| |
| CVEs fixed in 5.16: |
| CVE-2021-3923: b35a0f4dd544eaa6162b6d2f13a2557a121ae5fd RDMA/core: Don't infoleak GRH fields |
| CVE-2021-4155: 983d8e60f50806f90534cc5373d0ce867e5aaf79 xfs: map unwritten blocks in XFS_IOC_{ALLOC,FREE}SP just like fallocate |
| CVE-2021-4197: 1756d7994ad85c2479af6ae5a9750b92324685af cgroup: Use open-time credentials for process migraton perm checks |
| CVE-2022-0382: d6d86830705f173fca6087a3e67ceaf68db80523 net ticp:fix a kernel-infoleak in __tipc_sendmsg() |
| CVE-2022-3105: 7694a7de22c53a312ea98960fcafc6ec62046531 RDMA/uverbs: Check for null return of kmalloc_array |
| |
| CVEs fixed in 5.16.2: |
| CVE-2022-0185: 8b1530a3772ae5b49c6d8d171fd3146bb947430f vfs: fs_context: fix up param length parsing in legacy_parse_param |
| |
| CVEs fixed in 5.16.3: |
| CVE-2021-43976: 9d3989c5050f10ae9bbec9f32492b500420d04a1 mwifiex: Fix skb_over_panic in mwifiex_usb_recv() |
| CVE-2021-44879: d667b9f61df7bdfcb59dd1406fd2392c358f0008 f2fs: fix to do sanity check on inode type during garbage collection |
| CVE-2021-45469: 258b26a34778cde43f228a392e242d3d0420624a f2fs: fix to do sanity check on last xattr entry in __f2fs_setxattr() |
| CVE-2022-0433: f7a6dd58e0817b063252d7c5bec88e588df34b31 bpf: Add missing map_get_next_key method to bloom filter map. |
| CVE-2022-3108: 506c9632d77c0ae755fb66f5a0b8578c0b65a84b drm/amdkfd: Check for null pointer after calling kmemdup |
| CVE-2023-22999: d0ed1113ba26a515af47847cceb3618e8483595a usb: dwc3: qcom: Fix NULL vs IS_ERR checking in dwc3_qcom_probe |
| CVE-2023-23001: c994dbcc58d6d09c0f736dfbf9f5d6a62d26bd5a scsi: ufs: ufs-mediatek: Fix error checking in ufs_mtk_init_va09_pwr_ctrl() |
| CVE-2023-23002: 85446a3b87799d87e6839611e5f528331bbe88fb Bluetooth: hci_qca: Fix NULL vs IS_ERR_OR_NULL check in qca_serdev_probe |
| |
| CVEs fixed in 5.16.4: |
| CVE-2022-0330: ec1b6497a2bc0293c064337e981ea1f6cbe57930 drm/i915: Flush TLBs before releasing backing store |
| CVE-2022-22942: 1d833b27fb708d6fdf5de9f6b3a8be4bd4321565 drm/vmwgfx: Fix stale file descriptors on failed usercopy |
| |
| CVEs fixed in 5.16.5: |
| CVE-2020-36516: 32ac95e4478f7aeb1d9f9539430361737eec8459 ipv4: avoid using shared IP generator for connected sockets |
| CVE-2022-0617: 620e8243cf5389e706c1c8f66ffacb3c84308a9e udf: Fix NULL ptr deref when converting from inline format |
| CVE-2022-24448: f0583af88e7dd413229ea5e670a0db36fdf34ba2 NFSv4: Handle case where the lookup of a directory fails |
| CVE-2022-24959: deb0f02d08276d87212c1f19d9d919b13dc4c033 yam: fix a memory leak in yam_siocdevprivate() |
| CVE-2022-2938: 991ced6a3a926e58df1f446819b9f2790e1c0daa psi: Fix uaf issue when psi trigger is destroyed while being polled |
| |
| CVEs fixed in 5.16.6: |
| CVE-2022-0492: 9c9dbb954e618e3d9110f13cc02c5db1fb73ea5d cgroup-v1: Require capabilities to set release_agent |
| CVE-2022-1055: 95e34f61b58a152656cbe8d6e19843cc343fb089 net: sched: fix use-after-free in tc_new_tfilter() |
| CVE-2022-1998: dea4fec0d87d4401b5d2717aa7c6c6cad050fb62 fanotify: Fix stale file descriptor in copy_event_to_user() |
| |
| CVEs fixed in 5.16.9: |
| CVE-2022-0435: 59ff7514f8c56f166aadca49bcecfa028e0ad50f tipc: improve size validations for received domain records |
| CVE-2022-0487: 7f901d53f120d1921f84f7b9b118e87e94b403c5 moxart: fix potential use-after-free on remove path |
| CVE-2022-0516: 8c68c50109c22502b647f4e86ec74400c7a3f6e0 KVM: s390: Return error on SIDA memop on normal guest |
| CVE-2022-48626: 7f901d53f120d1921f84f7b9b118e87e94b403c5 moxart: fix potential use-after-free on remove path |
| |
| CVEs fixed in 5.16.10: |
| CVE-2022-25258: 8895017abfc76bbc223499b179919dd205047197 USB: gadget: validate interface OS descriptor requests |
| CVE-2022-25375: 2724ebafda0a8df08a9cb91557d33226bee80f7b usb: gadget: rndis: check size of RNDIS_MSG_SET command |
| CVE-2022-2964: 9681823f96a811268265f35307072ad80713c274 net: usb: ax88179_178a: Fix out-of-bounds accesses in RX fixup |
| CVE-2023-1582: 05d3f8045efa59457b323caf00bdb9273b7962fa fs/proc: task_mmu.c: don't read mapcount for migration entry |
| |
| CVEs fixed in 5.16.11: |
| CVE-2022-0500: e982070f8970bb62e69ed7c9cafff886ed200349 bpf: Introduce MEM_RDONLY flag |
| CVE-2022-0847: eddef98207d678f21261c2bd07da55938680df4e lib/iov_iter: initialize "flags" in new pipe_buffer |
| CVE-2022-20008: cccf23c660cc96c5687335d73cad103e983e6165 mmc: block: fix read single on recovery logic |
| CVE-2022-23222: 77459bc4d5e2c6f24db845780b4d9d60cf82d06a bpf: Replace PTR_TO_XXX_OR_NULL with PTR_TO_XXX | PTR_MAYBE_NULL |
| CVE-2022-27950: 80dad7483e3940dc9d9d55f8b34d1f4ba85a505e HID: elo: fix memory leak in elo_probe |
| |
| CVEs fixed in 5.16.12: |
| CVE-2022-25636: 6bff27caef1ee07a8b190f34cf32c99d6cc37a33 netfilter: nf_tables_offload: incorrect flow offload action array size |
| CVE-2022-26966: 639f72dce8667a3d601561e0e47d53ad999e7f8a sr9700: sanity check for packet length |
| CVE-2022-27223: 3221ef49ba18924e55a4d42a2ea4080cfea12c6c USB: gadget: validate endpoint index for xilinx udc |
| CVE-2022-29156: fa498059c631e94e91dcb6d78070909d8de56d99 RDMA/rtrs-clt: Fix possible double free in error case |
| |
| CVEs fixed in 5.16.13: |
| CVE-2022-0494: f8c61361a4f52c2a186269982587facc852dba62 block-map: add __GFP_ZERO flag for alloc_page in function bio_copy_kern |
| CVE-2022-0742: 5ed9983ce67341b405cf6fda826e29aed26a7371 ipv6: fix skb drops in igmp6_event_query() and igmp6_event_report() |
| CVE-2022-24958: 9e5c16b2a9812cd250f0de0b77391c2d63adf2f2 usb: gadget: don't release an existing dev->buf |
| |
| CVEs fixed in 5.16.14: |
| CVE-2021-26401: 1984feb9872b905420af97d471d60051b6dd5851 x86/speculation: Use generic retpoline by default on AMD |
| CVE-2022-0001: 56829c19c8171303faca18d6ab3511ecdf3e7e23 x86/speculation: Rename RETPOLINE_AMD to RETPOLINE_LFENCE |
| CVE-2022-0002: 56829c19c8171303faca18d6ab3511ecdf3e7e23 x86/speculation: Rename RETPOLINE_AMD to RETPOLINE_LFENCE |
| CVE-2022-23036: 0ba1ab25bb5057869621b340dbd411cca3242467 xen/grant-table: add gnttab_try_end_foreign_access() |
| CVE-2022-23037: 741052b05bcdc295dd715a71549b28c926266800 xen/netfront: don't use gnttab_query_foreign_access() for mapped status |
| CVE-2022-23038: 0ba1ab25bb5057869621b340dbd411cca3242467 xen/grant-table: add gnttab_try_end_foreign_access() |
| CVE-2022-23039: 3b72403eb1850f79deef77497763a6eb65654863 xen/gntalloc: don't use gnttab_query_foreign_access() |
| CVE-2022-23040: 69e581afd2eafd51df6d4a24ab488cb8863c2dcd xen/xenbus: don't let xenbus_grant_ring() remove grants in error case |
| CVE-2022-23041: d83dd50f3c23bc887e4c67d547e5a21a23fb8bb8 xen/9p: use alloc/free_pages_exact() |
| CVE-2022-23042: 34630641e955f23ae06db178822d99d0a9d89b20 xen/netfront: react properly to failing gnttab_end_foreign_access_ref() |
| CVE-2022-23960: f5eb0f1dcde4b7c2b5ee920ae53bcecaaba03947 ARM: report Spectre v2 status through sysfs |
| |
| CVEs fixed in 5.16.15: |
| CVE-2021-33135: 248c6347720200b9e5f79a4339ddbe4ef0074d36 x86/sgx: Free backing memory after faulting the enclave page |
| CVE-2022-0995: b36588ebbcef74583824c08352e75838d6fb4ff2 watch_queue: Fix filter limit check |
| CVE-2022-1011: 58a9bdff32fde29137731e574b17c42592875fd0 fuse: fix pipe buffer lifetime for direct_io |
| CVE-2022-1198: 4356343fb70c899901bce33acedf4fede797d21f drivers: hamradio: 6pack: fix UAF bug caused by mod_timer() |
| CVE-2022-1199: 1d83a95214bc516bd8778fa423cb8383d925f8c8 ax25: Fix NULL pointer dereference in ax25_kill_by_device |
| CVE-2022-27666: 9afe83f62aac348db1facb28bfc106109a06e44d esp: Fix possible buffer overflow in ESP transformation |
| |
| CVEs fixed in 5.16.17: |
| CVE-2022-20158: ef591b35176029fdefea38e8388ffa371e18f4b2 net/packet: fix slab-out-of-bounds access in packet_recvmsg() |
| CVE-2022-20368: ef591b35176029fdefea38e8388ffa371e18f4b2 net/packet: fix slab-out-of-bounds access in packet_recvmsg() |
| CVE-2022-3107: 411e256ddf6c2295439c74f2176b0ed630c148f3 hv_netvsc: Add check for kvmalloc_array |
| CVE-2022-48629: 485995cbc98a4f77cfd4f8ed4dd7ff8ab262964d crypto: qcom-rng - ensure buffer for generate is completely filled |
| |
| CVEs fixed in 5.16.18: |
| CVE-2022-1015: 2c8ebdaa7c9755b85d90c07530210e83665bad9a netfilter: nf_tables: validate registers coming from userspace. |
| CVE-2022-1016: 64f24c76dd0ce53d0fa3a0bfb9aeea507c769485 netfilter: nf_tables: initialize registers in nft_do_chain() |
| CVE-2022-1048: 0090c13cbbdffd7da079ac56f80373a9a1be0bf8 ALSA: pcm: Fix races among concurrent hw_params and hw_free calls |
| CVE-2022-26490: 0646efbb6e100a3f93eba3b6a10a7f4c28dd1478 nfc: st21nfca: Fix potential buffer overflows in EVT_TRANSACTION |
| CVE-2022-28356: 6f5bf395c60ed2643de51f2b1041cb0882e9d97f llc: fix netdevice reference leaks in llc_ui_bind() |
| |
| CVEs fixed in 5.16.19: |
| CVE-2022-0168: 0f0ce73e7dad17084222da19989049ebfb8be541 cifs: fix NULL ptr dereference in smb2_ioctl_query_info() |
| CVE-2022-1158: 9a611c57530050dc359a83177c2f97678b1f961e KVM: x86/mmu: do compare-and-exchange of gPTE via the user address |
| CVE-2022-1353: 16d974fa4ddda389bf58bb5e4fc8cad8910ba66d af_key: add __GFP_ZERO flag for compose_sadb_supported in function pfkey_register |
| CVE-2022-1516: 4a279d7ee1c65411b4055ecd428b8aa2b1711c1f net/x25: Fix null-ptr-deref caused by x25_disconnect |
| CVE-2022-1651: ee827d86ee73583c0f0b65db877467d9b5551aa4 virt: acrn: fix a memory leak in acrn_dev_ioctl() |
| CVE-2022-1671: c3c415ae0c82da1349d85b8c9b18e6480aa6a230 rxrpc: fix some null-ptr-deref bugs in server_key.c |
| CVE-2022-20369: 2a5fd6b402049521f657966a42c4277f083a63c0 media: v4l2-mem2mem: Apply DST_QUEUE_OFF_BASE on MMAP buffers across ioctls |
| CVE-2022-2153: 9e38128f8bd1d4f2244d8a393bc5dc204a99a541 KVM: x86: Avoid theoretical NULL pointer dereference in kvm_irq_delivery_to_apic_fast() |
| CVE-2022-2380: 34d986f6ee5f5ac48cd2b9e2d061196fd3c29d39 video: fbdev: sm712fb: Fix crash in smtcfb_read() |
| CVE-2022-28388: 3e006cf0fb809815d56e59c9de4486fbe253ccdf can: usb_8dev: usb_8dev_start_xmit(): fix double dev_kfree_skb() in error path |
| CVE-2022-28389: f913412848defa326a155c47d026267624472190 can: mcba_usb: mcba_usb_start_xmit(): fix double dev_kfree_skb in error path |
| CVE-2022-28390: 41f6be840f138c7d42312d7619a6b44c001d6b6e can: ems_usb: ems_usb_start_xmit(): fix double dev_kfree_skb() in error path |
| CVE-2022-2977: 2f928c0d5c02dbab49e8c19d98725c822f6fc409 tpm: fix reference counting for struct tpm_chip |
| CVE-2022-30594: c8248775c1b96b00b680e067f99f8feaaa7c7dbc ptrace: Check PTRACE_O_SUSPEND_SECCOMP permission on PTRACE_SEIZE |
| CVE-2022-3078: dd18f929458762f07b969d24d46e1d0a0d94c908 media: vidtv: Check for null return of vzalloc |
| CVE-2022-3111: ae07ec8110ba83295c88bff7e85835cc2f6cc4ea power: supply: wm8350-power: Add missing free in free_charger_irq |
| CVE-2022-3112: c316e6a49745b09025eed102e30cc1e9ba2910b2 media: meson: vdec: potential dereference of null pointer |
| CVE-2022-3113: cbdabb48be7b76d2a61a3554745243e37d81599e media: mtk-vcodec: potential dereference of null pointer |
| CVE-2022-3239: 37f808a9e734e9036f7aa42ba4864fc6e91d2572 media: em28xx: initialize refcount before kref_get |
| CVE-2023-1249: c8015981eaa5bd8901a145c8d1253592a5619d2b coredump: Use the vma snapshot in fill_files_note |
| CVE-2023-22996: 2ee39164a701782bb88cf4a564dc7d8cb43c9bff soc: qcom: aoss: Fix missing put_device call in qmp_get |
| CVE-2023-28410: 5f6e560e3e86ac053447524224e411034f41f5c7 drm/i915/gem: add missing boundary check in vm_access |
| |
| CVEs fixed in 5.16.20: |
| CVE-2022-1263: a1f48251918d825785af9cab83996d4c12ef795a KVM: avoid NULL pointer dereference in kvm_dirty_ring_push |
| CVE-2022-28893: 7a0921a23cae42e9fa5ce964f6907181b6dc80d8 SUNRPC: Ensure we flush any closed sockets before xs_xprt_free() |
| CVE-2022-29582: d568c13d9d29d3151540a0d1b20c3a1ca801a662 io_uring: fix race between timeout flush and removal |
| CVE-2022-3202: ffe1d40aec3f6f8cc620369ba07eb5e9bd449d85 jfs: prevent NULL deref in diFree |
| CVE-2023-1637: aeb473e7ed48b1d5e511353cbef5f4e6e00544ac x86/speculation: Restore speculation related MSRs during S3 resume |
| |
| Outstanding CVEs: |
| CVE-2005-3660: (unk) |
| CVE-2007-3719: (unk) |
| CVE-2008-2544: (unk) |
| CVE-2008-4609: (unk) |
| CVE-2010-4563: (unk) |
| CVE-2010-5321: (unk) |
| CVE-2011-4916: (unk) |
| CVE-2011-4917: (unk) |
| CVE-2012-4542: (unk) |
| CVE-2013-7445: (unk) |
| CVE-2015-2877: (unk) |
| CVE-2016-8660: (unk) |
| CVE-2017-13693: (unk) |
| CVE-2017-13694: (unk) |
| CVE-2018-1121: (unk) |
| CVE-2018-12928: (unk) |
| CVE-2018-12929: (unk) |
| CVE-2018-12930: (unk) |
| CVE-2018-12931: (unk) |
| CVE-2018-17977: (unk) |
| CVE-2019-12456: (unk) |
| CVE-2019-15239: (unk) unknown |
| CVE-2019-15290: (unk) |
| CVE-2019-15902: (unk) unknown |
| CVE-2019-16089: (unk) |
| CVE-2019-19378: (unk) |
| CVE-2019-19814: (unk) |
| CVE-2019-20794: (unk) |
| CVE-2019-25162: (unk) i2c: Fix a potential use after free |
| CVE-2020-0347: (unk) |
| CVE-2020-10708: (unk) |
| CVE-2020-11725: (unk) |
| CVE-2020-14304: (unk) |
| CVE-2020-15802: (unk) |
| CVE-2020-24502: (unk) |
| CVE-2020-24503: (unk) |
| CVE-2020-25220: (unk) |
| CVE-2020-26140: (unk) |
| CVE-2020-26142: (unk) |
| CVE-2020-26143: (unk) |
| CVE-2020-26556: (unk) |
| CVE-2020-26557: (unk) |
| CVE-2020-26559: (unk) |
| CVE-2020-26560: (unk) |
| CVE-2020-35501: (unk) |
| CVE-2021-0399: (unk) |
| CVE-2021-26934: (unk) |
| CVE-2021-33061: (unk) ixgbe: add improvement for MDD response functionality |
| CVE-2021-33631: (unk) ext4: fix kernel BUG in 'ext4_write_inline_data_end()' |
| CVE-2021-33655: (unk) fbcon: Disallow setting font bigger than screen size |
| CVE-2021-3542: (unk) |
| CVE-2021-3714: (unk) |
| CVE-2021-3847: (unk) |
| CVE-2021-3864: (unk) |
| CVE-2021-3892: (unk) |
| CVE-2021-39800: (unk) |
| CVE-2021-39801: (unk) |
| CVE-2021-4095: (unk) KVM: x86: Fix wall clock writes in Xen shared_info not to mark page dirty |
| CVE-2021-4204: (unk) bpf: Generalize check_ctx_reg for reuse with other types |
| CVE-2022-0171: (unk) KVM: SEV: add cache flush to solve SEV cache incoherency issues |
| CVE-2022-0400: (unk) |
| CVE-2022-0998: (unk) vdpa: clean up get_config_size ret value handling |
| CVE-2022-1012: (unk) secure_seq: use the 64 bits of the siphash for port offset calculation |
| CVE-2022-1116: (unk) |
| CVE-2022-1184: (unk) ext4: verify dir block before splitting it |
| CVE-2022-1204: (unk) ax25: Fix refcount leaks caused by ax25_cb_del() |
| CVE-2022-1247: (unk) |
| CVE-2022-1462: (unk) tty: use new tty_insert_flip_string_and_push_buffer() in pty_write() |
| CVE-2022-1652: (unk) floppy: use a statically allocated error counter |
| CVE-2022-1679: (unk) ath9k: fix use-after-free in ath9k_hif_usb_rx_cb |
| CVE-2022-1729: (unk) perf: Fix sys_perf_event_open() race against self |
| CVE-2022-1734: (unk) nfc: nfcmrvl: main: reorder destructive operations in nfcmrvl_nci_unregister_dev to avoid bugs |
| CVE-2022-1789: (unk) KVM: x86/mmu: fix NULL pointer dereference on guest INVPCID |
| CVE-2022-1836: (unk) floppy: disable FDRAWCMD by default |
| CVE-2022-1852: (unk) KVM: x86: avoid calling x86 emulator without a decoded instruction |
| CVE-2022-1943: (unk) udf: Avoid using stale lengthOfImpUse |
| CVE-2022-1966: (unk) netfilter: nf_tables: disallow non-stateful expression in sets earlier |
| CVE-2022-1972: (unk) netfilter: nf_tables: sanitize nft_set_desc_concat_parse() |
| CVE-2022-1973: (unk) fs/ntfs3: Fix invalid free in log_replay |
| CVE-2022-1974: (unk) nfc: replace improper check device_is_registered() in netlink related functions |
| CVE-2022-1975: (unk) NFC: netlink: fix sleep in atomic bug when firmware download timeout |
| CVE-2022-20421: (unk) binder: fix UAF of ref->proc caused by race condition |
| CVE-2022-20422: (unk) arm64: fix oops in concurrently setting insn_emulation sysctls |
| CVE-2022-20566: (unk) Bluetooth: L2CAP: Fix use-after-free caused by l2cap_chan_put |
| CVE-2022-20572: (unk) dm verity: set DM_TARGET_IMMUTABLE feature flag |
| CVE-2022-2078: (unk) netfilter: nf_tables: sanitize nft_set_desc_concat_parse() |
| CVE-2022-21123: (unk) x86/speculation/mmio: Add mitigation for Processor MMIO Stale Data |
| CVE-2022-21125: (unk) x86/speculation/mmio: Reuse SRBDS mitigation for SBDS |
| CVE-2022-21166: (unk) x86/speculation/mmio: Enable CPU Fill buffer clearing on idle |
| CVE-2022-21499: (unk) lockdown: also lock down previous kgdb use |
| CVE-2022-21505: (unk) lockdown: Fix kexec lockdown bypass with ima policy |
| CVE-2022-2196: (unk) KVM: VMX: Execute IBPB on emulated VM-exit when guest has IBRS |
| CVE-2022-2209: (unk) |
| CVE-2022-2308: (unk) vduse: prevent uninitialized memory accesses |
| CVE-2022-2318: (unk) net: rose: fix UAF bugs caused by timer handler |
| CVE-2022-23816: (unk) x86/kvm/vmx: Make noinstr clean |
| CVE-2022-23825: (unk) |
| CVE-2022-24122: (unk) ucount: Make get_ucount a safe get_user replacement |
| CVE-2022-2503: (unk) dm verity: set DM_TARGET_IMMUTABLE feature flag |
| CVE-2022-25265: (unk) |
| CVE-2022-2585: (unk) posix-cpu-timers: Cleanup CPU timers before freeing them during exec |
| CVE-2022-2586: (unk) netfilter: nf_tables: do not allow SET_ID to refer to another table |
| CVE-2022-2588: (unk) net_sched: cls_route: remove from list when handle is 0 |
| CVE-2022-2590: (unk) mm/gup: fix FOLL_FORCE COW security issue and remove FOLL_COW |
| CVE-2022-2602: (unk) io_uring/af_unix: defer registered files gc to io_uring release |
| CVE-2022-26365: (unk) xen/blkfront: fix leaking data in shared pages |
| CVE-2022-26373: (unk) x86/speculation: Add RSB VM Exit protections |
| CVE-2022-2639: (unk) openvswitch: fix OOB access in reserve_sfa_size() |
| CVE-2022-2663: (unk) netfilter: nf_conntrack_irc: Fix forged IP logic |
| CVE-2022-26878: (unk) |
| CVE-2022-27672: (unk) x86/speculation: Identify processors vulnerable to SMT RSB predictions |
| CVE-2022-2873: (unk) i2c: ismt: prevent memory corruption in ismt_access() |
| CVE-2022-2905: (unk) bpf: Don't use tnum_range on array range checking for poke descriptors |
| CVE-2022-29581: (unk) net/sched: cls_u32: fix netns refcount changes in u32_change() |
| CVE-2022-2959: (unk) pipe: Fix missing lock in pipe_resize_ring() |
| CVE-2022-2961: (unk) |
| CVE-2022-2978: (unk) fs: fix UAF/GPF bug in nilfs_mdt_destroy |
| CVE-2022-29900: (unk) x86/kvm/vmx: Make noinstr clean |
| CVE-2022-29901: (unk) x86/kvm/vmx: Make noinstr clean |
| CVE-2022-29968: (unk) io_uring: fix uninitialized field in rw io_kiocb |
| CVE-2022-3028: (unk) af_key: Do not call xfrm_probe_algs in parallel |
| CVE-2022-3061: (unk) video: fbdev: i740fb: Error out if 'pixclock' equals zero |
| CVE-2022-3077: (unk) i2c: ismt: prevent memory corruption in ismt_access() |
| CVE-2022-3104: (unk) lkdtm/bugs: Check for the NULL pointer after calling kmalloc |
| CVE-2022-3110: (unk) staging: r8188eu: add check for kzalloc |
| CVE-2022-3114: (unk) clk: imx: Add check for kcalloc |
| CVE-2022-3115: (unk) drm: mali-dp: potential dereference of null pointer |
| CVE-2022-3169: (unk) nvme: ensure subsystem reset is single threaded |
| CVE-2022-3176: (unk) io_uring: fix UAF due to missing POLLFREE handling |
| CVE-2022-32250: (unk) netfilter: nf_tables: disallow non-stateful expression in sets earlier |
| CVE-2022-32296: (unk) tcp: increase source port perturb table to 2^16 |
| CVE-2022-3238: (unk) |
| CVE-2022-32981: (unk) powerpc/32: Fix overread/overwrite of thread_struct via ptrace |
| CVE-2022-3303: (unk) ALSA: pcm: oss: Fix race at SNDCTL_DSP_SYNC |
| CVE-2022-3344: (unk) KVM: x86: nSVM: harden svm_free_nested against freeing vmcb02 while still in use |
| CVE-2022-33740: (unk) xen/netfront: fix leaking data in shared pages |
| CVE-2022-33741: (unk) xen/netfront: force data bouncing when backend is untrusted |
| CVE-2022-33742: (unk) xen/blkfront: force data bouncing when backend is untrusted |
| CVE-2022-33743: (unk) xen-netfront: restore __skb_queue_tail() positioning in xennet_get_responses() |
| CVE-2022-33744: (unk) xen/arm: Fix race in RB-tree based P2M accounting |
| CVE-2022-33981: (unk) floppy: disable FDRAWCMD by default |
| CVE-2022-3424: (unk) misc: sgi-gru: fix use-after-free error in gru_set_context_option, gru_fault and gru_handle_user_call_os |
| CVE-2022-34494: (unk) rpmsg: virtio: Fix possible double free in rpmsg_virtio_add_ctrl_dev() |
| CVE-2022-34495: (unk) rpmsg: virtio: Fix possible double free in rpmsg_probe() |
| CVE-2022-34918: (unk) netfilter: nf_tables: stricter validation of element data |
| CVE-2022-3521: (unk) kcm: avoid potential race in kcm_tx_work |
| CVE-2022-3522: (unk) mm/hugetlb: use hugetlb_pte_stable in migration race check |
| CVE-2022-3523: (unk) mm/memory.c: fix race when faulting a device private page |
| CVE-2022-3524: (unk) tcp/udp: Fix memory leak in ipv6_renew_options(). |
| CVE-2022-3526: (unk) macvlan: Fix leaking skb in source mode with nodst option |
| CVE-2022-3533: (unk) |
| CVE-2022-3534: (unk) libbpf: Fix use-after-free in btf_dump_name_dups |
| CVE-2022-3535: (unk) net: mvpp2: fix mvpp2 debugfs leak |
| CVE-2022-3542: (unk) bnx2x: fix potential memory leak in bnx2x_tpa_stop() |
| CVE-2022-3543: (unk) af_unix: Fix memory leaks of the whole sk due to OOB skb. |
| CVE-2022-3545: (unk) nfp: fix use-after-free in area_cache_get() |
| CVE-2022-3564: (unk) Bluetooth: L2CAP: Fix use-after-free caused by l2cap_reassemble_sdu |
| CVE-2022-3565: (unk) mISDN: fix use-after-free bugs in l1oip timer handlers |
| CVE-2022-3566: (unk) tcp: Fix data races around icsk->icsk_af_ops. |
| CVE-2022-3567: (unk) ipv6: Fix data races around sk->sk_prot. |
| CVE-2022-3577: (unk) HID: bigben: fix slab-out-of-bounds Write in bigben_probe |
| CVE-2022-3586: (unk) sch_sfb: Don't assume the skb is still around after enqueueing to child |
| CVE-2022-3594: (unk) r8152: Rate limit overflow messages |
| CVE-2022-3595: (unk) cifs: fix double-fault crash during ntlmssp |
| CVE-2022-3606: (unk) |
| CVE-2022-36123: (unk) x86: Clear .brk area at early boot |
| CVE-2022-3619: (unk) Bluetooth: L2CAP: Fix memory leak in vhci_write |
| CVE-2022-3621: (unk) nilfs2: fix NULL pointer dereference at nilfs_bmap_lookup_at_level() |
| CVE-2022-3623: (unk) mm/hugetlb: fix races when looking up a CONT-PTE/PMD size hugetlb page |
| CVE-2022-3624: (unk) bonding: fix reference count leak in balance-alb mode |
| CVE-2022-3625: (unk) devlink: Fix use-after-free after a failed reload |
| CVE-2022-3628: (unk) wifi: brcmfmac: Fix potential buffer overflow in brcmf_fweh_event_worker() |
| CVE-2022-36280: (unk) drm/vmwgfx: Validate the box size for the snooped cursor |
| CVE-2022-3629: (unk) vsock: Fix memory leak in vsock_connect() |
| CVE-2022-3633: (unk) can: j1939: j1939_session_destroy(): fix memory leak of skbs |
| CVE-2022-3635: (unk) atm: idt77252: fix use-after-free bugs caused by tst_timer |
| CVE-2022-3636: (unk) net: ethernet: mtk_eth_soc: use after free in __mtk_ppe_check_skb() |
| CVE-2022-36402: (unk) drm/vmwgfx: Fix shader stage validation |
| CVE-2022-3642: (unk) |
| CVE-2022-3643: (unk) xen/netback: Ensure protocol headers don't fall in the non-linear area |
| CVE-2022-3646: (unk) nilfs2: fix leak of nilfs_root in case of writer thread creation failure |
| CVE-2022-3649: (unk) nilfs2: fix use-after-free bug of struct nilfs_root |
| CVE-2022-36879: (unk) xfrm: xfrm_policy: fix a possible double xfrm_pols_put() in xfrm_bundle_lookup() |
| CVE-2022-36946: (unk) netfilter: nf_queue: do not allow packet truncation below transport header offset |
| CVE-2022-3707: (unk) drm/i915/gvt: fix double free bug in split_2MB_gtt_entry |
| CVE-2022-38096: (unk) |
| CVE-2022-38457: (unk) drm/vmwgfx: Remove rcu locks from user resources |
| CVE-2022-3903: (unk) media: mceusb: Use new usb_control_msg_*() routines |
| CVE-2022-39188: (unk) mmu_gather: Force tlb-flush VM_PFNMAP vmas |
| CVE-2022-39189: (unk) KVM: x86: do not report a vCPU as preempted outside instruction boundaries |
| CVE-2022-39190: (unk) netfilter: nf_tables: disallow binding to already bound chain |
| CVE-2022-39842: (unk) video: fbdev: pxa3xx-gcu: Fix integer overflow in pxa3xx_gcu_write |
| CVE-2022-40133: (unk) drm/vmwgfx: Remove rcu locks from user resources |
| CVE-2022-40307: (unk) efi: capsule-loader: Fix use-after-free in efi_capsule_write |
| CVE-2022-40768: (unk) scsi: stex: Properly zero out the passthrough command structure |
| CVE-2022-4095: (unk) staging: rtl8712: fix use after free bugs |
| CVE-2022-40982: (unk) x86/speculation: Add Gather Data Sampling mitigation |
| CVE-2022-41218: (unk) media: dvb-core: Fix UAF due to refcount races at releasing |
| CVE-2022-4129: (unk) l2tp: Serialize access to sk_user_data with sk_callback_lock |
| CVE-2022-41674: (unk) wifi: cfg80211: fix u8 overflow in cfg80211_update_notlisted_nontrans() |
| CVE-2022-41848: (unk) |
| CVE-2022-41849: (unk) fbdev: smscufx: Fix use-after-free in ufx_ops_open() |
| CVE-2022-41850: (unk) HID: roccat: Fix use-after-free in roccat_read() |
| CVE-2022-41858: (unk) drivers: net: slip: fix NPD bug in sl_tx_timeout() |
| CVE-2022-42328: (unk) xen/netback: don't call kfree_skb() with interrupts disabled |
| CVE-2022-42329: (unk) xen/netback: don't call kfree_skb() with interrupts disabled |
| CVE-2022-42432: (unk) netfilter: nfnetlink_osf: fix possible bogus match in nf_osf_find() |
| CVE-2022-4269: (unk) act_mirred: use the backlog for nested calls to mirred ingress |
| CVE-2022-42703: (unk) mm/rmap: Fix anon_vma->degree ambiguity leading to double-reuse |
| CVE-2022-42719: (unk) wifi: mac80211: fix MBSSID parsing use-after-free |
| CVE-2022-42720: (unk) wifi: cfg80211: fix BSS refcounting bugs |
| CVE-2022-42721: (unk) wifi: cfg80211: avoid nontransmitted BSS list corruption |
| CVE-2022-42722: (unk) wifi: mac80211: fix crash in beacon protection for P2P-device |
| CVE-2022-42895: (unk) Bluetooth: L2CAP: Fix attempting to access uninitialized memory |
| CVE-2022-42896: (unk) Bluetooth: L2CAP: Fix accepting connection request for invalid SPSM |
| CVE-2022-43750: (unk) usb: mon: make mmapped memory read only |
| CVE-2022-4378: (unk) proc: proc_skip_spaces() shouldn't think it is working on C strings |
| CVE-2022-4379: (unk) NFSD: fix use-after-free in __nfs42_ssc_open() |
| CVE-2022-4382: (unk) USB: gadgetfs: Fix race between mounting and unmounting |
| CVE-2022-43945: (unk) NFSD: Protect against send buffer overflow in NFSv2 READDIR |
| CVE-2022-44032: (unk) char: pcmcia: remove all the drivers |
| CVE-2022-44033: (unk) char: pcmcia: remove all the drivers |
| CVE-2022-44034: (unk) char: pcmcia: remove all the drivers |
| CVE-2022-4543: (unk) |
| CVE-2022-45869: (unk) KVM: x86/mmu: Fix race condition in direct_page_fault |
| CVE-2022-45884: (unk) |
| CVE-2022-45885: (unk) |
| CVE-2022-45886: (unk) media: dvb-core: Fix use-after-free due on race condition at dvb_net |
| CVE-2022-45887: (unk) media: ttusb-dec: fix memory leak in ttusb_dec_exit_dvb() |
| CVE-2022-45888: (unk) char: xillybus: Prevent use-after-free due to race condition |
| CVE-2022-45919: (unk) media: dvb-core: Fix use-after-free due to race condition at dvb_ca_en50221 |
| CVE-2022-45934: (unk) Bluetooth: L2CAP: Fix u8 overflow |
| CVE-2022-4662: (unk) USB: core: Prevent nested device-reset calls |
| CVE-2022-47518: (unk) wifi: wilc1000: validate number of channels |
| CVE-2022-47519: (unk) wifi: wilc1000: validate length of IEEE80211_P2P_ATTR_OPER_CHANNEL attribute |
| CVE-2022-47520: (unk) wifi: wilc1000: validate pairwise and authentication suite offsets |
| CVE-2022-47521: (unk) wifi: wilc1000: validate length of IEEE80211_P2P_ATTR_CHANNEL_LIST attribute |
| CVE-2022-47929: (unk) net: sched: disallow noqueue for qdisc classes |
| CVE-2022-47938: (unk) ksmbd: prevent out of bound read for SMB2_TREE_CONNNECT |
| CVE-2022-47939: (unk) ksmbd: fix use-after-free bug in smb2_tree_disconect |
| CVE-2022-47940: (unk) ksmbd: validate length in smb2_write() |
| CVE-2022-47941: (unk) ksmbd: fix memory leak in smb2_handle_negotiate |
| CVE-2022-47942: (unk) ksmbd: fix heap-based overflow in set_ntacl_dacl() |
| CVE-2022-47943: (unk) ksmbd: prevent out of bound read for SMB2_WRITE |
| CVE-2022-4842: (unk) fs/ntfs3: Fix attr_punch_hole() null pointer derenference |
| CVE-2022-48423: (unk) fs/ntfs3: Validate resident attribute name |
| CVE-2022-48424: (unk) fs/ntfs3: Validate attribute name offset |
| CVE-2022-48425: (unk) fs/ntfs3: Validate MFT flags before replaying logs |
| CVE-2022-48502: (unk) fs/ntfs3: Check fields while reading |
| CVE-2022-48619: (unk) Input: add bounds checking to input_set_capability() |
| CVE-2022-48627: (unk) vt: fix memory overlapping when deleting chars in the buffer |
| CVE-2022-48628: (unk) ceph: drop messages from MDS when unmounting |
| CVE-2023-0045: (unk) x86/bugs: Flush IBP in ib_prctl_set() |
| CVE-2023-0160: (unk) bpf, sockmap: fix deadlocks in the sockhash and sockmap |
| CVE-2023-0179: (unk) netfilter: nft_payload: incorrect arithmetics when fetching VLAN header bits |
| CVE-2023-0210: (unk) ksmbd: check nt_len to be at least CIFS_ENCPWD_SIZE in ksmbd_decode_ntlmssp_auth_blob |
| CVE-2023-0266: (unk) ALSA: pcm: Move rwsem lock inside snd_ctl_elem_read to prevent UAF |
| CVE-2023-0386: (unk) ovl: fail on invalid uid/gid mapping at copy up |
| CVE-2023-0394: (unk) ipv6: raw: Deduct extension header length in rawv6_push_pending_frames |
| CVE-2023-0458: (unk) prlimit: do_prlimit needs to have a speculation check |
| CVE-2023-0459: (unk) uaccess: Add speculation barrier to copy_from_user() |
| CVE-2023-0461: (unk) net/ulp: prevent ULP without clone op from entering the LISTEN status |
| CVE-2023-0590: (unk) net: sched: fix race condition in qdisc_graft() |
| CVE-2023-0597: (unk) x86/mm: Randomize per-cpu entry area |
| CVE-2023-0615: (unk) media: vivid: dev->bitmap_cap wasn't freed in all cases |
| CVE-2023-1073: (unk) HID: check empty report_list in hid_validate_values() |
| CVE-2023-1074: (unk) sctp: fail if no bound addresses can be used for a given scope |
| CVE-2023-1075: (unk) net/tls: tls_is_tx_ready() checked list_entry |
| CVE-2023-1076: (unk) tun: tun_chr_open(): correctly initialize socket uid |
| CVE-2023-1077: (unk) sched/rt: pick_next_rt_entity(): check list_entry |
| CVE-2023-1078: (unk) rds: rds_rm_zerocopy_callback() use list_first_entry() |
| CVE-2023-1079: (unk) HID: asus: use spinlock to safely schedule workers |
| CVE-2023-1095: (unk) netfilter: nf_tables: fix null deref due to zeroed list head |
| CVE-2023-1118: (unk) media: rc: Fix use-after-free bugs caused by ene_tx_irqsim() |
| CVE-2023-1192: (unk) fs/ntfs3: Validate MFT flags before replaying logs |
| CVE-2023-1193: (unk) ksmbd: delete asynchronous work from list |
| CVE-2023-1194: (unk) ksmbd: fix out-of-bound read in parse_lease_state() |
| CVE-2023-1195: (unk) cifs: fix use-after-free caused by invalid pointer `hostname` |
| CVE-2023-1206: (unk) tcp: Reduce chance of collisions in inet6_hashfn(). |
| CVE-2023-1281: (unk) net/sched: tcindex: update imperfect hash filters respecting rcu |
| CVE-2023-1380: (unk) wifi: brcmfmac: slab-out-of-bounds read in brcmf_get_assoc_ies() |
| CVE-2023-1382: (unk) tipc: set con sock in tipc_conn_alloc |
| CVE-2023-1476: (unk) |
| CVE-2023-1513: (unk) kvm: initialize all of the kvm_debugregs structure before sending it to userspace |
| CVE-2023-1611: (unk) btrfs: fix race between quota disable and quota assign ioctls |
| CVE-2023-1652: (unk) NFSD: fix use-after-free in nfsd4_ssc_setup_dul() |
| CVE-2023-1670: (unk) xirc2ps_cs: Fix use after free bug in xirc2ps_detach |
| CVE-2023-1829: (unk) net/sched: Retire tcindex classifier |
| CVE-2023-1838: (unk) Fix double fget() in vhost_net_set_backend() |
| CVE-2023-1855: (unk) hwmon: (xgene) Fix use after free bug in xgene_hwmon_remove due to race condition |
| CVE-2023-1859: (unk) 9p/xen : Fix use after free bug in xen_9pfs_front_remove due to race condition |
| CVE-2023-1872: (unk) io_uring: propagate issue_flags state down to file assignment |
| CVE-2023-1989: (unk) Bluetooth: btsdio: fix use after free bug in btsdio_remove due to unfinished work |
| CVE-2023-1990: (unk) nfc: st-nci: Fix use after free bug in ndlc_remove due to race condition |
| CVE-2023-2002: (unk) bluetooth: Perform careful capability checks in hci_sock_ioctl() |
| CVE-2023-2006: (unk) rxrpc: Fix race between conn bundle lookup and bundle removal [ZDI-CAN-15975] |
| CVE-2023-2007: (unk) scsi: dpt_i2o: Remove obsolete driver |
| CVE-2023-2008: (unk) udmabuf: add back sanity check |
| CVE-2023-2019: (unk) netdevsim: fib: Fix reference count leak on route deletion failure |
| CVE-2023-20569: (unk) x86/bugs: Increase the x86 bugs vector size to two u32s |
| CVE-2023-20588: (unk) x86/CPU/AMD: Do not leak quotient data after a division by 0 |
| CVE-2023-20593: (unk) x86/cpu/amd: Add a Zenbleed fix |
| CVE-2023-20928: (unk) android: binder: stop saving a pointer to the VMA |
| CVE-2023-20941: (unk) |
| CVE-2023-21102: (unk) efi: rt-wrapper: Add missing include |
| CVE-2023-2124: (unk) xfs: verify buffer contents when we skip log replay |
| CVE-2023-21255: (unk) binder: fix UAF caused by faulty buffer cleanup |
| CVE-2023-21400: (unk) |
| CVE-2023-2156: (unk) net: rpl: fix rpl header size calculation |
| CVE-2023-2162: (unk) scsi: iscsi_tcp: Fix UAF during login when accessing the shost ipaddress |
| CVE-2023-2163: (unk) bpf: Fix incorrect verifier pruning due to missing register precision taints |
| CVE-2023-2166: (unk) can: af_can: fix NULL pointer dereference in can_rcv_filter |
| CVE-2023-2176: (unk) RDMA/core: Refactor rdma_bind_addr |
| CVE-2023-2177: (unk) sctp: leave the err path free in sctp_stream_init to sctp_stream_free |
| CVE-2023-2194: (unk) i2c: xgene-slimpro: Fix out-of-bounds bug in xgene_slimpro_i2c_xfer() |
| CVE-2023-2235: (unk) perf: Fix check before add_event_to_groups() in perf_group_detach() |
| CVE-2023-2248: (unk) net: sched: sch_qfq: prevent slab-out-of-bounds in qfq_activate_agg |
| CVE-2023-2269: (unk) dm ioctl: fix nested locking in table_clear() to remove deadlock concern |
| CVE-2023-22995: (unk) usb: dwc3: dwc3-qcom: Add missing platform_device_put() in dwc3_qcom_acpi_register_core |
| CVE-2023-22998: (unk) drm/virtio: Fix NULL vs IS_ERR checking in virtio_gpu_object_shmem_init |
| CVE-2023-23000: (unk) phy: tegra: xusb: Fix return value of tegra_xusb_find_port_node function |
| CVE-2023-23004: (unk) malidp: Fix NULL vs IS_ERR() checking |
| CVE-2023-23039: (unk) |
| CVE-2023-23454: (unk) net: sched: cbq: dont intepret cls results when asked to drop |
| CVE-2023-23455: (unk) net: sched: atm: dont intepret cls results when asked to drop |
| CVE-2023-23559: (unk) wifi: rndis_wlan: Prevent buffer overflow in rndis_query_oid |
| CVE-2023-2483: (unk) net: qcom/emac: Fix use after free bug in emac_remove due to race condition |
| CVE-2023-25012: (unk) HID: bigben: use spinlock to safely schedule workers |
| CVE-2023-2513: (unk) ext4: fix use-after-free in ext4_xattr_set_entry |
| CVE-2023-25775: (unk) RDMA/irdma: Prevent zero-length STAG registration |
| CVE-2023-26242: (unk) |
| CVE-2023-26544: (unk) fs/ntfs3: Fix slab-out-of-bounds read in run_unpack |
| CVE-2023-26545: (unk) net: mpls: fix stale pointer if allocation fails during device rename |
| CVE-2023-26606: (unk) fs/ntfs3: Fix slab-out-of-bounds read in ntfs_trim_fs |
| CVE-2023-26607: (unk) ntfs: fix out-of-bounds read in ntfs_attr_find() |
| CVE-2023-28327: (unk) af_unix: Get user_ns from in_skb in unix_diag_get_exact(). |
| CVE-2023-28328: (unk) media: dvb-usb: az6027: fix null-ptr-deref in az6027_i2c_xfer() |
| CVE-2023-28466: (unk) net: tls: fix possible race condition between do_tls_getsockopt_conf() and do_tls_setsockopt_conf() |
| CVE-2023-2860: (unk) ipv6: sr: fix out-of-bounds read when setting HMAC data. |
| CVE-2023-28746: (unk) x86/mmio: Disable KVM mitigation when X86_FEATURE_CLEAR_CPU_BUF is set |
| CVE-2023-2898: (unk) f2fs: fix to avoid NULL pointer dereference f2fs_write_end_io() |
| CVE-2023-2985: (unk) fs: hfsplus: fix UAF issue in hfsplus_put_super |
| CVE-2023-3006: (unk) arm64: Add AMPERE1 to the Spectre-BHB affected list |
| CVE-2023-30456: (unk) KVM: nVMX: add missing consistency checks for CR0 and CR4 |
| CVE-2023-30772: (unk) power: supply: da9150: Fix use after free bug in da9150_charger_remove due to race condition |
| CVE-2023-3090: (unk) ipvlan:Fix out-of-bounds caused by unclear skb->cb |
| CVE-2023-31081: (unk) |
| CVE-2023-31082: (unk) |
| CVE-2023-31083: (unk) Bluetooth: hci_ldisc: check HCI_UART_PROTO_READY flag in HCIUARTGETPROTO |
| CVE-2023-31084: (unk) media: dvb-core: Fix kernel WARNING for blocking operation in wait_event*() |
| CVE-2023-31085: (unk) ubi: Refuse attaching if mtd's erasesize is 0 |
| CVE-2023-3111: (unk) btrfs: unset reloc control if transaction commit fails in prepare_to_relocate() |
| CVE-2023-3117: (unk) netfilter: nf_tables: incorrect error path handling with NFT_MSG_NEWRULE |
| CVE-2023-31248: (unk) netfilter: nf_tables: do not ignore genmask when looking up chain by id |
| CVE-2023-3141: (unk) memstick: r592: Fix UAF bug in r592_remove due to race condition |
| CVE-2023-31436: (unk) net: sched: sch_qfq: prevent slab-out-of-bounds in qfq_activate_agg |
| CVE-2023-3159: (unk) firewire: fix potential uaf in outbound_phy_packet_callback() |
| CVE-2023-3161: (unk) fbcon: Check font dimension limits |
| CVE-2023-3212: (unk) gfs2: Don't deref jdesc in evict |
| CVE-2023-3220: (unk) drm/msm/dpu: Add check for pstates |
| CVE-2023-32233: (unk) netfilter: nf_tables: deactivate anonymous set from preparation phase |
| CVE-2023-32247: (unk) ksmbd: destroy expired sessions |
| CVE-2023-32248: (unk) ksmbd: fix NULL pointer dereference in smb2_get_info_filesystem() |
| CVE-2023-32250: (unk) ksmbd: fix racy issue from session setup and logoff |
| CVE-2023-32252: (unk) ksmbd: fix racy issue from session setup and logoff |
| CVE-2023-32254: (unk) ksmbd: fix racy issue under cocurrent smb2 tree disconnect |
| CVE-2023-32257: (unk) ksmbd: fix racy issue from session setup and logoff |
| CVE-2023-32258: (unk) ksmbd: fix racy issue from smb2 close and logoff with multichannel |
| CVE-2023-32269: (unk) netrom: Fix use-after-free caused by accept on already connected socket |
| CVE-2023-3268: (unk) relayfs: fix out-of-bounds access in relay_file_read |
| CVE-2023-33203: (unk) net: qcom/emac: Fix use after free bug in emac_remove due to race condition |
| CVE-2023-33288: (unk) power: supply: bq24190: Fix use after free bug in bq24190_remove due to race condition |
| CVE-2023-3338: (unk) Remove DECnet support from kernel |
| CVE-2023-3355: (unk) drm/msm/gem: Add check for kmalloc |
| CVE-2023-3357: (unk) HID: amd_sfh: Add missing check for dma_alloc_coherent |
| CVE-2023-3358: (unk) HID: intel_ish-hid: Add check for ishtp_dma_tx_map |
| CVE-2023-3389: (unk) io_uring: mutex locked poll hashing |
| CVE-2023-3390: (unk) netfilter: nf_tables: incorrect error path handling with NFT_MSG_NEWRULE |
| CVE-2023-3397: (unk) |
| CVE-2023-34255: (unk) xfs: verify buffer contents when we skip log replay |
| CVE-2023-34256: (unk) ext4: avoid a potential slab-out-of-bounds in ext4_group_desc_csum |
| CVE-2023-34324: (unk) xen/events: replace evtchn_rwlock with RCU |
| CVE-2023-3439: (unk) mctp: defer the kfree of object mdev->addrs |
| CVE-2023-35001: (unk) netfilter: nf_tables: prevent OOB access in nft_byteorder_eval |
| CVE-2023-3567: (unk) vc_screen: move load of struct vc_data pointer in vcs_read() to avoid UAF |
| CVE-2023-35788: (unk) net/sched: flower: fix possible OOB write in fl_set_geneve_opt() |
| CVE-2023-35823: (unk) media: saa7134: fix use after free bug in saa7134_finidev due to race condition |
| CVE-2023-35824: (unk) media: dm1105: Fix use after free bug in dm1105_remove due to race condition |
| CVE-2023-35827: (unk) ravb: Fix use-after-free issue in ravb_tx_timeout_work() |
| CVE-2023-35828: (unk) usb: gadget: udc: renesas_usb3: Fix use after free bug in renesas_usb3_remove due to race condition |
| CVE-2023-35829: (unk) media: rkvdec: fix use after free bug in rkvdec_remove |
| CVE-2023-3609: (unk) net/sched: cls_u32: Fix reference counter leak leading to overflow |
| CVE-2023-3610: (unk) netfilter: nf_tables: fix chain binding transaction logic |
| CVE-2023-3611: (unk) net/sched: sch_qfq: account for stab overhead in qfq_enqueue |
| CVE-2023-3640: (unk) |
| CVE-2023-37454: (unk) |
| CVE-2023-3772: (unk) xfrm: add NULL check in xfrm_update_ae_params |
| CVE-2023-3776: (unk) net/sched: cls_fw: Fix improper refcount update leads to use-after-free |
| CVE-2023-3777: (unk) netfilter: nf_tables: skip bound chain on rule flush |
| CVE-2023-3812: (unk) net: tun: fix bugs for oversize packet when napi frags enabled |
| CVE-2023-38426: (unk) ksmbd: fix global-out-of-bounds in smb2_find_context_vals |
| CVE-2023-38427: (unk) ksmbd: fix out-of-bound read in deassemble_neg_contexts() |
| CVE-2023-38428: (unk) ksmbd: fix wrong UserName check in session_user |
| CVE-2023-38429: (unk) ksmbd: allocate one more byte for implied bcc[0] |
| CVE-2023-38430: (unk) ksmbd: validate smb request protocol id |
| CVE-2023-38431: (unk) ksmbd: check the validation of pdu_size in ksmbd_conn_handler_loop |
| CVE-2023-38432: (unk) ksmbd: validate command payload size |
| CVE-2023-3863: (unk) net: nfc: Fix use-after-free caused by nfc_llcp_find_local |
| CVE-2023-3865: (unk) ksmbd: fix out-of-bound read in smb2_write |
| CVE-2023-3866: (unk) ksmbd: validate session id and tree id in the compound request |
| CVE-2023-3867: (unk) ksmbd: add missing compound request handing in some commands |
| CVE-2023-39189: (unk) netfilter: nfnetlink_osf: avoid OOB read |
| CVE-2023-39192: (unk) netfilter: xt_u32: validate user space input |
| CVE-2023-39193: (unk) netfilter: xt_sctp: validate the flag_info count |
| CVE-2023-39194: (unk) net: xfrm: Fix xfrm_address_filter OOB read |
| CVE-2023-39197: (unk) netfilter: conntrack: dccp: copy entire header to stack buffer, not just basic one |
| CVE-2023-39198: (unk) drm/qxl: fix UAF on handle creation |
| CVE-2023-4004: (unk) netfilter: nft_set_pipapo: fix improper element removal |
| CVE-2023-4010: (unk) |
| CVE-2023-4015: (unk) netfilter: nf_tables: skip immediate deactivate in _PREPARE_ERROR |
| CVE-2023-40283: (unk) Bluetooth: L2CAP: Fix use-after-free in l2cap_sock_ready_cb |
| CVE-2023-4128: (unk) net/sched: cls_u32: No longer copy tcf_result on update to avoid use-after-free |
| CVE-2023-4132: (unk) media: usb: siano: Fix warning due to null work_func_t function pointer |
| CVE-2023-4133: (unk) cxgb4: fix use after free bugs caused by circular dependency problem |
| CVE-2023-4134: (unk) Input: cyttsp4_core - change del_timer_sync() to timer_shutdown_sync() |
| CVE-2023-4147: (unk) netfilter: nf_tables: disallow rule addition to bound chain via NFTA_RULE_CHAIN_ID |
| CVE-2023-4155: (unk) KVM: SEV: only access GHCB fields once |
| CVE-2023-4206: (unk) net/sched: cls_route: No longer copy tcf_result on update to avoid use-after-free |
| CVE-2023-4207: (unk) net/sched: cls_fw: No longer copy tcf_result on update to avoid use-after-free |
| CVE-2023-4208: (unk) net/sched: cls_u32: No longer copy tcf_result on update to avoid use-after-free |
| CVE-2023-4244: (unk) netfilter: nf_tables: fix GC transaction races with netns and netlink event exit path |
| CVE-2023-4273: (unk) exfat: check if filename entries exceeds max filename length |
| CVE-2023-42752: (unk) igmp: limit igmpv3_newpack() packet size to IP_MAX_MTU |
| CVE-2023-42753: (unk) netfilter: ipset: add the missing IP_SET_HASH_WITH_NET0 macro for ip_set_hash_netportnet.c |
| CVE-2023-42754: (unk) ipv4: fix null-deref in ipv4_link_failure |
| CVE-2023-42755: (unk) net/sched: Retire rsvp classifier |
| CVE-2023-4385: (unk) fs: jfs: fix possible NULL pointer dereference in dbFree() |
| CVE-2023-4387: (unk) net: vmxnet3: fix possible use-after-free bugs in vmxnet3_rq_alloc_rx_buf() |
| CVE-2023-4389: (unk) btrfs: fix root ref counts in error handling in btrfs_get_root_ref |
| CVE-2023-4394: (unk) btrfs: fix possible memory leak in btrfs_get_dev_args_from_path() |
| CVE-2023-44466: (unk) libceph: harden msgr2.1 frame segment length checks |
| CVE-2023-4459: (unk) net: vmxnet3: fix possible NULL pointer dereference in vmxnet3_rq_cleanup() |
| CVE-2023-4563: (unk) netfilter: nf_tables: don't skip expired elements during walk |
| CVE-2023-4569: (unk) netfilter: nf_tables: deactivate catchall elements in next generation |
| CVE-2023-45862: (unk) USB: ene_usb6250: Allocate enough memory for full object |
| CVE-2023-45863: (unk) kobject: Fix slab-out-of-bounds in fill_kobj_path() |
| CVE-2023-45871: (unk) igb: set max size RX buffer when store bad packet is enabled |
| CVE-2023-4622: (unk) unix: Convert unix_stream_sendpage() to use MSG_SPLICE_PAGES |
| CVE-2023-4623: (unk) net/sched: sch_hfsc: Ensure inner classes have fsc curve |
| CVE-2023-46343: (unk) nfc: nci: fix possible NULL pointer dereference in send_acknowledge() |
| CVE-2023-46813: (unk) x86/sev: Check for user-space IOIO pointing to kernel space |
| CVE-2023-46838: (unk) xen-netback: don't produce zero-size SKB frags |
| CVE-2023-46862: (unk) io_uring/fdinfo: lock SQ thread while retrieving thread cpu/pid |
| CVE-2023-47233: (unk) wifi: brcmfmac: Fix use-after-free bug in brcmf_cfg80211_detach |
| CVE-2023-4881: (unk) netfilter: nftables: exthdr: fix 4-byte stack OOB write |
| CVE-2023-4921: (unk) net: sched: sch_qfq: Fix UAF in qfq_dequeue() |
| CVE-2023-50431: (unk) accel/habanalabs: fix information leak in sec_attest_info() |
| CVE-2023-51042: (unk) drm/amdgpu: Fix potential fence use-after-free v2 |
| CVE-2023-51043: (unk) drm/atomic: Fix potential use-after-free in nonblocking commits |
| CVE-2023-5158: (unk) vringh: don't use vringh_kiov_advance() in vringh_iov_xfer() |
| CVE-2023-51779: (unk) Bluetooth: af_bluetooth: Fix Use-After-Free in bt_sock_recvmsg |
| CVE-2023-51780: (unk) atm: Fix Use-After-Free in do_vcc_ioctl |
| CVE-2023-51781: (unk) appletalk: Fix Use-After-Free in atalk_ioctl |
| CVE-2023-51782: (unk) net/rose: Fix Use-After-Free in rose_ioctl |
| CVE-2023-5197: (unk) netfilter: nf_tables: disallow rule removal from chain binding |
| CVE-2023-52340: (unk) ipv6: remove max_size check inline with ipv4 |
| CVE-2023-52429: (unk) dm: limit the number of targets and parameter size area |
| CVE-2023-52434: (unk) smb: client: fix potential OOBs in smb2_parse_contexts() |
| CVE-2023-52435: (unk) net: prevent mss overflow in skb_segment() |
| CVE-2023-52436: (unk) f2fs: explicitly null-terminate the xattr list |
| CVE-2023-52438: (unk) binder: fix use-after-free in shinker's callback |
| CVE-2023-52439: (unk) uio: Fix use-after-free in uio_open |
| CVE-2023-52441: (unk) ksmbd: fix out of bounds in init_smb2_rsp_hdr() |
| CVE-2023-52442: (unk) ksmbd: validate session id and tree id in compound request |
| CVE-2023-52443: (unk) apparmor: avoid crash when parsed profile name is empty |
| CVE-2023-52444: (unk) f2fs: fix to avoid dirent corruption |
| CVE-2023-52445: (unk) media: pvrusb2: fix use after free on context disconnection |
| CVE-2023-52447: (unk) bpf: Defer the free of inner map when necessary |
| CVE-2023-52448: (unk) gfs2: Fix kernel NULL pointer dereference in gfs2_rgrp_dump |
| CVE-2023-52449: (unk) mtd: Fix gluebi NULL pointer dereference caused by ftl notifier |
| CVE-2023-52451: (unk) powerpc/pseries/memhp: Fix access beyond end of drmem array |
| CVE-2023-52452: (unk) bpf: Fix accesses to uninit stack slots |
| CVE-2023-52454: (unk) nvmet-tcp: Fix a kernel panic when host sends an invalid H2C PDU length |
| CVE-2023-52456: (unk) serial: imx: fix tx statemachine deadlock |
| CVE-2023-52458: (unk) block: add check that partition length needs to be aligned with block size |
| CVE-2023-52462: (unk) bpf: fix check for attempt to corrupt spilled pointer |
| CVE-2023-52463: (unk) efivarfs: force RO when remounting if SetVariable is not supported |
| CVE-2023-52464: (unk) EDAC/thunderx: Fix possible out-of-bounds string access |
| CVE-2023-52467: (unk) mfd: syscon: Fix null pointer dereference in of_syscon_register() |
| CVE-2023-52469: (unk) drivers/amd/pm: fix a use-after-free in kv_parse_power_table |
| CVE-2023-52470: (unk) drm/radeon: check the alloc_workqueue return value in radeon_crtc_init() |
| CVE-2023-52474: (unk) IB/hfi1: Fix bugs with non-PAGE_SIZE-end multi-iovec user SDMA requests |
| CVE-2023-52475: (unk) Input: powermate - fix use-after-free in powermate_config_complete |
| CVE-2023-52476: (unk) perf/x86/lbr: Filter vsyscall addresses |
| CVE-2023-52477: (unk) usb: hub: Guard against accesses to uninitialized BOS descriptors |
| CVE-2023-52478: (unk) HID: logitech-hidpp: Fix kernel crash on receiver USB disconnect |
| CVE-2023-52479: (unk) ksmbd: fix uaf in smb20_oplock_break_ack |
| CVE-2023-52480: (unk) ksmbd: fix race condition between session lookup and expire |
| CVE-2023-52481: (unk) arm64: errata: Add Cortex-A520 speculative unprivileged load workaround |
| CVE-2023-52482: (unk) x86/srso: Add SRSO mitigation for Hygon processors |
| CVE-2023-52483: (unk) mctp: perform route lookups under a RCU read-side lock |
| CVE-2023-52484: (unk) iommu/arm-smmu-v3: Fix soft lockup triggered by arm_smmu_mm_invalidate_range |
| CVE-2023-52485: (unk) drm/amd/display: Wake DMCUB before sending a command |
| CVE-2023-52486: (unk) drm: Don't unref the same fb many times by mistake due to deadlock handling |
| CVE-2023-52488: (unk) serial: sc16is7xx: convert from _raw_ to _noinc_ regmap functions for FIFO |
| CVE-2023-52489: (unk) mm/sparsemem: fix race in accessing memory_section->usage |
| CVE-2023-52491: (unk) media: mtk-jpeg: Fix use after free bug due to error path handling in mtk_jpeg_dec_device_run |
| CVE-2023-52492: (unk) dmaengine: fix NULL pointer in channel unregistration function |
| CVE-2023-52493: (unk) bus: mhi: host: Drop chan lock before queuing buffers |
| CVE-2023-52494: (unk) bus: mhi: host: Add alignment check for event ring read pointer |
| CVE-2023-52497: (unk) erofs: fix lz4 inplace decompression |
| CVE-2023-52498: (unk) PM: sleep: Fix possible deadlocks in core system-wide PM code |
| CVE-2023-52499: (unk) powerpc/47x: Fix 47x syscall return crash |
| CVE-2023-52500: (unk) scsi: pm80xx: Avoid leaking tags when processing OPC_INB_SET_CONTROLLER_CONFIG command |
| CVE-2023-52501: (unk) ring-buffer: Do not attempt to read past "commit" |
| CVE-2023-52502: (unk) net: nfc: fix races in nfc_llcp_sock_get() and nfc_llcp_sock_get_sn() |
| CVE-2023-52503: (unk) tee: amdtee: fix use-after-free vulnerability in amdtee_close_session |
| CVE-2023-52504: (unk) x86/alternatives: Disable KASAN in apply_alternatives() |
| CVE-2023-52506: (unk) LoongArch: Set all reserved memblocks on Node#0 at initialization |
| CVE-2023-52507: (unk) nfc: nci: assert requested protocol is valid |
| CVE-2023-52508: (unk) nvme-fc: Prevent null pointer dereference in nvme_fc_io_getuuid() |
| CVE-2023-52509: (unk) ravb: Fix use-after-free issue in ravb_tx_timeout_work() |
| CVE-2023-52510: (unk) ieee802154: ca8210: Fix a potential UAF in ca8210_probe |
| CVE-2023-52511: (unk) spi: sun6i: reduce DMA RX transfer width to single byte |
| CVE-2023-52513: (unk) RDMA/siw: Fix connection failure handling |
| CVE-2023-52515: (unk) RDMA/srp: Do not call scsi_done() from srp_abort() |
| CVE-2023-52516: (unk) dma-debug: don't call __dma_entry_alloc_check_leak() under free_entries_lock |
| CVE-2023-52517: (unk) spi: sun6i: fix race between DMA RX transfer completion and RX FIFO drain |
| CVE-2023-52518: (unk) Bluetooth: hci_codec: Fix leaking content of local_codecs |
| CVE-2023-52519: (unk) HID: intel-ish-hid: ipc: Disable and reenable ACPI GPE bit |
| CVE-2023-52520: (unk) platform/x86: think-lmi: Fix reference leak |
| CVE-2023-52522: (unk) net: fix possible store tearing in neigh_periodic_work() |
| CVE-2023-52523: (unk) bpf, sockmap: Reject sk_msg egress redirects to non-TCP sockets |
| CVE-2023-52527: (unk) ipv4, ipv6: Fix handling of transhdrlen in __ip{,6}_append_data() |
| CVE-2023-52528: (unk) net: usb: smsc75xx: Fix uninit-value access in __smsc75xx_read_reg |
| CVE-2023-52529: (unk) HID: sony: Fix a potential memory leak in sony_probe() |
| CVE-2023-52530: (unk) wifi: mac80211: fix potential key use-after-free |
| CVE-2023-52531: (unk) wifi: iwlwifi: mvm: Fix a memory corruption issue |
| CVE-2023-52532: (unk) net: mana: Fix TX CQE error handling |
| CVE-2023-52559: (unk) iommu/vt-d: Avoid memory allocation in iommu_suspend() |
| CVE-2023-52560: (unk) mm/damon/vaddr-test: fix memory leak in damon_do_test_apply_three_regions() |
| CVE-2023-52561: (unk) arm64: dts: qcom: sdm845-db845c: Mark cont splash memory region as reserved |
| CVE-2023-52563: (unk) drm/meson: fix memory leak on ->hpd_notify callback |
| CVE-2023-52565: (unk) media: uvcvideo: Fix OOB read |
| CVE-2023-52566: (unk) nilfs2: fix potential use after free in nilfs_gccache_submit_read_data() |
| CVE-2023-52568: (unk) x86/sgx: Resolves SECS reclaim vs. page fault for EAUG race |
| CVE-2023-52569: (unk) btrfs: remove BUG() after failure to insert delayed dir index item |
| CVE-2023-52571: (unk) power: supply: rk817: Fix node refcount leak |
| CVE-2023-52572: (unk) cifs: Fix UAF in cifs_demultiplex_thread() |
| CVE-2023-52573: (unk) net: rds: Fix possible NULL-pointer dereference |
| CVE-2023-52574: (unk) team: fix null-ptr-deref when team device type is changed |
| CVE-2023-52576: (unk) x86/mm, kexec, ima: Use memblock_free_late() from ima_free_kexec_buffer() |
| CVE-2023-52578: (unk) net: bridge: use DEV_STATS_INC() |
| CVE-2023-52580: (unk) net/core: Fix ETH_P_1588 flow dissector |
| CVE-2023-52582: (unk) netfs: Only call folio_start_fscache() one time for each folio |
| CVE-2023-52583: (unk) ceph: fix deadlock or deadcode of misusing dget() |
| CVE-2023-52584: (unk) spmi: mediatek: Fix UAF on device remove |
| CVE-2023-52585: (unk) drm/amdgpu: Fix possible NULL dereference in amdgpu_ras_query_error_status_helper() |
| CVE-2023-52586: (unk) drm/msm/dpu: Add mutex lock in control vblank irq |
| CVE-2023-52587: (unk) IB/ipoib: Fix mcast list locking |
| CVE-2023-52588: (unk) f2fs: fix to tag gcing flag on page during block migration |
| CVE-2023-52589: (unk) media: rkisp1: Fix IRQ disable race issue |
| CVE-2023-52590: (unk) ocfs2: Avoid touching renamed directory if parent does not change |
| CVE-2023-52591: (unk) reiserfs: Avoid touching renamed directory if parent does not change |
| CVE-2023-52593: (unk) wifi: wfx: fix possible NULL pointer dereference in wfx_set_mfp_ap() |
| CVE-2023-52594: (unk) wifi: ath9k: Fix potential array-index-out-of-bounds read in ath9k_htc_txstatus() |
| CVE-2023-52595: (unk) wifi: rt2x00: restart beacon queue when hardware reset |
| CVE-2023-52596: (unk) sysctl: Fix out of bounds access for empty sysctl registers |
| CVE-2023-52597: (unk) KVM: s390: fix setting of fpc register |
| CVE-2023-52598: (unk) s390/ptrace: handle setting of fpc register correctly |
| CVE-2023-52599: (unk) jfs: fix array-index-out-of-bounds in diNewExt |
| CVE-2023-52600: (unk) jfs: fix uaf in jfs_evict_inode |
| CVE-2023-52601: (unk) jfs: fix array-index-out-of-bounds in dbAdjTree |
| CVE-2023-52602: (unk) jfs: fix slab-out-of-bounds Read in dtSearch |
| CVE-2023-52603: (unk) UBSAN: array-index-out-of-bounds in dtSplitRoot |
| CVE-2023-52604: (unk) FS:JFS:UBSAN:array-index-out-of-bounds in dbAdjTree |
| CVE-2023-52606: (unk) powerpc/lib: Validate size for vector operations |
| CVE-2023-52607: (unk) powerpc/mm: Fix null-pointer dereference in pgtable_cache_add |
| CVE-2023-52608: (unk) firmware: arm_scmi: Check mailbox/SMT channel for consistency |
| CVE-2023-52609: (unk) binder: fix race between mmput() and do_exit() |
| CVE-2023-52610: (unk) net/sched: act_ct: fix skb leak and crash on ooo frags |
| CVE-2023-52612: (unk) crypto: scomp - fix req->dst buffer overflow |
| CVE-2023-52614: (unk) PM / devfreq: Fix buffer overflow in trans_stat_show |
| CVE-2023-52615: (unk) hwrng: core - Fix page fault dead lock on mmap-ed hwrng |
| CVE-2023-52616: (unk) crypto: lib/mpi - Fix unexpected pointer access in mpi_ec_init |
| CVE-2023-52617: (unk) PCI: switchtec: Fix stdev_release() crash after surprise hot remove |
| CVE-2023-52618: (unk) block/rnbd-srv: Check for unlikely string overflow |
| CVE-2023-52619: (unk) pstore/ram: Fix crash when setting number of cpus to an odd number |
| CVE-2023-52620: (unk) netfilter: nf_tables: disallow timeout for anonymous sets |
| CVE-2023-52621: (unk) bpf: Check rcu_read_lock_trace_held() before calling bpf map helpers |
| CVE-2023-52622: (unk) ext4: avoid online resizing failures due to oversized flex bg |
| CVE-2023-52623: (unk) SUNRPC: Fix a suspicious RCU usage warning |
| CVE-2023-52624: (unk) drm/amd/display: Wake DMCUB before executing GPINT commands |
| CVE-2023-52625: (unk) drm/amd/display: Refactor DMCUB enter/exit idle interface |
| CVE-2023-52627: (unk) iio: adc: ad7091r: Allow users to configure device events |
| CVE-2023-52628: (unk) netfilter: nftables: exthdr: fix 4-byte stack OOB write |
| CVE-2023-52629: (unk) sh: push-switch: Reorder cleanup operations to avoid use-after-free bug |
| CVE-2023-52630: (unk) blk-iocost: Fix an UBSAN shift-out-of-bounds warning |
| CVE-2023-52631: (unk) fs/ntfs3: Fix an NULL dereference bug |
| CVE-2023-52632: (unk) drm/amdkfd: Fix lock dependency warning with srcu |
| CVE-2023-52633: (unk) um: time-travel: fix time corruption |
| CVE-2023-52634: (unk) drm/amd/display: Fix disable_otg_wa logic |
| CVE-2023-52635: (unk) PM / devfreq: Synchronize devfreq_monitor_[start/stop] |
| CVE-2023-52637: (unk) can: j1939: Fix UAF in j1939_sk_match_filter during setsockopt(SO_J1939_FILTER) |
| CVE-2023-52638: (unk) can: j1939: prevent deadlock by changing j1939_socks_lock to rwlock |
| CVE-2023-52639: (unk) KVM: s390: vsie: fix race during shadow creation |
| CVE-2023-52640: (unk) fs/ntfs3: Fix oob in ntfs_listxattr |
| CVE-2023-52641: (unk) fs/ntfs3: Add NULL ptr dereference checking at the end of attr_allocate_frame() |
| CVE-2023-5717: (unk) perf: Disallow mis-matched inherited group reads |
| CVE-2023-6039: (unk) net: usb: lan78xx: reorder cleanup operations to avoid UAF bugs |
| CVE-2023-6040: (unk) netfilter: nf_tables: Reject tables of unsupported family |
| CVE-2023-6121: (unk) nvmet: nul-terminate the NQNs passed in the connect command |
| CVE-2023-6176: (unk) net/tls: do not free tls_rec on async operation in bpf_exec_tx_verdict() |
| CVE-2023-6240: (unk) |
| CVE-2023-6270: (unk) aoe: fix the potential use-after-free problem in aoecmd_cfg_pkts |
| CVE-2023-6356: (unk) nvmet-tcp: Fix a kernel panic when host sends an invalid H2C PDU length |
| CVE-2023-6535: (unk) |
| CVE-2023-6536: (unk) nvmet-tcp: fix a crash in nvmet_req_complete() |
| CVE-2023-6546: (unk) tty: n_gsm: fix the UAF caused by race condition in gsm_cleanup_mux |
| CVE-2023-6560: (unk) io_uring: don't allow discontig pages for IORING_SETUP_NO_MMAP |
| CVE-2023-6606: (unk) smb: client: fix OOB in smbCalcSize() |
| CVE-2023-6610: (unk) smb: client: fix potential OOB in smb2_dump_detail() |
| CVE-2023-6622: (unk) netfilter: nf_tables: bail out on mismatching dynset and set expressions |
| CVE-2023-6817: (unk) netfilter: nft_set_pipapo: skip inactive elements during set walk |
| CVE-2023-6915: (unk) ida: Fix crash in ida_free when the bitmap is empty |
| CVE-2023-6931: (unk) perf: Fix perf_event_validate_size() |
| CVE-2023-6932: (unk) ipv4: igmp: fix refcnt uaf issue when receiving igmp query packet |
| CVE-2023-7042: (unk) wifi: ath10k: fix NULL pointer dereference in ath10k_wmi_tlv_op_pull_mgmt_tx_compl_ev() |
| CVE-2023-7192: (unk) netfilter: ctnetlink: fix possible refcount leak in ctnetlink_create_conntrack() |
| CVE-2024-0340: (unk) vhost: use kzalloc() instead of kmalloc() followed by memset() |
| CVE-2024-0562: (unk) writeback: avoid use-after-free after removing device |
| CVE-2024-0564: (unk) |
| CVE-2024-0565: (unk) smb: client: fix OOB in receive_encrypted_standard() |
| CVE-2024-0584: (unk) ipv4: igmp: fix refcnt uaf issue when receiving igmp query packet |
| CVE-2024-0607: (unk) netfilter: nf_tables: fix pointer math issue in nft_byteorder_eval() |
| CVE-2024-0639: (unk) sctp: fix potential deadlock on &net->sctp.addr_wq_lock |
| CVE-2024-0641: (unk) tipc: fix a potential deadlock on &tx->lock |
| CVE-2024-0646: (unk) net: tls, update curr on splice as well |
| CVE-2024-0775: (unk) ext4: improve error recovery code paths in __ext4_remount() |
| CVE-2024-0841: (unk) fs,hugetlb: fix NULL pointer dereference in hugetlbs_fill_super |
| CVE-2024-1085: (unk) netfilter: nf_tables: check if catch-all set element is active in next generation |
| CVE-2024-1086: (unk) netfilter: nf_tables: reject QUEUE/DROP verdict parameters |
| CVE-2024-1151: (unk) net: openvswitch: limit the number of recursions from action sets |
| CVE-2024-1312: (unk) mm: lock_vma_under_rcu() must check vma->anon_vma under vma lock |
| CVE-2024-21803: (unk) |
| CVE-2024-2193: (unk) |
| CVE-2024-22099: (unk) Bluetooth: rfcomm: Fix null-ptr-deref in rfcomm_check_security |
| CVE-2024-22386: (unk) |
| CVE-2024-22705: (unk) ksmbd: fix slab-out-of-bounds in smb_strndup_from_utf16() |
| CVE-2024-23196: (unk) ALSA: hda: fix a possible null-pointer dereference due to data race in snd_hdac_regmap_sync() |
| CVE-2024-23307: (unk) md/raid5: fix atomicity violation in raid5_cache_count |
| CVE-2024-23848: (unk) |
| CVE-2024-23849: (unk) net/rds: Fix UBSAN: array-index-out-of-bounds in rds_cmsg_recv |
| CVE-2024-23850: (unk) btrfs: do not ASSERT() if the newly created subvolume already got read |
| CVE-2024-23851: (unk) dm: limit the number of targets and parameter size area |
| CVE-2024-24855: (unk) scsi: lpfc: Fix a possible data race in lpfc_unregister_fcf_rescan() |
| CVE-2024-24857: (unk) |
| CVE-2024-24858: (unk) |
| CVE-2024-24859: (unk) |
| CVE-2024-24860: (unk) Bluetooth: Fix atomicity violation in {min,max}_key_size_set |
| CVE-2024-24861: (unk) media: xc4000: Fix atomicity violation in xc4000_get_frequency |
| CVE-2024-24864: (unk) |
| CVE-2024-25739: (unk) |
| CVE-2024-25740: (unk) |
| CVE-2024-25741: (unk) |
| CVE-2024-25744: (unk) x86/coco: Disable 32-bit emulation by default on TDX and SEV |
| CVE-2024-26583: (unk) tls: fix race between async notify and socket close |
| CVE-2024-26584: (unk) net: tls: handle backlogging of crypto requests |
| CVE-2024-26585: (unk) tls: fix race between tx work scheduling and socket close |
| CVE-2024-26586: (unk) mlxsw: spectrum_acl_tcam: Fix stack corruption |
| CVE-2024-26589: (unk) bpf: Reject variable offset alu on PTR_TO_FLOW_KEYS |
| CVE-2024-26590: (unk) erofs: fix inconsistent per-file compression format |
| CVE-2024-26591: (unk) bpf: Fix re-attachment branch in bpf_tracing_prog_attach |
| CVE-2024-26592: (unk) ksmbd: fix UAF issue in ksmbd_tcp_new_connection() |
| CVE-2024-26593: (unk) i2c: i801: Fix block process call transactions |
| CVE-2024-26594: (unk) ksmbd: validate mech token in session setup |
| CVE-2024-26595: (unk) mlxsw: spectrum_acl_tcam: Fix NULL pointer dereference in error path |
| CVE-2024-26597: (unk) net: qualcomm: rmnet: fix global oob in rmnet_policy |
| CVE-2024-26598: (unk) KVM: arm64: vgic-its: Avoid potential UAF in LPI translation cache |
| CVE-2024-26600: (unk) phy: ti: phy-omap-usb2: Fix NULL pointer dereference for SRP |
| CVE-2024-26601: (unk) ext4: regenerate buddy after block freeing failed if under fc replay |
| CVE-2024-26602: (unk) sched/membarrier: reduce the ability to hammer on sys_membarrier |
| CVE-2024-26603: (unk) x86/fpu: Stop relying on userspace for info to fault in xsave buffer |
| CVE-2024-26606: (unk) binder: signal epoll threads of self-work |
| CVE-2024-26607: (unk) drm/bridge: sii902x: Fix probing race issue |
| CVE-2024-26608: (unk) ksmbd: fix global oob in ksmbd_nl_policy |
| CVE-2024-26610: (unk) wifi: iwlwifi: fix a memory corruption |
| CVE-2024-26614: (unk) tcp: make sure init the accept_queue's spinlocks once |
| CVE-2024-26615: (unk) net/smc: fix illegal rmb_desc access in SMC-D connection dump |
| CVE-2024-26622: (unk) tomoyo: fix UAF write bug in tomoyo_write_control() |
| CVE-2024-26623: (unk) pds_core: Prevent race issues involving the adminq |
| CVE-2024-26625: (unk) llc: call sock_orphan() at release time |
| CVE-2024-26627: (unk) scsi: core: Move scsi_host_busy() out of host lock for waking up EH handler |
| CVE-2024-26631: (unk) ipv6: mcast: fix data-race in ipv6_mc_down / mld_ifc_work |
| CVE-2024-26633: (unk) ip6_tunnel: fix NEXTHDR_FRAGMENT handling in ip6_tnl_parse_tlv_enc_lim() |
| CVE-2024-26635: (unk) llc: Drop support for ETH_P_TR_802_2. |
| CVE-2024-26636: (unk) llc: make llc_ui_sendmsg() more robust against bonding changes |
| CVE-2024-26640: (unk) tcp: add sanity checks to rx zerocopy |
| CVE-2024-26641: (unk) ip6_tunnel: make sure to pull inner header in __ip6_tnl_rcv() |
| CVE-2024-26642: (unk) netfilter: nf_tables: disallow anonymous set with timeout flag |
| CVE-2024-26644: (unk) btrfs: don't abort filesystem when attempting to snapshot deleted subvolume |
| CVE-2024-26645: (unk) tracing: Ensure visibility when inserting an element into tracing_map |
| CVE-2024-26646: (unk) thermal: intel: hfi: Add syscore callbacks for system-wide PM |
| CVE-2024-26647: (unk) drm/amd/display: Fix late derefrence 'dsc' check in 'link_set_dsc_pps_packet()' |
| CVE-2024-26648: (unk) drm/amd/display: Fix variable deferencing before NULL check in edp_setup_replay() |
| CVE-2024-26650: (unk) platform/x86: p2sb: Allow p2sb_bar() calls during PCI device probe |
| CVE-2024-26651: (unk) sr9800: Add check for usbnet_get_endpoints |
| CVE-2024-26654: (unk) ALSA: sh: aica: reorder cleanup operations to avoid UAF bugs |
| CVE-2024-26655: (unk) Fix memory leak in posix_clock_open() |
| CVE-2024-26656: (unk) drm/amdgpu: fix use-after-free bug |
| CVE-2024-26658: (unk) bcachefs: grab s_umount only if snapshotting |
| CVE-2024-26659: (unk) xhci: handle isoc Babble and Buffer Overrun events properly |
| CVE-2024-26660: (unk) drm/amd/display: Implement bounds check for stream encoder creation in DCN301 |
| CVE-2024-26661: (unk) drm/amd/display: Add NULL test for 'timing generator' in 'dcn21_set_pipe()' |
| CVE-2024-26662: (unk) drm/amd/display: Fix 'panel_cntl' could be null in 'dcn21_set_backlight_level()' |
| CVE-2024-26663: (unk) tipc: Check the bearer type before calling tipc_udp_nl_bearer_add() |
| CVE-2024-26664: (unk) hwmon: (coretemp) Fix out-of-bounds memory access |
| CVE-2024-26665: (unk) tunnels: fix out of bounds access when building IPv6 PMTU error |
| CVE-2024-26668: (unk) netfilter: nft_limit: reject configurations that cause integer overflow |
| CVE-2024-26669: (unk) net/sched: flower: Fix chain template offload |
| CVE-2024-26671: (unk) blk-mq: fix IO hang from sbitmap wakeup race |
| CVE-2024-26672: (unk) drm/amdgpu: Fix variable 'mca_funcs' dereferenced before NULL check in 'amdgpu_mca_smu_get_mca_entry()' |
| CVE-2024-26673: (unk) netfilter: nft_ct: sanitize layer 3 and 4 protocol number in custom expectations |
| CVE-2024-26675: (unk) ppp_async: limit MRU to 64K |
| CVE-2024-26676: (unk) af_unix: Call kfree_skb() for dead unix_(sk)->oob_skb in GC. |
| CVE-2024-26677: (unk) rxrpc: Fix delayed ACKs to not set the reference serial number |
| CVE-2024-26679: (unk) inet: read sk->sk_family once in inet_recv_error() |
| CVE-2024-26680: (unk) net: atlantic: Fix DMA mapping for PTP hwts ring |
| CVE-2024-26684: (unk) net: stmmac: xgmac: fix handling of DPP safety error for DMA channels |
| CVE-2024-26685: (unk) nilfs2: fix potential bug in end_buffer_async_write |
| CVE-2024-26686: (unk) fs/proc: do_task_stat: use sig->stats_lock to gather the threads/children stats |
| CVE-2024-26687: (unk) xen/events: close evtchn after mapping cleanup |
| CVE-2024-26688: (unk) fs,hugetlb: fix NULL pointer dereference in hugetlbs_fill_super |
| CVE-2024-26689: (unk) ceph: prevent use-after-free in encode_cap_msg() |
| CVE-2024-26691: (unk) KVM: arm64: Fix circular locking dependency |
| CVE-2024-26696: (unk) nilfs2: fix hang in nilfs_lookup_dirty_data_buffers() |
| CVE-2024-26697: (unk) nilfs2: fix data corruption in dsync block recovery for small block sizes |
| CVE-2024-26698: (unk) hv_netvsc: Fix race condition between netvsc_probe and netvsc_remove |
| CVE-2024-26699: (unk) drm/amd/display: Fix array-index-out-of-bounds in dcn35_clkmgr |
| CVE-2024-26700: (unk) drm/amd/display: Fix MST Null Ptr for RV |
| CVE-2024-26702: (unk) iio: magnetometer: rm3100: add boundary check for the value read from RM3100_REG_TMRC |
| CVE-2024-26704: (unk) ext4: fix double-free of blocks due to wrong extents moved_len |
| CVE-2024-26706: (unk) parisc: Fix random data corruption from exception handler |
| CVE-2024-26707: (unk) net: hsr: remove WARN_ONCE() in send_hsr_supervision_frame() |
| CVE-2024-26712: (unk) powerpc/kasan: Fix addr error caused by page alignment |
| CVE-2024-26713: (unk) powerpc/pseries/iommu: Fix iommu initialisation during DLPAR add |
| CVE-2024-26714: (unk) interconnect: qcom: sc8180x: Mark CO0 BCM keepalive |
| CVE-2024-26715: (unk) usb: dwc3: gadget: Fix NULL pointer dereference in dwc3_gadget_suspend |
| CVE-2024-26717: (unk) HID: i2c-hid-of: fix NULL-deref on failed power up |
| CVE-2024-26718: (unk) dm-crypt, dm-verity: disable tasklets |
| CVE-2024-26719: (unk) nouveau: offload fence uevents work to workqueue |
| CVE-2024-26720: (unk) mm/writeback: fix possible divide-by-zero in wb_dirty_limits(), again |
| CVE-2024-26726: (unk) btrfs: don't drop extent_map for free space inode on write error |
| CVE-2024-26727: (unk) btrfs: do not ASSERT() if the newly created subvolume already got read |
| CVE-2024-26733: (unk) arp: Prevent overflow in arp_req_get(). |
| CVE-2024-26735: (unk) ipv6: sr: fix possible use-after-free and null-ptr-deref |
| CVE-2024-26736: (unk) afs: Increase buffer size in afs_update_volume_status() |
| CVE-2024-26737: (unk) bpf: Fix racing between bpf_timer_cancel_and_free and bpf_timer_cancel |
| CVE-2024-26738: (unk) powerpc/pseries/iommu: DLPAR add doesn't completely initialize pci_controller |
| CVE-2024-26739: (unk) net/sched: act_mirred: don't override retval if we already lost the skb |
| CVE-2024-26740: (unk) net/sched: act_mirred: use the backlog for mirred ingress |
| CVE-2024-26743: (unk) RDMA/qedr: Fix qedr_create_user_qp error flow |
| CVE-2024-26744: (unk) RDMA/srpt: Support specifying the srpt_service_guid parameter |
| CVE-2024-26745: (unk) powerpc/pseries/iommu: IOMMU table is not initialized for kdump over SR-IOV |
| CVE-2024-26747: (unk) usb: roles: fix NULL pointer issue when put module's reference |
| CVE-2024-26748: (unk) usb: cdns3: fix memory double free when handle zero packet |
| CVE-2024-26749: (unk) usb: cdns3: fixed memory use after free at cdns3_gadget_ep_disable() |
| CVE-2024-26751: (unk) ARM: ep93xx: Add terminator to gpiod_lookup_table |
| CVE-2024-26752: (unk) l2tp: pass correct message length to ip6_append_data |
| CVE-2024-26754: (unk) gtp: fix use-after-free and null-ptr-deref in gtp_genl_dump_pdp() |
| CVE-2024-26756: (unk) md: Don't register sync_thread for reshape directly |
| CVE-2024-26757: (unk) md: Don't ignore read-only array in md_check_recovery() |
| CVE-2024-26758: (unk) md: Don't ignore suspended array in md_check_recovery() |
| CVE-2024-26759: (unk) mm/swap: fix race when skipping swapcache |
| CVE-2024-26763: (unk) dm-crypt: don't modify the data when using authenticated encryption |
| CVE-2024-26764: (unk) fs/aio: Restrict kiocb_set_cancel_fn() to I/O submitted via libaio |
| CVE-2024-26765: (unk) LoongArch: Disable IRQ before init_fn() for nonboot CPUs |
| CVE-2024-26766: (unk) IB/hfi1: Fix sdma.h tx->num_descs off-by-one error |
| CVE-2024-26767: (unk) drm/amd/display: fixed integer types and null check locations |
| CVE-2024-26768: (unk) LoongArch: Change acpi_core_pic[NR_CPUS] to acpi_core_pic[MAX_CORE_PIC] |
| CVE-2024-26769: (unk) nvmet-fc: avoid deadlock on delete association path |
| CVE-2024-26770: (unk) HID: nvidia-shield: Add missing null pointer checks to LED initialization |
| CVE-2024-26771: (unk) dmaengine: ti: edma: Add some null pointer checks to the edma_probe |
| CVE-2024-26772: (unk) ext4: avoid allocating blocks from corrupted group in ext4_mb_find_by_goal() |
| CVE-2024-26773: (unk) ext4: avoid allocating blocks from corrupted group in ext4_mb_try_best_found() |
| CVE-2024-26774: (unk) ext4: avoid dividing by 0 in mb_update_avg_fragment_size() when block bitmap corrupt |
| CVE-2024-26775: (unk) aoe: avoid potential deadlock at set_capacity |
| CVE-2024-26776: (unk) spi: hisi-sfc-v3xx: Return IRQ_NONE if no interrupts were detected |
| CVE-2024-26777: (unk) fbdev: sis: Error out if pixclock equals zero |
| CVE-2024-26778: (unk) fbdev: savage: Error out if pixclock equals zero |
| CVE-2024-26779: (unk) wifi: mac80211: fix race condition on enabling fast-xmit |
| CVE-2024-26782: (unk) mptcp: fix double-free on socket dismantle |
| CVE-2024-26784: (unk) pmdomain: arm: Fix NULL dereference on scmi_perf_domain removal |
| CVE-2024-26787: (unk) mmc: mmci: stm32: fix DMA API overlapping mappings warning |
| CVE-2024-26788: (unk) dmaengine: fsl-qdma: init irq after reg initialization |
| CVE-2024-26789: (unk) crypto: arm64/neonbs - fix out-of-bounds access on short input |
| CVE-2024-26790: (unk) dmaengine: fsl-qdma: fix SoC may hang on 16 byte unaligned read |
| CVE-2024-26791: (unk) btrfs: dev-replace: properly validate device names |
| CVE-2024-26793: (unk) gtp: fix use-after-free and null-ptr-deref in gtp_newlink() |
| CVE-2024-26795: (unk) riscv: Sparse-Memory/vmemmap out-of-bounds fix |
| CVE-2024-26797: (unk) drm/amd/display: Prevent potential buffer overflow in map_hw_resources |
| CVE-2024-26798: (unk) fbcon: always restore the old font data in fbcon_do_set_font() |
| CVE-2024-26801: (unk) Bluetooth: Avoid potential use-after-free in hci_error_reset |
| CVE-2024-26802: (unk) stmmac: Clear variable when destroying workqueue |
| CVE-2024-26803: (unk) net: veth: clear GRO when clearing XDP even when down |
| CVE-2024-26804: (unk) net: ip_tunnel: prevent perpetual headroom growth |
| CVE-2024-26805: (unk) netlink: Fix kernel-infoleak-after-free in __skb_datagram_iter |
| CVE-2024-26806: (unk) spi: cadence-qspi: remove system-wide suspend helper calls from runtime PM hooks |
| CVE-2024-26808: (unk) netfilter: nft_chain_filter: handle NETDEV_UNREGISTER for inet/ingress basechain |
| CVE-2024-26809: (unk) netfilter: nft_set_pipapo: release elements in clone only from destroy path |
