| |
| CVEs fixed in 6.0: |
| CVE-2022-2308: 46f8a29272e51b6df7393d58fc5cb8967397ef2b vduse: prevent uninitialized memory accesses |
| |
| CVEs fixed in 6.0.1: |
| CVE-2022-2978: 2a96b532098284ecf8e4849b8b9e5fc7a28bdee9 fs: fix UAF/GPF bug in nilfs_mdt_destroy |
| CVE-2022-43750: 08e2c70e549b77f5f3af9c76da00779d5756f997 usb: mon: make mmapped memory read only |
| |
| CVEs fixed in 6.0.2: |
| CVE-2022-3621: 037e760a4a009e9545a51e87c98c22d9aaf32df7 nilfs2: fix NULL pointer dereference at nilfs_bmap_lookup_at_level() |
| CVE-2022-3646: 9dc48a360e7b6bb16c48625f8f80ab7665bc9648 nilfs2: fix leak of nilfs_root in case of writer thread creation failure |
| CVE-2022-3649: 6251c9c0430d70cc221d0bb907b278bd99d7b066 nilfs2: fix use-after-free bug of struct nilfs_root |
| CVE-2022-3977: 3c7c84319833259b0bb8c879928700c9e42d6562 mctp: prevent double key removal and unref |
| CVE-2022-40768: b9b7369d89924a366b20045dc26dc4dc6b0567a4 scsi: stex: Properly zero out the passthrough command structure |
| CVE-2022-41674: fc1ed6d0c9898a68da7f1f7843560dfda57683e2 wifi: cfg80211: fix u8 overflow in cfg80211_update_notlisted_nontrans() |
| CVE-2022-42719: 4afcb8886800131f8dd58d82754ee0c508303d46 wifi: mac80211: fix MBSSID parsing use-after-free |
| CVE-2022-42720: e97a5d7091e6d2df05f8378a518a9bbf81688b77 wifi: cfg80211: fix BSS refcounting bugs |
| CVE-2022-42721: 377cb1ce85878c197904ca8383e6b41886e3994d wifi: cfg80211: avoid nontransmitted BSS list corruption |
| CVE-2022-42722: 8ed62f2df8ebcf79c185f1bc3e4f346ea0905da6 wifi: mac80211: fix crash in beacon protection for P2P-device |
| |
| CVEs fixed in 6.0.3: |
| CVE-2022-2602: 75e94c7e8859e58aadc15a98cc9704edff47d4f2 io_uring/af_unix: defer registered files gc to io_uring release |
| CVE-2022-3535: 218dbb2ef8597b837c1a8f248ad176c5f3f5b464 net: mvpp2: fix mvpp2 debugfs leak |
| CVE-2022-3541: 99e229c7fe30a1661f9f306b3df06eaf1db064aa eth: sp7021: fix use after free bug in spl2sw_nvmem_get_mac_address |
| CVE-2022-3542: a712737af79b4a9a75f9abbf812279062da75777 bnx2x: fix potential memory leak in bnx2x_tpa_stop() |
| CVE-2022-3543: 2f415ad33bc1a729fb1050141921b5a9ec4e062c af_unix: Fix memory leaks of the whole sk due to OOB skb. |
| CVE-2022-3565: 5c9422e2d8563a3efe064493ff7ebbc2948441ea mISDN: fix use-after-free bugs in l1oip timer handlers |
| CVE-2022-3594: 21f2532974115026fdab1205aab275d6181fb89f r8152: Rate limit overflow messages |
| CVE-2022-3623: 7c7c79dd5a388758f8dfa3de89b131d5d84f25fd mm/hugetlb: fix races when looking up a CONT-PTE/PMD size hugetlb page |
| CVE-2022-41849: e2e5264dcf5796559869750a2d6943ac88fe3918 fbdev: smscufx: Fix use-after-free in ufx_ops_open() |
| CVE-2022-41850: 8a251549ab577d64ece210a11c404354479bd635 HID: roccat: Fix use-after-free in roccat_read() |
| CVE-2022-43945: f59c74df82f6ac9d2ea4e01aa3ae7c6c4481652d NFSD: Protect against send buffer overflow in NFSv2 READDIR |
| |
| CVEs fixed in 6.0.6: |
| CVE-2023-0590: caee0b9d74119911423111a10c4e9f4e5c8e6d41 net: sched: fix race condition in qdisc_graft() |
| |
| CVEs fixed in 6.0.7: |
| CVE-2022-3524: 0c5d628f1e1d049c33595693fab1b6e9baf25795 tcp/udp: Fix memory leak in ipv6_renew_options(). |
| CVE-2023-0615: 74e2e978d1e36c3b67e998e779c02cbc8f481527 media: vivid: dev->bitmap_cap wasn't freed in all cases |
| CVE-2023-3006: 5b962b004afa3c11e651c07232f2402b4678007b arm64: Add AMPERE1 to the Spectre-BHB affected list |
| |
| CVEs fixed in 6.0.8: |
| CVE-2022-3564: 9a04161244603f502c6e453913e51edd59cb70c1 Bluetooth: L2CAP: Fix use-after-free caused by l2cap_reassemble_sdu |
| CVE-2022-3619: 5b4f039a2f487c5edae681d763fe1af505f84c13 Bluetooth: L2CAP: Fix memory leak in vhci_write |
| CVE-2022-3628: 631f73deedeb0fbc92ca5037d5a71c9fcae7974d wifi: brcmfmac: Fix potential buffer overflow in brcmf_fweh_event_worker() |
| CVE-2022-3640: 8f7e4cf0694149a5d999d676ebd9ecf1b4cb2cc9 Bluetooth: L2CAP: fix use-after-free in l2cap_conn_del() |
| CVE-2022-42895: e1aada9b71493b2e11c2a239ece99a97e3f13431 Bluetooth: L2CAP: Fix attempting to access uninitialized memory |
| CVE-2022-42896: d7efeb93213becae13c6a12e4150ce1e07bd2c49 Bluetooth: L2CAP: Fix accepting connection request for invalid SPSM |
| CVE-2023-3812: d24ba55946e6bdcfacae989638621d7728ee0ec8 net: tun: fix bugs for oversize packet when napi frags enabled |
| |
| CVEs fixed in 6.0.10: |
| CVE-2022-3169: 0c2b1c56252bf19d3412137073c2c07e86f40ba1 nvme: ensure subsystem reset is single threaded |
| CVE-2022-3521: 2526ac6b0f5a9b38e7e9073e37141cf78408078d kcm: avoid potential race in kcm_tx_work |
| CVE-2023-26607: e9b64d1faa58a4ae3454acbf9c80483dd16692d4 ntfs: fix out-of-bounds read in ntfs_attr_find() |
| |
| CVEs fixed in 6.0.11: |
| CVE-2022-3344: 5ca2721b7d3ed4d3da6323a2ea7339f745866d83 KVM: x86: nSVM: harden svm_free_nested against freeing vmcb02 while still in use |
| CVE-2022-4139: aef39675ad33317c8badc0165ea882e172a633e6 drm/i915: fix TLB invalidation for Gen12 video and compute engines |
| CVE-2022-45869: 34ced1da74eb975abdf7ef823512c7719f67601b KVM: x86/mmu: Fix race condition in direct_page_fault |
| CVE-2022-47518: 6195b4838e10a557859862c4e7840dc0eafdd1cd wifi: wilc1000: validate number of channels |
| CVE-2022-47519: c4b629c29a51344a99f279e0bc0caffd25897725 wifi: wilc1000: validate length of IEEE80211_P2P_ATTR_OPER_CHANNEL attribute |
| CVE-2022-47520: b3ac275fe82fb2e52085dace26ab65c91b3434b8 wifi: wilc1000: validate pairwise and authentication suite offsets |
| CVE-2022-47521: 0269a353bb4bf49902c702e0b55dcab0d470f5aa wifi: wilc1000: validate length of IEEE80211_P2P_ATTR_CHANNEL_LIST attribute |
| CVE-2023-0468: bc4e6ee16778149811333a969a7a893d4cc110c5 io_uring: make poll refs more robust |
| CVE-2023-0469: 77a467a3e20978607c56aa4886f46f78ca287054 io_uring/filetable: fix file reference underflow |
| CVE-2023-1382: 66d7a37e2ec769fbb4b086cc03c320565be3fbb9 tipc: set con sock in tipc_conn_alloc |
| CVE-2023-2006: 60272ee9be89f5e8021898e65862f93e9fba90dc rxrpc: Fix race between conn bundle lookup and bundle removal [ZDI-CAN-15975] |
| CVE-2023-2236: 77a467a3e20978607c56aa4886f46f78ca287054 io_uring/filetable: fix file reference underflow |
| |
| CVEs fixed in 6.0.12: |
| CVE-2022-3435: bb20a2ae241be846bc3c11ea4b3a3c69e41d51f2 ipv4: Handle attempt to delete multipath route when fib_info contains an nh reference |
| CVE-2022-4378: fdf2c95f28bf197bfab421d21e8c697d4f149ea1 proc: proc_skip_spaces() shouldn't think it is working on C strings |
| |
| CVEs fixed in 6.0.13: |
| CVE-2022-3643: e8851d841fe4f29b613a00de45f39c80dbfdb975 xen/netback: Ensure protocol headers don't fall in the non-linear area |
| CVE-2022-42328: 3fb02db125bbcf8163e9e30d2824b4adf13f06cb xen/netback: don't call kfree_skb() with interrupts disabled |
| CVE-2022-42329: 3fb02db125bbcf8163e9e30d2824b4adf13f06cb xen/netback: don't call kfree_skb() with interrupts disabled |
| CVE-2023-2166: fcc63f2f7ee3038d53216edd0d8291e57c752557 can: af_can: fix NULL pointer dereference in can_rcv_filter |
| CVE-2023-28327: 9c1d6f79a2c7b8221dcec27defc6dc461052ead4 af_unix: Get user_ns from in_skb in unix_diag_get_exact(). |
| |
| CVEs fixed in 6.0.15: |
| CVE-2022-45934: 5550bbf709c323194881737fd290c4bada9e6ead Bluetooth: L2CAP: Fix u8 overflow |
| |
| CVEs fixed in 6.0.16: |
| CVE-2022-3424: dbc1bb8c8ea930f188b7ce45db162807b3f4b66a misc: sgi-gru: fix use-after-free error in gru_set_context_option, gru_fault and gru_handle_user_call_os |
| CVE-2022-3531: 78b772629cc5adec02ab4182b62abe916f2254a0 selftest/bpf: Fix memory leak in kprobe_multi_test |
| CVE-2022-3534: 8c64a8e76eb85d422af5ec60ccbf26e3ead8c333 libbpf: Fix use-after-free in btf_dump_name_dups |
| CVE-2022-3595: 983ec6379b9bab7bf790aa7df5dc3a461ebad72a cifs: fix double-fault crash during ntlmssp |
| CVE-2023-22997: 052172bb0e4d816cdd3682e4d021d2911b83aa31 module: Fix NULL vs IS_ERR checking for module_get_next_page |
| CVE-2023-26606: 7e686013b7071f4c16644cfad8808e76097724c4 fs/ntfs3: Fix slab-out-of-bounds read in ntfs_trim_fs |
| CVE-2023-28328: 6fbc44731a4665cbe92a5090e9804a388a72214b media: dvb-usb: az6027: fix null-ptr-deref in az6027_i2c_xfer() |
| CVE-2023-3357: 677766555ebd63a81b642a0165eed0dfc63add23 HID: amd_sfh: Add missing check for dma_alloc_coherent |
| |
| CVEs fixed in 6.0.17: |
| CVE-2022-48423: 6f6fc680b28a20b51156645c9f32908ec94eb8c9 fs/ntfs3: Validate resident attribute name |
| CVE-2022-48424: 16e8b2159002e45ed0725eea33860ef154818244 fs/ntfs3: Validate attribute name offset |
| CVE-2023-26544: 18f5468aadeef65501f1d0496a426ccdfd242e69 fs/ntfs3: Fix slab-out-of-bounds read in run_unpack |
| |
| CVEs fixed in 6.0.18: |
| CVE-2022-36280: 4d54d11b49860686331c58a00f733b16a93edfc4 drm/vmwgfx: Validate the box size for the snooped cursor |
| CVE-2022-41218: 55870fc9e45faa9a65860bcd6b0f8ca8c99afe44 media: dvb-core: Fix UAF due to refcount races at releasing |
| |
| CVEs fixed in 6.0.19: |
| CVE-2022-3707: bb84f2e119accfc65d5fa6ebe31751cdc3bca9fb drm/i915/gvt: fix double free bug in split_2MB_gtt_entry |
| CVE-2023-0045: 09f4f4bf0472eaf6781966573ccd2c0eeacee60f x86/bugs: Flush IBP in ib_prctl_set() |
| CVE-2023-0210: 1e7ed525c60d8d51daf2700777071cd0dfb6f807 ksmbd: check nt_len to be at least CIFS_ENCPWD_SIZE in ksmbd_decode_ntlmssp_auth_blob |
| CVE-2023-0461: c1b5dee463cc1e89cfa655d6beff81ec1c0c4258 net/ulp: prevent ULP without clone op from entering the LISTEN status |
| CVE-2023-23454: cde7091efe3fcc0b19f736acd0163499d1fd6d31 net: sched: cbq: dont intepret cls results when asked to drop |
| CVE-2023-23455: bbb870c88576239842602b0f7cc58c361dc8e061 net: sched: atm: dont intepret cls results when asked to drop |
| |
| Outstanding CVEs: |
| CVE-2005-3660: (unk) |
| CVE-2007-3719: (unk) |
| CVE-2008-2544: (unk) |
| CVE-2008-4609: (unk) |
| CVE-2010-4563: (unk) |
| CVE-2010-5321: (unk) |
| CVE-2011-4916: (unk) |
| CVE-2011-4917: (unk) |
| CVE-2012-4542: (unk) |
| CVE-2013-7445: (unk) |
| CVE-2015-2877: (unk) |
| CVE-2016-8660: (unk) |
| CVE-2017-13693: (unk) |
| CVE-2017-13694: (unk) |
| CVE-2018-1121: (unk) |
| CVE-2018-12928: (unk) |
| CVE-2018-12929: (unk) |
| CVE-2018-12930: (unk) |
| CVE-2018-12931: (unk) |
| CVE-2018-17977: (unk) |
| CVE-2019-12456: (unk) |
| CVE-2019-15239: (unk) unknown |
| CVE-2019-15290: (unk) |
| CVE-2019-15902: (unk) unknown |
| CVE-2019-16089: (unk) |
| CVE-2019-19378: (unk) |
| CVE-2019-19814: (unk) |
| CVE-2019-20794: (unk) |
| CVE-2020-0347: (unk) |
| CVE-2020-10708: (unk) |
| CVE-2020-11725: (unk) |
| CVE-2020-14304: (unk) |
| CVE-2020-15802: (unk) |
| CVE-2020-24502: (unk) |
| CVE-2020-24503: (unk) |
| CVE-2020-25220: (unk) |
| CVE-2020-26140: (unk) |
| CVE-2020-26142: (unk) |
| CVE-2020-26143: (unk) |
| CVE-2020-26556: (unk) |
| CVE-2020-26557: (unk) |
| CVE-2020-26559: (unk) |
| CVE-2020-26560: (unk) |
| CVE-2020-35501: (unk) |
| CVE-2021-0399: (unk) |
| CVE-2021-26934: (unk) |
| CVE-2021-3542: (unk) |
| CVE-2021-3714: (unk) |
| CVE-2021-3847: (unk) |
| CVE-2021-3864: (unk) |
| CVE-2021-3892: (unk) |
| CVE-2021-39800: (unk) |
| CVE-2021-39801: (unk) |
| CVE-2022-0400: (unk) |
| CVE-2022-1116: (unk) |
| CVE-2022-1247: (unk) |
| CVE-2022-2196: (unk) KVM: VMX: Execute IBPB on emulated VM-exit when guest has IBRS |
| CVE-2022-2209: (unk) |
| CVE-2022-23825: (unk) |
| CVE-2022-25265: (unk) |
| CVE-2022-26878: (unk) |
| CVE-2022-27672: (unk) x86/speculation: Identify processors vulnerable to SMT RSB predictions |
| CVE-2022-2961: (unk) |
| CVE-2022-3238: (unk) |
| CVE-2022-3522: (unk) mm/hugetlb: use hugetlb_pte_stable in migration race check |
| CVE-2022-3523: (unk) mm/memory.c: fix race when faulting a device private page |
| CVE-2022-3533: (unk) |
| CVE-2022-3544: (unk) |
| CVE-2022-3566: (unk) tcp: Fix data races around icsk->icsk_af_ops. |
| CVE-2022-3567: (unk) ipv6: Fix data races around sk->sk_prot. |
| CVE-2022-3606: (unk) |
| CVE-2022-36402: (unk) |
| CVE-2022-3642: (unk) |
| CVE-2022-38096: (unk) |
| CVE-2022-38457: (unk) drm/vmwgfx: Remove rcu locks from user resources |
| CVE-2022-3903: (unk) media: mceusb: Use new usb_control_msg_*() routines |
| CVE-2022-40133: (unk) drm/vmwgfx: Remove rcu locks from user resources |
| CVE-2022-40982: (unk) x86/speculation: Add Gather Data Sampling mitigation |
| CVE-2022-4129: (unk) l2tp: Serialize access to sk_user_data with sk_callback_lock |
| CVE-2022-41848: (unk) |
| CVE-2022-4269: (unk) act_mirred: use the backlog for nested calls to mirred ingress |
| CVE-2022-4379: (unk) NFSD: fix use-after-free in __nfs42_ssc_open() |
| CVE-2022-4382: (unk) USB: gadgetfs: Fix race between mounting and unmounting |
| CVE-2022-44032: (unk) char: pcmcia: remove all the drivers |
| CVE-2022-44033: (unk) char: pcmcia: remove all the drivers |
| CVE-2022-44034: (unk) |
| CVE-2022-4543: (unk) |
| CVE-2022-45884: (unk) |
| CVE-2022-45885: (unk) |
| CVE-2022-45886: (unk) media: dvb-core: Fix use-after-free due on race condition at dvb_net |
| CVE-2022-45887: (unk) media: ttusb-dec: fix memory leak in ttusb_dec_exit_dvb() |
| CVE-2022-45888: (unk) char: xillybus: Prevent use-after-free due to race condition |
| CVE-2022-45919: (unk) media: dvb-core: Fix use-after-free due to race condition at dvb_ca_en50221 |
| CVE-2022-47929: (unk) net: sched: disallow noqueue for qdisc classes |
| CVE-2022-4842: (unk) fs/ntfs3: Fix attr_punch_hole() null pointer derenference |
| CVE-2022-48425: (unk) fs/ntfs3: Validate MFT flags before replaying logs |
| CVE-2022-48502: (unk) fs/ntfs3: Check fields while reading |
| CVE-2023-0160: (unk) bpf, sockmap: fix deadlocks in the sockhash and sockmap |
| CVE-2023-0179: (unk) netfilter: nft_payload: incorrect arithmetics when fetching VLAN header bits |
| CVE-2023-0266: (unk) ALSA: pcm: Move rwsem lock inside snd_ctl_elem_read to prevent UAF |
| CVE-2023-0386: (unk) ovl: fail on invalid uid/gid mapping at copy up |
| CVE-2023-0394: (unk) ipv6: raw: Deduct extension header length in rawv6_push_pending_frames |
| CVE-2023-0458: (unk) prlimit: do_prlimit needs to have a speculation check |
| CVE-2023-0459: (unk) uaccess: Add speculation barrier to copy_from_user() |
| CVE-2023-0597: (unk) x86/mm: Randomize per-cpu entry area |
| CVE-2023-1032: (unk) net: avoid double iput when sock_alloc_file fails |
| CVE-2023-1073: (unk) HID: check empty report_list in hid_validate_values() |
| CVE-2023-1074: (unk) sctp: fail if no bound addresses can be used for a given scope |
| CVE-2023-1075: (unk) net/tls: tls_is_tx_ready() checked list_entry |
| CVE-2023-1076: (unk) tun: tun_chr_open(): correctly initialize socket uid |
| CVE-2023-1077: (unk) sched/rt: pick_next_rt_entity(): check list_entry |
| CVE-2023-1078: (unk) rds: rds_rm_zerocopy_callback() use list_first_entry() |
| CVE-2023-1079: (unk) HID: asus: use spinlock to safely schedule workers |
| CVE-2023-1118: (unk) media: rc: Fix use-after-free bugs caused by ene_tx_irqsim() |
| CVE-2023-1192: (unk) fs/ntfs3: Validate MFT flags before replaying logs |
| CVE-2023-1193: (unk) ksmbd: delete asynchronous work from list |
| CVE-2023-1194: (unk) ksmbd: fix out-of-bound read in parse_lease_state() |
| CVE-2023-1195: (unk) cifs: fix use-after-free caused by invalid pointer `hostname` |
| CVE-2023-1206: (unk) tcp: Reduce chance of collisions in inet6_hashfn(). |
| CVE-2023-1281: (unk) net/sched: tcindex: update imperfect hash filters respecting rcu |
| CVE-2023-1380: (unk) wifi: brcmfmac: slab-out-of-bounds read in brcmf_get_assoc_ies() |
| CVE-2023-1513: (unk) kvm: initialize all of the kvm_debugregs structure before sending it to userspace |
| CVE-2023-1583: (unk) io_uring/rsrc: fix null-ptr-deref in io_file_bitmap_get() |
| CVE-2023-1611: (unk) btrfs: fix race between quota disable and quota assign ioctls |
| CVE-2023-1652: (unk) NFSD: fix use-after-free in nfsd4_ssc_setup_dul() |
| CVE-2023-1670: (unk) xirc2ps_cs: Fix use after free bug in xirc2ps_detach |
| CVE-2023-1829: (unk) net/sched: Retire tcindex classifier |
| CVE-2023-1855: (unk) hwmon: (xgene) Fix use after free bug in xgene_hwmon_remove due to race condition |
| CVE-2023-1859: (unk) 9p/xen : Fix use after free bug in xen_9pfs_front_remove due to race condition |
| CVE-2023-1989: (unk) Bluetooth: btsdio: fix use after free bug in btsdio_remove due to unfinished work |
| CVE-2023-1990: (unk) nfc: st-nci: Fix use after free bug in ndlc_remove due to race condition |
| CVE-2023-1998: (unk) x86/speculation: Allow enabling STIBP with legacy IBRS |
| CVE-2023-2002: (unk) bluetooth: Perform careful capability checks in hci_sock_ioctl() |
| CVE-2023-20569: (unk) x86/bugs: Increase the x86 bugs vector size to two u32s |
| CVE-2023-20588: (unk) x86/CPU/AMD: Do not leak quotient data after a division by 0 |
| CVE-2023-20593: (unk) x86/cpu/amd: Add a Zenbleed fix |
| CVE-2023-20941: (unk) |
| CVE-2023-21102: (unk) efi: rt-wrapper: Add missing include |
| CVE-2023-21106: (unk) drm/msm/gpu: Fix potential double-free |
| CVE-2023-2124: (unk) xfs: verify buffer contents when we skip log replay |
| CVE-2023-21255: (unk) binder: fix UAF caused by faulty buffer cleanup |
| CVE-2023-21264: (unk) KVM: arm64: Prevent unconditional donation of unmapped regions from the host |
| CVE-2023-21400: (unk) |
| CVE-2023-2156: (unk) net: rpl: fix rpl header size calculation |
| CVE-2023-2162: (unk) scsi: iscsi_tcp: Fix UAF during login when accessing the shost ipaddress |
| CVE-2023-2163: (unk) bpf: Fix incorrect verifier pruning due to missing register precision taints |
| CVE-2023-2176: (unk) RDMA/core: Refactor rdma_bind_addr |
| CVE-2023-2194: (unk) i2c: xgene-slimpro: Fix out-of-bounds bug in xgene_slimpro_i2c_xfer() |
| CVE-2023-2235: (unk) perf: Fix check before add_event_to_groups() in perf_group_detach() |
| CVE-2023-2248: (unk) net: sched: sch_qfq: prevent slab-out-of-bounds in qfq_activate_agg |
| CVE-2023-2269: (unk) dm ioctl: fix nested locking in table_clear() to remove deadlock concern |
| CVE-2023-23039: (unk) |
| CVE-2023-23559: (unk) wifi: rndis_wlan: Prevent buffer overflow in rndis_query_oid |
| CVE-2023-2430: (unk) io_uring/msg_ring: fix missing lock on overflow for IOPOLL |
| CVE-2023-2483: (unk) net: qcom/emac: Fix use after free bug in emac_remove due to race condition |
| CVE-2023-25012: (unk) HID: bigben: use spinlock to safely schedule workers |
| CVE-2023-25775: (unk) RDMA/irdma: Prevent zero-length STAG registration |
| CVE-2023-26242: (unk) |
| CVE-2023-2640: (unk) |
| CVE-2023-26545: (unk) net: mpls: fix stale pointer if allocation fails during device rename |
| CVE-2023-28466: (unk) net: tls: fix possible race condition between do_tls_getsockopt_conf() and do_tls_setsockopt_conf() |
| CVE-2023-28866: (unk) Bluetooth: HCI: Fix global-out-of-bounds |
| CVE-2023-2898: (unk) f2fs: fix to avoid NULL pointer dereference f2fs_write_end_io() |
| CVE-2023-2985: (unk) fs: hfsplus: fix UAF issue in hfsplus_put_super |
| CVE-2023-30456: (unk) KVM: nVMX: add missing consistency checks for CR0 and CR4 |
| CVE-2023-30772: (unk) power: supply: da9150: Fix use after free bug in da9150_charger_remove due to race condition |
| CVE-2023-3090: (unk) ipvlan:Fix out-of-bounds caused by unclear skb->cb |
| CVE-2023-31081: (unk) |
| CVE-2023-31082: (unk) |
| CVE-2023-31083: (unk) Bluetooth: hci_ldisc: check HCI_UART_PROTO_READY flag in HCIUARTGETPROTO |
| CVE-2023-31084: (unk) media: dvb-core: Fix kernel WARNING for blocking operation in wait_event*() |
| CVE-2023-31085: (unk) ubi: Refuse attaching if mtd's erasesize is 0 |
| CVE-2023-3117: (unk) netfilter: nf_tables: incorrect error path handling with NFT_MSG_NEWRULE |
| CVE-2023-31248: (unk) netfilter: nf_tables: do not ignore genmask when looking up chain by id |
| CVE-2023-3141: (unk) memstick: r592: Fix UAF bug in r592_remove due to race condition |
| CVE-2023-31436: (unk) net: sched: sch_qfq: prevent slab-out-of-bounds in qfq_activate_agg |
| CVE-2023-3161: (unk) fbcon: Check font dimension limits |
| CVE-2023-3212: (unk) gfs2: Don't deref jdesc in evict |
| CVE-2023-3220: (unk) drm/msm/dpu: Add check for pstates |
| CVE-2023-32233: (unk) netfilter: nf_tables: deactivate anonymous set from preparation phase |
| CVE-2023-32247: (unk) ksmbd: destroy expired sessions |
| CVE-2023-32248: (unk) ksmbd: fix NULL pointer dereference in smb2_get_info_filesystem() |
| CVE-2023-32250: (unk) ksmbd: fix racy issue from session setup and logoff |
| CVE-2023-32252: (unk) ksmbd: fix racy issue from session setup and logoff |
| CVE-2023-32254: (unk) ksmbd: fix racy issue under cocurrent smb2 tree disconnect |
| CVE-2023-32257: (unk) ksmbd: fix racy issue from session setup and logoff |
| CVE-2023-32258: (unk) ksmbd: fix racy issue from smb2 close and logoff with multichannel |
| CVE-2023-32269: (unk) netrom: Fix use-after-free caused by accept on already connected socket |
| CVE-2023-32629: (unk) |
| CVE-2023-3268: (unk) relayfs: fix out-of-bounds access in relay_file_read |
| CVE-2023-33203: (unk) net: qcom/emac: Fix use after free bug in emac_remove due to race condition |
| CVE-2023-33288: (unk) power: supply: bq24190: Fix use after free bug in bq24190_remove due to race condition |
| CVE-2023-3338: (unk) Remove DECnet support from kernel |
| CVE-2023-3355: (unk) drm/msm/gem: Add check for kmalloc |
| CVE-2023-3358: (unk) HID: intel_ish-hid: Add check for ishtp_dma_tx_map |
| CVE-2023-3359: (unk) nvmem: brcm_nvram: Add check for kzalloc |
| CVE-2023-3390: (unk) netfilter: nf_tables: incorrect error path handling with NFT_MSG_NEWRULE |
| CVE-2023-33951: (unk) drm/vmwgfx: Do not drop the reference to the handle too soon |
| CVE-2023-33952: (unk) drm/vmwgfx: Do not drop the reference to the handle too soon |
| CVE-2023-3397: (unk) |
| CVE-2023-34255: (unk) xfs: verify buffer contents when we skip log replay |
| CVE-2023-34256: (unk) ext4: avoid a potential slab-out-of-bounds in ext4_group_desc_csum |
| CVE-2023-34324: (unk) xen/events: replace evtchn_rwlock with RCU |
| CVE-2023-35001: (unk) netfilter: nf_tables: prevent OOB access in nft_byteorder_eval |
| CVE-2023-3567: (unk) vc_screen: move load of struct vc_data pointer in vcs_read() to avoid UAF |
| CVE-2023-35788: (unk) net/sched: flower: fix possible OOB write in fl_set_geneve_opt() |
| CVE-2023-35823: (unk) media: saa7134: fix use after free bug in saa7134_finidev due to race condition |
| CVE-2023-35824: (unk) media: dm1105: Fix use after free bug in dm1105_remove due to race condition |
| CVE-2023-35826: (unk) media: cedrus: fix use after free bug in cedrus_remove due to race condition |
| CVE-2023-35827: (unk) ravb: Fix use-after-free issue in ravb_tx_timeout_work() |
| CVE-2023-35828: (unk) usb: gadget: udc: renesas_usb3: Fix use after free bug in renesas_usb3_remove due to race condition |
| CVE-2023-35829: (unk) media: rkvdec: fix use after free bug in rkvdec_remove |
| CVE-2023-3609: (unk) net/sched: cls_u32: Fix reference counter leak leading to overflow |
| CVE-2023-3610: (unk) netfilter: nf_tables: fix chain binding transaction logic |
| CVE-2023-3611: (unk) net/sched: sch_qfq: account for stab overhead in qfq_enqueue |
| CVE-2023-3640: (unk) |
| CVE-2023-37454: (unk) |
| CVE-2023-3772: (unk) xfrm: add NULL check in xfrm_update_ae_params |
| CVE-2023-3773: (unk) xfrm: add forgotten nla_policy for XFRMA_MTIMER_THRESH |
| CVE-2023-3776: (unk) net/sched: cls_fw: Fix improper refcount update leads to use-after-free |
| CVE-2023-3777: (unk) netfilter: nf_tables: skip bound chain on rule flush |
| CVE-2023-38409: (unk) fbcon: set_con2fb_map needs to set con2fb_map! |
| CVE-2023-38426: (unk) ksmbd: fix global-out-of-bounds in smb2_find_context_vals |
| CVE-2023-38427: (unk) ksmbd: fix out-of-bound read in deassemble_neg_contexts() |
| CVE-2023-38428: (unk) ksmbd: fix wrong UserName check in session_user |
| CVE-2023-38429: (unk) ksmbd: allocate one more byte for implied bcc[0] |
| CVE-2023-38430: (unk) ksmbd: validate smb request protocol id |
| CVE-2023-38431: (unk) ksmbd: check the validation of pdu_size in ksmbd_conn_handler_loop |
| CVE-2023-38432: (unk) ksmbd: validate command payload size |
| CVE-2023-3863: (unk) net: nfc: Fix use-after-free caused by nfc_llcp_find_local |
| CVE-2023-3865: (unk) ksmbd: fix out-of-bound read in smb2_write |
| CVE-2023-3866: (unk) ksmbd: validate session id and tree id in the compound request |
| CVE-2023-3867: (unk) ksmbd: add missing compound request handing in some commands |
| CVE-2023-39189: (unk) netfilter: nfnetlink_osf: avoid OOB read |
| CVE-2023-39191: (unk) bpf: Fix state pruning for STACK_DYNPTR stack slots |
| CVE-2023-39192: (unk) netfilter: xt_u32: validate user space input |
| CVE-2023-39193: (unk) netfilter: xt_sctp: validate the flag_info count |
| CVE-2023-39194: (unk) net: xfrm: Fix xfrm_address_filter OOB read |
| CVE-2023-4004: (unk) netfilter: nft_set_pipapo: fix improper element removal |
| CVE-2023-4010: (unk) |
| CVE-2023-4015: (unk) netfilter: nf_tables: skip immediate deactivate in _PREPARE_ERROR |
| CVE-2023-40283: (unk) Bluetooth: L2CAP: Fix use-after-free in l2cap_sock_ready_cb |
| CVE-2023-4128: (unk) net/sched: cls_u32: No longer copy tcf_result on update to avoid use-after-free |
| CVE-2023-4132: (unk) media: usb: siano: Fix warning due to null work_func_t function pointer |
| CVE-2023-4133: (unk) cxgb4: fix use after free bugs caused by circular dependency problem |
| CVE-2023-4134: (unk) Input: cyttsp4_core - change del_timer_sync() to timer_shutdown_sync() |
| CVE-2023-4147: (unk) netfilter: nf_tables: disallow rule addition to bound chain via NFTA_RULE_CHAIN_ID |
| CVE-2023-4155: (unk) KVM: SEV: only access GHCB fields once |
| CVE-2023-4206: (unk) net/sched: cls_route: No longer copy tcf_result on update to avoid use-after-free |
| CVE-2023-4207: (unk) net/sched: cls_fw: No longer copy tcf_result on update to avoid use-after-free |
| CVE-2023-4208: (unk) net/sched: cls_u32: No longer copy tcf_result on update to avoid use-after-free |
| CVE-2023-4244: (unk) netfilter: nf_tables: fix GC transaction races with netns and netlink event exit path |
| CVE-2023-4273: (unk) exfat: check if filename entries exceeds max filename length |
| CVE-2023-42752: (unk) igmp: limit igmpv3_newpack() packet size to IP_MAX_MTU |
| CVE-2023-42753: (unk) netfilter: ipset: add the missing IP_SET_HASH_WITH_NET0 macro for ip_set_hash_netportnet.c |
| CVE-2023-42754: (unk) ipv4: fix null-deref in ipv4_link_failure |
| CVE-2023-42755: (unk) net/sched: Retire rsvp classifier |
| CVE-2023-44466: (unk) libceph: harden msgr2.1 frame segment length checks |
| CVE-2023-4563: (unk) netfilter: nf_tables: don't skip expired elements during walk |
| CVE-2023-4569: (unk) netfilter: nf_tables: deactivate catchall elements in next generation |
| CVE-2023-45862: (unk) USB: ene_usb6250: Allocate enough memory for full object |
| CVE-2023-45863: (unk) kobject: Fix slab-out-of-bounds in fill_kobj_path() |
| CVE-2023-45871: (unk) igb: set max size RX buffer when store bad packet is enabled |
| CVE-2023-4610: (unk) Revert "mm: vmscan: make global slab shrink lockless" |
| CVE-2023-4622: (unk) unix: Convert unix_stream_sendpage() to use MSG_SPLICE_PAGES |
| CVE-2023-4623: (unk) net/sched: sch_hfsc: Ensure inner classes have fsc curve |
| CVE-2023-46813: (unk) x86/sev: Check for user-space IOIO pointing to kernel space |
| CVE-2023-46862: (unk) io_uring/fdinfo: lock SQ thread while retrieving thread cpu/pid |
| CVE-2023-47233: (unk) |
| CVE-2023-4881: (unk) netfilter: nftables: exthdr: fix 4-byte stack OOB write |
| CVE-2023-4921: (unk) net: sched: sch_qfq: Fix UAF in qfq_dequeue() |
| CVE-2023-5090: (unk) x86: KVM: SVM: always update the x2avic msr interception |
| CVE-2023-5158: (unk) vringh: don't use vringh_kiov_advance() in vringh_iov_xfer() |
| CVE-2023-5178: (unk) nvmet-tcp: Fix a possible UAF in queue intialization setup |
| CVE-2023-5197: (unk) netfilter: nf_tables: disallow rule removal from chain binding |
| CVE-2023-5633: (unk) drm/vmwgfx: Keep a gem reference to user bos in surfaces |
| CVE-2023-5717: (unk) perf: Disallow mis-matched inherited group reads |
