Google Git
Sign in
cos / mirrors / github.com / nluedtke / linux_kernel_cves / 9a384d328794bba1b27038962a8a925bc0fa08f6 / . / data / 3.18 / 3.18_security.txt
blob: 54844bb578a26ec97d608ef2c35b203111237a9c [file] [log] [blame]
CVEs fixed in 3.18.1:
CVE-2014-8559: 679829c2e50332832c2e85b12ec851a423ad9892 move d_rcu from overlapping d_child to overlapping d_alias
CVEs fixed in 3.18.2:
CVE-2014-8133: b9372b87cda18d4b75d0fc5f426f3743b507de05 x86/tls: Validate TLS entries to protect espfix
CVE-2014-8134: ead468da1150996a29e6c565db3c5cad79e5e4b1 x86, kvm: Clear paravirt_enabled on KVM guests for espfix32's benefit
CVE-2014-8989: d5c3ebc43923644c61155b6b71f9b1a36d570343 userns: Don't allow setgroups until a gid mapping has been setablished
CVE-2014-9419: a1f3f3d87a0bd360dfbb9642dffadcc8e2f1de3a x86_64, switch_to(): Load TLS descriptors before switching DS and ES
CVE-2014-9420: b6d20edb6e7cedb4eedb9e0193d20dd488ebae84 isofs: Fix infinite looping over CE entries
CVE-2014-9584: 9c0f8266e97ab401365e8b7fbe1cf9a76541633e isofs: Fix unchecked printing of ER records
CVE-2014-9683: d7fad547c36925f69c67fd19a97731d3d38706a2 eCryptfs: Remove buggy and unnecessary write in file name decode routine
CVE-2014-9728: a6a4afa5c41f299404424cc55fa26611751bf38d udf: Verify i_size when loading inode
CVE-2014-9729: a6a4afa5c41f299404424cc55fa26611751bf38d udf: Verify i_size when loading inode
CVE-2014-9730: 41ba2abbb3ce394c208fe509438a4691d588ad94 udf: Check component length before reading it
CVE-2014-9731: 1a927faa55b967fdc6f8fcb2a8bc9870ee7c0d98 udf: Check path length when reading symlink
CVEs fixed in 3.18.3:
CVE-2014-9585: ef44baf660f89050cb80b3ec48cedf4ffae89162 x86_64, vdso: Fix the vdso address randomization algorithm
CVEs fixed in 3.18.4:
CVE-2014-9428: 53fd27c1a28d8e974e800a75abc15382dc51f205 batman-adv: Calculate extra tail size based on queued fragments
CVEs fixed in 3.18.5:
CVE-2013-7421: f2efa8653bb59eeaa47036222bf4dd9acc83aabf crypto: prefix module autoloading with "crypto-"
CVE-2014-9529: 8326fa8ec22f770a900bfe869e7ced22fd42f3e8 KEYS: close race between key lookup and freeing
CVE-2014-9644: acc5ccb9fe1c1d3840d49e181ae30b924cfc28b5 crypto: include crypto- module prefix in template
CVE-2015-0239: cb2567bf3eed3c7fe5fd914d827e3088d21e565f KVM: x86: SYSENTER emulation is broken
CVE-2015-1573: 436322eeda54e4c8ebb09c7a293dc169afeabb7a netfilter: nf_tables: fix flush ruleset chain dependencies
CVE-2017-8240: ce441cb4f15f5d6d7fc509dae6c9e00b56aadb45 pinctrl: qcom: Don't iterate past end of function array
CVEs fixed in 3.18.8:
CVE-2015-1421: c75e4b05b591b6c134b7e66c1ea39757f452f1e8 net: sctp: fix slab corruption from use after free on INIT collisions
CVE-2015-1465: 9ad1a959ac71423224aa8f248af3cc258e54e46a ipv4: try to cache dst_entries which would cause a redirect
CVEs fixed in 3.18.9:
CVE-2015-1593: 805f25c4d886cfff790fa8f309e432dd7923d2c2 x86, mm/ASLR: Fix stack randomization on 64-bit systems
CVE-2015-4167: f21d9d44483d12e21a8c7adc05dd382fdb2895d5 udf: Check length of extended attributes and allocation descriptors
CVEs fixed in 3.18.10:
CVE-2015-2672: 6ddd115f4c15c2fe03bc2e214c3c95a9626156e2 x86/fpu/xsaves: Fix improper uses of __ex_table
CVE-2015-2830: ce5dd33cbf06346752eeb5530e135d953d6b7abb x86/asm/entry/64: Remove a bogus 'ret_from_fork' optimization
CVEs fixed in 3.18.11:
CVE-2015-2150: c7fd1867c7d0626bf00373cec0f64b0ce4f4ec84 xen-pciback: limit guest control of command register
CVE-2015-3331: 3b389956156c23d7936f5a863cf7ac18a92dfee1 crypto: aesni - fix memory usage in GCM decryption
CVE-2016-0823: 1cd3d374b25ba7e9934be66781ff7fc4513a2b09 pagemap: do not leak physical addresses to non-privileged userspace
CVEs fixed in 3.18.13:
CVE-2014-8159: 9b233a2fb7823cbbf0adeaf50586cef471da6bc7 IB/uverbs: Prevent integer overflow in ib_umem_get address arithmetic
CVE-2015-2922: c85b2d7e9fa44286feaac33031db1dd0e4c9ed3b ipv6: Don't reduce hop limit for an interface
CVEs fixed in 3.18.14:
CVE-2015-3636: e13f6f2b39c4d91371c0ede88b136f364a6ffd6d ipv4: Missing sk_nulls_node_init() in ping_unhash().
CVE-2015-6526: ff342613d0b725883aae0bbde834ba5aad99973c powerpc/perf: Cap 64bit userspace backtraces to PERF_MAX_STACK_DEPTH
CVE-2015-8950: a142e9641dcbead2c8845c949ad518acac96ed28 arm64: dma-mapping: always clear allocated buffers
CVE-2017-1000253: 954f17f76c942d6fda33d4945bba66178514538d fs/binfmt_elf.c: fix bug in loading of PIE binaries
CVEs fixed in 3.18.15:
CVE-2015-1420: 444a3e132498a80ddd48296897e3ffe1ff53eb76 vfs: read file_handle only once in handle_to_path
CVE-2015-4177: 0de0e610f6b359c52d4f8b02bac2963f4968c9d6 mnt: Fail collect_mounts when applied to unmounted mounts
CVE-2015-4178: 11bf6b1ea65f1580477827831d05711e5b87ac7b fs_pin: Allow for the possibility that m_list or s_list go unused.
CVE-2015-5706: f42b455331b5eb2ef5f2cecab28941eb1fada554 path_openat(): fix double fput()
CVEs fixed in 3.18.17:
CVE-2015-4700: 645995e2934706449c4214a3f0f881d6c7fbc5fe x86: bpf_jit: fix compilation of large bpf programs
CVE-2015-5364: ee4ab7d8328b0a505d376b6c08d569778c8689af udp: fix behavior of wrong checksums
CVE-2015-5366: ee4ab7d8328b0a505d376b6c08d569778c8689af udp: fix behavior of wrong checksums
CVEs fixed in 3.18.18:
CVE-2015-3212: 720e1669baa8f2658d737825e49edb018cf3aa1d sctp: fix ASCONF list handling
CVE-2015-4002: 63f352a237c26bf679a9f73a5e92060bb1f94ef9 ozwpan: Use proper check to prevent heap overflow
CVE-2015-4003: 5fcae12c6f561a1b218f0250f599d12fdd5b6b45 ozwpan: divide-by-zero leading to panic
CVE-2015-9289: f162b656ee480c9a3b024c85deffc4ab39f1a9a5 cx24116: fix a buffer overflow when checking userspace params
CVEs fixed in 3.18.19:
CVE-2014-9710: 55e97f654cbbbef70f9714f0e113604dd931e360 Btrfs: make xattr replace operations atomic
CVE-2015-2666: 5ba6a2f494ab6e6d6e7fb58f099dde2f9ad06f3b x86/microcode/intel: Guard against stack overflow in the loader
CVEs fixed in 3.18.20:
CVE-2015-1333: 66db51c9f7b2fe7ebdfa753b2aa9abbb9feddc87 KEYS: ensure we free the assoc array edit if edit is valid
CVEs fixed in 3.18.21:
CVE-2015-4692: 4b8ec51eb5e94596b4a3d465b93a3d18375b98b9 kvm: x86: fix kvm_apic_has_events to check for NULL pointer
CVE-2015-5697: e46e18eb387767fa26356417210ef41d0855ef1e md: use kzalloc() when bitmap is disabled
CVE-2015-5707: b03137288b2ab4e93a5c9c9bbe45e9bbc04c9b6e sg_start_req(): make sure that there's not too many elements in iovec
CVE-2015-6252: f9a59d88f99c3149013e44d1aa9245e67c49a800 vhost: actually track log eventfd file
CVEs fixed in 3.18.22:
CVE-2015-3290: 057e3a8787b53052e4f5d92a3da6a0b9f5113bea x86/nmi/64: Switch stacks on userspace NMI entry
CVE-2015-5157: 057e3a8787b53052e4f5d92a3da6a0b9f5113bea x86/nmi/64: Switch stacks on userspace NMI entry
CVEs fixed in 3.18.23:
CVE-2015-2925: 27f5c615afb5303eb902a1f2535903e0fd1d7517 dcache: Handle escaped paths in prepend_path
CVE-2015-3291: 4bc532d8428f6dd671c66f51ce5e459cc0ff1c86 x86/nmi/64: Use DF to avoid userspace RSP confusing nested NMI detection
CVE-2015-5257: b57a9f68701f9587e1b1792232db55615353c314 USB: whiteheat: fix potential null-deref at probe
CVE-2015-5283: 779c19e0ac88b95710ceae2495caebfd442dd2c1 sctp: fix race on protocol/netns initialization
CVE-2015-7613: b5495ddce4659122180b5fee6fc52dc5196e0918 Initialize msg/shm IPC objects before doing ipc_addid()
CVE-2015-8746: 7730c1b9620d5b4887699d1b2ad9338fc63ca736 NFS: Fix a NULL pointer dereference of migration recovery ops for v4.2 client
CVEs fixed in 3.18.25:
CVE-2015-0275: b9fca5cb9ab94112bebd1e5db862962df9dfcec2 ext4: allocate entire range in zero range
CVE-2015-4036: 0812542d8e5337822045c81695caff87ea4f5105 vhost/scsi: potential memory corruption
CVE-2015-5156: feeb0406f75ae3488ff6573903533000125b2faf virtio-net: drop NETIF_F_FRAGLIST
CVE-2015-5307: 79e62de2efb2f586726e46342c792360a9644319 KVM: x86: work around infinite loop in microcode when #AC is delivered
CVE-2015-6937: cf6580ef92b0f5baf6f9a0ff2c51d852ba5145ba RDS: verify the underlying transport exists before creating a connection
CVE-2015-7872: 16d8da6c17a7024180e3b9865eb9fad605a9b382 KEYS: Fix crash when attempt to garbage collect an uninstantiated keyring
CVE-2015-8215: a9ff3cb5ec5a60c9b9a5dc3d1e870bdb29451f0a ipv6: addrconf: validate new MTU before applying it
CVE-2016-3841: 46ddb98e2018a5a62cefa75b3c80882850c91e39 ipv6: add complete rcu protection around np->opt
CVEs fixed in 3.18.26:
CVE-2013-7446: 72032798034d921ed565e3bf8dfdc3098f6473e2 unix: avoid use-after-free in ep_remove_wait_queue
CVE-2015-7550: e41946e47ec501023afd7e5dfeb794ab7492e7c0 KEYS: Fix race between read and revoke
CVE-2015-8543: e60ccfd9e596b48d4b9d6e2b5440261c83d10c12 net: add validation for the socket syscall protocol argument
CVE-2015-8569: 652ed6f6effe13ce2fc0215230517aa01bdbf3e3 pptp: verify sockaddr_len in pptp_bind() and pptp_connect()
CVE-2015-8575: 566198569555189eff9c11c67bbaefb1bacc7bfa bluetooth: Validate socket address length in sco_sock_bind().
CVE-2016-0728: d25b4531a808bd0faae3dcd0553421d0570373d1 KEYS: Fix keyring ref leak in join_session_keyring()
CVEs fixed in 3.18.27:
CVE-2013-4312: a5b9e44af8d3edaf49d14a91cc519a9fba439e67 unix: properly account for FDs passed over unix sockets
CVE-2015-7566: 34a893326f0473dbe25c6a128c63e17eba08a71c USB: serial: visor: fix crash on detecting device without write_urbs
CVE-2015-7799: f9e58aab4655efe4f53452977ea29447b7446735 isdn_ppp: Add checks for allocation failure in isdn_ppp_open()
CVE-2015-8816: 425b3d713f077fc340bad07137104304c22e8f5d USB: fix invalid memory access in hub_activate()
CVE-2016-0723: 16c10d77d37d46d0b7db1901136d657777c8caf8 tty: Fix unsafe ldisc reference via ioctl(TIOCGETD)
CVE-2016-2545: 73c0532426ba7eb55f0015faebb1cad466a656e0 ALSA: timer: Fix double unlink of active_list
CVE-2016-2547: f40ee9cf5f69092e63b6f6262d9fd19a24b00bab ALSA: timer: Harden slave timer list handling
CVE-2016-2548: f40ee9cf5f69092e63b6f6262d9fd19a24b00bab ALSA: timer: Harden slave timer list handling
CVE-2016-2782: 01bba7b17a230e9c35239ded7ac942081e6f6b7c USB: visor: fix null-deref at probe
CVEs fixed in 3.18.28:
CVE-2016-2085: 6702fc0c98d40442f9e74e10c499d68cd96455df EVM: Use crypto_memneq() for digest comparisons
CVE-2016-2384: b4dc014d417de972afd85248c8027380f1166317 ALSA: usb-audio: avoid freeing umidi object twice
CVE-2017-13167: 0f97e402030cb82e5a5ab9ca9babf323d1bc5b74 ALSA: timer: Fix race at concurrent reads
CVEs fixed in 3.18.29:
CVE-2015-8553: 3d0ec7c06a1994f71ef7820185a71b7c1d8bbb42 xen/pciback: Don't allow MSI-X ops if PCI_COMMAND_MEMORY is not set.
CVEs fixed in 3.18.30:
CVE-2016-3044: c518a1b39eda7356aebfd514cd8164ed909d995f KVM: PPC: Book3S HV: Sanitize special-purpose register values on guest exit
CVEs fixed in 3.18.31:
CVE-2015-7513: 8dc1d26b1bae170d1d11e6460cf745ef10d90bfd KVM: x86: Reload pit counters for all channels when restoring state
CVE-2015-8660: 931858a0bce673fad1855373631641c8250f83ea ovl: fix permission checking for setattr
CVE-2015-8785: d48d21de5e8054d38360e09d5f16508c0a17dd62 fuse: break infinite loop in fuse_fill_write_pages()
CVE-2015-8812: 07508eb3c9a18afdb25b69d68c0fd3dd0698e148 iw_cxgb3: Fix incorrectly returning error on success
CVE-2015-8970: 1f45c38917129af49a187aae8f2ef76d098d66ca crypto: algif_skcipher - Require setkey before accept(2)
CVE-2016-0821: 88965e61d381a0d3cd3e0d49aa5fb6481a9447cc include/linux/poison.h: fix LIST_POISON{1,2} offset
CVE-2016-2184: 53b7c0ed67fecfb2123a14b4d1ae246fb2807283 ALSA: usb-audio: Fix NULL dereference in create_fixed_stream_quirk()
CVE-2016-2185: 37735ed2c8c12e9671a3742d6b9028bad43852df Input: ati_remote2 - fix crashes on detecting device with invalid descriptor
CVE-2016-2186: b684cb33d6867e10ba45375a12ef9f3ceb6f0aa7 Input: powermate - fix oops with malicious USB descriptors
CVE-2016-3138: 4576d5d818abff73e363027f52da09519573c924 USB: cdc-acm: more sanity checking
CVE-2016-3157: 9dac025573bbde6e69bd2238b803cdd4d881d83b x86/iopl/64: Properly context-switch IOPL on Xen PV
CVE-2016-3689: 7ca573e32c0a6634d679540314a80d235f224bfb Input: ims-pcu - sanity check against missing interfaces
CVE-2016-6327: 88155b6f0560f43d101cc415c70a17b09046e532 IB/srpt: Simplify srpt_handle_tsk_mgmt()
CVE-2016-9685: a8dabc28e0b21f70d9e27b04a42efc7f093c7c18 xfs: fix two memory leaks in xfs_attr_list.c error paths
CVEs fixed in 3.18.32:
CVE-2016-3136: e8f4639414972d17224cd816be7b89a00840b09e USB: mct_u232: add sanity checking in probe
CVE-2016-3137: 55e18b81b1d3755288aa6234d9439bdd95b3f58f USB: cypress_m8: add endpoint sanity check
CVE-2016-3140: fb6e2ebb91f21839aa13c40a6f71ac6423e4c64e USB: digi_acceleport: do sanity checking for the number of ports
CVE-2016-7914: 34caf1dc30b288cc94a0d44e7e9a133de8246062 assoc_array: don't call compare_object() on a node
CVEs fixed in 3.18.33:
CVE-2016-2187: 6b314d424e2fda751e4cc330f050ceac2c7edce8 Input: gtco - fix crash on detecting device without endpoints
CVE-2016-3961: 24b769352bd519d6d932ea070e295e8b13f43af8 x86/mm/xen: Suppress hugetlbfs in PV guests
CVEs fixed in 3.18.34:
CVE-2016-4565: a34c1651ea7a55f3c0e77c80c3b27605d5a7dfea IB/security: Restrict use of the write() interface
CVE-2016-4581: b688848a01ce5e9ce2a3d62af6e66b09dcd6f78d propogate_mnt: Handle the first propogated copy being a slave
CVE-2016-4913: b8500fc5acce9976a6de1c60daa09f40d148f11d get_rock_ridge_filename(): handle malformed NM entries
CVEs fixed in 3.18.35:
CVE-2016-9754: 180fbec3621c16c23eb5de917577b9aa5dcb1d57 ring-buffer: Prevent overflow of size in ring_buffer_resize()
CVEs fixed in 3.18.36:
CVE-2016-1583: 70e21269e3ec8e4345e7fcd263f9a8f2a43f42df proc: prevent stacking filesystems on top
CVEs fixed in 3.18.37:
CVE-2016-2117: d06f8ffbe758cb0e4ff7ba8e311ef496bcaf9532 atl2: Disable unimplemented scatter/gather feature
CVE-2016-2847: be65d29ff7b6246afa8309063cc77ba030d98d17 pipe: limit the per-user amount of pages allocated in pipes
CVE-2016-3134: c2a1b8ee3f6a1acf7f19037d13e4031831b05776 netfilter: x_tables: fix unconditional helper
CVE-2016-3156: abe3994caa1c1056a2d036bdb613cc8ad282b059 ipv4: Don't do expensive useless work during inetdev destroy.
CVE-2016-3955: 9a71843e3ab0f1ffb766c4074f761ba57e3c12c8 USB: usbip: fix potential out-of-bounds write
CVE-2016-4470: 4e7a91fe833202b19f58a8c872e7f77592a4b682 KEYS: potential uninitialized variable
CVE-2016-4485: 84aa66876dc5594058a346bf36928d8b652e6a6b net: fix infoleak in llc
CVE-2016-4486: 69243164a954a78073a83cb87d2e03254a4810ef net: fix infoleak in rtnetlink
CVE-2016-4580: b35237a8295196b3ea3efb36fde887b7b4dffb9a net: fix a kernel infoleak in x25 module
CVE-2016-4794: 9e9f68827d7eb85c39503457a37a5dced178f6f4 percpu: fix synchronization between chunk->map_extend_work and chunk destruction
CVE-2016-4805: a472ae852324f815b61615c3a2dfb80b40a46c22 ppp: take reference on channels netns
CVE-2016-4997: 7ba6a7dfbf7c37aa1984db170a015dded04adc81 netfilter: x_tables: check for bogus target offset
CVE-2016-4998: 7ba6a7dfbf7c37aa1984db170a015dded04adc81 netfilter: x_tables: check for bogus target offset
CVE-2016-5828: 8d596e6adb909cebe6290426160b8dedc84c802a powerpc/tm: Always reclaim in start_thread() for exec() class syscalls
CVE-2016-5829: 6f562d23f3bb941cba33d9ec048f6cb85bf2cd80 HID: hiddev: validate num_values for HIDIOCGUSAGES, HIDIOCSUSAGES commands
CVE-2016-7117: cdd1fd36f4b67d9fdbeb1a4d16025192d44a3e8b net: Fix use after free in the recvmmsg exit path
CVE-2016-7916: aa9be0d64b75c66a807824705495464369400a01 proc: prevent accessing /proc/<PID>/environ until it's ready
CVE-2016-9806: 57b26930c7149c9ed86ba29038523a7a23140220 netlink: Fix dump skb leak/double free
CVEs fixed in 3.18.38:
CVE-2016-7911: b86ef7ef23554d978422ab49366223932ce976d4 block: fix use-after-free in sys_ioprio_get()
CVEs fixed in 3.18.39:
CVE-2016-5400: d380c88d88ed317a7493e5cba85fa0ebecf38ac9 media: fix airspy usb probe error path
CVE-2016-6197: 5eaee47bcdf4f17e2bdd6105f12b6d5e567e72c4 ovl: verify upper dentry before unlink and rename
CVEs fixed in 3.18.40:
CVE-2016-1237: 6abbd53f83fe94fb2562b3a45ef7770e4dfcde29 posix_acl: Add set_posix_acl
CVE-2016-5412: 15b4c06d13983dcfcbf34f3c2c7de269c8258656 KVM: PPC: Book3S HV: Pull out TM state save/restore into separate procedures
CVE-2016-6136: 3f4976f0e610b010e9e69ff294212ce6b7fc7ca5 audit: fix a double fetch in audit_log_single_execve_arg()
CVE-2016-7910: 8bc7adafc3a58801319873cbfa38f4fc8e0047b4 block: fix use-after-free in seq file
CVE-2017-7495: aba6b2d882d2bad5e3996b739fa5ae7f62bf8bf6 ext4: fix data exposure after a crash
CVEs fixed in 3.18.41:
CVE-2016-5696: 0efba8d124de904db7766645561a6f39c501f2c1 tcp: make challenge acks less predictable
CVE-2016-6480: 30c2bbd8a7b7ff3b6849d6ce1a69d4db9e40183b aacraid: Check size values after double-fetch from user
CVEs fixed in 3.18.43:
CVE-2016-9178: e58d9a8251584d92976d4cc7f46ab30963c9e99a fix minor infoleak in get_user_ex()
CVEs fixed in 3.18.44:
CVE-2016-5195: e45a502bdeae5a075257c4f061d1ff4ff0821354 mm: remove gup_flags FOLL_WRITE games from __get_user_pages()
CVEs fixed in 3.18.45:
CVE-2016-10229: 69335972b1c1c9bd7597fc6080b6eb1bd3fbf774 udp: properly support MSG_PEEK with truncated buffers
CVE-2016-7042: abe571f80e33d3df7741d15cd03a8b95a93f659f KEYS: Fix short sprintf buffer in /proc/keys show function
CVE-2016-8633: dff462fc98d649a51557491d02f5c16f2127970b firewire: net: guard against rx buffer overflows
CVEs fixed in 3.18.46:
CVE-2015-8956: ee79b622f43bab46bd6ff778b3cd2e4af4784bc2 Bluetooth: Fix potential NULL dereference in RFCOMM bind callback
CVE-2016-6828: fa9b0c17c956a6d2bb3e99ad274c32e86adfddcf tcp: fix use after free in tcp_xmit_retransmit_queue()
CVE-2016-7425: 6371e0cdc5be8671461f136dc1df9a36bdb5292a scsi: arcmsr: Buffer overflow in arcmsr_iop_message_xfer()
CVE-2016-8655: 5c120b79dd6601a987eb33214f2686e5b75f3c3e packet: fix race condition in packet_set_ring
CVEs fixed in 3.18.47:
CVE-2016-10088: a861b9212ab44dc9483259b1f9376e74bae2ad37 sg_write()/bsg_write() is not fit to be called under KERNEL_DS
CVE-2016-8666: dd4fff23f0f4c7c5414f50c091c78a7e423f85da tunnels: Don't apply GRO to multiple layers of encapsulation.
CVEs fixed in 3.18.49:
CVE-2016-2188: ce55817c633e5807f4645a60163f6cbc3f5af63b USB: iowarrior: fix NULL-deref at probe
CVE-2016-8405: 59ab6ac4aa855c38f40ab9e6501b17189e7b4089 fbdev: color map copying bounds checking
CVE-2016-9555: ffdfbf56e46b2968e85cc389664ee9224f3ff049 sctp: validate chunk len before actually using it
CVE-2017-2618: 0f436bf3f81b0674414d198a01bffc4ecae4590e selinux: fix off-by-one in setprocattr
CVE-2017-2636: 477f7e81b30f70d45659c2c6e6aef4f79fbd15b7 tty: n_hdlc: get rid of racy n_hdlc.tbuf
CVE-2017-5897: 3bbaa8061856b883c9deb16d1942188ef2608850 ip6_gre: fix ip6gre_err() invalid reads
CVE-2017-5970: eeae5e030fcdba3a924bb951c4c62ef40dfc8974 ipv4: keep skb->dst around in presence of IP options
CVE-2017-5986: a4a3d26a1d4e0702b1b54c8dc9c56ed61742568a sctp: avoid BUG_ON on sctp_wait_for_sndbuf
CVE-2017-6074: ae803f3ffbca73a8ba65759c71ce30f3bbcda83f dccp: fix freeing skb too early for IPV6_RECVPKTINFO
CVE-2017-6214: 337bb5f3fd50872e4bdac43c097fd7bf926f24a9 tcp: avoid infinite loop in tcp_splice_read()
CVE-2017-6345: 5b8f1011ac5363df3a6051223d146144f4af47d7 net/llc: avoid BUG_ON() in skb_orphan()
CVE-2017-7184: 281edc5a3778cd551e688e8d0c88d05d948b4faf xfrm_user: validate XFRM_MSG_NEWAE XFRMA_REPLAY_ESN_VAL replay_window
CVE-2017-7308: eeead20a3d208b411eab883f9ba3180c15b566d0 net/packet: fix overflow in check for priv area size
CVE-2017-8924: 1f5371cc84232fc5b3140713d681b35641c56c17 USB: serial: io_ti: fix information leak in completion handler
CVE-2017-8925: d064efcbd6ed7526ad075a9ad5ef28b1d398ab46 USB: serial: omninet: fix reference leaks at open
CVEs fixed in 3.18.50:
CVE-2017-2596: aa5b35bad59a2691db0ea739fb79be82aff5cbb8 kvm: fix page struct leak in handle_vmon
CVE-2017-6353: 02415182a92ccd72b60c22e723a56a74a566d2e7 sctp: deny peeloff operation on asocs with threads sleeping on it
CVE-2017-7187: a3bc27d43f5b5e8cac993b447eeb2f2efb1493af scsi: sg: check length passed to SG_NEXT_CMD_LEN
CVE-2017-7261: 6e7f776a49aabe3c734f9d94ba2522961a91c6b7 drm/vmwgfx: NULL pointer dereference in vmw_surface_define_ioctl()
CVE-2017-7294: 2e29dce3fd6c31f5d0e623e5a929c06d5436ee60 drm/vmwgfx: fix integer overflow in vmw_surface_define_ioctl()
CVE-2017-7616: c01cf9586df930e721f608578329496081c9624a mm/mempolicy.c: fix error handling in set_mempolicy and mbind.
CVE-2017-7618: c2798145e731005fa1e6ee2a489940c1dd8f03e4 crypto: ahash - Fix EINPROGRESS notification callback
CVE-2017-7889: be63d158bba15c468d474808b60e6ac2417a933b mm: Tighten x86 /dev/mem with zeroing reads
CVE-2017-8064: c59f266fa87e8413db93040348db33f1995bb2b4 dvb-usb-v2: avoid use-after-free
CVEs fixed in 3.18.51:
CVE-2016-7913: dff2b1e346b783fb69d736b887005e6d41f34d9b xc2028: avoid use after free
CVE-2016-9083: 898ef37a73f7ad23cd5030d1c845d9b00da20721 vfio/pci: Fix integer overflows, bitmask check
CVE-2016-9084: 898ef37a73f7ad23cd5030d1c845d9b00da20721 vfio/pci: Fix integer overflows, bitmask check
CVE-2016-9120: f63514257efd74108711e1d4e2ca462968170c42 staging/android/ion : fix a race condition in the ion driver
CVE-2016-9604: 44c037827f0aeddbbbb323930fa3d09a7b4fffca KEYS: Disallow keyrings beginning with '.' to be joined as session keyrings
CVE-2017-2671: 4e340a02d59c230b99460574c6a8fc87dc1a9a47 ping: implement proper locking
CVE-2017-7472: 6efda2501976288f10895834ba2782d0df093441 KEYS: fix keyctl_set_reqkey_keyring() to not leak thread keyrings
CVEs fixed in 3.18.52:
CVE-2014-9940: 42f268023df2919f484d8b46df34b35323bd3358 regulator: core: Fix regualtor_ena_gpio_free not to access pin after freeing
CVE-2015-3288: 47ce8d2e1fcaac31cbe7d84882c8a6b29e201398 mm: avoid setting up anonymous pages into file mapping
CVE-2015-9004: 5a7b3b1ec16b6bfa57752d37292988e64fcdd172 perf: Tighten (and fix) the grouping condition
CVE-2016-10200: dc57f1e18b8f484d013fd21bc89b7a5b88c3d460 l2tp: fix racy SOCK_ZAPPED flag check in l2tp_ip{,6}_bind()
CVE-2016-7097: d8333c045f045385a914013a220cd1ed54c88d48 posix_acl: Clear SGID bit when setting file permissions
CVE-2016-9793: 29fc5d17f274ccab37404882875f9045be10f6bd net: avoid signed overflows for SO_{SND|RCV}BUFFORCE
CVE-2016-9794: e6ef3b68c00023ebd52721b6ad210c4af3af6d35 ALSA: pcm : Call kill_fasync() in stream lock
CVE-2017-0750: 010336c795e15f358c5bd7054175833ee0203121 f2fs: do more integrity verification for superblock
CVE-2017-10661: 4636aad518296b169546b4144eceb27d324f0fa5 timerfd: Protect the might cancel mechanism proper
CVE-2017-7645: a1552b1c52d9c2ed48b21f722c1bd7f0ffbdb398 nfsd: check for oversized NFSv2/v3 arguments
CVEs fixed in 3.18.53:
CVE-2017-10662: 27f411c7ee241d194cd5fd3271d83089d70b2c20 f2fs: sanity check segment count
CVEs fixed in 3.18.54:
CVE-2015-8955: e00f6efe21bd34a7dd1cc3520f6155180e3d8125 arm64: perf: reject groups spanning multiple HW PMUs
CVE-2015-8962: 6d523f23bb2dadfebcda1636ee2d534259566c6c sg: Fix double-free when drives detach during SG_IO
CVE-2015-8963: 6ee649ba055c71907226820070cde13079d3d49d perf: Fix race in swevent hash
CVE-2015-8967: c8f417a2d6af99b2735709cb60562e0a7c8ddf62 arm64: make sys_call_table const
CVE-2016-0758: 7da78079bae82dbaac4b88e0cb1f875e0dc52775 KEYS: Fix ASN.1 indefinite length object parsing
CVE-2016-2053: c66d9b77cbda5e0e71ae0dfabaa94b27ca3f6b63 ASN.1: Fix non-match detection failure on data overrun
CVE-2016-2544: 6d4025862a080579362994eeb0095eb78dd801f2 ALSA: seq: Fix race at timer setup and close
CVE-2016-2546: 19f609798f7ea6392028091b42dd53b3c7f9368f ALSA: timer: Fix race among timer ioctls
CVE-2016-3951: 2ed13588499c3f5f0dc6b6851471178ca5a44576 cdc_ncm: do not call usbnet_link_change from cdc_ncm_bind
CVE-2016-4569: bbcf19d306745832e043e02c7b3d4f4fad82d61e ALSA: timer: Fix leak in SNDRV_TIMER_IOCTL_PARAMS
CVE-2016-4578: bbb79774fcea8b92df051d1d68fcba18d884f860 ALSA: timer: Fix leak in events via snd_timer_user_ccallback
CVE-2016-6786: 33b738f7c5a704b729b2502669cf71c7b25ab7d6 perf: Fix event->ctx locking
CVE-2016-6787: 33b738f7c5a704b729b2502669cf71c7b25ab7d6 perf: Fix event->ctx locking
CVE-2016-7915: 18377401142c65b0afe0168502fd335697e47936 HID: core: prevent out-of-bound readings
CVEs fixed in 3.18.55:
CVE-2015-8964: f98d89173f9e16dba893806e2b99c1d7e0a10ac6 tty: Prevent ldisc drivers from re-using stale tty fields
CVE-2017-1000363: f4615841767ff7908599e643f587078670a390c9 char: lp: fix possible integer overflow in lp_setup()
CVE-2017-18360: 2a635375148830a2caa5716ba2bd0a223c582228 USB: serial: io_ti: fix div-by-zero in set_termios
CVE-2017-7487: 53b5e27b585ecd9d657617890887cb1686153295 ipx: call ipxitf_put() in ioctl error path
CVEs fixed in 3.18.56:
CVE-2017-18221: aef16f4c9831727766de1b4887ce452c3a915368 mlock: fix mlock count can not decrease in race condition
CVE-2017-8890: 4bb305d07ffbc616d1594e2144cc2417eb44fcd5 dccp/tcp: do not inherit mc_list from parent
CVE-2017-9074: 5ca68dbb5a6bb81c6119a6808e1dd8d1a53febc8 ipv6: Prevent overrun when parsing v6 header options
CVE-2017-9075: 56fd34c68676131cce13b0031990e49e80d3ee99 sctp: do not inherit ipv6_{mc|ac|fl}_list from parent
CVE-2017-9242: 1d31de23f617332861b9767ad137b73e953be60b ipv6: fix out of bound writes in __ip6_append_data()
CVEs fixed in 3.18.57:
CVE-2017-1000380: d96c363ff004fbb42f728b3e4299a71c4e567568 ALSA: timer: Fix race between read and ioctl
CVE-2017-15274: 8206e0a25785c58e88a444fed1d4646da60b14a4 KEYS: fix dereferencing NULL payload with nonzero length
CVE-2017-7346: e3648dc366b1469972f02e023e38bf70f143dc0a drm/vmwgfx: limit the number of mip levels in vmw_gb_surface_define_ioctl()
CVEs fixed in 3.18.58:
CVE-2017-1000364: d4712eb79b17d85c9e354efa2d3156ce50736128 mm: larger stack guard gap, between vmas
CVE-2017-1000379: d4712eb79b17d85c9e354efa2d3156ce50736128 mm: larger stack guard gap, between vmas
CVEs fixed in 3.18.59:
CVE-2017-1000365: 2dff2164d171e9c27f2f7fa778d408ecf4d1e1ea fs/exec.c: account for argv/envp pointers
CVE-2017-7482: 9c3a8a0f69e07fbbe31024ebe72b1c8d7607033e rxrpc: Fix several cases where a padded len isn't checked in ticket decode
CVEs fixed in 3.18.60:
CVE-2017-18017: f4549a698a531c0014c62e40e521ffa030cf31e0 netfilter: xt_TCPMSS: add more sanity tests on tcph->doff
CVEs fixed in 3.18.61:
CVE-2017-11176: 7eaa7e5baa0ffb3b6ca28798f0e014f43c004f47 mqueue: fix a use-after-free in sys_mq_notify()
CVE-2017-12146: 61b0972bd40ae77fabb019e26402ac17906fcb15 driver core: platform: fix race condition with driver_override
CVEs fixed in 3.18.62:
CVE-2017-11089: 55520ec2ca6a85ab1e2a51210f414cf0f9f5fe7a cfg80211: Define nla_policy for NL80211_ATTR_LOCAL_MESH_POWER_MODE
CVE-2017-7541: ae10cf5c80b897b3a46ef1bdf77a52dd84bd336d brcmfmac: fix possible buffer overflow in brcmf_cfg80211_mgmt_tx()
CVE-2018-14634: 915d918369390e5746794ca0d38a40ba05745b4a exec: Limit arg stack to at most 75% of _STK_LIM
CVE-2019-9457: 915d918369390e5746794ca0d38a40ba05745b4a exec: Limit arg stack to at most 75% of _STK_LIM
CVEs fixed in 3.18.63:
CVE-2017-11473: 7f377fc4008980278edbfd9d70ef9aa91ffa8448 x86/acpi: Prevent out of bound access caused by broken ACPI tables
CVE-2017-18079: f6be94430be69b9abd5b7b357210e1f4ef4d1eea Input: i8042 - fix crash at boot time
CVEs fixed in 3.18.64:
CVE-2017-10663: 64133595b549c1036ffe8598f4c53aa355d9e3f1 f2fs: sanity check checkpoint segno and blkoff
CVE-2017-12762: 4cb1585c473ec9a5a98104e79ed07cee7de3729e isdn/i4l: fix buffer overflow
CVE-2017-15868: f6237750acc4494cb28e174289d5d335313ff2ea Bluetooth: bnep: bnep_add_connection() should verify that it's dealing with l2cap socket
CVE-2017-7533: a1dbc0979b4f92f3b0d0bb86671639e09315f43c dentry name snapshots
CVE-2017-7542: 41d33a5b803bd1c3ca84f5bfb9ab77d06ce09fca ipv6: avoid overflow of offset in ip6_find_1stfragopt
CVEs fixed in 3.18.65:
CVE-2017-1000: 4ac8dc208caf85675f0f745783e0a3f88dac0008 udp: consistently apply ufo or fragmentation
CVE-2017-1000111: f2ce502f866556d24ebfae84673c9ef211b79906 packet: fix tp_reserve race in packet_set_ring
CVE-2017-1000112: 4ac8dc208caf85675f0f745783e0a3f88dac0008 udp: consistently apply ufo or fragmentation
CVEs fixed in 3.18.67:
CVE-2017-14140: 8cf95002f0c9afe06fa1e4b9ebb0e10a77c481b1 Sanitize 'move_pages()' permission checks
CVE-2018-10675: d5a76b2ba6871a875fdcd598548176ce3464aa30 mm/mempolicy: fix use after free when calling get_mempolicy
CVEs fixed in 3.18.69:
CVE-2017-9725: f0c8d9367c9232fa54e592bad095140f987031fd mm: cma: fix incorrect type conversion for size during dma allocation
CVEs fixed in 3.18.70:
CVE-2017-11600: 0d400015a32c703273b90601574956a4452a9311 xfrm: policy: check policy direction value
CVEs fixed in 3.18.71:
CVE-2017-1000251: 090aa4651522ec35776896abe31c0a221689a14f Bluetooth: Properly check L2CAP config option output buffer length
CVE-2017-14340: b766f0849a52e235268f362b7d8ec8bc36cdc7f0 xfs: XFS_IS_REALTIME_INODE() should be false if no rt device present
CVE-2017-9984: bceac1033cd99ff5d2aaa69c700367f866bf6f04 ALSA: msnd: Optimize / harden DSP and MIDI loops
CVE-2017-9985: bceac1033cd99ff5d2aaa69c700367f866bf6f04 ALSA: msnd: Optimize / harden DSP and MIDI loops
CVEs fixed in 3.18.72:
CVE-2017-0627: 15ac0595018f5fdfbec2a23574b81a01c73ee5e1 media: uvcvideo: Prevent heap overflow when accessing mapped controls
CVE-2017-14051: 78d88643d218fccb0fcf7fa957e785d4048e35cb scsi: qla2xxx: Fix an integer overflow in sysfs code
CVE-2017-14106: 1722ca90e1b88e6b7f0824908828e2462d7405ac tcp: initialize rcv_mss to TCP_MIN_MSS instead of 0
CVE-2017-14991: 9793679d8dc92d1d8a187d023d2d7a17dd9348b5 scsi: sg: fixup infoleak when using SG_GET_REQUEST_TABLE
CVEs fixed in 3.18.73:
CVE-2017-12153: 65e3664fc6087d2941e940e38beb39920e9ae032 nl80211: check for the required netlink attributes presence
CVE-2017-12154: 6ad74630c016ef823f2720671ee4db641d35fd2c kvm: nVMX: Don't allow L2 to access the hardware CR8
CVE-2017-12192: 6ea8051f42d965e3197ef31d4f54f75525b9439c KEYS: prevent KEYCTL_READ on negative key
CVE-2017-14156: 2d53f0b14066d798104411f13442afc20bdea4d6 video: fbdev: aty: do not leak uninitialized padding in clk to userspace
CVE-2017-14489: fec4cd33779f9edd7ab2d0d5ad7228f55f3f6887 scsi: scsi_transport_iscsi: fix the issue that iscsi_if_rx doesn't parse nlmsg properly
CVE-2017-15537: f23ec06d527c9cd90552a68c748bcb5aa942ee87 x86/fpu: Don't let userspace set bogus xcomp_bv
CVE-2017-18270: e3b663ba2ddd8f30ba92d4e6898637bb526dba70 KEYS: prevent creating a different user's keyrings
CVE-2020-14353: e3b663ba2ddd8f30ba92d4e6898637bb526dba70 KEYS: prevent creating a different user's keyrings
CVEs fixed in 3.18.74:
CVE-2016-8650: 703937f005ea09ac2b6da593a9cec0befcb7b22a mpi: Fix NULL ptr dereference in mpi_powm()
CVE-2017-13215: 36c84b22ac8aa041cbdfbe48a55ebb32e3521704 crypto: algif_skcipher - Load TX SG list after waiting
CVEs fixed in 3.18.75:
CVE-2016-10208: 2ce649fdacd53afc430565e18124d7d72be92cb3 ext4: validate s_first_meta_bg at mount time
CVE-2017-16526: 4a8d502989094b0825bb11240bc12e4d9cc5c65b uwb: properly check kthread_run return value
CVE-2017-16529: ee44ff5445ae449570427baa534bfba2abba7545 ALSA: usb-audio: Check out-of-bounds access by corrupted buffer descriptor
CVE-2017-16530: 8f0a7703ff9e3a5553134c3d9a20573624802541 USB: uas: fix bug in handling of alternate settings
CVE-2017-16531: 0502bf54bd01e8dbf4a057fe76f974074b5fb7e6 USB: fix out-of-bounds in usb_set_configuration
CVEs fixed in 3.18.76:
CVE-2016-2543: 954e2ed41fec684048824230eb51bed0eae449ba ALSA: seq: Fix missing NULL check at remove_events ioctl
CVE-2017-12190: d7795bf6a9d8b004dbbd1f081f3eff18ff49276d fix unbalanced page refcounting in bio_map_user_iov
CVE-2017-15265: 035e6d0b5b192ff5e168ed322304d29db108d790 ALSA: seq: Fix use-after-free at creating a port
CVE-2017-16525: 8ae04f638496b7a9b0381aecf5c47dcb5a3bd6fc USB: serial: console: fix use-after-free after failed setup
CVE-2017-16527: 9d263dba25284b31f2544970964decf65b79a2e8 ALSA: usb-audio: Kill stray URB at exiting
CVE-2017-16533: f4cf5d75416ae3d79e03179fe6f4b9f1231ae42c HID: usbhid: fix out-of-bounds bug
CVEs fixed in 3.18.77:
CVE-2017-15649: b0763909b4538894bb47614656c75f2a233c40d2 packet: in packet_do_bind, test fanout with bind_lock held
CVE-2018-9568: bc8a5a45208d335de143643e51358c8299bce0f3 net: Set sk_prot_creator when cloning sockets to the right proto
CVEs fixed in 3.18.78:
CVE-2017-15299: 98c4e5cae5204c1114390219331ddd649d78a5a7 KEYS: don't let add_key() update an uninstantiated key
CVE-2017-16535: 7c1c88e160ed14dfb02cb35369e27abe01eb2ca5 USB: core: fix out-of-bounds access bug in usb_get_bos_descriptor()
CVEs fixed in 3.18.79:
CVE-2017-12193: 38dc93fa84026ef8711827fb7063744e7197b887 assoc_array: Fix a buggy node-splitting case
CVE-2017-16643: 9c73743447f244eb0e7422a285dc907283d3630e Input: gtco - fix potential out-of-bound access
CVEs fixed in 3.18.80:
CVE-2015-9016: b6885d31d1c6b6f4ccd50535d24dbe5c3d8a7d7b blk-mq: fix race between timeout and freeing request
CVEs fixed in 3.18.82:
CVE-2017-13080: 6891c6fd2a500d1f39d1426765f610bdc2c2a39d mac80211: accept key reinstall without changing anything
CVE-2017-16532: 32530efaed51e4df01e2bc151822143d23ae403a usb: usbtest: fix NULL pointer dereference
CVE-2017-16645: c0f26c8f0562869e43e5001bed22817e6019d456 Input: ims-psu - check if CDC union descriptor is sane
CVE-2018-7191: 638c8339e05eb7eee584dfe4b3102376cf35664b tun: call dev_get_valid_name() before register_netdevice()
CVEs fixed in 3.18.83:
CVE-2017-16537: b02dac504efc353e1e8507c10f835f09757b0068 media: imon: Fix null-ptr-deref in imon_probe
CVE-2017-16646: 49fc34138b882bb1c6f2ba20df5339bca8a9167e media: dib0700: fix invalid dvb_detach argument
CVEs fixed in 3.18.84:
CVE-2017-15115: 39c3fff9ef51ba9f2748f37ad7d9cfef365e87fe sctp: do not peel off an assoc from one netns to another one
CVE-2017-18204: f72e2ba19765ec94ab1b704bce53c3d1ca13202e ocfs2: should wait dio before inode lock in ocfs2_setattr()
CVE-2017-9076: 3f45934ed0bd864f878a78c3dfbd1ad437ba427f ipv6/dccp: do not inherit ipv6_mc_list from parent
CVE-2017-9077: 3f45934ed0bd864f878a78c3dfbd1ad437ba427f ipv6/dccp: do not inherit ipv6_mc_list from parent
CVEs fixed in 3.18.85:
CVE-2017-18203: 84cc7b5d26c17384f29b25a1ba4d42e2e820043a dm: fix race between dm_get_from_kobject() and __dm_destroy()
CVEs fixed in 3.18.86:
CVE-2017-16939: 8586e18413441d265f0ff536378d6ef358d18853 ipsec: Fix aborted xfrm policy dump crash
CVE-2017-18208: d5ec57c35ac4eeee9b18fb31a953281e63672c0f mm/madvise.c: fix madvise() infinite loop under special circumstances
CVEs fixed in 3.18.88:
CVE-2017-0861: 14416b2c878b989674761118db8072bf7f0c9501 ALSA: pcm: prevent UAF in snd_pcm_info
CVE-2017-1000407: 7389171fdc5976066573edd1fcf6c9a81d8df90f KVM: VMX: remove I/O port 0x80 bypass on Intel hosts
CVE-2017-17807: 228014b20bd8902b05942ce4db4197ce345296f3 KEYS: add missing permission check for request_key() destination
CVE-2018-7492: 6d40c9bf5733c9c6db79e0e6d398371955b525af rds: Fix NULL pointer dereference in __rds_rdma_map
CVEs fixed in 3.18.89:
CVE-2017-16914: f749066bec4019a7a5f7eee22b56314958161c1e usbip: fix stub_send_ret_submit() vulnerability to null transfer_buffer
CVE-2017-17558: dd3ad5f60d520da135bf4dce5adcecf400e2db64 USB: core: prevent malicious bNumInterfaces overflow
CVE-2017-17805: ebd52f8b6422b920b4d1697d90679a2bb4b48a0b crypto: salsa20 - fix blkcipher_walk API usage
CVE-2017-17806: 252b343a9789151293ad1da4a1ac0851bf31a22e crypto: hmac - require that the underlying hash algorithm is unkeyed
CVEs fixed in 3.18.91:
CVE-2017-17449: 5594e3eba3ee62dd06c317086c4ea0491d5502c7 netlink: Add netns check on taps
CVE-2017-18595: f9e16c238bd6da1d858d50c1ab81c8431578877a tracing: Fix possible double free on failure of allocating trace buffer
CVE-2018-18386: 95a9e2bf54b89e00a989c4c6c83efbd3cb972516 n_tty: fix EXTPROC vs ICANON interaction with TIOCINQ (aka FIONREAD)
CVEs fixed in 3.18.92:
CVE-2017-1000410: e1ed1d1e0af521d54957953de2c7276b9cb24033 Bluetooth: Prevent stack info leak from the EFS element.
CVE-2017-13216: 6dc42f889217a0a077bc75c6fa5239ade762fff4 staging: android: ashmem: fix a race condition in ASHMEM_SET_SIZE ioctl
CVE-2017-6001: 2f9cf5cd5580046fe9ff97dae32f9c753500d4ea perf/core: Fix concurrent sys_perf_event_open() vs. 'move_group' race
CVE-2018-5332: a7b25c9f6ea92d582bda195eca561b9cb605ea91 RDS: Heap OOB write in rds_message_alloc_sgs()
CVE-2018-5333: 3396f2bef5ede06f73c0be43975ce837767785ed RDS: null pointer dereference in rds_atomic_free_op
CVEs fixed in 3.18.93:
CVE-2017-17448: f4ba1d0e4366d63d1d09c024e8befc99c642e84b netfilter: nfnetlink_cthelper: Add missing permission checks
CVE-2017-17450: 115e3505bbd683a01496860646fa632e6533b4e3 netfilter: xt_osf: Add missing permission checks
CVE-2018-6927: ad211e59c68389b9203f3834c65da7bfe9e6874a futex: Prevent overflow by strengthen input validation
CVEs fixed in 3.18.94:
CVE-2018-1000004: 6aab3aa52366a0051e5abf8aae4616c42053fd8e ALSA: seq: Make ioctls race-free
CVE-2018-5344: 524a6efbd1234439ba00176006ed95ad7d007da6 loop: fix concurrent lo_open/lo_release
CVEs fixed in 3.18.95:
CVE-2017-13305: 99a223bcec506dbd8de7aa3c16995b71d3ca7bb6 KEYS: encrypted: fix buffer overread in valid_master_desc()
CVE-2017-16538: 84882420c73f959fdbad90e538a6d1644c6703dc media: dvb-usb-v2: lmedm04: Improve logic checking of warm start
CVE-2017-16911: 67ad0235bacc1af72dad6eac6c5ac1a072b905f7 usbip: prevent vhci_hcd driver from leaking a socket pointer address
CVE-2017-16912: 385e124b45fe46960de2fd280fc5a99d3e7706dc usbip: fix stub_rx: get_pipe() to validate endpoint number
CVE-2017-16913: eebf31529012289ec20fea84e4e6fd188176be13 usbip: fix stub_rx: harden CMD_SUBMIT path to handle malicious input
CVE-2017-18344: 28ef9653c18539f8123dd668ad3b28289ec0514a posix-timer: Properly check sigevent->sigev_notify
CVE-2017-8824: d2baa5e59786136454e3baf3cb7c9d606ab8d508 dccp: CVE-2017-8824: use-after-free in DCCP code
CVE-2018-5750: 0a0e3ffb0a1445a756cc91cd9f03b1ac3abd2e32 ACPI: sbshc: remove raw pointer from printk() message
CVEs fixed in 3.18.96:
CVE-2018-7566: 66776836486554f2767e04a6e196e9af69f13677 ALSA: seq: Fix racy pool initializations
CVEs fixed in 3.18.99:
CVE-2018-5803: 5b77504ae15267e8bc68b2622a7554076fe03e3b sctp: verify size of a new chunk in _sctp_make_chunk()
CVEs fixed in 3.18.100:
CVE-2018-1068: c80a9f329cb358cf2ae967c866d883264d218b7b netfilter: ebtables: CONFIG_COMPAT: don't trust userland offsets
CVE-2018-7995: bbf594868f37cfd50d4289a01a9e25151b9a26cf x86/MCE: Serialize sysfs changes
CVE-2019-9456: d6d68ab0ad44f6cf7c8621c91f29d351618ac96e usb: usbmon: Read text within supplied buffer size
CVEs fixed in 3.18.103:
CVE-2017-17975: d22df065dae66f6a892af8802961801deaa90356 media: usbtv: prevent double free in error case
CVE-2018-1000199: 8f7db030a6398638515c645184ad261d9ea58559 perf/hwbp: Simplify the perf-hwbp code, fix documentation
CVE-2018-1087: e7dc809e8042cf3d2c48ffa616941a8b11d3beba kvm/x86: fix icebp instruction handling
CVE-2018-1130: e717aef0e7ed299b43812cd1a2bcf5888eafad9b dccp: check sk for closed state in dccp_sendmsg()
CVE-2018-8781: 6949153ccb2fde17fb76e1ebcfdb8f5727dc58d1 drm: udl: Properly check framebuffer mmap offsets
CVE-2018-8822: 43f8ff29c37bf96b918a8fa1a9a2c13d28603044 staging: ncpfs: memory corruption in ncp_read_kernel()
CVEs fixed in 3.18.105:
CVE-2018-7757: c7323e9393266e6227540f906d74a6c55be39f37 scsi: libsas: fix memory leak in sas_smp_get_phy_events()
CVE-2018-9422: 714f4e55231893dd2319962127e6c9b730c57c1a futex: Remove requirement for lock_page() in get_futex_key()
CVEs fixed in 3.18.106:
CVE-2018-1092: bf1b17715e9117c1c22c7a24e38f27a92eb98413 ext4: fail ext4_iget for root directory if unallocated
CVEs fixed in 3.18.107:
CVE-2018-10940: 8e8a40578fac765527a5d55d258a2ca93904ed1b cdrom: information leak in cdrom_ioctl_media_changed()
CVEs fixed in 3.18.108:
CVE-2018-1093: 0643dbdb5c697fbe20dd380bcb3faa1dcec03b78 ext4: add validity checks for bitmap block numbers
CVEs fixed in 3.18.109:
CVE-2017-18255: 2e9cbae49c5d3e69ca04510d68ae161374e5d0a2 perf/core: Fix the perf_cpu_time_max_percent check
CVEs fixed in 3.18.110:
CVE-2018-1000204: 58b7ce6f9ef2367f86384b20458642945993b816 scsi: sg: allocate with __GFP_ZERO in sg_build_indirect()
CVE-2018-10021: badf15c8a243ca1292b8034dea2f91cc01982010 scsi: libsas: defer ata device eh commands to libata
CVE-2018-10087: 9535063c6fd52d42b954b68762269f6b27e26c91 kernel/exit.c: avoid undefined behaviour when calling wait4()
CVE-2018-5814: d1641e51d22e7ed33ba3101c01e006120f32a653 usbip: usbip_host: fix NULL-ptr deref and use-after-free errors
CVEs fixed in 3.18.111:
CVE-2017-13695: c81492260a2202dcea658087b5dd1b319f59bbf0 ACPICA: acpi: acpica: fix acpi operand cache leak in nseval.c
CVE-2018-10124: 50ecbf90142cbfc7cc0194d4f71cf9673e03ab33 kernel/signal.c: avoid undefined behaviour in kill_something_info
CVE-2018-6412: db57535b77b8de5646291f368f50f9494800bff5 fbdev: Fixing arbitrary kernel leak in case FBIOGETCMAP_SPARC in sbusfb_ioctl_helper().
CVE-2018-9518: 39e221cb5ce0822cd7d0a4c82e8949d32f33e43e NFC: llcp: Limit size of SDP URI
CVEs fixed in 3.18.113:
CVE-2019-18675: bf3ff108832e28b7ca8df5a02e2a03ced29cd31e mmap: introduce sane default mmap limits
CVEs fixed in 3.18.114:
CVE-2018-13406: 7568ba6cc40986d9553820da9468f94d0591942b video: uvesafb: Fix integer overflow in allocation
CVEs fixed in 3.18.115:
CVE-2017-13168: be37222d7cbc6610686c9501bbe1cff13c81bfc5 scsi: sg: mitigate read/write abuse
CVE-2018-10879: 780f50a6dcd2d067edf9761e9a45564ac4019522 ext4: make sure bitmaps and the inode table don't overlap with bg descriptors
CVE-2018-10881: 15b85a060ace8d19d1c7c0290380bedcf46cc4ac ext4: clear i_data in ext4_inode_info when removing inline data
CVE-2018-9516: f7e1dd8ebca4d67411c333223e4205879d141eaa HID: debug: check length before copy_to_user()
CVEs fixed in 3.18.116:
CVE-2018-13405: c5f2c5be9d1787a7bde81186d093be54c0caeb34 Fix up non-directory creation in SGID directories
CVE-2018-16276: b261643c6916c8d4e8571072abdc5e6646054db6 USB: yurex: fix out-of-bounds uaccess in read handler
CVEs fixed in 3.18.117:
CVE-2018-10902: bfa30d8adceec8633bea60333707fe1208f2f0e9 ALSA: rawmidi: Change resized buffers atomically
CVEs fixed in 3.18.118:
CVE-2018-12233: 31430f2b98f6053933482e51d008124fc31bc3e0 jfs: Fix inconsistency between memory allocation and ea_buf->max_size
CVE-2018-14734: 77e6abf43c95a39fd97a5fb644c26e303bd60459 infiniband: fix a possible use-after-free bug
CVEs fixed in 3.18.119:
CVE-2018-9363: adfdcfe1c7cd5f163855b0d3ea5d3a75efddd576 Bluetooth: hidp: buffer overflow in hidp_process_report
CVEs fixed in 3.18.121:
CVE-2018-16658: 2f294385874e8e152f357531aa177a19560c8a64 cdrom: Fix info leak/OOB read in cdrom_ioctl_drive_status
CVEs fixed in 3.18.123:
CVE-2018-14609: 56f338b39513de39679cf0c2da704d4803c9a0d5 btrfs: relocation: Only remove reloc rb_trees if reloc control has been initialized
CVE-2018-17182: 2b8f74c8f0a4aab0a20b9e77fdc3d17e8f2405dd mm: get rid of vmacache_flush_all() entirely
CVE-2018-6554: 9f0547e071f848a665056e18c70cc2741a96ca76 staging: irda: remove the irda network stack and drivers
CVE-2018-6555: f24049f47194791d0393450b4f5cebea9f0b5e89 staging: irda: remove the irda network stack and drivers
CVEs fixed in 3.18.124:
CVE-2018-10876: 8d419749b27419caf8eb914cd2d6b7fc19efc316 ext4: only look at the bg_flags field if it is valid
CVE-2018-10877: 683626073ac0f1ded012d8861b189350147eb86b ext4: verify the depth of extent tree in ext4_find_extent()
CVE-2018-10878: 6f6da33decb7d9de01447638ca737a846bf0181b ext4: always check block group bounds in ext4_init_block_bitmap()
CVE-2018-10880: fd2634366fca1f93e7d4cf36c8a919dfe11cd0ec ext4: never move the system.data xattr out of the inode body
CVE-2018-10882: 292dc9673821842c0762b5d095a05e354e795392 ext4: add more inode number paranoia checks
CVE-2018-10883: 524100251d15d4dc491671b84854017327ff2dba jbd2: don't mark block as modified if the handle is out of credits
CVE-2018-13053: f497869a6feab016c2dfd58bf80decfe57348ed9 alarmtimer: Prevent overflow for relative nanosleep
CVE-2018-14633: d31152ba0f282348c9ffbd8436b7a3622064aea6 scsi: target: iscsi: Use hex2bin instead of a re-implementation
CVE-2018-17972: ea20fab573d999205f8b1438d792486dcf76aa4c proc: restrict kernel stack dumps to root
CVE-2018-18021: d26e09111cb7b9c3727c4621ee241cb408d47a7d arm64: KVM: Tighten guest core register access from userspace
CVE-2018-20511: 2ababd51858f71ef174a1bb2fe045f0b23f04c1c net/appletalk: fix minor pointer leak to userspace in SIOCFINDIPDDPRT
CVE-2018-7755: 0facefd1d7db43e1c220405ca773adb7b97975a6 floppy: Do not copy a kernel pointer to user memory in FDGETPRM ioctl
CVE-2019-9458: 10c134df948c2d581f5b89a44072a07ba8cf4069 media: v4l: event: Prevent freeing event subscriptions while accessed
CVEs fixed in 3.18.125:
CVE-2018-18281: 0f1490a7573919a27dfc370c29a87caf142db993 mremap: properly flush TLB before releasing the page
CVEs fixed in 3.18.126:
CVE-2018-18710: 0869341c34905b7f34b1c4e2a378bf1488f9df7c cdrom: fix improper type cast, which can leat to information leak.
CVEs fixed in 3.18.129:
CVE-2018-16862: 599379965a37d87155f6c98196cd0e6ca1537c70 mm: cleancache: fix corruption on missed inode invalidation
CVE-2018-20169: d672c306e00a904adcbdce42b51b23b3e906f5cf USB: check usb_get_extra_descriptor for proper size
CVEs fixed in 3.18.131:
CVE-2018-12896: 2f5f58a8b5d8eb12cfc955cca62ccb5254bab951 posix-timers: Sanitize overrun handling
CVE-2018-5848: eac164f4025d7bf7afb0ecf0cee06f55ca096a40 wil6210: missing length check in wmi_set_ie
CVE-2018-5953: fa3ec41ea511910599838a1fe8820e31ef85efdd printk: hash addresses printed with %p
CVEs fixed in 3.18.132:
CVE-2018-19985: 2dbfeb3393252289ce87a8e1a6ddbd47c2aa7eb4 USB: hso: Fix OOB memory access in hso_probe/hso_get_config_data
CVE-2019-15927: 172236e69b714879fe534b1fa2e8ffed2c221ebc ALSA: usb-audio: Avoid access before bLength check in build_audio_procunit()
CVE-2019-6133: 0b2758fb10d9557899b614e76a6d60d299baadf5 fork: record start_time late
CVEs fixed in 3.18.133:
CVE-2018-16884: b1c0a2b920e66a6cd90644e5cbbd861b755f40fa sunrpc: use-after-free in svc_process_common()
CVE-2019-3701: 4c3b21c842deb09721015a8463087e3c262be385 can: gw: ensure DLC boundaries after CAN frame modification
CVE-2020-10769: 98d2b2486aea705806f72626e02f29b8d6b8aa68 crypto: authenc - fix parsing key with misaligned rta_len
CVEs fixed in 3.18.135:
CVE-2019-7221: 8767556995adf9a10b49fb0c2098b7aeb40ee64c KVM: nVMX: unconditionally cancel preemption timer in free_nested (CVE-2019-7221)
CVE-2019-7222: d283b5404655ef51aeafb092d7c79c6718b48c7b KVM: x86: work around leak of uninitialized stack contents (CVE-2019-7222)
CVEs fixed in 3.18.136:
CVE-2019-6974: 673f9cf4a99f80a8cab2b015adf1b03c8ca4d66a kvm: fix kvm_ioctl_create_device() reference counting (CVE-2019-6974)
CVEs fixed in 3.18.137:
CVE-2019-12818: e89106985667c7119fa580f74a7beb453399f44c net: nfc: Fix NULL dereference on nfc_llcp_build_tlv fails
CVE-2019-12819: 077a353641d29fc28062866ec589eb2e365f1d56 mdio_bus: Fix use-after-free on device_register fails
CVE-2019-15916: a7053bc3aeefb24b94290a5c438fbcfe635ee4c7 net-sysfs: Fix mem leak in netdev_register_kobject
CVE-2019-16995: e3d6490ad2b47f41bd534a6a5f8655549a754665 net: hsr: fix memory leak in hsr_dev_finalize()
CVE-2019-2101: 7828fe7452f151cc1107a5c28ed042aeb64c1166 media: uvcvideo: Fix 'type' check leading to overflow
CVE-2019-9213: f290a73f3e919c4d5482632284ccb0aa17f7380c mm: enforce min addr even if capable() in expand_downwards()
CVE-2020-0066: 5821948648caf10f8c8f7e9c9f8ac8fd22c640ba netlink: Trim skb to alloc size to avoid MSG_TRUNC
CVEs fixed in 3.18.138:
CVE-2019-20054: beb70e5c511ca99454c20334c56499fd413c1d6d fs/proc/proc_sysctl.c: fix NULL pointer dereference in put_links
CVE-2019-3459: ac7c597c465eb09391e40febbe088bdad601080b Bluetooth: Verify that l2cap_get_conf_opt provides large enough buffer
CVE-2019-3460: 8f9c5ea93aa788302dddec8589aff079f9ac4bac Bluetooth: Check L2CAP option sizes returned from l2cap_get_conf_opt
CVEs fixed in 3.18.139:
CVE-2017-18551: e045c806436d3202e497051d3d63a23db8e16169 i2c: core-smbus: prevent stack corruption on read I2C_BLOCK_DATA
CVE-2019-10639: c2bca92ba948f3def1f99f6b429ec39e07354dc2 netns: provide pure entropy for net_hash_mix()
CVE-2019-11190: 119b8e38491b9bc21efe06ed3f5a1b3d879c4998 binfmt_elf: switch to new creds when switching to new mm
CVE-2019-11486: 20d4e7627b1451e68ddde913b5a289664716c318 tty: mark Siemens R3964 line discipline as BROKEN
CVE-2019-11810: 9670c4d542aa2fac5dfa7f95f6e79c25dd1e11f0 scsi: megaraid_sas: return error when create DMA pool failed
CVE-2019-15214: 8ad4179e47f711549de33f991dfb8e129ed1175e ALSA: core: Fix card races between register and disconnect
CVE-2019-15292: ab885986b6308c902364b4a91d73fae3003da9fe appletalk: Fix use-after-free in atalk_proc_exit
CVE-2019-9454: e045c806436d3202e497051d3d63a23db8e16169 i2c: core-smbus: prevent stack corruption on read I2C_BLOCK_DATA
CVEs fixed in 3.18.140:
CVE-2018-20836: ec22b57b0527530cecda657f9f1ec2f8068150a0 scsi: libsas: fix a race condition when smp task timeout
CVE-2019-10142: db7e50136a20bc175fe081ff1764b5b96af85e2d drivers/virt/fsl_hypervisor.c: prevent integer overflow in ioctl
CVE-2019-11884: 9c47ad93de73786aef31033e2aabd9df020e68cd Bluetooth: hidp: fix buffer overflow
CVE-2019-15216: 15c0d2672a4711fa277ca040e92af36009de4bf6 USB: yurex: Fix protection fault after device removal
Outstanding CVEs:
CVE-2005-3660: (unk)
CVE-2007-3719: (unk)
CVE-2008-2544: (unk)
CVE-2008-4609: (unk)
CVE-2010-4563: (unk)
CVE-2010-5321: (unk)
CVE-2011-4916: (unk)
CVE-2011-4917: (unk)
CVE-2012-4542: (unk)
CVE-2013-7445: (unk)
CVE-2014-9717: (unk) mnt: Update detach_mounts to leave mounts connected
CVE-2015-1350: (unk) fs: Avoid premature clearing of capabilities
CVE-2015-2041: (unk) net: llc: use correct size for sysctl timeout entries
CVE-2015-2042: (unk) net: rds: use correct size for max unacked packets and bytes
CVE-2015-2877: (unk)
CVE-2015-3332: (unk) tcp: Fix crash in TCP Fast Open
CVE-2015-3339: (unk) fs: take i_mutex during prepare_binprm for set[ug]id executables
CVE-2015-4001: (unk) ozwpan: Use unsigned ints to prevent heap overflow
CVE-2015-4004: (unk) staging: ozwpan: Remove from tree
CVE-2015-4176: (unk) mnt: Update detach_mounts to leave mounts connected
CVE-2015-7515: (unk) Input: aiptek - fix crash on detecting device without endpoints
CVE-2015-7884: (unk) [media] media/vivid-osd: fix info leak in ioctl
CVE-2015-7885: (unk) staging/dgnc: fix info leak in ioctl
CVE-2015-8019: (unk) net: add length argument to skb_copy_and_csum_datagram_iovec
CVE-2015-8104: (unk) KVM: svm: unconditionally intercept #DB
CVE-2015-8374: (unk) Btrfs: fix truncation of compressed and inlined extents
CVE-2015-8550: (unk) xen: Add RING_COPY_REQUEST()
CVE-2015-8551: (unk) xen/pciback: Return error on XEN_PCI_OP_enable_msi when device has MSI or MSI-X enabled
CVE-2015-8552: (unk) xen/pciback: Return error on XEN_PCI_OP_enable_msi when device has MSI or MSI-X enabled
CVE-2015-8709: (unk) mm: Add a user_ns owner to mm_struct and fix ptrace permission checks
CVE-2015-8767: (unk) sctp: Prevent soft lockup when sctp_accept() is called during a timeout event
CVE-2015-8830: (unk) aio: lift iov_iter_init() into aio_setup_..._rw()
CVE-2015-8839: (unk) ext4: fix races between page faults and hole punching
CVE-2015-8844: (unk) powerpc/tm: Block signal return setting invalid MSR state
CVE-2015-8845: (unk) powerpc/tm: Check for already reclaimed tasks
CVE-2015-8952: (unk) ext2: convert to mbcache2
CVE-2015-8953: (unk) ovl: fix dentry reference leak
CVE-2015-8966: (unk) [PATCH] arm: fix handling of F_OFD_... in oabi_fcntl64()
CVE-2016-10044: (unk) aio: mark AIO pseudo-fs noexec
CVE-2016-10147: (unk) crypto: mcryptd - Check mcryptd algorithm compatibility
CVE-2016-10723: (unk) mm, oom: remove sleep from under oom_lock
CVE-2016-10741: (unk) xfs: don't BUG() on mixed direct and mapped I/O
CVE-2016-10905: (unk) GFS2: don't set rgrp gl_object until it's inserted into rgrp tree
CVE-2016-10906: (unk) net: arc_emac: fix koops caused by sk_buff free
CVE-2016-1575: (unk) ovl: setattr: check permissions before copy-up
CVE-2016-1576: (unk) ovl: setattr: check permissions before copy-up
CVE-2016-2069: (unk) x86/mm: Add barriers and document switch_mm()-vs-flush synchronization
CVE-2016-2143: (unk) s390/mm: four page table levels vs. fork
CVE-2016-2549: (unk) ALSA: hrtimer: Fix stall by hrtimer_cancel()
CVE-2016-3070: (unk) mm: migrate dirty page without clear_page_dirty_for_io etc
CVE-2016-3672: (unk) x86/mm/32: Enable full randomization on i386 and X86_32
CVE-2016-3857: (unk) arm: oabi compat: add missing access checks
CVE-2016-4482: (unk) USB: usbfs: fix potential infoleak in devio
CVE-2016-5243: (unk) tipc: fix an infoleak in tipc_nl_compat_link_dump
CVE-2016-5244: (unk) rds: fix an infoleak in rds_inc_info_copy
CVE-2016-5728: (unk) misc: mic: Fix for double fetch security bug in VOP driver
CVE-2016-6130: (unk) s390/sclp_ctl: fix potential information leak with /dev/sclp
CVE-2016-6198: (unk) vfs: add vfs_select_inode() helper
CVE-2016-6213: (unk) mnt: Add a per mount namespace limit on the number of mounts
CVE-2016-7912: (unk) usb: gadget: f_fs: Fix use-after-free
CVE-2016-7917: (unk) netfilter: nfnetlink: correctly validate length of batch messages
CVE-2016-8630: (unk) kvm: x86: Check memopp before dereference (CVE-2016-8630)
CVE-2016-8632: (unk) tipc: check minimum bearer MTU
CVE-2016-8645: (unk) tcp: take care of truncations done by sk_filter()
CVE-2016-8646: (unk) crypto: algif_hash - Only export and import on sockets with data
CVE-2016-8658: (unk) brcmfmac: avoid potential stack overflow in brcmf_cfg80211_start_ap()
CVE-2016-9191: (unk) sysctl: Drop reference added by grab_header in proc_sys_readdir
CVE-2016-9588: (unk) kvm: nVMX: Allow L1 to intercept software exceptions (#BP and #OF)
CVE-2016-9644: (unk) x86/mm: Expand the exception table logic to allow new handling options
CVE-2016-9756: (unk) KVM: x86: drop error recovery in em_jmp_far and em_ret_far
CVE-2017-0605: (unk) tracing: Use strlcpy() instead of strcpy() in __trace_find_cmdline()
CVE-2017-0786: (unk) brcmfmac: add length check in brcmf_cfg80211_escan_handler()
CVE-2017-1000405: (unk) mm, thp: Do not make page table dirty unconditionally in touch_p[mu]d()
CVE-2017-10810: (unk) drm/virtio: don't leak bo on drm_gem_object_init failure
CVE-2017-10911: (unk) xen-blkback: don't leak stack data via response ring
CVE-2017-11472: (unk) ACPICA: Namespace: fix operand cache leak
CVE-2017-12134: (unk) xen: fix bio vec merging
CVE-2017-12168: (unk) arm64: KVM: pmu: Fix AArch32 cycle counter access
CVE-2017-13166: (unk) media: v4l2-ioctl.c: use check_fmt for enum/g/s/try_fmt
CVE-2017-13220: (unk) Bluetooth: hidp_connection_add() unsafe use of l2cap_pi()
CVE-2017-13693: (unk)
CVE-2017-13694: (unk)
CVE-2017-15102: (unk) usb: misc: legousbtower: Fix NULL pointer deference
CVE-2017-15116: (unk) crypto: rng - Remove old low-level rng interface
CVE-2017-16528: (unk) ALSA: seq: Cancel pending autoload work at unbinding device
CVE-2017-16536: (unk) [media] cx231xx-cards: fix NULL-deref on missing association descriptor
CVE-2017-16648: (unk) dvb_frontend: don't use-after-free the frontend struct
CVE-2017-16649: (unk) net: cdc_ether: fix divide by 0 on bad descriptors
CVE-2017-16650: (unk) net: qmi_wwan: fix divide by 0 on bad descriptors
CVE-2017-16995: (unk) bpf: fix incorrect sign extension in check_alu_op()
CVE-2017-17741: (unk) KVM: Fix stack-out-of-bounds read in write_mmio
CVE-2017-17862: (unk) bpf: fix branch pruning logic
CVE-2017-18193: (unk) f2fs: fix a bug caused by NULL extent tree
CVE-2017-18216: (unk) ocfs2: subsystem.su_mutex is required while accessing the item->ci_parent
CVE-2017-18232: (unk) scsi: libsas: direct call probe and destruct
CVE-2017-18241: (unk) f2fs: fix a panic caused by NULL flush_cmd_control
CVE-2017-18249: (unk) f2fs: fix race condition in between free nid allocator/initializer
CVE-2017-18261: (unk) clocksource/drivers/arm_arch_timer: Avoid infinite recursion when ftrace is enabled
CVE-2017-18509: (unk) ipv6: check sk sk_type and protocol early in ip_mroute_set/getsockopt
CVE-2017-18552: (unk) RDS: validate the requested traces user input against max supported
CVE-2017-2583: (unk) KVM: x86: fix emulation of "MOV SS, null selector"
CVE-2017-2584: (unk) KVM: x86: Introduce segmented_write_std
CVE-2017-5549: (unk) USB: serial: kl5kusb105: fix line-state error handling
CVE-2017-5551: (unk) tmpfs: clear S_ISGID when setting posix ACLs
CVE-2017-5669: (unk) ipc/shm: Fix shmat mmap nil-page protection
CVE-2017-5715: (unk) x86/cpufeatures: Add X86_BUG_SPECTRE_V[12]
CVE-2017-5753: (unk) x86/cpufeatures: Add X86_BUG_SPECTRE_V[12]
CVE-2017-5754: (unk) x86/cpufeatures: Add Intel feature bits for Speculation Control
CVE-2017-5967: (unk) time: Remove CONFIG_TIMER_STATS
CVE-2017-5972: (unk) tcp: do not lock listener to process SYN packets
CVE-2017-6346: (unk) packet: fix races in fanout_add()
CVE-2017-6348: (unk) irda: Fix lockdep annotations in hashbin_delete().
CVE-2017-7273: (unk) HID: hid-cypress: validate length of report
CVE-2017-7518: (unk) KVM: x86: fix singlestepping over syscall
CVE-2017-7895: (unk) nfsd: stricter decoding of write-like NFSv2/v3 ops
CVE-2017-8065: (unk) crypto: ccm - move cbcmac input off the stack
CVE-2017-8797: (unk) nfsd: fix undefined behavior in nfsd4_layout_verify
CVE-2017-8831: (unk) [media] saa7164: fix double fetch PCIe access condition
CVE-2017-9605: (unk) drm/vmwgfx: Make sure backup_handle is always valid
CVE-2017-9986: (unk) sound: Retire OSS
CVE-2018-1000026: (unk) bnx2x: disable GSO where gso_size is too big for hardware
CVE-2018-1000028: (unk) nfsd: auth: Fix gid sorting when rootsquash enabled
CVE-2018-10322: (unk) xfs: enhance dinode verifier
CVE-2018-10323: (unk) xfs: set format back to extents if xfs_bmap_extents_to_btree
CVE-2018-1066: (unk) CIFS: Enable encryption during session setup phase
CVE-2018-1120: (unk) proc: do not access cmdline nor environ from file-backed areas
CVE-2018-1121: (unk)
CVE-2018-1128: (unk) libceph: add authorizer challenge
CVE-2018-1129: (unk) libceph: implement CEPHX_V2 calculation mode
CVE-2018-12126: (unk) s390/speculation: Support 'mitigations=' cmdline option
CVE-2018-12127: (unk) s390/speculation: Support 'mitigations=' cmdline option
CVE-2018-12130: (unk) s390/speculation: Support 'mitigations=' cmdline option
CVE-2018-12207: (unk) kvm: x86, powerpc: do not allow clearing largepages debugfs entry
CVE-2018-12928: (unk)
CVE-2018-12929: (unk)
CVE-2018-12930: (unk)
CVE-2018-12931: (unk)
CVE-2018-13093: (unk) xfs: validate cached inodes are free when allocated
CVE-2018-13094: (unk) xfs: don't call xfs_da_shrink_inode with NULL bp
CVE-2018-13095: (unk) xfs: More robust inode extent count validation
CVE-2018-13096: (unk) f2fs: fix to do sanity check with node footer and iblocks
CVE-2018-13097: (unk) f2fs: fix to do sanity check with user_block_count
CVE-2018-13098: (unk) f2fs: fix to do sanity check with extra_attr feature
CVE-2018-13099: (unk) f2fs: fix to do sanity check with reserved blkaddr of inline inode
CVE-2018-13100: (unk) f2fs: fix to do sanity check with secs_per_zone
CVE-2018-14610: (unk) btrfs: Check that each block group has corresponding chunk at mount time
CVE-2018-14611: (unk) btrfs: validate type when reading a chunk
CVE-2018-14612: (unk) btrfs: tree-checker: Detect invalid and empty essential trees
CVE-2018-14613: (unk) btrfs: tree-checker: Verify block_group_item
CVE-2018-14614: (unk) f2fs: fix to do sanity check with cp_pack_start_sum
CVE-2018-14616: (unk) f2fs: fix to do sanity check with block address in main area v2
CVE-2018-14617: (unk) hfsplus: fix NULL dereference in hfsplus_lookup()
CVE-2018-15572: (unk) x86/speculation: Protect against userspace-userspace spectreRSB
CVE-2018-16597: (unk) ovl: modify ovl_permission() to do checks on two inodes
CVE-2018-17977: (unk)
CVE-2018-18690: (unk) xfs: don't fail when converting shortform attr to long form during ATTR_REPLACE
CVE-2018-19824: (unk) ALSA: usb-audio: Fix UAF decrement if card has no live interfaces in card.c
CVE-2018-20509: (unk) binder: refactor binder ref inc/dec for thread safety
CVE-2018-20510: (unk) binder: replace "%p" with "%pK"
CVE-2018-20854: (unk) phy: ocelot-serdes: fix out-of-bounds read
CVE-2018-20855: (unk) IB/mlx5: Fix leaking stack memory to userspace
CVE-2018-20856: (unk) block: blk_init_allocated_queue() set q->fq as NULL in the fail case
CVE-2018-20976: (unk) xfs: clear sb->s_fs_info on mount failure
CVE-2018-21008: (unk) rsi: add fix for crash during assertions
CVE-2018-25020: (unk) bpf: fix truncated jump targets on heavy expansions
CVE-2018-3620: (unk) x86/microcode: Allow late microcode loading with SMT disabled
CVE-2018-3639: (unk) x86/nospec: Simplify alternative_msr_write()
CVE-2018-3646: (unk) x86/microcode: Allow late microcode loading with SMT disabled
CVE-2018-3693: (unk) ext4: fix spectre gadget in ext4_mb_regular_allocator()
CVE-2018-5391: (unk) ip: discard IPv4 datagrams with overlapping segments.
CVE-2018-5995: (unk) printk: hash addresses printed with %p
CVE-2018-7273: (unk) printk: hash addresses printed with %p
CVE-2018-7480: (unk) blkcg: fix double free of new_blkg in blkcg_init_queue
CVE-2018-7754: (unk) printk: hash addresses printed with %p
CVE-2018-8043: (unk) net: phy: mdio-bcm-unimac: fix potential NULL dereference in unimac_mdio_probe()
CVE-2018-8897: (unk) x86/entry/64: Don't use IST entry for #BP stack
CVE-2018-9465: (unk) binder: fix proc->files use-after-free
CVE-2018-9517: (unk) l2tp: pass tunnel pointer to ->session_create()
CVE-2019-0136: (unk) mac80211: drop robust management frames from unknown TA
CVE-2019-0148: (unk) i40e: Wrong truncation from u16 to u8
CVE-2019-0154: (unk) drm/i915: Lower RM timeout to avoid DSI hard hangs
CVE-2019-10126: (unk) mwifiex: Fix heap overflow in mwifiex_uap_parse_tail_ies()
CVE-2019-10207: (unk) Bluetooth: hci_uart: check for missing tty operations
CVE-2019-10220: (unk) Convert filldir[64]() from __put_user() to unsafe_put_user()
CVE-2019-10638: (unk) inet: switch IP ID generator to siphash
CVE-2019-11091: (unk) s390/speculation: Support 'mitigations=' cmdline option
CVE-2019-11135: (unk) x86/msr: Add the IA32_TSX_CTRL MSR
CVE-2019-11191: (unk) x86: Deprecate a.out support
CVE-2019-1125: (unk) x86/speculation: Prepare entry code for Spectre v1 swapgs mitigations
CVE-2019-11477: (unk) tcp: limit payload size of sacked skbs
CVE-2019-11478: (unk) tcp: tcp_fragment() should apply sane memory limits
CVE-2019-11479: (unk) tcp: add tcp_min_snd_mss sysctl
CVE-2019-11487: (unk) fs: prevent page refcount overflow in pipe_buf_get
CVE-2019-11599: (unk) coredump: fix race condition between mmget_not_zero()/get_task_mm() and core dumping
CVE-2019-11833: (unk) ext4: zero out the unused memory region in the extent tree block
CVE-2019-12378: (unk) ipv6_sockglue: Fix a missing-check bug in ip6_ra_control()
CVE-2019-12379: (unk) consolemap: Fix a memory leaking bug in drivers/tty/vt/consolemap.c
CVE-2019-12380: (unk) efi/x86/Add missing error handling to old_memmap 1:1 mapping code
CVE-2019-12381: (unk) ip_sockglue: Fix missing-check bug in ip_ra_control()
CVE-2019-12382: (unk) drm/edid: Fix a missing-check bug in drm_load_edid_firmware()
CVE-2019-12456: (unk)
CVE-2019-12614: (unk) powerpc/pseries/dlpar: Fix a missing check in dlpar_parse_cc_property()
CVE-2019-12615: (unk) mdesc: fix a missing-check bug in get_vdev_port_node_info()
CVE-2019-12881: (unk) drm/i915/userptr: reject zero user_size
CVE-2019-13272: (unk) ptrace: Fix ->ptracer_cred handling for PTRACE_TRACEME
CVE-2019-13631: (unk) Input: gtco - bounds check collection indent level
CVE-2019-13648: (unk) powerpc/tm: Fix oops on sigreturn on systems without TM
CVE-2019-14283: (unk) floppy: fix out-of-bounds read in copy_buffer
CVE-2019-14284: (unk) floppy: fix div-by-zero in setup_format_params
CVE-2019-14615: (unk) drm/i915/gen9: Clear residual context state on context switch
CVE-2019-14814: (unk) mwifiex: Fix three heap overflow at parsing element in cfg80211_ap_settings
CVE-2019-14816: (unk) mwifiex: Fix three heap overflow at parsing element in cfg80211_ap_settings
CVE-2019-14821: (unk) KVM: coalesced_mmio: add bounds checking
CVE-2019-14835: (unk) vhost: make sure log_num < in_num
CVE-2019-14895: (unk) mwifiex: fix possible heap overflow in mwifiex_process_country_ie()
CVE-2019-14896: (unk) libertas: Fix two buffer overflows at parsing bss descriptor
CVE-2019-14897: (unk) libertas: Fix two buffer overflows at parsing bss descriptor
CVE-2019-14901: (unk) mwifiex: Fix heap overflow in mmwifiex_process_tdls_action_frame()
CVE-2019-15098: (unk) ath6kl: fix a NULL-ptr-deref bug in ath6kl_usb_alloc_urb_from_pipe()
CVE-2019-15117: (unk) ALSA: usb-audio: Fix an OOB bug in parse_audio_mixer_unit
CVE-2019-15118: (unk) ALSA: usb-audio: Fix a stack buffer overflow bug in check_input_term
CVE-2019-15211: (unk) media: radio-raremono: change devm_k*alloc to k*alloc
CVE-2019-15212: (unk) USB: rio500: refuse more than one device at a time
CVE-2019-15215: (unk) media: cpia2_usb: first wake up, then free in disconnect
CVE-2019-15217: (unk) media: usb:zr364xx:Fix KASAN:null-ptr-deref Read in zr364xx_vidioc_querycap
CVE-2019-15218: (unk) media: usb: siano: Fix general protection fault in smsusb
CVE-2019-15219: (unk) USB: sisusbvga: fix oops in error path of sisusb_probe
CVE-2019-15220: (unk) p54usb: Fix race between disconnect and firmware loading
CVE-2019-15221: (unk) ALSA: line6: Fix write on zero-sized buffer
CVE-2019-15222: (unk) ALSA: usb-audio: Fix gpf in snd_usb_pipe_sanity_check
CVE-2019-15223: (unk) ALSA: line6: Assure canceling delayed work at disconnection
CVE-2019-15239: (unk)
CVE-2019-15290: (unk)
CVE-2019-15291: (unk) media: b2c2-flexcop-usb: add sanity checking
CVE-2019-15505: (unk) media: technisat-usb2: break out of loop at end of buffer
CVE-2019-15666: (unk) xfrm: policy: Fix out-of-bound array accesses in __xfrm_policy_unlink
CVE-2019-15807: (unk) scsi: libsas: delete sas port if expander discover failed
CVE-2019-15902: (unk)
CVE-2019-15917: (unk) Bluetooth: hci_ldisc: Postpone HCI_UART_PROTO_READY bit set in hci_uart_set_proto()
CVE-2019-15926: (unk) ath6kl: add some bounds checking
CVE-2019-16230: (unk) drm/amdkfd: fix a potential NULL pointer dereference (v2)
CVE-2019-16232: (unk) libertas: fix a potential NULL pointer dereference
CVE-2019-16233: (unk) scsi: qla2xxx: fix a potential NULL pointer dereference
CVE-2019-16413: (unk) 9p: use inode->i_lock to protect i_size_write() under 32-bit
CVE-2019-16746: (unk) nl80211: validate beacon head
CVE-2019-16921: (unk) RDMA/hns: Fix init resp when alloc ucontext
CVE-2019-17052: (unk) ax25: enforce CAP_NET_RAW for raw sockets
CVE-2019-17053: (unk) ieee802154: enforce CAP_NET_RAW for raw sockets
CVE-2019-17054: (unk) appletalk: enforce CAP_NET_RAW for raw sockets
CVE-2019-17055: (unk) mISDN: enforce CAP_NET_RAW for raw sockets
CVE-2019-17056: (unk) nfc: enforce CAP_NET_RAW for raw sockets
CVE-2019-17075: (unk) RDMA/cxgb4: Do not dma memory off of the stack
CVE-2019-17133: (unk) cfg80211: wext: avoid copying malformed SSIDs
CVE-2019-17351: (unk) xen: let alloc_xenballooned_pages() fail if not enough memory free
CVE-2019-17666: (unk) rtlwifi: Fix potential overflow on P2P code
CVE-2019-18282: (unk) net/flow_dissector: switch to siphash
CVE-2019-18660: (unk) powerpc/book3s64: Fix link stack flush on context switch
CVE-2019-18680: (unk)
CVE-2019-18683: (unk) media: vivid: Fix wrong locking that causes race conditions on streaming stop
CVE-2019-18806: (unk) net: qlogic: Fix memory leak in ql_alloc_large_buffers
CVE-2019-18885: (unk) btrfs: merge btrfs_find_device and find_device
CVE-2019-19036: (unk) btrfs: Detect unbalanced tree with empty leaf before crashing btree operations
CVE-2019-19039: (unk) btrfs: Don't submit any btree write bio if the fs has errors
CVE-2019-19049: (unk) of: unittest: fix memory leak in unittest_data_add
CVE-2019-19052: (unk) can: gs_usb: gs_can_open(): prevent memory leak
CVE-2019-19054: (unk) media: rc: prevent memory leak in cx23888_ir_probe
CVE-2019-19056: (unk) mwifiex: pcie: Fix memory leak in mwifiex_pcie_alloc_cmdrsp_buf
CVE-2019-19057: (unk) mwifiex: pcie: Fix memory leak in mwifiex_pcie_init_evt_ring
CVE-2019-19060: (unk) iio: imu: adis16400: release allocated memory on failure
CVE-2019-19061: (unk) iio: imu: adis16400: fix memory leak
CVE-2019-19062: (unk) crypto: user - fix memory leak in crypto_report
CVE-2019-19063: (unk) rtlwifi: prevent memory leak in rtl_usb_probe
CVE-2019-19066: (unk) scsi: bfa: release allocated memory in case of error
CVE-2019-19073: (unk) ath9k_htc: release allocated buffer if timed out
CVE-2019-19074: (unk) ath9k: release allocated buffer if timed out
CVE-2019-19227: (unk) appletalk: Fix potential NULL pointer dereference in unregister_snap_client
CVE-2019-19241: (unk) io_uring: async workers should inherit the user creds
CVE-2019-19319: (unk) ext4: protect journal inode's blocks using block_validity
CVE-2019-19332: (unk) KVM: x86: fix out-of-bounds write in KVM_GET_EMULATED_CPUID (CVE-2019-19332)
CVE-2019-19377: (unk) btrfs: Don't submit any btree write bio if the fs has errors
CVE-2019-19378: (unk)
CVE-2019-19447: (unk) ext4: work around deleting a file with i_nlink == 0 safely
CVE-2019-19448: (unk) btrfs: only search for left_info if there is no right_info in try_merge_free_space
CVE-2019-19449: (unk) f2fs: fix to do sanity check on segment/section count
CVE-2019-19523: (unk) USB: adutux: fix use-after-free on disconnect
CVE-2019-19524: (unk) Input: ff-memless - kill timer in destroy()
CVE-2019-19527: (unk) HID: hiddev: do cleanup in failure of opening a device
CVE-2019-19528: (unk) USB: iowarrior: fix use-after-free on disconnect
CVE-2019-19530: (unk) usb: cdc-acm: make sure a refcount is taken early enough
CVE-2019-19531: (unk) usb: yurex: Fix use-after-free in yurex_delete
CVE-2019-19532: (unk) HID: Fix assumption that devices have inputs
CVE-2019-19533: (unk) media: ttusb-dec: Fix info-leak in ttusb_dec_send_command()
CVE-2019-19534: (unk) can: peak_usb: fix slab info leak
CVE-2019-19536: (unk) can: peak_usb: pcan_usb_pro: Fix info-leaks to USB devices
CVE-2019-19537: (unk) USB: core: Fix races in character device registration and deregistraion
CVE-2019-19768: (unk) blktrace: Protect q->blk_trace with RCU
CVE-2019-19813: (unk) btrfs: inode: Verify inode mode to avoid NULL pointer dereference
CVE-2019-19814: (unk)
CVE-2019-19815: (unk) f2fs: support swap file w/ DIO
CVE-2019-19816: (unk) btrfs: inode: Verify inode mode to avoid NULL pointer dereference
CVE-2019-19922: (unk) sched/fair: Fix low cpu usage with high throttling by removing expiration of cpu-local slices
CVE-2019-19927: (unk) drm/ttm: fix incrementing the page pointer for huge pages
CVE-2019-19965: (unk) scsi: libsas: stop discovering if oob mode is disconnected
CVE-2019-19966: (unk) media: cpia2: Fix use-after-free in cpia2_exit
CVE-2019-1999: (unk) binder: fix race between munmap() and direct reclaim
CVE-2019-20096: (unk) dccp: Fix memleak in __feat_register_sp
CVE-2019-2024: (unk) media: em28xx: Fix use-after-free when disconnecting
CVE-2019-2025: (unk) binder: fix race that allows malicious free of live buffer
CVE-2019-2054: (unk) arm/ptrace: run seccomp after ptrace
CVE-2019-20636: (unk) Input: add safety guards to input_set_keycode()
CVE-2019-20794: (unk)
CVE-2019-20806: (unk) media: tw5864: Fix possible NULL pointer dereference in tw5864_handle_frame
CVE-2019-20810: (unk) media: go7007: fix a miss of snd_card_free
CVE-2019-20811: (unk) net-sysfs: call dev_hold if kobject_init_and_add success
CVE-2019-20812: (unk) af_packet: set defaule value for tmo
CVE-2019-20908: (unk) efi: Restrict efivar_ssdt_load when the kernel is locked down
CVE-2019-20934: (unk) sched/fair: Don't free p->numa_faults with concurrent readers
CVE-2019-2181: (unk) binder: check for overflow when alloc for security context
CVE-2019-2213: (unk) binder: fix possible UAF when freeing buffer
CVE-2019-2215: (unk) ANDROID: binder: remove waitqueue when thread exits.
CVE-2019-3846: (unk) mwifiex: Fix possible buffer overflows at parsing bss descriptor
CVE-2019-3874: (unk) sctp: implement memory accounting on tx path
CVE-2019-3882: (unk) vfio/type1: Limit DMA mappings per container
CVE-2019-3892: (unk) coredump: fix race condition between mmget_not_zero()/get_task_mm() and core dumping
CVE-2019-3900: (unk) vhost_net: fix possible infinite loop
CVE-2019-3901: (unk) perf/core: Fix perf_event_open() vs. execve() race
CVE-2019-5108: (unk) mac80211: Do not send Layer 2 Update frame before authorization
CVE-2019-5489: (unk) Change mincore() to count "mapped" pages rather than "cached" pages
CVE-2019-7308: (unk) bpf: fix sanitation of alu op with pointer / scalar type from different paths
CVE-2019-9445: (unk) f2fs: check if file namelen exceeds max value
CVE-2019-9453: (unk) f2fs: fix to avoid accessing xattr across the boundary
CVE-2019-9466: (unk) brcmfmac: add subtype check for event handling in data path
CVE-2019-9503: (unk) brcmfmac: add subtype check for event handling in data path
CVE-2019-9506: (unk) Bluetooth: Fix faulty expression for minimum encryption key size check
CVE-2020-0009: (unk) staging: android: ashmem: Disallow ashmem memory from being remapped
CVE-2020-0030: (unk) ANDROID: binder: synchronize_rcu() when using POLLFREE.
CVE-2020-0067: (unk) f2fs: fix to avoid memory leakage in f2fs_listxattr
CVE-2020-0255: (unk) selinux: properly handle multiple messages in selinux_netlink_send()
CVE-2020-0305: (unk) chardev: Avoid potential use-after-free in 'chrdev_open()'
CVE-2020-0347: (unk)
CVE-2020-0404: (unk) media: uvcvideo: Avoid cyclic entity chains due to malformed USB descriptors
CVE-2020-0427: (unk) pinctrl: devicetree: Avoid taking direct reference to device name string
CVE-2020-0429: (unk) l2tp: fix race between l2tp_session_delete() and l2tp_tunnel_closeall()
CVE-2020-0431: (unk) HID: hid-input: clear unmapped usages
CVE-2020-0432: (unk) staging: most: net: fix buffer overflow
CVE-2020-0433: (unk) blk-mq: sync the update nr_hw_queues with blk_mq_queue_tag_busy_iter
CVE-2020-0435: (unk) f2fs: fix to do sanity check with i_extra_isize
CVE-2020-0444: (unk) audit: fix error handling in audit_data_to_entry()
CVE-2020-0465: (unk) HID: core: Sanitize event code and type when mapping input
CVE-2020-0466: (unk) do_epoll_ctl(): clean the failure exits up a bit
CVE-2020-0543: (unk) x86/cpu: Add 'table' argument to cpu_matches()
CVE-2020-10135: (unk) Bluetooth: Consolidate encryption handling in hci_encrypt_cfm
CVE-2020-10690: (unk) ptp: fix the race between the release of ptp_clock and cdev
CVE-2020-10708: (unk)
CVE-2020-10711: (unk) netlabel: cope with NULL catmap
CVE-2020-10720: (unk) net-gro: fix use-after-free read in napi_gro_frags()
CVE-2020-10732: (unk) fs/binfmt_elf.c: allocate initialized memory in fill_thread_core_info()
CVE-2020-10751: (unk) selinux: properly handle multiple messages in selinux_netlink_send()
CVE-2020-10766: (unk) x86/speculation: Prevent rogue cross-process SSBD shutdown
CVE-2020-10767: (unk) x86/speculation: Avoid force-disabling IBPB based on STIBP and enhanced IBRS.
CVE-2020-10768: (unk) x86/speculation: PR_SPEC_FORCE_DISABLE enforcement for indirect branches.
CVE-2020-10773: (unk) s390/cmm: fix information leak in cmm_timeout_handler()
CVE-2020-10942: (unk) vhost: Check docket sk_family instead of call getname
CVE-2020-11494: (unk) slcan: Don't transmit uninitialized stack data in padding
CVE-2020-11565: (unk) mm: mempolicy: require at least one nodeid for MPOL_PREFERRED
CVE-2020-11608: (unk) media: ov519: add missing endpoint sanity checks
CVE-2020-11609: (unk) media: stv06xx: add missing descriptor sanity checks
CVE-2020-11668: (unk) media: xirlink_cit: add missing descriptor sanity checks
CVE-2020-11669: (unk) powerpc/powernv/idle: Restore AMR/UAMOR/AMOR after idle
CVE-2020-12114: (unk) make struct mountpoint bear the dentry reference to mountpoint, not struct mount
CVE-2020-12352: (unk) Bluetooth: A2MP: Fix not initializing all members
CVE-2020-12362: (unk) drm/i915/guc: Update to use firmware v49.0.1
CVE-2020-12363: (unk) drm/i915/guc: Update to use firmware v49.0.1
CVE-2020-12364: (unk) drm/i915/guc: Update to use firmware v49.0.1
CVE-2020-12464: (unk) USB: core: Fix free-while-in-use bug in the USB S-Glibrary
CVE-2020-12652: (unk) scsi: mptfusion: Fix double fetch bug in ioctl
CVE-2020-12653: (unk) mwifiex: Fix possible buffer overflows in mwifiex_cmd_append_vsie_tlv()
CVE-2020-12654: (unk) mwifiex: Fix possible buffer overflows in mwifiex_ret_wmm_get_status()
CVE-2020-12655: (unk) xfs: add agf freeblocks verify in xfs_agf_verify
CVE-2020-12656: (unk) sunrpc: check that domain table is empty at module unload.
CVE-2020-12769: (unk) spi: spi-dw: Add lock protect dw_spi rx/tx to prevent concurrent calls
CVE-2020-12770: (unk) scsi: sg: add sg_remove_request in sg_write
CVE-2020-12771: (unk) bcache: fix potential deadlock problem in btree_gc_coalesce
CVE-2020-12826: (unk) signal: Extend exec_id to 64bits
CVE-2020-12888: (unk) vfio-pci: Invalidate mmaps and block MMIO access on disabled memory
CVE-2020-13143: (unk) USB: gadget: fix illegal array access in binding with UDC
CVE-2020-13974: (unk) vt: keyboard: avoid signed integer overflow in k_ascii
CVE-2020-14304: (unk)
CVE-2020-14305: (unk) netfilter: helpers: remove data_len usage for inkernel helpers
CVE-2020-14314: (unk) ext4: fix potential negative array index in do_split()
CVE-2020-14331: (unk) vgacon: Fix for missing check in scrollback handling
CVE-2020-14351: (unk) perf/core: Fix race in the perf_mmap_close() function
CVE-2020-14381: (unk) futex: Fix inode life-time issue
CVE-2020-14390: (unk) fbcon: remove soft scrollback code
CVE-2020-14416: (unk) can, slip: Protect tty->disc_data in write_wakeup and close with RCU
CVE-2020-15393: (unk) usb: usbtest: fix missing kfree(dev->buf) in usbtest_disconnect
CVE-2020-15436: (unk) block: Fix use-after-free in blkdev_get()
CVE-2020-15437: (unk) serial: 8250: fix null-ptr-deref in serial8250_start_tx()
CVE-2020-15802: (unk)
CVE-2020-16120: (unk) ovl: switch to mounter creds in readdir
CVE-2020-16166: (unk) random32: update the net random state on interrupt and activity
CVE-2020-1749: (unk) net: ipv6_stub: use ip6_dst_lookup_flow instead of ip6_dst_lookup
CVE-2020-24502: (unk)
CVE-2020-24503: (unk)
CVE-2020-24586: (unk) mac80211: prevent mixed key and fragment cache attacks
CVE-2020-24587: (unk) mac80211: prevent mixed key and fragment cache attacks
CVE-2020-24588: (unk) cfg80211: mitigate A-MSDU aggregation attacks
CVE-2020-25211: (unk) netfilter: ctnetlink: add a range check for l3/l4 protonum
CVE-2020-25212: (unk) nfs: Fix getxattr kernel panic and memory overflow
CVE-2020-25284: (unk) rbd: require global CAP_SYS_ADMIN for mapping and unmapping
CVE-2020-25285: (unk) mm/hugetlb: fix a race between hugetlb sysctl handlers
CVE-2020-25643: (unk) hdlc_ppp: add range checks in ppp_cp_parse_cr()
CVE-2020-25656: (unk) vt: keyboard, extend func_buf_lock to readers
CVE-2020-25668: (unk) tty: make FONTX ioctl use the tty pointer they were actually passed
CVE-2020-25669: (unk) Input: sunkbd - avoid use-after-free in teardown paths
CVE-2020-25670: (unk) nfc: fix refcount leak in llcp_sock_bind()
CVE-2020-25671: (unk) nfc: fix refcount leak in llcp_sock_connect()
CVE-2020-25672: (unk) nfc: fix memory leak in llcp_sock_connect()
CVE-2020-25673: (unk) nfc: Avoid endless loops caused by repeated llcp_sock_connect()
CVE-2020-25705: (unk) icmp: randomize the global rate limiter
CVE-2020-26088: (unk) net/nfc/rawsock.c: add CAP_NET_RAW check.
CVE-2020-26139: (unk) mac80211: do not accept/forward invalid EAPOL frames
CVE-2020-26140: (unk)
CVE-2020-26141: (unk) ath10k: Fix TKIP Michael MIC verification for PCIe
CVE-2020-26142: (unk)
CVE-2020-26143: (unk)
CVE-2020-26145: (unk) ath10k: drop fragments with multicast DA for PCIe
CVE-2020-26147: (unk) mac80211: assure all fragments are encrypted
CVE-2020-26541: (unk) certs: Add EFI_CERT_X509_GUID support for dbx entries
CVE-2020-26555: (unk) Bluetooth: SMP: Fail if remote and local public keys are identical
CVE-2020-26556: (unk)
CVE-2020-26557: (unk)
CVE-2020-26558: (unk) Bluetooth: SMP: Fail if remote and local public keys are identical
CVE-2020-26559: (unk)
CVE-2020-26560: (unk)
CVE-2020-27066: (unk) xfrm: policy: Fix doulbe free in xfrm_policy_timer
CVE-2020-27067: (unk) l2tp: fix l2tp_eth module loading
CVE-2020-27068: (unk) cfg80211: add missing policy for NL80211_ATTR_STATUS_CODE
CVE-2020-2732: (unk) KVM: nVMX: Don't emulate instructions in guest mode
CVE-2020-27673: (unk) xen/events: add a proper barrier to 2-level uevent unmasking
CVE-2020-27675: (unk) xen/events: avoid removing an event channel while handling it
CVE-2020-27777: (unk) powerpc/rtas: Restrict RTAS requests from userspace
CVE-2020-27786: (unk) ALSA: rawmidi: Fix racy buffer resize under concurrent accesses
CVE-2020-27815: (unk) jfs: Fix array index bounds check in dbAdjTree
CVE-2020-27820: (unk) drm/nouveau: use drm_dev_unplug() during device removal
CVE-2020-27825: (unk) tracing: Fix race in trace_open and buffer resize call
CVE-2020-28097: (unk) vgacon: remove software scrollback support
CVE-2020-28374: (unk) scsi: target: Fix XCOPY NAA identifier lookup
CVE-2020-28915: (unk) fbcon: Fix global-out-of-bounds read in fbcon_get_font()
CVE-2020-28974: (unk) vt: Disable KD_FONT_OP_COPY
CVE-2020-29371: (unk) romfs: fix uninitialized memory leak in romfs_dev_read()
CVE-2020-29374: (unk) gup: document and work around "COW can break either way" issue
CVE-2020-29568: (unk) xen/xenbus: Allow watches discard events before queueing
CVE-2020-29660: (unk) tty: Fix ->session locking
CVE-2020-29661: (unk) tty: Fix ->pgrp locking in tiocspgrp()
CVE-2020-35501: (unk)
CVE-2020-35508: (unk) fork: fix copy_process(CLONE_PARENT) race with the exiting ->real_parent
CVE-2020-35519: (unk) net/x25: prevent a couple of overflows
CVE-2020-36158: (unk) mwifiex: Fix possible buffer overflows in mwifiex_cmd_802_11_ad_hoc_start
CVE-2020-36310: (unk) KVM: SVM: avoid infinite loop on NPF from bad address
CVE-2020-36313: (unk) KVM: Fix out of range accesses to memslots
CVE-2020-36322: (unk) fuse: fix bad inode
CVE-2020-36385: (unk) RDMA/ucma: Rework ucma_migrate_id() to avoid races with destroy
CVE-2020-36386: (unk) Bluetooth: Fix slab-out-of-bounds read in hci_extended_inquiry_result_evt()
CVE-2020-36516: (unk)
CVE-2020-36557: (unk) vt: vt_ioctl: fix VT_DISALLOCATE freeing in-use virtual console
CVE-2020-36558: (unk) vt: vt_ioctl: fix race in VT_RESIZEX
CVE-2020-3702: (unk) ath: Use safer key clearing with key cache entries
CVE-2020-4788: (unk) powerpc/64s: flush L1D on kernel entry
CVE-2020-8647: (unk) vgacon: Fix a UAF in vgacon_invert_region
CVE-2020-8648: (unk) vt: selection, close sel_buffer race
CVE-2020-8649: (unk) vgacon: Fix a UAF in vgacon_invert_region
CVE-2020-8694: (unk) powercap: restrict energy meter to root access
CVE-2020-8832: (unk) drm/i915: Record the default hw state after reset upon load
CVE-2020-9383: (unk) floppy: check FDC index for errors before assigning it
CVE-2021-0129: (unk) Bluetooth: SMP: Fail if remote and local public keys are identical
CVE-2021-0399: (unk)
CVE-2021-0447: (unk) l2tp: protect sock pointer of struct pppol2tp_session with RCU
CVE-2021-0448: (unk) netfilter: ctnetlink: add a range check for l3/l4 protonum
CVE-2021-0512: (unk) HID: make arrays usage and value to be the same
CVE-2021-0605: (unk) af_key: pfkey_dump needs parameter validation
CVE-2021-0920: (unk) af_unix: fix garbage collect vs MSG_PEEK
CVE-2021-0929: (unk) staging/android/ion: delete dma_buf->kmap/unmap implemenation
CVE-2021-0937: (unk) netfilter: x_tables: fix compat match/target pad out-of-bound write
CVE-2021-0941: (unk) bpf: Remove MTU check in __bpf_skb_max_len
CVE-2021-1048: (unk) fix regression in "epoll: Keep a reference on files added to the check list"
CVE-2021-20261: (unk) floppy: fix lock_fdc() signal handling
CVE-2021-20265: (unk) af_unix: fix struct pid memory leak
CVE-2021-20292: (unk) drm/ttm/nouveau: don't call tt destroy callback on alloc failure.
CVE-2021-20317: (unk) lib/timerqueue: Rely on rbtree semantics for next timer
CVE-2021-20321: (unk) ovl: fix missing negative dentry check in ovl_rename()
CVE-2021-21781: (unk) ARM: ensure the signal page contains defined contents
CVE-2021-22543: (unk) KVM: do not allow mapping valid but non-reference-counted pages
CVE-2021-22555: (unk) netfilter: x_tables: fix compat match/target pad out-of-bound write
CVE-2021-26401: (unk) x86/speculation: Use generic retpoline by default on AMD
CVE-2021-26930: (unk) xen-blkback: fix error handling in xen_blkbk_map()
CVE-2021-26931: (unk) xen-blkback: don't "handle" error by BUG()
CVE-2021-26932: (unk) Xen/x86: don't bail early from clear_foreign_p2m_mapping()
CVE-2021-27363: (unk) scsi: iscsi: Restrict sessions and handles to admin capabilities
CVE-2021-27364: (unk) scsi: iscsi: Restrict sessions and handles to admin capabilities
CVE-2021-27365: (unk) scsi: iscsi: Ensure sysfs attributes are limited to PAGE_SIZE
CVE-2021-28038: (unk) Xen/gnttab: handle p2m update errors on a per-slot basis
CVE-2021-28660: (unk) staging: rtl8188eu: prevent ->ssid overflow in rtw_wx_set_scan()
CVE-2021-28688: (unk) xen-blkback: don't leak persistent grants from xen_blkbk_map()
CVE-2021-28711: (unk) xen/blkfront: harden blkfront against event channel storms
CVE-2021-28712: (unk) xen/netfront: harden netfront against event channel storms
CVE-2021-28713: (unk) xen/console: harden hvc_xen against event channel storms
CVE-2021-28715: (unk) xen/netback: don't queue unlimited number of packages
CVE-2021-28964: (unk) btrfs: fix race when cloning extent buffer during rewind of an old root
CVE-2021-28972: (unk) PCI: rpadlpar: Fix potential drc_name corruption in store functions
CVE-2021-29154: (unk) bpf, x86: Validate computation of branch displacements for x86-64
CVE-2021-29155: (unk) bpf: Use correct permission flag for mixed signed bounds arithmetic
CVE-2021-29265: (unk) usbip: fix stub_dev usbip_sockfd_store() races leading to gpf
CVE-2021-29650: (unk) netfilter: x_tables: Use correct memory barriers.
CVE-2021-30002: (unk) media: v4l: ioctl: Fix memory leak in video_usercopy
CVE-2021-3178: (unk) nfsd4: readdirplus shouldn't return parent of export
CVE-2021-31916: (unk) dm ioctl: fix out of bounds array access when no devices
CVE-2021-32078: (unk) ARM: footbridge: remove personal server platform
CVE-2021-32399: (unk) bluetooth: eliminate the potential race condition when removing the HCI controller
CVE-2021-33034: (unk) Bluetooth: verify AMP hci_chan before amp_destroy
CVE-2021-33061: (unk) ixgbe: add improvement for MDD response functionality
CVE-2021-33098: (unk) ixgbe: fix large MTU request from VF
CVE-2021-33655: (unk) fbcon: Disallow setting font bigger than screen size
CVE-2021-33656: (unk) vt: drop old FONT ioctls
CVE-2021-33909: (unk) seq_file: disallow extremely large seq buffer allocations
CVE-2021-34556: (unk) bpf: Introduce BPF nospec instruction for mitigating Spectre v4
CVE-2021-34693: (unk) can: bcm: fix infoleak in struct bcm_msg_head
CVE-2021-3483: (unk) firewire: nosy: Fix a use-after-free bug in nosy_ioctl()
CVE-2021-34981: (unk) Bluetooth: cmtp: fix file refcount when cmtp_attach_device fails
CVE-2021-3506: (unk) f2fs: fix to avoid out-of-bounds memory access
CVE-2021-3542: (unk)
CVE-2021-35477: (unk) bpf: Introduce BPF nospec instruction for mitigating Spectre v4
CVE-2021-3564: (unk) Bluetooth: fix the erroneous flush_work() order
CVE-2021-3573: (unk) Bluetooth: use correct lock to prevent UAF of hdev object
CVE-2021-3587: (unk) nfc: fix NULL ptr dereference in llcp_sock_getname() after failed connect
CVE-2021-3609: (unk) can: bcm: delay release of struct bcm_op after synchronize_rcu()
CVE-2021-3612: (unk) Input: joydev - prevent potential read overflow in ioctl
CVE-2021-3640: (unk) Bluetooth: sco: Fix lock_sock() blockage by memcpy_from_msg()
CVE-2021-3653: (unk) KVM: nSVM: avoid picking up unsupported bits from L2 in int_ctl (CVE-2021-3653)
CVE-2021-3655: (unk) sctp: validate from_addr_param return
CVE-2021-3659: (unk) net: mac802154: Fix general protection fault
CVE-2021-3669: (unk) ipc: replace costly bailout check in sysvipc_find_ipc()
CVE-2021-3679: (unk) tracing: Fix bug in rb_per_cpu_empty() that might cause deadloop.
CVE-2021-3714: (unk)
CVE-2021-3715: (unk) net_sched: cls_route: remove the right filter from hashtable
CVE-2021-37159: (unk) usb: hso: fix error handling code of hso_create_net_device
CVE-2021-3732: (unk) ovl: prevent private clone if bind mount is not allowed
CVE-2021-3752: (unk) Bluetooth: fix use-after-free error in lock_sock_nested()
CVE-2021-3753: (unk) vt_kdsetmode: extend console locking
CVE-2021-37576: (unk) KVM: PPC: Book3S: Fix H_RTAS rets buffer overflow
CVE-2021-3772: (unk) sctp: use init_tag from inithdr for ABORT chunk
CVE-2021-38160: (unk) virtio_console: Assure used length from device is limited
CVE-2021-38198: (unk) KVM: X86: MMU: Use the correct inherited permissions to get shadow page
CVE-2021-38204: (unk) usb: max-3421: Prevent corruption of freed memory
CVE-2021-38205: (unk) net: xilinx_emaclite: Do not print real IOMEM pointer
CVE-2021-38208: (unk) nfc: fix NULL ptr dereference in llcp_sock_getname() after failed connect
CVE-2021-38300: (unk) bpf, mips: Validate conditional branch offsets
CVE-2021-3847: (unk)
CVE-2021-3864: (unk)
CVE-2021-3892: (unk)
CVE-2021-3896: (unk) isdn: cpai: check ctr->cnr to avoid array index out of bound
CVE-2021-39633: (unk) ip_gre: add validation for csum_start
CVE-2021-39634: (unk) epoll: do not insert into poll queues until all sanity checks are done
CVE-2021-39636: (unk) netfilter: x_tables: fix pointer leaks to userspace
CVE-2021-39648: (unk) usb: gadget: configfs: Fix use-after-free issue with udc_name
CVE-2021-39657: (unk) scsi: ufs: Correct the LUN used in eh_device_reset_handler() callback
CVE-2021-39685: (unk) USB: gadget: detect too-big endpoint 0 requests
CVE-2021-39686: (unk) binder: use euid from cred instead of using task
CVE-2021-39698: (unk) wait: add wake_up_pollfree()
CVE-2021-39714: (unk) staging: android: ion: Drop ion_map_kernel interface
CVE-2021-39800: (unk)
CVE-2021-39801: (unk)
CVE-2021-4002: (unk) hugetlbfs: flush TLBs correctly after huge_pmd_unshare
CVE-2021-4023: (unk) io-wq: fix cancellation on create-worker failure
CVE-2021-4037: (unk) xfs: fix up non-directory creation in SGID directories
CVE-2021-40490: (unk) ext4: fix race writing to an inline_data file while its xattrs are changing
CVE-2021-4083: (unk) fget: check that the fd still exists after getting a ref to it
CVE-2021-4149: (unk) btrfs: unlock newly allocated extent buffer after error
CVE-2021-4150: (unk) block: fix incorrect references to disk objects
CVE-2021-4155: (unk) xfs: map unwritten blocks in XFS_IOC_{ALLOC,FREE}SP just like fallocate
CVE-2021-4159: (unk) bpf: Verifer, adjust_scalar_min_max_vals to always call update_reg_bounds()
CVE-2021-42008: (unk) net: 6pack: fix slab-out-of-bounds in decode_data
CVE-2021-4202: (unk) NFC: reorganize the functions in nci_request
CVE-2021-4203: (unk) af_unix: fix races in sk_peer_pid and sk_peer_cred accesses
CVE-2021-4218: (unk) sysctl: pass kernel pointers to ->proc_handler
CVE-2021-42739: (unk) media: firewire: firedtv-avc: fix a buffer overflow in avc_ca_pmt()
CVE-2021-43389: (unk) isdn: cpai: check ctr->cnr to avoid array index out of bound
CVE-2021-43975: (unk) atlantic: Fix OOB read and write in hw_atl_utils_fw_rpc_wait
CVE-2021-43976: (unk) mwifiex: Fix skb_over_panic in mwifiex_usb_recv()
CVE-2021-44879: (unk) f2fs: fix to do sanity check on inode type during garbage collection
CVE-2021-45095: (unk) phonet: refcount leak in pep_sock_accep
CVE-2021-45469: (unk) f2fs: fix to do sanity check on last xattr entry in __f2fs_setxattr()
CVE-2021-45485: (unk) ipv6: use prandom_u32() for ID generation
CVE-2021-45486: (unk) inet: use bigger hash table for IP ID generation
CVE-2021-45868: (unk) quota: check block number when reading the block in quota file
CVE-2022-0001: (unk) x86/speculation: Rename RETPOLINE_AMD to RETPOLINE_LFENCE
CVE-2022-0002: (unk) x86/speculation: Rename RETPOLINE_AMD to RETPOLINE_LFENCE
CVE-2022-0168: (unk) cifs: fix NULL ptr dereference in smb2_ioctl_query_info()
CVE-2022-0330: (unk) drm/i915: Flush TLBs before releasing backing store
CVE-2022-0382: (unk) net ticp:fix a kernel-infoleak in __tipc_sendmsg()
CVE-2022-0400: (unk)
CVE-2022-0480: (unk) memcg: enable accounting for file lock caches
CVE-2022-0487: (unk) moxart: fix potential use-after-free on remove path
CVE-2022-0492: (unk) cgroup-v1: Require capabilities to set release_agent
CVE-2022-0494: (unk) block-map: add __GFP_ZERO flag for alloc_page in function bio_copy_kern
CVE-2022-0850: (unk) ext4: fix kernel infoleak via ext4_extent_header
CVE-2022-1011: (unk) fuse: fix pipe buffer lifetime for direct_io
CVE-2022-1012: (unk) secure_seq: use the 64 bits of the siphash for port offset calculation
CVE-2022-1016: (unk) netfilter: nf_tables: initialize registers in nft_do_chain()
CVE-2022-1048: (unk) ALSA: pcm: Fix races among concurrent hw_params and hw_free calls
CVE-2022-1116: (unk)
CVE-2022-1184: (unk) ext4: verify dir block before splitting it
CVE-2022-1195: (unk) hamradio: improve the incomplete fix to avoid NPD
CVE-2022-1198: (unk) drivers: hamradio: 6pack: fix UAF bug caused by mod_timer()
CVE-2022-1199: (unk) ax25: Fix NULL pointer dereference in ax25_kill_by_device
CVE-2022-1204: (unk) ax25: Fix refcount leaks caused by ax25_cb_del()
CVE-2022-1247: (unk)
CVE-2022-1263: (unk) KVM: avoid NULL pointer dereference in kvm_dirty_ring_push
CVE-2022-1280: (unk) drm: avoid circular locks in drm_mode_getconnector
CVE-2022-1353: (unk) af_key: add __GFP_ZERO flag for compose_sadb_supported in function pfkey_register
CVE-2022-1462: (unk) tty: use new tty_insert_flip_string_and_push_buffer() in pty_write()
CVE-2022-1508: (unk) io_uring: reexpand under-reexpanded iters
CVE-2022-1652: (unk) floppy: use a statically allocated error counter
CVE-2022-1679: (unk) ath9k: fix use-after-free in ath9k_hif_usb_rx_cb
CVE-2022-1786: (unk) io_uring: remove io_identity
CVE-2022-1836: (unk) floppy: disable FDRAWCMD by default
CVE-2022-1966: (unk) netfilter: nf_tables: disallow non-stateful expression in sets earlier
CVE-2022-1974: (unk) nfc: replace improper check device_is_registered() in netlink related functions
CVE-2022-1975: (unk) NFC: netlink: fix sleep in atomic bug when firmware download timeout
CVE-2022-20132: (unk) HID: add hid_is_usb() function to make it simpler for USB detection
CVE-2022-20141: (unk) igmp: Add ip_mc_list lock in ip_check_mc_rcu
CVE-2022-20148: (unk) f2fs: fix UAF in f2fs_available_free_memory
CVE-2022-20158: (unk) net/packet: fix slab-out-of-bounds access in packet_recvmsg()
CVE-2022-20166: (unk) drivers core: Use sysfs_emit and sysfs_emit_at for show(device *...) functions
CVE-2022-20368: (unk) net/packet: fix slab-out-of-bounds access in packet_recvmsg()
CVE-2022-20369: (unk) media: v4l2-mem2mem: Apply DST_QUEUE_OFF_BASE on MMAP buffers across ioctls
CVE-2022-20424: (unk) io_uring: remove io_identity
CVE-2022-20565: (unk) HID: core: Correctly handle ReportSize being zero
CVE-2022-20566: (unk) Bluetooth: L2CAP: Fix use-after-free caused by l2cap_chan_put
CVE-2022-20572: (unk) dm verity: set DM_TARGET_IMMUTABLE feature flag
CVE-2022-21123: (unk) x86/speculation/mmio: Add mitigation for Processor MMIO Stale Data
CVE-2022-21125: (unk) x86/speculation/mmio: Reuse SRBDS mitigation for SBDS
CVE-2022-21166: (unk) x86/speculation/mmio: Enable CPU Fill buffer clearing on idle
CVE-2022-21385: (unk) net/rds: fix warn in rds_message_alloc_sgs
CVE-2022-21499: (unk) lockdown: also lock down previous kgdb use
CVE-2022-2153: (unk) KVM: x86: Avoid theoretical NULL pointer dereference in kvm_irq_delivery_to_apic_fast()
CVE-2022-2209: (unk)
CVE-2022-23036: (unk) xen/grant-table: add gnttab_try_end_foreign_access()
CVE-2022-23037: (unk) xen/netfront: don't use gnttab_query_foreign_access() for mapped status
CVE-2022-23038: (unk) xen/grant-table: add gnttab_try_end_foreign_access()
CVE-2022-23039: (unk) xen/gntalloc: don't use gnttab_query_foreign_access()
CVE-2022-23040: (unk) xen/xenbus: don't let xenbus_grant_ring() remove grants in error case
CVE-2022-23042: (unk) xen/netfront: react properly to failing gnttab_end_foreign_access_ref()
CVE-2022-2318: (unk) net: rose: fix UAF bugs caused by timer handler
CVE-2022-23222: (unk) bpf: Replace PTR_TO_XXX_OR_NULL with PTR_TO_XXX | PTR_MAYBE_NULL
CVE-2022-2327: (unk) io_uring: remove any grabbing of context
CVE-2022-2380: (unk) video: fbdev: sm712fb: Fix crash in smtcfb_read()
CVE-2022-23816: (unk) x86/kvm/vmx: Make noinstr clean
CVE-2022-23825: (unk)
CVE-2022-23960: (unk) ARM: report Spectre v2 status through sysfs
CVE-2022-24448: (unk) NFSv4: Handle case where the lookup of a directory fails
CVE-2022-24958: (unk) usb: gadget: don't release an existing dev->buf
CVE-2022-2503: (unk) dm verity: set DM_TARGET_IMMUTABLE feature flag
CVE-2022-25258: (unk) USB: gadget: validate interface OS descriptor requests
CVE-2022-25265: (unk)
CVE-2022-25375: (unk) usb: gadget: rndis: check size of RNDIS_MSG_SET command
CVE-2022-2586: (unk) netfilter: nf_tables: do not allow SET_ID to refer to another table
CVE-2022-2588: (unk) net_sched: cls_route: remove from list when handle is 0
CVE-2022-26365: (unk) xen/blkfront: fix leaking data in shared pages
CVE-2022-26373: (unk) x86/speculation: Add RSB VM Exit protections
CVE-2022-2663: (unk) netfilter: nf_conntrack_irc: Fix forged IP logic
CVE-2022-26966: (unk) sr9700: sanity check for packet length
CVE-2022-27223: (unk) USB: gadget: validate endpoint index for xilinx udc
CVE-2022-28356: (unk) llc: fix netdevice reference leaks in llc_ui_bind()
CVE-2022-28388: (unk) can: usb_8dev: usb_8dev_start_xmit(): fix double dev_kfree_skb() in error path
CVE-2022-28390: (unk) can: ems_usb: ems_usb_start_xmit(): fix double dev_kfree_skb() in error path
CVE-2022-2961: (unk)
CVE-2022-2964: (unk) net: usb: ax88179_178a: Fix out-of-bounds accesses in RX fixup
CVE-2022-2978: (unk) fs: fix UAF/GPF bug in nilfs_mdt_destroy
CVE-2022-29900: (unk) x86/kvm/vmx: Make noinstr clean
CVE-2022-29901: (unk) x86/kvm/vmx: Make noinstr clean
CVE-2022-3028: (unk) af_key: Do not call xfrm_probe_algs in parallel
CVE-2022-3061: (unk) video: fbdev: i740fb: Error out if 'pixclock' equals zero
CVE-2022-3111: (unk) power: supply: wm8350-power: Add missing free in free_charger_irq
CVE-2022-3169: (unk) nvme: ensure subsystem reset is single threaded
CVE-2022-3202: (unk) jfs: prevent NULL deref in diFree
CVE-2022-32296: (unk) tcp: increase source port perturb table to 2^16
CVE-2022-3239: (unk) media: em28xx: initialize refcount before kref_get
CVE-2022-32981: (unk) powerpc/32: Fix overread/overwrite of thread_struct via ptrace
CVE-2022-3303: (unk) ALSA: pcm: oss: Fix race at SNDCTL_DSP_SYNC
CVE-2022-3344: (unk) KVM: x86: nSVM: harden svm_free_nested against freeing vmcb02 while still in use
CVE-2022-33740: (unk) xen/netfront: fix leaking data in shared pages
CVE-2022-33741: (unk) xen/netfront: force data bouncing when backend is untrusted
CVE-2022-33742: (unk) xen/blkfront: force data bouncing when backend is untrusted
CVE-2022-33744: (unk) xen/arm: Fix race in RB-tree based P2M accounting
CVE-2022-33981: (unk) floppy: disable FDRAWCMD by default
CVE-2022-3424: (unk) misc: sgi-gru: fix use-after-free error in gru_set_context_option, gru_fault and gru_handle_user_call_os
CVE-2022-3522: (unk) mm/hugetlb: use hugetlb_pte_stable in migration race check
CVE-2022-3523: (unk) mm/memory.c: fix race when faulting a device private page
CVE-2022-3524: (unk) tcp/udp: Fix memory leak in ipv6_renew_options().
CVE-2022-3534: (unk) libbpf: Fix use-after-free in btf_dump_name_dups
CVE-2022-3542: (unk) bnx2x: fix potential memory leak in bnx2x_tpa_stop()
CVE-2022-3545: (unk) nfp: fix use-after-free in area_cache_get()
CVE-2022-3564: (unk) Bluetooth: L2CAP: Fix use-after-free caused by l2cap_reassemble_sdu
CVE-2022-3565: (unk) mISDN: fix use-after-free bugs in l1oip timer handlers
CVE-2022-3566: (unk) tcp: Fix data races around icsk->icsk_af_ops.
CVE-2022-3567: (unk) ipv6: Fix data races around sk->sk_prot.
CVE-2022-3586: (unk) sch_sfb: Don't assume the skb is still around after enqueueing to child
CVE-2022-3594: (unk) r8152: Rate limit overflow messages
CVE-2022-3595: (unk) cifs: fix double-fault crash during ntlmssp
CVE-2022-36123: (unk) x86: Clear .brk area at early boot
CVE-2022-3621: (unk) nilfs2: fix NULL pointer dereference at nilfs_bmap_lookup_at_level()
CVE-2022-3624: (unk) bonding: fix reference count leak in balance-alb mode
CVE-2022-3628: (unk) wifi: brcmfmac: Fix potential buffer overflow in brcmf_fweh_event_worker()
CVE-2022-36280: (unk) drm/vmwgfx: Validate the box size for the snooped cursor
CVE-2022-3629: (unk) vsock: Fix memory leak in vsock_connect()
CVE-2022-3635: (unk) atm: idt77252: fix use-after-free bugs caused by tst_timer
CVE-2022-3636: (unk) net: ethernet: mtk_eth_soc: use after free in __mtk_ppe_check_skb()
CVE-2022-36402: (unk)
CVE-2022-3642: (unk)
CVE-2022-3646: (unk) nilfs2: fix leak of nilfs_root in case of writer thread creation failure
CVE-2022-3649: (unk) nilfs2: fix use-after-free bug of struct nilfs_root
CVE-2022-36879: (unk) xfrm: xfrm_policy: fix a possible double xfrm_pols_put() in xfrm_bundle_lookup()
CVE-2022-36946: (unk) netfilter: nf_queue: do not allow packet truncation below transport header offset
CVE-2022-38096: (unk)
CVE-2022-38457: (unk)
CVE-2022-3903: (unk) media: mceusb: Use new usb_control_msg_*() routines
CVE-2022-39188: (unk) mmu_gather: Force tlb-flush VM_PFNMAP vmas
CVE-2022-39842: (unk) video: fbdev: pxa3xx-gcu: Fix integer overflow in pxa3xx_gcu_write
CVE-2022-40133: (unk)
CVE-2022-40768: (unk) scsi: stex: Properly zero out the passthrough command structure
CVE-2022-4095: (unk) staging: rtl8712: fix use after free bugs
CVE-2022-41218: (unk) media: dvb-core: Fix UAF due to refcount races at releasing
CVE-2022-41222: (unk) mm/mremap: hold the rmap lock in write mode when moving page table entries.
CVE-2022-4129: (unk) l2tp: Serialize access to sk_user_data with sk_callback_lock
CVE-2022-41848: (unk)
CVE-2022-41849: (unk) fbdev: smscufx: Fix use-after-free in ufx_ops_open()
CVE-2022-41850: (unk) HID: roccat: Fix use-after-free in roccat_read()
CVE-2022-41858: (unk) drivers: net: slip: fix NPD bug in sl_tx_timeout()
CVE-2022-4269: (unk)
CVE-2022-42895: (unk) Bluetooth: L2CAP: Fix attempting to access uninitialized memory
CVE-2022-42896: (unk) Bluetooth: L2CAP: Fix accepting connection request for invalid SPSM
CVE-2022-43750: (unk) usb: mon: make mmapped memory read only
CVE-2022-4382: (unk)
CVE-2022-44032: (unk)
CVE-2022-44033: (unk)
CVE-2022-44034: (unk)
CVE-2022-4543: (unk)
CVE-2022-45884: (unk)
CVE-2022-45885: (unk)
CVE-2022-45886: (unk)
CVE-2022-45887: (unk)
CVE-2022-45919: (unk)
CVE-2022-45934: (unk) Bluetooth: L2CAP: Fix u8 overflow
CVE-2022-4662: (unk) USB: core: Prevent nested device-reset calls
CVE-2022-4696: (unk) io_uring: remove any grabbing of context
CVE-2022-47929: (unk) net: sched: disallow noqueue for qdisc classes
CVE-2023-0030: (unk) drm/nouveau/mmu: add more general vmm free/node handling functions
CVE-2023-0047: (unk) mm, oom: do not trigger out_of_memory from the #PF
CVE-2023-0266: (unk) ALSA: pcm: Move rwsem lock inside snd_ctl_elem_read to prevent UAF
CVE-2023-0394: (unk) ipv6: raw: Deduct extension header length in rawv6_push_pending_frames
CVE-2023-23454: (unk) net: sched: cbq: dont intepret cls results when asked to drop
CVE-2023-23455: (unk) net: sched: atm: dont intepret cls results when asked to drop
CVE-2023-23559: (unk)