Google Git
Sign in
cos / mirrors / github.com / nluedtke / linux_kernel_cves / 3088d994b89203fe85f5fc52a1110c05b23c26f6 / . / data / 5.3 / 5.3_security.txt
blob: 11dc3f576aef06b0f661e512fbca1f4e3160d607 [file] [log] [blame]
CVEs fixed in 5.3:
CVE-2019-14814: 7caac62ed598a196d6ddf8d9c121e12e082cac3a mwifiex: Fix three heap overflow at parsing element in cfg80211_ap_settings
CVE-2019-14815: 7caac62ed598a196d6ddf8d9c121e12e082cac3a mwifiex: Fix three heap overflow at parsing element in cfg80211_ap_settings
CVE-2019-14816: 7caac62ed598a196d6ddf8d9c121e12e082cac3a mwifiex: Fix three heap overflow at parsing element in cfg80211_ap_settings
CVE-2019-14835: 060423bfdee3f8bc6e2c1bac97de24d5415e2bc4 vhost: make sure log_num < in_num
CVE-2019-15504: 8b51dc7291473093c821195c4b6af85fadedbc2f rsi: fix a double free bug in rsi_91x_deinit()
CVE-2019-19079: a21b7f0cff1906a93a0130b74713b15a0b36481d net: qrtr: fix memort leak in qrtr_tun_write_iter
CVE-2019-5108: 3e493173b7841259a08c5c8e5cbe90adb349da7e mac80211: Do not send Layer 2 Update frame before authorization
CVEs fixed in 5.3-rc1:
CVE-2019-19083: 9ea29a1f8b9da52d8eca8b0996f1d84eac548d3b drm/amd/display: memory leak
CVEs fixed in 5.3.1:
CVE-2019-14821: 6a2503b7ae2d58f52c3d1f47978abc4d2fd1b049 KVM: coalesced_mmio: add bounds checking
CVE-2019-15505: 4cb2667a5f331f83e1734a4bf5307f355bd0437a media: technisat-usb2: break out of loop at end of buffer
CVEs fixed in 5.3.4:
CVE-2019-17052: 0bdac683881231d261ba4651d0b248767cc02c27 ax25: enforce CAP_NET_RAW for raw sockets
CVE-2019-17053: 41bdf4400adfe119140df2eaf44ca2ce809985d9 ieee802154: enforce CAP_NET_RAW for raw sockets
CVE-2019-17054: e7158355e964e5392f01431056f1f9b35355d1aa appletalk: enforce CAP_NET_RAW for raw sockets
CVE-2019-17055: 4a307942fd0cc0430e48dd79cc218d09935abe00 mISDN: enforce CAP_NET_RAW for raw sockets
CVE-2019-17056: 1d34ee30a424a97a9caede7880a845fedb60a690 nfc: enforce CAP_NET_RAW for raw sockets
CVE-2019-18198: ecc265624956ea784cb2bd2b31a95bd54c4f5f13 ipv6: do not free rt if FIB_LOOKUP_NOREF is set on suppress rule
CVE-2019-19036: b01d7910727edb3a116d182151a319e453082a11 btrfs: Detect unbalanced tree with empty leaf before crashing btree operations
CVE-2019-19080: 96996f7118c7896a1bc7191ec2c253f038ab611c nfp: flower: prevent memory leak in nfp_flower_spawn_phy_reprs
CVE-2019-19081: 5c95791bd704bd04a7c89629880afbb49b4037b8 nfp: flower: fix memory leak in nfp_flower_spawn_vnic_reprs
CVE-2019-19533: 2ecab41cf6e9774be08242f808ec3f5d07372ead media: ttusb-dec: Fix info-leak in ttusb_dec_send_command()
CVE-2019-20422: 82ca29a9e2ff65ae9a3d084050752e395d36cc3a ipv6: fix a typo in fib6_rule_lookup()
CVEs fixed in 5.3.5:
CVE-2019-18806: 8dde3868b536a684d7ff5c2f9da9dd48bd71baa0 net: qlogic: Fix memory leak in ql_alloc_large_buffers
CVE-2019-18807: d03e652a13f11851b363c697163d823d9669a811 net: dsa: sja1105: Prevent leaking memory
CVEs fixed in 5.3.6:
CVE-2019-16746: 92d042bd3ff4375204b4681f3f4b3ed948d6f087 nl80211: validate beacon head
CVE-2019-19076: eab54b91ad373fc59c37acd22cc912cff98f41c7 nfp: abm: fix memory leak in nfp_abm_u32_knode_replace
CVE-2019-19318: 01dadc31ec1b8885ebc3a729b5748a0aaeba6fba Btrfs: fix selftests failure due to uninitialized i_mode in test inodes
CVE-2019-19525: d0c4e7054ce1e44cb7270af6d2d732314212cb07 ieee802154: atusb: fix use-after-free at disconnect
CVEs fixed in 5.3.7:
CVE-2019-19523: 7b6e99e0de96669bce3070f0060e4d20e705c301 USB: adutux: fix use-after-free on disconnect
CVE-2019-19528: 83c09a1936cc691aaa9627de244a77eebfab627d USB: iowarrior: fix use-after-free on disconnect
CVEs fixed in 5.3.8:
CVE-2019-17075: bbe837675455975d4a52ccfcc47006107b12a893 RDMA/cxgb4: Do not dma memory off of the stack
CVE-2019-17133: 9f053a9643bdc36645165b9979e849810d4063eb cfg80211: wext: avoid copying malformed SSIDs
CVE-2019-18810: b1fad53d75b17c19e04d4ecaf1e9b01da1d7c77c drm/komeda: prevent memory leak in komeda_wb_connector_add
CVE-2019-19067: 56ec75797dd2b1e394cbc76e0863b4f63c43945d drm/amdgpu: fix multiple memory leaks in acp_hw_init
CVE-2019-19075: 9295316e05812ca44838b1cf0a4ab0a91d1c7fd7 ieee802154: ca8210: prevent memory leak
CVEs fixed in 5.3.9:
CVE-2019-15098: 22d8d00c3346bf2443d995d1070da320d460e352 ath6kl: fix a NULL-ptr-deref bug in ath6kl_usb_alloc_urb_from_pipe()
CVE-2019-15099: 22d8d00c3346bf2443d995d1070da320d460e352 ath6kl: fix a NULL-ptr-deref bug in ath6kl_usb_alloc_urb_from_pipe()
CVE-2019-17666: c1b81d88fae832f985473451949b2f05338c3109 rtlwifi: Fix potential overflow on P2P code
CVE-2019-19048: 2ef37b2c9c6820db58c6c5c782e032ff3463f319 virt: vbox: fix memory leak in hgcm_call_preprocess_linaddr
CVE-2019-19060: 1694a7a95c1f79d974c7b5397300535af3b4a4bb iio: imu: adis16400: release allocated memory on failure
CVE-2019-19061: e3589dddef826696e8c073179748833b026330ad iio: imu: adis16400: fix memory leak
CVE-2019-19065: 933a1d0b6c7557d116fad31110a30ec08e99078b RDMA/hfi1: Prevent memory leak in sdma_init
CVE-2019-19069: 5de5b6d281c2e2549030b2be1824a5033154a504 misc: fastrpc: prevent memory leak in fastrpc_dma_buf_attach
CVE-2019-19526: d0a11dbe9e938ea9c587d1e1124b0bd36ae1e253 NFC: pn533: fix use-after-free and memleaks
CVE-2019-19532: 40122a5d25bb7cf21eb8c08cea366e309214b5f7 HID: Fix assumption that devices have inputs
CVE-2019-19922: 2bd11026299bdcb6d4b751d584913433b6d9b0b6 sched/fair: Fix low cpu usage with high throttling by removing expiration of cpu-local slices
CVE-2020-10773: 00ede847a68324b543d1677b86614f9ae1e7f424 s390/cmm: fix information leak in cmm_timeout_handler()
CVEs fixed in 5.3.10:
CVE-2019-16233: 8669ff2e8537e4eaf0427737c4e95b51daf904fe scsi: qla2xxx: fix a potential NULL pointer dereference
CVE-2019-18282: 76b4d8952ff119a143c25159bbf58417f2b548b4 net/flow_dissector: switch to siphash
CVE-2019-19049: eec2a09f89ffe4285a783775b9c967601c993cd0 of: unittest: fix memory leak in unittest_data_add
CVEs fixed in 5.3.11:
CVE-2018-12207: 1655a277fe4aed4cab0590fa712961993d56e936 kvm: x86, powerpc: do not allow clearing largepages debugfs entry
CVE-2019-0154: 343c1b3bb8284af4dccd5c47a9818eb40be8c39a drm/i915: Lower RM timeout to avoid DSI hard hangs
CVE-2019-0155: 0d185a9932c9e42344106af1ce8287d8f2b6c4ec drm/i915: Rename gen7 cmdparser tables
CVE-2019-11135: b5b1f0297258207ac438525fe81d97a6f9ab1363 x86/msr: Add the IA32_TSX_CTRL MSR
CVE-2019-16231: 9fb4fd110885c90944c7cc1b88414590e489a209 fjes: Handle workqueue allocation failure
CVE-2019-18813: 65b4a421e657ed09d3585a5bf75d4b2625aa1ba6 usb: dwc3: pci: prevent memory leak in dwc3_pci_probe
CVE-2019-19044: 43ed09d84c7def99b38075b4f553d543b68afcd7 drm/v3d: Fix memory leak in v3d_submit_cl_ioctl
CVE-2019-19045: 666adb04e4f98a073017e9b3f5a0483a326b9587 net/mlx5: prevent memory leak in mlx5_fpga_conn_create_cq
CVE-2019-19047: 38dc6b5959af978740b50a50ca229f73f701b578 net/mlx5: fix memory leak in mlx5_fw_fatal_reporter_dump
CVE-2019-19051: cb89b0ed2a2dc651aa306fb0c48bc59da70d772c wimax: i2400: Fix memory leak in i2400m_op_rfkill_sw_toggle
CVE-2019-19052: 55b11d219350255d2afef08716bf08821c4486d5 can: gs_usb: gs_can_open(): prevent memory leak
CVE-2019-19529: a681359a9c01041282bffeabc23ef1d760dd40da can: mcba_usb: fix use-after-free on disconnect
CVE-2019-19534: 29dd281d2d6c6bf135e2bf8d3bc93f3568668cdd can: peak_usb: fix slab info leak
CVE-2019-19807: b6acd3013c1c705dbc9af9ef47d76f7110f5d450 ALSA: timer: Fix incorrectly assigned timer instance
CVEs fixed in 5.3.12:
CVE-2019-19524: 6f040890fc2efba590d5e47dc13770946132e144 Input: ff-memless - kill timer in destroy()
CVEs fixed in 5.3.14:
CVE-2019-15291: 5d95cd3c67604c4d38453e57182ce6135958b0da media: b2c2-flexcop-usb: add sanity checking
CVE-2019-18660: d1aa3c8004692e4059e1faa30e438bec8af9b9c6 powerpc/book3s64: Fix link stack flush on context switch
CVE-2019-18683: 6a4e19eda94331c4d44cff7e2dac825957b45216 media: vivid: Fix wrong locking that causes race conditions on streaming stop
CVEs fixed in 5.3.15:
CVE-2019-18811: 621111112e6e21bcd7a6bee7cb86756c8c52da35 ASoC: SOF: ipc: Fix memory leak in sof_set_get_large_ctrl_data
CVE-2019-19241: ad700a7eb17dc3fc1f96152b4291532e5ba5a7ad io_uring: async workers should inherit the user creds
CVE-2019-19602: 4a94795bd29e90045053107a6cd79942d2b02ccd x86/fpu: Don't cache access to fpu_fpregs_owner_ctx
CVE-2019-19767: fb7bc3a2bb987865e149f6baa2a3d22dd18b201e ext4: add more paranoia checking in ext4_expand_extra_isize handling
CVEs fixed in 5.3.16:
CVE-2019-19050: 86d280b5709fea45ece6b47e1f30a2ff4800bee9 crypto: user - fix memory leak in crypto_reportstat
CVE-2019-19062: ceddd48c8407c4d1c70a815ae229f34c9af44273 crypto: user - fix memory leak in crypto_report
CVE-2019-19071: 9c11993ad2542c314023f282efea363996b378a0 rsi: release skb if rsi_prepare_beacon fails
CVE-2019-19252: a006855c86ede879fd57b6a944cd9a5b89a9cdce vcs: prevent write access to vcsu devices
CVE-2019-19332: 9e4bc1ba9f02d31b5f727f7c0a49f82dca0875b7 KVM: x86: fix out-of-bounds write in KVM_GET_EMULATED_CPUID (CVE-2019-19332)
CVEs fixed in 5.3.17:
CVE-2019-19447: ea46b9e9aa340496aec70ff401b4e922df54f244 ext4: work around deleting a file with i_nlink == 0 safely
CVE-2020-0041: 409579300981183be71034b483d1f5eedbbaed2d binder: fix incorrect calculation for num_valid
CVEs fixed in 5.3.18:
CVE-2020-1749: fe0cacb0f518d76cf4a71322a464eb0713969318 net: ipv6_stub: use ip6_dst_lookup_flow instead of ip6_dst_lookup
Outstanding CVEs:
CVE-2005-3660: (unk)
CVE-2007-3719: (unk)
CVE-2008-2544: (unk)
CVE-2008-4609: (unk)
CVE-2010-4563: (unk)
CVE-2010-5321: (unk)
CVE-2011-4916: (unk)
CVE-2011-4917: (unk)
CVE-2012-4542: (unk)
CVE-2013-7445: (unk)
CVE-2015-2877: (unk)
CVE-2016-8660: (unk)
CVE-2017-13693: (unk)
CVE-2017-13694: (unk)
CVE-2018-1121: (unk)
CVE-2018-12928: (unk)
CVE-2018-12929: (unk)
CVE-2018-12930: (unk)
CVE-2018-12931: (unk)
CVE-2018-17977: (unk)
CVE-2019-10220: (unk) Convert filldir[64]() from __put_user() to unsafe_put_user()
CVE-2019-12456: (unk)
CVE-2019-14615: (unk) drm/i915/gen9: Clear residual context state on context switch
CVE-2019-14895: (unk) mwifiex: fix possible heap overflow in mwifiex_process_country_ie()
CVE-2019-14896: (unk) libertas: Fix two buffer overflows at parsing bss descriptor
CVE-2019-14897: (unk) libertas: Fix two buffer overflows at parsing bss descriptor
CVE-2019-14901: (unk) mwifiex: Fix heap overflow in mmwifiex_process_tdls_action_frame()
CVE-2019-15239: (unk) unknown
CVE-2019-15290: (unk)
CVE-2019-15794: (unk) ovl: fix reference counting in ovl_mmap error path
CVE-2019-15902: (unk) unknown
CVE-2019-16089: (unk)
CVE-2019-16229: (unk) drm/amdkfd: fix a potential NULL pointer dereference (v2)
CVE-2019-16230: (unk) drm/amdkfd: fix a potential NULL pointer dereference (v2)
CVE-2019-16232: (unk) libertas: fix a potential NULL pointer dereference
CVE-2019-16234: (unk) iwlwifi: pcie: fix rb_allocator workqueue allocation
CVE-2019-18786: (unk) media: rcar_drif: fix a memory disclosure
CVE-2019-18808: (unk) crypto: ccp - Release all allocated memory if sha type is invalid
CVE-2019-18809: (unk) media: usb: fix memory leak in af9005_identify_state
CVE-2019-18812: (unk) ASoC: SOF: Fix memory leak in sof_dfsentry_write
CVE-2019-18814: (unk) apparmor: Fix use-after-free in aa_audit_rule_init
CVE-2019-19037: (unk) ext4: fix ext4_empty_dir() for directories with holes
CVE-2019-19039: (unk) btrfs: Don't submit any btree write bio if the fs has errors
CVE-2019-19043: (unk) i40e: prevent memory leak in i40e_setup_macvlans
CVE-2019-19046: (unk) ipmi: Fix memory leak in __ipmi_bmc_register
CVE-2019-19053: (unk) rpmsg: char: release allocated memory
CVE-2019-19054: (unk) media: rc: prevent memory leak in cx23888_ir_probe
CVE-2019-19055: (unk) nl80211: fix memory leak in nl80211_get_ftm_responder_stats
CVE-2019-19056: (unk) mwifiex: pcie: Fix memory leak in mwifiex_pcie_alloc_cmdrsp_buf
CVE-2019-19057: (unk) mwifiex: pcie: Fix memory leak in mwifiex_pcie_init_evt_ring
CVE-2019-19058: (unk) iwlwifi: dbg_ini: fix memory leak in alloc_sgtable
CVE-2019-19059: (unk) iwlwifi: pcie: fix memory leaks in iwl_pcie_ctxt_info_gen3_init
CVE-2019-19063: (unk) rtlwifi: prevent memory leak in rtl_usb_probe
CVE-2019-19064: (unk) spi: lpspi: fix memory leak in fsl_lpspi_probe
CVE-2019-19066: (unk) scsi: bfa: release allocated memory in case of error
CVE-2019-19068: (unk) rtl8xxxu: prevent leaking urb
CVE-2019-19070: (unk) spi: gpio: prevent memory leak in spi_gpio_probe
CVE-2019-19072: (unk) tracing: Have error path in predicate_parse() free its allocated memory
CVE-2019-19073: (unk) ath9k_htc: release allocated buffer if timed out
CVE-2019-19074: (unk) ath9k: release allocated buffer if timed out
CVE-2019-19077: (unk) RDMA: Fix goto target to release the allocated memory
CVE-2019-19078: (unk) ath10k: fix memory leak
CVE-2019-19082: (unk) drm/amd/display: prevent memory leak
CVE-2019-19377: (unk) btrfs: Don't submit any btree write bio if the fs has errors
CVE-2019-19378: (unk)
CVE-2019-19448: (unk) btrfs: only search for left_info if there is no right_info in try_merge_free_space
CVE-2019-19449: (unk) f2fs: fix to do sanity check on segment/section count
CVE-2019-19462: (unk) kernel/relay.c: handle alloc_percpu returning NULL in relay_open
CVE-2019-19768: (unk) blktrace: Protect q->blk_trace with RCU
CVE-2019-19769: (unk) locks: fix a potential use-after-free problem when wakeup a waiter
CVE-2019-19770: (unk) blktrace: fix debugfs use after free
CVE-2019-19814: (unk)
CVE-2019-19947: (unk) can: kvaser_usb: kvaser_usb_leaf: Fix some info-leaks to USB devices
CVE-2019-19965: (unk) scsi: libsas: stop discovering if oob mode is disconnected
CVE-2019-20636: (unk) Input: add safety guards to input_set_keycode()
CVE-2019-20794: (unk)
CVE-2019-20810: (unk) media: go7007: fix a miss of snd_card_free
CVE-2019-20812: (unk) af_packet: set defaule value for tmo
CVE-2019-20908: (unk) efi: Restrict efivar_ssdt_load when the kernel is locked down
CVE-2019-3016: (unk) x86/kvm: Be careful not to clear KVM_VCPU_FLUSH_TLB bit
CVE-2020-0009: (unk) staging: android: ashmem: Disallow ashmem memory from being remapped
CVE-2020-0067: (unk) f2fs: fix to avoid memory leakage in f2fs_listxattr
CVE-2020-0110: (unk) sched/psi: Fix OOB write when writing 0 bytes to PSI files
CVE-2020-0255: (unk) selinux: properly handle multiple messages in selinux_netlink_send()
CVE-2020-0305: (unk) chardev: Avoid potential use-after-free in 'chrdev_open()'
CVE-2020-0347: (unk)
CVE-2020-0404: (unk) media: uvcvideo: Avoid cyclic entity chains due to malformed USB descriptors
CVE-2020-0423: (unk) binder: fix UAF when releasing todo list
CVE-2020-0427: (unk) pinctrl: devicetree: Avoid taking direct reference to device name string
CVE-2020-0431: (unk) HID: hid-input: clear unmapped usages
CVE-2020-0432: (unk) staging: most: net: fix buffer overflow
CVE-2020-0444: (unk) audit: fix error handling in audit_data_to_entry()
CVE-2020-0465: (unk) HID: core: Sanitize event code and type when mapping input
CVE-2020-0466: (unk) do_epoll_ctl(): clean the failure exits up a bit
CVE-2020-0543: (unk) x86/cpu: Add 'table' argument to cpu_matches()
CVE-2020-10135: (unk) Bluetooth: Consolidate encryption handling in hci_encrypt_cfm
CVE-2020-10690: (unk) ptp: fix the race between the release of ptp_clock and cdev
CVE-2020-10708: (unk)
CVE-2020-10711: (unk) netlabel: cope with NULL catmap
CVE-2020-10732: (unk) fs/binfmt_elf.c: allocate initialized memory in fill_thread_core_info()
CVE-2020-10751: (unk) selinux: properly handle multiple messages in selinux_netlink_send()
CVE-2020-10757: (unk) mm: Fix mremap not considering huge pmd devmap
CVE-2020-10766: (unk) x86/speculation: Prevent rogue cross-process SSBD shutdown
CVE-2020-10767: (unk) x86/speculation: Avoid force-disabling IBPB based on STIBP and enhanced IBRS.
CVE-2020-10768: (unk) x86/speculation: PR_SPEC_FORCE_DISABLE enforcement for indirect branches.
CVE-2020-10781: (unk) Revert "zram: convert remaining CLASS_ATTR() to CLASS_ATTR_RO()"
CVE-2020-10942: (unk) vhost: Check docket sk_family instead of call getname
CVE-2020-11494: (unk) slcan: Don't transmit uninitialized stack data in padding
CVE-2020-11565: (unk) mm: mempolicy: require at least one nodeid for MPOL_PREFERRED
CVE-2020-11608: (unk) media: ov519: add missing endpoint sanity checks
CVE-2020-11609: (unk) media: stv06xx: add missing descriptor sanity checks
CVE-2020-11668: (unk) media: xirlink_cit: add missing descriptor sanity checks
CVE-2020-11725: (unk)
CVE-2020-11884: (unk) s390/mm: fix page table upgrade vs 2ndary address mode accesses
CVE-2020-12351: (unk) Bluetooth: L2CAP: Fix calling sk_filter on non-socket based channel
CVE-2020-12352: (unk) Bluetooth: A2MP: Fix not initializing all members
CVE-2020-12362: (unk) drm/i915/guc: Update to use firmware v49.0.1
CVE-2020-12363: (unk) drm/i915/guc: Update to use firmware v49.0.1
CVE-2020-12364: (unk) drm/i915/guc: Update to use firmware v49.0.1
CVE-2020-12464: (unk) USB: core: Fix free-while-in-use bug in the USB S-Glibrary
CVE-2020-12465: (unk) mt76: fix array overflow on receiving too many fragments for a packet
CVE-2020-12652: (unk) scsi: mptfusion: Fix double fetch bug in ioctl
CVE-2020-12653: (unk) mwifiex: Fix possible buffer overflows in mwifiex_cmd_append_vsie_tlv()
CVE-2020-12654: (unk) mwifiex: Fix possible buffer overflows in mwifiex_ret_wmm_get_status()
CVE-2020-12655: (unk) xfs: add agf freeblocks verify in xfs_agf_verify
CVE-2020-12656: (unk) sunrpc: check that domain table is empty at module unload.
CVE-2020-12657: (unk) block, bfq: fix use-after-free in bfq_idle_slice_timer_body
CVE-2020-12659: (unk) xsk: Add missing check on user supplied headroom size
CVE-2020-12768: (unk) KVM: SVM: Fix potential memory leak in svm_cpu_init()
CVE-2020-12769: (unk) spi: spi-dw: Add lock protect dw_spi rx/tx to prevent concurrent calls
CVE-2020-12770: (unk) scsi: sg: add sg_remove_request in sg_write
CVE-2020-12771: (unk) bcache: fix potential deadlock problem in btree_gc_coalesce
CVE-2020-12826: (unk) signal: Extend exec_id to 64bits
CVE-2020-12888: (unk) vfio-pci: Invalidate mmaps and block MMIO access on disabled memory
CVE-2020-13143: (unk) USB: gadget: fix illegal array access in binding with UDC
CVE-2020-13974: (unk) vt: keyboard: avoid signed integer overflow in k_ascii
CVE-2020-14304: (unk)
CVE-2020-14314: (unk) ext4: fix potential negative array index in do_split()
CVE-2020-14331: (unk) vgacon: Fix for missing check in scrollback handling
CVE-2020-14351: (unk) perf/core: Fix race in the perf_mmap_close() function
CVE-2020-14356: (unk) cgroup: fix cgroup_sk_alloc() for sk_clone_lock()
CVE-2020-14381: (unk) futex: Fix inode life-time issue
CVE-2020-14385: (unk) xfs: fix boundary test in xfs_attr_shortform_verify
CVE-2020-14386: (unk) net/packet: fix overflow in tpacket_rcv
CVE-2020-14390: (unk) fbcon: remove soft scrollback code
CVE-2020-14416: (unk) can, slip: Protect tty->disc_data in write_wakeup and close with RCU
CVE-2020-15393: (unk) usb: usbtest: fix missing kfree(dev->buf) in usbtest_disconnect
CVE-2020-15436: (unk) block: Fix use-after-free in blkdev_get()
CVE-2020-15437: (unk) serial: 8250: fix null-ptr-deref in serial8250_start_tx()
CVE-2020-15780: (unk) ACPI: configfs: Disallow loading ACPI tables when locked down
CVE-2020-15802: (unk)
CVE-2020-16119: (unk) dccp: don't duplicate ccid when cloning dccp sock
CVE-2020-16120: (unk) ovl: switch to mounter creds in readdir
CVE-2020-16166: (unk) random32: update the net random state on interrupt and activity
CVE-2020-24394: (unk) nfsd: apply umask on fs without ACL support
CVE-2020-24490: (unk) Bluetooth: fix kernel oops in store_pending_adv_report
CVE-2020-24502: (unk)
CVE-2020-24503: (unk)
CVE-2020-24504: (unk) ice: create scheduler aggregator node config and move VSIs
CVE-2020-24586: (unk) mac80211: prevent mixed key and fragment cache attacks
CVE-2020-24587: (unk) mac80211: prevent mixed key and fragment cache attacks
CVE-2020-24588: (unk) cfg80211: mitigate A-MSDU aggregation attacks
CVE-2020-25211: (unk) netfilter: ctnetlink: add a range check for l3/l4 protonum
CVE-2020-25212: (unk) nfs: Fix getxattr kernel panic and memory overflow
CVE-2020-25284: (unk) rbd: require global CAP_SYS_ADMIN for mapping and unmapping
CVE-2020-25285: (unk) mm/hugetlb: fix a race between hugetlb sysctl handlers
CVE-2020-25639: (unk) drm/nouveau: bail out of nouveau_channel_new if channel init fails
CVE-2020-25641: (unk) block: allow for_each_bvec to support zero len bvec
CVE-2020-25643: (unk) hdlc_ppp: add range checks in ppp_cp_parse_cr()
CVE-2020-25645: (unk) geneve: add transport ports in route lookup for geneve
CVE-2020-25656: (unk) vt: keyboard, extend func_buf_lock to readers
CVE-2020-25668: (unk) tty: make FONTX ioctl use the tty pointer they were actually passed
CVE-2020-25669: (unk) Input: sunkbd - avoid use-after-free in teardown paths
CVE-2020-25670: (unk) nfc: fix refcount leak in llcp_sock_bind()
CVE-2020-25671: (unk) nfc: fix refcount leak in llcp_sock_connect()
CVE-2020-25672: (unk) nfc: fix memory leak in llcp_sock_connect()
CVE-2020-25673: (unk) nfc: Avoid endless loops caused by repeated llcp_sock_connect()
CVE-2020-25704: (unk) perf/core: Fix a memory leak in perf_event_parse_addr_filter()
CVE-2020-25705: (unk) icmp: randomize the global rate limiter
CVE-2020-26088: (unk) net/nfc/rawsock.c: add CAP_NET_RAW check.
CVE-2020-26139: (unk) mac80211: do not accept/forward invalid EAPOL frames
CVE-2020-26140: (unk)
CVE-2020-26141: (unk) ath10k: Fix TKIP Michael MIC verification for PCIe
CVE-2020-26142: (unk)
CVE-2020-26143: (unk)
CVE-2020-26145: (unk) ath10k: drop fragments with multicast DA for PCIe
CVE-2020-26147: (unk) mac80211: assure all fragments are encrypted
CVE-2020-26541: (unk) certs: Add EFI_CERT_X509_GUID support for dbx entries
CVE-2020-26555: (unk) Bluetooth: SMP: Fail if remote and local public keys are identical
CVE-2020-26556: (unk)
CVE-2020-26557: (unk)
CVE-2020-26558: (unk) Bluetooth: SMP: Fail if remote and local public keys are identical
CVE-2020-26559: (unk)
CVE-2020-26560: (unk)
CVE-2020-27066: (unk) xfrm: policy: Fix doulbe free in xfrm_policy_timer
CVE-2020-27068: (unk) cfg80211: add missing policy for NL80211_ATTR_STATUS_CODE
CVE-2020-2732: (unk) KVM: nVMX: Don't emulate instructions in guest mode
CVE-2020-27673: (unk) xen/events: add a proper barrier to 2-level uevent unmasking
CVE-2020-27675: (unk) xen/events: avoid removing an event channel while handling it
CVE-2020-27777: (unk) powerpc/rtas: Restrict RTAS requests from userspace
CVE-2020-27784: (unk) usb: gadget: function: printer: fix use-after-free in __lock_acquire
CVE-2020-27786: (unk) ALSA: rawmidi: Fix racy buffer resize under concurrent accesses
CVE-2020-27815: (unk) jfs: Fix array index bounds check in dbAdjTree
CVE-2020-27820: (unk) drm/nouveau: use drm_dev_unplug() during device removal
CVE-2020-27825: (unk) tracing: Fix race in trace_open and buffer resize call
CVE-2020-27830: (unk) speakup: Reject setting the speakup line discipline outside of speakup
CVE-2020-27835: (unk) IB/hfi1: Ensure correct mm is used at all times
CVE-2020-28097: (unk) vgacon: remove software scrollback support
CVE-2020-28374: (unk) scsi: target: Fix XCOPY NAA identifier lookup
CVE-2020-28588: (unk) lib/syscall: fix syscall registers retrieval on 32-bit platforms
CVE-2020-28915: (unk) fbcon: Fix global-out-of-bounds read in fbcon_get_font()
CVE-2020-28941: (unk) speakup: Do not let the line discipline be used several times
CVE-2020-28974: (unk) vt: Disable KD_FONT_OP_COPY
CVE-2020-29368: (unk) mm: thp: make the THP mapcount atomic against __split_huge_pmd_locked()
CVE-2020-29369: (unk) mm/mmap.c: close race between munmap() and expand_upwards()/downwards()
CVE-2020-29370: (unk) mm: slub: add missing TID bump in kmem_cache_alloc_bulk()
CVE-2020-29371: (unk) romfs: fix uninitialized memory leak in romfs_dev_read()
CVE-2020-29373: (unk) io_uring: grab ->fs as part of async preparation
CVE-2020-29374: (unk) gup: document and work around "COW can break either way" issue
CVE-2020-29534: (unk) io_uring: don't rely on weak ->files references
CVE-2020-29568: (unk) xen/xenbus: Allow watches discard events before queueing
CVE-2020-29569: (unk) xen-blkback: set ring->xenblkd to NULL after kthread_stop()
CVE-2020-29660: (unk) tty: Fix ->session locking
CVE-2020-29661: (unk) tty: Fix ->pgrp locking in tiocspgrp()
CVE-2020-35501: (unk)
CVE-2020-35508: (unk) fork: fix copy_process(CLONE_PARENT) race with the exiting ->real_parent
CVE-2020-35519: (unk) net/x25: prevent a couple of overflows
CVE-2020-36158: (unk) mwifiex: Fix possible buffer overflows in mwifiex_cmd_802_11_ad_hoc_start
CVE-2020-36310: (unk) KVM: SVM: avoid infinite loop on NPF from bad address
CVE-2020-36311: (unk) KVM: SVM: Periodically schedule when unregistering regions on destroy
CVE-2020-36312: (unk) KVM: fix memory leak in kvm_io_bus_unregister_dev()
CVE-2020-36313: (unk) KVM: Fix out of range accesses to memslots
CVE-2020-36322: (unk) fuse: fix bad inode
CVE-2020-36385: (unk) RDMA/ucma: Rework ucma_migrate_id() to avoid races with destroy
CVE-2020-36386: (unk) Bluetooth: Fix slab-out-of-bounds read in hci_extended_inquiry_result_evt()
CVE-2020-36516: (unk)
CVE-2020-36557: (unk) vt: vt_ioctl: fix VT_DISALLOCATE freeing in-use virtual console
CVE-2020-36558: (unk) vt: vt_ioctl: fix race in VT_RESIZEX
CVE-2020-3702: (unk) ath: Use safer key clearing with key cache entries
CVE-2020-4788: (unk) powerpc/64s: flush L1D on kernel entry
CVE-2020-8428: (unk) do_last(): fetch directory ->i_mode and ->i_uid before it's too late
CVE-2020-8647: (unk) vgacon: Fix a UAF in vgacon_invert_region
CVE-2020-8648: (unk) vt: selection, close sel_buffer race
CVE-2020-8649: (unk) vgacon: Fix a UAF in vgacon_invert_region
CVE-2020-8694: (unk) powercap: restrict energy meter to root access
CVE-2020-8992: (unk) ext4: add cond_resched() to ext4_protect_reserved_inode
CVE-2020-9383: (unk) floppy: check FDC index for errors before assigning it
CVE-2021-0129: (unk) Bluetooth: SMP: Fail if remote and local public keys are identical
CVE-2021-0342: (unk) tun: correct header offsets in napi frags mode
CVE-2021-0399: (unk)
CVE-2021-0448: (unk) netfilter: ctnetlink: add a range check for l3/l4 protonum
CVE-2021-0512: (unk) HID: make arrays usage and value to be the same
CVE-2021-0605: (unk) af_key: pfkey_dump needs parameter validation
CVE-2021-0920: (unk) af_unix: fix garbage collect vs MSG_PEEK
CVE-2021-0929: (unk) staging/android/ion: delete dma_buf->kmap/unmap implemenation
CVE-2021-0937: (unk) netfilter: x_tables: fix compat match/target pad out-of-bound write
CVE-2021-0938: (unk) compiler.h: fix barrier_data() on clang
CVE-2021-0941: (unk) bpf: Remove MTU check in __bpf_skb_max_len
CVE-2021-1048: (unk) fix regression in "epoll: Keep a reference on files added to the check list"
CVE-2021-20177: (unk) netfilter: add and use nf_hook_slow_list()
CVE-2021-20239: (unk) net: pass a sockptr_t into ->setsockopt
CVE-2021-20292: (unk) drm/ttm/nouveau: don't call tt destroy callback on alloc failure.
CVE-2021-20317: (unk) lib/timerqueue: Rely on rbtree semantics for next timer
CVE-2021-20320: (unk) s390/bpf: Fix optimizing out zero-extensions
CVE-2021-20321: (unk) ovl: fix missing negative dentry check in ovl_rename()
CVE-2021-20322: (unk) ipv6: make exception cache less predictible
CVE-2021-21781: (unk) ARM: ensure the signal page contains defined contents
CVE-2021-22543: (unk) KVM: do not allow mapping valid but non-reference-counted pages
CVE-2021-22555: (unk) netfilter: x_tables: fix compat match/target pad out-of-bound write
CVE-2021-23133: (unk) net/sctp: fix race condition in sctp_destroy_sock
CVE-2021-26401: (unk) x86/speculation: Use generic retpoline by default on AMD
CVE-2021-26930: (unk) xen-blkback: fix error handling in xen_blkbk_map()
CVE-2021-26931: (unk) xen-blkback: don't "handle" error by BUG()
CVE-2021-26932: (unk) Xen/x86: don't bail early from clear_foreign_p2m_mapping()
CVE-2021-26934: (unk)
CVE-2021-27363: (unk) scsi: iscsi: Restrict sessions and handles to admin capabilities
CVE-2021-27364: (unk) scsi: iscsi: Restrict sessions and handles to admin capabilities
CVE-2021-27365: (unk) scsi: iscsi: Ensure sysfs attributes are limited to PAGE_SIZE
CVE-2021-28038: (unk) Xen/gnttab: handle p2m update errors on a per-slot basis
CVE-2021-28375: (unk) misc: fastrpc: restrict user apps from sending kernel RPC messages
CVE-2021-28660: (unk) staging: rtl8188eu: prevent ->ssid overflow in rtw_wx_set_scan()
CVE-2021-28688: (unk) xen-blkback: don't leak persistent grants from xen_blkbk_map()
CVE-2021-28711: (unk) xen/blkfront: harden blkfront against event channel storms
CVE-2021-28712: (unk) xen/netfront: harden netfront against event channel storms
CVE-2021-28713: (unk) xen/console: harden hvc_xen against event channel storms
CVE-2021-28714: (unk) xen/netback: fix rx queue stall detection
CVE-2021-28715: (unk) xen/netback: don't queue unlimited number of packages
CVE-2021-28964: (unk) btrfs: fix race when cloning extent buffer during rewind of an old root
CVE-2021-28971: (unk) perf/x86/intel: Fix a crash caused by zero PEBS status
CVE-2021-28972: (unk) PCI: rpadlpar: Fix potential drc_name corruption in store functions
CVE-2021-29154: (unk) bpf, x86: Validate computation of branch displacements for x86-64
CVE-2021-29155: (unk) bpf: Use correct permission flag for mixed signed bounds arithmetic
CVE-2021-29264: (unk) gianfar: fix jumbo packets+napi+rx overrun crash
CVE-2021-29265: (unk) usbip: fix stub_dev usbip_sockfd_store() races leading to gpf
CVE-2021-29647: (unk) net: qrtr: fix a kernel-infoleak in qrtr_recvmsg()
CVE-2021-29650: (unk) netfilter: x_tables: Use correct memory barriers.
CVE-2021-30002: (unk) media: v4l: ioctl: Fix memory leak in video_usercopy
CVE-2021-3178: (unk) nfsd4: readdirplus shouldn't return parent of export
CVE-2021-31829: (unk) bpf: Fix masking negation logic upon negative dst register
CVE-2021-31916: (unk) dm ioctl: fix out of bounds array access when no devices
CVE-2021-32078: (unk) ARM: footbridge: remove personal server platform
CVE-2021-32399: (unk) bluetooth: eliminate the potential race condition when removing the HCI controller
CVE-2021-33033: (unk) cipso,calipso: resolve a number of problems with the DOI refcounts
CVE-2021-33034: (unk) Bluetooth: verify AMP hci_chan before amp_destroy
CVE-2021-33061: (unk) ixgbe: add improvement for MDD response functionality
CVE-2021-33098: (unk) ixgbe: fix large MTU request from VF
CVE-2021-3347: (unk) futex: Ensure the correct return value from futex_lock_pi()
CVE-2021-3348: (unk) nbd: freeze the queue while we're adding connections
CVE-2021-33624: (unk) bpf: Inherit expanded/patched seen count from old aux data
CVE-2021-33655: (unk) fbcon: Disallow setting font bigger than screen size
CVE-2021-33656: (unk) vt: drop old FONT ioctls
CVE-2021-33909: (unk) seq_file: disallow extremely large seq buffer allocations
CVE-2021-3428: (unk) ext4: handle error of ext4_setup_system_zone() on remount
CVE-2021-3444: (unk) bpf: Fix truncation handling for mod32 dst reg wrt zero
CVE-2021-34556: (unk) bpf: Introduce BPF nospec instruction for mitigating Spectre v4
CVE-2021-34693: (unk) can: bcm: fix infoleak in struct bcm_msg_head
CVE-2021-3483: (unk) firewire: nosy: Fix a use-after-free bug in nosy_ioctl()
CVE-2021-34981: (unk) Bluetooth: cmtp: fix file refcount when cmtp_attach_device fails
CVE-2021-35039: (unk) module: limit enabling module.sig_enforce
CVE-2021-3506: (unk) f2fs: fix to avoid out-of-bounds memory access
CVE-2021-3542: (unk)
CVE-2021-35477: (unk) bpf: Introduce BPF nospec instruction for mitigating Spectre v4
CVE-2021-3564: (unk) Bluetooth: fix the erroneous flush_work() order
CVE-2021-3573: (unk) Bluetooth: use correct lock to prevent UAF of hdev object
CVE-2021-3587: (unk) nfc: fix NULL ptr dereference in llcp_sock_getname() after failed connect
CVE-2021-3600: (unk) bpf: Fix 32 bit src register truncation on div/mod
CVE-2021-3609: (unk) can: bcm: delay release of struct bcm_op after synchronize_rcu()
CVE-2021-3612: (unk) Input: joydev - prevent potential read overflow in ioctl
CVE-2021-3635: (unk) netfilter: nf_tables: fix flowtable list del corruption
CVE-2021-3640: (unk) Bluetooth: sco: Fix lock_sock() blockage by memcpy_from_msg()
CVE-2021-3653: (unk) KVM: nSVM: avoid picking up unsupported bits from L2 in int_ctl (CVE-2021-3653)
CVE-2021-3655: (unk) sctp: validate from_addr_param return
CVE-2021-3656: (unk) KVM: nSVM: always intercept VMLOAD/VMSAVE when nested (CVE-2021-3656)
CVE-2021-3659: (unk) net: mac802154: Fix general protection fault
CVE-2021-3669: (unk) ipc: replace costly bailout check in sysvipc_find_ipc()
CVE-2021-3679: (unk) tracing: Fix bug in rb_per_cpu_empty() that might cause deadloop.
CVE-2021-3714: (unk)
CVE-2021-3715: (unk) net_sched: cls_route: remove the right filter from hashtable
CVE-2021-37159: (unk) usb: hso: fix error handling code of hso_create_net_device
CVE-2021-3732: (unk) ovl: prevent private clone if bind mount is not allowed
CVE-2021-3739: (unk) btrfs: fix NULL pointer dereference when deleting device by invalid id
CVE-2021-3743: (unk) net: qrtr: fix OOB Read in qrtr_endpoint_post
CVE-2021-3744: (unk) crypto: ccp - fix resource leaks in ccp_run_aes_gcm_cmd()
CVE-2021-3752: (unk) Bluetooth: fix use-after-free error in lock_sock_nested()
CVE-2021-3753: (unk) vt_kdsetmode: extend console locking
CVE-2021-37576: (unk) KVM: PPC: Book3S: Fix H_RTAS rets buffer overflow
CVE-2021-3759: (unk) memcg: enable accounting of ipc resources
CVE-2021-3760: (unk) nfc: nci: fix the UAF of rf_conn_info object
CVE-2021-3764: (unk) crypto: ccp - fix resource leaks in ccp_run_aes_gcm_cmd()
CVE-2021-3772: (unk) sctp: use init_tag from inithdr for ABORT chunk
CVE-2021-38160: (unk) virtio_console: Assure used length from device is limited
CVE-2021-38198: (unk) KVM: X86: MMU: Use the correct inherited permissions to get shadow page
CVE-2021-38199: (unk) NFSv4: Initialise connection to the server in nfs4_alloc_client()
CVE-2021-38204: (unk) usb: max-3421: Prevent corruption of freed memory
CVE-2021-38205: (unk) net: xilinx_emaclite: Do not print real IOMEM pointer
CVE-2021-38208: (unk) nfc: fix NULL ptr dereference in llcp_sock_getname() after failed connect
CVE-2021-38300: (unk) bpf, mips: Validate conditional branch offsets
CVE-2021-3847: (unk)
CVE-2021-3864: (unk)
CVE-2021-3892: (unk)
CVE-2021-3894: (unk) sctp: account stream padding length for reconf chunk
CVE-2021-3896: (unk) isdn: cpai: check ctr->cnr to avoid array index out of bound
CVE-2021-39633: (unk) ip_gre: add validation for csum_start
CVE-2021-39634: (unk) epoll: do not insert into poll queues until all sanity checks are done
CVE-2021-39648: (unk) usb: gadget: configfs: Fix use-after-free issue with udc_name
CVE-2021-39656: (unk) configfs: fix a use-after-free in __configfs_open_file
CVE-2021-39657: (unk) scsi: ufs: Correct the LUN used in eh_device_reset_handler() callback
CVE-2021-39685: (unk) USB: gadget: detect too-big endpoint 0 requests
CVE-2021-39686: (unk) binder: use euid from cred instead of using task
CVE-2021-39698: (unk) wait: add wake_up_pollfree()
CVE-2021-39800: (unk)
CVE-2021-39801: (unk)
CVE-2021-4002: (unk) hugetlbfs: flush TLBs correctly after huge_pmd_unshare
CVE-2021-4023: (unk) io-wq: fix cancellation on create-worker failure
CVE-2021-4037: (unk) xfs: fix up non-directory creation in SGID directories
CVE-2021-40490: (unk) ext4: fix race writing to an inline_data file while its xattrs are changing
CVE-2021-4083: (unk) fget: check that the fd still exists after getting a ref to it
CVE-2021-4135: (unk) netdevsim: Zero-initialize memory for new map's value in function nsim_bpf_map_alloc
CVE-2021-4149: (unk) btrfs: unlock newly allocated extent buffer after error
CVE-2021-4150: (unk) block: fix incorrect references to disk objects
CVE-2021-4154: (unk) cgroup: verify that source is a string
CVE-2021-4155: (unk) xfs: map unwritten blocks in XFS_IOC_{ALLOC,FREE}SP just like fallocate
CVE-2021-4157: (unk) pNFS/flexfiles: fix incorrect size check in decode_nfs_fh()
CVE-2021-4159: (unk) bpf: Verifer, adjust_scalar_min_max_vals to always call update_reg_bounds()
CVE-2021-41864: (unk) bpf: Fix integer overflow in prealloc_elems_and_freelist()
CVE-2021-4197: (unk) cgroup: Use open-time credentials for process migraton perm checks
CVE-2021-42008: (unk) net: 6pack: fix slab-out-of-bounds in decode_data
CVE-2021-4202: (unk) NFC: reorganize the functions in nci_request
CVE-2021-4203: (unk) af_unix: fix races in sk_peer_pid and sk_peer_cred accesses
CVE-2021-4218: (unk) sysctl: pass kernel pointers to ->proc_handler
CVE-2021-42252: (unk) soc: aspeed: lpc-ctrl: Fix boundary check for mmap
CVE-2021-42739: (unk) media: firewire: firedtv-avc: fix a buffer overflow in avc_ca_pmt()
CVE-2021-43056: (unk) KVM: PPC: Book3S HV: Make idle_kvm_start_guest() return 0 if it went to guest
CVE-2021-43389: (unk) isdn: cpai: check ctr->cnr to avoid array index out of bound
CVE-2021-43975: (unk) atlantic: Fix OOB read and write in hw_atl_utils_fw_rpc_wait
CVE-2021-43976: (unk) mwifiex: Fix skb_over_panic in mwifiex_usb_recv()
CVE-2021-44733: (unk) tee: handle lookup of shm with reference count 0
CVE-2021-44879: (unk) f2fs: fix to do sanity check on inode type during garbage collection
CVE-2021-45095: (unk) phonet: refcount leak in pep_sock_accep
CVE-2021-45469: (unk) f2fs: fix to do sanity check on last xattr entry in __f2fs_setxattr()
CVE-2021-45485: (unk) ipv6: use prandom_u32() for ID generation
CVE-2021-45486: (unk) inet: use bigger hash table for IP ID generation
CVE-2021-45868: (unk) quota: check block number when reading the block in quota file
CVE-2022-0001: (unk) x86/speculation: Rename RETPOLINE_AMD to RETPOLINE_LFENCE
CVE-2022-0002: (unk) x86/speculation: Rename RETPOLINE_AMD to RETPOLINE_LFENCE
CVE-2022-0168: (unk) cifs: fix NULL ptr dereference in smb2_ioctl_query_info()
CVE-2022-0185: (unk) vfs: fs_context: fix up param length parsing in legacy_parse_param
CVE-2022-0322: (unk) sctp: account stream padding length for reconf chunk
CVE-2022-0330: (unk) drm/i915: Flush TLBs before releasing backing store
CVE-2022-0382: (unk) net ticp:fix a kernel-infoleak in __tipc_sendmsg()
CVE-2022-0400: (unk)
CVE-2022-0435: (unk) tipc: improve size validations for received domain records
CVE-2022-0480: (unk) memcg: enable accounting for file lock caches
CVE-2022-0487: (unk) moxart: fix potential use-after-free on remove path
CVE-2022-0492: (unk) cgroup-v1: Require capabilities to set release_agent
CVE-2022-0494: (unk) block-map: add __GFP_ZERO flag for alloc_page in function bio_copy_kern
CVE-2022-0617: (unk) udf: Fix NULL ptr deref when converting from inline format
CVE-2022-0644: (unk) vfs: check fd has read access in kernel_read_file_from_fd()
CVE-2022-0812: (unk) xprtrdma: fix incorrect header size calculations
CVE-2022-0850: (unk) ext4: fix kernel infoleak via ext4_extent_header
CVE-2022-1011: (unk) fuse: fix pipe buffer lifetime for direct_io
CVE-2022-1012: (unk) secure_seq: use the 64 bits of the siphash for port offset calculation
CVE-2022-1016: (unk) netfilter: nf_tables: initialize registers in nft_do_chain()
CVE-2022-1048: (unk) ALSA: pcm: Fix races among concurrent hw_params and hw_free calls
CVE-2022-1055: (unk) net: sched: fix use-after-free in tc_new_tfilter()
CVE-2022-1116: (unk)
CVE-2022-1158: (unk) KVM: x86/mmu: do compare-and-exchange of gPTE via the user address
CVE-2022-1184: (unk) ext4: verify dir block before splitting it
CVE-2022-1195: (unk) hamradio: improve the incomplete fix to avoid NPD
CVE-2022-1198: (unk) drivers: hamradio: 6pack: fix UAF bug caused by mod_timer()
CVE-2022-1199: (unk) ax25: Fix NULL pointer dereference in ax25_kill_by_device
CVE-2022-1204: (unk) ax25: Fix refcount leaks caused by ax25_cb_del()
CVE-2022-1247: (unk)
CVE-2022-1263: (unk) KVM: avoid NULL pointer dereference in kvm_dirty_ring_push
CVE-2022-1280: (unk) drm: avoid circular locks in drm_mode_getconnector
CVE-2022-1353: (unk) af_key: add __GFP_ZERO flag for compose_sadb_supported in function pfkey_register
CVE-2022-1419: (unk) drm/vgem: Close use-after-free race in vgem_gem_create
CVE-2022-1462: (unk) tty: use new tty_insert_flip_string_and_push_buffer() in pty_write()
CVE-2022-1508: (unk) io_uring: reexpand under-reexpanded iters
CVE-2022-1652: (unk) floppy: use a statically allocated error counter
CVE-2022-1679: (unk) ath9k: fix use-after-free in ath9k_hif_usb_rx_cb
CVE-2022-1729: (unk) perf: Fix sys_perf_event_open() race against self
CVE-2022-1734: (unk) nfc: nfcmrvl: main: reorder destructive operations in nfcmrvl_nci_unregister_dev to avoid bugs
CVE-2022-1786: (unk) io_uring: remove io_identity
CVE-2022-1789: (unk) KVM: x86/mmu: fix NULL pointer dereference on guest INVPCID
CVE-2022-1836: (unk) floppy: disable FDRAWCMD by default
CVE-2022-1966: (unk) netfilter: nf_tables: disallow non-stateful expression in sets earlier
CVE-2022-1974: (unk) nfc: replace improper check device_is_registered() in netlink related functions
CVE-2022-1975: (unk) NFC: netlink: fix sleep in atomic bug when firmware download timeout
CVE-2022-20008: (unk) mmc: block: fix read single on recovery logic
CVE-2022-20132: (unk) HID: add hid_is_usb() function to make it simpler for USB detection
CVE-2022-20141: (unk) igmp: Add ip_mc_list lock in ip_check_mc_rcu
CVE-2022-20148: (unk) f2fs: fix UAF in f2fs_available_free_memory
CVE-2022-20154: (unk) sctp: use call_rcu to free endpoint
CVE-2022-20158: (unk) net/packet: fix slab-out-of-bounds access in packet_recvmsg()
CVE-2022-20166: (unk) drivers core: Use sysfs_emit and sysfs_emit_at for show(device *...) functions
CVE-2022-20368: (unk) net/packet: fix slab-out-of-bounds access in packet_recvmsg()
CVE-2022-20369: (unk) media: v4l2-mem2mem: Apply DST_QUEUE_OFF_BASE on MMAP buffers across ioctls
CVE-2022-20421: (unk) binder: fix UAF of ref->proc caused by race condition
CVE-2022-20422: (unk) arm64: fix oops in concurrently setting insn_emulation sysctls
CVE-2022-20424: (unk) io_uring: remove io_identity
CVE-2022-20565: (unk) HID: core: Correctly handle ReportSize being zero
CVE-2022-20566: (unk) Bluetooth: L2CAP: Fix use-after-free caused by l2cap_chan_put
CVE-2022-20568: (unk) Merge tag 'io_uring-worker.v3-2021-02-25' of git://git.kernel.dk/linux-block
CVE-2022-20572: (unk) dm verity: set DM_TARGET_IMMUTABLE feature flag
CVE-2022-21123: (unk) x86/speculation/mmio: Add mitigation for Processor MMIO Stale Data
CVE-2022-21125: (unk) x86/speculation/mmio: Reuse SRBDS mitigation for SBDS
CVE-2022-21166: (unk) x86/speculation/mmio: Enable CPU Fill buffer clearing on idle
CVE-2022-21499: (unk) lockdown: also lock down previous kgdb use
CVE-2022-2153: (unk) KVM: x86: Avoid theoretical NULL pointer dereference in kvm_irq_delivery_to_apic_fast()
CVE-2022-2196: (unk) KVM: VMX: Execute IBPB on emulated VM-exit when guest has IBRS
CVE-2022-2209: (unk)
CVE-2022-22942: (unk) drm/vmwgfx: Fix stale file descriptors on failed usercopy
CVE-2022-23036: (unk) xen/grant-table: add gnttab_try_end_foreign_access()
CVE-2022-23037: (unk) xen/netfront: don't use gnttab_query_foreign_access() for mapped status
CVE-2022-23038: (unk) xen/grant-table: add gnttab_try_end_foreign_access()
CVE-2022-23039: (unk) xen/gntalloc: don't use gnttab_query_foreign_access()
CVE-2022-23040: (unk) xen/xenbus: don't let xenbus_grant_ring() remove grants in error case
CVE-2022-23041: (unk) xen/9p: use alloc/free_pages_exact()
CVE-2022-23042: (unk) xen/netfront: react properly to failing gnttab_end_foreign_access_ref()
CVE-2022-2318: (unk) net: rose: fix UAF bugs caused by timer handler
CVE-2022-23222: (unk) bpf: Replace PTR_TO_XXX_OR_NULL with PTR_TO_XXX | PTR_MAYBE_NULL
CVE-2022-2327: (unk) io_uring: remove any grabbing of context
CVE-2022-2380: (unk) video: fbdev: sm712fb: Fix crash in smtcfb_read()
CVE-2022-23816: (unk) x86/kvm/vmx: Make noinstr clean
CVE-2022-23825: (unk)
CVE-2022-23960: (unk) ARM: report Spectre v2 status through sysfs
CVE-2022-24448: (unk) NFSv4: Handle case where the lookup of a directory fails
CVE-2022-24958: (unk) usb: gadget: don't release an existing dev->buf
CVE-2022-24959: (unk) yam: fix a memory leak in yam_siocdevprivate()
CVE-2022-2503: (unk) dm verity: set DM_TARGET_IMMUTABLE feature flag
CVE-2022-25258: (unk) USB: gadget: validate interface OS descriptor requests
CVE-2022-25265: (unk)
CVE-2022-25375: (unk) usb: gadget: rndis: check size of RNDIS_MSG_SET command
CVE-2022-2586: (unk) netfilter: nf_tables: do not allow SET_ID to refer to another table
CVE-2022-2588: (unk) net_sched: cls_route: remove from list when handle is 0
CVE-2022-2602: (unk) io_uring/af_unix: defer registered files gc to io_uring release
CVE-2022-26365: (unk) xen/blkfront: fix leaking data in shared pages
CVE-2022-26373: (unk) x86/speculation: Add RSB VM Exit protections
CVE-2022-2639: (unk) openvswitch: fix OOB access in reserve_sfa_size()
CVE-2022-26490: (unk) nfc: st21nfca: Fix potential buffer overflows in EVT_TRANSACTION
CVE-2022-2663: (unk) netfilter: nf_conntrack_irc: Fix forged IP logic
CVE-2022-26966: (unk) sr9700: sanity check for packet length
CVE-2022-27223: (unk) USB: gadget: validate endpoint index for xilinx udc
CVE-2022-27666: (unk) esp: Fix possible buffer overflow in ESP transformation
CVE-2022-28356: (unk) llc: fix netdevice reference leaks in llc_ui_bind()
CVE-2022-28388: (unk) can: usb_8dev: usb_8dev_start_xmit(): fix double dev_kfree_skb() in error path
CVE-2022-28389: (unk) can: mcba_usb: mcba_usb_start_xmit(): fix double dev_kfree_skb in error path
CVE-2022-28390: (unk) can: ems_usb: ems_usb_start_xmit(): fix double dev_kfree_skb() in error path
CVE-2022-28893: (unk) SUNRPC: Ensure we flush any closed sockets before xs_xprt_free()
CVE-2022-2938: (unk) psi: Fix uaf issue when psi trigger is destroyed while being polled
CVE-2022-29581: (unk) net/sched: cls_u32: fix netns refcount changes in u32_change()
CVE-2022-2961: (unk)
CVE-2022-2964: (unk) net: usb: ax88179_178a: Fix out-of-bounds accesses in RX fixup
CVE-2022-2977: (unk) tpm: fix reference counting for struct tpm_chip
CVE-2022-2978: (unk) fs: fix UAF/GPF bug in nilfs_mdt_destroy
CVE-2022-29900: (unk) x86/kvm/vmx: Make noinstr clean
CVE-2022-29901: (unk) x86/kvm/vmx: Make noinstr clean
CVE-2022-2991: (unk) remove the lightnvm subsystem
CVE-2022-3028: (unk) af_key: Do not call xfrm_probe_algs in parallel
CVE-2022-30594: (unk) ptrace: Check PTRACE_O_SUSPEND_SECCOMP permission on PTRACE_SEIZE
CVE-2022-3061: (unk) video: fbdev: i740fb: Error out if 'pixclock' equals zero
CVE-2022-3104: (unk) lkdtm/bugs: Check for the NULL pointer after calling kmalloc
CVE-2022-3105: (unk) RDMA/uverbs: Check for null return of kmalloc_array
CVE-2022-3106: (unk) sfc_ef100: potential dereference of null pointer
CVE-2022-3107: (unk) hv_netvsc: Add check for kvmalloc_array
CVE-2022-3108: (unk) drm/amdkfd: Check for null pointer after calling kmemdup
CVE-2022-3110: (unk) staging: r8188eu: add check for kzalloc
CVE-2022-3111: (unk) power: supply: wm8350-power: Add missing free in free_charger_irq
CVE-2022-3112: (unk) media: meson: vdec: potential dereference of null pointer
CVE-2022-3113: (unk) media: mtk-vcodec: potential dereference of null pointer
CVE-2022-3114: (unk) clk: imx: Add check for kcalloc
CVE-2022-3115: (unk) drm: mali-dp: potential dereference of null pointer
CVE-2022-3169: (unk) nvme: ensure subsystem reset is single threaded
CVE-2022-3176: (unk) io_uring: fix UAF due to missing POLLFREE handling
CVE-2022-3202: (unk) jfs: prevent NULL deref in diFree
CVE-2022-32250: (unk) netfilter: nf_tables: disallow non-stateful expression in sets earlier
CVE-2022-32296: (unk) tcp: increase source port perturb table to 2^16
CVE-2022-3239: (unk) media: em28xx: initialize refcount before kref_get
CVE-2022-32981: (unk) powerpc/32: Fix overread/overwrite of thread_struct via ptrace
CVE-2022-3303: (unk) ALSA: pcm: oss: Fix race at SNDCTL_DSP_SYNC
CVE-2022-3344: (unk) KVM: x86: nSVM: harden svm_free_nested against freeing vmcb02 while still in use
CVE-2022-33740: (unk) xen/netfront: fix leaking data in shared pages
CVE-2022-33741: (unk) xen/netfront: force data bouncing when backend is untrusted
CVE-2022-33742: (unk) xen/blkfront: force data bouncing when backend is untrusted
CVE-2022-33744: (unk) xen/arm: Fix race in RB-tree based P2M accounting
CVE-2022-33981: (unk) floppy: disable FDRAWCMD by default
CVE-2022-3424: (unk) misc: sgi-gru: fix use-after-free error in gru_set_context_option, gru_fault and gru_handle_user_call_os
CVE-2022-34918: (unk) netfilter: nf_tables: stricter validation of element data
CVE-2022-3521: (unk) kcm: avoid potential race in kcm_tx_work
CVE-2022-3522: (unk) mm/hugetlb: use hugetlb_pte_stable in migration race check
CVE-2022-3523: (unk) mm/memory.c: fix race when faulting a device private page
CVE-2022-3524: (unk) tcp/udp: Fix memory leak in ipv6_renew_options().
CVE-2022-3534: (unk) libbpf: Fix use-after-free in btf_dump_name_dups
CVE-2022-3535: (unk) net: mvpp2: fix mvpp2 debugfs leak
CVE-2022-3542: (unk) bnx2x: fix potential memory leak in bnx2x_tpa_stop()
CVE-2022-3545: (unk) nfp: fix use-after-free in area_cache_get()
CVE-2022-3564: (unk) Bluetooth: L2CAP: Fix use-after-free caused by l2cap_reassemble_sdu
CVE-2022-3565: (unk) mISDN: fix use-after-free bugs in l1oip timer handlers
CVE-2022-3566: (unk) tcp: Fix data races around icsk->icsk_af_ops.
CVE-2022-3567: (unk) ipv6: Fix data races around sk->sk_prot.
CVE-2022-3577: (unk) HID: bigben: fix slab-out-of-bounds Write in bigben_probe
CVE-2022-3586: (unk) sch_sfb: Don't assume the skb is still around after enqueueing to child
CVE-2022-3594: (unk) r8152: Rate limit overflow messages
CVE-2022-3595: (unk) cifs: fix double-fault crash during ntlmssp
CVE-2022-36123: (unk) x86: Clear .brk area at early boot
CVE-2022-3621: (unk) nilfs2: fix NULL pointer dereference at nilfs_bmap_lookup_at_level()
CVE-2022-3623: (unk) mm/hugetlb: fix races when looking up a CONT-PTE/PMD size hugetlb page
CVE-2022-3624: (unk) bonding: fix reference count leak in balance-alb mode
CVE-2022-3625: (unk) devlink: Fix use-after-free after a failed reload
CVE-2022-3628: (unk) wifi: brcmfmac: Fix potential buffer overflow in brcmf_fweh_event_worker()
CVE-2022-36280: (unk) drm/vmwgfx: Validate the box size for the snooped cursor
CVE-2022-3629: (unk) vsock: Fix memory leak in vsock_connect()
CVE-2022-3635: (unk) atm: idt77252: fix use-after-free bugs caused by tst_timer
CVE-2022-3636: (unk) net: ethernet: mtk_eth_soc: use after free in __mtk_ppe_check_skb()
CVE-2022-36402: (unk)
CVE-2022-3642: (unk)
CVE-2022-3643: (unk) xen/netback: Ensure protocol headers don't fall in the non-linear area
CVE-2022-3646: (unk) nilfs2: fix leak of nilfs_root in case of writer thread creation failure
CVE-2022-3649: (unk) nilfs2: fix use-after-free bug of struct nilfs_root
CVE-2022-36879: (unk) xfrm: xfrm_policy: fix a possible double xfrm_pols_put() in xfrm_bundle_lookup()
CVE-2022-36946: (unk) netfilter: nf_queue: do not allow packet truncation below transport header offset
CVE-2022-3707: (unk)
CVE-2022-38096: (unk)
CVE-2022-38457: (unk)
CVE-2022-3903: (unk) media: mceusb: Use new usb_control_msg_*() routines
CVE-2022-39188: (unk) mmu_gather: Force tlb-flush VM_PFNMAP vmas
CVE-2022-39189: (unk) KVM: x86: do not report a vCPU as preempted outside instruction boundaries
CVE-2022-39842: (unk) video: fbdev: pxa3xx-gcu: Fix integer overflow in pxa3xx_gcu_write
CVE-2022-40133: (unk)
CVE-2022-40307: (unk) efi: capsule-loader: Fix use-after-free in efi_capsule_write
CVE-2022-40768: (unk) scsi: stex: Properly zero out the passthrough command structure
CVE-2022-4095: (unk) staging: rtl8712: fix use after free bugs
CVE-2022-41218: (unk) media: dvb-core: Fix UAF due to refcount races at releasing
CVE-2022-41222: (unk) mm/mremap: hold the rmap lock in write mode when moving page table entries.
CVE-2022-4129: (unk) l2tp: Serialize access to sk_user_data with sk_callback_lock
CVE-2022-41674: (unk) wifi: cfg80211: fix u8 overflow in cfg80211_update_notlisted_nontrans()
CVE-2022-41848: (unk)
CVE-2022-41849: (unk) fbdev: smscufx: Fix use-after-free in ufx_ops_open()
CVE-2022-41850: (unk) HID: roccat: Fix use-after-free in roccat_read()
CVE-2022-41858: (unk) drivers: net: slip: fix NPD bug in sl_tx_timeout()
CVE-2022-4269: (unk)
CVE-2022-42703: (unk) mm/rmap: Fix anon_vma->degree ambiguity leading to double-reuse
CVE-2022-42719: (unk) wifi: mac80211: fix MBSSID parsing use-after-free
CVE-2022-42720: (unk) wifi: cfg80211: fix BSS refcounting bugs
CVE-2022-42721: (unk) wifi: cfg80211: avoid nontransmitted BSS list corruption
CVE-2022-42895: (unk) Bluetooth: L2CAP: Fix attempting to access uninitialized memory
CVE-2022-42896: (unk) Bluetooth: L2CAP: Fix accepting connection request for invalid SPSM
CVE-2022-43750: (unk) usb: mon: make mmapped memory read only
CVE-2022-4379: (unk) NFSD: fix use-after-free in __nfs42_ssc_open()
CVE-2022-4382: (unk)
CVE-2022-44032: (unk)
CVE-2022-44033: (unk)
CVE-2022-44034: (unk)
CVE-2022-4543: (unk)
CVE-2022-45884: (unk)
CVE-2022-45885: (unk)
CVE-2022-45886: (unk)
CVE-2022-45887: (unk)
CVE-2022-45888: (unk) char: xillybus: Prevent use-after-free due to race condition
CVE-2022-45919: (unk)
CVE-2022-45934: (unk) Bluetooth: L2CAP: Fix u8 overflow
CVE-2022-4662: (unk) USB: core: Prevent nested device-reset calls
CVE-2022-47518: (unk) wifi: wilc1000: validate number of channels
CVE-2022-47519: (unk) wifi: wilc1000: validate length of IEEE80211_P2P_ATTR_OPER_CHANNEL attribute
CVE-2022-47520: (unk) wifi: wilc1000: validate pairwise and authentication suite offsets
CVE-2022-47521: (unk) wifi: wilc1000: validate length of IEEE80211_P2P_ATTR_CHANNEL_LIST attribute
CVE-2022-47946: (unk) io_uring: kill sqo_dead and sqo submission halting
CVE-2022-4842: (unk) fs/ntfs3: Fix attr_punch_hole() null pointer derenference