE-2023-31081: (unk)
CVE-2023-31082: (unk)
CVE-2023-31083: (unk)
CVE-2023-31084: (unk) media: dvb-core: Fix kernel WARNING for blocking operation in wait_event*()
CVE-2023-31085: (unk)
CVE-2023-3111: (unk) btrfs: unset reloc control if transaction commit fails in prepare_to_relocate()
CVE-2023-3141: (unk) memstick: r592: Fix UAF bug in r592_remove due to race condition
CVE-2023-31436: (unk) net: sched: sch_qfq: prevent slab-out-of-bounds in qfq_activate_agg
CVE-2023-3159: (unk) firewire: fix potential uaf in outbound_phy_packet_callback()
CVE-2023-3161: (unk) fbcon: Check font dimension limits
CVE-2023-3212: (unk) gfs2: Don't deref jdesc in evict
CVE-2023-32233: (unk) netfilter: nf_tables: deactivate anonymous set from preparation phase
CVE-2023-32250: (unk) ksmbd: fix racy issue from session setup and logoff
CVE-2023-32254: (unk) ksmbd: fix racy issue under cocurrent smb2 tree disconnect
CVE-2023-32269: (unk) netrom: Fix use-after-free caused by accept on already connected socket
CVE-2023-3268: (unk) relayfs: fix out-of-bounds access in relay_file_read
CVE-2023-33288: (unk) power: supply: bq24190: Fix use after free bug in bq24190_remove due to race condition
CVE-2023-3338: (unk) Remove DECnet support from kernel
CVE-2023-3355: (unk) drm/msm/gem: Add check for kmalloc
CVE-2023-3389: (unk) io_uring: mutex locked poll hashing
CVE-2023-3390: (unk) netfilter: nf_tables: incorrect error path handling with NFT_MSG_NEWRULE
CVE-2023-33951: (unk) drm/vmwgfx: Do not drop the reference to the handle too soon
CVE-2023-33952: (unk) drm/vmwgfx: Do not drop the reference to the handle too soon
CVE-2023-3397: (unk)
CVE-2023-34255: (unk) xfs: verify buffer contents when we skip log replay
CVE-2023-34256: (unk) ext4: avoid a potential slab-out-of-bounds in ext4_group_desc_csum
CVE-2023-3439: (unk) mctp: defer the kfree of object mdev->addrs
CVE-2023-35824: (unk) media: dm1105: Fix use after free bug in dm1105_remove due to race condition
CVE-2023-35827: (unk)