Google Git
Sign in
cos / mirrors / github.com / nluedtke / linux_kernel_cves / 38baa2e0dc089bc87450940f71954381110479c9 / . / data / 5.14 / 5.14_security.txt
blob: 227d52a682bb37563ecbc4e3f9d699d3cb32c76c [file] [log] [blame]
CVEs fixed in 5.14:
CVE-2021-34866: 5b029a32cfe4600f5e10e36b41778506b90fd4de bpf: Fix ringbuf helper function compatibility
CVE-2021-39633: 1d011c4803c72f3907eccfc1ec63caefb852fcbf ip_gre: add validation for csum_start
CVEs fixed in 5.14.1:
CVE-2021-3739: 734dabfb6918d399024063c9db9093a83f804ce5 btrfs: fix NULL pointer dereference when deleting device by invalid id
CVE-2021-3753: acf3c7b4fae092e7f5c170bc8a0fe2ead9b2a320 vt_kdsetmode: extend console locking
CVEs fixed in 5.14.2:
CVE-2021-40490: f8ea208b3fbbc0546d71b47e8abaf98b0961dec1 ext4: fix race writing to an inline_data file while its xattrs are changing
CVEs fixed in 5.14.3:
CVE-2022-20141: d1a3c6d5925a8d00a32c5ef2d674dd9c0ce89c95 igmp: Add ip_mc_list lock in ip_check_mc_rcu
CVEs fixed in 5.14.4:
CVE-2021-20322: 55938482a1461a35087c6f3051f8447662889ea8 ipv6: make exception cache less predictible
CVEs fixed in 5.14.6:
CVE-2021-3736: 983add470d43d68fa3712a4b46da3245428b0425 vfio/mbochs: Fix missing error unwind of mbochs_used_mbytes
CVE-2021-42252: 865f5ba9fdfc3ac6acabcac9630056ce99db600d soc: aspeed: lpc-ctrl: Fix boundary check for mmap
CVEs fixed in 5.14.7:
CVE-2020-16119: 51f7b364a2d120cea956b2bb5ccaad29bbf8abce dccp: don't duplicate ccid when cloning dccp sock
CVE-2021-20320: 7a31ec4d215a800b504de74b248795f8be666f8e s390/bpf: Fix optimizing out zero-extensions
CVE-2021-41073: 71e32edd2210d0304e93ac110814b5a4b3a81dc0 io_uring: ensure symmetry in handling iter types in loop_rw_iter()
CVEs fixed in 5.14.8:
CVE-2021-43057: bef2b32a149030babba8ad5d2b6c121638fb911d selinux,smack: fix subjective/objective credential use mixups
CVEs fixed in 5.14.10:
CVE-2021-3744: e450c422aa233e9f80515f2ee9164e33f158a472 crypto: ccp - fix resource leaks in ccp_run_aes_gcm_cmd()
CVE-2021-3764: e450c422aa233e9f80515f2ee9164e33f158a472 crypto: ccp - fix resource leaks in ccp_run_aes_gcm_cmd()
CVE-2021-38300: dbe853968d4dea820fccd9c7107a5d797fa30ff3 bpf, mips: Validate conditional branch offsets
CVE-2021-4028: d9ba5565c7f81337e4fa2f02f7fe2f33c0b0a7e6 RDMA/cma: Do not change route.addr.src_addr.ss_family
CVE-2021-4203: ec716aac7fe4ce85b1ca727ff98a27c01ebde58e af_unix: fix races in sk_peer_pid and sk_peer_cred accesses
CVEs fixed in 5.14.12:
CVE-2021-20321: 71b8b36187af58f9e67b25021f5debbc04a18a5d ovl: fix missing negative dentry check in ovl_rename()
CVE-2021-41864: 3a1ac1e368bedae2777d9a7cfdc65df4859f7e71 bpf: Fix integer overflow in prealloc_elems_and_freelist()
CVEs fixed in 5.14.14:
CVE-2021-3894: 4f0bc44b9191b176d7b558f1f5ca1865339a27ef sctp: account stream padding length for reconf chunk
CVE-2021-4149: 0adda9f173f1e1f67b89c7257a5d21d4abfbbfb2 btrfs: unlock newly allocated extent buffer after error
CVE-2022-0322: 4f0bc44b9191b176d7b558f1f5ca1865339a27ef sctp: account stream padding length for reconf chunk
CVEs fixed in 5.14.15:
CVE-2021-3760: 6197eb050cfab2c124cd592594a1d73883d7f9e8 nfc: nci: fix the UAF of rf_conn_info object
CVE-2021-3896: cc20226e218a2375d50dd9ac14fb4121b43375ff isdn: cpai: check ctr->cnr to avoid array index out of bound
CVE-2021-4093: 3f54362dc7d7a382483fc4872abd4ad97b734609 KVM: SEV-ES: go over the sev_pio_data buffer in multiple passes if needed
CVE-2021-43056: 5a8c22e7fb66260c9182ee3a3085c2046503c54b KVM: PPC: Book3S HV: Make idle_kvm_start_guest() return 0 if it went to guest
CVE-2021-43389: cc20226e218a2375d50dd9ac14fb4121b43375ff isdn: cpai: check ctr->cnr to avoid array index out of bound
CVE-2022-0644: abe046ddf31133287fdd5508168078377a2508a5 vfs: check fd has read access in kernel_read_file_from_fd()
CVEs fixed in 5.14.16:
CVE-2021-3772: 332933f9ae0a17f6e362ec0f35ed51e7bc8e76d6 sctp: use init_tag from inithdr for ABORT chunk
CVE-2021-4148: 5fcb6fce74ffa614d964667110cf1a516c48c6d9 mm: khugepaged: skip huge page collapse for special files
CVE-2021-42327: d3ed72495a59fbfb9377450c8dfe94389a6509a7 drm/amdgpu: fix out of bounds write
CVE-2021-43267: e029c9828c5b503b11a609fcc7c5840de2db3fb4 tipc: fix size validations for the MSG_CRYPTO type
CVEs fixed in 5.14.17:
CVE-2021-42739: 02a476ca886dc8155025fe99cbbad4121d029fa7 media: firewire: firedtv-avc: fix a buffer overflow in avc_ca_pmt()
CVEs fixed in 5.14.18:
CVE-2021-39686: fbb106e7952442927f373f02f97dbb00f8fea137 binder: use euid from cred instead of using task
CVEs fixed in 5.14.19:
CVE-2021-3640: 2c2b295af72e4e30d17556375e100ae65ac0b896 Bluetooth: sco: Fix lock_sock() blockage by memcpy_from_msg()
CVE-2021-3752: b87da982da1b4787e23316e3eedc6bba52cfba64 Bluetooth: fix use-after-free error in lock_sock_nested()
CVE-2021-45868: b2d7d18457990ad15ee9f9f40da538fa58dae6b5 quota: check block number when reading the block in quota file
CVE-2022-20148: 5b67adb7425e758655e464bda4eb4174ac88b625 f2fs: fix UAF in f2fs_available_free_memory
Outstanding CVEs:
CVE-2005-3660: (unk)
CVE-2007-3719: (unk)
CVE-2008-2544: (unk)
CVE-2008-4609: (unk)
CVE-2010-4563: (unk)
CVE-2010-5321: (unk)
CVE-2011-4916: (unk)
CVE-2011-4917: (unk)
CVE-2012-4542: (unk)
CVE-2013-7445: (unk)
CVE-2015-2877: (unk)
CVE-2016-8660: (unk)
CVE-2017-13693: (unk)
CVE-2017-13694: (unk)
CVE-2018-1121: (unk)
CVE-2018-12928: (unk)
CVE-2018-12929: (unk)
CVE-2018-12930: (unk)
CVE-2018-12931: (unk)
CVE-2018-17977: (unk)
CVE-2019-12456: (unk)
CVE-2019-15239: (unk) unknown
CVE-2019-15290: (unk)
CVE-2019-15902: (unk) unknown
CVE-2019-16089: (unk)
CVE-2019-19378: (unk)
CVE-2019-19814: (unk)
CVE-2019-20794: (unk)
CVE-2020-0347: (unk)
CVE-2020-10708: (unk)
CVE-2020-11725: (unk)
CVE-2020-14304: (unk)
CVE-2020-15802: (unk)
CVE-2020-24502: (unk)
CVE-2020-24503: (unk)
CVE-2020-25220: (unk)
CVE-2020-26140: (unk)
CVE-2020-26142: (unk)
CVE-2020-26143: (unk)
CVE-2020-26556: (unk)
CVE-2020-26557: (unk)
CVE-2020-26559: (unk)
CVE-2020-26560: (unk)
CVE-2020-27820: (unk) drm/nouveau: use drm_dev_unplug() during device removal
CVE-2020-35501: (unk)
CVE-2020-36516: (unk)
CVE-2021-0399: (unk)
CVE-2021-0695: (unk)
CVE-2021-22600: (unk) net/packet: rx_owner_map depends on pg_vec
CVE-2021-26401: (unk) x86/speculation: Use generic retpoline by default on AMD
CVE-2021-26934: (unk)
CVE-2021-28711: (unk) xen/blkfront: harden blkfront against event channel storms
CVE-2021-28712: (unk) xen/netfront: harden netfront against event channel storms
CVE-2021-28713: (unk) xen/console: harden hvc_xen against event channel storms
CVE-2021-28714: (unk) xen/netback: fix rx queue stall detection
CVE-2021-28715: (unk) xen/netback: don't queue unlimited number of packages
CVE-2021-33061: (unk) ixgbe: add improvement for MDD response functionality
CVE-2021-33135: (unk) x86/sgx: Free backing memory after faulting the enclave page
CVE-2021-33655: (unk) fbcon: Disallow setting font bigger than screen size
CVE-2021-3542: (unk)
CVE-2021-3669: (unk) ipc: replace costly bailout check in sysvipc_find_ipc()
CVE-2021-3714: (unk)
CVE-2021-3759: (unk) memcg: enable accounting of ipc resources
CVE-2021-3847: (unk)
CVE-2021-3864: (unk)
CVE-2021-3892: (unk)
CVE-2021-39685: (unk) USB: gadget: detect too-big endpoint 0 requests
CVE-2021-39698: (unk) wait: add wake_up_pollfree()
CVE-2021-39800: (unk)
CVE-2021-39801: (unk)
CVE-2021-39802: (unk)
CVE-2021-4001: (unk) bpf: Fix toctou on read-only map's constant scalar tracking
CVE-2021-4002: (unk) hugetlbfs: flush TLBs correctly after huge_pmd_unshare
CVE-2021-4023: (unk) io-wq: fix cancellation on create-worker failure
CVE-2021-4083: (unk) fget: check that the fd still exists after getting a ref to it
CVE-2021-4090: (unk) NFSD: Fix exposure in nfsd4_decode_bitmap()
CVE-2021-4095: (unk) KVM: x86: Fix wall clock writes in Xen shared_info not to mark page dirty
CVE-2021-4135: (unk) netdevsim: Zero-initialize memory for new map's value in function nsim_bpf_map_alloc
CVE-2021-4150: (unk) block: fix incorrect references to disk objects
CVE-2021-4155: (unk) xfs: map unwritten blocks in XFS_IOC_{ALLOC,FREE}SP just like fallocate
CVE-2021-4197: (unk) cgroup: Use open-time credentials for process migraton perm checks
CVE-2021-4202: (unk) NFC: reorganize the functions in nci_request
CVE-2021-4204: (unk) bpf: Generalize check_ctx_reg for reuse with other types
CVE-2021-43975: (unk) atlantic: Fix OOB read and write in hw_atl_utils_fw_rpc_wait
CVE-2021-43976: (unk) mwifiex: Fix skb_over_panic in mwifiex_usb_recv()
CVE-2021-44733: (unk) tee: handle lookup of shm with reference count 0
CVE-2021-44879: (unk) f2fs: fix to do sanity check on inode type during garbage collection
CVE-2021-45095: (unk) phonet: refcount leak in pep_sock_accep
CVE-2021-45402: (unk) bpf: Fix signed bounds propagation after mov32
CVE-2021-45469: (unk) f2fs: fix to do sanity check on last xattr entry in __f2fs_setxattr()
CVE-2021-45480: (unk) rds: memory leak in __rds_conn_create()
CVE-2022-0001: (unk) x86/speculation: Rename RETPOLINE_AMD to RETPOLINE_LFENCE
CVE-2022-0002: (unk) x86/speculation: Rename RETPOLINE_AMD to RETPOLINE_LFENCE
CVE-2022-0168: (unk) cifs: fix NULL ptr dereference in smb2_ioctl_query_info()
CVE-2022-0171: (unk) KVM: SEV: add cache flush to solve SEV cache incoherency issues
CVE-2022-0185: (unk) vfs: fs_context: fix up param length parsing in legacy_parse_param
CVE-2022-0264: (unk) bpf: Fix kernel address leakage in atomic fetch
CVE-2022-0330: (unk) drm/i915: Flush TLBs before releasing backing store
CVE-2022-0382: (unk) net ticp:fix a kernel-infoleak in __tipc_sendmsg()
CVE-2022-0400: (unk)
CVE-2022-0435: (unk) tipc: improve size validations for received domain records
CVE-2022-0480: (unk) memcg: enable accounting for file lock caches
CVE-2022-0487: (unk) moxart: fix potential use-after-free on remove path
CVE-2022-0492: (unk) cgroup-v1: Require capabilities to set release_agent
CVE-2022-0494: (unk) block-map: add __GFP_ZERO flag for alloc_page in function bio_copy_kern
CVE-2022-0500: (unk) bpf: Introduce MEM_RDONLY flag
CVE-2022-0516: (unk) KVM: s390: Return error on SIDA memop on normal guest
CVE-2022-0617: (unk) udf: Fix NULL ptr deref when converting from inline format
CVE-2022-0742: (unk) ipv6: fix skb drops in igmp6_event_query() and igmp6_event_report()
CVE-2022-0847: (unk) lib/iov_iter: initialize "flags" in new pipe_buffer
CVE-2022-0995: (unk) watch_queue: Fix filter limit check
CVE-2022-0998: (unk) vdpa: clean up get_config_size ret value handling
CVE-2022-1011: (unk) fuse: fix pipe buffer lifetime for direct_io
CVE-2022-1012: (unk) secure_seq: use the 64 bits of the siphash for port offset calculation
CVE-2022-1015: (unk) netfilter: nf_tables: validate registers coming from userspace.
CVE-2022-1016: (unk) netfilter: nf_tables: initialize registers in nft_do_chain()
CVE-2022-1048: (unk) ALSA: pcm: Fix races among concurrent hw_params and hw_free calls
CVE-2022-1055: (unk) net: sched: fix use-after-free in tc_new_tfilter()
CVE-2022-1116: (unk)
CVE-2022-1158: (unk) KVM: x86/mmu: do compare-and-exchange of gPTE via the user address
CVE-2022-1184: (unk) ext4: verify dir block before splitting it
CVE-2022-1195: (unk) hamradio: improve the incomplete fix to avoid NPD
CVE-2022-1198: (unk) drivers: hamradio: 6pack: fix UAF bug caused by mod_timer()
CVE-2022-1199: (unk) ax25: Fix NULL pointer dereference in ax25_kill_by_device
CVE-2022-1204: (unk) ax25: Fix refcount leaks caused by ax25_cb_del()
CVE-2022-1247: (unk)
CVE-2022-1263: (unk) KVM: avoid NULL pointer dereference in kvm_dirty_ring_push
CVE-2022-1280: (unk) drm: avoid circular locks in drm_mode_getconnector
CVE-2022-1353: (unk) af_key: add __GFP_ZERO flag for compose_sadb_supported in function pfkey_register
CVE-2022-1462: (unk) tty: use new tty_insert_flip_string_and_push_buffer() in pty_write()
CVE-2022-1508: (unk) io_uring: reexpand under-reexpanded iters
CVE-2022-1516: (unk) net/x25: Fix null-ptr-deref caused by x25_disconnect
CVE-2022-1651: (unk) virt: acrn: fix a memory leak in acrn_dev_ioctl()
CVE-2022-1652: (unk) floppy: use a statically allocated error counter
CVE-2022-1671: (unk) rxrpc: fix some null-ptr-deref bugs in server_key.c
CVE-2022-1679: (unk) ath9k: fix use-after-free in ath9k_hif_usb_rx_cb
CVE-2022-1729: (unk) perf: Fix sys_perf_event_open() race against self
CVE-2022-1734: (unk) nfc: nfcmrvl: main: reorder destructive operations in nfcmrvl_nci_unregister_dev to avoid bugs
CVE-2022-1789: (unk) KVM: x86/mmu: fix NULL pointer dereference on guest INVPCID
CVE-2022-1836: (unk) floppy: disable FDRAWCMD by default
CVE-2022-1852: (unk) KVM: x86: avoid calling x86 emulator without a decoded instruction
CVE-2022-1966: (unk) netfilter: nf_tables: disallow non-stateful expression in sets earlier
CVE-2022-1972: (unk) netfilter: nf_tables: sanitize nft_set_desc_concat_parse()
CVE-2022-1974: (unk) nfc: replace improper check device_is_registered() in netlink related functions
CVE-2022-1975: (unk) NFC: netlink: fix sleep in atomic bug when firmware download timeout
CVE-2022-1998: (unk) fanotify: Fix stale file descriptor in copy_event_to_user()
CVE-2022-20008: (unk) mmc: block: fix read single on recovery logic
CVE-2022-20132: (unk) HID: add hid_is_usb() function to make it simpler for USB detection
CVE-2022-20154: (unk) sctp: use call_rcu to free endpoint
CVE-2022-20158: (unk) net/packet: fix slab-out-of-bounds access in packet_recvmsg()
CVE-2022-20368: (unk) net/packet: fix slab-out-of-bounds access in packet_recvmsg()
CVE-2022-20369: (unk) media: v4l2-mem2mem: Apply DST_QUEUE_OFF_BASE on MMAP buffers across ioctls
CVE-2022-2078: (unk) netfilter: nf_tables: sanitize nft_set_desc_concat_parse()
CVE-2022-21123: (unk) x86/speculation/mmio: Add mitigation for Processor MMIO Stale Data
CVE-2022-21125: (unk) x86/speculation/mmio: Reuse SRBDS mitigation for SBDS
CVE-2022-21166: (unk) x86/speculation/mmio: Enable CPU Fill buffer clearing on idle
CVE-2022-21499: (unk) lockdown: also lock down previous kgdb use
CVE-2022-21505: (unk) lockdown: Fix kexec lockdown bypass with ima policy
CVE-2022-2153: (unk) KVM: x86: Avoid theoretical NULL pointer dereference in kvm_irq_delivery_to_apic_fast()
CVE-2022-2209: (unk)
CVE-2022-22942: (unk) drm/vmwgfx: Fix stale file descriptors on failed usercopy
CVE-2022-23036: (unk) xen/grant-table: add gnttab_try_end_foreign_access()
CVE-2022-23037: (unk) xen/netfront: don't use gnttab_query_foreign_access() for mapped status
CVE-2022-23038: (unk) xen/grant-table: add gnttab_try_end_foreign_access()
CVE-2022-23039: (unk) xen/gntalloc: don't use gnttab_query_foreign_access()
CVE-2022-23040: (unk) xen/xenbus: don't let xenbus_grant_ring() remove grants in error case
CVE-2022-23041: (unk) xen/9p: use alloc/free_pages_exact()
CVE-2022-23042: (unk) xen/netfront: react properly to failing gnttab_end_foreign_access_ref()
CVE-2022-2318: (unk) net: rose: fix UAF bugs caused by timer handler
CVE-2022-23222: (unk) bpf: Replace PTR_TO_XXX_OR_NULL with PTR_TO_XXX | PTR_MAYBE_NULL
CVE-2022-2380: (unk) video: fbdev: sm712fb: Fix crash in smtcfb_read()
CVE-2022-23816: (unk) x86/kvm/vmx: Make noinstr clean
CVE-2022-23825: (unk)
CVE-2022-23960: (unk) ARM: report Spectre v2 status through sysfs
CVE-2022-24122: (unk) ucount: Make get_ucount a safe get_user replacement
CVE-2022-24448: (unk) NFSv4: Handle case where the lookup of a directory fails
CVE-2022-24958: (unk) usb: gadget: don't release an existing dev->buf
CVE-2022-24959: (unk) yam: fix a memory leak in yam_siocdevprivate()
CVE-2022-2503: (unk) dm verity: set DM_TARGET_IMMUTABLE feature flag
CVE-2022-25258: (unk) USB: gadget: validate interface OS descriptor requests
CVE-2022-25265: (unk)
CVE-2022-25375: (unk) usb: gadget: rndis: check size of RNDIS_MSG_SET command
CVE-2022-25636: (unk) netfilter: nf_tables_offload: incorrect flow offload action array size
CVE-2022-2585: (unk) posix-cpu-timers: Cleanup CPU timers before freeing them during exec
CVE-2022-2586: (unk) netfilter: nf_tables: do not allow SET_ID to refer to another table
CVE-2022-2588: (unk) net_sched: cls_route: remove from list when handle is 0
CVE-2022-26365: (unk) xen/blkfront: fix leaking data in shared pages
CVE-2022-26373: (unk) x86/speculation: Add RSB VM Exit protections
CVE-2022-2639: (unk) openvswitch: fix OOB access in reserve_sfa_size()
CVE-2022-26490: (unk) nfc: st21nfca: Fix potential buffer overflows in EVT_TRANSACTION
CVE-2022-2663: (unk) netfilter: nf_conntrack_irc: Fix forged IP logic
CVE-2022-26878: (unk)
CVE-2022-26966: (unk) sr9700: sanity check for packet length
CVE-2022-27223: (unk) USB: gadget: validate endpoint index for xilinx udc
CVE-2022-27666: (unk) esp: Fix possible buffer overflow in ESP transformation
CVE-2022-28356: (unk) llc: fix netdevice reference leaks in llc_ui_bind()
CVE-2022-28388: (unk) can: usb_8dev: usb_8dev_start_xmit(): fix double dev_kfree_skb() in error path
CVE-2022-28389: (unk) can: mcba_usb: mcba_usb_start_xmit(): fix double dev_kfree_skb in error path
CVE-2022-28390: (unk) can: ems_usb: ems_usb_start_xmit(): fix double dev_kfree_skb() in error path
CVE-2022-2873: (unk) i2c: ismt: prevent memory corruption in ismt_access()
CVE-2022-28893: (unk) SUNRPC: Ensure we flush any closed sockets before xs_xprt_free()
CVE-2022-2905: (unk) bpf: Don't use tnum_range on array range checking for poke descriptors
CVE-2022-29156: (unk) RDMA/rtrs-clt: Fix possible double free in error case
CVE-2022-2938: (unk) psi: Fix uaf issue when psi trigger is destroyed while being polled
CVE-2022-29581: (unk) net/sched: cls_u32: fix netns refcount changes in u32_change()
CVE-2022-29582: (unk) io_uring: fix race between timeout flush and removal
CVE-2022-2959: (unk) pipe: Fix missing lock in pipe_resize_ring()
CVE-2022-2961: (unk)
CVE-2022-2964: (unk) net: usb: ax88179_178a: Fix out-of-bounds accesses in RX fixup
CVE-2022-2977: (unk) tpm: fix reference counting for struct tpm_chip
CVE-2022-2978: (unk)
CVE-2022-29900: (unk) x86/kvm/vmx: Make noinstr clean
CVE-2022-29901: (unk) x86/kvm/vmx: Make noinstr clean
CVE-2022-2991: (unk) remove the lightnvm subsystem
CVE-2022-3028: (unk) af_key: Do not call xfrm_probe_algs in parallel
CVE-2022-30594: (unk) ptrace: Check PTRACE_O_SUSPEND_SECCOMP permission on PTRACE_SEIZE
CVE-2022-3061: (unk) video: fbdev: i740fb: Error out if 'pixclock' equals zero
CVE-2022-3077: (unk) i2c: ismt: prevent memory corruption in ismt_access()
CVE-2022-3078: (unk) media: vidtv: Check for null return of vzalloc
CVE-2022-3169: (unk)
CVE-2022-3176: (unk)
CVE-2022-3202: (unk) jfs: prevent NULL deref in diFree
CVE-2022-32250: (unk) netfilter: nf_tables: disallow non-stateful expression in sets earlier
CVE-2022-32296: (unk) tcp: increase source port perturb table to 2^16
CVE-2022-3239: (unk) media: em28xx: initialize refcount before kref_get
CVE-2022-32981: (unk) powerpc/32: Fix overread/overwrite of thread_struct via ptrace
CVE-2022-33740: (unk) xen/netfront: fix leaking data in shared pages
CVE-2022-33741: (unk) xen/netfront: force data bouncing when backend is untrusted
CVE-2022-33742: (unk) xen/blkfront: force data bouncing when backend is untrusted
CVE-2022-33743: (unk) xen-netfront: restore __skb_queue_tail() positioning in xennet_get_responses()
CVE-2022-33744: (unk) xen/arm: Fix race in RB-tree based P2M accounting
CVE-2022-33981: (unk) floppy: disable FDRAWCMD by default
CVE-2022-34494: (unk) rpmsg: virtio: Fix possible double free in rpmsg_virtio_add_ctrl_dev()
CVE-2022-34495: (unk) rpmsg: virtio: Fix possible double free in rpmsg_probe()
CVE-2022-34918: (unk) netfilter: nf_tables: stricter validation of element data
CVE-2022-36123: (unk) x86: Clear .brk area at early boot
CVE-2022-36280: (unk)
CVE-2022-36402: (unk)
CVE-2022-36879: (unk) xfrm: xfrm_policy: fix a possible double xfrm_pols_put() in xfrm_bundle_lookup()
CVE-2022-36946: (unk) netfilter: nf_queue: do not allow packet truncation below transport header offset
CVE-2022-38096: (unk)
CVE-2022-38457: (unk)
CVE-2022-39188: (unk) mmu_gather: Force tlb-flush VM_PFNMAP vmas
CVE-2022-39189: (unk) KVM: x86: do not report a vCPU as preempted outside instruction boundaries
CVE-2022-39190: (unk) netfilter: nf_tables: disallow binding to already bound chain
CVE-2022-39842: (unk) video: fbdev: pxa3xx-gcu: Fix integer overflow in pxa3xx_gcu_write
CVE-2022-40133: (unk)
CVE-2022-40307: (unk) efi: capsule-loader: Fix use-after-free in efi_capsule_write
CVE-2022-40768: (unk)
CVE-2022-41218: (unk)