Google Git
Sign in
cos / mirrors / github.com / nluedtke / linux_kernel_cves / a75cfd70f7759d5603be02a6b8165cd67f9e0937 / . / data / 4.19 / 4.19_security.txt
blob: c1e45d90910f78425730703b669a9f5480f189d6 [file] [log] [blame]
CVEs fixed in 4.19:
CVE-2018-18281: eb66ae030829605d61fbef1909ce310e29f78821 mremap: properly flush TLB before releasing the page
CVEs fixed in 4.19-rc1:
CVE-2019-19083: 9ea29a1f8b9da52d8eca8b0996f1d84eac548d3b drm/amd/display: memory leak
CVEs fixed in 4.19.2:
CVE-2018-18955: 9a7a80fb02cc7515b273dbb4249374d6e6a35b70 userns: also map extents in the reverse map to kernel IDs
CVEs fixed in 4.19.3:
CVE-2018-16871: 20965de7f47207394ffe03d70a4806f5e1cfcd7f nfsd: COPY and CLONE operations require the saved filehandle to be set
CVE-2018-18710: c8099dbf492b565a4f75ae7b8c08b76ca18c4c3f cdrom: fix improper type cast, which can leat to information leak.
CVE-2018-19854: a0f044f025e9a023e1e2b33c0731291059e2748d crypto: user - fix leaking uninitialized memory to userspace
CVEs fixed in 4.19.7:
CVE-2018-16862: 16a2d602244ff5327cecd210fdd50ad5ad443c9c mm: cleancache: fix corruption on missed inode invalidation
CVE-2018-19406: ffb01e73737b4d3e66734c901ee666ae8a23a857 KVM: LAPIC: Fix pv ipis use-before-initialization
CVE-2018-19407: 61c42d657c859ccc95e53afdac64f73a0053b8ea KVM: X86: Fix scan ioapic use-before-initialization
CVE-2019-2025: 553927d6aab993e1297d0c69274cd0c2df5440ca binder: fix race that allows malicious free of live buffer
CVEs fixed in 4.19.8:
CVE-2018-18397: 10f98c134b02d11923d45ce6688c2479435e8ec9 userfaultfd: use ENOENT instead of EFAULT if the atomic copy user fails
CVEs fixed in 4.19.9:
CVE-2018-14625: f9cd25b1e5e575a5f18547bdc04ea40a23ad511a vhost/vsock: fix use-after-free in network stack callers
CVE-2018-19824: a7e719ace75e4451b7958cb73cbc12c627760007 ALSA: usb-audio: Fix UAF decrement if card has no live interfaces in card.c
CVE-2018-20169: 1b2e742bf7230ce04cda5b7348f922174bef2d7a USB: check usb_get_extra_descriptor for proper size
CVEs fixed in 4.19.13:
CVE-2018-16882: 1972ca04708330b0edd52956e644e3974065a613 KVM: Fix UAF in nested posted interrupt processing
CVE-2018-19985: 8f980122236c1fc8e11ffb57ec73315d01dc88e0 USB: hso: Fix OOB memory access in hso_probe/hso_get_config_data
CVEs fixed in 4.19.14:
CVE-2019-9245: 5036fcd9b14516f62efae6ed0c42dfbb9798b643 f2fs: sanity check of xattr entry size
CVEs fixed in 4.19.15:
CVE-2018-20784: dc8408ea0b22ab181ee541f3786b4fd6161e0ce3 sched/fair: Fix infinite loop in update_blocked_averages() by reverting a9e7f6544b9c
CVE-2019-15927: 8ee6f180d56fe760b275ab7f060c7b12fc05d7b7 ALSA: usb-audio: Avoid access before bLength check in build_audio_procunit()
CVE-2019-6133: bc999b5099d70030a9cb1aff2c48b073f65e0f8f fork: record start_time late
CVEs fixed in 4.19.16:
CVE-2018-16884: 44e7bab39f877c9c095bfaaee943b0807574a7f7 sunrpc: use-after-free in svc_process_common()
CVEs fixed in 4.19.17:
CVE-2019-11085: ac8b9e8e7ddd69f3efa91e8a99312de5729382c0 drm/i915/gvt: Fix mmap range check
CVE-2019-3701: 8db82a6f2b76d42ec2615f8def6e797e064e7822 can: gw: ensure DLC boundaries after CAN frame modification
CVE-2020-10769: 44c67402c3f738b7048de4464c02461bc8d0fd37 crypto: authenc - fix parsing key with misaligned rta_len
CVEs fixed in 4.19.18:
CVE-2019-9003: 1c393ca118cfaf36c95270b9bed295bba109fafa ipmi: fix use-after-free of user->release_barrier.rda
CVEs fixed in 4.19.19:
CVE-2019-7308: eed84f94ff8d97abcbc5706f6f9427520fd60a10 bpf: fix sanitation of alu op with pointer / scalar type from different paths
CVEs fixed in 4.19.20:
CVE-2018-16880: aafe74b726891386cd139d3432ec619ed5189b29 vhost: fix OOB in get_rx_bufs()
CVEs fixed in 4.19.21:
CVE-2019-3819: c70374ce418e7ae9276d3dc26aed0301e4da5e35 HID: debug: fix the ring buffer implementation
CVE-2019-6974: 24b027d2b1386da03aafb2aaac69d4fa67ee7d9c kvm: fix kvm_ioctl_create_device() reference counting (CVE-2019-6974)
CVE-2019-7221: 236fd677125f974aaf39f09074d226a884b4fe0e KVM: nVMX: unconditionally cancel preemption timer in free_nested (CVE-2019-7221)
CVE-2019-7222: 5a45d3720b5437515f8c094f1c3d61f6afe211c1 KVM: x86: work around leak of uninitialized stack contents (CVE-2019-7222)
CVE-2019-8956: 7c2361308e1727c3135ebb3b5c6906fb781bb261 sctp: walk the list of asoc safely
CVEs fixed in 4.19.25:
CVE-2019-8912: eb5e6869125f69dd28513f92992d97ec62bb9773 net: crypto set sk to NULL when af_alg_release.
CVE-2019-9162: 6a3f7237871c4d5c090ab9a6fce3ba6a1baf1f82 netfilter: nf_nat_snmp_basic: add missing length checks in ASN.1 cbs
CVEs fixed in 4.19.27:
CVE-2019-9213: de04d2973a62e4efb3de45e93bd46acd6d510e0a mm: enforce min addr even if capable() in expand_downwards()
CVEs fixed in 4.19.28:
CVE-2019-12818: f132b3f5f1ad1cbe818474ab8d0b555ff39369d5 net: nfc: Fix NULL dereference on nfc_llcp_build_tlv fails
CVE-2019-15916: 7ce2a517fd8b7742e381d3b3551b9b03e667ad79 net-sysfs: Fix mem leak in netdev_register_kobject
CVE-2019-16994: d0bedaac932f4c02c080a50d4a30b2a1fec5d682 net: sit: fix memory leak in sit_init_net()
CVE-2019-8980: b60d90b2d3d14c426693a0a34041db11be66d29e exec: Fix mem leak in kernel_read_file
CVEs fixed in 4.19.29:
CVE-2019-2101: ac8befb6dd601fd35c1d64167750c6698bc27c80 media: uvcvideo: Fix 'type' check leading to overflow
CVEs fixed in 4.19.30:
CVE-2019-12819: 96a3b14450afa83f4f3ffdeafaca19db8e05c2fd mdio_bus: Fix use-after-free on device_register fails
CVE-2019-16995: 996ee1aca7def6125e9d96f58151799d44082cfc net: hsr: fix memory leak in hsr_dev_finalize()
CVEs fixed in 4.19.31:
CVE-2019-10124: 234c0cc982211bb5539db632f31490bf0ad54827 mm: hwpoison: fix thp split handing in soft_offline_in_use_page()
CVE-2019-11811: a441fdaf8c3034436fb6045ee285e515628fc555 ipmi_si: fix use-after-free of resource->name
CVE-2019-16413: e08ba890dc29250fafdfa7c9dba62ccfeec8ef7f 9p: use inode->i_lock to protect i_size_write() under 32-bit
CVE-2019-9455: 573d423a9bd76b396954ddf847ff24d97658453d media: videobuf2-v4l2: drop WARN_ON in vb2_warn_zero_bytesused()
CVEs fixed in 4.19.32:
CVE-2019-15917: e365b94086f9dec02ddfcc193dcad72858c6d973 Bluetooth: hci_ldisc: Postpone HCI_UART_PROTO_READY bit set in hci_uart_set_proto()
CVEs fixed in 4.19.33:
CVE-2019-15921: 9b8ef421b481d6e648438131d867986c649c297c genetlink: Fix a memory leak on error path
CVE-2019-20054: 07d0d2bd957ad922cf571e7cabb6c34067142b93 fs/proc/proc_sysctl.c: fix NULL pointer dereference in put_links
CVE-2019-20811: d9d215be3a3aa8b3638f2705826f52a7fb84cf24 net-sysfs: call dev_hold if kobject_init_and_add success
CVE-2019-3459: 15d6538a0d6e0f6de5116081a948cba7cc3e1d3d Bluetooth: Verify that l2cap_get_conf_opt provides large enough buffer
CVE-2019-3460: 2318c0e4b87e590c9d8e88db185477cfac18abe2 Bluetooth: Check L2CAP option sizes returned from l2cap_get_conf_opt
CVEs fixed in 4.19.34:
CVE-2019-11810: 8032fc9120c211cd40beef4c91c8206f4167e523 scsi: megaraid_sas: return error when create DMA pool failed
CVEs fixed in 4.19.35:
CVE-2019-10639: a1c2f3229734a4bb8d5ac008c0a67e025aa11547 netns: provide pure entropy for net_hash_mix()
CVE-2019-11486: 894dc8495898cf6075eadf99fd496374decd3986 tty: mark Siemens R3964 line discipline as BROKEN
CVE-2019-11815: 78b4bf26a8a76569fd6d0b47d98fb553c333b06f net: rds: force to destroy connection if t_sock is NULL in rds_tcp_kill_sock().
CVE-2019-3887: 119031be7b0a2ce4ff4cd5525bec6d42817ff53d KVM: x86: nVMX: close leak of L0's x2APIC MSRs (CVE-2019-3887)
CVEs fixed in 4.19.36:
CVE-2019-15292: 6c42507f426b40c63e8eb98ce6dd4afbc7efcdb5 appletalk: Fix use-after-free in atalk_proc_exit
CVE-2019-9857: ca306c17d2edcc8aa3bf1724a5cb1ecefc31ef3b inotify: Fix fsnotify_mark refcount leak in inotify_update_existing_watch()
CVEs fixed in 4.19.37:
CVE-2019-11599: 6ff17bc5936e5fab33de8064dc0690f6c8c789ca coredump: fix race condition between mmget_not_zero()/get_task_mm() and core dumping
CVE-2019-15214: b50e435df2d8b9a1d3e956e1c767dfc7e30a441b ALSA: core: Fix card races between register and disconnect
CVE-2019-15919: 8fb89b43b65fcd35f15d982712904b96fc64c68a cifs: Fix use-after-free in SMB2_write
CVE-2019-15920: c69330a855ab4342d304f67f8c1e7d1fa2686bec cifs: Fix use-after-free in SMB2_read
CVE-2019-3892: 6ff17bc5936e5fab33de8064dc0690f6c8c789ca coredump: fix race condition between mmget_not_zero()/get_task_mm() and core dumping
CVEs fixed in 4.19.38:
CVE-2019-10125: d6b2615f7d31d8e58b685d42dbafcc7dc1204bbd aio: simplify - and fix - fget/fput for io_submit()
CVE-2019-15924: 9b9b0df4e7882638e53c55e8f556aa78915418b9 fm10k: Fix a potential NULL pointer dereference
CVE-2019-18805: 250e51f856e1534e3e769add508f121966030462 ipv4: set the tcp_min_rtt_wlen range from 0 to one day
CVE-2019-3882: f7b467ad1be0478f0341afa8a9ac112732def088 vfio/type1: Limit DMA mappings per container
CVEs fixed in 4.19.39:
CVE-2019-11487: 0311ff82b70fa12e80d188635bff24029ec06ae1 fs: prevent page refcount overflow in pipe_buf_get
CVEs fixed in 4.19.41:
CVE-2019-15216: 9f632afe4f3989d77fdbf8ac6a015d6beb03ccb9 USB: yurex: Fix protection fault after device removal
CVEs fixed in 4.19.42:
CVE-2018-20836: 0f18e433b97bf74bb62e0caa95c61e8631967fb9 scsi: libsas: fix a race condition when smp task timeout
CVE-2019-11884: c6d1f9b4b2cb768e29f5d44af143f25ad89062b1 Bluetooth: hidp: fix buffer overflow
CVEs fixed in 4.19.43:
CVE-2018-12126: 59a14fb5832c370c63ab483f4f3718a0f729c7f5 s390/speculation: Support 'mitigations=' cmdline option
CVE-2018-12127: 59a14fb5832c370c63ab483f4f3718a0f729c7f5 s390/speculation: Support 'mitigations=' cmdline option
CVE-2018-12130: 59a14fb5832c370c63ab483f4f3718a0f729c7f5 s390/speculation: Support 'mitigations=' cmdline option
CVE-2019-11091: 59a14fb5832c370c63ab483f4f3718a0f729c7f5 s390/speculation: Support 'mitigations=' cmdline option
CVEs fixed in 4.19.44:
CVE-2019-10142: e9ec5073c90d6de2ca5338bd67f7935b19d7c0c7 drivers/virt/fsl_hypervisor.c: prevent integer overflow in ioctl
CVEs fixed in 4.19.45:
CVE-2019-11833: 25d010f4e0ece1ddf0d8d57942c0b0f1568fe498 ext4: zero out the unused memory region in the extent tree block
CVEs fixed in 4.19.46:
CVE-2019-15666: c9516503fe53c8960f180c1cc1cdf2341bed843d xfrm: policy: Fix out-of-bound array accesses in __xfrm_policy_unlink
CVE-2019-25045: d410ef75886a4efb3c49b8bacd8e3c295235e744 xfrm: clean up xfrm protocol checks
CVEs fixed in 4.19.47:
CVE-2019-19543: aec118ecf579a6c70e505b39fc6eb6a2d878c89e media: serial_ir: Fix use-after-free in serial_ir_init_module
CVE-2019-19966: bdf3da72ae79f0cfb88c720dedabe16b0d67334b media: cpia2: Fix use-after-free in cpia2_exit
CVE-2019-20095: a27ce4840f89acd1e23efe2b4dfc0d512aa5b38a mwifiex: Fix mem leak in mwifiex_tm_cmd
CVE-2019-9466: 8783c4128c371668e401eee2f2ba3918c6211b81 brcmfmac: add subtype check for event handling in data path
CVE-2019-9500: cc240e057c1d48665dde8036144114854bae058c brcmfmac: assure SSID length from firmware is limited
CVE-2019-9503: 8783c4128c371668e401eee2f2ba3918c6211b81 brcmfmac: add subtype check for event handling in data path
CVEs fixed in 4.19.48:
CVE-2019-10638: 07480da0c8a1979e0973d6dd783b6aed966dccf6 inet: switch IP ID generator to siphash
CVE-2020-10720: 39fd0dc4a5565a1df7d84b1c92d2050233b15b5a net-gro: fix use-after-free read in napi_gro_frags()
CVEs fixed in 4.19.49:
CVE-2019-15212: d2d93077bac37c6895d8c58f564699a3a897c5db USB: rio500: refuse more than one device at a time
CVE-2019-15218: 35b1044566528b26d48b31a52069f45851d49885 media: usb: siano: Fix general protection fault in smsusb
CVE-2019-15219: d27ea5e9eb4ac45e0e4cf8250a45aa06b0944787 USB: sisusbvga: fix oops in error path of sisusb_probe
CVE-2019-15223: eb2eeec920fb1b9b6faf8ea340f6295a2d03602b ALSA: line6: Assure canceling delayed work at disconnection
CVE-2019-1999: 9d57cfd4e9d81400c1fe2b7cd4503f54830b46c2 binder: fix race between munmap() and direct reclaim
CVEs fixed in 4.19.50:
CVE-2019-13233: b598ddc7b9fc87b09bdadb63abf92b4ba46cd385 x86/insn-eval: Fix use-after-free access to LDT entry
CVEs fixed in 4.19.52:
CVE-2019-11477: c09be31461ed140976c60a87364415454a2c3d42 tcp: limit payload size of sacked skbs
CVE-2019-11478: ec83921899a571ad70d582934ee9e3e07f478848 tcp: tcp_fragment() should apply sane memory limits
CVE-2019-11479: 7f9f8a37e563c67b24ccd57da1d541a95538e8d9 tcp: add tcp_min_snd_mss sysctl
CVEs fixed in 4.19.53:
CVE-2019-15090: f3a7a1137ffc69e1f460eb9e1b5f4fd09d3c4ea9 scsi: qedi: remove memset/memcpy to nfunc and use func instead
CVE-2019-9453: ae3787d433f7b87ebf6b916e524c6e280e4e5804 f2fs: fix to avoid accessing xattr across the boundary
CVEs fixed in 4.19.54:
CVE-2019-12984: 4bb4ba362cc1ed3acb181a6d0b68c6de22be78e2 nfc: Ensure presence of required attributes in the deactivate_target handler
CVE-2019-15807: 114e8135ae0031556ead1bcb67249ecb84b804de scsi: libsas: delete sas port if expander discover failed
CVEs fixed in 4.19.56:
CVE-2019-0136: 0e879ef1cb5baddebe1f12a9a3940a87d8e61558 mac80211: drop robust management frames from unknown TA
CVE-2019-12615: 7b460a9bb13db3f442f153c2ab8a9ff8520c368c mdesc: fix a missing-check bug in get_vdev_port_node_info()
CVE-2019-12817: cd3e49394cb0f45c8dbf3c17c0818cd3d30b1332 powerpc/mm/64s/hash: Reallocate context ids on fork
CVEs fixed in 4.19.58:
CVE-2019-13272: 54435b7fff7bfb9515cc457b71c3734c1c3fff76 ptrace: Fix ->ptracer_cred handling for PTRACE_TRACEME
CVE-2019-15221: 7f52af5e9baa9c478edcecdd4058eeef2835b1c3 ALSA: line6: Fix write on zero-sized buffer
CVE-2019-9506: 5dd6139a0aa22112e46a6df5fd283046095822e0 Bluetooth: Fix faulty expression for minimum encryption key size check
CVEs fixed in 4.19.59:
CVE-2019-10126: c7e427e28a3a2d1b89b8f9fa7c3f559774d91a7b mwifiex: Fix heap overflow in mwifiex_uap_parse_tail_ies()
CVE-2019-15220: 449a8d08a4bc45101fa26e6d233b98258d33620a p54usb: Fix race between disconnect and firmware loading
CVE-2019-3846: d4c0f752c1d2c6383cc7582c19b2ed7159d45937 mwifiex: Fix possible buffer overflows at parsing bss descriptor
CVEs fixed in 4.19.61:
CVE-2019-13631: d657077eda7b5572d86f2f618391bb016b5d9a64 Input: gtco - bounds check collection indent level
CVE-2019-14283: ff54c44f103825a426e46d08b5d3d76e44791a87 floppy: fix out-of-bounds read in copy_buffer
CVE-2019-14284: 6e34fd07484a0622a17b40e0ca89ed451260ef45 floppy: fix div-by-zero in setup_format_params
CVE-2019-15213: 94f2b518a7882f562537796b77e3ce6a6461236d media: dvb: usb: fix use after free in dvb_usb_device_exit
CVE-2019-15925: 26d86b29e806769adba91bd6fc1f077b94e9b64b net: hns3: add some error checking in hclge_tm module
CVE-2019-15926: 83c911f4bd6846397017aa38c32dd18dc532f754 ath6kl: add some bounds checking
CVE-2019-17351: e73db096691e5f2720049502a3794a2a0c6d1b1f xen: let alloc_xenballooned_pages() fail if not enough memory free
CVEs fixed in 4.19.63:
CVE-2019-12382: 2a18d76592e0d86c7fddcc6a7aa52509a2900f9d drm/edid: Fix a missing-check bug in drm_load_edid_firmware()
CVE-2019-13648: b993a66d8ddc1c26da0d9aa3471789cc170b28ee powerpc/tm: Fix oops on sigreturn on systems without TM
CVEs fixed in 4.19.64:
CVE-2019-10207: 56966212e23f82ced10831f7cca02f7339147428 Bluetooth: hci_uart: check for missing tty operations
CVE-2019-15211: b3836af8560e27cd0d27940ff9c5a08b90b8d256 media: radio-raremono: change devm_k*alloc to k*alloc
CVE-2019-15215: 8b44cc225e6024174508164931cab9f01c79dca2 media: cpia2_usb: first wake up, then free in disconnect
CVE-2019-20934: 48046e092ad557a01d7daf53205624944793b19d sched/fair: Don't free p->numa_faults with concurrent readers
CVE-2019-2213: 22068d49d09d2b3890e19d7b2048a33340f992da binder: fix possible UAF when freeing buffer
CVE-2019-3900: 3af3b843aee41ed22343b011a4cf3812a80d2f38 vhost_net: fix possible infinite loop
CVEs fixed in 4.19.65:
CVE-2019-1125: befb822c062b4c3d93380a58d5fd479395e8b267 x86/speculation: Prepare entry code for Spectre v1 swapgs mitigations
CVEs fixed in 4.19.67:
CVE-2019-19531: 33f2240acfa8b4017ee5dd64601c8a5ec7f53b4e usb: yurex: Fix use-after-free in yurex_delete
CVE-2019-19535: 9ce1b3eb5489416338b2fb2b40f30f0d425700b4 can: peak_usb: pcan_usb_fd: Fix info-leaks to USB devices
CVE-2019-19536: cab569a44a524709d95bbd88700860ac45e5d5cf can: peak_usb: pcan_usb_pro: Fix info-leaks to USB devices
CVEs fixed in 4.19.68:
CVE-2019-15117: 58b9f19ee438990f6406e61943d0bc7c875a0921 ALSA: usb-audio: Fix an OOB bug in parse_audio_mixer_unit
CVE-2019-15118: 46f9a1bc60a4c15a14a6504168cee1c2e0bf3ab4 ALSA: usb-audio: Fix a stack buffer overflow bug in check_input_term
CVE-2019-19527: b545dc9debe69ca513b93f4a244451e9be14b0c5 HID: hiddev: do cleanup in failure of opening a device
CVE-2019-19530: c02c0249ce5523a7a264136ed36f857b85555bac usb: cdc-acm: make sure a refcount is taken early enough
CVE-2019-19537: 7f52d6d2a82df15d7ea01d69d0943d2abc201b43 USB: core: Fix races in character device registration and deregistraion
CVEs fixed in 4.19.69:
CVE-2019-15538: 11f85d4d77afb8f1cb1989f1565b26df21280118 xfs: fix missing ILOCK unlock when xfs_setattr_nonsize fails due to EDQUOT
CVEs fixed in 4.19.70:
CVE-2019-15902: b307f99dca5ab33edc1e04b9b479bcb0852ff85f unknown
CVEs fixed in 4.19.73:
CVE-2019-14835: ba03ee62aed0b0ee2eadfeb4a2fecc7d7eb47871 vhost: make sure log_num < in_num
CVE-2019-15030: 47a0f70d7d9ac3d6b1a96b312d07bc67af3834e9 powerpc/tm: Fix FP/VMX unavailable exceptions inside a transaction
CVE-2019-15031: 569775bd536416ed9049aa580d9f89a0b4307d60 powerpc/tm: Fix restoring FP/VMX facility incorrectly on interrupts
CVE-2019-15918: 4061e662c8e9f5fb796b05fd2ab58fed8cd16d59 cifs: Fix lease buffer length error
CVE-2019-19319: 2fd4629de51974002f4e9cf1a35a1926dd6c9d99 ext4: protect journal inode's blocks using block_validity
CVEs fixed in 4.19.74:
CVE-2019-15504: 3622d621e9beca76d53cd3007eb7b1d6e724716b rsi: fix a double free bug in rsi_91x_deinit()
CVEs fixed in 4.19.75:
CVE-2019-14814: 941431c491a68e0428bdfb46bbe4cbc52f7bfabb mwifiex: Fix three heap overflow at parsing element in cfg80211_ap_settings
CVE-2019-14815: 941431c491a68e0428bdfb46bbe4cbc52f7bfabb mwifiex: Fix three heap overflow at parsing element in cfg80211_ap_settings
CVE-2019-14816: 941431c491a68e0428bdfb46bbe4cbc52f7bfabb mwifiex: Fix three heap overflow at parsing element in cfg80211_ap_settings
CVE-2019-14821: 232a6462f43fceeac82bd99ef092b38e3a7ee296 KVM: coalesced_mmio: add bounds checking
CVE-2019-15505: b841a9f58d9c778d8c2c5f636dc06a53b9a47fa1 media: technisat-usb2: break out of loop at end of buffer
CVEs fixed in 4.19.77:
CVE-2019-17052: 6f0f18e532693ecc1e0c7938e0d63531ea62bc3e ax25: enforce CAP_NET_RAW for raw sockets
CVE-2019-17053: dd651ab7a11436f787aed0a987c85864b261ff19 ieee802154: enforce CAP_NET_RAW for raw sockets
CVE-2019-17054: 6fbf866276089853727dd9b31f1d251e61dde367 appletalk: enforce CAP_NET_RAW for raw sockets
CVE-2019-17055: 50dddec689cb2105f6bccf4a2c6fe43dcc3295d7 mISDN: enforce CAP_NET_RAW for raw sockets
CVE-2019-17056: 33fe1f517e29566d842535038be227c71a4bd54d nfc: enforce CAP_NET_RAW for raw sockets
CVE-2019-19080: 5b6c791f494d5e770dfd015390386f321b9a94da nfp: flower: prevent memory leak in nfp_flower_spawn_phy_reprs
CVE-2019-19081: 587df35cbf654a063372fb1b523a0b56a5f789ab nfp: flower: fix memory leak in nfp_flower_spawn_vnic_reprs
CVE-2019-19533: 8630a4d13683095fbf14091d59a20e1ac71fdd6b media: ttusb-dec: Fix info-leak in ttusb_dec_send_command()
CVEs fixed in 4.19.78:
CVE-2019-18806: 9d0995cc268b4a431dbfb29db5cac36546732bc0 net: qlogic: Fix memory leak in ql_alloc_large_buffers
CVEs fixed in 4.19.79:
CVE-2019-16746: 1bd17a737c9e7e91483d9a603528b0e6d4c772f8 nl80211: validate beacon head
CVE-2019-19525: 3f41e88f4bd44284c575ad3fb579581a16b39069 ieee802154: atusb: fix use-after-free at disconnect
CVEs fixed in 4.19.80:
CVE-2019-19523: 316f51d7759735a5295301ab22a7c6231b49c24f USB: adutux: fix use-after-free on disconnect
CVE-2019-19528: 2fdcf7e19bdefc683da824264c0898af39bf8d50 USB: iowarrior: fix use-after-free on disconnect
CVEs fixed in 4.19.81:
CVE-2019-17075: 27414f90ff6e1d7f6657e4a820b04a7b2d760272 RDMA/cxgb4: Do not dma memory off of the stack
CVE-2019-17133: 73c066a9552a6d33ed7de002855337d1c966e8ce cfg80211: wext: avoid copying malformed SSIDs
CVE-2019-19075: 960019214539ce75398eaf38d31c77b86aadd739 ieee802154: ca8210: prevent memory leak
CVEs fixed in 4.19.82:
CVE-2019-15098: 696da02259463ea634821e117088f82afe7bf851 ath6kl: fix a NULL-ptr-deref bug in ath6kl_usb_alloc_urb_from_pipe()
CVE-2019-15099: 696da02259463ea634821e117088f82afe7bf851 ath6kl: fix a NULL-ptr-deref bug in ath6kl_usb_alloc_urb_from_pipe()
CVE-2019-17666: 64efcbc7a5a3c7a14e42ccf7b8a7e7667d672a33 rtlwifi: Fix potential overflow on P2P code
CVE-2019-19048: c2ea451f22f180e9e46225f54b5ec50c50bb639f virt: vbox: fix memory leak in hgcm_call_preprocess_linaddr
CVE-2019-19060: 4a4206a83fc69782d4ef36d8f5eb28836d8b6814 iio: imu: adis16400: release allocated memory on failure
CVE-2019-19065: 962cff4f3f89acf54b6fb418e7ff386b720b0fd6 RDMA/hfi1: Prevent memory leak in sdma_init
CVE-2019-19526: 24aaf7f4528f0df0f29667d3921f4a63aa7b806c NFC: pn533: fix use-after-free and memleaks
CVE-2019-19532: 8a01c4b908cf0a5367d3309c1c0d4e9be655ce00 HID: Fix assumption that devices have inputs
CVE-2020-10773: ced8cb0230d070274cd26bec818dd7c67514d586 s390/cmm: fix information leak in cmm_timeout_handler()
CVEs fixed in 4.19.83:
CVE-2019-16233: 3ee6a8bdae81a09c1dc9c27d3a50e6b1b6a24676 scsi: qla2xxx: fix a potential NULL pointer dereference
CVE-2019-18282: 558d2bdad5f6a0dd65ed7ed4f74419e826a97759 net/flow_dissector: switch to siphash
CVE-2019-19049: fcc3f7c810c3bc595ce179ea4d9e18f506fd0d03 of: unittest: fix memory leak in unittest_data_add
CVEs fixed in 4.19.84:
CVE-2018-12207: a991063ce57684a2259688886643cf1c430f8188 kvm: x86, powerpc: do not allow clearing largepages debugfs entry
CVE-2019-0154: 011b7173cbdbd1a5f1826656693ea51516f15dc1 drm/i915: Lower RM timeout to avoid DSI hard hangs
CVE-2019-0155: b4b1abdc6b181cb78a072b95557ae392d423c3eb drm/i915: Rename gen7 cmdparser tables
CVE-2019-11135: 4002d16a2ae1e3bdc0aa36ce5089bd62b4b9eab6 x86/msr: Add the IA32_TSX_CTRL MSR
CVE-2019-16231: f09b99c883e82fd5d28a529e11e66c2e887da636 fjes: Handle workqueue allocation failure
CVE-2019-18813: 10eb9abd21bad2a9726f50557b38924cb8d81ccd usb: dwc3: pci: prevent memory leak in dwc3_pci_probe
CVE-2019-19045: 42de3a902443b64c6e3cf9c61d9cd6f30b2c0d67 net/mlx5: prevent memory leak in mlx5_fpga_conn_create_cq
CVE-2019-19052: 9289226f69822de0b716c0fbfc31db0283f14e2b can: gs_usb: gs_can_open(): prevent memory leak
CVE-2019-19529: ce9b94da0e043b7b0ec1bd3d0e451d956acff9c1 can: mcba_usb: fix use-after-free on disconnect
CVE-2019-19534: a7be2debb769092c7c07b9a866b055d8bee5afaf can: peak_usb: fix slab info leak
CVE-2019-19922: 502bd151448c2c76a927b26783e5538875c534ff sched/fair: Fix low cpu usage with high throttling by removing expiration of cpu-local slices
CVEs fixed in 4.19.85:
CVE-2019-19524: c02230815282a436366d3d0d6de6d2636dd71b74 Input: ff-memless - kill timer in destroy()
CVEs fixed in 4.19.87:
CVE-2019-15291: 8b42c263ec1a348bf098e6255407486c1bf17ece media: b2c2-flexcop-usb: add sanity checking
CVE-2019-18660: 0a60d4bddc0ba6a7e06d10efa59f7861837860b0 powerpc/book3s64: Fix link stack flush on context switch
CVE-2019-18683: 467052f6ea5a51524992e43f02b543550495c391 media: vivid: Fix wrong locking that causes race conditions on streaming stop
CVEs fixed in 4.19.88:
CVE-2019-12614: 32a24a397aee35ca2bb0f835b8f3daabd88890fa powerpc/pseries/dlpar: Fix a missing check in dlpar_parse_cc_property()
CVE-2019-19767: e91cce02f3025da559468729ea0ad9dea242d3eb ext4: add more paranoia checking in ext4_expand_extra_isize handling
CVEs fixed in 4.19.89:
CVE-2019-19062: 351a567ebf2482de4dd5e5bbd539f2175540b717 crypto: user - fix memory leak in crypto_report
CVE-2019-19071: 5da96cc31633a9076404621ebb89bbe78f2c8676 rsi: release skb if rsi_prepare_beacon fails
CVE-2019-19079: 754e3c0c31c96cf3a4a54ed2a8c63cca28109136 net: qrtr: fix memort leak in qrtr_tun_write_iter
CVE-2019-19227: 0977763a13fd87a7aebe376dc96385758de3aa9e appletalk: Fix potential NULL pointer dereference in unregister_snap_client
CVE-2019-19252: 627f3b9e4dd812dac9d93e578af80de751e704a4 vcs: prevent write access to vcsu devices
CVE-2019-19332: 5119ffd480b644d8bc9af741cc8ef435a7ec5ff7 KVM: x86: fix out-of-bounds write in KVM_GET_EMULATED_CPUID (CVE-2019-19332)
CVEs fixed in 4.19.90:
CVE-2019-19447: 8e7a865366105b978eef4108f49a12100eea4299 ext4: work around deleting a file with i_nlink == 0 safely
CVEs fixed in 4.19.92:
CVE-2019-16229: 55248674330101fb3ccf7cec8b729e8e067e5f71 drm/amdkfd: fix a potential NULL pointer dereference (v2)
CVE-2019-16230: 55248674330101fb3ccf7cec8b729e8e067e5f71 drm/amdkfd: fix a potential NULL pointer dereference (v2)
CVE-2019-16232: 60bb6967b543be59f66f60526ca816e1b33ec480 libertas: fix a potential NULL pointer dereference
CVE-2019-18786: debdd16cbd99ffc767227685e2738e5b495b7c54 media: rcar_drif: fix a memory disclosure
CVE-2019-19057: 1b3e52db38471d5ac896eb9be111565e3734d5b5 mwifiex: pcie: Fix memory leak in mwifiex_pcie_init_evt_ring
CVE-2019-19063: 3717a450f83945c481059a6921440e5e6fe3c856 rtlwifi: prevent memory leak in rtl_usb_probe
CVE-2019-19947: 9ed59600c3524f12144b30cfc1d86734cfb3927b can: kvaser_usb: kvaser_usb_leaf: Fix some info-leaks to USB devices
CVE-2019-20812: e99af2cb552e3fe1ec6157fc15856a89a6388886 af_packet: set defaule value for tmo
CVE-2020-0427: f88ac1330779c5bfdd79f7d7f7d4d3343c782f92 pinctrl: devicetree: Avoid taking direct reference to device name string
CVEs fixed in 4.19.93:
CVE-2020-10690: 0393b8720128d5b39db8523e5bfbfc689f18c37c ptp: fix the race between the release of ptp_clock and cdev
CVEs fixed in 4.19.94:
CVE-2019-18809: d933de8115f3263fd50cf3b1f1dac2faff02fd89 media: usb: fix memory leak in af9005_identify_state
CVE-2019-19965: 8b9bf467061bc89ccf4a43be637e08d8a70fd76d scsi: libsas: stop discovering if oob mode is disconnected
CVEs fixed in 4.19.95:
CVE-2019-14901: 21f08020dd8519baf209348c345131a8967e3cef mwifiex: Fix heap overflow in mmwifiex_process_tdls_action_frame()
CVEs fixed in 4.19.96:
CVE-2019-14615: dd4f3b3508f65fe37975db223365216316da3998 drm/i915/gen9: Clear residual context state on context switch
CVE-2019-14895: 0aa8632c57930243bea6fa4ebcbff8fac089e664 mwifiex: fix possible heap overflow in mwifiex_process_country_ie()
CVE-2019-19056: f2bde0e9989e243345316e3c96b352ab94037340 mwifiex: pcie: Fix memory leak in mwifiex_pcie_alloc_cmdrsp_buf
CVE-2019-19066: 486f51201528126bec2c647fa9d4216fc4fda91b scsi: bfa: release allocated memory in case of error
CVE-2019-19068: 0e27512c5d0bc2c3d33c1e7f73a8983015c82b83 rtl8xxxu: prevent leaking urb
CVE-2019-19078: aed1b68eadf22513ac1fbd389f591f91c8bdaaf5 ath10k: fix memory leak
CVE-2019-20636: f5b9bfbe94a042a2e3806efa4c6e1b6ddb4292c4 Input: add safety guards to input_set_keycode()
CVE-2020-0305: ec576895d61356a2cab096e1ca23bf7cc765e5b2 chardev: Avoid potential use-after-free in 'chrdev_open()'
CVE-2020-0431: 64c8b76e69acdecab62b035e72b12775d6d35a3b HID: hid-input: clear unmapped usages
CVEs fixed in 4.19.97:
CVE-2019-15217: 0648766cb7d336e5932278c316aef6aac35d60ab media: usb:zr364xx:Fix KASAN:null-ptr-deref Read in zr364xx_vidioc_querycap
CVE-2019-19058: 09044a4a142404799e519def0bbfcc98fa68c677 iwlwifi: dbg_ini: fix memory leak in alloc_sgtable
CVE-2019-19059: 6e41dd9731e13b0bdf2f57f84b9d25d009bd9f87 iwlwifi: pcie: fix memory leaks in iwl_pcie_ctxt_info_gen3_init
CVE-2019-19077: d203ff6a3059b7fc3a9b48048eaf5641ed7fda2c RDMA: Fix goto target to release the allocated memory
CVE-2019-19927: 8c2cdfb2c81bb533b9e6a3874ee5399102c4c580 drm/ttm: fix incrementing the page pointer for huge pages
CVE-2019-20096: e58c590c772eb5dc5a3603c5aef4148f47ab2e20 dccp: Fix memleak in __feat_register_sp
CVE-2019-5108: 8f483142b0bb278f67eabccbe3d6a0e8c45284ad mac80211: Do not send Layer 2 Update frame before authorization
CVE-2019-9445: 4124927e36b7753efb6faf1a508e2bc6783343cf f2fs: check if file namelen exceeds max value
CVEs fixed in 4.19.98:
CVE-2020-12652: 3dae5041c65545ac65d610375b4ac30b00f174a3 scsi: mptfusion: Fix double fetch bug in ioctl
CVE-2021-3635: 8260ce5aeee4d7c4a6305e469edeae1066de2800 netfilter: nf_tables: fix flowtable list del corruption
CVEs fixed in 4.19.99:
CVE-2019-19046: 211eabc55d07fc3709e967b08b6f5bb77198dbd0 ipmi: Fix memory leak in __ipmi_bmc_register
CVE-2019-20806: 30fd5b16c9081afebe74d4d614fe582ff84ef6b2 media: tw5864: Fix possible NULL pointer dereference in tw5864_handle_frame
CVEs fixed in 4.19.100:
CVE-2019-14896: cbd56515be5a8ea97134ef762b7a2923b94cb9c4 libertas: Fix two buffer overflows at parsing bss descriptor
CVE-2019-14897: cbd56515be5a8ea97134ef762b7a2923b94cb9c4 libertas: Fix two buffer overflows at parsing bss descriptor
CVE-2020-14416: bd1448458c6a67782d4e82c181b5540b5727546b can, slip: Protect tty->disc_data in write_wakeup and close with RCU
CVE-2020-8428: 752f72edea55f9b7c6fd019e71365def13a0f2b6 do_last(): fetch directory ->i_mode and ->i_uid before it's too late
CVEs fixed in 4.19.101:
CVE-2020-0432: 9dab6bbc9462c43001a88ee933a491a1502fa6f5 staging: most: net: fix buffer overflow
CVE-2020-12769: 6fb12237c51e73e65899f9b1df69cd3999b4d90a spi: spi-dw: Add lock protect dw_spi rx/tx to prevent concurrent calls
CVEs fixed in 4.19.103:
CVE-2019-3016: 25a7898937f4a9f32ca2d1e9b7f5f07176af8037 x86/kvm: Be careful not to clear KVM_VCPU_FLUSH_TLB bit
CVE-2020-0404: 3ceb3fcd6d1a6a65e7bf3873a63009d01ba4b05f media: uvcvideo: Avoid cyclic entity chains due to malformed USB descriptors
CVEs fixed in 4.19.104:
CVE-2020-12653: 48247f7e14911a4d18e9c774ba3a1d368f5d8a6f mwifiex: Fix possible buffer overflows in mwifiex_cmd_append_vsie_tlv()
CVE-2020-12654: fab5ca79960b7fbda4e9a79a4754c749fdea2bd0 mwifiex: Fix possible buffer overflows in mwifiex_ret_wmm_get_status()
CVEs fixed in 4.19.107:
CVE-2020-0009: a4307700608e43dcf9b8abf1ee74f68227e9c61a staging: android: ashmem: Disallow ashmem memory from being remapped
CVE-2020-2732: ed9e97c35b454ceb1da4f65c318015a7ab298dae KVM: nVMX: Don't emulate instructions in guest mode
CVE-2020-9383: c8fd87c53a1509162b910cec91c0c46753c58f9a floppy: check FDC index for errors before assigning it
CVEs fixed in 4.19.108:
CVE-2019-16234: 1d8780188c8d7f009a05d40fbb8a111eab89746d iwlwifi: pcie: fix rb_allocator workqueue allocation
CVE-2020-0444: c24d457a824f641ca328a20dd28872cfd97a005a audit: fix error handling in audit_data_to_entry()
CVE-2020-10942: ad598a48fe61c6c2407f08a807cb7a2ea83386b3 vhost: Check docket sk_family instead of call getname
CVE-2020-27068: 0fb31bd53a5e27394916758173eb748c5e0dbd47 cfg80211: add missing policy for NL80211_ATTR_STATUS_CODE
CVEs fixed in 4.19.109:
CVE-2020-8647: 7abe1e0a874418b07524c9e07225df1cbb421ce9 vgacon: Fix a UAF in vgacon_invert_region
CVE-2020-8648: 31559b59040fc0e6ad363642112d4eb03ad4ebb7 vt: selection, close sel_buffer race
CVE-2020-8649: 7abe1e0a874418b07524c9e07225df1cbb421ce9 vgacon: Fix a UAF in vgacon_invert_region
CVEs fixed in 4.19.111:
CVE-2020-12465: 319478cbd2be90995b011ca6adbd834121eb7acf mt76: fix array overflow on receiving too many fragments for a packet
CVEs fixed in 4.19.112:
CVE-2020-29370: 30f6cae722654caef2ab4bacb2e910bfd766866b mm: slub: add missing TID bump in kmem_cache_alloc_bulk()
CVEs fixed in 4.19.113:
CVE-2020-14381: e6d506cd2243aa8f6e19fdb4dc61d85275c2c918 futex: Fix inode life-time issue
CVEs fixed in 4.19.114:
CVE-2020-11608: 747a7431661ab3c22ad1e721558bdf9e3d53d4a6 media: ov519: add missing endpoint sanity checks
CVE-2020-11609: 70764334b2bcb15c67dfbd912d9a9f7076f6d0df media: stv06xx: add missing descriptor sanity checks
CVE-2020-11668: 5d064d7f0327d9425c5f63fa96efc70a74032d8b media: xirlink_cit: add missing descriptor sanity checks
CVE-2020-27066: 7ad217a824f7fab1e8534a6dfa82899ae1900bcb xfrm: policy: Fix doulbe free in xfrm_policy_timer
CVE-2021-3715: ea3d6652c240978736a91b9e85fde9fee9359be4 net_sched: cls_route: remove the right filter from hashtable
CVEs fixed in 4.19.115:
CVE-2020-11494: b774578329afb238ccd504477731129aa15e9ec2 slcan: Don't transmit uninitialized stack data in padding
CVE-2020-11565: fa138035f104ae14651ee3217d81fc16cd3aba4d mm: mempolicy: require at least one nodeid for MPOL_PREFERRED
CVEs fixed in 4.19.116:
CVE-2020-11669: 1855c5436fa50e8dc930b0a24c52157dceef9a54 powerpc/powernv/idle: Restore AMR/UAMOR/AMOR after idle
CVE-2020-12657: d999063be0cf91bff8e0d6daaea21e1a4f70d336 block, bfq: fix use-after-free in bfq_idle_slice_timer_body
CVE-2020-12826: a2a1be2de7e4d9a3a2c6cf8512d38eb24bbeb059 signal: Extend exec_id to 64bits
CVEs fixed in 4.19.118:
CVE-2020-12659: ad8fb61c184fe0f8d1e0b5b954d010fb9f94a6ee xsk: Add missing check on user supplied headroom size
CVEs fixed in 4.19.119:
CVE-2019-19768: 473d7f5ed75b8c3750f0c6b442c8e23090d6da8f blktrace: Protect q->blk_trace with RCU
CVE-2020-0067: ed523cbd4a6594edf123dc03ec9d70ea4f793671 f2fs: fix to avoid memory leakage in f2fs_listxattr
CVE-2020-11884: 215d1f3928713d6eaec67244bcda72105b898000 s390/mm: fix page table upgrade vs 2ndary address mode accesses
CVE-2020-12114: f511dc75d22e0c000fc70b54f670c2c17f5fba9a make struct mountpoint bear the dentry reference to mountpoint, not struct mount
CVE-2020-12464: 45ea77b75a604da875186519fea94997175c38e3 USB: core: Fix free-while-in-use bug in the USB S-Glibrary
CVE-2020-1749: 5dd6835278454a7c7a045462253625de7c16b13e net: ipv6_stub: use ip6_dst_lookup_flow instead of ip6_dst_lookup
CVEs fixed in 4.19.121:
CVE-2020-0255: 23075857ad192731fd9edcce3b5cd5db93602c26 selinux: properly handle multiple messages in selinux_netlink_send()
CVE-2020-10751: 23075857ad192731fd9edcce3b5cd5db93602c26 selinux: properly handle multiple messages in selinux_netlink_send()
CVEs fixed in 4.19.124:
CVE-2020-10711: caf6c20c6421ca687751d27b96c8021c655e56e6 netlabel: cope with NULL catmap
CVE-2020-12770: 34fcb4291e234468f9bf9d4b851c9f522f3bbb13 scsi: sg: add sg_remove_request in sg_write
CVE-2020-13143: a105bb549252e3e8bd9db0bdd81cdd6a853e4238 USB: gadget: fix illegal array access in binding with UDC
CVE-2020-27786: a507658fdb2ad8ca282b0eb42f2a40b805deb1e6 ALSA: rawmidi: Fix racy buffer resize under concurrent accesses
CVEs fixed in 4.19.125:
CVE-2019-18814: f1738ae012a106c6c8fa7d33ed47fb478d9d3c75 apparmor: Fix use-after-free in aa_audit_rule_init
CVE-2020-12768: 008708152ebb229c29e065135599984fa9c4a51c KVM: SVM: Fix potential memory leak in svm_cpu_init()
CVEs fixed in 4.19.126:
CVE-2020-10732: d16b0abe2687f7f0a2f6343a09797e8aac045c86 fs/binfmt_elf.c: allocate initialized memory in fill_thread_core_info()
CVEs fixed in 4.19.127:
CVE-2019-19462: 8b5dfa53eeb6c8bba5a035d38f6f8b981aebb622 kernel/relay.c: handle alloc_percpu returning NULL in relay_open
CVE-2020-10757: 78385480fd6572a83e7541e37658d9a7de6dc9b1 mm: Fix mremap not considering huge pmd devmap
CVEs fixed in 4.19.128:
CVE-2020-0543: 6682fe2fca22e45153e69f5b7ce7282bcba3565f x86/cpu: Add 'table' argument to cpu_matches()
CVE-2020-13974: 18059925dbb6a7b6be1c0166ecca29d6b7977c9a vt: keyboard: avoid signed integer overflow in k_ascii
CVEs fixed in 4.19.129:
CVE-2018-20669: 216284c4a126b28469eb0bf4994c669e251f47ba make 'user_access_begin()' do 'access_ok()'
CVE-2019-18885: 8cb9b069fa631b613bbbd6f63887190e55cafa3c btrfs: merge btrfs_find_device and find_device
CVE-2019-19036: 227af79e6cb0ee3faeb8c70be4bc0aec0b09ea25 btrfs: Detect unbalanced tree with empty leaf before crashing btree operations
CVE-2019-20810: 95b58c96a28e6174661dcd5bc543618973fc43d3 media: go7007: fix a miss of snd_card_free
CVE-2020-10766: 5aaf72a0dcb82d5c98f3b7df149baf4c7cf63e19 x86/speculation: Prevent rogue cross-process SSBD shutdown
CVE-2020-10767: 5d9d55cf4733c5ced8e1d19ea242a128ab9612d2 x86/speculation: Avoid force-disabling IBPB based on STIBP and enhanced IBRS.
CVE-2020-10768: 52c419ba4c96880abd61b38e6e08e4ecd17350f3 x86/speculation: PR_SPEC_FORCE_DISABLE enforcement for indirect branches.
CVE-2020-29368: 453d8a481b127edfa7fb76af1bc7586b7a63bdd2 mm: thp: make the THP mapcount atomic against __split_huge_pmd_locked()
CVE-2021-0342: 75e36c19ff10836e5d03f87cf17793cf83b59430 tun: correct header offsets in napi frags mode
CVEs fixed in 4.19.130:
CVE-2020-12771: 2ee8f6e72269eb06649ebab3da6bbf59aed3eabe bcache: fix potential deadlock problem in btree_gc_coalesce
CVE-2020-15436: 49289b1fa5a67011c4010e4e9c801b9d565ce395 block: Fix use-after-free in blkdev_get()
CVEs fixed in 4.19.131:
CVE-2020-12655: 135eccd83909e75389a5754577b0336bbd0939ef xfs: add agf freeblocks verify in xfs_agf_verify
CVEs fixed in 4.19.132:
CVE-2020-15393: 7b0f1f89a0dd6e257367eddc840179e85195ca18 usb: usbtest: fix missing kfree(dev->buf) in usbtest_disconnect
CVE-2020-24394: 2b3faab744b04de198aee4ed8dd74fca7a2a8306 nfsd: apply umask on fs without ACL support
CVEs fixed in 4.19.134:
CVE-2020-10781: 81a91bf266dd7f2dd56fc3472b7bb54348ac62c7 Revert "zram: convert remaining CLASS_ATTR() to CLASS_ATTR_RO()"
CVE-2020-14356: 0505cc4c908f46a4d22c4994dbbe7bc489d0c52d cgroup: fix cgroup_sk_alloc() for sk_clone_lock()
CVEs fixed in 4.19.135:
CVE-2020-15437: c358255ff1dfa51ddbcbc8dfcc4eaa5719008daa serial: 8250: fix null-ptr-deref in serial8250_start_tx()
CVEs fixed in 4.19.137:
CVE-2019-18808: 167edeeb034f65f57790ff70b1af84a501274d15 crypto: ccp - Release all allocated memory if sha type is invalid
CVE-2019-19054: 17271f33fd8811b364ae3c54671566434d46d3eb media: rc: prevent memory leak in cx23888_ir_probe
CVE-2019-19061: c57c213538156bff971aa352d9d7749196dfbfd8 iio: imu: adis16400: fix memory leak
CVE-2019-19067: e15f8a9b0046418295d09db24c1ec306c80d013b drm/amdgpu: fix multiple memory leaks in acp_hw_init
CVE-2019-19072: 7deb2dcb8963812742ed08420cfa4e23bbeda074 tracing: Have error path in predicate_parse() free its allocated memory
CVE-2019-19073: 5b8464dc9a6e81a16481549c77d0d341041e425e ath9k_htc: release allocated buffer if timed out
CVE-2019-19074: e0cf3ebfcf93dbce123b8bef00f549712efe1135 ath9k: release allocated buffer if timed out
CVE-2019-19082: 60e1b411bf0fd9fda2d2de7f45dc3b1d9960b85e drm/amd/display: prevent memory leak
CVE-2019-19813: 4e986ab36ed11ecf21de9b5aab0e46ac3342df93 btrfs: inode: Verify inode mode to avoid NULL pointer dereference
CVE-2019-19816: 4e986ab36ed11ecf21de9b5aab0e46ac3342df93 btrfs: inode: Verify inode mode to avoid NULL pointer dereference
CVE-2019-3874: 9a84bb13816fe3b361a75e10ee9821ab68aa36f5 sctp: implement memory accounting on tx path
CVE-2020-24490: 5df9e5613d1c51e16b1501a4c75e139fbbe0fb6c Bluetooth: fix kernel oops in store_pending_adv_report
CVEs fixed in 4.19.138:
CVE-2020-16166: 29204c846894d73108f87e78aea4757a8ec52c74 random32: update the net random state on interrupt and activity
CVEs fixed in 4.19.139:
CVE-2019-0145: 43a7e1cf606e96ee43f8897129972f0b79390367 i40e: add num_vectors checker in iwarp handler
CVE-2019-0147: 43a7e1cf606e96ee43f8897129972f0b79390367 i40e: add num_vectors checker in iwarp handler
CVE-2019-0148: 48a9be93ff2c5a09e308ef93560ea1f4ecbd22f6 i40e: Wrong truncation from u16 to u8
CVE-2020-14331: 61219546f3036d2b4a1898be7a38da22e97a3b62 vgacon: Fix for missing check in scrollback handling
CVE-2020-36386: 8c4a649c20fec015ebb326f36b47d4e39d9ff5b7 Bluetooth: Fix slab-out-of-bounds read in hci_extended_inquiry_result_evt()
CVEs fixed in 4.19.140:
CVE-2020-26088: b200620cada4eaa63108be32e040ed557a1965fd net/nfc/rawsock.c: add CAP_NET_RAW check.
CVE-2021-20292: 10c8a526b2db1fcdf9e2d59d4885377b91939c55 drm/ttm/nouveau: don't call tt destroy callback on alloc failure.
CVEs fixed in 4.19.141:
CVE-2019-19448: 627fa9d8071daad6aa84316c1fcb114a62db914f btrfs: only search for left_info if there is no right_info in try_merge_free_space
CVE-2020-25212: a906b868953a9c9bba44649a8fe760e818dd7224 nfs: Fix getxattr kernel panic and memory overflow
CVEs fixed in 4.19.142:
CVE-2020-0466: dcb6e6efb3298e59d90ee05c6ed33de810314892 do_epoll_ctl(): clean the failure exits up a bit
CVE-2020-14314: b3ddf6ba5e28a57729fff1605ae08e21be5c92e3 ext4: fix potential negative array index in do_split()
CVE-2020-29371: 9660983738399465fd0e3b1977a61bbd29b2e5be romfs: fix uninitialized memory leak in romfs_dev_read()
CVEs fixed in 4.19.144:
CVE-2020-0465: a47b8511d90528c77346597e2012100dfc28cd8c HID: core: Sanitize event code and type when mapping input
CVE-2020-12888: da7aea6eb5608695f590dcd72523536b709d0399 vfio-pci: Invalidate mmaps and block MMIO access on disabled memory
CVE-2020-14385: 017265f1421529a473c25dc46a0cee98facbb1a3 xfs: fix boundary test in xfs_attr_shortform_verify
CVE-2020-25285: 221ea9a3da9169dc3c9a364a5f938e215db6419e mm/hugetlb: fix a race between hugetlb sysctl handlers
CVE-2020-25641: b48bcb664b657ae94b19c0728978c88e012f7a37 block: allow for_each_bvec to support zero len bvec
CVE-2021-1048: 37d933e8b41b83bb8278815e366aec5a542b7e31 fix regression in "epoll: Keep a reference on files added to the check list"
CVEs fixed in 4.19.146:
CVE-2020-14390: 770adb5d2b8ebe94a92e4c9510f4f2517f4204eb fbcon: remove soft scrollback code
CVE-2020-25284: 0070f9906d7190d4c69e338403db4abfec81fe7f rbd: require global CAP_SYS_ADMIN for mapping and unmapping
CVE-2020-28097: f5fa64c8daf7b97280865c73903edc0a3eea819e vgacon: remove software scrollback support
CVEs fixed in 4.19.148:
CVE-2020-25643: 45676c0bc28eff8f46455b28e2db80a77676488b hdlc_ppp: add range checks in ppp_cp_parse_cr()
CVE-2020-25645: c797110d97c48054d1491251fd713900ff51615c geneve: add transport ports in route lookup for geneve
CVE-2020-36312: 19184bd06f488af62924ff1747614a8cb284ad63 KVM: fix memory leak in kvm_io_bus_unregister_dev()
CVE-2021-0605: b59a23d596807a5aa88d8dd5655a66c6843729b3 af_key: pfkey_dump needs parameter validation
CVEs fixed in 4.19.150:
CVE-2020-14386: 1c3886dc302329f199cc04f8a56ba44d17a0df16 net/packet: fix overflow in tpacket_rcv
CVE-2020-25211: 289fe546ea16c2dcb57c5198c5a7b7387604530e netfilter: ctnetlink: add a range check for l3/l4 protonum
CVE-2021-0448: 289fe546ea16c2dcb57c5198c5a7b7387604530e netfilter: ctnetlink: add a range check for l3/l4 protonum
CVE-2021-39634: 3e3bbc4d23eeb90bf282e98c7dfeca7702df3169 epoll: do not insert into poll queues until all sanity checks are done
CVEs fixed in 4.19.151:
CVE-2020-28915: 43198a5b1c42e3d8aadc6524a73bb3aa3666cd43 fbcon: Fix global-out-of-bounds read in fbcon_get_font()
CVEs fixed in 4.19.152:
CVE-2020-10135: 0c75831bc108ec23c663d969181a4dd7e4b651bb Bluetooth: Consolidate encryption handling in hci_encrypt_cfm
CVE-2020-12351: 360f80e34292dbe91c23e893f90cd357aff8b68a Bluetooth: L2CAP: Fix calling sk_filter on non-socket based channel
CVE-2020-12352: 128278f444ab3a0d38759c4935092d256edc77d0 Bluetooth: A2MP: Fix not initializing all members
CVEs fixed in 4.19.153:
CVE-2020-0423: 35cc2facc2a5ff52b9aa03f2dc81dcb000d97da3 binder: fix UAF when releasing todo list
CVE-2020-25705: d6c552505c0d1719dda42b4af2def0618bd7bf54 icmp: randomize the global rate limiter
CVEs fixed in 4.19.155:
CVE-2020-25656: 7e3ba72e5b9376e12839ea347c49fc4108244b0c vt: keyboard, extend func_buf_lock to readers
CVE-2020-25668: 619e366268e0430687d07b24b48f7382fc088c9f tty: make FONTX ioctl use the tty pointer they were actually passed
CVE-2020-27673: 25f6b08895d579b461487291d6e48b3953a8bf65 xen/events: add a proper barrier to 2-level uevent unmasking
CVE-2020-27675: 61d359d51a1cce8a5913843c8c3601dc878cc519 xen/events: avoid removing an event channel while handling it
CVE-2020-27777: 94e8f0bbc475228c93d28b2e0f7e37303db80ffe powerpc/rtas: Restrict RTAS requests from userspace
CVEs fixed in 4.19.156:
CVE-2019-19039: 1527c0e0229d2dd1c8ae1e73b1579bd8d5866b5b btrfs: Don't submit any btree write bio if the fs has errors
CVE-2019-19377: 1527c0e0229d2dd1c8ae1e73b1579bd8d5866b5b btrfs: Don't submit any btree write bio if the fs has errors
CVE-2019-19770: 8a78b4c0d6292d32d76b4268b5a33ae089a5d791 blktrace: fix debugfs use after free
CVE-2020-25704: 29a975bcc107d68e379a55048813ddf3e7b120b8 perf/core: Fix a memory leak in perf_event_parse_addr_filter()
CVE-2020-28974: 6612b754ac0c85ca8b1181b5d3ea4461a8c1bbcb vt: Disable KD_FONT_OP_COPY
CVE-2020-35508: b177d2d915cea2d0a590f0034a20299dd1ee3ef2 fork: fix copy_process(CLONE_PARENT) race with the exiting ->real_parent
CVEs fixed in 4.19.157:
CVE-2020-8694: 900281e167f45e0c0e5df6e59fa00334b5e38133 powercap: restrict energy meter to root access
CVEs fixed in 4.19.158:
CVE-2020-14351: 1cbfb60332f4e62224440f6d38a6b3114b2355f0 perf/core: Fix race in the perf_mmap_close() function
CVEs fixed in 4.19.159:
CVE-2020-25669: 8bf2e8fe8a8e2e05246215697bb55f8901faef44 Input: sunkbd - avoid use-after-free in teardown paths
CVE-2020-4788: f69bb4e51f41973fb7594be1479fa689831efe1a powerpc/64s: flush L1D on kernel entry
CVEs fixed in 4.19.160:
CVE-2020-28941: 3560603ef82f11277143a433170bca05bd9288a8 speakup: Do not let the line discipline be used several times
CVEs fixed in 4.19.162:
CVE-2020-35519: 304c080fc33258e3b177b6f0736b97d54e6fea3b net/x25: prevent a couple of overflows
CVEs fixed in 4.19.163:
CVE-2020-27830: de867367f35237729e285ff6efa3fd4e4b0b9008 speakup: Reject setting the speakup line discipline outside of speakup
CVE-2020-29660: 361e822b7d8a9d06d88f7cea0fdb0fb6e41c4d45 tty: Fix ->session locking
CVE-2020-29661: 13f10a78097df2f14d4e1fd390dbaa3e28502ca7 tty: Fix ->pgrp locking in tiocspgrp()
CVEs fixed in 4.19.164:
CVE-2020-27815: c7e31b2fecfe0ebd5bd6a8274b2fbfb9c9401738 jfs: Fix array index bounds check in dbAdjTree
CVE-2020-29568: 9039eb22f99545fa80a5897496452cf9962e3289 xen/xenbus: Allow watches discard events before queueing
CVE-2020-29569: 014ee1c7d184acb8986152014a570ba7c69d3616 xen-blkback: set ring->xenblkd to NULL after kthread_stop()
CVE-2021-0938: b207caff4176e3a6ba273243da2db2e595e4aad2 compiler.h: fix barrier_data() on clang
CVEs fixed in 4.19.166:
CVE-2020-36158: b35029a1f24fe511af750537e6565dcf68e5c862 mwifiex: Fix possible buffer overflows in mwifiex_cmd_802_11_ad_hoc_start
CVEs fixed in 4.19.167:
CVE-2020-28374: fff1180d24e68d697f98642d71444316036a81ff scsi: target: Fix XCOPY NAA identifier lookup
CVE-2021-39648: 83b74059fdf1c4fa6ed261725e6f301552ad23f7 usb: gadget: configfs: Fix use-after-free issue with udc_name
CVEs fixed in 4.19.170:
CVE-2021-3178: a08c2e586ad047fcea3f75664cca0915c77934fe nfsd4: readdirplus shouldn't return parent of export
CVEs fixed in 4.19.171:
CVE-2021-39657: b397fcae2207963747c6f947ef4d06575553eaef scsi: ufs: Correct the LUN used in eh_device_reset_handler() callback
CVEs fixed in 4.19.172:
CVE-2020-27825: acfa7ad7b7f6489e2bed20880ce090fdabdbb841 tracing: Fix race in trace_open and buffer resize call
CVE-2021-3347: 72f38fffa4758b878f819f8a47761b3f03443f36 futex: Ensure the correct return value from futex_lock_pi()
CVEs fixed in 4.19.173:
CVE-2021-3348: 424838c0f727f1d11ce2ccaabba96f4346c03906 nbd: freeze the queue while we're adding connections
CVEs fixed in 4.19.177:
CVE-2021-21781: 80ef523d2cb719c3de66787e922a96b5099d2fbb ARM: ensure the signal page contains defined contents
CVE-2021-26930: 98f16e171e2849dba76e2e0346e914452c030dc5 xen-blkback: fix error handling in xen_blkbk_map()
CVE-2021-26931: a01b49a9bf91a723f541139c063c1ff681ac536a xen-blkback: don't "handle" error by BUG()
CVE-2021-26932: dfed59ee4b41b0937163dfed36752d29e72d0712 Xen/x86: don't bail early from clear_foreign_p2m_mapping()
CVEs fixed in 4.19.178:
CVE-2021-0512: ffca531f71d078c6caf752d64bc2a592f420f7c6 HID: make arrays usage and value to be the same
CVE-2021-3612: 88438fdeeffe11dcb05c2dd0ddd22cb6e3f024b4 Input: joydev - prevent potential read overflow in ioctl
CVEs fixed in 4.19.179:
CVE-2021-27363: ae84b246a76c4ace5997e5ca7e9fde3e1a526bc3 scsi: iscsi: Restrict sessions and handles to admin capabilities
CVE-2021-27364: ae84b246a76c4ace5997e5ca7e9fde3e1a526bc3 scsi: iscsi: Restrict sessions and handles to admin capabilities
CVE-2021-27365: b2957d7baff77b399c7408dc12bacc7f63765897 scsi: iscsi: Ensure sysfs attributes are limited to PAGE_SIZE
CVE-2021-28038: 1a999d25ef536a14f6a7c25778836857adfba3f8 Xen/gnttab: handle p2m update errors on a per-slot basis
CVE-2021-30002: ff2111a6fab31923685b6ca8ea466ea0576b8a0e media: v4l: ioctl: Fix memory leak in video_usercopy
CVEs fixed in 4.19.181:
CVE-2021-28660: eda4378094de16090d74eacea3d8c10f7719ed25 staging: rtl8188eu: prevent ->ssid overflow in rtw_wx_set_scan()
CVE-2021-29265: c6b0ca71d3cd561decd39c1c4132c2d10a496e1a usbip: fix stub_dev usbip_sockfd_store() races leading to gpf
CVE-2021-33033: a44af1c69737f9e64d5134c34eb9d5c4c2e04da1 cipso,calipso: resolve a number of problems with the DOI refcounts
CVEs fixed in 4.19.183:
CVE-2021-28964: 12dc6889bcff1bc2921a1587afca55ca4091b73e btrfs: fix race when cloning extent buffer during rewind of an old root
CVE-2021-28971: b35214c541365c7dd7c9d5f44a02b0633a1cc83f perf/x86/intel: Fix a crash caused by zero PEBS status
CVE-2021-28972: f27a00f0d5b0646a52633e98f5fc3ef719004dcd PCI: rpadlpar: Fix potential drc_name corruption in store functions
CVEs fixed in 4.19.184:
CVE-2021-28688: 16356ddb587867c2a5ab85407eeb75f2b8818207 xen-blkback: don't leak persistent grants from xen_blkbk_map()
CVE-2021-29264: 9943741c2792a7f1d091aad38f496ed6eb7681c4 gianfar: fix jumbo packets+napi+rx overrun crash
CVE-2021-29647: 5f09be2a1a35cb8bd6c178d5f205b7265bd68646 net: qrtr: fix a kernel-infoleak in qrtr_recvmsg()
CVE-2021-29650: 81bc258370c6eeb1f41d350325e8a2c8e20fafad netfilter: x_tables: Use correct memory barriers.
CVE-2021-31916: 76aa61c55279fdaa8d428236ba8834edf313b372 dm ioctl: fix out of bounds array access when no devices
CVEs fixed in 4.19.185:
CVE-2021-0941: 8c1a77ae15ce70a72f26f4bb83c50f769011220c bpf: Remove MTU check in __bpf_skb_max_len
CVE-2021-3483: 89a2c28a3b67c7d918218f57e4bb7b591f7e5d0f firewire: nosy: Fix a use-after-free bug in nosy_ioctl()
CVEs fixed in 4.19.186:
CVE-2021-29154: 5f26f1f838aa960045c712e13dbab8ff451fed74 bpf, x86: Validate computation of branch displacements for x86-64
CVEs fixed in 4.19.187:
CVE-2020-25670: adbb1d218c5f56dbae052765da83c0f57fce2a31 nfc: fix refcount leak in llcp_sock_bind()
CVE-2020-25671: c14b50185cd0d5ba6d7a5eb8acf9fbcc3663416d nfc: fix refcount leak in llcp_sock_connect()
CVE-2020-25672: 301a4264d6ab56d2b9230066b060d7ceaa000d68 nfc: fix memory leak in llcp_sock_connect()
CVE-2020-25673: eab391e0766ed88262160b14bb7131f331f6af1a nfc: Avoid endless loops caused by repeated llcp_sock_connect()
CVE-2021-3659: c166c0f5311dc9de687b8985574a5ee5166d367e net: mac802154: Fix general protection fault
CVEs fixed in 4.19.188:
CVE-2021-0937: 12ec80252edefff00809d473a47e5f89c7485499 netfilter: x_tables: fix compat match/target pad out-of-bound write
CVE-2021-22555: 12ec80252edefff00809d473a47e5f89c7485499 netfilter: x_tables: fix compat match/target pad out-of-bound write
CVEs fixed in 4.19.189:
CVE-2020-29374: 5e24029791e809d641e9ea46a1f99806484e53fc gup: document and work around "COW can break either way" issue
CVE-2021-23133: 301084de76eb5bfedddda41ec33e2913e90c99e7 net/sctp: fix race condition in sctp_destroy_sock
CVEs fixed in 4.19.191:
CVE-2021-32399: 35113c4c9fa7c970ff456982e381dc9e9594154a bluetooth: eliminate the potential race condition when removing the HCI controller
CVE-2021-33034: 75e26178e26f910f7f26c79c2824b726eecf0dfb Bluetooth: verify AMP hci_chan before amp_destroy
CVE-2021-3506: bfa08a47cea2a9fab077c7135b9cfdf04e69c67a f2fs: fix to avoid out-of-bounds memory access
CVE-2021-4157: f27638a92f77d8107efbaf48a0d3bfa24da8cdad pNFS/flexfiles: fix incorrect size check in decode_nfs_fh()
CVEs fixed in 4.19.192:
CVE-2020-26558: 30126d4ba73119565f1748b116b9869ac6bbda6b Bluetooth: SMP: Fail if remote and local public keys are identical
CVE-2021-0129: 30126d4ba73119565f1748b116b9869ac6bbda6b Bluetooth: SMP: Fail if remote and local public keys are identical
CVEs fixed in 4.19.193:
CVE-2020-24586: 76ffc27967211afba6f0045ac840e7027fbeefcf mac80211: prevent mixed key and fragment cache attacks
CVE-2020-24587: 76ffc27967211afba6f0045ac840e7027fbeefcf mac80211: prevent mixed key and fragment cache attacks
CVE-2020-24588: 8ea9e997642360ea097710cfa7b1cd750a73fe64 cfg80211: mitigate A-MSDU aggregation attacks
CVE-2020-26139: 24347f561816634ab780bf7e03deeb049898b3bc mac80211: do not accept/forward invalid EAPOL frames
CVE-2020-26147: 3c919823e4cad7bdc2c92b0dd3b4dc463c9315bd mac80211: assure all fragments are encrypted
CVE-2021-33098: 938ffd6d2dd78fb83b9346c9b689e2a3a6fe7174 ixgbe: fix large MTU request from VF
CVE-2021-34981: f8be26b9950710fe50fb45358df5bd01ad18efb7 Bluetooth: cmtp: fix file refcount when cmtp_attach_device fails
CVEs fixed in 4.19.194:
CVE-2021-3564: 64700748e8a7af4883538c72ada57999d9a78e92 Bluetooth: fix the erroneous flush_work() order
CVE-2021-3573: 2b9e9c2ed0f1910b5201c5d37b355b60201df415 Bluetooth: use correct lock to prevent UAF of hdev object
CVE-2021-3587: 93e4ac2a9979a9a4ecc158409ed9c3044dc0ae1f nfc: fix NULL ptr dereference in llcp_sock_getname() after failed connect
CVE-2021-38208: 93e4ac2a9979a9a4ecc158409ed9c3044dc0ae1f nfc: fix NULL ptr dereference in llcp_sock_getname() after failed connect
CVEs fixed in 4.19.196:
CVE-2021-34693: 8899857d7e450805e6410de5004126491f197146 can: bcm: fix infoleak in struct bcm_msg_head
CVE-2021-35039: ff660863628fb144badcb3395cde7821c82c13a6 module: limit enabling module.sig_enforce
CVE-2021-3743: f8111c0d7ed42ede41a3d0d393b104de0730a8a6 net: qrtr: fix OOB Read in qrtr_endpoint_post
CVE-2021-45486: 7f7e23df8509e072593200400a4b094cc44376d2 inet: use bigger hash table for IP ID generation
CVEs fixed in 4.19.197:
CVE-2020-36311: cadf5bbcefbd9717e51c61d6128b520583ffdf4f KVM: SVM: Periodically schedule when unregistering regions on destroy
CVEs fixed in 4.19.198:
CVE-2021-33909: 6de9f0bf7cacc772a618699f9ed5c9f6fca58a1d seq_file: disallow extremely large seq buffer allocations
CVE-2021-3609: eabe65197876e4a0906eab784f5766c4c76098c7 can: bcm: delay release of struct bcm_op after synchronize_rcu()
CVE-2021-3655: c7a03ebace4f9cd40d9cd9dd5fb2af558025583c sctp: validate from_addr_param return
CVE-2021-38160: b5fba782ccd3d12a14f884cd20f255fc9c0eec0c virtio_console: Assure used length from device is limited
CVE-2021-38199: 743f6b973c8ba8a0a5ed15ab11e1d07fa00d5368 NFSv4: Initialise connection to the server in nfs4_alloc_client()
CVE-2021-45485: f0be58ec9931907e980cf21737e51d369808eb95 ipv6: use prandom_u32() for ID generation
CVE-2022-0850: 9ed3a3d3a8d2cbe99d9e4386a98856491f0eade0 ext4: fix kernel infoleak via ext4_extent_header
CVEs fixed in 4.19.199:
CVE-2021-22543: 117777467bc015f0dc5fc079eeba0fa80c965149 KVM: do not allow mapping valid but non-reference-counted pages
CVE-2021-3679: 6a99bfee7f5625d2577a5c3b09a2bd2a845feb8a tracing: Fix bug in rb_per_cpu_empty() that might cause deadloop.
CVE-2021-37576: 0493b10c06021796ba80cbe53c961defd5aca6e5 KVM: PPC: Book3S: Fix H_RTAS rets buffer overflow
CVE-2021-38204: 51fc12f4d37622fa0c481604833f98f11b1cac4f usb: max-3421: Prevent corruption of freed memory
CVEs fixed in 4.19.200:
CVE-2021-0920: 1dabafa9f61118b1377fde424d9a94bf8dbf2813 af_unix: fix garbage collect vs MSG_PEEK
CVEs fixed in 4.19.204:
CVE-2021-33624: 0abc8c9754c953f5cd0ac7488c668ca8d53ffc90 bpf: Inherit expanded/patched seen count from old aux data
CVE-2021-3732: 963d85d630dabe75a3cfde44a006fec3304d07b8 ovl: prevent private clone if bind mount is not allowed
CVE-2021-38198: 4c07e70141eebd3db64297515a427deea4822957 KVM: X86: MMU: Use the correct inherited permissions to get shadow page
CVE-2021-38205: 9322401477a6d1f9de8f18e5d6eb43a68e0b113a net: xilinx_emaclite: Do not print real IOMEM pointer
CVEs fixed in 4.19.205:
CVE-2020-3702: dd5815f023b89c9a28325d8a2a5f0779b57b7190 ath: Use safer key clearing with key cache entries
CVE-2021-3653: 42f4312c0e8a225b5f1e3ed029509ef514f2157a KVM: nSVM: avoid picking up unsupported bits from L2 in int_ctl (CVE-2021-3653)
CVE-2021-3656: 119d547cbf7c055ba8100309ad71910478092f24 KVM: nSVM: always intercept VMLOAD/VMSAVE when nested (CVE-2021-3656)
CVE-2021-42008: 4e370cc081a78ee23528311ca58fd98a06768ec7 net: 6pack: fix slab-out-of-bounds in decode_data
CVEs fixed in 4.19.206:
CVE-2021-3444: 39f74b7c81cca139c05757d9c8f9d1e35fbbf56b bpf: Fix truncation handling for mod32 dst reg wrt zero
CVE-2021-3600: 8313432df224d926590731ec3ace3e1bd7bc4a1a bpf: Fix 32 bit src register truncation on div/mod
CVE-2021-3753: 0776c1a20babb4ad0b7ce7f2f4e0806a97663187 vt_kdsetmode: extend console locking
CVE-2021-39633: c33471daf2763c5aee2b7926202c74b75c365119 ip_gre: add validation for csum_start
CVEs fixed in 4.19.207:
CVE-2020-16119: dfec82f3e5b8bd93ab65b7417a64886ec8c42f14 dccp: don't duplicate ccid when cloning dccp sock
CVE-2021-34556: 91cdb5b36234e6af69d6280f1510e4453707a2b8 bpf: Introduce BPF nospec instruction for mitigating Spectre v4
CVE-2021-35477: 91cdb5b36234e6af69d6280f1510e4453707a2b8 bpf: Introduce BPF nospec instruction for mitigating Spectre v4
CVE-2021-40490: c481607ba522e31e6ed01efefc19cc1d0e0a46fa ext4: fix race writing to an inline_data file while its xattrs are changing
CVE-2021-42252: 9c8891b638319ddba9cfa330247922cd960c95b0 soc: aspeed: lpc-ctrl: Fix boundary check for mmap
CVEs fixed in 4.19.208:
CVE-2021-20320: ddf58efd05b5d16d86ea4638675e8bd397320930 s390/bpf: Fix optimizing out zero-extensions
CVEs fixed in 4.19.209:
CVE-2021-37159: f6cf22a1ef49f8e131f99c3f5fd80ab6b23a2d21 usb: hso: fix error handling code of hso_create_net_device
CVE-2021-3744: 710be7c42d2f724869e5b18b21998ceddaffc4a9 crypto: ccp - fix resource leaks in ccp_run_aes_gcm_cmd()
CVE-2021-3764: 710be7c42d2f724869e5b18b21998ceddaffc4a9 crypto: ccp - fix resource leaks in ccp_run_aes_gcm_cmd()
CVE-2021-4203: 0512a9aede6e4417c4fa6e0042a7ca8bc7e06b86 af_unix: fix races in sk_peer_pid and sk_peer_cred accesses
CVEs fixed in 4.19.210:
CVE-2021-20317: b9a1ac8e7c03fd09992352c7fb1a61cbbb9ad52b lib/timerqueue: Rely on rbtree semantics for next timer
CVEs fixed in 4.19.211:
CVE-2021-20321: 9d4969d8b5073d02059bae3f1b8d9a20cf023c55 ovl: fix missing negative dentry check in ovl_rename()
CVE-2021-38300: 79f3a086dfc34887f9bbb0801768608b9470e942 bpf, mips: Validate conditional branch offsets
CVE-2021-41864: 078cdd572408176a3900a6eb5a403db0da22f8e0 bpf: Fix integer overflow in prealloc_elems_and_freelist()
CVEs fixed in 4.19.213:
CVE-2021-3894: c57fdeff69b152185fafabd37e6bfecfce51efda sctp: account stream padding length for reconf chunk
CVE-2022-0322: c57fdeff69b152185fafabd37e6bfecfce51efda sctp: account stream padding length for reconf chunk
CVEs fixed in 4.19.214:
CVE-2021-3760: 1ac0d736c8ae9b59ab44e4e80ad73c8fba5c6132 nfc: nci: fix the UAF of rf_conn_info object
CVE-2021-3896: 7d91adc0ccb060ce564103315189466eb822cc6a isdn: cpai: check ctr->cnr to avoid array index out of bound
CVE-2021-43389: 7d91adc0ccb060ce564103315189466eb822cc6a isdn: cpai: check ctr->cnr to avoid array index out of bound
CVE-2022-0644: c1ba20965b59c2eeb54a845ca5cab4fc7bcf9735 vfs: check fd has read access in kernel_read_file_from_fd()
CVEs fixed in 4.19.215:
CVE-2021-20322: c6d0d68d6da68159948cad3d808d61bb291a0283 ipv6: make exception cache less predictible
CVE-2021-3772: 1f52dfacca7bb315d89f5ece5660b0337809798e sctp: use init_tag from inithdr for ABORT chunk
CVEs fixed in 4.19.216:
CVE-2021-42739: 53ec9dab4eb0a8140fc85760fb50effb526fe219 media: firewire: firedtv-avc: fix a buffer overflow in avc_ca_pmt()
CVEs fixed in 4.19.218:
CVE-2021-3640: c1c913f797f3d2441310182ad75b7bd855a327ff Bluetooth: sco: Fix lock_sock() blockage by memcpy_from_msg()
CVE-2021-3752: 72bb30165337b7bce77578ad151fbfab6c8e693c Bluetooth: fix use-after-free error in lock_sock_nested()
CVE-2021-39686: 5d40061285b81a7e213dc9b37acc4a0545eedf32 binder: use euid from cred instead of using task
CVE-2021-4202: 62be2b1e7914b7340281f09412a7bbb62e6c8b67 NFC: reorganize the functions in nci_request
CVE-2021-45868: e5222c87dc441dcc8a66e93cb3fd34dfff03d3ec quota: check block number when reading the block in quota file
CVEs fixed in 4.19.219:
CVE-2021-4002: b0313bc7f5fbb6beee327af39d818ffdc921821a hugetlbfs: flush TLBs correctly after huge_pmd_unshare
CVEs fixed in 4.19.220:
CVE-2021-4083: 8bf31f9d9395b71af3ed33166a057cd3ec0c59da fget: check that the fd still exists after getting a ref to it
CVE-2021-43975: 0275fcd9b54f0364f66f2f3f6a0f3748648f3d35 atlantic: Fix OOB read and write in hw_atl_utils_fw_rpc_wait
CVEs fixed in 4.19.221:
CVE-2021-39685: 13e45e7a262dd96e8161823314679543048709b9 USB: gadget: detect too-big endpoint 0 requests
CVE-2021-39698: 8dd7c46a59756bdc29cb9783338b899cd3fb4b83 wait: add wake_up_pollfree()
CVE-2021-39713: ae214e04b95ff64a4b0e9aab6742520bfde6ff0c net: sched: use Qdisc rcu API instead of relying on rtnl lock
CVEs fixed in 4.19.222:
CVE-2021-28711: 269d7124bcfad2558d2329d0fe603ca20b20d3f4 xen/blkfront: harden blkfront against event channel storms
CVE-2021-28712: 3559ca594f15fcd23ed10c0056d40d71e5dab8e5 xen/netfront: harden netfront against event channel storms
CVE-2021-28713: 57e46acb3b48ea4e8efb1e1bea2e89e0c6cc43e2 xen/console: harden hvc_xen against event channel storms
CVE-2021-28714: 1de7644eac41981817fb66b74e0f82ca4477dc9d xen/netback: fix rx queue stall detection
CVE-2021-28715: c9f17e92917fd5786be872626a3928979ecc4c39 xen/netback: don't queue unlimited number of packages
CVE-2021-4135: d861443c4dc88650eed113310d933bd593d37b23 netdevsim: Zero-initialize memory for new map's value in function nsim_bpf_map_alloc
CVEs fixed in 4.19.223:
CVE-2021-45469: f9dfa44be0fb5e8426183a70f69a246cf5827f49 f2fs: fix to do sanity check on last xattr entry in __f2fs_setxattr()
CVE-2022-1195: b68f41c6320b2b7fbb54a95f07a69f3dc7e56c59 hamradio: improve the incomplete fix to avoid NPD
CVEs fixed in 4.19.224:
CVE-2021-44733: b4a661b4212b8fac8853ec3b68e4a909dccc88a1 tee: handle lookup of shm with reference count 0
CVEs fixed in 4.19.225:
CVE-2021-4155: 1c3564fca0e7b8c9e96245a2cb35e198b036ee9a xfs: map unwritten blocks in XFS_IOC_{ALLOC,FREE}SP just like fallocate
CVE-2021-45095: 4dece2760af408ad91d6e43afc485d20386c2885 phonet: refcount leak in pep_sock_accep
CVEs fixed in 4.19.226:
CVE-2020-36322: 1e1bb4933f1faafc68db8e0ecd5838a65dd1aae9 fuse: fix bad inode
CVE-2021-43976: 2f4b037bf6e8c663a593b8149263c5b6940c7afd mwifiex: Fix skb_over_panic in mwifiex_usb_recv()
CVEs fixed in 4.19.227:
CVE-2022-0330: b188780649081782e341e52223db47c49f172712 drm/i915: Flush TLBs before releasing backing store
CVE-2022-22942: 0008a0c78fc33a84e2212a7c04e6b21a36ca6f4d drm/vmwgfx: Fix stale file descriptors on failed usercopy
CVEs fixed in 4.19.228:
CVE-2022-0617: a23a59717f9f01a49394488f515550f9382fbada udf: Fix NULL ptr deref when converting from inline format
CVE-2022-24448: b00b4c6faad0f21e443fb1584f7a8ea222beb0de NFSv4: Handle case where the lookup of a directory fails
CVE-2022-24959: 4bd197ce18329e3725fe3af5bd27daa4256d3ac7 yam: fix a memory leak in yam_siocdevprivate()
CVEs fixed in 4.19.229:
CVE-2022-0435: f1af11edd08dd8376f7a84487cbb0ea8203e3a1d tipc: improve size validations for received domain records
CVE-2022-0487: 9c25d5ff1856b91bd4365e813f566cb59aaa9552 moxart: fix potential use-after-free on remove path
CVE-2022-0492: 939f8b491887c27585933ea7dc5ad4123de58ff3 cgroup-v1: Require capabilities to set release_agent
CVEs fixed in 4.19.230:
CVE-2022-25258: e5eb8d19aee115d8fb354d1eff1b8df700467164 USB: gadget: validate interface OS descriptor requests
CVE-2022-25375: db9aaa3026298d652e98f777bc0f5756e2455dda usb: gadget: rndis: check size of RNDIS_MSG_SET command
CVEs fixed in 4.19.231:
CVE-2022-20008: c91b06297563e84ac072464fe6cc141cc15435f0 mmc: block: fix read single on recovery logic
CVEs fixed in 4.19.232:
CVE-2022-26966: dde5ddf02a47487dd6efcc7077307f1d4e1ba337 sr9700: sanity check for packet length
CVE-2022-27223: ebc465e894890a534ce05e035eae4829a2a47ba1 USB: gadget: validate endpoint index for xilinx udc
CVEs fixed in 4.19.233:
CVE-2022-24958: 70196d12856306a17ddc3eae0f022b9c1d748e52 usb: gadget: don't release an existing dev->buf
CVEs fixed in 4.19.234:
CVE-2021-26401: d3cb3a6927222268a10b2f12dfb8c9444f7cc39e x86/speculation: Use generic retpoline by default on AMD
CVE-2022-0001: 25440a8c77dd2fde6a8e9cfc0c616916febf408e x86/speculation: Rename RETPOLINE_AMD to RETPOLINE_LFENCE
CVE-2022-0002: 25440a8c77dd2fde6a8e9cfc0c616916febf408e x86/speculation: Rename RETPOLINE_AMD to RETPOLINE_LFENCE
CVE-2022-23036: 17659846fe336366b1663194f5669d10f5947f53 xen/grant-table: add gnttab_try_end_foreign_access()
CVE-2022-23037: 927e4eb8ddf4968b6a33be992b28063f84552c72 xen/netfront: don't use gnttab_query_foreign_access() for mapped status
CVE-2022-23038: 17659846fe336366b1663194f5669d10f5947f53 xen/grant-table: add gnttab_try_end_foreign_access()
CVE-2022-23039: fbc57368ea527dcfa909908fc47a851a56e4e5ce xen/gntalloc: don't use gnttab_query_foreign_access()
CVE-2022-23040: 8d521d960aef22781ff499e16899c30af899de8d xen/xenbus: don't let xenbus_grant_ring() remove grants in error case
CVE-2022-23041: 2466bed361f3274e3e0ca9d8e539532481c06fea xen/9p: use alloc/free_pages_exact()
CVE-2022-23042: c307029d811e03546d18d0e512fe295b3103b8e5 xen/netfront: react properly to failing gnttab_end_foreign_access_ref()
CVE-2022-23960: dc64af755099d1e51fd64e99fe3a59b75595814a ARM: report Spectre v2 status through sysfs
CVEs fixed in 4.19.235:
CVE-2021-4149: 73d55fa1b9310573f623195a4f7ab3170bbaf248 btrfs: unlock newly allocated extent buffer after error
CVE-2022-1199: 5ab8de9377edde3eaf1de9872e2f01d43157cd6c ax25: Fix NULL pointer dereference in ax25_kill_by_device
CVEs fixed in 4.19.237:
CVE-2022-1016: 88791b79a1eb2ba94e95d039243e28433583a67b netfilter: nf_tables: initialize registers in nft_do_chain()
CVE-2022-26490: 0043b74987acb44f1ade537aad901695511cfebe nfc: st21nfca: Fix potential buffer overflows in EVT_TRANSACTION
CVE-2022-27666: ce89087966651ad41e103770efc5ce2742046284 esp: Fix possible buffer overflow in ESP transformation
CVE-2022-28356: d14193111c436fc5de33206c67c7afd45c730099 llc: fix netdevice reference leaks in llc_ui_bind()
CVEs fixed in 4.19.238:
CVE-2021-4197: 0bd407959f7d6671ba0617e2dbda3e89d8a0419f cgroup: Use open-time credentials for process migraton perm checks
CVE-2022-1011: 99db28212be68030c1db3a525f6bbdce39b039e9 fuse: fix pipe buffer lifetime for direct_io
CVE-2022-1198: 79e2f40c210a47f283bca352745068207798fbb9 drivers: hamradio: 6pack: fix UAF bug caused by mod_timer()
CVE-2022-1353: 693fe8af9a2625139de07bd1ae212a7d89c37795 af_key: add __GFP_ZERO flag for compose_sadb_supported in function pfkey_register
CVE-2022-1516: 4c240c5a105557e4546d0836e694868f22fd09b0 net/x25: Fix null-ptr-deref caused by x25_disconnect
CVE-2022-28389: a8bba9fd73775e66b4021b18f2193f769ce48a59 can: mcba_usb: mcba_usb_start_xmit(): fix double dev_kfree_skb in error path
CVE-2022-28390: dec3ed0c76483748268bf36ec278af660b0f80ba can: ems_usb: ems_usb_start_xmit(): fix double dev_kfree_skb() in error path
CVE-2022-30594: b1f438f872dcda10a79e6aeaf06fd52dfb15a6ab ptrace: Check PTRACE_O_SUSPEND_SECCOMP permission on PTRACE_SEIZE
CVEs fixed in 4.19.240:
CVE-2022-1204: de55a1338e6a48ff1e41ea8db1432496fbe2a62b ax25: Fix refcount leaks caused by ax25_cb_del()
CVE-2022-1205: 512f09df261b51b088f17d86dbdf300a3492523d ax25: Fix NULL pointer dereferences in ax25 timers
CVE-2022-28388: 8eb78da898079c0d7250c32ebf0c35fb81737abe can: usb_8dev: usb_8dev_start_xmit(): fix double dev_kfree_skb() in error path
CVEs fixed in 4.19.242:
CVE-2022-1419: df2c1f38939aabb8c6beca108f08b90f050b9ebc drm/vgem: Close use-after-free race in vgem_gem_create
Outstanding CVEs:
CVE-2005-3660: (unk)
CVE-2007-3719: (unk)
CVE-2008-2544: (unk)
CVE-2008-4609: (unk)
CVE-2010-4563: (unk)
CVE-2010-5321: (unk)
CVE-2011-4917: (unk)
CVE-2012-4542: (unk)
CVE-2013-7445: (unk)
CVE-2015-2877: (unk)
CVE-2016-8660: (unk)
CVE-2017-13693: (unk)
CVE-2017-13694: (unk)
CVE-2018-1121: (unk)
CVE-2018-12928: (unk)
CVE-2018-12929: (unk)
CVE-2018-12930: (unk)
CVE-2018-12931: (unk)
CVE-2018-17977: (unk)
CVE-2018-20854: (unk) phy: ocelot-serdes: fix out-of-bounds read
CVE-2019-0146: (unk)
CVE-2019-0149: (unk) i40e: Add bounds check for ch[] array
CVE-2019-10220: (unk) Convert filldir[64]() from __put_user() to unsafe_put_user()
CVE-2019-11191: (unk) x86: Deprecate a.out support
CVE-2019-12378: (unk) ipv6_sockglue: Fix a missing-check bug in ip6_ra_control()
CVE-2019-12379: (unk) consolemap: Fix a memory leaking bug in drivers/tty/vt/consolemap.c
CVE-2019-12380: (unk) efi/x86/Add missing error handling to old_memmap 1:1 mapping code
CVE-2019-12381: (unk) ip_sockglue: Fix missing-check bug in ip_ra_control()
CVE-2019-12455: (unk) clk-sunxi: fix a missing-check bug in sunxi_divs_clk_setup()
CVE-2019-12456: (unk)
CVE-2019-15222: (unk) ALSA: usb-audio: Fix gpf in snd_usb_pipe_sanity_check
CVE-2019-15239: (unk) unknown
CVE-2019-15290: (unk)
CVE-2019-15794: (unk) ovl: fix reference counting in ovl_mmap error path
CVE-2019-16089: (unk)
CVE-2019-18680: (unk)
CVE-2019-19070: (unk) spi: gpio: prevent memory leak in spi_gpio_probe
CVE-2019-19241: (unk) io_uring: async workers should inherit the user creds
CVE-2019-19378: (unk)
CVE-2019-19449: (unk) f2fs: fix to do sanity check on segment/section count
CVE-2019-19814: (unk)
CVE-2019-19815: (unk) f2fs: support swap file w/ DIO
CVE-2019-20794: (unk)
CVE-2019-20908: (unk) efi: Restrict efivar_ssdt_load when the kernel is locked down
CVE-2019-2181: (unk) binder: check for overflow when alloc for security context
CVE-2019-5489: (unk) Change mincore() to count "mapped" pages rather than "cached" pages
CVE-2020-0347: (unk)
CVE-2020-10708: (unk)
CVE-2020-11725: (unk)
CVE-2020-12362: (unk) drm/i915/guc: Update to use firmware v49.0.1
CVE-2020-12363: (unk) drm/i915/guc: Update to use firmware v49.0.1
CVE-2020-12364: (unk) drm/i915/guc: Update to use firmware v49.0.1
CVE-2020-12656: (unk) sunrpc: check that domain table is empty at module unload.
CVE-2020-14304: (unk)
CVE-2020-15780: (unk) ACPI: configfs: Disallow loading ACPI tables when locked down
CVE-2020-15802: (unk)
CVE-2020-16120: (unk) ovl: switch to mounter creds in readdir
CVE-2020-24502: (unk)
CVE-2020-24503: (unk)
CVE-2020-24504: (unk) ice: create scheduler aggregator node config and move VSIs
CVE-2020-26140: (unk)
CVE-2020-26141: (unk) ath10k: Fix TKIP Michael MIC verification for PCIe
CVE-2020-26142: (unk)
CVE-2020-26143: (unk)
CVE-2020-26145: (unk) ath10k: drop fragments with multicast DA for PCIe
CVE-2020-26541: (unk) certs: Add EFI_CERT_X509_GUID support for dbx entries
CVE-2020-26555: (unk)
CVE-2020-26556: (unk)
CVE-2020-26557: (unk)
CVE-2020-26559: (unk)
CVE-2020-26560: (unk)
CVE-2020-27820: (unk) drm/nouveau: use drm_dev_unplug() during device removal
CVE-2020-27835: (unk) IB/hfi1: Ensure correct mm is used at all times
CVE-2020-35501: (unk)
CVE-2020-36310: (unk) KVM: SVM: avoid infinite loop on NPF from bad address
CVE-2020-36313: (unk) KVM: Fix out of range accesses to memslots
CVE-2020-36385: (unk) RDMA/ucma: Rework ucma_migrate_id() to avoid races with destroy
CVE-2020-36516: (unk)
CVE-2020-7053: (unk) drm/i915: Introduce a mutex for file_priv->context_idr
CVE-2021-0399: (unk)
CVE-2021-0695: (unk)
CVE-2021-0707: (unk) dmabuf: fix use-after-free of dmabuf's file->f_inode
CVE-2021-0929: (unk) staging/android/ion: delete dma_buf->kmap/unmap implemenation
CVE-2021-20177: (unk) netfilter: add and use nf_hook_slow_list()
CVE-2021-26934: (unk)
CVE-2021-28951: (unk) io_uring: ensure that SQPOLL thread is started for exit
CVE-2021-29155: (unk) bpf: Use correct permission flag for mixed signed bounds arithmetic
CVE-2021-32078: (unk) ARM: footbridge: remove personal server platform
CVE-2021-33061: (unk) ixgbe: add improvement for MDD response functionality
CVE-2021-3542: (unk)
CVE-2021-3669: (unk) ipc: replace costly bailout check in sysvipc_find_ipc()
CVE-2021-3714: (unk)
CVE-2021-3759: (unk) memcg: enable accounting of ipc resources
CVE-2021-3847: (unk)
CVE-2021-3864: (unk)
CVE-2021-3892: (unk)
CVE-2021-39800: (unk)
CVE-2021-39801: (unk)
CVE-2021-39802: (unk)
CVE-2021-4023: (unk) io-wq: fix cancellation on create-worker failure
CVE-2021-4037: (unk) xfs: fix up non-directory creation in SGID directories
CVE-2021-4148: (unk) mm: khugepaged: skip huge page collapse for special files
CVE-2021-4150: (unk) block: fix incorrect references to disk objects
CVE-2021-4159: (unk) bpf: Verifer, adjust_scalar_min_max_vals to always call update_reg_bounds()
CVE-2021-4218: (unk) sysctl: pass kernel pointers to ->proc_handler
CVE-2021-44879: (unk) f2fs: fix to do sanity check on inode type during garbage collection
CVE-2022-0168: (unk) cifs: fix NULL ptr dereference in smb2_ioctl_query_info()
CVE-2022-0382: (unk) net ticp:fix a kernel-infoleak in __tipc_sendmsg()
CVE-2022-0400: (unk)
CVE-2022-0480: (unk) memcg: enable accounting for file lock caches
CVE-2022-0494: (unk) block-map: add __GFP_ZERO flag for alloc_page in function bio_copy_kern
CVE-2022-0500: (unk) bpf: Introduce MEM_RDONLY flag
CVE-2022-0742: (unk) ipv6: fix skb drops in igmp6_event_query() and igmp6_event_report()
CVE-2022-0812: (unk) xprtrdma: fix incorrect header size calculations
CVE-2022-0854: (unk) swiotlb: rework "fix info leak with DMA_FROM_DEVICE"
CVE-2022-0995: (unk) watch_queue: Fix filter limit check
CVE-2022-0998: (unk) vdpa: clean up get_config_size ret value handling
CVE-2022-1012: (unk) secure_seq: use the 64 bits of the siphash for port offset calculation
CVE-2022-1015: (unk) netfilter: nf_tables: validate registers coming from userspace.
CVE-2022-1043: (unk) io_uring: fix xa_alloc_cycle() error return value check
CVE-2022-1048: (unk) ALSA: pcm: Fix races among concurrent hw_params and hw_free calls
CVE-2022-1055: (unk) net: sched: fix use-after-free in tc_new_tfilter()
CVE-2022-1158: (unk) KVM: x86/mmu: do compare-and-exchange of gPTE via the user address
CVE-2022-1184: (unk)
CVE-2022-1263: (unk) KVM: avoid NULL pointer dereference in kvm_dirty_ring_push
CVE-2022-1280: (unk) drm: avoid circular locks in drm_mode_getconnector
CVE-2022-1508: (unk) io_uring: reexpand under-reexpanded iters
CVE-2022-1651: (unk) virt: acrn: fix a memory leak in acrn_dev_ioctl()
CVE-2022-1652: (unk)
CVE-2022-23222: (unk) bpf: Replace PTR_TO_XXX_OR_NULL with PTR_TO_XXX | PTR_MAYBE_NULL
CVE-2022-25265: (unk)
CVE-2022-25636: (unk) netfilter: nf_tables_offload: incorrect flow offload action array size
CVE-2022-26878: (unk)
CVE-2022-27950: (unk) HID: elo: fix memory leak in elo_probe
CVE-2022-28796: (unk) jbd2: fix use-after-free of transaction_t race
CVE-2022-28893: (unk) SUNRPC: Ensure we flush any closed sockets before xs_xprt_free()
CVE-2022-29156: (unk) RDMA/rtrs-clt: Fix possible double free in error case
CVE-2022-29582: (unk) io_uring: fix race between timeout flush and removal
CVE-2022-29968: (unk) io_uring: fix uninitialized field in rw io_kiocb