| |
| CVEs fixed in 5.11: |
| CVE-2021-3600: e88b2c6e5a4d9ce30d75391e4d950da74bb2bd90 bpf: Fix 32 bit src register truncation on div/mod |
| |
| CVEs fixed in 5.11.1: |
| CVE-2021-26930: 1ef2744ab96362188ec61b5f9243161bab462126 xen-blkback: fix error handling in xen_blkbk_map() |
| CVE-2021-26931: ea26c8d0f31a7fd14c3e150474b5befb9757555e xen-blkback: don't "handle" error by BUG() |
| CVE-2021-26932: 76b0be126b8a7448892d851a3c0a304d91c9ee58 Xen/x86: don't bail early from clear_foreign_p2m_mapping() |
| |
| CVEs fixed in 5.11.2: |
| CVE-2021-0512: 018cbb2b4472f741eef20b790b13900146ccf224 HID: make arrays usage and value to be the same |
| CVE-2021-3444: 55c262ea5d0f754648cd25aa73de081adaab07d9 bpf: Fix truncation handling for mod32 dst reg wrt zero |
| |
| CVEs fixed in 5.11.3: |
| CVE-2020-25639: 22be6292f9334b2b6d8e39942c4d65e02859156c drm/nouveau: bail out of nouveau_channel_new if channel init fails |
| CVE-2021-30002: f2523d1008b1f5ab5aed3cf1f0c435a1cb719150 media: v4l: ioctl: Fix memory leak in video_usercopy |
| CVE-2021-3612: c026ddcfd67948c7184a7effdfd62344f0d26644 Input: joydev - prevent potential read overflow in ioctl |
| |
| CVEs fixed in 5.11.4: |
| CVE-2021-27363: 3ada197fece73a5cab673427b960546b09bbef31 scsi: iscsi: Restrict sessions and handles to admin capabilities |
| CVE-2021-27364: 3ada197fece73a5cab673427b960546b09bbef31 scsi: iscsi: Restrict sessions and handles to admin capabilities |
| CVE-2021-27365: 99cfc479b678d3e8e86013d17a082308a215fa0e scsi: iscsi: Ensure sysfs attributes are limited to PAGE_SIZE |
| CVE-2021-28038: 267c4911c9114e6e30be52546bf62a624a814da4 Xen/gnttab: handle p2m update errors on a per-slot basis |
| CVE-2021-28039: 1b357dd6f062ed343f0300c04a0531f35f338ab2 xen: fix p2m size in dom0 for disabled memory hotplug case |
| |
| CVEs fixed in 5.11.6: |
| CVE-2023-1295: 21eba814af427b0901811acdfce415c4b8b7c844 io_uring: get rid of intermediate IORING_OP_CLOSE stage |
| |
| CVEs fixed in 5.11.7: |
| CVE-2021-28375: 2754ab0efc08a9ab6f50d4ad592967db37dd38cc misc: fastrpc: restrict user apps from sending kernel RPC messages |
| CVE-2021-28660: 1cdd069f7080acf6370250853c1211890f4ff38f staging: rtl8188eu: prevent ->ssid overflow in rtw_wx_set_scan() |
| CVE-2021-29265: f11d195b505d47d0442c59981efa41c47d0a8c9c usbip: fix stub_dev usbip_sockfd_store() races leading to gpf |
| CVE-2021-33033: 00d566df2cceb8591913b3ea3b43d2918915f7e3 cipso,calipso: resolve a number of problems with the DOI refcounts |
| CVE-2021-39656: 92204ad2df5460d8b43fb15b0c3111079e938455 configfs: fix a use-after-free in __configfs_open_file |
| |
| CVEs fixed in 5.11.8: |
| CVE-2020-27170: 6bf7609666f6b2a9169c39c79a47ef8d6082afae bpf: Prohibit alu ops for pointer types not defining ptr_limit |
| CVE-2020-27171: c4f3aa4343deccf5b8e1bfcc7c36224aaf3a8b26 bpf: Fix off-by-one for area size in creating mask to left |
| CVE-2021-28950: 5676df54d7d44f497b8dbf7bff04f2f1b165da93 fuse: fix live lock in fuse_iget() |
| |
| CVEs fixed in 5.11.9: |
| CVE-2021-28951: 5db13876d06d7bd23ed59ff81f41259fa6ed58ae io_uring: ensure that SQPOLL thread is started for exit |
| CVE-2021-28952: bfbae16b23dfbc74fd25c11e7364b8a8137e5b15 ASoC: qcom: sdm845: Fix array out of bounds access |
| CVE-2021-28964: f8505933e76d021eab704c434cfd9cdd337b66c6 btrfs: fix race when cloning extent buffer during rewind of an old root |
| CVE-2021-28971: 948aa695eaf6524d4890319c1bfe84a42b7edb95 perf/x86/intel: Fix a crash caused by zero PEBS status |
| CVE-2021-28972: a2afad32503aac2ef64a26bcc6de394efda3122e PCI: rpadlpar: Fix potential drc_name corruption in store functions |
| CVE-2021-29266: 873c8f1654f5da2c70f8616850e019c30f471ff7 vhost-vdpa: fix use-after-free of v->config_ctx |
| |
| CVEs fixed in 5.11.11: |
| CVE-2021-28688: 632b046bb6120afe1df1bfa06943bee338dd97db xen-blkback: don't leak persistent grants from xen_blkbk_map() |
| CVE-2021-29264: 5b54b18449d8f7302bc2e16d52121f6f87a81c3c gianfar: fix jumbo packets+napi+rx overrun crash |
| CVE-2021-29646: ea9f7fa30ba71c2550bd556de30eabed6f1b0c6e tipc: better validate user input in tipc_nl_retrieve_key() |
| CVE-2021-29647: 59050436a732e9d8e95544962dfe346489004240 net: qrtr: fix a kernel-infoleak in qrtr_recvmsg() |
| CVE-2021-29648: a9b2ab5db842da37e0f8d830d2a57688d77e3556 bpf: Dont allow vmlinux BTF to be used in map_create and prog_load. |
| CVE-2021-29649: 5f8cad9fb1f36beacbdaaeb9f3d6e36d8e04100d bpf: Fix umd memory leak in copy_process() |
| CVE-2021-29650: 4c2d548cefe0d5defa2750f128712c00912a975a netfilter: x_tables: Use correct memory barriers. |
| CVE-2021-31916: 45dc10644f03455f472efc366df4024eb62d38df dm ioctl: fix out of bounds array access when no devices |
| |
| CVEs fixed in 5.11.12: |
| CVE-2021-0941: 70e923f30e0c07cf6335e0875dbcd1bd83d14fd7 bpf: Remove MTU check in __bpf_skb_max_len |
| CVE-2021-29657: c90804920978faba6b5fa91e82edc58e5ffd7d30 KVM: SVM: load control fields from VMCB12 before checking them |
| CVE-2021-3483: 8936e89ffea69bc1e3bc9f4837b793d3231313c0 firewire: nosy: Fix a use-after-free bug in nosy_ioctl() |
| |
| CVEs fixed in 5.11.13: |
| CVE-2021-29154: b85b10dc8af463b59a732f299ade2612a8b950c9 bpf, x86: Validate computation of branch displacements for x86-64 |
| |
| CVEs fixed in 5.11.14: |
| CVE-2020-25670: 8c9e4971e142e2899606a2490b77a1208c1f4638 nfc: fix refcount leak in llcp_sock_bind() |
| CVE-2020-25671: b42800750b07893f2993214c3f777892eb06ad16 nfc: fix refcount leak in llcp_sock_connect() |
| CVE-2020-25672: 596ad6296f07c63bed3cbd573de42f99b7984599 nfc: fix memory leak in llcp_sock_connect() |
| CVE-2020-25673: 820d46654348863bf6b359ab1cc978eb1126bcac nfc: Avoid endless loops caused by repeated llcp_sock_connect() |
| CVE-2021-3659: 743c9072afafd1919b41ae319044513ed014a58f net: mac802154: Fix general protection fault |
| |
| CVEs fixed in 5.11.15: |
| CVE-2021-0937: b4c4e4660b37a57011677809205a3f36725b70ae netfilter: x_tables: fix compat match/target pad out-of-bound write |
| CVE-2021-22555: b4c4e4660b37a57011677809205a3f36725b70ae netfilter: x_tables: fix compat match/target pad out-of-bound write |
| |
| CVEs fixed in 5.11.16: |
| CVE-2021-23133: 59b5f3e478dbcb4c384cf0888d6cc9f5cad79f2f net/sctp: fix race condition in sctp_destroy_sock |
| CVE-2021-29155: 4ccdc6c6cae38b91c871293fb0ed8c6845a61b51 bpf: Use correct permission flag for mixed signed bounds arithmetic |
| CVE-2021-3501: ce541d7b59566a0d94c7c99bfb5d34b050e6af70 KVM: VMX: Don't use vcpu->run->internal.ndata as an array index |
| |
| CVEs fixed in 5.11.17: |
| CVE-2019-15794: f65c0fdb7db2750677bf2cb53e62d7d205c20ab5 ovl: fix reference counting in ovl_mmap error path |
| |
| CVEs fixed in 5.11.19: |
| CVE-2021-31829: 6eba92a4d4be8feb4dc33976abac544fa99d6ecc bpf: Fix masking negation logic upon negative dst register |
| CVE-2021-38209: fbf85a34ce17c4cf0a37ee253f4c582bbfb8231b netfilter: conntrack: Make global sysctls readonly in non-init netns |
| |
| CVEs fixed in 5.11.20: |
| CVE-2021-3506: 7fe4c47161c21f3b1c3581c2653147281ca0e4fa f2fs: fix to avoid out-of-bounds memory access |
| CVE-2021-3543: 5f4a8ccfc15c1498d897139e5dbff82a35005144 nitro_enclaves: Fix stale file descriptors on failed usercopy |
| |
| CVEs fixed in 5.11.21: |
| CVE-2021-31440: d11e645725e9850109a40031997fc05b7dda34c7 bpf: Fix propagation of 32 bit unsigned bounds from 64 bit bounds |
| CVE-2021-32399: c20a95f000bc369176d1698fce2515656b5db924 bluetooth: eliminate the potential race condition when removing the HCI controller |
| CVE-2021-33034: 7064d5651ba08adbcd3d8a2fc78f8a117a768935 Bluetooth: verify AMP hci_chan before amp_destroy |
| CVE-2021-3489: 646f2a9b0ecc57817352830d4efa409d89542e1d bpf, ringbuf: Deny reserve of buffers larger than ringbuf |
| CVE-2021-3490: 3a0066086a338f99205b1c38c9fbefaeb5cd6d28 bpf: Fix alu32 const subreg bound tracking on bitwise operations |
| CVE-2021-3491: 7a8411015f744e68013d77432d869be5ad34208f io_uring: truncate lengths larger than MAX_RW_COUNT on provide buffers |
| CVE-2021-45486: 4bfdd8b53f7440ac0f6290720c6e1ad5952377ec inet: use bigger hash table for IP ID generation |
| |
| CVEs fixed in 5.11.22: |
| CVE-2021-4157: fd02a794aaeac693c7c092a4b482f87256d151fc pNFS/flexfiles: fix incorrect size check in decode_nfs_fh() |
| |
| Outstanding CVEs: |
| CVE-2005-3660: (unk) |
| CVE-2007-3719: (unk) |
| CVE-2008-2544: (unk) |
| CVE-2008-4609: (unk) |
| CVE-2010-4563: (unk) |
| CVE-2010-5321: (unk) |
| CVE-2011-4916: (unk) |
| CVE-2011-4917: (unk) |
| CVE-2012-4542: (unk) |
| CVE-2013-7445: (unk) |
| CVE-2015-2877: (unk) |
| CVE-2016-8660: (unk) |
| CVE-2017-13693: (unk) |
| CVE-2017-13694: (unk) |
| CVE-2018-1121: (unk) |
| CVE-2018-12928: (unk) |
| CVE-2018-12929: (unk) |
| CVE-2018-12930: (unk) |
| CVE-2018-12931: (unk) |
| CVE-2018-17977: (unk) |
| CVE-2019-12456: (unk) |
| CVE-2019-15239: (unk) unknown |
| CVE-2019-15290: (unk) |
| CVE-2019-15902: (unk) unknown |
| CVE-2019-16089: (unk) |
| CVE-2019-19378: (unk) |
| CVE-2019-19814: (unk) |
| CVE-2019-20794: (unk) |
| CVE-2020-0347: (unk) |
| CVE-2020-10708: (unk) |
| CVE-2020-11725: (unk) |
| CVE-2020-14304: (unk) |
| CVE-2020-15802: (unk) |
| CVE-2020-16119: (unk) dccp: don't duplicate ccid when cloning dccp sock |
| CVE-2020-24502: (unk) |
| CVE-2020-24503: (unk) |
| CVE-2020-24504: (unk) ice: create scheduler aggregator node config and move VSIs |
| CVE-2020-24586: (unk) mac80211: prevent mixed key and fragment cache attacks |
| CVE-2020-24587: (unk) mac80211: prevent mixed key and fragment cache attacks |
| CVE-2020-24588: (unk) cfg80211: mitigate A-MSDU aggregation attacks |
| CVE-2020-25220: (unk) |
| CVE-2020-26139: (unk) mac80211: do not accept/forward invalid EAPOL frames |
| CVE-2020-26140: (unk) |
| CVE-2020-26141: (unk) ath10k: Fix TKIP Michael MIC verification for PCIe |
| CVE-2020-26142: (unk) |
| CVE-2020-26143: (unk) |
| CVE-2020-26145: (unk) ath10k: drop fragments with multicast DA for PCIe |
| CVE-2020-26147: (unk) mac80211: assure all fragments are encrypted |
| CVE-2020-26541: (unk) certs: Add EFI_CERT_X509_GUID support for dbx entries |
| CVE-2020-26555: (unk) Bluetooth: SMP: Fail if remote and local public keys are identical |
| CVE-2020-26556: (unk) |
| CVE-2020-26557: (unk) |
| CVE-2020-26558: (unk) Bluetooth: SMP: Fail if remote and local public keys are identical |
| CVE-2020-26559: (unk) |
| CVE-2020-26560: (unk) |
| CVE-2020-27820: (unk) drm/nouveau: use drm_dev_unplug() during device removal |
| CVE-2020-35501: (unk) |
| CVE-2020-36516: (unk) ipv4: avoid using shared IP generator for connected sockets |
| CVE-2020-3702: (unk) ath: Use safer key clearing with key cache entries |
| CVE-2021-0129: (unk) Bluetooth: SMP: Fail if remote and local public keys are identical |
| CVE-2021-0399: (unk) |
| CVE-2021-0920: (unk) af_unix: fix garbage collect vs MSG_PEEK |
| CVE-2021-20320: (unk) s390/bpf: Fix optimizing out zero-extensions |
| CVE-2021-20321: (unk) ovl: fix missing negative dentry check in ovl_rename() |
| CVE-2021-20322: (unk) ipv6: make exception cache less predictible |
| CVE-2021-22543: (unk) KVM: do not allow mapping valid but non-reference-counted pages |
| CVE-2021-22600: (unk) net/packet: rx_owner_map depends on pg_vec |
| CVE-2021-26401: (unk) x86/speculation: Use generic retpoline by default on AMD |
| CVE-2021-26934: (unk) |
| CVE-2021-28691: (unk) xen-netback: take a reference to the RX task thread |
| CVE-2021-28711: (unk) xen/blkfront: harden blkfront against event channel storms |
| CVE-2021-28712: (unk) xen/netfront: harden netfront against event channel storms |
| CVE-2021-28713: (unk) xen/console: harden hvc_xen against event channel storms |
| CVE-2021-28714: (unk) xen/netback: fix rx queue stall detection |
| CVE-2021-28715: (unk) xen/netback: don't queue unlimited number of packages |
| CVE-2021-32078: (unk) ARM: footbridge: remove personal server platform |
| CVE-2021-32606: (unk) can: isotp: prevent race between isotp_bind() and isotp_setsockopt() |
| CVE-2021-33061: (unk) ixgbe: add improvement for MDD response functionality |
| CVE-2021-33098: (unk) ixgbe: fix large MTU request from VF |
| CVE-2021-33135: (unk) x86/sgx: Free backing memory after faulting the enclave page |
| CVE-2021-33624: (unk) bpf: Inherit expanded/patched seen count from old aux data |
| CVE-2021-33655: (unk) fbcon: Disallow setting font bigger than screen size |
| CVE-2021-33656: (unk) vt: drop old FONT ioctls |
| CVE-2021-33909: (unk) seq_file: disallow extremely large seq buffer allocations |
| CVE-2021-34556: (unk) bpf: Introduce BPF nospec instruction for mitigating Spectre v4 |
| CVE-2021-34693: (unk) can: bcm: fix infoleak in struct bcm_msg_head |
| CVE-2021-34866: (unk) bpf: Fix ringbuf helper function compatibility |
| CVE-2021-34981: (unk) Bluetooth: cmtp: fix file refcount when cmtp_attach_device fails |
| CVE-2021-35039: (unk) module: limit enabling module.sig_enforce |
| CVE-2021-3542: (unk) |
| CVE-2021-35477: (unk) bpf: Introduce BPF nospec instruction for mitigating Spectre v4 |
| CVE-2021-3564: (unk) Bluetooth: fix the erroneous flush_work() order |
| CVE-2021-3573: (unk) Bluetooth: use correct lock to prevent UAF of hdev object |
| CVE-2021-3587: (unk) nfc: fix NULL ptr dereference in llcp_sock_getname() after failed connect |
| CVE-2021-3609: (unk) can: bcm: delay release of struct bcm_op after synchronize_rcu() |
| CVE-2021-3640: (unk) Bluetooth: sco: Fix lock_sock() blockage by memcpy_from_msg() |
| CVE-2021-3653: (unk) KVM: nSVM: avoid picking up unsupported bits from L2 in int_ctl (CVE-2021-3653) |
| CVE-2021-3655: (unk) sctp: validate from_addr_param return |
| CVE-2021-3656: (unk) KVM: nSVM: always intercept VMLOAD/VMSAVE when nested (CVE-2021-3656) |
| CVE-2021-3669: (unk) ipc: replace costly bailout check in sysvipc_find_ipc() |
| CVE-2021-3679: (unk) tracing: Fix bug in rb_per_cpu_empty() that might cause deadloop. |
| CVE-2021-3714: (unk) |
| CVE-2021-37159: (unk) usb: hso: fix error handling code of hso_create_net_device |
| CVE-2021-3732: (unk) ovl: prevent private clone if bind mount is not allowed |
| CVE-2021-3739: (unk) btrfs: fix NULL pointer dereference when deleting device by invalid id |
| CVE-2021-3743: (unk) net: qrtr: fix OOB Read in qrtr_endpoint_post |
| CVE-2021-3744: (unk) crypto: ccp - fix resource leaks in ccp_run_aes_gcm_cmd() |
| CVE-2021-3752: (unk) Bluetooth: fix use-after-free error in lock_sock_nested() |
| CVE-2021-3753: (unk) vt_kdsetmode: extend console locking |
| CVE-2021-37576: (unk) KVM: PPC: Book3S: Fix H_RTAS rets buffer overflow |
| CVE-2021-3759: (unk) memcg: enable accounting of ipc resources |
| CVE-2021-3760: (unk) nfc: nci: fix the UAF of rf_conn_info object |
| CVE-2021-3764: (unk) crypto: ccp - fix resource leaks in ccp_run_aes_gcm_cmd() |
| CVE-2021-3772: (unk) sctp: use init_tag from inithdr for ABORT chunk |
| CVE-2021-38160: (unk) virtio_console: Assure used length from device is limited |
| CVE-2021-38166: (unk) bpf: Fix integer overflow involving bucket_size |
| CVE-2021-38198: (unk) KVM: X86: MMU: Use the correct inherited permissions to get shadow page |
| CVE-2021-38199: (unk) NFSv4: Initialise connection to the server in nfs4_alloc_client() |
| CVE-2021-38200: (unk) powerpc/perf: Fix crash in perf_instruction_pointer() when ppmu is not set |
| CVE-2021-38201: (unk) sunrpc: Avoid a KASAN slab-out-of-bounds bug in xdr_set_page_base() |
| CVE-2021-38204: (unk) usb: max-3421: Prevent corruption of freed memory |
| CVE-2021-38205: (unk) net: xilinx_emaclite: Do not print real IOMEM pointer |
| CVE-2021-38206: (unk) mac80211: Fix NULL ptr deref for injected rate info |
| CVE-2021-38207: (unk) net: ll_temac: Fix TX BD buffer overwrite |
| CVE-2021-38208: (unk) nfc: fix NULL ptr dereference in llcp_sock_getname() after failed connect |
| CVE-2021-38300: (unk) bpf, mips: Validate conditional branch offsets |
| CVE-2021-3847: (unk) |
| CVE-2021-3864: (unk) |
| CVE-2021-3892: (unk) |
| CVE-2021-3894: (unk) sctp: account stream padding length for reconf chunk |
| CVE-2021-3896: (unk) isdn: cpai: check ctr->cnr to avoid array index out of bound |
| CVE-2021-3923: (unk) RDMA/core: Don't infoleak GRH fields |
| CVE-2021-39633: (unk) ip_gre: add validation for csum_start |
| CVE-2021-39685: (unk) USB: gadget: detect too-big endpoint 0 requests |
| CVE-2021-39686: (unk) binder: use euid from cred instead of using task |
| CVE-2021-39698: (unk) wait: add wake_up_pollfree() |
| CVE-2021-39800: (unk) |
| CVE-2021-39801: (unk) |
| CVE-2021-4001: (unk) bpf: Fix toctou on read-only map's constant scalar tracking |
| CVE-2021-4002: (unk) hugetlbfs: flush TLBs correctly after huge_pmd_unshare |
| CVE-2021-4023: (unk) io-wq: fix cancellation on create-worker failure |
| CVE-2021-4028: (unk) RDMA/cma: Do not change route.addr.src_addr.ss_family |
| CVE-2021-4037: (unk) xfs: fix up non-directory creation in SGID directories |
| CVE-2021-40490: (unk) ext4: fix race writing to an inline_data file while its xattrs are changing |
| CVE-2021-4083: (unk) fget: check that the fd still exists after getting a ref to it |
| CVE-2021-4090: (unk) NFSD: Fix exposure in nfsd4_decode_bitmap() |
| CVE-2021-4093: (unk) KVM: SEV-ES: go over the sev_pio_data buffer in multiple passes if needed |
| CVE-2021-41073: (unk) io_uring: ensure symmetry in handling iter types in loop_rw_iter() |
| CVE-2021-4135: (unk) netdevsim: Zero-initialize memory for new map's value in function nsim_bpf_map_alloc |
| CVE-2021-4148: (unk) mm: khugepaged: skip huge page collapse for special files |
| CVE-2021-4149: (unk) btrfs: unlock newly allocated extent buffer after error |
| CVE-2021-4150: (unk) block: fix incorrect references to disk objects |
| CVE-2021-4154: (unk) cgroup: verify that source is a string |
| CVE-2021-4155: (unk) xfs: map unwritten blocks in XFS_IOC_{ALLOC,FREE}SP just like fallocate |
| CVE-2021-41864: (unk) bpf: Fix integer overflow in prealloc_elems_and_freelist() |
| CVE-2021-4197: (unk) cgroup: Use open-time credentials for process migraton perm checks |
| CVE-2021-42008: (unk) net: 6pack: fix slab-out-of-bounds in decode_data |
| CVE-2021-4202: (unk) NFC: reorganize the functions in nci_request |
| CVE-2021-4203: (unk) af_unix: fix races in sk_peer_pid and sk_peer_cred accesses |
| CVE-2021-4204: (unk) bpf: Generalize check_ctx_reg for reuse with other types |
| CVE-2021-42252: (unk) soc: aspeed: lpc-ctrl: Fix boundary check for mmap |
| CVE-2021-42327: (unk) drm/amdgpu: fix out of bounds write |
| CVE-2021-42739: (unk) media: firewire: firedtv-avc: fix a buffer overflow in avc_ca_pmt() |
| CVE-2021-43056: (unk) KVM: PPC: Book3S HV: Make idle_kvm_start_guest() return 0 if it went to guest |
| CVE-2021-43267: (unk) tipc: fix size validations for the MSG_CRYPTO type |
| CVE-2021-43389: (unk) isdn: cpai: check ctr->cnr to avoid array index out of bound |
| CVE-2021-43975: (unk) atlantic: Fix OOB read and write in hw_atl_utils_fw_rpc_wait |
| CVE-2021-43976: (unk) mwifiex: Fix skb_over_panic in mwifiex_usb_recv() |
| CVE-2021-44733: (unk) tee: handle lookup of shm with reference count 0 |
| CVE-2021-44879: (unk) f2fs: fix to do sanity check on inode type during garbage collection |
| CVE-2021-45095: (unk) phonet: refcount leak in pep_sock_accep |
| CVE-2021-45402: (unk) bpf: Fix signed bounds propagation after mov32 |
| CVE-2021-45469: (unk) f2fs: fix to do sanity check on last xattr entry in __f2fs_setxattr() |
| CVE-2021-45485: (unk) ipv6: use prandom_u32() for ID generation |
| CVE-2021-45868: (unk) quota: check block number when reading the block in quota file |
| CVE-2021-46283: (unk) netfilter: nf_tables: initialize set before expression setup |
| CVE-2022-0001: (unk) x86/speculation: Rename RETPOLINE_AMD to RETPOLINE_LFENCE |
| CVE-2022-0002: (unk) x86/speculation: Rename RETPOLINE_AMD to RETPOLINE_LFENCE |
| CVE-2022-0168: (unk) cifs: fix NULL ptr dereference in smb2_ioctl_query_info() |
| CVE-2022-0171: (unk) KVM: SEV: add cache flush to solve SEV cache incoherency issues |
| CVE-2022-0185: (unk) vfs: fs_context: fix up param length parsing in legacy_parse_param |
| CVE-2022-0286: (unk) bonding: fix null dereference in bond_ipsec_add_sa() |
| CVE-2022-0322: (unk) sctp: account stream padding length for reconf chunk |
| CVE-2022-0330: (unk) drm/i915: Flush TLBs before releasing backing store |
| CVE-2022-0382: (unk) net ticp:fix a kernel-infoleak in __tipc_sendmsg() |
| CVE-2022-0400: (unk) |
| CVE-2022-0435: (unk) tipc: improve size validations for received domain records |
| CVE-2022-0480: (unk) memcg: enable accounting for file lock caches |
| CVE-2022-0487: (unk) moxart: fix potential use-after-free on remove path |
| CVE-2022-0492: (unk) cgroup-v1: Require capabilities to set release_agent |
| CVE-2022-0494: (unk) block-map: add __GFP_ZERO flag for alloc_page in function bio_copy_kern |
| CVE-2022-0500: (unk) bpf: Introduce MEM_RDONLY flag |
| CVE-2022-0516: (unk) KVM: s390: Return error on SIDA memop on normal guest |
| CVE-2022-0617: (unk) udf: Fix NULL ptr deref when converting from inline format |
| CVE-2022-0644: (unk) vfs: check fd has read access in kernel_read_file_from_fd() |
| CVE-2022-0847: (unk) lib/iov_iter: initialize "flags" in new pipe_buffer |
| CVE-2022-0850: (unk) ext4: fix kernel infoleak via ext4_extent_header |
| CVE-2022-0995: (unk) watch_queue: Fix filter limit check |
| CVE-2022-0998: (unk) vdpa: clean up get_config_size ret value handling |
| CVE-2022-1011: (unk) fuse: fix pipe buffer lifetime for direct_io |
| CVE-2022-1012: (unk) secure_seq: use the 64 bits of the siphash for port offset calculation |
| CVE-2022-1016: (unk) netfilter: nf_tables: initialize registers in nft_do_chain() |
| CVE-2022-1048: (unk) ALSA: pcm: Fix races among concurrent hw_params and hw_free calls |
| CVE-2022-1055: (unk) net: sched: fix use-after-free in tc_new_tfilter() |
| CVE-2022-1116: (unk) |
| CVE-2022-1158: (unk) KVM: x86/mmu: do compare-and-exchange of gPTE via the user address |
| CVE-2022-1184: (unk) ext4: verify dir block before splitting it |
| CVE-2022-1195: (unk) hamradio: improve the incomplete fix to avoid NPD |
| CVE-2022-1198: (unk) drivers: hamradio: 6pack: fix UAF bug caused by mod_timer() |
| CVE-2022-1199: (unk) ax25: Fix NULL pointer dereference in ax25_kill_by_device |
| CVE-2022-1204: (unk) ax25: Fix refcount leaks caused by ax25_cb_del() |
| CVE-2022-1247: (unk) |
| CVE-2022-1263: (unk) KVM: avoid NULL pointer dereference in kvm_dirty_ring_push |
| CVE-2022-1280: (unk) drm: avoid circular locks in drm_mode_getconnector |
| CVE-2022-1353: (unk) af_key: add __GFP_ZERO flag for compose_sadb_supported in function pfkey_register |
| CVE-2022-1462: (unk) tty: use new tty_insert_flip_string_and_push_buffer() in pty_write() |
| CVE-2022-1508: (unk) io_uring: reexpand under-reexpanded iters |
| CVE-2022-1516: (unk) net/x25: Fix null-ptr-deref caused by x25_disconnect |
| CVE-2022-1652: (unk) floppy: use a statically allocated error counter |
| CVE-2022-1671: (unk) rxrpc: fix some null-ptr-deref bugs in server_key.c |
| CVE-2022-1679: (unk) ath9k: fix use-after-free in ath9k_hif_usb_rx_cb |
| CVE-2022-1729: (unk) perf: Fix sys_perf_event_open() race against self |
| CVE-2022-1734: (unk) nfc: nfcmrvl: main: reorder destructive operations in nfcmrvl_nci_unregister_dev to avoid bugs |
| CVE-2022-1786: (unk) io_uring: remove io_identity |
| CVE-2022-1789: (unk) KVM: x86/mmu: fix NULL pointer dereference on guest INVPCID |
| CVE-2022-1836: (unk) floppy: disable FDRAWCMD by default |
| CVE-2022-1966: (unk) netfilter: nf_tables: disallow non-stateful expression in sets earlier |
| CVE-2022-1972: (unk) netfilter: nf_tables: sanitize nft_set_desc_concat_parse() |
| CVE-2022-1974: (unk) nfc: replace improper check device_is_registered() in netlink related functions |
| CVE-2022-1975: (unk) NFC: netlink: fix sleep in atomic bug when firmware download timeout |
| CVE-2022-20008: (unk) mmc: block: fix read single on recovery logic |
| CVE-2022-20132: (unk) HID: add hid_is_usb() function to make it simpler for USB detection |
| CVE-2022-20141: (unk) igmp: Add ip_mc_list lock in ip_check_mc_rcu |
| CVE-2022-20148: (unk) f2fs: fix UAF in f2fs_available_free_memory |
| CVE-2022-20154: (unk) sctp: use call_rcu to free endpoint |
| CVE-2022-20158: (unk) net/packet: fix slab-out-of-bounds access in packet_recvmsg() |
| CVE-2022-20368: (unk) net/packet: fix slab-out-of-bounds access in packet_recvmsg() |
| CVE-2022-20369: (unk) media: v4l2-mem2mem: Apply DST_QUEUE_OFF_BASE on MMAP buffers across ioctls |
| CVE-2022-20409: (unk) io_uring: remove io_identity |
| CVE-2022-20421: (unk) binder: fix UAF of ref->proc caused by race condition |
| CVE-2022-20422: (unk) arm64: fix oops in concurrently setting insn_emulation sysctls |
| CVE-2022-20424: (unk) io_uring: remove io_identity |
| CVE-2022-20566: (unk) Bluetooth: L2CAP: Fix use-after-free caused by l2cap_chan_put |
| CVE-2022-20568: (unk) Merge tag 'io_uring-worker.v3-2021-02-25' of git://git.kernel.dk/linux-block |
| CVE-2022-20572: (unk) dm verity: set DM_TARGET_IMMUTABLE feature flag |
| CVE-2022-2078: (unk) netfilter: nf_tables: sanitize nft_set_desc_concat_parse() |
| CVE-2022-21123: (unk) x86/speculation/mmio: Add mitigation for Processor MMIO Stale Data |
| CVE-2022-21125: (unk) x86/speculation/mmio: Reuse SRBDS mitigation for SBDS |
| CVE-2022-21166: (unk) x86/speculation/mmio: Enable CPU Fill buffer clearing on idle |
| CVE-2022-21499: (unk) lockdown: also lock down previous kgdb use |
| CVE-2022-21505: (unk) lockdown: Fix kexec lockdown bypass with ima policy |
| CVE-2022-2153: (unk) KVM: x86: Avoid theoretical NULL pointer dereference in kvm_irq_delivery_to_apic_fast() |
| CVE-2022-2196: (unk) KVM: VMX: Execute IBPB on emulated VM-exit when guest has IBRS |
| CVE-2022-2209: (unk) |
| CVE-2022-22942: (unk) drm/vmwgfx: Fix stale file descriptors on failed usercopy |
| CVE-2022-23036: (unk) xen/grant-table: add gnttab_try_end_foreign_access() |
| CVE-2022-23037: (unk) xen/netfront: don't use gnttab_query_foreign_access() for mapped status |
| CVE-2022-23038: (unk) xen/grant-table: add gnttab_try_end_foreign_access() |
| CVE-2022-23039: (unk) xen/gntalloc: don't use gnttab_query_foreign_access() |
| CVE-2022-23040: (unk) xen/xenbus: don't let xenbus_grant_ring() remove grants in error case |
| CVE-2022-23041: (unk) xen/9p: use alloc/free_pages_exact() |
| CVE-2022-23042: (unk) xen/netfront: react properly to failing gnttab_end_foreign_access_ref() |
| CVE-2022-2318: (unk) net: rose: fix UAF bugs caused by timer handler |
| CVE-2022-23222: (unk) bpf: Replace PTR_TO_XXX_OR_NULL with PTR_TO_XXX | PTR_MAYBE_NULL |
| CVE-2022-2327: (unk) io_uring: remove any grabbing of context |
| CVE-2022-2380: (unk) video: fbdev: sm712fb: Fix crash in smtcfb_read() |
| CVE-2022-23816: (unk) x86/kvm/vmx: Make noinstr clean |
| CVE-2022-23825: (unk) |
| CVE-2022-23960: (unk) ARM: report Spectre v2 status through sysfs |
| CVE-2022-24448: (unk) NFSv4: Handle case where the lookup of a directory fails |
| CVE-2022-24958: (unk) usb: gadget: don't release an existing dev->buf |
| CVE-2022-24959: (unk) yam: fix a memory leak in yam_siocdevprivate() |
| CVE-2022-2503: (unk) dm verity: set DM_TARGET_IMMUTABLE feature flag |
| CVE-2022-25258: (unk) USB: gadget: validate interface OS descriptor requests |
| CVE-2022-25265: (unk) |
| CVE-2022-25375: (unk) usb: gadget: rndis: check size of RNDIS_MSG_SET command |
| CVE-2022-25636: (unk) netfilter: nf_tables_offload: incorrect flow offload action array size |
| CVE-2022-2585: (unk) posix-cpu-timers: Cleanup CPU timers before freeing them during exec |
| CVE-2022-2586: (unk) netfilter: nf_tables: do not allow SET_ID to refer to another table |
| CVE-2022-2588: (unk) net_sched: cls_route: remove from list when handle is 0 |
| CVE-2022-2602: (unk) io_uring/af_unix: defer registered files gc to io_uring release |
| CVE-2022-26365: (unk) xen/blkfront: fix leaking data in shared pages |
| CVE-2022-26373: (unk) x86/speculation: Add RSB VM Exit protections |
| CVE-2022-2639: (unk) openvswitch: fix OOB access in reserve_sfa_size() |
| CVE-2022-26490: (unk) nfc: st21nfca: Fix potential buffer overflows in EVT_TRANSACTION |
| CVE-2022-2663: (unk) netfilter: nf_conntrack_irc: Fix forged IP logic |
| CVE-2022-26966: (unk) sr9700: sanity check for packet length |
| CVE-2022-27223: (unk) USB: gadget: validate endpoint index for xilinx udc |
| CVE-2022-27666: (unk) esp: Fix possible buffer overflow in ESP transformation |
| CVE-2022-27672: (unk) x86/speculation: Identify processors vulnerable to SMT RSB predictions |
| CVE-2022-28356: (unk) llc: fix netdevice reference leaks in llc_ui_bind() |
| CVE-2022-28388: (unk) can: usb_8dev: usb_8dev_start_xmit(): fix double dev_kfree_skb() in error path |
| CVE-2022-28389: (unk) can: mcba_usb: mcba_usb_start_xmit(): fix double dev_kfree_skb in error path |
| CVE-2022-28390: (unk) can: ems_usb: ems_usb_start_xmit(): fix double dev_kfree_skb() in error path |
| CVE-2022-2873: (unk) i2c: ismt: prevent memory corruption in ismt_access() |
| CVE-2022-28893: (unk) SUNRPC: Ensure we flush any closed sockets before xs_xprt_free() |
| CVE-2022-2905: (unk) bpf: Don't use tnum_range on array range checking for poke descriptors |
| CVE-2022-2938: (unk) psi: Fix uaf issue when psi trigger is destroyed while being polled |
| CVE-2022-29581: (unk) net/sched: cls_u32: fix netns refcount changes in u32_change() |
| CVE-2022-29582: (unk) io_uring: fix race between timeout flush and removal |
| CVE-2022-2959: (unk) pipe: Fix missing lock in pipe_resize_ring() |
| CVE-2022-2961: (unk) |
| CVE-2022-2964: (unk) net: usb: ax88179_178a: Fix out-of-bounds accesses in RX fixup |
| CVE-2022-2977: (unk) tpm: fix reference counting for struct tpm_chip |
| CVE-2022-2978: (unk) fs: fix UAF/GPF bug in nilfs_mdt_destroy |
| CVE-2022-29900: (unk) x86/kvm/vmx: Make noinstr clean |
| CVE-2022-29901: (unk) x86/kvm/vmx: Make noinstr clean |
| CVE-2022-2991: (unk) remove the lightnvm subsystem |
| CVE-2022-3028: (unk) af_key: Do not call xfrm_probe_algs in parallel |
| CVE-2022-30594: (unk) ptrace: Check PTRACE_O_SUSPEND_SECCOMP permission on PTRACE_SEIZE |
| CVE-2022-3061: (unk) video: fbdev: i740fb: Error out if 'pixclock' equals zero |
| CVE-2022-3077: (unk) i2c: ismt: prevent memory corruption in ismt_access() |
| CVE-2022-3078: (unk) media: vidtv: Check for null return of vzalloc |
| CVE-2022-3104: (unk) lkdtm/bugs: Check for the NULL pointer after calling kmalloc |
| CVE-2022-3105: (unk) RDMA/uverbs: Check for null return of kmalloc_array |
| CVE-2022-3106: (unk) sfc_ef100: potential dereference of null pointer |
| CVE-2022-3107: (unk) hv_netvsc: Add check for kvmalloc_array |
| CVE-2022-3108: (unk) drm/amdkfd: Check for null pointer after calling kmemdup |
| CVE-2022-3111: (unk) power: supply: wm8350-power: Add missing free in free_charger_irq |
| CVE-2022-3112: (unk) media: meson: vdec: potential dereference of null pointer |
| CVE-2022-3113: (unk) media: mtk-vcodec: potential dereference of null pointer |
| CVE-2022-3115: (unk) drm: mali-dp: potential dereference of null pointer |
| CVE-2022-3169: (unk) nvme: ensure subsystem reset is single threaded |
| CVE-2022-3176: (unk) io_uring: fix UAF due to missing POLLFREE handling |
| CVE-2022-3202: (unk) jfs: prevent NULL deref in diFree |
| CVE-2022-32250: (unk) netfilter: nf_tables: disallow non-stateful expression in sets earlier |
| CVE-2022-32296: (unk) tcp: increase source port perturb table to 2^16 |
| CVE-2022-3239: (unk) media: em28xx: initialize refcount before kref_get |
| CVE-2022-32981: (unk) powerpc/32: Fix overread/overwrite of thread_struct via ptrace |
| CVE-2022-3303: (unk) ALSA: pcm: oss: Fix race at SNDCTL_DSP_SYNC |
| CVE-2022-3344: (unk) KVM: x86: nSVM: harden svm_free_nested against freeing vmcb02 while still in use |
| CVE-2022-33740: (unk) xen/netfront: fix leaking data in shared pages |
| CVE-2022-33741: (unk) xen/netfront: force data bouncing when backend is untrusted |
| CVE-2022-33742: (unk) xen/blkfront: force data bouncing when backend is untrusted |
| CVE-2022-33743: (unk) xen-netfront: restore __skb_queue_tail() positioning in xennet_get_responses() |
| CVE-2022-33744: (unk) xen/arm: Fix race in RB-tree based P2M accounting |
| CVE-2022-33981: (unk) floppy: disable FDRAWCMD by default |
| CVE-2022-3424: (unk) misc: sgi-gru: fix use-after-free error in gru_set_context_option, gru_fault and gru_handle_user_call_os |
| CVE-2022-34918: (unk) netfilter: nf_tables: stricter validation of element data |
| CVE-2022-3521: (unk) kcm: avoid potential race in kcm_tx_work |
| CVE-2022-3522: (unk) mm/hugetlb: use hugetlb_pte_stable in migration race check |
| CVE-2022-3523: (unk) mm/memory.c: fix race when faulting a device private page |
| CVE-2022-3524: (unk) tcp/udp: Fix memory leak in ipv6_renew_options(). |
| CVE-2022-3533: (unk) |
| CVE-2022-3534: (unk) libbpf: Fix use-after-free in btf_dump_name_dups |
| CVE-2022-3535: (unk) net: mvpp2: fix mvpp2 debugfs leak |
| CVE-2022-3542: (unk) bnx2x: fix potential memory leak in bnx2x_tpa_stop() |
| CVE-2022-3545: (unk) nfp: fix use-after-free in area_cache_get() |
| CVE-2022-3564: (unk) Bluetooth: L2CAP: Fix use-after-free caused by l2cap_reassemble_sdu |
| CVE-2022-3565: (unk) mISDN: fix use-after-free bugs in l1oip timer handlers |
| CVE-2022-3566: (unk) tcp: Fix data races around icsk->icsk_af_ops. |
| CVE-2022-3567: (unk) ipv6: Fix data races around sk->sk_prot. |
| CVE-2022-3577: (unk) HID: bigben: fix slab-out-of-bounds Write in bigben_probe |
| CVE-2022-3586: (unk) sch_sfb: Don't assume the skb is still around after enqueueing to child |
| CVE-2022-3594: (unk) r8152: Rate limit overflow messages |
| CVE-2022-3595: (unk) cifs: fix double-fault crash during ntlmssp |
| CVE-2022-3606: (unk) |
| CVE-2022-36123: (unk) x86: Clear .brk area at early boot |
| CVE-2022-3621: (unk) nilfs2: fix NULL pointer dereference at nilfs_bmap_lookup_at_level() |
| CVE-2022-3623: (unk) mm/hugetlb: fix races when looking up a CONT-PTE/PMD size hugetlb page |
| CVE-2022-3624: (unk) bonding: fix reference count leak in balance-alb mode |
| CVE-2022-3625: (unk) devlink: Fix use-after-free after a failed reload |
| CVE-2022-3628: (unk) wifi: brcmfmac: Fix potential buffer overflow in brcmf_fweh_event_worker() |
| CVE-2022-36280: (unk) drm/vmwgfx: Validate the box size for the snooped cursor |
| CVE-2022-3629: (unk) vsock: Fix memory leak in vsock_connect() |
| CVE-2022-3633: (unk) can: j1939: j1939_session_destroy(): fix memory leak of skbs |
| CVE-2022-3635: (unk) atm: idt77252: fix use-after-free bugs caused by tst_timer |
| CVE-2022-3636: (unk) net: ethernet: mtk_eth_soc: use after free in __mtk_ppe_check_skb() |
| CVE-2022-36402: (unk) |
| CVE-2022-3642: (unk) |
| CVE-2022-3643: (unk) xen/netback: Ensure protocol headers don't fall in the non-linear area |
| CVE-2022-3646: (unk) nilfs2: fix leak of nilfs_root in case of writer thread creation failure |
| CVE-2022-3649: (unk) nilfs2: fix use-after-free bug of struct nilfs_root |
| CVE-2022-36879: (unk) xfrm: xfrm_policy: fix a possible double xfrm_pols_put() in xfrm_bundle_lookup() |
| CVE-2022-36946: (unk) netfilter: nf_queue: do not allow packet truncation below transport header offset |
| CVE-2022-3707: (unk) drm/i915/gvt: fix double free bug in split_2MB_gtt_entry |
| CVE-2022-38096: (unk) |
| CVE-2022-38457: (unk) drm/vmwgfx: Remove rcu locks from user resources |
| CVE-2022-3903: (unk) media: mceusb: Use new usb_control_msg_*() routines |
| CVE-2022-39188: (unk) mmu_gather: Force tlb-flush VM_PFNMAP vmas |
| CVE-2022-39189: (unk) KVM: x86: do not report a vCPU as preempted outside instruction boundaries |
| CVE-2022-39190: (unk) netfilter: nf_tables: disallow binding to already bound chain |
| CVE-2022-39842: (unk) video: fbdev: pxa3xx-gcu: Fix integer overflow in pxa3xx_gcu_write |
| CVE-2022-40133: (unk) drm/vmwgfx: Remove rcu locks from user resources |
| CVE-2022-40307: (unk) efi: capsule-loader: Fix use-after-free in efi_capsule_write |
| CVE-2022-40768: (unk) scsi: stex: Properly zero out the passthrough command structure |
| CVE-2022-4095: (unk) staging: rtl8712: fix use after free bugs |
| CVE-2022-40982: (unk) x86/speculation: Add Gather Data Sampling mitigation |
| CVE-2022-41218: (unk) media: dvb-core: Fix UAF due to refcount races at releasing |
| CVE-2022-41222: (unk) mm/mremap: hold the rmap lock in write mode when moving page table entries. |
| CVE-2022-4129: (unk) l2tp: Serialize access to sk_user_data with sk_callback_lock |
| CVE-2022-41674: (unk) wifi: cfg80211: fix u8 overflow in cfg80211_update_notlisted_nontrans() |
| CVE-2022-41848: (unk) |
| CVE-2022-41849: (unk) fbdev: smscufx: Fix use-after-free in ufx_ops_open() |
| CVE-2022-41850: (unk) HID: roccat: Fix use-after-free in roccat_read() |
| CVE-2022-41858: (unk) drivers: net: slip: fix NPD bug in sl_tx_timeout() |
| CVE-2022-42432: (unk) netfilter: nfnetlink_osf: fix possible bogus match in nf_osf_find() |
| CVE-2022-4269: (unk) act_mirred: use the backlog for nested calls to mirred ingress |
| CVE-2022-42703: (unk) mm/rmap: Fix anon_vma->degree ambiguity leading to double-reuse |
| CVE-2022-42719: (unk) wifi: mac80211: fix MBSSID parsing use-after-free |
| CVE-2022-42720: (unk) wifi: cfg80211: fix BSS refcounting bugs |
| CVE-2022-42721: (unk) wifi: cfg80211: avoid nontransmitted BSS list corruption |
| CVE-2022-42722: (unk) wifi: mac80211: fix crash in beacon protection for P2P-device |
| CVE-2022-42895: (unk) Bluetooth: L2CAP: Fix attempting to access uninitialized memory |
| CVE-2022-42896: (unk) Bluetooth: L2CAP: Fix accepting connection request for invalid SPSM |
| CVE-2022-43750: (unk) usb: mon: make mmapped memory read only |
| CVE-2022-4378: (unk) proc: proc_skip_spaces() shouldn't think it is working on C strings |
| CVE-2022-4379: (unk) NFSD: fix use-after-free in __nfs42_ssc_open() |
| CVE-2022-4382: (unk) USB: gadgetfs: Fix race between mounting and unmounting |
| CVE-2022-43945: (unk) NFSD: Protect against send buffer overflow in NFSv2 READDIR |
| CVE-2022-44032: (unk) char: pcmcia: remove all the drivers |
| CVE-2022-44033: (unk) char: pcmcia: remove all the drivers |
| CVE-2022-44034: (unk) |
| CVE-2022-4543: (unk) |
| CVE-2022-45884: (unk) |
| CVE-2022-45885: (unk) |
| CVE-2022-45886: (unk) media: dvb-core: Fix use-after-free due on race condition at dvb_net |
| CVE-2022-45887: (unk) media: ttusb-dec: fix memory leak in ttusb_dec_exit_dvb() |
| CVE-2022-45919: (unk) media: dvb-core: Fix use-after-free due to race condition at dvb_ca_en50221 |
| CVE-2022-45934: (unk) Bluetooth: L2CAP: Fix u8 overflow |
| CVE-2022-4662: (unk) USB: core: Prevent nested device-reset calls |
| CVE-2022-4696: (unk) io_uring: remove any grabbing of context |
| CVE-2022-4744: (unk) tun: avoid double free in tun_free_netdev |
| CVE-2022-47518: (unk) wifi: wilc1000: validate number of channels |
| CVE-2022-47519: (unk) wifi: wilc1000: validate length of IEEE80211_P2P_ATTR_OPER_CHANNEL attribute |
| CVE-2022-47520: (unk) wifi: wilc1000: validate pairwise and authentication suite offsets |
| CVE-2022-47521: (unk) wifi: wilc1000: validate length of IEEE80211_P2P_ATTR_CHANNEL_LIST attribute |
| CVE-2022-47929: (unk) net: sched: disallow noqueue for qdisc classes |
| CVE-2022-47946: (unk) io_uring: kill sqo_dead and sqo submission halting |
| CVE-2023-0045: (unk) x86/bugs: Flush IBP in ib_prctl_set() |
| CVE-2023-0047: (unk) mm, oom: do not trigger out_of_memory from the #PF |
| CVE-2023-0160: (unk) bpf, sockmap: fix deadlocks in the sockhash and sockmap |
| CVE-2023-0179: (unk) netfilter: nft_payload: incorrect arithmetics when fetching VLAN header bits |
| CVE-2023-0266: (unk) ALSA: pcm: Move rwsem lock inside snd_ctl_elem_read to prevent UAF |
| CVE-2023-0386: (unk) ovl: fail on invalid uid/gid mapping at copy up |
| CVE-2023-0394: (unk) ipv6: raw: Deduct extension header length in rawv6_push_pending_frames |
| CVE-2023-0458: (unk) prlimit: do_prlimit needs to have a speculation check |
| CVE-2023-0459: (unk) uaccess: Add speculation barrier to copy_from_user() |
| CVE-2023-0461: (unk) net/ulp: prevent ULP without clone op from entering the LISTEN status |
| CVE-2023-0590: (unk) net: sched: fix race condition in qdisc_graft() |
| CVE-2023-0597: (unk) x86/mm: Randomize per-cpu entry area |
| CVE-2023-0615: (unk) media: vivid: dev->bitmap_cap wasn't freed in all cases |
| CVE-2023-1073: (unk) HID: check empty report_list in hid_validate_values() |
| CVE-2023-1074: (unk) sctp: fail if no bound addresses can be used for a given scope |
| CVE-2023-1075: (unk) net/tls: tls_is_tx_ready() checked list_entry |
| CVE-2023-1076: (unk) tun: tun_chr_open(): correctly initialize socket uid |
| CVE-2023-1077: (unk) sched/rt: pick_next_rt_entity(): check list_entry |
| CVE-2023-1078: (unk) rds: rds_rm_zerocopy_callback() use list_first_entry() |
| CVE-2023-1079: (unk) HID: asus: use spinlock to safely schedule workers |
| CVE-2023-1095: (unk) netfilter: nf_tables: fix null deref due to zeroed list head |
| CVE-2023-1118: (unk) media: rc: Fix use-after-free bugs caused by ene_tx_irqsim() |
| CVE-2023-1206: (unk) tcp: Reduce chance of collisions in inet6_hashfn(). |
| CVE-2023-1249: (unk) coredump: Use the vma snapshot in fill_files_note |
| CVE-2023-1252: (unk) ovl: fix use after free in struct ovl_aio_req |
| CVE-2023-1281: (unk) net/sched: tcindex: update imperfect hash filters respecting rcu |
| CVE-2023-1380: (unk) wifi: brcmfmac: slab-out-of-bounds read in brcmf_get_assoc_ies() |
| CVE-2023-1382: (unk) tipc: set con sock in tipc_conn_alloc |
| CVE-2023-1513: (unk) kvm: initialize all of the kvm_debugregs structure before sending it to userspace |
| CVE-2023-1582: (unk) fs/proc: task_mmu.c: don't read mapcount for migration entry |
| CVE-2023-1611: (unk) btrfs: fix race between quota disable and quota assign ioctls |
| CVE-2023-1637: (unk) x86/speculation: Restore speculation related MSRs during S3 resume |
| CVE-2023-1670: (unk) xirc2ps_cs: Fix use after free bug in xirc2ps_detach |
| CVE-2023-1829: (unk) net/sched: Retire tcindex classifier |
| CVE-2023-1838: (unk) Fix double fget() in vhost_net_set_backend() |
| CVE-2023-1855: (unk) hwmon: (xgene) Fix use after free bug in xgene_hwmon_remove due to race condition |
| CVE-2023-1859: (unk) 9p/xen : Fix use after free bug in xen_9pfs_front_remove due to race condition |
| CVE-2023-1872: (unk) io_uring: propagate issue_flags state down to file assignment |
| CVE-2023-1989: (unk) Bluetooth: btsdio: fix use after free bug in btsdio_remove due to unfinished work |
| CVE-2023-1990: (unk) nfc: st-nci: Fix use after free bug in ndlc_remove due to race condition |
| CVE-2023-2002: (unk) bluetooth: Perform careful capability checks in hci_sock_ioctl() |
| CVE-2023-2006: (unk) rxrpc: Fix race between conn bundle lookup and bundle removal [ZDI-CAN-15975] |
| CVE-2023-2007: (unk) scsi: dpt_i2o: Remove obsolete driver |
| CVE-2023-2008: (unk) udmabuf: add back sanity check |
| CVE-2023-20569: (unk) x86/bugs: Increase the x86 bugs vector size to two u32s |
| CVE-2023-20588: (unk) x86/CPU/AMD: Do not leak quotient data after a division by 0 |
| CVE-2023-20593: (unk) x86/cpu/amd: Add a Zenbleed fix |
| CVE-2023-20928: (unk) android: binder: stop saving a pointer to the VMA |
| CVE-2023-20941: (unk) |
| CVE-2023-2124: (unk) xfs: verify buffer contents when we skip log replay |
| CVE-2023-21400: (unk) |
| CVE-2023-2156: (unk) net: rpl: fix rpl header size calculation |
| CVE-2023-2162: (unk) scsi: iscsi_tcp: Fix UAF during login when accessing the shost ipaddress |
| CVE-2023-2163: (unk) bpf: Fix incorrect verifier pruning due to missing register precision taints |
| CVE-2023-2176: (unk) RDMA/core: Refactor rdma_bind_addr |
| CVE-2023-2177: (unk) sctp: leave the err path free in sctp_stream_init to sctp_stream_free |
| CVE-2023-2194: (unk) i2c: xgene-slimpro: Fix out-of-bounds bug in xgene_slimpro_i2c_xfer() |
| CVE-2023-2248: (unk) net: sched: sch_qfq: prevent slab-out-of-bounds in qfq_activate_agg |
| CVE-2023-2269: (unk) dm ioctl: fix nested locking in table_clear() to remove deadlock concern |
| CVE-2023-22995: (unk) usb: dwc3: dwc3-qcom: Add missing platform_device_put() in dwc3_qcom_acpi_register_core |
| CVE-2023-22998: (unk) drm/virtio: Fix NULL vs IS_ERR checking in virtio_gpu_object_shmem_init |
| CVE-2023-23000: (unk) phy: tegra: xusb: Fix return value of tegra_xusb_find_port_node function |
| CVE-2023-23001: (unk) scsi: ufs: ufs-mediatek: Fix error checking in ufs_mtk_init_va09_pwr_ctrl() |
| CVE-2023-23002: (unk) Bluetooth: hci_qca: Fix NULL vs IS_ERR_OR_NULL check in qca_serdev_probe |
| CVE-2023-23004: (unk) malidp: Fix NULL vs IS_ERR() checking |
| CVE-2023-23006: (unk) net/mlx5: DR, Fix NULL vs IS_ERR checking in dr_domain_init_resources |
| CVE-2023-23039: (unk) |
| CVE-2023-23454: (unk) net: sched: cbq: dont intepret cls results when asked to drop |
| CVE-2023-23455: (unk) net: sched: atm: dont intepret cls results when asked to drop |
| CVE-2023-23559: (unk) wifi: rndis_wlan: Prevent buffer overflow in rndis_query_oid |
| CVE-2023-23586: (unk) io_uring: remove io_identity |
| CVE-2023-2430: (unk) io_uring/msg_ring: fix missing lock on overflow for IOPOLL |
| CVE-2023-2483: (unk) net: qcom/emac: Fix use after free bug in emac_remove due to race condition |
| CVE-2023-25012: (unk) HID: bigben: use spinlock to safely schedule workers |
| CVE-2023-2513: (unk) ext4: fix use-after-free in ext4_xattr_set_entry |
| CVE-2023-26242: (unk) |
| CVE-2023-26545: (unk) net: mpls: fix stale pointer if allocation fails during device rename |
| CVE-2023-26607: (unk) ntfs: fix out-of-bounds read in ntfs_attr_find() |
| CVE-2023-28327: (unk) af_unix: Get user_ns from in_skb in unix_diag_get_exact(). |
| CVE-2023-28328: (unk) media: dvb-usb: az6027: fix null-ptr-deref in az6027_i2c_xfer() |
| CVE-2023-28410: (unk) drm/i915/gem: add missing boundary check in vm_access |
| CVE-2023-28466: (unk) net: tls: fix possible race condition between do_tls_getsockopt_conf() and do_tls_setsockopt_conf() |
| CVE-2023-2860: (unk) ipv6: sr: fix out-of-bounds read when setting HMAC data. |
| CVE-2023-28772: (unk) seq_buf: Fix overflow in seq_buf_putmem_hex() |
| CVE-2023-2898: (unk) f2fs: fix to avoid NULL pointer dereference f2fs_write_end_io() |
| CVE-2023-2985: (unk) fs: hfsplus: fix UAF issue in hfsplus_put_super |
| CVE-2023-3006: (unk) arm64: Add AMPERE1 to the Spectre-BHB affected list |
| CVE-2023-30456: (unk) KVM: nVMX: add missing consistency checks for CR0 and CR4 |
| CVE-2023-30772: (unk) power: supply: da9150: Fix use after free bug in da9150_charger_remove due to race condition |
| CVE-2023-3090: (unk) ipvlan:Fix out-of-bounds caused by unclear skb->cb |
| CVE-2023-31081: (unk) |
| CVE-2023-31082: (unk) |
| CVE-2023-31083: (unk) Bluetooth: hci_ldisc: check HCI_UART_PROTO_READY flag in HCIUARTGETPROTO |
| CVE-2023-31084: (unk) media: dvb-core: Fix kernel WARNING for blocking operation in wait_event*() |
| CVE-2023-31085: (unk) ubi: Refuse attaching if mtd's erasesize is 0 |
| CVE-2023-3111: (unk) btrfs: unset reloc control if transaction commit fails in prepare_to_relocate() |
| CVE-2023-3117: (unk) netfilter: nf_tables: incorrect error path handling with NFT_MSG_NEWRULE |
| CVE-2023-31248: (unk) netfilter: nf_tables: do not ignore genmask when looking up chain by id |
| CVE-2023-3141: (unk) memstick: r592: Fix UAF bug in r592_remove due to race condition |
| CVE-2023-31436: (unk) net: sched: sch_qfq: prevent slab-out-of-bounds in qfq_activate_agg |
| CVE-2023-3159: (unk) firewire: fix potential uaf in outbound_phy_packet_callback() |
| CVE-2023-3161: (unk) fbcon: Check font dimension limits |
| CVE-2023-3212: (unk) gfs2: Don't deref jdesc in evict |
| CVE-2023-3220: (unk) drm/msm/dpu: Add check for pstates |
| CVE-2023-32233: (unk) netfilter: nf_tables: deactivate anonymous set from preparation phase |
| CVE-2023-32269: (unk) netrom: Fix use-after-free caused by accept on already connected socket |
| CVE-2023-3268: (unk) relayfs: fix out-of-bounds access in relay_file_read |
| CVE-2023-33203: (unk) net: qcom/emac: Fix use after free bug in emac_remove due to race condition |
| CVE-2023-33288: (unk) power: supply: bq24190: Fix use after free bug in bq24190_remove due to race condition |
| CVE-2023-3338: (unk) Remove DECnet support from kernel |
| CVE-2023-3355: (unk) drm/msm/gem: Add check for kmalloc |
| CVE-2023-3357: (unk) HID: amd_sfh: Add missing check for dma_alloc_coherent |
| CVE-2023-3358: (unk) HID: intel_ish-hid: Add check for ishtp_dma_tx_map |
| CVE-2023-3389: (unk) io_uring: mutex locked poll hashing |
| CVE-2023-3390: (unk) netfilter: nf_tables: incorrect error path handling with NFT_MSG_NEWRULE |
| CVE-2023-3397: (unk) |
| CVE-2023-34255: (unk) xfs: verify buffer contents when we skip log replay |
| CVE-2023-34256: (unk) ext4: avoid a potential slab-out-of-bounds in ext4_group_desc_csum |
| CVE-2023-34324: (unk) xen/events: replace evtchn_rwlock with RCU |
| CVE-2023-35001: (unk) netfilter: nf_tables: prevent OOB access in nft_byteorder_eval |
| CVE-2023-3567: (unk) vc_screen: move load of struct vc_data pointer in vcs_read() to avoid UAF |
| CVE-2023-35788: (unk) net/sched: flower: fix possible OOB write in fl_set_geneve_opt() |
| CVE-2023-35823: (unk) media: saa7134: fix use after free bug in saa7134_finidev due to race condition |
| CVE-2023-35824: (unk) media: dm1105: Fix use after free bug in dm1105_remove due to race condition |
| CVE-2023-35827: (unk) ravb: Fix use-after-free issue in ravb_tx_timeout_work() |
| CVE-2023-35828: (unk) usb: gadget: udc: renesas_usb3: Fix use after free bug in renesas_usb3_remove due to race condition |
| CVE-2023-35829: (unk) media: rkvdec: fix use after free bug in rkvdec_remove |
| CVE-2023-3609: (unk) net/sched: cls_u32: Fix reference counter leak leading to overflow |
| CVE-2023-3610: (unk) netfilter: nf_tables: fix chain binding transaction logic |
| CVE-2023-3611: (unk) net/sched: sch_qfq: account for stab overhead in qfq_enqueue |
| CVE-2023-3640: (unk) |
| CVE-2023-37454: (unk) |
| CVE-2023-3772: (unk) xfrm: add NULL check in xfrm_update_ae_params |
| CVE-2023-3776: (unk) net/sched: cls_fw: Fix improper refcount update leads to use-after-free |
| CVE-2023-3777: (unk) netfilter: nf_tables: skip bound chain on rule flush |
| CVE-2023-3812: (unk) net: tun: fix bugs for oversize packet when napi frags enabled |
| CVE-2023-3863: (unk) net: nfc: Fix use-after-free caused by nfc_llcp_find_local |
| CVE-2023-39189: (unk) netfilter: nfnetlink_osf: avoid OOB read |
| CVE-2023-39192: (unk) netfilter: xt_u32: validate user space input |
| CVE-2023-39193: (unk) netfilter: xt_sctp: validate the flag_info count |
| CVE-2023-39194: (unk) net: xfrm: Fix xfrm_address_filter OOB read |
| CVE-2023-4004: (unk) netfilter: nft_set_pipapo: fix improper element removal |
| CVE-2023-4010: (unk) |
| CVE-2023-4015: (unk) netfilter: nf_tables: skip immediate deactivate in _PREPARE_ERROR |
| CVE-2023-40283: (unk) Bluetooth: L2CAP: Fix use-after-free in l2cap_sock_ready_cb |
| CVE-2023-4128: (unk) net/sched: cls_u32: No longer copy tcf_result on update to avoid use-after-free |
| CVE-2023-4132: (unk) media: usb: siano: Fix warning due to null work_func_t function pointer |
| CVE-2023-4133: (unk) cxgb4: fix use after free bugs caused by circular dependency problem |
| CVE-2023-4134: (unk) Input: cyttsp4_core - change del_timer_sync() to timer_shutdown_sync() |
| CVE-2023-4147: (unk) netfilter: nf_tables: disallow rule addition to bound chain via NFTA_RULE_CHAIN_ID |
| CVE-2023-4155: (unk) KVM: SEV: only access GHCB fields once |
| CVE-2023-4206: (unk) net/sched: cls_route: No longer copy tcf_result on update to avoid use-after-free |
| CVE-2023-4207: (unk) net/sched: cls_fw: No longer copy tcf_result on update to avoid use-after-free |
| CVE-2023-4208: (unk) net/sched: cls_u32: No longer copy tcf_result on update to avoid use-after-free |
| CVE-2023-4244: (unk) netfilter: nf_tables: fix GC transaction races with netns and netlink event exit path |
| CVE-2023-4273: (unk) exfat: check if filename entries exceeds max filename length |
| CVE-2023-42752: (unk) igmp: limit igmpv3_newpack() packet size to IP_MAX_MTU |
| CVE-2023-42753: (unk) netfilter: ipset: add the missing IP_SET_HASH_WITH_NET0 macro for ip_set_hash_netportnet.c |
| CVE-2023-42754: (unk) ipv4: fix null-deref in ipv4_link_failure |
| CVE-2023-42755: (unk) net/sched: Retire rsvp classifier |
| CVE-2023-4385: (unk) fs: jfs: fix possible NULL pointer dereference in dbFree() |
| CVE-2023-4387: (unk) net: vmxnet3: fix possible use-after-free bugs in vmxnet3_rq_alloc_rx_buf() |
| CVE-2023-4389: (unk) btrfs: fix root ref counts in error handling in btrfs_get_root_ref |
| CVE-2023-44466: (unk) libceph: harden msgr2.1 frame segment length checks |
| CVE-2023-4459: (unk) net: vmxnet3: fix possible NULL pointer dereference in vmxnet3_rq_cleanup() |
| CVE-2023-4563: (unk) netfilter: nf_tables: don't skip expired elements during walk |
| CVE-2023-45862: (unk) USB: ene_usb6250: Allocate enough memory for full object |
| CVE-2023-45863: (unk) kobject: Fix slab-out-of-bounds in fill_kobj_path() |
| CVE-2023-45871: (unk) igb: set max size RX buffer when store bad packet is enabled |
| CVE-2023-4610: (unk) Revert "mm: vmscan: make global slab shrink lockless" |
| CVE-2023-4622: (unk) unix: Convert unix_stream_sendpage() to use MSG_SPLICE_PAGES |
| CVE-2023-4623: (unk) net/sched: sch_hfsc: Ensure inner classes have fsc curve |
| CVE-2023-46813: (unk) x86/sev: Check for user-space IOIO pointing to kernel space |
| CVE-2023-46862: (unk) io_uring/fdinfo: lock SQ thread while retrieving thread cpu/pid |
| CVE-2023-47233: (unk) |
| CVE-2023-4732: (unk) mm/userfaultfd: fix uffd-wp special cases for fork() |
| CVE-2023-4881: (unk) netfilter: nftables: exthdr: fix 4-byte stack OOB write |
| CVE-2023-4921: (unk) net: sched: sch_qfq: Fix UAF in qfq_dequeue() |
| CVE-2023-5178: (unk) nvmet-tcp: Fix a possible UAF in queue intialization setup |
| CVE-2023-5197: (unk) netfilter: nf_tables: disallow rule removal from chain binding |
| CVE-2023-5633: (unk) drm/vmwgfx: Keep a gem reference to user bos in surfaces |
| CVE-2023-5717: (unk) perf: Disallow mis-matched inherited group reads |
