data/5.7/5.7_security.txt - mirrors/github.com/nluedtke/linux_kernel_cves - Git at Google


 CVEs fixed in 5.7:
   CVE-2020-10732: 1d605416fb7175e1adf094251466caa52093b413 fs/binfmt_elf.c: allocate initialized memory in fill_thread_core_info()

 CVEs fixed in 5.7.1:
   CVE-2019-19462: 8c20f4355ab55fc07facacb1cd99bdb6fc5ebc1d kernel/relay.c: handle alloc_percpu returning NULL in relay_open
   CVE-2020-10757: e98a6a24baae41cc3632a0bf343fe844eff53cea mm: Fix mremap not considering huge pmd devmap

 CVEs fixed in 5.7.2:
   CVE-2020-0543: 468e86c304bd2e32307b438b67d61c0075a9beb9 x86/cpu: Add 'table' argument to cpu_matches()
   CVE-2020-13974: 7ca8cd811dcc6550be059813caf4f2cf888a7616 vt: keyboard: avoid signed integer overflow in k_ascii

 CVEs fixed in 5.7.3:
   CVE-2020-10766: 18f82da06ec6653646fd2670765aac24275f4833 x86/speculation: Prevent rogue cross-process SSBD shutdown
   CVE-2020-10767: 862442343c016befe654c1f3f8d9d5791071df4c x86/speculation: Avoid force-disabling IBPB based on STIBP and enhanced IBRS.
   CVE-2020-10768: 69e93896809da49f0946044bd31daf9a7482b440 x86/speculation: PR_SPEC_FORCE_DISABLE enforcement for indirect branches.
   CVE-2020-29374: 8e45fdafdecc8436c5b6e1620c30726056e6b29c gup: document and work around "COW can break either way" issue
   CVE-2021-0342: ab5e1d8d91872d6d80119a560255ff549985cff9 tun: correct header offsets in napi frags mode

 CVEs fixed in 5.7.5:
   CVE-2020-29368: 114b91ff0861de531e412aebe8c4dfda21291c7b mm: thp: make the THP mapcount atomic against __split_huge_pmd_locked()

 CVEs fixed in 5.7.6:
   CVE-2020-12771: 4813dd656732207ad9df7738652bbbbde4c7c928 bcache: fix potential deadlock problem in btree_gc_coalesce
   CVE-2020-15436: 4f8d723f871edb95a05d43ad88faf406c66393db block: Fix use-after-free in blkdev_get()

 CVEs fixed in 5.7.7:
   CVE-2020-15780: 63897052acc5a97e6cd0ffecda0a8d05aab6f85b ACPI: configfs: Disallow loading ACPI tables when locked down

 CVEs fixed in 5.7.8:
   CVE-2020-15393: 4c424f6d0af716110dd7d78e89afce4d99f16815 usb: usbtest: fix missing kfree(dev->buf) in usbtest_disconnect
   CVE-2020-24394: fb17be570b470fd56ccb2db7c1b0beb4d0d590d7 nfsd: apply umask on fs without ACL support

 CVEs fixed in 5.7.10:
   CVE-2020-10781: 8fd782b2376168717dddfbcae0786b47e61777bb Revert "zram: convert remaining CLASS_ATTR() to CLASS_ATTR_RO()"
   CVE-2020-14356: 26d0bcfcf7150bc7c115f2d3f2f1459e64029b98 cgroup: fix cgroup_sk_alloc() for sk_clone_lock()
   CVE-2020-15852: 3bbf8195e79707268f4fd072d7575ced0207e4ef x86/ioperm: Fix io bitmap invalidation on Xen PV

 CVEs fixed in 5.7.11:
   CVE-2020-15437: eb710a1ac0b2c5d46917563b78ebef429b0e8738 serial: 8250: fix null-ptr-deref in serial8250_start_tx()
   CVE-2020-29369: b6afd2a9f2839a60a6cd6a0cac740019f90c35eb mm/mmap.c: close race between munmap() and expand_upwards()/downwards()

 CVEs fixed in 5.7.13:
   CVE-2020-12656: ec25aabaffe687774165ae491cc797d7d8a79454 sunrpc: check that domain table is empty at module unload.
   CVE-2020-24490: 15a9441c207a546ae7cadfe092aea5ae9751c967 Bluetooth: fix kernel oops in store_pending_adv_report

 CVEs fixed in 5.7.14:
   CVE-2020-16166: 378a4d2215334fa4d3c5888a008f8896066bc231 random32: update the net random state on interrupt and activity

 CVEs fixed in 5.7.15:
   CVE-2020-14331: b2f1d746c96a16ae97099b9f454d01a9b730c26a vgacon: Fix for missing check in scrollback handling
   CVE-2020-36386: 886a27c346901b6b5a3d5b12ca50ca821817185d Bluetooth: Fix slab-out-of-bounds read in hci_extended_inquiry_result_evt()

 CVEs fixed in 5.7.16:
   CVE-2019-19770: 4470c2949a07883cda4de6899ce8507b0fc6aa5d blktrace: fix debugfs use after free
   CVE-2020-26088: f8093f0d1ababcb1a1ea859e1638a14fa5627e42 net/nfc/rawsock.c: add CAP_NET_RAW check.
   CVE-2020-36387: f93bc10c64afceb019ccdc7b5424ecedbd613f64 io_uring: hold 'ctx' reference around task_work queue + execute
   CVE-2021-20292: 7387ad86fe8ef830e88a586b021b322eef316211 drm/ttm/nouveau: don't call tt destroy callback on alloc failure.

 CVEs fixed in 5.7.17:
   CVE-2019-19448: 7726619a51873ac0ac73d31f7852e0eb01a0833b btrfs: only search for left_info if there is no right_info in try_merge_free_space
   CVE-2020-25212: 4476b8282f0bdbf21c8a1e5d783ee11a0edfcaf2 nfs: Fix getxattr kernel panic and memory overflow

 CVEs fixed in 5.7.18:
   CVE-2020-0466: 7d6b91e878c590f471db7ed0ddb1952f40146cec do_epoll_ctl(): clean the failure exits up a bit
   CVE-2020-14314: e50fe43e3062e18846e99d9646b9c07b097eb1ed ext4: fix potential negative array index in do_split()
   CVE-2020-29371: ec5713663214ae0cc9821c0a40b6c6022fcaa4d8 romfs: fix uninitialized memory leak in romfs_dev_read()

 Outstanding CVEs:
   CVE-2005-3660: (unk)
   CVE-2007-3719: (unk)
   CVE-2008-2544: (unk)
   CVE-2008-4609: (unk)
   CVE-2010-4563: (unk)
   CVE-2010-5321: (unk)
   CVE-2011-4917: (unk)
   CVE-2012-4542: (unk)
   CVE-2013-7445: (unk)
   CVE-2015-2877: (unk)
   CVE-2016-8660: (unk)
   CVE-2017-13693: (unk)
   CVE-2017-13694: (unk)
   CVE-2018-1121: (unk)
   CVE-2018-12928: (unk)
   CVE-2018-12929: (unk)
   CVE-2018-12930: (unk)
   CVE-2018-12931: (unk)
   CVE-2018-17977: (unk)
   CVE-2019-0146: (unk)
   CVE-2019-12456: (unk)
   CVE-2019-15239: (unk) unknown
   CVE-2019-15290: (unk)
   CVE-2019-15794: (unk)
   CVE-2019-15902: (unk) unknown
   CVE-2019-16089: (unk)
   CVE-2019-19378: (unk)
   CVE-2019-19449: (unk) f2fs: fix to do sanity check on segment/section count
   CVE-2019-19814: (unk)
   CVE-2019-20794: (unk)
   CVE-2020-0347: (unk)
   CVE-2020-0423: (unk) binder: fix UAF when releasing todo list
   CVE-2020-0465: (unk) HID: core: Sanitize event code and type when mapping input
   CVE-2020-10135: (unk) Bluetooth: Consolidate encryption handling in hci_encrypt_cfm
   CVE-2020-10708: (unk)
   CVE-2020-11725: (unk)
   CVE-2020-12351: (unk) Bluetooth: L2CAP: Fix calling sk_filter on non-socket based channel
   CVE-2020-12352: (unk) Bluetooth: A2MP: Fix not initializing all members
   CVE-2020-12362: (unk)
   CVE-2020-12363: (unk) drm/i915/guc: Update to use firmware v49.0.1
   CVE-2020-12364: (unk) drm/i915/guc: Update to use firmware v49.0.1
   CVE-2020-12888: (unk) vfio-pci: Invalidate mmaps and block MMIO access on disabled memory
   CVE-2020-14304: (unk)
   CVE-2020-14351: (unk) perf/core: Fix race in the perf_mmap_close() function
   CVE-2020-14385: (unk) xfs: fix boundary test in xfs_attr_shortform_verify
   CVE-2020-14386: (unk) net/packet: fix overflow in tpacket_rcv
   CVE-2020-14390: (unk) fbcon: remove soft scrollback code
   CVE-2020-15802: (unk)
   CVE-2020-16119: (unk) dccp: don't duplicate ccid when cloning dccp sock
   CVE-2020-16120: (unk) ovl: switch to mounter creds in readdir
   CVE-2020-24502: (unk)
   CVE-2020-24503: (unk)
   CVE-2020-24504: (unk) ice: create scheduler aggregator node config and move VSIs
   CVE-2020-24586: (unk) mac80211: prevent mixed key and fragment cache attacks
   CVE-2020-24587: (unk) mac80211: prevent mixed key and fragment cache attacks
   CVE-2020-24588: (unk) cfg80211: mitigate A-MSDU aggregation attacks
   CVE-2020-25211: (unk) netfilter: ctnetlink: add a range check for l3/l4 protonum
   CVE-2020-25220: (unk)
   CVE-2020-25221: (unk) mm: fix pin vs. gup mismatch with gate pages
   CVE-2020-25284: (unk) rbd: require global CAP_SYS_ADMIN for mapping and unmapping
   CVE-2020-25285: (unk) mm/hugetlb: fix a race between hugetlb sysctl handlers
   CVE-2020-25639: (unk) drm/nouveau: bail out of nouveau_channel_new if channel init fails
   CVE-2020-25641: (unk) block: allow for_each_bvec to support zero len bvec
   CVE-2020-25643: (unk) hdlc_ppp: add range checks in ppp_cp_parse_cr()
   CVE-2020-25645: (unk) geneve: add transport ports in route lookup for geneve
   CVE-2020-25656: (unk) vt: keyboard, extend func_buf_lock to readers
   CVE-2020-25668: (unk) tty: make FONTX ioctl use the tty pointer they were actually passed
   CVE-2020-25669: (unk) Input: sunkbd - avoid use-after-free in teardown paths
   CVE-2020-25670: (unk) nfc: fix refcount leak in llcp_sock_bind()
   CVE-2020-25671: (unk) nfc: fix refcount leak in llcp_sock_connect()
   CVE-2020-25672: (unk) nfc: fix memory leak in llcp_sock_connect()
   CVE-2020-25673: (unk) nfc: Avoid endless loops caused by repeated llcp_sock_connect()
   CVE-2020-25704: (unk) perf/core: Fix a memory leak in perf_event_parse_addr_filter()
   CVE-2020-25705: (unk) icmp: randomize the global rate limiter
   CVE-2020-26139: (unk) mac80211: do not accept/forward invalid EAPOL frames
   CVE-2020-26140: (unk)
   CVE-2020-26141: (unk) ath10k: Fix TKIP Michael MIC verification for PCIe
   CVE-2020-26142: (unk)
   CVE-2020-26143: (unk)
   CVE-2020-26145: (unk) ath10k: drop fragments with multicast DA for PCIe
   CVE-2020-26147: (unk) mac80211: assure all fragments are encrypted
   CVE-2020-26541: (unk) certs: Add EFI_CERT_X509_GUID support for dbx entries
   CVE-2020-26555: (unk)
   CVE-2020-26556: (unk)
   CVE-2020-26557: (unk)
   CVE-2020-26558: (unk) Bluetooth: SMP: Fail if remote and local public keys are identical
   CVE-2020-26559: (unk)
   CVE-2020-26560: (unk)
   CVE-2020-27152: (unk) KVM: ioapic: break infinite recursion on lazy EOI
   CVE-2020-27194: (unk) bpf: Fix scalar32_min_max_or bounds tracking
   CVE-2020-27673: (unk) xen/events: add a proper barrier to 2-level uevent unmasking
   CVE-2020-27675: (unk) xen/events: avoid removing an event channel while handling it
   CVE-2020-27777: (unk) powerpc/rtas: Restrict RTAS requests from userspace
   CVE-2020-27815: (unk) jfs: Fix array index bounds check in dbAdjTree
   CVE-2020-27820: (unk)
   CVE-2020-27825: (unk) tracing: Fix race in trace_open and buffer resize call
   CVE-2020-27830: (unk) speakup: Reject setting the speakup line discipline outside of speakup
   CVE-2020-27835: (unk) IB/hfi1: Ensure correct mm is used at all times
   CVE-2020-28097: (unk) vgacon: remove software scrollback support
   CVE-2020-28374: (unk) scsi: target: Fix XCOPY NAA identifier lookup
   CVE-2020-28588: (unk) lib/syscall: fix syscall registers retrieval on 32-bit platforms
   CVE-2020-28915: (unk) fbcon: Fix global-out-of-bounds read in fbcon_get_font()
   CVE-2020-28941: (unk) speakup: Do not let the line discipline be used several times
   CVE-2020-28974: (unk) vt: Disable KD_FONT_OP_COPY
   CVE-2020-29534: (unk) io_uring: don't rely on weak ->files references
   CVE-2020-29568: (unk) xen/xenbus: Allow watches discard events before queueing
   CVE-2020-29569: (unk) xen-blkback: set ring->xenblkd to NULL after kthread_stop()
   CVE-2020-29660: (unk) tty: Fix ->session locking
   CVE-2020-29661: (unk) tty: Fix ->pgrp locking in tiocspgrp()
   CVE-2020-35501: (unk)
   CVE-2020-35508: (unk) fork: fix copy_process(CLONE_PARENT) race with the exiting ->real_parent
   CVE-2020-35519: (unk) net/x25: prevent a couple of overflows
   CVE-2020-36158: (unk) mwifiex: Fix possible buffer overflows in mwifiex_cmd_802_11_ad_hoc_start
   CVE-2020-36310: (unk) KVM: SVM: avoid infinite loop on NPF from bad address
   CVE-2020-36311: (unk) KVM: SVM: Periodically schedule when unregistering regions on destroy
   CVE-2020-36312: (unk) KVM: fix memory leak in kvm_io_bus_unregister_dev()
   CVE-2020-36322: (unk) fuse: fix bad inode
   CVE-2020-36385: (unk) RDMA/ucma: Rework ucma_migrate_id() to avoid races with destroy
   CVE-2020-3702: (unk) ath: Use safer key clearing with key cache entries
   CVE-2020-4788: (unk) powerpc/64s: flush L1D on kernel entry
   CVE-2020-8694: (unk) powercap: restrict energy meter to root access
   CVE-2021-0129: (unk) Bluetooth: SMP: Fail if remote and local public keys are identical
   CVE-2021-0399: (unk)
   CVE-2021-0448: (unk) netfilter: ctnetlink: add a range check for l3/l4 protonum
   CVE-2021-0512: (unk) HID: make arrays usage and value to be the same
   CVE-2021-0605: (unk) af_key: pfkey_dump needs parameter validation
   CVE-2021-0606: (unk)
   CVE-2021-0695: (unk)
   CVE-2021-0936: (unk)
   CVE-2021-0937: (unk) netfilter: x_tables: fix compat match/target pad out-of-bound write
   CVE-2021-0938: (unk) compiler.h: fix barrier_data() on clang
   CVE-2021-0941: (unk) bpf: Remove MTU check in __bpf_skb_max_len
   CVE-2021-1048: (unk)
   CVE-2021-20194: (unk) io_uring: don't rely on weak ->files references
   CVE-2021-20226: (unk) io_uring: don't rely on weak ->files references
   CVE-2021-20239: (unk) net: pass a sockptr_t into ->setsockopt
   CVE-2021-20268: (unk) bpf: Fix signed_{sub,add32}_overflows type handling
   CVE-2021-20320: (unk) s390/bpf: Fix optimizing out zero-extensions
   CVE-2021-20321: (unk) ovl: fix missing negative dentry check in ovl_rename()
   CVE-2021-20322: (unk) ipv6: make exception cache less predictible
   CVE-2021-21781: (unk) ARM: ensure the signal page contains defined contents
   CVE-2021-22543: (unk) KVM: do not allow mapping valid but non-reference-counted pages
   CVE-2021-22555: (unk) netfilter: x_tables: fix compat match/target pad out-of-bound write
   CVE-2021-23133: (unk) net/sctp: fix race condition in sctp_destroy_sock
   CVE-2021-26708: (unk) vsock: fix the race conditions in multi-transport support
   CVE-2021-26930: (unk) xen-blkback: fix error handling in xen_blkbk_map()
   CVE-2021-26931: (unk) xen-blkback: don't "handle" error by BUG()
   CVE-2021-26932: (unk) Xen/x86: don't bail early from clear_foreign_p2m_mapping()
   CVE-2021-26934: (unk)
   CVE-2021-27363: (unk) scsi: iscsi: Restrict sessions and handles to admin capabilities
   CVE-2021-27364: (unk) scsi: iscsi: Restrict sessions and handles to admin capabilities
   CVE-2021-27365: (unk) scsi: iscsi: Ensure sysfs attributes are limited to PAGE_SIZE
   CVE-2021-28038: (unk) Xen/gnttab: handle p2m update errors on a per-slot basis
   CVE-2021-28375: (unk) misc: fastrpc: restrict user apps from sending kernel RPC messages
   CVE-2021-28660: (unk) staging: rtl8188eu: prevent ->ssid overflow in rtw_wx_set_scan()
   CVE-2021-28688: (unk) xen-blkback: don't leak persistent grants from xen_blkbk_map()
   CVE-2021-28691: (unk) xen-netback: take a reference to the RX task thread
   CVE-2021-28951: (unk) io_uring: ensure that SQPOLL thread is started for exit
   CVE-2021-28952: (unk) ASoC: qcom: sdm845: Fix array out of bounds access
   CVE-2021-28964: (unk) btrfs: fix race when cloning extent buffer during rewind of an old root
   CVE-2021-28971: (unk) perf/x86/intel: Fix a crash caused by zero PEBS status
   CVE-2021-28972: (unk) PCI: rpadlpar: Fix potential drc_name corruption in store functions
   CVE-2021-29154: (unk) bpf, x86: Validate computation of branch displacements for x86-64
   CVE-2021-29155: (unk) bpf: Use correct permission flag for mixed signed bounds arithmetic
   CVE-2021-29264: (unk) gianfar: fix jumbo packets+napi+rx overrun crash
   CVE-2021-29265: (unk) usbip: fix stub_dev usbip_sockfd_store() races leading to gpf
   CVE-2021-29646: (unk) tipc: better validate user input in tipc_nl_retrieve_key()
   CVE-2021-29647: (unk) net: qrtr: fix a kernel-infoleak in qrtr_recvmsg()
   CVE-2021-29650: (unk) netfilter: x_tables: Use correct memory barriers.
   CVE-2021-30002: (unk) media: v4l: ioctl: Fix memory leak in video_usercopy
   CVE-2021-31440: (unk) bpf: Fix propagation of 32 bit unsigned bounds from 64 bit bounds
   CVE-2021-3178: (unk) nfsd4: readdirplus shouldn't return parent of export
   CVE-2021-31829: (unk) bpf: Fix masking negation logic upon negative dst register
   CVE-2021-31916: (unk) dm ioctl: fix out of bounds array access when no devices
   CVE-2021-32078: (unk) ARM: footbridge: remove personal server platform
   CVE-2021-32399: (unk) bluetooth: eliminate the potential race condition when removing the HCI controller
   CVE-2021-33033: (unk) cipso,calipso: resolve a number of problems with the DOI refcounts
   CVE-2021-33034: (unk) Bluetooth: verify AMP hci_chan before amp_destroy
   CVE-2021-3347: (unk) futex: Ensure the correct return value from futex_lock_pi()
   CVE-2021-3348: (unk) nbd: freeze the queue while we're adding connections
   CVE-2021-33624: (unk) bpf: Inherit expanded/patched seen count from old aux data
   CVE-2021-33909: (unk) seq_file: disallow extremely large seq buffer allocations
   CVE-2021-3411: (unk) x86/kprobes: Fix optprobe to detect INT3 padding correctly
   CVE-2021-3428: (unk) ext4: handle error of ext4_setup_system_zone() on remount
   CVE-2021-3444: (unk) bpf: Fix truncation handling for mod32 dst reg wrt zero
   CVE-2021-34556: (unk) bpf: Introduce BPF nospec instruction for mitigating Spectre v4
   CVE-2021-34693: (unk) can: bcm: fix infoleak in struct bcm_msg_head
   CVE-2021-3483: (unk) firewire: nosy: Fix a use-after-free bug in nosy_ioctl()
   CVE-2021-34866: (unk) bpf: Fix ringbuf helper function compatibility
   CVE-2021-3490: (unk) bpf: Fix alu32 const subreg bound tracking on bitwise operations
   CVE-2021-3491: (unk) io_uring: truncate lengths larger than MAX_RW_COUNT on provide buffers
   CVE-2021-34981: (unk) Bluetooth: cmtp: fix file refcount when cmtp_attach_device fails
   CVE-2021-35039: (unk) module: limit enabling module.sig_enforce
   CVE-2021-3506: (unk) f2fs: fix to avoid out-of-bounds memory access
   CVE-2021-3542: (unk)
   CVE-2021-35477: (unk) bpf: Introduce BPF nospec instruction for mitigating Spectre v4
   CVE-2021-3564: (unk) Bluetooth: fix the erroneous flush_work() order
   CVE-2021-3573: (unk) Bluetooth: use correct lock to prevent UAF of hdev object
   CVE-2021-3587: (unk) nfc: fix NULL ptr dereference in llcp_sock_getname() after failed connect
   CVE-2021-3600: (unk) bpf: Fix 32 bit src register truncation on div/mod
   CVE-2021-3609: (unk) can: bcm: delay release of struct bcm_op after synchronize_rcu()
   CVE-2021-3612: (unk) Input: joydev - prevent potential read overflow in ioctl
   CVE-2021-3640: (unk)
   CVE-2021-3653: (unk) KVM: nSVM: avoid picking up unsupported bits from L2 in int_ctl (CVE-2021-3653)
   CVE-2021-3655: (unk) sctp: validate from_addr_param return
   CVE-2021-3656: (unk) KVM: nSVM: always intercept VMLOAD/VMSAVE when nested (CVE-2021-3656)
   CVE-2021-3659: (unk) net: mac802154: Fix general protection fault
   CVE-2021-3669: (unk) ipc: replace costly bailout check in sysvipc_find_ipc()
   CVE-2021-3679: (unk) tracing: Fix bug in rb_per_cpu_empty() that might cause deadloop.
   CVE-2021-37159: (unk) usb: hso: fix error handling code of hso_create_net_device
   CVE-2021-3732: (unk) ovl: prevent private clone if bind mount is not allowed
   CVE-2021-3739: (unk) btrfs: fix NULL pointer dereference when deleting device by invalid id
   CVE-2021-3743: (unk) net: qrtr: fix OOB Read in qrtr_endpoint_post
   CVE-2021-3744: (unk) crypto: ccp - fix resource leaks in ccp_run_aes_gcm_cmd()
   CVE-2021-3752: (unk)
   CVE-2021-3753: (unk) vt_kdsetmode: extend console locking
   CVE-2021-37576: (unk) KVM: PPC: Book3S: Fix H_RTAS rets buffer overflow
   CVE-2021-3759: (unk) memcg: enable accounting of ipc resources
   CVE-2021-3760: (unk) nfc: nci: fix the UAF of rf_conn_info object
   CVE-2021-3764: (unk) crypto: ccp - fix resource leaks in ccp_run_aes_gcm_cmd()
   CVE-2021-3772: (unk) sctp: use init_tag from inithdr for ABORT chunk
   CVE-2021-38160: (unk) virtio_console: Assure used length from device is limited
   CVE-2021-38166: (unk) bpf: Fix integer overflow involving bucket_size
   CVE-2021-38198: (unk) KVM: X86: MMU: Use the correct inherited permissions to get shadow page
   CVE-2021-38199: (unk) NFSv4: Initialise connection to the server in nfs4_alloc_client()
   CVE-2021-38204: (unk) usb: max-3421: Prevent corruption of freed memory
   CVE-2021-38205: (unk) net: xilinx_emaclite: Do not print real IOMEM pointer
   CVE-2021-38207: (unk) net: ll_temac: Fix TX BD buffer overwrite
   CVE-2021-38208: (unk) nfc: fix NULL ptr dereference in llcp_sock_getname() after failed connect
   CVE-2021-38209: (unk) netfilter: conntrack: Make global sysctls readonly in non-init netns
   CVE-2021-38300: (unk) bpf, mips: Validate conditional branch offsets
   CVE-2021-3847: (unk)
   CVE-2021-3892: (unk)
   CVE-2021-3896: (unk) isdn: cpai: check ctr->cnr to avoid array index out of bound
   CVE-2021-40490: (unk) ext4: fix race writing to an inline_data file while its xattrs are changing
   CVE-2021-41864: (unk) bpf: Fix integer overflow in prealloc_elems_and_freelist()
   CVE-2021-42008: (unk) net: 6pack: fix slab-out-of-bounds in decode_data
   CVE-2021-42252: (unk) soc: aspeed: lpc-ctrl: Fix boundary check for mmap
   CVE-2021-42327: (unk) drm/amdgpu: fix out of bounds write
   CVE-2021-42739: (unk)
   CVE-2021-43056: (unk) KVM: PPC: Book3S HV: Make idle_kvm_start_guest() return 0 if it went to guest
   CVE-2021-43057: (unk) selinux,smack: fix subjective/objective credential use mixups

	CVEs fixed in 5.7:
	CVE-2020-10732: 1d605416fb7175e1adf094251466caa52093b413 fs/binfmt_elf.c: allocate initialized memory in fill_thread_core_info()

	CVEs fixed in 5.7.1:
	CVE-2019-19462: 8c20f4355ab55fc07facacb1cd99bdb6fc5ebc1d kernel/relay.c: handle alloc_percpu returning NULL in relay_open
	CVE-2020-10757: e98a6a24baae41cc3632a0bf343fe844eff53cea mm: Fix mremap not considering huge pmd devmap

	CVEs fixed in 5.7.2:
	CVE-2020-0543: 468e86c304bd2e32307b438b67d61c0075a9beb9 x86/cpu: Add 'table' argument to cpu_matches()
	CVE-2020-13974: 7ca8cd811dcc6550be059813caf4f2cf888a7616 vt: keyboard: avoid signed integer overflow in k_ascii

	CVEs fixed in 5.7.3:
	CVE-2020-10766: 18f82da06ec6653646fd2670765aac24275f4833 x86/speculation: Prevent rogue cross-process SSBD shutdown
	CVE-2020-10767: 862442343c016befe654c1f3f8d9d5791071df4c x86/speculation: Avoid force-disabling IBPB based on STIBP and enhanced IBRS.
	CVE-2020-10768: 69e93896809da49f0946044bd31daf9a7482b440 x86/speculation: PR_SPEC_FORCE_DISABLE enforcement for indirect branches.
	CVE-2020-29374: 8e45fdafdecc8436c5b6e1620c30726056e6b29c gup: document and work around "COW can break either way" issue
	CVE-2021-0342: ab5e1d8d91872d6d80119a560255ff549985cff9 tun: correct header offsets in napi frags mode

	CVEs fixed in 5.7.5:
	CVE-2020-29368: 114b91ff0861de531e412aebe8c4dfda21291c7b mm: thp: make the THP mapcount atomic against __split_huge_pmd_locked()

	CVEs fixed in 5.7.6:
	CVE-2020-12771: 4813dd656732207ad9df7738652bbbbde4c7c928 bcache: fix potential deadlock problem in btree_gc_coalesce
	CVE-2020-15436: 4f8d723f871edb95a05d43ad88faf406c66393db block: Fix use-after-free in blkdev_get()

	CVEs fixed in 5.7.7:
	CVE-2020-15780: 63897052acc5a97e6cd0ffecda0a8d05aab6f85b ACPI: configfs: Disallow loading ACPI tables when locked down

	CVEs fixed in 5.7.8:
	CVE-2020-15393: 4c424f6d0af716110dd7d78e89afce4d99f16815 usb: usbtest: fix missing kfree(dev->buf) in usbtest_disconnect
	CVE-2020-24394: fb17be570b470fd56ccb2db7c1b0beb4d0d590d7 nfsd: apply umask on fs without ACL support

	CVEs fixed in 5.7.10:
	CVE-2020-10781: 8fd782b2376168717dddfbcae0786b47e61777bb Revert "zram: convert remaining CLASS_ATTR() to CLASS_ATTR_RO()"
	CVE-2020-14356: 26d0bcfcf7150bc7c115f2d3f2f1459e64029b98 cgroup: fix cgroup_sk_alloc() for sk_clone_lock()
	CVE-2020-15852: 3bbf8195e79707268f4fd072d7575ced0207e4ef x86/ioperm: Fix io bitmap invalidation on Xen PV

	CVEs fixed in 5.7.11:
	CVE-2020-15437: eb710a1ac0b2c5d46917563b78ebef429b0e8738 serial: 8250: fix null-ptr-deref in serial8250_start_tx()
	CVE-2020-29369: b6afd2a9f2839a60a6cd6a0cac740019f90c35eb mm/mmap.c: close race between munmap() and expand_upwards()/downwards()

	CVEs fixed in 5.7.13:
	CVE-2020-12656: ec25aabaffe687774165ae491cc797d7d8a79454 sunrpc: check that domain table is empty at module unload.
	CVE-2020-24490: 15a9441c207a546ae7cadfe092aea5ae9751c967 Bluetooth: fix kernel oops in store_pending_adv_report

	CVEs fixed in 5.7.14:
	CVE-2020-16166: 378a4d2215334fa4d3c5888a008f8896066bc231 random32: update the net random state on interrupt and activity

	CVEs fixed in 5.7.15:
	CVE-2020-14331: b2f1d746c96a16ae97099b9f454d01a9b730c26a vgacon: Fix for missing check in scrollback handling
	CVE-2020-36386: 886a27c346901b6b5a3d5b12ca50ca821817185d Bluetooth: Fix slab-out-of-bounds read in hci_extended_inquiry_result_evt()

	CVEs fixed in 5.7.16:
	CVE-2019-19770: 4470c2949a07883cda4de6899ce8507b0fc6aa5d blktrace: fix debugfs use after free
	CVE-2020-26088: f8093f0d1ababcb1a1ea859e1638a14fa5627e42 net/nfc/rawsock.c: add CAP_NET_RAW check.
	CVE-2020-36387: f93bc10c64afceb019ccdc7b5424ecedbd613f64 io_uring: hold 'ctx' reference around task_work queue + execute
	CVE-2021-20292: 7387ad86fe8ef830e88a586b021b322eef316211 drm/ttm/nouveau: don't call tt destroy callback on alloc failure.

	CVEs fixed in 5.7.17:
	CVE-2019-19448: 7726619a51873ac0ac73d31f7852e0eb01a0833b btrfs: only search for left_info if there is no right_info in try_merge_free_space
	CVE-2020-25212: 4476b8282f0bdbf21c8a1e5d783ee11a0edfcaf2 nfs: Fix getxattr kernel panic and memory overflow

	CVEs fixed in 5.7.18:
	CVE-2020-0466: 7d6b91e878c590f471db7ed0ddb1952f40146cec do_epoll_ctl(): clean the failure exits up a bit
	CVE-2020-14314: e50fe43e3062e18846e99d9646b9c07b097eb1ed ext4: fix potential negative array index in do_split()
	CVE-2020-29371: ec5713663214ae0cc9821c0a40b6c6022fcaa4d8 romfs: fix uninitialized memory leak in romfs_dev_read()

	Outstanding CVEs:
	CVE-2005-3660: (unk)
	CVE-2007-3719: (unk)
	CVE-2008-2544: (unk)
	CVE-2008-4609: (unk)
	CVE-2010-4563: (unk)
	CVE-2010-5321: (unk)
	CVE-2011-4917: (unk)
	CVE-2012-4542: (unk)
	CVE-2013-7445: (unk)
	CVE-2015-2877: (unk)
	CVE-2016-8660: (unk)
	CVE-2017-13693: (unk)
	CVE-2017-13694: (unk)
	CVE-2018-1121: (unk)
	CVE-2018-12928: (unk)
	CVE-2018-12929: (unk)
	CVE-2018-12930: (unk)
	CVE-2018-12931: (unk)
	CVE-2018-17977: (unk)
	CVE-2019-0146: (unk)
	CVE-2019-12456: (unk)
	CVE-2019-15239: (unk) unknown
	CVE-2019-15290: (unk)
	CVE-2019-15794: (unk)
	CVE-2019-15902: (unk) unknown
	CVE-2019-16089: (unk)
	CVE-2019-19378: (unk)
	CVE-2019-19449: (unk) f2fs: fix to do sanity check on segment/section count
	CVE-2019-19814: (unk)
	CVE-2019-20794: (unk)
	CVE-2020-0347: (unk)
	CVE-2020-0423: (unk) binder: fix UAF when releasing todo list
	CVE-2020-0465: (unk) HID: core: Sanitize event code and type when mapping input
	CVE-2020-10135: (unk) Bluetooth: Consolidate encryption handling in hci_encrypt_cfm
	CVE-2020-10708: (unk)
	CVE-2020-11725: (unk)
	CVE-2020-12351: (unk) Bluetooth: L2CAP: Fix calling sk_filter on non-socket based channel
	CVE-2020-12352: (unk) Bluetooth: A2MP: Fix not initializing all members
	CVE-2020-12362: (unk)
	CVE-2020-12363: (unk) drm/i915/guc: Update to use firmware v49.0.1
	CVE-2020-12364: (unk) drm/i915/guc: Update to use firmware v49.0.1
	CVE-2020-12888: (unk) vfio-pci: Invalidate mmaps and block MMIO access on disabled memory
	CVE-2020-14304: (unk)
	CVE-2020-14351: (unk) perf/core: Fix race in the perf_mmap_close() function
	CVE-2020-14385: (unk) xfs: fix boundary test in xfs_attr_shortform_verify
	CVE-2020-14386: (unk) net/packet: fix overflow in tpacket_rcv
	CVE-2020-14390: (unk) fbcon: remove soft scrollback code
	CVE-2020-15802: (unk)
	CVE-2020-16119: (unk) dccp: don't duplicate ccid when cloning dccp sock
	CVE-2020-16120: (unk) ovl: switch to mounter creds in readdir
	CVE-2020-24502: (unk)
	CVE-2020-24503: (unk)
	CVE-2020-24504: (unk) ice: create scheduler aggregator node config and move VSIs
	CVE-2020-24586: (unk) mac80211: prevent mixed key and fragment cache attacks
	CVE-2020-24587: (unk) mac80211: prevent mixed key and fragment cache attacks
	CVE-2020-24588: (unk) cfg80211: mitigate A-MSDU aggregation attacks
	CVE-2020-25211: (unk) netfilter: ctnetlink: add a range check for l3/l4 protonum
	CVE-2020-25220: (unk)
	CVE-2020-25221: (unk) mm: fix pin vs. gup mismatch with gate pages
	CVE-2020-25284: (unk) rbd: require global CAP_SYS_ADMIN for mapping and unmapping
	CVE-2020-25285: (unk) mm/hugetlb: fix a race between hugetlb sysctl handlers
	CVE-2020-25639: (unk) drm/nouveau: bail out of nouveau_channel_new if channel init fails
	CVE-2020-25641: (unk) block: allow for_each_bvec to support zero len bvec
	CVE-2020-25643: (unk) hdlc_ppp: add range checks in ppp_cp_parse_cr()
	CVE-2020-25645: (unk) geneve: add transport ports in route lookup for geneve
	CVE-2020-25656: (unk) vt: keyboard, extend func_buf_lock to readers
	CVE-2020-25668: (unk) tty: make FONTX ioctl use the tty pointer they were actually passed
	CVE-2020-25669: (unk) Input: sunkbd - avoid use-after-free in teardown paths
	CVE-2020-25670: (unk) nfc: fix refcount leak in llcp_sock_bind()
	CVE-2020-25671: (unk) nfc: fix refcount leak in llcp_sock_connect()
	CVE-2020-25672: (unk) nfc: fix memory leak in llcp_sock_connect()
	CVE-2020-25673: (unk) nfc: Avoid endless loops caused by repeated llcp_sock_connect()
	CVE-2020-25704: (unk) perf/core: Fix a memory leak in perf_event_parse_addr_filter()
	CVE-2020-25705: (unk) icmp: randomize the global rate limiter
	CVE-2020-26139: (unk) mac80211: do not accept/forward invalid EAPOL frames
	CVE-2020-26140: (unk)
	CVE-2020-26141: (unk) ath10k: Fix TKIP Michael MIC verification for PCIe
	CVE-2020-26142: (unk)
	CVE-2020-26143: (unk)
	CVE-2020-26145: (unk) ath10k: drop fragments with multicast DA for PCIe
	CVE-2020-26147: (unk) mac80211: assure all fragments are encrypted
	CVE-2020-26541: (unk) certs: Add EFI_CERT_X509_GUID support for dbx entries
	CVE-2020-26555: (unk)
	CVE-2020-26556: (unk)
	CVE-2020-26557: (unk)
	CVE-2020-26558: (unk) Bluetooth: SMP: Fail if remote and local public keys are identical
	CVE-2020-26559: (unk)
	CVE-2020-26560: (unk)
	CVE-2020-27152: (unk) KVM: ioapic: break infinite recursion on lazy EOI
	CVE-2020-27194: (unk) bpf: Fix scalar32_min_max_or bounds tracking
	CVE-2020-27673: (unk) xen/events: add a proper barrier to 2-level uevent unmasking
	CVE-2020-27675: (unk) xen/events: avoid removing an event channel while handling it
	CVE-2020-27777: (unk) powerpc/rtas: Restrict RTAS requests from userspace
	CVE-2020-27815: (unk) jfs: Fix array index bounds check in dbAdjTree
	CVE-2020-27820: (unk)
	CVE-2020-27825: (unk) tracing: Fix race in trace_open and buffer resize call
	CVE-2020-27830: (unk) speakup: Reject setting the speakup line discipline outside of speakup
	CVE-2020-27835: (unk) IB/hfi1: Ensure correct mm is used at all times
	CVE-2020-28097: (unk) vgacon: remove software scrollback support
	CVE-2020-28374: (unk) scsi: target: Fix XCOPY NAA identifier lookup
	CVE-2020-28588: (unk) lib/syscall: fix syscall registers retrieval on 32-bit platforms
	CVE-2020-28915: (unk) fbcon: Fix global-out-of-bounds read in fbcon_get_font()
	CVE-2020-28941: (unk) speakup: Do not let the line discipline be used several times
	CVE-2020-28974: (unk) vt: Disable KD_FONT_OP_COPY
	CVE-2020-29534: (unk) io_uring: don't rely on weak ->files references
	CVE-2020-29568: (unk) xen/xenbus: Allow watches discard events before queueing
	CVE-2020-29569: (unk) xen-blkback: set ring->xenblkd to NULL after kthread_stop()
	CVE-2020-29660: (unk) tty: Fix ->session locking
	CVE-2020-29661: (unk) tty: Fix ->pgrp locking in tiocspgrp()
	CVE-2020-35501: (unk)
	CVE-2020-35508: (unk) fork: fix copy_process(CLONE_PARENT) race with the exiting ->real_parent
	CVE-2020-35519: (unk) net/x25: prevent a couple of overflows
	CVE-2020-36158: (unk) mwifiex: Fix possible buffer overflows in mwifiex_cmd_802_11_ad_hoc_start
	CVE-2020-36310: (unk) KVM: SVM: avoid infinite loop on NPF from bad address
	CVE-2020-36311: (unk) KVM: SVM: Periodically schedule when unregistering regions on destroy
	CVE-2020-36312: (unk) KVM: fix memory leak in kvm_io_bus_unregister_dev()
	CVE-2020-36322: (unk) fuse: fix bad inode
	CVE-2020-36385: (unk) RDMA/ucma: Rework ucma_migrate_id() to avoid races with destroy
	CVE-2020-3702: (unk) ath: Use safer key clearing with key cache entries
	CVE-2020-4788: (unk) powerpc/64s: flush L1D on kernel entry
	CVE-2020-8694: (unk) powercap: restrict energy meter to root access
	CVE-2021-0129: (unk) Bluetooth: SMP: Fail if remote and local public keys are identical
	CVE-2021-0399: (unk)
	CVE-2021-0448: (unk) netfilter: ctnetlink: add a range check for l3/l4 protonum
	CVE-2021-0512: (unk) HID: make arrays usage and value to be the same
	CVE-2021-0605: (unk) af_key: pfkey_dump needs parameter validation
	CVE-2021-0606: (unk)
	CVE-2021-0695: (unk)
	CVE-2021-0936: (unk)
	CVE-2021-0937: (unk) netfilter: x_tables: fix compat match/target pad out-of-bound write
	CVE-2021-0938: (unk) compiler.h: fix barrier_data() on clang
	CVE-2021-0941: (unk) bpf: Remove MTU check in __bpf_skb_max_len
	CVE-2021-1048: (unk)
	CVE-2021-20194: (unk) io_uring: don't rely on weak ->files references
	CVE-2021-20226: (unk) io_uring: don't rely on weak ->files references
	CVE-2021-20239: (unk) net: pass a sockptr_t into ->setsockopt
	CVE-2021-20268: (unk) bpf: Fix signed_{sub,add32}_overflows type handling
	CVE-2021-20320: (unk) s390/bpf: Fix optimizing out zero-extensions
	CVE-2021-20321: (unk) ovl: fix missing negative dentry check in ovl_rename()
	CVE-2021-20322: (unk) ipv6: make exception cache less predictible
	CVE-2021-21781: (unk) ARM: ensure the signal page contains defined contents
	CVE-2021-22543: (unk) KVM: do not allow mapping valid but non-reference-counted pages
	CVE-2021-22555: (unk) netfilter: x_tables: fix compat match/target pad out-of-bound write
	CVE-2021-23133: (unk) net/sctp: fix race condition in sctp_destroy_sock
	CVE-2021-26708: (unk) vsock: fix the race conditions in multi-transport support
	CVE-2021-26930: (unk) xen-blkback: fix error handling in xen_blkbk_map()
	CVE-2021-26931: (unk) xen-blkback: don't "handle" error by BUG()
	CVE-2021-26932: (unk) Xen/x86: don't bail early from clear_foreign_p2m_mapping()
	CVE-2021-26934: (unk)
	CVE-2021-27363: (unk) scsi: iscsi: Restrict sessions and handles to admin capabilities
	CVE-2021-27364: (unk) scsi: iscsi: Restrict sessions and handles to admin capabilities
	CVE-2021-27365: (unk) scsi: iscsi: Ensure sysfs attributes are limited to PAGE_SIZE
	CVE-2021-28038: (unk) Xen/gnttab: handle p2m update errors on a per-slot basis
	CVE-2021-28375: (unk) misc: fastrpc: restrict user apps from sending kernel RPC messages
	CVE-2021-28660: (unk) staging: rtl8188eu: prevent ->ssid overflow in rtw_wx_set_scan()
	CVE-2021-28688: (unk) xen-blkback: don't leak persistent grants from xen_blkbk_map()
	CVE-2021-28691: (unk) xen-netback: take a reference to the RX task thread
	CVE-2021-28951: (unk) io_uring: ensure that SQPOLL thread is started for exit
	CVE-2021-28952: (unk) ASoC: qcom: sdm845: Fix array out of bounds access
	CVE-2021-28964: (unk) btrfs: fix race when cloning extent buffer during rewind of an old root
	CVE-2021-28971: (unk) perf/x86/intel: Fix a crash caused by zero PEBS status
	CVE-2021-28972: (unk) PCI: rpadlpar: Fix potential drc_name corruption in store functions
	CVE-2021-29154: (unk) bpf, x86: Validate computation of branch displacements for x86-64
	CVE-2021-29155: (unk) bpf: Use correct permission flag for mixed signed bounds arithmetic
	CVE-2021-29264: (unk) gianfar: fix jumbo packets+napi+rx overrun crash
	CVE-2021-29265: (unk) usbip: fix stub_dev usbip_sockfd_store() races leading to gpf
	CVE-2021-29646: (unk) tipc: better validate user input in tipc_nl_retrieve_key()
	CVE-2021-29647: (unk) net: qrtr: fix a kernel-infoleak in qrtr_recvmsg()
	CVE-2021-29650: (unk) netfilter: x_tables: Use correct memory barriers.
	CVE-2021-30002: (unk) media: v4l: ioctl: Fix memory leak in video_usercopy
	CVE-2021-31440: (unk) bpf: Fix propagation of 32 bit unsigned bounds from 64 bit bounds
	CVE-2021-3178: (unk) nfsd4: readdirplus shouldn't return parent of export
	CVE-2021-31829: (unk) bpf: Fix masking negation logic upon negative dst register
	CVE-2021-31916: (unk) dm ioctl: fix out of bounds array access when no devices
	CVE-2021-32078: (unk) ARM: footbridge: remove personal server platform
	CVE-2021-32399: (unk) bluetooth: eliminate the potential race condition when removing the HCI controller
	CVE-2021-33033: (unk) cipso,calipso: resolve a number of problems with the DOI refcounts
	CVE-2021-33034: (unk) Bluetooth: verify AMP hci_chan before amp_destroy
	CVE-2021-3347: (unk) futex: Ensure the correct return value from futex_lock_pi()
	CVE-2021-3348: (unk) nbd: freeze the queue while we're adding connections
	CVE-2021-33624: (unk) bpf: Inherit expanded/patched seen count from old aux data
	CVE-2021-33909: (unk) seq_file: disallow extremely large seq buffer allocations
	CVE-2021-3411: (unk) x86/kprobes: Fix optprobe to detect INT3 padding correctly
	CVE-2021-3428: (unk) ext4: handle error of ext4_setup_system_zone() on remount
	CVE-2021-3444: (unk) bpf: Fix truncation handling for mod32 dst reg wrt zero
	CVE-2021-34556: (unk) bpf: Introduce BPF nospec instruction for mitigating Spectre v4
	CVE-2021-34693: (unk) can: bcm: fix infoleak in struct bcm_msg_head
	CVE-2021-3483: (unk) firewire: nosy: Fix a use-after-free bug in nosy_ioctl()
	CVE-2021-34866: (unk) bpf: Fix ringbuf helper function compatibility
	CVE-2021-3490: (unk) bpf: Fix alu32 const subreg bound tracking on bitwise operations
	CVE-2021-3491: (unk) io_uring: truncate lengths larger than MAX_RW_COUNT on provide buffers
	CVE-2021-34981: (unk) Bluetooth: cmtp: fix file refcount when cmtp_attach_device fails
	CVE-2021-35039: (unk) module: limit enabling module.sig_enforce
	CVE-2021-3506: (unk) f2fs: fix to avoid out-of-bounds memory access
	CVE-2021-3542: (unk)
	CVE-2021-35477: (unk) bpf: Introduce BPF nospec instruction for mitigating Spectre v4
	CVE-2021-3564: (unk) Bluetooth: fix the erroneous flush_work() order
	CVE-2021-3573: (unk) Bluetooth: use correct lock to prevent UAF of hdev object
	CVE-2021-3587: (unk) nfc: fix NULL ptr dereference in llcp_sock_getname() after failed connect
	CVE-2021-3600: (unk) bpf: Fix 32 bit src register truncation on div/mod
	CVE-2021-3609: (unk) can: bcm: delay release of struct bcm_op after synchronize_rcu()
	CVE-2021-3612: (unk) Input: joydev - prevent potential read overflow in ioctl
	CVE-2021-3640: (unk)
	CVE-2021-3653: (unk) KVM: nSVM: avoid picking up unsupported bits from L2 in int_ctl (CVE-2021-3653)
	CVE-2021-3655: (unk) sctp: validate from_addr_param return
	CVE-2021-3656: (unk) KVM: nSVM: always intercept VMLOAD/VMSAVE when nested (CVE-2021-3656)
	CVE-2021-3659: (unk) net: mac802154: Fix general protection fault
	CVE-2021-3669: (unk) ipc: replace costly bailout check in sysvipc_find_ipc()
	CVE-2021-3679: (unk) tracing: Fix bug in rb_per_cpu_empty() that might cause deadloop.
	CVE-2021-37159: (unk) usb: hso: fix error handling code of hso_create_net_device
	CVE-2021-3732: (unk) ovl: prevent private clone if bind mount is not allowed
	CVE-2021-3739: (unk) btrfs: fix NULL pointer dereference when deleting device by invalid id
	CVE-2021-3743: (unk) net: qrtr: fix OOB Read in qrtr_endpoint_post
	CVE-2021-3744: (unk) crypto: ccp - fix resource leaks in ccp_run_aes_gcm_cmd()
	CVE-2021-3752: (unk)
	CVE-2021-3753: (unk) vt_kdsetmode: extend console locking
	CVE-2021-37576: (unk) KVM: PPC: Book3S: Fix H_RTAS rets buffer overflow
	CVE-2021-3759: (unk) memcg: enable accounting of ipc resources
	CVE-2021-3760: (unk) nfc: nci: fix the UAF of rf_conn_info object
	CVE-2021-3764: (unk) crypto: ccp - fix resource leaks in ccp_run_aes_gcm_cmd()
	CVE-2021-3772: (unk) sctp: use init_tag from inithdr for ABORT chunk
	CVE-2021-38160: (unk) virtio_console: Assure used length from device is limited
	CVE-2021-38166: (unk) bpf: Fix integer overflow involving bucket_size
	CVE-2021-38198: (unk) KVM: X86: MMU: Use the correct inherited permissions to get shadow page
	CVE-2021-38199: (unk) NFSv4: Initialise connection to the server in nfs4_alloc_client()
	CVE-2021-38204: (unk) usb: max-3421: Prevent corruption of freed memory
	CVE-2021-38205: (unk) net: xilinx_emaclite: Do not print real IOMEM pointer
	CVE-2021-38207: (unk) net: ll_temac: Fix TX BD buffer overwrite
	CVE-2021-38208: (unk) nfc: fix NULL ptr dereference in llcp_sock_getname() after failed connect
	CVE-2021-38209: (unk) netfilter: conntrack: Make global sysctls readonly in non-init netns
	CVE-2021-38300: (unk) bpf, mips: Validate conditional branch offsets
	CVE-2021-3847: (unk)
	CVE-2021-3892: (unk)
	CVE-2021-3896: (unk) isdn: cpai: check ctr->cnr to avoid array index out of bound
	CVE-2021-40490: (unk) ext4: fix race writing to an inline_data file while its xattrs are changing
	CVE-2021-41864: (unk) bpf: Fix integer overflow in prealloc_elems_and_freelist()
	CVE-2021-42008: (unk) net: 6pack: fix slab-out-of-bounds in decode_data
	CVE-2021-42252: (unk) soc: aspeed: lpc-ctrl: Fix boundary check for mmap
	CVE-2021-42327: (unk) drm/amdgpu: fix out of bounds write
	CVE-2021-42739: (unk)
	CVE-2021-43056: (unk) KVM: PPC: Book3S HV: Make idle_kvm_start_guest() return 0 if it went to guest
	CVE-2021-43057: (unk) selinux,smack: fix subjective/objective credential use mixups