| |
| CVEs fixed in 5.15: |
| CVE-2021-3772: 4f7019c7eb33967eb87766e0e4602b5576873680 sctp: use init_tag from inithdr for ABORT chunk |
| CVE-2021-4148: a4aeaa06d45e90f9b279f0b09de84bd00006e733 mm: khugepaged: skip huge page collapse for special files |
| CVE-2021-42327: 5afa7898ab7a0ec9c28556a91df714bf3c2f725e drm/amdgpu: fix out of bounds write |
| CVE-2021-43267: fa40d9734a57bcbfa79a280189799f76c88f7bb0 tipc: fix size validations for the MSG_CRYPTO type |
| |
| CVEs fixed in 5.15.1: |
| CVE-2021-42739: cb667140875a3b1db92e4c50b4617a7cbf84659b media: firewire: firedtv-avc: fix a buffer overflow in avc_ca_pmt() |
| |
| CVEs fixed in 5.15.2: |
| CVE-2021-39686: ff1bd01f490ba60d82c765100d95d13cc00c1625 binder: use euid from cred instead of using task |
| |
| CVEs fixed in 5.15.3: |
| CVE-2021-3640: b990c219c4c9d4993ef65ea9db73d9497e70f697 Bluetooth: sco: Fix lock_sock() blockage by memcpy_from_msg() |
| CVE-2021-3752: 7e22e4db95b04f09adcce18c75d27cbca8f53b99 Bluetooth: fix use-after-free error in lock_sock_nested() |
| CVE-2021-45868: 332db0909293f3f4d853ee2ea695272c75082d87 quota: check block number when reading the block in quota file |
| |
| CVEs fixed in 5.15.5: |
| CVE-2020-27820: 0b1a35d63995497a9186113c60a16e7ae59642c1 drm/nouveau: use drm_dev_unplug() during device removal |
| CVE-2021-4001: a5d1d3522232b4af1f5dee02d381e6fa86be8e2d bpf: Fix toctou on read-only map's constant scalar tracking |
| CVE-2021-4002: 556d59293a2a94863797a7a50890992aa5e8db16 hugetlbfs: flush TLBs correctly after huge_pmd_unshare |
| CVE-2021-4090: 10c22d9519f3f5939de61a1500aa3a926b778d3a NFSD: Fix exposure in nfsd4_decode_bitmap() |
| CVE-2021-4202: 96a209038a99a379444ea3ef9ae823e685ba60e7 NFC: reorganize the functions in nci_request |
| |
| CVEs fixed in 5.15.7: |
| CVE-2021-4083: 6fe4eadd54da3040cf6f6579ae157ae1395dc0f8 fget: check that the fd still exists after getting a ref to it |
| CVE-2021-43975: cec49b6dfdb0b9fefd0f17c32014223f73ee2605 atlantic: Fix OOB read and write in hw_atl_utils_fw_rpc_wait |
| |
| CVEs fixed in 5.15.8: |
| CVE-2021-39685: 36dfdf11af49d3c009c711fb16f5c6e7a274505d USB: gadget: detect too-big endpoint 0 requests |
| CVE-2021-39698: 1ebb6cd8c754bfe1a5f9539027980756bce7cb08 wait: add wake_up_pollfree() |
| |
| CVEs fixed in 5.15.11: |
| CVE-2021-22600: feb116a0ecc5625d6532c616d9a10ef4ef81514b net/packet: rx_owner_map depends on pg_vec |
| CVE-2021-28711: caf9b51829a50590b84daea924a0fd62d32bc952 xen/blkfront: harden blkfront against event channel storms |
| CVE-2021-28712: a29c8b5226eda52e6d6ff151d9343558ea3ad451 xen/netfront: harden netfront against event channel storms |
| CVE-2021-28713: 153d1ea3272209fc970116f09051002d14422cde xen/console: harden hvc_xen against event channel storms |
| CVE-2021-28714: 88449dbe6203c3a91cf1c39ea3032ad61a297bd7 xen/netback: fix rx queue stall detection |
| CVE-2021-28715: bd926d189210cd1d5b4e618e45898053be6b4b3b xen/netback: don't queue unlimited number of packages |
| CVE-2021-4135: 27358aa81a7d60e6bd36f0bb1db65cd084c2cad0 netdevsim: Zero-initialize memory for new map's value in function nsim_bpf_map_alloc |
| CVE-2021-45402: f77d7a35d4913e4ab27abb36016fbfc1e882a654 bpf: Fix signed bounds propagation after mov32 |
| CVE-2021-45480: 68014890e4382ff9192e1357be39b7d0455665fa rds: memory leak in __rds_conn_create() |
| CVE-2022-0264: 423628125a484538111c2c6d9bb1588eb086053b bpf: Fix kernel address leakage in atomic fetch |
| |
| CVEs fixed in 5.15.12: |
| CVE-2021-44733: 492eb7afe858d60408b2da09adc78540c4d16543 tee: handle lookup of shm with reference count 0 |
| CVE-2021-45100: a2c144d17623984fdafa4634ecf4ab64580d29bb ksmbd: disable SMB2_GLOBAL_CAP_ENCRYPTION for SMB 3.1.1 |
| CVE-2021-45469: a8a9d753edd7f71e6a2edaa580d8182530b68791 f2fs: fix to do sanity check on last xattr entry in __f2fs_setxattr() |
| CVE-2022-1195: 03d00f7f1815ec00dab5035851b3de83afd054a8 hamradio: improve the incomplete fix to avoid NPD |
| |
| CVEs fixed in 5.15.14: |
| CVE-2021-4155: b0e72ba9e520b95346e68800afff0db65e766ca8 xfs: map unwritten blocks in XFS_IOC_{ALLOC,FREE}SP just like fallocate |
| CVE-2021-4197: c6ebc35298848accb5e50c37fdb2490cf4690c92 cgroup: Use open-time credentials for process migraton perm checks |
| CVE-2021-45095: 9ca97a693aa8b86e8424f0047198ea3ab997d50f phonet: refcount leak in pep_sock_accep |
| CVE-2022-0382: d57da5185defccf383be53f41604fd5f006aba8c net ticp:fix a kernel-infoleak in __tipc_sendmsg() |
| |
| CVEs fixed in 5.15.16: |
| CVE-2022-0185: e192ccc17ecf3e78a1c6fb81badf9b50bd791115 vfs: fs_context: fix up param length parsing in legacy_parse_param |
| |
| CVEs fixed in 5.15.17: |
| CVE-2021-43976: b2762757f4e484f8a164546f93aca82568d87649 mwifiex: Fix skb_over_panic in mwifiex_usb_recv() |
| CVE-2021-44879: 0ddbdc0b7f0cec3815ac05a30b2c2f6457be3050 f2fs: fix to do sanity check on inode type during garbage collection |
| |
| CVEs fixed in 5.15.18: |
| CVE-2022-0330: 8a17a077e7e9ecce25c95dbdb27843d2d6c2f0f7 drm/i915: Flush TLBs before releasing backing store |
| CVE-2022-22942: 6066977961fc6f437bc064f628cf9b0e4571c56c drm/vmwgfx: Fix stale file descriptors on failed usercopy |
| |
| CVEs fixed in 5.15.19: |
| CVE-2022-0617: cbf96c58e28b1fece9630102781a93ff32c347f7 udf: Fix NULL ptr deref when converting from inline format |
| CVE-2022-24448: 4c36ca387af4a9b5d775e46a6cb9dc2d151bf057 NFSv4: Handle case where the lookup of a directory fails |
| CVE-2022-24959: 0690c3943ed0fa76654e600eca38cde6a13c87ac yam: fix a memory leak in yam_siocdevprivate() |
| |
| CVEs fixed in 5.15.20: |
| CVE-2022-0492: 4b1c32bfaa02255a5df602b41587174004996477 cgroup-v1: Require capabilities to set release_agent |
| CVE-2022-1055: f36cacd6c933183c1a8827d5987cf2cfc0a44c76 net: sched: fix use-after-free in tc_new_tfilter() |
| |
| CVEs fixed in 5.15.23: |
| CVE-2022-0435: 1f1788616157b0222b0c2153828b475d95e374a7 tipc: improve size validations for received domain records |
| CVE-2022-0487: af0e6c49438b1596e4be8a267d218a0c88a42323 moxart: fix potential use-after-free on remove path |
| CVE-2022-0516: 14f880ea779e11a6c162f122c1199e3578e6e3f3 KVM: s390: Return error on SIDA memop on normal guest |
| |
| CVEs fixed in 5.15.24: |
| CVE-2022-25258: 3e33e5c67cb9ebd2b791b9a9fb2b71daacebd8d4 USB: gadget: validate interface OS descriptor requests |
| CVE-2022-25375: 2da3b0ab54fb7f4d7c5a82757246d0ee33a47197 usb: gadget: rndis: check size of RNDIS_MSG_SET command |
| |
| CVEs fixed in 5.15.25: |
| CVE-2022-0847: 114e9f141822e6977633d322c1b03e89bd209932 lib/iov_iter: initialize "flags" in new pipe_buffer |
| CVE-2022-20008: f3ff5f75d8f6367eac7556c9db1227bb43e5c615 mmc: block: fix read single on recovery logic |
| CVE-2022-27950: de0d102d0c8c681fc9a3263d842fb35f7cf662f4 HID: elo: fix memory leak in elo_probe |
| |
| CVEs fixed in 5.15.26: |
| CVE-2022-25636: 6c5d780469d6c3590729940e2be8a3bd66ea4814 netfilter: nf_tables_offload: incorrect flow offload action array size |
| CVE-2022-26966: 9f2d614779906f3d8ad4fb882c5b3e5ad6150bbe sr9700: sanity check for packet length |
| CVE-2022-27223: 2c775ad1fd5e014b35e483da2aab8400933fb09d USB: gadget: validate endpoint index for xilinx udc |
| CVE-2022-29156: bf2cfad0c6e4b0d1b34d26420fddaf18dc25e56d RDMA/rtrs-clt: Fix possible double free in error case |
| |
| CVEs fixed in 5.15.27: |
| CVE-2022-0494: a1ba98731518b811ff90009505c1aebf6e400bc2 block-map: add __GFP_ZERO flag for alloc_page in function bio_copy_kern |
| CVE-2022-0742: 771aca9bc70709771f66c3e7c00ce87339aa1790 ipv6: fix skb drops in igmp6_event_query() and igmp6_event_report() |
| CVE-2022-24958: 07de9a494b5ae41b9253411a8e9576d7fceedcc3 usb: gadget: don't release an existing dev->buf |
| |
| CVEs fixed in 5.15.28: |
| CVE-2021-26401: a56566d7a957c34811384d6300a53a97be94cd20 x86/speculation: Use generic retpoline by default on AMD |
| CVE-2022-0001: f150b6fccf7fa0e7e7275f0785798547db832c7b x86/speculation: Rename RETPOLINE_AMD to RETPOLINE_LFENCE |
| CVE-2022-0002: f150b6fccf7fa0e7e7275f0785798547db832c7b x86/speculation: Rename RETPOLINE_AMD to RETPOLINE_LFENCE |
| CVE-2022-23036: 1dd5b4b230f6d1345708c6204ccacdf83d53feaf xen/grant-table: add gnttab_try_end_foreign_access() |
| CVE-2022-23037: 5d5fa1d53a31c799b85112841c3c639c7baac1c4 xen/netfront: don't use gnttab_query_foreign_access() for mapped status |
| CVE-2022-23038: 1dd5b4b230f6d1345708c6204ccacdf83d53feaf xen/grant-table: add gnttab_try_end_foreign_access() |
| CVE-2022-23039: f06e3edaeac1942c4ff42072e3d98ee8c762c5fa xen/gntalloc: don't use gnttab_query_foreign_access() |
| CVE-2022-23040: 66cb2bbb522b0d5e4f6a11558ff7bfdf3f7d31f3 xen/xenbus: don't let xenbus_grant_ring() remove grants in error case |
| CVE-2022-23041: a019d26830e8a04933e38e4fcc507dcfbc6ccc72 xen/9p: use alloc/free_pages_exact() |
| CVE-2022-23042: dea18aef2021022a568f4d385a1386f51a9df6ff xen/netfront: react properly to failing gnttab_end_foreign_access_ref() |
| CVE-2022-23960: f02cab2bed1a3493a230e54d83ff117bc59f480e ARM: report Spectre v2 status through sysfs |
| |
| CVEs fixed in 5.15.29: |
| CVE-2022-0854: 2c1f97af38be151527380796d31d3c9adb054bf9 swiotlb: rework "fix info leak with DMA_FROM_DEVICE" |
| CVE-2022-0995: 1b09f28f70a5046acd64138075ae3f095238b045 watch_queue: Fix filter limit check |
| CVE-2022-1011: ca62747b38f59d4e75967ebf63c992de8852ca1b fuse: fix pipe buffer lifetime for direct_io |
| CVE-2022-1199: 46ad629e58ce3a88c924ff3c5a7e9129b0df5659 ax25: Fix NULL pointer dereference in ax25_kill_by_device |
| CVE-2022-27666: 4aaabbffc3b0658ce80eebdde9bafa20a3f932e0 esp: Fix possible buffer overflow in ESP transformation |
| |
| CVEs fixed in 5.15.32: |
| CVE-2022-1015: 1bd57dea456149619f3b80d67eee012122325af8 netfilter: nf_tables: validate registers coming from userspace. |
| CVE-2022-1016: fafb904156fbb8f1dd34970cd5223e00b47c33be netfilter: nf_tables: initialize registers in nft_do_chain() |
| CVE-2022-1048: 33061d0fba51d2bf70a2ef9645f703c33fe8e438 ALSA: pcm: Fix races among concurrent hw_params and hw_free calls |
| CVE-2022-26490: a34c47b1ab07153a047476de83581dc822287f39 nfc: st21nfca: Fix potential buffer overflows in EVT_TRANSACTION |
| CVE-2022-28356: e9072996108387ab19b497f5b557c93f98d96b0b llc: fix netdevice reference leaks in llc_ui_bind() |
| |
| CVEs fixed in 5.15.33: |
| CVE-2022-0168: 39a4bf7d1a23dd172526c2fb0db480c5d5c63bd6 cifs: fix NULL ptr dereference in smb2_ioctl_query_info() |
| CVE-2022-1158: 8771d9673e0bdb7148299f3c074667124bde6dff KVM: x86/mmu: do compare-and-exchange of gPTE via the user address |
| CVE-2022-1198: 3eb18f8a1d02a9462a0e4903efc674ca3d0406d1 drivers: hamradio: 6pack: fix UAF bug caused by mod_timer() |
| CVE-2022-1353: d06ee4572fd916fbb34d16dc81eb37d1dff83446 af_key: add __GFP_ZERO flag for compose_sadb_supported in function pfkey_register |
| CVE-2022-1516: 409570a619c1cda2e0fde6018a256b9e3d3ba0ee net/x25: Fix null-ptr-deref caused by x25_disconnect |
| CVE-2022-1651: 1d5103d9bb7d42fc220afe9f01ec6b9fe0ea5773 virt: acrn: fix a memory leak in acrn_dev_ioctl() |
| CVE-2022-1671: 432297011caf71dbc95c3365a65adf365e79aff3 rxrpc: fix some null-ptr-deref bugs in server_key.c |
| CVE-2022-28388: f2ce5238904f539648aaf56c5ee49e5eaf44d8fc can: usb_8dev: usb_8dev_start_xmit(): fix double dev_kfree_skb() in error path |
| CVE-2022-28389: 37f07ad24866c6c1423b37b131c9a42414bcf8a1 can: mcba_usb: mcba_usb_start_xmit(): fix double dev_kfree_skb in error path |
| CVE-2022-28390: 459b19f42fd5e031e743dfa119f44aba0b62ff97 can: ems_usb: ems_usb_start_xmit(): fix double dev_kfree_skb() in error path |
| CVE-2022-30594: b6d75218ff65f4d63c9cf4986f6c55666fb90a1a ptrace: Check PTRACE_O_SUSPEND_SECCOMP permission on PTRACE_SEIZE |
| |
| CVEs fixed in 5.15.34: |
| CVE-2022-1263: 226b4327ef5c88572fc12187193f1b5073c10837 KVM: avoid NULL pointer dereference in kvm_dirty_ring_push |
| CVE-2022-29582: ba7261af2b030ab2c06189be1fc77b273716839f io_uring: fix race between timeout flush and removal |
| |
| CVEs fixed in 5.15.35: |
| CVE-2022-1204: 452ae92b99062d2f6a34324eaf705a3b7eac9f8b ax25: Fix refcount leaks caused by ax25_cb_del() |
| CVE-2022-1205: 43c107021d9160f6a1610bafba6dadc0323ae548 ax25: Fix NULL pointer dereferences in ax25 timers |
| |
| CVEs fixed in 5.15.36: |
| CVE-2022-29581: ba9e9a794fd1689bf7e8a7452c55f3d3cbda7728 net/sched: cls_u32: fix netns refcount changes in u32_change() |
| |
| CVEs fixed in 5.15.37: |
| CVE-2022-0500: b453361384c2db1c703dacb806d5fd36aec4ceca bpf: Introduce MEM_RDONLY flag |
| CVE-2022-1836: e52da8e4632f9c8fe78bf1c5881ce6871c7e08f3 floppy: disable FDRAWCMD by default |
| CVE-2022-23222: 8d38cde47a7e17b646401fa92d916503caa5375e bpf: Replace PTR_TO_XXX_OR_NULL with PTR_TO_XXX | PTR_MAYBE_NULL |
| |
| CVEs fixed in 5.15.39: |
| CVE-2022-1734: b8f2b836e7d0a553b886654e8b3925a85862d2eb nfc: nfcmrvl: main: reorder destructive operations in nfcmrvl_nci_unregister_dev to avoid bugs |
| |
| CVEs fixed in 5.15.41: |
| CVE-2022-1012: 1a8ee547da2b64d6a2aedbd38a691578eff14718 secure_seq: use the 64 bits of the siphash for port offset calculation |
| CVE-2022-28893: 54f6834b283d9b4d070b0639d9ef5e1d156fe7b0 SUNRPC: Ensure we flush any closed sockets before xs_xprt_free() |
| |
| CVEs fixed in 5.15.42: |
| CVE-2022-1729: e085354dde254bc6c83ee604ea66c2b36f9f9067 perf: Fix sys_perf_event_open() race against self |
| |
| Outstanding CVEs: |
| CVE-2005-3660: (unk) |
| CVE-2007-3719: (unk) |
| CVE-2008-2544: (unk) |
| CVE-2008-4609: (unk) |
| CVE-2010-4563: (unk) |
| CVE-2010-5321: (unk) |
| CVE-2011-4917: (unk) |
| CVE-2012-4542: (unk) |
| CVE-2013-7445: (unk) |
| CVE-2015-2877: (unk) |
| CVE-2016-8660: (unk) |
| CVE-2017-13693: (unk) |
| CVE-2017-13694: (unk) |
| CVE-2018-1121: (unk) |
| CVE-2018-12928: (unk) |
| CVE-2018-12929: (unk) |
| CVE-2018-12930: (unk) |
| CVE-2018-12931: (unk) |
| CVE-2018-17977: (unk) |
| CVE-2019-0146: (unk) |
| CVE-2019-12456: (unk) |
| CVE-2019-15239: (unk) unknown |
| CVE-2019-15290: (unk) |
| CVE-2019-15902: (unk) unknown |
| CVE-2019-16089: (unk) |
| CVE-2019-19378: (unk) |
| CVE-2019-19814: (unk) |
| CVE-2019-20794: (unk) |
| CVE-2020-0347: (unk) |
| CVE-2020-10708: (unk) |
| CVE-2020-11725: (unk) |
| CVE-2020-14304: (unk) |
| CVE-2020-15802: (unk) |
| CVE-2020-24502: (unk) |
| CVE-2020-24503: (unk) |
| CVE-2020-25220: (unk) |
| CVE-2020-26140: (unk) |
| CVE-2020-26142: (unk) |
| CVE-2020-26143: (unk) |
| CVE-2020-26555: (unk) |
| CVE-2020-26556: (unk) |
| CVE-2020-26557: (unk) |
| CVE-2020-26559: (unk) |
| CVE-2020-26560: (unk) |
| CVE-2020-35501: (unk) |
| CVE-2020-36516: (unk) |
| CVE-2021-0399: (unk) |
| CVE-2021-0695: (unk) |
| CVE-2021-26934: (unk) |
| CVE-2021-33061: (unk) ixgbe: add improvement for MDD response functionality |
| CVE-2021-33135: (unk) |
| CVE-2021-3542: (unk) |
| CVE-2021-3714: (unk) |
| CVE-2021-3847: (unk) |
| CVE-2021-3864: (unk) |
| CVE-2021-3892: (unk) |
| CVE-2021-39800: (unk) |
| CVE-2021-39801: (unk) |
| CVE-2021-39802: (unk) |
| CVE-2021-4095: (unk) KVM: x86: Fix wall clock writes in Xen shared_info not to mark page dirty |
| CVE-2021-4204: (unk) bpf: Generalize check_ctx_reg for reuse with other types |
| CVE-2022-0171: (unk) |
| CVE-2022-0400: (unk) |
| CVE-2022-0998: (unk) vdpa: clean up get_config_size ret value handling |
| CVE-2022-1116: (unk) |
| CVE-2022-1184: (unk) |
| CVE-2022-1247: (unk) |
| CVE-2022-1652: (unk) |
| CVE-2022-1679: (unk) |
| CVE-2022-1789: (unk) KVM: x86/mmu: fix NULL pointer dereference on guest INVPCID |
| CVE-2022-24122: (unk) ucount: Make get_ucount a safe get_user replacement |
| CVE-2022-25265: (unk) |
| CVE-2022-26878: (unk) |
| CVE-2022-28796: (unk) jbd2: fix use-after-free of transaction_t race |
| CVE-2022-29968: (unk) io_uring: fix uninitialized field in rw io_kiocb |
