| |
| CVEs fixed in 5.4-rc1: |
| CVE-2019-15099: 39d170b3cb62ba98567f5c4f40c27b5864b304e5 ath6kl: fix a NULL-ptr-deref bug in ath6kl_usb_alloc_urb_from_pipe() |
| |
| CVEs fixed in 5.4.1: |
| CVE-2019-15291: acfcb05fbdb8ee3aad4359372c1b238a366b5355 media: b2c2-flexcop-usb: add sanity checking |
| CVE-2019-18660: 79f6bca3bc524d8b2e29bbc96ad541d13d6d9547 powerpc/book3s64: Fix link stack flush on context switch |
| CVE-2019-18683: 5aa7ad7e991e6cb0c3a1825dbe7f78c2a8116ccc media: vivid: Fix wrong locking that causes race conditions on streaming stop |
| |
| CVEs fixed in 5.4.2: |
| CVE-2019-19241: 8387e3688aa9e06a12b58abbcfe2cbfd0cf0f589 io_uring: async workers should inherit the user creds |
| CVE-2019-19602: 4c1bb6bbc541a1961ac3605a5507236961983185 x86/fpu: Don't cache access to fpu_fpregs_owner_ctx |
| CVE-2019-19767: 69412e8ac6206e36aa09a6e3f5503be020b64ba8 ext4: add more paranoia checking in ext4_expand_extra_isize handling |
| |
| CVEs fixed in 5.4.3: |
| CVE-2019-19050: d8d63ea238cc34dd3874969b13d44a158cd0fdd0 crypto: user - fix memory leak in crypto_reportstat |
| CVE-2019-19062: b022e155ccbcfadeaf5543d5b4d99c3c6d260ced crypto: user - fix memory leak in crypto_report |
| CVE-2019-19071: 9f513166a8e773081f86b198371f6a80b4bd52ec rsi: release skb if rsi_prepare_beacon fails |
| CVE-2019-19252: 0b0923bb6d2808bc6f3b03028fec685144227ba8 vcs: prevent write access to vcsu devices |
| CVE-2019-19332: 8ad39a3b44c1b452e51c0fc996d65911e2545b84 KVM: x86: fix out-of-bounds write in KVM_GET_EMULATED_CPUID (CVE-2019-19332) |
| CVE-2019-19338: 52c8b0c6e11e139f0e27ea41a7444bfbf17aa2e1 KVM: x86: fix presentation of TSX feature in ARCH_CAPABILITIES |
| |
| CVEs fixed in 5.4.4: |
| CVE-2019-19447: a44a5939a4097c98481a5b873b7bd9f387e56f59 ext4: work around deleting a file with i_nlink == 0 safely |
| CVE-2020-0041: 34d8a89fe156b082823f438f8240e8d57291c9f2 binder: fix incorrect calculation for num_valid |
| |
| CVEs fixed in 5.4.5: |
| CVE-2020-1749: 48d58ae9e87aaa11814364ddb52b3461f9abac57 net: ipv6_stub: use ip6_dst_lookup_flow instead of ip6_dst_lookup |
| |
| CVEs fixed in 5.4.7: |
| CVE-2019-16229: fbeec1d0e552662539a1b72e2530a7006bd677fa drm/amdkfd: fix a potential NULL pointer dereference (v2) |
| CVE-2019-16230: fbeec1d0e552662539a1b72e2530a7006bd677fa drm/amdkfd: fix a potential NULL pointer dereference (v2) |
| CVE-2019-16232: 6ab523073f222e2e3a4545cbe436ef94a33bffff libertas: fix a potential NULL pointer dereference |
| CVE-2019-18786: 96d7c3cb33c591070d067b048129a4ddd9fb9346 media: rcar_drif: fix a memory disclosure |
| CVE-2019-19037: 6cc4ccdd0b975f5f4c334fac71fee47e564472bf ext4: fix ext4_empty_dir() for directories with holes |
| CVE-2019-19057: 01b987532b79828ca67efb63eeec2bf07f3099df mwifiex: pcie: Fix memory leak in mwifiex_pcie_init_evt_ring |
| CVE-2019-19063: 39a974f8970268e7a02933e5cd6fab3e2dd8228e rtlwifi: prevent memory leak in rtl_usb_probe |
| CVE-2019-19070: d7bb7d20a8bac687c16838f2b7b5629d595512d1 spi: gpio: prevent memory leak in spi_gpio_probe |
| CVE-2019-19947: 9562cdb0af47c4040c4e7e842b87a43f86845c7a can: kvaser_usb: kvaser_usb_leaf: Fix some info-leaks to USB devices |
| CVE-2019-20812: 772f76457932305e63e2b796228158b842830022 af_packet: set defaule value for tmo |
| CVE-2020-0427: f739a699db7d5a5cf39ca3ce2c84e4fe4a8f4c5d pinctrl: devicetree: Avoid taking direct reference to device name string |
| |
| CVEs fixed in 5.4.8: |
| CVE-2020-10690: bfa2e0cd3dfda64fde43c3dca3aeba298d2fe7ad ptp: fix the race between the release of ptp_clock and cdev |
| |
| CVEs fixed in 5.4.9: |
| CVE-2019-18809: 3dba6e50d09ee8c05d5ba68bd69624ac1ea0c814 media: usb: fix memory leak in af9005_identify_state |
| CVE-2019-19965: 55c89290c7948e62ceac9eb3ffe6dd1555aa38d6 scsi: libsas: stop discovering if oob mode is disconnected |
| |
| CVEs fixed in 5.4.11: |
| CVE-2019-14901: 389c0f743f9629392d119a11da780054456e9c49 mwifiex: Fix heap overflow in mmwifiex_process_tdls_action_frame() |
| |
| CVEs fixed in 5.4.12: |
| CVE-2019-14615: 53b9bd37af59d1def99b20707536105857eb9bd0 drm/i915/gen9: Clear residual context state on context switch |
| CVE-2019-14895: cbd6a85021a38ce3071fc50f2e11b709b0add8c7 mwifiex: fix possible heap overflow in mwifiex_process_country_ie() |
| CVE-2019-19053: 5bbe72cf486c3b983f739b3e1d98b61c8a205795 rpmsg: char: release allocated memory |
| CVE-2019-19056: 3fe1ced40e189e31c21f6723fbe4bdf8d2731922 mwifiex: pcie: Fix memory leak in mwifiex_pcie_alloc_cmdrsp_buf |
| CVE-2019-19066: 448fe0b67c68d36cb45c09444c6b8298130d4c5e scsi: bfa: release allocated memory in case of error |
| CVE-2019-19068: e380d974731502d24e0353df36a883fe232c866b rtl8xxxu: prevent leaking urb |
| CVE-2019-19078: ad1e0d1976b9061bf2aca99249b0187c9bbd3334 ath10k: fix memory leak |
| CVE-2019-20636: 39f711b69799c49e0e385494b9b8c0787f51293f Input: add safety guards to input_set_keycode() |
| CVE-2020-0305: 341464390512ed50d5e96cf8f5340dcfbebd837a chardev: Avoid potential use-after-free in 'chrdev_open()' |
| CVE-2020-0431: 4091fbf6cc143c8ccd8275eaa642b2f2afe7c4ab HID: hid-input: clear unmapped usages |
| |
| CVEs fixed in 5.4.13: |
| CVE-2019-19064: bf3b4bc7bb03a2b0e67078d42a1d43ce05a14b7b spi: lpspi: fix memory leak in fsl_lpspi_probe |
| |
| CVEs fixed in 5.4.14: |
| CVE-2019-19043: 97e81f01f03c25a03ca1699111323e3984c3779c i40e: prevent memory leak in i40e_setup_macvlans |
| CVE-2020-12652: b307a5e97483d72c4a18cc8755d362d88b50c6d1 scsi: mptfusion: Fix double fetch bug in ioctl |
| CVE-2021-3635: 8f4dc50b5c12e159ac846fdc00702c547fdf2e95 netfilter: nf_tables: fix flowtable list del corruption |
| |
| CVEs fixed in 5.4.15: |
| CVE-2019-19046: 57d748f43f0742f58b5cf01b2d7b9a0d2e113e3d ipmi: Fix memory leak in __ipmi_bmc_register |
| |
| CVEs fixed in 5.4.16: |
| CVE-2019-14896: 40b1747b03684f03827b6323a17e4aa67af1e307 libertas: Fix two buffer overflows at parsing bss descriptor |
| CVE-2019-14897: 40b1747b03684f03827b6323a17e4aa67af1e307 libertas: Fix two buffer overflows at parsing bss descriptor |
| CVE-2020-14416: 34545cad8e0476aa6843f132e1177fe1517b2814 can, slip: Protect tty->disc_data in write_wakeup and close with RCU |
| CVE-2020-8428: 454759886d0b463213fad0f1c733469e2c501ab9 do_last(): fetch directory ->i_mode and ->i_uid before it's too late |
| |
| CVEs fixed in 5.4.17: |
| CVE-2020-0432: b5e5d81230ec6a24b3ce452fc41d8260292c686a staging: most: net: fix buffer overflow |
| CVE-2020-12769: 7db4e6c728cbb4caf6708b0181bc11763d1e89a7 spi: spi-dw: Add lock protect dw_spi rx/tx to prevent concurrent calls |
| |
| CVEs fixed in 5.4.19: |
| CVE-2019-3016: 68460ceba319a46ea14b36129bfd0a152e0f00c3 x86/kvm: Be careful not to clear KVM_VCPU_FLUSH_TLB bit |
| CVE-2020-0404: 6fcbff54ded118b29ca05f56aea85825d24a5645 media: uvcvideo: Avoid cyclic entity chains due to malformed USB descriptors |
| |
| CVEs fixed in 5.4.20: |
| CVE-2020-12653: 3c822e1f31186767d6b7261c3c066f01907ecfca mwifiex: Fix possible buffer overflows in mwifiex_cmd_append_vsie_tlv() |
| CVE-2020-12654: c5b071e3f44d1125694ad4dcf1234fb9a78d0be6 mwifiex: Fix possible buffer overflows in mwifiex_ret_wmm_get_status() |
| |
| CVEs fixed in 5.4.21: |
| CVE-2020-8992: 94f0fe04da78adc214b51523499031664f9db408 ext4: add cond_resched() to ext4_protect_reserved_inode |
| CVE-2022-1419: 3ea7f138cec139be98f8bb9fc1a6b432003f834e drm/vgem: Close use-after-free race in vgem_gem_create |
| |
| CVEs fixed in 5.4.23: |
| CVE-2020-0009: 41a53f5b68ec36bcd100816554c31e3cff7b6c6e staging: android: ashmem: Disallow ashmem memory from being remapped |
| CVE-2020-0110: e61c236dcf3416211008774b6c2bfa01753a82c1 sched/psi: Fix OOB write when writing 0 bytes to PSI files |
| CVE-2020-2732: 24dfae91a23a55c9f4cbe8fd778ed229ee9cced1 KVM: nVMX: Don't emulate instructions in guest mode |
| CVE-2020-36558: 897d5aaf3397e64a56274f2176d9e1b13adcb92e vt: vt_ioctl: fix race in VT_RESIZEX |
| CVE-2020-9383: 1eb78bc92c847f9e1c01a01b2773fc2fe7b134cf floppy: check FDC index for errors before assigning it |
| CVE-2020-9391: 95236ae76bf8c5a71bcbb90a0c46a564613831d7 mm: Avoid creating virtual address aliases in brk()/mmap()/mremap() |
| |
| CVEs fixed in 5.4.24: |
| CVE-2019-19768: 6f9cff84dde800b4d9eab071810fbe284686601e blktrace: Protect q->blk_trace with RCU |
| CVE-2020-0444: 37f4c2775267c6fea23172f4d0461eb42c8497a6 audit: fix error handling in audit_data_to_entry() |
| CVE-2020-10942: f09fbb1175cffdbbb36b28e2ff7db96dcc90de08 vhost: Check docket sk_family instead of call getname |
| CVE-2020-27068: f0593f5b1b64d3e08c67ee756c4253080e52afb2 cfg80211: add missing policy for NL80211_ATTR_STATUS_CODE |
| |
| CVEs fixed in 5.4.25: |
| CVE-2020-8647: 5d230547476eea90b57ed9fda4bfe5307779abbb vgacon: Fix a UAF in vgacon_invert_region |
| CVE-2020-8648: 4387bfa605206b57451e6f77af1287960981ffa2 vt: selection, close sel_buffer race |
| CVE-2020-8649: 5d230547476eea90b57ed9fda4bfe5307779abbb vgacon: Fix a UAF in vgacon_invert_region |
| |
| CVEs fixed in 5.4.26: |
| CVE-2020-12465: 02013734629bf57070525a3515509780092a63ab mt76: fix array overflow on receiving too many fragments for a packet |
| |
| CVEs fixed in 5.4.27: |
| CVE-2020-29370: ae119b7e12472517bc35c1c003d5abf26653674a mm: slub: add missing TID bump in kmem_cache_alloc_bulk() |
| |
| CVEs fixed in 5.4.28: |
| CVE-2019-19769: 384e15fc4226551a45b54226dc57bca7e23db9d8 locks: fix a potential use-after-free problem when wakeup a waiter |
| CVE-2020-14381: 553d46b07dc4813e1d8e6a3b3d6eb8603b4dda74 futex: Fix inode life-time issue |
| |
| CVEs fixed in 5.4.29: |
| CVE-2020-11608: e4af1cf37b901839320e40515d9a60a1c8b51f3a media: ov519: add missing endpoint sanity checks |
| CVE-2020-11609: 4490085a9e2d2cde69e865e3691223ea9e94513b media: stv06xx: add missing descriptor sanity checks |
| CVE-2020-11668: e7cd85f398cd1ffe3ce707ce7e2ec0e4a5010475 media: xirlink_cit: add missing descriptor sanity checks |
| CVE-2020-27066: 21af83e17ffae4955bbd8154a1e975826b8188a1 xfrm: policy: Fix doulbe free in xfrm_policy_timer |
| CVE-2021-3715: ff28c6195814bdbd4038b08d39e40f8d65d2025e net_sched: cls_route: remove the right filter from hashtable |
| |
| CVEs fixed in 5.4.30: |
| CVE-2020-36557: acf0e94019310a9e1c4b6807c208f49a25f74573 vt: vt_ioctl: fix VT_DISALLOCATE freeing in-use virtual console |
| |
| CVEs fixed in 5.4.31: |
| CVE-2020-11565: c3f87e03f90ff2901525cc99c0e3bfb6fcbfd184 mm: mempolicy: require at least one nodeid for MPOL_PREFERRED |
| |
| CVEs fixed in 5.4.32: |
| CVE-2020-11494: fdb6a094ba41e985d9fb14ae2bfc180e3e983720 slcan: Don't transmit uninitialized stack data in padding |
| |
| CVEs fixed in 5.4.33: |
| CVE-2019-19039: 941dabde6c1a56908696d6642229521a125dd77e btrfs: Don't submit any btree write bio if the fs has errors |
| CVE-2019-19377: 941dabde6c1a56908696d6642229521a125dd77e btrfs: Don't submit any btree write bio if the fs has errors |
| CVE-2020-12657: b37de1b1e882fa3741d252333e5745eea444483b block, bfq: fix use-after-free in bfq_idle_slice_timer_body |
| CVE-2020-12826: 5f2d04139aa5ed04eab54b84e8a25bab87a2449c signal: Extend exec_id to 64bits |
| |
| CVEs fixed in 5.4.35: |
| CVE-2020-12659: 25c9cdef57488578da21d99eb614b97ffcf6e59f xsk: Add missing check on user supplied headroom size |
| |
| CVEs fixed in 5.4.36: |
| CVE-2020-0067: 5811f24abd27a8a0791c6909c6ff803659060c84 f2fs: fix to avoid memory leakage in f2fs_listxattr |
| CVE-2020-11884: 44d9eb0ebe8fd04f46b18d10a18b2c543b379a0c s390/mm: fix page table upgrade vs 2ndary address mode accesses |
| CVE-2020-12464: b48193a7c303272d357b27dd7d72cbf89f7b2d35 USB: core: Fix free-while-in-use bug in the USB S-Glibrary |
| |
| CVEs fixed in 5.4.39: |
| CVE-2020-0255: eeef0d9fd40df3c033dca68bca8249e5951660ac selinux: properly handle multiple messages in selinux_netlink_send() |
| CVE-2020-10751: eeef0d9fd40df3c033dca68bca8249e5951660ac selinux: properly handle multiple messages in selinux_netlink_send() |
| |
| CVEs fixed in 5.4.42: |
| CVE-2020-10711: debcbc56fdfc2847804d3d00d43f68f3074c5987 netlabel: cope with NULL catmap |
| CVE-2020-12770: 2d6d0ce4de03832c8deedeb16c7af52868d7e99e scsi: sg: add sg_remove_request in sg_write |
| CVE-2020-13143: 6bb054f006c3df224cc382f1ebd81b7276dcfb1c USB: gadget: fix illegal array access in binding with UDC |
| CVE-2020-27786: 3fa58fc9f8c4d2b3557bca4363653464546e497e ALSA: rawmidi: Fix racy buffer resize under concurrent accesses |
| |
| CVEs fixed in 5.4.43: |
| CVE-2019-18814: 97d817b9ef13e2d52a86ea032b0df6a922e0e9df apparmor: Fix use-after-free in aa_audit_rule_init |
| CVE-2020-12768: ac46cea606d59be18a6afd4560c48bcca836c44c KVM: SVM: Fix potential memory leak in svm_cpu_init() |
| |
| CVEs fixed in 5.4.44: |
| CVE-2020-10732: a02c130efbbce91af1e9dd99a5a381dd43494e15 fs/binfmt_elf.c: allocate initialized memory in fill_thread_core_info() |
| |
| CVEs fixed in 5.4.45: |
| CVE-2019-19462: 1c44e6e09dc81dcc891a6ada446f86add73baa38 kernel/relay.c: handle alloc_percpu returning NULL in relay_open |
| CVE-2020-10757: df4988aa1c9618d9c612639e96002cd4e772def2 mm: Fix mremap not considering huge pmd devmap |
| |
| CVEs fixed in 5.4.46: |
| CVE-2020-0543: dab0161b8a0bc6a86319412e39b221670ca758ca x86/cpu: Add 'table' argument to cpu_matches() |
| CVE-2020-13974: 9619c2f746f7991486d556789e8675f1d1a0a67d vt: keyboard: avoid signed integer overflow in k_ascii |
| |
| CVEs fixed in 5.4.47: |
| CVE-2020-10766: 9d1dcba6dd48cf7c5801d8aee12852ca41110896 x86/speculation: Prevent rogue cross-process SSBD shutdown |
| CVE-2020-10767: 6d60d5462a91eb46fb88b016508edfa8ee0bc7c8 x86/speculation: Avoid force-disabling IBPB based on STIBP and enhanced IBRS. |
| CVE-2020-10768: e1545848ad5510e82eb75717c1f5757b984014cb x86/speculation: PR_SPEC_FORCE_DISABLE enforcement for indirect branches. |
| CVE-2020-29374: 1027dc04f557328eb7b7b7eea48698377a959157 gup: document and work around "COW can break either way" issue |
| CVE-2021-0342: 747d5bcb97eba1ecef0ceaa6b6234ba1aca87f60 tun: correct header offsets in napi frags mode |
| |
| CVEs fixed in 5.4.48: |
| CVE-2019-20810: 6e688a315acf9c2b9b6e8c3e3b7a0c2720f72cba media: go7007: fix a miss of snd_card_free |
| CVE-2020-29368: a88d8aaf9b8b5e0af163a235a3baa9fdcb7d430a mm: thp: make the THP mapcount atomic against __split_huge_pmd_locked() |
| |
| CVEs fixed in 5.4.49: |
| CVE-2020-12771: f651e94899ed08b1766bda30f410d33fdd3970ff bcache: fix potential deadlock problem in btree_gc_coalesce |
| CVE-2020-15436: b3dc33946a742256ad9d2ccac848c9e3c2aaafef block: Fix use-after-free in blkdev_get() |
| |
| CVEs fixed in 5.4.50: |
| CVE-2020-12655: ffd40b7962d463daa531a8110e5b708bcb5c6da7 xfs: add agf freeblocks verify in xfs_agf_verify |
| CVE-2020-15780: 824d0b6225f3fa2992704478a8df520537cfcb56 ACPI: configfs: Disallow loading ACPI tables when locked down |
| |
| CVEs fixed in 5.4.51: |
| CVE-2020-15393: 3dca0a299ff43204a69c9a7a00ce2b3e7ab3088c usb: usbtest: fix missing kfree(dev->buf) in usbtest_disconnect |
| CVE-2020-24394: fe05e114d0fde7f644ac9ab5edfce3fa65650875 nfsd: apply umask on fs without ACL support |
| |
| CVEs fixed in 5.4.53: |
| CVE-2020-10781: 72648019cd52488716891c2cbb096ad1023ab83e Revert "zram: convert remaining CLASS_ATTR() to CLASS_ATTR_RO()" |
| CVE-2020-14356: 94886c86e833dbc8995202b6c6aaff592b7abd24 cgroup: fix cgroup_sk_alloc() for sk_clone_lock() |
| CVE-2022-0812: c8a4452da9f4b09c28d904f70247b097d4c14932 xprtrdma: fix incorrect header size calculations |
| |
| CVEs fixed in 5.4.54: |
| CVE-2020-15437: af811869db0698b587aa5418eab05c9f7e0bea3c serial: 8250: fix null-ptr-deref in serial8250_start_tx() |
| CVE-2020-29369: 549bfc14270681cd776c6d9b78fe544cbd21673a mm/mmap.c: close race between munmap() and expand_upwards()/downwards() |
| |
| CVEs fixed in 5.4.56: |
| CVE-2019-18808: ecfa7fa198fc66731ded5dabefccc8e9e2f3b311 crypto: ccp - Release all allocated memory if sha type is invalid |
| CVE-2019-19054: 84da97713b9112c9529a941b230219b759e6f206 media: rc: prevent memory leak in cx23888_ir_probe |
| CVE-2020-12656: 98cef10fbcca40e70f9f389a4bea42384376376b sunrpc: check that domain table is empty at module unload. |
| CVE-2020-24490: 9acd96f14a49f59401478eefe158aec489e0161f Bluetooth: fix kernel oops in store_pending_adv_report |
| |
| CVEs fixed in 5.4.57: |
| CVE-2020-16166: c15a77bdda2c4f8acaa3e436128630a81f904ae7 random32: update the net random state on interrupt and activity |
| |
| CVEs fixed in 5.4.58: |
| CVE-2020-14331: 8c3215a0426c404f4b7b02a1e0fdb0f7f4f1e6d3 vgacon: Fix for missing check in scrollback handling |
| CVE-2020-36386: c26eaaf547b785ae98fa08607b599c7df0da51bc Bluetooth: Fix slab-out-of-bounds read in hci_extended_inquiry_result_evt() |
| |
| CVEs fixed in 5.4.59: |
| CVE-2019-19770: 6a291f9c21e4acf3429aacfa2e019d9965806c51 blktrace: fix debugfs use after free |
| CVE-2020-26088: 0b305f259ca9b85c48f9cb3159d034b7328ed225 net/nfc/rawsock.c: add CAP_NET_RAW check. |
| CVE-2021-20292: c6d2ddf1a30d524106265ad2c48b907cd7a083d4 drm/ttm/nouveau: don't call tt destroy callback on alloc failure. |
| |
| CVEs fixed in 5.4.60: |
| CVE-2019-19448: 7bbf647dbb5a28e754633512065146763a35ff77 btrfs: only search for left_info if there is no right_info in try_merge_free_space |
| CVE-2020-25212: 75cf7f895f563e14c82c1aeea0362dc155b5baf3 nfs: Fix getxattr kernel panic and memory overflow |
| |
| CVEs fixed in 5.4.61: |
| CVE-2020-0466: 42694912aaf1d7fa426bd02b0b313f05601b6488 do_epoll_ctl(): clean the failure exits up a bit |
| CVE-2020-14314: ea54176e5821936d109bb45dc2c19bd53559e735 ext4: fix potential negative array index in do_split() |
| CVE-2020-29371: 19a77c937a1914bdd655366e79a2a1b7d675f554 romfs: fix uninitialized memory leak in romfs_dev_read() |
| |
| CVEs fixed in 5.4.62: |
| CVE-2021-3428: 8e63c86f658005a9d8bc672642e587a787c53a72 ext4: handle error of ext4_setup_system_zone() on remount |
| |
| CVEs fixed in 5.4.63: |
| CVE-2020-0465: 4bae1afed43212ee3ec64f2bdc9e39e800974e7e HID: core: Sanitize event code and type when mapping input |
| CVE-2022-20565: 667514df10a08e4a65cb88f5fd5ffeccd027c4af HID: core: Correctly handle ReportSize being zero |
| |
| CVEs fixed in 5.4.64: |
| CVE-2020-12888: 8f747b0149c5a0c72626a87eb0dd2a5ec91f1a7d vfio-pci: Invalidate mmaps and block MMIO access on disabled memory |
| CVE-2020-14385: da7a1676d6c19971758976a84e87f5b1009409e7 xfs: fix boundary test in xfs_attr_shortform_verify |
| CVE-2020-14386: bc846b58fe5cecaa2632d566355e607954779d45 net/packet: fix overflow in tpacket_rcv |
| CVE-2020-25285: af7786b20c717ff13d9148161dad4b8e286bfd39 mm/hugetlb: fix a race between hugetlb sysctl handlers |
| CVE-2020-25641: 84c041c12442d233c9b3c593cbe9eb8a77875578 block: allow for_each_bvec to support zero len bvec |
| CVE-2021-1048: 88405cf0f2bd771670b76c42b169527ff86048da fix regression in "epoll: Keep a reference on files added to the check list" |
| |
| CVEs fixed in 5.4.66: |
| CVE-2020-14390: cf5a7ded53652c3d63d7243944c6a8ec1f0ef392 fbcon: remove soft scrollback code |
| CVE-2020-25284: ea3d3bf85669195247ad6a522f4e4209695edca2 rbd: require global CAP_SYS_ADMIN for mapping and unmapping |
| CVE-2020-28097: 087b6cb17df5834d395ab72da3f937380470ba15 vgacon: remove software scrollback support |
| CVE-2020-36312: 41b2ea7a6a11e2b1a7f2c29e1675a709a6b2b98d KVM: fix memory leak in kvm_io_bus_unregister_dev() |
| |
| CVEs fixed in 5.4.68: |
| CVE-2020-25643: c3de9daa662617132744731f1b4eb7b5cd1270a8 hdlc_ppp: add range checks in ppp_cp_parse_cr() |
| CVE-2020-25645: 745c24fd1d79b588a951d3c5beca43575907f881 geneve: add transport ports in route lookup for geneve |
| CVE-2021-0605: a769bff2333a8212cff4fd8bbe986979bf41c528 af_key: pfkey_dump needs parameter validation |
| |
| CVEs fixed in 5.4.70: |
| CVE-2020-25211: 253052b636e98083b1ecc3e9b0cf6f151e1cb8c6 netfilter: ctnetlink: add a range check for l3/l4 protonum |
| CVE-2021-0448: 253052b636e98083b1ecc3e9b0cf6f151e1cb8c6 netfilter: ctnetlink: add a range check for l3/l4 protonum |
| CVE-2021-39634: 8993da3d4d3a7ae721e9dafa140ba64c0e632a50 epoll: do not insert into poll queues until all sanity checks are done |
| |
| CVEs fixed in 5.4.71: |
| CVE-2020-28915: 1b2fcd82c0ca23f6fa01298c0d7b59eb4efbaf48 fbcon: Fix global-out-of-bounds read in fbcon_get_font() |
| |
| CVEs fixed in 5.4.72: |
| CVE-2020-10135: ed6c361e3229a2aa64b04617baa7f452bed28bcc Bluetooth: Consolidate encryption handling in hci_encrypt_cfm |
| CVE-2020-12351: 66a14350de9a4e3db7dedb524518b1394a5f7162 Bluetooth: L2CAP: Fix calling sk_filter on non-socket based channel |
| CVE-2020-12352: 0d9e9b6e1a26bb248c0afee754d5a577abd4376b Bluetooth: A2MP: Fix not initializing all members |
| |
| CVEs fixed in 5.4.73: |
| CVE-2020-0423: 401d4d79a8ed5ac1c78031a00f8ac414e6605a38 binder: fix UAF when releasing todo list |
| CVE-2020-25705: 8df0ffe2f32c09b4627cbce5cd5faf8e98a6a71e icmp: randomize the global rate limiter |
| CVE-2020-27784: e9e791f5c39ab30e374a3b1a9c25ca7ff24988f3 usb: gadget: function: printer: fix use-after-free in __lock_acquire |
| |
| CVEs fixed in 5.4.75: |
| CVE-2020-25656: 87d398f348b8a2d5246d3670a93fb63d4fd9f62a vt: keyboard, extend func_buf_lock to readers |
| CVE-2020-25668: c2313d7818b979f8b3751f052a8db34a7ed26780 tty: make FONTX ioctl use the tty pointer they were actually passed |
| CVE-2020-27673: 4bea575a10691a99b03d5e9055f3079040b59868 xen/events: add a proper barrier to 2-level uevent unmasking |
| CVE-2020-27675: a01379671d67d34f254cc81f42cf854aa628f3a3 xen/events: avoid removing an event channel while handling it |
| CVE-2020-27777: 240baebeda09e1e010fff58acc9183992f41f638 powerpc/rtas: Restrict RTAS requests from userspace |
| |
| CVEs fixed in 5.4.76: |
| CVE-2020-25704: b7f7474b392194530d1ec07203c8668e81b7fdb9 perf/core: Fix a memory leak in perf_event_parse_addr_filter() |
| CVE-2020-28974: 642181fe3567419d84d2457b58f262c37467f525 vt: Disable KD_FONT_OP_COPY |
| CVE-2020-35508: beeb658cfd3544ceca894375c36b6572e4ae7a5f fork: fix copy_process(CLONE_PARENT) race with the exiting ->real_parent |
| |
| CVEs fixed in 5.4.77: |
| CVE-2020-8694: 19f6d91bdad42200aac557a683c17b1f65ee6c94 powercap: restrict energy meter to root access |
| |
| CVEs fixed in 5.4.78: |
| CVE-2020-14351: c5cf5c7b585c7f48195892e44b76237010c0747a perf/core: Fix race in the perf_mmap_close() function |
| |
| CVEs fixed in 5.4.79: |
| CVE-2020-25669: df33054114475477b5e7810aa0efb26916220474 Input: sunkbd - avoid use-after-free in teardown paths |
| CVE-2020-4788: b65458b6be8032c5179d4f562038575d7b3a6be3 powerpc/64s: flush L1D on kernel entry |
| |
| CVEs fixed in 5.4.80: |
| CVE-2020-28941: 3b78db264675e47ad3cf9c1e809e85d02fe1de90 speakup: Do not let the line discipline be used several times |
| |
| CVEs fixed in 5.4.82: |
| CVE-2020-35519: 8bfe5b73b185d931b77c965002f84ad986aa94f1 net/x25: prevent a couple of overflows |
| |
| CVEs fixed in 5.4.83: |
| CVE-2020-27830: b0d4fa10bfcc3051e9426b6286fb2d80bad04d74 speakup: Reject setting the speakup line discipline outside of speakup |
| CVE-2020-28588: 867fbf2bb739bc7ba02cca09093f2d35ed7eadc5 lib/syscall: fix syscall registers retrieval on 32-bit platforms |
| CVE-2020-29660: 35ee9ac513280f46eeb1196bac82ed5320380412 tty: Fix ->session locking |
| CVE-2020-29661: c536ecd4856084604701b95bd7e3fb15f05634bf tty: Fix ->pgrp locking in tiocspgrp() |
| |
| CVEs fixed in 5.4.84: |
| CVE-2021-0938: c2c5dc84ac51da90cadcb12554c69bdd5ac7aeeb compiler.h: fix barrier_data() on clang |
| |
| CVEs fixed in 5.4.86: |
| CVE-2020-27815: cbeb61258186978c26f9ee738c86fe4812cc27af jfs: Fix array index bounds check in dbAdjTree |
| CVE-2020-29568: eac0c12e329d489ff36e85fed5ce2a8606e3124d xen/xenbus: Allow watches discard events before queueing |
| CVE-2020-29569: 8f3f6de44f7cc93a4723e63ea4381332826a6790 xen-blkback: set ring->xenblkd to NULL after kthread_stop() |
| |
| CVEs fixed in 5.4.88: |
| CVE-2020-36158: 0a49aaf4df2936bca119ee38fe5a570a7024efdc mwifiex: Fix possible buffer overflows in mwifiex_cmd_802_11_ad_hoc_start |
| CVE-2020-36322: 732251cabeb3bfd917d453a42274d769d6883fc4 fuse: fix bad inode |
| |
| CVEs fixed in 5.4.89: |
| CVE-2020-28374: 485e21729b1e1235e6075318225c09e76b376e81 scsi: target: Fix XCOPY NAA identifier lookup |
| CVE-2021-39648: bcffe2de9dde74174805d5f56a990353e33b8072 usb: gadget: configfs: Fix use-after-free issue with udc_name |
| |
| CVEs fixed in 5.4.92: |
| CVE-2021-3178: 4aef760c28e8bd1860a27fd78067b4ea77124987 nfsd4: readdirplus shouldn't return parent of export |
| |
| CVEs fixed in 5.4.93: |
| CVE-2021-39657: 97853a7eae80a695a18ce432524eaa7432199a41 scsi: ufs: Correct the LUN used in eh_device_reset_handler() callback |
| |
| CVEs fixed in 5.4.94: |
| CVE-2020-27825: b899d5b2a42a963d6ca7e33d51a35b2eb25f6d10 tracing: Fix race in trace_open and buffer resize call |
| CVE-2021-3347: 0dae88a92596db9405fd4a341c1915cf7d8fbad4 futex: Ensure the correct return value from futex_lock_pi() |
| |
| CVEs fixed in 5.4.95: |
| CVE-2021-3348: 587c6b75d7fdd366ad7dc615471006ce73c03a51 nbd: freeze the queue while we're adding connections |
| |
| CVEs fixed in 5.4.98: |
| CVE-2021-3600: 78e2f71b89b22222583f74803d14f3d90cdf9d12 bpf: Fix 32 bit src register truncation on div/mod |
| |
| CVEs fixed in 5.4.99: |
| CVE-2021-21781: f49bff85b6dbb60a410c7f7dc53b52ee1dc22470 ARM: ensure the signal page contains defined contents |
| |
| CVEs fixed in 5.4.100: |
| CVE-2021-26930: 524a77aa5d69e726369b38813333f20c6511b66c xen-blkback: fix error handling in xen_blkbk_map() |
| CVE-2021-26931: 7109f61d25ff4dc2041f4be71042219869112e4c xen-blkback: don't "handle" error by BUG() |
| CVE-2021-26932: 104eef95231497cdb4e4de24a1ddef7c831a8b44 Xen/x86: don't bail early from clear_foreign_p2m_mapping() |
| |
| CVEs fixed in 5.4.101: |
| CVE-2021-0512: fce3654c648d8f92882d0dae117c20231b8b224f HID: make arrays usage and value to be the same |
| CVE-2021-3444: 185c2266c1df80bec001c987d64cae2d9cd13816 bpf: Fix truncation handling for mod32 dst reg wrt zero |
| |
| CVEs fixed in 5.4.102: |
| CVE-2020-25639: 0faef25462f886a77e0b397cca31d51163215332 drm/nouveau: bail out of nouveau_channel_new if channel init fails |
| CVE-2021-3612: 80168ba86034fc938970500b40c88b3914fede96 Input: joydev - prevent potential read overflow in ioctl |
| |
| CVEs fixed in 5.4.103: |
| CVE-2021-27363: ca3afdd0377379f5031f376aec4b0c1b0285b556 scsi: iscsi: Restrict sessions and handles to admin capabilities |
| CVE-2021-27364: ca3afdd0377379f5031f376aec4b0c1b0285b556 scsi: iscsi: Restrict sessions and handles to admin capabilities |
| CVE-2021-27365: 567a234a231db16a99067db3d31d351d9e770a82 scsi: iscsi: Ensure sysfs attributes are limited to PAGE_SIZE |
| CVE-2021-28038: 474773c42ffd89f7606b54443990ccf5086a4734 Xen/gnttab: handle p2m update errors on a per-slot basis |
| CVE-2021-30002: 027ddd67f68583a178a9bd65220611e9f978f014 media: v4l: ioctl: Fix memory leak in video_usercopy |
| |
| CVEs fixed in 5.4.106: |
| CVE-2021-28375: e4b52c7cbaaf4d11288d331b654b0fac450e4971 misc: fastrpc: restrict user apps from sending kernel RPC messages |
| CVE-2021-28660: da5abe369b03447b3df1e5816b9560cbae503993 staging: rtl8188eu: prevent ->ssid overflow in rtw_wx_set_scan() |
| CVE-2021-29265: 8698133003cfb67e0f04dd044c954198e421b152 usbip: fix stub_dev usbip_sockfd_store() races leading to gpf |
| CVE-2021-33033: b4800e7a1c9f80a1a0e417ab36a1da4959f8b399 cipso,calipso: resolve a number of problems with the DOI refcounts |
| CVE-2021-39656: 73aa6f93e1e980f392b3da4fee830b0e0a4a40ff configfs: fix a use-after-free in __configfs_open_file |
| |
| CVEs fixed in 5.4.108: |
| CVE-2021-28964: 5b3b99525c4f18e543f6ef17ef97c29f5694e8b4 btrfs: fix race when cloning extent buffer during rewind of an old root |
| CVE-2021-28971: da326ba3b84aae8ac0513aa4725a49843f2f871e perf/x86/intel: Fix a crash caused by zero PEBS status |
| CVE-2021-28972: 51a2b19b554c8c75ee2d253b87240309cd81f1fc PCI: rpadlpar: Fix potential drc_name corruption in store functions |
| |
| CVEs fixed in 5.4.109: |
| CVE-2021-28688: 057dd3e6986b260f0bec68bd1f2cd23a5d9dbda3 xen-blkback: don't leak persistent grants from xen_blkbk_map() |
| CVE-2021-29264: ec7ce1e337ec2b5641dcc639396e04a28454f21a gianfar: fix jumbo packets+napi+rx overrun crash |
| CVE-2021-29647: ae23957bd1fb3184a9935bd99c5ad2351a59d7c8 net: qrtr: fix a kernel-infoleak in qrtr_recvmsg() |
| CVE-2021-29650: 19a5fb4ceada903e692de96b8aa8494179abbf0b netfilter: x_tables: Use correct memory barriers. |
| CVE-2021-31916: e6587d142d0214eb466f9978e25f0575c19b1ea0 dm ioctl: fix out of bounds array access when no devices |
| |
| CVEs fixed in 5.4.110: |
| CVE-2021-0941: 42c83e3bca434d9f63c58f9cbf2881e635679fee bpf: Remove MTU check in __bpf_skb_max_len |
| CVE-2021-3483: 5ecfad1efbc31ab913f16ed60f0efff301aebfca firewire: nosy: Fix a use-after-free bug in nosy_ioctl() |
| |
| CVEs fixed in 5.4.111: |
| CVE-2021-29154: a0b3927a07be0c4cedd69970e082a8c23c92eb72 bpf, x86: Validate computation of branch displacements for x86-64 |
| |
| CVEs fixed in 5.4.112: |
| CVE-2020-25670: c89903c9eff219a4695e63715cf922748d743f65 nfc: fix refcount leak in llcp_sock_bind() |
| CVE-2020-25671: 41bc58ba0945d69578f60c6f06729d8e2dc327dc nfc: fix refcount leak in llcp_sock_connect() |
| CVE-2020-25672: 404daa4d62a364623b48349eb73a18579edf51ac nfc: fix memory leak in llcp_sock_connect() |
| CVE-2020-25673: aa0cff2e075152d474b0b01233ac0adfcfc0c0db nfc: Avoid endless loops caused by repeated llcp_sock_connect() |
| CVE-2021-3659: 38ea2b3ed00fb4632a706f2c796d6aa4a884f573 net: mac802154: Fix general protection fault |
| |
| CVEs fixed in 5.4.113: |
| CVE-2021-0937: cc59b872f2e1995b8cc819b9445c1198bfe83b2d netfilter: x_tables: fix compat match/target pad out-of-bound write |
| CVE-2021-22555: cc59b872f2e1995b8cc819b9445c1198bfe83b2d netfilter: x_tables: fix compat match/target pad out-of-bound write |
| |
| CVEs fixed in 5.4.114: |
| CVE-2021-23133: 6180d2274b17fc0473fb0764d3417c0bddb99b2e net/sctp: fix race condition in sctp_destroy_sock |
| |
| CVEs fixed in 5.4.117: |
| CVE-2021-31829: 53e0db429b37a32b8fc706d0d90eb4583ad13848 bpf: Fix masking negation logic upon negative dst register |
| |
| CVEs fixed in 5.4.118: |
| CVE-2021-3506: 27a130638406815eba083c632ee083f0c5e688c2 f2fs: fix to avoid out-of-bounds memory access |
| |
| CVEs fixed in 5.4.119: |
| CVE-2021-32399: eeec325c9944b4427f482018d00b737220c31fd9 bluetooth: eliminate the potential race condition when removing the HCI controller |
| CVE-2021-33034: 3a826ffa80d5c73ad7338fd98ace9c5b53844968 Bluetooth: verify AMP hci_chan before amp_destroy |
| CVE-2021-45486: fee81285bd09ec2080ce2cbb5063aad0e58eb272 inet: use bigger hash table for IP ID generation |
| |
| CVEs fixed in 5.4.120: |
| CVE-2021-4157: 89862bd77e9cf511628eb7a97fe7f8d246192eec pNFS/flexfiles: fix incorrect size check in decode_nfs_fh() |
| |
| CVEs fixed in 5.4.122: |
| CVE-2020-26555: f97257cde764ad6979a7dbeb460b9fb69276342e Bluetooth: SMP: Fail if remote and local public keys are identical |
| CVE-2020-26558: f97257cde764ad6979a7dbeb460b9fb69276342e Bluetooth: SMP: Fail if remote and local public keys are identical |
| CVE-2021-0129: f97257cde764ad6979a7dbeb460b9fb69276342e Bluetooth: SMP: Fail if remote and local public keys are identical |
| |
| CVEs fixed in 5.4.124: |
| CVE-2020-24586: 14f29a67f40496c832ca9fe8502e03b10cca6e59 mac80211: prevent mixed key and fragment cache attacks |
| CVE-2020-24587: 14f29a67f40496c832ca9fe8502e03b10cca6e59 mac80211: prevent mixed key and fragment cache attacks |
| CVE-2020-24588: fa00d4928eafe4fe8d854028f73f7af8fdbc9c3c cfg80211: mitigate A-MSDU aggregation attacks |
| CVE-2020-26139: 88664d5e5dc9eedddbea9cc8ebb3d57d933f9f8a mac80211: do not accept/forward invalid EAPOL frames |
| CVE-2020-26141: aee0121afee53cde39e49086317af5d029911857 ath10k: Fix TKIP Michael MIC verification for PCIe |
| CVE-2020-26145: 96d4d82652fa013d8b452871305a0c1e5f805d9e ath10k: drop fragments with multicast DA for PCIe |
| CVE-2020-26147: b90cf214e2bbb3f0a25d19937807238f646d1d72 mac80211: assure all fragments are encrypted |
| CVE-2021-33098: cf20c704a26eb763daf6bfb10369a4f11fef2d9a ixgbe: fix large MTU request from VF |
| CVE-2021-34981: fe201316ac36c48fc3cb2891dfdc8ab68058734d Bluetooth: cmtp: fix file refcount when cmtp_attach_device fails |
| |
| CVEs fixed in 5.4.125: |
| CVE-2021-3564: 8d3d0ac73a4a1d31e3d4f7c068312aba78470166 Bluetooth: fix the erroneous flush_work() order |
| CVE-2021-3573: b6f97555c71f78288682bc967121572f10715c89 Bluetooth: use correct lock to prevent UAF of hdev object |
| CVE-2021-3587: 5d4c4b06ed9fb7a69d0b2e2a73fc73226d25ab70 nfc: fix NULL ptr dereference in llcp_sock_getname() after failed connect |
| CVE-2021-38208: 5d4c4b06ed9fb7a69d0b2e2a73fc73226d25ab70 nfc: fix NULL ptr dereference in llcp_sock_getname() after failed connect |
| |
| CVEs fixed in 5.4.128: |
| CVE-2021-34693: c297559a2a2a6b6f0de61ed333a978a118b0e660 can: bcm: fix infoleak in struct bcm_msg_head |
| CVE-2021-3743: 26b8d10703a9be45d6097946b2b4011f7dd2c56f net: qrtr: fix OOB Read in qrtr_endpoint_post |
| |
| CVEs fixed in 5.4.129: |
| CVE-2020-26541: e20b90e4f81bb04e2b180824caae585928e24ba9 certs: Add EFI_CERT_X509_GUID support for dbx entries |
| CVE-2021-22543: bb85717e3797123ae7724751af21d0c9d605d61e KVM: do not allow mapping valid but non-reference-counted pages |
| CVE-2021-35039: e2dc07ca4e0148d75963e14d2b78afc12426a487 module: limit enabling module.sig_enforce |
| |
| CVEs fixed in 5.4.131: |
| CVE-2020-36311: abbd42939db646f7210e1473e9cb17c6bc6f184c KVM: SVM: Periodically schedule when unregistering regions on destroy |
| |
| CVEs fixed in 5.4.132: |
| CVE-2021-3609: 70a9116b9e5ccd5332d3a60b359fb5902d268fd0 can: bcm: delay release of struct bcm_op after synchronize_rcu() |
| CVE-2022-0850: ed628b2531196cc76d7c9b730abe4020cad26b0b ext4: fix kernel infoleak via ext4_extent_header |
| |
| CVEs fixed in 5.4.133: |
| CVE-2021-3655: 03a5e454614dc095a70d88c85ac45ba799c79971 sctp: validate from_addr_param return |
| CVE-2021-45485: ccde03a6a0fbdc3c0ba81930e629b8b14974cce4 ipv6: use prandom_u32() for ID generation |
| |
| CVEs fixed in 5.4.134: |
| CVE-2021-33909: c1dafbb26164f43f2bb70bee9e5c4e1cad228ca7 seq_file: disallow extremely large seq buffer allocations |
| CVE-2021-38160: 52bd1bce8624acb861fa96b7c8fc2e75422dc8f7 virtio_console: Assure used length from device is limited |
| CVE-2021-38199: 81e03fe5bf8f5f66b8a62429fb4832b11ec6b272 NFSv4: Initialise connection to the server in nfs4_alloc_client() |
| CVE-2021-4154: c17363ccd620c1a57ede00d5c777f0b8624debe6 cgroup: verify that source is a string |
| |
| CVEs fixed in 5.4.136: |
| CVE-2021-3679: f899f24d34d964593b16122a774c192a78e2ca56 tracing: Fix bug in rb_per_cpu_empty() that might cause deadloop. |
| CVE-2021-37576: 2b9ffddd70b449cdc42b943788dc82a6d7b0d175 KVM: PPC: Book3S: Fix H_RTAS rets buffer overflow |
| CVE-2021-38204: 863d071dbcd54dacf47192a1365faec46b7a68ca usb: max-3421: Prevent corruption of freed memory |
| |
| CVEs fixed in 5.4.137: |
| CVE-2021-0920: 85abe0d47fe65391ed41f78a66b5eff73987c086 af_unix: fix garbage collect vs MSG_PEEK |
| |
| CVEs fixed in 5.4.139: |
| CVE-2021-33624: 283d742988f6b304f32110f39e189a00d4e52b92 bpf: Inherit expanded/patched seen count from old aux data |
| |
| CVEs fixed in 5.4.141: |
| CVE-2021-3732: 812f39ed5b0b7f34868736de3055c92c7c4cf459 ovl: prevent private clone if bind mount is not allowed |
| CVE-2021-38198: d28adaabbbf4a6949d0f6f71daca6744979174e2 KVM: X86: MMU: Use the correct inherited permissions to get shadow page |
| CVE-2021-38205: 38b8485b72cbe4521fd2e0b8770e3d78f9b89e60 net: xilinx_emaclite: Do not print real IOMEM pointer |
| |
| CVEs fixed in 5.4.142: |
| CVE-2021-3653: 7c1c96ffb658fbfe66c5ebed6bcb5909837bc267 KVM: nSVM: avoid picking up unsupported bits from L2 in int_ctl (CVE-2021-3653) |
| CVE-2021-3656: a17f2f2c89494c0974529579f3552ecbd1bc2d52 KVM: nSVM: always intercept VMLOAD/VMSAVE when nested (CVE-2021-3656) |
| |
| CVEs fixed in 5.4.143: |
| CVE-2020-3702: 0c049ce432b37a51a0da005314ac32e5d9324ccf ath: Use safer key clearing with key cache entries |
| CVE-2021-42008: a73b9aa142691c2ae313980a8734997a78f74b22 net: 6pack: fix slab-out-of-bounds in decode_data |
| |
| CVEs fixed in 5.4.144: |
| CVE-2021-3739: d7f7eca72ecc08f0bb6897fda2290293fca63068 btrfs: fix NULL pointer dereference when deleting device by invalid id |
| CVE-2021-3753: f4418015201bdca0cd4e28b363d88096206e4ad0 vt_kdsetmode: extend console locking |
| CVE-2021-39633: 53b480e68c1c2c778b620cc7f45a2ba5dff518ca ip_gre: add validation for csum_start |
| |
| CVEs fixed in 5.4.145: |
| CVE-2021-40490: 9b3849ba667af99ee99a7853a021a7786851b9fd ext4: fix race writing to an inline_data file while its xattrs are changing |
| CVE-2022-20141: d84708451d9041dff8a81e3718f821f12d2eb6c5 igmp: Add ip_mc_list lock in ip_check_mc_rcu |
| |
| CVEs fixed in 5.4.146: |
| CVE-2021-20322: f73cbdd1b8e7ea32c66138426f826c8734b70c18 ipv6: make exception cache less predictible |
| CVE-2021-34556: e80c3533c354ede56146ab0e4fbb8304d0c1209f bpf: Introduce BPF nospec instruction for mitigating Spectre v4 |
| CVE-2021-35477: e80c3533c354ede56146ab0e4fbb8304d0c1209f bpf: Introduce BPF nospec instruction for mitigating Spectre v4 |
| |
| CVEs fixed in 5.4.148: |
| CVE-2020-16119: 5ab04a4ffed02f66e8e6310ba8261a43d1572343 dccp: don't duplicate ccid when cloning dccp sock |
| CVE-2021-20320: a5fc48000b0ed5c389d426c341b43f580faa7904 s390/bpf: Fix optimizing out zero-extensions |
| CVE-2021-42252: 2712f29c44f18db826c7e093915a727b6f3a20e4 soc: aspeed: lpc-ctrl: Fix boundary check for mmap |
| |
| CVEs fixed in 5.4.151: |
| CVE-2021-37159: fe57d53dd91d7823f1ceef5ea8e9458a4aeb47fa usb: hso: fix error handling code of hso_create_net_device |
| CVE-2021-3744: 24f3d2609114f1e1f6b487b511ce5fa36f21e0ae crypto: ccp - fix resource leaks in ccp_run_aes_gcm_cmd() |
| CVE-2021-3764: 24f3d2609114f1e1f6b487b511ce5fa36f21e0ae crypto: ccp - fix resource leaks in ccp_run_aes_gcm_cmd() |
| CVE-2021-4203: 0fcfaa8ed9d1dcbe377b202a1b3cdfd4e566114c af_unix: fix races in sk_peer_pid and sk_peer_cred accesses |
| |
| CVEs fixed in 5.4.153: |
| CVE-2021-20321: fab338f33c25c4816ca0b2d83a04a0097c2c4aaf ovl: fix missing negative dentry check in ovl_rename() |
| CVE-2021-38300: 1a0fe45501a273ac52252448e43f975f0c18811e bpf, mips: Validate conditional branch offsets |
| CVE-2021-41864: b14f28126c51533bb329379f65de5b0dd689b13a bpf: Fix integer overflow in prealloc_elems_and_freelist() |
| |
| CVEs fixed in 5.4.155: |
| CVE-2021-3894: d88774539539dcbf825a25e61234f110513f5963 sctp: account stream padding length for reconf chunk |
| CVE-2021-4149: 005a07c9acd6cf8a40555884f0650dfd4ec23fbe btrfs: unlock newly allocated extent buffer after error |
| CVE-2022-0322: d88774539539dcbf825a25e61234f110513f5963 sctp: account stream padding length for reconf chunk |
| |
| CVEs fixed in 5.4.156: |
| CVE-2021-3760: 1f75f8883b4fe9fe1856d71f055120315e758188 nfc: nci: fix the UAF of rf_conn_info object |
| CVE-2021-3896: 285e9210b1fab96a11c0be3ed5cea9dd48b6ac54 isdn: cpai: check ctr->cnr to avoid array index out of bound |
| CVE-2021-43056: d0148cfaf89ce2af0d76e39943e200365e7fc99a KVM: PPC: Book3S HV: Make idle_kvm_start_guest() return 0 if it went to guest |
| CVE-2021-43389: 285e9210b1fab96a11c0be3ed5cea9dd48b6ac54 isdn: cpai: check ctr->cnr to avoid array index out of bound |
| CVE-2022-0644: 0f218ba4c8aac7041cd8b81a5a893b0d121e6316 vfs: check fd has read access in kernel_read_file_from_fd() |
| |
| CVEs fixed in 5.4.157: |
| CVE-2021-3772: 5953ee99bab134d74c805a00eaa20fed33f54255 sctp: use init_tag from inithdr for ABORT chunk |
| |
| CVEs fixed in 5.4.158: |
| CVE-2021-42739: 2461f38384d50dd966e1db44fe165b1896f5df5a media: firewire: firedtv-avc: fix a buffer overflow in avc_ca_pmt() |
| |
| CVEs fixed in 5.4.160: |
| CVE-2021-3640: d416020f1a9cc5f903ae66649b2c56d9ad5256ab Bluetooth: sco: Fix lock_sock() blockage by memcpy_from_msg() |
| CVE-2021-3752: 67bd269a84ce29dfc543c1683a2553b4169f9a55 Bluetooth: fix use-after-free error in lock_sock_nested() |
| CVE-2021-39686: 28a1e470b000d45bcf6c05f18a01d07cdc0b3235 binder: use euid from cred instead of using task |
| CVE-2021-45868: 10b808307d37d09b132fc086002bc1aa9910d315 quota: check block number when reading the block in quota file |
| CVE-2023-0047: 66938ba1285778634276a4b4028de367d7f1e8c2 mm, oom: do not trigger out_of_memory from the #PF |
| |
| CVEs fixed in 5.4.162: |
| CVE-2020-27820: 1c4af56ffbfb2fc6bd222f5dc8cb210c5ffaab70 drm/nouveau: use drm_dev_unplug() during device removal |
| CVE-2021-4002: 201340ca4eb748c52062c5e938826ddfbe313088 hugetlbfs: flush TLBs correctly after huge_pmd_unshare |
| CVE-2021-4202: e418bb556ff801e11592851fd465415757a2ef68 NFC: reorganize the functions in nci_request |
| |
| CVEs fixed in 5.4.164: |
| CVE-2021-4083: 03d4462ba3bc8f830d9807e3c3fde54fad06e2e2 fget: check that the fd still exists after getting a ref to it |
| CVE-2021-43975: 89d15a2e40d7edaaa16da2763b349dd7b056cc09 atlantic: Fix OOB read and write in hw_atl_utils_fw_rpc_wait |
| |
| CVEs fixed in 5.4.165: |
| CVE-2021-39685: fd6de5a0cd42fc43810bd74ad129d98ab962ec6b USB: gadget: detect too-big endpoint 0 requests |
| CVE-2021-39698: e0c03d15cd03476dd698c1ae7fb32a16d3e87f5c wait: add wake_up_pollfree() |
| CVE-2022-20132: 6e1e0a01425810494ce00d7b800b69482790b198 HID: add hid_is_usb() function to make it simpler for USB detection |
| |
| CVEs fixed in 5.4.168: |
| CVE-2021-28711: 4ed9f5c511ce95cb8db05ff82026ea901f45fd76 xen/blkfront: harden blkfront against event channel storms |
| CVE-2021-28712: 3e68d099f09c260a7dee28b99af02fe6977a9e66 xen/netfront: harden netfront against event channel storms |
| CVE-2021-28713: 560e64413b4a6d9bd6630e350d5f2e6a05f6ffe3 xen/console: harden hvc_xen against event channel storms |
| CVE-2021-28714: 8bfcd0385211044627f93d170991da1ae5937245 xen/netback: fix rx queue stall detection |
| CVE-2021-28715: 0d99b3c6bd39a0a023e972d8f912fd47698bbbb8 xen/netback: don't queue unlimited number of packages |
| CVE-2021-4135: 699e794c12a3cd79045ff135bc87a53b97024e43 netdevsim: Zero-initialize memory for new map's value in function nsim_bpf_map_alloc |
| |
| CVEs fixed in 5.4.169: |
| CVE-2021-45469: b0406b5ef4e2c4fb21d9e7d5c36a0453b4279e9b f2fs: fix to do sanity check on last xattr entry in __f2fs_setxattr() |
| CVE-2022-1195: a5c6a13e9056d87805ba3042c208fbd4164ad22b hamradio: improve the incomplete fix to avoid NPD |
| |
| CVEs fixed in 5.4.170: |
| CVE-2021-44733: 940e68e57ab69248fabba5889e615305789db8a7 tee: handle lookup of shm with reference count 0 |
| CVE-2022-20154: 831de271452b87657fcf8d715ee20519b79caef5 sctp: use call_rcu to free endpoint |
| |
| CVEs fixed in 5.4.171: |
| CVE-2021-4155: 102af6edfd3a372db6e229177762a91f552e5f5e xfs: map unwritten blocks in XFS_IOC_{ALLOC,FREE}SP just like fallocate |
| CVE-2021-45095: 2a6a811a45fde5acb805ead4d1e942be3875b302 phonet: refcount leak in pep_sock_accep |
| CVE-2022-3105: 7646a340b25bb68cfb6d2e087a608802346d0f7b RDMA/uverbs: Check for null return of kmalloc_array |
| |
| CVEs fixed in 5.4.173: |
| CVE-2022-0185: bd2aed0464ae3d6e83ce064cd91fc1a7fec48826 vfs: fs_context: fix up param length parsing in legacy_parse_param |
| |
| CVEs fixed in 5.4.174: |
| CVE-2021-43976: ae56c5524a750fd8cf32565cb3902ce5baaeb4e6 mwifiex: Fix skb_over_panic in mwifiex_usb_recv() |
| |
| CVEs fixed in 5.4.175: |
| CVE-2022-0330: 1b5553c79d52f17e735cd924ff2178a2409e6d0b drm/i915: Flush TLBs before releasing backing store |
| CVE-2022-22942: 84b1259fe36ae0915f3d6ddcea6377779de48b82 drm/vmwgfx: Fix stale file descriptors on failed usercopy |
| |
| CVEs fixed in 5.4.176: |
| CVE-2022-0617: 31136e5467f381cf18e2cfd467207dda7678c7a2 udf: Fix NULL ptr deref when converting from inline format |
| CVE-2022-24448: 0dfacee40021dcc0a9aa991edd965addc04b9370 NFSv4: Handle case where the lookup of a directory fails |
| CVE-2022-24959: 7afc09c8915b0735203ebcb8d766d7db37b794c0 yam: fix a memory leak in yam_siocdevprivate() |
| |
| CVEs fixed in 5.4.177: |
| CVE-2022-0492: 0e8283cbe4996ae046cd680b3ed598a8f2b0d5d8 cgroup-v1: Require capabilities to set release_agent |
| CVE-2022-1055: b1d17e920dfcd4b56fa2edced5710c191f7e50b5 net: sched: fix use-after-free in tc_new_tfilter() |
| CVE-2022-2938: 2fd752ed77ab9880da927257b73294f29a199f1a psi: Fix uaf issue when psi trigger is destroyed while being polled |
| |
| CVEs fixed in 5.4.179: |
| CVE-2022-0435: d692e3406e052dbf9f6d9da0cba36cb763272529 tipc: improve size validations for received domain records |
| CVE-2022-0487: 3a0a7ec5574b510b067cfc734b8bdb6564b31d4e moxart: fix potential use-after-free on remove path |
| |
| CVEs fixed in 5.4.180: |
| CVE-2022-25258: 38fd68f55a7ef57fb9cc3102ac65d1ac474a1a18 USB: gadget: validate interface OS descriptor requests |
| CVE-2022-25375: c9e952871ae47af784b4aef0a77db02e557074d6 usb: gadget: rndis: check size of RNDIS_MSG_SET command |
| CVE-2022-2964: a0fd5492ee769029a636f1fb521716b022b1423d net: usb: ax88179_178a: Fix out-of-bounds accesses in RX fixup |
| |
| CVEs fixed in 5.4.181: |
| CVE-2022-20008: 902528183f4d94945a0c1ed6048d4a5d4e1e712e mmc: block: fix read single on recovery logic |
| |
| CVEs fixed in 5.4.182: |
| CVE-2022-25636: 49c011a44edd14adb555dbcbaf757f52b1f2f748 netfilter: nf_tables_offload: incorrect flow offload action array size |
| CVE-2022-26966: b95d71abeb7d31d4d51cd836d80f99fd783fd6d5 sr9700: sanity check for packet length |
| CVE-2022-27223: 6b23eda989236fd75b4a9893cc816cd690c29dfc USB: gadget: validate endpoint index for xilinx udc |
| |
| CVEs fixed in 5.4.183: |
| CVE-2022-24958: ba6fdd55b16677dcc1d7011270c140d2a37e5f35 usb: gadget: don't release an existing dev->buf |
| |
| CVEs fixed in 5.4.184: |
| CVE-2021-26401: b1bacf22a847d21a12900bd6a1eacaecb5bca253 x86/speculation: Use generic retpoline by default on AMD |
| CVE-2022-0001: 41b50510e593541e2ee1537614652e91e71f6bf5 x86/speculation: Rename RETPOLINE_AMD to RETPOLINE_LFENCE |
| CVE-2022-0002: 41b50510e593541e2ee1537614652e91e71f6bf5 x86/speculation: Rename RETPOLINE_AMD to RETPOLINE_LFENCE |
| CVE-2022-23036: 44d86dccd2a5f02a66c6784378d1429412d84bf0 xen/grant-table: add gnttab_try_end_foreign_access() |
| CVE-2022-23037: b507879c1e2d2c55752f658439df71595f4adff2 xen/netfront: don't use gnttab_query_foreign_access() for mapped status |
| CVE-2022-23038: 44d86dccd2a5f02a66c6784378d1429412d84bf0 xen/grant-table: add gnttab_try_end_foreign_access() |
| CVE-2022-23039: d193785a4bc91c2b9e004d16d0c9ea5bc0a2f34d xen/gntalloc: don't use gnttab_query_foreign_access() |
| CVE-2022-23040: 95ff82383266a7720d596eb8b4499ed01746a730 xen/xenbus: don't let xenbus_grant_ring() remove grants in error case |
| CVE-2022-23041: be63ea883e56aacf9326e581b53dff9ac087ace1 xen/9p: use alloc/free_pages_exact() |
| CVE-2022-23042: 0e35f3ab69bcb01fdbf5aadc78f1731778963b1c xen/netfront: react properly to failing gnttab_end_foreign_access_ref() |
| CVE-2022-23960: fdfc0baf829dfb306a1ec45900d2cfbee265ae60 ARM: report Spectre v2 status through sysfs |
| |
| CVEs fixed in 5.4.185: |
| CVE-2022-1011: a9174077febfb1608ec3361622bf5f91e2668d7f fuse: fix pipe buffer lifetime for direct_io |
| CVE-2022-1199: 0a64aea5fe023cf1e4973676b11f49038b1f045b ax25: Fix NULL pointer dereference in ax25_kill_by_device |
| |
| CVEs fixed in 5.4.187: |
| CVE-2022-20158: 268dcf1f7b3193bc446ec3d14e08a240e9561e4d net/packet: fix slab-out-of-bounds access in packet_recvmsg() |
| CVE-2022-20368: 268dcf1f7b3193bc446ec3d14e08a240e9561e4d net/packet: fix slab-out-of-bounds access in packet_recvmsg() |
| CVE-2022-3107: b01e2df5fbf68719dfb8e766c1ca6089234144c2 hv_netvsc: Add check for kvmalloc_array |
| |
| CVEs fixed in 5.4.188: |
| CVE-2022-1016: 06f0ff82c70241a766a811ae1acf07d6e2734dcb netfilter: nf_tables: initialize registers in nft_do_chain() |
| CVE-2022-26490: 0aef7184630b599493a0dcad4eec6d42b3e68e91 nfc: st21nfca: Fix potential buffer overflows in EVT_TRANSACTION |
| CVE-2022-27666: fee4dfbda68ba10f3bbcf51c861d6aa32f08f9e4 esp: Fix possible buffer overflow in ESP transformation |
| CVE-2022-28356: 572f9a0d3f3feb8bd3422e88ad71882bc034b3ff llc: fix netdevice reference leaks in llc_ui_bind() |
| |
| CVEs fixed in 5.4.189: |
| CVE-2021-4197: 691a0fd625e06c138f7662286a87ffba48773f34 cgroup: Use open-time credentials for process migraton perm checks |
| CVE-2022-1158: 1553126eccf4fad17afaeaed08db9e5944aa2d55 KVM: x86/mmu: do compare-and-exchange of gPTE via the user address |
| CVE-2022-1198: 28c8fd84bea13cbf238d7b19d392de2fcc31331c drivers: hamradio: 6pack: fix UAF bug caused by mod_timer() |
| CVE-2022-1353: ef388db2fe351230ff7194b37d507784bef659ec af_key: add __GFP_ZERO flag for compose_sadb_supported in function pfkey_register |
| CVE-2022-2380: 478154be3a8c21ff106310bb1037b1fc9d81dc62 video: fbdev: sm712fb: Fix crash in smtcfb_read() |
| CVE-2022-28389: 2dfe9422d528630e2ce0d454147230cce113f814 can: mcba_usb: mcba_usb_start_xmit(): fix double dev_kfree_skb in error path |
| CVE-2022-28390: e27caad38b59b5b00b9c5228d04c13111229deec can: ems_usb: ems_usb_start_xmit(): fix double dev_kfree_skb() in error path |
| CVE-2022-2977: a27ed2f3695baf15f9b34d2d7a1f9fc105539a81 tpm: fix reference counting for struct tpm_chip |
| CVE-2022-30594: 2458ecd21f29a3e5571d7d97764c043083deed5e ptrace: Check PTRACE_O_SUSPEND_SECCOMP permission on PTRACE_SEIZE |
| CVE-2022-3111: 90bec38f6a4c81814775c7f3dfc9acf281d5dcfa power: supply: wm8350-power: Add missing free in free_charger_irq |
| CVE-2022-3202: e19c3149a80e4fc8df298d6546640e01601f3758 jfs: prevent NULL deref in diFree |
| CVE-2022-3239: 92f84aa82dfaa8382785874277b0c4bedec89a68 media: em28xx: initialize refcount before kref_get |
| |
| CVEs fixed in 5.4.190: |
| CVE-2022-1204: 9e1e088a57c23251f1cfe9601bbd90ade2ea73b9 ax25: Fix refcount leaks caused by ax25_cb_del() |
| CVE-2022-41858: d05cd68ed8460cb158cc62c41ffe39fe0ca16169 drivers: net: slip: fix NPD bug in sl_tx_timeout() |
| |
| CVEs fixed in 5.4.191: |
| CVE-2022-2639: aa70705560871725e963945a2d36ace7849c004e openvswitch: fix OOB access in reserve_sfa_size() |
| CVE-2022-28388: 660784e7194ac2953aebe874c1f75f2441ba3d19 can: usb_8dev: usb_8dev_start_xmit(): fix double dev_kfree_skb() in error path |
| CVE-2022-29581: 5a4f3eba211a532b2eb5045102ad3ceea5e9f0f9 net/sched: cls_u32: fix netns refcount changes in u32_change() |
| |
| CVEs fixed in 5.4.192: |
| CVE-2022-1836: 7dea5913000c6a2974a00d9af8e7ffb54e47eac1 floppy: disable FDRAWCMD by default |
| CVE-2022-33981: 7dea5913000c6a2974a00d9af8e7ffb54e47eac1 floppy: disable FDRAWCMD by default |
| |
| CVEs fixed in 5.4.193: |
| CVE-2022-0494: c7337efd1d11acb6f84c68ffee57d3f312e87b24 block-map: add __GFP_ZERO flag for alloc_page in function bio_copy_kern |
| CVE-2022-1048: fbeb492694ce0441053de57699e1e2b7bc148a69 ALSA: pcm: Fix races among concurrent hw_params and hw_free calls |
| CVE-2022-1734: 33d3e76fc7a7037f402246c824d750542e2eb37f nfc: nfcmrvl: main: reorder destructive operations in nfcmrvl_nci_unregister_dev to avoid bugs |
| CVE-2022-1974: 85aecdef77f9c5b5c0d8988db6681960f0d46ab3 nfc: replace improper check device_is_registered() in netlink related functions |
| CVE-2022-1975: 01d4363dd7176fd780066cd020f66c0f55c4b6f9 NFC: netlink: fix sleep in atomic bug when firmware download timeout |
| |
| CVEs fixed in 5.4.196: |
| CVE-2022-1652: 67e2b62461b5d02a1e63103e8a02c0bca75e26c7 floppy: use a statically allocated error counter |
| CVE-2022-1729: dd0ea88b0a0f913f82500e988ef38158a9ad9885 perf: Fix sys_perf_event_open() race against self |
| CVE-2022-28893: 2f8f6c393b11b5da059b1fc10a69fc2f2b6c446a SUNRPC: Ensure we flush any closed sockets before xs_xprt_free() |
| |
| CVEs fixed in 5.4.197: |
| CVE-2022-1012: ab5b00cfe0500f5f5a3648ca945b892156b839fb secure_seq: use the 64 bits of the siphash for port offset calculation |
| CVE-2022-20572: fd2f7e9984850a0162bfb6948b98ffac9fb5fa58 dm verity: set DM_TARGET_IMMUTABLE feature flag |
| CVE-2022-21499: 8bb828229da903bb5710d21065e0a29f9afd30e0 lockdown: also lock down previous kgdb use |
| CVE-2022-2503: fd2f7e9984850a0162bfb6948b98ffac9fb5fa58 dm verity: set DM_TARGET_IMMUTABLE feature flag |
| |
| CVEs fixed in 5.4.198: |
| CVE-2022-1184: 17034d45ec443fb0e3c0e7297f9cd10f70446064 ext4: verify dir block before splitting it |
| CVE-2022-1966: f36736fbd48491a8d85cd22f4740d542c5a1546e netfilter: nf_tables: disallow non-stateful expression in sets earlier |
| CVE-2022-3115: fa0d7ba25a53ac2e4bb24ef31aec49ff3578b44f drm: mali-dp: potential dereference of null pointer |
| CVE-2022-32250: f36736fbd48491a8d85cd22f4740d542c5a1546e netfilter: nf_tables: disallow non-stateful expression in sets earlier |
| CVE-2022-32981: 0c4bc0a2f8257f79a70fe02b9a698eb14695a64b powerpc/32: Fix overread/overwrite of thread_struct via ptrace |
| CVE-2022-3577: 00771de7cc28e405f5ae19ca46facd83a534bb8f HID: bigben: fix slab-out-of-bounds Write in bigben_probe |
| |
| CVEs fixed in 5.4.199: |
| CVE-2022-21123: 0800f1b45bf6d85e5a168db9ae91fb816f0a8c34 x86/speculation/mmio: Add mitigation for Processor MMIO Stale Data |
| CVE-2022-21125: d961592635932bd1ea32a534412a41fb794e2212 x86/speculation/mmio: Reuse SRBDS mitigation for SBDS |
| CVE-2022-21166: 8d25482fc96aa2cb24a221295fdd498f40565415 x86/speculation/mmio: Enable CPU Fill buffer clearing on idle |
| |
| CVEs fixed in 5.4.201: |
| CVE-2022-32296: c26e1addf15763ae404f4bbf131719a724e768ab tcp: increase source port perturb table to 2^16 |
| |
| CVEs fixed in 5.4.202: |
| CVE-2021-33656: c87e851b23e5cb2ba90a3049ef38340ed7d5746f vt: drop old FONT ioctls |
| |
| CVEs fixed in 5.4.204: |
| CVE-2022-2318: bb91556d2af066f8ca2e7fd8e334d652e731ee29 net: rose: fix UAF bugs caused by timer handler |
| CVE-2022-26365: 42112e8f94617d83943f8f3b8de2b66041905506 xen/blkfront: fix leaking data in shared pages |
| CVE-2022-33740: 04945b5beb73019145ac17a2565526afa7293c14 xen/netfront: fix leaking data in shared pages |
| CVE-2022-33741: ede57be88a5fff42cd00e6bcd071503194d398dd xen/netfront: force data bouncing when backend is untrusted |
| CVE-2022-33742: 60ac50daad36ef3fe9d70d89cfe3b95d381db997 xen/blkfront: force data bouncing when backend is untrusted |
| CVE-2022-33744: 5c03cad51b84fb26ccea7fd99130d8ec47949cfc xen/arm: Fix race in RB-tree based P2M accounting |
| |
| CVEs fixed in 5.4.205: |
| CVE-2021-33655: 4f34f380f952289e818c76617bbb5c9a3a9a9dd0 fbcon: Disallow setting font bigger than screen size |
| |
| CVEs fixed in 5.4.207: |
| CVE-2022-36123: a3c7c1a726a4c6b63b85e8c183f207543fd75e1b x86: Clear .brk area at early boot |
| |
| CVEs fixed in 5.4.208: |
| CVE-2022-1462: f7785092cb7f022f59ebdaa181651f7c877df132 tty: use new tty_insert_flip_string_and_push_buffer() in pty_write() |
| CVE-2022-21505: ed3fea55066b4e054c4d212e54f9965abcac9685 lockdown: Fix kexec lockdown bypass with ima policy |
| CVE-2022-36879: f4248bdb7d5c1150a2a6f8c3d3b6da0b71f62a20 xfrm: xfrm_policy: fix a possible double xfrm_pols_put() in xfrm_bundle_lookup() |
| |
| CVEs fixed in 5.4.209: |
| CVE-2022-20566: 098e07ef0059296e710a801cdbd74b59016e6624 Bluetooth: L2CAP: Fix use-after-free caused by l2cap_chan_put |
| CVE-2022-36946: 52be29e8b6455788a4d0f501bd87aa679ca3ba3c netfilter: nf_queue: do not allow packet truncation below transport header offset |
| |
| CVEs fixed in 5.4.210: |
| CVE-2021-4159: 7c1134c7da997523e2834dd516e2ddc51920699a bpf: Verifer, adjust_scalar_min_max_vals to always call update_reg_bounds() |
| CVE-2022-20369: 54e1abbe856020522a7952140c26a4426f01dab6 media: v4l2-mem2mem: Apply DST_QUEUE_OFF_BASE on MMAP buffers across ioctls |
| CVE-2022-26373: f2f41ef0352db9679bfae250d7a44b3113f3a3cc x86/speculation: Add RSB VM Exit protections |
| |
| CVEs fixed in 5.4.211: |
| CVE-2022-1679: e9e21206b8ea62220b486310c61277e7ebfe7cec ath9k: fix use-after-free in ath9k_hif_usb_rx_cb |
| CVE-2022-20422: 04549063d5701976034d8c2bfda3d3a8cbf0409f arm64: fix oops in concurrently setting insn_emulation sysctls |
| CVE-2022-2153: 8cdba919acefdd6fea5dd2b77a119f54fb88ce11 KVM: x86: Avoid theoretical NULL pointer dereference in kvm_irq_delivery_to_apic_fast() |
| CVE-2022-2586: fab2f61cc3b0e441b1749f017cfee75f9bbaded7 netfilter: nf_tables: do not allow SET_ID to refer to another table |
| CVE-2022-2588: 1fcd691cc2e7f808eca2e644adee1f1c6c1527fd net_sched: cls_route: remove from list when handle is 0 |
| CVE-2022-3625: 1ad4ba9341f15412cf86dc6addbb73871a10212f devlink: Fix use-after-free after a failed reload |
| CVE-2022-3629: f82f1e2042b397277cd39f16349950f5abade58d vsock: Fix memory leak in vsock_connect() |
| CVE-2022-3633: 04e41b6bacf474f5431491f92e981096e8cc8e93 can: j1939: j1939_session_destroy(): fix memory leak of skbs |
| CVE-2022-3635: 9a6cbaa50f263b12df18a051b37f3f42f9fb5253 atm: idt77252: fix use-after-free bugs caused by tst_timer |
| CVE-2022-41222: 79e522101cf40735f1936a10312e17f937b8dcad mm/mremap: hold the rmap lock in write mode when moving page table entries. |
| |
| CVEs fixed in 5.4.212: |
| CVE-2022-3028: 8ee27a4f0f1ad36d430221842767880df6494147 af_key: Do not call xfrm_probe_algs in parallel |
| CVE-2022-42703: 2fe3eee48899a890310177d54537d5b8e255eb31 mm/rmap: Fix anon_vma->degree ambiguity leading to double-reuse |
| |
| CVEs fixed in 5.4.213: |
| CVE-2022-20421: 30d0901b307f27d36b2655fb3048cf31ee0e89c0 binder: fix UAF of ref->proc caused by race condition |
| CVE-2022-2663: 36f7b71f8ad8e4d224b45f7d6ecfeff63b091547 netfilter: nf_conntrack_irc: Fix forged IP logic |
| CVE-2022-3586: 279c7668e354fa151d5fd2e8c42b5153a1de3135 sch_sfb: Don't assume the skb is still around after enqueueing to child |
| CVE-2022-40307: 8028ff4cdbb3f20d3c1c04be33a83bab0cb94997 efi: capsule-loader: Fix use-after-free in efi_capsule_write |
| CVE-2022-4095: d0aac7146e96bf39e79c65087d21dfa02ef8db38 staging: rtl8712: fix use after free bugs |
| CVE-2022-4662: df1875084898b15cbc42f712e93d7f113ae6271b USB: core: Prevent nested device-reset calls |
| |
| CVEs fixed in 5.4.215: |
| CVE-2022-3303: 4051324a6dafd7053c74c475e80b3ba10ae672b0 ALSA: pcm: oss: Fix race at SNDCTL_DSP_SYNC |
| CVE-2022-39842: 1878eaf0edb8c9e58a6ca0cf31b7a647ca346be9 video: fbdev: pxa3xx-gcu: Fix integer overflow in pxa3xx_gcu_write |
| |
| CVEs fixed in 5.4.217: |
| CVE-2022-23816: 893cd858b09ca20c8c919db8dc5b009895626da3 x86/kvm/vmx: Make noinstr clean |
| CVE-2022-29900: 893cd858b09ca20c8c919db8dc5b009895626da3 x86/kvm/vmx: Make noinstr clean |
| CVE-2022-29901: 893cd858b09ca20c8c919db8dc5b009895626da3 x86/kvm/vmx: Make noinstr clean |
| |
| CVEs fixed in 5.4.218: |
| CVE-2022-2978: 70e4f70d54e0225f91814e8610477d65f33cefe4 fs: fix UAF/GPF bug in nilfs_mdt_destroy |
| CVE-2022-3621: 792211333ad77fcea50a44bb7f695783159fc63c nilfs2: fix NULL pointer dereference at nilfs_bmap_lookup_at_level() |
| CVE-2022-3646: b7e409d11db9ce9f8bc05fcdfa24d143f60cd393 nilfs2: fix leak of nilfs_root in case of writer thread creation failure |
| CVE-2022-40768: 20a5bde605979af270f94b9151f753ec2caf8b05 scsi: stex: Properly zero out the passthrough command structure |
| CVE-2022-41674: 020402c7dd587a8a4725d32bbd172a5f7ecc5f8f wifi: cfg80211: fix u8 overflow in cfg80211_update_notlisted_nontrans() |
| CVE-2022-42720: 785eaabfe3103e8bfa36aebacff6e8f69f092ed7 wifi: cfg80211: fix BSS refcounting bugs |
| CVE-2022-42721: 77bb20ccb9dfc9ed4f9c93788c90d08cfd891cdc wifi: cfg80211: avoid nontransmitted BSS list corruption |
| CVE-2022-43750: 21446ad9cb9844b90d7d8e73d8fff03160e51ebc usb: mon: make mmapped memory read only |
| |
| CVEs fixed in 5.4.219: |
| CVE-2022-42719: 0cb5be43dc4b79da010522f79a06fa56f944d3cd wifi: mac80211: fix MBSSID parsing use-after-free |
| |
| CVEs fixed in 5.4.220: |
| CVE-2022-2602: 04df9719df1865f6770af9bc7880874af0e594b2 io_uring/af_unix: defer registered files gc to io_uring release |
| CVE-2022-3535: 72c0d361940aec02d114d6f8f351147b85190464 net: mvpp2: fix mvpp2 debugfs leak |
| CVE-2022-3542: 71e0ab5b7598d88001762fddbfeb331543c62841 bnx2x: fix potential memory leak in bnx2x_tpa_stop() |
| CVE-2022-3565: 466ed722f205c2cf8caba5982f3cd9729e767903 mISDN: fix use-after-free bugs in l1oip timer handlers |
| CVE-2022-3594: 61fd56b0a1a3e923aced4455071177778dd59e88 r8152: Rate limit overflow messages |
| CVE-2022-3649: d1c2d820a2cd73867b7d352e89e92fb3ac29e926 nilfs2: fix use-after-free bug of struct nilfs_root |
| CVE-2022-41849: 3742e9fd552e6c4193ebc5eb3d2cd02d429cad9c fbdev: smscufx: Fix use-after-free in ufx_ops_open() |
| CVE-2022-41850: e30c3a9a88818e5cf3df3fda6ab8388bef3bc6cd HID: roccat: Fix use-after-free in roccat_read() |
| |
| CVEs fixed in 5.4.224: |
| CVE-2021-3759: bad83d55134e647a739ebef2082541963f2cbc92 memcg: enable accounting of ipc resources |
| CVE-2022-3524: 92aaa5e8fe90a008828a1207e66a30444bcb1cbd tcp/udp: Fix memory leak in ipv6_renew_options(). |
| CVE-2022-3564: 4cd094fd5d872862ca278e15b9b51b07e915ef3f Bluetooth: L2CAP: Fix use-after-free caused by l2cap_reassemble_sdu |
| CVE-2022-3628: a16415c8f156bec5399ef0345715ee4b90e5bb83 wifi: brcmfmac: Fix potential buffer overflow in brcmf_fweh_event_worker() |
| CVE-2022-42895: 6949400ec9feca7f88c0f6ca5cb5fdbcef419c89 Bluetooth: L2CAP: Fix attempting to access uninitialized memory |
| |
| CVEs fixed in 5.4.225: |
| CVE-2022-3521: ad39d09190a545d0f05ae0a82900eee96c5facea kcm: avoid potential race in kcm_tx_work |
| |
| CVEs fixed in 5.4.226: |
| CVE-2022-3169: 99c59256ea00ff7fab4914bb38e10a84850de514 nvme: ensure subsystem reset is single threaded |
| CVE-2022-42896: 0d87bb6070361e5d1d9cb391ba7ee73413bc109b Bluetooth: L2CAP: Fix accepting connection request for invalid SPSM |
| |
| CVEs fixed in 5.4.227: |
| CVE-2022-3643: 8fe1bf6f32cd5b96ddcd2a38110603fe34753e52 xen/netback: Ensure protocol headers don't fall in the non-linear area |
| |
| CVEs fixed in 5.4.228: |
| CVE-2022-3545: 3c837460f920a63165961d2b88b425703f59affb nfp: fix use-after-free in area_cache_get() |
| CVE-2022-3623: 176ba4c19d1bb153aa6baaa61d586e785b7d736c mm/hugetlb: fix races when looking up a CONT-PTE/PMD size hugetlb page |
| |
| Outstanding CVEs: |
| CVE-2005-3660: (unk) |
| CVE-2007-3719: (unk) |
| CVE-2008-2544: (unk) |
| CVE-2008-4609: (unk) |
| CVE-2010-4563: (unk) |
| CVE-2010-5321: (unk) |
| CVE-2011-4916: (unk) |
| CVE-2011-4917: (unk) |
| CVE-2012-4542: (unk) |
| CVE-2013-7445: (unk) |
| CVE-2015-2877: (unk) |
| CVE-2016-8660: (unk) |
| CVE-2017-13693: (unk) |
| CVE-2017-13694: (unk) |
| CVE-2018-1121: (unk) |
| CVE-2018-12928: (unk) |
| CVE-2018-12929: (unk) |
| CVE-2018-12930: (unk) |
| CVE-2018-12931: (unk) |
| CVE-2018-17977: (unk) |
| CVE-2019-12456: (unk) |
| CVE-2019-15239: (unk) unknown |
| CVE-2019-15290: (unk) |
| CVE-2019-15794: (unk) ovl: fix reference counting in ovl_mmap error path |
| CVE-2019-15902: (unk) unknown |
| CVE-2019-16089: (unk) |
| CVE-2019-19378: (unk) |
| CVE-2019-19449: (unk) f2fs: fix to do sanity check on segment/section count |
| CVE-2019-19814: (unk) |
| CVE-2019-20794: (unk) |
| CVE-2020-0347: (unk) |
| CVE-2020-10708: (unk) |
| CVE-2020-11725: (unk) |
| CVE-2020-12362: (unk) drm/i915/guc: Update to use firmware v49.0.1 |
| CVE-2020-12363: (unk) drm/i915/guc: Update to use firmware v49.0.1 |
| CVE-2020-12364: (unk) drm/i915/guc: Update to use firmware v49.0.1 |
| CVE-2020-14304: (unk) |
| CVE-2020-15802: (unk) |
| CVE-2020-16120: (unk) ovl: switch to mounter creds in readdir |
| CVE-2020-24502: (unk) |
| CVE-2020-24503: (unk) |
| CVE-2020-24504: (unk) ice: create scheduler aggregator node config and move VSIs |
| CVE-2020-26140: (unk) |
| CVE-2020-26142: (unk) |
| CVE-2020-26143: (unk) |
| CVE-2020-26556: (unk) |
| CVE-2020-26557: (unk) |
| CVE-2020-26559: (unk) |
| CVE-2020-26560: (unk) |
| CVE-2020-27835: (unk) IB/hfi1: Ensure correct mm is used at all times |
| CVE-2020-29373: (unk) io_uring: grab ->fs as part of async preparation |
| CVE-2020-29534: (unk) io_uring: don't rely on weak ->files references |
| CVE-2020-35501: (unk) |
| CVE-2020-36310: (unk) KVM: SVM: avoid infinite loop on NPF from bad address |
| CVE-2020-36313: (unk) KVM: Fix out of range accesses to memslots |
| CVE-2020-36385: (unk) RDMA/ucma: Rework ucma_migrate_id() to avoid races with destroy |
| CVE-2020-36516: (unk) |
| CVE-2021-0399: (unk) |
| CVE-2021-0929: (unk) staging/android/ion: delete dma_buf->kmap/unmap implemenation |
| CVE-2021-20177: (unk) netfilter: add and use nf_hook_slow_list() |
| CVE-2021-20239: (unk) net: pass a sockptr_t into ->setsockopt |
| CVE-2021-26934: (unk) |
| CVE-2021-29155: (unk) bpf: Use correct permission flag for mixed signed bounds arithmetic |
| CVE-2021-32078: (unk) ARM: footbridge: remove personal server platform |
| CVE-2021-33061: (unk) ixgbe: add improvement for MDD response functionality |
| CVE-2021-3542: (unk) |
| CVE-2021-3669: (unk) ipc: replace costly bailout check in sysvipc_find_ipc() |
| CVE-2021-3714: (unk) |
| CVE-2021-3847: (unk) |
| CVE-2021-3864: (unk) |
| CVE-2021-3892: (unk) |
| CVE-2021-39800: (unk) |
| CVE-2021-39801: (unk) |
| CVE-2021-4023: (unk) io-wq: fix cancellation on create-worker failure |
| CVE-2021-4037: (unk) xfs: fix up non-directory creation in SGID directories |
| CVE-2021-4148: (unk) mm: khugepaged: skip huge page collapse for special files |
| CVE-2021-4150: (unk) block: fix incorrect references to disk objects |
| CVE-2021-4218: (unk) sysctl: pass kernel pointers to ->proc_handler |
| CVE-2021-44879: (unk) f2fs: fix to do sanity check on inode type during garbage collection |
| CVE-2022-0168: (unk) cifs: fix NULL ptr dereference in smb2_ioctl_query_info() |
| CVE-2022-0382: (unk) net ticp:fix a kernel-infoleak in __tipc_sendmsg() |
| CVE-2022-0400: (unk) |
| CVE-2022-0480: (unk) memcg: enable accounting for file lock caches |
| CVE-2022-1116: (unk) |
| CVE-2022-1247: (unk) |
| CVE-2022-1263: (unk) KVM: avoid NULL pointer dereference in kvm_dirty_ring_push |
| CVE-2022-1280: (unk) drm: avoid circular locks in drm_mode_getconnector |
| CVE-2022-1508: (unk) io_uring: reexpand under-reexpanded iters |
| CVE-2022-1786: (unk) io_uring: remove io_identity |
| CVE-2022-1789: (unk) KVM: x86/mmu: fix NULL pointer dereference on guest INVPCID |
| CVE-2022-20148: (unk) f2fs: fix UAF in f2fs_available_free_memory |
| CVE-2022-20166: (unk) drivers core: Use sysfs_emit and sysfs_emit_at for show(device *...) functions |
| CVE-2022-20424: (unk) io_uring: remove io_identity |
| CVE-2022-2209: (unk) |
| CVE-2022-23222: (unk) bpf: Replace PTR_TO_XXX_OR_NULL with PTR_TO_XXX | PTR_MAYBE_NULL |
| CVE-2022-2327: (unk) io_uring: remove any grabbing of context |
| CVE-2022-23825: (unk) |
| CVE-2022-25265: (unk) |
| CVE-2022-2961: (unk) |
| CVE-2022-2991: (unk) remove the lightnvm subsystem |
| CVE-2022-3061: (unk) video: fbdev: i740fb: Error out if 'pixclock' equals zero |
| CVE-2022-3108: (unk) drm/amdkfd: Check for null pointer after calling kmemdup |
| CVE-2022-3176: (unk) io_uring: fix UAF due to missing POLLFREE handling |
| CVE-2022-3344: (unk) KVM: x86: nSVM: harden svm_free_nested against freeing vmcb02 while still in use |
| CVE-2022-3424: (unk) misc: sgi-gru: fix use-after-free error in gru_set_context_option, gru_fault and gru_handle_user_call_os |
| CVE-2022-34918: (unk) netfilter: nf_tables: stricter validation of element data |
| CVE-2022-3522: (unk) mm/hugetlb: use hugetlb_pte_stable in migration race check |
| CVE-2022-3523: (unk) mm/memory.c: fix race when faulting a device private page |
| CVE-2022-3534: (unk) libbpf: Fix use-after-free in btf_dump_name_dups |
| CVE-2022-3566: (unk) tcp: Fix data races around icsk->icsk_af_ops. |
| CVE-2022-3567: (unk) ipv6: Fix data races around sk->sk_prot. |
| CVE-2022-3595: (unk) cifs: fix double-fault crash during ntlmssp |
| CVE-2022-3624: (unk) bonding: fix reference count leak in balance-alb mode |
| CVE-2022-36280: (unk) drm/vmwgfx: Validate the box size for the snooped cursor |
| CVE-2022-3636: (unk) net: ethernet: mtk_eth_soc: use after free in __mtk_ppe_check_skb() |
| CVE-2022-36402: (unk) |
| CVE-2022-3642: (unk) |
| CVE-2022-3707: (unk) drm/i915/gvt: fix double free bug in split_2MB_gtt_entry |
| CVE-2022-38096: (unk) |
| CVE-2022-38457: (unk) |
| CVE-2022-3903: (unk) media: mceusb: Use new usb_control_msg_*() routines |
| CVE-2022-39188: (unk) mmu_gather: Force tlb-flush VM_PFNMAP vmas |
| CVE-2022-39189: (unk) KVM: x86: do not report a vCPU as preempted outside instruction boundaries |
| CVE-2022-40133: (unk) |
| CVE-2022-41218: (unk) media: dvb-core: Fix UAF due to refcount races at releasing |
| CVE-2022-4129: (unk) l2tp: Serialize access to sk_user_data with sk_callback_lock |
| CVE-2022-41848: (unk) |
| CVE-2022-4269: (unk) |
| CVE-2022-4382: (unk) |
| CVE-2022-44032: (unk) |
| CVE-2022-44033: (unk) |
| CVE-2022-44034: (unk) |
| CVE-2022-4543: (unk) |
| CVE-2022-45884: (unk) |
| CVE-2022-45885: (unk) |
| CVE-2022-45886: (unk) |
| CVE-2022-45887: (unk) |
| CVE-2022-45919: (unk) |
| CVE-2022-45934: (unk) Bluetooth: L2CAP: Fix u8 overflow |
| CVE-2022-4696: (unk) io_uring: remove any grabbing of context |
| CVE-2022-47520: (unk) wifi: wilc1000: validate pairwise and authentication suite offsets |
| CVE-2022-47946: (unk) io_uring: kill sqo_dead and sqo submission halting |
| CVE-2023-0210: (unk) ksmbd: check nt_len to be at least CIFS_ENCPWD_SIZE in ksmbd_decode_ntlmssp_auth_blob |
| CVE-2023-20928: (unk) android: binder: stop saving a pointer to the VMA |
| CVE-2023-23454: (unk) net: sched: cbq: dont intepret cls results when asked to drop |
| CVE-2023-23455: (unk) net: sched: atm: dont intepret cls results when asked to drop |
