Update 3Aug22 [ci skip]
diff --git a/CHANGES.md b/CHANGES.md index e4bc26e..ef25b26 100644 --- a/CHANGES.md +++ b/CHANGES.md
@@ -1,15 +1,31 @@ # **Linux Kernel CVE Changes** -## Last Update - 28Jul22 12:00 +## Last Update - 04Aug22 04:16 ### **New CVEs Added:** -[CVE-2022-36879](cves/CVE-2022-36879) -[CVE-2022-36946](cves/CVE-2022-36946) +[CVE-2022-20158](cves/CVE-2022-20158) +[CVE-2022-20368](cves/CVE-2022-20368) +[CVE-2022-20369](cves/CVE-2022-20369) +[CVE-2022-36123](cves/CVE-2022-36123) + + +### **New Versions Checked:** + +[4.14.290](streams/4.14) +[4.19.254](streams/4.19) +[4.9.325](streams/4.9) +[5.10.135](streams/5.10) +[5.15.59](streams/5.15) +[5.18.16](streams/5.18) +[5.19](streams/5.19) +[5.4.209](streams/5.4) ### **Updated CVEs:** -[CVE-2021-33655](cves/CVE-2021-33655) [CVE-2022-21505](cves/CVE-2022-21505) +[CVE-2022-2327](cves/CVE-2022-2327) +[CVE-2022-36879](cves/CVE-2022-36879) +[CVE-2022-36946](cves/CVE-2022-36946)
diff --git a/data/3.12/3.12_CVEs.txt b/data/3.12/3.12_CVEs.txt index be93dd8..c5dfdec 100644 --- a/data/3.12/3.12_CVEs.txt +++ b/data/3.12/3.12_CVEs.txt
@@ -1118,7 +1118,10 @@ CVE-2022-20132: Fix not seen in stream CVE-2022-20141: Fix not seen in stream CVE-2022-20148: Fix not seen in stream +CVE-2022-20158: Fix unknown CVE-2022-20166: Fix not seen in stream +CVE-2022-20368: Fix not seen in stream +CVE-2022-20369: Fix not seen in stream CVE-2022-21123: Fix not seen in stream CVE-2022-21125: Fix not seen in stream CVE-2022-21166: Fix not seen in stream @@ -1133,7 +1136,7 @@ CVE-2022-23042: Fix not seen in stream CVE-2022-2318: Fix not seen in stream CVE-2022-23222: Fix not seen in stream -CVE-2022-2327: Fix unknown +CVE-2022-2327: Fix not seen in stream CVE-2022-2380: Fix not seen in stream CVE-2022-23816: Fix unknown CVE-2022-23825: Fix unknown @@ -1155,5 +1158,6 @@ CVE-2022-33742: Fix not seen in stream CVE-2022-33744: Fix not seen in stream CVE-2022-33981: Fix not seen in stream +CVE-2022-36123: Fix not seen in stream CVE-2022-36879: Fix not seen in stream -CVE-2022-36946: Fix unknown +CVE-2022-36946: Fix not seen in stream
diff --git a/data/3.12/3.12_security.txt b/data/3.12/3.12_security.txt index 6752e6c..a2bf77a 100644 --- a/data/3.12/3.12_security.txt +++ b/data/3.12/3.12_security.txt
@@ -1256,7 +1256,10 @@ CVE-2022-20132: (unk) HID: add hid_is_usb() function to make it simpler for USB detection CVE-2022-20141: (unk) igmp: Add ip_mc_list lock in ip_check_mc_rcu CVE-2022-20148: (unk) f2fs: fix UAF in f2fs_available_free_memory + CVE-2022-20158: (unk) CVE-2022-20166: (unk) drivers core: Use sysfs_emit and sysfs_emit_at for show(device *...) functions + CVE-2022-20368: (unk) net/packet: fix slab-out-of-bounds access in packet_recvmsg() + CVE-2022-20369: (unk) media: v4l2-mem2mem: Apply DST_QUEUE_OFF_BASE on MMAP buffers across ioctls CVE-2022-21123: (unk) x86/speculation/mmio: Add mitigation for Processor MMIO Stale Data CVE-2022-21125: (unk) x86/speculation/mmio: Reuse SRBDS mitigation for SBDS CVE-2022-21166: (unk) x86/speculation/mmio: Enable CPU Fill buffer clearing on idle @@ -1271,7 +1274,7 @@ CVE-2022-23042: (unk) xen/netfront: react properly to failing gnttab_end_foreign_access_ref() CVE-2022-2318: (unk) net: rose: fix UAF bugs caused by timer handler CVE-2022-23222: (unk) bpf: Replace PTR_TO_XXX_OR_NULL with PTR_TO_XXX | PTR_MAYBE_NULL - CVE-2022-2327: (unk) + CVE-2022-2327: (unk) io_uring: remove any grabbing of context CVE-2022-2380: (unk) video: fbdev: sm712fb: Fix crash in smtcfb_read() CVE-2022-23816: (unk) CVE-2022-23825: (unk) @@ -1293,5 +1296,6 @@ CVE-2022-33742: (unk) xen/blkfront: force data bouncing when backend is untrusted CVE-2022-33744: (unk) xen/arm: Fix race in RB-tree based P2M accounting CVE-2022-33981: (unk) floppy: disable FDRAWCMD by default + CVE-2022-36123: (unk) x86: Clear .brk area at early boot CVE-2022-36879: (unk) xfrm: xfrm_policy: fix a possible double xfrm_pols_put() in xfrm_bundle_lookup() - CVE-2022-36946: (unk) + CVE-2022-36946: (unk) netfilter: nf_queue: do not allow packet truncation below transport header offset
diff --git a/data/3.14/3.14_CVEs.txt b/data/3.14/3.14_CVEs.txt index a739796..bcbfb8c 100644 --- a/data/3.14/3.14_CVEs.txt +++ b/data/3.14/3.14_CVEs.txt
@@ -1086,7 +1086,10 @@ CVE-2022-20132: Fix not seen in stream CVE-2022-20141: Fix not seen in stream CVE-2022-20148: Fix not seen in stream +CVE-2022-20158: Fix unknown CVE-2022-20166: Fix not seen in stream +CVE-2022-20368: Fix not seen in stream +CVE-2022-20369: Fix not seen in stream CVE-2022-21123: Fix not seen in stream CVE-2022-21125: Fix not seen in stream CVE-2022-21166: Fix not seen in stream @@ -1101,7 +1104,7 @@ CVE-2022-23042: Fix not seen in stream CVE-2022-2318: Fix not seen in stream CVE-2022-23222: Fix not seen in stream -CVE-2022-2327: Fix unknown +CVE-2022-2327: Fix not seen in stream CVE-2022-2380: Fix not seen in stream CVE-2022-23816: Fix unknown CVE-2022-23825: Fix unknown @@ -1124,5 +1127,6 @@ CVE-2022-33742: Fix not seen in stream CVE-2022-33744: Fix not seen in stream CVE-2022-33981: Fix not seen in stream +CVE-2022-36123: Fix not seen in stream CVE-2022-36879: Fix not seen in stream -CVE-2022-36946: Fix unknown +CVE-2022-36946: Fix not seen in stream
diff --git a/data/3.14/3.14_security.txt b/data/3.14/3.14_security.txt index 4d33d6c..aae8836 100644 --- a/data/3.14/3.14_security.txt +++ b/data/3.14/3.14_security.txt
@@ -1220,7 +1220,10 @@ CVE-2022-20132: (unk) HID: add hid_is_usb() function to make it simpler for USB detection CVE-2022-20141: (unk) igmp: Add ip_mc_list lock in ip_check_mc_rcu CVE-2022-20148: (unk) f2fs: fix UAF in f2fs_available_free_memory + CVE-2022-20158: (unk) CVE-2022-20166: (unk) drivers core: Use sysfs_emit and sysfs_emit_at for show(device *...) functions + CVE-2022-20368: (unk) net/packet: fix slab-out-of-bounds access in packet_recvmsg() + CVE-2022-20369: (unk) media: v4l2-mem2mem: Apply DST_QUEUE_OFF_BASE on MMAP buffers across ioctls CVE-2022-21123: (unk) x86/speculation/mmio: Add mitigation for Processor MMIO Stale Data CVE-2022-21125: (unk) x86/speculation/mmio: Reuse SRBDS mitigation for SBDS CVE-2022-21166: (unk) x86/speculation/mmio: Enable CPU Fill buffer clearing on idle @@ -1235,7 +1238,7 @@ CVE-2022-23042: (unk) xen/netfront: react properly to failing gnttab_end_foreign_access_ref() CVE-2022-2318: (unk) net: rose: fix UAF bugs caused by timer handler CVE-2022-23222: (unk) bpf: Replace PTR_TO_XXX_OR_NULL with PTR_TO_XXX | PTR_MAYBE_NULL - CVE-2022-2327: (unk) + CVE-2022-2327: (unk) io_uring: remove any grabbing of context CVE-2022-2380: (unk) video: fbdev: sm712fb: Fix crash in smtcfb_read() CVE-2022-23816: (unk) CVE-2022-23825: (unk) @@ -1258,5 +1261,6 @@ CVE-2022-33742: (unk) xen/blkfront: force data bouncing when backend is untrusted CVE-2022-33744: (unk) xen/arm: Fix race in RB-tree based P2M accounting CVE-2022-33981: (unk) floppy: disable FDRAWCMD by default + CVE-2022-36123: (unk) x86: Clear .brk area at early boot CVE-2022-36879: (unk) xfrm: xfrm_policy: fix a possible double xfrm_pols_put() in xfrm_bundle_lookup() - CVE-2022-36946: (unk) + CVE-2022-36946: (unk) netfilter: nf_queue: do not allow packet truncation below transport header offset
diff --git a/data/3.16/3.16_CVEs.txt b/data/3.16/3.16_CVEs.txt index 78d17a1..1f5d6e8 100644 --- a/data/3.16/3.16_CVEs.txt +++ b/data/3.16/3.16_CVEs.txt
@@ -1067,7 +1067,10 @@ CVE-2022-20132: Fix not seen in stream CVE-2022-20141: Fix not seen in stream CVE-2022-20148: Fix not seen in stream +CVE-2022-20158: Fix unknown CVE-2022-20166: Fix not seen in stream +CVE-2022-20368: Fix not seen in stream +CVE-2022-20369: Fix not seen in stream CVE-2022-21123: Fix not seen in stream CVE-2022-21125: Fix not seen in stream CVE-2022-21166: Fix not seen in stream @@ -1082,7 +1085,7 @@ CVE-2022-23042: Fix not seen in stream CVE-2022-2318: Fix not seen in stream CVE-2022-23222: Fix not seen in stream -CVE-2022-2327: Fix unknown +CVE-2022-2327: Fix not seen in stream CVE-2022-2380: Fix not seen in stream CVE-2022-23816: Fix unknown CVE-2022-23825: Fix unknown @@ -1106,5 +1109,6 @@ CVE-2022-33742: Fix not seen in stream CVE-2022-33744: Fix not seen in stream CVE-2022-33981: Fix not seen in stream +CVE-2022-36123: Fix not seen in stream CVE-2022-36879: Fix not seen in stream -CVE-2022-36946: Fix unknown +CVE-2022-36946: Fix not seen in stream
diff --git a/data/3.16/3.16_security.txt b/data/3.16/3.16_security.txt index 7fe2be4..192ec4f 100644 --- a/data/3.16/3.16_security.txt +++ b/data/3.16/3.16_security.txt
@@ -1173,7 +1173,10 @@ CVE-2022-20132: (unk) HID: add hid_is_usb() function to make it simpler for USB detection CVE-2022-20141: (unk) igmp: Add ip_mc_list lock in ip_check_mc_rcu CVE-2022-20148: (unk) f2fs: fix UAF in f2fs_available_free_memory + CVE-2022-20158: (unk) CVE-2022-20166: (unk) drivers core: Use sysfs_emit and sysfs_emit_at for show(device *...) functions + CVE-2022-20368: (unk) net/packet: fix slab-out-of-bounds access in packet_recvmsg() + CVE-2022-20369: (unk) media: v4l2-mem2mem: Apply DST_QUEUE_OFF_BASE on MMAP buffers across ioctls CVE-2022-21123: (unk) x86/speculation/mmio: Add mitigation for Processor MMIO Stale Data CVE-2022-21125: (unk) x86/speculation/mmio: Reuse SRBDS mitigation for SBDS CVE-2022-21166: (unk) x86/speculation/mmio: Enable CPU Fill buffer clearing on idle @@ -1188,7 +1191,7 @@ CVE-2022-23042: (unk) xen/netfront: react properly to failing gnttab_end_foreign_access_ref() CVE-2022-2318: (unk) net: rose: fix UAF bugs caused by timer handler CVE-2022-23222: (unk) bpf: Replace PTR_TO_XXX_OR_NULL with PTR_TO_XXX | PTR_MAYBE_NULL - CVE-2022-2327: (unk) + CVE-2022-2327: (unk) io_uring: remove any grabbing of context CVE-2022-2380: (unk) video: fbdev: sm712fb: Fix crash in smtcfb_read() CVE-2022-23816: (unk) CVE-2022-23825: (unk) @@ -1212,5 +1215,6 @@ CVE-2022-33742: (unk) xen/blkfront: force data bouncing when backend is untrusted CVE-2022-33744: (unk) xen/arm: Fix race in RB-tree based P2M accounting CVE-2022-33981: (unk) floppy: disable FDRAWCMD by default + CVE-2022-36123: (unk) x86: Clear .brk area at early boot CVE-2022-36879: (unk) xfrm: xfrm_policy: fix a possible double xfrm_pols_put() in xfrm_bundle_lookup() - CVE-2022-36946: (unk) + CVE-2022-36946: (unk) netfilter: nf_queue: do not allow packet truncation below transport header offset
diff --git a/data/3.18/3.18_CVEs.txt b/data/3.18/3.18_CVEs.txt index 835f587..8a13fdb 100644 --- a/data/3.18/3.18_CVEs.txt +++ b/data/3.18/3.18_CVEs.txt
@@ -1051,7 +1051,10 @@ CVE-2022-20132: Fix not seen in stream CVE-2022-20141: Fix not seen in stream CVE-2022-20148: Fix not seen in stream +CVE-2022-20158: Fix unknown CVE-2022-20166: Fix not seen in stream +CVE-2022-20368: Fix not seen in stream +CVE-2022-20369: Fix not seen in stream CVE-2022-21123: Fix not seen in stream CVE-2022-21125: Fix not seen in stream CVE-2022-21166: Fix not seen in stream @@ -1066,7 +1069,7 @@ CVE-2022-23042: Fix not seen in stream CVE-2022-2318: Fix not seen in stream CVE-2022-23222: Fix not seen in stream -CVE-2022-2327: Fix unknown +CVE-2022-2327: Fix not seen in stream CVE-2022-2380: Fix not seen in stream CVE-2022-23816: Fix unknown CVE-2022-23825: Fix unknown @@ -1091,5 +1094,6 @@ CVE-2022-33742: Fix not seen in stream CVE-2022-33744: Fix not seen in stream CVE-2022-33981: Fix not seen in stream +CVE-2022-36123: Fix not seen in stream CVE-2022-36879: Fix not seen in stream -CVE-2022-36946: Fix unknown +CVE-2022-36946: Fix not seen in stream
diff --git a/data/3.18/3.18_security.txt b/data/3.18/3.18_security.txt index f5da445..42b95f9 100644 --- a/data/3.18/3.18_security.txt +++ b/data/3.18/3.18_security.txt
@@ -1285,7 +1285,10 @@ CVE-2022-20132: (unk) HID: add hid_is_usb() function to make it simpler for USB detection CVE-2022-20141: (unk) igmp: Add ip_mc_list lock in ip_check_mc_rcu CVE-2022-20148: (unk) f2fs: fix UAF in f2fs_available_free_memory + CVE-2022-20158: (unk) CVE-2022-20166: (unk) drivers core: Use sysfs_emit and sysfs_emit_at for show(device *...) functions + CVE-2022-20368: (unk) net/packet: fix slab-out-of-bounds access in packet_recvmsg() + CVE-2022-20369: (unk) media: v4l2-mem2mem: Apply DST_QUEUE_OFF_BASE on MMAP buffers across ioctls CVE-2022-21123: (unk) x86/speculation/mmio: Add mitigation for Processor MMIO Stale Data CVE-2022-21125: (unk) x86/speculation/mmio: Reuse SRBDS mitigation for SBDS CVE-2022-21166: (unk) x86/speculation/mmio: Enable CPU Fill buffer clearing on idle @@ -1300,7 +1303,7 @@ CVE-2022-23042: (unk) xen/netfront: react properly to failing gnttab_end_foreign_access_ref() CVE-2022-2318: (unk) net: rose: fix UAF bugs caused by timer handler CVE-2022-23222: (unk) bpf: Replace PTR_TO_XXX_OR_NULL with PTR_TO_XXX | PTR_MAYBE_NULL - CVE-2022-2327: (unk) + CVE-2022-2327: (unk) io_uring: remove any grabbing of context CVE-2022-2380: (unk) video: fbdev: sm712fb: Fix crash in smtcfb_read() CVE-2022-23816: (unk) CVE-2022-23825: (unk) @@ -1325,5 +1328,6 @@ CVE-2022-33742: (unk) xen/blkfront: force data bouncing when backend is untrusted CVE-2022-33744: (unk) xen/arm: Fix race in RB-tree based P2M accounting CVE-2022-33981: (unk) floppy: disable FDRAWCMD by default + CVE-2022-36123: (unk) x86: Clear .brk area at early boot CVE-2022-36879: (unk) xfrm: xfrm_policy: fix a possible double xfrm_pols_put() in xfrm_bundle_lookup() - CVE-2022-36946: (unk) + CVE-2022-36946: (unk) netfilter: nf_queue: do not allow packet truncation below transport header offset
diff --git a/data/3.2/3.2_CVEs.txt b/data/3.2/3.2_CVEs.txt index fd02766..ca96df4 100644 --- a/data/3.2/3.2_CVEs.txt +++ b/data/3.2/3.2_CVEs.txt
@@ -1103,7 +1103,10 @@ CVE-2022-20132: Fix not seen in stream CVE-2022-20141: Fix not seen in stream CVE-2022-20148: Fix not seen in stream +CVE-2022-20158: Fix unknown CVE-2022-20166: Fix not seen in stream +CVE-2022-20368: Fix not seen in stream +CVE-2022-20369: Fix not seen in stream CVE-2022-21123: Fix not seen in stream CVE-2022-21125: Fix not seen in stream CVE-2022-21166: Fix not seen in stream @@ -1117,7 +1120,7 @@ CVE-2022-23042: Fix not seen in stream CVE-2022-2318: Fix not seen in stream CVE-2022-23222: Fix not seen in stream -CVE-2022-2327: Fix unknown +CVE-2022-2327: Fix not seen in stream CVE-2022-2380: Fix not seen in stream CVE-2022-23816: Fix unknown CVE-2022-23825: Fix unknown @@ -1136,5 +1139,6 @@ CVE-2022-33742: Fix not seen in stream CVE-2022-33744: Fix not seen in stream CVE-2022-33981: Fix not seen in stream +CVE-2022-36123: Fix not seen in stream CVE-2022-36879: Fix not seen in stream -CVE-2022-36946: Fix unknown +CVE-2022-36946: Fix not seen in stream
diff --git a/data/3.2/3.2_security.txt b/data/3.2/3.2_security.txt index 8aa422e..a622238 100644 --- a/data/3.2/3.2_security.txt +++ b/data/3.2/3.2_security.txt
@@ -1259,7 +1259,10 @@ CVE-2022-20132: (unk) HID: add hid_is_usb() function to make it simpler for USB detection CVE-2022-20141: (unk) igmp: Add ip_mc_list lock in ip_check_mc_rcu CVE-2022-20148: (unk) f2fs: fix UAF in f2fs_available_free_memory + CVE-2022-20158: (unk) CVE-2022-20166: (unk) drivers core: Use sysfs_emit and sysfs_emit_at for show(device *...) functions + CVE-2022-20368: (unk) net/packet: fix slab-out-of-bounds access in packet_recvmsg() + CVE-2022-20369: (unk) media: v4l2-mem2mem: Apply DST_QUEUE_OFF_BASE on MMAP buffers across ioctls CVE-2022-21123: (unk) x86/speculation/mmio: Add mitigation for Processor MMIO Stale Data CVE-2022-21125: (unk) x86/speculation/mmio: Reuse SRBDS mitigation for SBDS CVE-2022-21166: (unk) x86/speculation/mmio: Enable CPU Fill buffer clearing on idle @@ -1273,7 +1276,7 @@ CVE-2022-23042: (unk) xen/netfront: react properly to failing gnttab_end_foreign_access_ref() CVE-2022-2318: (unk) net: rose: fix UAF bugs caused by timer handler CVE-2022-23222: (unk) bpf: Replace PTR_TO_XXX_OR_NULL with PTR_TO_XXX | PTR_MAYBE_NULL - CVE-2022-2327: (unk) + CVE-2022-2327: (unk) io_uring: remove any grabbing of context CVE-2022-2380: (unk) video: fbdev: sm712fb: Fix crash in smtcfb_read() CVE-2022-23816: (unk) CVE-2022-23825: (unk) @@ -1292,5 +1295,6 @@ CVE-2022-33742: (unk) xen/blkfront: force data bouncing when backend is untrusted CVE-2022-33744: (unk) xen/arm: Fix race in RB-tree based P2M accounting CVE-2022-33981: (unk) floppy: disable FDRAWCMD by default + CVE-2022-36123: (unk) x86: Clear .brk area at early boot CVE-2022-36879: (unk) xfrm: xfrm_policy: fix a possible double xfrm_pols_put() in xfrm_bundle_lookup() - CVE-2022-36946: (unk) + CVE-2022-36946: (unk) netfilter: nf_queue: do not allow packet truncation below transport header offset
diff --git a/data/4.1/4.1_CVEs.txt b/data/4.1/4.1_CVEs.txt index 3f58936..19bc4fc 100644 --- a/data/4.1/4.1_CVEs.txt +++ b/data/4.1/4.1_CVEs.txt
@@ -1009,7 +1009,10 @@ CVE-2022-20132: Fix not seen in stream CVE-2022-20141: Fix not seen in stream CVE-2022-20148: Fix not seen in stream +CVE-2022-20158: Fix unknown CVE-2022-20166: Fix not seen in stream +CVE-2022-20368: Fix not seen in stream +CVE-2022-20369: Fix not seen in stream CVE-2022-21123: Fix not seen in stream CVE-2022-21125: Fix not seen in stream CVE-2022-21166: Fix not seen in stream @@ -1024,7 +1027,7 @@ CVE-2022-23042: Fix not seen in stream CVE-2022-2318: Fix not seen in stream CVE-2022-23222: Fix not seen in stream -CVE-2022-2327: Fix unknown +CVE-2022-2327: Fix not seen in stream CVE-2022-2380: Fix not seen in stream CVE-2022-23816: Fix unknown CVE-2022-23825: Fix unknown @@ -1052,5 +1055,6 @@ CVE-2022-33744: Fix not seen in stream CVE-2022-33981: Fix not seen in stream CVE-2022-34918: Fix not seen in stream +CVE-2022-36123: Fix not seen in stream CVE-2022-36879: Fix not seen in stream -CVE-2022-36946: Fix unknown +CVE-2022-36946: Fix not seen in stream
diff --git a/data/4.1/4.1_security.txt b/data/4.1/4.1_security.txt index 13c5865..4a93f77 100644 --- a/data/4.1/4.1_security.txt +++ b/data/4.1/4.1_security.txt
@@ -1105,7 +1105,10 @@ CVE-2022-20132: (unk) HID: add hid_is_usb() function to make it simpler for USB detection CVE-2022-20141: (unk) igmp: Add ip_mc_list lock in ip_check_mc_rcu CVE-2022-20148: (unk) f2fs: fix UAF in f2fs_available_free_memory + CVE-2022-20158: (unk) CVE-2022-20166: (unk) drivers core: Use sysfs_emit and sysfs_emit_at for show(device *...) functions + CVE-2022-20368: (unk) net/packet: fix slab-out-of-bounds access in packet_recvmsg() + CVE-2022-20369: (unk) media: v4l2-mem2mem: Apply DST_QUEUE_OFF_BASE on MMAP buffers across ioctls CVE-2022-21123: (unk) x86/speculation/mmio: Add mitigation for Processor MMIO Stale Data CVE-2022-21125: (unk) x86/speculation/mmio: Reuse SRBDS mitigation for SBDS CVE-2022-21166: (unk) x86/speculation/mmio: Enable CPU Fill buffer clearing on idle @@ -1120,7 +1123,7 @@ CVE-2022-23042: (unk) xen/netfront: react properly to failing gnttab_end_foreign_access_ref() CVE-2022-2318: (unk) net: rose: fix UAF bugs caused by timer handler CVE-2022-23222: (unk) bpf: Replace PTR_TO_XXX_OR_NULL with PTR_TO_XXX | PTR_MAYBE_NULL - CVE-2022-2327: (unk) + CVE-2022-2327: (unk) io_uring: remove any grabbing of context CVE-2022-2380: (unk) video: fbdev: sm712fb: Fix crash in smtcfb_read() CVE-2022-23816: (unk) CVE-2022-23825: (unk) @@ -1148,5 +1151,6 @@ CVE-2022-33744: (unk) xen/arm: Fix race in RB-tree based P2M accounting CVE-2022-33981: (unk) floppy: disable FDRAWCMD by default CVE-2022-34918: (unk) netfilter: nf_tables: stricter validation of element data + CVE-2022-36123: (unk) x86: Clear .brk area at early boot CVE-2022-36879: (unk) xfrm: xfrm_policy: fix a possible double xfrm_pols_put() in xfrm_bundle_lookup() - CVE-2022-36946: (unk) + CVE-2022-36946: (unk) netfilter: nf_queue: do not allow packet truncation below transport header offset
diff --git a/data/4.10/4.10_CVEs.txt b/data/4.10/4.10_CVEs.txt index ebd6e8b..5e6655c 100644 --- a/data/4.10/4.10_CVEs.txt +++ b/data/4.10/4.10_CVEs.txt
@@ -905,7 +905,10 @@ CVE-2022-20132: Fix not seen in stream CVE-2022-20141: Fix not seen in stream CVE-2022-20148: Fix not seen in stream +CVE-2022-20158: Fix unknown CVE-2022-20166: Fix not seen in stream +CVE-2022-20368: Fix not seen in stream +CVE-2022-20369: Fix not seen in stream CVE-2022-21123: Fix not seen in stream CVE-2022-21125: Fix not seen in stream CVE-2022-21166: Fix not seen in stream @@ -920,7 +923,7 @@ CVE-2022-23042: Fix not seen in stream CVE-2022-2318: Fix not seen in stream CVE-2022-23222: Fix not seen in stream -CVE-2022-2327: Fix unknown +CVE-2022-2327: Fix not seen in stream CVE-2022-2380: Fix not seen in stream CVE-2022-23816: Fix unknown CVE-2022-23825: Fix unknown @@ -949,5 +952,6 @@ CVE-2022-33744: Fix not seen in stream CVE-2022-33981: Fix not seen in stream CVE-2022-34918: Fix not seen in stream +CVE-2022-36123: Fix not seen in stream CVE-2022-36879: Fix not seen in stream -CVE-2022-36946: Fix unknown +CVE-2022-36946: Fix not seen in stream
diff --git a/data/4.10/4.10_security.txt b/data/4.10/4.10_security.txt index 0fda8e4..56351be 100644 --- a/data/4.10/4.10_security.txt +++ b/data/4.10/4.10_security.txt
@@ -939,7 +939,10 @@ CVE-2022-20132: (unk) HID: add hid_is_usb() function to make it simpler for USB detection CVE-2022-20141: (unk) igmp: Add ip_mc_list lock in ip_check_mc_rcu CVE-2022-20148: (unk) f2fs: fix UAF in f2fs_available_free_memory + CVE-2022-20158: (unk) CVE-2022-20166: (unk) drivers core: Use sysfs_emit and sysfs_emit_at for show(device *...) functions + CVE-2022-20368: (unk) net/packet: fix slab-out-of-bounds access in packet_recvmsg() + CVE-2022-20369: (unk) media: v4l2-mem2mem: Apply DST_QUEUE_OFF_BASE on MMAP buffers across ioctls CVE-2022-21123: (unk) x86/speculation/mmio: Add mitigation for Processor MMIO Stale Data CVE-2022-21125: (unk) x86/speculation/mmio: Reuse SRBDS mitigation for SBDS CVE-2022-21166: (unk) x86/speculation/mmio: Enable CPU Fill buffer clearing on idle @@ -954,7 +957,7 @@ CVE-2022-23042: (unk) xen/netfront: react properly to failing gnttab_end_foreign_access_ref() CVE-2022-2318: (unk) net: rose: fix UAF bugs caused by timer handler CVE-2022-23222: (unk) bpf: Replace PTR_TO_XXX_OR_NULL with PTR_TO_XXX | PTR_MAYBE_NULL - CVE-2022-2327: (unk) + CVE-2022-2327: (unk) io_uring: remove any grabbing of context CVE-2022-2380: (unk) video: fbdev: sm712fb: Fix crash in smtcfb_read() CVE-2022-23816: (unk) CVE-2022-23825: (unk) @@ -983,5 +986,6 @@ CVE-2022-33744: (unk) xen/arm: Fix race in RB-tree based P2M accounting CVE-2022-33981: (unk) floppy: disable FDRAWCMD by default CVE-2022-34918: (unk) netfilter: nf_tables: stricter validation of element data + CVE-2022-36123: (unk) x86: Clear .brk area at early boot CVE-2022-36879: (unk) xfrm: xfrm_policy: fix a possible double xfrm_pols_put() in xfrm_bundle_lookup() - CVE-2022-36946: (unk) + CVE-2022-36946: (unk) netfilter: nf_queue: do not allow packet truncation below transport header offset
diff --git a/data/4.11/4.11_CVEs.txt b/data/4.11/4.11_CVEs.txt index eacf6dd..5a32122 100644 --- a/data/4.11/4.11_CVEs.txt +++ b/data/4.11/4.11_CVEs.txt
@@ -876,7 +876,10 @@ CVE-2022-20132: Fix not seen in stream CVE-2022-20141: Fix not seen in stream CVE-2022-20148: Fix not seen in stream +CVE-2022-20158: Fix unknown CVE-2022-20166: Fix not seen in stream +CVE-2022-20368: Fix not seen in stream +CVE-2022-20369: Fix not seen in stream CVE-2022-21123: Fix not seen in stream CVE-2022-21125: Fix not seen in stream CVE-2022-21166: Fix not seen in stream @@ -891,7 +894,7 @@ CVE-2022-23042: Fix not seen in stream CVE-2022-2318: Fix not seen in stream CVE-2022-23222: Fix not seen in stream -CVE-2022-2327: Fix unknown +CVE-2022-2327: Fix not seen in stream CVE-2022-2380: Fix not seen in stream CVE-2022-23816: Fix unknown CVE-2022-23825: Fix unknown @@ -921,5 +924,6 @@ CVE-2022-33744: Fix not seen in stream CVE-2022-33981: Fix not seen in stream CVE-2022-34918: Fix not seen in stream +CVE-2022-36123: Fix not seen in stream CVE-2022-36879: Fix not seen in stream -CVE-2022-36946: Fix unknown +CVE-2022-36946: Fix not seen in stream
diff --git a/data/4.11/4.11_security.txt b/data/4.11/4.11_security.txt index f1a34f7..7bba7d1 100644 --- a/data/4.11/4.11_security.txt +++ b/data/4.11/4.11_security.txt
@@ -898,7 +898,10 @@ CVE-2022-20132: (unk) HID: add hid_is_usb() function to make it simpler for USB detection CVE-2022-20141: (unk) igmp: Add ip_mc_list lock in ip_check_mc_rcu CVE-2022-20148: (unk) f2fs: fix UAF in f2fs_available_free_memory + CVE-2022-20158: (unk) CVE-2022-20166: (unk) drivers core: Use sysfs_emit and sysfs_emit_at for show(device *...) functions + CVE-2022-20368: (unk) net/packet: fix slab-out-of-bounds access in packet_recvmsg() + CVE-2022-20369: (unk) media: v4l2-mem2mem: Apply DST_QUEUE_OFF_BASE on MMAP buffers across ioctls CVE-2022-21123: (unk) x86/speculation/mmio: Add mitigation for Processor MMIO Stale Data CVE-2022-21125: (unk) x86/speculation/mmio: Reuse SRBDS mitigation for SBDS CVE-2022-21166: (unk) x86/speculation/mmio: Enable CPU Fill buffer clearing on idle @@ -913,7 +916,7 @@ CVE-2022-23042: (unk) xen/netfront: react properly to failing gnttab_end_foreign_access_ref() CVE-2022-2318: (unk) net: rose: fix UAF bugs caused by timer handler CVE-2022-23222: (unk) bpf: Replace PTR_TO_XXX_OR_NULL with PTR_TO_XXX | PTR_MAYBE_NULL - CVE-2022-2327: (unk) + CVE-2022-2327: (unk) io_uring: remove any grabbing of context CVE-2022-2380: (unk) video: fbdev: sm712fb: Fix crash in smtcfb_read() CVE-2022-23816: (unk) CVE-2022-23825: (unk) @@ -943,5 +946,6 @@ CVE-2022-33744: (unk) xen/arm: Fix race in RB-tree based P2M accounting CVE-2022-33981: (unk) floppy: disable FDRAWCMD by default CVE-2022-34918: (unk) netfilter: nf_tables: stricter validation of element data + CVE-2022-36123: (unk) x86: Clear .brk area at early boot CVE-2022-36879: (unk) xfrm: xfrm_policy: fix a possible double xfrm_pols_put() in xfrm_bundle_lookup() - CVE-2022-36946: (unk) + CVE-2022-36946: (unk) netfilter: nf_queue: do not allow packet truncation below transport header offset
diff --git a/data/4.12/4.12_CVEs.txt b/data/4.12/4.12_CVEs.txt index 51a33d1..93ca2bd 100644 --- a/data/4.12/4.12_CVEs.txt +++ b/data/4.12/4.12_CVEs.txt
@@ -856,7 +856,10 @@ CVE-2022-20132: Fix not seen in stream CVE-2022-20141: Fix not seen in stream CVE-2022-20148: Fix not seen in stream +CVE-2022-20158: Fix unknown CVE-2022-20166: Fix not seen in stream +CVE-2022-20368: Fix not seen in stream +CVE-2022-20369: Fix not seen in stream CVE-2022-21123: Fix not seen in stream CVE-2022-21125: Fix not seen in stream CVE-2022-21166: Fix not seen in stream @@ -872,7 +875,7 @@ CVE-2022-23042: Fix not seen in stream CVE-2022-2318: Fix not seen in stream CVE-2022-23222: Fix not seen in stream -CVE-2022-2327: Fix unknown +CVE-2022-2327: Fix not seen in stream CVE-2022-2380: Fix not seen in stream CVE-2022-23816: Fix unknown CVE-2022-23825: Fix unknown @@ -903,5 +906,6 @@ CVE-2022-33744: Fix not seen in stream CVE-2022-33981: Fix not seen in stream CVE-2022-34918: Fix not seen in stream +CVE-2022-36123: Fix not seen in stream CVE-2022-36879: Fix not seen in stream -CVE-2022-36946: Fix unknown +CVE-2022-36946: Fix not seen in stream
diff --git a/data/4.12/4.12_security.txt b/data/4.12/4.12_security.txt index 005955e..40a75e3 100644 --- a/data/4.12/4.12_security.txt +++ b/data/4.12/4.12_security.txt
@@ -882,7 +882,10 @@ CVE-2022-20132: (unk) HID: add hid_is_usb() function to make it simpler for USB detection CVE-2022-20141: (unk) igmp: Add ip_mc_list lock in ip_check_mc_rcu CVE-2022-20148: (unk) f2fs: fix UAF in f2fs_available_free_memory + CVE-2022-20158: (unk) CVE-2022-20166: (unk) drivers core: Use sysfs_emit and sysfs_emit_at for show(device *...) functions + CVE-2022-20368: (unk) net/packet: fix slab-out-of-bounds access in packet_recvmsg() + CVE-2022-20369: (unk) media: v4l2-mem2mem: Apply DST_QUEUE_OFF_BASE on MMAP buffers across ioctls CVE-2022-21123: (unk) x86/speculation/mmio: Add mitigation for Processor MMIO Stale Data CVE-2022-21125: (unk) x86/speculation/mmio: Reuse SRBDS mitigation for SBDS CVE-2022-21166: (unk) x86/speculation/mmio: Enable CPU Fill buffer clearing on idle @@ -898,7 +901,7 @@ CVE-2022-23042: (unk) xen/netfront: react properly to failing gnttab_end_foreign_access_ref() CVE-2022-2318: (unk) net: rose: fix UAF bugs caused by timer handler CVE-2022-23222: (unk) bpf: Replace PTR_TO_XXX_OR_NULL with PTR_TO_XXX | PTR_MAYBE_NULL - CVE-2022-2327: (unk) + CVE-2022-2327: (unk) io_uring: remove any grabbing of context CVE-2022-2380: (unk) video: fbdev: sm712fb: Fix crash in smtcfb_read() CVE-2022-23816: (unk) CVE-2022-23825: (unk) @@ -929,5 +932,6 @@ CVE-2022-33744: (unk) xen/arm: Fix race in RB-tree based P2M accounting CVE-2022-33981: (unk) floppy: disable FDRAWCMD by default CVE-2022-34918: (unk) netfilter: nf_tables: stricter validation of element data + CVE-2022-36123: (unk) x86: Clear .brk area at early boot CVE-2022-36879: (unk) xfrm: xfrm_policy: fix a possible double xfrm_pols_put() in xfrm_bundle_lookup() - CVE-2022-36946: (unk) + CVE-2022-36946: (unk) netfilter: nf_queue: do not allow packet truncation below transport header offset
diff --git a/data/4.13/4.13_CVEs.txt b/data/4.13/4.13_CVEs.txt index 410bf2d..a56bc84 100644 --- a/data/4.13/4.13_CVEs.txt +++ b/data/4.13/4.13_CVEs.txt
@@ -839,7 +839,10 @@ CVE-2022-20132: Fix not seen in stream CVE-2022-20141: Fix not seen in stream CVE-2022-20148: Fix not seen in stream +CVE-2022-20158: Fix unknown CVE-2022-20166: Fix not seen in stream +CVE-2022-20368: Fix not seen in stream +CVE-2022-20369: Fix not seen in stream CVE-2022-21123: Fix not seen in stream CVE-2022-21125: Fix not seen in stream CVE-2022-21166: Fix not seen in stream @@ -855,7 +858,7 @@ CVE-2022-23042: Fix not seen in stream CVE-2022-2318: Fix not seen in stream CVE-2022-23222: Fix not seen in stream -CVE-2022-2327: Fix unknown +CVE-2022-2327: Fix not seen in stream CVE-2022-2380: Fix not seen in stream CVE-2022-23816: Fix unknown CVE-2022-23825: Fix unknown @@ -886,5 +889,6 @@ CVE-2022-33744: Fix not seen in stream CVE-2022-33981: Fix not seen in stream CVE-2022-34918: Fix not seen in stream +CVE-2022-36123: Fix not seen in stream CVE-2022-36879: Fix not seen in stream -CVE-2022-36946: Fix unknown +CVE-2022-36946: Fix not seen in stream
diff --git a/data/4.13/4.13_security.txt b/data/4.13/4.13_security.txt index 959897e..a08e804 100644 --- a/data/4.13/4.13_security.txt +++ b/data/4.13/4.13_security.txt
@@ -867,7 +867,10 @@ CVE-2022-20132: (unk) HID: add hid_is_usb() function to make it simpler for USB detection CVE-2022-20141: (unk) igmp: Add ip_mc_list lock in ip_check_mc_rcu CVE-2022-20148: (unk) f2fs: fix UAF in f2fs_available_free_memory + CVE-2022-20158: (unk) CVE-2022-20166: (unk) drivers core: Use sysfs_emit and sysfs_emit_at for show(device *...) functions + CVE-2022-20368: (unk) net/packet: fix slab-out-of-bounds access in packet_recvmsg() + CVE-2022-20369: (unk) media: v4l2-mem2mem: Apply DST_QUEUE_OFF_BASE on MMAP buffers across ioctls CVE-2022-21123: (unk) x86/speculation/mmio: Add mitigation for Processor MMIO Stale Data CVE-2022-21125: (unk) x86/speculation/mmio: Reuse SRBDS mitigation for SBDS CVE-2022-21166: (unk) x86/speculation/mmio: Enable CPU Fill buffer clearing on idle @@ -883,7 +886,7 @@ CVE-2022-23042: (unk) xen/netfront: react properly to failing gnttab_end_foreign_access_ref() CVE-2022-2318: (unk) net: rose: fix UAF bugs caused by timer handler CVE-2022-23222: (unk) bpf: Replace PTR_TO_XXX_OR_NULL with PTR_TO_XXX | PTR_MAYBE_NULL - CVE-2022-2327: (unk) + CVE-2022-2327: (unk) io_uring: remove any grabbing of context CVE-2022-2380: (unk) video: fbdev: sm712fb: Fix crash in smtcfb_read() CVE-2022-23816: (unk) CVE-2022-23825: (unk) @@ -914,5 +917,6 @@ CVE-2022-33744: (unk) xen/arm: Fix race in RB-tree based P2M accounting CVE-2022-33981: (unk) floppy: disable FDRAWCMD by default CVE-2022-34918: (unk) netfilter: nf_tables: stricter validation of element data + CVE-2022-36123: (unk) x86: Clear .brk area at early boot CVE-2022-36879: (unk) xfrm: xfrm_policy: fix a possible double xfrm_pols_put() in xfrm_bundle_lookup() - CVE-2022-36946: (unk) + CVE-2022-36946: (unk) netfilter: nf_queue: do not allow packet truncation below transport header offset
diff --git a/data/4.14/4.14_CVEs.txt b/data/4.14/4.14_CVEs.txt index 41666d4..edd6f18 100644 --- a/data/4.14/4.14_CVEs.txt +++ b/data/4.14/4.14_CVEs.txt
@@ -805,7 +805,10 @@ CVE-2022-20141: Fixed with 4.14.247 CVE-2022-20148: Fix not seen in stream CVE-2022-20154: Fixed with 4.14.261 +CVE-2022-20158: Fix unknown CVE-2022-20166: Fix not seen in stream +CVE-2022-20368: Fixed with 4.14.273 +CVE-2022-20369: Fix not seen in stream CVE-2022-21123: Fixed with 4.14.284 CVE-2022-21125: Fixed with 4.14.284 CVE-2022-21166: Fixed with 4.14.284 @@ -822,7 +825,7 @@ CVE-2022-23042: Fixed with 4.14.271 CVE-2022-2318: Fixed with 4.14.287 CVE-2022-23222: Fix not seen in stream -CVE-2022-2327: Fix unknown +CVE-2022-2327: Fix not seen in stream CVE-2022-2380: Fixed with 4.14.276 CVE-2022-23816: Fix unknown CVE-2022-23825: Fix unknown @@ -854,5 +857,6 @@ CVE-2022-33744: Fixed with 4.14.287 CVE-2022-33981: Fixed with 4.14.278 CVE-2022-34918: Fix not seen in stream -CVE-2022-36879: Fix not seen in stream -CVE-2022-36946: Fix unknown +CVE-2022-36123: Fixed with 4.14.289 +CVE-2022-36879: Fixed with 4.14.290 +CVE-2022-36946: Fix not seen in stream
diff --git a/data/4.14/4.14_security.txt b/data/4.14/4.14_security.txt index 84e2462..3b36b91 100644 --- a/data/4.14/4.14_security.txt +++ b/data/4.14/4.14_security.txt
@@ -1104,6 +1104,9 @@ CVE-2021-4149: e0956dd95ddd6b02b7eb084d127b926a509ae8e7 btrfs: unlock newly allocated extent buffer after error CVE-2022-1199: d03aba820f1549c9f3b1d14bf48fa082663d22b5 ax25: Fix NULL pointer dereference in ax25_kill_by_device +CVEs fixed in 4.14.273: + CVE-2022-20368: b1e27cda1e3c12b705875bb7e247a97168580e33 net/packet: fix slab-out-of-bounds access in packet_recvmsg() + CVEs fixed in 4.14.274: CVE-2022-1016: a3cc32863b175168283cb0a5fde08de6a1e27df9 netfilter: nf_tables: initialize registers in nft_do_chain() CVE-2022-26490: d908d2776464a8021a1f63eba6e7417fbe7653c9 nfc: st21nfca: Fix potential buffer overflows in EVT_TRANSACTION @@ -1173,6 +1176,12 @@ CVEs fixed in 4.14.288: CVE-2021-33655: f7e7c2ad446f359f54f4ea6a0a30b218e5edf134 fbcon: Disallow setting font bigger than screen size +CVEs fixed in 4.14.289: + CVE-2022-36123: a24eebede57ff42d5123cca948c5077ccddbffcb x86: Clear .brk area at early boot + +CVEs fixed in 4.14.290: + CVE-2022-36879: 2c9d93e35cb857fc613ec9d58d690d332252747b xfrm: xfrm_policy: fix a possible double xfrm_pols_put() in xfrm_bundle_lookup() + Outstanding CVEs: CVE-2005-3660: (unk) CVE-2007-3719: (unk) @@ -1312,17 +1321,18 @@ CVE-2022-1786: (unk) io_uring: remove io_identity CVE-2022-1882: (unk) CVE-2022-20148: (unk) f2fs: fix UAF in f2fs_available_free_memory + CVE-2022-20158: (unk) CVE-2022-20166: (unk) drivers core: Use sysfs_emit and sysfs_emit_at for show(device *...) functions + CVE-2022-20369: (unk) media: v4l2-mem2mem: Apply DST_QUEUE_OFF_BASE on MMAP buffers across ioctls CVE-2022-21499: (unk) lockdown: also lock down previous kgdb use CVE-2022-2153: (unk) KVM: x86: Avoid theoretical NULL pointer dereference in kvm_irq_delivery_to_apic_fast() CVE-2022-2209: (unk) CVE-2022-23222: (unk) bpf: Replace PTR_TO_XXX_OR_NULL with PTR_TO_XXX | PTR_MAYBE_NULL - CVE-2022-2327: (unk) + CVE-2022-2327: (unk) io_uring: remove any grabbing of context CVE-2022-23816: (unk) CVE-2022-23825: (unk) CVE-2022-25265: (unk) CVE-2022-29900: (unk) x86/kvm/vmx: Make noinstr clean CVE-2022-29901: (unk) x86/kvm/vmx: Make noinstr clean CVE-2022-34918: (unk) netfilter: nf_tables: stricter validation of element data - CVE-2022-36879: (unk) xfrm: xfrm_policy: fix a possible double xfrm_pols_put() in xfrm_bundle_lookup() - CVE-2022-36946: (unk) + CVE-2022-36946: (unk) netfilter: nf_queue: do not allow packet truncation below transport header offset
diff --git a/data/4.15/4.15_CVEs.txt b/data/4.15/4.15_CVEs.txt index 33444ec..6eddf33 100644 --- a/data/4.15/4.15_CVEs.txt +++ b/data/4.15/4.15_CVEs.txt
@@ -755,7 +755,10 @@ CVE-2022-20141: Fix not seen in stream CVE-2022-20148: Fix not seen in stream CVE-2022-20154: Fix not seen in stream +CVE-2022-20158: Fix unknown CVE-2022-20166: Fix not seen in stream +CVE-2022-20368: Fix not seen in stream +CVE-2022-20369: Fix not seen in stream CVE-2022-21123: Fix not seen in stream CVE-2022-21125: Fix not seen in stream CVE-2022-21166: Fix not seen in stream @@ -772,7 +775,7 @@ CVE-2022-23042: Fix not seen in stream CVE-2022-2318: Fix not seen in stream CVE-2022-23222: Fix not seen in stream -CVE-2022-2327: Fix unknown +CVE-2022-2327: Fix not seen in stream CVE-2022-2380: Fix not seen in stream CVE-2022-23816: Fix unknown CVE-2022-23825: Fix unknown @@ -804,5 +807,6 @@ CVE-2022-33744: Fix not seen in stream CVE-2022-33981: Fix not seen in stream CVE-2022-34918: Fix not seen in stream +CVE-2022-36123: Fix not seen in stream CVE-2022-36879: Fix not seen in stream -CVE-2022-36946: Fix unknown +CVE-2022-36946: Fix not seen in stream
diff --git a/data/4.15/4.15_security.txt b/data/4.15/4.15_security.txt index abd7f9b..f4d256d 100644 --- a/data/4.15/4.15_security.txt +++ b/data/4.15/4.15_security.txt
@@ -787,7 +787,10 @@ CVE-2022-20141: (unk) igmp: Add ip_mc_list lock in ip_check_mc_rcu CVE-2022-20148: (unk) f2fs: fix UAF in f2fs_available_free_memory CVE-2022-20154: (unk) sctp: use call_rcu to free endpoint + CVE-2022-20158: (unk) CVE-2022-20166: (unk) drivers core: Use sysfs_emit and sysfs_emit_at for show(device *...) functions + CVE-2022-20368: (unk) net/packet: fix slab-out-of-bounds access in packet_recvmsg() + CVE-2022-20369: (unk) media: v4l2-mem2mem: Apply DST_QUEUE_OFF_BASE on MMAP buffers across ioctls CVE-2022-21123: (unk) x86/speculation/mmio: Add mitigation for Processor MMIO Stale Data CVE-2022-21125: (unk) x86/speculation/mmio: Reuse SRBDS mitigation for SBDS CVE-2022-21166: (unk) x86/speculation/mmio: Enable CPU Fill buffer clearing on idle @@ -804,7 +807,7 @@ CVE-2022-23042: (unk) xen/netfront: react properly to failing gnttab_end_foreign_access_ref() CVE-2022-2318: (unk) net: rose: fix UAF bugs caused by timer handler CVE-2022-23222: (unk) bpf: Replace PTR_TO_XXX_OR_NULL with PTR_TO_XXX | PTR_MAYBE_NULL - CVE-2022-2327: (unk) + CVE-2022-2327: (unk) io_uring: remove any grabbing of context CVE-2022-2380: (unk) video: fbdev: sm712fb: Fix crash in smtcfb_read() CVE-2022-23816: (unk) CVE-2022-23825: (unk) @@ -836,5 +839,6 @@ CVE-2022-33744: (unk) xen/arm: Fix race in RB-tree based P2M accounting CVE-2022-33981: (unk) floppy: disable FDRAWCMD by default CVE-2022-34918: (unk) netfilter: nf_tables: stricter validation of element data + CVE-2022-36123: (unk) x86: Clear .brk area at early boot CVE-2022-36879: (unk) xfrm: xfrm_policy: fix a possible double xfrm_pols_put() in xfrm_bundle_lookup() - CVE-2022-36946: (unk) + CVE-2022-36946: (unk) netfilter: nf_queue: do not allow packet truncation below transport header offset
diff --git a/data/4.16/4.16_CVEs.txt b/data/4.16/4.16_CVEs.txt index c4ca95f..c627f11 100644 --- a/data/4.16/4.16_CVEs.txt +++ b/data/4.16/4.16_CVEs.txt
@@ -734,7 +734,10 @@ CVE-2022-20141: Fix not seen in stream CVE-2022-20148: Fix not seen in stream CVE-2022-20154: Fix not seen in stream +CVE-2022-20158: Fix unknown CVE-2022-20166: Fix not seen in stream +CVE-2022-20368: Fix not seen in stream +CVE-2022-20369: Fix not seen in stream CVE-2022-21123: Fix not seen in stream CVE-2022-21125: Fix not seen in stream CVE-2022-21166: Fix not seen in stream @@ -751,7 +754,7 @@ CVE-2022-23042: Fix not seen in stream CVE-2022-2318: Fix not seen in stream CVE-2022-23222: Fix not seen in stream -CVE-2022-2327: Fix unknown +CVE-2022-2327: Fix not seen in stream CVE-2022-2380: Fix not seen in stream CVE-2022-23816: Fix unknown CVE-2022-23825: Fix unknown @@ -783,5 +786,6 @@ CVE-2022-33744: Fix not seen in stream CVE-2022-33981: Fix not seen in stream CVE-2022-34918: Fix not seen in stream +CVE-2022-36123: Fix not seen in stream CVE-2022-36879: Fix not seen in stream -CVE-2022-36946: Fix unknown +CVE-2022-36946: Fix not seen in stream
diff --git a/data/4.16/4.16_security.txt b/data/4.16/4.16_security.txt index 3990b0c..f762310 100644 --- a/data/4.16/4.16_security.txt +++ b/data/4.16/4.16_security.txt
@@ -766,7 +766,10 @@ CVE-2022-20141: (unk) igmp: Add ip_mc_list lock in ip_check_mc_rcu CVE-2022-20148: (unk) f2fs: fix UAF in f2fs_available_free_memory CVE-2022-20154: (unk) sctp: use call_rcu to free endpoint + CVE-2022-20158: (unk) CVE-2022-20166: (unk) drivers core: Use sysfs_emit and sysfs_emit_at for show(device *...) functions + CVE-2022-20368: (unk) net/packet: fix slab-out-of-bounds access in packet_recvmsg() + CVE-2022-20369: (unk) media: v4l2-mem2mem: Apply DST_QUEUE_OFF_BASE on MMAP buffers across ioctls CVE-2022-21123: (unk) x86/speculation/mmio: Add mitigation for Processor MMIO Stale Data CVE-2022-21125: (unk) x86/speculation/mmio: Reuse SRBDS mitigation for SBDS CVE-2022-21166: (unk) x86/speculation/mmio: Enable CPU Fill buffer clearing on idle @@ -783,7 +786,7 @@ CVE-2022-23042: (unk) xen/netfront: react properly to failing gnttab_end_foreign_access_ref() CVE-2022-2318: (unk) net: rose: fix UAF bugs caused by timer handler CVE-2022-23222: (unk) bpf: Replace PTR_TO_XXX_OR_NULL with PTR_TO_XXX | PTR_MAYBE_NULL - CVE-2022-2327: (unk) + CVE-2022-2327: (unk) io_uring: remove any grabbing of context CVE-2022-2380: (unk) video: fbdev: sm712fb: Fix crash in smtcfb_read() CVE-2022-23816: (unk) CVE-2022-23825: (unk) @@ -815,5 +818,6 @@ CVE-2022-33744: (unk) xen/arm: Fix race in RB-tree based P2M accounting CVE-2022-33981: (unk) floppy: disable FDRAWCMD by default CVE-2022-34918: (unk) netfilter: nf_tables: stricter validation of element data + CVE-2022-36123: (unk) x86: Clear .brk area at early boot CVE-2022-36879: (unk) xfrm: xfrm_policy: fix a possible double xfrm_pols_put() in xfrm_bundle_lookup() - CVE-2022-36946: (unk) + CVE-2022-36946: (unk) netfilter: nf_queue: do not allow packet truncation below transport header offset
diff --git a/data/4.17/4.17_CVEs.txt b/data/4.17/4.17_CVEs.txt index 10e6fdd..3597029 100644 --- a/data/4.17/4.17_CVEs.txt +++ b/data/4.17/4.17_CVEs.txt
@@ -714,7 +714,10 @@ CVE-2022-20141: Fix not seen in stream CVE-2022-20148: Fix not seen in stream CVE-2022-20154: Fix not seen in stream +CVE-2022-20158: Fix unknown CVE-2022-20166: Fix not seen in stream +CVE-2022-20368: Fix not seen in stream +CVE-2022-20369: Fix not seen in stream CVE-2022-21123: Fix not seen in stream CVE-2022-21125: Fix not seen in stream CVE-2022-21166: Fix not seen in stream @@ -731,7 +734,7 @@ CVE-2022-23042: Fix not seen in stream CVE-2022-2318: Fix not seen in stream CVE-2022-23222: Fix not seen in stream -CVE-2022-2327: Fix unknown +CVE-2022-2327: Fix not seen in stream CVE-2022-2380: Fix not seen in stream CVE-2022-23816: Fix unknown CVE-2022-23825: Fix unknown @@ -763,5 +766,6 @@ CVE-2022-33744: Fix not seen in stream CVE-2022-33981: Fix not seen in stream CVE-2022-34918: Fix not seen in stream +CVE-2022-36123: Fix not seen in stream CVE-2022-36879: Fix not seen in stream -CVE-2022-36946: Fix unknown +CVE-2022-36946: Fix not seen in stream
diff --git a/data/4.17/4.17_security.txt b/data/4.17/4.17_security.txt index 9716e35..1b5f084 100644 --- a/data/4.17/4.17_security.txt +++ b/data/4.17/4.17_security.txt
@@ -746,7 +746,10 @@ CVE-2022-20141: (unk) igmp: Add ip_mc_list lock in ip_check_mc_rcu CVE-2022-20148: (unk) f2fs: fix UAF in f2fs_available_free_memory CVE-2022-20154: (unk) sctp: use call_rcu to free endpoint + CVE-2022-20158: (unk) CVE-2022-20166: (unk) drivers core: Use sysfs_emit and sysfs_emit_at for show(device *...) functions + CVE-2022-20368: (unk) net/packet: fix slab-out-of-bounds access in packet_recvmsg() + CVE-2022-20369: (unk) media: v4l2-mem2mem: Apply DST_QUEUE_OFF_BASE on MMAP buffers across ioctls CVE-2022-21123: (unk) x86/speculation/mmio: Add mitigation for Processor MMIO Stale Data CVE-2022-21125: (unk) x86/speculation/mmio: Reuse SRBDS mitigation for SBDS CVE-2022-21166: (unk) x86/speculation/mmio: Enable CPU Fill buffer clearing on idle @@ -763,7 +766,7 @@ CVE-2022-23042: (unk) xen/netfront: react properly to failing gnttab_end_foreign_access_ref() CVE-2022-2318: (unk) net: rose: fix UAF bugs caused by timer handler CVE-2022-23222: (unk) bpf: Replace PTR_TO_XXX_OR_NULL with PTR_TO_XXX | PTR_MAYBE_NULL - CVE-2022-2327: (unk) + CVE-2022-2327: (unk) io_uring: remove any grabbing of context CVE-2022-2380: (unk) video: fbdev: sm712fb: Fix crash in smtcfb_read() CVE-2022-23816: (unk) CVE-2022-23825: (unk) @@ -795,5 +798,6 @@ CVE-2022-33744: (unk) xen/arm: Fix race in RB-tree based P2M accounting CVE-2022-33981: (unk) floppy: disable FDRAWCMD by default CVE-2022-34918: (unk) netfilter: nf_tables: stricter validation of element data + CVE-2022-36123: (unk) x86: Clear .brk area at early boot CVE-2022-36879: (unk) xfrm: xfrm_policy: fix a possible double xfrm_pols_put() in xfrm_bundle_lookup() - CVE-2022-36946: (unk) + CVE-2022-36946: (unk) netfilter: nf_queue: do not allow packet truncation below transport header offset
diff --git a/data/4.18/4.18_CVEs.txt b/data/4.18/4.18_CVEs.txt index 56ae154..ecf2fcb 100644 --- a/data/4.18/4.18_CVEs.txt +++ b/data/4.18/4.18_CVEs.txt
@@ -692,7 +692,10 @@ CVE-2022-20141: Fix not seen in stream CVE-2022-20148: Fix not seen in stream CVE-2022-20154: Fix not seen in stream +CVE-2022-20158: Fix unknown CVE-2022-20166: Fix not seen in stream +CVE-2022-20368: Fix not seen in stream +CVE-2022-20369: Fix not seen in stream CVE-2022-21123: Fix not seen in stream CVE-2022-21125: Fix not seen in stream CVE-2022-21166: Fix not seen in stream @@ -709,7 +712,7 @@ CVE-2022-23042: Fix not seen in stream CVE-2022-2318: Fix not seen in stream CVE-2022-23222: Fix not seen in stream -CVE-2022-2327: Fix unknown +CVE-2022-2327: Fix not seen in stream CVE-2022-2380: Fix not seen in stream CVE-2022-23816: Fix unknown CVE-2022-23825: Fix unknown @@ -741,5 +744,6 @@ CVE-2022-33744: Fix not seen in stream CVE-2022-33981: Fix not seen in stream CVE-2022-34918: Fix not seen in stream +CVE-2022-36123: Fix not seen in stream CVE-2022-36879: Fix not seen in stream -CVE-2022-36946: Fix unknown +CVE-2022-36946: Fix not seen in stream
diff --git a/data/4.18/4.18_security.txt b/data/4.18/4.18_security.txt index 0dadf06..3c66390 100644 --- a/data/4.18/4.18_security.txt +++ b/data/4.18/4.18_security.txt
@@ -724,7 +724,10 @@ CVE-2022-20141: (unk) igmp: Add ip_mc_list lock in ip_check_mc_rcu CVE-2022-20148: (unk) f2fs: fix UAF in f2fs_available_free_memory CVE-2022-20154: (unk) sctp: use call_rcu to free endpoint + CVE-2022-20158: (unk) CVE-2022-20166: (unk) drivers core: Use sysfs_emit and sysfs_emit_at for show(device *...) functions + CVE-2022-20368: (unk) net/packet: fix slab-out-of-bounds access in packet_recvmsg() + CVE-2022-20369: (unk) media: v4l2-mem2mem: Apply DST_QUEUE_OFF_BASE on MMAP buffers across ioctls CVE-2022-21123: (unk) x86/speculation/mmio: Add mitigation for Processor MMIO Stale Data CVE-2022-21125: (unk) x86/speculation/mmio: Reuse SRBDS mitigation for SBDS CVE-2022-21166: (unk) x86/speculation/mmio: Enable CPU Fill buffer clearing on idle @@ -741,7 +744,7 @@ CVE-2022-23042: (unk) xen/netfront: react properly to failing gnttab_end_foreign_access_ref() CVE-2022-2318: (unk) net: rose: fix UAF bugs caused by timer handler CVE-2022-23222: (unk) bpf: Replace PTR_TO_XXX_OR_NULL with PTR_TO_XXX | PTR_MAYBE_NULL - CVE-2022-2327: (unk) + CVE-2022-2327: (unk) io_uring: remove any grabbing of context CVE-2022-2380: (unk) video: fbdev: sm712fb: Fix crash in smtcfb_read() CVE-2022-23816: (unk) CVE-2022-23825: (unk) @@ -773,5 +776,6 @@ CVE-2022-33744: (unk) xen/arm: Fix race in RB-tree based P2M accounting CVE-2022-33981: (unk) floppy: disable FDRAWCMD by default CVE-2022-34918: (unk) netfilter: nf_tables: stricter validation of element data + CVE-2022-36123: (unk) x86: Clear .brk area at early boot CVE-2022-36879: (unk) xfrm: xfrm_policy: fix a possible double xfrm_pols_put() in xfrm_bundle_lookup() - CVE-2022-36946: (unk) + CVE-2022-36946: (unk) netfilter: nf_queue: do not allow packet truncation below transport header offset
diff --git a/data/4.19/4.19_CVEs.txt b/data/4.19/4.19_CVEs.txt index 7d997f2..53f7f00 100644 --- a/data/4.19/4.19_CVEs.txt +++ b/data/4.19/4.19_CVEs.txt
@@ -666,7 +666,10 @@ CVE-2022-20141: Fixed with 4.19.207 CVE-2022-20148: Fix not seen in stream CVE-2022-20154: Fixed with 4.19.224 +CVE-2022-20158: Fix unknown CVE-2022-20166: Fix not seen in stream +CVE-2022-20368: Fixed with 4.19.236 +CVE-2022-20369: Fix not seen in stream CVE-2022-21123: Fixed with 4.19.248 CVE-2022-21125: Fixed with 4.19.248 CVE-2022-21166: Fixed with 4.19.248 @@ -683,7 +686,7 @@ CVE-2022-23042: Fixed with 4.19.234 CVE-2022-2318: Fixed with 4.19.251 CVE-2022-23222: Fix not seen in stream -CVE-2022-2327: Fix unknown +CVE-2022-2327: Fix not seen in stream CVE-2022-2380: Fixed with 4.19.238 CVE-2022-23816: Fix unknown CVE-2022-23825: Fix unknown @@ -716,5 +719,6 @@ CVE-2022-33744: Fixed with 4.19.251 CVE-2022-33981: Fixed with 4.19.241 CVE-2022-34918: Fix not seen in stream -CVE-2022-36879: Fix not seen in stream -CVE-2022-36946: Fix unknown +CVE-2022-36123: Fixed with 4.19.253 +CVE-2022-36879: Fixed with 4.19.254 +CVE-2022-36946: Fix not seen in stream
diff --git a/data/4.19/4.19_security.txt b/data/4.19/4.19_security.txt index 2658c7f..0df5596 100644 --- a/data/4.19/4.19_security.txt +++ b/data/4.19/4.19_security.txt
@@ -910,6 +910,9 @@ CVE-2021-4149: 73d55fa1b9310573f623195a4f7ab3170bbaf248 btrfs: unlock newly allocated extent buffer after error CVE-2022-1199: 5ab8de9377edde3eaf1de9872e2f01d43157cd6c ax25: Fix NULL pointer dereference in ax25_kill_by_device +CVEs fixed in 4.19.236: + CVE-2022-20368: a33dd1e6693f80d805155b3f69c18c2f642915da net/packet: fix slab-out-of-bounds access in packet_recvmsg() + CVEs fixed in 4.19.237: CVE-2022-1016: 88791b79a1eb2ba94e95d039243e28433583a67b netfilter: nf_tables: initialize registers in nft_do_chain() CVE-2022-26490: 0043b74987acb44f1ade537aad901695511cfebe nfc: st21nfca: Fix potential buffer overflows in EVT_TRANSACTION @@ -981,6 +984,12 @@ CVEs fixed in 4.19.252: CVE-2021-33655: eae522ed28fe1c00375a8a0081a97dce7996e4d8 fbcon: Disallow setting font bigger than screen size +CVEs fixed in 4.19.253: + CVE-2022-36123: 36e2f161fb01795722f2ff1a24d95f08100333dd x86: Clear .brk area at early boot + +CVEs fixed in 4.19.254: + CVE-2022-36879: fdb4fba1ba8512fa579a9d091dcb6c410f82f96a xfrm: xfrm_policy: fix a possible double xfrm_pols_put() in xfrm_bundle_lookup() + Outstanding CVEs: CVE-2005-3660: (unk) CVE-2007-3719: (unk) @@ -1100,17 +1109,18 @@ CVE-2022-1789: (unk) KVM: x86/mmu: fix NULL pointer dereference on guest INVPCID CVE-2022-1882: (unk) CVE-2022-20148: (unk) f2fs: fix UAF in f2fs_available_free_memory + CVE-2022-20158: (unk) CVE-2022-20166: (unk) drivers core: Use sysfs_emit and sysfs_emit_at for show(device *...) functions + CVE-2022-20369: (unk) media: v4l2-mem2mem: Apply DST_QUEUE_OFF_BASE on MMAP buffers across ioctls CVE-2022-21499: (unk) lockdown: also lock down previous kgdb use CVE-2022-2153: (unk) KVM: x86: Avoid theoretical NULL pointer dereference in kvm_irq_delivery_to_apic_fast() CVE-2022-2209: (unk) CVE-2022-23222: (unk) bpf: Replace PTR_TO_XXX_OR_NULL with PTR_TO_XXX | PTR_MAYBE_NULL - CVE-2022-2327: (unk) + CVE-2022-2327: (unk) io_uring: remove any grabbing of context CVE-2022-23816: (unk) CVE-2022-23825: (unk) CVE-2022-25265: (unk) CVE-2022-29900: (unk) x86/kvm/vmx: Make noinstr clean CVE-2022-29901: (unk) x86/kvm/vmx: Make noinstr clean CVE-2022-34918: (unk) netfilter: nf_tables: stricter validation of element data - CVE-2022-36879: (unk) xfrm: xfrm_policy: fix a possible double xfrm_pols_put() in xfrm_bundle_lookup() - CVE-2022-36946: (unk) + CVE-2022-36946: (unk) netfilter: nf_queue: do not allow packet truncation below transport header offset
diff --git a/data/4.20/4.20_CVEs.txt b/data/4.20/4.20_CVEs.txt index d98a4da..d67229c 100644 --- a/data/4.20/4.20_CVEs.txt +++ b/data/4.20/4.20_CVEs.txt
@@ -654,7 +654,10 @@ CVE-2022-20141: Fix not seen in stream CVE-2022-20148: Fix not seen in stream CVE-2022-20154: Fix not seen in stream +CVE-2022-20158: Fix unknown CVE-2022-20166: Fix not seen in stream +CVE-2022-20368: Fix not seen in stream +CVE-2022-20369: Fix not seen in stream CVE-2022-21123: Fix not seen in stream CVE-2022-21125: Fix not seen in stream CVE-2022-21166: Fix not seen in stream @@ -671,7 +674,7 @@ CVE-2022-23042: Fix not seen in stream CVE-2022-2318: Fix not seen in stream CVE-2022-23222: Fix not seen in stream -CVE-2022-2327: Fix unknown +CVE-2022-2327: Fix not seen in stream CVE-2022-2380: Fix not seen in stream CVE-2022-23816: Fix unknown CVE-2022-23825: Fix unknown @@ -704,5 +707,6 @@ CVE-2022-33744: Fix not seen in stream CVE-2022-33981: Fix not seen in stream CVE-2022-34918: Fix not seen in stream +CVE-2022-36123: Fix not seen in stream CVE-2022-36879: Fix not seen in stream -CVE-2022-36946: Fix unknown +CVE-2022-36946: Fix not seen in stream
diff --git a/data/4.20/4.20_security.txt b/data/4.20/4.20_security.txt index 0d95c8c..a695ceb 100644 --- a/data/4.20/4.20_security.txt +++ b/data/4.20/4.20_security.txt
@@ -686,7 +686,10 @@ CVE-2022-20141: (unk) igmp: Add ip_mc_list lock in ip_check_mc_rcu CVE-2022-20148: (unk) f2fs: fix UAF in f2fs_available_free_memory CVE-2022-20154: (unk) sctp: use call_rcu to free endpoint + CVE-2022-20158: (unk) CVE-2022-20166: (unk) drivers core: Use sysfs_emit and sysfs_emit_at for show(device *...) functions + CVE-2022-20368: (unk) net/packet: fix slab-out-of-bounds access in packet_recvmsg() + CVE-2022-20369: (unk) media: v4l2-mem2mem: Apply DST_QUEUE_OFF_BASE on MMAP buffers across ioctls CVE-2022-21123: (unk) x86/speculation/mmio: Add mitigation for Processor MMIO Stale Data CVE-2022-21125: (unk) x86/speculation/mmio: Reuse SRBDS mitigation for SBDS CVE-2022-21166: (unk) x86/speculation/mmio: Enable CPU Fill buffer clearing on idle @@ -703,7 +706,7 @@ CVE-2022-23042: (unk) xen/netfront: react properly to failing gnttab_end_foreign_access_ref() CVE-2022-2318: (unk) net: rose: fix UAF bugs caused by timer handler CVE-2022-23222: (unk) bpf: Replace PTR_TO_XXX_OR_NULL with PTR_TO_XXX | PTR_MAYBE_NULL - CVE-2022-2327: (unk) + CVE-2022-2327: (unk) io_uring: remove any grabbing of context CVE-2022-2380: (unk) video: fbdev: sm712fb: Fix crash in smtcfb_read() CVE-2022-23816: (unk) CVE-2022-23825: (unk) @@ -736,5 +739,6 @@ CVE-2022-33744: (unk) xen/arm: Fix race in RB-tree based P2M accounting CVE-2022-33981: (unk) floppy: disable FDRAWCMD by default CVE-2022-34918: (unk) netfilter: nf_tables: stricter validation of element data + CVE-2022-36123: (unk) x86: Clear .brk area at early boot CVE-2022-36879: (unk) xfrm: xfrm_policy: fix a possible double xfrm_pols_put() in xfrm_bundle_lookup() - CVE-2022-36946: (unk) + CVE-2022-36946: (unk) netfilter: nf_queue: do not allow packet truncation below transport header offset
diff --git a/data/4.3/4.3_CVEs.txt b/data/4.3/4.3_CVEs.txt index 5537430..9773591 100644 --- a/data/4.3/4.3_CVEs.txt +++ b/data/4.3/4.3_CVEs.txt
@@ -1005,7 +1005,10 @@ CVE-2022-20132: Fix not seen in stream CVE-2022-20141: Fix not seen in stream CVE-2022-20148: Fix not seen in stream +CVE-2022-20158: Fix unknown CVE-2022-20166: Fix not seen in stream +CVE-2022-20368: Fix not seen in stream +CVE-2022-20369: Fix not seen in stream CVE-2022-21123: Fix not seen in stream CVE-2022-21125: Fix not seen in stream CVE-2022-21166: Fix not seen in stream @@ -1020,7 +1023,7 @@ CVE-2022-23042: Fix not seen in stream CVE-2022-2318: Fix not seen in stream CVE-2022-23222: Fix not seen in stream -CVE-2022-2327: Fix unknown +CVE-2022-2327: Fix not seen in stream CVE-2022-2380: Fix not seen in stream CVE-2022-23816: Fix unknown CVE-2022-23825: Fix unknown @@ -1049,5 +1052,6 @@ CVE-2022-33744: Fix not seen in stream CVE-2022-33981: Fix not seen in stream CVE-2022-34918: Fix not seen in stream +CVE-2022-36123: Fix not seen in stream CVE-2022-36879: Fix not seen in stream -CVE-2022-36946: Fix unknown +CVE-2022-36946: Fix not seen in stream
diff --git a/data/4.3/4.3_security.txt b/data/4.3/4.3_security.txt index d40f23e..219896a 100644 --- a/data/4.3/4.3_security.txt +++ b/data/4.3/4.3_security.txt
@@ -1021,7 +1021,10 @@ CVE-2022-20132: (unk) HID: add hid_is_usb() function to make it simpler for USB detection CVE-2022-20141: (unk) igmp: Add ip_mc_list lock in ip_check_mc_rcu CVE-2022-20148: (unk) f2fs: fix UAF in f2fs_available_free_memory + CVE-2022-20158: (unk) CVE-2022-20166: (unk) drivers core: Use sysfs_emit and sysfs_emit_at for show(device *...) functions + CVE-2022-20368: (unk) net/packet: fix slab-out-of-bounds access in packet_recvmsg() + CVE-2022-20369: (unk) media: v4l2-mem2mem: Apply DST_QUEUE_OFF_BASE on MMAP buffers across ioctls CVE-2022-21123: (unk) x86/speculation/mmio: Add mitigation for Processor MMIO Stale Data CVE-2022-21125: (unk) x86/speculation/mmio: Reuse SRBDS mitigation for SBDS CVE-2022-21166: (unk) x86/speculation/mmio: Enable CPU Fill buffer clearing on idle @@ -1036,7 +1039,7 @@ CVE-2022-23042: (unk) xen/netfront: react properly to failing gnttab_end_foreign_access_ref() CVE-2022-2318: (unk) net: rose: fix UAF bugs caused by timer handler CVE-2022-23222: (unk) bpf: Replace PTR_TO_XXX_OR_NULL with PTR_TO_XXX | PTR_MAYBE_NULL - CVE-2022-2327: (unk) + CVE-2022-2327: (unk) io_uring: remove any grabbing of context CVE-2022-2380: (unk) video: fbdev: sm712fb: Fix crash in smtcfb_read() CVE-2022-23816: (unk) CVE-2022-23825: (unk) @@ -1065,5 +1068,6 @@ CVE-2022-33744: (unk) xen/arm: Fix race in RB-tree based P2M accounting CVE-2022-33981: (unk) floppy: disable FDRAWCMD by default CVE-2022-34918: (unk) netfilter: nf_tables: stricter validation of element data + CVE-2022-36123: (unk) x86: Clear .brk area at early boot CVE-2022-36879: (unk) xfrm: xfrm_policy: fix a possible double xfrm_pols_put() in xfrm_bundle_lookup() - CVE-2022-36946: (unk) + CVE-2022-36946: (unk) netfilter: nf_queue: do not allow packet truncation below transport header offset
diff --git a/data/4.4/4.4_CVEs.txt b/data/4.4/4.4_CVEs.txt index 6889fa6..e36b274 100644 --- a/data/4.4/4.4_CVEs.txt +++ b/data/4.4/4.4_CVEs.txt
@@ -985,7 +985,10 @@ CVE-2022-20132: Fixed with 4.4.295 CVE-2022-20141: Fixed with 4.4.284 CVE-2022-20148: Fix not seen in stream +CVE-2022-20158: Fix unknown CVE-2022-20166: Fix not seen in stream +CVE-2022-20368: Fix not seen in stream +CVE-2022-20369: Fix not seen in stream CVE-2022-21123: Fix not seen in stream CVE-2022-21125: Fix not seen in stream CVE-2022-21166: Fix not seen in stream @@ -1000,7 +1003,7 @@ CVE-2022-23042: Fix not seen in stream CVE-2022-2318: Fix not seen in stream CVE-2022-23222: Fix not seen in stream -CVE-2022-2327: Fix unknown +CVE-2022-2327: Fix not seen in stream CVE-2022-2380: Fix not seen in stream CVE-2022-23816: Fix unknown CVE-2022-23825: Fix unknown @@ -1029,5 +1032,6 @@ CVE-2022-33744: Fix not seen in stream CVE-2022-33981: Fix not seen in stream CVE-2022-34918: Fix not seen in stream +CVE-2022-36123: Fix not seen in stream CVE-2022-36879: Fix not seen in stream -CVE-2022-36946: Fix unknown +CVE-2022-36946: Fix not seen in stream
diff --git a/data/4.4/4.4_security.txt b/data/4.4/4.4_security.txt index ca6bad5..47fb91a 100644 --- a/data/4.4/4.4_security.txt +++ b/data/4.4/4.4_security.txt
@@ -1469,7 +1469,10 @@ CVE-2022-1974: (unk) nfc: replace improper check device_is_registered() in netlink related functions CVE-2022-1975: (unk) NFC: netlink: fix sleep in atomic bug when firmware download timeout CVE-2022-20148: (unk) f2fs: fix UAF in f2fs_available_free_memory + CVE-2022-20158: (unk) CVE-2022-20166: (unk) drivers core: Use sysfs_emit and sysfs_emit_at for show(device *...) functions + CVE-2022-20368: (unk) net/packet: fix slab-out-of-bounds access in packet_recvmsg() + CVE-2022-20369: (unk) media: v4l2-mem2mem: Apply DST_QUEUE_OFF_BASE on MMAP buffers across ioctls CVE-2022-21123: (unk) x86/speculation/mmio: Add mitigation for Processor MMIO Stale Data CVE-2022-21125: (unk) x86/speculation/mmio: Reuse SRBDS mitigation for SBDS CVE-2022-21166: (unk) x86/speculation/mmio: Enable CPU Fill buffer clearing on idle @@ -1484,7 +1487,7 @@ CVE-2022-23042: (unk) xen/netfront: react properly to failing gnttab_end_foreign_access_ref() CVE-2022-2318: (unk) net: rose: fix UAF bugs caused by timer handler CVE-2022-23222: (unk) bpf: Replace PTR_TO_XXX_OR_NULL with PTR_TO_XXX | PTR_MAYBE_NULL - CVE-2022-2327: (unk) + CVE-2022-2327: (unk) io_uring: remove any grabbing of context CVE-2022-2380: (unk) video: fbdev: sm712fb: Fix crash in smtcfb_read() CVE-2022-23816: (unk) CVE-2022-23825: (unk) @@ -1513,5 +1516,6 @@ CVE-2022-33744: (unk) xen/arm: Fix race in RB-tree based P2M accounting CVE-2022-33981: (unk) floppy: disable FDRAWCMD by default CVE-2022-34918: (unk) netfilter: nf_tables: stricter validation of element data + CVE-2022-36123: (unk) x86: Clear .brk area at early boot CVE-2022-36879: (unk) xfrm: xfrm_policy: fix a possible double xfrm_pols_put() in xfrm_bundle_lookup() - CVE-2022-36946: (unk) + CVE-2022-36946: (unk) netfilter: nf_queue: do not allow packet truncation below transport header offset
diff --git a/data/4.5/4.5_CVEs.txt b/data/4.5/4.5_CVEs.txt index f2e0523..9434e96 100644 --- a/data/4.5/4.5_CVEs.txt +++ b/data/4.5/4.5_CVEs.txt
@@ -967,7 +967,10 @@ CVE-2022-20132: Fix not seen in stream CVE-2022-20141: Fix not seen in stream CVE-2022-20148: Fix not seen in stream +CVE-2022-20158: Fix unknown CVE-2022-20166: Fix not seen in stream +CVE-2022-20368: Fix not seen in stream +CVE-2022-20369: Fix not seen in stream CVE-2022-21123: Fix not seen in stream CVE-2022-21125: Fix not seen in stream CVE-2022-21166: Fix not seen in stream @@ -982,7 +985,7 @@ CVE-2022-23042: Fix not seen in stream CVE-2022-2318: Fix not seen in stream CVE-2022-23222: Fix not seen in stream -CVE-2022-2327: Fix unknown +CVE-2022-2327: Fix not seen in stream CVE-2022-2380: Fix not seen in stream CVE-2022-23816: Fix unknown CVE-2022-23825: Fix unknown @@ -1011,5 +1014,6 @@ CVE-2022-33744: Fix not seen in stream CVE-2022-33981: Fix not seen in stream CVE-2022-34918: Fix not seen in stream +CVE-2022-36123: Fix not seen in stream CVE-2022-36879: Fix not seen in stream -CVE-2022-36946: Fix unknown +CVE-2022-36946: Fix not seen in stream
diff --git a/data/4.5/4.5_security.txt b/data/4.5/4.5_security.txt index ab28c32..8dc7ac3 100644 --- a/data/4.5/4.5_security.txt +++ b/data/4.5/4.5_security.txt
@@ -983,7 +983,10 @@ CVE-2022-20132: (unk) HID: add hid_is_usb() function to make it simpler for USB detection CVE-2022-20141: (unk) igmp: Add ip_mc_list lock in ip_check_mc_rcu CVE-2022-20148: (unk) f2fs: fix UAF in f2fs_available_free_memory + CVE-2022-20158: (unk) CVE-2022-20166: (unk) drivers core: Use sysfs_emit and sysfs_emit_at for show(device *...) functions + CVE-2022-20368: (unk) net/packet: fix slab-out-of-bounds access in packet_recvmsg() + CVE-2022-20369: (unk) media: v4l2-mem2mem: Apply DST_QUEUE_OFF_BASE on MMAP buffers across ioctls CVE-2022-21123: (unk) x86/speculation/mmio: Add mitigation for Processor MMIO Stale Data CVE-2022-21125: (unk) x86/speculation/mmio: Reuse SRBDS mitigation for SBDS CVE-2022-21166: (unk) x86/speculation/mmio: Enable CPU Fill buffer clearing on idle @@ -998,7 +1001,7 @@ CVE-2022-23042: (unk) xen/netfront: react properly to failing gnttab_end_foreign_access_ref() CVE-2022-2318: (unk) net: rose: fix UAF bugs caused by timer handler CVE-2022-23222: (unk) bpf: Replace PTR_TO_XXX_OR_NULL with PTR_TO_XXX | PTR_MAYBE_NULL - CVE-2022-2327: (unk) + CVE-2022-2327: (unk) io_uring: remove any grabbing of context CVE-2022-2380: (unk) video: fbdev: sm712fb: Fix crash in smtcfb_read() CVE-2022-23816: (unk) CVE-2022-23825: (unk) @@ -1027,5 +1030,6 @@ CVE-2022-33744: (unk) xen/arm: Fix race in RB-tree based P2M accounting CVE-2022-33981: (unk) floppy: disable FDRAWCMD by default CVE-2022-34918: (unk) netfilter: nf_tables: stricter validation of element data + CVE-2022-36123: (unk) x86: Clear .brk area at early boot CVE-2022-36879: (unk) xfrm: xfrm_policy: fix a possible double xfrm_pols_put() in xfrm_bundle_lookup() - CVE-2022-36946: (unk) + CVE-2022-36946: (unk) netfilter: nf_queue: do not allow packet truncation below transport header offset
diff --git a/data/4.6/4.6_CVEs.txt b/data/4.6/4.6_CVEs.txt index 453b3f3..c68b7a5 100644 --- a/data/4.6/4.6_CVEs.txt +++ b/data/4.6/4.6_CVEs.txt
@@ -939,7 +939,10 @@ CVE-2022-20132: Fix not seen in stream CVE-2022-20141: Fix not seen in stream CVE-2022-20148: Fix not seen in stream +CVE-2022-20158: Fix unknown CVE-2022-20166: Fix not seen in stream +CVE-2022-20368: Fix not seen in stream +CVE-2022-20369: Fix not seen in stream CVE-2022-21123: Fix not seen in stream CVE-2022-21125: Fix not seen in stream CVE-2022-21166: Fix not seen in stream @@ -954,7 +957,7 @@ CVE-2022-23042: Fix not seen in stream CVE-2022-2318: Fix not seen in stream CVE-2022-23222: Fix not seen in stream -CVE-2022-2327: Fix unknown +CVE-2022-2327: Fix not seen in stream CVE-2022-2380: Fix not seen in stream CVE-2022-23816: Fix unknown CVE-2022-23825: Fix unknown @@ -983,5 +986,6 @@ CVE-2022-33744: Fix not seen in stream CVE-2022-33981: Fix not seen in stream CVE-2022-34918: Fix not seen in stream +CVE-2022-36123: Fix not seen in stream CVE-2022-36879: Fix not seen in stream -CVE-2022-36946: Fix unknown +CVE-2022-36946: Fix not seen in stream
diff --git a/data/4.6/4.6_security.txt b/data/4.6/4.6_security.txt index 66137e0..7d6956b 100644 --- a/data/4.6/4.6_security.txt +++ b/data/4.6/4.6_security.txt
@@ -957,7 +957,10 @@ CVE-2022-20132: (unk) HID: add hid_is_usb() function to make it simpler for USB detection CVE-2022-20141: (unk) igmp: Add ip_mc_list lock in ip_check_mc_rcu CVE-2022-20148: (unk) f2fs: fix UAF in f2fs_available_free_memory + CVE-2022-20158: (unk) CVE-2022-20166: (unk) drivers core: Use sysfs_emit and sysfs_emit_at for show(device *...) functions + CVE-2022-20368: (unk) net/packet: fix slab-out-of-bounds access in packet_recvmsg() + CVE-2022-20369: (unk) media: v4l2-mem2mem: Apply DST_QUEUE_OFF_BASE on MMAP buffers across ioctls CVE-2022-21123: (unk) x86/speculation/mmio: Add mitigation for Processor MMIO Stale Data CVE-2022-21125: (unk) x86/speculation/mmio: Reuse SRBDS mitigation for SBDS CVE-2022-21166: (unk) x86/speculation/mmio: Enable CPU Fill buffer clearing on idle @@ -972,7 +975,7 @@ CVE-2022-23042: (unk) xen/netfront: react properly to failing gnttab_end_foreign_access_ref() CVE-2022-2318: (unk) net: rose: fix UAF bugs caused by timer handler CVE-2022-23222: (unk) bpf: Replace PTR_TO_XXX_OR_NULL with PTR_TO_XXX | PTR_MAYBE_NULL - CVE-2022-2327: (unk) + CVE-2022-2327: (unk) io_uring: remove any grabbing of context CVE-2022-2380: (unk) video: fbdev: sm712fb: Fix crash in smtcfb_read() CVE-2022-23816: (unk) CVE-2022-23825: (unk) @@ -1001,5 +1004,6 @@ CVE-2022-33744: (unk) xen/arm: Fix race in RB-tree based P2M accounting CVE-2022-33981: (unk) floppy: disable FDRAWCMD by default CVE-2022-34918: (unk) netfilter: nf_tables: stricter validation of element data + CVE-2022-36123: (unk) x86: Clear .brk area at early boot CVE-2022-36879: (unk) xfrm: xfrm_policy: fix a possible double xfrm_pols_put() in xfrm_bundle_lookup() - CVE-2022-36946: (unk) + CVE-2022-36946: (unk) netfilter: nf_queue: do not allow packet truncation below transport header offset
diff --git a/data/4.7/4.7_CVEs.txt b/data/4.7/4.7_CVEs.txt index 165059e..1b49ed6 100644 --- a/data/4.7/4.7_CVEs.txt +++ b/data/4.7/4.7_CVEs.txt
@@ -921,7 +921,10 @@ CVE-2022-20132: Fix not seen in stream CVE-2022-20141: Fix not seen in stream CVE-2022-20148: Fix not seen in stream +CVE-2022-20158: Fix unknown CVE-2022-20166: Fix not seen in stream +CVE-2022-20368: Fix not seen in stream +CVE-2022-20369: Fix not seen in stream CVE-2022-21123: Fix not seen in stream CVE-2022-21125: Fix not seen in stream CVE-2022-21166: Fix not seen in stream @@ -936,7 +939,7 @@ CVE-2022-23042: Fix not seen in stream CVE-2022-2318: Fix not seen in stream CVE-2022-23222: Fix not seen in stream -CVE-2022-2327: Fix unknown +CVE-2022-2327: Fix not seen in stream CVE-2022-2380: Fix not seen in stream CVE-2022-23816: Fix unknown CVE-2022-23825: Fix unknown @@ -965,5 +968,6 @@ CVE-2022-33744: Fix not seen in stream CVE-2022-33981: Fix not seen in stream CVE-2022-34918: Fix not seen in stream +CVE-2022-36123: Fix not seen in stream CVE-2022-36879: Fix not seen in stream -CVE-2022-36946: Fix unknown +CVE-2022-36946: Fix not seen in stream
diff --git a/data/4.7/4.7_security.txt b/data/4.7/4.7_security.txt index 76cbfc9..a8b791a 100644 --- a/data/4.7/4.7_security.txt +++ b/data/4.7/4.7_security.txt
@@ -941,7 +941,10 @@ CVE-2022-20132: (unk) HID: add hid_is_usb() function to make it simpler for USB detection CVE-2022-20141: (unk) igmp: Add ip_mc_list lock in ip_check_mc_rcu CVE-2022-20148: (unk) f2fs: fix UAF in f2fs_available_free_memory + CVE-2022-20158: (unk) CVE-2022-20166: (unk) drivers core: Use sysfs_emit and sysfs_emit_at for show(device *...) functions + CVE-2022-20368: (unk) net/packet: fix slab-out-of-bounds access in packet_recvmsg() + CVE-2022-20369: (unk) media: v4l2-mem2mem: Apply DST_QUEUE_OFF_BASE on MMAP buffers across ioctls CVE-2022-21123: (unk) x86/speculation/mmio: Add mitigation for Processor MMIO Stale Data CVE-2022-21125: (unk) x86/speculation/mmio: Reuse SRBDS mitigation for SBDS CVE-2022-21166: (unk) x86/speculation/mmio: Enable CPU Fill buffer clearing on idle @@ -956,7 +959,7 @@ CVE-2022-23042: (unk) xen/netfront: react properly to failing gnttab_end_foreign_access_ref() CVE-2022-2318: (unk) net: rose: fix UAF bugs caused by timer handler CVE-2022-23222: (unk) bpf: Replace PTR_TO_XXX_OR_NULL with PTR_TO_XXX | PTR_MAYBE_NULL - CVE-2022-2327: (unk) + CVE-2022-2327: (unk) io_uring: remove any grabbing of context CVE-2022-2380: (unk) video: fbdev: sm712fb: Fix crash in smtcfb_read() CVE-2022-23816: (unk) CVE-2022-23825: (unk) @@ -985,5 +988,6 @@ CVE-2022-33744: (unk) xen/arm: Fix race in RB-tree based P2M accounting CVE-2022-33981: (unk) floppy: disable FDRAWCMD by default CVE-2022-34918: (unk) netfilter: nf_tables: stricter validation of element data + CVE-2022-36123: (unk) x86: Clear .brk area at early boot CVE-2022-36879: (unk) xfrm: xfrm_policy: fix a possible double xfrm_pols_put() in xfrm_bundle_lookup() - CVE-2022-36946: (unk) + CVE-2022-36946: (unk) netfilter: nf_queue: do not allow packet truncation below transport header offset
diff --git a/data/4.8/4.8_CVEs.txt b/data/4.8/4.8_CVEs.txt index d418ed5..1cbb47a 100644 --- a/data/4.8/4.8_CVEs.txt +++ b/data/4.8/4.8_CVEs.txt
@@ -925,7 +925,10 @@ CVE-2022-20132: Fix not seen in stream CVE-2022-20141: Fix not seen in stream CVE-2022-20148: Fix not seen in stream +CVE-2022-20158: Fix unknown CVE-2022-20166: Fix not seen in stream +CVE-2022-20368: Fix not seen in stream +CVE-2022-20369: Fix not seen in stream CVE-2022-21123: Fix not seen in stream CVE-2022-21125: Fix not seen in stream CVE-2022-21166: Fix not seen in stream @@ -940,7 +943,7 @@ CVE-2022-23042: Fix not seen in stream CVE-2022-2318: Fix not seen in stream CVE-2022-23222: Fix not seen in stream -CVE-2022-2327: Fix unknown +CVE-2022-2327: Fix not seen in stream CVE-2022-2380: Fix not seen in stream CVE-2022-23816: Fix unknown CVE-2022-23825: Fix unknown @@ -969,5 +972,6 @@ CVE-2022-33744: Fix not seen in stream CVE-2022-33981: Fix not seen in stream CVE-2022-34918: Fix not seen in stream +CVE-2022-36123: Fix not seen in stream CVE-2022-36879: Fix not seen in stream -CVE-2022-36946: Fix unknown +CVE-2022-36946: Fix not seen in stream
diff --git a/data/4.8/4.8_security.txt b/data/4.8/4.8_security.txt index cab189f..30b9bf1 100644 --- a/data/4.8/4.8_security.txt +++ b/data/4.8/4.8_security.txt
@@ -955,7 +955,10 @@ CVE-2022-20132: (unk) HID: add hid_is_usb() function to make it simpler for USB detection CVE-2022-20141: (unk) igmp: Add ip_mc_list lock in ip_check_mc_rcu CVE-2022-20148: (unk) f2fs: fix UAF in f2fs_available_free_memory + CVE-2022-20158: (unk) CVE-2022-20166: (unk) drivers core: Use sysfs_emit and sysfs_emit_at for show(device *...) functions + CVE-2022-20368: (unk) net/packet: fix slab-out-of-bounds access in packet_recvmsg() + CVE-2022-20369: (unk) media: v4l2-mem2mem: Apply DST_QUEUE_OFF_BASE on MMAP buffers across ioctls CVE-2022-21123: (unk) x86/speculation/mmio: Add mitigation for Processor MMIO Stale Data CVE-2022-21125: (unk) x86/speculation/mmio: Reuse SRBDS mitigation for SBDS CVE-2022-21166: (unk) x86/speculation/mmio: Enable CPU Fill buffer clearing on idle @@ -970,7 +973,7 @@ CVE-2022-23042: (unk) xen/netfront: react properly to failing gnttab_end_foreign_access_ref() CVE-2022-2318: (unk) net: rose: fix UAF bugs caused by timer handler CVE-2022-23222: (unk) bpf: Replace PTR_TO_XXX_OR_NULL with PTR_TO_XXX | PTR_MAYBE_NULL - CVE-2022-2327: (unk) + CVE-2022-2327: (unk) io_uring: remove any grabbing of context CVE-2022-2380: (unk) video: fbdev: sm712fb: Fix crash in smtcfb_read() CVE-2022-23816: (unk) CVE-2022-23825: (unk) @@ -999,5 +1002,6 @@ CVE-2022-33744: (unk) xen/arm: Fix race in RB-tree based P2M accounting CVE-2022-33981: (unk) floppy: disable FDRAWCMD by default CVE-2022-34918: (unk) netfilter: nf_tables: stricter validation of element data + CVE-2022-36123: (unk) x86: Clear .brk area at early boot CVE-2022-36879: (unk) xfrm: xfrm_policy: fix a possible double xfrm_pols_put() in xfrm_bundle_lookup() - CVE-2022-36946: (unk) + CVE-2022-36946: (unk) netfilter: nf_queue: do not allow packet truncation below transport header offset
diff --git a/data/4.9/4.9_CVEs.txt b/data/4.9/4.9_CVEs.txt index b2c17a9..1796b1d 100644 --- a/data/4.9/4.9_CVEs.txt +++ b/data/4.9/4.9_CVEs.txt
@@ -924,7 +924,10 @@ CVE-2022-20132: Fixed with 4.9.293 CVE-2022-20141: Fixed with 4.9.283 CVE-2022-20148: Fix not seen in stream +CVE-2022-20158: Fix unknown CVE-2022-20166: Fix not seen in stream +CVE-2022-20368: Fixed with 4.9.308 +CVE-2022-20369: Fix not seen in stream CVE-2022-21123: Fixed with 4.9.319 CVE-2022-21125: Fixed with 4.9.319 CVE-2022-21166: Fixed with 4.9.319 @@ -939,7 +942,7 @@ CVE-2022-23042: Fixed with 4.9.306 CVE-2022-2318: Fixed with 4.9.322 CVE-2022-23222: Fix not seen in stream -CVE-2022-2327: Fix unknown +CVE-2022-2327: Fix not seen in stream CVE-2022-2380: Fixed with 4.9.311 CVE-2022-23816: Fix unknown CVE-2022-23825: Fix unknown @@ -968,5 +971,6 @@ CVE-2022-33744: Fixed with 4.9.322 CVE-2022-33981: Fixed with 4.9.313 CVE-2022-34918: Fix not seen in stream -CVE-2022-36879: Fix not seen in stream -CVE-2022-36946: Fix unknown +CVE-2022-36123: Fixed with 4.9.324 +CVE-2022-36879: Fixed with 4.9.325 +CVE-2022-36946: Fix not seen in stream
diff --git a/data/4.9/4.9_security.txt b/data/4.9/4.9_security.txt index 07e2907..73ed067 100644 --- a/data/4.9/4.9_security.txt +++ b/data/4.9/4.9_security.txt
@@ -1241,6 +1241,9 @@ CVE-2021-4149: 43bfa08ba62a1ca7a22365c7092e491e04327efb btrfs: unlock newly allocated extent buffer after error CVE-2022-1199: cad71f1094834eb69f7ceec8100d300c26b43053 ax25: Fix NULL pointer dereference in ax25_kill_by_device +CVEs fixed in 4.9.308: + CVE-2022-20368: b9d5772d60f8e7ef34e290f72fc20e3a4883e7d0 net/packet: fix slab-out-of-bounds access in packet_recvmsg() + CVEs fixed in 4.9.309: CVE-2022-1016: 4d28522acd1c4415c85f6b33463713a268f68965 netfilter: nf_tables: initialize registers in nft_do_chain() CVE-2022-26490: c1184fa07428fb81371d5863e09795f0d06d35cf nfc: st21nfca: Fix potential buffer overflows in EVT_TRANSACTION @@ -1295,6 +1298,12 @@ CVE-2022-33742: 8dad9a67100245295373523375610be850999b37 xen/blkfront: force data bouncing when backend is untrusted CVE-2022-33744: 856d1b8e6e826b5087f1ea3fdbabda3557d73599 xen/arm: Fix race in RB-tree based P2M accounting +CVEs fixed in 4.9.324: + CVE-2022-36123: b3d7c509bcbd4384d4964dcdf028b3c3e0adb7f7 x86: Clear .brk area at early boot + +CVEs fixed in 4.9.325: + CVE-2022-36879: 5aff12fa09504c6ea88fc17749a39cda2c4d6ef7 xfrm: xfrm_policy: fix a possible double xfrm_pols_put() in xfrm_bundle_lookup() + Outstanding CVEs: CVE-2005-3660: (unk) CVE-2007-3719: (unk) @@ -1471,12 +1480,14 @@ CVE-2022-1786: (unk) io_uring: remove io_identity CVE-2022-1882: (unk) CVE-2022-20148: (unk) f2fs: fix UAF in f2fs_available_free_memory + CVE-2022-20158: (unk) CVE-2022-20166: (unk) drivers core: Use sysfs_emit and sysfs_emit_at for show(device *...) functions + CVE-2022-20369: (unk) media: v4l2-mem2mem: Apply DST_QUEUE_OFF_BASE on MMAP buffers across ioctls CVE-2022-21499: (unk) lockdown: also lock down previous kgdb use CVE-2022-2153: (unk) KVM: x86: Avoid theoretical NULL pointer dereference in kvm_irq_delivery_to_apic_fast() CVE-2022-2209: (unk) CVE-2022-23222: (unk) bpf: Replace PTR_TO_XXX_OR_NULL with PTR_TO_XXX | PTR_MAYBE_NULL - CVE-2022-2327: (unk) + CVE-2022-2327: (unk) io_uring: remove any grabbing of context CVE-2022-23816: (unk) CVE-2022-23825: (unk) CVE-2022-25265: (unk) @@ -1484,5 +1495,4 @@ CVE-2022-29900: (unk) x86/kvm/vmx: Make noinstr clean CVE-2022-29901: (unk) x86/kvm/vmx: Make noinstr clean CVE-2022-34918: (unk) netfilter: nf_tables: stricter validation of element data - CVE-2022-36879: (unk) xfrm: xfrm_policy: fix a possible double xfrm_pols_put() in xfrm_bundle_lookup() - CVE-2022-36946: (unk) + CVE-2022-36946: (unk) netfilter: nf_queue: do not allow packet truncation below transport header offset
diff --git a/data/5.0/5.0_CVEs.txt b/data/5.0/5.0_CVEs.txt index 06ef115..3691843 100644 --- a/data/5.0/5.0_CVEs.txt +++ b/data/5.0/5.0_CVEs.txt
@@ -634,7 +634,10 @@ CVE-2022-20141: Fix not seen in stream CVE-2022-20148: Fix not seen in stream CVE-2022-20154: Fix not seen in stream +CVE-2022-20158: Fix unknown CVE-2022-20166: Fix not seen in stream +CVE-2022-20368: Fix not seen in stream +CVE-2022-20369: Fix not seen in stream CVE-2022-21123: Fix not seen in stream CVE-2022-21125: Fix not seen in stream CVE-2022-21166: Fix not seen in stream @@ -651,7 +654,7 @@ CVE-2022-23042: Fix not seen in stream CVE-2022-2318: Fix not seen in stream CVE-2022-23222: Fix not seen in stream -CVE-2022-2327: Fix unknown +CVE-2022-2327: Fix not seen in stream CVE-2022-2380: Fix not seen in stream CVE-2022-23816: Fix unknown CVE-2022-23825: Fix unknown @@ -684,5 +687,6 @@ CVE-2022-33744: Fix not seen in stream CVE-2022-33981: Fix not seen in stream CVE-2022-34918: Fix not seen in stream +CVE-2022-36123: Fix not seen in stream CVE-2022-36879: Fix not seen in stream -CVE-2022-36946: Fix unknown +CVE-2022-36946: Fix not seen in stream
diff --git a/data/5.0/5.0_security.txt b/data/5.0/5.0_security.txt index 75712cc..d25ef4d 100644 --- a/data/5.0/5.0_security.txt +++ b/data/5.0/5.0_security.txt
@@ -682,7 +682,10 @@ CVE-2022-20141: (unk) igmp: Add ip_mc_list lock in ip_check_mc_rcu CVE-2022-20148: (unk) f2fs: fix UAF in f2fs_available_free_memory CVE-2022-20154: (unk) sctp: use call_rcu to free endpoint + CVE-2022-20158: (unk) CVE-2022-20166: (unk) drivers core: Use sysfs_emit and sysfs_emit_at for show(device *...) functions + CVE-2022-20368: (unk) net/packet: fix slab-out-of-bounds access in packet_recvmsg() + CVE-2022-20369: (unk) media: v4l2-mem2mem: Apply DST_QUEUE_OFF_BASE on MMAP buffers across ioctls CVE-2022-21123: (unk) x86/speculation/mmio: Add mitigation for Processor MMIO Stale Data CVE-2022-21125: (unk) x86/speculation/mmio: Reuse SRBDS mitigation for SBDS CVE-2022-21166: (unk) x86/speculation/mmio: Enable CPU Fill buffer clearing on idle @@ -699,7 +702,7 @@ CVE-2022-23042: (unk) xen/netfront: react properly to failing gnttab_end_foreign_access_ref() CVE-2022-2318: (unk) net: rose: fix UAF bugs caused by timer handler CVE-2022-23222: (unk) bpf: Replace PTR_TO_XXX_OR_NULL with PTR_TO_XXX | PTR_MAYBE_NULL - CVE-2022-2327: (unk) + CVE-2022-2327: (unk) io_uring: remove any grabbing of context CVE-2022-2380: (unk) video: fbdev: sm712fb: Fix crash in smtcfb_read() CVE-2022-23816: (unk) CVE-2022-23825: (unk) @@ -732,5 +735,6 @@ CVE-2022-33744: (unk) xen/arm: Fix race in RB-tree based P2M accounting CVE-2022-33981: (unk) floppy: disable FDRAWCMD by default CVE-2022-34918: (unk) netfilter: nf_tables: stricter validation of element data + CVE-2022-36123: (unk) x86: Clear .brk area at early boot CVE-2022-36879: (unk) xfrm: xfrm_policy: fix a possible double xfrm_pols_put() in xfrm_bundle_lookup() - CVE-2022-36946: (unk) + CVE-2022-36946: (unk) netfilter: nf_queue: do not allow packet truncation below transport header offset
diff --git a/data/5.1/5.1_CVEs.txt b/data/5.1/5.1_CVEs.txt index 0e3d42f..814057b 100644 --- a/data/5.1/5.1_CVEs.txt +++ b/data/5.1/5.1_CVEs.txt
@@ -602,7 +602,10 @@ CVE-2022-20141: Fix not seen in stream CVE-2022-20148: Fix not seen in stream CVE-2022-20154: Fix not seen in stream +CVE-2022-20158: Fix unknown CVE-2022-20166: Fix not seen in stream +CVE-2022-20368: Fix not seen in stream +CVE-2022-20369: Fix not seen in stream CVE-2022-21123: Fix not seen in stream CVE-2022-21125: Fix not seen in stream CVE-2022-21166: Fix not seen in stream @@ -619,7 +622,7 @@ CVE-2022-23042: Fix not seen in stream CVE-2022-2318: Fix not seen in stream CVE-2022-23222: Fix not seen in stream -CVE-2022-2327: Fix unknown +CVE-2022-2327: Fix not seen in stream CVE-2022-2380: Fix not seen in stream CVE-2022-23816: Fix unknown CVE-2022-23825: Fix unknown @@ -653,5 +656,6 @@ CVE-2022-33744: Fix not seen in stream CVE-2022-33981: Fix not seen in stream CVE-2022-34918: Fix not seen in stream +CVE-2022-36123: Fix not seen in stream CVE-2022-36879: Fix not seen in stream -CVE-2022-36946: Fix unknown +CVE-2022-36946: Fix not seen in stream
diff --git a/data/5.1/5.1_security.txt b/data/5.1/5.1_security.txt index d7fc2be..d7459c0 100644 --- a/data/5.1/5.1_security.txt +++ b/data/5.1/5.1_security.txt
@@ -638,7 +638,10 @@ CVE-2022-20141: (unk) igmp: Add ip_mc_list lock in ip_check_mc_rcu CVE-2022-20148: (unk) f2fs: fix UAF in f2fs_available_free_memory CVE-2022-20154: (unk) sctp: use call_rcu to free endpoint + CVE-2022-20158: (unk) CVE-2022-20166: (unk) drivers core: Use sysfs_emit and sysfs_emit_at for show(device *...) functions + CVE-2022-20368: (unk) net/packet: fix slab-out-of-bounds access in packet_recvmsg() + CVE-2022-20369: (unk) media: v4l2-mem2mem: Apply DST_QUEUE_OFF_BASE on MMAP buffers across ioctls CVE-2022-21123: (unk) x86/speculation/mmio: Add mitigation for Processor MMIO Stale Data CVE-2022-21125: (unk) x86/speculation/mmio: Reuse SRBDS mitigation for SBDS CVE-2022-21166: (unk) x86/speculation/mmio: Enable CPU Fill buffer clearing on idle @@ -655,7 +658,7 @@ CVE-2022-23042: (unk) xen/netfront: react properly to failing gnttab_end_foreign_access_ref() CVE-2022-2318: (unk) net: rose: fix UAF bugs caused by timer handler CVE-2022-23222: (unk) bpf: Replace PTR_TO_XXX_OR_NULL with PTR_TO_XXX | PTR_MAYBE_NULL - CVE-2022-2327: (unk) + CVE-2022-2327: (unk) io_uring: remove any grabbing of context CVE-2022-2380: (unk) video: fbdev: sm712fb: Fix crash in smtcfb_read() CVE-2022-23816: (unk) CVE-2022-23825: (unk) @@ -689,5 +692,6 @@ CVE-2022-33744: (unk) xen/arm: Fix race in RB-tree based P2M accounting CVE-2022-33981: (unk) floppy: disable FDRAWCMD by default CVE-2022-34918: (unk) netfilter: nf_tables: stricter validation of element data + CVE-2022-36123: (unk) x86: Clear .brk area at early boot CVE-2022-36879: (unk) xfrm: xfrm_policy: fix a possible double xfrm_pols_put() in xfrm_bundle_lookup() - CVE-2022-36946: (unk) + CVE-2022-36946: (unk) netfilter: nf_queue: do not allow packet truncation below transport header offset
diff --git a/data/5.10/5.10_CVEs.txt b/data/5.10/5.10_CVEs.txt index 87fb37b..a886cab 100644 --- a/data/5.10/5.10_CVEs.txt +++ b/data/5.10/5.10_CVEs.txt
@@ -309,12 +309,15 @@ CVE-2022-20141: Fixed with 5.10.64 CVE-2022-20148: Fix not seen in stream CVE-2022-20154: Fixed with 5.10.90 +CVE-2022-20158: Fix unknown +CVE-2022-20368: Fixed with 5.10.108 +CVE-2022-20369: Fixed with 5.10.110 CVE-2022-2078: Fixed with 5.10.120 CVE-2022-21123: Fixed with 5.10.123 CVE-2022-21125: Fixed with 5.10.123 CVE-2022-21166: Fixed with 5.10.123 CVE-2022-21499: Fixed with 5.10.119 -CVE-2022-21505: Fix not seen in stream +CVE-2022-21505: Fixed with 5.10.134 CVE-2022-2153: Fix not seen in stream CVE-2022-2209: Fix unknown CVE-2022-22942: Fixed with 5.10.95 @@ -327,7 +330,7 @@ CVE-2022-23042: Fixed with 5.10.105 CVE-2022-2318: Fixed with 5.10.129 CVE-2022-23222: Fix not seen in stream -CVE-2022-2327: Fix unknown +CVE-2022-2327: Fix not seen in stream CVE-2022-2380: Fixed with 5.10.110 CVE-2022-23816: Fix unknown CVE-2022-23825: Fix unknown @@ -364,5 +367,6 @@ CVE-2022-33744: Fixed with 5.10.129 CVE-2022-33981: Fixed with 5.10.114 CVE-2022-34918: Fixed with 5.10.130 -CVE-2022-36879: Fix not seen in stream -CVE-2022-36946: Fix unknown +CVE-2022-36123: Fixed with 5.10.132 +CVE-2022-36879: Fixed with 5.10.134 +CVE-2022-36946: Fixed with 5.10.135
diff --git a/data/5.10/5.10_security.txt b/data/5.10/5.10_security.txt index 026a386..c6660b6 100644 --- a/data/5.10/5.10_security.txt +++ b/data/5.10/5.10_security.txt
@@ -369,6 +369,7 @@ CVE-2022-1199: e2201ef32f933944ee02e59205adb566bafcdf91 ax25: Fix NULL pointer dereference in ax25_kill_by_device CVEs fixed in 5.10.108: + CVE-2022-20368: 70b7b3c055fd4a464da8da55ff4c1f84269f9b02 net/packet: fix slab-out-of-bounds access in packet_recvmsg() CVE-2022-27666: 9248694dac20eda06e22d8503364dc9d03df4e2f esp: Fix possible buffer overflow in ESP transformation CVEs fixed in 5.10.109: @@ -383,6 +384,7 @@ CVE-2022-1198: f67a1400788f550d201c71aeaf56706afe57f0da drivers: hamradio: 6pack: fix UAF bug caused by mod_timer() CVE-2022-1353: 8d3f4ad43054619379ccc697cfcbdb2c266800d8 af_key: add __GFP_ZERO flag for compose_sadb_supported in function pfkey_register CVE-2022-1516: 5c94b6205e87411dbe9dc1ca088eb36b8837fb47 net/x25: Fix null-ptr-deref caused by x25_disconnect + CVE-2022-20369: 8a83731a09a5954b85b1ce49c01ff5c2a3465cb7 media: v4l2-mem2mem: Apply DST_QUEUE_OFF_BASE on MMAP buffers across ioctls CVE-2022-2380: 72af8810922eb143ed4f116db246789ead2d8543 video: fbdev: sm712fb: Fix crash in smtcfb_read() CVE-2022-28388: 5318cdf4fd834856ce71238b064f35386f9ef528 can: usb_8dev: usb_8dev_start_xmit(): fix double dev_kfree_skb() in error path CVE-2022-28389: 0801a51d79389282c1271e623613b2e1886e071e can: mcba_usb: mcba_usb_start_xmit(): fix double dev_kfree_skb in error path @@ -458,10 +460,20 @@ CVE-2021-33655: b727561ddc9360de9631af2d970d8ffed676a750 fbcon: Disallow setting font bigger than screen size CVE-2022-34918: 0a5e36dbcb448a7a8ba63d1d4b6ade2c9d3cc8bf netfilter: nf_tables: stricter validation of element data +CVEs fixed in 5.10.132: + CVE-2022-36123: 136d7987fcfdeca73ee3c6a29e48f99fdd0f4d87 x86: Clear .brk area at early boot + CVEs fixed in 5.10.133: CVE-2022-29900: 7070bbb66c5303117e4c7651711ea7daae4c64b5 x86/kvm/vmx: Make noinstr clean CVE-2022-29901: 7070bbb66c5303117e4c7651711ea7daae4c64b5 x86/kvm/vmx: Make noinstr clean +CVEs fixed in 5.10.134: + CVE-2022-21505: ab5050fd7430dde3a9f073129036d3da3facc8ec lockdown: Fix kexec lockdown bypass with ima policy + CVE-2022-36879: 47b696dd654450cdec3103a833e5bf29c4b83bfa xfrm: xfrm_policy: fix a possible double xfrm_pols_put() in xfrm_bundle_lookup() + +CVEs fixed in 5.10.135: + CVE-2022-36946: 440dccd80f627e0e11ceb0429e4cdab61857d17e netfilter: nf_queue: do not allow packet truncation below transport header offset + Outstanding CVEs: CVE-2005-3660: (unk) CVE-2007-3719: (unk) @@ -548,13 +560,11 @@ CVE-2022-1679: (unk) CVE-2022-1882: (unk) CVE-2022-20148: (unk) f2fs: fix UAF in f2fs_available_free_memory - CVE-2022-21505: (unk) lockdown: Fix kexec lockdown bypass with ima policy + CVE-2022-20158: (unk) CVE-2022-2153: (unk) KVM: x86: Avoid theoretical NULL pointer dereference in kvm_irq_delivery_to_apic_fast() CVE-2022-2209: (unk) CVE-2022-23222: (unk) bpf: Replace PTR_TO_XXX_OR_NULL with PTR_TO_XXX | PTR_MAYBE_NULL - CVE-2022-2327: (unk) + CVE-2022-2327: (unk) io_uring: remove any grabbing of context CVE-2022-23816: (unk) CVE-2022-23825: (unk) CVE-2022-25265: (unk) - CVE-2022-36879: (unk) xfrm: xfrm_policy: fix a possible double xfrm_pols_put() in xfrm_bundle_lookup() - CVE-2022-36946: (unk)
diff --git a/data/5.11/5.11_CVEs.txt b/data/5.11/5.11_CVEs.txt index 11f844a..403bf41 100644 --- a/data/5.11/5.11_CVEs.txt +++ b/data/5.11/5.11_CVEs.txt
@@ -298,6 +298,9 @@ CVE-2022-20141: Fix not seen in stream CVE-2022-20148: Fix not seen in stream CVE-2022-20154: Fix not seen in stream +CVE-2022-20158: Fix unknown +CVE-2022-20368: Fix not seen in stream +CVE-2022-20369: Fix not seen in stream CVE-2022-2078: Fix not seen in stream CVE-2022-21123: Fix not seen in stream CVE-2022-21125: Fix not seen in stream @@ -316,7 +319,7 @@ CVE-2022-23042: Fix not seen in stream CVE-2022-2318: Fix not seen in stream CVE-2022-23222: Fix not seen in stream -CVE-2022-2327: Fix unknown +CVE-2022-2327: Fix not seen in stream CVE-2022-2380: Fix not seen in stream CVE-2022-23816: Fix unknown CVE-2022-23825: Fix unknown @@ -353,5 +356,6 @@ CVE-2022-33744: Fix not seen in stream CVE-2022-33981: Fix not seen in stream CVE-2022-34918: Fix not seen in stream +CVE-2022-36123: Fix not seen in stream CVE-2022-36879: Fix not seen in stream -CVE-2022-36946: Fix unknown +CVE-2022-36946: Fix not seen in stream
diff --git a/data/5.11/5.11_security.txt b/data/5.11/5.11_security.txt index 8124a9d..ab9e5f9 100644 --- a/data/5.11/5.11_security.txt +++ b/data/5.11/5.11_security.txt
@@ -338,6 +338,9 @@ CVE-2022-20141: (unk) igmp: Add ip_mc_list lock in ip_check_mc_rcu CVE-2022-20148: (unk) f2fs: fix UAF in f2fs_available_free_memory CVE-2022-20154: (unk) sctp: use call_rcu to free endpoint + CVE-2022-20158: (unk) + CVE-2022-20368: (unk) net/packet: fix slab-out-of-bounds access in packet_recvmsg() + CVE-2022-20369: (unk) media: v4l2-mem2mem: Apply DST_QUEUE_OFF_BASE on MMAP buffers across ioctls CVE-2022-2078: (unk) netfilter: nf_tables: sanitize nft_set_desc_concat_parse() CVE-2022-21123: (unk) x86/speculation/mmio: Add mitigation for Processor MMIO Stale Data CVE-2022-21125: (unk) x86/speculation/mmio: Reuse SRBDS mitigation for SBDS @@ -356,7 +359,7 @@ CVE-2022-23042: (unk) xen/netfront: react properly to failing gnttab_end_foreign_access_ref() CVE-2022-2318: (unk) net: rose: fix UAF bugs caused by timer handler CVE-2022-23222: (unk) bpf: Replace PTR_TO_XXX_OR_NULL with PTR_TO_XXX | PTR_MAYBE_NULL - CVE-2022-2327: (unk) + CVE-2022-2327: (unk) io_uring: remove any grabbing of context CVE-2022-2380: (unk) video: fbdev: sm712fb: Fix crash in smtcfb_read() CVE-2022-23816: (unk) CVE-2022-23825: (unk) @@ -393,5 +396,6 @@ CVE-2022-33744: (unk) xen/arm: Fix race in RB-tree based P2M accounting CVE-2022-33981: (unk) floppy: disable FDRAWCMD by default CVE-2022-34918: (unk) netfilter: nf_tables: stricter validation of element data + CVE-2022-36123: (unk) x86: Clear .brk area at early boot CVE-2022-36879: (unk) xfrm: xfrm_policy: fix a possible double xfrm_pols_put() in xfrm_bundle_lookup() - CVE-2022-36946: (unk) + CVE-2022-36946: (unk) netfilter: nf_queue: do not allow packet truncation below transport header offset
diff --git a/data/5.12/5.12_CVEs.txt b/data/5.12/5.12_CVEs.txt index 8a29f12..24b3895 100644 --- a/data/5.12/5.12_CVEs.txt +++ b/data/5.12/5.12_CVEs.txt
@@ -252,6 +252,9 @@ CVE-2022-20148: Fix not seen in stream CVE-2022-20153: Fix not seen in stream CVE-2022-20154: Fix not seen in stream +CVE-2022-20158: Fix unknown +CVE-2022-20368: Fix not seen in stream +CVE-2022-20369: Fix not seen in stream CVE-2022-2078: Fix not seen in stream CVE-2022-21123: Fix not seen in stream CVE-2022-21125: Fix not seen in stream @@ -270,7 +273,6 @@ CVE-2022-23042: Fix not seen in stream CVE-2022-2318: Fix not seen in stream CVE-2022-23222: Fix not seen in stream -CVE-2022-2327: Fix unknown CVE-2022-2380: Fix not seen in stream CVE-2022-23816: Fix unknown CVE-2022-23825: Fix unknown @@ -308,5 +310,6 @@ CVE-2022-33744: Fix not seen in stream CVE-2022-33981: Fix not seen in stream CVE-2022-34918: Fix not seen in stream +CVE-2022-36123: Fix not seen in stream CVE-2022-36879: Fix not seen in stream -CVE-2022-36946: Fix unknown +CVE-2022-36946: Fix not seen in stream
diff --git a/data/5.12/5.12_security.txt b/data/5.12/5.12_security.txt index 0bd1f91..8691382 100644 --- a/data/5.12/5.12_security.txt +++ b/data/5.12/5.12_security.txt
@@ -284,6 +284,9 @@ CVE-2022-20148: (unk) f2fs: fix UAF in f2fs_available_free_memory CVE-2022-20153: (unk) io_uring: return back safer resurrect CVE-2022-20154: (unk) sctp: use call_rcu to free endpoint + CVE-2022-20158: (unk) + CVE-2022-20368: (unk) net/packet: fix slab-out-of-bounds access in packet_recvmsg() + CVE-2022-20369: (unk) media: v4l2-mem2mem: Apply DST_QUEUE_OFF_BASE on MMAP buffers across ioctls CVE-2022-2078: (unk) netfilter: nf_tables: sanitize nft_set_desc_concat_parse() CVE-2022-21123: (unk) x86/speculation/mmio: Add mitigation for Processor MMIO Stale Data CVE-2022-21125: (unk) x86/speculation/mmio: Reuse SRBDS mitigation for SBDS @@ -302,7 +305,6 @@ CVE-2022-23042: (unk) xen/netfront: react properly to failing gnttab_end_foreign_access_ref() CVE-2022-2318: (unk) net: rose: fix UAF bugs caused by timer handler CVE-2022-23222: (unk) bpf: Replace PTR_TO_XXX_OR_NULL with PTR_TO_XXX | PTR_MAYBE_NULL - CVE-2022-2327: (unk) CVE-2022-2380: (unk) video: fbdev: sm712fb: Fix crash in smtcfb_read() CVE-2022-23816: (unk) CVE-2022-23825: (unk) @@ -340,5 +342,6 @@ CVE-2022-33744: (unk) xen/arm: Fix race in RB-tree based P2M accounting CVE-2022-33981: (unk) floppy: disable FDRAWCMD by default CVE-2022-34918: (unk) netfilter: nf_tables: stricter validation of element data + CVE-2022-36123: (unk) x86: Clear .brk area at early boot CVE-2022-36879: (unk) xfrm: xfrm_policy: fix a possible double xfrm_pols_put() in xfrm_bundle_lookup() - CVE-2022-36946: (unk) + CVE-2022-36946: (unk) netfilter: nf_queue: do not allow packet truncation below transport header offset
diff --git a/data/5.13/5.13_CVEs.txt b/data/5.13/5.13_CVEs.txt index 50ec9e5..a12bdc9 100644 --- a/data/5.13/5.13_CVEs.txt +++ b/data/5.13/5.13_CVEs.txt
@@ -215,6 +215,9 @@ CVE-2022-20141: Fixed with 5.13.16 CVE-2022-20148: Fix not seen in stream CVE-2022-20154: Fix not seen in stream +CVE-2022-20158: Fix unknown +CVE-2022-20368: Fix not seen in stream +CVE-2022-20369: Fix not seen in stream CVE-2022-2078: Fix not seen in stream CVE-2022-21123: Fix not seen in stream CVE-2022-21125: Fix not seen in stream @@ -233,7 +236,6 @@ CVE-2022-23042: Fix not seen in stream CVE-2022-2318: Fix not seen in stream CVE-2022-23222: Fix not seen in stream -CVE-2022-2327: Fix unknown CVE-2022-2380: Fix not seen in stream CVE-2022-23816: Fix unknown CVE-2022-23825: Fix unknown @@ -274,5 +276,6 @@ CVE-2022-34494: Fix not seen in stream CVE-2022-34495: Fix not seen in stream CVE-2022-34918: Fix not seen in stream +CVE-2022-36123: Fix not seen in stream CVE-2022-36879: Fix not seen in stream -CVE-2022-36946: Fix unknown +CVE-2022-36946: Fix not seen in stream
diff --git a/data/5.13/5.13_security.txt b/data/5.13/5.13_security.txt index e1c2d39..67041ed 100644 --- a/data/5.13/5.13_security.txt +++ b/data/5.13/5.13_security.txt
@@ -247,6 +247,9 @@ CVE-2022-20132: (unk) HID: add hid_is_usb() function to make it simpler for USB detection CVE-2022-20148: (unk) f2fs: fix UAF in f2fs_available_free_memory CVE-2022-20154: (unk) sctp: use call_rcu to free endpoint + CVE-2022-20158: (unk) + CVE-2022-20368: (unk) net/packet: fix slab-out-of-bounds access in packet_recvmsg() + CVE-2022-20369: (unk) media: v4l2-mem2mem: Apply DST_QUEUE_OFF_BASE on MMAP buffers across ioctls CVE-2022-2078: (unk) netfilter: nf_tables: sanitize nft_set_desc_concat_parse() CVE-2022-21123: (unk) x86/speculation/mmio: Add mitigation for Processor MMIO Stale Data CVE-2022-21125: (unk) x86/speculation/mmio: Reuse SRBDS mitigation for SBDS @@ -265,7 +268,6 @@ CVE-2022-23042: (unk) xen/netfront: react properly to failing gnttab_end_foreign_access_ref() CVE-2022-2318: (unk) net: rose: fix UAF bugs caused by timer handler CVE-2022-23222: (unk) bpf: Replace PTR_TO_XXX_OR_NULL with PTR_TO_XXX | PTR_MAYBE_NULL - CVE-2022-2327: (unk) CVE-2022-2380: (unk) video: fbdev: sm712fb: Fix crash in smtcfb_read() CVE-2022-23816: (unk) CVE-2022-23825: (unk) @@ -306,5 +308,6 @@ CVE-2022-34494: (unk) rpmsg: virtio: Fix possible double free in rpmsg_virtio_add_ctrl_dev() CVE-2022-34495: (unk) rpmsg: virtio: Fix possible double free in rpmsg_probe() CVE-2022-34918: (unk) netfilter: nf_tables: stricter validation of element data + CVE-2022-36123: (unk) x86: Clear .brk area at early boot CVE-2022-36879: (unk) xfrm: xfrm_policy: fix a possible double xfrm_pols_put() in xfrm_bundle_lookup() - CVE-2022-36946: (unk) + CVE-2022-36946: (unk) netfilter: nf_queue: do not allow packet truncation below transport header offset
diff --git a/data/5.14/5.14_CVEs.txt b/data/5.14/5.14_CVEs.txt index 37c1ae2..82b1cee 100644 --- a/data/5.14/5.14_CVEs.txt +++ b/data/5.14/5.14_CVEs.txt
@@ -187,6 +187,9 @@ CVE-2022-20141: Fixed with 5.14.3 CVE-2022-20148: Fixed with 5.14.19 CVE-2022-20154: Fix not seen in stream +CVE-2022-20158: Fix unknown +CVE-2022-20368: Fix not seen in stream +CVE-2022-20369: Fix not seen in stream CVE-2022-2078: Fix not seen in stream CVE-2022-21123: Fix not seen in stream CVE-2022-21125: Fix not seen in stream @@ -205,7 +208,6 @@ CVE-2022-23042: Fix not seen in stream CVE-2022-2318: Fix not seen in stream CVE-2022-23222: Fix not seen in stream -CVE-2022-2327: Fix unknown CVE-2022-2380: Fix not seen in stream CVE-2022-23816: Fix unknown CVE-2022-23825: Fix unknown @@ -247,5 +249,6 @@ CVE-2022-34494: Fix not seen in stream CVE-2022-34495: Fix not seen in stream CVE-2022-34918: Fix not seen in stream +CVE-2022-36123: Fix not seen in stream CVE-2022-36879: Fix not seen in stream -CVE-2022-36946: Fix unknown +CVE-2022-36946: Fix not seen in stream
diff --git a/data/5.14/5.14_security.txt b/data/5.14/5.14_security.txt index 9fa7ae7..0d2d467 100644 --- a/data/5.14/5.14_security.txt +++ b/data/5.14/5.14_security.txt
@@ -221,6 +221,9 @@ CVE-2022-20008: (unk) mmc: block: fix read single on recovery logic CVE-2022-20132: (unk) HID: add hid_is_usb() function to make it simpler for USB detection CVE-2022-20154: (unk) sctp: use call_rcu to free endpoint + CVE-2022-20158: (unk) + CVE-2022-20368: (unk) net/packet: fix slab-out-of-bounds access in packet_recvmsg() + CVE-2022-20369: (unk) media: v4l2-mem2mem: Apply DST_QUEUE_OFF_BASE on MMAP buffers across ioctls CVE-2022-2078: (unk) netfilter: nf_tables: sanitize nft_set_desc_concat_parse() CVE-2022-21123: (unk) x86/speculation/mmio: Add mitigation for Processor MMIO Stale Data CVE-2022-21125: (unk) x86/speculation/mmio: Reuse SRBDS mitigation for SBDS @@ -239,7 +242,6 @@ CVE-2022-23042: (unk) xen/netfront: react properly to failing gnttab_end_foreign_access_ref() CVE-2022-2318: (unk) net: rose: fix UAF bugs caused by timer handler CVE-2022-23222: (unk) bpf: Replace PTR_TO_XXX_OR_NULL with PTR_TO_XXX | PTR_MAYBE_NULL - CVE-2022-2327: (unk) CVE-2022-2380: (unk) video: fbdev: sm712fb: Fix crash in smtcfb_read() CVE-2022-23816: (unk) CVE-2022-23825: (unk) @@ -281,5 +283,6 @@ CVE-2022-34494: (unk) rpmsg: virtio: Fix possible double free in rpmsg_virtio_add_ctrl_dev() CVE-2022-34495: (unk) rpmsg: virtio: Fix possible double free in rpmsg_probe() CVE-2022-34918: (unk) netfilter: nf_tables: stricter validation of element data + CVE-2022-36123: (unk) x86: Clear .brk area at early boot CVE-2022-36879: (unk) xfrm: xfrm_policy: fix a possible double xfrm_pols_put() in xfrm_bundle_lookup() - CVE-2022-36946: (unk) + CVE-2022-36946: (unk) netfilter: nf_queue: do not allow packet truncation below transport header offset
diff --git a/data/5.15/5.15_CVEs.txt b/data/5.15/5.15_CVEs.txt index b072c83..67b6b89 100644 --- a/data/5.15/5.15_CVEs.txt +++ b/data/5.15/5.15_CVEs.txt
@@ -154,12 +154,15 @@ CVE-2022-20132: Fixed with 5.15.8 CVE-2022-20148: Fixed with 5.15.3 CVE-2022-20154: Fixed with 5.15.13 +CVE-2022-20158: Fix unknown +CVE-2022-20368: Fixed with 5.15.31 +CVE-2022-20369: Fixed with 5.15.33 CVE-2022-2078: Fixed with 5.15.45 CVE-2022-21123: Fixed with 5.15.48 CVE-2022-21125: Fixed with 5.15.48 CVE-2022-21166: Fixed with 5.15.48 CVE-2022-21499: Fixed with 5.15.42 -CVE-2022-21505: Fix not seen in stream +CVE-2022-21505: Fixed with 5.15.58 CVE-2022-2153: Fixed with 5.15.33 CVE-2022-2209: Fix unknown CVE-2022-22942: Fixed with 5.15.18 @@ -172,7 +175,6 @@ CVE-2022-23042: Fixed with 5.15.28 CVE-2022-2318: Fixed with 5.15.53 CVE-2022-23222: Fixed with 5.15.37 -CVE-2022-2327: Fix unknown CVE-2022-2380: Fixed with 5.15.33 CVE-2022-23816: Fix unknown CVE-2022-23825: Fix unknown @@ -215,5 +217,6 @@ CVE-2022-34494: Fixed with 5.15.47 CVE-2022-34495: Fixed with 5.15.47 CVE-2022-34918: Fixed with 5.15.54 -CVE-2022-36879: Fix not seen in stream -CVE-2022-36946: Fix unknown +CVE-2022-36123: Fixed with 5.15.56 +CVE-2022-36879: Fixed with 5.15.58 +CVE-2022-36946: Fixed with 5.15.59
diff --git a/data/5.15/5.15_security.txt b/data/5.15/5.15_security.txt index 59ec71c..b483952 100644 --- a/data/5.15/5.15_security.txt +++ b/data/5.15/5.15_security.txt
@@ -126,6 +126,9 @@ CVE-2022-1199: 46ad629e58ce3a88c924ff3c5a7e9129b0df5659 ax25: Fix NULL pointer dereference in ax25_kill_by_device CVE-2022-27666: 4aaabbffc3b0658ce80eebdde9bafa20a3f932e0 esp: Fix possible buffer overflow in ESP transformation +CVEs fixed in 5.15.31: + CVE-2022-20368: a055f5f2841f7522b44a2b1eccb1951b4b03d51a net/packet: fix slab-out-of-bounds access in packet_recvmsg() + CVEs fixed in 5.15.32: CVE-2022-1015: 1bd57dea456149619f3b80d67eee012122325af8 netfilter: nf_tables: validate registers coming from userspace. CVE-2022-1016: fafb904156fbb8f1dd34970cd5223e00b47c33be netfilter: nf_tables: initialize registers in nft_do_chain() @@ -141,6 +144,7 @@ CVE-2022-1516: 409570a619c1cda2e0fde6018a256b9e3d3ba0ee net/x25: Fix null-ptr-deref caused by x25_disconnect CVE-2022-1651: 1d5103d9bb7d42fc220afe9f01ec6b9fe0ea5773 virt: acrn: fix a memory leak in acrn_dev_ioctl() CVE-2022-1671: 432297011caf71dbc95c3365a65adf365e79aff3 rxrpc: fix some null-ptr-deref bugs in server_key.c + CVE-2022-20369: 48d00e24822e4384edcee3aae03d54c1b7982eba media: v4l2-mem2mem: Apply DST_QUEUE_OFF_BASE on MMAP buffers across ioctls CVE-2022-2153: 0e5dbc0540baa89faf4c04ccc7e9c4fe6b1d7bf4 KVM: x86: Avoid theoretical NULL pointer dereference in kvm_irq_delivery_to_apic_fast() CVE-2022-2380: 46cdbff26c88fd75dccbf28df1d07cbe18007eac video: fbdev: sm712fb: Fix crash in smtcfb_read() CVE-2022-28388: f2ce5238904f539648aaf56c5ee49e5eaf44d8fc can: usb_8dev: usb_8dev_start_xmit(): fix double dev_kfree_skb() in error path @@ -219,10 +223,20 @@ CVE-2021-33655: 6886327780254ba749b770373653b6afc2a339fc fbcon: Disallow setting font bigger than screen size CVE-2022-34918: c1784d2075138992b00c17ab4ffc6d855171fe6d netfilter: nf_tables: stricter validation of element data +CVEs fixed in 5.15.56: + CVE-2022-36123: 26bb7afc027ce6ac8ab6747babec674d55689ff0 x86: Clear .brk area at early boot + CVEs fixed in 5.15.57: CVE-2022-29900: ccb25d7db1a29bc251692be745b000e6f0754048 x86/kvm/vmx: Make noinstr clean CVE-2022-29901: ccb25d7db1a29bc251692be745b000e6f0754048 x86/kvm/vmx: Make noinstr clean +CVEs fixed in 5.15.58: + CVE-2022-21505: 0e66932a9dc9ba47e60405b392e3782a332bc44e lockdown: Fix kexec lockdown bypass with ima policy + CVE-2022-36879: c8e32bca0676ac663266a3b16562cb017300adcd xfrm: xfrm_policy: fix a possible double xfrm_pols_put() in xfrm_bundle_lookup() + +CVEs fixed in 5.15.59: + CVE-2022-36946: 91c11008aab0282957b8b8ccb0707d90e74cc3b9 netfilter: nf_queue: do not allow packet truncation below transport header offset + Outstanding CVEs: CVE-2005-3660: (unk) CVE-2007-3719: (unk) @@ -291,13 +305,10 @@ CVE-2022-1462: (unk) CVE-2022-1679: (unk) CVE-2022-1882: (unk) - CVE-2022-21505: (unk) lockdown: Fix kexec lockdown bypass with ima policy + CVE-2022-20158: (unk) CVE-2022-2209: (unk) - CVE-2022-2327: (unk) CVE-2022-23816: (unk) CVE-2022-23825: (unk) CVE-2022-24122: (unk) ucount: Make get_ucount a safe get_user replacement CVE-2022-25265: (unk) CVE-2022-26878: (unk) - CVE-2022-36879: (unk) xfrm: xfrm_policy: fix a possible double xfrm_pols_put() in xfrm_bundle_lookup() - CVE-2022-36946: (unk)
diff --git a/data/5.16/5.16_CVEs.txt b/data/5.16/5.16_CVEs.txt index e16b626..e207788 100644 --- a/data/5.16/5.16_CVEs.txt +++ b/data/5.16/5.16_CVEs.txt
@@ -120,6 +120,9 @@ CVE-2022-1975: Fix not seen in stream CVE-2022-1998: Fixed with 5.16.6 CVE-2022-20008: Fixed with 5.16.11 +CVE-2022-20158: Fix unknown +CVE-2022-20368: Fixed with 5.16.17 +CVE-2022-20369: Fixed with 5.16.19 CVE-2022-2078: Fix not seen in stream CVE-2022-21123: Fix not seen in stream CVE-2022-21125: Fix not seen in stream @@ -138,7 +141,6 @@ CVE-2022-23042: Fixed with 5.16.14 CVE-2022-2318: Fix not seen in stream CVE-2022-23222: Fixed with 5.16.11 -CVE-2022-2327: Fix unknown CVE-2022-2380: Fixed with 5.16.19 CVE-2022-23816: Fix unknown CVE-2022-23825: Fix unknown @@ -182,5 +184,6 @@ CVE-2022-34494: Fix not seen in stream CVE-2022-34495: Fix not seen in stream CVE-2022-34918: Fix not seen in stream +CVE-2022-36123: Fix not seen in stream CVE-2022-36879: Fix not seen in stream -CVE-2022-36946: Fix unknown +CVE-2022-36946: Fix not seen in stream
diff --git a/data/5.16/5.16_security.txt b/data/5.16/5.16_security.txt index 8f5dbea..bf49a74 100644 --- a/data/5.16/5.16_security.txt +++ b/data/5.16/5.16_security.txt
@@ -75,6 +75,9 @@ CVE-2022-1199: 1d83a95214bc516bd8778fa423cb8383d925f8c8 ax25: Fix NULL pointer dereference in ax25_kill_by_device CVE-2022-27666: 9afe83f62aac348db1facb28bfc106109a06e44d esp: Fix possible buffer overflow in ESP transformation +CVEs fixed in 5.16.17: + CVE-2022-20368: ef591b35176029fdefea38e8388ffa371e18f4b2 net/packet: fix slab-out-of-bounds access in packet_recvmsg() + CVEs fixed in 5.16.18: CVE-2022-1015: 2c8ebdaa7c9755b85d90c07530210e83665bad9a netfilter: nf_tables: validate registers coming from userspace. CVE-2022-1016: 64f24c76dd0ce53d0fa3a0bfb9aeea507c769485 netfilter: nf_tables: initialize registers in nft_do_chain() @@ -89,6 +92,7 @@ CVE-2022-1516: 4a279d7ee1c65411b4055ecd428b8aa2b1711c1f net/x25: Fix null-ptr-deref caused by x25_disconnect CVE-2022-1651: ee827d86ee73583c0f0b65db877467d9b5551aa4 virt: acrn: fix a memory leak in acrn_dev_ioctl() CVE-2022-1671: c3c415ae0c82da1349d85b8c9b18e6480aa6a230 rxrpc: fix some null-ptr-deref bugs in server_key.c + CVE-2022-20369: 2a5fd6b402049521f657966a42c4277f083a63c0 media: v4l2-mem2mem: Apply DST_QUEUE_OFF_BASE on MMAP buffers across ioctls CVE-2022-2153: 9e38128f8bd1d4f2244d8a393bc5dc204a99a541 KVM: x86: Avoid theoretical NULL pointer dereference in kvm_irq_delivery_to_apic_fast() CVE-2022-2380: 34d986f6ee5f5ac48cd2b9e2d061196fd3c29d39 video: fbdev: sm712fb: Fix crash in smtcfb_read() CVE-2022-28388: 3e006cf0fb809815d56e59c9de4486fbe253ccdf can: usb_8dev: usb_8dev_start_xmit(): fix double dev_kfree_skb() in error path @@ -185,6 +189,7 @@ CVE-2022-1973: (unk) fs/ntfs3: Fix invalid free in log_replay CVE-2022-1974: (unk) nfc: replace improper check device_is_registered() in netlink related functions CVE-2022-1975: (unk) NFC: netlink: fix sleep in atomic bug when firmware download timeout + CVE-2022-20158: (unk) CVE-2022-2078: (unk) netfilter: nf_tables: sanitize nft_set_desc_concat_parse() CVE-2022-21123: (unk) x86/speculation/mmio: Add mitigation for Processor MMIO Stale Data CVE-2022-21125: (unk) x86/speculation/mmio: Reuse SRBDS mitigation for SBDS @@ -193,7 +198,6 @@ CVE-2022-21505: (unk) lockdown: Fix kexec lockdown bypass with ima policy CVE-2022-2209: (unk) CVE-2022-2318: (unk) net: rose: fix UAF bugs caused by timer handler - CVE-2022-2327: (unk) CVE-2022-23816: (unk) CVE-2022-23825: (unk) CVE-2022-24122: (unk) ucount: Make get_ucount a safe get_user replacement @@ -216,5 +220,6 @@ CVE-2022-34494: (unk) rpmsg: virtio: Fix possible double free in rpmsg_virtio_add_ctrl_dev() CVE-2022-34495: (unk) rpmsg: virtio: Fix possible double free in rpmsg_probe() CVE-2022-34918: (unk) netfilter: nf_tables: stricter validation of element data + CVE-2022-36123: (unk) x86: Clear .brk area at early boot CVE-2022-36879: (unk) xfrm: xfrm_policy: fix a possible double xfrm_pols_put() in xfrm_bundle_lookup() - CVE-2022-36946: (unk) + CVE-2022-36946: (unk) netfilter: nf_queue: do not allow packet truncation below transport header offset
diff --git a/data/5.17/5.17_CVEs.txt b/data/5.17/5.17_CVEs.txt index e7ce4b4..5185385 100644 --- a/data/5.17/5.17_CVEs.txt +++ b/data/5.17/5.17_CVEs.txt
@@ -89,6 +89,9 @@ CVE-2022-1973: Fixed with 5.17.14 CVE-2022-1974: Fixed with 5.17.7 CVE-2022-1975: Fixed with 5.17.7 +CVE-2022-20158: Fix unknown +CVE-2022-20368: Fixed with 5.17 +CVE-2022-20369: Fixed with 5.17.2 CVE-2022-2078: Fixed with 5.17.13 CVE-2022-21123: Fix not seen in stream CVE-2022-21125: Fix not seen in stream @@ -98,7 +101,6 @@ CVE-2022-2153: Fixed with 5.17.2 CVE-2022-2209: Fix unknown CVE-2022-2318: Fix not seen in stream -CVE-2022-2327: Fix unknown CVE-2022-2380: Fixed with 5.17.2 CVE-2022-23816: Fix unknown CVE-2022-23825: Fix unknown @@ -129,5 +131,6 @@ CVE-2022-34494: Fixed with 5.17.15 CVE-2022-34495: Fixed with 5.17.15 CVE-2022-34918: Fix not seen in stream +CVE-2022-36123: Fix not seen in stream CVE-2022-36879: Fix not seen in stream -CVE-2022-36946: Fix unknown +CVE-2022-36946: Fix not seen in stream
diff --git a/data/5.17/5.17_security.txt b/data/5.17/5.17_security.txt index 92f91ed..4de1f1c 100644 --- a/data/5.17/5.17_security.txt +++ b/data/5.17/5.17_security.txt
@@ -1,6 +1,7 @@ CVEs fixed in 5.17: CVE-2022-1353: 9a564bccb78a76740ea9d75a259942df8143d02c af_key: add __GFP_ZERO flag for compose_sadb_supported in function pfkey_register + CVE-2022-20368: c700525fcc06b05adfea78039de02628af79e07a net/packet: fix slab-out-of-bounds access in packet_recvmsg() CVEs fixed in 5.17.1: CVE-2022-1015: afdc3f4b81f0ec9f97f0910476af4620a2481a6d netfilter: nf_tables: validate registers coming from userspace. @@ -17,6 +18,7 @@ CVE-2022-1516: 671529db75e6be777bb1c76aa07c2bdd2992be6d net/x25: Fix null-ptr-deref caused by x25_disconnect CVE-2022-1651: f8e6e18d117e461110c849a11c6a396dcccdbd4e virt: acrn: fix a memory leak in acrn_dev_ioctl() CVE-2022-1671: 4e1f670e1b440dc783dbeb881d575bca31474f73 rxrpc: fix some null-ptr-deref bugs in server_key.c + CVE-2022-20369: 3c6ec01525254e4489c6e60df2a8c48ee81f6f78 media: v4l2-mem2mem: Apply DST_QUEUE_OFF_BASE on MMAP buffers across ioctls CVE-2022-2153: 9fa2b94443ff41cdecdff6f4d4324d83af01089a KVM: x86: Avoid theoretical NULL pointer dereference in kvm_irq_delivery_to_apic_fast() CVE-2022-2380: e46779a5706941fb9cd6e0264427953eb77d7888 video: fbdev: sm712fb: Fix crash in smtcfb_read() CVE-2022-28388: 29d6c06168faa23ce23db3321981c8fde576c95c can: usb_8dev: usb_8dev_start_xmit(): fix double dev_kfree_skb() in error path @@ -139,13 +141,13 @@ CVE-2022-1462: (unk) CVE-2022-1679: (unk) CVE-2022-1882: (unk) + CVE-2022-20158: (unk) CVE-2022-21123: (unk) x86/speculation/mmio: Add mitigation for Processor MMIO Stale Data CVE-2022-21125: (unk) x86/speculation/mmio: Reuse SRBDS mitigation for SBDS CVE-2022-21166: (unk) x86/speculation/mmio: Enable CPU Fill buffer clearing on idle CVE-2022-21505: (unk) lockdown: Fix kexec lockdown bypass with ima policy CVE-2022-2209: (unk) CVE-2022-2318: (unk) net: rose: fix UAF bugs caused by timer handler - CVE-2022-2327: (unk) CVE-2022-23816: (unk) CVE-2022-23825: (unk) CVE-2022-25265: (unk) @@ -159,5 +161,6 @@ CVE-2022-33743: (unk) xen-netfront: restore __skb_queue_tail() positioning in xennet_get_responses() CVE-2022-33744: (unk) xen/arm: Fix race in RB-tree based P2M accounting CVE-2022-34918: (unk) netfilter: nf_tables: stricter validation of element data + CVE-2022-36123: (unk) x86: Clear .brk area at early boot CVE-2022-36879: (unk) xfrm: xfrm_policy: fix a possible double xfrm_pols_put() in xfrm_bundle_lookup() - CVE-2022-36946: (unk) + CVE-2022-36946: (unk) netfilter: nf_queue: do not allow packet truncation below transport header offset
diff --git a/data/5.18/5.18_CVEs.txt b/data/5.18/5.18_CVEs.txt index 20e1b96..3cec245 100644 --- a/data/5.18/5.18_CVEs.txt +++ b/data/5.18/5.18_CVEs.txt
@@ -69,15 +69,15 @@ CVE-2022-1972: Fixed with 5.18.2 CVE-2022-1973: Fixed with 5.18.3 CVE-2022-1976: Fixed with 5.18.6 +CVE-2022-20158: Fix unknown CVE-2022-2078: Fixed with 5.18.2 CVE-2022-21123: Fixed with 5.18.5 CVE-2022-21125: Fixed with 5.18.5 CVE-2022-21166: Fixed with 5.18.5 CVE-2022-21499: Fixed with 5.18.1 -CVE-2022-21505: Fix not seen in stream +CVE-2022-21505: Fixed with 5.18.15 CVE-2022-2209: Fix unknown CVE-2022-2318: Fixed with 5.18.10 -CVE-2022-2327: Fix unknown CVE-2022-23816: Fix unknown CVE-2022-23825: Fix unknown CVE-2022-25265: Fix unknown @@ -95,5 +95,6 @@ CVE-2022-34494: Fixed with 5.18.4 CVE-2022-34495: Fixed with 5.18.4 CVE-2022-34918: Fixed with 5.18.11 -CVE-2022-36879: Fix not seen in stream -CVE-2022-36946: Fix unknown +CVE-2022-36123: Fixed with 5.18.13 +CVE-2022-36879: Fixed with 5.18.15 +CVE-2022-36946: Fixed with 5.18.16
diff --git a/data/5.18/5.18_security.txt b/data/5.18/5.18_security.txt index 808c209..aba4ae3 100644 --- a/data/5.18/5.18_security.txt +++ b/data/5.18/5.18_security.txt
@@ -43,10 +43,20 @@ CVE-2021-33655: 9ae8c4f7fb45641294e9bd3b243d4ff472796ae7 fbcon: Disallow setting font bigger than screen size CVE-2022-34918: 6b7488071ea8ed6265a39afebd5a5920f6975d02 netfilter: nf_tables: stricter validation of element data +CVEs fixed in 5.18.13: + CVE-2022-36123: 2334bdfc2da469c9807767002a2831274b82c39a x86: Clear .brk area at early boot + CVEs fixed in 5.18.14: CVE-2022-29900: e492002673b03c636d2297fb869d68ae545c41c4 x86/kvm/vmx: Make noinstr clean CVE-2022-29901: e492002673b03c636d2297fb869d68ae545c41c4 x86/kvm/vmx: Make noinstr clean +CVEs fixed in 5.18.15: + CVE-2022-21505: f67ff524f283183c52d2575b11beec00cc4d5092 lockdown: Fix kexec lockdown bypass with ima policy + CVE-2022-36879: 70f5e35cd5e38017653ed1ca0f7a4ab6d5c5a794 xfrm: xfrm_policy: fix a possible double xfrm_pols_put() in xfrm_bundle_lookup() + +CVEs fixed in 5.18.16: + CVE-2022-36946: 883c20911d6261fc651820b63a77327b8c020264 netfilter: nf_queue: do not allow packet truncation below transport header offset + Outstanding CVEs: CVE-2005-3660: (unk) CVE-2007-3719: (unk) @@ -110,12 +120,9 @@ CVE-2022-1462: (unk) CVE-2022-1679: (unk) CVE-2022-1882: (unk) - CVE-2022-21505: (unk) lockdown: Fix kexec lockdown bypass with ima policy + CVE-2022-20158: (unk) CVE-2022-2209: (unk) - CVE-2022-2327: (unk) CVE-2022-23816: (unk) CVE-2022-23825: (unk) CVE-2022-25265: (unk) CVE-2022-26878: (unk) - CVE-2022-36879: (unk) xfrm: xfrm_policy: fix a possible double xfrm_pols_put() in xfrm_bundle_lookup() - CVE-2022-36946: (unk)
diff --git a/data/5.2/5.2_CVEs.txt b/data/5.2/5.2_CVEs.txt index cf05a6e..8e31f87 100644 --- a/data/5.2/5.2_CVEs.txt +++ b/data/5.2/5.2_CVEs.txt
@@ -562,7 +562,10 @@ CVE-2022-20141: Fix not seen in stream CVE-2022-20148: Fix not seen in stream CVE-2022-20154: Fix not seen in stream +CVE-2022-20158: Fix unknown CVE-2022-20166: Fix not seen in stream +CVE-2022-20368: Fix not seen in stream +CVE-2022-20369: Fix not seen in stream CVE-2022-21123: Fix not seen in stream CVE-2022-21125: Fix not seen in stream CVE-2022-21166: Fix not seen in stream @@ -579,7 +582,7 @@ CVE-2022-23042: Fix not seen in stream CVE-2022-2318: Fix not seen in stream CVE-2022-23222: Fix not seen in stream -CVE-2022-2327: Fix unknown +CVE-2022-2327: Fix not seen in stream CVE-2022-2380: Fix not seen in stream CVE-2022-23816: Fix unknown CVE-2022-23825: Fix unknown @@ -613,5 +616,6 @@ CVE-2022-33744: Fix not seen in stream CVE-2022-33981: Fix not seen in stream CVE-2022-34918: Fix not seen in stream +CVE-2022-36123: Fix not seen in stream CVE-2022-36879: Fix not seen in stream -CVE-2022-36946: Fix unknown +CVE-2022-36946: Fix not seen in stream
diff --git a/data/5.2/5.2_security.txt b/data/5.2/5.2_security.txt index d63a050..71fab51 100644 --- a/data/5.2/5.2_security.txt +++ b/data/5.2/5.2_security.txt
@@ -600,7 +600,10 @@ CVE-2022-20141: (unk) igmp: Add ip_mc_list lock in ip_check_mc_rcu CVE-2022-20148: (unk) f2fs: fix UAF in f2fs_available_free_memory CVE-2022-20154: (unk) sctp: use call_rcu to free endpoint + CVE-2022-20158: (unk) CVE-2022-20166: (unk) drivers core: Use sysfs_emit and sysfs_emit_at for show(device *...) functions + CVE-2022-20368: (unk) net/packet: fix slab-out-of-bounds access in packet_recvmsg() + CVE-2022-20369: (unk) media: v4l2-mem2mem: Apply DST_QUEUE_OFF_BASE on MMAP buffers across ioctls CVE-2022-21123: (unk) x86/speculation/mmio: Add mitigation for Processor MMIO Stale Data CVE-2022-21125: (unk) x86/speculation/mmio: Reuse SRBDS mitigation for SBDS CVE-2022-21166: (unk) x86/speculation/mmio: Enable CPU Fill buffer clearing on idle @@ -617,7 +620,7 @@ CVE-2022-23042: (unk) xen/netfront: react properly to failing gnttab_end_foreign_access_ref() CVE-2022-2318: (unk) net: rose: fix UAF bugs caused by timer handler CVE-2022-23222: (unk) bpf: Replace PTR_TO_XXX_OR_NULL with PTR_TO_XXX | PTR_MAYBE_NULL - CVE-2022-2327: (unk) + CVE-2022-2327: (unk) io_uring: remove any grabbing of context CVE-2022-2380: (unk) video: fbdev: sm712fb: Fix crash in smtcfb_read() CVE-2022-23816: (unk) CVE-2022-23825: (unk) @@ -651,5 +654,6 @@ CVE-2022-33744: (unk) xen/arm: Fix race in RB-tree based P2M accounting CVE-2022-33981: (unk) floppy: disable FDRAWCMD by default CVE-2022-34918: (unk) netfilter: nf_tables: stricter validation of element data + CVE-2022-36123: (unk) x86: Clear .brk area at early boot CVE-2022-36879: (unk) xfrm: xfrm_policy: fix a possible double xfrm_pols_put() in xfrm_bundle_lookup() - CVE-2022-36946: (unk) + CVE-2022-36946: (unk) netfilter: nf_queue: do not allow packet truncation below transport header offset
diff --git a/data/5.3/5.3_CVEs.txt b/data/5.3/5.3_CVEs.txt index 9578797..455fd5a 100644 --- a/data/5.3/5.3_CVEs.txt +++ b/data/5.3/5.3_CVEs.txt
@@ -534,7 +534,10 @@ CVE-2022-20141: Fix not seen in stream CVE-2022-20148: Fix not seen in stream CVE-2022-20154: Fix not seen in stream +CVE-2022-20158: Fix unknown CVE-2022-20166: Fix not seen in stream +CVE-2022-20368: Fix not seen in stream +CVE-2022-20369: Fix not seen in stream CVE-2022-21123: Fix not seen in stream CVE-2022-21125: Fix not seen in stream CVE-2022-21166: Fix not seen in stream @@ -551,7 +554,7 @@ CVE-2022-23042: Fix not seen in stream CVE-2022-2318: Fix not seen in stream CVE-2022-23222: Fix not seen in stream -CVE-2022-2327: Fix unknown +CVE-2022-2327: Fix not seen in stream CVE-2022-2380: Fix not seen in stream CVE-2022-23816: Fix unknown CVE-2022-23825: Fix unknown @@ -585,5 +588,6 @@ CVE-2022-33744: Fix not seen in stream CVE-2022-33981: Fix not seen in stream CVE-2022-34918: Fix not seen in stream +CVE-2022-36123: Fix not seen in stream CVE-2022-36879: Fix not seen in stream -CVE-2022-36946: Fix unknown +CVE-2022-36946: Fix not seen in stream
diff --git a/data/5.3/5.3_security.txt b/data/5.3/5.3_security.txt index f1edbc9..6ccc6d5 100644 --- a/data/5.3/5.3_security.txt +++ b/data/5.3/5.3_security.txt
@@ -570,7 +570,10 @@ CVE-2022-20141: (unk) igmp: Add ip_mc_list lock in ip_check_mc_rcu CVE-2022-20148: (unk) f2fs: fix UAF in f2fs_available_free_memory CVE-2022-20154: (unk) sctp: use call_rcu to free endpoint + CVE-2022-20158: (unk) CVE-2022-20166: (unk) drivers core: Use sysfs_emit and sysfs_emit_at for show(device *...) functions + CVE-2022-20368: (unk) net/packet: fix slab-out-of-bounds access in packet_recvmsg() + CVE-2022-20369: (unk) media: v4l2-mem2mem: Apply DST_QUEUE_OFF_BASE on MMAP buffers across ioctls CVE-2022-21123: (unk) x86/speculation/mmio: Add mitigation for Processor MMIO Stale Data CVE-2022-21125: (unk) x86/speculation/mmio: Reuse SRBDS mitigation for SBDS CVE-2022-21166: (unk) x86/speculation/mmio: Enable CPU Fill buffer clearing on idle @@ -587,7 +590,7 @@ CVE-2022-23042: (unk) xen/netfront: react properly to failing gnttab_end_foreign_access_ref() CVE-2022-2318: (unk) net: rose: fix UAF bugs caused by timer handler CVE-2022-23222: (unk) bpf: Replace PTR_TO_XXX_OR_NULL with PTR_TO_XXX | PTR_MAYBE_NULL - CVE-2022-2327: (unk) + CVE-2022-2327: (unk) io_uring: remove any grabbing of context CVE-2022-2380: (unk) video: fbdev: sm712fb: Fix crash in smtcfb_read() CVE-2022-23816: (unk) CVE-2022-23825: (unk) @@ -621,5 +624,6 @@ CVE-2022-33744: (unk) xen/arm: Fix race in RB-tree based P2M accounting CVE-2022-33981: (unk) floppy: disable FDRAWCMD by default CVE-2022-34918: (unk) netfilter: nf_tables: stricter validation of element data + CVE-2022-36123: (unk) x86: Clear .brk area at early boot CVE-2022-36879: (unk) xfrm: xfrm_policy: fix a possible double xfrm_pols_put() in xfrm_bundle_lookup() - CVE-2022-36946: (unk) + CVE-2022-36946: (unk) netfilter: nf_queue: do not allow packet truncation below transport header offset
diff --git a/data/5.4/5.4_CVEs.txt b/data/5.4/5.4_CVEs.txt index 86f097c..f0c1837 100644 --- a/data/5.4/5.4_CVEs.txt +++ b/data/5.4/5.4_CVEs.txt
@@ -460,12 +460,15 @@ CVE-2022-20141: Fixed with 5.4.145 CVE-2022-20148: Fix not seen in stream CVE-2022-20154: Fixed with 5.4.170 +CVE-2022-20158: Fix unknown CVE-2022-20166: Fix not seen in stream +CVE-2022-20368: Fixed with 5.4.187 +CVE-2022-20369: Fix not seen in stream CVE-2022-21123: Fixed with 5.4.199 CVE-2022-21125: Fixed with 5.4.199 CVE-2022-21166: Fixed with 5.4.199 CVE-2022-21499: Fixed with 5.4.197 -CVE-2022-21505: Fix not seen in stream +CVE-2022-21505: Fixed with 5.4.208 CVE-2022-2153: Fix not seen in stream CVE-2022-2209: Fix unknown CVE-2022-22942: Fixed with 5.4.175 @@ -478,7 +481,7 @@ CVE-2022-23042: Fixed with 5.4.184 CVE-2022-2318: Fixed with 5.4.204 CVE-2022-23222: Fix not seen in stream -CVE-2022-2327: Fix unknown +CVE-2022-2327: Fix not seen in stream CVE-2022-2380: Fixed with 5.4.189 CVE-2022-23816: Fix unknown CVE-2022-23825: Fix unknown @@ -513,5 +516,6 @@ CVE-2022-33744: Fixed with 5.4.204 CVE-2022-33981: Fixed with 5.4.192 CVE-2022-34918: Fix not seen in stream -CVE-2022-36879: Fix not seen in stream -CVE-2022-36946: Fix unknown +CVE-2022-36123: Fixed with 5.4.207 +CVE-2022-36879: Fixed with 5.4.208 +CVE-2022-36946: Fixed with 5.4.209
diff --git a/data/5.4/5.4_security.txt b/data/5.4/5.4_security.txt index d16abd8..c2cd387 100644 --- a/data/5.4/5.4_security.txt +++ b/data/5.4/5.4_security.txt
@@ -638,6 +638,9 @@ CVE-2022-1011: a9174077febfb1608ec3361622bf5f91e2668d7f fuse: fix pipe buffer lifetime for direct_io CVE-2022-1199: 0a64aea5fe023cf1e4973676b11f49038b1f045b ax25: Fix NULL pointer dereference in ax25_kill_by_device +CVEs fixed in 5.4.187: + CVE-2022-20368: 268dcf1f7b3193bc446ec3d14e08a240e9561e4d net/packet: fix slab-out-of-bounds access in packet_recvmsg() + CVEs fixed in 5.4.188: CVE-2022-1016: 06f0ff82c70241a766a811ae1acf07d6e2734dcb netfilter: nf_tables: initialize registers in nft_do_chain() CVE-2022-26490: 0aef7184630b599493a0dcad4eec6d42b3e68e91 nfc: st21nfca: Fix potential buffer overflows in EVT_TRANSACTION @@ -709,6 +712,16 @@ CVEs fixed in 5.4.205: CVE-2021-33655: 4f34f380f952289e818c76617bbb5c9a3a9a9dd0 fbcon: Disallow setting font bigger than screen size +CVEs fixed in 5.4.207: + CVE-2022-36123: a3c7c1a726a4c6b63b85e8c183f207543fd75e1b x86: Clear .brk area at early boot + +CVEs fixed in 5.4.208: + CVE-2022-21505: ed3fea55066b4e054c4d212e54f9965abcac9685 lockdown: Fix kexec lockdown bypass with ima policy + CVE-2022-36879: f4248bdb7d5c1150a2a6f8c3d3b6da0b71f62a20 xfrm: xfrm_policy: fix a possible double xfrm_pols_put() in xfrm_bundle_lookup() + +CVEs fixed in 5.4.209: + CVE-2022-36946: 52be29e8b6455788a4d0f501bd87aa679ca3ba3c netfilter: nf_queue: do not allow packet truncation below transport header offset + Outstanding CVEs: CVE-2005-3660: (unk) CVE-2007-3719: (unk) @@ -809,17 +822,16 @@ CVE-2022-1789: (unk) KVM: x86/mmu: fix NULL pointer dereference on guest INVPCID CVE-2022-1882: (unk) CVE-2022-20148: (unk) f2fs: fix UAF in f2fs_available_free_memory + CVE-2022-20158: (unk) CVE-2022-20166: (unk) drivers core: Use sysfs_emit and sysfs_emit_at for show(device *...) functions - CVE-2022-21505: (unk) lockdown: Fix kexec lockdown bypass with ima policy + CVE-2022-20369: (unk) media: v4l2-mem2mem: Apply DST_QUEUE_OFF_BASE on MMAP buffers across ioctls CVE-2022-2153: (unk) KVM: x86: Avoid theoretical NULL pointer dereference in kvm_irq_delivery_to_apic_fast() CVE-2022-2209: (unk) CVE-2022-23222: (unk) bpf: Replace PTR_TO_XXX_OR_NULL with PTR_TO_XXX | PTR_MAYBE_NULL - CVE-2022-2327: (unk) + CVE-2022-2327: (unk) io_uring: remove any grabbing of context CVE-2022-23816: (unk) CVE-2022-23825: (unk) CVE-2022-25265: (unk) CVE-2022-29900: (unk) x86/kvm/vmx: Make noinstr clean CVE-2022-29901: (unk) x86/kvm/vmx: Make noinstr clean CVE-2022-34918: (unk) netfilter: nf_tables: stricter validation of element data - CVE-2022-36879: (unk) xfrm: xfrm_policy: fix a possible double xfrm_pols_put() in xfrm_bundle_lookup() - CVE-2022-36946: (unk)
diff --git a/data/5.5/5.5_CVEs.txt b/data/5.5/5.5_CVEs.txt index caeeb84..f28de62 100644 --- a/data/5.5/5.5_CVEs.txt +++ b/data/5.5/5.5_CVEs.txt
@@ -418,7 +418,10 @@ CVE-2022-20141: Fix not seen in stream CVE-2022-20148: Fix not seen in stream CVE-2022-20154: Fix not seen in stream +CVE-2022-20158: Fix unknown CVE-2022-20166: Fix not seen in stream +CVE-2022-20368: Fix not seen in stream +CVE-2022-20369: Fix not seen in stream CVE-2022-21123: Fix not seen in stream CVE-2022-21125: Fix not seen in stream CVE-2022-21166: Fix not seen in stream @@ -436,7 +439,7 @@ CVE-2022-23042: Fix not seen in stream CVE-2022-2318: Fix not seen in stream CVE-2022-23222: Fix not seen in stream -CVE-2022-2327: Fix unknown +CVE-2022-2327: Fix not seen in stream CVE-2022-2380: Fix not seen in stream CVE-2022-23816: Fix unknown CVE-2022-23825: Fix unknown @@ -472,5 +475,6 @@ CVE-2022-33744: Fix not seen in stream CVE-2022-33981: Fix not seen in stream CVE-2022-34918: Fix not seen in stream +CVE-2022-36123: Fix not seen in stream CVE-2022-36879: Fix not seen in stream -CVE-2022-36946: Fix unknown +CVE-2022-36946: Fix not seen in stream
diff --git a/data/5.5/5.5_security.txt b/data/5.5/5.5_security.txt index 356c52e..756c35b 100644 --- a/data/5.5/5.5_security.txt +++ b/data/5.5/5.5_security.txt
@@ -452,7 +452,10 @@ CVE-2022-20141: (unk) igmp: Add ip_mc_list lock in ip_check_mc_rcu CVE-2022-20148: (unk) f2fs: fix UAF in f2fs_available_free_memory CVE-2022-20154: (unk) sctp: use call_rcu to free endpoint + CVE-2022-20158: (unk) CVE-2022-20166: (unk) drivers core: Use sysfs_emit and sysfs_emit_at for show(device *...) functions + CVE-2022-20368: (unk) net/packet: fix slab-out-of-bounds access in packet_recvmsg() + CVE-2022-20369: (unk) media: v4l2-mem2mem: Apply DST_QUEUE_OFF_BASE on MMAP buffers across ioctls CVE-2022-21123: (unk) x86/speculation/mmio: Add mitigation for Processor MMIO Stale Data CVE-2022-21125: (unk) x86/speculation/mmio: Reuse SRBDS mitigation for SBDS CVE-2022-21166: (unk) x86/speculation/mmio: Enable CPU Fill buffer clearing on idle @@ -470,7 +473,7 @@ CVE-2022-23042: (unk) xen/netfront: react properly to failing gnttab_end_foreign_access_ref() CVE-2022-2318: (unk) net: rose: fix UAF bugs caused by timer handler CVE-2022-23222: (unk) bpf: Replace PTR_TO_XXX_OR_NULL with PTR_TO_XXX | PTR_MAYBE_NULL - CVE-2022-2327: (unk) + CVE-2022-2327: (unk) io_uring: remove any grabbing of context CVE-2022-2380: (unk) video: fbdev: sm712fb: Fix crash in smtcfb_read() CVE-2022-23816: (unk) CVE-2022-23825: (unk) @@ -506,5 +509,6 @@ CVE-2022-33744: (unk) xen/arm: Fix race in RB-tree based P2M accounting CVE-2022-33981: (unk) floppy: disable FDRAWCMD by default CVE-2022-34918: (unk) netfilter: nf_tables: stricter validation of element data + CVE-2022-36123: (unk) x86: Clear .brk area at early boot CVE-2022-36879: (unk) xfrm: xfrm_policy: fix a possible double xfrm_pols_put() in xfrm_bundle_lookup() - CVE-2022-36946: (unk) + CVE-2022-36946: (unk) netfilter: nf_queue: do not allow packet truncation below transport header offset
diff --git a/data/5.6/5.6_CVEs.txt b/data/5.6/5.6_CVEs.txt index 08aff57..fe46b99 100644 --- a/data/5.6/5.6_CVEs.txt +++ b/data/5.6/5.6_CVEs.txt
@@ -392,7 +392,10 @@ CVE-2022-20141: Fix not seen in stream CVE-2022-20148: Fix not seen in stream CVE-2022-20154: Fix not seen in stream +CVE-2022-20158: Fix unknown CVE-2022-20166: Fix not seen in stream +CVE-2022-20368: Fix not seen in stream +CVE-2022-20369: Fix not seen in stream CVE-2022-2078: Fix not seen in stream CVE-2022-21123: Fix not seen in stream CVE-2022-21125: Fix not seen in stream @@ -411,7 +414,7 @@ CVE-2022-23042: Fix not seen in stream CVE-2022-2318: Fix not seen in stream CVE-2022-23222: Fix not seen in stream -CVE-2022-2327: Fix unknown +CVE-2022-2327: Fix not seen in stream CVE-2022-2380: Fix not seen in stream CVE-2022-23816: Fix unknown CVE-2022-23825: Fix unknown @@ -447,5 +450,6 @@ CVE-2022-33744: Fix not seen in stream CVE-2022-33981: Fix not seen in stream CVE-2022-34918: Fix not seen in stream +CVE-2022-36123: Fix not seen in stream CVE-2022-36879: Fix not seen in stream -CVE-2022-36946: Fix unknown +CVE-2022-36946: Fix not seen in stream
diff --git a/data/5.6/5.6_security.txt b/data/5.6/5.6_security.txt index 9f34f8d..711b4f4 100644 --- a/data/5.6/5.6_security.txt +++ b/data/5.6/5.6_security.txt
@@ -426,7 +426,10 @@ CVE-2022-20141: (unk) igmp: Add ip_mc_list lock in ip_check_mc_rcu CVE-2022-20148: (unk) f2fs: fix UAF in f2fs_available_free_memory CVE-2022-20154: (unk) sctp: use call_rcu to free endpoint + CVE-2022-20158: (unk) CVE-2022-20166: (unk) drivers core: Use sysfs_emit and sysfs_emit_at for show(device *...) functions + CVE-2022-20368: (unk) net/packet: fix slab-out-of-bounds access in packet_recvmsg() + CVE-2022-20369: (unk) media: v4l2-mem2mem: Apply DST_QUEUE_OFF_BASE on MMAP buffers across ioctls CVE-2022-2078: (unk) netfilter: nf_tables: sanitize nft_set_desc_concat_parse() CVE-2022-21123: (unk) x86/speculation/mmio: Add mitigation for Processor MMIO Stale Data CVE-2022-21125: (unk) x86/speculation/mmio: Reuse SRBDS mitigation for SBDS @@ -445,7 +448,7 @@ CVE-2022-23042: (unk) xen/netfront: react properly to failing gnttab_end_foreign_access_ref() CVE-2022-2318: (unk) net: rose: fix UAF bugs caused by timer handler CVE-2022-23222: (unk) bpf: Replace PTR_TO_XXX_OR_NULL with PTR_TO_XXX | PTR_MAYBE_NULL - CVE-2022-2327: (unk) + CVE-2022-2327: (unk) io_uring: remove any grabbing of context CVE-2022-2380: (unk) video: fbdev: sm712fb: Fix crash in smtcfb_read() CVE-2022-23816: (unk) CVE-2022-23825: (unk) @@ -481,5 +484,6 @@ CVE-2022-33744: (unk) xen/arm: Fix race in RB-tree based P2M accounting CVE-2022-33981: (unk) floppy: disable FDRAWCMD by default CVE-2022-34918: (unk) netfilter: nf_tables: stricter validation of element data + CVE-2022-36123: (unk) x86: Clear .brk area at early boot CVE-2022-36879: (unk) xfrm: xfrm_policy: fix a possible double xfrm_pols_put() in xfrm_bundle_lookup() - CVE-2022-36946: (unk) + CVE-2022-36946: (unk) netfilter: nf_queue: do not allow packet truncation below transport header offset
diff --git a/data/5.7/5.7_CVEs.txt b/data/5.7/5.7_CVEs.txt index 7fe7c91..d65731b 100644 --- a/data/5.7/5.7_CVEs.txt +++ b/data/5.7/5.7_CVEs.txt
@@ -379,7 +379,10 @@ CVE-2022-20141: Fix not seen in stream CVE-2022-20148: Fix not seen in stream CVE-2022-20154: Fix not seen in stream +CVE-2022-20158: Fix unknown CVE-2022-20166: Fix not seen in stream +CVE-2022-20368: Fix not seen in stream +CVE-2022-20369: Fix not seen in stream CVE-2022-2078: Fix not seen in stream CVE-2022-21123: Fix not seen in stream CVE-2022-21125: Fix not seen in stream @@ -398,7 +401,7 @@ CVE-2022-23042: Fix not seen in stream CVE-2022-2318: Fix not seen in stream CVE-2022-23222: Fix not seen in stream -CVE-2022-2327: Fix unknown +CVE-2022-2327: Fix not seen in stream CVE-2022-2380: Fix not seen in stream CVE-2022-23816: Fix unknown CVE-2022-23825: Fix unknown @@ -434,5 +437,6 @@ CVE-2022-33744: Fix not seen in stream CVE-2022-33981: Fix not seen in stream CVE-2022-34918: Fix not seen in stream +CVE-2022-36123: Fix not seen in stream CVE-2022-36879: Fix not seen in stream -CVE-2022-36946: Fix unknown +CVE-2022-36946: Fix not seen in stream
diff --git a/data/5.7/5.7_security.txt b/data/5.7/5.7_security.txt index 0f4b807..f1b4e6f 100644 --- a/data/5.7/5.7_security.txt +++ b/data/5.7/5.7_security.txt
@@ -413,7 +413,10 @@ CVE-2022-20141: (unk) igmp: Add ip_mc_list lock in ip_check_mc_rcu CVE-2022-20148: (unk) f2fs: fix UAF in f2fs_available_free_memory CVE-2022-20154: (unk) sctp: use call_rcu to free endpoint + CVE-2022-20158: (unk) CVE-2022-20166: (unk) drivers core: Use sysfs_emit and sysfs_emit_at for show(device *...) functions + CVE-2022-20368: (unk) net/packet: fix slab-out-of-bounds access in packet_recvmsg() + CVE-2022-20369: (unk) media: v4l2-mem2mem: Apply DST_QUEUE_OFF_BASE on MMAP buffers across ioctls CVE-2022-2078: (unk) netfilter: nf_tables: sanitize nft_set_desc_concat_parse() CVE-2022-21123: (unk) x86/speculation/mmio: Add mitigation for Processor MMIO Stale Data CVE-2022-21125: (unk) x86/speculation/mmio: Reuse SRBDS mitigation for SBDS @@ -432,7 +435,7 @@ CVE-2022-23042: (unk) xen/netfront: react properly to failing gnttab_end_foreign_access_ref() CVE-2022-2318: (unk) net: rose: fix UAF bugs caused by timer handler CVE-2022-23222: (unk) bpf: Replace PTR_TO_XXX_OR_NULL with PTR_TO_XXX | PTR_MAYBE_NULL - CVE-2022-2327: (unk) + CVE-2022-2327: (unk) io_uring: remove any grabbing of context CVE-2022-2380: (unk) video: fbdev: sm712fb: Fix crash in smtcfb_read() CVE-2022-23816: (unk) CVE-2022-23825: (unk) @@ -468,5 +471,6 @@ CVE-2022-33744: (unk) xen/arm: Fix race in RB-tree based P2M accounting CVE-2022-33981: (unk) floppy: disable FDRAWCMD by default CVE-2022-34918: (unk) netfilter: nf_tables: stricter validation of element data + CVE-2022-36123: (unk) x86: Clear .brk area at early boot CVE-2022-36879: (unk) xfrm: xfrm_policy: fix a possible double xfrm_pols_put() in xfrm_bundle_lookup() - CVE-2022-36946: (unk) + CVE-2022-36946: (unk) netfilter: nf_queue: do not allow packet truncation below transport header offset
diff --git a/data/5.8/5.8_CVEs.txt b/data/5.8/5.8_CVEs.txt index 61ee566..587a774 100644 --- a/data/5.8/5.8_CVEs.txt +++ b/data/5.8/5.8_CVEs.txt
@@ -360,7 +360,10 @@ CVE-2022-20141: Fix not seen in stream CVE-2022-20148: Fix not seen in stream CVE-2022-20154: Fix not seen in stream +CVE-2022-20158: Fix unknown CVE-2022-20166: Fix not seen in stream +CVE-2022-20368: Fix not seen in stream +CVE-2022-20369: Fix not seen in stream CVE-2022-2078: Fix not seen in stream CVE-2022-21123: Fix not seen in stream CVE-2022-21125: Fix not seen in stream @@ -379,7 +382,7 @@ CVE-2022-23042: Fix not seen in stream CVE-2022-2318: Fix not seen in stream CVE-2022-23222: Fix not seen in stream -CVE-2022-2327: Fix unknown +CVE-2022-2327: Fix not seen in stream CVE-2022-2380: Fix not seen in stream CVE-2022-23816: Fix unknown CVE-2022-23825: Fix unknown @@ -415,5 +418,6 @@ CVE-2022-33744: Fix not seen in stream CVE-2022-33981: Fix not seen in stream CVE-2022-34918: Fix not seen in stream +CVE-2022-36123: Fix not seen in stream CVE-2022-36879: Fix not seen in stream -CVE-2022-36946: Fix unknown +CVE-2022-36946: Fix not seen in stream
diff --git a/data/5.8/5.8_security.txt b/data/5.8/5.8_security.txt index 2f0e407..dab0049 100644 --- a/data/5.8/5.8_security.txt +++ b/data/5.8/5.8_security.txt
@@ -394,7 +394,10 @@ CVE-2022-20141: (unk) igmp: Add ip_mc_list lock in ip_check_mc_rcu CVE-2022-20148: (unk) f2fs: fix UAF in f2fs_available_free_memory CVE-2022-20154: (unk) sctp: use call_rcu to free endpoint + CVE-2022-20158: (unk) CVE-2022-20166: (unk) drivers core: Use sysfs_emit and sysfs_emit_at for show(device *...) functions + CVE-2022-20368: (unk) net/packet: fix slab-out-of-bounds access in packet_recvmsg() + CVE-2022-20369: (unk) media: v4l2-mem2mem: Apply DST_QUEUE_OFF_BASE on MMAP buffers across ioctls CVE-2022-2078: (unk) netfilter: nf_tables: sanitize nft_set_desc_concat_parse() CVE-2022-21123: (unk) x86/speculation/mmio: Add mitigation for Processor MMIO Stale Data CVE-2022-21125: (unk) x86/speculation/mmio: Reuse SRBDS mitigation for SBDS @@ -413,7 +416,7 @@ CVE-2022-23042: (unk) xen/netfront: react properly to failing gnttab_end_foreign_access_ref() CVE-2022-2318: (unk) net: rose: fix UAF bugs caused by timer handler CVE-2022-23222: (unk) bpf: Replace PTR_TO_XXX_OR_NULL with PTR_TO_XXX | PTR_MAYBE_NULL - CVE-2022-2327: (unk) + CVE-2022-2327: (unk) io_uring: remove any grabbing of context CVE-2022-2380: (unk) video: fbdev: sm712fb: Fix crash in smtcfb_read() CVE-2022-23816: (unk) CVE-2022-23825: (unk) @@ -449,5 +452,6 @@ CVE-2022-33744: (unk) xen/arm: Fix race in RB-tree based P2M accounting CVE-2022-33981: (unk) floppy: disable FDRAWCMD by default CVE-2022-34918: (unk) netfilter: nf_tables: stricter validation of element data + CVE-2022-36123: (unk) x86: Clear .brk area at early boot CVE-2022-36879: (unk) xfrm: xfrm_policy: fix a possible double xfrm_pols_put() in xfrm_bundle_lookup() - CVE-2022-36946: (unk) + CVE-2022-36946: (unk) netfilter: nf_queue: do not allow packet truncation below transport header offset
diff --git a/data/5.9/5.9_CVEs.txt b/data/5.9/5.9_CVEs.txt index 345163e..da1f381 100644 --- a/data/5.9/5.9_CVEs.txt +++ b/data/5.9/5.9_CVEs.txt
@@ -331,7 +331,10 @@ CVE-2022-20141: Fix not seen in stream CVE-2022-20148: Fix not seen in stream CVE-2022-20154: Fix not seen in stream +CVE-2022-20158: Fix unknown CVE-2022-20166: Fix not seen in stream +CVE-2022-20368: Fix not seen in stream +CVE-2022-20369: Fix not seen in stream CVE-2022-2078: Fix not seen in stream CVE-2022-21123: Fix not seen in stream CVE-2022-21125: Fix not seen in stream @@ -350,7 +353,7 @@ CVE-2022-23042: Fix not seen in stream CVE-2022-2318: Fix not seen in stream CVE-2022-23222: Fix not seen in stream -CVE-2022-2327: Fix unknown +CVE-2022-2327: Fix not seen in stream CVE-2022-2380: Fix not seen in stream CVE-2022-23816: Fix unknown CVE-2022-23825: Fix unknown @@ -387,5 +390,6 @@ CVE-2022-33744: Fix not seen in stream CVE-2022-33981: Fix not seen in stream CVE-2022-34918: Fix not seen in stream +CVE-2022-36123: Fix not seen in stream CVE-2022-36879: Fix not seen in stream -CVE-2022-36946: Fix unknown +CVE-2022-36946: Fix not seen in stream
diff --git a/data/5.9/5.9_security.txt b/data/5.9/5.9_security.txt index 7eff0ea..c2efe82 100644 --- a/data/5.9/5.9_security.txt +++ b/data/5.9/5.9_security.txt
@@ -361,7 +361,10 @@ CVE-2022-20141: (unk) igmp: Add ip_mc_list lock in ip_check_mc_rcu CVE-2022-20148: (unk) f2fs: fix UAF in f2fs_available_free_memory CVE-2022-20154: (unk) sctp: use call_rcu to free endpoint + CVE-2022-20158: (unk) CVE-2022-20166: (unk) drivers core: Use sysfs_emit and sysfs_emit_at for show(device *...) functions + CVE-2022-20368: (unk) net/packet: fix slab-out-of-bounds access in packet_recvmsg() + CVE-2022-20369: (unk) media: v4l2-mem2mem: Apply DST_QUEUE_OFF_BASE on MMAP buffers across ioctls CVE-2022-2078: (unk) netfilter: nf_tables: sanitize nft_set_desc_concat_parse() CVE-2022-21123: (unk) x86/speculation/mmio: Add mitigation for Processor MMIO Stale Data CVE-2022-21125: (unk) x86/speculation/mmio: Reuse SRBDS mitigation for SBDS @@ -380,7 +383,7 @@ CVE-2022-23042: (unk) xen/netfront: react properly to failing gnttab_end_foreign_access_ref() CVE-2022-2318: (unk) net: rose: fix UAF bugs caused by timer handler CVE-2022-23222: (unk) bpf: Replace PTR_TO_XXX_OR_NULL with PTR_TO_XXX | PTR_MAYBE_NULL - CVE-2022-2327: (unk) + CVE-2022-2327: (unk) io_uring: remove any grabbing of context CVE-2022-2380: (unk) video: fbdev: sm712fb: Fix crash in smtcfb_read() CVE-2022-23816: (unk) CVE-2022-23825: (unk) @@ -417,5 +420,6 @@ CVE-2022-33744: (unk) xen/arm: Fix race in RB-tree based P2M accounting CVE-2022-33981: (unk) floppy: disable FDRAWCMD by default CVE-2022-34918: (unk) netfilter: nf_tables: stricter validation of element data + CVE-2022-36123: (unk) x86: Clear .brk area at early boot CVE-2022-36879: (unk) xfrm: xfrm_policy: fix a possible double xfrm_pols_put() in xfrm_bundle_lookup() - CVE-2022-36946: (unk) + CVE-2022-36946: (unk) netfilter: nf_queue: do not allow packet truncation below transport header offset
diff --git a/data/CVEs.txt b/data/CVEs.txt index 7fe4474..298ac7b 100644 --- a/data/CVEs.txt +++ b/data/CVEs.txt
@@ -2035,7 +2035,10 @@ CVE-2022-20148: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 - 5429c9dbc9025f9a166f64e22e3a69c94fd5b29b (v2.6.12-rc2 to v5.16-rc1) CVE-2022-20153: cb5e1b81304e089ee3ca948db4d29f71902eb575 - f70865db5ff35f5ed0c7e9ef63e7cca3d4947f04 (v5.12-rc1-dontuse to v5.13-rc1) CVE-2022-20154: d25adbeb0cdb860fb39e09cdd025e9cfc954c5ab - 5ec7d18d1813a5bead0b495045606c93873aecbb (v4.14-rc1 to v5.16-rc8) +CVE-2022-20158: (n/a) - (n/a) (unk to unk) CVE-2022-20166: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 - aa838896d87af561a33ecefea1caa4c15a68bc47 (v2.6.12-rc2 to v5.10-rc1) +CVE-2022-20368: (n/a) - c700525fcc06b05adfea78039de02628af79e07a (unk to v5.17) +CVE-2022-20369: (n/a) - 8310ca94075e784bbb06593cd6c068ee6b6e4ca6 (unk to v5.18-rc1) CVE-2022-2078: f3a2181e16f1dcbf5446ed43f6b5d9f56c459f85 - fecf31ee395b0295f2d7260aa29946b7605f7c85 (v5.6-rc1 to v5.19-rc1) CVE-2022-21123: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 - 8cb861e9e3c9a55099ad3d08e1a3b653d29c33ca (v2.6.12-rc2 to v5.19-rc3) CVE-2022-21125: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 - a992b8a4682f119ae035a01b40d4d0665c4a2875 (v2.6.12-rc2 to v5.19-rc3) @@ -2054,7 +2057,7 @@ CVE-2022-23042: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 - 66e3531b33ee51dad17c463b4d9c9f52e341503d (v2.6.12-rc2 to v5.17-rc8) CVE-2022-2318: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 - 9cc02ede696272c5271a401e4f27c262359bc2f6 (v2.6.12-rc2 to v5.19-rc5) CVE-2022-23222: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 - c25b2ae136039ffa820c26138ed4a5e5f3ab3841 (v2.6.12-rc2 to v5.17-rc1) -CVE-2022-2327: (n/a) - (n/a) (unk to unk) +CVE-2022-2327: (n/a) - 44526bedc2ff8fcd58552e3c5bae928524b6f13c (unk to v5.12-rc1-dontuse) CVE-2022-2380: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 - bd771cf5c4254511cc4abb88f3dab3bd58bdf8e8 (v2.6.12-rc2 to v5.18-rc1) CVE-2022-23816: (n/a) - (n/a) (unk to unk) CVE-2022-23825: (n/a) - (n/a) (unk to unk) @@ -2099,5 +2102,6 @@ CVE-2022-34494: c486682ae1e2b149add22f44cf413b3103e3ef39 - 1680939e9ecf7764fba8689cfb3429c2fe2bb23c (v5.13-rc1 to v5.19-rc1) CVE-2022-34495: c486682ae1e2b149add22f44cf413b3103e3ef39 - c2eecefec5df1306eafce28ccdf1ca159a552ecc (v5.13-rc1 to v5.19-rc1) CVE-2022-34918: 7d7402642eaf385aef0772eff5a35e34fc4995d7 - 7e6bc1f6cabcd30aba0b11219d8e01b952eacbb6 (v4.1-rc1 to v5.19-rc6) +CVE-2022-36123: (n/a) - 38fa5479b41376dc9d7f57e71c83514285a25ca0 (unk to v5.19-rc6) CVE-2022-36879: 80c802f3073e84c956846e921e8a0b02dfa3755f - f85daf0e725358be78dfd208dea5fd665d8cb901 (v2.6.35-rc1 to v5.19-rc8) -CVE-2022-36946: (n/a) - (n/a) (unk to unk) +CVE-2022-36946: (n/a) - 99a63d36cb3ed5ca3aa6fcb64cffbeaf3b0fb164 (unk to v5.19)
diff --git a/data/cmts.json b/data/cmts.json index 7c2993d..6c5010e 100644 --- a/data/cmts.json +++ b/data/cmts.json
@@ -649,6 +649,7 @@ "389305b2aa68723c754f88d9dbd268a400e10664": "v4.19-rc1", "38ab012f109caf10f471db1adf284e620dd8d701": "v4.20-rc5", "38ea1eac7d88072bbffb630e2b3db83ca649b826": "v5.17-rc4", + "38fa5479b41376dc9d7f57e71c83514285a25ca0": "v5.19-rc6", "3921120e757f9167f3fcd3a1781239824471b14d": "v2.6.37-rc1", "39279cc3d2704cfbf9c35dcb5bdd392159ae4625": "v2.6.29-rc1", "3935ccc14d2c68488bd96448fc073da48eaeebf0": "v4.9-rc1", @@ -781,6 +782,7 @@ "443c1228d50518f3c550e1fef490a2c9d9246ce7": "v2.6.32-rc1", "4442dc8a92b8f9ad8ee9e7f8438f4c04c03a22dc": "v3.14-rc1", "4447bb33f09444920a8f1d89e1540137429351b6": "v2.6.33-rc1", + "44526bedc2ff8fcd58552e3c5bae928524b6f13c": "v5.12-rc1-dontuse", "445409602c09219767c06497c0dc2285eac244ed": "v2.6.33-rc1", "4463523bef98ff827a89cf8219db7dfac4350241": "v3.7-rc1", "4473710df1f8779c59b33737eeaa151596907761": "v4.12-rc1", @@ -1456,6 +1458,7 @@ "82ed4db499b8598f16f8871261bff088d6b0597f": "v4.11-rc1", "82f2341c94d270421f383641b7cd670e474db56b": "v4.11-rc2", "8310b77b48c5558c140e7a57a702e7819e62f04e": "v5.12-rc2", + "8310ca94075e784bbb06593cd6c068ee6b6e4ca6": "v5.18-rc1", "8310d48b125d19fcd9521d83b8293e63eb1646aa": "v4.10-rc6", "832d11c5cd076abc0aa1eaf7be96c81d1a59ce41": "v2.6.29-rc1", "833b45de69a6016c4b0cebe6765d526a31a81580": "v5.4-rc2", @@ -1689,6 +1692,7 @@ "9955ac47f4ba1c95ecb6092aeaefb40a22e99268": "v3.10-rc4", "998912346c0da53a6dbb71fab3a138586b596b30": "v5.7-rc1", "999b874f4aa39b7abf45662ff0900f943ddb2d02": "v2.6.32-rc1", + "99a63d36cb3ed5ca3aa6fcb64cffbeaf3b0fb164": "v5.19", "99a83db5a605137424e1efe29dc0573d6a5b6316": "v5.19-rc3", "99c23da0eed4fd20cae8243f2b51e10e66aa0951": "v5.16-rc1", "99c6fa2511d8a683e61468be91b83f85452115fa": "v4.15-rc8", @@ -2202,6 +2206,7 @@ "c6688ef9f29762e65bce325ef4acd6c675806366": "v4.15-rc4", "c66ac9db8d4ad9994a02b3e933ea2ccc643e1fe5": "v2.6.38-rc1", "c68cfb718c8f97b7f7a50ed66be5feb42d0c8988": "v5.1-rc1", + "c700525fcc06b05adfea78039de02628af79e07a": "v5.17", "c70222752228a62135cee3409dccefd494a24646": "v5.18-rc1", "c7084edc3f6d67750f50d4183134c4fb5712a5c8": "v5.1-rc4", "c73be61cede5882f9605a852414db559c0ebedfd": "v5.8-rc1",
diff --git a/data/kernel_cves.json b/data/kernel_cves.json index 7953b19..796551f 100644 --- a/data/kernel_cves.json +++ b/data/kernel_cves.json
@@ -71120,6 +71120,12 @@ "Ubuntu": "https://ubuntu.com/security/CVE-2022-20154" } }, + "CVE-2022-20158": { + "affected_versions": "unk to unk", + "breaks": "", + "fixes": "", + "last_modified": "2022-08-04" + }, "CVE-2022-20166": { "affected_versions": "v2.6.12-rc2 to v5.10-rc1", "breaks": "1da177e4c3f41524e886b7f1b8a0c1fc7321cac2", @@ -71159,6 +71165,22 @@ "Ubuntu": "https://ubuntu.com/security/CVE-2022-20166" } }, + "CVE-2022-20368": { + "affected_versions": "unk to v5.17", + "breaks": "", + "cmt_msg": "net/packet: fix slab-out-of-bounds access in packet_recvmsg()", + "fixes": "c700525fcc06b05adfea78039de02628af79e07a", + "last_affected_version": "5.16", + "last_modified": "2022-08-04" + }, + "CVE-2022-20369": { + "affected_versions": "unk to v5.18-rc1", + "breaks": "", + "cmt_msg": "media: v4l2-mem2mem: Apply DST_QUEUE_OFF_BASE on MMAP buffers across ioctls", + "fixes": "8310ca94075e784bbb06593cd6c068ee6b6e4ca6", + "last_affected_version": "5.17.1", + "last_modified": "2022-08-04" + }, "CVE-2022-2078": { "affected_versions": "v5.6-rc1 to v5.19-rc1", "breaks": "f3a2181e16f1dcbf5446ed43f6b5d9f56c459f85", @@ -71364,7 +71386,8 @@ "breaks": "29d3c1c8dfe752c01b7115ecd5a3142b232a38e1", "cmt_msg": "lockdown: Fix kexec lockdown bypass with ima policy", "fixes": "543ce63b664e2c2f9533d089a4664b559c3e6b5b", - "last_modified": "2022-07-28" + "last_affected_version": "5.18.14", + "last_modified": "2022-08-04" }, "CVE-2022-2153": { "affected_versions": "v3.7-rc1 to v5.18-rc1", @@ -71765,10 +71788,11 @@ } }, "CVE-2022-2327": { - "affected_versions": "unk to unk", + "affected_versions": "unk to v5.12-rc1-dontuse", "breaks": "", - "fixes": "", - "last_modified": "2022-07-25" + "cmt_msg": "io_uring: remove any grabbing of context", + "fixes": "44526bedc2ff8fcd58552e3c5bae928524b6f13c", + "last_modified": "2022-08-04" }, "CVE-2022-2380": { "affected_versions": "v2.6.12-rc2 to v5.18-rc1", @@ -73405,17 +73429,28 @@ "Ubuntu": "https://ubuntu.com/security/CVE-2022-34918" } }, + "CVE-2022-36123": { + "affected_versions": "unk to v5.19-rc6", + "breaks": "", + "cmt_msg": "x86: Clear .brk area at early boot", + "fixes": "38fa5479b41376dc9d7f57e71c83514285a25ca0", + "last_affected_version": "5.18.12", + "last_modified": "2022-08-04" + }, "CVE-2022-36879": { "affected_versions": "v2.6.35-rc1 to v5.19-rc8", "breaks": "80c802f3073e84c956846e921e8a0b02dfa3755f", "cmt_msg": "xfrm: xfrm_policy: fix a possible double xfrm_pols_put() in xfrm_bundle_lookup()", "fixes": "f85daf0e725358be78dfd208dea5fd665d8cb901", - "last_modified": "2022-07-28" + "last_affected_version": "5.18.14", + "last_modified": "2022-08-04" }, "CVE-2022-36946": { - "affected_versions": "unk to unk", + "affected_versions": "unk to v5.19", "breaks": "", - "fixes": "", - "last_modified": "2022-07-28" + "cmt_msg": "netfilter: nf_queue: do not allow packet truncation below transport header offset", + "fixes": "99a63d36cb3ed5ca3aa6fcb64cffbeaf3b0fb164", + "last_affected_version": "5.18.15", + "last_modified": "2022-08-04" } } \ No newline at end of file
diff --git a/data/stream_data.json b/data/stream_data.json index f4e2229..48061bb 100644 --- a/data/stream_data.json +++ b/data/stream_data.json
@@ -2522,6 +2522,9 @@ "CVE-2017-5753": { "cmt_msg": "x86/cpufeatures: Add X86_BUG_SPECTRE_V[12]" }, + "CVE-2022-20158": { + "cmt_msg": "" + }, "CVE-2019-9466": { "cmt_msg": "brcmfmac: add subtype check for event handling in data path" }, @@ -2882,6 +2885,9 @@ "CVE-2018-12207": { "cmt_msg": "kvm: x86, powerpc: do not allow clearing largepages debugfs entry" }, + "CVE-2022-20369": { + "cmt_msg": "media: v4l2-mem2mem: Apply DST_QUEUE_OFF_BASE on MMAP buffers across ioctls" + }, "CVE-2020-13143": { "cmt_msg": "USB: gadget: fix illegal array access in binding with UDC" }, @@ -3164,6 +3170,9 @@ "CVE-2020-1749": { "cmt_msg": "net: ipv6_stub: use ip6_dst_lookup_flow instead of ip6_dst_lookup" }, + "CVE-2022-36123": { + "cmt_msg": "x86: Clear .brk area at early boot" + }, "CVE-2020-11608": { "cmt_msg": "media: ov519: add missing endpoint sanity checks" }, @@ -3383,6 +3392,9 @@ "CVE-2022-25265": { "cmt_msg": "" }, + "CVE-2022-20368": { + "cmt_msg": "net/packet: fix slab-out-of-bounds access in packet_recvmsg()" + }, "CVE-2019-15220": { "cmt_msg": "p54usb: Fix race between disconnect and firmware loading" }, @@ -3762,7 +3774,7 @@ "cmt_msg": "f2fs: fix a bug caused by NULL extent tree" }, "CVE-2022-2327": { - "cmt_msg": "" + "cmt_msg": "io_uring: remove any grabbing of context" }, "CVE-2021-45486": { "cmt_msg": "inet: use bigger hash table for IP ID generation" @@ -3780,7 +3792,7 @@ "cmt_msg": "" }, "CVE-2022-36946": { - "cmt_msg": "" + "cmt_msg": "netfilter: nf_queue: do not allow packet truncation below transport header offset" }, "CVE-2021-45485": { "cmt_msg": "ipv6: use prandom_u32() for ID generation" @@ -4442,8 +4454,8 @@ "CVE-2019-11815": { "cmt_msg": "net: rds: force to destroy connection if t_sock is NULL in rds_tcp_kill_sock()." }, - "CVE-2022-23036": { - "cmt_msg": "xen/grant-table: add gnttab_try_end_foreign_access()" + "CVE-2022-20158": { + "cmt_msg": "" }, "CVE-2022-23037": { "cmt_msg": "xen/netfront: don't use gnttab_query_foreign_access() for mapped status" @@ -4901,6 +4913,9 @@ "CVE-2017-5753": { "cmt_msg": "x86/cpufeatures: Add X86_BUG_SPECTRE_V[12]" }, + "CVE-2022-20369": { + "cmt_msg": "media: v4l2-mem2mem: Apply DST_QUEUE_OFF_BASE on MMAP buffers across ioctls" + }, "CVE-2019-9466": { "cmt_msg": "brcmfmac: add subtype check for event handling in data path" }, @@ -5330,6 +5345,9 @@ "CVE-2019-3016": { "cmt_msg": "x86/kvm: Be careful not to clear KVM_VCPU_FLUSH_TLB bit" }, + "CVE-2022-23036": { + "cmt_msg": "xen/grant-table: add gnttab_try_end_foreign_access()" + }, "CVE-2022-2153": { "cmt_msg": "KVM: x86: Avoid theoretical NULL pointer dereference in kvm_irq_delivery_to_apic_fast()" }, @@ -5807,6 +5825,9 @@ "CVE-2021-3760": { "cmt_msg": "nfc: nci: fix the UAF of rf_conn_info object" }, + "CVE-2022-36123": { + "cmt_msg": "x86: Clear .brk area at early boot" + }, "CVE-2020-11608": { "cmt_msg": "media: ov519: add missing endpoint sanity checks" }, @@ -6119,6 +6140,9 @@ "CVE-2022-25265": { "cmt_msg": "" }, + "CVE-2022-20368": { + "cmt_msg": "net/packet: fix slab-out-of-bounds access in packet_recvmsg()" + }, "CVE-2017-12153": { "cmt_msg": "nl80211: check for the required netlink attributes presence" }, @@ -6648,7 +6672,7 @@ "cmt_msg": "f2fs: fix a bug caused by NULL extent tree" }, "CVE-2022-2327": { - "cmt_msg": "" + "cmt_msg": "io_uring: remove any grabbing of context" }, "CVE-2019-9454": { "cmt_msg": "i2c: core-smbus: prevent stack corruption on read I2C_BLOCK_DATA" @@ -6666,7 +6690,7 @@ "cmt_msg": "" }, "CVE-2022-36946": { - "cmt_msg": "" + "cmt_msg": "netfilter: nf_queue: do not allow packet truncation below transport header offset" }, "CVE-2021-45485": { "cmt_msg": "ipv6: use prandom_u32() for ID generation" @@ -7452,8 +7476,8 @@ "CVE-2021-27363": { "cmt_msg": "scsi: iscsi: Restrict sessions and handles to admin capabilities" }, - "CVE-2022-23036": { - "cmt_msg": "xen/grant-table: add gnttab_try_end_foreign_access()" + "CVE-2022-20158": { + "cmt_msg": "" }, "CVE-2022-23037": { "cmt_msg": "xen/netfront: don't use gnttab_query_foreign_access() for mapped status" @@ -8244,6 +8268,9 @@ "CVE-2019-3016": { "cmt_msg": "x86/kvm: Be careful not to clear KVM_VCPU_FLUSH_TLB bit" }, + "CVE-2022-23036": { + "cmt_msg": "xen/grant-table: add gnttab_try_end_foreign_access()" + }, "CVE-2022-2153": { "cmt_msg": "KVM: x86: Avoid theoretical NULL pointer dereference in kvm_irq_delivery_to_apic_fast()" }, @@ -8298,6 +8325,9 @@ "CVE-2018-12207": { "cmt_msg": "kvm: x86, powerpc: do not allow clearing largepages debugfs entry" }, + "CVE-2022-20369": { + "cmt_msg": "media: v4l2-mem2mem: Apply DST_QUEUE_OFF_BASE on MMAP buffers across ioctls" + }, "CVE-2020-13143": { "cmt_msg": "USB: gadget: fix illegal array access in binding with UDC" }, @@ -8676,6 +8706,9 @@ "CVE-2021-3760": { "cmt_msg": "nfc: nci: fix the UAF of rf_conn_info object" }, + "CVE-2022-36123": { + "cmt_msg": "x86: Clear .brk area at early boot" + }, "CVE-2020-11608": { "cmt_msg": "media: ov519: add missing endpoint sanity checks" }, @@ -8958,6 +8991,9 @@ "CVE-2022-25265": { "cmt_msg": "" }, + "CVE-2022-20368": { + "cmt_msg": "net/packet: fix slab-out-of-bounds access in packet_recvmsg()" + }, "CVE-2019-19813": { "cmt_msg": "btrfs: inode: Verify inode mode to avoid NULL pointer dereference" }, @@ -9433,7 +9469,7 @@ "cmt_msg": "xen/arm: Fix race in RB-tree based P2M accounting" }, "CVE-2022-2327": { - "cmt_msg": "" + "cmt_msg": "io_uring: remove any grabbing of context" }, "CVE-2019-9454": { "cmt_msg": "i2c: core-smbus: prevent stack corruption on read I2C_BLOCK_DATA" @@ -9451,7 +9487,7 @@ "cmt_msg": "" }, "CVE-2022-36946": { - "cmt_msg": "" + "cmt_msg": "netfilter: nf_queue: do not allow packet truncation below transport header offset" }, "CVE-2022-1184": { "cmt_msg": "ext4: verify dir block before splitting it" @@ -10099,8 +10135,8 @@ "CVE-2017-14991": { "cmt_msg": "scsi: sg: fixup infoleak when using SG_GET_REQUEST_TABLE" }, - "CVE-2022-23036": { - "cmt_msg": "xen/grant-table: add gnttab_try_end_foreign_access()" + "CVE-2022-20158": { + "cmt_msg": "" }, "CVE-2022-23037": { "cmt_msg": "xen/netfront: don't use gnttab_query_foreign_access() for mapped status" @@ -10948,6 +10984,9 @@ "CVE-2019-3016": { "cmt_msg": "x86/kvm: Be careful not to clear KVM_VCPU_FLUSH_TLB bit" }, + "CVE-2022-23036": { + "cmt_msg": "xen/grant-table: add gnttab_try_end_foreign_access()" + }, "CVE-2022-2153": { "cmt_msg": "KVM: x86: Avoid theoretical NULL pointer dereference in kvm_irq_delivery_to_apic_fast()" }, @@ -10999,6 +11038,9 @@ "CVE-2018-12207": { "cmt_msg": "kvm: x86, powerpc: do not allow clearing largepages debugfs entry" }, + "CVE-2022-20369": { + "cmt_msg": "media: v4l2-mem2mem: Apply DST_QUEUE_OFF_BASE on MMAP buffers across ioctls" + }, "CVE-2020-13143": { "cmt_msg": "USB: gadget: fix illegal array access in binding with UDC" }, @@ -11404,6 +11446,9 @@ "CVE-2021-3760": { "cmt_msg": "nfc: nci: fix the UAF of rf_conn_info object" }, + "CVE-2022-36123": { + "cmt_msg": "x86: Clear .brk area at early boot" + }, "CVE-2020-11608": { "cmt_msg": "media: ov519: add missing endpoint sanity checks" }, @@ -11698,6 +11743,9 @@ "CVE-2022-25265": { "cmt_msg": "" }, + "CVE-2022-20368": { + "cmt_msg": "net/packet: fix slab-out-of-bounds access in packet_recvmsg()" + }, "CVE-2017-12153": { "cmt_msg": "nl80211: check for the required netlink attributes presence" }, @@ -12197,7 +12245,7 @@ "cmt_msg": "f2fs: fix a bug caused by NULL extent tree" }, "CVE-2022-2327": { - "cmt_msg": "" + "cmt_msg": "io_uring: remove any grabbing of context" }, "CVE-2019-9454": { "cmt_msg": "i2c: core-smbus: prevent stack corruption on read I2C_BLOCK_DATA" @@ -12215,7 +12263,7 @@ "cmt_msg": "" }, "CVE-2022-36946": { - "cmt_msg": "" + "cmt_msg": "netfilter: nf_queue: do not allow packet truncation below transport header offset" }, "CVE-2022-1184": { "cmt_msg": "ext4: verify dir block before splitting it" @@ -12858,8 +12906,8 @@ "CVE-2021-27363": { "cmt_msg": "scsi: iscsi: Restrict sessions and handles to admin capabilities" }, - "CVE-2022-23036": { - "cmt_msg": "xen/grant-table: add gnttab_try_end_foreign_access()" + "CVE-2022-20158": { + "cmt_msg": "" }, "CVE-2022-23037": { "cmt_msg": "xen/netfront: don't use gnttab_query_foreign_access() for mapped status" @@ -13617,6 +13665,9 @@ "CVE-2019-3016": { "cmt_msg": "x86/kvm: Be careful not to clear KVM_VCPU_FLUSH_TLB bit" }, + "CVE-2022-23036": { + "cmt_msg": "xen/grant-table: add gnttab_try_end_foreign_access()" + }, "CVE-2022-2153": { "cmt_msg": "KVM: x86: Avoid theoretical NULL pointer dereference in kvm_irq_delivery_to_apic_fast()" }, @@ -13665,6 +13716,9 @@ "CVE-2018-12207": { "cmt_msg": "kvm: x86, powerpc: do not allow clearing largepages debugfs entry" }, + "CVE-2022-20369": { + "cmt_msg": "media: v4l2-mem2mem: Apply DST_QUEUE_OFF_BASE on MMAP buffers across ioctls" + }, "CVE-2020-13143": { "cmt_msg": "USB: gadget: fix illegal array access in binding with UDC" }, @@ -14010,6 +14064,9 @@ "CVE-2021-3760": { "cmt_msg": "nfc: nci: fix the UAF of rf_conn_info object" }, + "CVE-2022-36123": { + "cmt_msg": "x86: Clear .brk area at early boot" + }, "CVE-2020-11608": { "cmt_msg": "media: ov519: add missing endpoint sanity checks" }, @@ -14271,6 +14328,9 @@ "CVE-2022-25265": { "cmt_msg": "" }, + "CVE-2022-20368": { + "cmt_msg": "net/packet: fix slab-out-of-bounds access in packet_recvmsg()" + }, "CVE-2019-15220": { "cmt_msg": "p54usb: Fix race between disconnect and firmware loading" }, @@ -14713,7 +14773,7 @@ "cmt_msg": "xen/arm: Fix race in RB-tree based P2M accounting" }, "CVE-2022-2327": { - "cmt_msg": "" + "cmt_msg": "io_uring: remove any grabbing of context" }, "CVE-2021-45486": { "cmt_msg": "inet: use bigger hash table for IP ID generation" @@ -14725,7 +14785,7 @@ "cmt_msg": "" }, "CVE-2022-36946": { - "cmt_msg": "" + "cmt_msg": "netfilter: nf_queue: do not allow packet truncation below transport header offset" }, "CVE-2022-0812": { "cmt_msg": "xprtrdma: fix incorrect header size calculations" @@ -17989,6 +18049,12 @@ "cmt_id": "e0956dd95ddd6b02b7eb084d127b926a509ae8e7" } }, + "4.14.273": { + "CVE-2022-20368": { + "cmt_msg": "net/packet: fix slab-out-of-bounds access in packet_recvmsg()", + "cmt_id": "b1e27cda1e3c12b705875bb7e247a97168580e33" + } + }, "4.14.274": { "CVE-2022-26490": { "cmt_msg": "nfc: st21nfca: Fix potential buffer overflows in EVT_TRANSACTION", @@ -18187,6 +18253,18 @@ "cmt_id": "f7e7c2ad446f359f54f4ea6a0a30b218e5edf134" } }, + "4.14.289": { + "CVE-2022-36123": { + "cmt_msg": "x86: Clear .brk area at early boot", + "cmt_id": "a24eebede57ff42d5123cca948c5077ccddbffcb" + } + }, + "4.14.290": { + "CVE-2022-36879": { + "cmt_msg": "xfrm: xfrm_policy: fix a possible double xfrm_pols_put() in xfrm_bundle_lookup()", + "cmt_id": "2c9d93e35cb857fc613ec9d58d690d332252747b" + } + }, "outstanding": { "CVE-2021-0929": { "cmt_msg": "staging/android/ion: delete dma_buf->kmap/unmap implemenation" @@ -18224,9 +18302,6 @@ "CVE-2017-5753": { "cmt_msg": "x86/cpufeatures: Add X86_BUG_SPECTRE_V[12]" }, - "CVE-2022-36879": { - "cmt_msg": "xfrm: xfrm_policy: fix a possible double xfrm_pols_put() in xfrm_bundle_lookup()" - }, "CVE-2019-19377": { "cmt_msg": "btrfs: Don't submit any btree write bio if the fs has errors" }, @@ -18413,6 +18488,9 @@ "CVE-2020-36516": { "cmt_msg": "" }, + "CVE-2022-20158": { + "cmt_msg": "" + }, "CVE-2012-4542": { "cmt_msg": "" }, @@ -18492,7 +18570,7 @@ "cmt_msg": "drm/i915/guc: Update to use firmware v49.0.1" }, "CVE-2022-2327": { - "cmt_msg": "" + "cmt_msg": "io_uring: remove any grabbing of context" }, "CVE-2022-0480": { "cmt_msg": "memcg: enable accounting for file lock caches" @@ -18504,7 +18582,7 @@ "cmt_msg": "KVM: PPC: Book3S HV: Factor fake-suspend handling out of kvmppc_save/restore_tm" }, "CVE-2022-36946": { - "cmt_msg": "" + "cmt_msg": "netfilter: nf_queue: do not allow packet truncation below transport header offset" }, "CVE-2021-4218": { "cmt_msg": "sysctl: pass kernel pointers to ->proc_handler" @@ -18620,6 +18698,9 @@ "CVE-2020-8832": { "cmt_msg": "drm/i915: Record the default hw state after reset upon load" }, + "CVE-2022-20369": { + "cmt_msg": "media: v4l2-mem2mem: Apply DST_QUEUE_OFF_BASE on MMAP buffers across ioctls" + }, "CVE-2022-1280": { "cmt_msg": "drm: avoid circular locks in drm_mode_getconnector" }, @@ -19117,8 +19198,8 @@ "CVE-2021-27363": { "cmt_msg": "scsi: iscsi: Restrict sessions and handles to admin capabilities" }, - "CVE-2022-23036": { - "cmt_msg": "xen/grant-table: add gnttab_try_end_foreign_access()" + "CVE-2022-20158": { + "cmt_msg": "" }, "CVE-2022-23037": { "cmt_msg": "xen/netfront: don't use gnttab_query_foreign_access() for mapped status" @@ -19825,6 +19906,9 @@ "CVE-2022-0617": { "cmt_msg": "udf: Fix NULL ptr deref when converting from inline format" }, + "CVE-2022-23036": { + "cmt_msg": "xen/grant-table: add gnttab_try_end_foreign_access()" + }, "CVE-2022-2153": { "cmt_msg": "KVM: x86: Avoid theoretical NULL pointer dereference in kvm_irq_delivery_to_apic_fast()" }, @@ -19876,6 +19960,9 @@ "CVE-2018-12207": { "cmt_msg": "kvm: x86, powerpc: do not allow clearing largepages debugfs entry" }, + "CVE-2022-20369": { + "cmt_msg": "media: v4l2-mem2mem: Apply DST_QUEUE_OFF_BASE on MMAP buffers across ioctls" + }, "CVE-2020-13143": { "cmt_msg": "USB: gadget: fix illegal array access in binding with UDC" }, @@ -20182,6 +20269,9 @@ "CVE-2021-3760": { "cmt_msg": "nfc: nci: fix the UAF of rf_conn_info object" }, + "CVE-2022-36123": { + "cmt_msg": "x86: Clear .brk area at early boot" + }, "CVE-2020-11608": { "cmt_msg": "media: ov519: add missing endpoint sanity checks" }, @@ -20425,6 +20515,9 @@ "CVE-2022-25265": { "cmt_msg": "" }, + "CVE-2022-20368": { + "cmt_msg": "net/packet: fix slab-out-of-bounds access in packet_recvmsg()" + }, "CVE-2019-15220": { "cmt_msg": "p54usb: Fix race between disconnect and firmware loading" }, @@ -20840,7 +20933,7 @@ "cmt_msg": "xen/arm: Fix race in RB-tree based P2M accounting" }, "CVE-2022-2327": { - "cmt_msg": "" + "cmt_msg": "io_uring: remove any grabbing of context" }, "CVE-2021-45486": { "cmt_msg": "inet: use bigger hash table for IP ID generation" @@ -20852,7 +20945,7 @@ "cmt_msg": "" }, "CVE-2022-36946": { - "cmt_msg": "" + "cmt_msg": "netfilter: nf_queue: do not allow packet truncation below transport header offset" }, "CVE-2022-0812": { "cmt_msg": "xprtrdma: fix incorrect header size calculations" @@ -21463,8 +21556,8 @@ "CVE-2021-27363": { "cmt_msg": "scsi: iscsi: Restrict sessions and handles to admin capabilities" }, - "CVE-2022-23036": { - "cmt_msg": "xen/grant-table: add gnttab_try_end_foreign_access()" + "CVE-2022-20158": { + "cmt_msg": "" }, "CVE-2022-23037": { "cmt_msg": "xen/netfront: don't use gnttab_query_foreign_access() for mapped status" @@ -22201,6 +22294,9 @@ "CVE-2018-10902": { "cmt_msg": "ALSA: rawmidi: Change resized buffers atomically" }, + "CVE-2022-23036": { + "cmt_msg": "xen/grant-table: add gnttab_try_end_foreign_access()" + }, "CVE-2022-2153": { "cmt_msg": "KVM: x86: Avoid theoretical NULL pointer dereference in kvm_irq_delivery_to_apic_fast()" }, @@ -22252,6 +22348,9 @@ "CVE-2018-12207": { "cmt_msg": "kvm: x86, powerpc: do not allow clearing largepages debugfs entry" }, + "CVE-2022-20369": { + "cmt_msg": "media: v4l2-mem2mem: Apply DST_QUEUE_OFF_BASE on MMAP buffers across ioctls" + }, "CVE-2018-12633": { "cmt_msg": "virt: vbox: Only copy_from_user the request-header once" }, @@ -22576,6 +22675,9 @@ "CVE-2021-3760": { "cmt_msg": "nfc: nci: fix the UAF of rf_conn_info object" }, + "CVE-2022-36123": { + "cmt_msg": "x86: Clear .brk area at early boot" + }, "CVE-2020-11608": { "cmt_msg": "media: ov519: add missing endpoint sanity checks" }, @@ -22825,6 +22927,9 @@ "CVE-2022-25265": { "cmt_msg": "" }, + "CVE-2022-20368": { + "cmt_msg": "net/packet: fix slab-out-of-bounds access in packet_recvmsg()" + }, "CVE-2019-15220": { "cmt_msg": "p54usb: Fix race between disconnect and firmware loading" }, @@ -23264,7 +23369,7 @@ "cmt_msg": "xen/arm: Fix race in RB-tree based P2M accounting" }, "CVE-2022-2327": { - "cmt_msg": "" + "cmt_msg": "io_uring: remove any grabbing of context" }, "CVE-2021-45486": { "cmt_msg": "inet: use bigger hash table for IP ID generation" @@ -23276,7 +23381,7 @@ "cmt_msg": "" }, "CVE-2022-36946": { - "cmt_msg": "" + "cmt_msg": "netfilter: nf_queue: do not allow packet truncation below transport header offset" }, "CVE-2022-0812": { "cmt_msg": "xprtrdma: fix incorrect header size calculations" @@ -25989,6 +26094,12 @@ "cmt_id": "73d55fa1b9310573f623195a4f7ab3170bbaf248" } }, + "4.19.236": { + "CVE-2022-20368": { + "cmt_msg": "net/packet: fix slab-out-of-bounds access in packet_recvmsg()", + "cmt_id": "a33dd1e6693f80d805155b3f69c18c2f642915da" + } + }, "4.19.237": { "CVE-2022-26490": { "cmt_msg": "nfc: st21nfca: Fix potential buffer overflows in EVT_TRANSACTION", @@ -26189,6 +26300,18 @@ "cmt_id": "eae522ed28fe1c00375a8a0081a97dce7996e4d8" } }, + "4.19.253": { + "CVE-2022-36123": { + "cmt_msg": "x86: Clear .brk area at early boot", + "cmt_id": "36e2f161fb01795722f2ff1a24d95f08100333dd" + } + }, + "4.19.254": { + "CVE-2022-36879": { + "cmt_msg": "xfrm: xfrm_policy: fix a possible double xfrm_pols_put() in xfrm_bundle_lookup()", + "cmt_id": "fdb4fba1ba8512fa579a9d091dcb6c410f82f96a" + } + }, "outstanding": { "CVE-2021-0929": { "cmt_msg": "staging/android/ion: delete dma_buf->kmap/unmap implemenation" @@ -26220,9 +26343,6 @@ "CVE-2019-19378": { "cmt_msg": "" }, - "CVE-2022-36879": { - "cmt_msg": "xfrm: xfrm_policy: fix a possible double xfrm_pols_put() in xfrm_bundle_lookup()" - }, "CVE-2019-15794": { "cmt_msg": "ovl: fix reference counting in ovl_mmap error path" }, @@ -26382,6 +26502,9 @@ "CVE-2020-36516": { "cmt_msg": "" }, + "CVE-2022-20158": { + "cmt_msg": "" + }, "CVE-2012-4542": { "cmt_msg": "" }, @@ -26446,7 +26569,7 @@ "cmt_msg": "drm/i915/guc: Update to use firmware v49.0.1" }, "CVE-2022-2327": { - "cmt_msg": "" + "cmt_msg": "io_uring: remove any grabbing of context" }, "CVE-2022-0480": { "cmt_msg": "memcg: enable accounting for file lock caches" @@ -26458,7 +26581,7 @@ "cmt_msg": "" }, "CVE-2022-36946": { - "cmt_msg": "" + "cmt_msg": "netfilter: nf_queue: do not allow packet truncation below transport header offset" }, "CVE-2021-4218": { "cmt_msg": "sysctl: pass kernel pointers to ->proc_handler" @@ -26565,6 +26688,9 @@ "CVE-2021-3847": { "cmt_msg": "" }, + "CVE-2022-20369": { + "cmt_msg": "media: v4l2-mem2mem: Apply DST_QUEUE_OFF_BASE on MMAP buffers across ioctls" + }, "CVE-2022-1280": { "cmt_msg": "drm: avoid circular locks in drm_mode_getconnector" }, @@ -27037,8 +27163,8 @@ "CVE-2021-27363": { "cmt_msg": "scsi: iscsi: Restrict sessions and handles to admin capabilities" }, - "CVE-2022-23036": { - "cmt_msg": "xen/grant-table: add gnttab_try_end_foreign_access()" + "CVE-2022-20158": { + "cmt_msg": "" }, "CVE-2022-23037": { "cmt_msg": "xen/netfront: don't use gnttab_query_foreign_access() for mapped status" @@ -27730,6 +27856,9 @@ "CVE-2022-0617": { "cmt_msg": "udf: Fix NULL ptr deref when converting from inline format" }, + "CVE-2022-23036": { + "cmt_msg": "xen/grant-table: add gnttab_try_end_foreign_access()" + }, "CVE-2022-2153": { "cmt_msg": "KVM: x86: Avoid theoretical NULL pointer dereference in kvm_irq_delivery_to_apic_fast()" }, @@ -28075,6 +28204,9 @@ "CVE-2021-3760": { "cmt_msg": "nfc: nci: fix the UAF of rf_conn_info object" }, + "CVE-2022-36123": { + "cmt_msg": "x86: Clear .brk area at early boot" + }, "CVE-2020-11608": { "cmt_msg": "media: ov519: add missing endpoint sanity checks" }, @@ -28312,9 +28444,15 @@ "CVE-2020-12770": { "cmt_msg": "scsi: sg: add sg_remove_request in sg_write" }, + "CVE-2022-20369": { + "cmt_msg": "media: v4l2-mem2mem: Apply DST_QUEUE_OFF_BASE on MMAP buffers across ioctls" + }, "CVE-2022-25265": { "cmt_msg": "" }, + "CVE-2022-20368": { + "cmt_msg": "net/packet: fix slab-out-of-bounds access in packet_recvmsg()" + }, "CVE-2019-15220": { "cmt_msg": "p54usb: Fix race between disconnect and firmware loading" }, @@ -28712,7 +28850,7 @@ "cmt_msg": "xen/arm: Fix race in RB-tree based P2M accounting" }, "CVE-2022-2327": { - "cmt_msg": "" + "cmt_msg": "io_uring: remove any grabbing of context" }, "CVE-2021-45486": { "cmt_msg": "inet: use bigger hash table for IP ID generation" @@ -28724,7 +28862,7 @@ "cmt_msg": "" }, "CVE-2022-36946": { - "cmt_msg": "" + "cmt_msg": "netfilter: nf_queue: do not allow packet truncation below transport header offset" }, "CVE-2022-0812": { "cmt_msg": "xprtrdma: fix incorrect header size calculations" @@ -30685,8 +30823,8 @@ "CVE-2021-27363": { "cmt_msg": "scsi: iscsi: Restrict sessions and handles to admin capabilities" }, - "CVE-2022-23036": { - "cmt_msg": "xen/grant-table: add gnttab_try_end_foreign_access()" + "CVE-2022-20158": { + "cmt_msg": "" }, "CVE-2022-23037": { "cmt_msg": "xen/netfront: don't use gnttab_query_foreign_access() for mapped status" @@ -31075,6 +31213,9 @@ "CVE-2017-5753": { "cmt_msg": "x86/cpufeatures: Add X86_BUG_SPECTRE_V[12]" }, + "CVE-2022-20369": { + "cmt_msg": "media: v4l2-mem2mem: Apply DST_QUEUE_OFF_BASE on MMAP buffers across ioctls" + }, "CVE-2019-9466": { "cmt_msg": "brcmfmac: add subtype check for event handling in data path" }, @@ -31447,6 +31588,9 @@ "CVE-2018-7273": { "cmt_msg": "printk: hash addresses printed with %p" }, + "CVE-2022-23036": { + "cmt_msg": "xen/grant-table: add gnttab_try_end_foreign_access()" + }, "CVE-2022-2153": { "cmt_msg": "KVM: x86: Avoid theoretical NULL pointer dereference in kvm_irq_delivery_to_apic_fast()" }, @@ -31870,6 +32014,9 @@ "CVE-2022-1786": { "cmt_msg": "io_uring: remove io_identity" }, + "CVE-2022-36123": { + "cmt_msg": "x86: Clear .brk area at early boot" + }, "CVE-2020-11608": { "cmt_msg": "media: ov519: add missing endpoint sanity checks" }, @@ -32158,6 +32305,9 @@ "CVE-2022-25265": { "cmt_msg": "" }, + "CVE-2022-20368": { + "cmt_msg": "net/packet: fix slab-out-of-bounds access in packet_recvmsg()" + }, "CVE-2017-12153": { "cmt_msg": "nl80211: check for the required netlink attributes presence" }, @@ -32624,7 +32774,7 @@ "cmt_msg": "f2fs: fix a bug caused by NULL extent tree" }, "CVE-2022-2327": { - "cmt_msg": "" + "cmt_msg": "io_uring: remove any grabbing of context" }, "CVE-2022-1280": { "cmt_msg": "drm: avoid circular locks in drm_mode_getconnector" @@ -32642,7 +32792,7 @@ "cmt_msg": "vgacon: Fix for missing check in scrollback handling" }, "CVE-2022-36946": { - "cmt_msg": "" + "cmt_msg": "netfilter: nf_queue: do not allow packet truncation below transport header offset" }, "CVE-2021-45485": { "cmt_msg": "ipv6: use prandom_u32() for ID generation" @@ -34160,8 +34310,8 @@ "CVE-2016-8645": { "cmt_msg": "tcp: take care of truncations done by sk_filter()" }, - "CVE-2022-23036": { - "cmt_msg": "xen/grant-table: add gnttab_try_end_foreign_access()" + "CVE-2022-20158": { + "cmt_msg": "" }, "CVE-2022-23037": { "cmt_msg": "xen/netfront: don't use gnttab_query_foreign_access() for mapped status" @@ -34595,6 +34745,9 @@ "CVE-2017-5753": { "cmt_msg": "x86/cpufeatures: Add X86_BUG_SPECTRE_V[12]" }, + "CVE-2022-20369": { + "cmt_msg": "media: v4l2-mem2mem: Apply DST_QUEUE_OFF_BASE on MMAP buffers across ioctls" + }, "CVE-2022-32981": { "cmt_msg": "powerpc/32: Fix overread/overwrite of thread_struct via ptrace" }, @@ -35024,6 +35177,9 @@ "CVE-2018-7273": { "cmt_msg": "printk: hash addresses printed with %p" }, + "CVE-2022-23036": { + "cmt_msg": "xen/grant-table: add gnttab_try_end_foreign_access()" + }, "CVE-2022-2153": { "cmt_msg": "KVM: x86: Avoid theoretical NULL pointer dereference in kvm_irq_delivery_to_apic_fast()" }, @@ -35498,6 +35654,9 @@ "CVE-2022-1786": { "cmt_msg": "io_uring: remove io_identity" }, + "CVE-2022-36123": { + "cmt_msg": "x86: Clear .brk area at early boot" + }, "CVE-2020-11608": { "cmt_msg": "media: ov519: add missing endpoint sanity checks" }, @@ -35819,6 +35978,9 @@ "CVE-2022-25265": { "cmt_msg": "" }, + "CVE-2022-20368": { + "cmt_msg": "net/packet: fix slab-out-of-bounds access in packet_recvmsg()" + }, "CVE-2017-12153": { "cmt_msg": "nl80211: check for the required netlink attributes presence" }, @@ -36327,7 +36489,7 @@ "cmt_msg": "f2fs: fix a bug caused by NULL extent tree" }, "CVE-2022-2327": { - "cmt_msg": "" + "cmt_msg": "io_uring: remove any grabbing of context" }, "CVE-2022-1280": { "cmt_msg": "drm: avoid circular locks in drm_mode_getconnector" @@ -36351,7 +36513,7 @@ "cmt_msg": "sched/fair: Don't free p->numa_faults with concurrent readers" }, "CVE-2022-36946": { - "cmt_msg": "" + "cmt_msg": "netfilter: nf_queue: do not allow packet truncation below transport header offset" }, "CVE-2022-1184": { "cmt_msg": "ext4: verify dir block before splitting it" @@ -39456,8 +39618,8 @@ "CVE-2021-45868": { "cmt_msg": "quota: check block number when reading the block in quota file" }, - "CVE-2022-23036": { - "cmt_msg": "xen/grant-table: add gnttab_try_end_foreign_access()" + "CVE-2022-20158": { + "cmt_msg": "" }, "CVE-2022-23037": { "cmt_msg": "xen/netfront: don't use gnttab_query_foreign_access() for mapped status" @@ -40107,6 +40269,9 @@ "CVE-2021-3640": { "cmt_msg": "Bluetooth: sco: Fix lock_sock() blockage by memcpy_from_msg()" }, + "CVE-2022-36123": { + "cmt_msg": "x86: Clear .brk area at early boot" + }, "CVE-2020-28097": { "cmt_msg": "vgacon: remove software scrollback support" }, @@ -40182,6 +40347,9 @@ "CVE-2021-27363": { "cmt_msg": "scsi: iscsi: Restrict sessions and handles to admin capabilities" }, + "CVE-2022-23036": { + "cmt_msg": "xen/grant-table: add gnttab_try_end_foreign_access()" + }, "CVE-2018-17977": { "cmt_msg": "" }, @@ -40248,9 +40416,15 @@ "CVE-2020-12771": { "cmt_msg": "bcache: fix potential deadlock problem in btree_gc_coalesce" }, + "CVE-2022-20369": { + "cmt_msg": "media: v4l2-mem2mem: Apply DST_QUEUE_OFF_BASE on MMAP buffers across ioctls" + }, "CVE-2022-25265": { "cmt_msg": "" }, + "CVE-2022-20368": { + "cmt_msg": "net/packet: fix slab-out-of-bounds access in packet_recvmsg()" + }, "CVE-2020-25285": { "cmt_msg": "mm/hugetlb: fix a race between hugetlb sysctl handlers" }, @@ -40540,7 +40714,7 @@ "cmt_msg": "f2fs: fix a bug caused by NULL extent tree" }, "CVE-2022-2327": { - "cmt_msg": "" + "cmt_msg": "io_uring: remove any grabbing of context" }, "CVE-2021-45486": { "cmt_msg": "inet: use bigger hash table for IP ID generation" @@ -40555,7 +40729,7 @@ "cmt_msg": "" }, "CVE-2022-36946": { - "cmt_msg": "" + "cmt_msg": "netfilter: nf_queue: do not allow packet truncation below transport header offset" }, "CVE-2021-45485": { "cmt_msg": "ipv6: use prandom_u32() for ID generation" @@ -43057,8 +43231,8 @@ "CVE-2021-27363": { "cmt_msg": "scsi: iscsi: Restrict sessions and handles to admin capabilities" }, - "CVE-2022-23036": { - "cmt_msg": "xen/grant-table: add gnttab_try_end_foreign_access()" + "CVE-2022-20158": { + "cmt_msg": "" }, "CVE-2022-23037": { "cmt_msg": "xen/netfront: don't use gnttab_query_foreign_access() for mapped status" @@ -43654,6 +43828,9 @@ "CVE-2018-7273": { "cmt_msg": "printk: hash addresses printed with %p" }, + "CVE-2022-23036": { + "cmt_msg": "xen/grant-table: add gnttab_try_end_foreign_access()" + }, "CVE-2018-12930": { "cmt_msg": "" }, @@ -43693,6 +43870,9 @@ "CVE-2018-12207": { "cmt_msg": "kvm: x86, powerpc: do not allow clearing largepages debugfs entry" }, + "CVE-2022-20369": { + "cmt_msg": "media: v4l2-mem2mem: Apply DST_QUEUE_OFF_BASE on MMAP buffers across ioctls" + }, "CVE-2020-10768": { "cmt_msg": "x86/speculation: PR_SPEC_FORCE_DISABLE enforcement for indirect branches." }, @@ -43972,6 +44152,9 @@ "CVE-2022-1786": { "cmt_msg": "io_uring: remove io_identity" }, + "CVE-2022-36123": { + "cmt_msg": "x86: Clear .brk area at early boot" + }, "CVE-2013-3228": { "cmt_msg": "irda: Fix missing msg_namelen update in irda_recvmsg_dgram()" }, @@ -44200,6 +44383,9 @@ "CVE-2022-25265": { "cmt_msg": "" }, + "CVE-2022-20368": { + "cmt_msg": "net/packet: fix slab-out-of-bounds access in packet_recvmsg()" + }, "CVE-2020-11608": { "cmt_msg": "media: ov519: add missing endpoint sanity checks" }, @@ -44552,7 +44738,7 @@ "cmt_msg": "f2fs: fix a bug caused by NULL extent tree" }, "CVE-2022-2327": { - "cmt_msg": "" + "cmt_msg": "io_uring: remove any grabbing of context" }, "CVE-2022-1280": { "cmt_msg": "drm: avoid circular locks in drm_mode_getconnector" @@ -44570,7 +44756,7 @@ "cmt_msg": "fbcon: Fix global-out-of-bounds read in fbcon_get_font()" }, "CVE-2022-36946": { - "cmt_msg": "" + "cmt_msg": "netfilter: nf_queue: do not allow packet truncation below transport header offset" }, "CVE-2021-45485": { "cmt_msg": "ipv6: use prandom_u32() for ID generation" @@ -45273,8 +45459,8 @@ "CVE-2016-8645": { "cmt_msg": "tcp: take care of truncations done by sk_filter()" }, - "CVE-2022-23036": { - "cmt_msg": "xen/grant-table: add gnttab_try_end_foreign_access()" + "CVE-2022-20158": { + "cmt_msg": "" }, "CVE-2022-23037": { "cmt_msg": "xen/netfront: don't use gnttab_query_foreign_access() for mapped status" @@ -45744,6 +45930,9 @@ "CVE-2017-5753": { "cmt_msg": "x86/cpufeatures: Add X86_BUG_SPECTRE_V[12]" }, + "CVE-2022-20369": { + "cmt_msg": "media: v4l2-mem2mem: Apply DST_QUEUE_OFF_BASE on MMAP buffers across ioctls" + }, "CVE-2022-32981": { "cmt_msg": "powerpc/32: Fix overread/overwrite of thread_struct via ptrace" }, @@ -46191,6 +46380,9 @@ "CVE-2022-0617": { "cmt_msg": "udf: Fix NULL ptr deref when converting from inline format" }, + "CVE-2022-23036": { + "cmt_msg": "xen/grant-table: add gnttab_try_end_foreign_access()" + }, "CVE-2022-2153": { "cmt_msg": "KVM: x86: Avoid theoretical NULL pointer dereference in kvm_irq_delivery_to_apic_fast()" }, @@ -46707,6 +46899,9 @@ "CVE-2022-1786": { "cmt_msg": "io_uring: remove io_identity" }, + "CVE-2022-36123": { + "cmt_msg": "x86: Clear .brk area at early boot" + }, "CVE-2020-11608": { "cmt_msg": "media: ov519: add missing endpoint sanity checks" }, @@ -47061,6 +47256,9 @@ "CVE-2022-25265": { "cmt_msg": "" }, + "CVE-2022-20368": { + "cmt_msg": "net/packet: fix slab-out-of-bounds access in packet_recvmsg()" + }, "CVE-2017-12153": { "cmt_msg": "nl80211: check for the required netlink attributes presence" }, @@ -47602,7 +47800,7 @@ "cmt_msg": "f2fs: fix a bug caused by NULL extent tree" }, "CVE-2022-2327": { - "cmt_msg": "" + "cmt_msg": "io_uring: remove any grabbing of context" }, "CVE-2019-9454": { "cmt_msg": "i2c: core-smbus: prevent stack corruption on read I2C_BLOCK_DATA" @@ -47629,7 +47827,7 @@ "cmt_msg": "" }, "CVE-2022-36946": { - "cmt_msg": "" + "cmt_msg": "netfilter: nf_queue: do not allow packet truncation below transport header offset" }, "CVE-2021-45485": { "cmt_msg": "ipv6: use prandom_u32() for ID generation" @@ -51745,8 +51943,8 @@ "CVE-2020-36516": { "cmt_msg": "" }, - "CVE-2022-23036": { - "cmt_msg": "xen/grant-table: add gnttab_try_end_foreign_access()" + "CVE-2022-20158": { + "cmt_msg": "" }, "CVE-2022-23037": { "cmt_msg": "xen/netfront: don't use gnttab_query_foreign_access() for mapped status" @@ -51763,6 +51961,9 @@ "CVE-2022-1462": { "cmt_msg": "" }, + "CVE-2022-36123": { + "cmt_msg": "x86: Clear .brk area at early boot" + }, "CVE-2022-1184": { "cmt_msg": "ext4: verify dir block before splitting it" }, @@ -51929,7 +52130,7 @@ "cmt_msg": "cifs: fix NULL ptr dereference in smb2_ioctl_query_info()" }, "CVE-2022-2327": { - "cmt_msg": "" + "cmt_msg": "io_uring: remove any grabbing of context" }, "CVE-2022-0480": { "cmt_msg": "memcg: enable accounting for file lock caches" @@ -51956,7 +52157,7 @@ "cmt_msg": "binder: fix race that allows malicious free of live buffer" }, "CVE-2022-36946": { - "cmt_msg": "" + "cmt_msg": "netfilter: nf_queue: do not allow packet truncation below transport header offset" }, "CVE-2021-4218": { "cmt_msg": "sysctl: pass kernel pointers to ->proc_handler" @@ -51982,6 +52183,9 @@ "CVE-2018-7273": { "cmt_msg": "printk: hash addresses printed with %p" }, + "CVE-2022-23036": { + "cmt_msg": "xen/grant-table: add gnttab_try_end_foreign_access()" + }, "CVE-2018-9465": { "cmt_msg": "binder: fix proc->files use-after-free" }, @@ -52129,6 +52333,9 @@ "CVE-2019-11191": { "cmt_msg": "x86: Deprecate a.out support" }, + "CVE-2022-20368": { + "cmt_msg": "net/packet: fix slab-out-of-bounds access in packet_recvmsg()" + }, "CVE-2022-26966": { "cmt_msg": "sr9700: sanity check for packet length" }, @@ -52156,6 +52363,9 @@ "CVE-2020-8832": { "cmt_msg": "drm/i915: Record the default hw state after reset upon load" }, + "CVE-2022-20369": { + "cmt_msg": "media: v4l2-mem2mem: Apply DST_QUEUE_OFF_BASE on MMAP buffers across ioctls" + }, "CVE-2022-1280": { "cmt_msg": "drm: avoid circular locks in drm_mode_getconnector" }, @@ -52630,8 +52840,8 @@ "CVE-2016-8645": { "cmt_msg": "tcp: take care of truncations done by sk_filter()" }, - "CVE-2022-23036": { - "cmt_msg": "xen/grant-table: add gnttab_try_end_foreign_access()" + "CVE-2022-20158": { + "cmt_msg": "" }, "CVE-2022-23037": { "cmt_msg": "xen/netfront: don't use gnttab_query_foreign_access() for mapped status" @@ -53092,6 +53302,9 @@ "CVE-2017-5753": { "cmt_msg": "x86/cpufeatures: Add X86_BUG_SPECTRE_V[12]" }, + "CVE-2022-20369": { + "cmt_msg": "media: v4l2-mem2mem: Apply DST_QUEUE_OFF_BASE on MMAP buffers across ioctls" + }, "CVE-2022-32981": { "cmt_msg": "powerpc/32: Fix overread/overwrite of thread_struct via ptrace" }, @@ -53524,6 +53737,9 @@ "CVE-2022-0617": { "cmt_msg": "udf: Fix NULL ptr deref when converting from inline format" }, + "CVE-2022-23036": { + "cmt_msg": "xen/grant-table: add gnttab_try_end_foreign_access()" + }, "CVE-2022-2153": { "cmt_msg": "KVM: x86: Avoid theoretical NULL pointer dereference in kvm_irq_delivery_to_apic_fast()" }, @@ -54016,6 +54232,9 @@ "CVE-2021-3760": { "cmt_msg": "nfc: nci: fix the UAF of rf_conn_info object" }, + "CVE-2022-36123": { + "cmt_msg": "x86: Clear .brk area at early boot" + }, "CVE-2020-11608": { "cmt_msg": "media: ov519: add missing endpoint sanity checks" }, @@ -54358,6 +54577,9 @@ "CVE-2022-25265": { "cmt_msg": "" }, + "CVE-2022-20368": { + "cmt_msg": "net/packet: fix slab-out-of-bounds access in packet_recvmsg()" + }, "CVE-2017-12153": { "cmt_msg": "nl80211: check for the required netlink attributes presence" }, @@ -54905,7 +55127,7 @@ "cmt_msg": "f2fs: fix a bug caused by NULL extent tree" }, "CVE-2022-2327": { - "cmt_msg": "" + "cmt_msg": "io_uring: remove any grabbing of context" }, "CVE-2019-9454": { "cmt_msg": "i2c: core-smbus: prevent stack corruption on read I2C_BLOCK_DATA" @@ -54929,7 +55151,7 @@ "cmt_msg": "" }, "CVE-2022-36946": { - "cmt_msg": "" + "cmt_msg": "netfilter: nf_queue: do not allow packet truncation below transport header offset" }, "CVE-2021-45485": { "cmt_msg": "ipv6: use prandom_u32() for ID generation" @@ -55641,8 +55863,8 @@ "CVE-2016-8645": { "cmt_msg": "tcp: take care of truncations done by sk_filter()" }, - "CVE-2022-23036": { - "cmt_msg": "xen/grant-table: add gnttab_try_end_foreign_access()" + "CVE-2022-20158": { + "cmt_msg": "" }, "CVE-2022-23037": { "cmt_msg": "xen/netfront: don't use gnttab_query_foreign_access() for mapped status" @@ -56100,6 +56322,9 @@ "CVE-2017-5753": { "cmt_msg": "x86/cpufeatures: Add X86_BUG_SPECTRE_V[12]" }, + "CVE-2022-20369": { + "cmt_msg": "media: v4l2-mem2mem: Apply DST_QUEUE_OFF_BASE on MMAP buffers across ioctls" + }, "CVE-2022-32981": { "cmt_msg": "powerpc/32: Fix overread/overwrite of thread_struct via ptrace" }, @@ -56532,6 +56757,9 @@ "CVE-2022-0617": { "cmt_msg": "udf: Fix NULL ptr deref when converting from inline format" }, + "CVE-2022-23036": { + "cmt_msg": "xen/grant-table: add gnttab_try_end_foreign_access()" + }, "CVE-2022-2153": { "cmt_msg": "KVM: x86: Avoid theoretical NULL pointer dereference in kvm_irq_delivery_to_apic_fast()" }, @@ -57036,6 +57264,9 @@ "CVE-2021-3760": { "cmt_msg": "nfc: nci: fix the UAF of rf_conn_info object" }, + "CVE-2022-36123": { + "cmt_msg": "x86: Clear .brk area at early boot" + }, "CVE-2020-11608": { "cmt_msg": "media: ov519: add missing endpoint sanity checks" }, @@ -57372,6 +57603,9 @@ "CVE-2022-25265": { "cmt_msg": "" }, + "CVE-2022-20368": { + "cmt_msg": "net/packet: fix slab-out-of-bounds access in packet_recvmsg()" + }, "CVE-2017-12153": { "cmt_msg": "nl80211: check for the required netlink attributes presence" }, @@ -57919,7 +58153,7 @@ "cmt_msg": "f2fs: fix a bug caused by NULL extent tree" }, "CVE-2022-2327": { - "cmt_msg": "" + "cmt_msg": "io_uring: remove any grabbing of context" }, "CVE-2019-9454": { "cmt_msg": "i2c: core-smbus: prevent stack corruption on read I2C_BLOCK_DATA" @@ -57943,7 +58177,7 @@ "cmt_msg": "" }, "CVE-2022-36946": { - "cmt_msg": "" + "cmt_msg": "netfilter: nf_queue: do not allow packet truncation below transport header offset" }, "CVE-2021-45485": { "cmt_msg": "ipv6: use prandom_u32() for ID generation" @@ -60138,6 +60372,9 @@ "CVE-2017-5753": { "cmt_msg": "x86/cpufeatures: Add X86_BUG_SPECTRE_V[12]" }, + "CVE-2022-20158": { + "cmt_msg": "" + }, "CVE-2016-10208": { "cmt_msg": "ext4: validate s_first_meta_bg at mount time" }, @@ -60510,6 +60747,9 @@ "CVE-2018-12207": { "cmt_msg": "kvm: x86, powerpc: do not allow clearing largepages debugfs entry" }, + "CVE-2022-20369": { + "cmt_msg": "media: v4l2-mem2mem: Apply DST_QUEUE_OFF_BASE on MMAP buffers across ioctls" + }, "CVE-2020-13143": { "cmt_msg": "USB: gadget: fix illegal array access in binding with UDC" }, @@ -60828,6 +61068,9 @@ "CVE-2021-3760": { "cmt_msg": "nfc: nci: fix the UAF of rf_conn_info object" }, + "CVE-2022-36123": { + "cmt_msg": "x86: Clear .brk area at early boot" + }, "CVE-2020-11608": { "cmt_msg": "media: ov519: add missing endpoint sanity checks" }, @@ -61086,6 +61329,9 @@ "CVE-2022-25265": { "cmt_msg": "" }, + "CVE-2022-20368": { + "cmt_msg": "net/packet: fix slab-out-of-bounds access in packet_recvmsg()" + }, "CVE-2019-19813": { "cmt_msg": "btrfs: inode: Verify inode mode to avoid NULL pointer dereference" }, @@ -61513,7 +61759,7 @@ "cmt_msg": "f2fs: fix a bug caused by NULL extent tree" }, "CVE-2022-2327": { - "cmt_msg": "" + "cmt_msg": "io_uring: remove any grabbing of context" }, "CVE-2019-9454": { "cmt_msg": "i2c: core-smbus: prevent stack corruption on read I2C_BLOCK_DATA" @@ -61537,7 +61783,7 @@ "cmt_msg": "sched/fair: Don't free p->numa_faults with concurrent readers" }, "CVE-2022-36946": { - "cmt_msg": "" + "cmt_msg": "netfilter: nf_queue: do not allow packet truncation below transport header offset" }, "CVE-2021-45485": { "cmt_msg": "ipv6: use prandom_u32() for ID generation" @@ -62084,8 +62330,8 @@ "CVE-2021-45868": { "cmt_msg": "quota: check block number when reading the block in quota file" }, - "CVE-2022-23036": { - "cmt_msg": "xen/grant-table: add gnttab_try_end_foreign_access()" + "CVE-2022-20158": { + "cmt_msg": "" }, "CVE-2022-23037": { "cmt_msg": "xen/netfront: don't use gnttab_query_foreign_access() for mapped status" @@ -62294,6 +62540,12 @@ "CVE-2020-25671": { "cmt_msg": "nfc: fix refcount leak in llcp_sock_connect()" }, + "CVE-2022-20369": { + "cmt_msg": "media: v4l2-mem2mem: Apply DST_QUEUE_OFF_BASE on MMAP buffers across ioctls" + }, + "CVE-2022-20368": { + "cmt_msg": "net/packet: fix slab-out-of-bounds access in packet_recvmsg()" + }, "CVE-2020-25285": { "cmt_msg": "mm/hugetlb: fix a race between hugetlb sysctl handlers" }, @@ -62714,6 +62966,9 @@ "CVE-2021-3760": { "cmt_msg": "nfc: nci: fix the UAF of rf_conn_info object" }, + "CVE-2022-36123": { + "cmt_msg": "x86: Clear .brk area at early boot" + }, "CVE-2020-10732": { "cmt_msg": "fs/binfmt_elf.c: allocate initialized memory in fill_thread_core_info()" }, @@ -62801,6 +63056,9 @@ "CVE-2021-27363": { "cmt_msg": "scsi: iscsi: Restrict sessions and handles to admin capabilities" }, + "CVE-2022-23036": { + "cmt_msg": "xen/grant-table: add gnttab_try_end_foreign_access()" + }, "CVE-2018-17977": { "cmt_msg": "" }, @@ -63123,7 +63381,7 @@ "cmt_msg": "xen/arm: Fix race in RB-tree based P2M accounting" }, "CVE-2022-2327": { - "cmt_msg": "" + "cmt_msg": "io_uring: remove any grabbing of context" }, "CVE-2022-1280": { "cmt_msg": "drm: avoid circular locks in drm_mode_getconnector" @@ -63135,7 +63393,7 @@ "cmt_msg": "vgacon: Fix for missing check in scrollback handling" }, "CVE-2022-36946": { - "cmt_msg": "" + "cmt_msg": "netfilter: nf_queue: do not allow packet truncation below transport header offset" }, "CVE-2021-20194": { "cmt_msg": "io_uring: don't rely on weak ->files references" @@ -63772,8 +64030,8 @@ "CVE-2016-8645": { "cmt_msg": "tcp: take care of truncations done by sk_filter()" }, - "CVE-2022-23036": { - "cmt_msg": "xen/grant-table: add gnttab_try_end_foreign_access()" + "CVE-2022-20158": { + "cmt_msg": "" }, "CVE-2022-23037": { "cmt_msg": "xen/netfront: don't use gnttab_query_foreign_access() for mapped status" @@ -64255,6 +64513,9 @@ "CVE-2019-14615": { "cmt_msg": "drm/i915/gen9: Clear residual context state on context switch" }, + "CVE-2022-20369": { + "cmt_msg": "media: v4l2-mem2mem: Apply DST_QUEUE_OFF_BASE on MMAP buffers across ioctls" + }, "CVE-2022-32981": { "cmt_msg": "powerpc/32: Fix overread/overwrite of thread_struct via ptrace" }, @@ -64726,6 +64987,9 @@ "CVE-2022-0617": { "cmt_msg": "udf: Fix NULL ptr deref when converting from inline format" }, + "CVE-2022-23036": { + "cmt_msg": "xen/grant-table: add gnttab_try_end_foreign_access()" + }, "CVE-2022-2153": { "cmt_msg": "KVM: x86: Avoid theoretical NULL pointer dereference in kvm_irq_delivery_to_apic_fast()" }, @@ -64849,6 +65113,9 @@ "CVE-2019-11191": { "cmt_msg": "x86: Deprecate a.out support" }, + "CVE-2022-20368": { + "cmt_msg": "net/packet: fix slab-out-of-bounds access in packet_recvmsg()" + }, "CVE-2016-1575": { "cmt_msg": "ovl: setattr: check permissions before copy-up" }, @@ -65081,7 +65348,7 @@ "cmt_msg": "tunnels: Don't apply GRO to multiple layers of encapsulation." }, "CVE-2022-36946": { - "cmt_msg": "" + "cmt_msg": "netfilter: nf_queue: do not allow packet truncation below transport header offset" }, "CVE-2021-39714": { "cmt_msg": "staging: android: ion: Drop ion_map_kernel interface" @@ -65263,6 +65530,9 @@ "CVE-2022-1786": { "cmt_msg": "io_uring: remove io_identity" }, + "CVE-2022-36123": { + "cmt_msg": "x86: Clear .brk area at early boot" + }, "CVE-2020-11608": { "cmt_msg": "media: ov519: add missing endpoint sanity checks" }, @@ -66194,7 +66464,7 @@ "cmt_msg": "f2fs: fix a bug caused by NULL extent tree" }, "CVE-2022-2327": { - "cmt_msg": "" + "cmt_msg": "io_uring: remove any grabbing of context" }, "CVE-2019-9454": { "cmt_msg": "i2c: core-smbus: prevent stack corruption on read I2C_BLOCK_DATA" @@ -66772,8 +67042,8 @@ "CVE-2021-45868": { "cmt_msg": "quota: check block number when reading the block in quota file" }, - "CVE-2022-23036": { - "cmt_msg": "xen/grant-table: add gnttab_try_end_foreign_access()" + "CVE-2022-20158": { + "cmt_msg": "" }, "CVE-2022-23037": { "cmt_msg": "xen/netfront: don't use gnttab_query_foreign_access() for mapped status" @@ -66958,6 +67228,9 @@ "CVE-2020-25671": { "cmt_msg": "nfc: fix refcount leak in llcp_sock_connect()" }, + "CVE-2022-20369": { + "cmt_msg": "media: v4l2-mem2mem: Apply DST_QUEUE_OFF_BASE on MMAP buffers across ioctls" + }, "CVE-2022-0998": { "cmt_msg": "vdpa: clean up get_config_size ret value handling" }, @@ -67333,6 +67606,9 @@ "CVE-2021-3760": { "cmt_msg": "nfc: nci: fix the UAF of rf_conn_info object" }, + "CVE-2022-36123": { + "cmt_msg": "x86: Clear .brk area at early boot" + }, "CVE-2020-28097": { "cmt_msg": "vgacon: remove software scrollback support" }, @@ -67414,6 +67690,9 @@ "CVE-2021-27363": { "cmt_msg": "scsi: iscsi: Restrict sessions and handles to admin capabilities" }, + "CVE-2022-23036": { + "cmt_msg": "xen/grant-table: add gnttab_try_end_foreign_access()" + }, "CVE-2018-17977": { "cmt_msg": "" }, @@ -67480,6 +67759,9 @@ "CVE-2022-25265": { "cmt_msg": "" }, + "CVE-2022-20368": { + "cmt_msg": "net/packet: fix slab-out-of-bounds access in packet_recvmsg()" + }, "CVE-2022-21499": { "cmt_msg": "lockdown: also lock down previous kgdb use" }, @@ -67721,7 +68003,7 @@ "cmt_msg": "xen/arm: Fix race in RB-tree based P2M accounting" }, "CVE-2022-2327": { - "cmt_msg": "" + "cmt_msg": "io_uring: remove any grabbing of context" }, "CVE-2021-45486": { "cmt_msg": "inet: use bigger hash table for IP ID generation" @@ -67730,7 +68012,7 @@ "cmt_msg": "vfio-pci: Invalidate mmaps and block MMIO access on disabled memory" }, "CVE-2022-36946": { - "cmt_msg": "" + "cmt_msg": "netfilter: nf_queue: do not allow packet truncation below transport header offset" }, "CVE-2021-20194": { "cmt_msg": "io_uring: don't rely on weak ->files references" @@ -68182,8 +68464,8 @@ "CVE-2021-45868": { "cmt_msg": "quota: check block number when reading the block in quota file" }, - "CVE-2022-23036": { - "cmt_msg": "xen/grant-table: add gnttab_try_end_foreign_access()" + "CVE-2022-20158": { + "cmt_msg": "" }, "CVE-2022-23037": { "cmt_msg": "xen/netfront: don't use gnttab_query_foreign_access() for mapped status" @@ -68359,6 +68641,9 @@ "CVE-2020-25671": { "cmt_msg": "nfc: fix refcount leak in llcp_sock_connect()" }, + "CVE-2022-20369": { + "cmt_msg": "media: v4l2-mem2mem: Apply DST_QUEUE_OFF_BASE on MMAP buffers across ioctls" + }, "CVE-2022-0998": { "cmt_msg": "vdpa: clean up get_config_size ret value handling" }, @@ -68692,6 +68977,9 @@ "CVE-2021-3760": { "cmt_msg": "nfc: nci: fix the UAF of rf_conn_info object" }, + "CVE-2022-36123": { + "cmt_msg": "x86: Clear .brk area at early boot" + }, "CVE-2022-1508": { "cmt_msg": "io_uring: reexpand under-reexpanded iters" }, @@ -68764,6 +69052,9 @@ "CVE-2021-27363": { "cmt_msg": "scsi: iscsi: Restrict sessions and handles to admin capabilities" }, + "CVE-2022-23036": { + "cmt_msg": "xen/grant-table: add gnttab_try_end_foreign_access()" + }, "CVE-2018-17977": { "cmt_msg": "" }, @@ -68833,6 +69124,9 @@ "CVE-2022-25265": { "cmt_msg": "" }, + "CVE-2022-20368": { + "cmt_msg": "net/packet: fix slab-out-of-bounds access in packet_recvmsg()" + }, "CVE-2022-21499": { "cmt_msg": "lockdown: also lock down previous kgdb use" }, @@ -69065,13 +69359,13 @@ "cmt_msg": "xen/arm: Fix race in RB-tree based P2M accounting" }, "CVE-2022-2327": { - "cmt_msg": "" + "cmt_msg": "io_uring: remove any grabbing of context" }, "CVE-2021-45486": { "cmt_msg": "inet: use bigger hash table for IP ID generation" }, "CVE-2022-36946": { - "cmt_msg": "" + "cmt_msg": "netfilter: nf_queue: do not allow packet truncation below transport header offset" }, "CVE-2022-23222": { "cmt_msg": "bpf: Replace PTR_TO_XXX_OR_NULL with PTR_TO_XXX | PTR_MAYBE_NULL" @@ -69465,8 +69759,8 @@ "CVE-2021-45868": { "cmt_msg": "quota: check block number when reading the block in quota file" }, - "CVE-2022-23036": { - "cmt_msg": "xen/grant-table: add gnttab_try_end_foreign_access()" + "CVE-2022-20158": { + "cmt_msg": "" }, "CVE-2022-23037": { "cmt_msg": "xen/netfront: don't use gnttab_query_foreign_access() for mapped status" @@ -69507,8 +69801,8 @@ "CVE-2020-14304": { "cmt_msg": "" }, - "CVE-2022-29581": { - "cmt_msg": "net/sched: cls_u32: fix netns refcount changes in u32_change()" + "CVE-2022-2318": { + "cmt_msg": "net: rose: fix UAF bugs caused by timer handler" }, "CVE-2022-33981": { "cmt_msg": "floppy: disable FDRAWCMD by default" @@ -69552,6 +69846,9 @@ "CVE-2021-3573": { "cmt_msg": "Bluetooth: use correct lock to prevent UAF of hdev object" }, + "CVE-2022-29581": { + "cmt_msg": "net/sched: cls_u32: fix netns refcount changes in u32_change()" + }, "CVE-2022-1204": { "cmt_msg": "ax25: Fix refcount leaks caused by ax25_cb_del()" }, @@ -69636,6 +69933,9 @@ "CVE-2020-25671": { "cmt_msg": "nfc: fix refcount leak in llcp_sock_connect()" }, + "CVE-2022-20369": { + "cmt_msg": "media: v4l2-mem2mem: Apply DST_QUEUE_OFF_BASE on MMAP buffers across ioctls" + }, "CVE-2022-0998": { "cmt_msg": "vdpa: clean up get_config_size ret value handling" }, @@ -69954,6 +70254,9 @@ "CVE-2021-3760": { "cmt_msg": "nfc: nci: fix the UAF of rf_conn_info object" }, + "CVE-2022-36123": { + "cmt_msg": "x86: Clear .brk area at early boot" + }, "CVE-2022-1508": { "cmt_msg": "io_uring: reexpand under-reexpanded iters" }, @@ -70008,9 +70311,6 @@ "CVE-2022-1184": { "cmt_msg": "ext4: verify dir block before splitting it" }, - "CVE-2022-2318": { - "cmt_msg": "net: rose: fix UAF bugs caused by timer handler" - }, "CVE-2019-15902": { "cmt_msg": "unknown" }, @@ -70026,6 +70326,9 @@ "CVE-2021-27363": { "cmt_msg": "scsi: iscsi: Restrict sessions and handles to admin capabilities" }, + "CVE-2022-23036": { + "cmt_msg": "xen/grant-table: add gnttab_try_end_foreign_access()" + }, "CVE-2018-17977": { "cmt_msg": "" }, @@ -70089,6 +70392,9 @@ "CVE-2022-25265": { "cmt_msg": "" }, + "CVE-2022-20368": { + "cmt_msg": "net/packet: fix slab-out-of-bounds access in packet_recvmsg()" + }, "CVE-2022-21499": { "cmt_msg": "lockdown: also lock down previous kgdb use" }, @@ -70303,13 +70609,13 @@ "cmt_msg": "xen/arm: Fix race in RB-tree based P2M accounting" }, "CVE-2022-2327": { - "cmt_msg": "" + "cmt_msg": "io_uring: remove any grabbing of context" }, "CVE-2021-45486": { "cmt_msg": "inet: use bigger hash table for IP ID generation" }, "CVE-2022-36946": { - "cmt_msg": "" + "cmt_msg": "netfilter: nf_queue: do not allow packet truncation below transport header offset" }, "CVE-2022-23222": { "cmt_msg": "bpf: Replace PTR_TO_XXX_OR_NULL with PTR_TO_XXX | PTR_MAYBE_NULL" @@ -73890,6 +74196,12 @@ "cmt_id": "43bfa08ba62a1ca7a22365c7092e491e04327efb" } }, + "4.9.308": { + "CVE-2022-20368": { + "cmt_msg": "net/packet: fix slab-out-of-bounds access in packet_recvmsg()", + "cmt_id": "b9d5772d60f8e7ef34e290f72fc20e3a4883e7d0" + } + }, "4.9.309": { "CVE-2022-26490": { "cmt_msg": "nfc: st21nfca: Fix potential buffer overflows in EVT_TRANSACTION", @@ -74046,6 +74358,18 @@ "cmt_id": "856d1b8e6e826b5087f1ea3fdbabda3557d73599" } }, + "4.9.324": { + "CVE-2022-36123": { + "cmt_msg": "x86: Clear .brk area at early boot", + "cmt_id": "b3d7c509bcbd4384d4964dcdf028b3c3e0adb7f7" + } + }, + "4.9.325": { + "CVE-2022-36879": { + "cmt_msg": "xfrm: xfrm_policy: fix a possible double xfrm_pols_put() in xfrm_bundle_lookup()", + "cmt_id": "5aff12fa09504c6ea88fc17749a39cda2c4d6ef7" + } + }, "outstanding": { "CVE-2021-0929": { "cmt_msg": "staging/android/ion: delete dma_buf->kmap/unmap implemenation" @@ -74089,9 +74413,6 @@ "CVE-2017-5753": { "cmt_msg": "x86/cpufeatures: Add X86_BUG_SPECTRE_V[12]" }, - "CVE-2022-36879": { - "cmt_msg": "xfrm: xfrm_policy: fix a possible double xfrm_pols_put() in xfrm_bundle_lookup()" - }, "CVE-2022-1247": { "cmt_msg": "" }, @@ -74317,6 +74638,9 @@ "CVE-2020-36516": { "cmt_msg": "" }, + "CVE-2022-20158": { + "cmt_msg": "" + }, "CVE-2012-4542": { "cmt_msg": "" }, @@ -74432,7 +74756,7 @@ "cmt_msg": "binder: refactor binder ref inc/dec for thread safety" }, "CVE-2022-2327": { - "cmt_msg": "" + "cmt_msg": "io_uring: remove any grabbing of context" }, "CVE-2022-0480": { "cmt_msg": "memcg: enable accounting for file lock caches" @@ -74450,7 +74774,7 @@ "cmt_msg": "binder: fix race that allows malicious free of live buffer" }, "CVE-2022-36946": { - "cmt_msg": "" + "cmt_msg": "netfilter: nf_queue: do not allow packet truncation below transport header offset" }, "CVE-2021-4218": { "cmt_msg": "sysctl: pass kernel pointers to ->proc_handler" @@ -74587,6 +74911,9 @@ "CVE-2020-8832": { "cmt_msg": "drm/i915: Record the default hw state after reset upon load" }, + "CVE-2022-20369": { + "cmt_msg": "media: v4l2-mem2mem: Apply DST_QUEUE_OFF_BASE on MMAP buffers across ioctls" + }, "CVE-2022-1280": { "cmt_msg": "drm: avoid circular locks in drm_mode_getconnector" }, @@ -75092,8 +75419,8 @@ "CVE-2019-11815": { "cmt_msg": "net: rds: force to destroy connection if t_sock is NULL in rds_tcp_kill_sock()." }, - "CVE-2022-23036": { - "cmt_msg": "xen/grant-table: add gnttab_try_end_foreign_access()" + "CVE-2022-20158": { + "cmt_msg": "" }, "CVE-2022-23037": { "cmt_msg": "xen/netfront: don't use gnttab_query_foreign_access() for mapped status" @@ -75563,6 +75890,9 @@ "CVE-2017-5753": { "cmt_msg": "x86/cpufeatures: Add X86_BUG_SPECTRE_V[12]" }, + "CVE-2022-20369": { + "cmt_msg": "media: v4l2-mem2mem: Apply DST_QUEUE_OFF_BASE on MMAP buffers across ioctls" + }, "CVE-2022-32981": { "cmt_msg": "powerpc/32: Fix overread/overwrite of thread_struct via ptrace" }, @@ -75989,6 +76319,9 @@ "CVE-2022-0617": { "cmt_msg": "udf: Fix NULL ptr deref when converting from inline format" }, + "CVE-2022-23036": { + "cmt_msg": "xen/grant-table: add gnttab_try_end_foreign_access()" + }, "CVE-2022-2153": { "cmt_msg": "KVM: x86: Avoid theoretical NULL pointer dereference in kvm_irq_delivery_to_apic_fast()" }, @@ -76472,6 +76805,9 @@ "CVE-2021-3760": { "cmt_msg": "nfc: nci: fix the UAF of rf_conn_info object" }, + "CVE-2022-36123": { + "cmt_msg": "x86: Clear .brk area at early boot" + }, "CVE-2020-11608": { "cmt_msg": "media: ov519: add missing endpoint sanity checks" }, @@ -76808,6 +77144,9 @@ "CVE-2022-25265": { "cmt_msg": "" }, + "CVE-2022-20368": { + "cmt_msg": "net/packet: fix slab-out-of-bounds access in packet_recvmsg()" + }, "CVE-2017-12153": { "cmt_msg": "nl80211: check for the required netlink attributes presence" }, @@ -77355,7 +77694,7 @@ "cmt_msg": "f2fs: fix a bug caused by NULL extent tree" }, "CVE-2022-2327": { - "cmt_msg": "" + "cmt_msg": "io_uring: remove any grabbing of context" }, "CVE-2019-9454": { "cmt_msg": "i2c: core-smbus: prevent stack corruption on read I2C_BLOCK_DATA" @@ -77379,7 +77718,7 @@ "cmt_msg": "" }, "CVE-2022-36946": { - "cmt_msg": "" + "cmt_msg": "netfilter: nf_queue: do not allow packet truncation below transport header offset" }, "CVE-2021-45485": { "cmt_msg": "ipv6: use prandom_u32() for ID generation" @@ -78077,8 +78416,8 @@ "CVE-2017-14991": { "cmt_msg": "scsi: sg: fixup infoleak when using SG_GET_REQUEST_TABLE" }, - "CVE-2022-23036": { - "cmt_msg": "xen/grant-table: add gnttab_try_end_foreign_access()" + "CVE-2022-20158": { + "cmt_msg": "" }, "CVE-2022-23037": { "cmt_msg": "xen/netfront: don't use gnttab_query_foreign_access() for mapped status" @@ -78935,6 +79274,9 @@ "CVE-2019-3016": { "cmt_msg": "x86/kvm: Be careful not to clear KVM_VCPU_FLUSH_TLB bit" }, + "CVE-2022-23036": { + "cmt_msg": "xen/grant-table: add gnttab_try_end_foreign_access()" + }, "CVE-2022-2153": { "cmt_msg": "KVM: x86: Avoid theoretical NULL pointer dereference in kvm_irq_delivery_to_apic_fast()" }, @@ -78986,6 +79328,9 @@ "CVE-2018-12207": { "cmt_msg": "kvm: x86, powerpc: do not allow clearing largepages debugfs entry" }, + "CVE-2022-20369": { + "cmt_msg": "media: v4l2-mem2mem: Apply DST_QUEUE_OFF_BASE on MMAP buffers across ioctls" + }, "CVE-2020-13143": { "cmt_msg": "USB: gadget: fix illegal array access in binding with UDC" }, @@ -79406,6 +79751,9 @@ "CVE-2021-3760": { "cmt_msg": "nfc: nci: fix the UAF of rf_conn_info object" }, + "CVE-2022-36123": { + "cmt_msg": "x86: Clear .brk area at early boot" + }, "CVE-2020-11608": { "cmt_msg": "media: ov519: add missing endpoint sanity checks" }, @@ -79703,6 +80051,9 @@ "CVE-2022-25265": { "cmt_msg": "" }, + "CVE-2022-20368": { + "cmt_msg": "net/packet: fix slab-out-of-bounds access in packet_recvmsg()" + }, "CVE-2017-12153": { "cmt_msg": "nl80211: check for the required netlink attributes presence" }, @@ -80211,7 +80562,7 @@ "cmt_msg": "f2fs: fix a bug caused by NULL extent tree" }, "CVE-2022-2327": { - "cmt_msg": "" + "cmt_msg": "io_uring: remove any grabbing of context" }, "CVE-2019-9454": { "cmt_msg": "i2c: core-smbus: prevent stack corruption on read I2C_BLOCK_DATA" @@ -80229,7 +80580,7 @@ "cmt_msg": "" }, "CVE-2022-36946": { - "cmt_msg": "" + "cmt_msg": "netfilter: nf_queue: do not allow packet truncation below transport header offset" }, "CVE-2022-1184": { "cmt_msg": "ext4: verify dir block before splitting it" @@ -80938,8 +81289,8 @@ "CVE-2021-45868": { "cmt_msg": "quota: check block number when reading the block in quota file" }, - "CVE-2022-23036": { - "cmt_msg": "xen/grant-table: add gnttab_try_end_foreign_access()" + "CVE-2022-20158": { + "cmt_msg": "" }, "CVE-2022-23037": { "cmt_msg": "xen/netfront: don't use gnttab_query_foreign_access() for mapped status" @@ -81880,6 +82231,9 @@ "CVE-2021-3760": { "cmt_msg": "nfc: nci: fix the UAF of rf_conn_info object" }, + "CVE-2022-36123": { + "cmt_msg": "x86: Clear .brk area at early boot" + }, "CVE-2020-11608": { "cmt_msg": "media: ov519: add missing endpoint sanity checks" }, @@ -82006,6 +82360,9 @@ "CVE-2021-27363": { "cmt_msg": "scsi: iscsi: Restrict sessions and handles to admin capabilities" }, + "CVE-2022-23036": { + "cmt_msg": "xen/grant-table: add gnttab_try_end_foreign_access()" + }, "CVE-2018-17977": { "cmt_msg": "" }, @@ -82096,9 +82453,15 @@ "CVE-2020-12770": { "cmt_msg": "scsi: sg: add sg_remove_request in sg_write" }, + "CVE-2022-20369": { + "cmt_msg": "media: v4l2-mem2mem: Apply DST_QUEUE_OFF_BASE on MMAP buffers across ioctls" + }, "CVE-2022-25265": { "cmt_msg": "" }, + "CVE-2022-20368": { + "cmt_msg": "net/packet: fix slab-out-of-bounds access in packet_recvmsg()" + }, "CVE-2019-15220": { "cmt_msg": "p54usb: Fix race between disconnect and firmware loading" }, @@ -82454,7 +82817,7 @@ "cmt_msg": "xen/arm: Fix race in RB-tree based P2M accounting" }, "CVE-2022-2327": { - "cmt_msg": "" + "cmt_msg": "io_uring: remove any grabbing of context" }, "CVE-2021-45486": { "cmt_msg": "inet: use bigger hash table for IP ID generation" @@ -82466,7 +82829,7 @@ "cmt_msg": "sched/fair: Don't free p->numa_faults with concurrent readers" }, "CVE-2022-36946": { - "cmt_msg": "" + "cmt_msg": "netfilter: nf_queue: do not allow packet truncation below transport header offset" }, "CVE-2021-45485": { "cmt_msg": "ipv6: use prandom_u32() for ID generation" @@ -83054,8 +83417,8 @@ "CVE-2021-45868": { "cmt_msg": "quota: check block number when reading the block in quota file" }, - "CVE-2022-23036": { - "cmt_msg": "xen/grant-table: add gnttab_try_end_foreign_access()" + "CVE-2022-20158": { + "cmt_msg": "" }, "CVE-2022-23037": { "cmt_msg": "xen/netfront: don't use gnttab_query_foreign_access() for mapped status" @@ -83372,6 +83735,9 @@ "CVE-2019-15222": { "cmt_msg": "ALSA: usb-audio: Fix gpf in snd_usb_pipe_sanity_check" }, + "CVE-2022-20368": { + "cmt_msg": "net/packet: fix slab-out-of-bounds access in packet_recvmsg()" + }, "CVE-2019-19813": { "cmt_msg": "btrfs: inode: Verify inode mode to avoid NULL pointer dereference" }, @@ -83942,6 +84308,9 @@ "CVE-2021-3760": { "cmt_msg": "nfc: nci: fix the UAF of rf_conn_info object" }, + "CVE-2022-36123": { + "cmt_msg": "x86: Clear .brk area at early boot" + }, "CVE-2020-11608": { "cmt_msg": "media: ov519: add missing endpoint sanity checks" }, @@ -84071,6 +84440,9 @@ "CVE-2021-27363": { "cmt_msg": "scsi: iscsi: Restrict sessions and handles to admin capabilities" }, + "CVE-2022-23036": { + "cmt_msg": "xen/grant-table: add gnttab_try_end_foreign_access()" + }, "CVE-2018-17977": { "cmt_msg": "" }, @@ -84164,6 +84536,9 @@ "CVE-2020-12770": { "cmt_msg": "scsi: sg: add sg_remove_request in sg_write" }, + "CVE-2022-20369": { + "cmt_msg": "media: v4l2-mem2mem: Apply DST_QUEUE_OFF_BASE on MMAP buffers across ioctls" + }, "CVE-2022-25265": { "cmt_msg": "" }, @@ -84519,7 +84894,7 @@ "cmt_msg": "xen/arm: Fix race in RB-tree based P2M accounting" }, "CVE-2022-2327": { - "cmt_msg": "" + "cmt_msg": "io_uring: remove any grabbing of context" }, "CVE-2021-45486": { "cmt_msg": "inet: use bigger hash table for IP ID generation" @@ -84531,7 +84906,7 @@ "cmt_msg": "sched/fair: Don't free p->numa_faults with concurrent readers" }, "CVE-2022-36946": { - "cmt_msg": "" + "cmt_msg": "netfilter: nf_queue: do not allow packet truncation below transport header offset" }, "CVE-2021-45485": { "cmt_msg": "ipv6: use prandom_u32() for ID generation" @@ -85114,8 +85489,8 @@ "CVE-2021-45868": { "cmt_msg": "quota: check block number when reading the block in quota file" }, - "CVE-2022-23036": { - "cmt_msg": "xen/grant-table: add gnttab_try_end_foreign_access()" + "CVE-2022-20158": { + "cmt_msg": "" }, "CVE-2022-23037": { "cmt_msg": "xen/netfront: don't use gnttab_query_foreign_access() for mapped status" @@ -85387,6 +85762,12 @@ "CVE-2020-25671": { "cmt_msg": "nfc: fix refcount leak in llcp_sock_connect()" }, + "CVE-2022-20369": { + "cmt_msg": "media: v4l2-mem2mem: Apply DST_QUEUE_OFF_BASE on MMAP buffers across ioctls" + }, + "CVE-2022-20368": { + "cmt_msg": "net/packet: fix slab-out-of-bounds access in packet_recvmsg()" + }, "CVE-2020-25285": { "cmt_msg": "mm/hugetlb: fix a race between hugetlb sysctl handlers" }, @@ -85924,6 +86305,9 @@ "CVE-2021-3760": { "cmt_msg": "nfc: nci: fix the UAF of rf_conn_info object" }, + "CVE-2022-36123": { + "cmt_msg": "x86: Clear .brk area at early boot" + }, "CVE-2020-11608": { "cmt_msg": "media: ov519: add missing endpoint sanity checks" }, @@ -86062,6 +86446,9 @@ "CVE-2021-27363": { "cmt_msg": "scsi: iscsi: Restrict sessions and handles to admin capabilities" }, + "CVE-2022-23036": { + "cmt_msg": "xen/grant-table: add gnttab_try_end_foreign_access()" + }, "CVE-2018-17977": { "cmt_msg": "" }, @@ -86483,7 +86870,7 @@ "cmt_msg": "xen/arm: Fix race in RB-tree based P2M accounting" }, "CVE-2022-2327": { - "cmt_msg": "" + "cmt_msg": "io_uring: remove any grabbing of context" }, "CVE-2021-45486": { "cmt_msg": "inet: use bigger hash table for IP ID generation" @@ -86495,7 +86882,7 @@ "cmt_msg": "" }, "CVE-2022-36946": { - "cmt_msg": "" + "cmt_msg": "netfilter: nf_queue: do not allow packet truncation below transport header offset" }, "CVE-2021-45485": { "cmt_msg": "ipv6: use prandom_u32() for ID generation" @@ -86975,6 +87362,12 @@ "CVE-2022-23816": { "cmt_msg": "" }, + "CVE-2022-20369": { + "cmt_msg": "media: v4l2-mem2mem: Apply DST_QUEUE_OFF_BASE on MMAP buffers across ioctls" + }, + "CVE-2022-20368": { + "cmt_msg": "net/packet: fix slab-out-of-bounds access in packet_recvmsg()" + }, "CVE-2021-3864": { "cmt_msg": "" }, @@ -87194,8 +87587,8 @@ "CVE-2020-36516": { "cmt_msg": "" }, - "CVE-2022-23036": { - "cmt_msg": "xen/grant-table: add gnttab_try_end_foreign_access()" + "CVE-2022-20158": { + "cmt_msg": "" }, "CVE-2022-23037": { "cmt_msg": "xen/netfront: don't use gnttab_query_foreign_access() for mapped status" @@ -87224,6 +87617,9 @@ "CVE-2022-20148": { "cmt_msg": "f2fs: fix UAF in f2fs_available_free_memory" }, + "CVE-2022-36123": { + "cmt_msg": "x86: Clear .brk area at early boot" + }, "CVE-2022-1974": { "cmt_msg": "nfc: replace improper check device_is_registered() in netlink related functions" }, @@ -87371,9 +87767,6 @@ "CVE-2022-1055": { "cmt_msg": "net: sched: fix use-after-free in tc_new_tfilter()" }, - "CVE-2022-2327": { - "cmt_msg": "" - }, "CVE-2022-0480": { "cmt_msg": "memcg: enable accounting for file lock caches" }, @@ -87402,7 +87795,7 @@ "cmt_msg": "io_uring: fix xa_alloc_cycle() error return value check" }, "CVE-2022-36946": { - "cmt_msg": "" + "cmt_msg": "netfilter: nf_queue: do not allow packet truncation below transport header offset" }, "CVE-2022-1204": { "cmt_msg": "ax25: Fix refcount leaks caused by ax25_cb_del()" @@ -87437,6 +87830,9 @@ "CVE-2021-45868": { "cmt_msg": "quota: check block number when reading the block in quota file" }, + "CVE-2022-23036": { + "cmt_msg": "xen/grant-table: add gnttab_try_end_foreign_access()" + }, "CVE-2018-17977": { "cmt_msg": "" }, @@ -87919,6 +88315,12 @@ "CVE-2022-23816": { "cmt_msg": "" }, + "CVE-2022-20369": { + "cmt_msg": "media: v4l2-mem2mem: Apply DST_QUEUE_OFF_BASE on MMAP buffers across ioctls" + }, + "CVE-2022-20368": { + "cmt_msg": "net/packet: fix slab-out-of-bounds access in packet_recvmsg()" + }, "CVE-2021-3864": { "cmt_msg": "" }, @@ -88129,8 +88531,8 @@ "CVE-2020-36516": { "cmt_msg": "" }, - "CVE-2022-23036": { - "cmt_msg": "xen/grant-table: add gnttab_try_end_foreign_access()" + "CVE-2022-20158": { + "cmt_msg": "" }, "CVE-2022-23037": { "cmt_msg": "xen/netfront: don't use gnttab_query_foreign_access() for mapped status" @@ -88159,6 +88561,9 @@ "CVE-2022-20148": { "cmt_msg": "f2fs: fix UAF in f2fs_available_free_memory" }, + "CVE-2022-36123": { + "cmt_msg": "x86: Clear .brk area at early boot" + }, "CVE-2022-1974": { "cmt_msg": "nfc: replace improper check device_is_registered() in netlink related functions" }, @@ -88306,9 +88711,6 @@ "CVE-2022-1055": { "cmt_msg": "net: sched: fix use-after-free in tc_new_tfilter()" }, - "CVE-2022-2327": { - "cmt_msg": "" - }, "CVE-2022-0480": { "cmt_msg": "memcg: enable accounting for file lock caches" }, @@ -88331,7 +88733,7 @@ "cmt_msg": "ax25: Fix NULL pointer dereference in ax25_kill_by_device" }, "CVE-2022-36946": { - "cmt_msg": "" + "cmt_msg": "netfilter: nf_queue: do not allow packet truncation below transport header offset" }, "CVE-2022-1204": { "cmt_msg": "ax25: Fix refcount leaks caused by ax25_cb_del()" @@ -88363,6 +88765,9 @@ "CVE-2021-45868": { "cmt_msg": "quota: check block number when reading the block in quota file" }, + "CVE-2022-23036": { + "cmt_msg": "xen/grant-table: add gnttab_try_end_foreign_access()" + }, "CVE-2018-17977": { "cmt_msg": "" }, @@ -89555,6 +89960,10 @@ } }, "5.10.108": { + "CVE-2022-20368": { + "cmt_msg": "net/packet: fix slab-out-of-bounds access in packet_recvmsg()", + "cmt_id": "70b7b3c055fd4a464da8da55ff4c1f84269f9b02" + }, "CVE-2022-27666": { "cmt_msg": "esp: Fix possible buffer overflow in ESP transformation", "cmt_id": "9248694dac20eda06e22d8503364dc9d03df4e2f" @@ -89583,14 +89992,18 @@ "cmt_msg": "can: ems_usb: ems_usb_start_xmit(): fix double dev_kfree_skb() in error path", "cmt_id": "b417f9c50586588754b2b0453a1f99520cf7c0e8" }, - "CVE-2022-2380": { - "cmt_msg": "video: fbdev: sm712fb: Fix crash in smtcfb_read()", - "cmt_id": "72af8810922eb143ed4f116db246789ead2d8543" + "CVE-2022-20369": { + "cmt_msg": "media: v4l2-mem2mem: Apply DST_QUEUE_OFF_BASE on MMAP buffers across ioctls", + "cmt_id": "8a83731a09a5954b85b1ce49c01ff5c2a3465cb7" }, "CVE-2022-0168": { "cmt_msg": "cifs: fix NULL ptr dereference in smb2_ioctl_query_info()", "cmt_id": "edefc4b2a8e8310eee8e2b1714709ad5b2a93928" }, + "CVE-2022-30594": { + "cmt_msg": "ptrace: Check PTRACE_O_SUSPEND_SECCOMP permission on PTRACE_SEIZE", + "cmt_id": "5a41a3033a9344d7683340e3d83f5435ffb06501" + }, "CVE-2022-1158": { "cmt_msg": "KVM: x86/mmu: do compare-and-exchange of gPTE via the user address", "cmt_id": "e90518d10c7dd59d5ebbe25b0f0083a7dbffa42f" @@ -89599,9 +90012,9 @@ "cmt_msg": "af_key: add __GFP_ZERO flag for compose_sadb_supported in function pfkey_register", "cmt_id": "8d3f4ad43054619379ccc697cfcbdb2c266800d8" }, - "CVE-2022-30594": { - "cmt_msg": "ptrace: Check PTRACE_O_SUSPEND_SECCOMP permission on PTRACE_SEIZE", - "cmt_id": "5a41a3033a9344d7683340e3d83f5435ffb06501" + "CVE-2022-28388": { + "cmt_msg": "can: usb_8dev: usb_8dev_start_xmit(): fix double dev_kfree_skb() in error path", + "cmt_id": "5318cdf4fd834856ce71238b064f35386f9ef528" }, "CVE-2022-1198": { "cmt_msg": "drivers: hamradio: 6pack: fix UAF bug caused by mod_timer()", @@ -89611,9 +90024,9 @@ "cmt_msg": "can: mcba_usb: mcba_usb_start_xmit(): fix double dev_kfree_skb in error path", "cmt_id": "0801a51d79389282c1271e623613b2e1886e071e" }, - "CVE-2022-28388": { - "cmt_msg": "can: usb_8dev: usb_8dev_start_xmit(): fix double dev_kfree_skb() in error path", - "cmt_id": "5318cdf4fd834856ce71238b064f35386f9ef528" + "CVE-2022-2380": { + "cmt_msg": "video: fbdev: sm712fb: Fix crash in smtcfb_read()", + "cmt_id": "72af8810922eb143ed4f116db246789ead2d8543" }, "CVE-2022-1516": { "cmt_msg": "net/x25: Fix null-ptr-deref caused by x25_disconnect", @@ -89800,6 +90213,12 @@ "cmt_id": "0a5e36dbcb448a7a8ba63d1d4b6ade2c9d3cc8bf" } }, + "5.10.132": { + "CVE-2022-36123": { + "cmt_msg": "x86: Clear .brk area at early boot", + "cmt_id": "136d7987fcfdeca73ee3c6a29e48f99fdd0f4d87" + } + }, "5.10.133": { "CVE-2022-29900": { "cmt_msg": "x86/kvm/vmx: Make noinstr clean", @@ -89810,6 +90229,22 @@ "cmt_id": "7070bbb66c5303117e4c7651711ea7daae4c64b5" } }, + "5.10.134": { + "CVE-2022-21505": { + "cmt_msg": "lockdown: Fix kexec lockdown bypass with ima policy", + "cmt_id": "ab5050fd7430dde3a9f073129036d3da3facc8ec" + }, + "CVE-2022-36879": { + "cmt_msg": "xfrm: xfrm_policy: fix a possible double xfrm_pols_put() in xfrm_bundle_lookup()", + "cmt_id": "47b696dd654450cdec3103a833e5bf29c4b83bfa" + } + }, + "5.10.135": { + "CVE-2022-36946": { + "cmt_msg": "netfilter: nf_queue: do not allow packet truncation below transport header offset", + "cmt_id": "440dccd80f627e0e11ceb0429e4cdab61857d17e" + } + }, "outstanding": { "CVE-2020-26556": { "cmt_msg": "" @@ -89832,9 +90267,6 @@ "CVE-2019-19378": { "cmt_msg": "" }, - "CVE-2022-36879": { - "cmt_msg": "xfrm: xfrm_policy: fix a possible double xfrm_pols_put() in xfrm_bundle_lookup()" - }, "CVE-2022-0998": { "cmt_msg": "vdpa: clean up get_config_size ret value handling" }, @@ -89904,9 +90336,6 @@ "CVE-2021-4037": { "cmt_msg": "xfs: fix up non-directory creation in SGID directories" }, - "CVE-2022-21505": { - "cmt_msg": "lockdown: Fix kexec lockdown bypass with ima policy" - }, "CVE-2010-4563": { "cmt_msg": "" }, @@ -89943,6 +90372,9 @@ "CVE-2020-36516": { "cmt_msg": "" }, + "CVE-2022-20158": { + "cmt_msg": "" + }, "CVE-2012-4542": { "cmt_msg": "" }, @@ -89998,7 +90430,7 @@ "cmt_msg": "bpf: Introduce MEM_RDONLY flag" }, "CVE-2022-2327": { - "cmt_msg": "" + "cmt_msg": "io_uring: remove any grabbing of context" }, "CVE-2022-0480": { "cmt_msg": "memcg: enable accounting for file lock caches" @@ -90006,9 +90438,6 @@ "CVE-2022-25265": { "cmt_msg": "" }, - "CVE-2022-36946": { - "cmt_msg": "" - }, "CVE-2022-23222": { "cmt_msg": "bpf: Replace PTR_TO_XXX_OR_NULL with PTR_TO_XXX | PTR_MAYBE_NULL" }, @@ -90525,6 +90954,9 @@ "CVE-2022-23816": { "cmt_msg": "" }, + "CVE-2022-20369": { + "cmt_msg": "media: v4l2-mem2mem: Apply DST_QUEUE_OFF_BASE on MMAP buffers across ioctls" + }, "CVE-2022-0998": { "cmt_msg": "vdpa: clean up get_config_size ret value handling" }, @@ -90546,6 +90978,9 @@ "CVE-2022-1652": { "cmt_msg": "floppy: use a statically allocated error counter" }, + "CVE-2022-33740": { + "cmt_msg": "xen/netfront: fix leaking data in shared pages" + }, "CVE-2022-1016": { "cmt_msg": "netfilter: nf_tables: initialize registers in nft_do_chain()" }, @@ -90564,6 +90999,9 @@ "CVE-2022-1966": { "cmt_msg": "netfilter: nf_tables: disallow non-stateful expression in sets earlier" }, + "CVE-2022-36123": { + "cmt_msg": "x86: Clear .brk area at early boot" + }, "CVE-2021-39686": { "cmt_msg": "binder: use euid from cred instead of using task" }, @@ -91018,7 +91456,7 @@ "cmt_msg": "sctp: use call_rcu to free endpoint" }, "CVE-2022-36946": { - "cmt_msg": "" + "cmt_msg": "netfilter: nf_queue: do not allow packet truncation below transport header offset" }, "CVE-2022-1204": { "cmt_msg": "ax25: Fix refcount leaks caused by ax25_cb_del()" @@ -91059,8 +91497,8 @@ "CVE-2021-45868": { "cmt_msg": "quota: check block number when reading the block in quota file" }, - "CVE-2022-23036": { - "cmt_msg": "xen/grant-table: add gnttab_try_end_foreign_access()" + "CVE-2022-20158": { + "cmt_msg": "" }, "CVE-2022-29581": { "cmt_msg": "net/sched: cls_u32: fix netns refcount changes in u32_change()" @@ -91068,8 +91506,8 @@ "CVE-2018-17977": { "cmt_msg": "" }, - "CVE-2022-29582": { - "cmt_msg": "io_uring: fix race between timeout flush and removal" + "CVE-2022-23036": { + "cmt_msg": "xen/grant-table: add gnttab_try_end_foreign_access()" }, "CVE-2022-1116": { "cmt_msg": "" @@ -91179,8 +91617,8 @@ "CVE-2021-45402": { "cmt_msg": "bpf: Fix signed bounds propagation after mov32" }, - "CVE-2022-33740": { - "cmt_msg": "xen/netfront: fix leaking data in shared pages" + "CVE-2022-29582": { + "cmt_msg": "io_uring: fix race between timeout flush and removal" }, "CVE-2019-16089": { "cmt_msg": "" @@ -91197,6 +91635,9 @@ "CVE-2022-1158": { "cmt_msg": "KVM: x86/mmu: do compare-and-exchange of gPTE via the user address" }, + "CVE-2022-20368": { + "cmt_msg": "net/packet: fix slab-out-of-bounds access in packet_recvmsg()" + }, "CVE-2022-26966": { "cmt_msg": "sr9700: sanity check for packet length" }, @@ -91270,7 +91711,7 @@ "cmt_msg": "nfc: fix NULL ptr dereference in llcp_sock_getname() after failed connect" }, "CVE-2022-2327": { - "cmt_msg": "" + "cmt_msg": "io_uring: remove any grabbing of context" } } }, @@ -91501,6 +91942,12 @@ "cmt_id": "58a9bdff32fde29137731e574b17c42592875fd0" } }, + "5.16.17": { + "CVE-2022-20368": { + "cmt_msg": "net/packet: fix slab-out-of-bounds access in packet_recvmsg()", + "cmt_id": "ef591b35176029fdefea38e8388ffa371e18f4b2" + } + }, "5.16.18": { "CVE-2022-1015": { "cmt_msg": "netfilter: nf_tables: validate registers coming from userspace.", @@ -91528,6 +91975,10 @@ "cmt_msg": "can: ems_usb: ems_usb_start_xmit(): fix double dev_kfree_skb() in error path", "cmt_id": "41f6be840f138c7d42312d7619a6b44c001d6b6e" }, + "CVE-2022-2380": { + "cmt_msg": "video: fbdev: sm712fb: Fix crash in smtcfb_read()", + "cmt_id": "34d986f6ee5f5ac48cd2b9e2d061196fd3c29d39" + }, "CVE-2022-0168": { "cmt_msg": "cifs: fix NULL ptr dereference in smb2_ioctl_query_info()", "cmt_id": "0f0ce73e7dad17084222da19989049ebfb8be541" @@ -91548,9 +91999,9 @@ "cmt_msg": "ptrace: Check PTRACE_O_SUSPEND_SECCOMP permission on PTRACE_SEIZE", "cmt_id": "c8248775c1b96b00b680e067f99f8feaaa7c7dbc" }, - "CVE-2022-2380": { - "cmt_msg": "video: fbdev: sm712fb: Fix crash in smtcfb_read()", - "cmt_id": "34d986f6ee5f5ac48cd2b9e2d061196fd3c29d39" + "CVE-2022-20369": { + "cmt_msg": "media: v4l2-mem2mem: Apply DST_QUEUE_OFF_BASE on MMAP buffers across ioctls", + "cmt_id": "2a5fd6b402049521f657966a42c4277f083a63c0" }, "CVE-2022-28389": { "cmt_msg": "can: mcba_usb: mcba_usb_start_xmit(): fix double dev_kfree_skb in error path", @@ -91606,8 +92057,8 @@ "CVE-2022-26365": { "cmt_msg": "xen/blkfront: fix leaking data in shared pages" }, - "CVE-2022-1652": { - "cmt_msg": "floppy: use a statically allocated error counter" + "CVE-2022-21125": { + "cmt_msg": "x86/speculation/mmio: Reuse SRBDS mitigation for SBDS" }, "CVE-2018-1121": { "cmt_msg": "" @@ -91654,8 +92105,8 @@ "CVE-2022-2209": { "cmt_msg": "" }, - "CVE-2022-21125": { - "cmt_msg": "x86/speculation/mmio: Reuse SRBDS mitigation for SBDS" + "CVE-2022-1652": { + "cmt_msg": "floppy: use a statically allocated error counter" }, "CVE-2022-1852": { "cmt_msg": "KVM: x86: avoid calling x86 emulator without a decoded instruction" @@ -91741,6 +92192,9 @@ "CVE-2020-36516": { "cmt_msg": "" }, + "CVE-2022-20158": { + "cmt_msg": "" + }, "CVE-2012-4542": { "cmt_msg": "" }, @@ -91822,9 +92276,6 @@ "CVE-2022-33744": { "cmt_msg": "xen/arm: Fix race in RB-tree based P2M accounting" }, - "CVE-2022-2327": { - "cmt_msg": "" - }, "CVE-2022-1184": { "cmt_msg": "ext4: verify dir block before splitting it" }, @@ -91832,7 +92283,10 @@ "cmt_msg": "" }, "CVE-2022-36946": { - "cmt_msg": "" + "cmt_msg": "netfilter: nf_queue: do not allow packet truncation below transport header offset" + }, + "CVE-2022-36123": { + "cmt_msg": "x86: Clear .brk area at early boot" }, "CVE-2019-15902": { "cmt_msg": "unknown" @@ -91943,6 +92397,10 @@ "CVE-2022-1353": { "cmt_msg": "af_key: add __GFP_ZERO flag for compose_sadb_supported in function pfkey_register", "cmt_id": "9a564bccb78a76740ea9d75a259942df8143d02c" + }, + "CVE-2022-20368": { + "cmt_msg": "net/packet: fix slab-out-of-bounds access in packet_recvmsg()", + "cmt_id": "c700525fcc06b05adfea78039de02628af79e07a" } }, "5.17.1": { @@ -91972,6 +92430,10 @@ "cmt_msg": "can: ems_usb: ems_usb_start_xmit(): fix double dev_kfree_skb() in error path", "cmt_id": "3f71f499395545119383f10760b8b19703d2a7dd" }, + "CVE-2022-2380": { + "cmt_msg": "video: fbdev: sm712fb: Fix crash in smtcfb_read()", + "cmt_id": "e46779a5706941fb9cd6e0264427953eb77d7888" + }, "CVE-2022-0168": { "cmt_msg": "cifs: fix NULL ptr dereference in smb2_ioctl_query_info()", "cmt_id": "49bef50e585d738e957060f669e872b4ad15eb87" @@ -91996,9 +92458,9 @@ "cmt_msg": "ptrace: Check PTRACE_O_SUSPEND_SECCOMP permission on PTRACE_SEIZE", "cmt_id": "4d51bbc8a3799febf50471eb6888b1b58e87111e" }, - "CVE-2022-2380": { - "cmt_msg": "video: fbdev: sm712fb: Fix crash in smtcfb_read()", - "cmt_id": "e46779a5706941fb9cd6e0264427953eb77d7888" + "CVE-2022-20369": { + "cmt_msg": "media: v4l2-mem2mem: Apply DST_QUEUE_OFF_BASE on MMAP buffers across ioctls", + "cmt_id": "3c6ec01525254e4489c6e60df2a8c48ee81f6f78" }, "CVE-2022-28389": { "cmt_msg": "can: mcba_usb: mcba_usb_start_xmit(): fix double dev_kfree_skb in error path", @@ -92269,6 +92731,9 @@ "CVE-2020-36516": { "cmt_msg": "" }, + "CVE-2022-20158": { + "cmt_msg": "" + }, "CVE-2012-4542": { "cmt_msg": "" }, @@ -92323,14 +92788,14 @@ "CVE-2022-33744": { "cmt_msg": "xen/arm: Fix race in RB-tree based P2M accounting" }, - "CVE-2022-2327": { - "cmt_msg": "" - }, "CVE-2011-4917": { "cmt_msg": "" }, "CVE-2022-36946": { - "cmt_msg": "" + "cmt_msg": "netfilter: nf_queue: do not allow packet truncation below transport header offset" + }, + "CVE-2022-36123": { + "cmt_msg": "x86: Clear .brk area at early boot" }, "CVE-2019-15902": { "cmt_msg": "unknown" @@ -92701,6 +93166,12 @@ "CVE-2022-1263": { "cmt_msg": "KVM: avoid NULL pointer dereference in kvm_dirty_ring_push" }, + "CVE-2022-20369": { + "cmt_msg": "media: v4l2-mem2mem: Apply DST_QUEUE_OFF_BASE on MMAP buffers across ioctls" + }, + "CVE-2022-20368": { + "cmt_msg": "net/packet: fix slab-out-of-bounds access in packet_recvmsg()" + }, "CVE-2021-3864": { "cmt_msg": "" }, @@ -92887,8 +93358,8 @@ "CVE-2020-36516": { "cmt_msg": "" }, - "CVE-2022-23036": { - "cmt_msg": "xen/grant-table: add gnttab_try_end_foreign_access()" + "CVE-2022-20158": { + "cmt_msg": "" }, "CVE-2022-23037": { "cmt_msg": "xen/netfront: don't use gnttab_query_foreign_access() for mapped status" @@ -92902,6 +93373,9 @@ "CVE-2022-1462": { "cmt_msg": "" }, + "CVE-2022-36123": { + "cmt_msg": "x86: Clear .brk area at early boot" + }, "CVE-2022-1974": { "cmt_msg": "nfc: replace improper check device_is_registered() in netlink related functions" }, @@ -93034,9 +93508,6 @@ "CVE-2022-1055": { "cmt_msg": "net: sched: fix use-after-free in tc_new_tfilter()" }, - "CVE-2022-2327": { - "cmt_msg": "" - }, "CVE-2022-0480": { "cmt_msg": "memcg: enable accounting for file lock caches" }, @@ -93056,7 +93527,7 @@ "cmt_msg": "ax25: Fix NULL pointer dereference in ax25_kill_by_device" }, "CVE-2022-36946": { - "cmt_msg": "" + "cmt_msg": "netfilter: nf_queue: do not allow packet truncation below transport header offset" }, "CVE-2022-1204": { "cmt_msg": "ax25: Fix refcount leaks caused by ax25_cb_del()" @@ -93085,6 +93556,9 @@ "CVE-2022-0617": { "cmt_msg": "udf: Fix NULL ptr deref when converting from inline format" }, + "CVE-2022-23036": { + "cmt_msg": "xen/grant-table: add gnttab_try_end_foreign_access()" + }, "CVE-2018-17977": { "cmt_msg": "" }, @@ -93614,6 +94088,12 @@ "cmt_id": "1b09f28f70a5046acd64138075ae3f095238b045" } }, + "5.15.31": { + "CVE-2022-20368": { + "cmt_msg": "net/packet: fix slab-out-of-bounds access in packet_recvmsg()", + "cmt_id": "a055f5f2841f7522b44a2b1eccb1951b4b03d51a" + } + }, "5.15.32": { "CVE-2022-1015": { "cmt_msg": "netfilter: nf_tables: validate registers coming from userspace.", @@ -93641,14 +94121,18 @@ "cmt_msg": "can: ems_usb: ems_usb_start_xmit(): fix double dev_kfree_skb() in error path", "cmt_id": "459b19f42fd5e031e743dfa119f44aba0b62ff97" }, - "CVE-2022-2380": { - "cmt_msg": "video: fbdev: sm712fb: Fix crash in smtcfb_read()", - "cmt_id": "46cdbff26c88fd75dccbf28df1d07cbe18007eac" + "CVE-2022-20369": { + "cmt_msg": "media: v4l2-mem2mem: Apply DST_QUEUE_OFF_BASE on MMAP buffers across ioctls", + "cmt_id": "48d00e24822e4384edcee3aae03d54c1b7982eba" }, "CVE-2022-0168": { "cmt_msg": "cifs: fix NULL ptr dereference in smb2_ioctl_query_info()", "cmt_id": "39a4bf7d1a23dd172526c2fb0db480c5d5c63bd6" }, + "CVE-2022-30594": { + "cmt_msg": "ptrace: Check PTRACE_O_SUSPEND_SECCOMP permission on PTRACE_SEIZE", + "cmt_id": "b6d75218ff65f4d63c9cf4986f6c55666fb90a1a" + }, "CVE-2022-1158": { "cmt_msg": "KVM: x86/mmu: do compare-and-exchange of gPTE via the user address", "cmt_id": "8771d9673e0bdb7148299f3c074667124bde6dff" @@ -93661,9 +94145,9 @@ "cmt_msg": "af_key: add __GFP_ZERO flag for compose_sadb_supported in function pfkey_register", "cmt_id": "d06ee4572fd916fbb34d16dc81eb37d1dff83446" }, - "CVE-2022-30594": { - "cmt_msg": "ptrace: Check PTRACE_O_SUSPEND_SECCOMP permission on PTRACE_SEIZE", - "cmt_id": "b6d75218ff65f4d63c9cf4986f6c55666fb90a1a" + "CVE-2022-28388": { + "cmt_msg": "can: usb_8dev: usb_8dev_start_xmit(): fix double dev_kfree_skb() in error path", + "cmt_id": "f2ce5238904f539648aaf56c5ee49e5eaf44d8fc" }, "CVE-2022-1198": { "cmt_msg": "drivers: hamradio: 6pack: fix UAF bug caused by mod_timer()", @@ -93673,9 +94157,9 @@ "cmt_msg": "can: mcba_usb: mcba_usb_start_xmit(): fix double dev_kfree_skb in error path", "cmt_id": "37f07ad24866c6c1423b37b131c9a42414bcf8a1" }, - "CVE-2022-28388": { - "cmt_msg": "can: usb_8dev: usb_8dev_start_xmit(): fix double dev_kfree_skb() in error path", - "cmt_id": "f2ce5238904f539648aaf56c5ee49e5eaf44d8fc" + "CVE-2022-2380": { + "cmt_msg": "video: fbdev: sm712fb: Fix crash in smtcfb_read()", + "cmt_id": "46cdbff26c88fd75dccbf28df1d07cbe18007eac" }, "CVE-2022-1516": { "cmt_msg": "net/x25: Fix null-ptr-deref caused by x25_disconnect", @@ -93884,6 +94368,12 @@ "cmt_id": "c1784d2075138992b00c17ab4ffc6d855171fe6d" } }, + "5.15.56": { + "CVE-2022-36123": { + "cmt_msg": "x86: Clear .brk area at early boot", + "cmt_id": "26bb7afc027ce6ac8ab6747babec674d55689ff0" + } + }, "5.15.57": { "CVE-2022-29900": { "cmt_msg": "x86/kvm/vmx: Make noinstr clean", @@ -93894,6 +94384,22 @@ "cmt_id": "ccb25d7db1a29bc251692be745b000e6f0754048" } }, + "5.15.58": { + "CVE-2022-21505": { + "cmt_msg": "lockdown: Fix kexec lockdown bypass with ima policy", + "cmt_id": "0e66932a9dc9ba47e60405b392e3782a332bc44e" + }, + "CVE-2022-36879": { + "cmt_msg": "xfrm: xfrm_policy: fix a possible double xfrm_pols_put() in xfrm_bundle_lookup()", + "cmt_id": "c8e32bca0676ac663266a3b16562cb017300adcd" + } + }, + "5.15.59": { + "CVE-2022-36946": { + "cmt_msg": "netfilter: nf_queue: do not allow packet truncation below transport header offset", + "cmt_id": "91c11008aab0282957b8b8ccb0707d90e74cc3b9" + } + }, "outstanding": { "CVE-2018-17977": { "cmt_msg": "" @@ -93955,9 +94461,6 @@ "CVE-2019-19378": { "cmt_msg": "" }, - "CVE-2022-21505": { - "cmt_msg": "lockdown: Fix kexec lockdown bypass with ima policy" - }, "CVE-2021-0695": { "cmt_msg": "" }, @@ -93967,9 +94470,6 @@ "CVE-2021-4204": { "cmt_msg": "bpf: Generalize check_ctx_reg for reuse with other types" }, - "CVE-2022-36879": { - "cmt_msg": "xfrm: xfrm_policy: fix a possible double xfrm_pols_put() in xfrm_bundle_lookup()" - }, "CVE-2020-14304": { "cmt_msg": "" }, @@ -94093,10 +94593,10 @@ "CVE-2011-4916": { "cmt_msg": "" }, - "CVE-2022-36946": { + "CVE-2020-36516": { "cmt_msg": "" }, - "CVE-2020-36516": { + "CVE-2022-20158": { "cmt_msg": "" }, "CVE-2017-13694": { @@ -94122,9 +94622,6 @@ }, "CVE-2022-1462": { "cmt_msg": "" - }, - "CVE-2022-2327": { - "cmt_msg": "" } } }, @@ -94537,8 +95034,8 @@ "CVE-2021-27363": { "cmt_msg": "scsi: iscsi: Restrict sessions and handles to admin capabilities" }, - "CVE-2022-23036": { - "cmt_msg": "xen/grant-table: add gnttab_try_end_foreign_access()" + "CVE-2022-20158": { + "cmt_msg": "" }, "CVE-2022-23037": { "cmt_msg": "xen/netfront: don't use gnttab_query_foreign_access() for mapped status" @@ -95206,6 +95703,9 @@ "CVE-2022-0617": { "cmt_msg": "udf: Fix NULL ptr deref when converting from inline format" }, + "CVE-2022-23036": { + "cmt_msg": "xen/grant-table: add gnttab_try_end_foreign_access()" + }, "CVE-2022-2153": { "cmt_msg": "KVM: x86: Avoid theoretical NULL pointer dereference in kvm_irq_delivery_to_apic_fast()" }, @@ -95545,6 +96045,9 @@ "CVE-2021-3760": { "cmt_msg": "nfc: nci: fix the UAF of rf_conn_info object" }, + "CVE-2022-36123": { + "cmt_msg": "x86: Clear .brk area at early boot" + }, "CVE-2020-11608": { "cmt_msg": "media: ov519: add missing endpoint sanity checks" }, @@ -95776,12 +96279,18 @@ "CVE-2020-12770": { "cmt_msg": "scsi: sg: add sg_remove_request in sg_write" }, + "CVE-2022-20369": { + "cmt_msg": "media: v4l2-mem2mem: Apply DST_QUEUE_OFF_BASE on MMAP buffers across ioctls" + }, "CVE-2021-3739": { "cmt_msg": "btrfs: fix NULL pointer dereference when deleting device by invalid id" }, "CVE-2022-25265": { "cmt_msg": "" }, + "CVE-2022-20368": { + "cmt_msg": "net/packet: fix slab-out-of-bounds access in packet_recvmsg()" + }, "CVE-2019-15220": { "cmt_msg": "p54usb: Fix race between disconnect and firmware loading" }, @@ -96158,7 +96667,7 @@ "cmt_msg": "xen/arm: Fix race in RB-tree based P2M accounting" }, "CVE-2022-2327": { - "cmt_msg": "" + "cmt_msg": "io_uring: remove any grabbing of context" }, "CVE-2021-45486": { "cmt_msg": "inet: use bigger hash table for IP ID generation" @@ -96170,7 +96679,7 @@ "cmt_msg": "sched/fair: Don't free p->numa_faults with concurrent readers" }, "CVE-2022-36946": { - "cmt_msg": "" + "cmt_msg": "netfilter: nf_queue: do not allow packet truncation below transport header offset" }, "CVE-2022-0812": { "cmt_msg": "xprtrdma: fix incorrect header size calculations" @@ -98038,6 +98547,12 @@ "cmt_id": "a9174077febfb1608ec3361622bf5f91e2668d7f" } }, + "5.4.187": { + "CVE-2022-20368": { + "cmt_msg": "net/packet: fix slab-out-of-bounds access in packet_recvmsg()", + "cmt_id": "268dcf1f7b3193bc446ec3d14e08a240e9561e4d" + } + }, "5.4.188": { "CVE-2022-26490": { "cmt_msg": "nfc: st21nfca: Fix potential buffer overflows in EVT_TRANSACTION", @@ -98238,6 +98753,28 @@ "cmt_id": "4f34f380f952289e818c76617bbb5c9a3a9a9dd0" } }, + "5.4.207": { + "CVE-2022-36123": { + "cmt_msg": "x86: Clear .brk area at early boot", + "cmt_id": "a3c7c1a726a4c6b63b85e8c183f207543fd75e1b" + } + }, + "5.4.208": { + "CVE-2022-21505": { + "cmt_msg": "lockdown: Fix kexec lockdown bypass with ima policy", + "cmt_id": "ed3fea55066b4e054c4d212e54f9965abcac9685" + }, + "CVE-2022-36879": { + "cmt_msg": "xfrm: xfrm_policy: fix a possible double xfrm_pols_put() in xfrm_bundle_lookup()", + "cmt_id": "f4248bdb7d5c1150a2a6f8c3d3b6da0b71f62a20" + } + }, + "5.4.209": { + "CVE-2022-36946": { + "cmt_msg": "netfilter: nf_queue: do not allow packet truncation below transport header offset", + "cmt_id": "52be29e8b6455788a4d0f501bd87aa679ca3ba3c" + } + }, "outstanding": { "CVE-2021-0929": { "cmt_msg": "staging/android/ion: delete dma_buf->kmap/unmap implemenation" @@ -98266,9 +98803,6 @@ "CVE-2019-19378": { "cmt_msg": "" }, - "CVE-2022-36879": { - "cmt_msg": "xfrm: xfrm_policy: fix a possible double xfrm_pols_put() in xfrm_bundle_lookup()" - }, "CVE-2019-15794": { "cmt_msg": "ovl: fix reference counting in ovl_mmap error path" }, @@ -98302,6 +98836,9 @@ "CVE-2022-1263": { "cmt_msg": "KVM: avoid NULL pointer dereference in kvm_dirty_ring_push" }, + "CVE-2022-20369": { + "cmt_msg": "media: v4l2-mem2mem: Apply DST_QUEUE_OFF_BASE on MMAP buffers across ioctls" + }, "CVE-2021-3864": { "cmt_msg": "" }, @@ -98353,9 +98890,6 @@ "CVE-2021-4037": { "cmt_msg": "xfs: fix up non-directory creation in SGID directories" }, - "CVE-2022-21505": { - "cmt_msg": "lockdown: Fix kexec lockdown bypass with ima policy" - }, "CVE-2022-29901": { "cmt_msg": "x86/kvm/vmx: Make noinstr clean" }, @@ -98398,6 +98932,9 @@ "CVE-2020-36516": { "cmt_msg": "" }, + "CVE-2022-20158": { + "cmt_msg": "" + }, "CVE-2021-4148": { "cmt_msg": "mm: khugepaged: skip huge page collapse for special files" }, @@ -98459,7 +98996,7 @@ "cmt_msg": "drm/i915/guc: Update to use firmware v49.0.1" }, "CVE-2022-2327": { - "cmt_msg": "" + "cmt_msg": "io_uring: remove any grabbing of context" }, "CVE-2022-0480": { "cmt_msg": "memcg: enable accounting for file lock caches" @@ -98467,9 +99004,6 @@ "CVE-2022-25265": { "cmt_msg": "" }, - "CVE-2022-36946": { - "cmt_msg": "" - }, "CVE-2021-4218": { "cmt_msg": "sysctl: pass kernel pointers to ->proc_handler" }, @@ -98703,6 +99237,12 @@ "cmt_id": "6b7488071ea8ed6265a39afebd5a5920f6975d02" } }, + "5.18.13": { + "CVE-2022-36123": { + "cmt_msg": "x86: Clear .brk area at early boot", + "cmt_id": "2334bdfc2da469c9807767002a2831274b82c39a" + } + }, "5.18.14": { "CVE-2022-29900": { "cmt_msg": "x86/kvm/vmx: Make noinstr clean", @@ -98713,6 +99253,22 @@ "cmt_id": "e492002673b03c636d2297fb869d68ae545c41c4" } }, + "5.18.15": { + "CVE-2022-21505": { + "cmt_msg": "lockdown: Fix kexec lockdown bypass with ima policy", + "cmt_id": "f67ff524f283183c52d2575b11beec00cc4d5092" + }, + "CVE-2022-36879": { + "cmt_msg": "xfrm: xfrm_policy: fix a possible double xfrm_pols_put() in xfrm_bundle_lookup()", + "cmt_id": "70f5e35cd5e38017653ed1ca0f7a4ab6d5c5a794" + } + }, + "5.18.16": { + "CVE-2022-36946": { + "cmt_msg": "netfilter: nf_queue: do not allow packet truncation below transport header offset", + "cmt_id": "883c20911d6261fc651820b63a77327b8c020264" + } + }, "outstanding": { "CVE-2018-17977": { "cmt_msg": "" @@ -98771,18 +99327,12 @@ "CVE-2019-19378": { "cmt_msg": "" }, - "CVE-2022-21505": { - "cmt_msg": "lockdown: Fix kexec lockdown bypass with ima policy" - }, "CVE-2021-0695": { "cmt_msg": "" }, "CVE-2008-4609": { "cmt_msg": "" }, - "CVE-2022-36879": { - "cmt_msg": "xfrm: xfrm_policy: fix a possible double xfrm_pols_put() in xfrm_bundle_lookup()" - }, "CVE-2020-14304": { "cmt_msg": "" }, @@ -98897,10 +99447,10 @@ "CVE-2011-4916": { "cmt_msg": "" }, - "CVE-2022-36946": { + "CVE-2020-36516": { "cmt_msg": "" }, - "CVE-2020-36516": { + "CVE-2022-20158": { "cmt_msg": "" }, "CVE-2017-13694": { @@ -98923,9 +99473,6 @@ }, "CVE-2022-1462": { "cmt_msg": "" - }, - "CVE-2022-2327": { - "cmt_msg": "" } } }, @@ -99464,8 +100011,8 @@ "CVE-2021-45868": { "cmt_msg": "quota: check block number when reading the block in quota file" }, - "CVE-2022-23036": { - "cmt_msg": "xen/grant-table: add gnttab_try_end_foreign_access()" + "CVE-2022-20158": { + "cmt_msg": "" }, "CVE-2022-23037": { "cmt_msg": "xen/netfront: don't use gnttab_query_foreign_access() for mapped status" @@ -99725,6 +100272,12 @@ "CVE-2020-25671": { "cmt_msg": "nfc: fix refcount leak in llcp_sock_connect()" }, + "CVE-2022-20369": { + "cmt_msg": "media: v4l2-mem2mem: Apply DST_QUEUE_OFF_BASE on MMAP buffers across ioctls" + }, + "CVE-2022-20368": { + "cmt_msg": "net/packet: fix slab-out-of-bounds access in packet_recvmsg()" + }, "CVE-2020-25285": { "cmt_msg": "mm/hugetlb: fix a race between hugetlb sysctl handlers" }, @@ -100217,6 +100770,9 @@ "CVE-2021-3760": { "cmt_msg": "nfc: nci: fix the UAF of rf_conn_info object" }, + "CVE-2022-36123": { + "cmt_msg": "x86: Clear .brk area at early boot" + }, "CVE-2020-11608": { "cmt_msg": "media: ov519: add missing endpoint sanity checks" }, @@ -100325,6 +100881,9 @@ "CVE-2021-27363": { "cmt_msg": "scsi: iscsi: Restrict sessions and handles to admin capabilities" }, + "CVE-2022-23036": { + "cmt_msg": "xen/grant-table: add gnttab_try_end_foreign_access()" + }, "CVE-2018-17977": { "cmt_msg": "" }, @@ -100704,7 +101263,7 @@ "cmt_msg": "xen/arm: Fix race in RB-tree based P2M accounting" }, "CVE-2022-2327": { - "cmt_msg": "" + "cmt_msg": "io_uring: remove any grabbing of context" }, "CVE-2021-45486": { "cmt_msg": "inet: use bigger hash table for IP ID generation" @@ -100716,7 +101275,7 @@ "cmt_msg": "" }, "CVE-2022-36946": { - "cmt_msg": "" + "cmt_msg": "netfilter: nf_queue: do not allow packet truncation below transport header offset" }, "CVE-2021-45485": { "cmt_msg": "ipv6: use prandom_u32() for ID generation" @@ -101142,8 +101701,8 @@ "CVE-2021-45868": { "cmt_msg": "quota: check block number when reading the block in quota file" }, - "CVE-2022-23036": { - "cmt_msg": "xen/grant-table: add gnttab_try_end_foreign_access()" + "CVE-2022-20158": { + "cmt_msg": "" }, "CVE-2022-23037": { "cmt_msg": "xen/netfront: don't use gnttab_query_foreign_access() for mapped status" @@ -101334,6 +101893,12 @@ "CVE-2020-25671": { "cmt_msg": "nfc: fix refcount leak in llcp_sock_connect()" }, + "CVE-2022-20369": { + "cmt_msg": "media: v4l2-mem2mem: Apply DST_QUEUE_OFF_BASE on MMAP buffers across ioctls" + }, + "CVE-2022-20368": { + "cmt_msg": "net/packet: fix slab-out-of-bounds access in packet_recvmsg()" + }, "CVE-2020-25285": { "cmt_msg": "mm/hugetlb: fix a race between hugetlb sysctl handlers" }, @@ -101727,6 +102292,9 @@ "CVE-2021-3760": { "cmt_msg": "nfc: nci: fix the UAF of rf_conn_info object" }, + "CVE-2022-36123": { + "cmt_msg": "x86: Clear .brk area at early boot" + }, "CVE-2020-28097": { "cmt_msg": "vgacon: remove software scrollback support" }, @@ -101811,6 +102379,9 @@ "CVE-2021-27363": { "cmt_msg": "scsi: iscsi: Restrict sessions and handles to admin capabilities" }, + "CVE-2022-23036": { + "cmt_msg": "xen/grant-table: add gnttab_try_end_foreign_access()" + }, "CVE-2018-17977": { "cmt_msg": "" }, @@ -102130,7 +102701,7 @@ "cmt_msg": "xen/arm: Fix race in RB-tree based P2M accounting" }, "CVE-2022-2327": { - "cmt_msg": "" + "cmt_msg": "io_uring: remove any grabbing of context" }, "CVE-2021-45486": { "cmt_msg": "inet: use bigger hash table for IP ID generation" @@ -102142,7 +102713,7 @@ "cmt_msg": "vgacon: Fix for missing check in scrollback handling" }, "CVE-2022-36946": { - "cmt_msg": "" + "cmt_msg": "netfilter: nf_queue: do not allow packet truncation below transport header offset" }, "CVE-2021-20194": { "cmt_msg": "io_uring: don't rely on weak ->files references"
diff --git a/data/stream_fixes.json b/data/stream_fixes.json index c612b2a..d15e2a3 100644 --- a/data/stream_fixes.json +++ b/data/stream_fixes.json
@@ -31567,6 +31567,58 @@ "fixed_version": "5.4.170" } }, + "CVE-2022-20368": { + "4.14": { + "cmt_id": "b1e27cda1e3c12b705875bb7e247a97168580e33", + "fixed_version": "4.14.273" + }, + "4.19": { + "cmt_id": "a33dd1e6693f80d805155b3f69c18c2f642915da", + "fixed_version": "4.19.236" + }, + "4.9": { + "cmt_id": "b9d5772d60f8e7ef34e290f72fc20e3a4883e7d0", + "fixed_version": "4.9.308" + }, + "5.10": { + "cmt_id": "70b7b3c055fd4a464da8da55ff4c1f84269f9b02", + "fixed_version": "5.10.108" + }, + "5.15": { + "cmt_id": "a055f5f2841f7522b44a2b1eccb1951b4b03d51a", + "fixed_version": "5.15.31" + }, + "5.16": { + "cmt_id": "ef591b35176029fdefea38e8388ffa371e18f4b2", + "fixed_version": "5.16.17" + }, + "5.17": { + "cmt_id": "c700525fcc06b05adfea78039de02628af79e07a", + "fixed_version": "5.17" + }, + "5.4": { + "cmt_id": "268dcf1f7b3193bc446ec3d14e08a240e9561e4d", + "fixed_version": "5.4.187" + } + }, + "CVE-2022-20369": { + "5.10": { + "cmt_id": "8a83731a09a5954b85b1ce49c01ff5c2a3465cb7", + "fixed_version": "5.10.110" + }, + "5.15": { + "cmt_id": "48d00e24822e4384edcee3aae03d54c1b7982eba", + "fixed_version": "5.15.33" + }, + "5.16": { + "cmt_id": "2a5fd6b402049521f657966a42c4277f083a63c0", + "fixed_version": "5.16.19" + }, + "5.17": { + "cmt_id": "3c6ec01525254e4489c6e60df2a8c48ee81f6f78", + "fixed_version": "5.17.2" + } + }, "CVE-2022-2078": { "5.10": { "cmt_id": "c0aff1faf66b6b7a19103f83e6a5d0fdc64b9048", @@ -31697,6 +31749,24 @@ "fixed_version": "5.4.197" } }, + "CVE-2022-21505": { + "5.10": { + "cmt_id": "ab5050fd7430dde3a9f073129036d3da3facc8ec", + "fixed_version": "5.10.134" + }, + "5.15": { + "cmt_id": "0e66932a9dc9ba47e60405b392e3782a332bc44e", + "fixed_version": "5.15.58" + }, + "5.18": { + "cmt_id": "f67ff524f283183c52d2575b11beec00cc4d5092", + "fixed_version": "5.18.15" + }, + "5.4": { + "cmt_id": "ed3fea55066b4e054c4d212e54f9965abcac9685", + "fixed_version": "5.4.208" + } + }, "CVE-2022-2153": { "5.15": { "cmt_id": "0e5dbc0540baa89faf4c04ccc7e9c4fe6b1d7bf4", @@ -32948,5 +33018,83 @@ "cmt_id": "6b7488071ea8ed6265a39afebd5a5920f6975d02", "fixed_version": "5.18.11" } + }, + "CVE-2022-36123": { + "4.14": { + "cmt_id": "a24eebede57ff42d5123cca948c5077ccddbffcb", + "fixed_version": "4.14.289" + }, + "4.19": { + "cmt_id": "36e2f161fb01795722f2ff1a24d95f08100333dd", + "fixed_version": "4.19.253" + }, + "4.9": { + "cmt_id": "b3d7c509bcbd4384d4964dcdf028b3c3e0adb7f7", + "fixed_version": "4.9.324" + }, + "5.10": { + "cmt_id": "136d7987fcfdeca73ee3c6a29e48f99fdd0f4d87", + "fixed_version": "5.10.132" + }, + "5.15": { + "cmt_id": "26bb7afc027ce6ac8ab6747babec674d55689ff0", + "fixed_version": "5.15.56" + }, + "5.18": { + "cmt_id": "2334bdfc2da469c9807767002a2831274b82c39a", + "fixed_version": "5.18.13" + }, + "5.4": { + "cmt_id": "a3c7c1a726a4c6b63b85e8c183f207543fd75e1b", + "fixed_version": "5.4.207" + } + }, + "CVE-2022-36879": { + "4.14": { + "cmt_id": "2c9d93e35cb857fc613ec9d58d690d332252747b", + "fixed_version": "4.14.290" + }, + "4.19": { + "cmt_id": "fdb4fba1ba8512fa579a9d091dcb6c410f82f96a", + "fixed_version": "4.19.254" + }, + "4.9": { + "cmt_id": "5aff12fa09504c6ea88fc17749a39cda2c4d6ef7", + "fixed_version": "4.9.325" + }, + "5.10": { + "cmt_id": "47b696dd654450cdec3103a833e5bf29c4b83bfa", + "fixed_version": "5.10.134" + }, + "5.15": { + "cmt_id": "c8e32bca0676ac663266a3b16562cb017300adcd", + "fixed_version": "5.15.58" + }, + "5.18": { + "cmt_id": "70f5e35cd5e38017653ed1ca0f7a4ab6d5c5a794", + "fixed_version": "5.18.15" + }, + "5.4": { + "cmt_id": "f4248bdb7d5c1150a2a6f8c3d3b6da0b71f62a20", + "fixed_version": "5.4.208" + } + }, + "CVE-2022-36946": { + "5.10": { + "cmt_id": "440dccd80f627e0e11ceb0429e4cdab61857d17e", + "fixed_version": "5.10.135" + }, + "5.15": { + "cmt_id": "91c11008aab0282957b8b8ccb0707d90e74cc3b9", + "fixed_version": "5.15.59" + }, + "5.18": { + "cmt_id": "883c20911d6261fc651820b63a77327b8c020264", + "fixed_version": "5.18.16" + }, + "5.4": { + "cmt_id": "52be29e8b6455788a4d0f501bd87aa679ca3ba3c", + "fixed_version": "5.4.209" + } } } \ No newline at end of file