Google Git
Sign in
cos / mirrors / github.com / nluedtke / linux_kernel_cves / 43f326c4fd94811f70b36f829ef4e5bed5381fca / . / data / 4.4 / 4.4_security.txt
blob: 99a7377c5560018f15df5ead243a6ebbbb6e3cdf [file] [log] [blame]
CVEs fixed in 4.4:
CVE-2015-8963: 12ca6ad2e3a896256f086497a7c7406a547ee373 perf: Fix race in swevent hash
CVE-2016-2070: 8b8a321ff72c785ed5e8b4cf6eda20b35d427390 tcp: fix zero cwnd in tcp_cwnd_reduction
CVEs fixed in 4.4.1:
CVE-2013-4312: 5e226f9689d90ad8ab21b4a969ae3058777f0aff unix: properly account for FDs passed over unix sockets
CVE-2016-0728: e4a46f02b1d0eaadea4e6b00e29922cd00d6de53 KEYS: Fix keyring ref leak in join_session_keyring()
CVE-2016-2069: 43a2ba8c1a003c82d9f411af8ebcf0fe1e4cbe3e x86/mm: Add barriers and document switch_mm()-vs-flush synchronization
CVE-2016-2543: 36d3fc15f50c22bbddfceb6c585f851130fb005f ALSA: seq: Fix missing NULL check at remove_events ioctl
CVE-2016-2544: 0058ede73e1f441c003666f61671dfddfcbd5811 ALSA: seq: Fix race at timer setup and close
CVE-2016-2545: 3c0e535fee2e67d06220e676cbf7b69099d741ce ALSA: timer: Fix double unlink of active_list
CVE-2016-2546: d87622a1662af5782c94b88a613c09de0bde5288 ALSA: timer: Fix race among timer ioctls
CVE-2016-2547: 8eff3aa0a9bbb593dce0ec0344ec1961318e44c8 ALSA: timer: Harden slave timer list handling
CVE-2016-2548: 8eff3aa0a9bbb593dce0ec0344ec1961318e44c8 ALSA: timer: Harden slave timer list handling
CVE-2016-2549: dafa57ee81748f6a6950c06f19a160d0a209795e ALSA: hrtimer: Fix stall by hrtimer_cancel()
CVEs fixed in 4.4.2:
CVE-2015-7566: 2dc803d0740f0c493a7db8a1baf6514d5b95b6a3 USB: serial: visor: fix crash on detecting device without write_urbs
CVE-2015-8970: b238717c0bb4606e2e36fc0de745306b0c900d83 crypto: algif_skcipher - Require setkey before accept(2)
CVE-2016-0723: d343601a19410f71bf1765df5e2edda66fe5de5f tty: Fix unsafe ldisc reference via ioctl(TIOCGETD)
CVE-2016-2085: 8592536bcfcbc717a3bf7cec57d7c1b38f4eec1d EVM: Use crypto_memneq() for digest comparisons
CVE-2016-2384: fbb430c51d7ac989b79bf1adb40cce7af581682a ALSA: usb-audio: avoid freeing umidi object twice
CVE-2016-2782: ee4207bda5e15d0eecb834c4fc39c6069487279d USB: visor: fix null-deref at probe
CVE-2017-13167: 925249d5172a31d7d430fdf364fc9229223c7942 ALSA: timer: Fix race at concurrent reads
CVE-2017-13215: fec8beab63283003b546f83eebbbe32efb9acc53 crypto: algif_skcipher - Load TX SG list after waiting
CVEs fixed in 4.4.3:
CVE-2016-0617: db33368ca32dd307cdcc191361de34f3937f513a fs/hugetlbfs/inode.c: fix bugs in hugetlb_vmtruncate_list()
CVE-2016-1575: 8373f6590f6b371bff2c5f2c0581548eb0192014 ovl: setattr: check permissions before copy-up
CVE-2016-1576: 8373f6590f6b371bff2c5f2c0581548eb0192014 ovl: setattr: check permissions before copy-up
CVEs fixed in 4.4.4:
CVE-2015-8812: 64fb3e29bf47e5db029b81fc99ac40f6cd2620ac iw_cxgb3: Fix incorrectly returning error on success
CVE-2016-2383: a34f2f9f2034f7984f9529002c6fffe9cb63189d bpf: fix branch offset adjustment on backjumps after patching ctx expansion
CVE-2021-20265: 39770be4d6ad29c5ab1f21edbbf01db067f13b52 af_unix: fix struct pid memory leak
CVEs fixed in 4.4.6:
CVE-2016-2143: 5833fac3b88d39b39402309399e8b0aaa54e5f75 s390/mm: four page table levels vs. fork
CVE-2016-3044: 1c463a390a89beb929ed2750c79d6eb6d06c7cdd KVM: PPC: Book3S HV: Sanitize special-purpose register values on guest exit
CVEs fixed in 4.4.7:
CVE-2016-2184: 57f6ad5f1580a5a06c573fb15ed6dcf701e037f6 ALSA: usb-audio: Fix NULL dereference in create_fixed_stream_quirk()
CVE-2016-2185: a1d0a23831ccde9dbd5279a5d45790a96f18ad32 Input: ati_remote2 - fix crashes on detecting device with invalid descriptor
CVE-2016-2186: fbd40d7beef0b17624bc1f838f4d44dfa4b0326b Input: powermate - fix oops with malicious USB descriptors
CVE-2016-3136: 9deac9454b7a5643a09829f4731276cea6697b72 USB: mct_u232: add sanity checking in probe
CVE-2016-3137: ca76906a7753052b00e491ba017393f9071b0406 USB: cypress_m8: add endpoint sanity check
CVE-2016-3138: 1ea680abf7640c777396909102bc22915107cb5b USB: cdc-acm: more sanity checking
CVE-2016-3140: 4f6ad5b0d28c84030693fe21b308c0b711fa66f6 USB: digi_acceleport: do sanity checking for the number of ports
CVE-2016-3157: 0f63ab5873ed78838afa4b2f8bfd9d18f806cf40 x86/iopl/64: Properly context-switch IOPL on Xen PV
CVE-2016-3689: af18c4ca4b1728e2149844656bbf1aa8d7382682 Input: ims-pcu - sanity check against missing interfaces
CVE-2016-6327: 84512e476ce92fbdb60d4687e3ea230dbf0655c8 IB/srpt: Simplify srpt_handle_tsk_mgmt()
CVE-2016-9685: b34291f71d0fb3d09728fd43d6da350ff6a179d6 xfs: fix two memory leaks in xfs_attr_list.c error paths
CVEs fixed in 4.4.8:
CVE-2016-3156: 54789759917f127cfadcca730f44ea67d557a9b0 ipv4: Don't do expensive useless work during inetdev destroy.
CVE-2016-4805: 046ea8180ecaf5d8b5823e17714a09526ad7d321 ppp: take reference on channels netns
CVE-2016-7117: 405f10a39443ae9ccacf51f18511dfc827e09108 net: Fix use after free in the recvmmsg exit path
CVEs fixed in 4.4.9:
CVE-2015-8839: 0b680de452570274716c2c9990903acea525f0d0 ext4: fix races between page faults and hole punching
CVE-2016-2187: 197b6c5f0d976420c3eeacc7589ebc5869d2d70f Input: gtco - fix crash on detecting device without endpoints
CVE-2016-3955: 4a1bb501e4b65908b102f0b371b0621ff18ad5c3 USB: usbip: fix potential out-of-bounds write
CVE-2016-3961: 27b3cc048a5275c53e26c15ffcab3fcf9a03cda0 x86/mm/xen: Suppress hugetlbfs in PV guests
CVE-2016-4565: c92003c18feb8159cbf64bc0afa7b048869fe3c6 IB/security: Restrict use of the write() interface
CVE-2016-4568: 19a4e46b4513bab7d6b368175be2e24ad4665e5a videobuf2-v4l2: Verify planes array in buffer dequeueing
CVE-2016-7912: e4c7ab76586146820b394e0176f286f5a2e70cb3 usb: gadget: f_fs: Fix use-after-free
CVE-2016-7914: 6905c7a4aa1ef675825bc2ab56fd965a573ffb74 assoc_array: don't call compare_object() on a node
CVEs fixed in 4.4.10:
CVE-2016-4581: b17580a3cb901c56e9b9a3dea4d12153f5fc879e propogate_mnt: Handle the first propogated copy being a slave
CVE-2016-7916: 898149d10b855a0d0a5a9f8f05e4359970919eb9 proc: prevent accessing /proc/<PID>/environ until it's ready
CVEs fixed in 4.4.11:
CVE-2016-2117: b5c9a73c501e8aed86dd578309813c7818ca248c atl2: Disable unimplemented scatter/gather feature
CVE-2016-4485: 52f307b18b1f070f0442fc98515575616b21fa20 net: fix infoleak in llc
CVE-2016-4486: e0c0313681aaa0c4514c6794635aba82691d2154 net: fix infoleak in rtnetlink
CVE-2016-4557: 608d2c3c7a046c222cae2e857cf648a9f89e772b bpf: fix double-fdput in replace_map_fd_with_map_ptr()
CVE-2016-4558: 3899251bdb9c2b31fc73d4cc132f52d3710101de bpf: fix refcnt overflow
CVE-2016-4580: 83857201758ead21e19e36d9ab5b2f87be03dfe2 net: fix a kernel infoleak in x25 module
CVE-2016-4913: 007796c01f0b293c68585397211af2b390bf126d get_rock_ridge_filename(): handle malformed NM entries
CVE-2016-6198: b0dac61d2454b392dbdb4ad565f9dc3dc76fce96 vfs: add vfs_select_inode() helper
CVEs fixed in 4.4.12:
CVE-2016-3713: 1716643bc4725bb92a1f527f759a93e37a2bc1f0 KVM: MTRR: remove MSR 0x2f8
CVE-2016-9754: f199023137853eb1d46e8b7ebc274b29ba99028c ring-buffer: Prevent overflow of size in ring_buffer_resize()
CVE-2019-3901: c5174678e2e5bd691da58a116fbc123c6fbc7b2c perf/core: Fix perf_event_open() vs. execve() race
CVEs fixed in 4.4.13:
CVE-2016-2847: fa6d0ba12a8eb6a2e9a1646c5816da307c1f93a7 pipe: limit the per-user amount of pages allocated in pipes
CVEs fixed in 4.4.14:
CVE-2016-1583: 9beb96b344c846779f67d1be1cdafc66562b94ec proc: prevent stacking filesystems on top
CVE-2016-3134: 5ebdccd7685f1c0b451c516f99082642d8d49003 netfilter: x_tables: fix unconditional helper
CVE-2016-4951: 23cdd8c3cbe9d790f23d7f9ae14e9b828f56f69c tipc: check nl sock before parsing nested attributes
CVE-2016-4997: 8a865621540c7bc7f03665a2b7029cb444a9593a netfilter: x_tables: check for bogus target offset
CVE-2016-4998: 8a865621540c7bc7f03665a2b7029cb444a9593a netfilter: x_tables: check for bogus target offset
CVE-2016-9806: 49543942beb1b9ca95709d6cfa67708932aa4d11 netlink: Fix dump skb leak/double free
CVEs fixed in 4.4.16:
CVE-2016-1237: c3fa141c1f288ac785c82ead9d06d1b5acd76d60 posix_acl: Add set_posix_acl
CVE-2016-4470: 398051f2f66ef4658c89388441d0c697d50c325c KEYS: potential uninitialized variable
CVE-2016-4794: c26ae537f16f653c2541df9e338013653fc3fcc7 percpu: fix synchronization between chunk->map_extend_work and chunk destruction
CVE-2016-5828: 5a35d2f92f1011145315f86a481f4f3e3f853095 powerpc/tm: Always reclaim in start_thread() for exec() class syscalls
CVE-2016-5829: 300851ff55f7777be2780207f1b60ad5e1fd1303 HID: hiddev: validate num_values for HIDIOCGUSAGES, HIDIOCSUSAGES commands
CVE-2016-6197: dbf72a4d4531e7e5fb28e76d902d66f05c1bfe12 ovl: verify upper dentry before unlink and rename
CVEs fixed in 4.4.17:
CVE-2016-4569: 90bed827ea910f82ab17ee154f501b5ae71617e6 ALSA: timer: Fix leak in SNDRV_TIMER_IOCTL_PARAMS
CVE-2016-4578: 3e6af33c73fb7ec7be8dedd01047162ef64a26a5 ALSA: timer: Fix leak in events via snd_timer_user_ccallback
CVE-2016-5400: d863bec646a590584eabcb40550bff0708c26b0d media: fix airspy usb probe error path
CVE-2016-6156: 69ca969a2626dc4b3bb83b953c053a01e3b9f7e6 platform/chrome: cros_ec_dev - double fetch bug in ioctl
CVE-2016-7911: 5161144c3a9d6ea775b293edbb8523deaeff4442 block: fix use-after-free in sys_ioprio_get()
CVEs fixed in 4.4.18:
CVE-2016-3672: 979a61a02992e2029fcedcdf32c05050aa652c9c x86/mm/32: Enable full randomization on i386 and X86_32
CVE-2016-3857: 0107ea0e0928c8a077f0f912c809f2b86fa7496c arm: oabi compat: add missing access checks
CVE-2016-3951: 66e5d7b47c864f1821041f77752930ec3b8dfc22 cdc_ncm: do not call usbnet_link_change from cdc_ncm_bind
CVE-2016-5696: 72c2d3bccaba4a0a4de354f9d2d24eccd05bfccf tcp: make challenge acks less predictable
CVE-2016-7910: 9a95c0cfc6f21b9ac66269d4782ea5a0f58cdf91 block: fix use-after-free in seq file
CVE-2017-7495: 5a7f477c725e866729307ff87011f8dd812a3cdf ext4: fix data exposure after a crash
CVEs fixed in 4.4.19:
CVE-2016-4482: 4077ef4797a8ff007a2de091c9befee4882c4790 USB: usbfs: fix potential infoleak in devio
CVE-2016-5412: e1a90eb8afa42b02f46897b881b9e19d3594159c KVM: PPC: Book3S HV: Pull out TM state save/restore into separate procedures
CVE-2016-6136: 53eaa3910ae67e497fb33188d515c14ed17a7a0e audit: fix a double fetch in audit_log_single_execve_arg()
CVEs fixed in 4.4.20:
CVE-2016-6480: e4878ef66e5b8d01d6734b1952f9abb3eeea454c aacraid: Check size values after double-fetch from user
CVEs fixed in 4.4.21:
CVE-2016-0758: 5afbd223e60a130f66bddf7598165ebe2b51f8db KEYS: Fix ASN.1 indefinite length object parsing
CVE-2016-10229: dfe2042d96065f044a794f684e9f7976a4ca6e24 udp: properly support MSG_PEEK with truncated buffers
CVE-2016-3135: cfd6e7fe434a378127e4964fc0b7ccf32ae2baed netfilter: x_tables: check for size overflow
CVE-2016-5243: 5fb71611925f734f7fe03a45527e14b296fd5167 tipc: fix an infoleak in tipc_nl_compat_link_dump
CVE-2016-5244: ffd5ce2ad5fd140ddd492ab2064e29e86aaa64ea rds: fix an infoleak in rds_inc_info_copy
CVE-2016-6130: 2d29d6cec3bc5473efdad3b143404d9e32817c86 s390/sclp_ctl: fix potential information leak with /dev/sclp
CVE-2016-7915: 5349cdd3b49cea2d57dc05bbf3f313979751fed3 HID: core: prevent out-of-bound readings
CVEs fixed in 4.4.22:
CVE-2016-10318: 8d693a2e67b5793ee58d106fded28902b7fd0f72 fscrypto: add authorization check for setting encryption policy
CVE-2016-9178: 9d25c78ec01c402dc56272693c44ef9d72ecdd2e fix minor infoleak in get_user_ex()
CVEs fixed in 4.4.23:
CVE-2016-6828: 0f55fa7541d7ff34a6690438bb00b78521b98b54 tcp: fix use after free in tcp_xmit_retransmit_queue()
CVEs fixed in 4.4.24:
CVE-2016-10044: 0d9529e1b881ae80b40270b55dcbf7468be0099c aio: mark AIO pseudo-fs noexec
CVE-2017-15102: 62dd9cf78b280c8cd08162f8c4a490fb76deeb23 usb: misc: legousbtower: Fix NULL pointer deference
CVEs fixed in 4.4.26:
CVE-2016-5195: 1294d355881cc5c3421d24fee512f16974addb6c mm: remove gup_flags FOLL_WRITE games from __get_user_pages()
CVEs fixed in 4.4.27:
CVE-2016-7425: 24040922827859d1d69597c3bc0c31fad523fd21 scsi: arcmsr: Buffer overflow in arcmsr_iop_message_xfer()
CVEs fixed in 4.4.29:
CVE-2016-7097: 57c9cfdb61ea270936fab76da99a742c6ef0b86f posix_acl: Clear SGID bit when setting file permissions
CVE-2016-8658: b82a7f93b4e60d8689d8f4e687ef58ed2098739f brcmfmac: avoid potential stack overflow in brcmf_cfg80211_start_ap()
CVE-2016-8666: 5699b3431e0b14736867484b8669ead2d40f575e tunnels: Don't apply GRO to multiple layers of encapsulation.
CVE-2016-9644: fcf5e5198b447969ed2a56ec335dae3c695a6b46 x86/mm: Expand the exception table logic to allow new handling options
CVEs fixed in 4.4.31:
CVE-2016-7042: 940d7ecbc57c94d6cd174d9d3247e07fd1b1467d KEYS: Fix short sprintf buffer in /proc/keys show function
CVE-2016-8630: 91e1f7b0eb252ce8f88d69227ef5f52f9efb2aae kvm: x86: Check memopp before dereference (CVE-2016-8630)
CVE-2016-8633: 46e14262a063714610b916404a20880fbd4cd0ce firewire: net: guard against rx buffer overflows
CVEs fixed in 4.4.32:
CVE-2016-7039: 3cb00b90e8b1bd59382f5e1304dd751f9674f027 net: add recursion limit to GRO
CVE-2016-9555: bd891f40f04f8b96d9148ff8a5d538b60171409c sctp: validate chunk len before actually using it
CVEs fixed in 4.4.34:
CVE-2015-8964: 4e772c53ab9836b083c21acf9d2d76805e1d133e tty: Prevent ldisc drivers from re-using stale tty fields
CVE-2016-8645: 225a24ae97331f3b9d97c1bb97b1e30b3633bcf4 tcp: take care of truncations done by sk_filter()
CVEs fixed in 4.4.36:
CVE-2016-8650: 249090830942565fb0ce7c1e018d927a14282ead mpi: Fix NULL ptr dereference in mpi_powm()
CVE-2016-9756: b7f9404d1b488b6773c7a2e6da92aa6cb5bd125e KVM: x86: drop error recovery in em_jmp_far and em_ret_far
CVEs fixed in 4.4.37:
CVE-2016-9794: 58cebd1a08ed114e05cc9d16dee9e5423f564c82 ALSA: pcm : Call kill_fasync() in stream lock
CVEs fixed in 4.4.38:
CVE-2016-10200: 56366fa0ad46a59abe2460b8acb775f7f84fbf16 l2tp: fix racy SOCK_ZAPPED flag check in l2tp_ip{,6}_bind()
CVE-2016-8399: 06cdad2b6d921dee33c8efc84922533dfb1458c6 net: ping: check minimum size on ICMP header length
CVE-2016-8655: 5a01eaf19858278cc22525be118fe9c6a3c86e83 packet: fix race condition in packet_set_ring
CVE-2016-9793: 77125815f058d587cac9217ac2c468038a7285c4 net: avoid signed overflows for SO_{SND|RCV}BUFFORCE
CVEs fixed in 4.4.39:
CVE-2016-10147: 9a3baed9103bc413a5e98e13e31cd8ae7c0b5563 crypto: mcryptd - Check mcryptd algorithm compatibility
CVEs fixed in 4.4.40:
CVE-2015-8709: 03eed7afbc09e061f66b448daf7863174c3dc3f3 mm: Add a user_ns owner to mm_struct and fix ptrace permission checks
CVEs fixed in 4.4.41:
CVE-2016-10088: d85727365859108cbcf832c2b3c38358ddc7638b sg_write()/bsg_write() is not fit to be called under KERNEL_DS
CVE-2016-9588: 19aa9c14989e7a3fe04b444f146a05ff857b058e kvm: nVMX: Allow L1 to intercept software exceptions (#BP and #OF)
CVEs fixed in 4.4.43:
CVE-2017-7273: a2f727149ee4e746da55d209a0179b68d31d3915 HID: hid-cypress: validate length of report
CVEs fixed in 4.4.44:
CVE-2016-9191: b9d6631395a1e25b210ce112b1bc10f3c665ea20 sysctl: Drop reference added by grab_header in proc_sys_readdir
CVE-2017-2583: 816307c80d4ddad5414a05ff5861f063d29cda6f KVM: x86: fix emulation of "MOV SS, null selector"
CVE-2017-2584: 9d3875c0c462808f4d59dfa18a79d4b5b235acbd KVM: x86: Introduce segmented_write_std
CVE-2017-5549: 3ef5bc0b385f81e88574c29a13edf80f092d515f USB: serial: kl5kusb105: fix line-state error handling
CVEs fixed in 4.4.45:
CVE-2017-5547: 0f37d20fdc70ee54f002bd77ce54a2a303ad0437 HID: corsair: fix DMA buffers on stack
CVE-2017-5551: 36672b8b99e2cf2ab0587f08a19f394f8f65a861 tmpfs: clear S_ISGID when setting posix ACLs
CVEs fixed in 4.4.46:
CVE-2016-8405: 63db7c91a3c0ebe0e291feea53e4c63391db9465 fbdev: color map copying bounds checking
CVEs fixed in 4.4.48:
CVE-2016-10208: e21a3cad35bc2f4c7fff317e2c7d38eed363a430 ext4: validate s_first_meta_bg at mount time
CVEs fixed in 4.4.49:
CVE-2017-2618: e72c13d93e9ed2b131ceb9a290ab056ce0dd41ab selinux: fix off-by-one in setprocattr
CVEs fixed in 4.4.50:
CVE-2017-5897: eaa3a58f450383aaa8632eea23f2a70d85c55d9d ip6_gre: fix ip6gre_err() invalid reads
CVE-2017-5970: 2d9c2e011fd3f1be4e5643d6ad186faa5e50d4d1 ipv4: keep skb->dst around in presence of IP options
CVE-2017-5986: a4226c7ebfb5748447f1640c97f0306ed69e44f8 sctp: avoid BUG_ON on sctp_wait_for_sndbuf
CVE-2017-6214: 82e9f6b90a0e7fbc017bdce23845c7580db6f657 tcp: avoid infinite loop in tcp_splice_read()
CVEs fixed in 4.4.52:
CVE-2017-6074: a95df078e86624ee330e82aad34cfd3b5fcf21ce dccp: fix freeing skb too early for IPV6_RECVPKTINFO
CVE-2017-6345: 2b3eb43342a00d03e953208f45866925ca255e15 net/llc: avoid BUG_ON() in skb_orphan()
CVE-2017-6346: abd672deb170c4443e41173160de0ba2ae1abc08 packet: fix races in fanout_add()
CVE-2017-6347: ce9ecb8d7f3c698c48b0885936d0b7275dacde9c ip: fix IP_CHECKSUM handling
CVE-2017-6348: 353dd7290025bc33555282848ab015c1bbf21186 irda: Fix lockdep annotations in hashbin_delete().
CVEs fixed in 4.4.53:
CVE-2017-5669: f0ae01568e0cf4b00071d1dfd27c90022c2b6d7e ipc/shm: Fix shmat mmap nil-page protection
CVEs fixed in 4.4.54:
CVE-2017-2636: 999853d941b99ca2ac4a331552c388e2603a9b1d tty: n_hdlc: get rid of racy n_hdlc.tbuf
CVEs fixed in 4.4.55:
CVE-2016-2188: 179295c38d23874357ca75af104fd6f1fe769cfd USB: iowarrior: fix NULL-deref at probe
CVE-2017-8924: 72bb2b96b8568a74f28e2a2c39e005583595b2c2 USB: serial: io_ti: fix information leak in completion handler
CVE-2017-8925: 54f11a9662b632defe4d75c7574fddbc5c503c9c USB: serial: omninet: fix reference leaks at open
CVEs fixed in 4.4.59:
CVE-2017-7184: cce7e56dd73f75fef0a7f594fb129285a660fec0 xfrm_user: validate XFRM_MSG_NEWAE XFRMA_REPLAY_ESN_VAL replay_window
CVE-2017-7374: 7a5202190810dde1467718235c1f650fcf57592a fscrypt: remove broken support for detecting keyring key revocation
CVEs fixed in 4.4.60:
CVE-2017-7187: a92f411914cad6532e82e4607bc4075a5ffaa366 scsi: sg: check length passed to SG_NEXT_CMD_LEN
CVEs fixed in 4.4.61:
CVE-2017-7261: b26629453c7b2a6c82000b36fbd1cfc4d9101808 drm/vmwgfx: NULL pointer dereference in vmw_surface_define_ioctl()
CVE-2017-7294: c21636bd64c511160846bdf87ef4c7ff48680c99 drm/vmwgfx: fix integer overflow in vmw_surface_define_ioctl()
CVE-2017-7616: b73d08ce20c5cb2e0cec8c019a27b9574e2c4ec2 mm/mempolicy.c: fix error handling in set_mempolicy and mbind.
CVEs fixed in 4.4.62:
CVE-2017-7308: d35f8fa0b93e61dd95b8f86928a783c4d8a32d3e net/packet: fix overflow in check for priv area size
CVEs fixed in 4.4.63:
CVE-2017-2596: c1fc1d2f214e33f91565a65ad1b4c09dae618d84 kvm: fix page struct leak in handle_vmon
CVE-2017-6353: e2f5fb9207a6bd7101ad94e73264ac8bb9e3b87a sctp: deny peeloff operation on asocs with threads sleeping on it
CVE-2017-7618: 2673d1c5122ee2492e24d9a135e230b2d0b2e630 crypto: ahash - Fix EINPROGRESS notification callback
CVE-2017-7889: 6739cc12f3dbd7e4b3795f6e809d44ea6b490bb6 mm: Tighten x86 /dev/mem with zeroing reads
CVE-2017-8064: 0cb03b6e7086e59647cf6eb79fec646cdec69691 dvb-usb-v2: avoid use-after-free
CVEs fixed in 4.4.64:
CVE-2016-9604: b5737b92560efcb956d2def4dcd3f4b6d4118e58 KEYS: Disallow keyrings beginning with '.' to be joined as session keyrings
CVE-2017-7472: c9460fbceb2f3efa1d20050cdbffa51ec025745a KEYS: fix keyctl_set_reqkey_keyring() to not leak thread keyrings
CVEs fixed in 4.4.65:
CVE-2016-6213: c50fd34e10897114a7be2120133bd7e0b4184024 mnt: Add a per mount namespace limit on the number of mounts
CVE-2016-7913: 0d9dac5d7cc31df50757f26bcbdfbcf47277a1b2 xc2028: avoid use after free
CVE-2016-7917: 9540baadb61ba5ed08832bb2a4cbfd876db37ff4 netfilter: nfnetlink: correctly validate length of batch messages
CVE-2016-8632: 65d30f7545ffdddcf10a59f3e54b032c5ade2e9d tipc: check minimum bearer MTU
CVE-2016-9083: d23ef85b123d3dbd3ba8a3c5f0ef5e556feb635e vfio/pci: Fix integer overflows, bitmask check
CVE-2016-9084: d23ef85b123d3dbd3ba8a3c5f0ef5e556feb635e vfio/pci: Fix integer overflows, bitmask check
CVE-2016-9120: a7544fdd1626b65db635022c9d36007bb32dd6d8 staging/android/ion : fix a race condition in the ion driver
CVE-2017-2671: b7f47c794bc45eae975bf2a52a4463333111bb2a ping: implement proper locking
CVE-2017-6001: 416bd4a366f3b4cd3f6a3246f91bd9f425891547 perf/core: Fix concurrent sys_perf_event_open() vs. 'move_group' race
CVEs fixed in 4.4.66:
CVE-2017-0750: 716bcfeb12b8d55d278af47b927839b382d2837a f2fs: do more integrity verification for superblock
CVE-2017-7645: 82a0d8aabe043ac94efa255502754c70363dab0e nfsd: check for oversized NFSv2/v3 arguments
CVEs fixed in 4.4.67:
CVE-2017-10661: 911bd54922cdcc259daf73cb1a3a9d0305b9061d timerfd: Protect the might cancel mechanism proper
CVE-2017-7895: da1ce38aaac7f08d319b4b76130aa4fd27c4489f nfsd: stricter decoding of write-like NFSv2/v3 ops
CVEs fixed in 4.4.68:
CVE-2017-10662: 4edbdf57bc26a126aa3cbafd63fae4b00e002e2d f2fs: sanity check segment count
CVEs fixed in 4.4.70:
CVE-2017-1000363: cda5c7e625cefed46311cb0b37816fb2ff42a8ee char: lp: fix possible integer overflow in lp_setup()
CVE-2017-18360: 1e6e9c4c36f9626d5ad2b63aa7ad5686dde737e7 USB: serial: io_ti: fix div-by-zero in set_termios
CVE-2017-7487: 8a5b15e198f1701da75a8223cfe72c04bcb15160 ipx: call ipxitf_put() in ioctl error path
CVEs fixed in 4.4.71:
CVE-2017-18221: 03489bfc78304a0be057ec827a67c0d87dd97b2e mlock: fix mlock count can not decrease in race condition
CVE-2017-8890: 5f67a1663c03a73962fb240cf821338f78981a23 dccp/tcp: do not inherit mc_list from parent
CVE-2017-9074: 017fabead5c2aacb36df910bbfbfb1e813517ae3 ipv6: Prevent overrun when parsing v6 header options
CVE-2017-9075: ffa551def59c9b0e1747955af6a742443ae152fc sctp: do not inherit ipv6_{mc|ac|fl}_list from parent
CVE-2017-9076: d1428ee5407396185aab56ca62d49e89726455e0 ipv6/dccp: do not inherit ipv6_mc_list from parent
CVE-2017-9077: d1428ee5407396185aab56ca62d49e89726455e0 ipv6/dccp: do not inherit ipv6_mc_list from parent
CVE-2017-9242: 38f02f2ce0ca58c45d95567a5d64f7dc90aa9c95 ipv6: fix out of bound writes in __ip6_append_data()
CVEs fixed in 4.4.72:
CVE-2017-1000380: f5bc918760c8100410847a6a6e4c25f24e358e0c ALSA: timer: Fix race between read and ioctl
CVE-2017-15274: bc6be3433e694d1ab1d0012b6053ae4e9a3b189e KEYS: fix dereferencing NULL payload with nonzero length
CVE-2017-7346: 619cc02fd85d69270c95e7db320b305e975aae00 drm/vmwgfx: limit the number of mip levels in vmw_gb_surface_define_ioctl()
CVE-2017-9605: 74276868b45585f77eae2372c95e016aacfd0d3c drm/vmwgfx: Make sure backup_handle is always valid
CVEs fixed in 4.4.74:
CVE-2017-1000364: 4b359430674caa2c98d0049a6941f157d2a33741 mm: larger stack guard gap, between vmas
CVE-2017-1000379: 4b359430674caa2c98d0049a6941f157d2a33741 mm: larger stack guard gap, between vmas
CVEs fixed in 4.4.75:
CVE-2017-1000365: 1d3d0f8b7cf758136ed36b30620442d989601737 fs/exec.c: account for argv/envp pointers
CVE-2017-7482: eab38dfd66d7f13b9eecfae7728ff0d2e49ff16f rxrpc: Fix several cases where a padded len isn't checked in ticket decode
CVEs fixed in 4.4.76:
CVE-2017-18017: 234e649840d191379cd132d89f4b01a2495cfcc3 netfilter: xt_TCPMSS: add more sanity tests on tcph->doff
CVEs fixed in 4.4.77:
CVE-2017-10810: a080ec466c3412dcf58cff69d6c05d1e670adc0c drm/virtio: don't leak bo on drm_gem_object_init failure
CVE-2017-11176: 034e10b4f8348c2c267e491d1e2872023c35f310 mqueue: fix a use-after-free in sys_mq_notify()
CVE-2017-12146: c01ace719ebe6353f0c96e56f6c75c22ad3f67b0 driver core: platform: fix race condition with driver_override
CVEs fixed in 4.4.78:
CVE-2017-1000370: 7eb968cd04d404e6c73cd82c1122f6e06ad2d1e8 binfmt_elf: use ELF_ET_DYN_BASE only for PIE
CVE-2017-1000371: 7eb968cd04d404e6c73cd82c1122f6e06ad2d1e8 binfmt_elf: use ELF_ET_DYN_BASE only for PIE
CVE-2017-11089: 05bf0b6ef9ce7e8967c96fd419ad0ee5d7fe5418 cfg80211: Define nla_policy for NL80211_ATTR_LOCAL_MESH_POWER_MODE
CVE-2017-7541: 4c7021c2fb74047649c03845ce6fd13626a5a418 brcmfmac: fix possible buffer overflow in brcmf_cfg80211_mgmt_tx()
CVE-2018-14634: 86949eb96466ec182303afc3c386bd70cc67b991 exec: Limit arg stack to at most 75% of _STK_LIM
CVE-2019-9457: 86949eb96466ec182303afc3c386bd70cc67b991 exec: Limit arg stack to at most 75% of _STK_LIM
CVEs fixed in 4.4.79:
CVE-2017-11473: fa7ddee3485f17c28fe4079954c5716036de6152 x86/acpi: Prevent out of bound access caused by broken ACPI tables
CVE-2017-18079: bba6b69e11777695256619a77f90081ac7f99de7 Input: i8042 - fix crash at boot time
CVEs fixed in 4.4.80:
CVE-2016-10741: 56548b6f505a6df1c43dcb151a18d6190c250ed6 xfs: don't BUG() on mixed direct and mapped I/O
CVE-2017-12762: d4b159f14d612132fdb1ade6d5015ee03a263e62 isdn/i4l: fix buffer overflow
CVE-2017-7533: 407669f2c9fe9f32aeb39f715d748fe456718aac dentry name snapshots
CVEs fixed in 4.4.81:
CVE-2017-10663: 76517ed2a7fe059840c1984165984e69cb488568 f2fs: sanity check checkpoint segno and blkoff
CVE-2017-7542: f09db7559c1faf6f7c2128a92050b978a480681c ipv6: avoid overflow of offset in ip6_find_1stfragopt
CVE-2017-8831: deae9956cfb42f3d480c71f416f934d3ce84c033 saa7164: fix double fetch PCIe access condition
CVEs fixed in 4.4.82:
CVE-2017-1000: 938990d2433cdecd225e1ab54a442b3ffdce1f87 udp: consistently apply ufo or fragmentation
CVE-2017-1000111: 63364a508d24944abb0975bd823cb11367c56283 packet: fix tp_reserve race in packet_set_ring
CVE-2017-1000112: 938990d2433cdecd225e1ab54a442b3ffdce1f87 udp: consistently apply ufo or fragmentation
CVEs fixed in 4.4.84:
CVE-2017-12134: c0b397fd6b2b8ed7b39a717340b85b4b1add5332 xen: fix bio vec merging
CVE-2017-14140: 46d51a26efbc7cbaa2bc1f01628a00a604193856 Sanitize 'move_pages()' permission checks
CVE-2018-10675: cc971fa12bd2dff6c0432c860d784c6cdaf5a04b mm/mempolicy: fix use after free when calling get_mempolicy
CVEs fixed in 4.4.87:
CVE-2017-11600: 9b3dcc98d8df16913d260c8dae64ad6e5bfcb953 xfrm: policy: check policy direction value
CVEs fixed in 4.4.88:
CVE-2017-1000251: f7ec367c8ea7021517c9c04b0022c225d2d0785a Bluetooth: Properly check L2CAP config option output buffer length
CVE-2017-14340: ad3903434142953a03b84ec8719ce80373a62266 xfs: XFS_IS_REALTIME_INODE() should be false if no rt device present
CVE-2017-9984: 55681470154567b4a8a30ec8b35a8ebd5a4f3608 ALSA: msnd: Optimize / harden DSP and MIDI loops
CVE-2017-9985: 55681470154567b4a8a30ec8b35a8ebd5a4f3608 ALSA: msnd: Optimize / harden DSP and MIDI loops
CVEs fixed in 4.4.89:
CVE-2017-0627: 4931578fbeb525e717a7aa96f83f4d85cf48d0b2 media: uvcvideo: Prevent heap overflow when accessing mapped controls
CVE-2017-14051: d8663aa2778965c75b5e75c7948b44f5de601a88 scsi: qla2xxx: Fix an integer overflow in sysfs code
CVE-2017-14106: 611a98c8eca3098173309642df187056c17e0f65 tcp: initialize rcv_mss to TCP_MIN_MSS instead of 0
CVE-2017-14991: 72896ca30a7f6ceb5238714d5761e4ad4521ccc5 scsi: sg: fixup infoleak when using SG_GET_REQUEST_TABLE
CVEs fixed in 4.4.90:
CVE-2017-1000252: 7520be6a454c28955e711fdb49c81519bc537b39 KVM: VMX: Do not BUG() on out-of-bounds guest IRQ
CVE-2017-12153: 9d74367d1a35e87f46e5e0c2e8dd9f5d21f701b0 nl80211: check for the required netlink attributes presence
CVE-2017-12154: 21a638c5efd6ec7a10441bfb94e15e5288920f07 kvm: nVMX: Don't allow L2 to access the hardware CR8
CVE-2017-12192: 638b38505045e1090313ff7ed284911870cd29f8 KEYS: prevent KEYCTL_READ on negative key
CVE-2017-14156: 27323cb81eae618e68e4dea1345090c37dee5485 video: fbdev: aty: do not leak uninitialized padding in clk to userspace
CVE-2017-14489: 9d2534917c25a58b67864ea1db930670d48dee75 scsi: scsi_transport_iscsi: fix the issue that iscsi_if_rx doesn't parse nlmsg properly
CVE-2017-15537: d25fea066a8ed4457a9f8b23eb78204b9b6896cf x86/fpu: Don't let userspace set bogus xcomp_bv
CVE-2017-18270: 539255aea88e47932a98ba7656775cbca4f3d27c KEYS: prevent creating a different user's keyrings
CVE-2020-14353: 539255aea88e47932a98ba7656775cbca4f3d27c KEYS: prevent creating a different user's keyrings
CVEs fixed in 4.4.92:
CVE-2017-16526: 5a21af11c6810b936b17a2c5c69518be0da8f4c3 uwb: properly check kthread_run return value
CVE-2017-16529: 46c7b1fa4911a859a82575e3ffb55b34a89a222d ALSA: usb-audio: Check out-of-bounds access by corrupted buffer descriptor
CVE-2017-16530: 5d9a9c3dcc1f63215b5a5b877be589974ec4f31d USB: uas: fix bug in handling of alternate settings
CVE-2017-16531: 13713e63bdb306f9a58d359b15edd60f34eac5ee USB: fix out-of-bounds in usb_set_configuration
CVE-2017-16534: feab51a916ed07219dee38b898fe22bd2a98193a USB: core: harden cdc_parse_cdc_header
CVEs fixed in 4.4.93:
CVE-2017-0786: 6721969c7b8a35f85a41acaabdad190ed32cf704 brcmfmac: add length check in brcmf_cfg80211_escan_handler()
CVE-2017-12190: 399c46095eb5d41934c8a99732028a9f1cf0ac50 fix unbalanced page refcounting in bio_map_user_iov
CVE-2017-15265: 23709ae9b61429502fcd4686e7a97333f3b3544a ALSA: seq: Fix use-after-free at creating a port
CVE-2017-16525: 208563455aac7540755bb9d8e8edaf7c5ef61d8c USB: serial: console: fix use-after-free after failed setup
CVE-2017-16527: dc7c3bd09c7d2063c4d1be23d72ee85f1b3bb947 ALSA: usb-audio: Kill stray URB at exiting
CVE-2017-16533: 2929cb995378205bceda86d6fd3cbc22e522f97f HID: usbhid: fix out-of-bounds bug
CVEs fixed in 4.4.94:
CVE-2017-15649: 1b6c80e797eeadf643861f8340ed5791d813d80c packet: in packet_do_bind, test fanout with bind_lock held
CVE-2018-9568: 685699703a0a39896ba0af91e6d2a80103fe4966 net: Set sk_prot_creator when cloning sockets to the right proto
CVEs fixed in 4.4.95:
CVE-2017-15299: 33dea302f9bc1e2c41392a308cfb50f6c02bb096 KEYS: don't let add_key() update an uninstantiated key
CVE-2017-15951: 8a004caec12bf241e567e3640401256cc9bc2e45 KEYS: Fix race between updating and finding a negative key
CVE-2017-16535: 9dff499d822660c6dbb2a407a7d85be26f87da07 USB: core: fix out-of-bounds access bug in usb_get_bos_descriptor()
CVEs fixed in 4.4.96:
CVE-2017-12193: 1cbbd99f3bfe27115c05332e7db73e23651b9f8b assoc_array: Fix a buggy node-splitting case
CVE-2017-16643: 2c99438cf66d585ba939068c8b8562e9104cd5c4 Input: gtco - fix potential out-of-bound access
CVEs fixed in 4.4.99:
CVE-2017-13080: 6440f0ee8a1779f53526bccb9de00914daeb9094 mac80211: accept key reinstall without changing anything
CVE-2017-16528: 1e98fd54c356bb2bcf827a74949c9372c455409f ALSA: seq: Cancel pending autoload work at unbinding device
CVE-2017-16532: de46c1adbea694109036d3e7dee1fa6250b72660 usb: usbtest: fix NULL pointer dereference
CVE-2017-16645: b7c625ce6d279bf3e138c25c0cd3f595923825f3 Input: ims-psu - check if CDC union descriptor is sane
CVE-2018-7191: 4b27fe34a226dd9087cb2e93161ffec03952c05a tun: call dev_get_valid_name() before register_netdevice()
CVEs fixed in 4.4.100:
CVE-2017-10911: 11e8e55be18cd39c3d54674362aa18695b243e22 xen-blkback: don't leak stack data via response ring
CVE-2017-15115: 46bdabbca02ebabd292d0ea3f610aa54e53f0e25 sctp: do not peel off an assoc from one netns to another one
CVE-2017-16537: c344019c48a92e559b7f910e53e0c6f9018680fb media: imon: Fix null-ptr-deref in imon_probe
CVE-2017-16646: 0a418e57717d2d33275e9340c726ded671be7698 media: dib0700: fix invalid dvb_detach argument
CVE-2017-16649: caeeef8438c30e7d0e43293fcb7beb9f953bb2a9 net: cdc_ether: fix divide by 0 on bad descriptors
CVE-2017-16650: e455048c7ae95633c8778a0282d1ee86f78c5349 net: qmi_wwan: fix divide by 0 on bad descriptors
CVE-2017-7518: 07e3aff243cdcb70d1e81e515aea553df3080f43 KVM: x86: fix singlestepping over syscall
CVE-2017-9150: 49630dd2e10a3b2fee0cec19feb63f08453b876f bpf: don't let ldimm64 leak map addresses on unprivileged
CVEs fixed in 4.4.101:
CVE-2017-16994: a3805b10de80953db316985f567453fc18329423 mm/pagewalk.c: report holes in hugetlb ranges
CVE-2017-18204: c4baa4a5870cb02f713def1620052bfca7a82bbb ocfs2: should wait dio before inode lock in ocfs2_setattr()
CVEs fixed in 4.4.103:
CVE-2017-16536: 0870fb4c3566088dc222e582e43edbc9ececbce4 cx231xx-cards: fix NULL-deref on missing association descriptor
CVE-2017-18203: 4e82464aa4a398207e2ecbc4877c82319ecdbafa dm: fix race between dm_get_from_kobject() and __dm_destroy()
CVEs fixed in 4.4.104:
CVE-2017-16939: b377c453b3631531679cbe594b7d28c5ecd82cea ipsec: Fix aborted xfrm policy dump crash
CVE-2017-18208: 0d05a5593f6309cb0df0df474a807a3220855703 mm/madvise.c: fix madvise() infinite loop under special circumstances
CVEs fixed in 4.4.106:
CVE-2017-0861: 659e7d2588f0fd970044fe00d9edeb482d375288 ALSA: pcm: prevent UAF in snd_pcm_info
CVE-2017-1000407: 477b837533a2f592702d2affab36b8052691287b KVM: VMX: remove I/O port 0x80 bypass on Intel hosts
CVE-2018-18559: b90f87c641bc9af04f0d8a21008880ae032de72c net/packet: fix a race in packet_bind() and packet_notifier()
CVE-2018-7492: 6c154d536d9457bee261d057559e43d3f8ae5fd5 rds: Fix NULL pointer dereference in __rds_rdma_map
CVEs fixed in 4.4.107:
CVE-2017-16914: 2862cfca39894ac265fbb5cde9a3ff90c02201f3 usbip: fix stub_send_ret_submit() vulnerability to null transfer_buffer
CVE-2017-17558: dfdf5fa3e6647c0fc02be8d857b6b8b7098946ff USB: core: prevent malicious bNumInterfaces overflow
CVE-2017-17805: 8a311b0462b59d12cb14e82e626d3612d988135b crypto: salsa20 - fix blkcipher_walk API usage
CVE-2017-17806: 43cd7f38612df31fbd929588c065cfbc42102aab crypto: hmac - require that the underlying hash algorithm is unkeyed
CVE-2017-17807: 13e86efb2eee6bd1f2d0aae5b0273e8e65683c9d KEYS: add missing permission check for request_key() destination
CVEs fixed in 4.4.109:
CVE-2017-15129: 5854ca90c6c6c2ed65355eded45615bf8bcd6fd3 net: Fix double free and memory corruption in get_net_ns_by_id()
CVE-2017-17449: f778ce6faa0d4c8d7a90b7bd11c3db7fb687c8cc netlink: Add netns check on taps
CVE-2017-17712: be27b620a861dc2a143b78e81e23f5622d9105da net: ipv4: fix for a race condition in raw_sendmsg
CVE-2017-18595: c2a62f84d49ff71cd7ffbe898c706ccc39955218 tracing: Fix possible double free on failure of allocating trace buffer
CVE-2018-18386: 2e3883922530aa25ecc23cc27bab1d3fda779f5a n_tty: fix EXTPROC vs ICANON interaction with TIOCINQ (aka FIONREAD)
CVEs fixed in 4.4.111:
CVE-2017-18075: 3ad85176e78d6671ede52eed588c3588d087b587 crypto: pcrypt - fix freeing pcrypt instances
CVEs fixed in 4.4.112:
CVE-2017-1000410: 0ae86454c435e554d01c51535c3cd4312577cc74 Bluetooth: Prevent stack info leak from the EFS element.
CVE-2017-13216: b4106c55b574fe37900b02ddf89cbe4b9d971392 staging: android: ashmem: fix a race condition in ASHMEM_SET_SIZE ioctl
CVE-2017-17741: eb91461daa77eb0ddb4c24aa427051f3669ba1f3 KVM: Fix stack-out-of-bounds read in write_mmio
CVE-2018-5332: 10d06ed9a1899fcc1ecb7a1573f0f95b92dc470c RDS: Heap OOB write in rds_message_alloc_sgs()
CVE-2018-5333: 44496521c6bd65a3c525b490c762875a075cf73b RDS: null pointer dereference in rds_atomic_free_op
CVEs fixed in 4.4.113:
CVE-2018-6927: 58c82be944f58561e77eb9db5039a4b0eca96ac5 futex: Prevent overflow by strengthen input validation
CVEs fixed in 4.4.114:
CVE-2017-11472: 4c19b00e5588828f0d3198b926efade766dcf2c8 ACPICA: Namespace: fix operand cache leak
CVE-2017-16911: 28f467e0bdda754aa36390fd90b01823f0d3b18d usbip: prevent vhci_hcd driver from leaking a socket pointer address
CVE-2017-16912: 80e733a9b37fb6b40351bf1924d5a90d89c375ae usbip: fix stub_rx: get_pipe() to validate endpoint number
CVE-2017-16913: b6f826ba10dce86f74efd3c0953cb9982a3c51e2 usbip: fix stub_rx: harden CMD_SUBMIT path to handle malicious input
CVE-2017-17448: a359a437fbc6bb08aa9cc8e25ef4ac3b77ca727b netfilter: nfnetlink_cthelper: Add missing permission checks
CVE-2017-17450: d01ceb4722cd8d64176272434fe332b596750d9c netfilter: xt_osf: Add missing permission checks
CVE-2018-1000028: 3f84339bd344b2cf0afe64b78d3964bb6422d0f3 nfsd: auth: Fix gid sorting when rootsquash enabled
CVEs fixed in 4.4.115:
CVE-2017-17862: 1367d854b97493bfb1f3d24cf89ba60cb7f059ea bpf: fix branch pruning logic
CVE-2018-1000004: 623e5c8ae32b39cc8baea83478695dc624935318 ALSA: seq: Make ioctls race-free
CVE-2018-5344: b392225467b8066538dfa200dc925c844b76880b loop: fix concurrent lo_open/lo_release
CVEs fixed in 4.4.116:
CVE-2017-13305: 33813d43dd593e1c32c567c75483233212b825ae KEYS: encrypted: fix buffer overread in valid_master_desc()
CVE-2017-16538: ca48c81cff0e5b56e525414b75990bcb64b7cbb9 media: dvb-usb-v2: lmedm04: Improve logic checking of warm start
CVE-2017-18344: 77f56f5d39e95a152a755d53b0d870b92fbf466b posix-timer: Properly check sigevent->sigev_notify
CVE-2017-8824: 3196c1515ea683bb6f95673feb2998f605ab581d dccp: CVE-2017-8824: use-after-free in DCCP code
CVE-2018-5750: 591060a7a0a09cbaa5b6c04bd309966586aa9d2e ACPI: sbshc: remove raw pointer from printk() message
CVE-2018-5873: 49ffe04fcdf29c8925344bce314d9398b2d7743d nsfs: mark dentry with DCACHE_RCUACCESS
CVEs fixed in 4.4.117:
CVE-2018-7566: b374197df2deb08fec55d48763711ea1df8efde7 ALSA: seq: Fix racy pool initializations
CVEs fixed in 4.4.120:
CVE-2017-18193: 023ca5b884d2759b56dc8d480942835881853513 f2fs: fix a bug caused by NULL extent tree
CVEs fixed in 4.4.121:
CVE-2018-5803: 54b183ea4fe96c7b80439971ee04cf634a6e0459 sctp: verify size of a new chunk in _sctp_make_chunk()
CVEs fixed in 4.4.122:
CVE-2018-1065: 48db3004d40d97d3ac205d2d64ab580a8cfcfe63 netfilter: add back stackpointer size checks
CVE-2018-1068: 6d31b2ef34fd718386a73c983877461bca58d3db netfilter: ebtables: CONFIG_COMPAT: don't trust userland offsets
CVE-2018-7995: e882c0baab3325c409d21edc24254c515d90d160 x86/MCE: Serialize sysfs changes
CVE-2019-9456: abe0ecd5597c31c6b70dc347145789000f4cf68f usb: usbmon: Read text within supplied buffer size
CVEs fixed in 4.4.123:
CVE-2017-16995: a6132276ab5dcc38b3299082efeb25b948263adb bpf: fix incorrect sign extension in check_alu_op()
CVE-2018-7480: 633a5a5235d697b145171ca1e702d3a4f6778131 blkcg: fix double free of new_blkg in blkcg_init_queue
CVEs fixed in 4.4.124:
CVE-2017-18222: 7d7100094cd83e84ce53c51155ee9f507e2e9028 net: hns: fix ethtool_get_strings overflow in hns driver
CVE-2018-1066: 26dc7476efad2151aadb7f72c0c8a253823ef289 CIFS: Enable encryption during session setup phase
CVEs fixed in 4.4.125:
CVE-2018-1087: 5e4e65a940c91b61bfaf8d6e4448522577beb5ef kvm/x86: fix icebp instruction handling
CVE-2018-8781: 224eaa8a8e644e0d3df35fe232b08fd8fead8864 drm: udl: Properly check framebuffer mmap offsets
CVE-2018-8822: badf74b65fc27112f5fee871c7ade9199c74b2e1 staging: ncpfs: memory corruption in ncp_read_kernel()
CVE-2018-8897: c6fe55e30bb6d431ee56cd4bbb582e30766c5e0e x86/entry/64: Don't use IST entry for #BP stack
CVEs fixed in 4.4.126:
CVE-2018-1130: de31c391673aeb2c1d09552ac75a6b7ee96d65ac dccp: check sk for closed state in dccp_sendmsg()
CVEs fixed in 4.4.127:
CVE-2017-17975: 607a6b7b6a7ad995c4c9cf3c2df66dc3f4febb52 media: usbtv: prevent double free in error case
CVE-2018-1000199: d60017da67463bd7a11a7f7e08115be324afe216 perf/hwbp: Simplify the perf-hwbp code, fix documentation
CVEs fixed in 4.4.128:
CVE-2018-7757: 92b72d2f84389e27d81c93beaf9093f8cf1ef449 scsi: libsas: fix memory leak in sas_smp_get_phy_events()
CVE-2018-9422: 93dcb09e29bb24a86aa7b7eff65e424f7dc98af2 futex: Remove requirement for lock_page() in get_futex_key()
CVEs fixed in 4.4.129:
CVE-2018-1092: 990251318b97ed7153d9adbf633035536c7d685b ext4: fail ext4_iget for root directory if unallocated
CVEs fixed in 4.4.130:
CVE-2018-10940: e47611257d7b46bfdc70726a8a236881180cf990 cdrom: information leak in cdrom_ioctl_media_changed()
CVEs fixed in 4.4.131:
CVE-2018-1093: ea057aed06d8f13d931652bc4faa604ac0c50aa2 ext4: add validity checks for bitmap block numbers
CVE-2018-9385: 30a80ca6dbbda67b0c902448993ed6a35b52612a ARM: amba: Don't read past the end of sysfs "driver_override" buffer
CVE-2018-9415: 7488404d3bab4eccb590c80c8827520394444630 ARM: amba: Fix race condition with driver_override
CVEs fixed in 4.4.132:
CVE-2017-18255: 609124d60341bf8870318c201cec50548824f2e2 perf/core: Fix the perf_cpu_time_max_percent check
CVE-2017-18257: 0678adf8f8a99c66c48c608ea9a79588743bc615 f2fs: fix a dead loop in f2fs_fiemap()
CVEs fixed in 4.4.133:
CVE-2018-1000204: 93314640426ddb6af618d0802e622f6fa771792c scsi: sg: allocate with __GFP_ZERO in sg_build_indirect()
CVE-2018-10021: 6efcc74e1b0c16aebf5d8107543ce63475af35c1 scsi: libsas: defer ata device eh commands to libata
CVE-2018-10087: ea00b22b02f228cb58ee6c6707c86ec270e37fba kernel/exit.c: avoid undefined behaviour when calling wait4()
CVE-2018-5814: 02995a5882371a9fca3033fd356598a805d46040 usbip: usbip_host: fix NULL-ptr deref and use-after-free errors
CVEs fixed in 4.4.134:
CVE-2017-13695: dfcb739c20d88461fbd0dc007670f63ad82db881 ACPICA: acpi: acpica: fix acpi operand cache leak in nseval.c
CVE-2018-10124: cb1c92e55420dad73ce717ef4029dd6e984dcbd0 kernel/signal.c: avoid undefined behaviour in kill_something_info
CVE-2018-6412: bfffc2c3f56b462cdf5eeea639d898a69b323001 fbdev: Fixing arbitrary kernel leak in case FBIOGETCMAP_SPARC in sbusfb_ioctl_helper().
CVE-2018-9518: 50e54d56744cda70a1c3bc980c56e461ecde3a6d NFC: llcp: Limit size of SDP URI
CVEs fixed in 4.4.137:
CVE-2019-18675: bd2f9ce5bacb15ad54fc6c345480c4df0c76c3ee mmap: introduce sane default mmap limits
CVEs fixed in 4.4.139:
CVE-2018-13406: 842803e4a66bd2a0b663dae18b80535a575d427f video: uvesafb: Fix integer overflow in allocation
CVEs fixed in 4.4.140:
CVE-2017-13168: 9a737329c7c4a341009b7398164db8fa8e5358f0 scsi: sg: mitigate read/write abuse
CVE-2018-10876: db3b00e3f392e9f879f7fd202437e68f90f35765 ext4: only look at the bg_flags field if it is valid
CVE-2018-10877: 353ebd3e98869b50ed47364d05acdf679c2c05c6 ext4: verify the depth of extent tree in ext4_find_extent()
CVE-2018-10878: afa9c75025bd1e24ccdc56fa331e865b626769e6 ext4: always check block group bounds in ext4_init_block_bitmap()
CVE-2018-10879: b7d29dc8fe8d23243d3d87109099bdc34a684712 ext4: make sure bitmaps and the inode table don't overlap with bg descriptors
CVE-2018-10881: b88fc699a023e0ef86f647c3d48a17d7cfff1f2a ext4: clear i_data in ext4_inode_info when removing inline data
CVE-2018-10882: ff6c96461be35381399466ad58f02b8d78ab480a ext4: add more inode number paranoia checks
CVE-2018-10883: 2cd33a53177ce739fe5f68052b2a737f1c40b425 jbd2: don't mark block as modified if the handle is out of credits
CVE-2018-9516: ef111ea31575bdc50c0c914fe036a1d0ad0cae4e HID: debug: check length before copy_to_user()
CVEs fixed in 4.4.141:
CVE-2018-13405: e71dbad7563db674f91af9e12ef592c107d0c2cd Fix up non-directory creation in SGID directories
CVE-2018-16276: 2638a67a0c50a97e0564491325c24c2c12083dbb USB: yurex: fix out-of-bounds uaccess in read handler
CVEs fixed in 4.4.143:
CVE-2017-18216: b9e22bd82856a794986d75bb3bb585b8bfbf4d99 ocfs2: subsystem.su_mutex is required while accessing the item->ci_parent
CVEs fixed in 4.4.144:
CVE-2017-5754: 7169b43e7c68edd550efa812c295685947ffa8a0 x86/cpufeatures: Add Intel feature bits for Speculation Control
CVE-2018-10902: 01b6ca65e10f2669965fbc62440cb9b09a25d086 ALSA: rawmidi: Change resized buffers atomically
CVE-2018-3639: b2dab2dc776cea8e1f190523456b32b850506ce3 x86/nospec: Simplify alternative_msr_write()
CVEs fixed in 4.4.146:
CVE-2018-14734: 52175c849bd4c01dd14038b4401d5044d99a6b0a infiniband: fix a possible use-after-free bug
CVEs fixed in 4.4.147:
CVE-2018-12233: 0749d5b3ec62310b747751ea7d4d5ccca51bc80f jfs: Fix inconsistency between memory allocation and ea_buf->max_size
CVEs fixed in 4.4.148:
CVE-2018-15572: 7744abbe29a59db367f59b0c9890356732f25a3b x86/speculation: Protect against userspace-userspace spectreRSB
CVEs fixed in 4.4.149:
CVE-2018-9363: 17c1e0b1f6a161cc4f533d4869ff574273dbfe8d Bluetooth: hidp: buffer overflow in hidp_process_report
CVEs fixed in 4.4.152:
CVE-2018-3693: a89f83823b97b6da1ecf7a51184b28822e78cc07 ext4: fix spectre gadget in ext4_mb_regular_allocator()
CVEs fixed in 4.4.154:
CVE-2018-10938: 8ed0ff83f5fd0ca412a52bd71af332598c01ca46 Cipso: cipso_v4_optptr enter infinite loop
CVE-2018-16658: eb08a285899df82056f712421988c6ccd0b58ba6 cdrom: Fix info leak/OOB read in cdrom_ioctl_drive_status
CVEs fixed in 4.4.155:
CVE-2019-12881: 182e963432d867384f2e55487ec60ca7a9f99cd1 drm/i915/userptr: reject zero user_size
CVEs fixed in 4.4.156:
CVE-2018-14609: 510825b3f8c1f5dc29b81660e1eb68e7fb0b8d50 btrfs: relocation: Only remove reloc rb_trees if reloc control has been initialized
CVE-2018-14617: fed5bd3352a3fbf9494449ffee3b4bab5e8cc3a6 hfsplus: fix NULL dereference in hfsplus_lookup()
CVE-2018-6554: 4a7811bb3ae10d76d9e76c2b0ce7b27bc02a9370 staging: irda: remove the irda network stack and drivers
CVE-2018-6555: 131a3b82c853483b1809cad06f8997421dd49500 staging: irda: remove the irda network stack and drivers
CVEs fixed in 4.4.157:
CVE-2018-17182: 88d6918401a4ecdc50fe77df3e1e77c1e49d8579 mm: get rid of vmacache_flush_all() entirely
CVEs fixed in 4.4.159:
CVE-2018-14633: afba6121b3b7e1737b7e7dafbf6b7eafbcdc659c scsi: target: iscsi: Use hex2bin instead of a re-implementation
CVE-2018-20511: fee0d234419708192925c9e25a461f1f43dab24f net/appletalk: fix minor pointer leak to userspace in SIOCFINDIPDDPRT
CVEs fixed in 4.4.160:
CVE-2018-10880: cd3d6463759d21f4093d3434effacc358dd0caf8 ext4: never move the system.data xattr out of the inode body
CVE-2018-13053: 2e17841715313cab2464b3b6360a289a1cb2744b alarmtimer: Prevent overflow for relative nanosleep
CVE-2018-17972: 574757073482f77ec10caea5e57726190a2837fa proc: restrict kernel stack dumps to root
CVE-2018-18021: 14a65511bc7c1eec560764fe53018b0765fb8d2d arm64: KVM: Tighten guest core register access from userspace
CVE-2018-7755: ef0a9f76fda4a7ffce6ceee5abdd554a719e8bd8 floppy: Do not copy a kernel pointer to user memory in FDGETPRM ioctl
CVE-2019-9458: bbbc4dabca5d51c608b0fd608eb3cd8659266653 media: v4l: event: Prevent freeing event subscriptions while accessed
CVEs fixed in 4.4.163:
CVE-2018-18281: 2e3ae534fb98c7a6a5cf3e80a190181154328f80 mremap: properly flush TLB before releasing the page
CVEs fixed in 4.4.164:
CVE-2018-18710: 661aa0b46dfb23700b569ac319b95e0b0154832f cdrom: fix improper type cast, which can leat to information leak.
CVEs fixed in 4.4.167:
CVE-2018-16862: 78b572c9e3a1b7edf46da17ad96a86110dd65fe8 mm: cleancache: fix corruption on missed inode invalidation
CVE-2018-19824: 82fa3e95432f95254fd07556c55b1018145e1439 ALSA: usb-audio: Fix UAF decrement if card has no live interfaces in card.c
CVE-2018-20169: c380600bf71c35dc23aa0c3628a1013ec10cb349 USB: check usb_get_extra_descriptor for proper size
CVE-2019-2024: 4de120cba4ed4ef009edb2b17b2fa21b679b00b2 media: em28xx: Fix use-after-free when disconnecting
CVEs fixed in 4.4.168:
CVE-2018-1120: adc143b97d06a3305707726e69b4247db050cb88 proc: do not access cmdline nor environ from file-backed areas
CVE-2018-12896: 954648ebf8e27fcbf23b7954b79a22a5cacc83b1 posix-timers: Sanitize overrun handling
CVE-2018-5848: e47b9b2b005ab8b1b83bc0ac4aa2803cba57182a wil6210: missing length check in wmi_set_ie
CVE-2018-5953: c873dfa0ccbdb08e9fb42f497503e148f79cdebb printk: hash addresses printed with %p
CVEs fixed in 4.4.169:
CVE-2017-18241: 0fd7726d69afb0b61817f8d51e80f385cbfb2b10 f2fs: fix a panic caused by NULL flush_cmd_control
CVEs fixed in 4.4.170:
CVE-2018-19985: 8846b1dbfd2146b145d73ba31a4caa4a4789aefb USB: hso: Fix OOB memory access in hso_probe/hso_get_config_data
CVE-2019-15927: a5e09a908ea3c64bf522822b7923d2d8fc1a7af2 ALSA: usb-audio: Avoid access before bLength check in build_audio_procunit()
CVE-2019-6133: d447cf0ceefa01ee9203145d011eedca6e1194e6 fork: record start_time late
CVEs fixed in 4.4.171:
CVE-2018-14610: ee5e37a26791f9c842b3298e594c6e3c93bb1355 btrfs: Check that each block group has corresponding chunk at mount time
CVE-2018-14611: 50962a7b4877f26d1f3f49cd77ad1814a9e81bac btrfs: validate type when reading a chunk
CVE-2018-14612: 42d263820480ab1f7eba54590f2c7283b3428723 btrfs: tree-checker: Detect invalid and empty essential trees
CVE-2018-14613: ae94efaf2b609e811bce6280d5c88cf557cd1238 btrfs: tree-checker: Verify block_group_item
CVE-2018-16884: 9615b6aeccbfb233fd672107aa6885bf039c3de3 sunrpc: use-after-free in svc_process_common()
CVEs fixed in 4.4.172:
CVE-2017-18249: a4f4f97573bfb057bbc30696d803cc37ed629d02 f2fs: fix race condition in between free nid allocator/initializer
CVE-2018-13096: cbe5e5cd70c0f6fd187114e7f146f29830fedf9c f2fs: fix to do sanity check with node footer and iblocks
CVE-2018-13097: b31ccde086671b372957e1fe1c60968e6d7464d7 f2fs: fix to do sanity check with user_block_count
CVE-2018-13099: 3bfe2049c222b23342ff2a216cd5a869e8a14897 f2fs: fix to do sanity check with reserved blkaddr of inline inode
CVE-2018-13100: 056120a8c192871c558e742f83ae18bf8721d97c f2fs: fix to do sanity check with secs_per_zone
CVE-2018-14614: 98beb84af7212a2ba50370497e569ae3f61b1c8b f2fs: fix to do sanity check with cp_pack_start_sum
CVE-2018-14616: 4901e126b6e1677c90d3c0a668193e52ecdd4971 f2fs: fix to do sanity check with block address in main area v2
CVE-2018-18690: f00ebf4f84ed2e9344743d86e274ff77269df02a xfs: don't fail when converting shortform attr to long form during ATTR_REPLACE
CVE-2019-3701: 693ae291197429f404e7d9c191e1541f61925278 can: gw: ensure DLC boundaries after CAN frame modification
CVE-2020-10769: 461652efc1545a1a074bf0df826dcd3bce520db4 crypto: authenc - fix parsing key with misaligned rta_len
CVEs fixed in 4.4.174:
CVE-2018-5391: ef0f963de1d2c5bc99d3d6ace3dd44a7d6002717 ip: discard IPv4 datagrams with overlapping segments.
CVEs fixed in 4.4.175:
CVE-2019-7221: 9872ddae1949b46d5310e0e71ca26bb5c4e52a70 KVM: nVMX: unconditionally cancel preemption timer in free_nested (CVE-2019-7221)
CVE-2019-7222: 1b5fd913a4eb07cb13e969bb8e3b1633a40e683f KVM: x86: work around leak of uninitialized stack contents (CVE-2019-7222)
CVEs fixed in 4.4.176:
CVE-2019-6974: bc4db52485cc6edfd6861417d178bb71f743ced7 kvm: fix kvm_ioctl_create_device() reference counting (CVE-2019-6974)
CVEs fixed in 4.4.177:
CVE-2019-12818: 6e7339d5ee302fcbfe8ef29c058cc85c360849b9 net: nfc: Fix NULL dereference on nfc_llcp_build_tlv fails
CVE-2019-12819: a1b4ace43842791d908a8837304031e439c2ea39 mdio_bus: Fix use-after-free on device_register fails
CVE-2019-15916: d28a029290fd80e9fb40850eb6eb2b7281f1f007 net-sysfs: Fix mem leak in netdev_register_kobject
CVE-2019-16413: f289ac1f6eb2d024793732ddb629595ab85674b7 9p: use inode->i_lock to protect i_size_write() under 32-bit
CVE-2019-16995: 453e3b319d28f2023d45073e6eb30c5efa2fd06b net: hsr: fix memory leak in hsr_dev_finalize()
CVE-2019-2101: bba078c9fc3c7e44370f870d97c5eed64f6c5d1f media: uvcvideo: Fix 'type' check leading to overflow
CVE-2019-9213: 40952b6a649b9bfad11ae4fa2862fa0108c9ec24 mm: enforce min addr even if capable() in expand_downwards()
CVE-2019-9455: 7b5115689bf9dafc5127b28ace4589f698d4adfa media: videobuf2-v4l2: drop WARN_ON in vb2_warn_zero_bytesused()
CVEs fixed in 4.4.178:
CVE-2019-20054: 6271fa6fc366827c0249864157e8fd18c4eac68a fs/proc/proc_sysctl.c: fix NULL pointer dereference in put_links
CVE-2019-3459: ade4560e4fea198866e033fe1c02f063d6d7db2e Bluetooth: Verify that l2cap_get_conf_opt provides large enough buffer
CVE-2019-3460: d22036003893cbe479404e20fdae10addc6c18dd Bluetooth: Check L2CAP option sizes returned from l2cap_get_conf_opt
CVEs fixed in 4.4.179:
CVE-2017-18551: 02bfc06ca2fa1158d6cd2e5688bfc4ef278d8425 i2c: core-smbus: prevent stack corruption on read I2C_BLOCK_DATA
CVE-2019-10639: 0ede14314f6d9e6a172eb4c4b6b9fe5477aa70bc netns: provide pure entropy for net_hash_mix()
CVE-2019-11190: 1eb40df35d99f353e7bdfcbb21f249428ec0f4b6 binfmt_elf: switch to new creds when switching to new mm
CVE-2019-11486: c3e76f072adbcc426fbeef5d7469f847a2f700d6 tty: mark Siemens R3964 line discipline as BROKEN
CVE-2019-11810: 09a6db51dcb41990fe020e45af8b2e44010fc1e7 scsi: megaraid_sas: return error when create DMA pool failed
CVE-2019-11815: c4e97b06cfdc5213494c22dd5c2b41ff8b15e0ee net: rds: force to destroy connection if t_sock is NULL in rds_tcp_kill_sock().
CVE-2019-15214: f94135f92d97d85444691bcc4f79784d995a5458 ALSA: core: Fix card races between register and disconnect
CVE-2019-15292: d49a75f5add4543eb138fb0a8fe0560fb276352e appletalk: Fix use-after-free in atalk_proc_exit
CVE-2019-9454: 02bfc06ca2fa1158d6cd2e5688bfc4ef278d8425 i2c: core-smbus: prevent stack corruption on read I2C_BLOCK_DATA
CVEs fixed in 4.4.180:
CVE-2018-20836: fe3f6511c9af47847e3547c1525de290a3d908eb scsi: libsas: fix a race condition when smp task timeout
CVE-2019-10142: 9db489ed49711d1575f631b68aaa911d3b6198f9 drivers/virt/fsl_hypervisor.c: prevent integer overflow in ioctl
CVE-2019-11884: dd150bcc93ffaa80ca67d5a71d7850fffe5eb549 Bluetooth: hidp: fix buffer overflow
CVE-2019-15216: 438b075fc77d63472892df735fe2a27d3f23dcbf USB: yurex: Fix protection fault after device removal
CVE-2019-3882: e1a5cdbf7cb32a168d37a4804379b9b70d31b39b vfio/type1: Limit DMA mappings per container
CVEs fixed in 4.4.181:
CVE-2018-1000026: c55a2cffa5caaf72db415558f8058f995578a773 bnx2x: disable GSO where gso_size is too big for hardware
CVE-2018-20510: c53c1a821d62eb8476425ebe79c0c0054ab45315 binder: replace "%p" with "%pK"
CVE-2019-11833: 98529ecd313bbeff006930056dad26529510054f ext4: zero out the unused memory region in the extent tree block
CVE-2019-15212: b92be99a0c8b2c1c66fe37f1fb21ef069c7732f1 USB: rio500: refuse more than one device at a time
CVE-2019-15218: b1782be70e1e281216f58ba283a0e55ad6364aaf media: usb: siano: Fix general protection fault in smsusb
CVE-2019-15219: 30e66d7d2fb978f7b59fbf6106bdc1092acbb7ef USB: sisusbvga: fix oops in error path of sisusb_probe
CVE-2019-15666: 86040d722b29976dfef0ef2b68eab832c358d04b xfrm: policy: Fix out-of-bound array accesses in __xfrm_policy_unlink
CVE-2019-19966: a04e71a0dbc62083bd31ae4d252d2c07a0035e4a media: cpia2: Fix use-after-free in cpia2_exit
CVE-2019-9466: 4e06554db5e5c3d693141b84aba3a4f29b7d9ef5 brcmfmac: add subtype check for event handling in data path
CVE-2019-9503: 4e06554db5e5c3d693141b84aba3a4f29b7d9ef5 brcmfmac: add subtype check for event handling in data path
CVE-2020-10720: 4f9c73aa293051359ef1f2f6d816895ab50c9f3e net-gro: fix use-after-free read in napi_gro_frags()
CVEs fixed in 4.4.182:
CVE-2019-11477: 4657ee0fe05e15ab572b157f13a82e080d4b7d73 tcp: limit payload size of sacked skbs
CVE-2019-11478: ad472d3a9483abc155e1644ad740cd8c039b5170 tcp: tcp_fragment() should apply sane memory limits
CVE-2019-11479: e757d052f3b8ce739d068a1e890643376c16b7a9 tcp: add tcp_min_snd_mss sysctl
CVEs fixed in 4.4.183:
CVE-2019-11599: 8f6345a11caae324ad36abca8723a5710d099a85 coredump: fix race condition between mmget_not_zero()/get_task_mm() and core dumping
CVE-2019-15807: 39c7c903c63db10c99b1083ea9a688f63fb2c4a7 scsi: libsas: delete sas port if expander discover failed
CVE-2019-3892: 8f6345a11caae324ad36abca8723a5710d099a85 coredump: fix race condition between mmget_not_zero()/get_task_mm() and core dumping
CVEs fixed in 4.4.185:
CVE-2018-16597: b24be4acd17a8963a29b2a92e1d80b9ddf759c95 ovl: modify ovl_permission() to do checks on two inodes
CVE-2019-0136: c7c680979b503a1bb64ee26ffa34207f886090ab mac80211: drop robust management frames from unknown TA
CVE-2019-13272: 54562d2b0be5c120b01c8bb94baef1aca37fd329 ptrace: Fix ->ptracer_cred handling for PTRACE_TRACEME
CVE-2019-9506: 993699d9de09097e2bfd49100b8904774e5304fb Bluetooth: Fix faulty expression for minimum encryption key size check
CVEs fixed in 4.4.186:
CVE-2019-10126: 3a611df229a90247c9a5159d136c60f4008c29a2 mwifiex: Fix heap overflow in mwifiex_uap_parse_tail_ies()
CVE-2019-3846: 5d43b417e60ab25984fc7c41175f3ce8cee992bd mwifiex: Fix possible buffer overflows at parsing bss descriptor
CVEs fixed in 4.4.187:
CVE-2017-18509: ee2f25641633ffb03fb88e4fa8a6424d24d3f295 ipv6: check sk sk_type and protocol early in ip_mroute_set/getsockopt
CVE-2019-10207: 37fb924139954a28a1f04959070c3cc762b0de4c Bluetooth: hci_uart: check for missing tty operations
CVE-2019-13631: 3ca20e950203a6c7759186ec4e89cbd33ee2bf81 Input: gtco - bounds check collection indent level
CVE-2019-13648: e67fd28f9ed887d0c8124bda96b66dab87823eac powerpc/tm: Fix oops on sigreturn on systems without TM
CVE-2019-14283: d105eaf5fb67a193df8fe72e64690c43e343a560 floppy: fix out-of-bounds read in copy_buffer
CVE-2019-14284: 26d6284d5d392bd96c414f745bcbf3620e93c8fd floppy: fix div-by-zero in setup_format_params
CVE-2019-15211: 56ea214b175643476a7f2979118c2ac560f29b3f media: radio-raremono: change devm_k*alloc to k*alloc
CVE-2019-15215: 63a80df0ea2b94813f60e8372f9ee93856bcfd5b media: cpia2_usb: first wake up, then free in disconnect
CVE-2019-15239: 8f0b77b71f3fec09f86f80cd98c36a1a35109499 unknown
CVE-2019-15926: c1e1288d2e61727c1a9b9f28d0cf61da592a76bc ath6kl: add some bounds checking
CVE-2019-20934: da358f365dab8fea00c6254621e2cfb2fd817d01 sched/fair: Don't free p->numa_faults with concurrent readers
CVEs fixed in 4.4.189:
CVE-2018-20856: e6ea77dd5a6a72583453e8703583ce0ef538aea4 block: blk_init_allocated_queue() set q->fq as NULL in the fail case
CVE-2019-1125: e3d8c979c49d6113566acf4b3002073979cd35c3 x86/speculation: Prepare entry code for Spectre v1 swapgs mitigations
CVEs fixed in 4.4.190:
CVE-2018-20961: 3dae85a803a265c65e6032cd68a13fb717d766d9 USB: gadget: f_midi: fixing a possible double-free in f_midi
CVE-2019-19527: 8e73f43b6772a262d1884511f694e0f90c3dfa68 HID: hiddev: do cleanup in failure of opening a device
CVE-2019-19530: 8fed007578dba671e131781360dd87c4683672e7 usb: cdc-acm: make sure a refcount is taken early enough
CVE-2019-19531: 2ef494ad6274e963dc0fe64a8b405d22e0700e9b usb: yurex: Fix use-after-free in yurex_delete
CVE-2019-19535: 67112944e756484c5d62529597a0181f846340d0 can: peak_usb: pcan_usb_fd: Fix info-leaks to USB devices
CVE-2019-19536: abea9fa28b64d0a875cc3659002dc87b64836265 can: peak_usb: pcan_usb_pro: Fix info-leaks to USB devices
CVE-2019-19537: 8f67bc7c8da8622fddf4d29a2f422678dfbadf77 USB: core: Fix races in character device registration and deregistraion
CVEs fixed in 4.4.191:
CVE-2016-10905: d61e517e39149bff6be936c922f47af99d54509a GFS2: don't set rgrp gl_object until it's inserted into rgrp tree
CVE-2016-10906: b31c9932f84ce06b08735884ae7e19eca2b6c80a net: arc_emac: fix koops caused by sk_buff free
CVE-2019-10638: 66f8c5ff8ed3d99dd21d8f24aac89410de7a4a05 inet: switch IP ID generator to siphash
CVE-2019-15117: a485888b5189845f0b6c58ae89661a402a80402a ALSA: usb-audio: Fix an OOB bug in parse_audio_mixer_unit
CVE-2019-15118: 735a16d1afc01320392669f4ea64c84d435faf1c ALSA: usb-audio: Fix a stack buffer overflow bug in check_input_term
CVE-2019-15902: 61263fbe574b0b74c50552983bdcc2bb9a409b1e unknown
CVE-2019-3900: bb85b4cbd8f69cdea3a0caa9aa4edb1d4d7bc24f vhost_net: fix possible infinite loop
CVEs fixed in 4.4.193:
CVE-2019-14835: 35b29a78cc9b2523f6b0c080e6b44d2eeb367023 vhost: make sure log_num < in_num
CVEs fixed in 4.4.194:
CVE-2019-14814: 851224e62b5525f0a87a171905e5c144e1899cd2 mwifiex: Fix three heap overflow at parsing element in cfg80211_ap_settings
CVE-2019-14816: 851224e62b5525f0a87a171905e5c144e1899cd2 mwifiex: Fix three heap overflow at parsing element in cfg80211_ap_settings
CVE-2019-14821: ae41539657ce0a4e9f4588e89e5e19a8b8f11928 KVM: coalesced_mmio: add bounds checking
CVE-2019-15505: db38be77199f16dd23d1504a9dfddf7e4479652a media: technisat-usb2: break out of loop at end of buffer
CVEs fixed in 4.4.195:
CVE-2019-17052: c15d89b5cb86dfcdee536d093ece512091ed6e5c ax25: enforce CAP_NET_RAW for raw sockets
CVE-2019-17053: a279cd311c1e3870de25fe48e948487b4785e9cd ieee802154: enforce CAP_NET_RAW for raw sockets
CVE-2019-17054: ec1e04b8979464990e000850d14d3e562999a82d appletalk: enforce CAP_NET_RAW for raw sockets
CVE-2019-17055: a03818269bfbc2ff6d25e3e44eb2247df53648ca mISDN: enforce CAP_NET_RAW for raw sockets
CVE-2019-17056: 001ff467264f3e51c8bb18de5cbe62e91d05cfc5 nfc: enforce CAP_NET_RAW for raw sockets
CVE-2019-18680: 91573ae4aed0a49660abdad4d42f2a0db995ee5e unknown
CVE-2019-19533: b54d1e51bba72256f977912b6b4197bd1494c72e media: ttusb-dec: Fix info-leak in ttusb_dec_send_command()
CVEs fixed in 4.4.196:
CVE-2019-18806: a35f1bb8c300a46c194bb5154ee8fc040c5ae392 net: qlogic: Fix memory leak in ql_alloc_large_buffers
CVE-2019-2215: 80eb98a4ee70428d5b4b7202195a916385a76809 ANDROID: binder: remove waitqueue when thread exits.
CVE-2020-0030: fcf46dcedbc419633771e16bfdf97a528f4d7dab ANDROID: binder: synchronize_rcu() when using POLLFREE.
CVEs fixed in 4.4.197:
CVE-2018-20976: 748edae843c30f41fdcb320f1a8335bc2238b961 xfs: clear sb->s_fs_info on mount failure
CVE-2019-16746: fd27e0779cf62f72bd8242d003d30742d11e451e nl80211: validate beacon head
CVE-2019-19523: cd3cfbafe8eb9761950873c04c0147b40a85d29f USB: adutux: fix use-after-free on disconnect
CVE-2019-19525: 1fb673245b24832acb411db7ffe207fb470559ab ieee802154: atusb: fix use-after-free at disconnect
CVE-2019-19528: f723d7ea08e2c69ac9ecd87828c650745270fb98 USB: iowarrior: fix use-after-free on disconnect
CVEs fixed in 4.4.198:
CVE-2019-17075: 3cd0698561d3e9dcb7c969077932e072fbb4689e RDMA/cxgb4: Do not dma memory off of the stack
CVE-2019-17133: 3ca40f2f6015580caf11a4fd23503ea7529ed861 cfg80211: wext: avoid copying malformed SSIDs
CVEs fixed in 4.4.199:
CVE-2019-15098: d7619be74f341630989c7edfd21a9ed8f51ab2d1 ath6kl: fix a NULL-ptr-deref bug in ath6kl_usb_alloc_urb_from_pipe()
CVE-2019-17666: 3da8d0e777fa8a0934a288b115373cf12d7800f8 rtlwifi: Fix potential overflow on P2P code
CVE-2019-19532: 2be873faad369e0b6b70761506995fd2d4cb0257 HID: Fix assumption that devices have inputs
CVE-2020-10773: 1cdb53607683a4fa8625a3f3eb65e5d9f4572166 s390/cmm: fix information leak in cmm_timeout_handler()
CVEs fixed in 4.4.200:
CVE-2019-18282: 491cd03f3b44f58f346ec15e2fc958d0def7b5a7 net/flow_dissector: switch to siphash
CVE-2019-19049: 265c6b8ab54cf46ac4e3c768f2be1489dc13a494 of: unittest: fix memory leak in unittest_data_add
CVEs fixed in 4.4.201:
CVE-2019-0154: 1433b8d41b1aa346e100b839c19fc033871ac5a6 drm/i915: Lower RM timeout to avoid DSI hard hangs
CVE-2019-0155: e5e3c0154c19f2d8213e0af88b7a10d9de7fbafd drm/i915: Rename gen7 cmdparser tables
CVE-2019-19052: 7f18860337d74fdf79e7152bee7117d945ff6945 can: gs_usb: gs_can_open(): prevent memory leak
CVE-2019-19534: 1afef2b7a5d8d97cee332aee1c4d5a96597c223d can: peak_usb: fix slab info leak
CVEs fixed in 4.4.202:
CVE-2019-11135: 124635392ef394772850172bd5370e62cfe781b4 x86/msr: Add the IA32_TSX_CTRL MSR
CVEs fixed in 4.4.203:
CVE-2019-15917: 29d9c5714096a47ed8d2a1632e382c949b089563 Bluetooth: hci_ldisc: Postpone HCI_UART_PROTO_READY bit set in hci_uart_set_proto()
CVE-2019-19524: af618124c69794bf215bf8cefb67890f95246ef8 Input: ff-memless - kill timer in destroy()
CVEs fixed in 4.4.204:
CVE-2019-15291: 89660684ceca03bcaf5d1637709a4875e98387c6 media: b2c2-flexcop-usb: add sanity checking
CVE-2019-18660: 3a79351beb549634c217570a5a8e500b8f466ad0 powerpc/book3s64: Fix link stack flush on context switch
CVE-2019-18683: 7f8286d2b526a86d9bbdf20690b4245d0ea1fac3 media: vivid: Fix wrong locking that causes race conditions on streaming stop
CVEs fixed in 4.4.206:
CVE-2019-12614: 27cb5fbc84ed4d97a4bbcab04fb186705bac303e powerpc/pseries/dlpar: Fix a missing check in dlpar_parse_cc_property()
CVEs fixed in 4.4.207:
CVE-2019-19062: 5020350fb0012816ee35f7b744ded18bb75ecc1e crypto: user - fix memory leak in crypto_report
CVE-2019-19227: 7ae3525ee708f867a2d2321c246b285136cdbed8 appletalk: Fix potential NULL pointer dereference in unregister_snap_client
CVE-2019-19332: 385bddaf5ee11acdf8d823ecc429c675b5416ac2 KVM: x86: fix out-of-bounds write in KVM_GET_EMULATED_CPUID (CVE-2019-19332)
CVEs fixed in 4.4.208:
CVE-2019-19057: 4a6cf20ca09434486bfbfc742c960157c23c931d mwifiex: pcie: Fix memory leak in mwifiex_pcie_init_evt_ring
CVE-2019-19063: ca4fb6974bb645ebf3352f5bba7699db4b44b75f rtlwifi: prevent memory leak in rtl_usb_probe
CVE-2019-19447: 0a5a9d02428d4e8c181413a51f7bcf0d7080dbf3 ext4: work around deleting a file with i_nlink == 0 safely
CVE-2019-20812: b424ed744453c1b0ce0e67f2e64e7719725f65a3 af_packet: set defaule value for tmo
CVEs fixed in 4.4.209:
CVE-2019-19965: 8febe765539fbcc7d47e4e2ad44a0bcb2adbf02b scsi: libsas: stop discovering if oob mode is disconnected
CVEs fixed in 4.4.210:
CVE-2019-14615: e2546a83a7e291f412978cf6a580e43698c308bc drm/i915/gen9: Clear residual context state on context switch
CVE-2019-14895: d1bd8bd7e5ebda57580372d2b8b69182f9d8d113 mwifiex: fix possible heap overflow in mwifiex_process_country_ie()
CVE-2019-19056: c858dc3c047e2962994d28acaccd52272558c9ff mwifiex: pcie: Fix memory leak in mwifiex_pcie_alloc_cmdrsp_buf
CVE-2019-19066: 8c67bbd0754f8b35f28d8b5626c16d5721e9a8f7 scsi: bfa: release allocated memory in case of error
CVE-2019-19068: 57d09152eef9e1afca04b2f7bebccd07e0efa881 rtl8xxxu: prevent leaking urb
CVE-2019-20636: 68442780f2c223531de9d25104fd04e1bfdb583b Input: add safety guards to input_set_keycode()
CVE-2020-0305: 3cce9309df73def742692ffddde05638b6eda6d9 chardev: Avoid potential use-after-free in 'chrdev_open()'
CVE-2020-0431: 3be648c80db794a3bc1b22a1115071402a1f9803 HID: hid-input: clear unmapped usages
CVEs fixed in 4.4.211:
CVE-2018-21008: 80427a7b1195e7946992baffeb112b2635245198 rsi: add fix for crash during assertions
CVE-2019-15217: e6c986b15703eb2e0d59a3f79e99fd2aa6221b51 media: usb:zr364xx:Fix KASAN:null-ptr-deref Read in zr364xx_vidioc_querycap
CVE-2019-15220: e2c48c1e6ef5e806b68ca685216dda05e5267be2 p54usb: Fix race between disconnect and firmware loading
CVE-2019-15221: 81b83ca3e45b83e632b8063cd27bdb072ecfc135 ALSA: line6: Fix write on zero-sized buffer
CVE-2019-17351: b39b4801d50956256711db83be28b9cff2620fda xen: let alloc_xenballooned_pages() fail if not enough memory free
CVE-2019-20096: a5c290ebb46d33f8700aab2edb996c9a0478b3b8 dccp: Fix memleak in __feat_register_sp
CVE-2019-5108: 622c77a3addefa54d61205177635409de87a8a7c mac80211: Do not send Layer 2 Update frame before authorization
CVE-2020-12652: 952fc03b38b8dca3923f3c61e3273c8f8ed2bd86 scsi: mptfusion: Fix double fetch bug in ioctl
CVEs fixed in 4.4.212:
CVE-2019-14896: 4d7f4d383230f6ef4f8a32e1fbfa4eb7c682522f libertas: Fix two buffer overflows at parsing bss descriptor
CVE-2019-14897: 4d7f4d383230f6ef4f8a32e1fbfa4eb7c682522f libertas: Fix two buffer overflows at parsing bss descriptor
CVE-2020-14416: 6169e11e1f14dd272ec9c746050820e5cc2cf853 can, slip: Protect tty->disc_data in write_wakeup and close with RCU
CVEs fixed in 4.4.213:
CVE-2020-0432: 917c8fe39f4d42c3850b22d6a0bf3ffab1466d19 staging: most: net: fix buffer overflow
CVEs fixed in 4.4.214:
CVE-2020-0404: f941047b5e5abd73be6c058a67a06533728c3422 media: uvcvideo: Avoid cyclic entity chains due to malformed USB descriptors
CVE-2020-12653: 4dd90d14f902074f18238dc104868debbd3cd250 mwifiex: Fix possible buffer overflows in mwifiex_cmd_append_vsie_tlv()
CVE-2020-12654: 91b836b01c788932d86a448d26561740d22e7c9b mwifiex: Fix possible buffer overflows in mwifiex_ret_wmm_get_status()
CVEs fixed in 4.4.215:
CVE-2019-16233: d50a2a486d941417ca7abaebfe433a3af3c773fb scsi: qla2xxx: fix a potential NULL pointer dereference
CVE-2020-0009: a349db843c640ad1fbab6625a7a4e9d4dd45f26a staging: android: ashmem: Disallow ashmem memory from being remapped
CVE-2020-2732: 27021607e18ee2946cbbc74c19031ad966b9c883 KVM: nVMX: Don't emulate instructions in guest mode
CVE-2020-36558: 803bc73a2d3238a60901f4d9427fc7f8ac1d0435 vt: vt_ioctl: fix race in VT_RESIZEX
CVE-2020-9383: 3dd989efdd97a42dc18e9bd653b16f0d84f45fc2 floppy: check FDC index for errors before assigning it
CVEs fixed in 4.4.216:
CVE-2019-11487: c326585619b99cce3240403faa56f599e06893cb fs: prevent page refcount overflow in pipe_buf_get
CVE-2019-16234: 32b63f22e4c16aee095b2c116f0c7526b7fd3e66 iwlwifi: pcie: fix rb_allocator workqueue allocation
CVE-2020-0444: c99bc56eba9e90c28d8bb42712b9b262d99df630 audit: fix error handling in audit_data_to_entry()
CVE-2020-27068: bfb70b52540845bd1574de6f0e58fcc7907d8a07 cfg80211: add missing policy for NL80211_ATTR_STATUS_CODE
CVE-2020-8647: c0950b28ad5ac18f35ad8fa3856d10be585547b4 vgacon: Fix a UAF in vgacon_invert_region
CVE-2020-8648: 63f529ab35671d1c7433cb8283980289c8832bad vt: selection, close sel_buffer race
CVE-2020-8649: c0950b28ad5ac18f35ad8fa3856d10be585547b4 vgacon: Fix a UAF in vgacon_invert_region
CVEs fixed in 4.4.217:
CVE-2019-14901: 4ca9ed6965cc0b9ace3758355ff13d71b97bf008 mwifiex: Fix heap overflow in mmwifiex_process_tdls_action_frame()
CVE-2020-29370: 3698fe758684cf3600a0aa91a5af3eba27722cfd mm: slub: add missing TID bump in kmem_cache_alloc_bulk()
CVEs fixed in 4.4.218:
CVE-2020-10942: 79152052fbb703ff5f66778b3e585c69b95d83d2 vhost: Check docket sk_family instead of call getname
CVE-2020-11608: 3de5ed1a64b96f0a482e2a325bcea38d51a2a1fd media: ov519: add missing endpoint sanity checks
CVE-2020-11609: eca73facbd01d15bd6f8c08c9c39d255a752e4b6 media: stv06xx: add missing descriptor sanity checks
CVE-2020-11668: 89fb5aa765cf8e47ac168810dd76afe37312dff2 media: xirlink_cit: add missing descriptor sanity checks
CVE-2020-14381: 24bbfe34bb44c036c3a0874bf74fc2387d5557bf futex: Fix inode life-time issue
CVE-2020-27066: 0ac1dd7bb8f1b40f1bf494f6a27235a7a3b36350 xfrm: policy: Fix doulbe free in xfrm_policy_timer
CVE-2020-36557: 7f4c99f8487c1dd7b7eb980c16bd256be0dc04d1 vt: vt_ioctl: fix VT_DISALLOCATE freeing in-use virtual console
CVE-2021-3715: 7518af6464b47a0d775173570c3d25f699da2a5e net_sched: cls_route: remove the right filter from hashtable
CVEs fixed in 4.4.219:
CVE-2020-0429: d845bf594d68d309a39ce8df72942e2b3fbbb176 l2tp: fix race between l2tp_session_delete() and l2tp_tunnel_closeall()
CVE-2020-11494: f7dd0134a169df7dd9b68b6c135fe10629e66599 slcan: Don't transmit uninitialized stack data in padding
CVE-2020-11565: 4489253d0625c4841620160b2461925b695c651c mm: mempolicy: require at least one nodeid for MPOL_PREFERRED
CVEs fixed in 4.4.220:
CVE-2020-12826: 6b9e27da8fc595e8abd4374c230d5b9404efac83 signal: Extend exec_id to 64bits
CVEs fixed in 4.4.221:
CVE-2019-19319: 7eff961ca9f364be255d279346517ba0158ec8e3 ext4: protect journal inode's blocks using block_validity
CVE-2020-12114: 83354adbd7a967230bd23a547c5b695567ddba2c make struct mountpoint bear the dentry reference to mountpoint, not struct mount
CVE-2020-12464: f613d830fae7cbf8799378338d4df977f8667d5c USB: core: Fix free-while-in-use bug in the USB S-Glibrary
CVEs fixed in 4.4.222:
CVE-2020-0255: 92b5848736395f4ea56738895acdd09cdc2a93da selinux: properly handle multiple messages in selinux_netlink_send()
CVE-2020-10751: 92b5848736395f4ea56738895acdd09cdc2a93da selinux: properly handle multiple messages in selinux_netlink_send()
CVEs fixed in 4.4.224:
CVE-2019-19768: 3d5d64aea941a45efda1bd02c0ec8dd57e8ce4ca blktrace: Protect q->blk_trace with RCU
CVE-2020-0433: fa9355afd5b07707e15a5f75b854f04a9c14a798 blk-mq: sync the update nr_hw_queues with blk_mq_queue_tag_busy_iter
CVE-2020-10690: 6f5e3bb7879ee1eb71c6c3cbaaffbb0da6cd7d57 ptp: fix the race between the release of ptp_clock and cdev
CVE-2020-10711: b8ff52e4bdaabfee050ae4e8c721305a924a8633 netlabel: cope with NULL catmap
CVE-2020-12769: 3549e7aaa20947df2338305509c534c79c43e765 spi: spi-dw: Add lock protect dw_spi rx/tx to prevent concurrent calls
CVE-2020-12770: af9a86cc9f1acfc380e96a9beb59462f32a4b6c4 scsi: sg: add sg_remove_request in sg_write
CVE-2020-13143: c18a8b0d7b8fdb299bcfab2feb9c0f410580794a USB: gadget: fix illegal array access in binding with UDC
CVE-2020-1749: 7c9d04e1c3ed58f60592329459d9ca7789442ff7 net: ipv6_stub: use ip6_dst_lookup_flow instead of ip6_dst_lookup
CVE-2020-27786: 718eede1eeb602531e09191d3107eb849bbe64eb ALSA: rawmidi: Fix racy buffer resize under concurrent accesses
CVEs fixed in 4.4.225:
CVE-2018-9517: 3ca51032627e9bfea7d609f008461efdfdba1a5c l2tp: pass tunnel pointer to ->session_create()
CVE-2020-27067: c30b34ce7944ec7026d4803cd51da2521df992a3 l2tp: fix l2tp_eth module loading
CVE-2021-0447: c2984681fe15cfb803a9132aaaf1140ab20a72c1 l2tp: protect sock pointer of struct pppol2tp_session with RCU
CVEs fixed in 4.4.226:
CVE-2020-10732: 2673a0cb646affc7ff66970cfc884d9e2223bc60 fs/binfmt_elf.c: allocate initialized memory in fill_thread_core_info()
CVEs fixed in 4.4.227:
CVE-2020-0543: 4ebffa4b0a198d8671ee68742ba6d3f56164301f x86/cpu: Add 'table' argument to cpu_matches()
CVE-2020-13974: dad0bf9ce93fa40b667eccd3306783f4db4b932b vt: keyboard: avoid signed integer overflow in k_ascii
CVEs fixed in 4.4.228:
CVE-2019-20810: ce7fcdd544fbc07a2c327d18b0712754cf1557d2 media: go7007: fix a miss of snd_card_free
CVE-2020-10766: 37368554eaf7815a3ef3c2cbbd242fc19d3cb32b x86/speculation: Prevent rogue cross-process SSBD shutdown
CVE-2020-10767: 317b9c418ea38089a6d5c42fcaa9a545334838c3 x86/speculation: Avoid force-disabling IBPB based on STIBP and enhanced IBRS.
CVE-2020-10768: 7a5764e8990096fd08e8566b87df3c111bf5a736 x86/speculation: PR_SPEC_FORCE_DISABLE enforcement for indirect branches.
CVEs fixed in 4.4.229:
CVE-2020-12771: 9517bec2c1ff8f223f8f2d28c743731e8f216bbe bcache: fix potential deadlock problem in btree_gc_coalesce
CVE-2020-15436: f9aa90e1b8aa2a133d4046223248ab61688445f5 block: Fix use-after-free in blkdev_get()
CVEs fixed in 4.4.230:
CVE-2020-15393: 831eebad70a25f55b5745453ac252d4afe997187 usb: usbtest: fix missing kfree(dev->buf) in usbtest_disconnect
CVEs fixed in 4.4.232:
CVE-2018-10323: f88efa4d6cb1fcacb9591979bacc6c57ec9d7c53 xfs: set format back to extents if xfs_bmap_extents_to_btree
CVE-2020-15437: f5e7de4f4232154835f4c3d87e01350457340c16 serial: 8250: fix null-ptr-deref in serial8250_start_tx()
CVEs fixed in 4.4.233:
CVE-2018-13094: 3d5eb8428488648c544e82e6b8b9fd391b107ed9 xfs: don't call xfs_da_shrink_inode with NULL bp
CVE-2018-8043: 52e4b929c3bd6fac2a8cf4c2609d71486bde072c net: phy: mdio-bcm-unimac: fix potential NULL dereference in unimac_mdio_probe()
CVE-2019-19054: 84c9c409286617385e71d4d0d0c9dd940b574469 media: rc: prevent memory leak in cx23888_ir_probe
CVE-2019-19073: 60fa3632210b1dc99296100227ae2d79ebbb4780 ath9k_htc: release allocated buffer if timed out
CVE-2019-19074: 94e3650b2568ae7a06e10c282f588ddede5df1d6 ath9k: release allocated buffer if timed out
CVE-2019-19448: b086fe8442d20dbd660812337f152ec868c64c0e btrfs: only search for left_info if there is no right_info in try_merge_free_space
CVE-2019-9445: 559eff3dca325947bc3d88d17f4c454111884be5 f2fs: check if file namelen exceeds max value
CVE-2020-14331: cd44c411a441d994b234605f51f0d1ee5740e353 vgacon: Fix for missing check in scrollback handling
CVE-2020-16166: 40713057d1d11fc86f0ed02383373281d87841a3 random32: update the net random state on interrupt and activity
CVE-2020-25212: db61fb8278925f54ccb0172471164aeb56ec6537 nfs: Fix getxattr kernel panic and memory overflow
CVE-2020-26088: de7c8ab8cb412d21ffdac94a99ef2f29f7802fd1 net/nfc/rawsock.c: add CAP_NET_RAW check.
CVE-2020-36386: 491602ede684bb8554254f12f4b1bd242dd15c61 Bluetooth: Fix slab-out-of-bounds read in hci_extended_inquiry_result_evt()
CVEs fixed in 4.4.234:
CVE-2020-0466: d85e2b06662e7f46d0f174ecc603fc1c3554d5cf do_epoll_ctl(): clean the failure exits up a bit
CVE-2020-14314: 059b1480105478c5f68cf664301545b8cad6a7cf ext4: fix potential negative array index in do_split()
CVE-2020-29371: 2935e0a3cec1ffa558eea90db6279cff83aa3592 romfs: fix uninitialized memory leak in romfs_dev_read()
CVEs fixed in 4.4.236:
CVE-2020-0465: de801a7d3228aed8ea2bbfe36ccf3af7f9ef6f39 HID: core: Sanitize event code and type when mapping input
CVE-2020-25285: 9c9757b4a2cd8039dddc01e8b589d9157f5d756a mm/hugetlb: fix a race between hugetlb sysctl handlers
CVE-2021-1048: 6504c100804870911f074fd67f280756b6805958 fix regression in "epoll: Keep a reference on files added to the check list"
CVEs fixed in 4.4.237:
CVE-2020-14390: 1f08e80ec5751b8f565139cd7a921fbee46f8a22 fbcon: remove soft scrollback code
CVE-2020-25284: e349a5786f4c23eb11d1e7385703ddbf94f3f061 rbd: require global CAP_SYS_ADMIN for mapping and unmapping
CVE-2020-28097: 5f76b4c6ac297ce836abe17f495123f45bfc4fb3 vgacon: remove software scrollback support
CVEs fixed in 4.4.238:
CVE-2020-25643: a49ef91286776c3f095460112846cd85a063c29a hdlc_ppp: add range checks in ppp_cp_parse_cr()
CVE-2021-0605: 831587619afe78cd72651b34a0f6ccb2acf3c503 af_key: pfkey_dump needs parameter validation
CVEs fixed in 4.4.239:
CVE-2020-25211: 3f5bfa0a2c3401bfbc0cab5894df8262de619641 netfilter: ctnetlink: add a range check for l3/l4 protonum
CVE-2020-28915: 0e3e69e0a8bc516e37ee3b496779b60e660b5ea5 fbcon: Fix global-out-of-bounds read in fbcon_get_font()
CVE-2021-0448: 3f5bfa0a2c3401bfbc0cab5894df8262de619641 netfilter: ctnetlink: add a range check for l3/l4 protonum
CVE-2021-39634: ea984dfe0e7978cd294eb6a640ac27fa1834ac8d epoll: do not insert into poll queues until all sanity checks are done
CVEs fixed in 4.4.240:
CVE-2020-10135: 554ab8c6e143606bb205c7d694656fac3d6e3cc2 Bluetooth: Consolidate encryption handling in hci_encrypt_cfm
CVE-2020-12352: e7b465bda9b90bec5427775bcbbfc47fe7a6012b Bluetooth: A2MP: Fix not initializing all members
CVEs fixed in 4.4.241:
CVE-2020-25705: a9d0ba6aa7485aabed7b8f2ed5a3975684847e0b icmp: randomize the global rate limiter
CVE-2020-27784: 25c95c6bd4dc50a3c20de0fa7f450ea02b2320fc usb: gadget: function: printer: fix use-after-free in __lock_acquire
CVEs fixed in 4.4.242:
CVE-2020-25656: f4cfdf9b1487d3512da27a1a542b4c33a4737bca vt: keyboard, extend func_buf_lock to readers
CVE-2020-25668: e847c4e2ccc80295338cc96136aec2877be82359 tty: make FONTX ioctl use the tty pointer they were actually passed
CVE-2020-28974: 81f26642406c16bf52015683511c814ecbe2abc3 vt: Disable KD_FONT_OP_COPY
CVE-2020-35508: 33175e2d8fdf7b07be9691ee7747a3982dcf52cd fork: fix copy_process(CLONE_PARENT) race with the exiting ->real_parent
CVEs fixed in 4.4.243:
CVE-2020-8694: ed3691aa7e4ad0a987da49b9165a22255b39e9b7 powercap: restrict energy meter to root access
CVEs fixed in 4.4.244:
CVE-2019-0148: 0f60ed1afff42f84dcba5a7950ee8712da8363d5 i40e: Wrong truncation from u16 to u8
CVE-2020-0427: 03f69244302d7954f42f528ea2d45903ebbf59f3 pinctrl: devicetree: Avoid taking direct reference to device name string
CVE-2020-14351: 17b235e6cc9d701a2eece74a64f89062072b81b1 perf/core: Fix race in the perf_mmap_close() function
CVE-2020-25645: e98bcb65299870dfa98d2067d423da80555188c4 geneve: add transport ports in route lookup for geneve
CVE-2020-27673: 33f38ccfe479fdb53bf0409e9b74e993e30d4d1f xen/events: add a proper barrier to 2-level uevent unmasking
CVE-2020-27675: c0e77192829a1a02983d672ac144e6196098cad7 xen/events: avoid removing an event channel while handling it
CVEs fixed in 4.4.245:
CVE-2018-13093: f17ef9beebc7c55c5a791aacdc5992880ea15d8c xfs: validate cached inodes are free when allocated
CVE-2020-25669: 640ede0a21a0b9bd68e47ccbca87fd747e38ea0a Input: sunkbd - avoid use-after-free in teardown paths
CVE-2020-4788: 4a1e90af718d1489ffcecc8f52486c4f5dc0f7a6 powerpc/64s: flush L1D on kernel entry
CVEs fixed in 4.4.247:
CVE-2019-19813: d4d0b4f942fed5d5b69effe200c1df6108483385 btrfs: inode: Verify inode mode to avoid NULL pointer dereference
CVE-2019-19816: d4d0b4f942fed5d5b69effe200c1df6108483385 btrfs: inode: Verify inode mode to avoid NULL pointer dereference
CVEs fixed in 4.4.248:
CVE-2020-29660: 7b4a4b9403c52343d00901babc3987588bc0b085 tty: Fix ->session locking
CVE-2020-29661: 30f7752609a8030862f4c7faed5c845e2aa300be tty: Fix ->pgrp locking in tiocspgrp()
CVE-2020-35519: 3cb72fe7ac64d5f647dbefd94ce7b54f6b92ede9 net/x25: prevent a couple of overflows
CVEs fixed in 4.4.249:
CVE-2020-27815: b01bec9ec3b196a8a33d0d68991c8a45c8c24551 jfs: Fix array index bounds check in dbAdjTree
CVE-2020-29568: de66402f45c0cae9566b1568cc1b2df2b5ccbbf8 xen/xenbus: Allow watches discard events before queueing
CVEs fixed in 4.4.250:
CVE-2020-36158: 878ba6234c5827722d79767d39450340e228ce86 mwifiex: Fix possible buffer overflows in mwifiex_cmd_802_11_ad_hoc_start
CVEs fixed in 4.4.252:
CVE-2020-28374: 87be50177ddb789330e6c5ddcc2f301cec0017dc scsi: target: Fix XCOPY NAA identifier lookup
CVEs fixed in 4.4.253:
CVE-2021-3178: c89b2b56fc536d4fd41745bcbf394aa21162e277 nfsd4: readdirplus shouldn't return parent of export
CVEs fixed in 4.4.254:
CVE-2020-27825: a7c2dd4438056fb665a376860242463a30f2d2e8 tracing: Fix race in trace_open and buffer resize call
CVE-2021-39657: a4cdbf4805bfed8f39e6b25f113588064d9a6ac5 scsi: ufs: Correct the LUN used in eh_device_reset_handler() callback
CVEs fixed in 4.4.258:
CVE-2021-26930: 2e6cc64b7b56e5c2d2c01de8ff1b3986342c2b18 xen-blkback: fix error handling in xen_blkbk_map()
CVE-2021-26931: 74e38b7a6972fd6983e6fbd929b65746ce975aed xen-blkback: don't "handle" error by BUG()
CVE-2021-26932: 15b6ca2cef13f06ef41d9ebc094ef7770fd98ab3 Xen/x86: don't bail early from clear_foreign_p2m_mapping()
CVEs fixed in 4.4.259:
CVE-2021-0512: 795a8c31cabf1a452b0b63bb3f8d9159b353e5ce HID: make arrays usage and value to be the same
CVE-2021-3612: ade5180681d778d36b569ad35cc175ab22196c5f Input: joydev - prevent potential read overflow in ioctl
CVEs fixed in 4.4.260:
CVE-2021-27363: 67c6818821a39fb50e1b84e7259aee5298d2c512 scsi: iscsi: Restrict sessions and handles to admin capabilities
CVE-2021-27364: 67c6818821a39fb50e1b84e7259aee5298d2c512 scsi: iscsi: Restrict sessions and handles to admin capabilities
CVE-2021-27365: b8a757b57ba3e27d6399106a78350af513fb0bb5 scsi: iscsi: Ensure sysfs attributes are limited to PAGE_SIZE
CVE-2021-28038: f2c9673ce689801ef3bee517013b0c9b94dd14fa Xen/gnttab: handle p2m update errors on a per-slot basis
CVE-2021-30002: 432b08869893ebd751e815465b822bb99cf710e7 media: v4l: ioctl: Fix memory leak in video_usercopy
CVEs fixed in 4.4.262:
CVE-2019-16232: 3b431b60940fa2cda06d6b4906e11acd222d471a libertas: fix a potential NULL pointer dereference
CVE-2019-19060: 00552ca5cae5e86311df6cfd5911213c89ece4e2 iio: imu: adis16400: release allocated memory on failure
CVE-2019-19061: 7671c44edfd0411c7411266f0c90dd21b535c3d4 iio: imu: adis16400: fix memory leak
CVE-2021-20261: b93c6b400ed51e526e724b430a115293fd147466 floppy: fix lock_fdc() signal handling
CVE-2021-28660: 36f8d0af46daf6eb4c7c5edf6adbfa02e9c70f92 staging: rtl8188eu: prevent ->ssid overflow in rtw_wx_set_scan()
CVE-2021-29265: 9ee196f307ec006cac386a0d8b7935dd2ccd0083 usbip: fix stub_dev usbip_sockfd_store() races leading to gpf
CVEs fixed in 4.4.263:
CVE-2021-28964: 2922e2e894781c36ce014935f05163287635609c btrfs: fix race when cloning extent buffer during rewind of an old root
CVE-2021-28972: 4639466722c2ea832bc145c06cd5aa2012db9102 PCI: rpadlpar: Fix potential drc_name corruption in store functions
CVEs fixed in 4.4.264:
CVE-2021-28688: 47b6b2742ee60334c40d75bfaab49028688f1510 xen-blkback: don't leak persistent grants from xen_blkbk_map()
CVEs fixed in 4.4.265:
CVE-2021-3483: 63d8737a59ae58e5c2d5fd640c294e7b5bb1d394 firewire: nosy: Fix a use-after-free bug in nosy_ioctl()
CVEs fixed in 4.4.266:
CVE-2021-29154: ca97582a3fe79543de8e5905e829c5ad3661a1ef bpf, x86: Validate computation of branch displacements for x86-64
CVEs fixed in 4.4.267:
CVE-2020-25670: a1cdd18c49d23ec38097ac2c5b0d761146fc0109 nfc: fix refcount leak in llcp_sock_bind()
CVE-2020-25671: a524eabb5e309e49ee2d8422a771c5cedef003c4 nfc: fix refcount leak in llcp_sock_connect()
CVE-2020-25672: 7ed6c0c7db2099792768150c070efca71e85bdf3 nfc: fix memory leak in llcp_sock_connect()
CVE-2020-25673: 7f6c9e4314aa7d90b6261b8ae571d14c454ba964 nfc: Avoid endless loops caused by repeated llcp_sock_connect()
CVE-2021-0937: b0d98b2193a38ef93c92e5e1953d134d0f426531 netfilter: x_tables: fix compat match/target pad out-of-bound write
CVE-2021-22555: b0d98b2193a38ef93c92e5e1953d134d0f426531 netfilter: x_tables: fix compat match/target pad out-of-bound write
CVE-2021-3659: cd19d85e6d4a361beb11431af3d22248190f5b48 net: mac802154: Fix general protection fault
CVEs fixed in 4.4.269:
CVE-2017-0605: 150381302389fa01425396489a21dc7c53383a5b tracing: Use strlcpy() instead of strcpy() in __trace_find_cmdline()
CVE-2021-31916: 0c0f93fbd20276d65ae0581edfcdc93579aa1dc7 dm ioctl: fix out of bounds array access when no devices
CVE-2021-33034: b27a218d166b7f07cd5616fb90e727b6ed662b1a Bluetooth: verify AMP hci_chan before amp_destroy
CVE-2021-4157: 0c5ccd5e2a2e291774618c24c459fa397fd1b7da pNFS/flexfiles: fix incorrect size check in decode_nfs_fh()
CVEs fixed in 4.4.270:
CVE-2020-26555: 75523bbfb0eaead670c97fbcf096ca2ab556f0c0 Bluetooth: SMP: Fail if remote and local public keys are identical
CVE-2020-26558: 75523bbfb0eaead670c97fbcf096ca2ab556f0c0 Bluetooth: SMP: Fail if remote and local public keys are identical
CVE-2021-0129: 75523bbfb0eaead670c97fbcf096ca2ab556f0c0 Bluetooth: SMP: Fail if remote and local public keys are identical
CVEs fixed in 4.4.271:
CVE-2020-24586: 229fa01b0bd72559e5c5b99e402f180e47ad86a8 mac80211: prevent mixed key and fragment cache attacks
CVE-2020-24587: 229fa01b0bd72559e5c5b99e402f180e47ad86a8 mac80211: prevent mixed key and fragment cache attacks
CVE-2020-24588: daea7ff51861cec93ff7f561095d9048b673b51f cfg80211: mitigate A-MSDU aggregation attacks
CVE-2020-26139: e3d4030498c304d7c36bccc6acdedacf55402387 mac80211: do not accept/forward invalid EAPOL frames
CVE-2020-26147: 16cbc9756dd84e870867f003a200553931dd461b mac80211: assure all fragments are encrypted
CVE-2021-29650: 9bc6c1246941cf88cf06a27153d6a1108a240067 netfilter: x_tables: Use correct memory barriers.
CVE-2021-32399: a7dc1c981038bbd5f7379148d7fd8821d2a7b9ae bluetooth: eliminate the potential race condition when removing the HCI controller
CVE-2021-34981: 61a811e8f5229264b822361f8b23d7638fd8c914 Bluetooth: cmtp: fix file refcount when cmtp_attach_device fails
CVEs fixed in 4.4.272:
CVE-2021-3564: 054b0b4f9bf86baac0774e1ea38f4b65497089e5 Bluetooth: fix the erroneous flush_work() order
CVE-2021-3573: 2260759b5300865dc209150e925aaeb9df758630 Bluetooth: use correct lock to prevent UAF of hdev object
CVE-2021-3587: eb6875d48590d8e564092e831ff07fa384d7e477 nfc: fix NULL ptr dereference in llcp_sock_getname() after failed connect
CVE-2021-38208: eb6875d48590d8e564092e831ff07fa384d7e477 nfc: fix NULL ptr dereference in llcp_sock_getname() after failed connect
CVEs fixed in 4.4.274:
CVE-2021-34693: f638caa211e7a121a5596986d29ebbdaf9156398 can: bcm: fix infoleak in struct bcm_msg_head
CVE-2021-45486: 8fb8c138b5d69128964e54e1b5ee49fc395f011c inet: use bigger hash table for IP ID generation
CVEs fixed in 4.4.276:
CVE-2021-33909: 3533e50cbee8ff086bfa04176ac42a01ee3db37d seq_file: disallow extremely large seq buffer allocations
CVE-2021-3609: 9c47fa9295ce58433cae4376240b738b126637d4 can: bcm: delay release of struct bcm_op after synchronize_rcu()
CVE-2021-38160: 187f14fb88a9e62d55924748a274816fe6f34de6 virtio_console: Assure used length from device is limited
CVE-2021-45485: c43fa9ee9f1de295474a28903607f84209d7e611 ipv6: use prandom_u32() for ID generation
CVE-2022-0850: ce14bff239a107344b153bd6504a2f8165f672e9 ext4: fix kernel infoleak via ext4_extent_header
CVEs fixed in 4.4.277:
CVE-2021-3679: afa091792525dfa6c3c854069ec6b8a5ccc62c11 tracing: Fix bug in rb_per_cpu_empty() that might cause deadloop.
CVE-2021-37576: 1e90a673f6ee09c668fe01aa1b94924f972c9811 KVM: PPC: Book3S: Fix H_RTAS rets buffer overflow
CVE-2021-38204: fc2a7c2280fa2be8ff9b5af702368fcd49a0acdb usb: max-3421: Prevent corruption of freed memory
CVEs fixed in 4.4.278:
CVE-2021-0920: 72247f34d90e25c1493436e45e193e8306082b19 af_unix: fix garbage collect vs MSG_PEEK
CVE-2021-21781: 8db77dca7e1d1d1d6aa9334207ead57853832bb7 ARM: ensure the signal page contains defined contents
CVEs fixed in 4.4.281:
CVE-2021-3732: c6e8810d25295acb40a7b69ed3962ff181919571 ovl: prevent private clone if bind mount is not allowed
CVE-2021-38205: 3d4ba14fc5ffbe5712055af09a5c0cbab93c0f44 net: xilinx_emaclite: Do not print real IOMEM pointer
CVEs fixed in 4.4.282:
CVE-2021-3653: 53723b7be26ef31ad642ce5ffa8b42dec16db40e KVM: nSVM: avoid picking up unsupported bits from L2 in int_ctl (CVE-2021-3653)
CVE-2021-42008: d66736076bd84742c18397785476e9a84d5b54ef net: 6pack: fix slab-out-of-bounds in decode_data
CVEs fixed in 4.4.283:
CVE-2021-3753: 01da584f08cbb1e04f22796cc49b10d570cd5ec1 vt_kdsetmode: extend console locking
CVEs fixed in 4.4.284:
CVE-2020-3702: 4d6b4335838fd89419212e1e486c415ec36fb610 ath: Use safer key clearing with key cache entries
CVE-2021-40490: 69d82df68fbc5e368820123200d7b88f6c058350 ext4: fix race writing to an inline_data file while its xattrs are changing
CVE-2022-20141: b24065948ae6c48c9e20891f8cfe9850f1d748be igmp: Add ip_mc_list lock in ip_check_mc_rcu
CVEs fixed in 4.4.285:
CVE-2021-20320: a738597a79e588bcf9817d4ec12740c99842db3b s390/bpf: Fix optimizing out zero-extensions
CVE-2021-3655: c299c5925ab774b64ca6aba87fb8c497f5663780 sctp: validate from_addr_param return
CVEs fixed in 4.4.288:
CVE-2021-4203: 323f0968a81b082cf02ef15b447cd35e4328385e af_unix: fix races in sk_peer_pid and sk_peer_cred accesses
CVEs fixed in 4.4.289:
CVE-2020-29374: 58facc9c7ae307be5ecffc1697552550fedb55bd gup: document and work around "COW can break either way" issue
CVEs fixed in 4.4.290:
CVE-2021-20321: a4f281ffc1d128d7ea693cbc3a796e56e919fd7c ovl: fix missing negative dentry check in ovl_rename()
CVE-2021-3760: 1d5e0107bfdbef6cc140fb5d7a1a817a40948528 nfc: nci: fix the UAF of rf_conn_info object
CVE-2021-3896: e8b8de17e164c9f1b7777f1c6f99d05539000036 isdn: cpai: check ctr->cnr to avoid array index out of bound
CVE-2021-43389: e8b8de17e164c9f1b7777f1c6f99d05539000036 isdn: cpai: check ctr->cnr to avoid array index out of bound
CVEs fixed in 4.4.291:
CVE-2021-3772: 629d2823abf957bcbcba32154f1f6fd49bdb850c sctp: use init_tag from inithdr for ABORT chunk
CVEs fixed in 4.4.292:
CVE-2021-37159: cbefdf724282e6a948885f379dc92ab841c2fee0 usb: hso: fix error handling code of hso_create_net_device
CVEs fixed in 4.4.293:
CVE-2021-3640: f632f88fe209240f5cad853e33f74fda4d341004 Bluetooth: sco: Fix lock_sock() blockage by memcpy_from_msg()
CVE-2021-3752: 88aed7d67197d155260f09078835290adfa1debd Bluetooth: fix use-after-free error in lock_sock_nested()
CVE-2021-39686: 120ffcd83596fe94b6d6735d21349f118b60c936 binder: use euid from cred instead of using task
CVE-2021-4202: 6dc051117ba0e1dac9324593ff2c1c520f67ad21 NFC: reorganize the functions in nci_request
CVE-2021-45868: 7a40f3e53f5de1d6876df8a9e8025b50616b8818 quota: check block number when reading the block in quota file
CVEs fixed in 4.4.294:
CVE-2021-4002: 8a8ae093b52ba76b650b493848d67e7b526c8751 hugetlbfs: flush TLBs correctly after huge_pmd_unshare
CVE-2021-4083: 8afa4ef999191477506b396fae518338b8996fec fget: check that the fd still exists after getting a ref to it
CVEs fixed in 4.4.295:
CVE-2021-39685: 93cd7100fe471c5f76fb942358de4ed70dbcaf35 USB: gadget: detect too-big endpoint 0 requests
CVE-2021-39698: d0ceebaae0e406263b83462701b5645e075c1467 wait: add wake_up_pollfree()
CVE-2022-20132: 6a0bc60a84cb5186a84e7501616dacfd9e991b54 HID: add hid_is_usb() function to make it simpler for USB detection
CVEs fixed in 4.4.296:
CVE-2021-28711: 3e04b9e6aa7d77287e70a400be83060d2b7b2cfe xen/blkfront: harden blkfront against event channel storms
CVE-2021-28712: 81900aa7d7a130dec4c55b68875e30fb8c9effec xen/netfront: harden netfront against event channel storms
CVE-2021-28713: c7eaa5082bccfc00dfdb500ac6cc86d6f24ca027 xen/console: harden hvc_xen against event channel storms
CVE-2021-28715: 0928efb09178e01d3dc8e8849aa1c807436c3c37 xen/netback: don't queue unlimited number of packages
CVEs fixed in 4.4.297:
CVE-2022-1195: 371a874ea06f147d6ca30be43dad33683965eba6 hamradio: improve the incomplete fix to avoid NPD
CVEs fixed in 4.4.299:
CVE-2021-4155: 56adcda55aa213e106224ff3d18ef4625e25f52b xfs: map unwritten blocks in XFS_IOC_{ALLOC,FREE}SP just like fallocate
CVE-2021-45095: 172b3f506c24a61805b3910b9acfe7159d980b9b phonet: refcount leak in pep_sock_accep
CVEs fixed in 4.4.300:
CVE-2021-43976: 7d5e12e452771509d94db391a3b5e428325ed268 mwifiex: Fix skb_over_panic in mwifiex_usb_recv()
CVEs fixed in 4.4.301:
CVE-2022-0330: db6a2082d5a2ebc5ffa41f7213a544d55f73793a drm/i915: Flush TLBs before releasing backing store
CVEs fixed in 4.4.302:
CVE-2022-0617: 0f28e1a57baf48a583093e350ea2bd3e4c09b8ea udf: Fix NULL ptr deref when converting from inline format
Outstanding CVEs:
CVE-2005-3660: (unk)
CVE-2007-3719: (unk)
CVE-2008-2544: (unk)
CVE-2008-4609: (unk)
CVE-2010-4563: (unk)
CVE-2010-5321: (unk)
CVE-2011-4916: (unk)
CVE-2011-4917: (unk)
CVE-2012-4542: (unk)
CVE-2013-7445: (unk)
CVE-2015-1350: (unk) fs: Avoid premature clearing of capabilities
CVE-2015-2877: (unk)
CVE-2015-8952: (unk) ext2: convert to mbcache2
CVE-2016-10723: (unk) mm, oom: remove sleep from under oom_lock
CVE-2016-5728: (unk) misc: mic: Fix for double fetch security bug in VOP driver
CVE-2016-8660: (unk)
CVE-2017-1000405: (unk) mm, thp: Do not make page table dirty unconditionally in touch_p[mu]d()
CVE-2017-12168: (unk) arm64: KVM: pmu: Fix AArch32 cycle counter access
CVE-2017-13166: (unk) media: v4l2-ioctl.c: use check_fmt for enum/g/s/try_fmt
CVE-2017-13693: (unk)
CVE-2017-13694: (unk)
CVE-2017-16648: (unk) dvb_frontend: don't use-after-free the frontend struct
CVE-2017-18174: (unk) pinctrl: amd: Use devm_pinctrl_register() for pinctrl registration
CVE-2017-18232: (unk) scsi: libsas: direct call probe and destruct
CVE-2017-18261: (unk) clocksource/drivers/arm_arch_timer: Avoid infinite recursion when ftrace is enabled
CVE-2017-18552: (unk) RDS: validate the requested traces user input against max supported
CVE-2017-5715: (unk) x86/cpufeatures: Add X86_BUG_SPECTRE_V[12]
CVE-2017-5753: (unk) x86/cpufeatures: Add X86_BUG_SPECTRE_V[12]
CVE-2017-5967: (unk) time: Remove CONFIG_TIMER_STATS
CVE-2017-8065: (unk) crypto: ccm - move cbcmac input off the stack
CVE-2017-8797: (unk) nfsd: fix undefined behavior in nfsd4_layout_verify
CVE-2017-9986: (unk) sound: Retire OSS
CVE-2018-10322: (unk) xfs: enhance dinode verifier
CVE-2018-1121: (unk)
CVE-2018-1128: (unk) libceph: add authorizer challenge
CVE-2018-1129: (unk) libceph: implement CEPHX_V2 calculation mode
CVE-2018-12126: (unk) s390/speculation: Support 'mitigations=' cmdline option
CVE-2018-12127: (unk) s390/speculation: Support 'mitigations=' cmdline option
CVE-2018-12130: (unk) s390/speculation: Support 'mitigations=' cmdline option
CVE-2018-12207: (unk) kvm: x86, powerpc: do not allow clearing largepages debugfs entry
CVE-2018-12928: (unk)
CVE-2018-12929: (unk)
CVE-2018-12930: (unk)
CVE-2018-12931: (unk)
CVE-2018-13095: (unk) xfs: More robust inode extent count validation
CVE-2018-13098: (unk) f2fs: fix to do sanity check with extra_attr feature
CVE-2018-17977: (unk)
CVE-2018-20509: (unk) binder: refactor binder ref inc/dec for thread safety
CVE-2018-20854: (unk) phy: ocelot-serdes: fix out-of-bounds read
CVE-2018-20855: (unk) IB/mlx5: Fix leaking stack memory to userspace
CVE-2018-25020: (unk) bpf: fix truncated jump targets on heavy expansions
CVE-2018-3620: (unk) x86/microcode: Allow late microcode loading with SMT disabled
CVE-2018-3646: (unk) x86/microcode: Allow late microcode loading with SMT disabled
CVE-2018-5995: (unk) printk: hash addresses printed with %p
CVE-2018-7273: (unk) printk: hash addresses printed with %p
CVE-2018-7754: (unk) printk: hash addresses printed with %p
CVE-2018-9465: (unk) binder: fix proc->files use-after-free
CVE-2019-10220: (unk) Convert filldir[64]() from __put_user() to unsafe_put_user()
CVE-2019-11091: (unk) s390/speculation: Support 'mitigations=' cmdline option
CVE-2019-11191: (unk) x86: Deprecate a.out support
CVE-2019-12378: (unk) ipv6_sockglue: Fix a missing-check bug in ip6_ra_control()
CVE-2019-12379: (unk) consolemap: Fix a memory leaking bug in drivers/tty/vt/consolemap.c
CVE-2019-12380: (unk) efi/x86/Add missing error handling to old_memmap 1:1 mapping code
CVE-2019-12381: (unk) ip_sockglue: Fix missing-check bug in ip_ra_control()
CVE-2019-12382: (unk) drm/edid: Fix a missing-check bug in drm_load_edid_firmware()
CVE-2019-12456: (unk)
CVE-2019-12615: (unk) mdesc: fix a missing-check bug in get_vdev_port_node_info()
CVE-2019-15222: (unk) ALSA: usb-audio: Fix gpf in snd_usb_pipe_sanity_check
CVE-2019-15223: (unk) ALSA: line6: Assure canceling delayed work at disconnection
CVE-2019-15290: (unk)
CVE-2019-16230: (unk) drm/amdkfd: fix a potential NULL pointer dereference (v2)
CVE-2019-16231: (unk) fjes: Handle workqueue allocation failure
CVE-2019-16921: (unk) RDMA/hns: Fix init resp when alloc ucontext
CVE-2019-18885: (unk) btrfs: merge btrfs_find_device and find_device
CVE-2019-19036: (unk) btrfs: Detect unbalanced tree with empty leaf before crashing btree operations
CVE-2019-19039: (unk) btrfs: Don't submit any btree write bio if the fs has errors
CVE-2019-19241: (unk) io_uring: async workers should inherit the user creds
CVE-2019-19377: (unk) btrfs: Don't submit any btree write bio if the fs has errors
CVE-2019-19378: (unk)
CVE-2019-19449: (unk) f2fs: fix to do sanity check on segment/section count
CVE-2019-19814: (unk)
CVE-2019-19815: (unk) f2fs: support swap file w/ DIO
CVE-2019-19922: (unk) sched/fair: Fix low cpu usage with high throttling by removing expiration of cpu-local slices
CVE-2019-19927: (unk) drm/ttm: fix incrementing the page pointer for huge pages
CVE-2019-1999: (unk) binder: fix race between munmap() and direct reclaim
CVE-2019-2025: (unk) binder: fix race that allows malicious free of live buffer
CVE-2019-2054: (unk) arm/ptrace: run seccomp after ptrace
CVE-2019-20794: (unk)
CVE-2019-20806: (unk) media: tw5864: Fix possible NULL pointer dereference in tw5864_handle_frame
CVE-2019-20811: (unk) net-sysfs: call dev_hold if kobject_init_and_add success
CVE-2019-20908: (unk) efi: Restrict efivar_ssdt_load when the kernel is locked down
CVE-2019-2181: (unk) binder: check for overflow when alloc for security context
CVE-2019-2213: (unk) binder: fix possible UAF when freeing buffer
CVE-2019-3874: (unk) sctp: implement memory accounting on tx path
CVE-2019-5489: (unk) Change mincore() to count "mapped" pages rather than "cached" pages
CVE-2019-7308: (unk) bpf: fix sanitation of alu op with pointer / scalar type from different paths
CVE-2019-9453: (unk) f2fs: fix to avoid accessing xattr across the boundary
CVE-2020-0067: (unk) f2fs: fix to avoid memory leakage in f2fs_listxattr
CVE-2020-0347: (unk)
CVE-2020-0435: (unk) f2fs: fix to do sanity check with i_extra_isize
CVE-2020-10708: (unk)
CVE-2020-11669: (unk) powerpc/powernv/idle: Restore AMR/UAMOR/AMOR after idle
CVE-2020-11725: (unk)
CVE-2020-12362: (unk) drm/i915/guc: Update to use firmware v49.0.1
CVE-2020-12363: (unk) drm/i915/guc: Update to use firmware v49.0.1
CVE-2020-12364: (unk) drm/i915/guc: Update to use firmware v49.0.1
CVE-2020-12655: (unk) xfs: add agf freeblocks verify in xfs_agf_verify
CVE-2020-12656: (unk) sunrpc: check that domain table is empty at module unload.
CVE-2020-12888: (unk) vfio-pci: Invalidate mmaps and block MMIO access on disabled memory
CVE-2020-14304: (unk)
CVE-2020-14305: (unk) netfilter: helpers: remove data_len usage for inkernel helpers
CVE-2020-15802: (unk)
CVE-2020-16120: (unk) ovl: switch to mounter creds in readdir
CVE-2020-24502: (unk)
CVE-2020-24503: (unk)
CVE-2020-26140: (unk)
CVE-2020-26141: (unk) ath10k: Fix TKIP Michael MIC verification for PCIe
CVE-2020-26142: (unk)
CVE-2020-26143: (unk)
CVE-2020-26145: (unk) ath10k: drop fragments with multicast DA for PCIe
CVE-2020-26541: (unk) certs: Add EFI_CERT_X509_GUID support for dbx entries
CVE-2020-26556: (unk)
CVE-2020-26557: (unk)
CVE-2020-26559: (unk)
CVE-2020-26560: (unk)
CVE-2020-27777: (unk) powerpc/rtas: Restrict RTAS requests from userspace
CVE-2020-27820: (unk) drm/nouveau: use drm_dev_unplug() during device removal
CVE-2020-35501: (unk)
CVE-2020-36310: (unk) KVM: SVM: avoid infinite loop on NPF from bad address
CVE-2020-36313: (unk) KVM: Fix out of range accesses to memslots
CVE-2020-36322: (unk) fuse: fix bad inode
CVE-2020-36385: (unk) RDMA/ucma: Rework ucma_migrate_id() to avoid races with destroy
CVE-2020-36516: (unk)
CVE-2020-8832: (unk) drm/i915: Record the default hw state after reset upon load
CVE-2021-0399: (unk)
CVE-2021-0695: (unk)
CVE-2021-0929: (unk) staging/android/ion: delete dma_buf->kmap/unmap implemenation
CVE-2021-0941: (unk) bpf: Remove MTU check in __bpf_skb_max_len
CVE-2021-20292: (unk) drm/ttm/nouveau: don't call tt destroy callback on alloc failure.
CVE-2021-20317: (unk) lib/timerqueue: Rely on rbtree semantics for next timer
CVE-2021-22543: (unk) KVM: do not allow mapping valid but non-reference-counted pages
CVE-2021-26401: (unk) x86/speculation: Use generic retpoline by default on AMD
CVE-2021-28714: (unk) xen/netback: fix rx queue stall detection
CVE-2021-28951: (unk) io_uring: ensure that SQPOLL thread is started for exit
CVE-2021-29155: (unk) bpf: Use correct permission flag for mixed signed bounds arithmetic
CVE-2021-32078: (unk) ARM: footbridge: remove personal server platform
CVE-2021-33061: (unk) ixgbe: add improvement for MDD response functionality
CVE-2021-33098: (unk) ixgbe: fix large MTU request from VF
CVE-2021-33655: (unk) fbcon: Disallow setting font bigger than screen size
CVE-2021-33656: (unk) vt: drop old FONT ioctls
CVE-2021-34556: (unk) bpf: Introduce BPF nospec instruction for mitigating Spectre v4
CVE-2021-3506: (unk) f2fs: fix to avoid out-of-bounds memory access
CVE-2021-3542: (unk)
CVE-2021-35477: (unk) bpf: Introduce BPF nospec instruction for mitigating Spectre v4
CVE-2021-3669: (unk) ipc: replace costly bailout check in sysvipc_find_ipc()
CVE-2021-3714: (unk)
CVE-2021-38198: (unk) KVM: X86: MMU: Use the correct inherited permissions to get shadow page
CVE-2021-38300: (unk) bpf, mips: Validate conditional branch offsets
CVE-2021-3847: (unk)
CVE-2021-3864: (unk)
CVE-2021-3892: (unk)
CVE-2021-39633: (unk) ip_gre: add validation for csum_start
CVE-2021-39636: (unk) netfilter: x_tables: fix pointer leaks to userspace
CVE-2021-39648: (unk) usb: gadget: configfs: Fix use-after-free issue with udc_name
CVE-2021-39714: (unk) staging: android: ion: Drop ion_map_kernel interface
CVE-2021-39800: (unk)
CVE-2021-39801: (unk)
CVE-2021-39802: (unk)
CVE-2021-4023: (unk) io-wq: fix cancellation on create-worker failure
CVE-2021-4037: (unk) xfs: fix up non-directory creation in SGID directories
CVE-2021-4149: (unk) btrfs: unlock newly allocated extent buffer after error
CVE-2021-4150: (unk) block: fix incorrect references to disk objects
CVE-2021-4159: (unk) bpf: Verifer, adjust_scalar_min_max_vals to always call update_reg_bounds()
CVE-2021-4197: (unk) cgroup: Use open-time credentials for process migraton perm checks
CVE-2021-4218: (unk) sysctl: pass kernel pointers to ->proc_handler
CVE-2021-42739: (unk) media: firewire: firedtv-avc: fix a buffer overflow in avc_ca_pmt()
CVE-2021-43975: (unk) atlantic: Fix OOB read and write in hw_atl_utils_fw_rpc_wait
CVE-2021-44879: (unk) f2fs: fix to do sanity check on inode type during garbage collection
CVE-2021-45469: (unk) f2fs: fix to do sanity check on last xattr entry in __f2fs_setxattr()
CVE-2022-0001: (unk) x86/speculation: Rename RETPOLINE_AMD to RETPOLINE_LFENCE
CVE-2022-0002: (unk) x86/speculation: Rename RETPOLINE_AMD to RETPOLINE_LFENCE
CVE-2022-0168: (unk) cifs: fix NULL ptr dereference in smb2_ioctl_query_info()
CVE-2022-0382: (unk) net ticp:fix a kernel-infoleak in __tipc_sendmsg()
CVE-2022-0400: (unk)
CVE-2022-0480: (unk) memcg: enable accounting for file lock caches
CVE-2022-0487: (unk) moxart: fix potential use-after-free on remove path
CVE-2022-0492: (unk) cgroup-v1: Require capabilities to set release_agent
CVE-2022-0494: (unk) block-map: add __GFP_ZERO flag for alloc_page in function bio_copy_kern
CVE-2022-1011: (unk) fuse: fix pipe buffer lifetime for direct_io
CVE-2022-1012: (unk) secure_seq: use the 64 bits of the siphash for port offset calculation
CVE-2022-1016: (unk) netfilter: nf_tables: initialize registers in nft_do_chain()
CVE-2022-1048: (unk) ALSA: pcm: Fix races among concurrent hw_params and hw_free calls
CVE-2022-1116: (unk)
CVE-2022-1184: (unk) ext4: verify dir block before splitting it
CVE-2022-1198: (unk) drivers: hamradio: 6pack: fix UAF bug caused by mod_timer()
CVE-2022-1199: (unk) ax25: Fix NULL pointer dereference in ax25_kill_by_device
CVE-2022-1204: (unk) ax25: Fix refcount leaks caused by ax25_cb_del()
CVE-2022-1247: (unk)
CVE-2022-1263: (unk) KVM: avoid NULL pointer dereference in kvm_dirty_ring_push
CVE-2022-1280: (unk) drm: avoid circular locks in drm_mode_getconnector
CVE-2022-1353: (unk) af_key: add __GFP_ZERO flag for compose_sadb_supported in function pfkey_register
CVE-2022-1419: (unk) drm/vgem: Close use-after-free race in vgem_gem_create
CVE-2022-1462: (unk) tty: use new tty_insert_flip_string_and_push_buffer() in pty_write()
CVE-2022-1508: (unk) io_uring: reexpand under-reexpanded iters
CVE-2022-1652: (unk) floppy: use a statically allocated error counter
CVE-2022-1679: (unk) ath9k: fix use-after-free in ath9k_hif_usb_rx_cb
CVE-2022-1729: (unk) perf: Fix sys_perf_event_open() race against self
CVE-2022-1734: (unk) nfc: nfcmrvl: main: reorder destructive operations in nfcmrvl_nci_unregister_dev to avoid bugs
CVE-2022-1786: (unk) io_uring: remove io_identity
CVE-2022-1836: (unk) floppy: disable FDRAWCMD by default
CVE-2022-1966: (unk) netfilter: nf_tables: disallow non-stateful expression in sets earlier
CVE-2022-1974: (unk) nfc: replace improper check device_is_registered() in netlink related functions
CVE-2022-1975: (unk) NFC: netlink: fix sleep in atomic bug when firmware download timeout
CVE-2022-20148: (unk) f2fs: fix UAF in f2fs_available_free_memory
CVE-2022-20158: (unk) net/packet: fix slab-out-of-bounds access in packet_recvmsg()
CVE-2022-20166: (unk) drivers core: Use sysfs_emit and sysfs_emit_at for show(device *...) functions
CVE-2022-20368: (unk) net/packet: fix slab-out-of-bounds access in packet_recvmsg()
CVE-2022-20369: (unk) media: v4l2-mem2mem: Apply DST_QUEUE_OFF_BASE on MMAP buffers across ioctls
CVE-2022-20422: (unk) arm64: fix oops in concurrently setting insn_emulation sysctls
CVE-2022-20424: (unk) io_uring: remove io_identity
CVE-2022-21123: (unk) x86/speculation/mmio: Add mitigation for Processor MMIO Stale Data
CVE-2022-21125: (unk) x86/speculation/mmio: Reuse SRBDS mitigation for SBDS
CVE-2022-21166: (unk) x86/speculation/mmio: Enable CPU Fill buffer clearing on idle
CVE-2022-21385: (unk) net/rds: fix warn in rds_message_alloc_sgs
CVE-2022-21499: (unk) lockdown: also lock down previous kgdb use
CVE-2022-2153: (unk) KVM: x86: Avoid theoretical NULL pointer dereference in kvm_irq_delivery_to_apic_fast()
CVE-2022-2209: (unk)
CVE-2022-23036: (unk) xen/grant-table: add gnttab_try_end_foreign_access()
CVE-2022-23037: (unk) xen/netfront: don't use gnttab_query_foreign_access() for mapped status
CVE-2022-23038: (unk) xen/grant-table: add gnttab_try_end_foreign_access()
CVE-2022-23039: (unk) xen/gntalloc: don't use gnttab_query_foreign_access()
CVE-2022-23040: (unk) xen/xenbus: don't let xenbus_grant_ring() remove grants in error case
CVE-2022-23042: (unk) xen/netfront: react properly to failing gnttab_end_foreign_access_ref()
CVE-2022-2318: (unk) net: rose: fix UAF bugs caused by timer handler
CVE-2022-23222: (unk) bpf: Replace PTR_TO_XXX_OR_NULL with PTR_TO_XXX | PTR_MAYBE_NULL
CVE-2022-2327: (unk) io_uring: remove any grabbing of context
CVE-2022-2380: (unk) video: fbdev: sm712fb: Fix crash in smtcfb_read()
CVE-2022-23816: (unk) x86/kvm/vmx: Make noinstr clean
CVE-2022-23825: (unk)
CVE-2022-23960: (unk) ARM: report Spectre v2 status through sysfs
CVE-2022-24448: (unk) NFSv4: Handle case where the lookup of a directory fails
CVE-2022-24958: (unk) usb: gadget: don't release an existing dev->buf
CVE-2022-2503: (unk) dm verity: set DM_TARGET_IMMUTABLE feature flag
CVE-2022-25258: (unk) USB: gadget: validate interface OS descriptor requests
CVE-2022-25265: (unk)
CVE-2022-25375: (unk) usb: gadget: rndis: check size of RNDIS_MSG_SET command
CVE-2022-2586: (unk) netfilter: nf_tables: do not allow SET_ID to refer to another table
CVE-2022-2588: (unk) net_sched: cls_route: remove from list when handle is 0
CVE-2022-26365: (unk) xen/blkfront: fix leaking data in shared pages
CVE-2022-26373: (unk) x86/speculation: Add RSB VM Exit protections
CVE-2022-26490: (unk) nfc: st21nfca: Fix potential buffer overflows in EVT_TRANSACTION
CVE-2022-2663: (unk) netfilter: nf_conntrack_irc: Fix forged IP logic
CVE-2022-26966: (unk) sr9700: sanity check for packet length
CVE-2022-27223: (unk) USB: gadget: validate endpoint index for xilinx udc
CVE-2022-28356: (unk) llc: fix netdevice reference leaks in llc_ui_bind()
CVE-2022-28388: (unk) can: usb_8dev: usb_8dev_start_xmit(): fix double dev_kfree_skb() in error path
CVE-2022-28390: (unk) can: ems_usb: ems_usb_start_xmit(): fix double dev_kfree_skb() in error path
CVE-2022-2961: (unk)
CVE-2022-2964: (unk) net: usb: ax88179_178a: Fix out-of-bounds accesses in RX fixup
CVE-2022-2978: (unk)
CVE-2022-29900: (unk) x86/kvm/vmx: Make noinstr clean
CVE-2022-29901: (unk) x86/kvm/vmx: Make noinstr clean
CVE-2022-2991: (unk) remove the lightnvm subsystem
CVE-2022-3028: (unk) af_key: Do not call xfrm_probe_algs in parallel
CVE-2022-30594: (unk) ptrace: Check PTRACE_O_SUSPEND_SECCOMP permission on PTRACE_SEIZE
CVE-2022-3061: (unk) video: fbdev: i740fb: Error out if 'pixclock' equals zero
CVE-2022-3169: (unk)
CVE-2022-3202: (unk) jfs: prevent NULL deref in diFree
CVE-2022-32250: (unk) netfilter: nf_tables: disallow non-stateful expression in sets earlier
CVE-2022-32296: (unk) tcp: increase source port perturb table to 2^16
CVE-2022-3238: (unk)
CVE-2022-3239: (unk) media: em28xx: initialize refcount before kref_get
CVE-2022-32981: (unk) powerpc/32: Fix overread/overwrite of thread_struct via ptrace
CVE-2022-3303: (unk) ALSA: pcm: oss: Fix race at SNDCTL_DSP_SYNC
CVE-2022-3344: (unk)
CVE-2022-33740: (unk) xen/netfront: fix leaking data in shared pages
CVE-2022-33741: (unk) xen/netfront: force data bouncing when backend is untrusted
CVE-2022-33742: (unk) xen/blkfront: force data bouncing when backend is untrusted
CVE-2022-33744: (unk) xen/arm: Fix race in RB-tree based P2M accounting
CVE-2022-33981: (unk) floppy: disable FDRAWCMD by default
CVE-2022-3424: (unk)
CVE-2022-3435: (unk)
CVE-2022-34918: (unk) netfilter: nf_tables: stricter validation of element data
CVE-2022-3522: (unk) mm/hugetlb: use hugetlb_pte_stable in migration race check
CVE-2022-3523: (unk) mm/memory.c: fix race when faulting a device private page
CVE-2022-3524: (unk) tcp/udp: Fix memory leak in ipv6_renew_options().
CVE-2022-3542: (unk) bnx2x: fix potential memory leak in bnx2x_tpa_stop()
CVE-2022-3545: (unk) nfp: fix use-after-free in area_cache_get()
CVE-2022-3564: (unk)
CVE-2022-3565: (unk) mISDN: fix use-after-free bugs in l1oip timer handlers
CVE-2022-3566: (unk) tcp: Fix data races around icsk->icsk_af_ops.
CVE-2022-3567: (unk) ipv6: Fix data races around sk->sk_prot.
CVE-2022-3577: (unk) HID: bigben: fix slab-out-of-bounds Write in bigben_probe
CVE-2022-3586: (unk) sch_sfb: Don't assume the skb is still around after enqueueing to child
CVE-2022-3594: (unk) r8152: Rate limit overflow messages
CVE-2022-3595: (unk) cifs: fix double-fault crash during ntlmssp
CVE-2022-36123: (unk) x86: Clear .brk area at early boot
CVE-2022-3619: (unk)
CVE-2022-3621: (unk) nilfs2: fix NULL pointer dereference at nilfs_bmap_lookup_at_level()
CVE-2022-3623: (unk) mm/hugetlb: fix races when looking up a CONT-PTE/PMD size hugetlb page
CVE-2022-3624: (unk) bonding: fix reference count leak in balance-alb mode
CVE-2022-3625: (unk) devlink: Fix use-after-free after a failed reload
CVE-2022-3628: (unk)
CVE-2022-36280: (unk)
CVE-2022-3629: (unk) vsock: Fix memory leak in vsock_connect()
CVE-2022-3630: (unk) fscache: don't leak cookie access refs if invalidation is in progress or failed
CVE-2022-3633: (unk) can: j1939: j1939_session_destroy(): fix memory leak of skbs
CVE-2022-3635: (unk) atm: idt77252: fix use-after-free bugs caused by tst_timer
CVE-2022-3636: (unk) net: ethernet: mtk_eth_soc: use after free in __mtk_ppe_check_skb()
CVE-2022-3640: (unk)
CVE-2022-36402: (unk)
CVE-2022-3642: (unk)
CVE-2022-3646: (unk) nilfs2: fix leak of nilfs_root in case of writer thread creation failure
CVE-2022-3649: (unk) nilfs2: fix use-after-free bug of struct nilfs_root
CVE-2022-36879: (unk) xfrm: xfrm_policy: fix a possible double xfrm_pols_put() in xfrm_bundle_lookup()
CVE-2022-36946: (unk) netfilter: nf_queue: do not allow packet truncation below transport header offset
CVE-2022-3707: (unk)
CVE-2022-38096: (unk)
CVE-2022-38457: (unk)
CVE-2022-39188: (unk) mmu_gather: Force tlb-flush VM_PFNMAP vmas
CVE-2022-39842: (unk) video: fbdev: pxa3xx-gcu: Fix integer overflow in pxa3xx_gcu_write
CVE-2022-40133: (unk)
CVE-2022-40768: (unk) scsi: stex: Properly zero out the passthrough command structure
CVE-2022-41218: (unk)
CVE-2022-41222: (unk) mm/mremap: hold the rmap lock in write mode when moving page table entries.
CVE-2022-41848: (unk)
CVE-2022-41849: (unk)
CVE-2022-41850: (unk)
CVE-2022-42703: (unk) mm/rmap: Fix anon_vma->degree ambiguity leading to double-reuse
CVE-2022-43750: (unk) usb: mon: make mmapped memory read only
CVE-2022-44032: (unk)
CVE-2022-44033: (unk)
CVE-2022-44034: (unk)