Added 5.18
[ci skip]
diff --git a/CHANGES.md b/CHANGES.md
index d85a715..3fd0bdf 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -1,41 +1,25 @@
# **Linux Kernel CVE Changes**
-## Last Update - 09Jun22 16:24
+## Last Update - 10Jun22 19:26
### **New CVEs Added:**
-[CVE-2022-1973](cves/CVE-2022-1973)
-[CVE-2022-1974](cves/CVE-2022-1974)
-[CVE-2022-1975](cves/CVE-2022-1975)
-[CVE-2022-1998](cves/CVE-2022-1998)
-[CVE-2022-20132](cves/CVE-2022-20132)
-[CVE-2022-20141](cves/CVE-2022-20141)
-[CVE-2022-20148](cves/CVE-2022-20148)
-[CVE-2022-20153](cves/CVE-2022-20153)
-[CVE-2022-20154](cves/CVE-2022-20154)
-[CVE-2022-20166](cves/CVE-2022-20166)
-[CVE-2022-32296](cves/CVE-2022-32296)
+[CVE-2022-21499](cves/CVE-2022-21499)
### **New Versions Checked:**
-[4.14.282](streams/4.14)
-[4.19.246](streams/4.19)
-[4.9.317](streams/4.9)
-[5.10.121](streams/5.10)
-[5.15.46](streams/5.15)
-[5.17.14](streams/5.17)
-[5.19-rc1](streams/5.19-rc1)
-[5.4.197](streams/5.4)
+[5.18.3](streams/5.18)
### **Updated CVEs:**
-[CVE-2022-0494](cves/CVE-2022-0494)
-[CVE-2022-1012](cves/CVE-2022-1012)
+[CVE-2022-1729](cves/CVE-2022-1729)
+[CVE-2022-1789](cves/CVE-2022-1789)
[CVE-2022-1852](cves/CVE-2022-1852)
[CVE-2022-1966](cves/CVE-2022-1966)
[CVE-2022-1972](cves/CVE-2022-1972)
-[CVE-2022-1678](cves/CVE-2022-1678)
-[CVE-2022-1882](cves/CVE-2022-1882)
+[CVE-2022-1973](cves/CVE-2022-1973)
+[CVE-2022-1419](cves/CVE-2022-1419)
+[CVE-2022-1998](cves/CVE-2022-1998)
diff --git a/data/3.12/3.12_CVEs.txt b/data/3.12/3.12_CVEs.txt
index 19a1bc5..70fc8c1 100644
--- a/data/3.12/3.12_CVEs.txt
+++ b/data/3.12/3.12_CVEs.txt
@@ -1153,6 +1153,7 @@
CVE-2022-20153: Fix not seen in stream
CVE-2022-20154: Fix not seen in stream
CVE-2022-20166: Fix not seen in stream
+CVE-2022-21499: Fix not seen in stream
CVE-2022-23036: Fix not seen in stream
CVE-2022-23037: Fix not seen in stream
CVE-2022-23038: Fix not seen in stream
diff --git a/data/3.12/3.12_security.txt b/data/3.12/3.12_security.txt
index 81e4be1..6db8af1 100644
--- a/data/3.12/3.12_security.txt
+++ b/data/3.12/3.12_security.txt
@@ -1291,6 +1291,7 @@
CVE-2022-20153: (unk) io_uring: return back safer resurrect
CVE-2022-20154: (unk) sctp: use call_rcu to free endpoint
CVE-2022-20166: (unk) drivers core: Use sysfs_emit and sysfs_emit_at for show(device *...) functions
+ CVE-2022-21499: (unk) lockdown: also lock down previous kgdb use
CVE-2022-23036: (unk) xen/grant-table: add gnttab_try_end_foreign_access()
CVE-2022-23037: (unk) xen/netfront: don't use gnttab_query_foreign_access() for mapped status
CVE-2022-23038: (unk) xen/grant-table: add gnttab_try_end_foreign_access()
diff --git a/data/3.14/3.14_CVEs.txt b/data/3.14/3.14_CVEs.txt
index f688a18..eac2db4 100644
--- a/data/3.14/3.14_CVEs.txt
+++ b/data/3.14/3.14_CVEs.txt
@@ -1119,6 +1119,7 @@
CVE-2022-20153: Fix not seen in stream
CVE-2022-20154: Fix not seen in stream
CVE-2022-20166: Fix not seen in stream
+CVE-2022-21499: Fix not seen in stream
CVE-2022-23036: Fix not seen in stream
CVE-2022-23037: Fix not seen in stream
CVE-2022-23038: Fix not seen in stream
diff --git a/data/3.14/3.14_security.txt b/data/3.14/3.14_security.txt
index 2940471..87efe12 100644
--- a/data/3.14/3.14_security.txt
+++ b/data/3.14/3.14_security.txt
@@ -1253,6 +1253,7 @@
CVE-2022-20153: (unk) io_uring: return back safer resurrect
CVE-2022-20154: (unk) sctp: use call_rcu to free endpoint
CVE-2022-20166: (unk) drivers core: Use sysfs_emit and sysfs_emit_at for show(device *...) functions
+ CVE-2022-21499: (unk) lockdown: also lock down previous kgdb use
CVE-2022-23036: (unk) xen/grant-table: add gnttab_try_end_foreign_access()
CVE-2022-23037: (unk) xen/netfront: don't use gnttab_query_foreign_access() for mapped status
CVE-2022-23038: (unk) xen/grant-table: add gnttab_try_end_foreign_access()
diff --git a/data/3.16/3.16_CVEs.txt b/data/3.16/3.16_CVEs.txt
index 911548c..aa67aa0 100644
--- a/data/3.16/3.16_CVEs.txt
+++ b/data/3.16/3.16_CVEs.txt
@@ -1100,6 +1100,7 @@
CVE-2022-20153: Fix not seen in stream
CVE-2022-20154: Fix not seen in stream
CVE-2022-20166: Fix not seen in stream
+CVE-2022-21499: Fix not seen in stream
CVE-2022-23036: Fix not seen in stream
CVE-2022-23037: Fix not seen in stream
CVE-2022-23038: Fix not seen in stream
diff --git a/data/3.16/3.16_security.txt b/data/3.16/3.16_security.txt
index 2ca6446..f71938d 100644
--- a/data/3.16/3.16_security.txt
+++ b/data/3.16/3.16_security.txt
@@ -1206,6 +1206,7 @@
CVE-2022-20153: (unk) io_uring: return back safer resurrect
CVE-2022-20154: (unk) sctp: use call_rcu to free endpoint
CVE-2022-20166: (unk) drivers core: Use sysfs_emit and sysfs_emit_at for show(device *...) functions
+ CVE-2022-21499: (unk) lockdown: also lock down previous kgdb use
CVE-2022-23036: (unk) xen/grant-table: add gnttab_try_end_foreign_access()
CVE-2022-23037: (unk) xen/netfront: don't use gnttab_query_foreign_access() for mapped status
CVE-2022-23038: (unk) xen/grant-table: add gnttab_try_end_foreign_access()
diff --git a/data/3.18/3.18_CVEs.txt b/data/3.18/3.18_CVEs.txt
index 1086ad3..7f3401f 100644
--- a/data/3.18/3.18_CVEs.txt
+++ b/data/3.18/3.18_CVEs.txt
@@ -1084,6 +1084,7 @@
CVE-2022-20153: Fix not seen in stream
CVE-2022-20154: Fix not seen in stream
CVE-2022-20166: Fix not seen in stream
+CVE-2022-21499: Fix not seen in stream
CVE-2022-23036: Fix not seen in stream
CVE-2022-23037: Fix not seen in stream
CVE-2022-23038: Fix not seen in stream
diff --git a/data/3.18/3.18_security.txt b/data/3.18/3.18_security.txt
index c438fa6..7472a34 100644
--- a/data/3.18/3.18_security.txt
+++ b/data/3.18/3.18_security.txt
@@ -1318,6 +1318,7 @@
CVE-2022-20153: (unk) io_uring: return back safer resurrect
CVE-2022-20154: (unk) sctp: use call_rcu to free endpoint
CVE-2022-20166: (unk) drivers core: Use sysfs_emit and sysfs_emit_at for show(device *...) functions
+ CVE-2022-21499: (unk) lockdown: also lock down previous kgdb use
CVE-2022-23036: (unk) xen/grant-table: add gnttab_try_end_foreign_access()
CVE-2022-23037: (unk) xen/netfront: don't use gnttab_query_foreign_access() for mapped status
CVE-2022-23038: (unk) xen/grant-table: add gnttab_try_end_foreign_access()
diff --git a/data/3.2/3.2_CVEs.txt b/data/3.2/3.2_CVEs.txt
index df2af4b..ebeadca 100644
--- a/data/3.2/3.2_CVEs.txt
+++ b/data/3.2/3.2_CVEs.txt
@@ -1139,6 +1139,7 @@
CVE-2022-20153: Fix not seen in stream
CVE-2022-20154: Fix not seen in stream
CVE-2022-20166: Fix not seen in stream
+CVE-2022-21499: Fix not seen in stream
CVE-2022-23036: Fix not seen in stream
CVE-2022-23037: Fix not seen in stream
CVE-2022-23038: Fix not seen in stream
diff --git a/data/3.2/3.2_security.txt b/data/3.2/3.2_security.txt
index 1c968e2..ccffd4c 100644
--- a/data/3.2/3.2_security.txt
+++ b/data/3.2/3.2_security.txt
@@ -1295,6 +1295,7 @@
CVE-2022-20153: (unk) io_uring: return back safer resurrect
CVE-2022-20154: (unk) sctp: use call_rcu to free endpoint
CVE-2022-20166: (unk) drivers core: Use sysfs_emit and sysfs_emit_at for show(device *...) functions
+ CVE-2022-21499: (unk) lockdown: also lock down previous kgdb use
CVE-2022-23036: (unk) xen/grant-table: add gnttab_try_end_foreign_access()
CVE-2022-23037: (unk) xen/netfront: don't use gnttab_query_foreign_access() for mapped status
CVE-2022-23038: (unk) xen/grant-table: add gnttab_try_end_foreign_access()
diff --git a/data/4.1/4.1_CVEs.txt b/data/4.1/4.1_CVEs.txt
index e032f40..3f5b777 100644
--- a/data/4.1/4.1_CVEs.txt
+++ b/data/4.1/4.1_CVEs.txt
@@ -1040,6 +1040,7 @@
CVE-2022-20153: Fix not seen in stream
CVE-2022-20154: Fix not seen in stream
CVE-2022-20166: Fix not seen in stream
+CVE-2022-21499: Fix not seen in stream
CVE-2022-23036: Fix not seen in stream
CVE-2022-23037: Fix not seen in stream
CVE-2022-23038: Fix not seen in stream
diff --git a/data/4.1/4.1_security.txt b/data/4.1/4.1_security.txt
index 299c5e2..dbc8a7c 100644
--- a/data/4.1/4.1_security.txt
+++ b/data/4.1/4.1_security.txt
@@ -1136,6 +1136,7 @@
CVE-2022-20153: (unk) io_uring: return back safer resurrect
CVE-2022-20154: (unk) sctp: use call_rcu to free endpoint
CVE-2022-20166: (unk) drivers core: Use sysfs_emit and sysfs_emit_at for show(device *...) functions
+ CVE-2022-21499: (unk) lockdown: also lock down previous kgdb use
CVE-2022-23036: (unk) xen/grant-table: add gnttab_try_end_foreign_access()
CVE-2022-23037: (unk) xen/netfront: don't use gnttab_query_foreign_access() for mapped status
CVE-2022-23038: (unk) xen/grant-table: add gnttab_try_end_foreign_access()
diff --git a/data/4.10/4.10_CVEs.txt b/data/4.10/4.10_CVEs.txt
index b84a638..bc5ba7b 100644
--- a/data/4.10/4.10_CVEs.txt
+++ b/data/4.10/4.10_CVEs.txt
@@ -931,6 +931,7 @@
CVE-2022-20153: Fix not seen in stream
CVE-2022-20154: Fix not seen in stream
CVE-2022-20166: Fix not seen in stream
+CVE-2022-21499: Fix not seen in stream
CVE-2022-23036: Fix not seen in stream
CVE-2022-23037: Fix not seen in stream
CVE-2022-23038: Fix not seen in stream
diff --git a/data/4.10/4.10_security.txt b/data/4.10/4.10_security.txt
index 748df37..6063536 100644
--- a/data/4.10/4.10_security.txt
+++ b/data/4.10/4.10_security.txt
@@ -965,6 +965,7 @@
CVE-2022-20153: (unk) io_uring: return back safer resurrect
CVE-2022-20154: (unk) sctp: use call_rcu to free endpoint
CVE-2022-20166: (unk) drivers core: Use sysfs_emit and sysfs_emit_at for show(device *...) functions
+ CVE-2022-21499: (unk) lockdown: also lock down previous kgdb use
CVE-2022-23036: (unk) xen/grant-table: add gnttab_try_end_foreign_access()
CVE-2022-23037: (unk) xen/netfront: don't use gnttab_query_foreign_access() for mapped status
CVE-2022-23038: (unk) xen/grant-table: add gnttab_try_end_foreign_access()
diff --git a/data/4.11/4.11_CVEs.txt b/data/4.11/4.11_CVEs.txt
index a040cb3..ee7e5f5 100644
--- a/data/4.11/4.11_CVEs.txt
+++ b/data/4.11/4.11_CVEs.txt
@@ -901,6 +901,7 @@
CVE-2022-20153: Fix not seen in stream
CVE-2022-20154: Fix not seen in stream
CVE-2022-20166: Fix not seen in stream
+CVE-2022-21499: Fix not seen in stream
CVE-2022-23036: Fix not seen in stream
CVE-2022-23037: Fix not seen in stream
CVE-2022-23038: Fix not seen in stream
diff --git a/data/4.11/4.11_security.txt b/data/4.11/4.11_security.txt
index 144218a..85aea1b 100644
--- a/data/4.11/4.11_security.txt
+++ b/data/4.11/4.11_security.txt
@@ -923,6 +923,7 @@
CVE-2022-20153: (unk) io_uring: return back safer resurrect
CVE-2022-20154: (unk) sctp: use call_rcu to free endpoint
CVE-2022-20166: (unk) drivers core: Use sysfs_emit and sysfs_emit_at for show(device *...) functions
+ CVE-2022-21499: (unk) lockdown: also lock down previous kgdb use
CVE-2022-23036: (unk) xen/grant-table: add gnttab_try_end_foreign_access()
CVE-2022-23037: (unk) xen/netfront: don't use gnttab_query_foreign_access() for mapped status
CVE-2022-23038: (unk) xen/grant-table: add gnttab_try_end_foreign_access()
diff --git a/data/4.12/4.12_CVEs.txt b/data/4.12/4.12_CVEs.txt
index 8c38f65..32e021d 100644
--- a/data/4.12/4.12_CVEs.txt
+++ b/data/4.12/4.12_CVEs.txt
@@ -880,6 +880,7 @@
CVE-2022-20153: Fix not seen in stream
CVE-2022-20154: Fix not seen in stream
CVE-2022-20166: Fix not seen in stream
+CVE-2022-21499: Fix not seen in stream
CVE-2022-23036: Fix not seen in stream
CVE-2022-23037: Fix not seen in stream
CVE-2022-23038: Fix not seen in stream
diff --git a/data/4.12/4.12_security.txt b/data/4.12/4.12_security.txt
index a975319..ceeb3fe 100644
--- a/data/4.12/4.12_security.txt
+++ b/data/4.12/4.12_security.txt
@@ -906,6 +906,7 @@
CVE-2022-20153: (unk) io_uring: return back safer resurrect
CVE-2022-20154: (unk) sctp: use call_rcu to free endpoint
CVE-2022-20166: (unk) drivers core: Use sysfs_emit and sysfs_emit_at for show(device *...) functions
+ CVE-2022-21499: (unk) lockdown: also lock down previous kgdb use
CVE-2022-23036: (unk) xen/grant-table: add gnttab_try_end_foreign_access()
CVE-2022-23037: (unk) xen/netfront: don't use gnttab_query_foreign_access() for mapped status
CVE-2022-23038: (unk) xen/grant-table: add gnttab_try_end_foreign_access()
diff --git a/data/4.13/4.13_CVEs.txt b/data/4.13/4.13_CVEs.txt
index 0ef5749..a2c9633 100644
--- a/data/4.13/4.13_CVEs.txt
+++ b/data/4.13/4.13_CVEs.txt
@@ -863,6 +863,7 @@
CVE-2022-20153: Fix not seen in stream
CVE-2022-20154: Fix not seen in stream
CVE-2022-20166: Fix not seen in stream
+CVE-2022-21499: Fix not seen in stream
CVE-2022-23036: Fix not seen in stream
CVE-2022-23037: Fix not seen in stream
CVE-2022-23038: Fix not seen in stream
diff --git a/data/4.13/4.13_security.txt b/data/4.13/4.13_security.txt
index e16606c..1b7df81 100644
--- a/data/4.13/4.13_security.txt
+++ b/data/4.13/4.13_security.txt
@@ -891,6 +891,7 @@
CVE-2022-20153: (unk) io_uring: return back safer resurrect
CVE-2022-20154: (unk) sctp: use call_rcu to free endpoint
CVE-2022-20166: (unk) drivers core: Use sysfs_emit and sysfs_emit_at for show(device *...) functions
+ CVE-2022-21499: (unk) lockdown: also lock down previous kgdb use
CVE-2022-23036: (unk) xen/grant-table: add gnttab_try_end_foreign_access()
CVE-2022-23037: (unk) xen/netfront: don't use gnttab_query_foreign_access() for mapped status
CVE-2022-23038: (unk) xen/grant-table: add gnttab_try_end_foreign_access()
diff --git a/data/4.14/4.14_CVEs.txt b/data/4.14/4.14_CVEs.txt
index 1c3ae5a..f98b080 100644
--- a/data/4.14/4.14_CVEs.txt
+++ b/data/4.14/4.14_CVEs.txt
@@ -828,6 +828,7 @@
CVE-2022-20153: Fix not seen in stream
CVE-2022-20154: Fixed with 4.14.261
CVE-2022-20166: Fix not seen in stream
+CVE-2022-21499: Fix not seen in stream
CVE-2022-22942: Fixed with 4.14.264
CVE-2022-23036: Fixed with 4.14.271
CVE-2022-23037: Fixed with 4.14.271
diff --git a/data/4.14/4.14_security.txt b/data/4.14/4.14_security.txt
index 349bad7..bdb1346 100644
--- a/data/4.14/4.14_security.txt
+++ b/data/4.14/4.14_security.txt
@@ -1309,6 +1309,7 @@
CVE-2022-20148: (unk) f2fs: fix UAF in f2fs_available_free_memory
CVE-2022-20153: (unk) io_uring: return back safer resurrect
CVE-2022-20166: (unk) drivers core: Use sysfs_emit and sysfs_emit_at for show(device *...) functions
+ CVE-2022-21499: (unk) lockdown: also lock down previous kgdb use
CVE-2022-23222: (unk) bpf: Replace PTR_TO_XXX_OR_NULL with PTR_TO_XXX | PTR_MAYBE_NULL
CVE-2022-25265: (unk)
CVE-2022-25636: (unk) netfilter: nf_tables_offload: incorrect flow offload action array size
diff --git a/data/4.15/4.15_CVEs.txt b/data/4.15/4.15_CVEs.txt
index c6c2dea..6e798fd 100644
--- a/data/4.15/4.15_CVEs.txt
+++ b/data/4.15/4.15_CVEs.txt
@@ -778,6 +778,7 @@
CVE-2022-20153: Fix not seen in stream
CVE-2022-20154: Fix not seen in stream
CVE-2022-20166: Fix not seen in stream
+CVE-2022-21499: Fix not seen in stream
CVE-2022-22942: Fix not seen in stream
CVE-2022-23036: Fix not seen in stream
CVE-2022-23037: Fix not seen in stream
diff --git a/data/4.15/4.15_security.txt b/data/4.15/4.15_security.txt
index 3b596b7..77149a4 100644
--- a/data/4.15/4.15_security.txt
+++ b/data/4.15/4.15_security.txt
@@ -810,6 +810,7 @@
CVE-2022-20153: (unk) io_uring: return back safer resurrect
CVE-2022-20154: (unk) sctp: use call_rcu to free endpoint
CVE-2022-20166: (unk) drivers core: Use sysfs_emit and sysfs_emit_at for show(device *...) functions
+ CVE-2022-21499: (unk) lockdown: also lock down previous kgdb use
CVE-2022-22942: (unk) drm/vmwgfx: Fix stale file descriptors on failed usercopy
CVE-2022-23036: (unk) xen/grant-table: add gnttab_try_end_foreign_access()
CVE-2022-23037: (unk) xen/netfront: don't use gnttab_query_foreign_access() for mapped status
diff --git a/data/4.16/4.16_CVEs.txt b/data/4.16/4.16_CVEs.txt
index d43383f..0c5f99a 100644
--- a/data/4.16/4.16_CVEs.txt
+++ b/data/4.16/4.16_CVEs.txt
@@ -756,6 +756,7 @@
CVE-2022-20153: Fix not seen in stream
CVE-2022-20154: Fix not seen in stream
CVE-2022-20166: Fix not seen in stream
+CVE-2022-21499: Fix not seen in stream
CVE-2022-22942: Fix not seen in stream
CVE-2022-23036: Fix not seen in stream
CVE-2022-23037: Fix not seen in stream
diff --git a/data/4.16/4.16_security.txt b/data/4.16/4.16_security.txt
index 38b9175..074c659 100644
--- a/data/4.16/4.16_security.txt
+++ b/data/4.16/4.16_security.txt
@@ -788,6 +788,7 @@
CVE-2022-20153: (unk) io_uring: return back safer resurrect
CVE-2022-20154: (unk) sctp: use call_rcu to free endpoint
CVE-2022-20166: (unk) drivers core: Use sysfs_emit and sysfs_emit_at for show(device *...) functions
+ CVE-2022-21499: (unk) lockdown: also lock down previous kgdb use
CVE-2022-22942: (unk) drm/vmwgfx: Fix stale file descriptors on failed usercopy
CVE-2022-23036: (unk) xen/grant-table: add gnttab_try_end_foreign_access()
CVE-2022-23037: (unk) xen/netfront: don't use gnttab_query_foreign_access() for mapped status
diff --git a/data/4.17/4.17_CVEs.txt b/data/4.17/4.17_CVEs.txt
index bb4f456..ef8bd52 100644
--- a/data/4.17/4.17_CVEs.txt
+++ b/data/4.17/4.17_CVEs.txt
@@ -736,6 +736,7 @@
CVE-2022-20153: Fix not seen in stream
CVE-2022-20154: Fix not seen in stream
CVE-2022-20166: Fix not seen in stream
+CVE-2022-21499: Fix not seen in stream
CVE-2022-22942: Fix not seen in stream
CVE-2022-23036: Fix not seen in stream
CVE-2022-23037: Fix not seen in stream
diff --git a/data/4.17/4.17_security.txt b/data/4.17/4.17_security.txt
index 99c72f6..a529de9 100644
--- a/data/4.17/4.17_security.txt
+++ b/data/4.17/4.17_security.txt
@@ -768,6 +768,7 @@
CVE-2022-20153: (unk) io_uring: return back safer resurrect
CVE-2022-20154: (unk) sctp: use call_rcu to free endpoint
CVE-2022-20166: (unk) drivers core: Use sysfs_emit and sysfs_emit_at for show(device *...) functions
+ CVE-2022-21499: (unk) lockdown: also lock down previous kgdb use
CVE-2022-22942: (unk) drm/vmwgfx: Fix stale file descriptors on failed usercopy
CVE-2022-23036: (unk) xen/grant-table: add gnttab_try_end_foreign_access()
CVE-2022-23037: (unk) xen/netfront: don't use gnttab_query_foreign_access() for mapped status
diff --git a/data/4.18/4.18_CVEs.txt b/data/4.18/4.18_CVEs.txt
index 19902bd..4b36e3d 100644
--- a/data/4.18/4.18_CVEs.txt
+++ b/data/4.18/4.18_CVEs.txt
@@ -713,6 +713,7 @@
CVE-2022-20153: Fix not seen in stream
CVE-2022-20154: Fix not seen in stream
CVE-2022-20166: Fix not seen in stream
+CVE-2022-21499: Fix not seen in stream
CVE-2022-22942: Fix not seen in stream
CVE-2022-23036: Fix not seen in stream
CVE-2022-23037: Fix not seen in stream
diff --git a/data/4.18/4.18_security.txt b/data/4.18/4.18_security.txt
index 8585790..6f46528 100644
--- a/data/4.18/4.18_security.txt
+++ b/data/4.18/4.18_security.txt
@@ -745,6 +745,7 @@
CVE-2022-20153: (unk) io_uring: return back safer resurrect
CVE-2022-20154: (unk) sctp: use call_rcu to free endpoint
CVE-2022-20166: (unk) drivers core: Use sysfs_emit and sysfs_emit_at for show(device *...) functions
+ CVE-2022-21499: (unk) lockdown: also lock down previous kgdb use
CVE-2022-22942: (unk) drm/vmwgfx: Fix stale file descriptors on failed usercopy
CVE-2022-23036: (unk) xen/grant-table: add gnttab_try_end_foreign_access()
CVE-2022-23037: (unk) xen/netfront: don't use gnttab_query_foreign_access() for mapped status
diff --git a/data/4.19/4.19_CVEs.txt b/data/4.19/4.19_CVEs.txt
index f22e9f8..406d91e 100644
--- a/data/4.19/4.19_CVEs.txt
+++ b/data/4.19/4.19_CVEs.txt
@@ -685,6 +685,7 @@
CVE-2022-20153: Fix not seen in stream
CVE-2022-20154: Fixed with 4.19.224
CVE-2022-20166: Fix not seen in stream
+CVE-2022-21499: Fix not seen in stream
CVE-2022-22942: Fixed with 4.19.227
CVE-2022-23036: Fixed with 4.19.234
CVE-2022-23037: Fixed with 4.19.234
diff --git a/data/4.19/4.19_security.txt b/data/4.19/4.19_security.txt
index c3e133a..28f10f4 100644
--- a/data/4.19/4.19_security.txt
+++ b/data/4.19/4.19_security.txt
@@ -1093,6 +1093,7 @@
CVE-2022-20148: (unk) f2fs: fix UAF in f2fs_available_free_memory
CVE-2022-20153: (unk) io_uring: return back safer resurrect
CVE-2022-20166: (unk) drivers core: Use sysfs_emit and sysfs_emit_at for show(device *...) functions
+ CVE-2022-21499: (unk) lockdown: also lock down previous kgdb use
CVE-2022-23222: (unk) bpf: Replace PTR_TO_XXX_OR_NULL with PTR_TO_XXX | PTR_MAYBE_NULL
CVE-2022-25265: (unk)
CVE-2022-25636: (unk) netfilter: nf_tables_offload: incorrect flow offload action array size
diff --git a/data/4.20/4.20_CVEs.txt b/data/4.20/4.20_CVEs.txt
index 300f09e..9b4b4cb 100644
--- a/data/4.20/4.20_CVEs.txt
+++ b/data/4.20/4.20_CVEs.txt
@@ -673,6 +673,7 @@
CVE-2022-20153: Fix not seen in stream
CVE-2022-20154: Fix not seen in stream
CVE-2022-20166: Fix not seen in stream
+CVE-2022-21499: Fix not seen in stream
CVE-2022-22942: Fix not seen in stream
CVE-2022-23036: Fix not seen in stream
CVE-2022-23037: Fix not seen in stream
diff --git a/data/4.20/4.20_security.txt b/data/4.20/4.20_security.txt
index 3c1703d..0d3e242 100644
--- a/data/4.20/4.20_security.txt
+++ b/data/4.20/4.20_security.txt
@@ -705,6 +705,7 @@
CVE-2022-20153: (unk) io_uring: return back safer resurrect
CVE-2022-20154: (unk) sctp: use call_rcu to free endpoint
CVE-2022-20166: (unk) drivers core: Use sysfs_emit and sysfs_emit_at for show(device *...) functions
+ CVE-2022-21499: (unk) lockdown: also lock down previous kgdb use
CVE-2022-22942: (unk) drm/vmwgfx: Fix stale file descriptors on failed usercopy
CVE-2022-23036: (unk) xen/grant-table: add gnttab_try_end_foreign_access()
CVE-2022-23037: (unk) xen/netfront: don't use gnttab_query_foreign_access() for mapped status
diff --git a/data/4.3/4.3_CVEs.txt b/data/4.3/4.3_CVEs.txt
index d8d5d0f..7a04f64 100644
--- a/data/4.3/4.3_CVEs.txt
+++ b/data/4.3/4.3_CVEs.txt
@@ -1035,6 +1035,7 @@
CVE-2022-20153: Fix not seen in stream
CVE-2022-20154: Fix not seen in stream
CVE-2022-20166: Fix not seen in stream
+CVE-2022-21499: Fix not seen in stream
CVE-2022-23036: Fix not seen in stream
CVE-2022-23037: Fix not seen in stream
CVE-2022-23038: Fix not seen in stream
diff --git a/data/4.3/4.3_security.txt b/data/4.3/4.3_security.txt
index f8414dc..6185630 100644
--- a/data/4.3/4.3_security.txt
+++ b/data/4.3/4.3_security.txt
@@ -1051,6 +1051,7 @@
CVE-2022-20153: (unk) io_uring: return back safer resurrect
CVE-2022-20154: (unk) sctp: use call_rcu to free endpoint
CVE-2022-20166: (unk) drivers core: Use sysfs_emit and sysfs_emit_at for show(device *...) functions
+ CVE-2022-21499: (unk) lockdown: also lock down previous kgdb use
CVE-2022-23036: (unk) xen/grant-table: add gnttab_try_end_foreign_access()
CVE-2022-23037: (unk) xen/netfront: don't use gnttab_query_foreign_access() for mapped status
CVE-2022-23038: (unk) xen/grant-table: add gnttab_try_end_foreign_access()
diff --git a/data/4.4/4.4_CVEs.txt b/data/4.4/4.4_CVEs.txt
index 4594448..436f1ba 100644
--- a/data/4.4/4.4_CVEs.txt
+++ b/data/4.4/4.4_CVEs.txt
@@ -1014,6 +1014,7 @@
CVE-2022-20153: Fix not seen in stream
CVE-2022-20154: Fix not seen in stream
CVE-2022-20166: Fix not seen in stream
+CVE-2022-21499: Fix not seen in stream
CVE-2022-23036: Fix not seen in stream
CVE-2022-23037: Fix not seen in stream
CVE-2022-23038: Fix not seen in stream
diff --git a/data/4.4/4.4_security.txt b/data/4.4/4.4_security.txt
index 3d6b805..e0ba013 100644
--- a/data/4.4/4.4_security.txt
+++ b/data/4.4/4.4_security.txt
@@ -1498,6 +1498,7 @@
CVE-2022-20153: (unk) io_uring: return back safer resurrect
CVE-2022-20154: (unk) sctp: use call_rcu to free endpoint
CVE-2022-20166: (unk) drivers core: Use sysfs_emit and sysfs_emit_at for show(device *...) functions
+ CVE-2022-21499: (unk) lockdown: also lock down previous kgdb use
CVE-2022-23036: (unk) xen/grant-table: add gnttab_try_end_foreign_access()
CVE-2022-23037: (unk) xen/netfront: don't use gnttab_query_foreign_access() for mapped status
CVE-2022-23038: (unk) xen/grant-table: add gnttab_try_end_foreign_access()
diff --git a/data/4.5/4.5_CVEs.txt b/data/4.5/4.5_CVEs.txt
index 9c15d55..12eb81b 100644
--- a/data/4.5/4.5_CVEs.txt
+++ b/data/4.5/4.5_CVEs.txt
@@ -996,6 +996,7 @@
CVE-2022-20153: Fix not seen in stream
CVE-2022-20154: Fix not seen in stream
CVE-2022-20166: Fix not seen in stream
+CVE-2022-21499: Fix not seen in stream
CVE-2022-23036: Fix not seen in stream
CVE-2022-23037: Fix not seen in stream
CVE-2022-23038: Fix not seen in stream
diff --git a/data/4.5/4.5_security.txt b/data/4.5/4.5_security.txt
index 752815d..b2a6e28 100644
--- a/data/4.5/4.5_security.txt
+++ b/data/4.5/4.5_security.txt
@@ -1012,6 +1012,7 @@
CVE-2022-20153: (unk) io_uring: return back safer resurrect
CVE-2022-20154: (unk) sctp: use call_rcu to free endpoint
CVE-2022-20166: (unk) drivers core: Use sysfs_emit and sysfs_emit_at for show(device *...) functions
+ CVE-2022-21499: (unk) lockdown: also lock down previous kgdb use
CVE-2022-23036: (unk) xen/grant-table: add gnttab_try_end_foreign_access()
CVE-2022-23037: (unk) xen/netfront: don't use gnttab_query_foreign_access() for mapped status
CVE-2022-23038: (unk) xen/grant-table: add gnttab_try_end_foreign_access()
diff --git a/data/4.6/4.6_CVEs.txt b/data/4.6/4.6_CVEs.txt
index 46138b2..f0f8729 100644
--- a/data/4.6/4.6_CVEs.txt
+++ b/data/4.6/4.6_CVEs.txt
@@ -966,6 +966,7 @@
CVE-2022-20153: Fix not seen in stream
CVE-2022-20154: Fix not seen in stream
CVE-2022-20166: Fix not seen in stream
+CVE-2022-21499: Fix not seen in stream
CVE-2022-23036: Fix not seen in stream
CVE-2022-23037: Fix not seen in stream
CVE-2022-23038: Fix not seen in stream
diff --git a/data/4.6/4.6_security.txt b/data/4.6/4.6_security.txt
index 93fbb75..851a69e 100644
--- a/data/4.6/4.6_security.txt
+++ b/data/4.6/4.6_security.txt
@@ -984,6 +984,7 @@
CVE-2022-20153: (unk) io_uring: return back safer resurrect
CVE-2022-20154: (unk) sctp: use call_rcu to free endpoint
CVE-2022-20166: (unk) drivers core: Use sysfs_emit and sysfs_emit_at for show(device *...) functions
+ CVE-2022-21499: (unk) lockdown: also lock down previous kgdb use
CVE-2022-23036: (unk) xen/grant-table: add gnttab_try_end_foreign_access()
CVE-2022-23037: (unk) xen/netfront: don't use gnttab_query_foreign_access() for mapped status
CVE-2022-23038: (unk) xen/grant-table: add gnttab_try_end_foreign_access()
diff --git a/data/4.7/4.7_CVEs.txt b/data/4.7/4.7_CVEs.txt
index 90db659..a9d5c9b 100644
--- a/data/4.7/4.7_CVEs.txt
+++ b/data/4.7/4.7_CVEs.txt
@@ -947,6 +947,7 @@
CVE-2022-20153: Fix not seen in stream
CVE-2022-20154: Fix not seen in stream
CVE-2022-20166: Fix not seen in stream
+CVE-2022-21499: Fix not seen in stream
CVE-2022-23036: Fix not seen in stream
CVE-2022-23037: Fix not seen in stream
CVE-2022-23038: Fix not seen in stream
diff --git a/data/4.7/4.7_security.txt b/data/4.7/4.7_security.txt
index 98906d1..b11302e 100644
--- a/data/4.7/4.7_security.txt
+++ b/data/4.7/4.7_security.txt
@@ -967,6 +967,7 @@
CVE-2022-20153: (unk) io_uring: return back safer resurrect
CVE-2022-20154: (unk) sctp: use call_rcu to free endpoint
CVE-2022-20166: (unk) drivers core: Use sysfs_emit and sysfs_emit_at for show(device *...) functions
+ CVE-2022-21499: (unk) lockdown: also lock down previous kgdb use
CVE-2022-23036: (unk) xen/grant-table: add gnttab_try_end_foreign_access()
CVE-2022-23037: (unk) xen/netfront: don't use gnttab_query_foreign_access() for mapped status
CVE-2022-23038: (unk) xen/grant-table: add gnttab_try_end_foreign_access()
diff --git a/data/4.8/4.8_CVEs.txt b/data/4.8/4.8_CVEs.txt
index abd7957..afb33ce 100644
--- a/data/4.8/4.8_CVEs.txt
+++ b/data/4.8/4.8_CVEs.txt
@@ -951,6 +951,7 @@
CVE-2022-20153: Fix not seen in stream
CVE-2022-20154: Fix not seen in stream
CVE-2022-20166: Fix not seen in stream
+CVE-2022-21499: Fix not seen in stream
CVE-2022-23036: Fix not seen in stream
CVE-2022-23037: Fix not seen in stream
CVE-2022-23038: Fix not seen in stream
diff --git a/data/4.8/4.8_security.txt b/data/4.8/4.8_security.txt
index f7f34d1..0269b6a 100644
--- a/data/4.8/4.8_security.txt
+++ b/data/4.8/4.8_security.txt
@@ -981,6 +981,7 @@
CVE-2022-20153: (unk) io_uring: return back safer resurrect
CVE-2022-20154: (unk) sctp: use call_rcu to free endpoint
CVE-2022-20166: (unk) drivers core: Use sysfs_emit and sysfs_emit_at for show(device *...) functions
+ CVE-2022-21499: (unk) lockdown: also lock down previous kgdb use
CVE-2022-23036: (unk) xen/grant-table: add gnttab_try_end_foreign_access()
CVE-2022-23037: (unk) xen/netfront: don't use gnttab_query_foreign_access() for mapped status
CVE-2022-23038: (unk) xen/grant-table: add gnttab_try_end_foreign_access()
diff --git a/data/4.9/4.9_CVEs.txt b/data/4.9/4.9_CVEs.txt
index 7c26768..ce3a3b2 100644
--- a/data/4.9/4.9_CVEs.txt
+++ b/data/4.9/4.9_CVEs.txt
@@ -950,6 +950,7 @@
CVE-2022-20153: Fix not seen in stream
CVE-2022-20154: Fix not seen in stream
CVE-2022-20166: Fix not seen in stream
+CVE-2022-21499: Fix not seen in stream
CVE-2022-23036: Fixed with 4.9.306
CVE-2022-23037: Fixed with 4.9.306
CVE-2022-23038: Fixed with 4.9.306
diff --git a/data/4.9/4.9_security.txt b/data/4.9/4.9_security.txt
index 332f507..20d7fbc 100644
--- a/data/4.9/4.9_security.txt
+++ b/data/4.9/4.9_security.txt
@@ -1473,6 +1473,7 @@
CVE-2022-20153: (unk) io_uring: return back safer resurrect
CVE-2022-20154: (unk) sctp: use call_rcu to free endpoint
CVE-2022-20166: (unk) drivers core: Use sysfs_emit and sysfs_emit_at for show(device *...) functions
+ CVE-2022-21499: (unk) lockdown: also lock down previous kgdb use
CVE-2022-23041: (unk) xen/9p: use alloc/free_pages_exact()
CVE-2022-23222: (unk) bpf: Replace PTR_TO_XXX_OR_NULL with PTR_TO_XXX | PTR_MAYBE_NULL
CVE-2022-25265: (unk)
diff --git a/data/5.0/5.0_CVEs.txt b/data/5.0/5.0_CVEs.txt
index 6a49f64..bed0b9e 100644
--- a/data/5.0/5.0_CVEs.txt
+++ b/data/5.0/5.0_CVEs.txt
@@ -653,6 +653,7 @@
CVE-2022-20153: Fix not seen in stream
CVE-2022-20154: Fix not seen in stream
CVE-2022-20166: Fix not seen in stream
+CVE-2022-21499: Fix not seen in stream
CVE-2022-22942: Fix not seen in stream
CVE-2022-23036: Fix not seen in stream
CVE-2022-23037: Fix not seen in stream
diff --git a/data/5.0/5.0_security.txt b/data/5.0/5.0_security.txt
index 6ecf35f..17bb528 100644
--- a/data/5.0/5.0_security.txt
+++ b/data/5.0/5.0_security.txt
@@ -701,6 +701,7 @@
CVE-2022-20153: (unk) io_uring: return back safer resurrect
CVE-2022-20154: (unk) sctp: use call_rcu to free endpoint
CVE-2022-20166: (unk) drivers core: Use sysfs_emit and sysfs_emit_at for show(device *...) functions
+ CVE-2022-21499: (unk) lockdown: also lock down previous kgdb use
CVE-2022-22942: (unk) drm/vmwgfx: Fix stale file descriptors on failed usercopy
CVE-2022-23036: (unk) xen/grant-table: add gnttab_try_end_foreign_access()
CVE-2022-23037: (unk) xen/netfront: don't use gnttab_query_foreign_access() for mapped status
diff --git a/data/5.1/5.1_CVEs.txt b/data/5.1/5.1_CVEs.txt
index 4c1c146..74daaa6 100644
--- a/data/5.1/5.1_CVEs.txt
+++ b/data/5.1/5.1_CVEs.txt
@@ -620,6 +620,7 @@
CVE-2022-20153: Fix not seen in stream
CVE-2022-20154: Fix not seen in stream
CVE-2022-20166: Fix not seen in stream
+CVE-2022-21499: Fix not seen in stream
CVE-2022-22942: Fix not seen in stream
CVE-2022-23036: Fix not seen in stream
CVE-2022-23037: Fix not seen in stream
diff --git a/data/5.1/5.1_security.txt b/data/5.1/5.1_security.txt
index f225f5d..aa6e9d0 100644
--- a/data/5.1/5.1_security.txt
+++ b/data/5.1/5.1_security.txt
@@ -656,6 +656,7 @@
CVE-2022-20153: (unk) io_uring: return back safer resurrect
CVE-2022-20154: (unk) sctp: use call_rcu to free endpoint
CVE-2022-20166: (unk) drivers core: Use sysfs_emit and sysfs_emit_at for show(device *...) functions
+ CVE-2022-21499: (unk) lockdown: also lock down previous kgdb use
CVE-2022-22942: (unk) drm/vmwgfx: Fix stale file descriptors on failed usercopy
CVE-2022-23036: (unk) xen/grant-table: add gnttab_try_end_foreign_access()
CVE-2022-23037: (unk) xen/netfront: don't use gnttab_query_foreign_access() for mapped status
diff --git a/data/5.10/5.10_CVEs.txt b/data/5.10/5.10_CVEs.txt
index f993133..f35fd7f 100644
--- a/data/5.10/5.10_CVEs.txt
+++ b/data/5.10/5.10_CVEs.txt
@@ -320,6 +320,7 @@
CVE-2022-20148: Fix not seen in stream
CVE-2022-20153: Fixed with 5.10.107
CVE-2022-20154: Fixed with 5.10.90
+CVE-2022-21499: Fixed with 5.10.119
CVE-2022-22942: Fixed with 5.10.95
CVE-2022-23036: Fixed with 5.10.105
CVE-2022-23037: Fixed with 5.10.105
diff --git a/data/5.10/5.10_security.txt b/data/5.10/5.10_security.txt
index e6f3c37..a404ff4 100644
--- a/data/5.10/5.10_security.txt
+++ b/data/5.10/5.10_security.txt
@@ -423,6 +423,7 @@
CVEs fixed in 5.10.119:
CVE-2022-1012: a5c68f457fbf52c5564ca4eea03f84776ef14e41 secure_seq: use the 64 bits of the siphash for port offset calculation
CVE-2022-1789: 9b4aa0d80b18b9d19e62dd47d22e274ce92cdc95 KVM: x86/mmu: fix NULL pointer dereference on guest INVPCID
+ CVE-2022-21499: a8f4d63142f947cd22fa615b8b3b8921cdaf4991 lockdown: also lock down previous kgdb use
CVEs fixed in 5.10.120:
CVE-2022-1852: 3d8fc6e28f321d753ab727e3c3e740daf36a8fa3 KVM: x86: avoid calling x86 emulator without a decoded instruction
diff --git a/data/5.11/5.11_CVEs.txt b/data/5.11/5.11_CVEs.txt
index 8a1a830..77154a2 100644
--- a/data/5.11/5.11_CVEs.txt
+++ b/data/5.11/5.11_CVEs.txt
@@ -307,6 +307,7 @@
CVE-2022-20148: Fix not seen in stream
CVE-2022-20153: Fix not seen in stream
CVE-2022-20154: Fix not seen in stream
+CVE-2022-21499: Fix not seen in stream
CVE-2022-22942: Fix not seen in stream
CVE-2022-23036: Fix not seen in stream
CVE-2022-23037: Fix not seen in stream
diff --git a/data/5.11/5.11_security.txt b/data/5.11/5.11_security.txt
index 55cd3ab..21495db 100644
--- a/data/5.11/5.11_security.txt
+++ b/data/5.11/5.11_security.txt
@@ -347,6 +347,7 @@
CVE-2022-20148: (unk) f2fs: fix UAF in f2fs_available_free_memory
CVE-2022-20153: (unk) io_uring: return back safer resurrect
CVE-2022-20154: (unk) sctp: use call_rcu to free endpoint
+ CVE-2022-21499: (unk) lockdown: also lock down previous kgdb use
CVE-2022-22942: (unk) drm/vmwgfx: Fix stale file descriptors on failed usercopy
CVE-2022-23036: (unk) xen/grant-table: add gnttab_try_end_foreign_access()
CVE-2022-23037: (unk) xen/netfront: don't use gnttab_query_foreign_access() for mapped status
diff --git a/data/5.12/5.12_CVEs.txt b/data/5.12/5.12_CVEs.txt
index d5da201..bcdca75 100644
--- a/data/5.12/5.12_CVEs.txt
+++ b/data/5.12/5.12_CVEs.txt
@@ -257,6 +257,7 @@
CVE-2022-20148: Fix not seen in stream
CVE-2022-20153: Fix not seen in stream
CVE-2022-20154: Fix not seen in stream
+CVE-2022-21499: Fix not seen in stream
CVE-2022-22942: Fix not seen in stream
CVE-2022-23036: Fix not seen in stream
CVE-2022-23037: Fix not seen in stream
diff --git a/data/5.12/5.12_security.txt b/data/5.12/5.12_security.txt
index 96e849d..e612181 100644
--- a/data/5.12/5.12_security.txt
+++ b/data/5.12/5.12_security.txt
@@ -289,6 +289,7 @@
CVE-2022-20148: (unk) f2fs: fix UAF in f2fs_available_free_memory
CVE-2022-20153: (unk) io_uring: return back safer resurrect
CVE-2022-20154: (unk) sctp: use call_rcu to free endpoint
+ CVE-2022-21499: (unk) lockdown: also lock down previous kgdb use
CVE-2022-22942: (unk) drm/vmwgfx: Fix stale file descriptors on failed usercopy
CVE-2022-23036: (unk) xen/grant-table: add gnttab_try_end_foreign_access()
CVE-2022-23037: (unk) xen/netfront: don't use gnttab_query_foreign_access() for mapped status
diff --git a/data/5.13/5.13_CVEs.txt b/data/5.13/5.13_CVEs.txt
index 400f2b5..7f656cf 100644
--- a/data/5.13/5.13_CVEs.txt
+++ b/data/5.13/5.13_CVEs.txt
@@ -219,6 +219,7 @@
CVE-2022-20141: Fixed with 5.13.16
CVE-2022-20148: Fix not seen in stream
CVE-2022-20154: Fix not seen in stream
+CVE-2022-21499: Fix not seen in stream
CVE-2022-22942: Fix not seen in stream
CVE-2022-23036: Fix not seen in stream
CVE-2022-23037: Fix not seen in stream
diff --git a/data/5.13/5.13_security.txt b/data/5.13/5.13_security.txt
index 6ee6530..0fb6ae4 100644
--- a/data/5.13/5.13_security.txt
+++ b/data/5.13/5.13_security.txt
@@ -251,6 +251,7 @@
CVE-2022-20132: (unk) HID: add hid_is_usb() function to make it simpler for USB detection
CVE-2022-20148: (unk) f2fs: fix UAF in f2fs_available_free_memory
CVE-2022-20154: (unk) sctp: use call_rcu to free endpoint
+ CVE-2022-21499: (unk) lockdown: also lock down previous kgdb use
CVE-2022-22942: (unk) drm/vmwgfx: Fix stale file descriptors on failed usercopy
CVE-2022-23036: (unk) xen/grant-table: add gnttab_try_end_foreign_access()
CVE-2022-23037: (unk) xen/netfront: don't use gnttab_query_foreign_access() for mapped status
diff --git a/data/5.14/5.14_CVEs.txt b/data/5.14/5.14_CVEs.txt
index a6d4087..064fab5 100644
--- a/data/5.14/5.14_CVEs.txt
+++ b/data/5.14/5.14_CVEs.txt
@@ -191,6 +191,7 @@
CVE-2022-20141: Fixed with 5.14.3
CVE-2022-20148: Fixed with 5.14.19
CVE-2022-20154: Fix not seen in stream
+CVE-2022-21499: Fix not seen in stream
CVE-2022-22942: Fix not seen in stream
CVE-2022-23036: Fix not seen in stream
CVE-2022-23037: Fix not seen in stream
diff --git a/data/5.14/5.14_security.txt b/data/5.14/5.14_security.txt
index bdbdf44..7e47044 100644
--- a/data/5.14/5.14_security.txt
+++ b/data/5.14/5.14_security.txt
@@ -225,6 +225,7 @@
CVE-2022-20008: (unk) mmc: block: fix read single on recovery logic
CVE-2022-20132: (unk) HID: add hid_is_usb() function to make it simpler for USB detection
CVE-2022-20154: (unk) sctp: use call_rcu to free endpoint
+ CVE-2022-21499: (unk) lockdown: also lock down previous kgdb use
CVE-2022-22942: (unk) drm/vmwgfx: Fix stale file descriptors on failed usercopy
CVE-2022-23036: (unk) xen/grant-table: add gnttab_try_end_foreign_access()
CVE-2022-23037: (unk) xen/netfront: don't use gnttab_query_foreign_access() for mapped status
diff --git a/data/5.15/5.15_CVEs.txt b/data/5.15/5.15_CVEs.txt
index b527076..fafc4d4 100644
--- a/data/5.15/5.15_CVEs.txt
+++ b/data/5.15/5.15_CVEs.txt
@@ -156,6 +156,7 @@
CVE-2022-20132: Fixed with 5.15.8
CVE-2022-20148: Fixed with 5.15.3
CVE-2022-20154: Fixed with 5.15.13
+CVE-2022-21499: Fixed with 5.15.42
CVE-2022-22942: Fixed with 5.15.18
CVE-2022-23036: Fixed with 5.15.28
CVE-2022-23037: Fixed with 5.15.28
diff --git a/data/5.15/5.15_security.txt b/data/5.15/5.15_security.txt
index ca61b67..b9753d0 100644
--- a/data/5.15/5.15_security.txt
+++ b/data/5.15/5.15_security.txt
@@ -177,6 +177,7 @@
CVEs fixed in 5.15.42:
CVE-2022-1729: e085354dde254bc6c83ee604ea66c2b36f9f9067 perf: Fix sys_perf_event_open() race against self
+ CVE-2022-21499: 69c5d307dce1560fafcb852f39d7a1bf5e266641 lockdown: also lock down previous kgdb use
CVEs fixed in 5.15.44:
CVE-2022-1789: acd12d16528152b32fa09be2c5ef95047f69af05 KVM: x86/mmu: fix NULL pointer dereference on guest INVPCID
diff --git a/data/5.16/5.16_CVEs.txt b/data/5.16/5.16_CVEs.txt
index 670cf12..0448936 100644
--- a/data/5.16/5.16_CVEs.txt
+++ b/data/5.16/5.16_CVEs.txt
@@ -122,6 +122,7 @@
CVE-2022-1975: Fix not seen in stream
CVE-2022-1998: Fixed with 5.16.6
CVE-2022-20008: Fixed with 5.16.11
+CVE-2022-21499: Fix not seen in stream
CVE-2022-22942: Fixed with 5.16.4
CVE-2022-23036: Fixed with 5.16.14
CVE-2022-23037: Fixed with 5.16.14
diff --git a/data/5.16/5.16_security.txt b/data/5.16/5.16_security.txt
index ffe477f..62ed3a1 100644
--- a/data/5.16/5.16_security.txt
+++ b/data/5.16/5.16_security.txt
@@ -185,6 +185,7 @@
CVE-2022-1973: (unk) fs/ntfs3: Fix invalid free in log_replay
CVE-2022-1974: (unk) nfc: replace improper check device_is_registered() in netlink related functions
CVE-2022-1975: (unk) NFC: netlink: fix sleep in atomic bug when firmware download timeout
+ CVE-2022-21499: (unk) lockdown: also lock down previous kgdb use
CVE-2022-24122: (unk) ucount: Make get_ucount a safe get_user replacement
CVE-2022-25265: (unk)
CVE-2022-26878: (unk)
diff --git a/data/5.17/5.17_CVEs.txt b/data/5.17/5.17_CVEs.txt
index 09b7e34..59bfcea 100644
--- a/data/5.17/5.17_CVEs.txt
+++ b/data/5.17/5.17_CVEs.txt
@@ -90,6 +90,7 @@
CVE-2022-1973: Fixed with 5.17.14
CVE-2022-1974: Fixed with 5.17.7
CVE-2022-1975: Fixed with 5.17.7
+CVE-2022-21499: Fixed with 5.17.10
CVE-2022-25265: Fix unknown
CVE-2022-26878: Fix unknown
CVE-2022-28356: Fixed with 5.17.1
diff --git a/data/5.17/5.17_security.txt b/data/5.17/5.17_security.txt
index 44ed68a..d82f5dc 100644
--- a/data/5.17/5.17_security.txt
+++ b/data/5.17/5.17_security.txt
@@ -48,6 +48,7 @@
CVEs fixed in 5.17.10:
CVE-2022-1729: 22fb2974224c9836eeaf0d24fdd481fcdaa0aea8 perf: Fix sys_perf_event_open() race against self
+ CVE-2022-21499: 281d356a035132f2603724ee0f04767d70e2e98e lockdown: also lock down previous kgdb use
CVEs fixed in 5.17.12:
CVE-2022-1789: 19a66796d1f0dd4ce4b05f76d53ce1d0a7dc817d KVM: x86/mmu: fix NULL pointer dereference on guest INVPCID
diff --git a/data/5.2/5.2_CVEs.txt b/data/5.2/5.2_CVEs.txt
index b50d626..47697da 100644
--- a/data/5.2/5.2_CVEs.txt
+++ b/data/5.2/5.2_CVEs.txt
@@ -580,6 +580,7 @@
CVE-2022-20153: Fix not seen in stream
CVE-2022-20154: Fix not seen in stream
CVE-2022-20166: Fix not seen in stream
+CVE-2022-21499: Fix not seen in stream
CVE-2022-22942: Fix not seen in stream
CVE-2022-23036: Fix not seen in stream
CVE-2022-23037: Fix not seen in stream
diff --git a/data/5.2/5.2_security.txt b/data/5.2/5.2_security.txt
index 21b654e..46a21b6 100644
--- a/data/5.2/5.2_security.txt
+++ b/data/5.2/5.2_security.txt
@@ -618,6 +618,7 @@
CVE-2022-20153: (unk) io_uring: return back safer resurrect
CVE-2022-20154: (unk) sctp: use call_rcu to free endpoint
CVE-2022-20166: (unk) drivers core: Use sysfs_emit and sysfs_emit_at for show(device *...) functions
+ CVE-2022-21499: (unk) lockdown: also lock down previous kgdb use
CVE-2022-22942: (unk) drm/vmwgfx: Fix stale file descriptors on failed usercopy
CVE-2022-23036: (unk) xen/grant-table: add gnttab_try_end_foreign_access()
CVE-2022-23037: (unk) xen/netfront: don't use gnttab_query_foreign_access() for mapped status
diff --git a/data/5.3/5.3_CVEs.txt b/data/5.3/5.3_CVEs.txt
index d6459a4..d4b3b80 100644
--- a/data/5.3/5.3_CVEs.txt
+++ b/data/5.3/5.3_CVEs.txt
@@ -552,6 +552,7 @@
CVE-2022-20153: Fix not seen in stream
CVE-2022-20154: Fix not seen in stream
CVE-2022-20166: Fix not seen in stream
+CVE-2022-21499: Fix not seen in stream
CVE-2022-22942: Fix not seen in stream
CVE-2022-23036: Fix not seen in stream
CVE-2022-23037: Fix not seen in stream
diff --git a/data/5.3/5.3_security.txt b/data/5.3/5.3_security.txt
index fdb9629..e85cef1 100644
--- a/data/5.3/5.3_security.txt
+++ b/data/5.3/5.3_security.txt
@@ -588,6 +588,7 @@
CVE-2022-20153: (unk) io_uring: return back safer resurrect
CVE-2022-20154: (unk) sctp: use call_rcu to free endpoint
CVE-2022-20166: (unk) drivers core: Use sysfs_emit and sysfs_emit_at for show(device *...) functions
+ CVE-2022-21499: (unk) lockdown: also lock down previous kgdb use
CVE-2022-22942: (unk) drm/vmwgfx: Fix stale file descriptors on failed usercopy
CVE-2022-23036: (unk) xen/grant-table: add gnttab_try_end_foreign_access()
CVE-2022-23037: (unk) xen/netfront: don't use gnttab_query_foreign_access() for mapped status
diff --git a/data/5.4/5.4_CVEs.txt b/data/5.4/5.4_CVEs.txt
index 28c6f07..104f6be 100644
--- a/data/5.4/5.4_CVEs.txt
+++ b/data/5.4/5.4_CVEs.txt
@@ -477,6 +477,7 @@
CVE-2022-20153: Fix not seen in stream
CVE-2022-20154: Fixed with 5.4.170
CVE-2022-20166: Fix not seen in stream
+CVE-2022-21499: Fixed with 5.4.197
CVE-2022-22942: Fixed with 5.4.175
CVE-2022-23036: Fixed with 5.4.184
CVE-2022-23037: Fixed with 5.4.184
diff --git a/data/5.4/5.4_security.txt b/data/5.4/5.4_security.txt
index ace05ea..4b44d46 100644
--- a/data/5.4/5.4_security.txt
+++ b/data/5.4/5.4_security.txt
@@ -675,6 +675,7 @@
CVEs fixed in 5.4.197:
CVE-2022-1012: ab5b00cfe0500f5f5a3648ca945b892156b839fb secure_seq: use the 64 bits of the siphash for port offset calculation
+ CVE-2022-21499: 8bb828229da903bb5710d21065e0a29f9afd30e0 lockdown: also lock down previous kgdb use
Outstanding CVEs:
CVE-2005-3660: (unk)
diff --git a/data/5.5/5.5_CVEs.txt b/data/5.5/5.5_CVEs.txt
index 14bc567..3f802ba 100644
--- a/data/5.5/5.5_CVEs.txt
+++ b/data/5.5/5.5_CVEs.txt
@@ -435,6 +435,7 @@
CVE-2022-20153: Fix not seen in stream
CVE-2022-20154: Fix not seen in stream
CVE-2022-20166: Fix not seen in stream
+CVE-2022-21499: Fix not seen in stream
CVE-2022-22942: Fix not seen in stream
CVE-2022-23036: Fix not seen in stream
CVE-2022-23037: Fix not seen in stream
diff --git a/data/5.5/5.5_security.txt b/data/5.5/5.5_security.txt
index 2092a89..bebbe4e 100644
--- a/data/5.5/5.5_security.txt
+++ b/data/5.5/5.5_security.txt
@@ -467,6 +467,7 @@
CVE-2022-20153: (unk) io_uring: return back safer resurrect
CVE-2022-20154: (unk) sctp: use call_rcu to free endpoint
CVE-2022-20166: (unk) drivers core: Use sysfs_emit and sysfs_emit_at for show(device *...) functions
+ CVE-2022-21499: (unk) lockdown: also lock down previous kgdb use
CVE-2022-22942: (unk) drm/vmwgfx: Fix stale file descriptors on failed usercopy
CVE-2022-23036: (unk) xen/grant-table: add gnttab_try_end_foreign_access()
CVE-2022-23037: (unk) xen/netfront: don't use gnttab_query_foreign_access() for mapped status
diff --git a/data/5.6/5.6_CVEs.txt b/data/5.6/5.6_CVEs.txt
index 41ee800..2624a93 100644
--- a/data/5.6/5.6_CVEs.txt
+++ b/data/5.6/5.6_CVEs.txt
@@ -409,6 +409,7 @@
CVE-2022-20153: Fix not seen in stream
CVE-2022-20154: Fix not seen in stream
CVE-2022-20166: Fix not seen in stream
+CVE-2022-21499: Fix not seen in stream
CVE-2022-22942: Fix not seen in stream
CVE-2022-23036: Fix not seen in stream
CVE-2022-23037: Fix not seen in stream
diff --git a/data/5.6/5.6_security.txt b/data/5.6/5.6_security.txt
index d32f1be..12aa76b 100644
--- a/data/5.6/5.6_security.txt
+++ b/data/5.6/5.6_security.txt
@@ -441,6 +441,7 @@
CVE-2022-20153: (unk) io_uring: return back safer resurrect
CVE-2022-20154: (unk) sctp: use call_rcu to free endpoint
CVE-2022-20166: (unk) drivers core: Use sysfs_emit and sysfs_emit_at for show(device *...) functions
+ CVE-2022-21499: (unk) lockdown: also lock down previous kgdb use
CVE-2022-22942: (unk) drm/vmwgfx: Fix stale file descriptors on failed usercopy
CVE-2022-23036: (unk) xen/grant-table: add gnttab_try_end_foreign_access()
CVE-2022-23037: (unk) xen/netfront: don't use gnttab_query_foreign_access() for mapped status
diff --git a/data/5.7/5.7_CVEs.txt b/data/5.7/5.7_CVEs.txt
index bd6e852..1edb81a 100644
--- a/data/5.7/5.7_CVEs.txt
+++ b/data/5.7/5.7_CVEs.txt
@@ -395,6 +395,7 @@
CVE-2022-20153: Fix not seen in stream
CVE-2022-20154: Fix not seen in stream
CVE-2022-20166: Fix not seen in stream
+CVE-2022-21499: Fix not seen in stream
CVE-2022-22942: Fix not seen in stream
CVE-2022-23036: Fix not seen in stream
CVE-2022-23037: Fix not seen in stream
diff --git a/data/5.7/5.7_security.txt b/data/5.7/5.7_security.txt
index c14eb5a..878a0b9 100644
--- a/data/5.7/5.7_security.txt
+++ b/data/5.7/5.7_security.txt
@@ -429,6 +429,7 @@
CVE-2022-20153: (unk) io_uring: return back safer resurrect
CVE-2022-20154: (unk) sctp: use call_rcu to free endpoint
CVE-2022-20166: (unk) drivers core: Use sysfs_emit and sysfs_emit_at for show(device *...) functions
+ CVE-2022-21499: (unk) lockdown: also lock down previous kgdb use
CVE-2022-22942: (unk) drm/vmwgfx: Fix stale file descriptors on failed usercopy
CVE-2022-23036: (unk) xen/grant-table: add gnttab_try_end_foreign_access()
CVE-2022-23037: (unk) xen/netfront: don't use gnttab_query_foreign_access() for mapped status
diff --git a/data/5.8/5.8_CVEs.txt b/data/5.8/5.8_CVEs.txt
index e3af9da..42cbc2b 100644
--- a/data/5.8/5.8_CVEs.txt
+++ b/data/5.8/5.8_CVEs.txt
@@ -374,6 +374,7 @@
CVE-2022-20153: Fix not seen in stream
CVE-2022-20154: Fix not seen in stream
CVE-2022-20166: Fix not seen in stream
+CVE-2022-21499: Fix not seen in stream
CVE-2022-22942: Fix not seen in stream
CVE-2022-23036: Fix not seen in stream
CVE-2022-23037: Fix not seen in stream
diff --git a/data/5.8/5.8_security.txt b/data/5.8/5.8_security.txt
index 7454880..03597c7 100644
--- a/data/5.8/5.8_security.txt
+++ b/data/5.8/5.8_security.txt
@@ -408,6 +408,7 @@
CVE-2022-20153: (unk) io_uring: return back safer resurrect
CVE-2022-20154: (unk) sctp: use call_rcu to free endpoint
CVE-2022-20166: (unk) drivers core: Use sysfs_emit and sysfs_emit_at for show(device *...) functions
+ CVE-2022-21499: (unk) lockdown: also lock down previous kgdb use
CVE-2022-22942: (unk) drm/vmwgfx: Fix stale file descriptors on failed usercopy
CVE-2022-23036: (unk) xen/grant-table: add gnttab_try_end_foreign_access()
CVE-2022-23037: (unk) xen/netfront: don't use gnttab_query_foreign_access() for mapped status
diff --git a/data/5.9/5.9_CVEs.txt b/data/5.9/5.9_CVEs.txt
index 29284a1..65a7906 100644
--- a/data/5.9/5.9_CVEs.txt
+++ b/data/5.9/5.9_CVEs.txt
@@ -345,6 +345,7 @@
CVE-2022-20153: Fix not seen in stream
CVE-2022-20154: Fix not seen in stream
CVE-2022-20166: Fix not seen in stream
+CVE-2022-21499: Fix not seen in stream
CVE-2022-22942: Fix not seen in stream
CVE-2022-23036: Fix not seen in stream
CVE-2022-23037: Fix not seen in stream
diff --git a/data/5.9/5.9_security.txt b/data/5.9/5.9_security.txt
index 53a222a..cdabb66 100644
--- a/data/5.9/5.9_security.txt
+++ b/data/5.9/5.9_security.txt
@@ -375,6 +375,7 @@
CVE-2022-20153: (unk) io_uring: return back safer resurrect
CVE-2022-20154: (unk) sctp: use call_rcu to free endpoint
CVE-2022-20166: (unk) drivers core: Use sysfs_emit and sysfs_emit_at for show(device *...) functions
+ CVE-2022-21499: (unk) lockdown: also lock down previous kgdb use
CVE-2022-22942: (unk) drm/vmwgfx: Fix stale file descriptors on failed usercopy
CVE-2022-23036: (unk) xen/grant-table: add gnttab_try_end_foreign_access()
CVE-2022-23037: (unk) xen/netfront: don't use gnttab_query_foreign_access() for mapped status
diff --git a/data/CVEs.txt b/data/CVEs.txt
index df1ec1f..8640b9c 100644
--- a/data/CVEs.txt
+++ b/data/CVEs.txt
@@ -2030,6 +2030,7 @@
CVE-2022-20153: (n/a) - f70865db5ff35f5ed0c7e9ef63e7cca3d4947f04 (unk to v5.13-rc1)
CVE-2022-20154: (n/a) - 5ec7d18d1813a5bead0b495045606c93873aecbb (unk to v5.16-rc8)
CVE-2022-20166: (n/a) - aa838896d87af561a33ecefea1caa4c15a68bc47 (unk to v5.10-rc1)
+CVE-2022-21499: (n/a) - eadb2f47a3ced5c64b23b90fd2a3463f63726066 (unk to v5.19-rc1)
CVE-2022-22942: c906965dee22d5e95d0651759ba107b420212a9f - a0f90c8815706981c483a652a6aefca51a5e191c (v4.14-rc1 to v5.17-rc2)
CVE-2022-23036: (n/a) - 6b1775f26a2da2b05a6dc8ec2b5d14e9a4701a1a (unk to v5.17-rc8)
CVE-2022-23037: (n/a) - 31185df7e2b1d2fa1de4900247a12d7b9c7087eb (unk to v5.17-rc8)
diff --git a/data/cmts.json b/data/cmts.json
index b0b7f1a..89df217 100644
--- a/data/cmts.json
+++ b/data/cmts.json
@@ -2467,6 +2467,7 @@
"eaba3b28401f50e22d64351caa8afe8d29509f27": "v5.12-rc1",
"eac616557050737a8d6ef6fe0322d0980ff0ffde": "v5.1-rc1",
"ead16e53c2f0ed946d82d4037c630e2f60f4ab69": "v5.3-rc4",
+ "eadb2f47a3ced5c64b23b90fd2a3463f63726066": "v5.19-rc1",
"eafa4fd0ad06074da8be4e28ff93b4dca9ffa407": "v5.13-rc1",
"eb0c19942288569e0ae492476534d5a485fb8ab4": "v4.15-rc1",
"eb1231f73c4d7dc26db55e08c070e6526eaf7ee5": "v5.13-rc1",
diff --git a/data/kernel_cves.json b/data/kernel_cves.json
index 94dd7c3..782beee 100644
--- a/data/kernel_cves.json
+++ b/data/kernel_cves.json
@@ -70108,9 +70108,32 @@
"affected_versions": "unk to v5.6-rc2",
"breaks": "",
"cmt_msg": "drm/vgem: Close use-after-free race in vgem_gem_create",
+ "cvss2": {
+ "Access Complexity": "Low",
+ "Access Vector": "Local Access",
+ "Authentication": "None",
+ "Availability Impact": "Partial",
+ "Confidentiality Impact": "Partial",
+ "Integrity Impact": "Partial",
+ "raw": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
+ "score": 4.6
+ },
+ "cvss3": {
+ "Attack Complexity": "Low",
+ "Attack Vector": "Local",
+ "Availability": "High",
+ "Confidentiality": "High",
+ "Integrity": "High",
+ "Privileges Required": "Low",
+ "Scope": "Unchanged",
+ "User Interaction": "None",
+ "raw": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+ "score": 7.8
+ },
+ "cwe": "Use After Free",
"fixes": "4b848f20eda5974020f043ca14bacf7a7e634fc8",
"last_affected_version": "5.5.4",
- "last_modified": "2022-06-05",
+ "last_modified": "2022-06-10",
"nvd_text": "The root cause of this vulnerability is that the ioctl$DRM_IOCTL_MODE_DESTROY_DUMB can decrease refcount of *drm_vgem_gem_object *(created in *vgem_gem_dumb_create*) concurrently, and *vgem_gem_dumb_create *will access the freed drm_vgem_gem_object.",
"ref_urls": {
"Debian": "https://security-tracker.debian.org/tracker/CVE-2022-1419",
@@ -70320,8 +70343,8 @@
"breaks": "",
"cmt_msg": "perf: Fix sys_perf_event_open() race against self",
"fixes": "3ac6487e584a1eb54071dbe1212e05b884136704",
- "last_affected_version": "5.17.9",
- "last_modified": "2022-05-25",
+ "last_affected_version": "5.17",
+ "last_modified": "2022-06-10",
"ref_urls": {
"Debian": "https://security-tracker.debian.org/tracker/CVE-2022-1729",
"ExploitDB": "https://www.exploit-db.com/search?cve=2022-1729",
@@ -70392,8 +70415,8 @@
"breaks": "",
"cmt_msg": "KVM: x86/mmu: fix NULL pointer dereference on guest INVPCID",
"fixes": "9f46c187e2e680ecd9de7983e4d081c3391acc76",
- "last_affected_version": "5.17.11",
- "last_modified": "2022-06-05",
+ "last_affected_version": "5.17",
+ "last_modified": "2022-06-10",
"nvd_text": "With shadow paging enabled, the INVPCID instruction results in a call to kvm_mmu_invpcid_gva. If INVPCID is executed with CR0.PG=0, the invlpg callback is not set and the result is a NULL pointer dereference.",
"ref_urls": {
"Debian": "https://security-tracker.debian.org/tracker/CVE-2022-1789",
@@ -70425,8 +70448,8 @@
"breaks": "",
"cmt_msg": "KVM: x86: avoid calling x86 emulator without a decoded instruction",
"fixes": "fee060cd52d69c114b62d1a2948ea9648b5131f9",
- "last_affected_version": "5.17.12",
- "last_modified": "2022-06-09",
+ "last_affected_version": "5.18.1",
+ "last_modified": "2022-06-10",
"ref_urls": {
"Debian": "https://security-tracker.debian.org/tracker/CVE-2022-1852",
"ExploitDB": "https://www.exploit-db.com/search?cve=2022-1852",
@@ -70496,8 +70519,8 @@
"breaks": "",
"cmt_msg": "netfilter: nf_tables: disallow non-stateful expression in sets earlier",
"fixes": "520778042ccca019f3ffa136dd0ca565c486cedd",
- "last_affected_version": "5.17.12",
- "last_modified": "2022-06-09",
+ "last_affected_version": "5.18.1",
+ "last_modified": "2022-06-10",
"nvd_text": "A use-after-free vulnerability was found in the Linux kernel's Netfilter subsystem in net/netfilter/nf_tables_api.c. This flaw allows a local attacker with user access to cause a privilege escalation issue.",
"ref_urls": {
"Debian": "https://security-tracker.debian.org/tracker/CVE-2022-1966",
@@ -70513,8 +70536,8 @@
"breaks": "",
"cmt_msg": "netfilter: nf_tables: sanitize nft_set_desc_concat_parse()",
"fixes": "fecf31ee395b0295f2d7260aa29946b7605f7c85",
- "last_affected_version": "5.17.12",
- "last_modified": "2022-06-09",
+ "last_affected_version": "5.18.1",
+ "last_modified": "2022-06-10",
"ref_urls": {
"Debian": "https://security-tracker.debian.org/tracker/CVE-2022-1972",
"ExploitDB": "https://www.exploit-db.com/search?cve=2022-1972",
@@ -70529,8 +70552,8 @@
"breaks": "",
"cmt_msg": "fs/ntfs3: Fix invalid free in log_replay",
"fixes": "f26967b9f7a830e228bb13fb41bd516ddd9d789d",
- "last_affected_version": "5.17.13",
- "last_modified": "2022-06-09",
+ "last_affected_version": "5.18.2",
+ "last_modified": "2022-06-10",
"ref_urls": {
"Debian": "https://security-tracker.debian.org/tracker/CVE-2022-1973",
"ExploitDB": "https://www.exploit-db.com/search?cve=2022-1973",
@@ -70578,7 +70601,8 @@
"cmt_msg": "fanotify: Fix stale file descriptor in copy_event_to_user()",
"fixes": "ee12595147ac1fbfb5bcb23837e26dd58d94b15d",
"last_affected_version": "5.16.5",
- "last_modified": "2022-06-09",
+ "last_modified": "2022-06-10",
+ "nvd_text": "A use after free in the Linux kernel File System notify functionality was found in the way user triggers copy_info_records_to_user() call to fail in copy_event_to_user(). A local user could use this flaw to crash the system or potentially escalate their privileges on the system.",
"ref_urls": {
"Debian": "https://security-tracker.debian.org/tracker/CVE-2022-1998",
"ExploitDB": "https://www.exploit-db.com/search?cve=2022-1998",
@@ -70723,6 +70747,35 @@
"Ubuntu": "https://ubuntu.com/security/CVE-2022-20166"
}
},
+ "CVE-2022-21499": {
+ "affected_versions": "unk to v5.19-rc1",
+ "breaks": "",
+ "cmt_msg": "lockdown: also lock down previous kgdb use",
+ "cvss3": {
+ "Attack Complexity": "Low",
+ "Attack Vector": "Local",
+ "Availability": "High",
+ "Confidentiality": "High",
+ "Integrity": "High",
+ "Privileges Required": "High",
+ "Scope": "Unchanged",
+ "User Interaction": "Required",
+ "raw": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H",
+ "score": 6.5
+ },
+ "fixes": "eadb2f47a3ced5c64b23b90fd2a3463f63726066",
+ "last_affected_version": "5.18.0",
+ "last_modified": "2022-06-10",
+ "nvd_text": "KGDB and KDB allow read and write access to kernel memory, and thus should be restricted during lockdown. An attacker with access to a serial port could trigger the debugger so it is important that the debugger respect the lockdown mode when/if it is triggered. CVSS 3.1 Base Score 6.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H).",
+ "ref_urls": {
+ "Debian": "https://security-tracker.debian.org/tracker/CVE-2022-21499",
+ "ExploitDB": "https://www.exploit-db.com/search?cve=2022-21499",
+ "NVD": "https://nvd.nist.gov/vuln/detail/CVE-2022-21499",
+ "Red Hat": "https://access.redhat.com/security/cve/CVE-2022-21499",
+ "SUSE": "https://www.suse.com/security/cve/CVE-2022-21499",
+ "Ubuntu": "https://ubuntu.com/security/CVE-2022-21499"
+ }
+ },
"CVE-2022-22942": {
"affected_versions": "v4.14-rc1 to v5.17-rc2",
"breaks": "c906965dee22d5e95d0651759ba107b420212a9f",
diff --git a/data/stream_data.json b/data/stream_data.json
index 8e7c379..462ae09 100644
--- a/data/stream_data.json
+++ b/data/stream_data.json
@@ -3458,6 +3458,9 @@
"CVE-2020-10773": {
"cmt_msg": "s390/cmm: fix information leak in cmm_timeout_handler()"
},
+ "CVE-2022-21499": {
+ "cmt_msg": "lockdown: also lock down previous kgdb use"
+ },
"CVE-2020-25284": {
"cmt_msg": "rbd: require global CAP_SYS_ADMIN for mapping and unmapping"
},
@@ -6227,6 +6230,9 @@
"CVE-2020-10773": {
"cmt_msg": "s390/cmm: fix information leak in cmm_timeout_handler()"
},
+ "CVE-2022-21499": {
+ "cmt_msg": "lockdown: also lock down previous kgdb use"
+ },
"CVE-2020-25284": {
"cmt_msg": "rbd: require global CAP_SYS_ADMIN for mapping and unmapping"
},
@@ -9093,6 +9099,9 @@
"CVE-2020-10773": {
"cmt_msg": "s390/cmm: fix information leak in cmm_timeout_handler()"
},
+ "CVE-2022-21499": {
+ "cmt_msg": "lockdown: also lock down previous kgdb use"
+ },
"CVE-2020-25284": {
"cmt_msg": "rbd: require global CAP_SYS_ADMIN for mapping and unmapping"
},
@@ -11848,6 +11857,9 @@
"CVE-2020-10773": {
"cmt_msg": "s390/cmm: fix information leak in cmm_timeout_handler()"
},
+ "CVE-2022-21499": {
+ "cmt_msg": "lockdown: also lock down previous kgdb use"
+ },
"CVE-2020-25284": {
"cmt_msg": "rbd: require global CAP_SYS_ADMIN for mapping and unmapping"
},
@@ -14457,6 +14469,9 @@
"CVE-2020-10773": {
"cmt_msg": "s390/cmm: fix information leak in cmm_timeout_handler()"
},
+ "CVE-2022-21499": {
+ "cmt_msg": "lockdown: also lock down previous kgdb use"
+ },
"CVE-2020-25284": {
"cmt_msg": "rbd: require global CAP_SYS_ADMIN for mapping and unmapping"
},
@@ -18707,6 +18722,9 @@
"CVE-2019-12381": {
"cmt_msg": "ip_sockglue: Fix missing-check bug in ip_ra_control()"
},
+ "CVE-2022-21499": {
+ "cmt_msg": "lockdown: also lock down previous kgdb use"
+ },
"CVE-2020-7053": {
"cmt_msg": "drm/i915: Introduce a mutex for file_priv->context_idr"
},
@@ -20611,6 +20629,9 @@
"CVE-2020-10773": {
"cmt_msg": "s390/cmm: fix information leak in cmm_timeout_handler()"
},
+ "CVE-2022-21499": {
+ "cmt_msg": "lockdown: also lock down previous kgdb use"
+ },
"CVE-2020-25284": {
"cmt_msg": "rbd: require global CAP_SYS_ADMIN for mapping and unmapping"
},
@@ -23026,6 +23047,9 @@
"CVE-2020-10773": {
"cmt_msg": "s390/cmm: fix information leak in cmm_timeout_handler()"
},
+ "CVE-2022-21499": {
+ "cmt_msg": "lockdown: also lock down previous kgdb use"
+ },
"CVE-2020-25284": {
"cmt_msg": "rbd: require global CAP_SYS_ADMIN for mapping and unmapping"
},
@@ -26660,6 +26684,9 @@
"CVE-2019-12381": {
"cmt_msg": "ip_sockglue: Fix missing-check bug in ip_ra_control()"
},
+ "CVE-2022-21499": {
+ "cmt_msg": "lockdown: also lock down previous kgdb use"
+ },
"CVE-2020-7053": {
"cmt_msg": "drm/i915: Introduce a mutex for file_priv->context_idr"
},
@@ -28497,6 +28524,9 @@
"CVE-2020-10773": {
"cmt_msg": "s390/cmm: fix information leak in cmm_timeout_handler()"
},
+ "CVE-2022-21499": {
+ "cmt_msg": "lockdown: also lock down previous kgdb use"
+ },
"CVE-2020-25284": {
"cmt_msg": "rbd: require global CAP_SYS_ADMIN for mapping and unmapping"
},
@@ -32409,6 +32439,9 @@
"CVE-2020-10773": {
"cmt_msg": "s390/cmm: fix information leak in cmm_timeout_handler()"
},
+ "CVE-2022-21499": {
+ "cmt_msg": "lockdown: also lock down previous kgdb use"
+ },
"CVE-2016-1583": {
"cmt_msg": "proc: prevent stacking filesystems on top"
},
@@ -36133,6 +36166,9 @@
"CVE-2020-10773": {
"cmt_msg": "s390/cmm: fix information leak in cmm_timeout_handler()"
},
+ "CVE-2022-21499": {
+ "cmt_msg": "lockdown: also lock down previous kgdb use"
+ },
"CVE-2016-1583": {
"cmt_msg": "proc: prevent stacking filesystems on top"
},
@@ -40640,6 +40676,9 @@
"CVE-2020-25285": {
"cmt_msg": "mm/hugetlb: fix a race between hugetlb sysctl handlers"
},
+ "CVE-2022-21499": {
+ "cmt_msg": "lockdown: also lock down previous kgdb use"
+ },
"CVE-2020-25284": {
"cmt_msg": "rbd: require global CAP_SYS_ADMIN for mapping and unmapping"
},
@@ -44682,6 +44721,9 @@
"CVE-2020-10773": {
"cmt_msg": "s390/cmm: fix information leak in cmm_timeout_handler()"
},
+ "CVE-2022-21499": {
+ "cmt_msg": "lockdown: also lock down previous kgdb use"
+ },
"CVE-2020-25284": {
"cmt_msg": "rbd: require global CAP_SYS_ADMIN for mapping and unmapping"
},
@@ -47591,6 +47633,9 @@
"CVE-2020-10773": {
"cmt_msg": "s390/cmm: fix information leak in cmm_timeout_handler()"
},
+ "CVE-2022-21499": {
+ "cmt_msg": "lockdown: also lock down previous kgdb use"
+ },
"CVE-2016-1583": {
"cmt_msg": "proc: prevent stacking filesystems on top"
},
@@ -52620,6 +52665,9 @@
"CVE-2020-12364": {
"cmt_msg": "drm/i915/guc: Update to use firmware v49.0.1"
},
+ "CVE-2022-21499": {
+ "cmt_msg": "lockdown: also lock down previous kgdb use"
+ },
"CVE-2021-3542": {
"cmt_msg": ""
},
@@ -54972,6 +55020,9 @@
"CVE-2020-10773": {
"cmt_msg": "s390/cmm: fix information leak in cmm_timeout_handler()"
},
+ "CVE-2022-21499": {
+ "cmt_msg": "lockdown: also lock down previous kgdb use"
+ },
"CVE-2020-25284": {
"cmt_msg": "rbd: require global CAP_SYS_ADMIN for mapping and unmapping"
},
@@ -58025,6 +58076,9 @@
"CVE-2020-10773": {
"cmt_msg": "s390/cmm: fix information leak in cmm_timeout_handler()"
},
+ "CVE-2022-21499": {
+ "cmt_msg": "lockdown: also lock down previous kgdb use"
+ },
"CVE-2020-25284": {
"cmt_msg": "rbd: require global CAP_SYS_ADMIN for mapping and unmapping"
},
@@ -61799,6 +61853,9 @@
"CVE-2020-10773": {
"cmt_msg": "s390/cmm: fix information leak in cmm_timeout_handler()"
},
+ "CVE-2022-21499": {
+ "cmt_msg": "lockdown: also lock down previous kgdb use"
+ },
"CVE-2020-25284": {
"cmt_msg": "rbd: require global CAP_SYS_ADMIN for mapping and unmapping"
},
@@ -63573,6 +63630,9 @@
"CVE-2022-25265": {
"cmt_msg": ""
},
+ "CVE-2022-21499": {
+ "cmt_msg": "lockdown: also lock down previous kgdb use"
+ },
"CVE-2020-29374": {
"cmt_msg": "gup: document and work around \"COW can break either way\" issue"
},
@@ -66368,6 +66428,9 @@
"CVE-2020-10773": {
"cmt_msg": "s390/cmm: fix information leak in cmm_timeout_handler()"
},
+ "CVE-2022-21499": {
+ "cmt_msg": "lockdown: also lock down previous kgdb use"
+ },
"CVE-2016-1583": {
"cmt_msg": "proc: prevent stacking filesystems on top"
},
@@ -68210,6 +68273,9 @@
"CVE-2022-25265": {
"cmt_msg": ""
},
+ "CVE-2022-21499": {
+ "cmt_msg": "lockdown: also lock down previous kgdb use"
+ },
"CVE-2020-27152": {
"cmt_msg": "KVM: ioapic: break infinite recursion on lazy EOI"
},
@@ -69539,6 +69605,9 @@
"CVE-2022-25265": {
"cmt_msg": ""
},
+ "CVE-2022-21499": {
+ "cmt_msg": "lockdown: also lock down previous kgdb use"
+ },
"CVE-2019-19378": {
"cmt_msg": ""
},
@@ -70768,6 +70837,9 @@
"CVE-2022-25265": {
"cmt_msg": ""
},
+ "CVE-2022-21499": {
+ "cmt_msg": "lockdown: also lock down previous kgdb use"
+ },
"CVE-2019-19378": {
"cmt_msg": ""
},
@@ -75178,6 +75250,9 @@
"CVE-2020-12364": {
"cmt_msg": "drm/i915/guc: Update to use firmware v49.0.1"
},
+ "CVE-2022-21499": {
+ "cmt_msg": "lockdown: also lock down previous kgdb use"
+ },
"CVE-2021-3542": {
"cmt_msg": ""
},
@@ -77513,6 +77588,9 @@
"CVE-2020-10773": {
"cmt_msg": "s390/cmm: fix information leak in cmm_timeout_handler()"
},
+ "CVE-2022-21499": {
+ "cmt_msg": "lockdown: also lock down previous kgdb use"
+ },
"CVE-2020-25284": {
"cmt_msg": "rbd: require global CAP_SYS_ADMIN for mapping and unmapping"
},
@@ -80441,6 +80519,9 @@
"CVE-2020-10773": {
"cmt_msg": "s390/cmm: fix information leak in cmm_timeout_handler()"
},
+ "CVE-2022-21499": {
+ "cmt_msg": "lockdown: also lock down previous kgdb use"
+ },
"CVE-2020-25284": {
"cmt_msg": "rbd: require global CAP_SYS_ADMIN for mapping and unmapping"
},
@@ -82855,6 +82936,9 @@
"CVE-2020-10773": {
"cmt_msg": "s390/cmm: fix information leak in cmm_timeout_handler()"
},
+ "CVE-2022-21499": {
+ "cmt_msg": "lockdown: also lock down previous kgdb use"
+ },
"CVE-2020-25284": {
"cmt_msg": "rbd: require global CAP_SYS_ADMIN for mapping and unmapping"
},
@@ -84923,6 +85007,9 @@
"CVE-2020-10773": {
"cmt_msg": "s390/cmm: fix information leak in cmm_timeout_handler()"
},
+ "CVE-2022-21499": {
+ "cmt_msg": "lockdown: also lock down previous kgdb use"
+ },
"CVE-2020-25284": {
"cmt_msg": "rbd: require global CAP_SYS_ADMIN for mapping and unmapping"
},
@@ -86908,6 +86995,9 @@
"CVE-2020-10773": {
"cmt_msg": "s390/cmm: fix information leak in cmm_timeout_handler()"
},
+ "CVE-2022-21499": {
+ "cmt_msg": "lockdown: also lock down previous kgdb use"
+ },
"CVE-2020-29374": {
"cmt_msg": "gup: document and work around \"COW can break either way\" issue"
},
@@ -88291,6 +88381,9 @@
"CVE-2021-38204": {
"cmt_msg": "usb: max-3421: Prevent corruption of freed memory"
},
+ "CVE-2022-21499": {
+ "cmt_msg": "lockdown: also lock down previous kgdb use"
+ },
"CVE-2022-28389": {
"cmt_msg": "can: mcba_usb: mcba_usb_start_xmit(): fix double dev_kfree_skb in error path"
},
@@ -89133,6 +89226,9 @@
"CVE-2022-1973": {
"cmt_msg": "fs/ntfs3: Fix invalid free in log_replay"
},
+ "CVE-2022-21499": {
+ "cmt_msg": "lockdown: also lock down previous kgdb use"
+ },
"CVE-2022-25636": {
"cmt_msg": "netfilter: nf_tables_offload: incorrect flow offload action array size"
},
@@ -90318,6 +90414,10 @@
"cmt_msg": "KVM: x86/mmu: fix NULL pointer dereference on guest INVPCID",
"cmt_id": "9b4aa0d80b18b9d19e62dd47d22e274ce92cdc95"
},
+ "CVE-2022-21499": {
+ "cmt_msg": "lockdown: also lock down previous kgdb use",
+ "cmt_id": "a8f4d63142f947cd22fa615b8b3b8921cdaf4991"
+ },
"CVE-2022-1012": {
"cmt_msg": "secure_seq: use the 64 bits of the siphash for port offset calculation",
"cmt_id": "a5c68f457fbf52c5564ca4eea03f84776ef14e41"
@@ -91643,6 +91743,9 @@
"CVE-2021-3739": {
"cmt_msg": "btrfs: fix NULL pointer dereference when deleting device by invalid id"
},
+ "CVE-2022-21499": {
+ "cmt_msg": "lockdown: also lock down previous kgdb use"
+ },
"CVE-2022-24959": {
"cmt_msg": "yam: fix a memory leak in yam_siocdevprivate()"
},
@@ -92367,6 +92470,9 @@
},
"CVE-2013-7445": {
"cmt_msg": ""
+ },
+ "CVE-2022-21499": {
+ "cmt_msg": "lockdown: also lock down previous kgdb use"
}
}
},
@@ -92506,6 +92612,10 @@
}
},
"5.17.10": {
+ "CVE-2022-21499": {
+ "cmt_msg": "lockdown: also lock down previous kgdb use",
+ "cmt_id": "281d356a035132f2603724ee0f04767d70e2e98e"
+ },
"CVE-2022-1729": {
"cmt_msg": "perf: Fix sys_perf_event_open() race against self",
"cmt_id": "22fb2974224c9836eeaf0d24fdd481fcdaa0aea8"
@@ -93501,6 +93611,9 @@
"CVE-2013-7445": {
"cmt_msg": ""
},
+ "CVE-2022-21499": {
+ "cmt_msg": "lockdown: also lock down previous kgdb use"
+ },
"CVE-2022-25636": {
"cmt_msg": "netfilter: nf_tables_offload: incorrect flow offload action array size"
},
@@ -94026,6 +94139,10 @@
}
},
"5.15.42": {
+ "CVE-2022-21499": {
+ "cmt_msg": "lockdown: also lock down previous kgdb use",
+ "cmt_id": "69c5d307dce1560fafcb852f39d7a1bf5e266641"
+ },
"CVE-2022-1729": {
"cmt_msg": "perf: Fix sys_perf_event_open() race against self",
"cmt_id": "e085354dde254bc6c83ee604ea66c2b36f9f9067"
@@ -95966,6 +96083,9 @@
"CVE-2020-10773": {
"cmt_msg": "s390/cmm: fix information leak in cmm_timeout_handler()"
},
+ "CVE-2022-21499": {
+ "cmt_msg": "lockdown: also lock down previous kgdb use"
+ },
"CVE-2020-25284": {
"cmt_msg": "rbd: require global CAP_SYS_ADMIN for mapping and unmapping"
},
@@ -98309,6 +98429,10 @@
}
},
"5.4.197": {
+ "CVE-2022-21499": {
+ "cmt_msg": "lockdown: also lock down previous kgdb use",
+ "cmt_id": "8bb828229da903bb5710d21065e0a29f9afd30e0"
+ },
"CVE-2022-1012": {
"cmt_msg": "secure_seq: use the 64 bits of the siphash for port offset calculation",
"cmt_id": "ab5b00cfe0500f5f5a3648ca945b892156b839fb"
@@ -98704,6 +98828,253 @@
}
}
},
+ "5.18": {
+ "5.18": {
+ "CVE-2022-1789": {
+ "cmt_msg": "KVM: x86/mmu: fix NULL pointer dereference on guest INVPCID",
+ "cmt_id": "9f46c187e2e680ecd9de7983e4d081c3391acc76"
+ },
+ "CVE-2022-1729": {
+ "cmt_msg": "perf: Fix sys_perf_event_open() race against self",
+ "cmt_id": "3ac6487e584a1eb54071dbe1212e05b884136704"
+ }
+ },
+ "5.18.1": {
+ "CVE-2022-21499": {
+ "cmt_msg": "lockdown: also lock down previous kgdb use",
+ "cmt_id": "eca56bf0066ef2f1e7be0e3fa7564b85a309872c"
+ }
+ },
+ "5.18.2": {
+ "CVE-2022-1852": {
+ "cmt_msg": "KVM: x86: avoid calling x86 emulator without a decoded instruction",
+ "cmt_id": "02ea15c02befea2539d5f0d6b60ce8df88de418b"
+ },
+ "CVE-2022-1972": {
+ "cmt_msg": "netfilter: nf_tables: sanitize nft_set_desc_concat_parse()",
+ "cmt_id": "c9a46a3d549286861259c19af4747e12cfaeece9"
+ },
+ "CVE-2022-1966": {
+ "cmt_msg": "netfilter: nf_tables: disallow non-stateful expression in sets earlier",
+ "cmt_id": "8f44c83e51b4ca49c815f8dd0d9c38f497cdbcb0"
+ }
+ },
+ "5.18.3": {
+ "CVE-2022-1973": {
+ "cmt_msg": "fs/ntfs3: Fix invalid free in log_replay",
+ "cmt_id": "2aafbe9fb210a355d6e0e92a91f294dee80e5d44"
+ }
+ },
+ "outstanding": {
+ "CVE-2018-17977": {
+ "cmt_msg": ""
+ },
+ "CVE-2022-26878": {
+ "cmt_msg": ""
+ },
+ "CVE-2020-15802": {
+ "cmt_msg": ""
+ },
+ "CVE-2020-26557": {
+ "cmt_msg": ""
+ },
+ "CVE-2008-2544": {
+ "cmt_msg": ""
+ },
+ "CVE-2010-5321": {
+ "cmt_msg": ""
+ },
+ "CVE-2018-12930": {
+ "cmt_msg": ""
+ },
+ "CVE-2018-12931": {
+ "cmt_msg": ""
+ },
+ "CVE-2020-35501": {
+ "cmt_msg": ""
+ },
+ "CVE-2020-26556": {
+ "cmt_msg": ""
+ },
+ "CVE-2019-15902": {
+ "cmt_msg": "unknown"
+ },
+ "CVE-2021-39801": {
+ "cmt_msg": ""
+ },
+ "CVE-2021-39800": {
+ "cmt_msg": ""
+ },
+ "CVE-2021-39802": {
+ "cmt_msg": ""
+ },
+ "CVE-2019-15239": {
+ "cmt_msg": "unknown"
+ },
+ "CVE-2018-1121": {
+ "cmt_msg": ""
+ },
+ "CVE-2007-3719": {
+ "cmt_msg": ""
+ },
+ "CVE-2019-19378": {
+ "cmt_msg": ""
+ },
+ "CVE-2021-0695": {
+ "cmt_msg": ""
+ },
+ "CVE-2008-4609": {
+ "cmt_msg": ""
+ },
+ "CVE-2020-14304": {
+ "cmt_msg": ""
+ },
+ "CVE-2005-3660": {
+ "cmt_msg": ""
+ },
+ "CVE-2022-1882": {
+ "cmt_msg": ""
+ },
+ "CVE-2021-3542": {
+ "cmt_msg": ""
+ },
+ "CVE-2020-0347": {
+ "cmt_msg": ""
+ },
+ "CVE-2010-4563": {
+ "cmt_msg": ""
+ },
+ "CVE-2020-26140": {
+ "cmt_msg": ""
+ },
+ "CVE-2020-26143": {
+ "cmt_msg": ""
+ },
+ "CVE-2020-26142": {
+ "cmt_msg": ""
+ },
+ "CVE-2020-24503": {
+ "cmt_msg": ""
+ },
+ "CVE-2020-24502": {
+ "cmt_msg": ""
+ },
+ "CVE-2019-12456": {
+ "cmt_msg": ""
+ },
+ "CVE-2020-26560": {
+ "cmt_msg": ""
+ },
+ "CVE-2021-3892": {
+ "cmt_msg": ""
+ },
+ "CVE-2019-20794": {
+ "cmt_msg": ""
+ },
+ "CVE-2021-3714": {
+ "cmt_msg": ""
+ },
+ "CVE-2018-12929": {
+ "cmt_msg": ""
+ },
+ "CVE-2018-12928": {
+ "cmt_msg": ""
+ },
+ "CVE-2020-11725": {
+ "cmt_msg": ""
+ },
+ "CVE-2020-26559": {
+ "cmt_msg": ""
+ },
+ "CVE-2020-25220": {
+ "cmt_msg": ""
+ },
+ "CVE-2022-1116": {
+ "cmt_msg": ""
+ },
+ "CVE-2015-2877": {
+ "cmt_msg": ""
+ },
+ "CVE-2022-0171": {
+ "cmt_msg": ""
+ },
+ "CVE-2019-0146": {
+ "cmt_msg": ""
+ },
+ "CVE-2019-16089": {
+ "cmt_msg": ""
+ },
+ "CVE-2022-0400": {
+ "cmt_msg": ""
+ },
+ "CVE-2021-3864": {
+ "cmt_msg": ""
+ },
+ "CVE-2022-1679": {
+ "cmt_msg": ""
+ },
+ "CVE-2019-19814": {
+ "cmt_msg": ""
+ },
+ "CVE-2020-10708": {
+ "cmt_msg": ""
+ },
+ "CVE-2022-1652": {
+ "cmt_msg": ""
+ },
+ "CVE-2022-1184": {
+ "cmt_msg": ""
+ },
+ "CVE-2022-1247": {
+ "cmt_msg": ""
+ },
+ "CVE-2021-3847": {
+ "cmt_msg": ""
+ },
+ "CVE-2017-13693": {
+ "cmt_msg": ""
+ },
+ "CVE-2021-0399": {
+ "cmt_msg": ""
+ },
+ "CVE-2022-25265": {
+ "cmt_msg": ""
+ },
+ "CVE-2011-4917": {
+ "cmt_msg": ""
+ },
+ "CVE-2017-13694": {
+ "cmt_msg": ""
+ },
+ "CVE-2020-26555": {
+ "cmt_msg": ""
+ },
+ "CVE-2020-36516": {
+ "cmt_msg": ""
+ },
+ "CVE-2012-4542": {
+ "cmt_msg": ""
+ },
+ "CVE-2019-15290": {
+ "cmt_msg": ""
+ },
+ "CVE-2016-8660": {
+ "cmt_msg": ""
+ },
+ "CVE-2021-26934": {
+ "cmt_msg": ""
+ },
+ "CVE-2021-33135": {
+ "cmt_msg": ""
+ },
+ "CVE-2013-7445": {
+ "cmt_msg": ""
+ },
+ "CVE-2022-1462": {
+ "cmt_msg": ""
+ }
+ }
+ },
"5.3": {
"5.3": {
"CVE-2019-5108": {
@@ -100205,6 +100576,9 @@
"CVE-2020-10732": {
"cmt_msg": "fs/binfmt_elf.c: allocate initialized memory in fill_thread_core_info()"
},
+ "CVE-2022-21499": {
+ "cmt_msg": "lockdown: also lock down previous kgdb use"
+ },
"CVE-2020-29374": {
"cmt_msg": "gup: document and work around \"COW can break either way\" issue"
},
@@ -101652,6 +102026,9 @@
"CVE-2022-25265": {
"cmt_msg": ""
},
+ "CVE-2022-21499": {
+ "cmt_msg": "lockdown: also lock down previous kgdb use"
+ },
"CVE-2020-27152": {
"cmt_msg": "KVM: ioapic: break infinite recursion on lazy EOI"
},
diff --git a/data/stream_fixes.json b/data/stream_fixes.json
index 2afe000..bbddaef 100644
--- a/data/stream_fixes.json
+++ b/data/stream_fixes.json
@@ -30928,6 +30928,10 @@
"cmt_id": "22fb2974224c9836eeaf0d24fdd481fcdaa0aea8",
"fixed_version": "5.17.10"
},
+ "5.18": {
+ "cmt_id": "3ac6487e584a1eb54071dbe1212e05b884136704",
+ "fixed_version": "5.18"
+ },
"5.4": {
"cmt_id": "dd0ea88b0a0f913f82500e988ef38158a9ad9885",
"fixed_version": "5.4.196"
@@ -30975,6 +30979,10 @@
"5.17": {
"cmt_id": "19a66796d1f0dd4ce4b05f76d53ce1d0a7dc817d",
"fixed_version": "5.17.12"
+ },
+ "5.18": {
+ "cmt_id": "9f46c187e2e680ecd9de7983e4d081c3391acc76",
+ "fixed_version": "5.18"
}
},
"CVE-2022-1836": {
@@ -31019,6 +31027,10 @@
"5.17": {
"cmt_id": "dca5ea67a3e627a3022fe58722a2807c1ef61c29",
"fixed_version": "5.17.13"
+ },
+ "5.18": {
+ "cmt_id": "02ea15c02befea2539d5f0d6b60ce8df88de418b",
+ "fixed_version": "5.18.2"
}
},
"CVE-2022-1943": {
@@ -31043,6 +31055,10 @@
"5.17": {
"cmt_id": "d8db0465bcc4d4b54ecfb67b820ed26eb1440da7",
"fixed_version": "5.17.13"
+ },
+ "5.18": {
+ "cmt_id": "8f44c83e51b4ca49c815f8dd0d9c38f497cdbcb0",
+ "fixed_version": "5.18.2"
}
},
"CVE-2022-1972": {
@@ -31057,6 +31073,10 @@
"5.17": {
"cmt_id": "c88f3e3d243d701586239c5b69356ec2b1fd05f1",
"fixed_version": "5.17.13"
+ },
+ "5.18": {
+ "cmt_id": "c9a46a3d549286861259c19af4747e12cfaeece9",
+ "fixed_version": "5.18.2"
}
},
"CVE-2022-1973": {
@@ -31067,6 +31087,10 @@
"5.17": {
"cmt_id": "2088cc00491e8d25a99d0f247df843e9c3df2040",
"fixed_version": "5.17.14"
+ },
+ "5.18": {
+ "cmt_id": "2aafbe9fb210a355d6e0e92a91f294dee80e5d44",
+ "fixed_version": "5.18.3"
}
},
"CVE-2022-1974": {
@@ -31267,6 +31291,28 @@
"fixed_version": "5.4.170"
}
},
+ "CVE-2022-21499": {
+ "5.10": {
+ "cmt_id": "a8f4d63142f947cd22fa615b8b3b8921cdaf4991",
+ "fixed_version": "5.10.119"
+ },
+ "5.15": {
+ "cmt_id": "69c5d307dce1560fafcb852f39d7a1bf5e266641",
+ "fixed_version": "5.15.42"
+ },
+ "5.17": {
+ "cmt_id": "281d356a035132f2603724ee0f04767d70e2e98e",
+ "fixed_version": "5.17.10"
+ },
+ "5.18": {
+ "cmt_id": "eca56bf0066ef2f1e7be0e3fa7564b85a309872c",
+ "fixed_version": "5.18.1"
+ },
+ "5.4": {
+ "cmt_id": "8bb828229da903bb5710d21065e0a29f9afd30e0",
+ "fixed_version": "5.4.197"
+ }
+ },
"CVE-2022-22942": {
"4.14": {
"cmt_id": "e8d092a62449dcfc73517ca43963d2b8f44d0516",
diff --git a/kern.json b/kern.json
index 39648d7..a980322 100644
--- a/kern.json
+++ b/kern.json
@@ -3,5 +3,5 @@
"4.11", "4.13", "4.15", "4.16", "4.8", "4.17", "4.5", "4.6",
"4.7", "4.3", "4.20", "5.0", "4.18", "5.1", "5.2", "5.3", "5.6",
"5.5", "5.7", "5.9", "5.8", "5.9", "5.11", "5.12", "5.13", "5.14"],
- "supp_streams": ["4.9", "4.4", "4.14", "4.19", "5.4", "5.10", "5.15", "5.16", "5.17"]
+ "supp_streams": ["4.9", "4.4", "4.14", "4.19", "5.4", "5.10", "5.15", "5.16", "5.17", "5.18"]
}
