| |
| CVEs fixed in 5.18: |
| CVE-2022-1729: 3ac6487e584a1eb54071dbe1212e05b884136704 perf: Fix sys_perf_event_open() race against self |
| CVE-2022-1789: 9f46c187e2e680ecd9de7983e4d081c3391acc76 KVM: x86/mmu: fix NULL pointer dereference on guest INVPCID |
| CVE-2023-1838: fb4554c2232e44d595920f4d5c66cf8f7d13f9bc Fix double fget() in vhost_net_set_backend() |
| |
| CVEs fixed in 5.18-rc1: |
| CVE-2023-28410: 3886a86e7e6cc6ce2ce93c440fecd8f42aed0ce7 drm/i915/gem: add missing boundary check in vm_access |
| |
| CVEs fixed in 5.18.1: |
| CVE-2022-21499: eca56bf0066ef2f1e7be0e3fa7564b85a309872c lockdown: also lock down previous kgdb use |
| |
| CVEs fixed in 5.18.2: |
| CVE-2022-1852: 02ea15c02befea2539d5f0d6b60ce8df88de418b KVM: x86: avoid calling x86 emulator without a decoded instruction |
| CVE-2022-1966: 8f44c83e51b4ca49c815f8dd0d9c38f497cdbcb0 netfilter: nf_tables: disallow non-stateful expression in sets earlier |
| CVE-2022-1972: c9a46a3d549286861259c19af4747e12cfaeece9 netfilter: nf_tables: sanitize nft_set_desc_concat_parse() |
| CVE-2022-20572: 417c73db67ea7ad8f03dfd34c6b0bb5f54294fa9 dm verity: set DM_TARGET_IMMUTABLE feature flag |
| CVE-2022-2078: c9a46a3d549286861259c19af4747e12cfaeece9 netfilter: nf_tables: sanitize nft_set_desc_concat_parse() |
| CVE-2022-2503: 417c73db67ea7ad8f03dfd34c6b0bb5f54294fa9 dm verity: set DM_TARGET_IMMUTABLE feature flag |
| CVE-2022-2873: 2a81133304e8c10e6afa03e59f1b11beaccc7153 i2c: ismt: prevent memory corruption in ismt_access() |
| CVE-2022-2959: 71c603806614c6715165eed06099e24c2e41ad58 pipe: Fix missing lock in pipe_resize_ring() |
| CVE-2022-3077: 2a81133304e8c10e6afa03e59f1b11beaccc7153 i2c: ismt: prevent memory corruption in ismt_access() |
| CVE-2022-32250: 8f44c83e51b4ca49c815f8dd0d9c38f497cdbcb0 netfilter: nf_tables: disallow non-stateful expression in sets earlier |
| |
| CVEs fixed in 5.18.3: |
| CVE-2022-1184: 298659c0e7074f774a794fc293df4014617b87be ext4: verify dir block before splitting it |
| CVE-2022-1973: 2aafbe9fb210a355d6e0e92a91f294dee80e5d44 fs/ntfs3: Fix invalid free in log_replay |
| CVE-2022-3115: 4b60c5f398da8438c4bd2a0f3c1e7d84b1cf65ba drm: mali-dp: potential dereference of null pointer |
| CVE-2022-3577: 50db547e5f25218e1aec3864d77cac0cb2fc51ca HID: bigben: fix slab-out-of-bounds Write in bigben_probe |
| |
| CVEs fixed in 5.18.4: |
| CVE-2022-3104: ce12f7f6b19596edd6b250716930a4ce38bd1f96 lkdtm/bugs: Check for the NULL pointer after calling kmalloc |
| CVE-2022-3110: ba6c278b3364ceef05e63a93787fb01081e2b263 staging: r8188eu: add check for kzalloc |
| CVE-2022-32981: 7764a258356c454fe56b9f56fc07c0e146a3bccb powerpc/32: Fix overread/overwrite of thread_struct via ptrace |
| CVE-2022-34494: d51720ac069d465101d937273acecde1f71ea411 rpmsg: virtio: Fix possible double free in rpmsg_virtio_add_ctrl_dev() |
| CVE-2022-34495: b7e88e4bb41dea89b1dadf7a985d7aff53720629 rpmsg: virtio: Fix possible double free in rpmsg_probe() |
| |
| CVEs fixed in 5.18.5: |
| CVE-2022-21123: bc4d37b2338a32a6668d94803feebc9cbc85572e x86/speculation/mmio: Add mitigation for Processor MMIO Stale Data |
| CVE-2022-21125: dce28a791e9632f96ba018f2ef708e012edb4133 x86/speculation/mmio: Reuse SRBDS mitigation for SBDS |
| CVE-2022-21166: 8547d4ae6a95543b69d523f3706dbf887496e9f3 x86/speculation/mmio: Enable CPU Fill buffer clearing on idle |
| |
| CVEs fixed in 5.18.6: |
| CVE-2022-1976: bba36a27c38650eefc79d18c33a0acd0dcbeabb8 io_uring: reinstate the inflight tracking |
| |
| CVEs fixed in 5.18.8: |
| CVE-2023-2008: 44bb0618ae37c8a05b93acfcd044b9beb42201dd udmabuf: add back sanity check |
| |
| CVEs fixed in 5.18.10: |
| CVE-2022-2318: 570b99c2e1508708c4a32a58f98071fbc3c2c351 net: rose: fix UAF bugs caused by timer handler |
| CVE-2022-26365: 62b5d188a270a25138a88c18409c596c1406b993 xen/blkfront: fix leaking data in shared pages |
| CVE-2022-33740: 6d98cf6e58b5867225c3b4ea49bc431895ef33f0 xen/netfront: fix leaking data in shared pages |
| CVE-2022-33741: 3893cd0fec5e80e8d1c681794ee43167eb799e4d xen/netfront: force data bouncing when backend is untrusted |
| CVE-2022-33742: 3ebaa2c13f680889c4fb9f090b243499d25017d0 xen/blkfront: force data bouncing when backend is untrusted |
| CVE-2022-33743: a74adaffc8db86b4dbdd98762deff70b155b0f4d xen-netfront: restore __skb_queue_tail() positioning in xennet_get_responses() |
| CVE-2022-33744: efd9826d4c08abac7e8840757e3e1bfcf2876f70 xen/arm: Fix race in RB-tree based P2M accounting |
| |
| CVEs fixed in 5.18.11: |
| CVE-2021-33655: 9ae8c4f7fb45641294e9bd3b243d4ff472796ae7 fbcon: Disallow setting font bigger than screen size |
| CVE-2022-34918: 6b7488071ea8ed6265a39afebd5a5920f6975d02 netfilter: nf_tables: stricter validation of element data |
| |
| CVEs fixed in 5.18.13: |
| CVE-2022-1462: fa3302714c03e4e6c9b5aad5dacae33e75f76cf7 tty: use new tty_insert_flip_string_and_push_buffer() in pty_write() |
| CVE-2022-36123: 2334bdfc2da469c9807767002a2831274b82c39a x86: Clear .brk area at early boot |
| CVE-2022-4128: ff151c477f6a529b0e4643d90f4f0b8eca85de04 mptcp: fix subflow traversal at disconnect time |
| |
| CVEs fixed in 5.18.14: |
| CVE-2022-23816: e492002673b03c636d2297fb869d68ae545c41c4 x86/kvm/vmx: Make noinstr clean |
| CVE-2022-29900: e492002673b03c636d2297fb869d68ae545c41c4 x86/kvm/vmx: Make noinstr clean |
| CVE-2022-29901: e492002673b03c636d2297fb869d68ae545c41c4 x86/kvm/vmx: Make noinstr clean |
| |
| CVEs fixed in 5.18.15: |
| CVE-2022-1882: 49cbb4820e4f1895130755732485afb2d18508f9 watchqueue: make sure to serialize 'wqueue->defunct' properly |
| CVE-2022-21505: f67ff524f283183c52d2575b11beec00cc4d5092 lockdown: Fix kexec lockdown bypass with ima policy |
| CVE-2022-36879: 70f5e35cd5e38017653ed1ca0f7a4ab6d5c5a794 xfrm: xfrm_policy: fix a possible double xfrm_pols_put() in xfrm_bundle_lookup() |
| |
| CVEs fixed in 5.18.16: |
| CVE-2022-20566: 59a55ec33a54a7179fa178f8aaf8b1cb8e63bd93 Bluetooth: L2CAP: Fix use-after-free caused by l2cap_chan_put |
| CVE-2022-36946: 883c20911d6261fc651820b63a77327b8c020264 netfilter: nf_queue: do not allow packet truncation below transport header offset |
| CVE-2023-2177: d99f144acc3b4b27ab91f78fd6d7085385ccd654 sctp: leave the err path free in sctp_stream_init to sctp_stream_free |
| |
| CVEs fixed in 5.18.17: |
| CVE-2022-26373: 0abdbbd9ae9c81615836278d787a8c8dcd576c36 x86/speculation: Add RSB VM Exit protections |
| CVE-2022-39189: 719492d2bc3b99c067076bddc62e63cda8ad16e2 KVM: x86: do not report a vCPU as preempted outside instruction boundaries |
| |
| CVEs fixed in 5.18.18: |
| CVE-2022-1679: 6b14ab47937ba441e75e8dbb9fbfc9c55efa41c6 ath9k: fix use-after-free in ath9k_hif_usb_rx_cb |
| CVE-2022-20422: 6a2fd114678d7fc1b5a0f8865ae98f1c17787455 arm64: fix oops in concurrently setting insn_emulation sysctls |
| CVE-2022-2585: e8cb6e8fd9890780f1bfcf5592889e1b879e779c posix-cpu-timers: Cleanup CPU timers before freeing them during exec |
| CVE-2022-2586: f4fa03410f7c5f5bd8f90e9c11e9a8c4b526ff6f netfilter: nf_tables: do not allow SET_ID to refer to another table |
| CVE-2022-2588: e832c26e7edfa2ddbd2dcdd48016d13d747de6da net_sched: cls_route: remove from list when handle is 0 |
| CVE-2022-47938: 9d4d2efe03c84195b06955eae3cb98a72592f7f2 ksmbd: prevent out of bound read for SMB2_TREE_CONNNECT |
| CVE-2022-47939: 3db2001d3a39dc737c2f7e6e5c03467c41ca85bd ksmbd: fix use-after-free bug in smb2_tree_disconect |
| CVE-2022-47940: 61eb8b5368006fe0be0f6b1e2dff3ab284db256f ksmbd: validate length in smb2_write() |
| CVE-2022-47941: 8a8315a5960bd2b5ffc75f44fc089e57c3b17c44 ksmbd: fix memory leak in smb2_handle_negotiate |
| CVE-2022-47942: 6e8f4abf584253cbaa596ea4ad13110cf61cd4c9 ksmbd: fix heap-based overflow in set_ntacl_dacl() |
| CVE-2022-47943: d3015b3bf4a3a0c5e04edcf8bb941146ce9206fd ksmbd: prevent out of bound read for SMB2_WRITE |
| CVE-2023-1095: c90b99a6b44f2a5f8498d91cfdcf3cf28ea7c130 netfilter: nf_tables: fix null deref due to zeroed list head |
| CVE-2023-2019: 0579d61ee38cbe0b32e190c29112c002f9e63190 netdevsim: fib: Fix reference count leak on route deletion failure |
| CVE-2023-20928: 925e6b6f82c9c80ab3c17acbde8d16f349da7d26 android: binder: stop saving a pointer to the VMA |
| CVE-2023-22998: 5e836ae771218ba91435d962c346cb116f0c1b8c drm/virtio: Fix NULL vs IS_ERR checking in virtio_gpu_object_shmem_init |
| CVE-2023-2513: c71148b6040674bd43c0148301446966048cb140 ext4: fix use-after-free in ext4_xattr_set_entry |
| |
| Outstanding CVEs: |
| CVE-2005-3660: (unk) |
| CVE-2007-3719: (unk) |
| CVE-2008-2544: (unk) |
| CVE-2008-4609: (unk) |
| CVE-2010-4563: (unk) |
| CVE-2010-5321: (unk) |
| CVE-2011-4916: (unk) |
| CVE-2011-4917: (unk) |
| CVE-2012-4542: (unk) |
| CVE-2013-7445: (unk) |
| CVE-2015-2877: (unk) |
| CVE-2016-8660: (unk) |
| CVE-2017-13693: (unk) |
| CVE-2017-13694: (unk) |
| CVE-2018-1121: (unk) |
| CVE-2018-12928: (unk) |
| CVE-2018-12929: (unk) |
| CVE-2018-12930: (unk) |
| CVE-2018-12931: (unk) |
| CVE-2018-17977: (unk) |
| CVE-2019-12456: (unk) |
| CVE-2019-15239: (unk) unknown |
| CVE-2019-15290: (unk) |
| CVE-2019-15902: (unk) unknown |
| CVE-2019-16089: (unk) |
| CVE-2019-19378: (unk) |
| CVE-2019-19814: (unk) |
| CVE-2019-20794: (unk) |
| CVE-2020-0347: (unk) |
| CVE-2020-10708: (unk) |
| CVE-2020-11725: (unk) |
| CVE-2020-14304: (unk) |
| CVE-2020-15802: (unk) |
| CVE-2020-24502: (unk) |
| CVE-2020-24503: (unk) |
| CVE-2020-25220: (unk) |
| CVE-2020-26140: (unk) |
| CVE-2020-26142: (unk) |
| CVE-2020-26143: (unk) |
| CVE-2020-26556: (unk) |
| CVE-2020-26557: (unk) |
| CVE-2020-26559: (unk) |
| CVE-2020-26560: (unk) |
| CVE-2020-35501: (unk) |
| CVE-2021-0399: (unk) |
| CVE-2021-26934: (unk) |
| CVE-2021-3542: (unk) |
| CVE-2021-3714: (unk) |
| CVE-2021-3847: (unk) |
| CVE-2021-3864: (unk) |
| CVE-2021-3892: (unk) |
| CVE-2021-39800: (unk) |
| CVE-2021-39801: (unk) |
| CVE-2022-0400: (unk) |
| CVE-2022-1116: (unk) |
| CVE-2022-1247: (unk) |
| CVE-2022-20421: (unk) binder: fix UAF of ref->proc caused by race condition |
| CVE-2022-2196: (unk) KVM: VMX: Execute IBPB on emulated VM-exit when guest has IBRS |
| CVE-2022-2209: (unk) |
| CVE-2022-2308: (unk) vduse: prevent uninitialized memory accesses |
| CVE-2022-23825: (unk) |
| CVE-2022-25265: (unk) |
| CVE-2022-2590: (unk) mm/gup: fix FOLL_FORCE COW security issue and remove FOLL_COW |
| CVE-2022-2602: (unk) io_uring/af_unix: defer registered files gc to io_uring release |
| CVE-2022-2663: (unk) netfilter: nf_conntrack_irc: Fix forged IP logic |
| CVE-2022-26878: (unk) |
| CVE-2022-27672: (unk) x86/speculation: Identify processors vulnerable to SMT RSB predictions |
| CVE-2022-2785: (unk) bpf: Disallow bpf programs call prog_run command. |
| CVE-2022-2905: (unk) bpf: Don't use tnum_range on array range checking for poke descriptors |
| CVE-2022-2961: (unk) |
| CVE-2022-2978: (unk) fs: fix UAF/GPF bug in nilfs_mdt_destroy |
| CVE-2022-3028: (unk) af_key: Do not call xfrm_probe_algs in parallel |
| CVE-2022-3114: (unk) clk: imx: Add check for kcalloc |
| CVE-2022-3169: (unk) nvme: ensure subsystem reset is single threaded |
| CVE-2022-3238: (unk) |
| CVE-2022-3303: (unk) ALSA: pcm: oss: Fix race at SNDCTL_DSP_SYNC |
| CVE-2022-3344: (unk) KVM: x86: nSVM: harden svm_free_nested against freeing vmcb02 while still in use |
| CVE-2022-3424: (unk) misc: sgi-gru: fix use-after-free error in gru_set_context_option, gru_fault and gru_handle_user_call_os |
| CVE-2022-3435: (unk) ipv4: Handle attempt to delete multipath route when fib_info contains an nh reference |
| CVE-2022-3521: (unk) kcm: avoid potential race in kcm_tx_work |
| CVE-2022-3522: (unk) mm/hugetlb: use hugetlb_pte_stable in migration race check |
| CVE-2022-3523: (unk) mm/memory.c: fix race when faulting a device private page |
| CVE-2022-3524: (unk) tcp/udp: Fix memory leak in ipv6_renew_options(). |
| CVE-2022-3534: (unk) libbpf: Fix use-after-free in btf_dump_name_dups |
| CVE-2022-3535: (unk) net: mvpp2: fix mvpp2 debugfs leak |
| CVE-2022-3542: (unk) bnx2x: fix potential memory leak in bnx2x_tpa_stop() |
| CVE-2022-3543: (unk) af_unix: Fix memory leaks of the whole sk due to OOB skb. |
| CVE-2022-3544: (unk) |
| CVE-2022-3545: (unk) nfp: fix use-after-free in area_cache_get() |
| CVE-2022-3564: (unk) Bluetooth: L2CAP: Fix use-after-free caused by l2cap_reassemble_sdu |
| CVE-2022-3565: (unk) mISDN: fix use-after-free bugs in l1oip timer handlers |
| CVE-2022-3566: (unk) tcp: Fix data races around icsk->icsk_af_ops. |
| CVE-2022-3567: (unk) ipv6: Fix data races around sk->sk_prot. |
| CVE-2022-3586: (unk) sch_sfb: Don't assume the skb is still around after enqueueing to child |
| CVE-2022-3594: (unk) r8152: Rate limit overflow messages |
| CVE-2022-3595: (unk) cifs: fix double-fault crash during ntlmssp |
| CVE-2022-3619: (unk) Bluetooth: L2CAP: Fix memory leak in vhci_write |
| CVE-2022-3621: (unk) nilfs2: fix NULL pointer dereference at nilfs_bmap_lookup_at_level() |
| CVE-2022-3623: (unk) mm/hugetlb: fix races when looking up a CONT-PTE/PMD size hugetlb page |
| CVE-2022-3624: (unk) bonding: fix reference count leak in balance-alb mode |
| CVE-2022-3625: (unk) devlink: Fix use-after-free after a failed reload |
| CVE-2022-3628: (unk) wifi: brcmfmac: Fix potential buffer overflow in brcmf_fweh_event_worker() |
| CVE-2022-36280: (unk) drm/vmwgfx: Validate the box size for the snooped cursor |
| CVE-2022-3629: (unk) vsock: Fix memory leak in vsock_connect() |
| CVE-2022-3633: (unk) can: j1939: j1939_session_destroy(): fix memory leak of skbs |
| CVE-2022-3635: (unk) atm: idt77252: fix use-after-free bugs caused by tst_timer |
| CVE-2022-3636: (unk) net: ethernet: mtk_eth_soc: use after free in __mtk_ppe_check_skb() |
| CVE-2022-36402: (unk) |
| CVE-2022-3642: (unk) |
| CVE-2022-3643: (unk) xen/netback: Ensure protocol headers don't fall in the non-linear area |
| CVE-2022-3646: (unk) nilfs2: fix leak of nilfs_root in case of writer thread creation failure |
| CVE-2022-3649: (unk) nilfs2: fix use-after-free bug of struct nilfs_root |
| CVE-2022-3707: (unk) drm/i915/gvt: fix double free bug in split_2MB_gtt_entry |
| CVE-2022-38096: (unk) |
| CVE-2022-38457: (unk) drm/vmwgfx: Remove rcu locks from user resources |
| CVE-2022-3903: (unk) media: mceusb: Use new usb_control_msg_*() routines |
| CVE-2022-3910: (unk) io_uring/msg_ring: check file type before putting |
| CVE-2022-39188: (unk) mmu_gather: Force tlb-flush VM_PFNMAP vmas |
| CVE-2022-39190: (unk) netfilter: nf_tables: disallow binding to already bound chain |
| CVE-2022-3977: (unk) mctp: prevent double key removal and unref |
| CVE-2022-39842: (unk) video: fbdev: pxa3xx-gcu: Fix integer overflow in pxa3xx_gcu_write |
| CVE-2022-40133: (unk) drm/vmwgfx: Remove rcu locks from user resources |
| CVE-2022-40307: (unk) efi: capsule-loader: Fix use-after-free in efi_capsule_write |
| CVE-2022-40768: (unk) scsi: stex: Properly zero out the passthrough command structure |
| CVE-2022-4095: (unk) staging: rtl8712: fix use after free bugs |
| CVE-2022-41218: (unk) media: dvb-core: Fix UAF due to refcount races at releasing |
| CVE-2022-4129: (unk) l2tp: Serialize access to sk_user_data with sk_callback_lock |
| CVE-2022-4139: (unk) drm/i915: fix TLB invalidation for Gen12 video and compute engines |
| CVE-2022-41674: (unk) wifi: cfg80211: fix u8 overflow in cfg80211_update_notlisted_nontrans() |
| CVE-2022-41848: (unk) |
| CVE-2022-41849: (unk) fbdev: smscufx: Fix use-after-free in ufx_ops_open() |
| CVE-2022-41850: (unk) HID: roccat: Fix use-after-free in roccat_read() |
| CVE-2022-42328: (unk) xen/netback: don't call kfree_skb() with interrupts disabled |
| CVE-2022-42329: (unk) xen/netback: don't call kfree_skb() with interrupts disabled |
| CVE-2022-42432: (unk) netfilter: nfnetlink_osf: fix possible bogus match in nf_osf_find() |
| CVE-2022-4269: (unk) act_mirred: use the backlog for nested calls to mirred ingress |
| CVE-2022-42703: (unk) mm/rmap: Fix anon_vma->degree ambiguity leading to double-reuse |
| CVE-2022-42719: (unk) wifi: mac80211: fix MBSSID parsing use-after-free |
| CVE-2022-42720: (unk) wifi: cfg80211: fix BSS refcounting bugs |
| CVE-2022-42721: (unk) wifi: cfg80211: avoid nontransmitted BSS list corruption |
| CVE-2022-42722: (unk) wifi: mac80211: fix crash in beacon protection for P2P-device |
| CVE-2022-42895: (unk) Bluetooth: L2CAP: Fix attempting to access uninitialized memory |
| CVE-2022-42896: (unk) Bluetooth: L2CAP: Fix accepting connection request for invalid SPSM |
| CVE-2022-43750: (unk) usb: mon: make mmapped memory read only |
| CVE-2022-4378: (unk) proc: proc_skip_spaces() shouldn't think it is working on C strings |
| CVE-2022-4379: (unk) NFSD: fix use-after-free in __nfs42_ssc_open() |
| CVE-2022-4382: (unk) USB: gadgetfs: Fix race between mounting and unmounting |
| CVE-2022-43945: (unk) NFSD: Protect against send buffer overflow in NFSv2 READDIR |
| CVE-2022-44032: (unk) |
| CVE-2022-44033: (unk) |
| CVE-2022-44034: (unk) |
| CVE-2022-4543: (unk) |
| CVE-2022-45869: (unk) KVM: x86/mmu: Fix race condition in direct_page_fault |
| CVE-2022-45884: (unk) |
| CVE-2022-45885: (unk) |
| CVE-2022-45886: (unk) |
| CVE-2022-45887: (unk) |
| CVE-2022-45888: (unk) char: xillybus: Prevent use-after-free due to race condition |
| CVE-2022-45919: (unk) |
| CVE-2022-45934: (unk) Bluetooth: L2CAP: Fix u8 overflow |
| CVE-2022-4662: (unk) USB: core: Prevent nested device-reset calls |
| CVE-2022-47518: (unk) wifi: wilc1000: validate number of channels |
| CVE-2022-47519: (unk) wifi: wilc1000: validate length of IEEE80211_P2P_ATTR_OPER_CHANNEL attribute |
| CVE-2022-47520: (unk) wifi: wilc1000: validate pairwise and authentication suite offsets |
| CVE-2022-47521: (unk) wifi: wilc1000: validate length of IEEE80211_P2P_ATTR_CHANNEL_LIST attribute |
| CVE-2022-47929: (unk) net: sched: disallow noqueue for qdisc classes |
| CVE-2022-4842: (unk) fs/ntfs3: Fix attr_punch_hole() null pointer derenference |
| CVE-2022-48423: (unk) fs/ntfs3: Validate resident attribute name |
| CVE-2022-48424: (unk) fs/ntfs3: Validate attribute name offset |
| CVE-2022-48425: (unk) fs/ntfs3: Validate MFT flags before replaying logs |
| CVE-2022-48502: (unk) fs/ntfs3: Check fields while reading |
| CVE-2023-0045: (unk) x86/bugs: Flush IBP in ib_prctl_set() |
| CVE-2023-0160: (unk) |
| CVE-2023-0179: (unk) netfilter: nft_payload: incorrect arithmetics when fetching VLAN header bits |
| CVE-2023-0210: (unk) ksmbd: check nt_len to be at least CIFS_ENCPWD_SIZE in ksmbd_decode_ntlmssp_auth_blob |
| CVE-2023-0266: (unk) ALSA: pcm: Move rwsem lock inside snd_ctl_elem_read to prevent UAF |
| CVE-2023-0386: (unk) ovl: fail on invalid uid/gid mapping at copy up |
| CVE-2023-0394: (unk) ipv6: raw: Deduct extension header length in rawv6_push_pending_frames |
| CVE-2023-0458: (unk) prlimit: do_prlimit needs to have a speculation check |
| CVE-2023-0459: (unk) uaccess: Add speculation barrier to copy_from_user() |
| CVE-2023-0461: (unk) net/ulp: prevent ULP without clone op from entering the LISTEN status |
| CVE-2023-0468: (unk) io_uring: make poll refs more robust |
| CVE-2023-0590: (unk) net: sched: fix race condition in qdisc_graft() |
| CVE-2023-0597: (unk) x86/mm: Randomize per-cpu entry area |
| CVE-2023-0615: (unk) media: vivid: dev->bitmap_cap wasn't freed in all cases |
| CVE-2023-1073: (unk) HID: check empty report_list in hid_validate_values() |
| CVE-2023-1074: (unk) sctp: fail if no bound addresses can be used for a given scope |
| CVE-2023-1075: (unk) net/tls: tls_is_tx_ready() checked list_entry |
| CVE-2023-1076: (unk) tun: tun_chr_open(): correctly initialize socket uid |
| CVE-2023-1077: (unk) sched/rt: pick_next_rt_entity(): check list_entry |
| CVE-2023-1078: (unk) rds: rds_rm_zerocopy_callback() use list_first_entry() |
| CVE-2023-1079: (unk) HID: asus: use spinlock to safely schedule workers |
| CVE-2023-1118: (unk) media: rc: Fix use-after-free bugs caused by ene_tx_irqsim() |
| CVE-2023-1192: (unk) |
| CVE-2023-1193: (unk) |
| CVE-2023-1194: (unk) |
| CVE-2023-1195: (unk) cifs: fix use-after-free caused by invalid pointer `hostname` |
| CVE-2023-1206: (unk) |
| CVE-2023-1281: (unk) net/sched: tcindex: update imperfect hash filters respecting rcu |
| CVE-2023-1380: (unk) wifi: brcmfmac: slab-out-of-bounds read in brcmf_get_assoc_ies() |
| CVE-2023-1382: (unk) tipc: set con sock in tipc_conn_alloc |
| CVE-2023-1513: (unk) kvm: initialize all of the kvm_debugregs structure before sending it to userspace |
| CVE-2023-1611: (unk) btrfs: fix race between quota disable and quota assign ioctls |
| CVE-2023-1652: (unk) NFSD: fix use-after-free in nfsd4_ssc_setup_dul() |
| CVE-2023-1670: (unk) xirc2ps_cs: Fix use after free bug in xirc2ps_detach |
| CVE-2023-1829: (unk) net/sched: Retire tcindex classifier |
| CVE-2023-1855: (unk) hwmon: (xgene) Fix use after free bug in xgene_hwmon_remove due to race condition |
| CVE-2023-1859: (unk) 9p/xen : Fix use after free bug in xen_9pfs_front_remove due to race condition |
| CVE-2023-1989: (unk) Bluetooth: btsdio: fix use after free bug in btsdio_remove due to unfinished work |
| CVE-2023-1990: (unk) nfc: st-nci: Fix use after free bug in ndlc_remove due to race condition |
| CVE-2023-2002: (unk) bluetooth: Perform careful capability checks in hci_sock_ioctl() |
| CVE-2023-2006: (unk) rxrpc: Fix race between conn bundle lookup and bundle removal [ZDI-CAN-15975] |
| CVE-2023-2007: (unk) scsi: dpt_i2o: Remove obsolete driver |
| CVE-2023-20941: (unk) |
| CVE-2023-21102: (unk) efi: rt-wrapper: Add missing include |
| CVE-2023-2124: (unk) xfs: verify buffer contents when we skip log replay |
| CVE-2023-2156: (unk) net: rpl: fix rpl header size calculation |
| CVE-2023-2162: (unk) scsi: iscsi_tcp: Fix UAF during login when accessing the shost ipaddress |
| CVE-2023-2163: (unk) bpf: Fix incorrect verifier pruning due to missing register precision taints |
| CVE-2023-2166: (unk) can: af_can: fix NULL pointer dereference in can_rcv_filter |
| CVE-2023-2176: (unk) RDMA/core: Refactor rdma_bind_addr |
| CVE-2023-2194: (unk) i2c: xgene-slimpro: Fix out-of-bounds bug in xgene_slimpro_i2c_xfer() |
| CVE-2023-2235: (unk) perf: Fix check before add_event_to_groups() in perf_group_detach() |
| CVE-2023-2248: (unk) net: sched: sch_qfq: prevent slab-out-of-bounds in qfq_activate_agg |
| CVE-2023-2269: (unk) dm ioctl: fix nested locking in table_clear() to remove deadlock concern |
| CVE-2023-22997: (unk) module: Fix NULL vs IS_ERR checking for module_get_next_page |
| CVE-2023-23004: (unk) malidp: Fix NULL vs IS_ERR() checking |
| CVE-2023-23039: (unk) |
| CVE-2023-23454: (unk) net: sched: cbq: dont intepret cls results when asked to drop |
| CVE-2023-23455: (unk) net: sched: atm: dont intepret cls results when asked to drop |
| CVE-2023-23559: (unk) wifi: rndis_wlan: Prevent buffer overflow in rndis_query_oid |
| CVE-2023-2430: (unk) io_uring/msg_ring: fix missing lock on overflow for IOPOLL |
| CVE-2023-2483: (unk) net: qcom/emac: Fix use after free bug in emac_remove due to race condition |
| CVE-2023-25012: (unk) HID: bigben: use spinlock to safely schedule workers |
| CVE-2023-26242: (unk) |
| CVE-2023-26544: (unk) fs/ntfs3: Fix slab-out-of-bounds read in run_unpack |
| CVE-2023-26545: (unk) net: mpls: fix stale pointer if allocation fails during device rename |
| CVE-2023-26606: (unk) fs/ntfs3: Fix slab-out-of-bounds read in ntfs_trim_fs |
| CVE-2023-26607: (unk) ntfs: fix out-of-bounds read in ntfs_attr_find() |
| CVE-2023-28327: (unk) af_unix: Get user_ns from in_skb in unix_diag_get_exact(). |
| CVE-2023-28328: (unk) media: dvb-usb: az6027: fix null-ptr-deref in az6027_i2c_xfer() |
| CVE-2023-28466: (unk) net: tls: fix possible race condition between do_tls_getsockopt_conf() and do_tls_setsockopt_conf() |
| CVE-2023-2860: (unk) ipv6: sr: fix out-of-bounds read when setting HMAC data. |
| CVE-2023-28866: (unk) Bluetooth: HCI: Fix global-out-of-bounds |
| CVE-2023-2898: (unk) |
| CVE-2023-2985: (unk) fs: hfsplus: fix UAF issue in hfsplus_put_super |
| CVE-2023-3006: (unk) arm64: Add AMPERE1 to the Spectre-BHB affected list |
| CVE-2023-30456: (unk) KVM: nVMX: add missing consistency checks for CR0 and CR4 |
| CVE-2023-30772: (unk) power: supply: da9150: Fix use after free bug in da9150_charger_remove due to race condition |
| CVE-2023-3090: (unk) ipvlan:Fix out-of-bounds caused by unclear skb->cb |
| CVE-2023-31081: (unk) |
| CVE-2023-31082: (unk) |
| CVE-2023-31083: (unk) |
| CVE-2023-31084: (unk) media: dvb-core: Fix kernel WARNING for blocking operation in wait_event*() |
| CVE-2023-31085: (unk) |
| CVE-2023-3111: (unk) btrfs: unset reloc control if transaction commit fails in prepare_to_relocate() |
| CVE-2023-3141: (unk) memstick: r592: Fix UAF bug in r592_remove due to race condition |
| CVE-2023-31436: (unk) net: sched: sch_qfq: prevent slab-out-of-bounds in qfq_activate_agg |
| CVE-2023-3161: (unk) fbcon: Check font dimension limits |
| CVE-2023-3212: (unk) gfs2: Don't deref jdesc in evict |
| CVE-2023-3220: (unk) drm/msm/dpu: Add check for pstates |
| CVE-2023-32233: (unk) netfilter: nf_tables: deactivate anonymous set from preparation phase |
| CVE-2023-32250: (unk) ksmbd: fix racy issue from session setup and logoff |
| CVE-2023-32254: (unk) ksmbd: fix racy issue under cocurrent smb2 tree disconnect |
| CVE-2023-32269: (unk) netrom: Fix use-after-free caused by accept on already connected socket |
| CVE-2023-3268: (unk) relayfs: fix out-of-bounds access in relay_file_read |
| CVE-2023-33203: (unk) net: qcom/emac: Fix use after free bug in emac_remove due to race condition |
| CVE-2023-33288: (unk) power: supply: bq24190: Fix use after free bug in bq24190_remove due to race condition |
| CVE-2023-3338: (unk) Remove DECnet support from kernel |
| CVE-2023-3355: (unk) drm/msm/gem: Add check for kmalloc |
| CVE-2023-3357: (unk) HID: amd_sfh: Add missing check for dma_alloc_coherent |
| CVE-2023-3358: (unk) HID: intel_ish-hid: Add check for ishtp_dma_tx_map |
| CVE-2023-3359: (unk) nvmem: brcm_nvram: Add check for kzalloc |
| CVE-2023-3389: (unk) io_uring: mutex locked poll hashing |
| CVE-2023-3390: (unk) netfilter: nf_tables: incorrect error path handling with NFT_MSG_NEWRULE |
| CVE-2023-33951: (unk) drm/vmwgfx: Do not drop the reference to the handle too soon |
| CVE-2023-33952: (unk) drm/vmwgfx: Do not drop the reference to the handle too soon |
| CVE-2023-3397: (unk) |
| CVE-2023-34255: (unk) xfs: verify buffer contents when we skip log replay |
| CVE-2023-34256: (unk) ext4: avoid a potential slab-out-of-bounds in ext4_group_desc_csum |
| CVE-2023-35788: (unk) net/sched: flower: fix possible OOB write in fl_set_geneve_opt() |
| CVE-2023-35823: (unk) media: saa7134: fix use after free bug in saa7134_finidev due to race condition |
| CVE-2023-35824: (unk) media: dm1105: Fix use after free bug in dm1105_remove due to race condition |
| CVE-2023-35826: (unk) media: cedrus: fix use after free bug in cedrus_remove due to race condition |
| CVE-2023-35827: (unk) |
| CVE-2023-35828: (unk) usb: gadget: udc: renesas_usb3: Fix use after free bug in renesas_usb3_remove due to race condition |
| CVE-2023-35829: (unk) media: rkvdec: fix use after free bug in rkvdec_remove |
