Google Git
Sign in
cos / mirrors / github.com / nluedtke / linux_kernel_cves / 2fec11562d3b07348f89e7b4dd56a7afcb66b98a / . / data / 3.12 / 3.12_security.txt
blob: 605b525661f46287f293d04fe71bc330f1d4bea2 [file] [log] [blame]
CVEs fixed in 3.12:
CVE-2013-4511: 201f99f170df14ba52ea4c52847779042b7a623b uml: check length in exitcode_proc_write()
CVE-2013-4512: 201f99f170df14ba52ea4c52847779042b7a623b uml: check length in exitcode_proc_write()
CVE-2013-4513: c2c65cd2e14ada6de44cb527e7f1990bede24e15 staging: ozwpan: prevent overflow in oz_cdev_write()
CVE-2013-4514: b5e2f339865fb443107e5b10603e53bbc92dc054 staging: wlags49_h2: buffer overflow setting station name
CVE-2013-4515: 8d1e72250c847fa96498ec029891de4dc638a5ba Staging: bcm: info leak in ioctl
CVE-2013-4516: a8b33654b1e3b0c74d4a1fed041c9aae50b3c427 Staging: sb105x: info leak in mp_get_count()
CVE-2013-6383: f856567b930dfcdbc3323261bf77240ccdde01f5 aacraid: missing capable() check in compat ioctl
CVEs fixed in 3.12.1:
CVE-2013-4348: cec64fecff2eff7dd701b883ed3f5f6faf1aab92 net: flow_dissector: fail on evil iph->ihl
CVEs fixed in 3.12.2:
CVE-2013-2929: 9d4dd888b4b5799ecadfb0d8c9adda7a76779806 exec/ptrace: fix get_dumpable() incorrect tests
CVE-2013-2930: 539ddb09c46389cc22d35543e40ccde2c2e20244 perf/ftrace: Fix paranoid level for enabling function tracer
CVE-2013-4345: 8ea7fffd97835f4e3ffd5f757df152a79835f65f crypto: ansi_cprng - Fix off by one error in non-block size request
CVE-2013-6378: 0f6ff65ed8d3630118c3149a4fbc493dd3b8fdc4 libertas: potential oops in debugfs
CVE-2013-6380: 12cc2209deeda65c963c84a5e6aaf0c39aca8e6d aacraid: prevent invalid pointer dereference
CVE-2013-7026: dd272212175ad47ee84cf38e9d5f99502df2d930 ipc,shm: fix shm_file deletion races
CVEs fixed in 3.12.3:
CVE-2013-6381: 8abbf7ceaece5ea0dd23f2b6d2b135186da7a96b qeth: avoid buffer overflow in snmp ioctl
CVEs fixed in 3.12.4:
CVE-2013-4563: d68268e60d0ec51e6c269f8dc34bb9fcfee970a7 ipv6: fix headroom calculation in udp6_ufo_fragment
CVE-2013-6432: 086663e065ba2383382d6bb7d8a3d9bc9cba7cdf ping: prevent NULL pointer dereference on write to msg_name
CVE-2013-7263: 7a9b8e64a5706d62d5a5ab54fe3d0320845b1d4a inet: prevent leakage of uninitialized memory to user in recv syscalls
CVE-2013-7264: 7a9b8e64a5706d62d5a5ab54fe3d0320845b1d4a inet: prevent leakage of uninitialized memory to user in recv syscalls
CVE-2013-7265: 7a9b8e64a5706d62d5a5ab54fe3d0320845b1d4a inet: prevent leakage of uninitialized memory to user in recv syscalls
CVE-2013-7266: 0cefe287488ca07c0d7962a7b4d3fbb829d09917 net: rework recvmsg handler msg_name and msg_namelen logic
CVE-2013-7267: 0cefe287488ca07c0d7962a7b4d3fbb829d09917 net: rework recvmsg handler msg_name and msg_namelen logic
CVE-2013-7268: 0cefe287488ca07c0d7962a7b4d3fbb829d09917 net: rework recvmsg handler msg_name and msg_namelen logic
CVE-2013-7269: 0cefe287488ca07c0d7962a7b4d3fbb829d09917 net: rework recvmsg handler msg_name and msg_namelen logic
CVE-2013-7270: 0cefe287488ca07c0d7962a7b4d3fbb829d09917 net: rework recvmsg handler msg_name and msg_namelen logic
CVE-2013-7271: 0cefe287488ca07c0d7962a7b4d3fbb829d09917 net: rework recvmsg handler msg_name and msg_namelen logic
CVE-2013-7281: 7a9b8e64a5706d62d5a5ab54fe3d0320845b1d4a inet: prevent leakage of uninitialized memory to user in recv syscalls
CVE-2013-7348: f50db974cb75e31d98b176c3c9ea92e57aa97a1b aio: prevent double free in ioctx_alloc
CVEs fixed in 3.12.6:
CVE-2013-4587: 41fe7fa8fdeaa5a2a9f3ecaa9a47e2d2afa1b2b1 KVM: Improve create VCPU parameter (CVE-2013-4587)
CVE-2013-6367: 10958718b005e046244d2b4a1f1bb9a3ab6e3d29 KVM: x86: Fix potential divide by 0 in lapic (CVE-2013-6367)
CVE-2013-6368: c0149f684726ef4a5e91b8ba1d408a64dfb40385 KVM: x86: Convert vapic synchronization to _cached functions (CVE-2013-6368)
CVE-2013-6376: 48849efc2e3c58d170e32d081f83f6c070dfd0a3 KVM: x86: fix guest-initiated crash with x2apic (CVE-2013-6376)
CVE-2013-6382: f5e6d588f847fba87394926284cc4a7a3b79c6bf xfs: underflow bug in xfs_attrlist_by_handle()
CVEs fixed in 3.12.7:
CVE-2013-4579: d10d0a2337097fa907f22af6ad0ae0dc0ff39fbf ath9k_htc: properly set MAC address and BSSID mask
CVE-2015-4170: ab69be3e59d79c56bfe16930f0c761daf4837e48 tty: Fix hang at ldsem_down_read()
CVEs fixed in 3.12.8:
CVE-2012-2372: 0a743164c25fc0c5c4ba0f581ab9d4e5dd9772f8 rds: prevent BUG_ON triggered on congestion update to loopback
CVE-2013-7339: aca33677723eb132dd91a30c4f8ac15f01be27c8 rds: prevent dereference of a NULL device
CVE-2014-1438: 807a0c12941850ddaff2ed62ba26a748e542c599 x86, fpu, amd: Clear exceptions in AMD FXSAVE workaround
CVE-2014-1446: e7834c71c2cacc621ddc64bd71f83ef2054f6539 hamradio/yam: fix info leak in ioctl
CVE-2014-1690: 6aeebffeb297e84f5b73bb87deacd9571a84da16 netfilter: nf_nat: fix access to uninitialized buffer in IRC NAT helper
CVEs fixed in 3.12.10:
CVE-2013-6885: c5e16510e3454393fa8e40591bff28c190be2faa x86, cpu, amd: Add workaround for family 16h, erratum 793
CVE-2014-0038: c1769bfb6aa93250f83d6d9d3ac85d15f990849f x86, x32: Correct invalid use of user timespec in the kernel
CVEs fixed in 3.12.11:
CVE-2014-2038: 4a3cbb28c3bbb4cb24ea59a91c2607d806818b73 nfs: always make sure page is up-to-date before extending a write to cover the entire page
CVEs fixed in 3.12.13:
CVE-2014-2039: 9ee59d9a5b03f45d9b421b020947846d13f27d08 s390: fix kernel crash due to linkage stack instructions
CVE-2014-8709: 5258fec859e55f79a80a00b3ca05181a488de766 mac80211: fix fragmentation code, particularly for encryption
CVEs fixed in 3.12.14:
CVE-2014-0049: ee593d3a91514d37f19251daa9d57edfb27e45e7 kvm: x86: fix emulator buffer overflow (CVE-2014-0049)
CVE-2014-0069: 90d369693d48ec7ffa4ca039e6fd14e861486251 cifs: ensure that uncached writes handle unmapped areas correctly
CVEs fixed in 3.12.15:
CVE-2014-0101: 00c53b02cb01976b35d37670a4b5c5d7a6ad3c62 net: sctp: fix sctp_sf_do_5_1D_ce to verify if we/peer is AUTH capable
CVE-2014-2672: 46e70384f21825caab1a55f64e9fe6d3d16c28cc ath9k: protect tid->sched check
CVE-2014-2673: 2725f34b41f8e3f444688a814cc2763a1c2b138b powerpc/tm: Fix crash when forking inside a transaction
CVE-2014-2706: 58d4310586466840dab77e56e53f4508853a5268 mac80211: fix AP powersave TX vs. wakeup race
CVE-2014-7207: 3bbb02a1ba7a2ad0dbbd979ed715c9229b12e36a ipv6: reuse ip6_frag_id from ip6_ufo_append_data
CVEs fixed in 3.12.17:
CVE-2014-2523: f9c8e356e5c574cfa6ace53bb9956b4469fe606a netfilter: nf_conntrack_dccp: fix skb_header_pointer API usages
CVEs fixed in 3.12.18:
CVE-2014-0055: a2a366ebac39dbb437b893b8705d4b6ce04e062e vhost: validate vhost_get_vq_desc return value
CVE-2014-0077: c66635949a08858e6d588b8a32489bca7972cf87 vhost: fix total length when packets are too short
CVE-2014-0100: e8443124a1ba9ceee59fb611c534957278f7d44e net: fix for a race condition in the inet frag code
CVE-2014-2309: 50fb0fafd1546f2dc6bf931f3a44f63704ce78ac ipv6: don't set DST_NOCOUNT for remotely added routes
CVE-2014-2580: 699dfec4e90e73bac6455560187c34f77115bc2f xen-netback: disable rogue vif in kthread context
CVE-2014-2678: 64005923ffdefe53e87138ec472c88877196d405 rds: prevent dereference of a NULL device in rds_iw_laddr_check
CVEs fixed in 3.12.19:
CVE-2014-0155: 95846d96fc3739c515e6c20b0fcea97ab290f09c KVM: ioapic: fix assignment of ioapic->rtc_status.pending_eoi (CVE-2014-0155)
CVE-2014-2851: 95c3a5624ae783081cc9d9b0e3d24ea19b36590e net: ipv4: current group_info should be put after using.
CVE-2014-7283: fd4037cadecf7b5c0e288c19d958917ac1c62a83 xfs: fix directory hash ordering bug
CVEs fixed in 3.12.20:
CVE-2014-0196: 61461fa9182895c6396ee9704d80fe8ff9d1135d n_tty: Fix n_tty_write crash when echoing in raw mode
CVE-2014-1737: 36cdf95db237630373162e20142df4d11efdd543 floppy: ignore kernel-only members in FDRAWCMD ioctl input
CVE-2014-1738: 3d43edf5868f260dbfd1353bf243a78f030a08b0 floppy: don't write kernel-only members to FDRAWCMD ioctl output
CVE-2014-3122: 400fc13141fe947c38e8485ee9d37066d4533363 mm: try_to_unmap_cluster() should lock_page() before mlocking
CVEs fixed in 3.12.21:
CVE-2014-3144: dd6e370c0083e0382782893708b5241490ea6832 filter: prevent nla extensions to peek beyond the end of the message
CVE-2014-3145: dd6e370c0083e0382782893708b5241490ea6832 filter: prevent nla extensions to peek beyond the end of the message
CVE-2014-9715: 62c97a8612f753ffa6c5c7bebe140cc0951e539f netfilter: nf_conntrack: reserve two bytes for nf_ct_ext->len
CVEs fixed in 3.12.22:
CVE-2014-1739: 2f1831612c94ee7b1819c4a6d21b9d5efac5297c media-device: fix infoleak in ioctl media_enum_entities()
CVE-2014-3153: 888f1a0f8c36e6982040ec06447a1dcc15686562 futex: Make lookup_pi_state more robust
CVEs fixed in 3.12.23:
CVE-2014-0131: 07d054ef6765b307277f02c11b51f0695d6b3d7c skbuff: skb_segment: orphan frags before copying
CVE-2014-0181: 50b8b6e75fa0c08cef1e1ed30a7ab91f05bcb779 net: Use netlink_ns_capable to verify the permisions of netlink messages
CVE-2014-3917: 6004b0e5ac2e8e9e1bb0f012dc9242e03cca95df auditsc: audit_krule mask accesses need bounds checking
CVE-2014-4014: 2246a472bce19c0d373fb5488a0e612e3328ce0a fs,userns: Change inode_capable to capable_wrt_inode_uidgid
CVE-2014-4157: 649066ce296368e2733ce1d4005f10dc673a9e8f MIPS: asm: thread_info: Add _TIF_SECCOMP flag
CVE-2014-4667: ddb638e68690ca61959775b262a5ef0719c5c066 sctp: Fix sk_ack_backlog wrap-around problem
CVE-2014-9914: c671113b05eb8cdcc5ed8610e9cc45a653ea7558 ipv4: fix a race in ip4_datagram_release_cb()
CVEs fixed in 3.12.24:
CVE-2014-0206: bee3f7b8188d4b2a5dfaeb2eb4a68d99f67daecf aio: fix kernel memory disclosure in io_getevents() introduced in v3.10
CVE-2014-3940: 7032d5fbbf1b08586e1463684d6c8f456889c293 mm: add !pte_present() check on existing hugetlb_entry callbacks
CVE-2014-4508: b8f4d2179757e17cf16644feb44879c05b5b61ef x86_32, entry: Do syscall exit work on badsys (CVE-2014-4508)
CVE-2014-4611: f1bac1ba17822414d4031f840913b4ea27793ba8 lz4: ensure length does not wrap
CVE-2014-4652: ed81e6b21790b717cda5f5bab2bdb07d2ce17ab1 ALSA: control: Protect user controls against concurrent access
CVE-2014-4653: 0bf595fd311aa4d6e82c43879f2c0d0650e83271 ALSA: control: Don't access controls outside of protected regions
CVE-2014-4654: d8eaff7517ee11b2e7cbc158abbdf899b8351ed3 ALSA: control: Fix replacing user controls
CVE-2014-4655: d8eaff7517ee11b2e7cbc158abbdf899b8351ed3 ALSA: control: Fix replacing user controls
CVE-2014-4656: 669982364299f6f22bea4324f0f7ee8f8a361b87 ALSA: control: Handle numid overflow
CVEs fixed in 3.12.25:
CVE-2014-4699: 2f1824407bf18b019d2c821881dd0956c6f0a254 ptrace,x86: force IRET path after a ptrace_stop()
CVEs fixed in 3.12.26:
CVE-2014-4171: 8685789bd8ec12a02b07ea76df4527b055efbf20 shmem: fix faulting into a hole while it's punched
CVE-2014-5045: 37b0ade4c681de6e0d7762c948c400496bc1b27b fs: umount on symlink leaks mnt count
CVEs fixed in 3.12.27:
CVE-2014-3534: cbcbb4c4826ff594b091e143b0f049f13ab7a64e s390/ptrace: fix PSW mask check
CVE-2014-5077: 4a07c786e3d9fbe989d8b5bf9920a1e34afd8b91 net: sctp: inherit auth_capable on INIT collisions
CVE-2014-5206: 25c1def33a2f74079f3062b7afdf98fcf9f34e6d mnt: Only change user settable mount flags in remount
CVE-2014-5207: 8b18c0adbc5d0cb1530692e72bcfb88fd7bb77bb mnt: Correct permission checks in do_remount
CVEs fixed in 3.12.28:
CVE-2014-3182: 2ae8a66674a4cd7f2cfee757ee29cb63dce755fe HID: logitech: perform bounds checking on device_id early enough
CVE-2014-3184: 1f78f21b43f2c69f2ea06ed35b77759d000dd2b4 HID: fix a couple of off-by-ones
CVE-2014-3601: e35b1e9f17e0567f96502f3a2a31dace727ed3da kvm: iommu: fix the third parameter of kvm_iommu_put_pages (CVE-2014-3601)
CVE-2014-5471: e4ca8b780c82c04ec03fcd05d9e3f92fc6de6347 isofs: Fix unbounded recursion when processing relocated directories
CVE-2014-5472: e4ca8b780c82c04ec03fcd05d9e3f92fc6de6347 isofs: Fix unbounded recursion when processing relocated directories
CVEs fixed in 3.12.29:
CVE-2014-3185: b3d60c320f6597c2be0bcf580cf8093c12c4555f USB: whiteheat: Added bounds checking for bulk command response
CVE-2014-6416: 0884f8d4139431deb0b98ba0d6fb2d17e2c25c84 libceph: do not hard code max auth ticket len
CVE-2014-6417: 0884f8d4139431deb0b98ba0d6fb2d17e2c25c84 libceph: do not hard code max auth ticket len
CVE-2014-6418: 0884f8d4139431deb0b98ba0d6fb2d17e2c25c84 libceph: do not hard code max auth ticket len
CVEs fixed in 3.12.31:
CVE-2014-3181: ae81c27a53af5310f1fe47e9252146d79ab3157d HID: magicmouse: sanity check report size in raw_event() callback
CVE-2014-3186: 2dffad6784f0c5f10727a20a333db11eef0b572a HID: picolcd: sanity check report size in raw_event() callback
CVE-2014-6410: 8ec4e9789b8b4c05ee979daad2a27088e29fac5d udf: Avoid infinite loop when processing indirect ICBs
CVEs fixed in 3.12.32:
CVE-2014-4608: 4277fc429c1ae9f815aa4e5713514d952032f2fa lzo: check for length overrun in variable length encoding.
CVE-2014-7975: 8d9c8c3980a85d79db13c5ce4bb118fef32d4f50 fs: Add a missing permission check to do_umount
CVEs fixed in 3.12.33:
CVE-2014-3610: 7e60cb9b5f7ad5a47404db9e7a974ab82a054544 KVM: x86: Check non-canonical addresses upon WRMSR
CVE-2014-3611: 5671c6a9229edd1b1587b4ea1014d540a7e74797 KVM: x86: Improve thread safety in pit
CVE-2014-3646: 5838e85ea0a3c77a83465dfd87257f96d0ceb6ae kvm: vmx: handle invvpid vm exit gracefully
CVE-2014-3647: a20e81cb2b2b8aebdca9d11b6fa2133f1b97251d KVM: x86: Emulator fixes for eip canonical checks on near branches
CVE-2014-7825: abc07cd01c51fb54088c6bc8ee654d104a5ec7d9 tracing/syscalls: Ignore numbers outside NR_syscalls' range
CVE-2014-7826: abc07cd01c51fb54088c6bc8ee654d104a5ec7d9 tracing/syscalls: Ignore numbers outside NR_syscalls' range
CVE-2014-7970: 365446fe1c7bf1b481cedfb9e50cfc8a86fdde89 mnt: Prevent pivot_root from creating a loop in the mount tree
CVE-2014-8884: 482c6cb2dfb40838d67b0ba844b4b3d0af0f3d20 ttusb-dec: buffer overflow in ioctl
CVEs fixed in 3.12.34:
CVE-2014-3673: bbd951a21e0fd555cd9ede44c7196af09d04d171 net: sctp: fix skb_over_panic when receiving malformed ASCONF chunks
CVE-2014-3687: a723db0be941b8aebaa1a98b33d17a91b16603e4 net: sctp: fix panic on duplicate ASCONF chunks
CVE-2014-3688: e476841415c1b7b54e4118d8a219f5db71878675 net: sctp: fix remote memory pressure from excessive queueing
CVE-2014-7841: 4008f1dbe6fea8114e7f79ed2d238e369dc9138f net: sctp: fix NULL pointer dereference in af->from_addr_param on malformed packet
CVE-2014-7842: 7e1ebf020aff9b3e4c0d52e8ace6e3278e8f8762 KVM: x86: Don't report guest userspace emulation error to userspace
CVE-2014-7843: beb762ba2a940ce1f87a03b1c5820ce2d433db6e arm64: __clear_user: handle exceptions on strb
CVEs fixed in 3.12.35:
CVE-2014-9090: e40598270a40040461c8b8d3a8656d54fb59b9cd x86_64, traps: Stop using IST for #SS
CVE-2014-9322: e40598270a40040461c8b8d3a8656d54fb59b9cd x86_64, traps: Stop using IST for #SS
CVEs fixed in 3.12.36:
CVE-2014-8133: 107436a25547580118fd93e5aaf808f6b533b639 x86/tls: Validate TLS entries to protect espfix
CVE-2014-8134: a82297838bb23d83795661c55a6b9494c05ac68d x86, kvm: Clear paravirt_enabled on KVM guests for espfix32's benefit
CVE-2014-8989: ae254fcf53097d6d83502c1a75366c7e4eface8b userns: Don't allow setgroups until a gid mapping has been setablished
CVE-2014-9420: fbce0d7dc8965c9fb8d411862040239d4a768c71 isofs: Fix infinite looping over CE entries
CVE-2014-9584: 2329c797a9dc66982946026cbc1783e072ab8e33 isofs: Fix unchecked printing of ER records
CVE-2014-9683: 8ffea99d6f2be99790611282f326da95a84a8cab eCryptfs: Remove buggy and unnecessary write in file name decode routine
CVEs fixed in 3.12.37:
CVE-2013-7421: 7f655881c786824340b0bee70f9738e10d427494 crypto: prefix module autoloading with "crypto-"
CVE-2014-8559: 4b2f6663ebde6bed50209a05041b34c203116253 move d_rcu from overlapping d_child to overlapping d_alias
CVE-2014-9529: 1bb0aca1e0881dfd34a6f39fd44e1e995fc302a1 KEYS: close race between key lookup and freeing
CVE-2014-9585: 0c9312164d6e069707dd96a001849f4b853c546d x86_64, vdso: Fix the vdso address randomization algorithm
CVE-2014-9644: f753253c2c19423b0d6743ca9eae725549299245 crypto: include crypto- module prefix in template
CVEs fixed in 3.12.38:
CVE-2014-3690: 2e70fb5dcbaec195febf1eee3b96e8b47e432c35 x86,kvm,vmx: Preserve CR4 across VM entry
CVE-2014-9728: 4ff6c40be897225cf818c5202871cfb91ed064f6 udf: Verify i_size when loading inode
CVE-2014-9729: 4ff6c40be897225cf818c5202871cfb91ed064f6 udf: Verify i_size when loading inode
CVE-2014-9730: c94011ac6ae0bbfc8966ec256ad7b1bf30feaeec udf: Check component length before reading it
CVE-2014-9731: ebfce5ccba81292a5e34710a602117769118fa9a udf: Check path length when reading symlink
CVE-2015-1421: 43e39c2f63240f67a67b4060882f67dac1a6f339 net: sctp: fix slab corruption from use after free on INIT collisions
CVEs fixed in 3.12.39:
CVE-2014-7822: d7e3ae47c441894b11dce376ff8d110780872d0d ->splice_write() via ->write_iter()
CVE-2015-1593: 5fb6f0aa14db88c62ca141279ab71f20d6814788 x86, mm/ASLR: Fix stack randomization on 64-bit systems
CVE-2015-2830: 93ba6108cd76089d6ae16abec65ade5b11546d76 x86/asm/entry/64: Remove a bogus 'ret_from_fork' optimization
CVEs fixed in 3.12.40:
CVE-2014-2568: 1674b4bf3eea3cac51b70778e89f8025f7cfe695 core, nfqueue, openvswitch: Orphan frags in skb_zerocopy and handle errors
CVE-2015-2150: f82a9cff66e3158a3f86706ff55feba2b22ec8cb xen-pciback: limit guest control of command register
CVE-2015-2666: c5988181af3b41381c4d20e08ca6852f99f95417 x86/microcode/intel: Guard against stack overflow in the loader
CVE-2015-3331: 0585664d17325265ea7cc51aa4f1ff492972b611 crypto: aesni - fix memory usage in GCM decryption
CVE-2016-0823: 91e9d77039485b57ddf632638acc0a968a39b856 pagemap: do not leak physical addresses to non-privileged userspace
CVEs fixed in 3.12.41:
CVE-2014-8159: f6094cbab915952132434cc50d738c2976cb4457 IB/uverbs: Prevent integer overflow in ib_umem_get address arithmetic
CVE-2014-8160: 2fb11da9d9016f6c0a4fcb99b8ebd63495c79005 netfilter: conntrack: disable generic tracking for known protocols
CVE-2015-0239: 4483ef98b020b9d4cdafef95ee84b18eaccea61a KVM: x86: SYSENTER emulation is broken
CVE-2015-2041: 553dd569ff29bc38cebbf9f9dd7c791863ee9113 net: llc: use correct size for sysctl timeout entries
CVE-2015-2042: b4482b533bfb54232f31d72c8ab70c1400385040 net: rds: use correct size for max unacked packets and bytes
CVE-2015-2922: ac12ff18b11259e10c2d543aa58c73ff88a68e77 ipv6: Don't reduce hop limit for an interface
CVE-2015-3332: 221ff9c56696e9e02d39ecb844528ebb4f8abf0f tcp: Fix crash in TCP Fast Open
CVEs fixed in 3.12.43:
CVE-2014-8173: 5f30307e19b93df1e80b073b15967f53850ad33d mm: Fix NULL pointer dereference in madvise(MADV_WILLNEED) support
CVE-2015-3339: 5176b77f1aacdc560eaeac4685ade444bb814689 fs: take i_mutex during prepare_binprm for set[ug]id executables
CVE-2015-3636: 8a9a51ba2eff62e1a899daad7b623becfed8f3f1 ipv4: Missing sk_nulls_node_init() in ping_unhash().
CVE-2015-6526: d15e6bc4606b27f53ef70a99d05690fa5a0e6c45 powerpc/perf: Cap 64bit userspace backtraces to PERF_MAX_STACK_DEPTH
CVE-2017-1000253: b255044d68f190693d799263eb4dab66813f2de9 fs/binfmt_elf.c: fix bug in loading of PIE binaries
CVEs fixed in 3.12.44:
CVE-2015-1420: 330c542ff8f659055de1992935abaa18b121379e vfs: read file_handle only once in handle_to_path
CVE-2015-4036: 266ed50f2a81a882d54c4ff7452bca370f396bae vhost/scsi: potential memory corruption
CVE-2015-4177: 6ab282fe6d43027b3b1ef820b3798aae8fdb432b mnt: Fail collect_mounts when applied to unmounted mounts
CVE-2015-4700: 0fa9520e7b08f00138cf9a4a95d066492cbcc18d x86: bpf_jit: fix compilation of large bpf programs
CVE-2015-5364: a97b54dd69cb05df4c57f5d5b40c761f7835ce4e udp: fix behavior of wrong checksums
CVE-2015-5366: a97b54dd69cb05df4c57f5d5b40c761f7835ce4e udp: fix behavior of wrong checksums
CVEs fixed in 3.12.45:
CVE-2014-8172: 0da9ac29cddaaf0911fbeaf46e7b4e155cdc792e get rid of s_files and files_lock
CVE-2014-9710: a873146ce4fb025c0b5c1322af5a6bad042f5363 Btrfs: make xattr replace operations atomic
CVE-2015-3212: bee9ad8fe88affc985755c97511637a8672b0fb2 sctp: fix ASCONF list handling
CVE-2015-4002: b042a31d19ad9780c3eba768eef8db5a8c048653 ozwpan: Use proper check to prevent heap overflow
CVE-2015-4003: 31c39eb8bdf7226a472d910f36ae7a2f3cbace85 ozwpan: divide-by-zero leading to panic
CVE-2015-4167: aa826bb1953a0a40b460e053efcf9c5f8cab554b udf: Check length of extended attributes and allocation descriptors
CVEs fixed in 3.12.46:
CVE-2015-4692: cda28549b632e62f662ce15242b7266cce90c128 kvm: x86: fix kvm_apic_has_events to check for NULL pointer
CVE-2015-5707: aba300b9c26f063efcaee374e54264c79a611f22 sg_start_req(): make sure that there's not too many elements in iovec
CVE-2015-9289: da0f41c912a624883a79ff47321b0e9f76d7f27a cx24116: fix a buffer overflow when checking userspace params
CVEs fixed in 3.12.47:
CVE-2015-3288: bf653833fc72668cadcb1f54310f3d0bd6b36393 mm: avoid setting up anonymous pages into file mapping
CVE-2015-3290: e0de15fc45a83f94d1ef578f54b427b86a33ab21 x86/nmi/64: Switch stacks on userspace NMI entry
CVE-2015-5157: e0de15fc45a83f94d1ef578f54b427b86a33ab21 x86/nmi/64: Switch stacks on userspace NMI entry
CVE-2015-5697: 6578b22cd80381c9fbab152e1ababd8bfce8b5d0 md: use kzalloc() when bitmap is disabled
CVE-2015-5706: da59de4cfa5f3562d02fcbc24fe96a08aebea628 path_openat(): fix double fput()
CVE-2015-6252: a5b3343b05e58b8f8ce7481426f89c048229b50d vhost: actually track log eventfd file
CVEs fixed in 3.12.49:
CVE-2015-2925: b32388c040d559d26feef31fa02b4119c76be474 dcache: Handle escaped paths in prepend_path
CVE-2015-3291: 864c198bbd4e091577602ad42016ccc835af3b93 x86/nmi/64: Use DF to avoid userspace RSP confusing nested NMI detection
CVE-2015-5283: 540a0bd97d4e790b9526e266c22f4c12cf732a1f sctp: fix race on protocol/netns initialization
CVEs fixed in 3.12.50:
CVE-2015-5257: c43eff0a37cc308eab7489701ced35afd4d491d9 USB: whiteheat: fix potential null-deref at probe
CVE-2015-7613: 89c7ab1494f614bf8323490c79d4a562e90db61b Initialize msg/shm IPC objects before doing ipc_addid()
CVE-2015-8019: 3e1ac3aafbd0cf1f7c81cb7099a8a1d0407e021d net: add length argument to skb_copy_and_csum_datagram_iovec
CVEs fixed in 3.12.51:
CVE-2015-5156: 7c11e86ec40e52468fe65acf89c6da7a6d833a44 virtio-net: drop NETIF_F_FRAGLIST
CVE-2015-5307: 0ccaee7be83eb288e8baacf6eebd4d8b8593f462 KVM: x86: work around infinite loop in microcode when #AC is delivered
CVE-2015-6937: 2a3466123f0cb310c2201f0ae4ad3f72905b061b RDS: verify the underlying transport exists before creating a connection
CVE-2015-7872: bd6e04696299ce030e8650a96151fe383c431dce KEYS: Fix crash when attempt to garbage collect an uninstantiated keyring
CVE-2015-8104: 4c6a0e0edfe824edd777a496f46817b4fb465cbd KVM: svm: unconditionally intercept #DB
CVE-2015-8215: 49f9add06964fe16997aa34099e7bb31c39b0314 ipv6: addrconf: validate new MTU before applying it
CVEs fixed in 3.12.52:
CVE-2013-7446: 9964b4c4ee925b2910723e509abd7241cff1ef84 unix: avoid use-after-free in ep_remove_wait_queue
CVE-2015-8543: 0295617f822f630711f5af03316d3cbda6e737d4 net: add validation for the socket syscall protocol argument
CVE-2015-8569: d470ffbe3fe914d176ced4cf330a297c523c5711 pptp: verify sockaddr_len in pptp_bind() and pptp_connect()
CVE-2015-8575: 1d9e57809a93e4083d2b898126ed2165f5200d60 bluetooth: Validate socket address length in sco_sock_bind().
CVE-2016-3841: 71781d1f85bc02bcdb29b18e9e76f1d49118ddc8 ipv6: add complete rcu protection around np->opt
CVEs fixed in 3.12.53:
CVE-2015-7515: a7c0ba06670f99c252d5bb74258dddbf50fef837 Input: aiptek - fix crash on detecting device without endpoints
CVE-2015-7550: 2d783600fdeafa5d7e5079c7aa79212116f60e51 KEYS: Fix race between read and revoke
CVE-2015-7799: a4c5c2262fc842e0323043a23a84be706760d628 isdn_ppp: Add checks for allocation failure in isdn_ppp_open()
CVE-2015-7885: 39c9944afb08c26ff36ae1967497d44fcf5a87ed staging/dgnc: fix info leak in ioctl
CVE-2015-8767: 6b1a4c8425acde6b3725e9ca5dc7af544c656fda sctp: Prevent soft lockup when sctp_accept() is called during a timeout event
CVE-2016-0728: 6849cd97b0511913e17ef8bb53bd5558c4b51fc8 KEYS: Fix keyring ref leak in join_session_keyring()
CVE-2016-10229: c3bfbecb1bb575278ce4812746a29c04875a2926 udp: properly support MSG_PEEK with truncated buffers
CVEs fixed in 3.12.54:
CVE-2015-8844: e9214d1047a5f215b2275ba6374fb076b9c73245 powerpc/tm: Block signal return setting invalid MSR state
CVE-2016-2543: 2e17cb8c3553b2d61d9d70344bbec8a82c56e7d7 ALSA: seq: Fix missing NULL check at remove_events ioctl
CVE-2016-2544: 49386ca9bcb24608ed22e19fb61599e6049f8a44 ALSA: seq: Fix race at timer setup and close
CVE-2016-2545: d8f5adeeed06acd63b93bc757a7e09adc8c33e64 ALSA: timer: Fix double unlink of active_list
CVE-2016-2546: 7210b17187111e20afca4b4e30a31fa13c71a61b ALSA: timer: Fix race among timer ioctls
CVE-2016-2547: 6e74b2deb63c48ddcd318b6c3d69f4f503e65d18 ALSA: timer: Harden slave timer list handling
CVE-2016-2548: 6e74b2deb63c48ddcd318b6c3d69f4f503e65d18 ALSA: timer: Harden slave timer list handling
CVE-2016-2549: 30e269d8d1af5ab11e613eab94af33693e95ade6 ALSA: hrtimer: Fix stall by hrtimer_cancel()
CVE-2016-8646: 231304036a751d3b6bd736fc81d3b8037d87350d crypto: algif_hash - Only export and import on sockets with data
CVEs fixed in 3.12.55:
CVE-2015-7566: c88ff183d8a3b3599394885f458b40eb838c0850 USB: serial: visor: fix crash on detecting device without write_urbs
CVE-2015-8785: affc1b9e84738b96f2e4e24a6fc95e09ef9a7b4b fuse: break infinite loop in fuse_fill_write_pages()
CVE-2015-8970: 82a0aa2c08de674191cf5e99b649af145c5ade25 crypto: algif_skcipher - Require setkey before accept(2)
CVE-2016-0723: 4e6d2e76232ae19658064746fd5e5d800b8b5964 tty: Fix unsafe ldisc reference via ioctl(TIOCGETD)
CVE-2016-2384: 563b627dbd698b2ae2f385718f1682ec20a51119 ALSA: usb-audio: avoid freeing umidi object twice
CVEs fixed in 3.12.56:
CVE-2015-8812: aec2e8966c788ccb1d7beed3401adfb470676877 iw_cxgb3: Fix incorrectly returning error on success
CVE-2021-20265: 45c4c852c8ab5fb7e879892afa665dc47e55956d af_unix: fix struct pid memory leak
CVEs fixed in 3.12.57:
CVE-2013-4312: 3d024dcef2548028e9f9b7876a544e6e0af00175 unix: properly account for FDs passed over unix sockets
CVE-2015-8551: 0842f7d8a78ff7f9c3a176abaa620a220fc82e75 xen/pciback: Return error on XEN_PCI_OP_enable_msi when device has MSI or MSI-X enabled
CVE-2015-8552: 0842f7d8a78ff7f9c3a176abaa620a220fc82e75 xen/pciback: Return error on XEN_PCI_OP_enable_msi when device has MSI or MSI-X enabled
CVE-2015-8553: bb7aa305af0fd136dde25ad65ec0d3279d809d8b xen/pciback: Don't allow MSI-X ops if PCI_COMMAND_MEMORY is not set.
CVEs fixed in 3.12.58:
CVE-2015-8550: 120b649bd2f6699ed56dfa93c4a8b070babe9984 xen: Add RING_COPY_REQUEST()
CVE-2015-8816: a706ac408da4994438d995d2cf4d2f7943086ca4 USB: fix invalid memory access in hub_activate()
CVE-2016-2143: bf06b31b00b2bc7427e567c67d11c01513044557 s390/mm: four page table levels vs. fork
CVE-2016-2184: 3b8dbf6b7b4e4fd1274fe2e5b04eda5a3394c543 ALSA: usb-audio: Fix NULL dereference in create_fixed_stream_quirk()
CVE-2016-2185: ca216547bc4a3e7d73043f4d9b42d6461cf3067f Input: ati_remote2 - fix crashes on detecting device with invalid descriptor
CVE-2016-2186: 4f5d9400a57200b8a9f6a683a7beadd159ac09e1 Input: powermate - fix oops with malicious USB descriptors
CVE-2016-2782: d53a0262f6738c81193e000b2975a7183be521f3 USB: visor: fix null-deref at probe
CVE-2016-3136: f9dbb3666b3ddb5f9a7e44a433383cb6880a03f5 USB: mct_u232: add sanity checking in probe
CVE-2016-3137: 4a77ba7a4e8567821f3e77054f23b3daade25999 USB: cypress_m8: add endpoint sanity check
CVE-2016-3138: f475db149d75bf100084a813ce9e1e9f4fa508e7 USB: cdc-acm: more sanity checking
CVE-2016-3140: cd4d737344639d7225d0232ec99a1b833d7e2324 USB: digi_acceleport: do sanity checking for the number of ports
CVE-2016-3156: 5cc4ff312ac06ee4c49801f5b288c1118c3e5785 ipv4: Don't do expensive useless work during inetdev destroy.
CVE-2016-3157: a2a4370a312ac4793b165768f8fc69495b05b23e x86/iopl/64: Properly context-switch IOPL on Xen PV
CVE-2016-3689: b18626baf7a8b5bef098204516641b0701419d85 Input: ims-pcu - sanity check against missing interfaces
CVE-2016-9685: 36f5207148d48433625966162d03f804d81e1a23 xfs: fix two memory leaks in xfs_attr_list.c error paths
CVEs fixed in 3.12.59:
CVE-2015-7513: e31a2100a342288b665c31af0a5f01e794866cda KVM: x86: Reload pit counters for all channels when restoring state
CVE-2016-2085: afe5a791d374e50a06ada7f4eda4e921e1b77996 EVM: Use crypto_memneq() for digest comparisons
CVE-2016-2847: 2a032e307d35402306c6464537b8bc6a0a3ac91d pipe: limit the per-user amount of pages allocated in pipes
CVE-2016-3134: 9192d640a3917d7daf313795b4b7fc6329b3f6e5 netfilter: x_tables: fix unconditional helper
CVE-2016-3951: f0592d355da50713a25c943a08142363237f1a41 cdc_ncm: do not call usbnet_link_change from cdc_ncm_bind
CVE-2016-3955: 3b86e790417645fa899ed658a8e17f6832cf3936 USB: usbip: fix potential out-of-bounds write
CVE-2016-4805: 736a17fe375978bce54cff359a3f76fb2676f872 ppp: take reference on channels netns
CVE-2016-7117: 2c7a8d368b3bef1cf97ea000ba0c07b27562af15 net: Fix use after free in the recvmmsg exit path
CVEs fixed in 3.12.60:
CVE-2016-0758: 012d81589afb85807b7ebe72f3505d90f34aa265 KEYS: Fix ASN.1 indefinite length object parsing
CVE-2016-0821: c7ecfa39d66c62ee662ae6906a2eec3d28a96e6a include/linux/poison.h: fix LIST_POISON{1,2} offset
CVE-2016-2117: 59e126bf0fefcc03f309d3893a921637064fc2ee atl2: Disable unimplemented scatter/gather feature
CVE-2016-2187: 8c29c640402a7baf7fa9a31cd5bda288090a19ac Input: gtco - fix crash on detecting device without endpoints
CVE-2016-4485: 734b9658068b9b2ecb3aff06e125a66e02306386 net: fix infoleak in llc
CVE-2016-4486: 3248734d04fe4140b66aca5ce0372d7eae093293 net: fix infoleak in rtnetlink
CVE-2016-4580: aeb14f1738e3c6a703213cb103e0f89f143bd276 net: fix a kernel infoleak in x25 module
CVE-2016-4913: 7721094c03d1caad50b04eb60b06369b8a2e52d3 get_rock_ridge_filename(): handle malformed NM entries
CVE-2016-7916: cdfaba237820a99bad60d947530725151a611ca0 proc: prevent accessing /proc/<PID>/environ until it's ready
CVEs fixed in 3.12.61:
CVE-2016-4565: 0ab923b3982c323bd95e63a9b93dc65d1aebb94f IB/security: Restrict use of the write() interface
CVE-2016-9754: 5feada97176f05f92088911fa807d30445c6a0c6 ring-buffer: Prevent overflow of size in ring_buffer_resize()
CVEs fixed in 3.12.62:
CVE-2014-9904: 9deea4ddcc8f6b9708075aa307042c43b4fde732 ALSA: compress: fix an integer overflow check
CVE-2016-4470: 8c903c052ddf107cdbf4e0ccb54ad20be75c899f KEYS: potential uninitialized variable
CVE-2016-4482: fd0d40b9370853c02102c22b91ff7c3cd1077e8b USB: usbfs: fix potential infoleak in devio
CVE-2016-4569: 16e5f4c6ea671ffce2ee49e308c1e812144547d2 ALSA: timer: Fix leak in SNDRV_TIMER_IOCTL_PARAMS
CVE-2016-4578: 640b1f79615c2b7dfba517aba7a8164c489da10c ALSA: timer: Fix leak in events via snd_timer_user_ccallback
CVE-2016-4997: 1812c704ac70a37c06f239d7c06fd4331a25c779 netfilter: x_tables: check for bogus target offset
CVE-2016-4998: 1812c704ac70a37c06f239d7c06fd4331a25c779 netfilter: x_tables: check for bogus target offset
CVE-2016-5244: 3360c51768c3c589e7db3f2a4308b729ebcc7bae rds: fix an infoleak in rds_inc_info_copy
CVE-2016-5829: 5b9003297640242a33bb325f57ac60359ed0be43 HID: hiddev: validate num_values for HIDIOCGUSAGES, HIDIOCSUSAGES commands
CVE-2016-9806: 461dbb3855305ad7e841799ef573d6fc2abf6ed3 netlink: Fix dump skb leak/double free
CVEs fixed in 3.12.63:
CVE-2016-2069: aa8f21d06e61b029341c51b17edd68ba15fe0e47 x86/mm: Add barriers and document switch_mm()-vs-flush synchronization
CVE-2016-3070: 2c789028e7390ca050752f659a82c6cdad357b67 mm: migrate dirty page without clear_page_dirty_for_io etc
CVE-2016-3857: 3d207c4c414adc515aa666f2b010f6e85c5528a7 arm: oabi compat: add missing access checks
CVE-2016-5696: 56d86b8ad437e6c19dcade9ff7c3d9c0522df6f3 tcp: make challenge acks less predictable
CVE-2016-7910: 8b85bc8b9e08482c7450b83e0a85532d8d87da49 block: fix use-after-free in seq file
CVEs fixed in 3.12.64:
CVE-2016-6130: 6ec8ba03f408beac5bad1e9ec06c8a90b373f3ac s390/sclp_ctl: fix potential information leak with /dev/sclp
CVE-2016-6480: bcc85e09fc60d2e99053eae3fd0515c343189375 aacraid: Check size values after double-fetch from user
CVE-2016-6828: 1f25ea564d810767b4ce3302530156dd5ddaa0f4 tcp: fix use after free in tcp_xmit_retransmit_queue()
CVE-2016-9178: d42924ab1ec523c0671f5560d51750996be31d3a fix minor infoleak in get_user_ex()
CVEs fixed in 3.12.65:
CVE-2016-6327: 979f1b7344634315d895025b53b002896057c09d IB/srpt: Simplify srpt_handle_tsk_mgmt()
CVE-2017-15102: 55b6c165bdf9b2808137cc5d49066e8a5344622a usb: misc: legousbtower: Fix NULL pointer deference
CVEs fixed in 3.12.66:
CVE-2016-5195: f949fcd7414197b8e04b07c480d36bc39332ff7b mm: remove gup_flags FOLL_WRITE games from __get_user_pages()
CVE-2016-8658: bfce0a403535f6071a08d6365b8c4b3cfeba2d67 brcmfmac: avoid potential stack overflow in brcmf_cfg80211_start_ap()
CVEs fixed in 3.12.67:
CVE-2016-7425: e50a611253c70bdb3fad29b7a3411c3b1237cc8e scsi: arcmsr: Buffer overflow in arcmsr_iop_message_xfer()
CVEs fixed in 3.12.68:
CVE-2015-8964: e1a77178a3ecee0f5e70568e9ddb99bd7d0c5ee7 tty: Prevent ldisc drivers from re-using stale tty fields
CVE-2015-9004: 5e08a111b0a076648039fb2a08d6e101a6af9388 perf: Tighten (and fix) the grouping condition
CVE-2016-3961: b0363263e57199808d17e597df74cbdb28abbe55 x86/mm/xen: Suppress hugetlbfs in PV guests
CVE-2016-7042: cd93b7f830c1fa1cb35146c701ce8eecb2b19c44 KEYS: Fix short sprintf buffer in /proc/keys show function
CVE-2016-8633: 488c5d8218f38a4c6aa90a65b81492e868a251fd firewire: net: guard against rx buffer overflows
CVE-2016-8645: 9edbcfdced9628dfdc6dc54d625e571aef81a8a5 tcp: take care of truncations done by sk_filter()
CVE-2016-9555: fb77271c550e1414597dfac77202d85bd866f0a9 sctp: validate chunk len before actually using it
CVEs fixed in 3.12.69:
CVE-2016-10200: c20932ae0d412f1aabf3514891cdd6ae6a08ae01 l2tp: fix racy SOCK_ZAPPED flag check in l2tp_ip{,6}_bind()
CVE-2016-8650: 18fb7a8fb3d55275fc17f4ff5c7e34dd2b6d74e5 mpi: Fix NULL ptr dereference in mpi_powm()
CVE-2016-8655: c80480c4ad5208431a7fb003472bd576bbe6ebb7 packet: fix race condition in packet_set_ring
CVE-2016-9793: 40c753f1714416931dc093b960aa3fcac4a545c5 net: avoid signed overflows for SO_{SND|RCV}BUFFORCE
CVE-2016-9794: 3af0be0536e71b0ed55620aca65f9144bf2c1088 ALSA: pcm : Call kill_fasync() in stream lock
CVEs fixed in 3.12.70:
CVE-2015-8962: 969541196ff043df0bde0c4beae9d83185ea3d81 sg: Fix double-free when drives detach during SG_IO
CVE-2016-10088: 7eb9e6472cbdd8e2df774ae91531c8959e21dbbc sg_write()/bsg_write() is not fit to be called under KERNEL_DS
CVE-2016-7097: a88a2be387d1d8a5843826e12009c79e32fb46c8 posix_acl: Clear SGID bit when setting file permissions
CVE-2016-7911: 075030bd3251283bd380b60eeecc8e4ba8778f22 block: fix use-after-free in sys_ioprio_get()
CVE-2016-7913: 74e3d04ca992bedac5080ed1a817fabf71667210 xc2028: avoid use after free
CVE-2016-9083: e4f13c5f27d6bfb2fea565d346273b0c74023ae6 vfio/pci: Fix integer overflows, bitmask check
CVE-2016-9084: e4f13c5f27d6bfb2fea565d346273b0c74023ae6 vfio/pci: Fix integer overflows, bitmask check
CVE-2016-9191: baa7295e1d686a443c0c23156b0bc9058d783aa4 sysctl: Drop reference added by grab_header in proc_sys_readdir
CVE-2016-9588: aaa9f982f5dc0a64bcc6d83cc78e690c757bcad8 kvm: nVMX: Allow L1 to intercept software exceptions (#BP and #OF)
CVE-2017-2583: f043f20c055e3485fb82e0955a9f94f50cdffe15 KVM: x86: fix emulation of "MOV SS, null selector"
CVE-2017-2584: 544a81ed7dc176f400e2272595ac02f2791385a8 KVM: x86: Introduce segmented_write_std
CVE-2017-5549: 9ed06d4fa06cce8f37637771000f0eded3a6d572 USB: serial: kl5kusb105: fix line-state error handling
CVE-2017-5551: b0369e53c851f8cd87afd059d360a4f646840c8c tmpfs: clear S_ISGID when setting posix ACLs
CVE-2017-7273: 5bc00ccfce098d09c1aa097806660d9709fbe956 HID: hid-cypress: validate length of report
CVE-2017-7495: 10de8b686e90eb57066cf4d04d7ddbc54b4f1833 ext4: fix data exposure after a crash
CVEs fixed in 3.12.71:
CVE-2016-10208: bb878bdeaf6c48268322c2e4bdef0879902867aa ext4: validate s_first_meta_bg at mount time
CVE-2016-8405: 63f6df889c8eff7d9455659941b615a428d6a7b4 fbdev: color map copying bounds checking
CVE-2017-2618: 8f52584d2277df36b41b45d0caa716640d562e09 selinux: fix off-by-one in setprocattr
CVE-2017-5897: 1ae4b12d7643d9bdde764ef671440a8eaf6cfd55 ip6_gre: fix ip6gre_err() invalid reads
CVE-2017-5970: e5a82d662d35933e5511c0280e8513d38d9d4fa0 ipv4: keep skb->dst around in presence of IP options
CVE-2017-5986: 7a814bf5fc8b6738af64bc05d824a22d269962c6 sctp: avoid BUG_ON on sctp_wait_for_sndbuf
CVE-2017-6074: 336d459d464a2d23b5df724ae5fb5cd92bc9074c dccp: fix freeing skb too early for IPV6_RECVPKTINFO
CVE-2017-6214: 917c66630a6ab8a71464c9d57ea6fe14eca9b9fa tcp: avoid infinite loop in tcp_splice_read()
CVE-2017-6345: c112a93ae0bf3906150d3c7badd8ccc2708ad031 net/llc: avoid BUG_ON() in skb_orphan()
CVE-2017-6346: 6d46193d7ccae0758a8e887a6897a3e133eb9610 packet: fix races in fanout_add()
CVE-2017-6348: 7132afee391a91d58daa332e1851f1139889b0e3 irda: Fix lockdep annotations in hashbin_delete().
CVEs fixed in 3.12.72:
CVE-2017-2636: 63075fbddd5151d2e98fa7cf0608a2113e23607d tty: n_hdlc: get rid of racy n_hdlc.tbuf
CVE-2017-5669: afa870b96a40e523f96130beeef6cdc51de4e8d9 ipc/shm: Fix shmat mmap nil-page protection
CVE-2017-6353: 8aee8e6c2f0e8a9531a98a227e112fd4835a1881 sctp: deny peeloff operation on asocs with threads sleeping on it
CVEs fixed in 3.12.73:
CVE-2016-2188: 793b927173199800010a37da93c92e603a1136ce USB: iowarrior: fix NULL-deref at probe
CVE-2017-7184: be4f4140ab3e8d4142f47c79b0a29f0ec53540b5 xfrm_user: validate XFRM_MSG_NEWAE XFRMA_REPLAY_ESN_VAL replay_window
CVE-2017-8924: ef598b806384182a74f2aa9bc24a0284faf3940e USB: serial: io_ti: fix information leak in completion handler
CVE-2017-8925: 5b6983c42e4406e92b51a705c24190e1054cb60d USB: serial: omninet: fix reference leaks at open
CVEs fixed in 3.12.74:
CVE-2016-9604: 7c46e24ef54c73c7db075d3ff4df0d3b996ac759 KEYS: Disallow keyrings beginning with '.' to be joined as session keyrings
CVE-2017-2647: 716aa8781692706c78bea54b1efd4269d15d4071 KEYS: Remove key_type::match in favour of overriding default by match_preparse
CVE-2017-2671: 10e710684943bfd0653d7f0bcf430cdaf25a0d2f ping: implement proper locking
CVE-2017-6951: 716aa8781692706c78bea54b1efd4269d15d4071 KEYS: Remove key_type::match in favour of overriding default by match_preparse
CVE-2017-7261: 13a6a971c9165237531c2870da03084a6becc905 drm/vmwgfx: NULL pointer dereference in vmw_surface_define_ioctl()
CVE-2017-7294: e7fea2a4fa3719517f9a48389e7f3c8b1cc8c299 drm/vmwgfx: fix integer overflow in vmw_surface_define_ioctl()
CVE-2017-7308: 0a39eb8a881e83154aadacc36fc8bda8258f1991 net/packet: fix overflow in check for priv area size
CVE-2017-7472: e5b32c157bdd74cb0b402506c647222e59c6c11c KEYS: fix keyctl_set_reqkey_keyring() to not leak thread keyrings
CVE-2017-7616: 9840e8fb9edaa9a930eb6f922f61cfbf91073c51 mm/mempolicy.c: fix error handling in set_mempolicy and mbind.
CVE-2017-7645: 7a6875988a7fce567e4ee22481d6e7dd82a33eff nfsd: check for oversized NFSv2/v3 arguments
CVE-2017-7889: 59546b98395d875f4f85cb1cbac0b5396e3ffe45 mm: Tighten x86 /dev/mem with zeroing reads
CVE-2017-8064: 03662cd00e03d0fe34f9f91217313a4544b71c60 dvb-usb-v2: avoid use-after-free
Outstanding CVEs:
CVE-2005-3660: (unk)
CVE-2007-3719: (unk)
CVE-2008-2544: (unk)
CVE-2008-4609: (unk)
CVE-2010-4563: (unk)
CVE-2010-5321: (unk)
CVE-2011-4916: (unk)
CVE-2011-4917: (unk)
CVE-2012-4542: (unk)
CVE-2013-7445: (unk)
CVE-2014-1874: (unk) SELinux: Fix kernel BUG on empty security contexts.
CVE-2014-3180: (unk) compat: nanosleep: Clarify error handling
CVE-2014-4027: (unk) target/rd: Refactor rd_build_device_space + rd_release_device_space
CVE-2014-4943: (unk) net/l2tp: don't fall back on UDP [get|set]sockopt
CVE-2014-7145: (unk) [CIFS] Possible null ptr deref in SMB2_tcon
CVE-2014-9419: (unk) x86_64, switch_to(): Load TLS descriptors before switching DS and ES
CVE-2014-9717: (unk) mnt: Update detach_mounts to leave mounts connected
CVE-2014-9803: (unk) Revert "arm64: Introduce execute-only page access permissions"
CVE-2014-9888: (unk) ARM: dma-mapping: don't allow DMA mappings to be marked executable
CVE-2014-9922: (unk) fs: limit filesystem stacking depth
CVE-2014-9940: (unk) regulator: core: Fix regualtor_ena_gpio_free not to access pin after freeing
CVE-2015-0274: (unk) xfs: remote attribute overwrite causes transaction overrun
CVE-2015-1350: (unk) fs: Avoid premature clearing of capabilities
CVE-2015-1805: (unk) new helper: copy_page_from_iter()
CVE-2015-2877: (unk)
CVE-2015-4001: (unk) ozwpan: Use unsigned ints to prevent heap overflow
CVE-2015-4004: (unk) staging: ozwpan: Remove from tree
CVE-2015-4176: (unk) mnt: Update detach_mounts to leave mounts connected
CVE-2015-4178: (unk) fs_pin: Allow for the possibility that m_list or s_list go unused.
CVE-2015-8374: (unk) Btrfs: fix truncation of compressed and inlined extents
CVE-2015-8709: (unk) mm: Add a user_ns owner to mm_struct and fix ptrace permission checks
CVE-2015-8830: (unk) aio: lift iov_iter_init() into aio_setup_..._rw()
CVE-2015-8839: (unk) ext4: fix races between page faults and hole punching
CVE-2015-8845: (unk) powerpc/tm: Check for already reclaimed tasks
CVE-2015-8950: (unk) arm64: dma-mapping: always clear allocated buffers
CVE-2015-8952: (unk) ext2: convert to mbcache2
CVE-2015-8955: (unk) arm64: perf: reject groups spanning multiple HW PMUs
CVE-2015-8963: (unk) perf: Fix race in swevent hash
CVE-2015-8966: (unk) [PATCH] arm: fix handling of F_OFD_... in oabi_fcntl64()
CVE-2015-8967: (unk) arm64: make sys_call_table const
CVE-2015-9016: (unk) blk-mq: fix race between timeout and freeing request
CVE-2016-10044: (unk) aio: mark AIO pseudo-fs noexec
CVE-2016-10147: (unk) crypto: mcryptd - Check mcryptd algorithm compatibility
CVE-2016-10723: (unk) mm, oom: remove sleep from under oom_lock
CVE-2016-10741: (unk) xfs: don't BUG() on mixed direct and mapped I/O
CVE-2016-10905: (unk) GFS2: don't set rgrp gl_object until it's inserted into rgrp tree
CVE-2016-10906: (unk) net: arc_emac: fix koops caused by sk_buff free
CVE-2016-1583: (unk) proc: prevent stacking filesystems on top
CVE-2016-3139: (unk) Input: wacom - compute the HID report size to get the actual packet size
CVE-2016-3672: (unk) x86/mm/32: Enable full randomization on i386 and X86_32
CVE-2016-5243: (unk) tipc: fix an infoleak in tipc_nl_compat_link_dump
CVE-2016-5828: (unk) powerpc/tm: Always reclaim in start_thread() for exec() class syscalls
CVE-2016-6136: (unk) audit: fix a double fetch in audit_log_single_execve_arg()
CVE-2016-6197: (unk) ovl: verify upper dentry before unlink and rename
CVE-2016-6198: (unk) vfs: add vfs_select_inode() helper
CVE-2016-6213: (unk) mnt: Add a per mount namespace limit on the number of mounts
CVE-2016-6786: (unk) perf: Fix event->ctx locking
CVE-2016-6787: (unk) perf: Fix event->ctx locking
CVE-2016-7915: (unk) HID: core: prevent out-of-bound readings
CVE-2016-7917: (unk) netfilter: nfnetlink: correctly validate length of batch messages
CVE-2016-8632: (unk) tipc: check minimum bearer MTU
CVE-2016-9120: (unk) staging/android/ion : fix a race condition in the ion driver
CVE-2016-9644: (unk) x86/mm: Expand the exception table logic to allow new handling options
CVE-2017-0605: (unk) tracing: Use strlcpy() instead of strcpy() in __trace_find_cmdline()
CVE-2017-0627: (unk) media: uvcvideo: Prevent heap overflow when accessing mapped controls
CVE-2017-0750: (unk) f2fs: do more integrity verification for superblock
CVE-2017-0786: (unk) brcmfmac: add length check in brcmf_cfg80211_escan_handler()
CVE-2017-0861: (unk) ALSA: pcm: prevent UAF in snd_pcm_info
CVE-2017-1000: (unk) udp: consistently apply ufo or fragmentation
CVE-2017-1000111: (unk) packet: fix tp_reserve race in packet_set_ring
CVE-2017-1000112: (unk) udp: consistently apply ufo or fragmentation
CVE-2017-1000251: (unk) Bluetooth: Properly check L2CAP config option output buffer length
CVE-2017-1000363: (unk) char: lp: fix possible integer overflow in lp_setup()
CVE-2017-1000364: (unk) mm: larger stack guard gap, between vmas
CVE-2017-1000365: (unk) fs/exec.c: account for argv/envp pointers
CVE-2017-1000379: (unk) mm: larger stack guard gap, between vmas
CVE-2017-1000380: (unk) ALSA: timer: Fix race between read and ioctl
CVE-2017-1000405: (unk) mm, thp: Do not make page table dirty unconditionally in touch_p[mu]d()
CVE-2017-1000407: (unk) KVM: VMX: remove I/O port 0x80 bypass on Intel hosts
CVE-2017-1000410: (unk) Bluetooth: Prevent stack info leak from the EFS element.
CVE-2017-10661: (unk) timerfd: Protect the might cancel mechanism proper
CVE-2017-10662: (unk) f2fs: sanity check segment count
CVE-2017-10663: (unk) f2fs: sanity check checkpoint segno and blkoff
CVE-2017-10810: (unk) drm/virtio: don't leak bo on drm_gem_object_init failure
CVE-2017-10911: (unk) xen-blkback: don't leak stack data via response ring
CVE-2017-11089: (unk) cfg80211: Define nla_policy for NL80211_ATTR_LOCAL_MESH_POWER_MODE
CVE-2017-11176: (unk) mqueue: fix a use-after-free in sys_mq_notify()
CVE-2017-11472: (unk) ACPICA: Namespace: fix operand cache leak
CVE-2017-11473: (unk) x86/acpi: Prevent out of bound access caused by broken ACPI tables
CVE-2017-11600: (unk) xfrm: policy: check policy direction value
CVE-2017-12134: (unk) xen: fix bio vec merging
CVE-2017-12153: (unk) nl80211: check for the required netlink attributes presence
CVE-2017-12154: (unk) kvm: nVMX: Don't allow L2 to access the hardware CR8
CVE-2017-12168: (unk) arm64: KVM: pmu: Fix AArch32 cycle counter access
CVE-2017-12190: (unk) fix unbalanced page refcounting in bio_map_user_iov
CVE-2017-12762: (unk) isdn/i4l: fix buffer overflow
CVE-2017-13080: (unk) mac80211: accept key reinstall without changing anything
CVE-2017-13166: (unk) media: v4l2-ioctl.c: use check_fmt for enum/g/s/try_fmt
CVE-2017-13167: (unk) ALSA: timer: Fix race at concurrent reads
CVE-2017-13168: (unk) scsi: sg: mitigate read/write abuse
CVE-2017-13215: (unk) crypto: algif_skcipher - Load TX SG list after waiting
CVE-2017-13216: (unk) staging: android: ashmem: fix a race condition in ASHMEM_SET_SIZE ioctl
CVE-2017-13220: (unk) Bluetooth: hidp_connection_add() unsafe use of l2cap_pi()
CVE-2017-13305: (unk) KEYS: encrypted: fix buffer overread in valid_master_desc()
CVE-2017-13693: (unk)
CVE-2017-13694: (unk)
CVE-2017-13695: (unk) ACPICA: acpi: acpica: fix acpi operand cache leak in nseval.c
CVE-2017-14051: (unk) scsi: qla2xxx: Fix an integer overflow in sysfs code
CVE-2017-14106: (unk) tcp: initialize rcv_mss to TCP_MIN_MSS instead of 0
CVE-2017-14140: (unk) Sanitize 'move_pages()' permission checks
CVE-2017-14156: (unk) video: fbdev: aty: do not leak uninitialized padding in clk to userspace
CVE-2017-14340: (unk) xfs: XFS_IS_REALTIME_INODE() should be false if no rt device present
CVE-2017-14489: (unk) scsi: scsi_transport_iscsi: fix the issue that iscsi_if_rx doesn't parse nlmsg properly
CVE-2017-14991: (unk) scsi: sg: fixup infoleak when using SG_GET_REQUEST_TABLE
CVE-2017-15115: (unk) sctp: do not peel off an assoc from one netns to another one
CVE-2017-15116: (unk) crypto: rng - Remove old low-level rng interface
CVE-2017-15265: (unk) ALSA: seq: Fix use-after-free at creating a port
CVE-2017-15274: (unk) KEYS: fix dereferencing NULL payload with nonzero length
CVE-2017-15299: (unk) KEYS: don't let add_key() update an uninstantiated key
CVE-2017-15537: (unk) x86/fpu: Don't let userspace set bogus xcomp_bv
CVE-2017-15649: (unk) packet: in packet_do_bind, test fanout with bind_lock held
CVE-2017-15868: (unk) Bluetooth: bnep: bnep_add_connection() should verify that it's dealing with l2cap socket
CVE-2017-16525: (unk) USB: serial: console: fix use-after-free after failed setup
CVE-2017-16526: (unk) uwb: properly check kthread_run return value
CVE-2017-16527: (unk) ALSA: usb-audio: Kill stray URB at exiting
CVE-2017-16528: (unk) ALSA: seq: Cancel pending autoload work at unbinding device
CVE-2017-16529: (unk) ALSA: usb-audio: Check out-of-bounds access by corrupted buffer descriptor
CVE-2017-16531: (unk) USB: fix out-of-bounds in usb_set_configuration
CVE-2017-16532: (unk) usb: usbtest: fix NULL pointer dereference
CVE-2017-16533: (unk) HID: usbhid: fix out-of-bounds bug
CVE-2017-16535: (unk) USB: core: fix out-of-bounds access bug in usb_get_bos_descriptor()
CVE-2017-16536: (unk) [media] cx231xx-cards: fix NULL-deref on missing association descriptor
CVE-2017-16537: (unk) media: imon: Fix null-ptr-deref in imon_probe
CVE-2017-16538: (unk) media: dvb-usb-v2: lmedm04: Improve logic checking of warm start
CVE-2017-16643: (unk) Input: gtco - fix potential out-of-bound access
CVE-2017-16645: (unk) Input: ims-psu - check if CDC union descriptor is sane
CVE-2017-16646: (unk) media: dib0700: fix invalid dvb_detach argument
CVE-2017-16648: (unk) dvb_frontend: don't use-after-free the frontend struct
CVE-2017-16649: (unk) net: cdc_ether: fix divide by 0 on bad descriptors
CVE-2017-16650: (unk) net: qmi_wwan: fix divide by 0 on bad descriptors
CVE-2017-16911: (unk) usbip: prevent vhci_hcd driver from leaking a socket pointer address
CVE-2017-16912: (unk) usbip: fix stub_rx: get_pipe() to validate endpoint number
CVE-2017-16913: (unk) usbip: fix stub_rx: harden CMD_SUBMIT path to handle malicious input
CVE-2017-16914: (unk) usbip: fix stub_send_ret_submit() vulnerability to null transfer_buffer
CVE-2017-16939: (unk) ipsec: Fix aborted xfrm policy dump crash
CVE-2017-16995: (unk) bpf: fix incorrect sign extension in check_alu_op()
CVE-2017-17448: (unk) netfilter: nfnetlink_cthelper: Add missing permission checks
CVE-2017-17449: (unk) netlink: Add netns check on taps
CVE-2017-17450: (unk) netfilter: xt_osf: Add missing permission checks
CVE-2017-17558: (unk) USB: core: prevent malicious bNumInterfaces overflow
CVE-2017-17741: (unk) KVM: Fix stack-out-of-bounds read in write_mmio
CVE-2017-17805: (unk) crypto: salsa20 - fix blkcipher_walk API usage
CVE-2017-17806: (unk) crypto: hmac - require that the underlying hash algorithm is unkeyed
CVE-2017-17807: (unk) KEYS: add missing permission check for request_key() destination
CVE-2017-18017: (unk) netfilter: xt_TCPMSS: add more sanity tests on tcph->doff
CVE-2017-18079: (unk) Input: i8042 - fix crash at boot time
CVE-2017-18193: (unk) f2fs: fix a bug caused by NULL extent tree
CVE-2017-18203: (unk) dm: fix race between dm_get_from_kobject() and __dm_destroy()
CVE-2017-18204: (unk) ocfs2: should wait dio before inode lock in ocfs2_setattr()
CVE-2017-18208: (unk) mm/madvise.c: fix madvise() infinite loop under special circumstances
CVE-2017-18216: (unk) ocfs2: subsystem.su_mutex is required while accessing the item->ci_parent
CVE-2017-18221: (unk) mlock: fix mlock count can not decrease in race condition
CVE-2017-18232: (unk) scsi: libsas: direct call probe and destruct
CVE-2017-18241: (unk) f2fs: fix a panic caused by NULL flush_cmd_control
CVE-2017-18249: (unk) f2fs: fix race condition in between free nid allocator/initializer
CVE-2017-18255: (unk) perf/core: Fix the perf_cpu_time_max_percent check
CVE-2017-18270: (unk) KEYS: prevent creating a different user's keyrings
CVE-2017-18344: (unk) posix-timer: Properly check sigevent->sigev_notify
CVE-2017-18360: (unk) USB: serial: io_ti: fix div-by-zero in set_termios
CVE-2017-18509: (unk) ipv6: check sk sk_type and protocol early in ip_mroute_set/getsockopt
CVE-2017-18551: (unk) i2c: core-smbus: prevent stack corruption on read I2C_BLOCK_DATA
CVE-2017-18552: (unk) RDS: validate the requested traces user input against max supported
CVE-2017-18595: (unk) tracing: Fix possible double free on failure of allocating trace buffer
CVE-2017-5715: (unk) x86/cpufeatures: Add X86_BUG_SPECTRE_V[12]
CVE-2017-5753: (unk) x86/cpufeatures: Add X86_BUG_SPECTRE_V[12]
CVE-2017-5754: (unk) x86/cpufeatures: Add Intel feature bits for Speculation Control
CVE-2017-5967: (unk) time: Remove CONFIG_TIMER_STATS
CVE-2017-5972: (unk) tcp: do not lock listener to process SYN packets
CVE-2017-6001: (unk) perf/core: Fix concurrent sys_perf_event_open() vs. 'move_group' race
CVE-2017-7482: (unk) rxrpc: Fix several cases where a padded len isn't checked in ticket decode
CVE-2017-7487: (unk) ipx: call ipxitf_put() in ioctl error path
CVE-2017-7518: (unk) KVM: x86: fix singlestepping over syscall
CVE-2017-7541: (unk) brcmfmac: fix possible buffer overflow in brcmf_cfg80211_mgmt_tx()
CVE-2017-7542: (unk) ipv6: avoid overflow of offset in ip6_find_1stfragopt
CVE-2017-7618: (unk) crypto: ahash - Fix EINPROGRESS notification callback
CVE-2017-7895: (unk) nfsd: stricter decoding of write-like NFSv2/v3 ops
CVE-2017-8065: (unk) crypto: ccm - move cbcmac input off the stack
CVE-2017-8106: (unk) KVM: nVMX: Don't advertise single context invalidation for invept
CVE-2017-8797: (unk) nfsd: fix undefined behavior in nfsd4_layout_verify
CVE-2017-8824: (unk) dccp: CVE-2017-8824: use-after-free in DCCP code
CVE-2017-8831: (unk) [media] saa7164: fix double fetch PCIe access condition
CVE-2017-8890: (unk) dccp/tcp: do not inherit mc_list from parent
CVE-2017-9074: (unk) ipv6: Prevent overrun when parsing v6 header options
CVE-2017-9075: (unk) sctp: do not inherit ipv6_{mc|ac|fl}_list from parent
CVE-2017-9076: (unk) ipv6/dccp: do not inherit ipv6_mc_list from parent
CVE-2017-9077: (unk) ipv6/dccp: do not inherit ipv6_mc_list from parent
CVE-2017-9242: (unk) ipv6: fix out of bound writes in __ip6_append_data()
CVE-2017-9725: (unk) mm: cma: fix incorrect type conversion for size during dma allocation
CVE-2017-9984: (unk) ALSA: msnd: Optimize / harden DSP and MIDI loops
CVE-2017-9985: (unk) ALSA: msnd: Optimize / harden DSP and MIDI loops
CVE-2017-9986: (unk) sound: Retire OSS
CVE-2018-1000004: (unk) ALSA: seq: Make ioctls race-free
CVE-2018-1000026: (unk) bnx2x: disable GSO where gso_size is too big for hardware
CVE-2018-1000028: (unk) nfsd: auth: Fix gid sorting when rootsquash enabled
CVE-2018-1000199: (unk) perf/hwbp: Simplify the perf-hwbp code, fix documentation
CVE-2018-1000204: (unk) scsi: sg: allocate with __GFP_ZERO in sg_build_indirect()
CVE-2018-10021: (unk) scsi: libsas: defer ata device eh commands to libata
CVE-2018-10087: (unk) kernel/exit.c: avoid undefined behaviour when calling wait4()
CVE-2018-10124: (unk) kernel/signal.c: avoid undefined behaviour in kill_something_info
CVE-2018-10322: (unk) xfs: enhance dinode verifier
CVE-2018-10323: (unk) xfs: set format back to extents if xfs_bmap_extents_to_btree
CVE-2018-1066: (unk) CIFS: Enable encryption during session setup phase
CVE-2018-10675: (unk) mm/mempolicy: fix use after free when calling get_mempolicy
CVE-2018-1068: (unk) netfilter: ebtables: CONFIG_COMPAT: don't trust userland offsets
CVE-2018-1087: (unk) kvm/x86: fix icebp instruction handling
CVE-2018-10876: (unk) ext4: only look at the bg_flags field if it is valid
CVE-2018-10877: (unk) ext4: verify the depth of extent tree in ext4_find_extent()
CVE-2018-10878: (unk) ext4: always check block group bounds in ext4_init_block_bitmap()
CVE-2018-10879: (unk) ext4: make sure bitmaps and the inode table don't overlap with bg descriptors
CVE-2018-10880: (unk) ext4: never move the system.data xattr out of the inode body
CVE-2018-10881: (unk) ext4: clear i_data in ext4_inode_info when removing inline data
CVE-2018-10882: (unk) ext4: add more inode number paranoia checks
CVE-2018-10883: (unk) jbd2: don't mark block as modified if the handle is out of credits
CVE-2018-10902: (unk) ALSA: rawmidi: Change resized buffers atomically
CVE-2018-1092: (unk) ext4: fail ext4_iget for root directory if unallocated
CVE-2018-1093: (unk) ext4: add validity checks for bitmap block numbers
CVE-2018-10940: (unk) cdrom: information leak in cdrom_ioctl_media_changed()
CVE-2018-1120: (unk) proc: do not access cmdline nor environ from file-backed areas
CVE-2018-1121: (unk)
CVE-2018-1128: (unk) libceph: add authorizer challenge
CVE-2018-1129: (unk) libceph: implement CEPHX_V2 calculation mode
CVE-2018-1130: (unk) dccp: check sk for closed state in dccp_sendmsg()
CVE-2018-12126: (unk) s390/speculation: Support 'mitigations=' cmdline option
CVE-2018-12127: (unk) s390/speculation: Support 'mitigations=' cmdline option
CVE-2018-12130: (unk) s390/speculation: Support 'mitigations=' cmdline option
CVE-2018-12207: (unk) kvm: x86, powerpc: do not allow clearing largepages debugfs entry
CVE-2018-12233: (unk) jfs: Fix inconsistency between memory allocation and ea_buf->max_size
CVE-2018-12896: (unk) posix-timers: Sanitize overrun handling
CVE-2018-12928: (unk)
CVE-2018-12929: (unk)
CVE-2018-12930: (unk)
CVE-2018-12931: (unk)
CVE-2018-13053: (unk) alarmtimer: Prevent overflow for relative nanosleep
CVE-2018-13093: (unk) xfs: validate cached inodes are free when allocated
CVE-2018-13094: (unk) xfs: don't call xfs_da_shrink_inode with NULL bp
CVE-2018-13095: (unk) xfs: More robust inode extent count validation
CVE-2018-13096: (unk) f2fs: fix to do sanity check with node footer and iblocks
CVE-2018-13097: (unk) f2fs: fix to do sanity check with user_block_count
CVE-2018-13098: (unk) f2fs: fix to do sanity check with extra_attr feature
CVE-2018-13100: (unk) f2fs: fix to do sanity check with secs_per_zone
CVE-2018-13405: (unk) Fix up non-directory creation in SGID directories
CVE-2018-13406: (unk) video: uvesafb: Fix integer overflow in allocation
CVE-2018-14609: (unk) btrfs: relocation: Only remove reloc rb_trees if reloc control has been initialized
CVE-2018-14610: (unk) btrfs: Check that each block group has corresponding chunk at mount time
CVE-2018-14611: (unk) btrfs: validate type when reading a chunk
CVE-2018-14612: (unk) btrfs: tree-checker: Detect invalid and empty essential trees
CVE-2018-14613: (unk) btrfs: tree-checker: Verify block_group_item
CVE-2018-14614: (unk) f2fs: fix to do sanity check with cp_pack_start_sum
CVE-2018-14616: (unk) f2fs: fix to do sanity check with block address in main area v2
CVE-2018-14617: (unk) hfsplus: fix NULL dereference in hfsplus_lookup()
CVE-2018-14633: (unk) scsi: target: iscsi: Use hex2bin instead of a re-implementation
CVE-2018-14634: (unk) exec: Limit arg stack to at most 75% of _STK_LIM
CVE-2018-14734: (unk) infiniband: fix a possible use-after-free bug
CVE-2018-15572: (unk) x86/speculation: Protect against userspace-userspace spectreRSB
CVE-2018-16276: (unk) USB: yurex: fix out-of-bounds uaccess in read handler
CVE-2018-16658: (unk) cdrom: Fix info leak/OOB read in cdrom_ioctl_drive_status
CVE-2018-16884: (unk) sunrpc: use-after-free in svc_process_common()
CVE-2018-17972: (unk) proc: restrict kernel stack dumps to root
CVE-2018-17977: (unk)
CVE-2018-18021: (unk) arm64: KVM: Tighten guest core register access from userspace
CVE-2018-18281: (unk) mremap: properly flush TLB before releasing the page
CVE-2018-18386: (unk) n_tty: fix EXTPROC vs ICANON interaction with TIOCINQ (aka FIONREAD)
CVE-2018-18690: (unk) xfs: don't fail when converting shortform attr to long form during ATTR_REPLACE
CVE-2018-18710: (unk) cdrom: fix improper type cast, which can leat to information leak.
CVE-2018-19824: (unk) ALSA: usb-audio: Fix UAF decrement if card has no live interfaces in card.c
CVE-2018-19985: (unk) USB: hso: Fix OOB memory access in hso_probe/hso_get_config_data
CVE-2018-20169: (unk) USB: check usb_get_extra_descriptor for proper size
CVE-2018-20509: (unk) binder: refactor binder ref inc/dec for thread safety
CVE-2018-20510: (unk) binder: replace "%p" with "%pK"
CVE-2018-20511: (unk) net/appletalk: fix minor pointer leak to userspace in SIOCFINDIPDDPRT
CVE-2018-20836: (unk) scsi: libsas: fix a race condition when smp task timeout
CVE-2018-20854: (unk) phy: ocelot-serdes: fix out-of-bounds read
CVE-2018-20855: (unk) IB/mlx5: Fix leaking stack memory to userspace
CVE-2018-20976: (unk) xfs: clear sb->s_fs_info on mount failure
CVE-2018-21008: (unk) rsi: add fix for crash during assertions
CVE-2018-25020: (unk) bpf: fix truncated jump targets on heavy expansions
CVE-2018-3620: (unk) x86/microcode: Allow late microcode loading with SMT disabled
CVE-2018-3639: (unk) x86/nospec: Simplify alternative_msr_write()
CVE-2018-3646: (unk) x86/microcode: Allow late microcode loading with SMT disabled
CVE-2018-3693: (unk) ext4: fix spectre gadget in ext4_mb_regular_allocator()
CVE-2018-5332: (unk) RDS: Heap OOB write in rds_message_alloc_sgs()
CVE-2018-5333: (unk) RDS: null pointer dereference in rds_atomic_free_op
CVE-2018-5344: (unk) loop: fix concurrent lo_open/lo_release
CVE-2018-5391: (unk) ip: discard IPv4 datagrams with overlapping segments.
CVE-2018-5750: (unk) ACPI: sbshc: remove raw pointer from printk() message
CVE-2018-5803: (unk) sctp: verify size of a new chunk in _sctp_make_chunk()
CVE-2018-5814: (unk) usbip: usbip_host: fix NULL-ptr deref and use-after-free errors
CVE-2018-5848: (unk) wil6210: missing length check in wmi_set_ie
CVE-2018-5953: (unk) printk: hash addresses printed with %p
CVE-2018-5995: (unk) printk: hash addresses printed with %p
CVE-2018-6412: (unk) fbdev: Fixing arbitrary kernel leak in case FBIOGETCMAP_SPARC in sbusfb_ioctl_helper().
CVE-2018-6554: (unk) staging: irda: remove the irda network stack and drivers
CVE-2018-6555: (unk) staging: irda: remove the irda network stack and drivers
CVE-2018-6927: (unk) futex: Prevent overflow by strengthen input validation
CVE-2018-7191: (unk) tun: call dev_get_valid_name() before register_netdevice()
CVE-2018-7273: (unk) printk: hash addresses printed with %p
CVE-2018-7480: (unk) blkcg: fix double free of new_blkg in blkcg_init_queue
CVE-2018-7492: (unk) rds: Fix NULL pointer dereference in __rds_rdma_map
CVE-2018-7566: (unk) ALSA: seq: Fix racy pool initializations
CVE-2018-7754: (unk) printk: hash addresses printed with %p
CVE-2018-7755: (unk) floppy: Do not copy a kernel pointer to user memory in FDGETPRM ioctl
CVE-2018-7757: (unk) scsi: libsas: fix memory leak in sas_smp_get_phy_events()
CVE-2018-7995: (unk) x86/MCE: Serialize sysfs changes
CVE-2018-8781: (unk) drm: udl: Properly check framebuffer mmap offsets
CVE-2018-8822: (unk) staging: ncpfs: memory corruption in ncp_read_kernel()
CVE-2018-8897: (unk) x86/entry/64: Don't use IST entry for #BP stack
CVE-2018-9422: (unk) futex: Remove requirement for lock_page() in get_futex_key()
CVE-2018-9465: (unk) binder: fix proc->files use-after-free
CVE-2018-9516: (unk) HID: debug: check length before copy_to_user()
CVE-2018-9517: (unk) l2tp: pass tunnel pointer to ->session_create()
CVE-2018-9518: (unk) NFC: llcp: Limit size of SDP URI
CVE-2018-9568: (unk) net: Set sk_prot_creator when cloning sockets to the right proto
CVE-2019-0136: (unk) mac80211: drop robust management frames from unknown TA
CVE-2019-0148: (unk) i40e: Wrong truncation from u16 to u8
CVE-2019-0154: (unk) drm/i915: Lower RM timeout to avoid DSI hard hangs
CVE-2019-10126: (unk) mwifiex: Fix heap overflow in mwifiex_uap_parse_tail_ies()
CVE-2019-10142: (unk) drivers/virt/fsl_hypervisor.c: prevent integer overflow in ioctl
CVE-2019-10207: (unk) Bluetooth: hci_uart: check for missing tty operations
CVE-2019-10220: (unk) Convert filldir[64]() from __put_user() to unsafe_put_user()
CVE-2019-10638: (unk) inet: switch IP ID generator to siphash
CVE-2019-10639: (unk) netns: provide pure entropy for net_hash_mix()
CVE-2019-11091: (unk) s390/speculation: Support 'mitigations=' cmdline option
CVE-2019-11135: (unk) x86/msr: Add the IA32_TSX_CTRL MSR
CVE-2019-11190: (unk) binfmt_elf: switch to new creds when switching to new mm
CVE-2019-11191: (unk) x86: Deprecate a.out support
CVE-2019-1125: (unk) x86/speculation: Prepare entry code for Spectre v1 swapgs mitigations
CVE-2019-11477: (unk) tcp: limit payload size of sacked skbs
CVE-2019-11478: (unk) tcp: tcp_fragment() should apply sane memory limits
CVE-2019-11479: (unk) tcp: add tcp_min_snd_mss sysctl
CVE-2019-11486: (unk) tty: mark Siemens R3964 line discipline as BROKEN
CVE-2019-11487: (unk) fs: prevent page refcount overflow in pipe_buf_get
CVE-2019-11599: (unk) coredump: fix race condition between mmget_not_zero()/get_task_mm() and core dumping
CVE-2019-11810: (unk) scsi: megaraid_sas: return error when create DMA pool failed
CVE-2019-11833: (unk) ext4: zero out the unused memory region in the extent tree block
CVE-2019-11884: (unk) Bluetooth: hidp: fix buffer overflow
CVE-2019-12378: (unk) ipv6_sockglue: Fix a missing-check bug in ip6_ra_control()
CVE-2019-12379: (unk) consolemap: Fix a memory leaking bug in drivers/tty/vt/consolemap.c
CVE-2019-12380: (unk) efi/x86/Add missing error handling to old_memmap 1:1 mapping code
CVE-2019-12381: (unk) ip_sockglue: Fix missing-check bug in ip_ra_control()
CVE-2019-12382: (unk) drm/edid: Fix a missing-check bug in drm_load_edid_firmware()
CVE-2019-12456: (unk)
CVE-2019-12614: (unk) powerpc/pseries/dlpar: Fix a missing check in dlpar_parse_cc_property()
CVE-2019-12615: (unk) mdesc: fix a missing-check bug in get_vdev_port_node_info()
CVE-2019-12818: (unk) net: nfc: Fix NULL dereference on nfc_llcp_build_tlv fails
CVE-2019-12881: (unk) drm/i915/userptr: reject zero user_size
CVE-2019-13272: (unk) ptrace: Fix ->ptracer_cred handling for PTRACE_TRACEME
CVE-2019-13631: (unk) Input: gtco - bounds check collection indent level
CVE-2019-13648: (unk) powerpc/tm: Fix oops on sigreturn on systems without TM
CVE-2019-14283: (unk) floppy: fix out-of-bounds read in copy_buffer
CVE-2019-14284: (unk) floppy: fix div-by-zero in setup_format_params
CVE-2019-14615: (unk) drm/i915/gen9: Clear residual context state on context switch
CVE-2019-14814: (unk) mwifiex: Fix three heap overflow at parsing element in cfg80211_ap_settings
CVE-2019-14816: (unk) mwifiex: Fix three heap overflow at parsing element in cfg80211_ap_settings
CVE-2019-14821: (unk) KVM: coalesced_mmio: add bounds checking
CVE-2019-14835: (unk) vhost: make sure log_num < in_num
CVE-2019-14895: (unk) mwifiex: fix possible heap overflow in mwifiex_process_country_ie()
CVE-2019-14896: (unk) libertas: Fix two buffer overflows at parsing bss descriptor
CVE-2019-14897: (unk) libertas: Fix two buffer overflows at parsing bss descriptor
CVE-2019-14901: (unk) mwifiex: Fix heap overflow in mmwifiex_process_tdls_action_frame()
CVE-2019-15098: (unk) ath6kl: fix a NULL-ptr-deref bug in ath6kl_usb_alloc_urb_from_pipe()
CVE-2019-15117: (unk) ALSA: usb-audio: Fix an OOB bug in parse_audio_mixer_unit
CVE-2019-15118: (unk) ALSA: usb-audio: Fix a stack buffer overflow bug in check_input_term
CVE-2019-15212: (unk) USB: rio500: refuse more than one device at a time
CVE-2019-15214: (unk) ALSA: core: Fix card races between register and disconnect
CVE-2019-15215: (unk) media: cpia2_usb: first wake up, then free in disconnect
CVE-2019-15216: (unk) USB: yurex: Fix protection fault after device removal
CVE-2019-15217: (unk) media: usb:zr364xx:Fix KASAN:null-ptr-deref Read in zr364xx_vidioc_querycap
CVE-2019-15218: (unk) media: usb: siano: Fix general protection fault in smsusb
CVE-2019-15219: (unk) USB: sisusbvga: fix oops in error path of sisusb_probe
CVE-2019-15220: (unk) p54usb: Fix race between disconnect and firmware loading
CVE-2019-15221: (unk) ALSA: line6: Fix write on zero-sized buffer
CVE-2019-15222: (unk) ALSA: usb-audio: Fix gpf in snd_usb_pipe_sanity_check
CVE-2019-15223: (unk) ALSA: line6: Assure canceling delayed work at disconnection
CVE-2019-15239: (unk)
CVE-2019-15290: (unk)
CVE-2019-15291: (unk) media: b2c2-flexcop-usb: add sanity checking
CVE-2019-15292: (unk) appletalk: Fix use-after-free in atalk_proc_exit
CVE-2019-15505: (unk) media: technisat-usb2: break out of loop at end of buffer
CVE-2019-15807: (unk) scsi: libsas: delete sas port if expander discover failed
CVE-2019-15902: (unk)
CVE-2019-15916: (unk) net-sysfs: Fix mem leak in netdev_register_kobject
CVE-2019-15917: (unk) Bluetooth: hci_ldisc: Postpone HCI_UART_PROTO_READY bit set in hci_uart_set_proto()
CVE-2019-15926: (unk) ath6kl: add some bounds checking
CVE-2019-15927: (unk) ALSA: usb-audio: Avoid access before bLength check in build_audio_procunit()
CVE-2019-16232: (unk) libertas: fix a potential NULL pointer dereference
CVE-2019-16233: (unk) scsi: qla2xxx: fix a potential NULL pointer dereference
CVE-2019-16413: (unk) 9p: use inode->i_lock to protect i_size_write() under 32-bit
CVE-2019-16746: (unk) nl80211: validate beacon head
CVE-2019-16921: (unk) RDMA/hns: Fix init resp when alloc ucontext
CVE-2019-17052: (unk) ax25: enforce CAP_NET_RAW for raw sockets
CVE-2019-17053: (unk) ieee802154: enforce CAP_NET_RAW for raw sockets
CVE-2019-17054: (unk) appletalk: enforce CAP_NET_RAW for raw sockets
CVE-2019-17055: (unk) mISDN: enforce CAP_NET_RAW for raw sockets
CVE-2019-17056: (unk) nfc: enforce CAP_NET_RAW for raw sockets
CVE-2019-17075: (unk) RDMA/cxgb4: Do not dma memory off of the stack
CVE-2019-17133: (unk) cfg80211: wext: avoid copying malformed SSIDs
CVE-2019-17351: (unk) xen: let alloc_xenballooned_pages() fail if not enough memory free
CVE-2019-17666: (unk) rtlwifi: Fix potential overflow on P2P code
CVE-2019-18660: (unk) powerpc/book3s64: Fix link stack flush on context switch
CVE-2019-18675: (unk) mmap: introduce sane default mmap limits
CVE-2019-18680: (unk)
CVE-2019-18806: (unk) net: qlogic: Fix memory leak in ql_alloc_large_buffers
CVE-2019-18885: (unk) btrfs: merge btrfs_find_device and find_device
CVE-2019-19036: (unk) btrfs: Detect unbalanced tree with empty leaf before crashing btree operations
CVE-2019-19039: (unk) btrfs: Don't submit any btree write bio if the fs has errors
CVE-2019-19054: (unk) media: rc: prevent memory leak in cx23888_ir_probe
CVE-2019-19056: (unk) mwifiex: pcie: Fix memory leak in mwifiex_pcie_alloc_cmdrsp_buf
CVE-2019-19057: (unk) mwifiex: pcie: Fix memory leak in mwifiex_pcie_init_evt_ring
CVE-2019-19060: (unk) iio: imu: adis16400: release allocated memory on failure
CVE-2019-19061: (unk) iio: imu: adis16400: fix memory leak
CVE-2019-19062: (unk) crypto: user - fix memory leak in crypto_report
CVE-2019-19063: (unk) rtlwifi: prevent memory leak in rtl_usb_probe
CVE-2019-19066: (unk) scsi: bfa: release allocated memory in case of error
CVE-2019-19073: (unk) ath9k_htc: release allocated buffer if timed out
CVE-2019-19074: (unk) ath9k: release allocated buffer if timed out
CVE-2019-19227: (unk) appletalk: Fix potential NULL pointer dereference in unregister_snap_client
CVE-2019-19241: (unk) io_uring: async workers should inherit the user creds
CVE-2019-19319: (unk) ext4: protect journal inode's blocks using block_validity
CVE-2019-19377: (unk) btrfs: Don't submit any btree write bio if the fs has errors
CVE-2019-19378: (unk)
CVE-2019-19447: (unk) ext4: work around deleting a file with i_nlink == 0 safely
CVE-2019-19448: (unk) btrfs: only search for left_info if there is no right_info in try_merge_free_space
CVE-2019-19449: (unk) f2fs: fix to do sanity check on segment/section count
CVE-2019-19523: (unk) USB: adutux: fix use-after-free on disconnect
CVE-2019-19524: (unk) Input: ff-memless - kill timer in destroy()
CVE-2019-19527: (unk) HID: hiddev: do cleanup in failure of opening a device
CVE-2019-19528: (unk) USB: iowarrior: fix use-after-free on disconnect
CVE-2019-19530: (unk) usb: cdc-acm: make sure a refcount is taken early enough
CVE-2019-19531: (unk) usb: yurex: Fix use-after-free in yurex_delete
CVE-2019-19532: (unk) HID: Fix assumption that devices have inputs
CVE-2019-19533: (unk) media: ttusb-dec: Fix info-leak in ttusb_dec_send_command()
CVE-2019-19534: (unk) can: peak_usb: fix slab info leak
CVE-2019-19536: (unk) can: peak_usb: pcan_usb_pro: Fix info-leaks to USB devices
CVE-2019-19537: (unk) USB: core: Fix races in character device registration and deregistraion
CVE-2019-19768: (unk) blktrace: Protect q->blk_trace with RCU
CVE-2019-19813: (unk) btrfs: inode: Verify inode mode to avoid NULL pointer dereference
CVE-2019-19814: (unk)
CVE-2019-19816: (unk) btrfs: inode: Verify inode mode to avoid NULL pointer dereference
CVE-2019-19922: (unk) sched/fair: Fix low cpu usage with high throttling by removing expiration of cpu-local slices
CVE-2019-19927: (unk) drm/ttm: fix incrementing the page pointer for huge pages
CVE-2019-19965: (unk) scsi: libsas: stop discovering if oob mode is disconnected
CVE-2019-19966: (unk) media: cpia2: Fix use-after-free in cpia2_exit
CVE-2019-1999: (unk) binder: fix race between munmap() and direct reclaim
CVE-2019-20054: (unk) fs/proc/proc_sysctl.c: fix NULL pointer dereference in put_links
CVE-2019-20096: (unk) dccp: Fix memleak in __feat_register_sp
CVE-2019-2025: (unk) binder: fix race that allows malicious free of live buffer
CVE-2019-2054: (unk) arm/ptrace: run seccomp after ptrace
CVE-2019-20636: (unk) Input: add safety guards to input_set_keycode()
CVE-2019-20794: (unk)
CVE-2019-20806: (unk) media: tw5864: Fix possible NULL pointer dereference in tw5864_handle_frame
CVE-2019-20811: (unk) net-sysfs: call dev_hold if kobject_init_and_add success
CVE-2019-20812: (unk) af_packet: set defaule value for tmo
CVE-2019-20908: (unk) efi: Restrict efivar_ssdt_load when the kernel is locked down
CVE-2019-2101: (unk) media: uvcvideo: Fix 'type' check leading to overflow
CVE-2019-2181: (unk) binder: check for overflow when alloc for security context
CVE-2019-2213: (unk) binder: fix possible UAF when freeing buffer
CVE-2019-2215: (unk) ANDROID: binder: remove waitqueue when thread exits.
CVE-2019-25160: (unk) netlabel: fix out-of-bounds memory accesses
CVE-2019-3459: (unk) Bluetooth: Verify that l2cap_get_conf_opt provides large enough buffer
CVE-2019-3460: (unk) Bluetooth: Check L2CAP option sizes returned from l2cap_get_conf_opt
CVE-2019-3701: (unk) can: gw: ensure DLC boundaries after CAN frame modification
CVE-2019-3837: (unk) net_dma: simple removal
CVE-2019-3846: (unk) mwifiex: Fix possible buffer overflows at parsing bss descriptor
CVE-2019-3874: (unk) sctp: implement memory accounting on tx path
CVE-2019-3882: (unk) vfio/type1: Limit DMA mappings per container
CVE-2019-3892: (unk) coredump: fix race condition between mmget_not_zero()/get_task_mm() and core dumping
CVE-2019-3901: (unk) perf/core: Fix perf_event_open() vs. execve() race
CVE-2019-5108: (unk) mac80211: Do not send Layer 2 Update frame before authorization
CVE-2019-5489: (unk) Change mincore() to count "mapped" pages rather than "cached" pages
CVE-2019-6133: (unk) fork: record start_time late
CVE-2019-6974: (unk) kvm: fix kvm_ioctl_create_device() reference counting (CVE-2019-6974)
CVE-2019-7222: (unk) KVM: x86: work around leak of uninitialized stack contents (CVE-2019-7222)
CVE-2019-7308: (unk) bpf: fix sanitation of alu op with pointer / scalar type from different paths
CVE-2019-9213: (unk) mm: enforce min addr even if capable() in expand_downwards()
CVE-2019-9445: (unk) f2fs: check if file namelen exceeds max value
CVE-2019-9453: (unk) f2fs: fix to avoid accessing xattr across the boundary
CVE-2019-9454: (unk) i2c: core-smbus: prevent stack corruption on read I2C_BLOCK_DATA
CVE-2019-9456: (unk) usb: usbmon: Read text within supplied buffer size
CVE-2019-9457: (unk) exec: Limit arg stack to at most 75% of _STK_LIM
CVE-2019-9458: (unk) media: v4l: event: Prevent freeing event subscriptions while accessed
CVE-2019-9466: (unk) brcmfmac: add subtype check for event handling in data path
CVE-2019-9503: (unk) brcmfmac: add subtype check for event handling in data path
CVE-2019-9506: (unk) Bluetooth: Fix faulty expression for minimum encryption key size check
CVE-2020-0009: (unk) staging: android: ashmem: Disallow ashmem memory from being remapped
CVE-2020-0030: (unk) ANDROID: binder: synchronize_rcu() when using POLLFREE.
CVE-2020-0066: (unk) netlink: Trim skb to alloc size to avoid MSG_TRUNC
CVE-2020-0067: (unk) f2fs: fix to avoid memory leakage in f2fs_listxattr
CVE-2020-0255: (unk) selinux: properly handle multiple messages in selinux_netlink_send()
CVE-2020-0305: (unk) chardev: Avoid potential use-after-free in 'chrdev_open()'
CVE-2020-0347: (unk)
CVE-2020-0404: (unk) media: uvcvideo: Avoid cyclic entity chains due to malformed USB descriptors
CVE-2020-0427: (unk) pinctrl: devicetree: Avoid taking direct reference to device name string
CVE-2020-0429: (unk) l2tp: fix race between l2tp_session_delete() and l2tp_tunnel_closeall()
CVE-2020-0431: (unk) HID: hid-input: clear unmapped usages
CVE-2020-0432: (unk) staging: most: net: fix buffer overflow
CVE-2020-0433: (unk) blk-mq: sync the update nr_hw_queues with blk_mq_queue_tag_busy_iter
CVE-2020-0435: (unk) f2fs: fix to do sanity check with i_extra_isize
CVE-2020-0465: (unk) HID: core: Sanitize event code and type when mapping input
CVE-2020-0466: (unk) do_epoll_ctl(): clean the failure exits up a bit
CVE-2020-0543: (unk) x86/cpu: Add 'table' argument to cpu_matches()
CVE-2020-10135: (unk) Bluetooth: Consolidate encryption handling in hci_encrypt_cfm
CVE-2020-10690: (unk) ptp: fix the race between the release of ptp_clock and cdev
CVE-2020-10708: (unk)
CVE-2020-10732: (unk) fs/binfmt_elf.c: allocate initialized memory in fill_thread_core_info()
CVE-2020-10742: (unk) new helper: iov_iter_get_pages_alloc()
CVE-2020-10751: (unk) selinux: properly handle multiple messages in selinux_netlink_send()
CVE-2020-10766: (unk) x86/speculation: Prevent rogue cross-process SSBD shutdown
CVE-2020-10767: (unk) x86/speculation: Avoid force-disabling IBPB based on STIBP and enhanced IBRS.
CVE-2020-10768: (unk) x86/speculation: PR_SPEC_FORCE_DISABLE enforcement for indirect branches.
CVE-2020-10769: (unk) crypto: authenc - fix parsing key with misaligned rta_len
CVE-2020-10773: (unk) s390/cmm: fix information leak in cmm_timeout_handler()
CVE-2020-10942: (unk) vhost: Check docket sk_family instead of call getname
CVE-2020-11494: (unk) slcan: Don't transmit uninitialized stack data in padding
CVE-2020-11565: (unk) mm: mempolicy: require at least one nodeid for MPOL_PREFERRED
CVE-2020-11608: (unk) media: ov519: add missing endpoint sanity checks
CVE-2020-11609: (unk) media: stv06xx: add missing descriptor sanity checks
CVE-2020-11668: (unk) media: xirlink_cit: add missing descriptor sanity checks
CVE-2020-11669: (unk) powerpc/powernv/idle: Restore AMR/UAMOR/AMOR after idle
CVE-2020-12114: (unk) make struct mountpoint bear the dentry reference to mountpoint, not struct mount
CVE-2020-12352: (unk) Bluetooth: A2MP: Fix not initializing all members
CVE-2020-12362: (unk) drm/i915/guc: Update to use firmware v49.0.1
CVE-2020-12363: (unk) drm/i915/guc: Update to use firmware v49.0.1
CVE-2020-12364: (unk) drm/i915/guc: Update to use firmware v49.0.1
CVE-2020-12464: (unk) USB: core: Fix free-while-in-use bug in the USB S-Glibrary
CVE-2020-12652: (unk) scsi: mptfusion: Fix double fetch bug in ioctl
CVE-2020-12653: (unk) mwifiex: Fix possible buffer overflows in mwifiex_cmd_append_vsie_tlv()
CVE-2020-12654: (unk) mwifiex: Fix possible buffer overflows in mwifiex_ret_wmm_get_status()
CVE-2020-12655: (unk) xfs: add agf freeblocks verify in xfs_agf_verify
CVE-2020-12656: (unk) sunrpc: check that domain table is empty at module unload.
CVE-2020-12769: (unk) spi: spi-dw: Add lock protect dw_spi rx/tx to prevent concurrent calls
CVE-2020-12770: (unk) scsi: sg: add sg_remove_request in sg_write
CVE-2020-12826: (unk) signal: Extend exec_id to 64bits
CVE-2020-12888: (unk) vfio-pci: Invalidate mmaps and block MMIO access on disabled memory
CVE-2020-13143: (unk) USB: gadget: fix illegal array access in binding with UDC
CVE-2020-13974: (unk) vt: keyboard: avoid signed integer overflow in k_ascii
CVE-2020-14304: (unk)
CVE-2020-14305: (unk) netfilter: helpers: remove data_len usage for inkernel helpers
CVE-2020-14314: (unk) ext4: fix potential negative array index in do_split()
CVE-2020-14331: (unk) vgacon: Fix for missing check in scrollback handling
CVE-2020-14351: (unk) perf/core: Fix race in the perf_mmap_close() function
CVE-2020-14353: (unk) KEYS: prevent creating a different user's keyrings
CVE-2020-14381: (unk) futex: Fix inode life-time issue
CVE-2020-14390: (unk) fbcon: remove soft scrollback code
CVE-2020-14416: (unk) can, slip: Protect tty->disc_data in write_wakeup and close with RCU
CVE-2020-15393: (unk) usb: usbtest: fix missing kfree(dev->buf) in usbtest_disconnect
CVE-2020-15436: (unk) block: Fix use-after-free in blkdev_get()
CVE-2020-15437: (unk) serial: 8250: fix null-ptr-deref in serial8250_start_tx()
CVE-2020-15802: (unk)
CVE-2020-16120: (unk) ovl: switch to mounter creds in readdir
CVE-2020-16166: (unk) random32: update the net random state on interrupt and activity
CVE-2020-1749: (unk) net: ipv6_stub: use ip6_dst_lookup_flow instead of ip6_dst_lookup
CVE-2020-24502: (unk)
CVE-2020-24503: (unk)
CVE-2020-24586: (unk) mac80211: prevent mixed key and fragment cache attacks
CVE-2020-24587: (unk) mac80211: prevent mixed key and fragment cache attacks
CVE-2020-24588: (unk) cfg80211: mitigate A-MSDU aggregation attacks
CVE-2020-25211: (unk) netfilter: ctnetlink: add a range check for l3/l4 protonum
CVE-2020-25212: (unk) nfs: Fix getxattr kernel panic and memory overflow
CVE-2020-25284: (unk) rbd: require global CAP_SYS_ADMIN for mapping and unmapping
CVE-2020-25285: (unk) mm/hugetlb: fix a race between hugetlb sysctl handlers
CVE-2020-25643: (unk) hdlc_ppp: add range checks in ppp_cp_parse_cr()
CVE-2020-25656: (unk) vt: keyboard, extend func_buf_lock to readers
CVE-2020-25668: (unk) tty: make FONTX ioctl use the tty pointer they were actually passed
CVE-2020-25669: (unk) Input: sunkbd - avoid use-after-free in teardown paths
CVE-2020-25670: (unk) nfc: fix refcount leak in llcp_sock_bind()
CVE-2020-25671: (unk) nfc: fix refcount leak in llcp_sock_connect()
CVE-2020-25672: (unk) nfc: fix memory leak in llcp_sock_connect()
CVE-2020-25673: (unk) nfc: Avoid endless loops caused by repeated llcp_sock_connect()
CVE-2020-26139: (unk) mac80211: do not accept/forward invalid EAPOL frames
CVE-2020-26140: (unk)
CVE-2020-26141: (unk) ath10k: Fix TKIP Michael MIC verification for PCIe
CVE-2020-26142: (unk)
CVE-2020-26143: (unk)
CVE-2020-26145: (unk) ath10k: drop fragments with multicast DA for PCIe
CVE-2020-26147: (unk) mac80211: assure all fragments are encrypted
CVE-2020-26541: (unk) certs: Add EFI_CERT_X509_GUID support for dbx entries
CVE-2020-26555: (unk) Bluetooth: SMP: Fail if remote and local public keys are identical
CVE-2020-26556: (unk)
CVE-2020-26557: (unk)
CVE-2020-26558: (unk) Bluetooth: SMP: Fail if remote and local public keys are identical
CVE-2020-26559: (unk)
CVE-2020-26560: (unk)
CVE-2020-27066: (unk) xfrm: policy: Fix doulbe free in xfrm_policy_timer
CVE-2020-27067: (unk) l2tp: fix l2tp_eth module loading
CVE-2020-27068: (unk) cfg80211: add missing policy for NL80211_ATTR_STATUS_CODE
CVE-2020-2732: (unk) KVM: nVMX: Don't emulate instructions in guest mode
CVE-2020-27418: (unk) vgacon: Fix a UAF in vgacon_invert_region
CVE-2020-27673: (unk) xen/events: add a proper barrier to 2-level uevent unmasking
CVE-2020-27675: (unk) xen/events: avoid removing an event channel while handling it
CVE-2020-27777: (unk) powerpc/rtas: Restrict RTAS requests from userspace
CVE-2020-27786: (unk) ALSA: rawmidi: Fix racy buffer resize under concurrent accesses
CVE-2020-27815: (unk) jfs: Fix array index bounds check in dbAdjTree
CVE-2020-27820: (unk) drm/nouveau: use drm_dev_unplug() during device removal
CVE-2020-27825: (unk) tracing: Fix race in trace_open and buffer resize call
CVE-2020-28097: (unk) vgacon: remove software scrollback support
CVE-2020-28374: (unk) scsi: target: Fix XCOPY NAA identifier lookup
CVE-2020-28915: (unk) fbcon: Fix global-out-of-bounds read in fbcon_get_font()
CVE-2020-28974: (unk) vt: Disable KD_FONT_OP_COPY
CVE-2020-29371: (unk) romfs: fix uninitialized memory leak in romfs_dev_read()
CVE-2020-29374: (unk) gup: document and work around "COW can break either way" issue
CVE-2020-29568: (unk) xen/xenbus: Allow watches discard events before queueing
CVE-2020-29660: (unk) tty: Fix ->session locking
CVE-2020-29661: (unk) tty: Fix ->pgrp locking in tiocspgrp()
CVE-2020-35501: (unk)
CVE-2020-35508: (unk) fork: fix copy_process(CLONE_PARENT) race with the exiting ->real_parent
CVE-2020-35519: (unk) net/x25: prevent a couple of overflows
CVE-2020-36158: (unk) mwifiex: Fix possible buffer overflows in mwifiex_cmd_802_11_ad_hoc_start
CVE-2020-36310: (unk) KVM: SVM: avoid infinite loop on NPF from bad address
CVE-2020-36313: (unk) KVM: Fix out of range accesses to memslots
CVE-2020-36322: (unk) fuse: fix bad inode
CVE-2020-36385: (unk) RDMA/ucma: Rework ucma_migrate_id() to avoid races with destroy
CVE-2020-36386: (unk) Bluetooth: Fix slab-out-of-bounds read in hci_extended_inquiry_result_evt()
CVE-2020-36557: (unk) vt: vt_ioctl: fix VT_DISALLOCATE freeing in-use virtual console
CVE-2020-36558: (unk) vt: vt_ioctl: fix race in VT_RESIZEX
CVE-2020-36691: (unk) netlink: limit recursion depth in policy validation
CVE-2020-36775: (unk) f2fs: fix to avoid potential deadlock
CVE-2020-36780: (unk) i2c: sprd: fix reference leak when pm_runtime_get_sync fails
CVE-2020-36781: (unk) i2c: imx: fix reference leak when pm_runtime_get_sync fails
CVE-2020-3702: (unk) ath: Use safer key clearing with key cache entries
CVE-2020-4788: (unk) powerpc/64s: flush L1D on kernel entry
CVE-2020-8647: (unk) vgacon: Fix a UAF in vgacon_invert_region
CVE-2020-8648: (unk) vt: selection, close sel_buffer race
CVE-2020-8649: (unk) vgacon: Fix a UAF in vgacon_invert_region
CVE-2020-8832: (unk) drm/i915: Record the default hw state after reset upon load
CVE-2020-9383: (unk) floppy: check FDC index for errors before assigning it
CVE-2021-0129: (unk) Bluetooth: SMP: Fail if remote and local public keys are identical
CVE-2021-0399: (unk)
CVE-2021-0447: (unk) l2tp: protect sock pointer of struct pppol2tp_session with RCU
CVE-2021-0448: (unk) netfilter: ctnetlink: add a range check for l3/l4 protonum
CVE-2021-0512: (unk) HID: make arrays usage and value to be the same
CVE-2021-0920: (unk) af_unix: fix garbage collect vs MSG_PEEK
CVE-2021-0929: (unk) staging/android/ion: delete dma_buf->kmap/unmap implemenation
CVE-2021-0937: (unk) netfilter: x_tables: fix compat match/target pad out-of-bound write
CVE-2021-0941: (unk) bpf: Remove MTU check in __bpf_skb_max_len
CVE-2021-1048: (unk) fix regression in "epoll: Keep a reference on files added to the check list"
CVE-2021-20261: (unk) floppy: fix lock_fdc() signal handling
CVE-2021-20292: (unk) drm/ttm/nouveau: don't call tt destroy callback on alloc failure.
CVE-2021-20317: (unk) lib/timerqueue: Rely on rbtree semantics for next timer
CVE-2021-20321: (unk) ovl: fix missing negative dentry check in ovl_rename()
CVE-2021-21781: (unk) ARM: ensure the signal page contains defined contents
CVE-2021-22543: (unk) KVM: do not allow mapping valid but non-reference-counted pages
CVE-2021-22555: (unk) netfilter: x_tables: fix compat match/target pad out-of-bound write
CVE-2021-26401: (unk) x86/speculation: Use generic retpoline by default on AMD
CVE-2021-26930: (unk) xen-blkback: fix error handling in xen_blkbk_map()
CVE-2021-26931: (unk) xen-blkback: don't "handle" error by BUG()
CVE-2021-26932: (unk) Xen/x86: don't bail early from clear_foreign_p2m_mapping()
CVE-2021-27363: (unk) scsi: iscsi: Restrict sessions and handles to admin capabilities
CVE-2021-27364: (unk) scsi: iscsi: Restrict sessions and handles to admin capabilities
CVE-2021-27365: (unk) scsi: iscsi: Ensure sysfs attributes are limited to PAGE_SIZE
CVE-2021-28038: (unk) Xen/gnttab: handle p2m update errors on a per-slot basis
CVE-2021-28660: (unk) staging: rtl8188eu: prevent ->ssid overflow in rtw_wx_set_scan()
CVE-2021-28688: (unk) xen-blkback: don't leak persistent grants from xen_blkbk_map()
CVE-2021-28711: (unk) xen/blkfront: harden blkfront against event channel storms
CVE-2021-28712: (unk) xen/netfront: harden netfront against event channel storms
CVE-2021-28713: (unk) xen/console: harden hvc_xen against event channel storms
CVE-2021-28964: (unk) btrfs: fix race when cloning extent buffer during rewind of an old root
CVE-2021-28972: (unk) PCI: rpadlpar: Fix potential drc_name corruption in store functions
CVE-2021-29154: (unk) bpf, x86: Validate computation of branch displacements for x86-64
CVE-2021-29155: (unk) bpf: Use correct permission flag for mixed signed bounds arithmetic
CVE-2021-29265: (unk) usbip: fix stub_dev usbip_sockfd_store() races leading to gpf
CVE-2021-29650: (unk) netfilter: x_tables: Use correct memory barriers.
CVE-2021-30002: (unk) media: v4l: ioctl: Fix memory leak in video_usercopy
CVE-2021-3178: (unk) nfsd4: readdirplus shouldn't return parent of export
CVE-2021-31916: (unk) dm ioctl: fix out of bounds array access when no devices
CVE-2021-32078: (unk) ARM: footbridge: remove personal server platform
CVE-2021-32399: (unk) bluetooth: eliminate the potential race condition when removing the HCI controller
CVE-2021-33034: (unk) Bluetooth: verify AMP hci_chan before amp_destroy
CVE-2021-33061: (unk) ixgbe: add improvement for MDD response functionality
CVE-2021-33098: (unk) ixgbe: fix large MTU request from VF
CVE-2021-33631: (unk) ext4: fix kernel BUG in 'ext4_write_inline_data_end()'
CVE-2021-33655: (unk) fbcon: Disallow setting font bigger than screen size
CVE-2021-33656: (unk) vt: drop old FONT ioctls
CVE-2021-34556: (unk) bpf: Introduce BPF nospec instruction for mitigating Spectre v4
CVE-2021-34693: (unk) can: bcm: fix infoleak in struct bcm_msg_head
CVE-2021-3483: (unk) firewire: nosy: Fix a use-after-free bug in nosy_ioctl()
CVE-2021-34981: (unk) Bluetooth: cmtp: fix file refcount when cmtp_attach_device fails
CVE-2021-3506: (unk) f2fs: fix to avoid out-of-bounds memory access
CVE-2021-3542: (unk)
CVE-2021-35477: (unk) bpf: Introduce BPF nospec instruction for mitigating Spectre v4
CVE-2021-3564: (unk) Bluetooth: fix the erroneous flush_work() order
CVE-2021-3573: (unk) Bluetooth: use correct lock to prevent UAF of hdev object
CVE-2021-3587: (unk) nfc: fix NULL ptr dereference in llcp_sock_getname() after failed connect
CVE-2021-3609: (unk) can: bcm: delay release of struct bcm_op after synchronize_rcu()
CVE-2021-3612: (unk) Input: joydev - prevent potential read overflow in ioctl
CVE-2021-3640: (unk) Bluetooth: sco: Fix lock_sock() blockage by memcpy_from_msg()
CVE-2021-3653: (unk) KVM: nSVM: avoid picking up unsupported bits from L2 in int_ctl (CVE-2021-3653)
CVE-2021-3655: (unk) sctp: validate from_addr_param return
CVE-2021-3659: (unk) net: mac802154: Fix general protection fault
CVE-2021-3669: (unk) ipc: replace costly bailout check in sysvipc_find_ipc()
CVE-2021-3679: (unk) tracing: Fix bug in rb_per_cpu_empty() that might cause deadloop.
CVE-2021-3714: (unk)
CVE-2021-37159: (unk) usb: hso: fix error handling code of hso_create_net_device
CVE-2021-3752: (unk) Bluetooth: fix use-after-free error in lock_sock_nested()
CVE-2021-3753: (unk) vt_kdsetmode: extend console locking
CVE-2021-37576: (unk) KVM: PPC: Book3S: Fix H_RTAS rets buffer overflow
CVE-2021-3772: (unk) sctp: use init_tag from inithdr for ABORT chunk
CVE-2021-38160: (unk) virtio_console: Assure used length from device is limited
CVE-2021-38198: (unk) KVM: X86: MMU: Use the correct inherited permissions to get shadow page
CVE-2021-38205: (unk) net: xilinx_emaclite: Do not print real IOMEM pointer
CVE-2021-38208: (unk) nfc: fix NULL ptr dereference in llcp_sock_getname() after failed connect
CVE-2021-3847: (unk)
CVE-2021-3864: (unk)
CVE-2021-3892: (unk)
CVE-2021-3896: (unk) isdn: cpai: check ctr->cnr to avoid array index out of bound
CVE-2021-39633: (unk) ip_gre: add validation for csum_start
CVE-2021-39634: (unk) epoll: do not insert into poll queues until all sanity checks are done
CVE-2021-39636: (unk) netfilter: x_tables: fix pointer leaks to userspace
CVE-2021-39648: (unk) usb: gadget: configfs: Fix use-after-free issue with udc_name
CVE-2021-39657: (unk) scsi: ufs: Correct the LUN used in eh_device_reset_handler() callback
CVE-2021-39685: (unk) USB: gadget: detect too-big endpoint 0 requests
CVE-2021-39686: (unk) binder: use euid from cred instead of using task
CVE-2021-39698: (unk) wait: add wake_up_pollfree()
CVE-2021-39800: (unk)
CVE-2021-39801: (unk)
CVE-2021-4002: (unk) hugetlbfs: flush TLBs correctly after huge_pmd_unshare
CVE-2021-4023: (unk) io-wq: fix cancellation on create-worker failure
CVE-2021-4037: (unk) xfs: fix up non-directory creation in SGID directories
CVE-2021-40490: (unk) ext4: fix race writing to an inline_data file while its xattrs are changing
CVE-2021-4083: (unk) fget: check that the fd still exists after getting a ref to it
CVE-2021-4149: (unk) btrfs: unlock newly allocated extent buffer after error
CVE-2021-4150: (unk) block: fix incorrect references to disk objects
CVE-2021-4155: (unk) xfs: map unwritten blocks in XFS_IOC_{ALLOC,FREE}SP just like fallocate
CVE-2021-4159: (unk) bpf: Verifer, adjust_scalar_min_max_vals to always call update_reg_bounds()
CVE-2021-42008: (unk) net: 6pack: fix slab-out-of-bounds in decode_data
CVE-2021-4202: (unk) NFC: reorganize the functions in nci_request
CVE-2021-4203: (unk) af_unix: fix races in sk_peer_pid and sk_peer_cred accesses
CVE-2021-4218: (unk) sysctl: pass kernel pointers to ->proc_handler
CVE-2021-42739: (unk) media: firewire: firedtv-avc: fix a buffer overflow in avc_ca_pmt()
CVE-2021-43389: (unk) isdn: cpai: check ctr->cnr to avoid array index out of bound
CVE-2021-43975: (unk) atlantic: Fix OOB read and write in hw_atl_utils_fw_rpc_wait
CVE-2021-43976: (unk) mwifiex: Fix skb_over_panic in mwifiex_usb_recv()
CVE-2021-44879: (unk) f2fs: fix to do sanity check on inode type during garbage collection
CVE-2021-45095: (unk) phonet: refcount leak in pep_sock_accep
CVE-2021-45469: (unk) f2fs: fix to do sanity check on last xattr entry in __f2fs_setxattr()
CVE-2021-45485: (unk) ipv6: use prandom_u32() for ID generation
CVE-2021-45868: (unk) quota: check block number when reading the block in quota file
CVE-2021-46904: (unk) net: hso: fix null-ptr-deref during tty device unregistration
CVE-2021-46906: (unk) HID: usbhid: fix info leak in hid_submit_ctrl
CVE-2021-46908: (unk) bpf: Use correct permission flag for mixed signed bounds arithmetic
CVE-2021-46926: (unk) ALSA: hda: intel-sdw-acpi: harden detection of controller
CVE-2021-46928: (unk) parisc: Clear stale IIR value on instruction access rights trap
CVE-2021-46932: (unk) Input: appletouch - initialize work before device registration
CVE-2021-46936: (unk) net: fix use-after-free in tw_timer_handler
CVE-2021-46939: (unk) tracing: Restructure trace_clock_global() to never block
CVE-2021-46950: (unk) md/raid1: properly indicate failure when ending a failed write request
CVE-2021-46951: (unk) tpm: efi: Use local variable for calculating final log size
CVE-2021-46952: (unk) NFS: fs_context: validate UDP retrans to prevent shift out-of-bounds
CVE-2021-46959: (unk) spi: Fix use-after-free with devm_spi_alloc_*
CVE-2021-46962: (unk) mmc: uniphier-sd: Fix a resource leak in the remove function
CVE-2021-46965: (unk) mtd: physmap: physmap-bt1-rom: Fix unintentional stack access
CVE-2021-46969: (unk) bus: mhi: core: Fix invalid error returning in mhi_queue
CVE-2021-46970: (unk) bus: mhi: pci_generic: Remove WQ_MEM_RECLAIM flag from state workqueue
CVE-2021-46982: (unk) f2fs: compress: fix race condition of overwrite vs truncate
CVE-2021-47028: (unk) mt76: mt7915: fix txrate reporting
CVE-2021-47046: (unk) drm/amd/display: Fix off by one in hdmi_14_process_transaction()
CVE-2021-47052: (unk) crypto: sa2ul - Fix memory leak of rxd
CVE-2021-47059: (unk) crypto: sun8i-ss - fix result memory leak on error path
CVE-2021-47065: (unk) rtw88: Fix array overrun in rtw_get_tx_power_params()
CVE-2021-47070: (unk) uio_hv_generic: Fix another memory leak in error handling paths
CVE-2021-47075: (unk) nvmet: fix memory leak in nvmet_alloc_ctrl()
CVE-2021-47076: (unk) RDMA/rxe: Return CQE error if invalid lkey was supplied
CVE-2021-47082: (unk) tun: avoid double free in tun_free_netdev
CVE-2021-47083: (unk) pinctrl: mediatek: fix global-out-of-bounds issue
CVE-2021-47086: (unk) phonet/pep: refuse to enable an unbound pipe
CVE-2021-47101: (unk) asix: fix uninit-value in asix_mdio_read()
CVE-2021-47103: (unk) inet: fully convert sk->sk_rx_dst to RCU rules
CVE-2021-47110: (unk) x86/kvm: Disable kvmclock on all CPUs on shutdown
CVE-2021-47112: (unk) x86/kvm: Teardown PV features on boot CPU as well
CVE-2021-47113: (unk) btrfs: abort in rename_exchange if we fail to insert the second ref
CVE-2021-47114: (unk) ocfs2: fix data corruption by fallocate
CVE-2021-47116: (unk) ext4: fix memory leak in ext4_mb_init_backend on error path.
CVE-2021-47117: (unk) ext4: fix bug on in ext4_es_cache_extent as ext4_split_extent_at failed
CVE-2021-47118: (unk) pid: take a reference when initializing `cad_pid`
CVE-2021-47119: (unk) ext4: fix memory leak in ext4_fill_super
CVE-2021-47121: (unk) net: caif: fix memory leak in cfusbl_device_notify
CVE-2021-47122: (unk) net: caif: fix memory leak in caif_device_notify
CVE-2021-47124: (unk) io_uring: fix link timeout refs
CVE-2021-47125: (unk) sch_htb: fix refcount leak in htb_parent_to_leaf_offload
CVE-2021-47128: (unk) bpf, lockdown, audit: Fix buggy SELinux lockdown permission checks
CVE-2021-47131: (unk) net/tls: Fix use-after-free after the TLS device goes down and up
CVE-2021-47133: (unk) HID: amd_sfh: Fix memory leak in amd_sfh_work
CVE-2021-47135: (unk) mt76: mt7921: fix possible AOOB issue in mt7921_mcu_tx_rate_report
CVE-2021-47136: (unk) net: zero-initialize tc skb extension on allocation
CVE-2021-47137: (unk) net: lantiq: fix memory corruption in RX ring
CVE-2021-47140: (unk) iommu/amd: Clear DMA ops when switching domain
CVE-2021-47142: (unk) drm/amdgpu: Fix a use-after-free
CVE-2021-47143: (unk) net/smc: remove device from smcd_dev_list after failed device_add()
CVE-2021-47144: (unk) drm/amd/amdgpu: fix refcount leak
CVE-2021-47145: (unk) btrfs: do not BUG_ON in link_to_fixup_dir
CVE-2021-47146: (unk) mld: fix panic in mld_newpack()
CVE-2021-47147: (unk) ptp: ocp: Fix a resource leak in an error handling path
CVE-2021-47149: (unk) net: fujitsu: fix potential null-ptr-deref
CVE-2021-47151: (unk) interconnect: qcom: bcm-voter: add a missing of_node_put()
CVE-2021-47153: (unk) i2c: i801: Don't generate an interrupt on bus reset
CVE-2021-47158: (unk) net: dsa: sja1105: add error handling in sja1105_setup()
CVE-2021-47160: (unk) net: dsa: mt7530: fix VLAN traffic leaks
CVE-2021-47165: (unk) drm/meson: fix shutdown crash when component not probed
CVE-2021-47168: (unk) NFS: fix an incorrect limit in filelayout_decode_layout()
CVE-2021-47169: (unk) serial: rp2: use 'request_firmware' instead of 'request_firmware_nowait'
CVE-2021-47170: (unk) USB: usbfs: Don't WARN about excessively large memory allocations
CVE-2021-47171: (unk) net: usb: fix memory leak in smsc75xx_bind
CVE-2021-47172: (unk) iio: adc: ad7124: Fix potential overflow due to non sequential channel numbers
CVE-2021-47173: (unk) misc/uss720: fix memory leak in uss720_probe
CVE-2021-47175: (unk) net/sched: fq_pie: fix OOB access in the traffic path
CVE-2021-47179: (unk) NFSv4: Fix a NULL pointer dereference in pnfs_mark_matching_lsegs_return()
CVE-2021-47180: (unk) NFC: nci: fix memory leak in nci_allocate_device
CVE-2022-0001: (unk) x86/speculation: Rename RETPOLINE_AMD to RETPOLINE_LFENCE
CVE-2022-0002: (unk) x86/speculation: Rename RETPOLINE_AMD to RETPOLINE_LFENCE
CVE-2022-0168: (unk) cifs: fix NULL ptr dereference in smb2_ioctl_query_info()
CVE-2022-0330: (unk) drm/i915: Flush TLBs before releasing backing store
CVE-2022-0382: (unk) net ticp:fix a kernel-infoleak in __tipc_sendmsg()
CVE-2022-0400: (unk)
CVE-2022-0480: (unk) memcg: enable accounting for file lock caches
CVE-2022-0492: (unk) cgroup-v1: Require capabilities to set release_agent
CVE-2022-0494: (unk) block-map: add __GFP_ZERO flag for alloc_page in function bio_copy_kern
CVE-2022-0850: (unk) ext4: fix kernel infoleak via ext4_extent_header
CVE-2022-1011: (unk) fuse: fix pipe buffer lifetime for direct_io
CVE-2022-1012: (unk) secure_seq: use the 64 bits of the siphash for port offset calculation
CVE-2022-1048: (unk) ALSA: pcm: Fix races among concurrent hw_params and hw_free calls
CVE-2022-1116: (unk)
CVE-2022-1184: (unk) ext4: verify dir block before splitting it
CVE-2022-1195: (unk) hamradio: improve the incomplete fix to avoid NPD
CVE-2022-1198: (unk) drivers: hamradio: 6pack: fix UAF bug caused by mod_timer()
CVE-2022-1199: (unk) ax25: Fix NULL pointer dereference in ax25_kill_by_device
CVE-2022-1204: (unk) ax25: Fix refcount leaks caused by ax25_cb_del()
CVE-2022-1247: (unk)
CVE-2022-1263: (unk) KVM: avoid NULL pointer dereference in kvm_dirty_ring_push
CVE-2022-1280: (unk) drm: avoid circular locks in drm_mode_getconnector
CVE-2022-1353: (unk) af_key: add __GFP_ZERO flag for compose_sadb_supported in function pfkey_register
CVE-2022-1462: (unk) tty: use new tty_insert_flip_string_and_push_buffer() in pty_write()
CVE-2022-1652: (unk) floppy: use a statically allocated error counter
CVE-2022-1679: (unk) ath9k: fix use-after-free in ath9k_hif_usb_rx_cb
CVE-2022-1786: (unk) io_uring: remove io_identity
CVE-2022-1836: (unk) floppy: disable FDRAWCMD by default
CVE-2022-1966: (unk) netfilter: nf_tables: disallow non-stateful expression in sets earlier
CVE-2022-1974: (unk) nfc: replace improper check device_is_registered() in netlink related functions
CVE-2022-1975: (unk) NFC: netlink: fix sleep in atomic bug when firmware download timeout
CVE-2022-20132: (unk) HID: add hid_is_usb() function to make it simpler for USB detection
CVE-2022-20141: (unk) igmp: Add ip_mc_list lock in ip_check_mc_rcu
CVE-2022-20148: (unk) f2fs: fix UAF in f2fs_available_free_memory
CVE-2022-20158: (unk) net/packet: fix slab-out-of-bounds access in packet_recvmsg()
CVE-2022-20166: (unk) drivers core: Use sysfs_emit and sysfs_emit_at for show(device *...) functions
CVE-2022-20368: (unk) net/packet: fix slab-out-of-bounds access in packet_recvmsg()
CVE-2022-20369: (unk) media: v4l2-mem2mem: Apply DST_QUEUE_OFF_BASE on MMAP buffers across ioctls
CVE-2022-20424: (unk) io_uring: remove io_identity
CVE-2022-20565: (unk) HID: core: Correctly handle ReportSize being zero
CVE-2022-20566: (unk) Bluetooth: L2CAP: Fix use-after-free caused by l2cap_chan_put
CVE-2022-20572: (unk) dm verity: set DM_TARGET_IMMUTABLE feature flag
CVE-2022-21123: (unk) x86/speculation/mmio: Add mitigation for Processor MMIO Stale Data
CVE-2022-21125: (unk) x86/speculation/mmio: Reuse SRBDS mitigation for SBDS
CVE-2022-21166: (unk) x86/speculation/mmio: Enable CPU Fill buffer clearing on idle
CVE-2022-21385: (unk) net/rds: fix warn in rds_message_alloc_sgs
CVE-2022-21499: (unk) lockdown: also lock down previous kgdb use
CVE-2022-2153: (unk) KVM: x86: Avoid theoretical NULL pointer dereference in kvm_irq_delivery_to_apic_fast()
CVE-2022-2209: (unk)
CVE-2022-23036: (unk) xen/grant-table: add gnttab_try_end_foreign_access()
CVE-2022-23037: (unk) xen/netfront: don't use gnttab_query_foreign_access() for mapped status
CVE-2022-23038: (unk) xen/grant-table: add gnttab_try_end_foreign_access()
CVE-2022-23039: (unk) xen/gntalloc: don't use gnttab_query_foreign_access()
CVE-2022-23040: (unk) xen/xenbus: don't let xenbus_grant_ring() remove grants in error case
CVE-2022-23042: (unk) xen/netfront: react properly to failing gnttab_end_foreign_access_ref()
CVE-2022-2318: (unk) net: rose: fix UAF bugs caused by timer handler
CVE-2022-23222: (unk) bpf: Replace PTR_TO_XXX_OR_NULL with PTR_TO_XXX | PTR_MAYBE_NULL
CVE-2022-2380: (unk) video: fbdev: sm712fb: Fix crash in smtcfb_read()
CVE-2022-23816: (unk) x86/kvm/vmx: Make noinstr clean
CVE-2022-23825: (unk)
CVE-2022-23960: (unk) ARM: report Spectre v2 status through sysfs
CVE-2022-24448: (unk) NFSv4: Handle case where the lookup of a directory fails
CVE-2022-24958: (unk) usb: gadget: don't release an existing dev->buf
CVE-2022-2503: (unk) dm verity: set DM_TARGET_IMMUTABLE feature flag
CVE-2022-25265: (unk)
CVE-2022-25375: (unk) usb: gadget: rndis: check size of RNDIS_MSG_SET command
CVE-2022-2588: (unk) net_sched: cls_route: remove from list when handle is 0
CVE-2022-26365: (unk) xen/blkfront: fix leaking data in shared pages
CVE-2022-26373: (unk) x86/speculation: Add RSB VM Exit protections
CVE-2022-2663: (unk) netfilter: nf_conntrack_irc: Fix forged IP logic
CVE-2022-26966: (unk) sr9700: sanity check for packet length
CVE-2022-27672: (unk) x86/speculation: Identify processors vulnerable to SMT RSB predictions
CVE-2022-28356: (unk) llc: fix netdevice reference leaks in llc_ui_bind()
CVE-2022-28388: (unk) can: usb_8dev: usb_8dev_start_xmit(): fix double dev_kfree_skb() in error path
CVE-2022-28390: (unk) can: ems_usb: ems_usb_start_xmit(): fix double dev_kfree_skb() in error path
CVE-2022-2961: (unk)
CVE-2022-2964: (unk) net: usb: ax88179_178a: Fix out-of-bounds accesses in RX fixup
CVE-2022-2978: (unk) fs: fix UAF/GPF bug in nilfs_mdt_destroy
CVE-2022-29900: (unk) x86/kvm/vmx: Make noinstr clean
CVE-2022-29901: (unk) x86/kvm/vmx: Make noinstr clean
CVE-2022-3028: (unk) af_key: Do not call xfrm_probe_algs in parallel
CVE-2022-3061: (unk) video: fbdev: i740fb: Error out if 'pixclock' equals zero
CVE-2022-3111: (unk) power: supply: wm8350-power: Add missing free in free_charger_irq
CVE-2022-3169: (unk) nvme: ensure subsystem reset is single threaded
CVE-2022-3202: (unk) jfs: prevent NULL deref in diFree
CVE-2022-32296: (unk) tcp: increase source port perturb table to 2^16
CVE-2022-3303: (unk) ALSA: pcm: oss: Fix race at SNDCTL_DSP_SYNC
CVE-2022-3344: (unk) KVM: x86: nSVM: harden svm_free_nested against freeing vmcb02 while still in use
CVE-2022-33740: (unk) xen/netfront: fix leaking data in shared pages
CVE-2022-33741: (unk) xen/netfront: force data bouncing when backend is untrusted
CVE-2022-33742: (unk) xen/blkfront: force data bouncing when backend is untrusted
CVE-2022-33744: (unk) xen/arm: Fix race in RB-tree based P2M accounting
CVE-2022-33981: (unk) floppy: disable FDRAWCMD by default
CVE-2022-3424: (unk) misc: sgi-gru: fix use-after-free error in gru_set_context_option, gru_fault and gru_handle_user_call_os
CVE-2022-3522: (unk) mm/hugetlb: use hugetlb_pte_stable in migration race check
CVE-2022-3523: (unk) mm/memory.c: fix race when faulting a device private page
CVE-2022-3524: (unk) tcp/udp: Fix memory leak in ipv6_renew_options().
CVE-2022-3533: (unk)
CVE-2022-3534: (unk) libbpf: Fix use-after-free in btf_dump_name_dups
CVE-2022-3545: (unk) nfp: fix use-after-free in area_cache_get()
CVE-2022-3564: (unk) Bluetooth: L2CAP: Fix use-after-free caused by l2cap_reassemble_sdu
CVE-2022-3565: (unk) mISDN: fix use-after-free bugs in l1oip timer handlers
CVE-2022-3566: (unk) tcp: Fix data races around icsk->icsk_af_ops.
CVE-2022-3567: (unk) ipv6: Fix data races around sk->sk_prot.
CVE-2022-3586: (unk) sch_sfb: Don't assume the skb is still around after enqueueing to child
CVE-2022-3594: (unk) r8152: Rate limit overflow messages
CVE-2022-3595: (unk) cifs: fix double-fault crash during ntlmssp
CVE-2022-3606: (unk)
CVE-2022-36123: (unk) x86: Clear .brk area at early boot
CVE-2022-3621: (unk) nilfs2: fix NULL pointer dereference at nilfs_bmap_lookup_at_level()
CVE-2022-3624: (unk) bonding: fix reference count leak in balance-alb mode
CVE-2022-3628: (unk) wifi: brcmfmac: Fix potential buffer overflow in brcmf_fweh_event_worker()
CVE-2022-36280: (unk) drm/vmwgfx: Validate the box size for the snooped cursor
CVE-2022-3629: (unk) vsock: Fix memory leak in vsock_connect()
CVE-2022-3635: (unk) atm: idt77252: fix use-after-free bugs caused by tst_timer
CVE-2022-3636: (unk) net: ethernet: mtk_eth_soc: use after free in __mtk_ppe_check_skb()
CVE-2022-3642: (unk)
CVE-2022-3646: (unk) nilfs2: fix leak of nilfs_root in case of writer thread creation failure
CVE-2022-3649: (unk) nilfs2: fix use-after-free bug of struct nilfs_root
CVE-2022-36879: (unk) xfrm: xfrm_policy: fix a possible double xfrm_pols_put() in xfrm_bundle_lookup()
CVE-2022-36946: (unk) netfilter: nf_queue: do not allow packet truncation below transport header offset
CVE-2022-38096: (unk)
CVE-2022-3903: (unk) media: mceusb: Use new usb_control_msg_*() routines
CVE-2022-39188: (unk) mmu_gather: Force tlb-flush VM_PFNMAP vmas
CVE-2022-39842: (unk) video: fbdev: pxa3xx-gcu: Fix integer overflow in pxa3xx_gcu_write
CVE-2022-40768: (unk) scsi: stex: Properly zero out the passthrough command structure
CVE-2022-4095: (unk) staging: rtl8712: fix use after free bugs
CVE-2022-40982: (unk) x86/speculation: Add Gather Data Sampling mitigation
CVE-2022-41218: (unk) media: dvb-core: Fix UAF due to refcount races at releasing
CVE-2022-41222: (unk) mm/mremap: hold the rmap lock in write mode when moving page table entries.
CVE-2022-4129: (unk) l2tp: Serialize access to sk_user_data with sk_callback_lock
CVE-2022-41848: (unk)
CVE-2022-41849: (unk) fbdev: smscufx: Fix use-after-free in ufx_ops_open()
CVE-2022-41850: (unk) HID: roccat: Fix use-after-free in roccat_read()
CVE-2022-41858: (unk) drivers: net: slip: fix NPD bug in sl_tx_timeout()
CVE-2022-42895: (unk) Bluetooth: L2CAP: Fix attempting to access uninitialized memory
CVE-2022-42896: (unk) Bluetooth: L2CAP: Fix accepting connection request for invalid SPSM
CVE-2022-43750: (unk) usb: mon: make mmapped memory read only
CVE-2022-44032: (unk) char: pcmcia: remove all the drivers
CVE-2022-44033: (unk) char: pcmcia: remove all the drivers
CVE-2022-4543: (unk)
CVE-2022-45884: (unk)
CVE-2022-45885: (unk)
CVE-2022-45886: (unk) media: dvb-core: Fix use-after-free due on race condition at dvb_net
CVE-2022-45887: (unk) media: ttusb-dec: fix memory leak in ttusb_dec_exit_dvb()
CVE-2022-45919: (unk) media: dvb-core: Fix use-after-free due to race condition at dvb_ca_en50221
CVE-2022-45934: (unk) Bluetooth: L2CAP: Fix u8 overflow
CVE-2022-4662: (unk) USB: core: Prevent nested device-reset calls
CVE-2022-4744: (unk) tun: avoid double free in tun_free_netdev
CVE-2022-48619: (unk) Input: add bounds checking to input_set_capability()
CVE-2022-48626: (unk) moxart: fix potential use-after-free on remove path
CVE-2022-48627: (unk) vt: fix memory overlapping when deleting chars in the buffer
CVE-2022-48628: (unk) ceph: drop messages from MDS when unmounting
CVE-2023-0030: (unk) drm/nouveau/mmu: add more general vmm free/node handling functions
CVE-2023-0047: (unk) mm, oom: do not trigger out_of_memory from the #PF
CVE-2023-0266: (unk) ALSA: pcm: Move rwsem lock inside snd_ctl_elem_read to prevent UAF
CVE-2023-0386: (unk) ovl: fail on invalid uid/gid mapping at copy up
CVE-2023-0394: (unk) ipv6: raw: Deduct extension header length in rawv6_push_pending_frames
CVE-2023-0458: (unk) prlimit: do_prlimit needs to have a speculation check
CVE-2023-0459: (unk) uaccess: Add speculation barrier to copy_from_user()
CVE-2023-0590: (unk) net: sched: fix race condition in qdisc_graft()
CVE-2023-0597: (unk) x86/mm: Randomize per-cpu entry area
CVE-2023-1074: (unk) sctp: fail if no bound addresses can be used for a given scope
CVE-2023-1077: (unk) sched/rt: pick_next_rt_entity(): check list_entry
CVE-2023-1118: (unk) media: rc: Fix use-after-free bugs caused by ene_tx_irqsim()
CVE-2023-1206: (unk) tcp: Reduce chance of collisions in inet6_hashfn().
CVE-2023-1249: (unk) coredump: Use the vma snapshot in fill_files_note
CVE-2023-1380: (unk) wifi: brcmfmac: slab-out-of-bounds read in brcmf_get_assoc_ies()
CVE-2023-1382: (unk) tipc: set con sock in tipc_conn_alloc
CVE-2023-1476: (unk)
CVE-2023-1513: (unk) kvm: initialize all of the kvm_debugregs structure before sending it to userspace
CVE-2023-1611: (unk) btrfs: fix race between quota disable and quota assign ioctls
CVE-2023-1670: (unk) xirc2ps_cs: Fix use after free bug in xirc2ps_detach
CVE-2023-1829: (unk) net/sched: Retire tcindex classifier
CVE-2023-1838: (unk) Fix double fget() in vhost_net_set_backend()
CVE-2023-1989: (unk) Bluetooth: btsdio: fix use after free bug in btsdio_remove due to unfinished work
CVE-2023-2007: (unk) scsi: dpt_i2o: Remove obsolete driver
CVE-2023-20569: (unk) x86/bugs: Increase the x86 bugs vector size to two u32s
CVE-2023-20588: (unk) x86/CPU/AMD: Do not leak quotient data after a division by 0
CVE-2023-20593: (unk) x86/cpu/amd: Add a Zenbleed fix
CVE-2023-20941: (unk)
CVE-2023-2124: (unk) xfs: verify buffer contents when we skip log replay
CVE-2023-2162: (unk) scsi: iscsi_tcp: Fix UAF during login when accessing the shost ipaddress
CVE-2023-2176: (unk) RDMA/core: Refactor rdma_bind_addr
CVE-2023-2248: (unk) net: sched: sch_qfq: prevent slab-out-of-bounds in qfq_activate_agg
CVE-2023-2269: (unk) dm ioctl: fix nested locking in table_clear() to remove deadlock concern
CVE-2023-22995: (unk) usb: dwc3: dwc3-qcom: Add missing platform_device_put() in dwc3_qcom_acpi_register_core
CVE-2023-23039: (unk)
CVE-2023-23454: (unk) net: sched: cbq: dont intepret cls results when asked to drop
CVE-2023-23455: (unk) net: sched: atm: dont intepret cls results when asked to drop
CVE-2023-23559: (unk) wifi: rndis_wlan: Prevent buffer overflow in rndis_query_oid
CVE-2023-2513: (unk) ext4: fix use-after-free in ext4_xattr_set_entry
CVE-2023-26607: (unk) ntfs: fix out-of-bounds read in ntfs_attr_find()
CVE-2023-28328: (unk) media: dvb-usb: az6027: fix null-ptr-deref in az6027_i2c_xfer()
CVE-2023-28746: (unk) x86/mmio: Disable KVM mitigation when X86_FEATURE_CLEAR_CPU_BUF is set
CVE-2023-28772: (unk) seq_buf: Fix overflow in seq_buf_putmem_hex()
CVE-2023-2985: (unk) fs: hfsplus: fix UAF issue in hfsplus_put_super
CVE-2023-3006: (unk) arm64: Add AMPERE1 to the Spectre-BHB affected list
CVE-2023-3022: (unk) ipv6: Use result arg in fib_lookup_arg consistently
CVE-2023-30456: (unk) KVM: nVMX: add missing consistency checks for CR0 and CR4
CVE-2023-3108: (unk) crypto: fix af_alg_make_sg() conversion to iov_iter
CVE-2023-31081: (unk)
CVE-2023-31082: (unk)
CVE-2023-31083: (unk) Bluetooth: hci_ldisc: check HCI_UART_PROTO_READY flag in HCIUARTGETPROTO
CVE-2023-31084: (unk) media: dvb-core: Fix kernel WARNING for blocking operation in wait_event*()
CVE-2023-31085: (unk) ubi: Refuse attaching if mtd's erasesize is 0
CVE-2023-3111: (unk) btrfs: unset reloc control if transaction commit fails in prepare_to_relocate()
CVE-2023-3141: (unk) memstick: r592: Fix UAF bug in r592_remove due to race condition
CVE-2023-31436: (unk) net: sched: sch_qfq: prevent slab-out-of-bounds in qfq_activate_agg
CVE-2023-3159: (unk) firewire: fix potential uaf in outbound_phy_packet_callback()
CVE-2023-3161: (unk) fbcon: Check font dimension limits
CVE-2023-3212: (unk) gfs2: Don't deref jdesc in evict
CVE-2023-32233: (unk) netfilter: nf_tables: deactivate anonymous set from preparation phase
CVE-2023-32269: (unk) netrom: Fix use-after-free caused by accept on already connected socket
CVE-2023-3268: (unk) relayfs: fix out-of-bounds access in relay_file_read
CVE-2023-33288: (unk) power: supply: bq24190: Fix use after free bug in bq24190_remove due to race condition
CVE-2023-3338: (unk) Remove DECnet support from kernel
CVE-2023-3397: (unk)
CVE-2023-34255: (unk) xfs: verify buffer contents when we skip log replay
CVE-2023-34256: (unk) ext4: avoid a potential slab-out-of-bounds in ext4_group_desc_csum
CVE-2023-3567: (unk) vc_screen: move load of struct vc_data pointer in vcs_read() to avoid UAF
CVE-2023-35824: (unk) media: dm1105: Fix use after free bug in dm1105_remove due to race condition
CVE-2023-3611: (unk) net/sched: sch_qfq: account for stab overhead in qfq_enqueue
CVE-2023-3640: (unk)
CVE-2023-37454: (unk)
CVE-2023-3772: (unk) xfrm: add NULL check in xfrm_update_ae_params
CVE-2023-3776: (unk) net/sched: cls_fw: Fix improper refcount update leads to use-after-free
CVE-2023-3863: (unk) net: nfc: Fix use-after-free caused by nfc_llcp_find_local
CVE-2023-39189: (unk) netfilter: nfnetlink_osf: avoid OOB read
CVE-2023-39192: (unk) netfilter: xt_u32: validate user space input
CVE-2023-39193: (unk) netfilter: xt_sctp: validate the flag_info count
CVE-2023-39197: (unk) netfilter: conntrack: dccp: copy entire header to stack buffer, not just basic one
CVE-2023-39198: (unk) drm/qxl: fix UAF on handle creation
CVE-2023-4010: (unk)
CVE-2023-40283: (unk) Bluetooth: L2CAP: Fix use-after-free in l2cap_sock_ready_cb
CVE-2023-4134: (unk) Input: cyttsp4_core - change del_timer_sync() to timer_shutdown_sync()
CVE-2023-42752: (unk) igmp: limit igmpv3_newpack() packet size to IP_MAX_MTU
CVE-2023-42755: (unk) net/sched: Retire rsvp classifier
CVE-2023-4385: (unk) fs: jfs: fix possible NULL pointer dereference in dbFree()
CVE-2023-4459: (unk) net: vmxnet3: fix possible NULL pointer dereference in vmxnet3_rq_cleanup()
CVE-2023-45862: (unk) USB: ene_usb6250: Allocate enough memory for full object
CVE-2023-45863: (unk) kobject: Fix slab-out-of-bounds in fill_kobj_path()
CVE-2023-45871: (unk) igb: set max size RX buffer when store bad packet is enabled
CVE-2023-4623: (unk) net/sched: sch_hfsc: Ensure inner classes have fsc curve
CVE-2023-46343: (unk) nfc: nci: fix possible NULL pointer dereference in send_acknowledge()
CVE-2023-46838: (unk) xen-netback: don't produce zero-size SKB frags
CVE-2023-47233: (unk) wifi: brcmfmac: Fix use-after-free bug in brcmf_cfg80211_detach
CVE-2023-4921: (unk) net: sched: sch_qfq: Fix UAF in qfq_dequeue()
CVE-2023-51043: (unk) drm/atomic: Fix potential use-after-free in nonblocking commits
CVE-2023-51779: (unk) Bluetooth: af_bluetooth: Fix Use-After-Free in bt_sock_recvmsg
CVE-2023-5178: (unk) nvmet-tcp: Fix a possible UAF in queue intialization setup
CVE-2023-51780: (unk) atm: Fix Use-After-Free in do_vcc_ioctl
CVE-2023-51781: (unk) appletalk: Fix Use-After-Free in atalk_ioctl
CVE-2023-51782: (unk) net/rose: Fix Use-After-Free in rose_ioctl
CVE-2023-52340: (unk) ipv6: remove max_size check inline with ipv4
CVE-2023-52429: (unk) dm: limit the number of targets and parameter size area
CVE-2023-52434: (unk) smb: client: fix potential OOBs in smb2_parse_contexts()
CVE-2023-52436: (unk) f2fs: explicitly null-terminate the xattr list
CVE-2023-52442: (unk) ksmbd: validate session id and tree id in compound request
CVE-2023-52445: (unk) media: pvrusb2: fix use after free on context disconnection
CVE-2023-52449: (unk) mtd: Fix gluebi NULL pointer dereference caused by ftl notifier
CVE-2023-52458: (unk) block: add check that partition length needs to be aligned with block size
CVE-2023-52475: (unk) Input: powermate - fix use-after-free in powermate_config_complete
CVE-2023-52476: (unk) perf/x86/lbr: Filter vsyscall addresses
CVE-2023-52477: (unk) usb: hub: Guard against accesses to uninitialized BOS descriptors
CVE-2023-52478: (unk) HID: logitech-hidpp: Fix kernel crash on receiver USB disconnect
CVE-2023-52479: (unk) ksmbd: fix uaf in smb20_oplock_break_ack
CVE-2023-52480: (unk) ksmbd: fix race condition between session lookup and expire
CVE-2023-52481: (unk) arm64: errata: Add Cortex-A520 speculative unprivileged load workaround
CVE-2023-52482: (unk) x86/srso: Add SRSO mitigation for Hygon processors
CVE-2023-52484: (unk) iommu/arm-smmu-v3: Fix soft lockup triggered by arm_smmu_mm_invalidate_range
CVE-2023-52485: (unk) drm/amd/display: Wake DMCUB before sending a command
CVE-2023-52486: (unk) drm: Don't unref the same fb many times by mistake due to deadlock handling
CVE-2023-52489: (unk) mm/sparsemem: fix race in accessing memory_section->usage
CVE-2023-52498: (unk) PM: sleep: Fix possible deadlocks in core system-wide PM code
CVE-2023-52500: (unk) scsi: pm80xx: Avoid leaking tags when processing OPC_INB_SET_CONTROLLER_CONFIG command
CVE-2023-52501: (unk) ring-buffer: Do not attempt to read past "commit"
CVE-2023-52502: (unk) net: nfc: fix races in nfc_llcp_sock_get() and nfc_llcp_sock_get_sn()
CVE-2023-52506: (unk) LoongArch: Set all reserved memblocks on Node#0 at initialization
CVE-2023-52507: (unk) nfc: nci: assert requested protocol is valid
CVE-2023-52508: (unk) nvme-fc: Prevent null pointer dereference in nvme_fc_io_getuuid()
CVE-2023-52509: (unk) ravb: Fix use-after-free issue in ravb_tx_timeout_work()
CVE-2023-52511: (unk) spi: sun6i: reduce DMA RX transfer width to single byte
CVE-2023-52515: (unk) RDMA/srp: Do not call scsi_done() from srp_abort()
CVE-2023-52516: (unk) dma-debug: don't call __dma_entry_alloc_check_leak() under free_entries_lock
CVE-2023-52517: (unk) spi: sun6i: fix race between DMA RX transfer completion and RX FIFO drain
CVE-2023-52519: (unk) HID: intel-ish-hid: ipc: Disable and reenable ACPI GPE bit
CVE-2023-52522: (unk) net: fix possible store tearing in neigh_periodic_work()
CVE-2023-52527: (unk) ipv4, ipv6: Fix handling of transhdrlen in __ip{,6}_append_data()
CVE-2023-52528: (unk) net: usb: smsc75xx: Fix uninit-value access in __smsc75xx_read_reg
CVE-2023-52531: (unk) wifi: iwlwifi: mvm: Fix a memory corruption issue
CVE-2023-52532: (unk) net: mana: Fix TX CQE error handling
CVE-2023-52559: (unk) iommu/vt-d: Avoid memory allocation in iommu_suspend()
CVE-2023-52561: (unk) arm64: dts: qcom: sdm845-db845c: Mark cont splash memory region as reserved
CVE-2023-52563: (unk) drm/meson: fix memory leak on ->hpd_notify callback
CVE-2023-52565: (unk) media: uvcvideo: Fix OOB read
CVE-2023-52566: (unk) nilfs2: fix potential use after free in nilfs_gccache_submit_read_data()
CVE-2023-52568: (unk) x86/sgx: Resolves SECS reclaim vs. page fault for EAUG race
CVE-2023-52569: (unk) btrfs: remove BUG() after failure to insert delayed dir index item
CVE-2023-52571: (unk) power: supply: rk817: Fix node refcount leak
CVE-2023-52572: (unk) cifs: Fix UAF in cifs_demultiplex_thread()
CVE-2023-52574: (unk) team: fix null-ptr-deref when team device type is changed
CVE-2023-52578: (unk) net: bridge: use DEV_STATS_INC()
CVE-2023-52583: (unk) ceph: fix deadlock or deadcode of misusing dget()
CVE-2023-52584: (unk) spmi: mediatek: Fix UAF on device remove
CVE-2023-52585: (unk) drm/amdgpu: Fix possible NULL dereference in amdgpu_ras_query_error_status_helper()
CVE-2023-52586: (unk) drm/msm/dpu: Add mutex lock in control vblank irq
CVE-2023-52587: (unk) IB/ipoib: Fix mcast list locking
CVE-2023-52588: (unk) f2fs: fix to tag gcing flag on page during block migration
CVE-2023-52589: (unk) media: rkisp1: Fix IRQ disable race issue
CVE-2023-52590: (unk) ocfs2: Avoid touching renamed directory if parent does not change
CVE-2023-52591: (unk) reiserfs: Avoid touching renamed directory if parent does not change
CVE-2023-52593: (unk) wifi: wfx: fix possible NULL pointer dereference in wfx_set_mfp_ap()
CVE-2023-52594: (unk) wifi: ath9k: Fix potential array-index-out-of-bounds read in ath9k_htc_txstatus()
CVE-2023-52595: (unk) wifi: rt2x00: restart beacon queue when hardware reset
CVE-2023-52596: (unk) sysctl: Fix out of bounds access for empty sysctl registers
CVE-2023-52597: (unk) KVM: s390: fix setting of fpc register
CVE-2023-52598: (unk) s390/ptrace: handle setting of fpc register correctly
CVE-2023-52599: (unk) jfs: fix array-index-out-of-bounds in diNewExt
CVE-2023-52600: (unk) jfs: fix uaf in jfs_evict_inode
CVE-2023-52601: (unk) jfs: fix array-index-out-of-bounds in dbAdjTree
CVE-2023-52602: (unk) jfs: fix slab-out-of-bounds Read in dtSearch
CVE-2023-52603: (unk) UBSAN: array-index-out-of-bounds in dtSplitRoot
CVE-2023-52604: (unk) FS:JFS:UBSAN:array-index-out-of-bounds in dbAdjTree
CVE-2023-52606: (unk) powerpc/lib: Validate size for vector operations
CVE-2023-52607: (unk) powerpc/mm: Fix null-pointer dereference in pgtable_cache_add
CVE-2023-52609: (unk) binder: fix race between mmput() and do_exit()
CVE-2023-52614: (unk) PM / devfreq: Fix buffer overflow in trans_stat_show
CVE-2023-52615: (unk) hwrng: core - Fix page fault dead lock on mmap-ed hwrng
CVE-2023-52617: (unk) PCI: switchtec: Fix stdev_release() crash after surprise hot remove
CVE-2023-52618: (unk) block/rnbd-srv: Check for unlikely string overflow
CVE-2023-52619: (unk) pstore/ram: Fix crash when setting number of cpus to an odd number
CVE-2023-52620: (unk) netfilter: nf_tables: disallow timeout for anonymous sets
CVE-2023-52621: (unk) bpf: Check rcu_read_lock_trace_held() before calling bpf map helpers
CVE-2023-52622: (unk) ext4: avoid online resizing failures due to oversized flex bg
CVE-2023-52623: (unk) SUNRPC: Fix a suspicious RCU usage warning
CVE-2023-52624: (unk) drm/amd/display: Wake DMCUB before executing GPINT commands
CVE-2023-52625: (unk) drm/amd/display: Refactor DMCUB enter/exit idle interface
CVE-2023-52629: (unk) sh: push-switch: Reorder cleanup operations to avoid use-after-free bug
CVE-2023-52632: (unk) drm/amdkfd: Fix lock dependency warning with srcu
CVE-2023-52633: (unk) um: time-travel: fix time corruption
CVE-2023-52634: (unk) drm/amd/display: Fix disable_otg_wa logic
CVE-2023-52635: (unk) PM / devfreq: Synchronize devfreq_monitor_[start/stop]
CVE-2023-52638: (unk) can: j1939: prevent deadlock by changing j1939_socks_lock to rwlock
CVE-2023-52639: (unk) KVM: s390: vsie: fix race during shadow creation
CVE-2023-52640: (unk) fs/ntfs3: Fix oob in ntfs_listxattr
CVE-2023-52641: (unk) fs/ntfs3: Add NULL ptr dereference checking at the end of attr_allocate_frame()
CVE-2023-6040: (unk) netfilter: nf_tables: Reject tables of unsupported family
CVE-2023-6240: (unk)
CVE-2023-6270: (unk) aoe: fix the potential use-after-free problem in aoecmd_cfg_pkts
CVE-2023-6356: (unk) nvmet-tcp: Fix a kernel panic when host sends an invalid H2C PDU length
CVE-2023-6535: (unk)
CVE-2023-6536: (unk) nvmet-tcp: fix a crash in nvmet_req_complete()
CVE-2023-6546: (unk) tty: n_gsm: fix the UAF caused by race condition in gsm_cleanup_mux
CVE-2023-6606: (unk) smb: client: fix OOB in smbCalcSize()
CVE-2023-6610: (unk) smb: client: fix potential OOB in smb2_dump_detail()
CVE-2023-6915: (unk) ida: Fix crash in ida_free when the bitmap is empty
CVE-2023-6932: (unk) ipv4: igmp: fix refcnt uaf issue when receiving igmp query packet
CVE-2023-7042: (unk) wifi: ath10k: fix NULL pointer dereference in ath10k_wmi_tlv_op_pull_mgmt_tx_compl_ev()
CVE-2023-7192: (unk) netfilter: ctnetlink: fix possible refcount leak in ctnetlink_create_conntrack()
CVE-2024-0340: (unk) vhost: use kzalloc() instead of kmalloc() followed by memset()
CVE-2024-0584: (unk) ipv4: igmp: fix refcnt uaf issue when receiving igmp query packet
CVE-2024-0775: (unk) ext4: improve error recovery code paths in __ext4_remount()
CVE-2024-1312: (unk) mm: lock_vma_under_rcu() must check vma->anon_vma under vma lock
CVE-2024-21803: (unk)
CVE-2024-2193: (unk)
CVE-2024-22099: (unk) Bluetooth: rfcomm: Fix null-ptr-deref in rfcomm_check_security
CVE-2024-22386: (unk)
CVE-2024-23196: (unk) ALSA: hda: fix a possible null-pointer dereference due to data race in snd_hdac_regmap_sync()
CVE-2024-23848: (unk)
CVE-2024-23851: (unk) dm: limit the number of targets and parameter size area
CVE-2024-24855: (unk) scsi: lpfc: Fix a possible data race in lpfc_unregister_fcf_rescan()
CVE-2024-24859: (unk)
CVE-2024-24861: (unk) media: xc4000: Fix atomicity violation in xc4000_get_frequency
CVE-2024-24864: (unk)
CVE-2024-25739: (unk)
CVE-2024-25740: (unk)
CVE-2024-25741: (unk)
CVE-2024-25744: (unk) x86/coco: Disable 32-bit emulation by default on TDX and SEV
CVE-2024-26592: (unk) ksmbd: fix UAF issue in ksmbd_tcp_new_connection()
CVE-2024-26594: (unk) ksmbd: validate mech token in session setup
CVE-2024-26598: (unk) KVM: arm64: vgic-its: Avoid potential UAF in LPI translation cache
CVE-2024-26600: (unk) phy: ti: phy-omap-usb2: Fix NULL pointer dereference for SRP
CVE-2024-26606: (unk) binder: signal epoll threads of self-work
CVE-2024-26622: (unk) tomoyo: fix UAF write bug in tomoyo_write_control()
CVE-2024-26623: (unk) pds_core: Prevent race issues involving the adminq
CVE-2024-26625: (unk) llc: call sock_orphan() at release time
CVE-2024-26627: (unk) scsi: core: Move scsi_host_busy() out of host lock for waking up EH handler
CVE-2024-26633: (unk) ip6_tunnel: fix NEXTHDR_FRAGMENT handling in ip6_tnl_parse_tlv_enc_lim()
CVE-2024-26635: (unk) llc: Drop support for ETH_P_TR_802_2.
CVE-2024-26636: (unk) llc: make llc_ui_sendmsg() more robust against bonding changes
CVE-2024-26644: (unk) btrfs: don't abort filesystem when attempting to snapshot deleted subvolume
CVE-2024-26646: (unk) thermal: intel: hfi: Add syscore callbacks for system-wide PM
CVE-2024-26647: (unk) drm/amd/display: Fix late derefrence 'dsc' check in 'link_set_dsc_pps_packet()'
CVE-2024-26648: (unk) drm/amd/display: Fix variable deferencing before NULL check in edp_setup_replay()
CVE-2024-26650: (unk) platform/x86: p2sb: Allow p2sb_bar() calls during PCI device probe
CVE-2024-26651: (unk) sr9800: Add check for usbnet_get_endpoints
CVE-2024-26654: (unk) ALSA: sh: aica: reorder cleanup operations to avoid UAF bugs
CVE-2024-26655: (unk) Fix memory leak in posix_clock_open()
CVE-2024-26656: (unk) drm/amdgpu: fix use-after-free bug
CVE-2024-26658: (unk) bcachefs: grab s_umount only if snapshotting
CVE-2024-26659: (unk) xhci: handle isoc Babble and Buffer Overrun events properly
CVE-2024-26664: (unk) hwmon: (coretemp) Fix out-of-bounds memory access
CVE-2024-26671: (unk) blk-mq: fix IO hang from sbitmap wakeup race
CVE-2024-26672: (unk) drm/amdgpu: Fix variable 'mca_funcs' dereferenced before NULL check in 'amdgpu_mca_smu_get_mca_entry()'
CVE-2024-26675: (unk) ppp_async: limit MRU to 64K
CVE-2024-26676: (unk) af_unix: Call kfree_skb() for dead unix_(sk)->oob_skb in GC.
CVE-2024-26677: (unk) rxrpc: Fix delayed ACKs to not set the reference serial number
CVE-2024-26685: (unk) nilfs2: fix potential bug in end_buffer_async_write
CVE-2024-26686: (unk) fs/proc: do_task_stat: use sig->stats_lock to gather the threads/children stats
CVE-2024-26687: (unk) xen/events: close evtchn after mapping cleanup
CVE-2024-26689: (unk) ceph: prevent use-after-free in encode_cap_msg()
CVE-2024-26691: (unk) KVM: arm64: Fix circular locking dependency
CVE-2024-26696: (unk) nilfs2: fix hang in nilfs_lookup_dirty_data_buffers()
CVE-2024-26697: (unk) nilfs2: fix data corruption in dsync block recovery for small block sizes
CVE-2024-26699: (unk) drm/amd/display: Fix array-index-out-of-bounds in dcn35_clkmgr
CVE-2024-26700: (unk) drm/amd/display: Fix MST Null Ptr for RV
CVE-2024-26706: (unk) parisc: Fix random data corruption from exception handler
CVE-2024-26713: (unk) powerpc/pseries/iommu: Fix iommu initialisation during DLPAR add
CVE-2024-26719: (unk) nouveau: offload fence uevents work to workqueue
CVE-2024-26726: (unk) btrfs: don't drop extent_map for free space inode on write error
CVE-2024-26733: (unk) arp: Prevent overflow in arp_req_get().
CVE-2024-26738: (unk) powerpc/pseries/iommu: DLPAR add doesn't completely initialize pci_controller
CVE-2024-26739: (unk) net/sched: act_mirred: don't override retval if we already lost the skb
CVE-2024-26743: (unk) RDMA/qedr: Fix qedr_create_user_qp error flow
CVE-2024-26744: (unk) RDMA/srpt: Support specifying the srpt_service_guid parameter
CVE-2024-26745: (unk) powerpc/pseries/iommu: IOMMU table is not initialized for kdump over SR-IOV
CVE-2024-26748: (unk) usb: cdns3: fix memory double free when handle zero packet
CVE-2024-26752: (unk) l2tp: pass correct message length to ip6_append_data
CVE-2024-26756: (unk) md: Don't register sync_thread for reshape directly
CVE-2024-26758: (unk) md: Don't ignore suspended array in md_check_recovery()
CVE-2024-26759: (unk) mm/swap: fix race when skipping swapcache
CVE-2024-26763: (unk) dm-crypt: don't modify the data when using authenticated encryption
CVE-2024-26764: (unk) fs/aio: Restrict kiocb_set_cancel_fn() to I/O submitted via libaio
CVE-2024-26765: (unk) LoongArch: Disable IRQ before init_fn() for nonboot CPUs
CVE-2024-26766: (unk) IB/hfi1: Fix sdma.h tx->num_descs off-by-one error
CVE-2024-26767: (unk) drm/amd/display: fixed integer types and null check locations
CVE-2024-26768: (unk) LoongArch: Change acpi_core_pic[NR_CPUS] to acpi_core_pic[MAX_CORE_PIC]
CVE-2024-26769: (unk) nvmet-fc: avoid deadlock on delete association path
CVE-2024-26770: (unk) HID: nvidia-shield: Add missing null pointer checks to LED initialization
CVE-2024-26771: (unk) dmaengine: ti: edma: Add some null pointer checks to the edma_probe
CVE-2024-26772: (unk) ext4: avoid allocating blocks from corrupted group in ext4_mb_find_by_goal()
CVE-2024-26773: (unk) ext4: avoid allocating blocks from corrupted group in ext4_mb_try_best_found()
CVE-2024-26774: (unk) ext4: avoid dividing by 0 in mb_update_avg_fragment_size() when block bitmap corrupt
CVE-2024-26775: (unk) aoe: avoid potential deadlock at set_capacity
CVE-2024-26776: (unk) spi: hisi-sfc-v3xx: Return IRQ_NONE if no interrupts were detected
CVE-2024-26777: (unk) fbdev: sis: Error out if pixclock equals zero
CVE-2024-26778: (unk) fbdev: savage: Error out if pixclock equals zero
CVE-2024-26779: (unk) wifi: mac80211: fix race condition on enabling fast-xmit
CVE-2024-26784: (unk) pmdomain: arm: Fix NULL dereference on scmi_perf_domain removal
CVE-2024-26789: (unk) crypto: arm64/neonbs - fix out-of-bounds access on short input
CVE-2024-26791: (unk) btrfs: dev-replace: properly validate device names
CVE-2024-26793: (unk) gtp: fix use-after-free and null-ptr-deref in gtp_newlink()
CVE-2024-26797: (unk) drm/amd/display: Prevent potential buffer overflow in map_hw_resources
CVE-2024-26798: (unk) fbcon: always restore the old font data in fbcon_do_set_font()
CVE-2024-26802: (unk) stmmac: Clear variable when destroying workqueue
CVE-2024-26803: (unk) net: veth: clear GRO when clearing XDP even when down
CVE-2024-26804: (unk) net: ip_tunnel: prevent perpetual headroom growth
CVE-2024-26806: (unk) spi: cadence-qspi: remove system-wide suspend helper calls from runtime PM hooks
CVE-2024-26808: (unk) netfilter: nft_chain_filter: handle NETDEV_UNREGISTER for inet/ingress basechain
CVE-2024-26809: (unk) netfilter: nft_set_pipapo: release elements in clone only from destroy path