Google Git
Sign in
cos / mirrors / github.com / nluedtke / linux_kernel_cves / 53867fcb1cf8d8af85e0fc10c9e3f82aa3c1b93d / . / data / 5.10 / 5.10_security.txt
blob: 1a2765eea452b4a72de4e265061d68d756e3b83a [file] [log] [blame]
CVEs fixed in 5.10:
CVE-2021-3411: 0d07c0ec4381f630c801539c79ad8dcc627f6e4a x86/kprobes: Fix optprobe to detect INT3 padding correctly
CVEs fixed in 5.10.4:
CVE-2020-27815: c2032bf94ba4fb15db0c277614338d377fe430d2 jfs: Fix array index bounds check in dbAdjTree
CVE-2020-29568: b4898bdd2020bae5391b1667fc6c9e27310c59fe xen/xenbus: Allow watches discard events before queueing
CVE-2020-29569: aadd67750f43132177138fcd56ebc60aeb06228a xen-blkback: set ring->xenblkd to NULL after kthread_stop()
CVE-2020-35499: 6013c99742160d3901c4d108733e29b83b25f452 Bluetooth: sco: Fix crash when using BT_SNDMTU/BT_RCVMTU option
CVEs fixed in 5.10.6:
CVE-2020-36158: 94cc73b27a2599e4c88b7b2d6fd190107c58e480 mwifiex: Fix possible buffer overflows in mwifiex_cmd_802_11_ad_hoc_start
CVE-2020-36322: 36cf9ae54b0ead0daab7701a994de3dcd9ef605d fuse: fix bad inode
CVEs fixed in 5.10.7:
CVE-2020-28374: 6f1e88527c1869de08632efa2cc796e0131850dc scsi: target: Fix XCOPY NAA identifier lookup
CVE-2021-0707: a19dae4254c434a1ac8937a809fe08fd15ad3be5 dmabuf: fix use-after-free of dmabuf's file->f_inode
CVE-2021-39648: a4b202cba3ab1a7a8b1ca92603931fba5e2032c3 usb: gadget: configfs: Fix use-after-free issue with udc_name
CVEs fixed in 5.10.10:
CVE-2021-20268: 5f52a8a71b62418d62c736e5aa68aaba0a8da918 bpf: Fix signed_{sub,add32}_overflows type handling
CVE-2021-3178: fdcaa4af5e70e2d984c9620a09e9dade067f2620 nfsd4: readdirplus shouldn't return parent of export
CVEs fixed in 5.10.11:
CVE-2021-39657: 2536194bb3b099cc9a9037009b86e7ccfb81461c scsi: ufs: Correct the LUN used in eh_device_reset_handler() callback
CVEs fixed in 5.10.12:
CVE-2021-3347: ab5e9a320e444fda64e5912f0e0f4f02021569ea futex: Ensure the correct return value from futex_lock_pi()
CVEs fixed in 5.10.13:
CVE-2021-26708: 55d900415b81680bcd5f93be51f26ebfc51ac6fb vsock: fix the race conditions in multi-transport support
CVE-2021-3348: 41f6f4a3143506ea1499cda2f14a16a2f82118a8 nbd: freeze the queue while we're adding connections
CVEs fixed in 5.10.16:
CVE-2021-3600: 1d16cc210fabd0a7ebf52d3025f81c2bde054a90 bpf: Fix 32 bit src register truncation on div/mod
CVEs fixed in 5.10.17:
CVE-2021-21781: 7913ec05fc02ccd7df83280451504b0a3e543097 ARM: ensure the signal page contains defined contents
CVEs fixed in 5.10.18:
CVE-2021-26930: 00805af45a21729e2901a37914992786a0d32c46 xen-blkback: fix error handling in xen_blkbk_map()
CVE-2021-26931: 8f8ebd6b1cb5cff96a11cd336027e745d48c2cab xen-blkback: don't "handle" error by BUG()
CVE-2021-26932: 740f4d9d0c34ea99279acf2fc99ae33c0142265a Xen/x86: don't bail early from clear_foreign_p2m_mapping()
CVEs fixed in 5.10.19:
CVE-2021-0512: 77344e18cf84b37548292f2adfdb22f89079e0a6 HID: make arrays usage and value to be the same
CVE-2021-3444: 3320bae8c115863b6f17993c2b7970f7f419da57 bpf: Fix truncation handling for mod32 dst reg wrt zero
CVEs fixed in 5.10.20:
CVE-2020-25639: e3fcff9f45aa82dacad26e5828598340d2742f47 drm/nouveau: bail out of nouveau_channel_new if channel init fails
CVE-2021-3612: deced3e2aea9195f018bcad0146619e880ee7c0e Input: joydev - prevent potential read overflow in ioctl
CVEs fixed in 5.10.21:
CVE-2021-27363: c71edc5d2480774ec2fec62bb84064aed6d582bd scsi: iscsi: Restrict sessions and handles to admin capabilities
CVE-2021-27364: c71edc5d2480774ec2fec62bb84064aed6d582bd scsi: iscsi: Restrict sessions and handles to admin capabilities
CVE-2021-27365: 76d92bf293c36a52ea5552919ac645ef2edee55d scsi: iscsi: Ensure sysfs attributes are limited to PAGE_SIZE
CVE-2021-28038: 545c837d6789afcb23da5494a22e459952fb823f Xen/gnttab: handle p2m update errors on a per-slot basis
CVE-2021-28039: 9c62adb6e2fda38dc6045a853a6e50b2bbc75d2a xen: fix p2m size in dom0 for disabled memory hotplug case
CVE-2021-30002: 5400770e31e8b80efc25b4c1d619361255174d11 media: v4l: ioctl: Fix memory leak in video_usercopy
CVEs fixed in 5.10.24:
CVE-2021-28375: 52feb58f9b5b078b5a39ed8ba8ab3b4546e16ff2 misc: fastrpc: restrict user apps from sending kernel RPC messages
CVE-2021-28660: d972a516958dee489911d9f57ee7a177834ef248 staging: rtl8188eu: prevent ->ssid overflow in rtw_wx_set_scan()
CVE-2021-29265: ab5c3186686aa87c741381d10a948817f1deb9b2 usbip: fix stub_dev usbip_sockfd_store() races leading to gpf
CVE-2021-33033: 85178d76febd30a745b7d947dbd9751919d0fa5b cipso,calipso: resolve a number of problems with the DOI refcounts
CVE-2021-39656: 109720342efd6ace3d2e8f34a25ea65036bb1d3b configfs: fix a use-after-free in __configfs_open_file
CVEs fixed in 5.10.25:
CVE-2020-27170: c4d37eea1c641a9319baf34253cc373abb39d3e1 bpf: Prohibit alu ops for pointer types not defining ptr_limit
CVE-2020-27171: ac1b87a18c1ffbe3d093000b762121b5aae0a3f9 bpf: Fix off-by-one for area size in creating mask to left
CVEs fixed in 5.10.26:
CVE-2021-28951: 6cae8095490caae12875300243ec94b39b6a2a78 io_uring: ensure that SQPOLL thread is started for exit
CVE-2021-28952: 26b08c08a5f3008fe45822d8b163f1516178c42b ASoC: qcom: sdm845: Fix array out of bounds access
CVE-2021-28964: 38ffe9eaeb7cce383525439f0948f9eb74632e1d btrfs: fix race when cloning extent buffer during rewind of an old root
CVE-2021-28971: 514ea597be8e4b6a787bc34da111c44944fbf5a5 perf/x86/intel: Fix a crash caused by zero PEBS status
CVE-2021-28972: be1f58e58f7644ab33f1413685c84173766408d3 PCI: rpadlpar: Fix potential drc_name corruption in store functions
CVE-2021-29266: 49ca3100fbaf864853c922c8f7a8fe7090a83860 vhost-vdpa: fix use-after-free of v->config_ctx
CVEs fixed in 5.10.27:
CVE-2021-28688: 3a1ca9bd4f5a647439e82e07b03d072781d9d180 xen-blkback: don't leak persistent grants from xen_blkbk_map()
CVE-2021-29264: b8bfda6e08b8a419097eea5a8e57671bc36f9939 gianfar: fix jumbo packets+napi+rx overrun crash
CVE-2021-29646: 50f41f2e29ff1980f7edfca40bbf81a4336b9feb tipc: better validate user input in tipc_nl_retrieve_key()
CVE-2021-29647: fce6fb90218935f7319265459484b3762c80d0a8 net: qrtr: fix a kernel-infoleak in qrtr_recvmsg()
CVE-2021-29649: ccd5565feea346697c1d1e8e9cd042218b49c44b bpf: Fix umd memory leak in copy_process()
CVE-2021-29650: 3fdebc2d8e7965f946a3d716ffdd482e66c1f46c netfilter: x_tables: Use correct memory barriers.
CVE-2021-31916: 921aae17bb0f02181fa05cf5580ebc855fdbd74d dm ioctl: fix out of bounds array access when no devices
CVEs fixed in 5.10.28:
CVE-2021-0941: fd38d4e6757b6b99f60314f67f44a286f0ab7fc0 bpf: Remove MTU check in __bpf_skb_max_len
CVE-2021-29657: 5f6625f5cd5c593fae05a6ce22b406166bc796b8 KVM: SVM: load control fields from VMCB12 before checking them
CVE-2021-3483: c04adcc819d3bdd85a5dc2523687707b89724df7 firewire: nosy: Fix a use-after-free bug in nosy_ioctl()
CVEs fixed in 5.10.29:
CVE-2021-29154: 3edb8967d91ecbc4c5eee34a65d4124267327574 bpf, x86: Validate computation of branch displacements for x86-64
CVEs fixed in 5.10.30:
CVE-2020-25670: 6fb003e5ae18d8cda4c8a1175d9dd8db12bec049 nfc: fix refcount leak in llcp_sock_bind()
CVE-2020-25671: 99b596199e8402055c425ac6abd3b8c3fc047034 nfc: fix refcount leak in llcp_sock_connect()
CVE-2020-25672: 568ac94df580b1a65837dc299e8758635e7b1423 nfc: fix memory leak in llcp_sock_connect()
CVE-2020-25673: a12a2fa9a129d3200065fde95f6eb0a98672a2c3 nfc: Avoid endless loops caused by repeated llcp_sock_connect()
CVE-2021-3659: 38731bbcd9f0bb8228baaed5feb4a1f76530e49c net: mac802154: Fix general protection fault
CVEs fixed in 5.10.31:
CVE-2021-0937: 1f3b9000cb44318b0de40a0f495a5a708cd9be6e netfilter: x_tables: fix compat match/target pad out-of-bound write
CVE-2021-22555: 1f3b9000cb44318b0de40a0f495a5a708cd9be6e netfilter: x_tables: fix compat match/target pad out-of-bound write
CVEs fixed in 5.10.32:
CVE-2021-23133: 5a627026be4a17e5b9db23558cd28e62b2cbc66e net/sctp: fix race condition in sctp_destroy_sock
CVE-2021-29155: 4f3ff11204eac0ee23acf64deecb3bad7b0db0c6 bpf: Use correct permission flag for mixed signed bounds arithmetic
CVE-2021-3501: 7f64753835a78c7d2cc2932a5808ef3b7fd4c050 KVM: VMX: Don't use vcpu->run->internal.ndata as an array index
CVEs fixed in 5.10.35:
CVE-2021-31829: 2cfa537674cd1051a3b8111536d77d0558f33d5d bpf: Fix masking negation logic upon negative dst register
CVE-2021-38209: d3598eb3915cc0c0d8cab42f4a6258ff44c4033e netfilter: conntrack: Make global sysctls readonly in non-init netns
CVEs fixed in 5.10.36:
CVE-2021-3506: 9aa4602237d535b83c579eb752e8fc1c3e7e7055 f2fs: fix to avoid out-of-bounds memory access
CVE-2021-3543: ed9cfd60c7875b0597e672e89c0bad09a88307d2 nitro_enclaves: Fix stale file descriptors on failed usercopy
CVEs fixed in 5.10.37:
CVE-2021-31440: 4394be0a1866fb78a4dfe0ea38e29c4ed107b890 bpf: Fix propagation of 32 bit unsigned bounds from 64 bit bounds
CVE-2021-32399: 2d84ef4e6569a818f912d93d5345c21542807ac7 bluetooth: eliminate the potential race condition when removing the HCI controller
CVE-2021-33034: 1d7bd87a2c8d264ca3e5c9ba6f3eafc23e994028 Bluetooth: verify AMP hci_chan before amp_destroy
CVE-2021-3489: 1ca284f0867079a34f52a6f811747695828166c6 bpf, ringbuf: Deny reserve of buffers larger than ringbuf
CVE-2021-3490: 282bfc8848eaa195d5e994bb700f2c7afb7eb3e6 bpf: Fix alu32 const subreg bound tracking on bitwise operations
CVE-2021-3491: 7e916d0124e5f40d7912f93a633f5dee2c3ad735 io_uring: truncate lengths larger than MAX_RW_COUNT on provide buffers
CVE-2021-45486: a273c27d7255fc527023edeb528386d1b64bedf5 inet: use bigger hash table for IP ID generation
CVEs fixed in 5.10.38:
CVE-2021-4157: 1fbea60ea658ab887fb899532d783732b04e53e6 pNFS/flexfiles: fix incorrect size check in decode_nfs_fh()
CVEs fixed in 5.10.40:
CVE-2020-26558: d8d261c7cfb3a5dd921b4aeeb944718afc3f3961 Bluetooth: SMP: Fail if remote and local public keys are identical
CVE-2021-0129: d8d261c7cfb3a5dd921b4aeeb944718afc3f3961 Bluetooth: SMP: Fail if remote and local public keys are identical
CVEs fixed in 5.10.42:
CVE-2020-24586: 42d98e02193d163c1523a8840a2effcc4c6eb111 mac80211: prevent mixed key and fragment cache attacks
CVE-2020-24587: 42d98e02193d163c1523a8840a2effcc4c6eb111 mac80211: prevent mixed key and fragment cache attacks
CVE-2020-24588: c730d72aa6e85a71ee74530d601d4d894d791b43 cfg80211: mitigate A-MSDU aggregation attacks
CVE-2020-26139: 2b9b07b9a06fab16bda3d33da3be70fe33bd95cb mac80211: do not accept/forward invalid EAPOL frames
CVE-2020-26141: 6643b21aee1c3cac10da9dfb0fa17aacc431fa91 ath10k: Fix TKIP Michael MIC verification for PCIe
CVE-2020-26145: b1b3dcd653772f93b69be50263a0ca50d7c9e77f ath10k: drop fragments with multicast DA for PCIe
CVE-2020-26147: f7829b014bb670a77f6f66d265b058534367d04b mac80211: assure all fragments are encrypted
CVE-2021-33098: 3cfd11506ed032446358eedf7e31b4defd819d91 ixgbe: fix large MTU request from VF
CVE-2021-34981: 1b364f8ede200e79e25df0df588fcedc322518fb Bluetooth: cmtp: fix file refcount when cmtp_attach_device fails
CVEs fixed in 5.10.43:
CVE-2021-28691: 6b53db8c4c14b4e7256f058d202908b54a7b85b4 xen-netback: take a reference to the RX task thread
CVE-2021-3564: 3795007c8dfc8bca176529bfeceb17c6f4ef7e44 Bluetooth: fix the erroneous flush_work() order
CVE-2021-3573: 74caf718cc7422a957aac381c73d798c0a999a65 Bluetooth: use correct lock to prevent UAF of hdev object
CVE-2021-3587: 48ee0db61c8299022ec88c79ad137f290196cac2 nfc: fix NULL ptr dereference in llcp_sock_getname() after failed connect
CVE-2021-38208: 48ee0db61c8299022ec88c79ad137f290196cac2 nfc: fix NULL ptr dereference in llcp_sock_getname() after failed connect
CVEs fixed in 5.10.44:
CVE-2021-38198: 6b6ff4d1f349cb35a7c7d2057819af1b14f80437 KVM: X86: MMU: Use the correct inherited permissions to get shadow page
CVEs fixed in 5.10.46:
CVE-2021-33624: e9d271731d21647f8f9e9a261582cf47b868589a bpf: Inherit expanded/patched seen count from old aux data
CVE-2021-34693: acb755be1f7adb204dcedc4d3b204ef098628623 can: bcm: fix infoleak in struct bcm_msg_head
CVE-2021-3743: 960b08dd36de1e341e3eb43d1c547513e338f4f8 net: qrtr: fix OOB Read in qrtr_endpoint_post
CVE-2021-38206: f74df6e086083dc435f7500bdbc86b05277d17af mac80211: Fix NULL ptr deref for injected rate info
CVE-2021-38207: cfe403f209b11fad123a882100f0822a52a7630f net: ll_temac: Fix TX BD buffer overwrite
CVEs fixed in 5.10.47:
CVE-2020-26541: 45109066f686597116467a53eaf4330450702a96 certs: Add EFI_CERT_X509_GUID support for dbx entries
CVE-2021-22543: dd8ed6c9bc2224c1ace5292d01089d3feb7ebbc3 KVM: do not allow mapping valid but non-reference-counted pages
CVE-2021-35039: 3051f230f19feb02dfe5b36794f8c883b576e184 module: limit enabling module.sig_enforce
CVEs fixed in 5.10.50:
CVE-2021-3609: b52e0cf0bfc1ede495de36aec86f6013efa18f60 can: bcm: delay release of struct bcm_op after synchronize_rcu()
CVE-2022-0850: ea5466f1a77720217a25a859b5a58b618aaba544 ext4: fix kernel infoleak via ext4_extent_header
CVEs fixed in 5.10.51:
CVE-2021-3655: d4dbef7046e24669278eba4455e9e8053ead6ba0 sctp: validate from_addr_param return
CVE-2021-45485: 8f939b79579715b195dc3ad36669707fce6853ee ipv6: use prandom_u32() for ID generation
CVEs fixed in 5.10.52:
CVE-2021-33909: 174c34d9cda1b5818419b8f5a332ced10755e52f seq_file: disallow extremely large seq buffer allocations
CVE-2021-38160: f6ec306b93dc600a0ab3bb2693568ef1cc5f7f7a virtio_console: Assure used length from device is limited
CVE-2021-38199: ff4023d0194263a0827c954f623c314978cf7ddd NFSv4: Initialise connection to the server in nfs4_alloc_client()
CVE-2021-4154: 811763e3beb6c922d168e9f509ec593e9240842e cgroup: verify that source is a string
CVEs fixed in 5.10.54:
CVE-2021-3679: 757bdba8026be19b4f447487695cd0349a648d9e tracing: Fix bug in rb_per_cpu_empty() that might cause deadloop.
CVE-2021-37159: 115e4f5b64ae8d9dd933167cafe2070aaac45849 usb: hso: fix error handling code of hso_create_net_device
CVE-2021-37576: c1fbdf0f3c26004a2803282fdc1c35086908a99e KVM: PPC: Book3S: Fix H_RTAS rets buffer overflow
CVE-2021-38204: 7af54a4e221e5619a87714567e2258445dc35435 usb: max-3421: Prevent corruption of freed memory
CVE-2022-0286: ba7bfcdff1ad4ea475395079add1cd7b79f81684 bonding: fix null dereference in bond_ipsec_add_sa()
CVEs fixed in 5.10.55:
CVE-2021-0920: 93c5951e0ce137e994237c19cd75a7caa1f80543 af_unix: fix garbage collect vs MSG_PEEK
CVEs fixed in 5.10.56:
CVE-2021-34556: bea9e2fd180892eba2574711b05b794f1d0e7b73 bpf: Introduce BPF nospec instruction for mitigating Spectre v4
CVE-2021-35477: bea9e2fd180892eba2574711b05b794f1d0e7b73 bpf: Introduce BPF nospec instruction for mitigating Spectre v4
CVEs fixed in 5.10.59:
CVE-2021-3732: 6a002d48a66076524f67098132538bef17e8445e ovl: prevent private clone if bind mount is not allowed
CVE-2021-38205: 25cff25ec60690247db8138cd1af8b867df2c489 net: xilinx_emaclite: Do not print real IOMEM pointer
CVEs fixed in 5.10.60:
CVE-2021-3653: c0883f693187c646c0972d73e525523f9486c2e3 KVM: nSVM: avoid picking up unsupported bits from L2 in int_ctl (CVE-2021-3653)
CVE-2021-3656: 3dc5666baf2a135f250e4101d41d5959ac2c2e1f KVM: nSVM: always intercept VMLOAD/VMSAVE when nested (CVE-2021-3656)
CVE-2021-38166: e95620c3bdff83bdb15484e6ea7cc47af36fbc6d bpf: Fix integer overflow involving bucket_size
CVEs fixed in 5.10.61:
CVE-2020-3702: 8f05076983ddeaae1165457b6aa4eca9fe0e5498 ath: Use safer key clearing with key cache entries
CVE-2021-42008: 85e0518f181a0ff060f5543d2655fb841a83d653 net: 6pack: fix slab-out-of-bounds in decode_data
CVE-2022-1043: 695ab28a7fa107d0350ab19eba8ec89fac45a95d io_uring: fix xa_alloc_cycle() error return value check
CVEs fixed in 5.10.62:
CVE-2021-34866: 9dd6f6d89693d8f09af53d2488afad22a8a44a57 bpf: Fix ringbuf helper function compatibility
CVE-2021-3739: c43add24dffdbac269d5610465ced70cfc1bad9e btrfs: fix NULL pointer dereference when deleting device by invalid id
CVE-2021-3753: 60d69cb4e60de0067e5d8aecacd86dfe92a5384a vt_kdsetmode: extend console locking
CVE-2021-39633: fb45459d9ddb1edd4a8b087bafe875707753cb10 ip_gre: add validation for csum_start
CVEs fixed in 5.10.63:
CVE-2021-40490: 09a379549620f122de3aa4e65df9329976e4cdf5 ext4: fix race writing to an inline_data file while its xattrs are changing
CVEs fixed in 5.10.64:
CVE-2021-46283: 36983fc2f87ea3b74a33bf460c9ee7329735b7b5 netfilter: nf_tables: initialize set before expression setup
CVEs fixed in 5.10.65:
CVE-2021-20322: 8692f0bb29927d13a871b198adff1d336a8d2d00 ipv6: make exception cache less predictible
CVEs fixed in 5.10.67:
CVE-2021-42252: 3fdf2feb6cbe76c6867224ed8527b356e805352c soc: aspeed: lpc-ctrl: Fix boundary check for mmap
CVEs fixed in 5.10.68:
CVE-2020-16119: 6c3cb65d561e76fd0398026c023e587fec70e188 dccp: don't duplicate ccid when cloning dccp sock
CVE-2021-20320: d92d3a9c2b6541f29f800fc2bd44620578b8f8a6 s390/bpf: Fix optimizing out zero-extensions
CVE-2021-41073: ce8f81b76d3bef7b9fe6c8f84d029ab898b19469 io_uring: ensure symmetry in handling iter types in loop_rw_iter()
CVEs fixed in 5.10.71:
CVE-2021-3744: 17ccc64e4fa5d3673528474bfeda814d95dc600a crypto: ccp - fix resource leaks in ccp_run_aes_gcm_cmd()
CVE-2021-3764: 17ccc64e4fa5d3673528474bfeda814d95dc600a crypto: ccp - fix resource leaks in ccp_run_aes_gcm_cmd()
CVE-2021-38300: c61736a994fe68b0e5498e4e84e1c9108dc41075 bpf, mips: Validate conditional branch offsets
CVE-2021-4028: 0a16c9751e0f1de96f08643216cf1f19e8a5a787 RDMA/cma: Do not change route.addr.src_addr.ss_family
CVE-2021-4203: 3db53827a0e9130d9e2cbe3c3b5bca601caa4c74 af_unix: fix races in sk_peer_pid and sk_peer_cred accesses
CVEs fixed in 5.10.73:
CVE-2021-20321: 9763ffd4da217adfcbdcd519e9f434dfa3952fc3 ovl: fix missing negative dentry check in ovl_rename()
CVE-2021-41864: 064faa8e8a9b50f5010c5aa5740e06d477677a89 bpf: Fix integer overflow in prealloc_elems_and_freelist()
CVEs fixed in 5.10.75:
CVE-2021-3894: d84a69ac410f6228873d05d35120f6bdddab7fc3 sctp: account stream padding length for reconf chunk
CVE-2021-4149: 206868a5b6c14adc4098dd3210a2f7510d97a670 btrfs: unlock newly allocated extent buffer after error
CVE-2022-0322: d84a69ac410f6228873d05d35120f6bdddab7fc3 sctp: account stream padding length for reconf chunk
CVEs fixed in 5.10.76:
CVE-2021-3760: 77c0ef979e32b8bc22f36a013bab77cd37e31530 nfc: nci: fix the UAF of rf_conn_info object
CVE-2021-3896: 7f221ccbee4ec662e2292d490a43ce6c314c4594 isdn: cpai: check ctr->cnr to avoid array index out of bound
CVE-2021-43056: 197ec50b2df12dbfb17929eda643b16117b6f0ca KVM: PPC: Book3S HV: Make idle_kvm_start_guest() return 0 if it went to guest
CVE-2021-43389: 7f221ccbee4ec662e2292d490a43ce6c314c4594 isdn: cpai: check ctr->cnr to avoid array index out of bound
CVE-2022-0644: b721500c979b71a9f02eb84ca384082722c62d4e vfs: check fd has read access in kernel_read_file_from_fd()
CVEs fixed in 5.10.77:
CVE-2021-3772: ad111d4435d85fd3eeb2c09692030d89f8862401 sctp: use init_tag from inithdr for ABORT chunk
CVE-2021-42327: eb3b6805e3e9d98b2507201fd061a231988ce623 drm/amdgpu: fix out of bounds write
CVE-2021-43267: 0b1b3e086b0af2c2faa9938c4db956fe6ce5c965 tipc: fix size validations for the MSG_CRYPTO type
CVEs fixed in 5.10.78:
CVE-2021-4148: 6d67b2a73b8e3a079c355bab3c1aef7d85a044b8 mm: khugepaged: skip huge page collapse for special files
CVE-2021-42739: d7fc85f6104259541ec136199d3bf7c8a736613d media: firewire: firedtv-avc: fix a buffer overflow in avc_ca_pmt()
CVEs fixed in 5.10.80:
CVE-2021-3640: 4dfba42604f08a505f1a1efc69ec5207ea6243de Bluetooth: sco: Fix lock_sock() blockage by memcpy_from_msg()
CVE-2021-3752: c10465f6d6208db2e45a6dac1db312b9589b2583 Bluetooth: fix use-after-free error in lock_sock_nested()
CVE-2021-39686: bd9cea41ac6e08f615030dea28b23e12b7a2674f binder: use euid from cred instead of using task
CVE-2021-45868: ceeb0a8a8716a1c72af3fa4d4f98c3aced32b037 quota: check block number when reading the block in quota file
CVEs fixed in 5.10.82:
CVE-2020-27820: c81c90fbf5775ed1b907230eaaa766fa0e1b7cfa drm/nouveau: use drm_dev_unplug() during device removal
CVE-2021-4002: 40bc831ab5f630431010d1ff867390b07418a7ee hugetlbfs: flush TLBs correctly after huge_pmd_unshare
CVE-2021-4202: cb14b196d991c864ed2d1b6e79d68a7ce38e6538 NFC: reorganize the functions in nci_request
CVEs fixed in 5.10.83:
CVE-2021-4001: 33fe044f6a9e8977686a6a09f0bf33e5cc75257e bpf: Fix toctou on read-only map's constant scalar tracking
CVEs fixed in 5.10.84:
CVE-2021-4083: 4baba6ba56eb91a735a027f783cc4b9276b48d5b fget: check that the fd still exists after getting a ref to it
CVE-2021-43975: 2c514d25003ac89bb7716bb4402918ccb141f8f5 atlantic: Fix OOB read and write in hw_atl_utils_fw_rpc_wait
CVEs fixed in 5.10.85:
CVE-2021-39685: 7193ad3e50e596ac2192531c58ba83b9e6d2444b USB: gadget: detect too-big endpoint 0 requests
CVE-2021-39698: 8e04c8397bf98235b1aa41153717de7a05e652a2 wait: add wake_up_pollfree()
CVEs fixed in 5.10.88:
CVE-2021-22600: 7da349f07e457cad135df0920a3f670e423fb5e9 net/packet: rx_owner_map depends on pg_vec
CVE-2021-28711: 8ac3b6ee7c9ff2df7c99624bb1235e2e55623825 xen/blkfront: harden blkfront against event channel storms
CVE-2021-28712: d31b3379179d64724d3bbfa87bd4ada94e3237de xen/netfront: harden netfront against event channel storms
CVE-2021-28713: 8fa3a370cc2af858a9ba662ca4f2bd0917550563 xen/console: harden hvc_xen against event channel storms
CVE-2021-28714: 525875c410df5d876b9615c44885ca7640aed6f2 xen/netback: fix rx queue stall detection
CVE-2021-28715: 88f20cccbeec9a5e83621df5cc2453b5081454dc xen/netback: don't queue unlimited number of packages
CVE-2021-4135: 1a34fb9e2bf3029f7c0882069d67ff69cbd645d8 netdevsim: Zero-initialize memory for new map's value in function nsim_bpf_map_alloc
CVE-2021-45402: e2aad0b5f2cbf71a31d00ce7bb4dee948adff5a9 bpf: Fix signed bounds propagation after mov32
CVEs fixed in 5.10.89:
CVE-2021-44733: c05d8f66ec3470e5212c4d08c46d6cb5738d600d tee: handle lookup of shm with reference count 0
CVE-2021-45469: fffb6581a23add416239dfcf7e7f3980c6b913da f2fs: fix to do sanity check on last xattr entry in __f2fs_setxattr()
CVE-2022-1195: 7dd52af1eb5798f590d9d9e1c56ed8f5744ee0ca hamradio: improve the incomplete fix to avoid NPD
CVEs fixed in 5.10.91:
CVE-2021-4155: 16d8568378f9ee2d1e69216d39961aa72710209f xfs: map unwritten blocks in XFS_IOC_{ALLOC,FREE}SP just like fallocate
CVE-2021-45095: 4f260ea5537db35d2eeec9bca78a74713078a544 phonet: refcount leak in pep_sock_accep
CVEs fixed in 5.10.93:
CVE-2022-0185: eadde287a62e66b2f9e62d007c59a8f50d4b8413 vfs: fs_context: fix up param length parsing in legacy_parse_param
CVEs fixed in 5.10.94:
CVE-2021-43976: 6036500fdf77caaca9333003f78d25a3d61c4e40 mwifiex: Fix skb_over_panic in mwifiex_usb_recv()
CVEs fixed in 5.10.95:
CVE-2022-0330: 6a6acf927895c38bdd9f3cd76b8dbfc25ac03e88 drm/i915: Flush TLBs before releasing backing store
CVE-2022-22942: ae2b20f27732fe92055d9e7b350abc5cdf3e2414 drm/vmwgfx: Fix stale file descriptors on failed usercopy
CVEs fixed in 5.10.96:
CVE-2022-0617: de7cc8bcca90a9d77c915ee1d922dbd670c47d84 udf: Fix NULL ptr deref when converting from inline format
CVE-2022-24448: ce8c552b88ca25d775ecd0a0fbef4e0e03de9ed2 NFSv4: Handle case where the lookup of a directory fails
CVE-2022-24959: 729e54636b3ebefb77796702a5b1f1ed5586895e yam: fix a memory leak in yam_siocdevprivate()
CVEs fixed in 5.10.97:
CVE-2022-0492: 1fc3444cda9a78c65b769e3fa93455e09ff7a0d3 cgroup-v1: Require capabilities to set release_agent
CVE-2022-1055: e7be56926397cf9d992be8913f74a76152f8f08d net: sched: fix use-after-free in tc_new_tfilter()
CVEs fixed in 5.10.100:
CVE-2022-0435: 3c7e5943553594f68bbc070683db6bb6f6e9e78e tipc: improve size validations for received domain records
CVE-2022-0487: be93028d306dac9f5b59ebebd9ec7abcfc69c156 moxart: fix potential use-after-free on remove path
CVE-2022-0516: b62267b8b06e9b8bb429ae8f962ee431e6535d60 KVM: s390: Return error on SIDA memop on normal guest
CVEs fixed in 5.10.101:
CVE-2022-25258: 22ec1004728548598f4f5b4a079a7873409eacfd USB: gadget: validate interface OS descriptor requests
CVE-2022-25375: fb4ff0f96de37c44236598e8b53fe43b1df36bf3 usb: gadget: rndis: check size of RNDIS_MSG_SET command
CVEs fixed in 5.10.102:
CVE-2022-0847: b19ec7afa9297d862ed86443e0164643b97250ab lib/iov_iter: initialize "flags" in new pipe_buffer
CVE-2022-20008: ab2b4e65a130d67478bd5b35ca9004b2075805fa mmc: block: fix read single on recovery logic
CVEs fixed in 5.10.103:
CVE-2022-25636: 68f19845f580a1d3ac1ef40e95b0250804e046bb netfilter: nf_tables_offload: incorrect flow offload action array size
CVE-2022-26966: 4f5f5411f0c14ac0b61d5e6a77d996dd3d5b5fd3 sr9700: sanity check for packet length
CVE-2022-27223: bfa8ffbaaaaf9752f66bc7cabcef2de715e7621f USB: gadget: validate endpoint index for xilinx udc
CVE-2022-29156: 8260f1800f83e667f26c80baa7f0b9d92ae271d7 RDMA/rtrs-clt: Fix possible double free in error case
CVEs fixed in 5.10.104:
CVE-2022-24958: c13159a588818a1d2cd6519f4d3b6f7e17a9ffbd usb: gadget: don't release an existing dev->buf
CVEs fixed in 5.10.105:
CVE-2021-26401: 2fdf67a1d215574c31b1a716f80fa0fdccd401d7 x86/speculation: Use generic retpoline by default on AMD
CVE-2022-0001: f38774bb6e231d647d40ceeb8ddf9082eabde667 x86/speculation: Rename RETPOLINE_AMD to RETPOLINE_LFENCE
CVE-2022-0002: f38774bb6e231d647d40ceeb8ddf9082eabde667 x86/speculation: Rename RETPOLINE_AMD to RETPOLINE_LFENCE
CVE-2022-23036: 3d81e85f30a8f712c3e4f2a507553d9063a20ed6 xen/grant-table: add gnttab_try_end_foreign_access()
CVE-2022-23037: f6690dd9446a2a4bd9b024f00f71dd827a98317f xen/netfront: don't use gnttab_query_foreign_access() for mapped status
CVE-2022-23038: 3d81e85f30a8f712c3e4f2a507553d9063a20ed6 xen/grant-table: add gnttab_try_end_foreign_access()
CVE-2022-23039: 5f36ae75b847e7f87e4144602f418a624ca074b7 xen/gntalloc: don't use gnttab_query_foreign_access()
CVE-2022-23040: 5c600371b8fd02cbbb0eb83a9f664e3f0b75c28e xen/xenbus: don't let xenbus_grant_ring() remove grants in error case
CVE-2022-23041: 8357d75bfdb85ea63253cf369f405830c7b13d78 xen/9p: use alloc/free_pages_exact()
CVE-2022-23042: 206c8e271ba2630f1d809123945d9c428f93b0f0 xen/netfront: react properly to failing gnttab_end_foreign_access_ref()
CVE-2022-23960: b7f1e73c4ddf2044530091e69114a5fc1a1229d0 ARM: report Spectre v2 status through sysfs
CVEs fixed in 5.10.106:
CVE-2022-0995: 648895da69ced90ca770fd941c3d9479a9d72c16 watch_queue: Fix filter limit check
CVE-2022-1011: ab5595b45f732212b3b1974041b43a257153edb7 fuse: fix pipe buffer lifetime for direct_io
CVE-2022-1199: e2201ef32f933944ee02e59205adb566bafcdf91 ax25: Fix NULL pointer dereference in ax25_kill_by_device
CVEs fixed in 5.10.108:
CVE-2022-27666: 9248694dac20eda06e22d8503364dc9d03df4e2f esp: Fix possible buffer overflow in ESP transformation
CVEs fixed in 5.10.109:
CVE-2022-1016: 2c74374c2e88c7b7992bf808d9f9391f7452f9d9 netfilter: nf_tables: initialize registers in nft_do_chain()
CVE-2022-1048: 0f6947f5f5208f6ebd4d76a82a4757e2839a23f8 ALSA: pcm: Fix races among concurrent hw_params and hw_free calls
CVE-2022-26490: 25c23fe40e6e1ef8e6d503c52b4f518b2e520ab7 nfc: st21nfca: Fix potential buffer overflows in EVT_TRANSACTION
CVE-2022-28356: 571df3393f523b59cba87e2f3e80a3a624030f9c llc: fix netdevice reference leaks in llc_ui_bind()
CVEs fixed in 5.10.110:
CVE-2022-0168: edefc4b2a8e8310eee8e2b1714709ad5b2a93928 cifs: fix NULL ptr dereference in smb2_ioctl_query_info()
CVE-2022-1158: e90518d10c7dd59d5ebbe25b0f0083a7dbffa42f KVM: x86/mmu: do compare-and-exchange of gPTE via the user address
CVE-2022-1198: f67a1400788f550d201c71aeaf56706afe57f0da drivers: hamradio: 6pack: fix UAF bug caused by mod_timer()
CVE-2022-1353: 8d3f4ad43054619379ccc697cfcbdb2c266800d8 af_key: add __GFP_ZERO flag for compose_sadb_supported in function pfkey_register
CVE-2022-1516: 5c94b6205e87411dbe9dc1ca088eb36b8837fb47 net/x25: Fix null-ptr-deref caused by x25_disconnect
CVE-2022-28388: 5318cdf4fd834856ce71238b064f35386f9ef528 can: usb_8dev: usb_8dev_start_xmit(): fix double dev_kfree_skb() in error path
CVE-2022-28389: 0801a51d79389282c1271e623613b2e1886e071e can: mcba_usb: mcba_usb_start_xmit(): fix double dev_kfree_skb in error path
CVE-2022-28390: b417f9c50586588754b2b0453a1f99520cf7c0e8 can: ems_usb: ems_usb_start_xmit(): fix double dev_kfree_skb() in error path
CVE-2022-30594: 5a41a3033a9344d7683340e3d83f5435ffb06501 ptrace: Check PTRACE_O_SUSPEND_SECCOMP permission on PTRACE_SEIZE
CVEs fixed in 5.10.111:
CVE-2021-4197: 4665722d36ad13c6abc6b2ef3fe5150c0a92d870 cgroup: Use open-time credentials for process migraton perm checks
CVE-2022-29582: 2827328e646d0c2d3db1bfcad4b5f5016ce0d643 io_uring: fix race between timeout flush and removal
CVEs fixed in 5.10.112:
CVE-2022-1204: b20a5ab0f5fb175750c6bafd4cf12daccf00c738 ax25: Fix refcount leaks caused by ax25_cb_del()
CVE-2022-1205: f934fa478dd17411bc6884153dc824ff9e7505d8 ax25: Fix NULL pointer dereferences in ax25 timers
CVEs fixed in 5.10.113:
CVE-2022-29581: 43ce33a68e2bcc431097e1075aad5393d0bf53ba net/sched: cls_u32: fix netns refcount changes in u32_change()
CVEs fixed in 5.10.114:
CVE-2022-1836: 54c028cfc49624bfc27a571b94edecc79bbaaab4 floppy: disable FDRAWCMD by default
CVEs fixed in 5.10.115:
CVE-2022-0494: a439819f4797f0846c7cffa9475f44aef23c541f block-map: add __GFP_ZERO flag for alloc_page in function bio_copy_kern
CVE-2022-1734: 1961c5a688edb53fe3bc25cbda57f47adf12563c nfc: nfcmrvl: main: reorder destructive operations in nfcmrvl_nci_unregister_dev to avoid bugs
CVEs fixed in 5.10.117:
CVE-2022-28893: e68b60ae29de10c7bd7636e227164a8dbe305a82 SUNRPC: Ensure we flush any closed sockets before xs_xprt_free()
CVEs fixed in 5.10.118:
CVE-2022-0854: f3f2247ac31cb71d1f05f56536df5946c6652f4a swiotlb: rework "fix info leak with DMA_FROM_DEVICE"
CVE-2022-1729: 3ee8e109c3c316073a3e0f83ec0769c7ee8a7375 perf: Fix sys_perf_event_open() race against self
Outstanding CVEs:
CVE-2005-3660: (unk)
CVE-2007-3719: (unk)
CVE-2008-2544: (unk)
CVE-2008-4609: (unk)
CVE-2010-4563: (unk)
CVE-2010-5321: (unk)
CVE-2011-4917: (unk)
CVE-2012-4542: (unk)
CVE-2013-7445: (unk)
CVE-2015-2877: (unk)
CVE-2016-8660: (unk)
CVE-2017-13693: (unk)
CVE-2017-13694: (unk)
CVE-2018-1121: (unk)
CVE-2018-12928: (unk)
CVE-2018-12929: (unk)
CVE-2018-12930: (unk)
CVE-2018-12931: (unk)
CVE-2018-17977: (unk)
CVE-2019-0146: (unk)
CVE-2019-12456: (unk)
CVE-2019-15239: (unk) unknown
CVE-2019-15290: (unk)
CVE-2019-15794: (unk) ovl: fix reference counting in ovl_mmap error path
CVE-2019-15902: (unk) unknown
CVE-2019-16089: (unk)
CVE-2019-19378: (unk)
CVE-2019-19814: (unk)
CVE-2019-20794: (unk)
CVE-2020-0347: (unk)
CVE-2020-10708: (unk)
CVE-2020-11725: (unk)
CVE-2020-12362: (unk) drm/i915/guc: Update to use firmware v49.0.1
CVE-2020-12363: (unk) drm/i915/guc: Update to use firmware v49.0.1
CVE-2020-12364: (unk) drm/i915/guc: Update to use firmware v49.0.1
CVE-2020-14304: (unk)
CVE-2020-15802: (unk)
CVE-2020-24502: (unk)
CVE-2020-24503: (unk)
CVE-2020-24504: (unk) ice: create scheduler aggregator node config and move VSIs
CVE-2020-25220: (unk)
CVE-2020-26140: (unk)
CVE-2020-26142: (unk)
CVE-2020-26143: (unk)
CVE-2020-26555: (unk)
CVE-2020-26556: (unk)
CVE-2020-26557: (unk)
CVE-2020-26559: (unk)
CVE-2020-26560: (unk)
CVE-2020-35501: (unk)
CVE-2020-36516: (unk)
CVE-2021-0399: (unk)
CVE-2021-0695: (unk)
CVE-2021-26934: (unk)
CVE-2021-32078: (unk) ARM: footbridge: remove personal server platform
CVE-2021-33061: (unk) ixgbe: add improvement for MDD response functionality
CVE-2021-33135: (unk)
CVE-2021-3542: (unk)
CVE-2021-3669: (unk) ipc: replace costly bailout check in sysvipc_find_ipc()
CVE-2021-3714: (unk)
CVE-2021-3759: (unk) memcg: enable accounting of ipc resources
CVE-2021-3847: (unk)
CVE-2021-3864: (unk)
CVE-2021-3892: (unk)
CVE-2021-39800: (unk)
CVE-2021-39801: (unk)
CVE-2021-39802: (unk)
CVE-2021-4023: (unk) io-wq: fix cancellation on create-worker failure
CVE-2021-4037: (unk) xfs: fix up non-directory creation in SGID directories
CVE-2021-4150: (unk) block: fix incorrect references to disk objects
CVE-2021-4204: (unk) bpf: Generalize check_ctx_reg for reuse with other types
CVE-2021-44879: (unk) f2fs: fix to do sanity check on inode type during garbage collection
CVE-2022-0171: (unk)
CVE-2022-0382: (unk) net ticp:fix a kernel-infoleak in __tipc_sendmsg()
CVE-2022-0400: (unk)
CVE-2022-0480: (unk) memcg: enable accounting for file lock caches
CVE-2022-0500: (unk) bpf: Introduce MEM_RDONLY flag
CVE-2022-0742: (unk) ipv6: fix skb drops in igmp6_event_query() and igmp6_event_report()
CVE-2022-0998: (unk) vdpa: clean up get_config_size ret value handling
CVE-2022-1012: (unk) secure_seq: use the 64 bits of the siphash for port offset calculation
CVE-2022-1015: (unk) netfilter: nf_tables: validate registers coming from userspace.
CVE-2022-1116: (unk)
CVE-2022-1184: (unk)
CVE-2022-1247: (unk)
CVE-2022-1263: (unk) KVM: avoid NULL pointer dereference in kvm_dirty_ring_push
CVE-2022-1280: (unk) drm: avoid circular locks in drm_mode_getconnector
CVE-2022-1508: (unk) io_uring: reexpand under-reexpanded iters
CVE-2022-1651: (unk) virt: acrn: fix a memory leak in acrn_dev_ioctl()
CVE-2022-1652: (unk)
CVE-2022-1671: (unk) rxrpc: fix some null-ptr-deref bugs in server_key.c
CVE-2022-1679: (unk)
CVE-2022-1789: (unk) KVM: x86/mmu: fix NULL pointer dereference on guest INVPCID
CVE-2022-23222: (unk) bpf: Replace PTR_TO_XXX_OR_NULL with PTR_TO_XXX | PTR_MAYBE_NULL
CVE-2022-25265: (unk)
CVE-2022-26878: (unk)
CVE-2022-27950: (unk) HID: elo: fix memory leak in elo_probe
CVE-2022-28796: (unk) jbd2: fix use-after-free of transaction_t race
CVE-2022-29968: (unk) io_uring: fix uninitialized field in rw io_kiocb