| |
| CVEs fixed in 5.16: |
| CVE-2021-4155: 983d8e60f50806f90534cc5373d0ce867e5aaf79 xfs: map unwritten blocks in XFS_IOC_{ALLOC,FREE}SP just like fallocate |
| CVE-2021-4197: 1756d7994ad85c2479af6ae5a9750b92324685af cgroup: Use open-time credentials for process migraton perm checks |
| CVE-2022-0382: d6d86830705f173fca6087a3e67ceaf68db80523 net ticp:fix a kernel-infoleak in __tipc_sendmsg() |
| |
| CVEs fixed in 5.16.2: |
| CVE-2022-0185: 8b1530a3772ae5b49c6d8d171fd3146bb947430f vfs: fs_context: fix up param length parsing in legacy_parse_param |
| |
| CVEs fixed in 5.16.3: |
| CVE-2021-43976: 9d3989c5050f10ae9bbec9f32492b500420d04a1 mwifiex: Fix skb_over_panic in mwifiex_usb_recv() |
| CVE-2021-44879: d667b9f61df7bdfcb59dd1406fd2392c358f0008 f2fs: fix to do sanity check on inode type during garbage collection |
| CVE-2021-45469: 258b26a34778cde43f228a392e242d3d0420624a f2fs: fix to do sanity check on last xattr entry in __f2fs_setxattr() |
| CVE-2022-0433: f7a6dd58e0817b063252d7c5bec88e588df34b31 bpf: Add missing map_get_next_key method to bloom filter map. |
| |
| CVEs fixed in 5.16.4: |
| CVE-2022-0330: ec1b6497a2bc0293c064337e981ea1f6cbe57930 drm/i915: Flush TLBs before releasing backing store |
| CVE-2022-22942: 1d833b27fb708d6fdf5de9f6b3a8be4bd4321565 drm/vmwgfx: Fix stale file descriptors on failed usercopy |
| |
| CVEs fixed in 5.16.5: |
| CVE-2022-0617: 620e8243cf5389e706c1c8f66ffacb3c84308a9e udf: Fix NULL ptr deref when converting from inline format |
| CVE-2022-24448: f0583af88e7dd413229ea5e670a0db36fdf34ba2 NFSv4: Handle case where the lookup of a directory fails |
| CVE-2022-24959: deb0f02d08276d87212c1f19d9d919b13dc4c033 yam: fix a memory leak in yam_siocdevprivate() |
| CVE-2022-2938: 991ced6a3a926e58df1f446819b9f2790e1c0daa psi: Fix uaf issue when psi trigger is destroyed while being polled |
| |
| CVEs fixed in 5.16.6: |
| CVE-2022-0492: 9c9dbb954e618e3d9110f13cc02c5db1fb73ea5d cgroup-v1: Require capabilities to set release_agent |
| CVE-2022-1055: 95e34f61b58a152656cbe8d6e19843cc343fb089 net: sched: fix use-after-free in tc_new_tfilter() |
| CVE-2022-1998: dea4fec0d87d4401b5d2717aa7c6c6cad050fb62 fanotify: Fix stale file descriptor in copy_event_to_user() |
| |
| CVEs fixed in 5.16.9: |
| CVE-2022-0435: 59ff7514f8c56f166aadca49bcecfa028e0ad50f tipc: improve size validations for received domain records |
| CVE-2022-0487: 7f901d53f120d1921f84f7b9b118e87e94b403c5 moxart: fix potential use-after-free on remove path |
| CVE-2022-0516: 8c68c50109c22502b647f4e86ec74400c7a3f6e0 KVM: s390: Return error on SIDA memop on normal guest |
| |
| CVEs fixed in 5.16.10: |
| CVE-2022-25258: 8895017abfc76bbc223499b179919dd205047197 USB: gadget: validate interface OS descriptor requests |
| CVE-2022-25375: 2724ebafda0a8df08a9cb91557d33226bee80f7b usb: gadget: rndis: check size of RNDIS_MSG_SET command |
| CVE-2022-2964: 9681823f96a811268265f35307072ad80713c274 net: usb: ax88179_178a: Fix out-of-bounds accesses in RX fixup |
| |
| CVEs fixed in 5.16.11: |
| CVE-2022-0500: e982070f8970bb62e69ed7c9cafff886ed200349 bpf: Introduce MEM_RDONLY flag |
| CVE-2022-0847: eddef98207d678f21261c2bd07da55938680df4e lib/iov_iter: initialize "flags" in new pipe_buffer |
| CVE-2022-20008: cccf23c660cc96c5687335d73cad103e983e6165 mmc: block: fix read single on recovery logic |
| CVE-2022-23222: 77459bc4d5e2c6f24db845780b4d9d60cf82d06a bpf: Replace PTR_TO_XXX_OR_NULL with PTR_TO_XXX | PTR_MAYBE_NULL |
| CVE-2022-27950: 80dad7483e3940dc9d9d55f8b34d1f4ba85a505e HID: elo: fix memory leak in elo_probe |
| |
| CVEs fixed in 5.16.12: |
| CVE-2022-25636: 6bff27caef1ee07a8b190f34cf32c99d6cc37a33 netfilter: nf_tables_offload: incorrect flow offload action array size |
| CVE-2022-26966: 639f72dce8667a3d601561e0e47d53ad999e7f8a sr9700: sanity check for packet length |
| CVE-2022-27223: 3221ef49ba18924e55a4d42a2ea4080cfea12c6c USB: gadget: validate endpoint index for xilinx udc |
| CVE-2022-29156: fa498059c631e94e91dcb6d78070909d8de56d99 RDMA/rtrs-clt: Fix possible double free in error case |
| |
| CVEs fixed in 5.16.13: |
| CVE-2022-0494: f8c61361a4f52c2a186269982587facc852dba62 block-map: add __GFP_ZERO flag for alloc_page in function bio_copy_kern |
| CVE-2022-0742: 5ed9983ce67341b405cf6fda826e29aed26a7371 ipv6: fix skb drops in igmp6_event_query() and igmp6_event_report() |
| CVE-2022-24958: 9e5c16b2a9812cd250f0de0b77391c2d63adf2f2 usb: gadget: don't release an existing dev->buf |
| |
| CVEs fixed in 5.16.14: |
| CVE-2021-26401: 1984feb9872b905420af97d471d60051b6dd5851 x86/speculation: Use generic retpoline by default on AMD |
| CVE-2022-0001: 56829c19c8171303faca18d6ab3511ecdf3e7e23 x86/speculation: Rename RETPOLINE_AMD to RETPOLINE_LFENCE |
| CVE-2022-0002: 56829c19c8171303faca18d6ab3511ecdf3e7e23 x86/speculation: Rename RETPOLINE_AMD to RETPOLINE_LFENCE |
| CVE-2022-23036: 0ba1ab25bb5057869621b340dbd411cca3242467 xen/grant-table: add gnttab_try_end_foreign_access() |
| CVE-2022-23037: 741052b05bcdc295dd715a71549b28c926266800 xen/netfront: don't use gnttab_query_foreign_access() for mapped status |
| CVE-2022-23038: 0ba1ab25bb5057869621b340dbd411cca3242467 xen/grant-table: add gnttab_try_end_foreign_access() |
| CVE-2022-23039: 3b72403eb1850f79deef77497763a6eb65654863 xen/gntalloc: don't use gnttab_query_foreign_access() |
| CVE-2022-23040: 69e581afd2eafd51df6d4a24ab488cb8863c2dcd xen/xenbus: don't let xenbus_grant_ring() remove grants in error case |
| CVE-2022-23041: d83dd50f3c23bc887e4c67d547e5a21a23fb8bb8 xen/9p: use alloc/free_pages_exact() |
| CVE-2022-23042: 34630641e955f23ae06db178822d99d0a9d89b20 xen/netfront: react properly to failing gnttab_end_foreign_access_ref() |
| CVE-2022-23960: f5eb0f1dcde4b7c2b5ee920ae53bcecaaba03947 ARM: report Spectre v2 status through sysfs |
| |
| CVEs fixed in 5.16.15: |
| CVE-2021-33135: 248c6347720200b9e5f79a4339ddbe4ef0074d36 x86/sgx: Free backing memory after faulting the enclave page |
| CVE-2022-0995: b36588ebbcef74583824c08352e75838d6fb4ff2 watch_queue: Fix filter limit check |
| CVE-2022-1011: 58a9bdff32fde29137731e574b17c42592875fd0 fuse: fix pipe buffer lifetime for direct_io |
| CVE-2022-1198: 4356343fb70c899901bce33acedf4fede797d21f drivers: hamradio: 6pack: fix UAF bug caused by mod_timer() |
| CVE-2022-1199: 1d83a95214bc516bd8778fa423cb8383d925f8c8 ax25: Fix NULL pointer dereference in ax25_kill_by_device |
| CVE-2022-27666: 9afe83f62aac348db1facb28bfc106109a06e44d esp: Fix possible buffer overflow in ESP transformation |
| |
| CVEs fixed in 5.16.17: |
| CVE-2022-20158: ef591b35176029fdefea38e8388ffa371e18f4b2 net/packet: fix slab-out-of-bounds access in packet_recvmsg() |
| CVE-2022-20368: ef591b35176029fdefea38e8388ffa371e18f4b2 net/packet: fix slab-out-of-bounds access in packet_recvmsg() |
| |
| CVEs fixed in 5.16.18: |
| CVE-2022-1015: 2c8ebdaa7c9755b85d90c07530210e83665bad9a netfilter: nf_tables: validate registers coming from userspace. |
| CVE-2022-1016: 64f24c76dd0ce53d0fa3a0bfb9aeea507c769485 netfilter: nf_tables: initialize registers in nft_do_chain() |
| CVE-2022-1048: 0090c13cbbdffd7da079ac56f80373a9a1be0bf8 ALSA: pcm: Fix races among concurrent hw_params and hw_free calls |
| CVE-2022-26490: 0646efbb6e100a3f93eba3b6a10a7f4c28dd1478 nfc: st21nfca: Fix potential buffer overflows in EVT_TRANSACTION |
| CVE-2022-28356: 6f5bf395c60ed2643de51f2b1041cb0882e9d97f llc: fix netdevice reference leaks in llc_ui_bind() |
| |
| CVEs fixed in 5.16.19: |
| CVE-2022-0168: 0f0ce73e7dad17084222da19989049ebfb8be541 cifs: fix NULL ptr dereference in smb2_ioctl_query_info() |
| CVE-2022-1158: 9a611c57530050dc359a83177c2f97678b1f961e KVM: x86/mmu: do compare-and-exchange of gPTE via the user address |
| CVE-2022-1353: 16d974fa4ddda389bf58bb5e4fc8cad8910ba66d af_key: add __GFP_ZERO flag for compose_sadb_supported in function pfkey_register |
| CVE-2022-1516: 4a279d7ee1c65411b4055ecd428b8aa2b1711c1f net/x25: Fix null-ptr-deref caused by x25_disconnect |
| CVE-2022-1651: ee827d86ee73583c0f0b65db877467d9b5551aa4 virt: acrn: fix a memory leak in acrn_dev_ioctl() |
| CVE-2022-1671: c3c415ae0c82da1349d85b8c9b18e6480aa6a230 rxrpc: fix some null-ptr-deref bugs in server_key.c |
| CVE-2022-20369: 2a5fd6b402049521f657966a42c4277f083a63c0 media: v4l2-mem2mem: Apply DST_QUEUE_OFF_BASE on MMAP buffers across ioctls |
| CVE-2022-2153: 9e38128f8bd1d4f2244d8a393bc5dc204a99a541 KVM: x86: Avoid theoretical NULL pointer dereference in kvm_irq_delivery_to_apic_fast() |
| CVE-2022-2380: 34d986f6ee5f5ac48cd2b9e2d061196fd3c29d39 video: fbdev: sm712fb: Fix crash in smtcfb_read() |
| CVE-2022-28388: 3e006cf0fb809815d56e59c9de4486fbe253ccdf can: usb_8dev: usb_8dev_start_xmit(): fix double dev_kfree_skb() in error path |
| CVE-2022-28389: f913412848defa326a155c47d026267624472190 can: mcba_usb: mcba_usb_start_xmit(): fix double dev_kfree_skb in error path |
| CVE-2022-28390: 41f6be840f138c7d42312d7619a6b44c001d6b6e can: ems_usb: ems_usb_start_xmit(): fix double dev_kfree_skb() in error path |
| CVE-2022-2977: 2f928c0d5c02dbab49e8c19d98725c822f6fc409 tpm: fix reference counting for struct tpm_chip |
| CVE-2022-30594: c8248775c1b96b00b680e067f99f8feaaa7c7dbc ptrace: Check PTRACE_O_SUSPEND_SECCOMP permission on PTRACE_SEIZE |
| CVE-2022-3078: dd18f929458762f07b969d24d46e1d0a0d94c908 media: vidtv: Check for null return of vzalloc |
| CVE-2022-3239: 37f808a9e734e9036f7aa42ba4864fc6e91d2572 media: em28xx: initialize refcount before kref_get |
| |
| CVEs fixed in 5.16.20: |
| CVE-2022-1263: a1f48251918d825785af9cab83996d4c12ef795a KVM: avoid NULL pointer dereference in kvm_dirty_ring_push |
| CVE-2022-28893: 7a0921a23cae42e9fa5ce964f6907181b6dc80d8 SUNRPC: Ensure we flush any closed sockets before xs_xprt_free() |
| CVE-2022-29582: d568c13d9d29d3151540a0d1b20c3a1ca801a662 io_uring: fix race between timeout flush and removal |
| CVE-2022-3202: ffe1d40aec3f6f8cc620369ba07eb5e9bd449d85 jfs: prevent NULL deref in diFree |
| |
| Outstanding CVEs: |
| CVE-2005-3660: (unk) |
| CVE-2007-3719: (unk) |
| CVE-2008-2544: (unk) |
| CVE-2008-4609: (unk) |
| CVE-2010-4563: (unk) |
| CVE-2010-5321: (unk) |
| CVE-2011-4916: (unk) |
| CVE-2011-4917: (unk) |
| CVE-2012-4542: (unk) |
| CVE-2013-7445: (unk) |
| CVE-2015-2877: (unk) |
| CVE-2016-8660: (unk) |
| CVE-2017-13693: (unk) |
| CVE-2017-13694: (unk) |
| CVE-2018-1121: (unk) |
| CVE-2018-12928: (unk) |
| CVE-2018-12929: (unk) |
| CVE-2018-12930: (unk) |
| CVE-2018-12931: (unk) |
| CVE-2018-17977: (unk) |
| CVE-2019-12456: (unk) |
| CVE-2019-15239: (unk) unknown |
| CVE-2019-15290: (unk) |
| CVE-2019-15902: (unk) unknown |
| CVE-2019-16089: (unk) |
| CVE-2019-19378: (unk) |
| CVE-2019-19814: (unk) |
| CVE-2019-20794: (unk) |
| CVE-2020-0347: (unk) |
| CVE-2020-10708: (unk) |
| CVE-2020-11725: (unk) |
| CVE-2020-14304: (unk) |
| CVE-2020-15802: (unk) |
| CVE-2020-24502: (unk) |
| CVE-2020-24503: (unk) |
| CVE-2020-25220: (unk) |
| CVE-2020-26140: (unk) |
| CVE-2020-26142: (unk) |
| CVE-2020-26143: (unk) |
| CVE-2020-26556: (unk) |
| CVE-2020-26557: (unk) |
| CVE-2020-26559: (unk) |
| CVE-2020-26560: (unk) |
| CVE-2020-35501: (unk) |
| CVE-2020-36516: (unk) |
| CVE-2021-0399: (unk) |
| CVE-2021-0695: (unk) |
| CVE-2021-26934: (unk) |
| CVE-2021-33061: (unk) ixgbe: add improvement for MDD response functionality |
| CVE-2021-33655: (unk) fbcon: Disallow setting font bigger than screen size |
| CVE-2021-3542: (unk) |
| CVE-2021-3714: (unk) |
| CVE-2021-3847: (unk) |
| CVE-2021-3864: (unk) |
| CVE-2021-3892: (unk) |
| CVE-2021-39800: (unk) |
| CVE-2021-39801: (unk) |
| CVE-2021-39802: (unk) |
| CVE-2021-4095: (unk) KVM: x86: Fix wall clock writes in Xen shared_info not to mark page dirty |
| CVE-2021-4204: (unk) bpf: Generalize check_ctx_reg for reuse with other types |
| CVE-2022-0171: (unk) KVM: SEV: add cache flush to solve SEV cache incoherency issues |
| CVE-2022-0400: (unk) |
| CVE-2022-0998: (unk) vdpa: clean up get_config_size ret value handling |
| CVE-2022-1012: (unk) secure_seq: use the 64 bits of the siphash for port offset calculation |
| CVE-2022-1116: (unk) |
| CVE-2022-1184: (unk) ext4: verify dir block before splitting it |
| CVE-2022-1204: (unk) ax25: Fix refcount leaks caused by ax25_cb_del() |
| CVE-2022-1247: (unk) |
| CVE-2022-1462: (unk) tty: use new tty_insert_flip_string_and_push_buffer() in pty_write() |
| CVE-2022-1652: (unk) floppy: use a statically allocated error counter |
| CVE-2022-1679: (unk) ath9k: fix use-after-free in ath9k_hif_usb_rx_cb |
| CVE-2022-1729: (unk) perf: Fix sys_perf_event_open() race against self |
| CVE-2022-1734: (unk) nfc: nfcmrvl: main: reorder destructive operations in nfcmrvl_nci_unregister_dev to avoid bugs |
| CVE-2022-1789: (unk) KVM: x86/mmu: fix NULL pointer dereference on guest INVPCID |
| CVE-2022-1836: (unk) floppy: disable FDRAWCMD by default |
| CVE-2022-1852: (unk) KVM: x86: avoid calling x86 emulator without a decoded instruction |
| CVE-2022-1943: (unk) udf: Avoid using stale lengthOfImpUse |
| CVE-2022-1966: (unk) netfilter: nf_tables: disallow non-stateful expression in sets earlier |
| CVE-2022-1972: (unk) netfilter: nf_tables: sanitize nft_set_desc_concat_parse() |
| CVE-2022-1973: (unk) fs/ntfs3: Fix invalid free in log_replay |
| CVE-2022-1974: (unk) nfc: replace improper check device_is_registered() in netlink related functions |
| CVE-2022-1975: (unk) NFC: netlink: fix sleep in atomic bug when firmware download timeout |
| CVE-2022-20421: (unk) binder: fix UAF of ref->proc caused by race condition |
| CVE-2022-20422: (unk) arm64: fix oops in concurrently setting insn_emulation sysctls |
| CVE-2022-2078: (unk) netfilter: nf_tables: sanitize nft_set_desc_concat_parse() |
| CVE-2022-21123: (unk) x86/speculation/mmio: Add mitigation for Processor MMIO Stale Data |
| CVE-2022-21125: (unk) x86/speculation/mmio: Reuse SRBDS mitigation for SBDS |
| CVE-2022-21166: (unk) x86/speculation/mmio: Enable CPU Fill buffer clearing on idle |
| CVE-2022-21499: (unk) lockdown: also lock down previous kgdb use |
| CVE-2022-21505: (unk) lockdown: Fix kexec lockdown bypass with ima policy |
| CVE-2022-2209: (unk) |
| CVE-2022-2308: (unk) vduse: prevent uninitialized memory accesses |
| CVE-2022-2318: (unk) net: rose: fix UAF bugs caused by timer handler |
| CVE-2022-23816: (unk) x86/kvm/vmx: Make noinstr clean |
| CVE-2022-23825: (unk) |
| CVE-2022-24122: (unk) ucount: Make get_ucount a safe get_user replacement |
| CVE-2022-2503: (unk) dm verity: set DM_TARGET_IMMUTABLE feature flag |
| CVE-2022-25265: (unk) |
| CVE-2022-2585: (unk) posix-cpu-timers: Cleanup CPU timers before freeing them during exec |
| CVE-2022-2586: (unk) netfilter: nf_tables: do not allow SET_ID to refer to another table |
| CVE-2022-2588: (unk) net_sched: cls_route: remove from list when handle is 0 |
| CVE-2022-2590: (unk) mm/gup: fix FOLL_FORCE COW security issue and remove FOLL_COW |
| CVE-2022-2602: (unk) io_uring/af_unix: defer registered files gc to io_uring release |
| CVE-2022-26365: (unk) xen/blkfront: fix leaking data in shared pages |
| CVE-2022-26373: (unk) x86/speculation: Add RSB VM Exit protections |
| CVE-2022-2639: (unk) openvswitch: fix OOB access in reserve_sfa_size() |
| CVE-2022-2663: (unk) netfilter: nf_conntrack_irc: Fix forged IP logic |
| CVE-2022-26878: (unk) |
| CVE-2022-2873: (unk) i2c: ismt: prevent memory corruption in ismt_access() |
| CVE-2022-2905: (unk) bpf: Don't use tnum_range on array range checking for poke descriptors |
| CVE-2022-29581: (unk) net/sched: cls_u32: fix netns refcount changes in u32_change() |
| CVE-2022-2959: (unk) pipe: Fix missing lock in pipe_resize_ring() |
| CVE-2022-2961: (unk) |
| CVE-2022-2978: (unk) fs: fix UAF/GPF bug in nilfs_mdt_destroy |
| CVE-2022-29900: (unk) x86/kvm/vmx: Make noinstr clean |
| CVE-2022-29901: (unk) x86/kvm/vmx: Make noinstr clean |
| CVE-2022-29968: (unk) io_uring: fix uninitialized field in rw io_kiocb |
| CVE-2022-3028: (unk) af_key: Do not call xfrm_probe_algs in parallel |
| CVE-2022-3061: (unk) video: fbdev: i740fb: Error out if 'pixclock' equals zero |
| CVE-2022-3077: (unk) i2c: ismt: prevent memory corruption in ismt_access() |
| CVE-2022-3169: (unk) nvme: ensure subsystem reset is single threaded |
| CVE-2022-3176: (unk) io_uring: fix UAF due to missing POLLFREE handling |
| CVE-2022-32250: (unk) netfilter: nf_tables: disallow non-stateful expression in sets earlier |
| CVE-2022-32296: (unk) tcp: increase source port perturb table to 2^16 |
| CVE-2022-3238: (unk) |
| CVE-2022-32981: (unk) powerpc/32: Fix overread/overwrite of thread_struct via ptrace |
| CVE-2022-3303: (unk) ALSA: pcm: oss: Fix race at SNDCTL_DSP_SYNC |
| CVE-2022-3344: (unk) |
| CVE-2022-33740: (unk) xen/netfront: fix leaking data in shared pages |
| CVE-2022-33741: (unk) xen/netfront: force data bouncing when backend is untrusted |
| CVE-2022-33742: (unk) xen/blkfront: force data bouncing when backend is untrusted |
| CVE-2022-33743: (unk) xen-netfront: restore __skb_queue_tail() positioning in xennet_get_responses() |
| CVE-2022-33744: (unk) xen/arm: Fix race in RB-tree based P2M accounting |
| CVE-2022-33981: (unk) floppy: disable FDRAWCMD by default |
| CVE-2022-3424: (unk) |
| CVE-2022-3435: (unk) ipv4: Handle attempt to delete multipath route when fib_info contains an nh reference |
| CVE-2022-34494: (unk) rpmsg: virtio: Fix possible double free in rpmsg_virtio_add_ctrl_dev() |
| CVE-2022-34495: (unk) rpmsg: virtio: Fix possible double free in rpmsg_probe() |
| CVE-2022-34918: (unk) netfilter: nf_tables: stricter validation of element data |
| CVE-2022-3521: (unk) kcm: avoid potential race in kcm_tx_work |
| CVE-2022-3522: (unk) mm/hugetlb: use hugetlb_pte_stable in migration race check |
| CVE-2022-3523: (unk) mm/memory.c: fix race when faulting a device private page |
| CVE-2022-3524: (unk) tcp/udp: Fix memory leak in ipv6_renew_options(). |
| CVE-2022-3526: (unk) macvlan: Fix leaking skb in source mode with nodst option |
| CVE-2022-3535: (unk) net: mvpp2: fix mvpp2 debugfs leak |
| CVE-2022-3542: (unk) bnx2x: fix potential memory leak in bnx2x_tpa_stop() |
| CVE-2022-3543: (unk) af_unix: Fix memory leaks of the whole sk due to OOB skb. |
| CVE-2022-3545: (unk) nfp: fix use-after-free in area_cache_get() |
| CVE-2022-3564: (unk) Bluetooth: L2CAP: Fix use-after-free caused by l2cap_reassemble_sdu |
| CVE-2022-3565: (unk) mISDN: fix use-after-free bugs in l1oip timer handlers |
| CVE-2022-3566: (unk) tcp: Fix data races around icsk->icsk_af_ops. |
| CVE-2022-3567: (unk) ipv6: Fix data races around sk->sk_prot. |
| CVE-2022-3577: (unk) HID: bigben: fix slab-out-of-bounds Write in bigben_probe |
| CVE-2022-3586: (unk) sch_sfb: Don't assume the skb is still around after enqueueing to child |
| CVE-2022-3594: (unk) r8152: Rate limit overflow messages |
| CVE-2022-3595: (unk) cifs: fix double-fault crash during ntlmssp |
| CVE-2022-36123: (unk) x86: Clear .brk area at early boot |
| CVE-2022-3619: (unk) Bluetooth: L2CAP: Fix memory leak in vhci_write |
| CVE-2022-3621: (unk) nilfs2: fix NULL pointer dereference at nilfs_bmap_lookup_at_level() |
| CVE-2022-3623: (unk) mm/hugetlb: fix races when looking up a CONT-PTE/PMD size hugetlb page |
| CVE-2022-3624: (unk) bonding: fix reference count leak in balance-alb mode |
| CVE-2022-3625: (unk) devlink: Fix use-after-free after a failed reload |
| CVE-2022-3628: (unk) wifi: brcmfmac: Fix potential buffer overflow in brcmf_fweh_event_worker() |
| CVE-2022-36280: (unk) |
| CVE-2022-3629: (unk) vsock: Fix memory leak in vsock_connect() |
| CVE-2022-3630: (unk) fscache: don't leak cookie access refs if invalidation is in progress or failed |
| CVE-2022-3633: (unk) can: j1939: j1939_session_destroy(): fix memory leak of skbs |
| CVE-2022-3635: (unk) atm: idt77252: fix use-after-free bugs caused by tst_timer |
| CVE-2022-3636: (unk) net: ethernet: mtk_eth_soc: use after free in __mtk_ppe_check_skb() |
| CVE-2022-36402: (unk) |
| CVE-2022-3642: (unk) |
| CVE-2022-3646: (unk) nilfs2: fix leak of nilfs_root in case of writer thread creation failure |
| CVE-2022-3649: (unk) nilfs2: fix use-after-free bug of struct nilfs_root |
| CVE-2022-36879: (unk) xfrm: xfrm_policy: fix a possible double xfrm_pols_put() in xfrm_bundle_lookup() |
| CVE-2022-36946: (unk) netfilter: nf_queue: do not allow packet truncation below transport header offset |
| CVE-2022-3707: (unk) |
| CVE-2022-38096: (unk) |
| CVE-2022-38457: (unk) |
| CVE-2022-3903: (unk) media: mceusb: Use new usb_control_msg_*() routines |
| CVE-2022-39188: (unk) mmu_gather: Force tlb-flush VM_PFNMAP vmas |
| CVE-2022-39189: (unk) KVM: x86: do not report a vCPU as preempted outside instruction boundaries |
| CVE-2022-39190: (unk) netfilter: nf_tables: disallow binding to already bound chain |
| CVE-2022-3977: (unk) mctp: prevent double key removal and unref |
| CVE-2022-39842: (unk) video: fbdev: pxa3xx-gcu: Fix integer overflow in pxa3xx_gcu_write |
| CVE-2022-40133: (unk) |
| CVE-2022-40307: (unk) efi: capsule-loader: Fix use-after-free in efi_capsule_write |
| CVE-2022-40768: (unk) scsi: stex: Properly zero out the passthrough command structure |
| CVE-2022-41218: (unk) |
| CVE-2022-41674: (unk) wifi: cfg80211: fix u8 overflow in cfg80211_update_notlisted_nontrans() |
| CVE-2022-41848: (unk) |
| CVE-2022-41849: (unk) fbdev: smscufx: Fix use-after-free in ufx_ops_open() |
| CVE-2022-41850: (unk) HID: roccat: Fix use-after-free in roccat_read() |
| CVE-2022-42703: (unk) mm/rmap: Fix anon_vma->degree ambiguity leading to double-reuse |
| CVE-2022-42719: (unk) wifi: mac80211: fix MBSSID parsing use-after-free |
| CVE-2022-42720: (unk) wifi: cfg80211: fix BSS refcounting bugs |
| CVE-2022-42721: (unk) wifi: cfg80211: avoid nontransmitted BSS list corruption |
| CVE-2022-42722: (unk) wifi: mac80211: fix crash in beacon protection for P2P-device |
| CVE-2022-42895: (unk) Bluetooth: L2CAP: Fix attempting to access uninitialized memory |
| CVE-2022-42896: (unk) Bluetooth: L2CAP: Fix accepting connection request for invalid SPSM |
| CVE-2022-43750: (unk) usb: mon: make mmapped memory read only |
| CVE-2022-43945: (unk) NFSD: Protect against send buffer overflow in NFSv2 READDIR |
| CVE-2022-44032: (unk) |
| CVE-2022-44033: (unk) |
| CVE-2022-44034: (unk) |
