data/5.13/5.13_security.txt - mirrors/github.com/nluedtke/linux_kernel_cves - Git at Google


 CVEs fixed in 5.13:
   CVE-2021-22543: f8be156be163a052a067306417cd0ff679068c97 KVM: do not allow mapping valid but non-reference-counted pages
   CVE-2021-35039: 0c18f29aae7ce3dadd26d8ee3505d07cc982df75 module: limit enabling module.sig_enforce

 CVEs fixed in 5.13.2:
   CVE-2021-3609: 014f8baa9d240c4cf7180d37abd625fd4a4527c8 can: bcm: delay release of struct bcm_op after synchronize_rcu()
   CVE-2022-0850: befdd44d46329dc8ab9459c891287cc29f2ef4bf ext4: fix kernel infoleak via ext4_extent_header

 CVEs fixed in 5.13.3:
   CVE-2021-34981: 5c73a8008035879a27f4bcf2d87869d039cb98fb Bluetooth: cmtp: fix file refcount when cmtp_attach_device fails
   CVE-2021-3655: 4ecabee69d190f2bd9bdc5140109a27231428413 sctp: validate from_addr_param return
   CVE-2021-38205: 8722275b41d5127048e1422a8a1b6370b4878533 net: xilinx_emaclite: Do not print real IOMEM pointer
   CVE-2021-45485: 8853d2ce4e9e96c7b2a9908f752ab2253c99c6ab ipv6: use prandom_u32() for ID generation

 CVEs fixed in 5.13.4:
   CVE-2021-33909: 71de462034c69525a5049fbdf3903c5833cbce04 seq_file: disallow extremely large seq buffer allocations
   CVE-2021-38160: 21a06a244d2576f93cbc9ce9bf95814c2810c36a virtio_console: Assure used length from device is limited
   CVE-2021-38199: b0bfac939030181177373f549398ba94c384713d NFSv4: Initialise connection to the server in nfs4_alloc_client()
   CVE-2021-38201: a02357d7532b88e97329bd7786c7e72601109704 sunrpc: Avoid a KASAN slab-out-of-bounds bug in xdr_set_page_base()
   CVE-2021-38202: 7605bff387a9972038b217b6c60998778dbae931 NFSD: Prevent a possible oops in the nfs_dirent() tracepoint
   CVE-2021-38203: 789b24d9950d3e67b227f81b3fab912a8fb257af btrfs: fix deadlock with concurrent chunk allocations involving system chunks
   CVE-2021-4154: a41573667b39152176f6b08d10b4deb171e541c4 cgroup: verify that source is a string

 CVEs fixed in 5.13.6:
   CVE-2021-3679: 917a5bdd114a27c159796928cb3c09723a51d1c7 tracing: Fix bug in rb_per_cpu_empty() that might cause deadloop.
   CVE-2021-37159: eeaa4b8d1e2e6f10362673d283a97dccc7275afa usb: hso: fix error handling code of hso_create_net_device
   CVE-2021-37576: 35e114e6f84ab559eb35a5ac73590d23a43f22ba KVM: PPC: Book3S: Fix H_RTAS rets buffer overflow
   CVE-2021-38204: d4179cdb769a651f2ae89c325612a69bf6fbdf70 usb: max-3421: Prevent corruption of freed memory
   CVE-2022-0286: 9863701fa0ecd2abfadb27b0e7a9b0fe1c9d02b6 bonding: fix null dereference in bond_ipsec_add_sa()

 CVEs fixed in 5.13.7:
   CVE-2021-0920: 72d0df0831ff5766dc102f38bb5e9d8d8add0014 af_unix: fix garbage collect vs MSG_PEEK

 CVEs fixed in 5.13.8:
   CVE-2021-34556: ddab060f996e17b38bb181c5fd11a83fd1bfa0df bpf: Introduce BPF nospec instruction for mitigating Spectre v4
   CVE-2021-35477: ddab060f996e17b38bb181c5fd11a83fd1bfa0df bpf: Introduce BPF nospec instruction for mitigating Spectre v4

 CVEs fixed in 5.13.11:
   CVE-2021-3732: 41812f4b84484530057513478c6770590347dc30 ovl: prevent private clone if bind mount is not allowed

 CVEs fixed in 5.13.12:
   CVE-2021-3653: a0949ee63cf95408870a564ccad163018b1a9e6b KVM: nSVM: avoid picking up unsupported bits from L2 in int_ctl (CVE-2021-3653)
   CVE-2021-3656: 639a033fd765ed473dfee27028df5ccbe1038a2e KVM: nSVM: always intercept VMLOAD/VMSAVE when nested (CVE-2021-3656)
   CVE-2021-38166: ada7135e6d998030de0d166aa6a2438031f70fe3 bpf: Fix integer overflow involving bucket_size

 CVEs fixed in 5.13.13:
   CVE-2021-42008: 010d7ad77e2d87686eb64688fdf40532cb55c429 net: 6pack: fix slab-out-of-bounds in decode_data
   CVE-2022-1043: a57b2a703e4440b9490cc8888618af9b05f2b457 io_uring: fix xa_alloc_cycle() error return value check

 CVEs fixed in 5.13.14:
   CVE-2021-34866: a31b3b8d3cbfb37f528d77eee94bb8a6afc48999 bpf: Fix ringbuf helper function compatibility
   CVE-2021-3739: 301aabe0239f227818622096be7e180fcdbedf80 btrfs: fix NULL pointer dereference when deleting device by invalid id
   CVE-2021-3753: a5dfcf3d8ecc549f8dc324ab6caf9dd14de87986 vt_kdsetmode: extend console locking
   CVE-2021-39633: 01951aeafc407b6e1c5d4e865286dae0ff92b1cb ip_gre: add validation for csum_start

 CVEs fixed in 5.13.15:
   CVE-2021-40490: c764e8fa4491da66780fcb30a0d43bfd3fccd12c ext4: fix race writing to an inline_data file while its xattrs are changing

 CVEs fixed in 5.13.17:
   CVE-2021-20322: 8fda1d970f9e2bf3ba7d8c3662099f46765781bd ipv6: make exception cache less predictible

 CVEs fixed in 5.13.19:
   CVE-2021-42252: 306b5b24496def5a2a9e18e9d945755052fb0fd4 soc: aspeed: lpc-ctrl: Fix boundary check for mmap

 Outstanding CVEs:
   CVE-2005-3660: (unk)
   CVE-2007-3719: (unk)
   CVE-2008-2544: (unk)
   CVE-2008-4609: (unk)
   CVE-2010-4563: (unk)
   CVE-2010-5321: (unk)
   CVE-2011-4917: (unk)
   CVE-2012-4542: (unk)
   CVE-2013-7445: (unk)
   CVE-2015-2877: (unk)
   CVE-2016-8660: (unk)
   CVE-2017-13693: (unk)
   CVE-2017-13694: (unk)
   CVE-2018-1121: (unk)
   CVE-2018-12928: (unk)
   CVE-2018-12929: (unk)
   CVE-2018-12930: (unk)
   CVE-2018-12931: (unk)
   CVE-2018-17977: (unk)
   CVE-2019-0146: (unk)
   CVE-2019-12456: (unk)
   CVE-2019-15239: (unk) unknown
   CVE-2019-15290: (unk)
   CVE-2019-15902: (unk) unknown
   CVE-2019-16089: (unk)
   CVE-2019-19378: (unk)
   CVE-2019-19814: (unk)
   CVE-2019-20794: (unk)
   CVE-2020-0347: (unk)
   CVE-2020-10708: (unk)
   CVE-2020-11725: (unk)
   CVE-2020-14304: (unk)
   CVE-2020-15802: (unk)
   CVE-2020-16119: (unk) dccp: don't duplicate ccid when cloning dccp sock
   CVE-2020-24502: (unk)
   CVE-2020-24503: (unk)
   CVE-2020-25220: (unk)
   CVE-2020-26140: (unk)
   CVE-2020-26142: (unk)
   CVE-2020-26143: (unk)
   CVE-2020-26555: (unk)
   CVE-2020-26556: (unk)
   CVE-2020-26557: (unk)
   CVE-2020-26559: (unk)
   CVE-2020-26560: (unk)
   CVE-2020-27820: (unk) drm/nouveau: use drm_dev_unplug() during device removal
   CVE-2020-35501: (unk)
   CVE-2020-36516: (unk)
   CVE-2021-0399: (unk)
   CVE-2021-0695: (unk)
   CVE-2021-20320: (unk) s390/bpf: Fix optimizing out zero-extensions
   CVE-2021-20321: (unk) ovl: fix missing negative dentry check in ovl_rename()
   CVE-2021-22600: (unk) net/packet: rx_owner_map depends on pg_vec
   CVE-2021-26401: (unk) x86/speculation: Use generic retpoline by default on AMD
   CVE-2021-26934: (unk)
   CVE-2021-28711: (unk) xen/blkfront: harden blkfront against event channel storms
   CVE-2021-28712: (unk) xen/netfront: harden netfront against event channel storms
   CVE-2021-28713: (unk) xen/console: harden hvc_xen against event channel storms
   CVE-2021-28714: (unk) xen/netback: fix rx queue stall detection
   CVE-2021-28715: (unk) xen/netback: don't queue unlimited number of packages
   CVE-2021-33061: (unk) ixgbe: add improvement for MDD response functionality
   CVE-2021-33135: (unk)
   CVE-2021-3542: (unk)
   CVE-2021-3640: (unk) Bluetooth: sco: Fix lock_sock() blockage by memcpy_from_msg()
   CVE-2021-3669: (unk) ipc: replace costly bailout check in sysvipc_find_ipc()
   CVE-2021-3714: (unk)
   CVE-2021-3744: (unk) crypto: ccp - fix resource leaks in ccp_run_aes_gcm_cmd()
   CVE-2021-3752: (unk) Bluetooth: fix use-after-free error in lock_sock_nested()
   CVE-2021-3759: (unk) memcg: enable accounting of ipc resources
   CVE-2021-3760: (unk) nfc: nci: fix the UAF of rf_conn_info object
   CVE-2021-3764: (unk) crypto: ccp - fix resource leaks in ccp_run_aes_gcm_cmd()
   CVE-2021-3772: (unk) sctp: use init_tag from inithdr for ABORT chunk
   CVE-2021-38300: (unk) bpf, mips: Validate conditional branch offsets
   CVE-2021-3847: (unk)
   CVE-2021-3864: (unk)
   CVE-2021-3892: (unk)
   CVE-2021-3894: (unk) sctp: account stream padding length for reconf chunk
   CVE-2021-3896: (unk) isdn: cpai: check ctr->cnr to avoid array index out of bound
   CVE-2021-39685: (unk) USB: gadget: detect too-big endpoint 0 requests
   CVE-2021-39686: (unk) binder: use euid from cred instead of using task
   CVE-2021-39698: (unk) wait: add wake_up_pollfree()
   CVE-2021-39800: (unk)
   CVE-2021-39801: (unk)
   CVE-2021-39802: (unk)
   CVE-2021-4001: (unk) bpf: Fix toctou on read-only map's constant scalar tracking
   CVE-2021-4002: (unk) hugetlbfs: flush TLBs correctly after huge_pmd_unshare
   CVE-2021-4023: (unk) io-wq: fix cancellation on create-worker failure
   CVE-2021-4028: (unk) RDMA/cma: Do not change route.addr.src_addr.ss_family
   CVE-2021-4083: (unk) fget: check that the fd still exists after getting a ref to it
   CVE-2021-4090: (unk) NFSD: Fix exposure in nfsd4_decode_bitmap()
   CVE-2021-4093: (unk) KVM: SEV-ES: go over the sev_pio_data buffer in multiple passes if needed
   CVE-2021-4095: (unk) KVM: x86: Fix wall clock writes in Xen shared_info not to mark page dirty
   CVE-2021-41073: (unk) io_uring: ensure symmetry in handling iter types in loop_rw_iter()
   CVE-2021-4135: (unk) netdevsim: Zero-initialize memory for new map's value in function nsim_bpf_map_alloc
   CVE-2021-4148: (unk) mm: khugepaged: skip huge page collapse for special files
   CVE-2021-4149: (unk) btrfs: unlock newly allocated extent buffer after error
   CVE-2021-4150: (unk) block: fix incorrect references to disk objects
   CVE-2021-4155: (unk) xfs: map unwritten blocks in XFS_IOC_{ALLOC,FREE}SP just like fallocate
   CVE-2021-41864: (unk) bpf: Fix integer overflow in prealloc_elems_and_freelist()
   CVE-2021-4197: (unk) cgroup: Use open-time credentials for process migraton perm checks
   CVE-2021-4202: (unk) NFC: reorganize the functions in nci_request
   CVE-2021-4203: (unk) af_unix: fix races in sk_peer_pid and sk_peer_cred accesses
   CVE-2021-4204: (unk) bpf: Generalize check_ctx_reg for reuse with other types
   CVE-2021-42327: (unk) drm/amdgpu: fix out of bounds write
   CVE-2021-42739: (unk) media: firewire: firedtv-avc: fix a buffer overflow in avc_ca_pmt()
   CVE-2021-43056: (unk) KVM: PPC: Book3S HV: Make idle_kvm_start_guest() return 0 if it went to guest
   CVE-2021-43057: (unk) selinux,smack: fix subjective/objective credential use mixups
   CVE-2021-43267: (unk) tipc: fix size validations for the MSG_CRYPTO type
   CVE-2021-43389: (unk) isdn: cpai: check ctr->cnr to avoid array index out of bound
   CVE-2021-43975: (unk) atlantic: Fix OOB read and write in hw_atl_utils_fw_rpc_wait
   CVE-2021-43976: (unk) mwifiex: Fix skb_over_panic in mwifiex_usb_recv()
   CVE-2021-44733: (unk) tee: handle lookup of shm with reference count 0
   CVE-2021-44879: (unk) f2fs: fix to do sanity check on inode type during garbage collection
   CVE-2021-45095: (unk) phonet: refcount leak in pep_sock_accep
   CVE-2021-45402: (unk) bpf: Fix signed bounds propagation after mov32
   CVE-2021-45469: (unk) f2fs: fix to do sanity check on last xattr entry in __f2fs_setxattr()
   CVE-2021-45480: (unk) rds: memory leak in __rds_conn_create()
   CVE-2021-45868: (unk) quota: check block number when reading the block in quota file
   CVE-2022-0001: (unk) x86/speculation: Rename RETPOLINE_AMD to RETPOLINE_LFENCE
   CVE-2022-0002: (unk) x86/speculation: Rename RETPOLINE_AMD to RETPOLINE_LFENCE
   CVE-2022-0168: (unk) cifs: fix NULL ptr dereference in smb2_ioctl_query_info()
   CVE-2022-0171: (unk)
   CVE-2022-0185: (unk) vfs: fs_context: fix up param length parsing in legacy_parse_param
   CVE-2022-0264: (unk) bpf: Fix kernel address leakage in atomic fetch
   CVE-2022-0322: (unk) sctp: account stream padding length for reconf chunk
   CVE-2022-0330: (unk) drm/i915: Flush TLBs before releasing backing store
   CVE-2022-0382: (unk) net ticp:fix a kernel-infoleak in __tipc_sendmsg()
   CVE-2022-0400: (unk)
   CVE-2022-0435: (unk) tipc: improve size validations for received domain records
   CVE-2022-0480: (unk) memcg: enable accounting for file lock caches
   CVE-2022-0487: (unk) moxart: fix potential use-after-free on remove path
   CVE-2022-0492: (unk) cgroup-v1: Require capabilities to set release_agent
   CVE-2022-0494: (unk) block-map: add __GFP_ZERO flag for alloc_page in function bio_copy_kern
   CVE-2022-0500: (unk) bpf: Introduce MEM_RDONLY flag
   CVE-2022-0516: (unk) KVM: s390: Return error on SIDA memop on normal guest
   CVE-2022-0617: (unk) udf: Fix NULL ptr deref when converting from inline format
   CVE-2022-0644: (unk) vfs: check fd has read access in kernel_read_file_from_fd()
   CVE-2022-0742: (unk) ipv6: fix skb drops in igmp6_event_query() and igmp6_event_report()
   CVE-2022-0847: (unk) lib/iov_iter: initialize "flags" in new pipe_buffer
   CVE-2022-0854: (unk) swiotlb: rework "fix info leak with DMA_FROM_DEVICE"
   CVE-2022-0995: (unk) watch_queue: Fix filter limit check
   CVE-2022-0998: (unk) vdpa: clean up get_config_size ret value handling
   CVE-2022-1011: (unk) fuse: fix pipe buffer lifetime for direct_io
   CVE-2022-1012: (unk) secure_seq: use the 64 bits of the siphash for port offset calculation
   CVE-2022-1015: (unk) netfilter: nf_tables: validate registers coming from userspace.
   CVE-2022-1016: (unk) netfilter: nf_tables: initialize registers in nft_do_chain()
   CVE-2022-1048: (unk) ALSA: pcm: Fix races among concurrent hw_params and hw_free calls
   CVE-2022-1055: (unk) net: sched: fix use-after-free in tc_new_tfilter()
   CVE-2022-1116: (unk)
   CVE-2022-1158: (unk) KVM: x86/mmu: do compare-and-exchange of gPTE via the user address
   CVE-2022-1184: (unk)
   CVE-2022-1195: (unk) hamradio: improve the incomplete fix to avoid NPD
   CVE-2022-1198: (unk) drivers: hamradio: 6pack: fix UAF bug caused by mod_timer()
   CVE-2022-1199: (unk) ax25: Fix NULL pointer dereference in ax25_kill_by_device
   CVE-2022-1204: (unk) ax25: Fix refcount leaks caused by ax25_cb_del()
   CVE-2022-1205: (unk) ax25: Fix NULL pointer dereferences in ax25 timers
   CVE-2022-1247: (unk)
   CVE-2022-1263: (unk) KVM: avoid NULL pointer dereference in kvm_dirty_ring_push
   CVE-2022-1280: (unk) drm: avoid circular locks in drm_mode_getconnector
   CVE-2022-1353: (unk) af_key: add __GFP_ZERO flag for compose_sadb_supported in function pfkey_register
   CVE-2022-1462: (unk)
   CVE-2022-1508: (unk) io_uring: reexpand under-reexpanded iters
   CVE-2022-1516: (unk) net/x25: Fix null-ptr-deref caused by x25_disconnect
   CVE-2022-1651: (unk) virt: acrn: fix a memory leak in acrn_dev_ioctl()
   CVE-2022-1652: (unk)
   CVE-2022-1671: (unk) rxrpc: fix some null-ptr-deref bugs in server_key.c
   CVE-2022-1679: (unk)
   CVE-2022-1729: (unk) perf: Fix sys_perf_event_open() race against self
   CVE-2022-1734: (unk) nfc: nfcmrvl: main: reorder destructive operations in nfcmrvl_nci_unregister_dev to avoid bugs
   CVE-2022-1789: (unk) KVM: x86/mmu: fix NULL pointer dereference on guest INVPCID
   CVE-2022-1836: (unk) floppy: disable FDRAWCMD by default
   CVE-2022-1882: (unk)
   CVE-2022-20008: (unk) mmc: block: fix read single on recovery logic
   CVE-2022-22942: (unk) drm/vmwgfx: Fix stale file descriptors on failed usercopy
   CVE-2022-23036: (unk) xen/grant-table: add gnttab_try_end_foreign_access()
   CVE-2022-23037: (unk) xen/netfront: don't use gnttab_query_foreign_access() for mapped status
   CVE-2022-23038: (unk) xen/grant-table: add gnttab_try_end_foreign_access()
   CVE-2022-23039: (unk) xen/gntalloc: don't use gnttab_query_foreign_access()
   CVE-2022-23040: (unk) xen/xenbus: don't let xenbus_grant_ring() remove grants in error case
   CVE-2022-23041: (unk) xen/9p: use alloc/free_pages_exact()
   CVE-2022-23042: (unk) xen/netfront: react properly to failing gnttab_end_foreign_access_ref()
   CVE-2022-23222: (unk) bpf: Replace PTR_TO_XXX_OR_NULL with PTR_TO_XXX | PTR_MAYBE_NULL
   CVE-2022-23960: (unk) ARM: report Spectre v2 status through sysfs
   CVE-2022-24448: (unk) NFSv4: Handle case where the lookup of a directory fails
   CVE-2022-24958: (unk) usb: gadget: don't release an existing dev->buf
   CVE-2022-24959: (unk) yam: fix a memory leak in yam_siocdevprivate()
   CVE-2022-25258: (unk) USB: gadget: validate interface OS descriptor requests
   CVE-2022-25265: (unk)
   CVE-2022-25375: (unk) usb: gadget: rndis: check size of RNDIS_MSG_SET command
   CVE-2022-25636: (unk) netfilter: nf_tables_offload: incorrect flow offload action array size
   CVE-2022-26490: (unk) nfc: st21nfca: Fix potential buffer overflows in EVT_TRANSACTION
   CVE-2022-26878: (unk)
   CVE-2022-26966: (unk) sr9700: sanity check for packet length
   CVE-2022-27223: (unk) USB: gadget: validate endpoint index for xilinx udc
   CVE-2022-27666: (unk) esp: Fix possible buffer overflow in ESP transformation
   CVE-2022-27950: (unk) HID: elo: fix memory leak in elo_probe
   CVE-2022-28356: (unk) llc: fix netdevice reference leaks in llc_ui_bind()
   CVE-2022-28388: (unk) can: usb_8dev: usb_8dev_start_xmit(): fix double dev_kfree_skb() in error path
   CVE-2022-28389: (unk) can: mcba_usb: mcba_usb_start_xmit(): fix double dev_kfree_skb in error path
   CVE-2022-28390: (unk) can: ems_usb: ems_usb_start_xmit(): fix double dev_kfree_skb() in error path
   CVE-2022-28796: (unk) jbd2: fix use-after-free of transaction_t race
   CVE-2022-28893: (unk) SUNRPC: Ensure we flush any closed sockets before xs_xprt_free()
   CVE-2022-29156: (unk) RDMA/rtrs-clt: Fix possible double free in error case
   CVE-2022-29581: (unk) net/sched: cls_u32: fix netns refcount changes in u32_change()
   CVE-2022-29582: (unk) io_uring: fix race between timeout flush and removal
   CVE-2022-29968: (unk) io_uring: fix uninitialized field in rw io_kiocb
   CVE-2022-30594: (unk) ptrace: Check PTRACE_O_SUSPEND_SECCOMP permission on PTRACE_SEIZE

	CVEs fixed in 5.13:
	CVE-2021-22543: f8be156be163a052a067306417cd0ff679068c97 KVM: do not allow mapping valid but non-reference-counted pages
	CVE-2021-35039: 0c18f29aae7ce3dadd26d8ee3505d07cc982df75 module: limit enabling module.sig_enforce

	CVEs fixed in 5.13.2:
	CVE-2021-3609: 014f8baa9d240c4cf7180d37abd625fd4a4527c8 can: bcm: delay release of struct bcm_op after synchronize_rcu()
	CVE-2022-0850: befdd44d46329dc8ab9459c891287cc29f2ef4bf ext4: fix kernel infoleak via ext4_extent_header

	CVEs fixed in 5.13.3:
	CVE-2021-34981: 5c73a8008035879a27f4bcf2d87869d039cb98fb Bluetooth: cmtp: fix file refcount when cmtp_attach_device fails
	CVE-2021-3655: 4ecabee69d190f2bd9bdc5140109a27231428413 sctp: validate from_addr_param return
	CVE-2021-38205: 8722275b41d5127048e1422a8a1b6370b4878533 net: xilinx_emaclite: Do not print real IOMEM pointer
	CVE-2021-45485: 8853d2ce4e9e96c7b2a9908f752ab2253c99c6ab ipv6: use prandom_u32() for ID generation

	CVEs fixed in 5.13.4:
	CVE-2021-33909: 71de462034c69525a5049fbdf3903c5833cbce04 seq_file: disallow extremely large seq buffer allocations
	CVE-2021-38160: 21a06a244d2576f93cbc9ce9bf95814c2810c36a virtio_console: Assure used length from device is limited
	CVE-2021-38199: b0bfac939030181177373f549398ba94c384713d NFSv4: Initialise connection to the server in nfs4_alloc_client()
	CVE-2021-38201: a02357d7532b88e97329bd7786c7e72601109704 sunrpc: Avoid a KASAN slab-out-of-bounds bug in xdr_set_page_base()
	CVE-2021-38202: 7605bff387a9972038b217b6c60998778dbae931 NFSD: Prevent a possible oops in the nfs_dirent() tracepoint
	CVE-2021-38203: 789b24d9950d3e67b227f81b3fab912a8fb257af btrfs: fix deadlock with concurrent chunk allocations involving system chunks
	CVE-2021-4154: a41573667b39152176f6b08d10b4deb171e541c4 cgroup: verify that source is a string

	CVEs fixed in 5.13.6:
	CVE-2021-3679: 917a5bdd114a27c159796928cb3c09723a51d1c7 tracing: Fix bug in rb_per_cpu_empty() that might cause deadloop.
	CVE-2021-37159: eeaa4b8d1e2e6f10362673d283a97dccc7275afa usb: hso: fix error handling code of hso_create_net_device
	CVE-2021-37576: 35e114e6f84ab559eb35a5ac73590d23a43f22ba KVM: PPC: Book3S: Fix H_RTAS rets buffer overflow
	CVE-2021-38204: d4179cdb769a651f2ae89c325612a69bf6fbdf70 usb: max-3421: Prevent corruption of freed memory
	CVE-2022-0286: 9863701fa0ecd2abfadb27b0e7a9b0fe1c9d02b6 bonding: fix null dereference in bond_ipsec_add_sa()

	CVEs fixed in 5.13.7:
	CVE-2021-0920: 72d0df0831ff5766dc102f38bb5e9d8d8add0014 af_unix: fix garbage collect vs MSG_PEEK

	CVEs fixed in 5.13.8:
	CVE-2021-34556: ddab060f996e17b38bb181c5fd11a83fd1bfa0df bpf: Introduce BPF nospec instruction for mitigating Spectre v4
	CVE-2021-35477: ddab060f996e17b38bb181c5fd11a83fd1bfa0df bpf: Introduce BPF nospec instruction for mitigating Spectre v4

	CVEs fixed in 5.13.11:
	CVE-2021-3732: 41812f4b84484530057513478c6770590347dc30 ovl: prevent private clone if bind mount is not allowed

	CVEs fixed in 5.13.12:
	CVE-2021-3653: a0949ee63cf95408870a564ccad163018b1a9e6b KVM: nSVM: avoid picking up unsupported bits from L2 in int_ctl (CVE-2021-3653)
	CVE-2021-3656: 639a033fd765ed473dfee27028df5ccbe1038a2e KVM: nSVM: always intercept VMLOAD/VMSAVE when nested (CVE-2021-3656)
	CVE-2021-38166: ada7135e6d998030de0d166aa6a2438031f70fe3 bpf: Fix integer overflow involving bucket_size

	CVEs fixed in 5.13.13:
	CVE-2021-42008: 010d7ad77e2d87686eb64688fdf40532cb55c429 net: 6pack: fix slab-out-of-bounds in decode_data
	CVE-2022-1043: a57b2a703e4440b9490cc8888618af9b05f2b457 io_uring: fix xa_alloc_cycle() error return value check

	CVEs fixed in 5.13.14:
	CVE-2021-34866: a31b3b8d3cbfb37f528d77eee94bb8a6afc48999 bpf: Fix ringbuf helper function compatibility
	CVE-2021-3739: 301aabe0239f227818622096be7e180fcdbedf80 btrfs: fix NULL pointer dereference when deleting device by invalid id
	CVE-2021-3753: a5dfcf3d8ecc549f8dc324ab6caf9dd14de87986 vt_kdsetmode: extend console locking
	CVE-2021-39633: 01951aeafc407b6e1c5d4e865286dae0ff92b1cb ip_gre: add validation for csum_start

	CVEs fixed in 5.13.15:
	CVE-2021-40490: c764e8fa4491da66780fcb30a0d43bfd3fccd12c ext4: fix race writing to an inline_data file while its xattrs are changing

	CVEs fixed in 5.13.17:
	CVE-2021-20322: 8fda1d970f9e2bf3ba7d8c3662099f46765781bd ipv6: make exception cache less predictible

	CVEs fixed in 5.13.19:
	CVE-2021-42252: 306b5b24496def5a2a9e18e9d945755052fb0fd4 soc: aspeed: lpc-ctrl: Fix boundary check for mmap

	Outstanding CVEs:
	CVE-2005-3660: (unk)
	CVE-2007-3719: (unk)
	CVE-2008-2544: (unk)
	CVE-2008-4609: (unk)
	CVE-2010-4563: (unk)
	CVE-2010-5321: (unk)
	CVE-2011-4917: (unk)
	CVE-2012-4542: (unk)
	CVE-2013-7445: (unk)
	CVE-2015-2877: (unk)
	CVE-2016-8660: (unk)
	CVE-2017-13693: (unk)
	CVE-2017-13694: (unk)
	CVE-2018-1121: (unk)
	CVE-2018-12928: (unk)
	CVE-2018-12929: (unk)
	CVE-2018-12930: (unk)
	CVE-2018-12931: (unk)
	CVE-2018-17977: (unk)
	CVE-2019-0146: (unk)
	CVE-2019-12456: (unk)
	CVE-2019-15239: (unk) unknown
	CVE-2019-15290: (unk)
	CVE-2019-15902: (unk) unknown
	CVE-2019-16089: (unk)
	CVE-2019-19378: (unk)
	CVE-2019-19814: (unk)
	CVE-2019-20794: (unk)
	CVE-2020-0347: (unk)
	CVE-2020-10708: (unk)
	CVE-2020-11725: (unk)
	CVE-2020-14304: (unk)
	CVE-2020-15802: (unk)
	CVE-2020-16119: (unk) dccp: don't duplicate ccid when cloning dccp sock
	CVE-2020-24502: (unk)
	CVE-2020-24503: (unk)
	CVE-2020-25220: (unk)
	CVE-2020-26140: (unk)
	CVE-2020-26142: (unk)
	CVE-2020-26143: (unk)
	CVE-2020-26555: (unk)
	CVE-2020-26556: (unk)
	CVE-2020-26557: (unk)
	CVE-2020-26559: (unk)
	CVE-2020-26560: (unk)
	CVE-2020-27820: (unk) drm/nouveau: use drm_dev_unplug() during device removal
	CVE-2020-35501: (unk)
	CVE-2020-36516: (unk)
	CVE-2021-0399: (unk)
	CVE-2021-0695: (unk)
	CVE-2021-20320: (unk) s390/bpf: Fix optimizing out zero-extensions
	CVE-2021-20321: (unk) ovl: fix missing negative dentry check in ovl_rename()
	CVE-2021-22600: (unk) net/packet: rx_owner_map depends on pg_vec
	CVE-2021-26401: (unk) x86/speculation: Use generic retpoline by default on AMD
	CVE-2021-26934: (unk)
	CVE-2021-28711: (unk) xen/blkfront: harden blkfront against event channel storms
	CVE-2021-28712: (unk) xen/netfront: harden netfront against event channel storms
	CVE-2021-28713: (unk) xen/console: harden hvc_xen against event channel storms
	CVE-2021-28714: (unk) xen/netback: fix rx queue stall detection
	CVE-2021-28715: (unk) xen/netback: don't queue unlimited number of packages
	CVE-2021-33061: (unk) ixgbe: add improvement for MDD response functionality
	CVE-2021-33135: (unk)
	CVE-2021-3542: (unk)
	CVE-2021-3640: (unk) Bluetooth: sco: Fix lock_sock() blockage by memcpy_from_msg()
	CVE-2021-3669: (unk) ipc: replace costly bailout check in sysvipc_find_ipc()
	CVE-2021-3714: (unk)
	CVE-2021-3744: (unk) crypto: ccp - fix resource leaks in ccp_run_aes_gcm_cmd()
	CVE-2021-3752: (unk) Bluetooth: fix use-after-free error in lock_sock_nested()
	CVE-2021-3759: (unk) memcg: enable accounting of ipc resources
	CVE-2021-3760: (unk) nfc: nci: fix the UAF of rf_conn_info object
	CVE-2021-3764: (unk) crypto: ccp - fix resource leaks in ccp_run_aes_gcm_cmd()
	CVE-2021-3772: (unk) sctp: use init_tag from inithdr for ABORT chunk
	CVE-2021-38300: (unk) bpf, mips: Validate conditional branch offsets
	CVE-2021-3847: (unk)
	CVE-2021-3864: (unk)
	CVE-2021-3892: (unk)
	CVE-2021-3894: (unk) sctp: account stream padding length for reconf chunk
	CVE-2021-3896: (unk) isdn: cpai: check ctr->cnr to avoid array index out of bound
	CVE-2021-39685: (unk) USB: gadget: detect too-big endpoint 0 requests
	CVE-2021-39686: (unk) binder: use euid from cred instead of using task
	CVE-2021-39698: (unk) wait: add wake_up_pollfree()
	CVE-2021-39800: (unk)
	CVE-2021-39801: (unk)
	CVE-2021-39802: (unk)
	CVE-2021-4001: (unk) bpf: Fix toctou on read-only map's constant scalar tracking
	CVE-2021-4002: (unk) hugetlbfs: flush TLBs correctly after huge_pmd_unshare
	CVE-2021-4023: (unk) io-wq: fix cancellation on create-worker failure
	CVE-2021-4028: (unk) RDMA/cma: Do not change route.addr.src_addr.ss_family
	CVE-2021-4083: (unk) fget: check that the fd still exists after getting a ref to it
	CVE-2021-4090: (unk) NFSD: Fix exposure in nfsd4_decode_bitmap()
	CVE-2021-4093: (unk) KVM: SEV-ES: go over the sev_pio_data buffer in multiple passes if needed
	CVE-2021-4095: (unk) KVM: x86: Fix wall clock writes in Xen shared_info not to mark page dirty
	CVE-2021-41073: (unk) io_uring: ensure symmetry in handling iter types in loop_rw_iter()
	CVE-2021-4135: (unk) netdevsim: Zero-initialize memory for new map's value in function nsim_bpf_map_alloc
	CVE-2021-4148: (unk) mm: khugepaged: skip huge page collapse for special files
	CVE-2021-4149: (unk) btrfs: unlock newly allocated extent buffer after error
	CVE-2021-4150: (unk) block: fix incorrect references to disk objects
	CVE-2021-4155: (unk) xfs: map unwritten blocks in XFS_IOC_{ALLOC,FREE}SP just like fallocate
	CVE-2021-41864: (unk) bpf: Fix integer overflow in prealloc_elems_and_freelist()
	CVE-2021-4197: (unk) cgroup: Use open-time credentials for process migraton perm checks
	CVE-2021-4202: (unk) NFC: reorganize the functions in nci_request
	CVE-2021-4203: (unk) af_unix: fix races in sk_peer_pid and sk_peer_cred accesses
	CVE-2021-4204: (unk) bpf: Generalize check_ctx_reg for reuse with other types
	CVE-2021-42327: (unk) drm/amdgpu: fix out of bounds write
	CVE-2021-42739: (unk) media: firewire: firedtv-avc: fix a buffer overflow in avc_ca_pmt()
	CVE-2021-43056: (unk) KVM: PPC: Book3S HV: Make idle_kvm_start_guest() return 0 if it went to guest
	CVE-2021-43057: (unk) selinux,smack: fix subjective/objective credential use mixups
	CVE-2021-43267: (unk) tipc: fix size validations for the MSG_CRYPTO type
	CVE-2021-43389: (unk) isdn: cpai: check ctr->cnr to avoid array index out of bound
	CVE-2021-43975: (unk) atlantic: Fix OOB read and write in hw_atl_utils_fw_rpc_wait
	CVE-2021-43976: (unk) mwifiex: Fix skb_over_panic in mwifiex_usb_recv()
	CVE-2021-44733: (unk) tee: handle lookup of shm with reference count 0
	CVE-2021-44879: (unk) f2fs: fix to do sanity check on inode type during garbage collection
	CVE-2021-45095: (unk) phonet: refcount leak in pep_sock_accep
	CVE-2021-45402: (unk) bpf: Fix signed bounds propagation after mov32
	CVE-2021-45469: (unk) f2fs: fix to do sanity check on last xattr entry in __f2fs_setxattr()
	CVE-2021-45480: (unk) rds: memory leak in __rds_conn_create()
	CVE-2021-45868: (unk) quota: check block number when reading the block in quota file
	CVE-2022-0001: (unk) x86/speculation: Rename RETPOLINE_AMD to RETPOLINE_LFENCE
	CVE-2022-0002: (unk) x86/speculation: Rename RETPOLINE_AMD to RETPOLINE_LFENCE
	CVE-2022-0168: (unk) cifs: fix NULL ptr dereference in smb2_ioctl_query_info()
	CVE-2022-0171: (unk)
	CVE-2022-0185: (unk) vfs: fs_context: fix up param length parsing in legacy_parse_param
	CVE-2022-0264: (unk) bpf: Fix kernel address leakage in atomic fetch
	CVE-2022-0322: (unk) sctp: account stream padding length for reconf chunk
	CVE-2022-0330: (unk) drm/i915: Flush TLBs before releasing backing store
	CVE-2022-0382: (unk) net ticp:fix a kernel-infoleak in __tipc_sendmsg()
	CVE-2022-0400: (unk)
	CVE-2022-0435: (unk) tipc: improve size validations for received domain records
	CVE-2022-0480: (unk) memcg: enable accounting for file lock caches
	CVE-2022-0487: (unk) moxart: fix potential use-after-free on remove path
	CVE-2022-0492: (unk) cgroup-v1: Require capabilities to set release_agent
	CVE-2022-0494: (unk) block-map: add __GFP_ZERO flag for alloc_page in function bio_copy_kern
	CVE-2022-0500: (unk) bpf: Introduce MEM_RDONLY flag
	CVE-2022-0516: (unk) KVM: s390: Return error on SIDA memop on normal guest
	CVE-2022-0617: (unk) udf: Fix NULL ptr deref when converting from inline format
	CVE-2022-0644: (unk) vfs: check fd has read access in kernel_read_file_from_fd()
	CVE-2022-0742: (unk) ipv6: fix skb drops in igmp6_event_query() and igmp6_event_report()
	CVE-2022-0847: (unk) lib/iov_iter: initialize "flags" in new pipe_buffer
	CVE-2022-0854: (unk) swiotlb: rework "fix info leak with DMA_FROM_DEVICE"
	CVE-2022-0995: (unk) watch_queue: Fix filter limit check
	CVE-2022-0998: (unk) vdpa: clean up get_config_size ret value handling
	CVE-2022-1011: (unk) fuse: fix pipe buffer lifetime for direct_io
	CVE-2022-1012: (unk) secure_seq: use the 64 bits of the siphash for port offset calculation
	CVE-2022-1015: (unk) netfilter: nf_tables: validate registers coming from userspace.
	CVE-2022-1016: (unk) netfilter: nf_tables: initialize registers in nft_do_chain()
	CVE-2022-1048: (unk) ALSA: pcm: Fix races among concurrent hw_params and hw_free calls
	CVE-2022-1055: (unk) net: sched: fix use-after-free in tc_new_tfilter()
	CVE-2022-1116: (unk)
	CVE-2022-1158: (unk) KVM: x86/mmu: do compare-and-exchange of gPTE via the user address
	CVE-2022-1184: (unk)
	CVE-2022-1195: (unk) hamradio: improve the incomplete fix to avoid NPD
	CVE-2022-1198: (unk) drivers: hamradio: 6pack: fix UAF bug caused by mod_timer()
	CVE-2022-1199: (unk) ax25: Fix NULL pointer dereference in ax25_kill_by_device
	CVE-2022-1204: (unk) ax25: Fix refcount leaks caused by ax25_cb_del()
	CVE-2022-1205: (unk) ax25: Fix NULL pointer dereferences in ax25 timers
	CVE-2022-1247: (unk)
	CVE-2022-1263: (unk) KVM: avoid NULL pointer dereference in kvm_dirty_ring_push
	CVE-2022-1280: (unk) drm: avoid circular locks in drm_mode_getconnector
	CVE-2022-1353: (unk) af_key: add __GFP_ZERO flag for compose_sadb_supported in function pfkey_register
	CVE-2022-1462: (unk)
	CVE-2022-1508: (unk) io_uring: reexpand under-reexpanded iters
	CVE-2022-1516: (unk) net/x25: Fix null-ptr-deref caused by x25_disconnect
	CVE-2022-1651: (unk) virt: acrn: fix a memory leak in acrn_dev_ioctl()
	CVE-2022-1652: (unk)
	CVE-2022-1671: (unk) rxrpc: fix some null-ptr-deref bugs in server_key.c
	CVE-2022-1679: (unk)
	CVE-2022-1729: (unk) perf: Fix sys_perf_event_open() race against self
	CVE-2022-1734: (unk) nfc: nfcmrvl: main: reorder destructive operations in nfcmrvl_nci_unregister_dev to avoid bugs
	CVE-2022-1789: (unk) KVM: x86/mmu: fix NULL pointer dereference on guest INVPCID
	CVE-2022-1836: (unk) floppy: disable FDRAWCMD by default
	CVE-2022-1882: (unk)
	CVE-2022-20008: (unk) mmc: block: fix read single on recovery logic
	CVE-2022-22942: (unk) drm/vmwgfx: Fix stale file descriptors on failed usercopy
	CVE-2022-23036: (unk) xen/grant-table: add gnttab_try_end_foreign_access()
	CVE-2022-23037: (unk) xen/netfront: don't use gnttab_query_foreign_access() for mapped status
	CVE-2022-23038: (unk) xen/grant-table: add gnttab_try_end_foreign_access()
	CVE-2022-23039: (unk) xen/gntalloc: don't use gnttab_query_foreign_access()
	CVE-2022-23040: (unk) xen/xenbus: don't let xenbus_grant_ring() remove grants in error case
	CVE-2022-23041: (unk) xen/9p: use alloc/free_pages_exact()
	CVE-2022-23042: (unk) xen/netfront: react properly to failing gnttab_end_foreign_access_ref()
	CVE-2022-23222: (unk) bpf: Replace PTR_TO_XXX_OR_NULL with PTR_TO_XXX \| PTR_MAYBE_NULL
	CVE-2022-23960: (unk) ARM: report Spectre v2 status through sysfs
	CVE-2022-24448: (unk) NFSv4: Handle case where the lookup of a directory fails
	CVE-2022-24958: (unk) usb: gadget: don't release an existing dev->buf
	CVE-2022-24959: (unk) yam: fix a memory leak in yam_siocdevprivate()
	CVE-2022-25258: (unk) USB: gadget: validate interface OS descriptor requests
	CVE-2022-25265: (unk)
	CVE-2022-25375: (unk) usb: gadget: rndis: check size of RNDIS_MSG_SET command
	CVE-2022-25636: (unk) netfilter: nf_tables_offload: incorrect flow offload action array size
	CVE-2022-26490: (unk) nfc: st21nfca: Fix potential buffer overflows in EVT_TRANSACTION
	CVE-2022-26878: (unk)
	CVE-2022-26966: (unk) sr9700: sanity check for packet length
	CVE-2022-27223: (unk) USB: gadget: validate endpoint index for xilinx udc
	CVE-2022-27666: (unk) esp: Fix possible buffer overflow in ESP transformation
	CVE-2022-27950: (unk) HID: elo: fix memory leak in elo_probe
	CVE-2022-28356: (unk) llc: fix netdevice reference leaks in llc_ui_bind()
	CVE-2022-28388: (unk) can: usb_8dev: usb_8dev_start_xmit(): fix double dev_kfree_skb() in error path
	CVE-2022-28389: (unk) can: mcba_usb: mcba_usb_start_xmit(): fix double dev_kfree_skb in error path
	CVE-2022-28390: (unk) can: ems_usb: ems_usb_start_xmit(): fix double dev_kfree_skb() in error path
	CVE-2022-28796: (unk) jbd2: fix use-after-free of transaction_t race
	CVE-2022-28893: (unk) SUNRPC: Ensure we flush any closed sockets before xs_xprt_free()
	CVE-2022-29156: (unk) RDMA/rtrs-clt: Fix possible double free in error case
	CVE-2022-29581: (unk) net/sched: cls_u32: fix netns refcount changes in u32_change()
	CVE-2022-29582: (unk) io_uring: fix race between timeout flush and removal
	CVE-2022-29968: (unk) io_uring: fix uninitialized field in rw io_kiocb
	CVE-2022-30594: (unk) ptrace: Check PTRACE_O_SUSPEND_SECCOMP permission on PTRACE_SEIZE