| |
| CVEs fixed in 5.15: |
| CVE-2021-3772: 4f7019c7eb33967eb87766e0e4602b5576873680 sctp: use init_tag from inithdr for ABORT chunk |
| CVE-2021-4148: a4aeaa06d45e90f9b279f0b09de84bd00006e733 mm: khugepaged: skip huge page collapse for special files |
| CVE-2021-42327: 5afa7898ab7a0ec9c28556a91df714bf3c2f725e drm/amdgpu: fix out of bounds write |
| CVE-2021-43267: fa40d9734a57bcbfa79a280189799f76c88f7bb0 tipc: fix size validations for the MSG_CRYPTO type |
| |
| CVEs fixed in 5.15.1: |
| CVE-2021-42739: cb667140875a3b1db92e4c50b4617a7cbf84659b media: firewire: firedtv-avc: fix a buffer overflow in avc_ca_pmt() |
| |
| CVEs fixed in 5.15.2: |
| CVE-2021-39686: ff1bd01f490ba60d82c765100d95d13cc00c1625 binder: use euid from cred instead of using task |
| |
| CVEs fixed in 5.15.3: |
| CVE-2021-3640: b990c219c4c9d4993ef65ea9db73d9497e70f697 Bluetooth: sco: Fix lock_sock() blockage by memcpy_from_msg() |
| CVE-2021-3752: 7e22e4db95b04f09adcce18c75d27cbca8f53b99 Bluetooth: fix use-after-free error in lock_sock_nested() |
| CVE-2021-45868: 332db0909293f3f4d853ee2ea695272c75082d87 quota: check block number when reading the block in quota file |
| CVE-2022-20148: 5e1b901dd470659bcfeaa76811d2af9165579d77 f2fs: fix UAF in f2fs_available_free_memory |
| CVE-2023-0047: c15aeead2488b3b28db6863f9f2ba2338e3c9838 mm, oom: do not trigger out_of_memory from the #PF |
| CVE-2023-1252: 2f372e38f5724301056e005353c8beecc3f8d257 ovl: fix use after free in struct ovl_aio_req |
| |
| CVEs fixed in 5.15.5: |
| CVE-2020-27820: 0b1a35d63995497a9186113c60a16e7ae59642c1 drm/nouveau: use drm_dev_unplug() during device removal |
| CVE-2021-4001: a5d1d3522232b4af1f5dee02d381e6fa86be8e2d bpf: Fix toctou on read-only map's constant scalar tracking |
| CVE-2021-4002: 556d59293a2a94863797a7a50890992aa5e8db16 hugetlbfs: flush TLBs correctly after huge_pmd_unshare |
| CVE-2021-4090: 10c22d9519f3f5939de61a1500aa3a926b778d3a NFSD: Fix exposure in nfsd4_decode_bitmap() |
| CVE-2021-4202: 96a209038a99a379444ea3ef9ae823e685ba60e7 NFC: reorganize the functions in nci_request |
| |
| CVEs fixed in 5.15.7: |
| CVE-2021-4083: 6fe4eadd54da3040cf6f6579ae157ae1395dc0f8 fget: check that the fd still exists after getting a ref to it |
| CVE-2021-43975: cec49b6dfdb0b9fefd0f17c32014223f73ee2605 atlantic: Fix OOB read and write in hw_atl_utils_fw_rpc_wait |
| |
| CVEs fixed in 5.15.8: |
| CVE-2021-39685: 36dfdf11af49d3c009c711fb16f5c6e7a274505d USB: gadget: detect too-big endpoint 0 requests |
| CVE-2021-39698: 1ebb6cd8c754bfe1a5f9539027980756bce7cb08 wait: add wake_up_pollfree() |
| CVE-2022-20132: e1e21632a4c4d2f85587e204939883ce59d18447 HID: add hid_is_usb() function to make it simpler for USB detection |
| |
| CVEs fixed in 5.15.11: |
| CVE-2021-22600: feb116a0ecc5625d6532c616d9a10ef4ef81514b net/packet: rx_owner_map depends on pg_vec |
| CVE-2021-28711: caf9b51829a50590b84daea924a0fd62d32bc952 xen/blkfront: harden blkfront against event channel storms |
| CVE-2021-28712: a29c8b5226eda52e6d6ff151d9343558ea3ad451 xen/netfront: harden netfront against event channel storms |
| CVE-2021-28713: 153d1ea3272209fc970116f09051002d14422cde xen/console: harden hvc_xen against event channel storms |
| CVE-2021-28714: 88449dbe6203c3a91cf1c39ea3032ad61a297bd7 xen/netback: fix rx queue stall detection |
| CVE-2021-28715: bd926d189210cd1d5b4e618e45898053be6b4b3b xen/netback: don't queue unlimited number of packages |
| CVE-2021-4135: 27358aa81a7d60e6bd36f0bb1db65cd084c2cad0 netdevsim: Zero-initialize memory for new map's value in function nsim_bpf_map_alloc |
| CVE-2021-45402: f77d7a35d4913e4ab27abb36016fbfc1e882a654 bpf: Fix signed bounds propagation after mov32 |
| CVE-2021-45480: 68014890e4382ff9192e1357be39b7d0455665fa rds: memory leak in __rds_conn_create() |
| CVE-2022-0264: 423628125a484538111c2c6d9bb1588eb086053b bpf: Fix kernel address leakage in atomic fetch |
| CVE-2022-3106: 9a77c02d1d2147a76bd187af1bf5a34242662d12 sfc_ef100: potential dereference of null pointer |
| |
| CVEs fixed in 5.15.12: |
| CVE-2021-44733: 492eb7afe858d60408b2da09adc78540c4d16543 tee: handle lookup of shm with reference count 0 |
| CVE-2021-45100: a2c144d17623984fdafa4634ecf4ab64580d29bb ksmbd: disable SMB2_GLOBAL_CAP_ENCRYPTION for SMB 3.1.1 |
| CVE-2021-45469: a8a9d753edd7f71e6a2edaa580d8182530b68791 f2fs: fix to do sanity check on last xattr entry in __f2fs_setxattr() |
| CVE-2022-1195: 03d00f7f1815ec00dab5035851b3de83afd054a8 hamradio: improve the incomplete fix to avoid NPD |
| CVE-2022-4744: 3cb5ae77799e8ed6ec3fec0b6b4cd07f01650cc5 tun: avoid double free in tun_free_netdev |
| |
| CVEs fixed in 5.15.13: |
| CVE-2022-20154: 75799e71df1da11394740b43ae5686646179561d sctp: use call_rcu to free endpoint |
| CVE-2023-23006: 4595dffccfa5b9360162c72cc0f6a33477d871cf net/mlx5: DR, Fix NULL vs IS_ERR checking in dr_domain_init_resources |
| |
| CVEs fixed in 5.15.14: |
| CVE-2021-3923: e1e354771812b12f0b4c433bbaf916f87cd0f6c7 RDMA/core: Don't infoleak GRH fields |
| CVE-2021-4155: b0e72ba9e520b95346e68800afff0db65e766ca8 xfs: map unwritten blocks in XFS_IOC_{ALLOC,FREE}SP just like fallocate |
| CVE-2021-4197: c6ebc35298848accb5e50c37fdb2490cf4690c92 cgroup: Use open-time credentials for process migraton perm checks |
| CVE-2021-45095: 9ca97a693aa8b86e8424f0047198ea3ab997d50f phonet: refcount leak in pep_sock_accep |
| CVE-2022-0382: d57da5185defccf383be53f41604fd5f006aba8c net ticp:fix a kernel-infoleak in __tipc_sendmsg() |
| CVE-2022-3105: 0ea8bb0811ba0ec22903cbb48ff2cd872382e8d4 RDMA/uverbs: Check for null return of kmalloc_array |
| |
| CVEs fixed in 5.15.16: |
| CVE-2022-0185: e192ccc17ecf3e78a1c6fb81badf9b50bd791115 vfs: fs_context: fix up param length parsing in legacy_parse_param |
| |
| CVEs fixed in 5.15.17: |
| CVE-2021-43976: b2762757f4e484f8a164546f93aca82568d87649 mwifiex: Fix skb_over_panic in mwifiex_usb_recv() |
| CVE-2021-44879: 0ddbdc0b7f0cec3815ac05a30b2c2f6457be3050 f2fs: fix to do sanity check on inode type during garbage collection |
| CVE-2023-22999: 5157828d3975768b53a51cdf569203b953184022 usb: dwc3: qcom: Fix NULL vs IS_ERR checking in dwc3_qcom_probe |
| CVE-2023-23001: 0dc4db8abccf266390b81b72064191f876e55876 scsi: ufs: ufs-mediatek: Fix error checking in ufs_mtk_init_va09_pwr_ctrl() |
| CVE-2023-23002: 9186e6ba52af11ba7b5f432aa2321f36e00ad721 Bluetooth: hci_qca: Fix NULL vs IS_ERR_OR_NULL check in qca_serdev_probe |
| |
| CVEs fixed in 5.15.18: |
| CVE-2022-0330: 8a17a077e7e9ecce25c95dbdb27843d2d6c2f0f7 drm/i915: Flush TLBs before releasing backing store |
| CVE-2022-22942: 6066977961fc6f437bc064f628cf9b0e4571c56c drm/vmwgfx: Fix stale file descriptors on failed usercopy |
| |
| CVEs fixed in 5.15.19: |
| CVE-2020-36516: dee686cbfdd13ca022f20be344a14f595a93f303 ipv4: avoid using shared IP generator for connected sockets |
| CVE-2022-0617: cbf96c58e28b1fece9630102781a93ff32c347f7 udf: Fix NULL ptr deref when converting from inline format |
| CVE-2022-24122: 348a8501e6029f9308ea7675edfa645b5e669c9e ucount: Make get_ucount a safe get_user replacement |
| CVE-2022-24448: 4c36ca387af4a9b5d775e46a6cb9dc2d151bf057 NFSv4: Handle case where the lookup of a directory fails |
| CVE-2022-24959: 0690c3943ed0fa76654e600eca38cde6a13c87ac yam: fix a memory leak in yam_siocdevprivate() |
| CVE-2022-2938: d3e4c61e143e69671803ef3f52140cf7a7258ee7 psi: Fix uaf issue when psi trigger is destroyed while being polled |
| |
| CVEs fixed in 5.15.20: |
| CVE-2022-0492: 4b1c32bfaa02255a5df602b41587174004996477 cgroup-v1: Require capabilities to set release_agent |
| CVE-2022-1055: f36cacd6c933183c1a8827d5987cf2cfc0a44c76 net: sched: fix use-after-free in tc_new_tfilter() |
| CVE-2022-1998: 60765e43e40fbf7a1df828116172440510fcc3e4 fanotify: Fix stale file descriptor in copy_event_to_user() |
| |
| CVEs fixed in 5.15.23: |
| CVE-2022-0435: 1f1788616157b0222b0c2153828b475d95e374a7 tipc: improve size validations for received domain records |
| CVE-2022-0487: af0e6c49438b1596e4be8a267d218a0c88a42323 moxart: fix potential use-after-free on remove path |
| CVE-2022-0516: 14f880ea779e11a6c162f122c1199e3578e6e3f3 KVM: s390: Return error on SIDA memop on normal guest |
| |
| CVEs fixed in 5.15.24: |
| CVE-2022-25258: 3e33e5c67cb9ebd2b791b9a9fb2b71daacebd8d4 USB: gadget: validate interface OS descriptor requests |
| CVE-2022-25375: 2da3b0ab54fb7f4d7c5a82757246d0ee33a47197 usb: gadget: rndis: check size of RNDIS_MSG_SET command |
| CVE-2022-2964: ffd0393adcdcefab7e131488e10dcfde5e02d6eb net: usb: ax88179_178a: Fix out-of-bounds accesses in RX fixup |
| |
| CVEs fixed in 5.15.25: |
| CVE-2022-0847: 114e9f141822e6977633d322c1b03e89bd209932 lib/iov_iter: initialize "flags" in new pipe_buffer |
| CVE-2022-20008: f3ff5f75d8f6367eac7556c9db1227bb43e5c615 mmc: block: fix read single on recovery logic |
| CVE-2022-27950: de0d102d0c8c681fc9a3263d842fb35f7cf662f4 HID: elo: fix memory leak in elo_probe |
| CVE-2023-1582: a8dd0cfa37792863b6c4bf9542975212a6715d49 fs/proc: task_mmu.c: don't read mapcount for migration entry |
| |
| CVEs fixed in 5.15.26: |
| CVE-2022-25636: 6c5d780469d6c3590729940e2be8a3bd66ea4814 netfilter: nf_tables_offload: incorrect flow offload action array size |
| CVE-2022-26966: 9f2d614779906f3d8ad4fb882c5b3e5ad6150bbe sr9700: sanity check for packet length |
| CVE-2022-27223: 2c775ad1fd5e014b35e483da2aab8400933fb09d USB: gadget: validate endpoint index for xilinx udc |
| CVE-2022-29156: bf2cfad0c6e4b0d1b34d26420fddaf18dc25e56d RDMA/rtrs-clt: Fix possible double free in error case |
| |
| CVEs fixed in 5.15.27: |
| CVE-2022-0494: a1ba98731518b811ff90009505c1aebf6e400bc2 block-map: add __GFP_ZERO flag for alloc_page in function bio_copy_kern |
| CVE-2022-0742: 771aca9bc70709771f66c3e7c00ce87339aa1790 ipv6: fix skb drops in igmp6_event_query() and igmp6_event_report() |
| CVE-2022-24958: 07de9a494b5ae41b9253411a8e9576d7fceedcc3 usb: gadget: don't release an existing dev->buf |
| CVE-2022-3108: 5609b7803947eea1711516dd8659c7ed39f5a868 drm/amdkfd: Check for null pointer after calling kmemdup |
| |
| CVEs fixed in 5.15.28: |
| CVE-2021-26401: a56566d7a957c34811384d6300a53a97be94cd20 x86/speculation: Use generic retpoline by default on AMD |
| CVE-2022-0001: f150b6fccf7fa0e7e7275f0785798547db832c7b x86/speculation: Rename RETPOLINE_AMD to RETPOLINE_LFENCE |
| CVE-2022-0002: f150b6fccf7fa0e7e7275f0785798547db832c7b x86/speculation: Rename RETPOLINE_AMD to RETPOLINE_LFENCE |
| CVE-2022-23036: 1dd5b4b230f6d1345708c6204ccacdf83d53feaf xen/grant-table: add gnttab_try_end_foreign_access() |
| CVE-2022-23037: 5d5fa1d53a31c799b85112841c3c639c7baac1c4 xen/netfront: don't use gnttab_query_foreign_access() for mapped status |
| CVE-2022-23038: 1dd5b4b230f6d1345708c6204ccacdf83d53feaf xen/grant-table: add gnttab_try_end_foreign_access() |
| CVE-2022-23039: f06e3edaeac1942c4ff42072e3d98ee8c762c5fa xen/gntalloc: don't use gnttab_query_foreign_access() |
| CVE-2022-23040: 66cb2bbb522b0d5e4f6a11558ff7bfdf3f7d31f3 xen/xenbus: don't let xenbus_grant_ring() remove grants in error case |
| CVE-2022-23041: a019d26830e8a04933e38e4fcc507dcfbc6ccc72 xen/9p: use alloc/free_pages_exact() |
| CVE-2022-23042: dea18aef2021022a568f4d385a1386f51a9df6ff xen/netfront: react properly to failing gnttab_end_foreign_access_ref() |
| CVE-2022-23960: f02cab2bed1a3493a230e54d83ff117bc59f480e ARM: report Spectre v2 status through sysfs |
| |
| CVEs fixed in 5.15.29: |
| CVE-2021-33135: ce91f0f023adfc239b44261f6dccb4a883d44d92 x86/sgx: Free backing memory after faulting the enclave page |
| CVE-2022-0995: 1b09f28f70a5046acd64138075ae3f095238b045 watch_queue: Fix filter limit check |
| CVE-2022-1011: ca62747b38f59d4e75967ebf63c992de8852ca1b fuse: fix pipe buffer lifetime for direct_io |
| CVE-2022-1199: 46ad629e58ce3a88c924ff3c5a7e9129b0df5659 ax25: Fix NULL pointer dereference in ax25_kill_by_device |
| CVE-2022-27666: 4aaabbffc3b0658ce80eebdde9bafa20a3f932e0 esp: Fix possible buffer overflow in ESP transformation |
| |
| CVEs fixed in 5.15.31: |
| CVE-2022-20158: a055f5f2841f7522b44a2b1eccb1951b4b03d51a net/packet: fix slab-out-of-bounds access in packet_recvmsg() |
| CVE-2022-20368: a055f5f2841f7522b44a2b1eccb1951b4b03d51a net/packet: fix slab-out-of-bounds access in packet_recvmsg() |
| CVE-2022-3107: ab0ab176183191cffc69fe9dd8ac6c8db23f60d3 hv_netvsc: Add check for kvmalloc_array |
| |
| CVEs fixed in 5.15.32: |
| CVE-2022-1015: 1bd57dea456149619f3b80d67eee012122325af8 netfilter: nf_tables: validate registers coming from userspace. |
| CVE-2022-1016: fafb904156fbb8f1dd34970cd5223e00b47c33be netfilter: nf_tables: initialize registers in nft_do_chain() |
| CVE-2022-1048: 33061d0fba51d2bf70a2ef9645f703c33fe8e438 ALSA: pcm: Fix races among concurrent hw_params and hw_free calls |
| CVE-2022-26490: a34c47b1ab07153a047476de83581dc822287f39 nfc: st21nfca: Fix potential buffer overflows in EVT_TRANSACTION |
| CVE-2022-28356: e9072996108387ab19b497f5b557c93f98d96b0b llc: fix netdevice reference leaks in llc_ui_bind() |
| |
| CVEs fixed in 5.15.33: |
| CVE-2022-0168: 39a4bf7d1a23dd172526c2fb0db480c5d5c63bd6 cifs: fix NULL ptr dereference in smb2_ioctl_query_info() |
| CVE-2022-1158: 8771d9673e0bdb7148299f3c074667124bde6dff KVM: x86/mmu: do compare-and-exchange of gPTE via the user address |
| CVE-2022-1198: 3eb18f8a1d02a9462a0e4903efc674ca3d0406d1 drivers: hamradio: 6pack: fix UAF bug caused by mod_timer() |
| CVE-2022-1353: d06ee4572fd916fbb34d16dc81eb37d1dff83446 af_key: add __GFP_ZERO flag for compose_sadb_supported in function pfkey_register |
| CVE-2022-1516: 409570a619c1cda2e0fde6018a256b9e3d3ba0ee net/x25: Fix null-ptr-deref caused by x25_disconnect |
| CVE-2022-1651: 1d5103d9bb7d42fc220afe9f01ec6b9fe0ea5773 virt: acrn: fix a memory leak in acrn_dev_ioctl() |
| CVE-2022-1671: 432297011caf71dbc95c3365a65adf365e79aff3 rxrpc: fix some null-ptr-deref bugs in server_key.c |
| CVE-2022-20369: 48d00e24822e4384edcee3aae03d54c1b7982eba media: v4l2-mem2mem: Apply DST_QUEUE_OFF_BASE on MMAP buffers across ioctls |
| CVE-2022-2153: 0e5dbc0540baa89faf4c04ccc7e9c4fe6b1d7bf4 KVM: x86: Avoid theoretical NULL pointer dereference in kvm_irq_delivery_to_apic_fast() |
| CVE-2022-2380: 46cdbff26c88fd75dccbf28df1d07cbe18007eac video: fbdev: sm712fb: Fix crash in smtcfb_read() |
| CVE-2022-28388: f2ce5238904f539648aaf56c5ee49e5eaf44d8fc can: usb_8dev: usb_8dev_start_xmit(): fix double dev_kfree_skb() in error path |
| CVE-2022-28389: 37f07ad24866c6c1423b37b131c9a42414bcf8a1 can: mcba_usb: mcba_usb_start_xmit(): fix double dev_kfree_skb in error path |
| CVE-2022-28390: 459b19f42fd5e031e743dfa119f44aba0b62ff97 can: ems_usb: ems_usb_start_xmit(): fix double dev_kfree_skb() in error path |
| CVE-2022-2977: 662893b4f6bd466ff9e1cd454c44c26d32d554fe tpm: fix reference counting for struct tpm_chip |
| CVE-2022-30594: b6d75218ff65f4d63c9cf4986f6c55666fb90a1a ptrace: Check PTRACE_O_SUSPEND_SECCOMP permission on PTRACE_SEIZE |
| CVE-2022-3078: 9dd2fd7a1f84c947561af29424c5ddcecfcf2cbe media: vidtv: Check for null return of vzalloc |
| CVE-2022-3111: 4124966fbd95eeecca26d52433f393e2b9649a33 power: supply: wm8350-power: Add missing free in free_charger_irq |
| CVE-2022-3112: b0b890dd8df3b9a2fe726826980b1cffe17b9679 media: meson: vdec: potential dereference of null pointer |
| CVE-2022-3113: 0022dc8cafa5fcd156da8ae7bfc9ca99497bdffc media: mtk-vcodec: potential dereference of null pointer |
| CVE-2022-3239: 332d45fe51d75a3a95c4a04e2cb7bffef284edd4 media: em28xx: initialize refcount before kref_get |
| CVE-2023-1249: 39fd0cc079c98dafcf355997ada7b5e67f0bb10a coredump: Use the vma snapshot in fill_files_note |
| CVE-2023-28410: 312d3d4f49e12f97260bcf972c848c3562126a18 drm/i915/gem: add missing boundary check in vm_access |
| |
| CVEs fixed in 5.15.34: |
| CVE-2022-1263: 226b4327ef5c88572fc12187193f1b5073c10837 KVM: avoid NULL pointer dereference in kvm_dirty_ring_push |
| CVE-2022-29582: ba7261af2b030ab2c06189be1fc77b273716839f io_uring: fix race between timeout flush and removal |
| CVE-2022-3202: d925b7e78b62805fcc5440d1521181c82b6f03cb jfs: prevent NULL deref in diFree |
| CVE-2023-1637: fab4b79e869a8e1c0f7d931a4eff0285d9b5efa7 x86/speculation: Restore speculation related MSRs during S3 resume |
| |
| CVEs fixed in 5.15.35: |
| CVE-2022-1204: 452ae92b99062d2f6a34324eaf705a3b7eac9f8b ax25: Fix refcount leaks caused by ax25_cb_del() |
| CVE-2022-3526: 8f79ce226ad2e9b2ec598de2b9560863b7549d1b macvlan: Fix leaking skb in source mode with nodst option |
| CVE-2022-41858: efb020924a71391fc12e6f204eaf25694cc116a1 drivers: net: slip: fix NPD bug in sl_tx_timeout() |
| CVE-2023-4389: 252db93fd0bd5ca07c9b933ed94e93a4a43e8901 btrfs: fix root ref counts in error handling in btrfs_get_root_ref |
| |
| CVEs fixed in 5.15.36: |
| CVE-2022-2639: e411af98013dba5bce8118ee2b84bd1ad4c36b86 openvswitch: fix OOB access in reserve_sfa_size() |
| CVE-2022-29581: ba9e9a794fd1689bf7e8a7452c55f3d3cbda7728 net/sched: cls_u32: fix netns refcount changes in u32_change() |
| |
| CVEs fixed in 5.15.37: |
| CVE-2022-0500: b453361384c2db1c703dacb806d5fd36aec4ceca bpf: Introduce MEM_RDONLY flag |
| CVE-2022-1836: e52da8e4632f9c8fe78bf1c5881ce6871c7e08f3 floppy: disable FDRAWCMD by default |
| CVE-2022-23222: 8d38cde47a7e17b646401fa92d916503caa5375e bpf: Replace PTR_TO_XXX_OR_NULL with PTR_TO_XXX | PTR_MAYBE_NULL |
| CVE-2022-33981: e52da8e4632f9c8fe78bf1c5881ce6871c7e08f3 floppy: disable FDRAWCMD by default |
| |
| CVEs fixed in 5.15.39: |
| CVE-2022-1734: b8f2b836e7d0a553b886654e8b3925a85862d2eb nfc: nfcmrvl: main: reorder destructive operations in nfcmrvl_nci_unregister_dev to avoid bugs |
| CVE-2022-1974: a2168fb3128a576d0175443403c15dcf8bf128f6 nfc: replace improper check device_is_registered() in netlink related functions |
| CVE-2022-1975: 7bd81a05d48942ef2c48630e5e7963b187e95727 NFC: netlink: fix sleep in atomic bug when firmware download timeout |
| CVE-2023-3159: e259ba5c08d3791ab269b7775f1de5b36b06388c firewire: fix potential uaf in outbound_phy_packet_callback() |
| |
| CVEs fixed in 5.15.40: |
| CVE-2022-1943: 9e951f2d85c9430ea8ae0c8448e47e3c234f1580 udf: Avoid using stale lengthOfImpUse |
| |
| CVEs fixed in 5.15.41: |
| CVE-2022-1012: 1a8ee547da2b64d6a2aedbd38a691578eff14718 secure_seq: use the 64 bits of the siphash for port offset calculation |
| CVE-2022-28893: 54f6834b283d9b4d070b0639d9ef5e1d156fe7b0 SUNRPC: Ensure we flush any closed sockets before xs_xprt_free() |
| CVE-2022-32296: 952a238d779eea4ecb2f8deb5004c8f56be79bc9 tcp: increase source port perturb table to 2^16 |
| |
| CVEs fixed in 5.15.42: |
| CVE-2022-1652: fc2bee93e31bbba920e9eeba76af72264ced066f floppy: use a statically allocated error counter |
| CVE-2022-1729: e085354dde254bc6c83ee604ea66c2b36f9f9067 perf: Fix sys_perf_event_open() race against self |
| CVE-2022-21499: 69c5d307dce1560fafcb852f39d7a1bf5e266641 lockdown: also lock down previous kgdb use |
| CVE-2023-1838: 42d8a6dc45fc6619b8def1a70b7bd0800bcc4574 Fix double fget() in vhost_net_set_backend() |
| CVE-2023-4387: 4ad09fdef55b70f16f8d385981b864ac75cf1354 net: vmxnet3: fix possible use-after-free bugs in vmxnet3_rq_alloc_rx_buf() |
| CVE-2023-4459: e35387a91318ccdec4a30b58d967391e011e34fa net: vmxnet3: fix possible NULL pointer dereference in vmxnet3_rq_cleanup() |
| |
| CVEs fixed in 5.15.44: |
| CVE-2022-1789: acd12d16528152b32fa09be2c5ef95047f69af05 KVM: x86/mmu: fix NULL pointer dereference on guest INVPCID |
| |
| CVEs fixed in 5.15.45: |
| CVE-2022-1852: 531d1070d864c78283b7597449e60ddc53319d88 KVM: x86: avoid calling x86 emulator without a decoded instruction |
| CVE-2022-1966: f692bcffd1f2ce5488d24fbcb8eab5f351abf79d netfilter: nf_tables: disallow non-stateful expression in sets earlier |
| CVE-2022-1972: 89ef50fe03a55feccf5681c237673a2f98161161 netfilter: nf_tables: sanitize nft_set_desc_concat_parse() |
| CVE-2022-20572: 69712b170237ec5979f168149cd31e851a465853 dm verity: set DM_TARGET_IMMUTABLE feature flag |
| CVE-2022-2078: 89ef50fe03a55feccf5681c237673a2f98161161 netfilter: nf_tables: sanitize nft_set_desc_concat_parse() |
| CVE-2022-2503: 69712b170237ec5979f168149cd31e851a465853 dm verity: set DM_TARGET_IMMUTABLE feature flag |
| CVE-2022-2873: 24c6fc6e7453f64cf6cbb4218c62aafdecc16ee1 i2c: ismt: prevent memory corruption in ismt_access() |
| CVE-2022-2959: cf2fbc56c478a34a68ff1fa6ad08460054dfd499 pipe: Fix missing lock in pipe_resize_ring() |
| CVE-2022-3077: 24c6fc6e7453f64cf6cbb4218c62aafdecc16ee1 i2c: ismt: prevent memory corruption in ismt_access() |
| CVE-2022-32250: f692bcffd1f2ce5488d24fbcb8eab5f351abf79d netfilter: nf_tables: disallow non-stateful expression in sets earlier |
| |
| CVEs fixed in 5.15.46: |
| CVE-2022-1184: ca17db384762be0ec38373a12460081d22a8b42d ext4: verify dir block before splitting it |
| CVE-2022-1973: 61decb58486d7c0cbded25fe4d301ab4fa148cd8 fs/ntfs3: Fix invalid free in log_replay |
| CVE-2022-3115: 4cb37f715f601cee5b026c6f9091a466266b5ba5 drm: mali-dp: potential dereference of null pointer |
| CVE-2022-3577: 22e0b0b84c538b60bdf8eeceee7ab3cebf4a1a09 HID: bigben: fix slab-out-of-bounds Write in bigben_probe |
| CVE-2023-4385: 4b9380d92c66cdc66987f65130789abad5c1af6f fs: jfs: fix possible NULL pointer dereference in dbFree() |
| |
| CVEs fixed in 5.15.47: |
| CVE-2022-3104: 1aeeca2b8397e3805c16a4ff26bf3cc8485f9853 lkdtm/bugs: Check for the NULL pointer after calling kmalloc |
| CVE-2022-3110: 029983ea88e59f4c7dc0d56ade2b16d6b869bf94 staging: r8188eu: add check for kzalloc |
| CVE-2022-32981: 2a0165d278973e30f2282c15c52d91788749d2d4 powerpc/32: Fix overread/overwrite of thread_struct via ptrace |
| CVE-2022-34494: b94d40c792de7f0ceda6a2fd8a8dc0597eca6d22 rpmsg: virtio: Fix possible double free in rpmsg_virtio_add_ctrl_dev() |
| CVE-2022-34495: eaf37bb6b4f7c48a5adaf1be4879107daf4d6024 rpmsg: virtio: Fix possible double free in rpmsg_probe() |
| |
| CVEs fixed in 5.15.48: |
| CVE-2022-21123: d74f4eb1ddf076a55ff0682a89e66af5c1974321 x86/speculation/mmio: Add mitigation for Processor MMIO Stale Data |
| CVE-2022-21125: ebd0f558b48082c265fd594ffb205ae5350bfe79 x86/speculation/mmio: Reuse SRBDS mitigation for SBDS |
| CVE-2022-21166: 2044838ab2283c23869ffa7b062e5f388136e432 x86/speculation/mmio: Enable CPU Fill buffer clearing on idle |
| |
| CVEs fixed in 5.15.51: |
| CVE-2023-2008: 5b45535865d62633e3816ee30eb8d3213038dc17 udmabuf: add back sanity check |
| |
| CVEs fixed in 5.15.53: |
| CVE-2022-2318: 659d39545260100628d8a30020d09fb6bf63b915 net: rose: fix UAF bugs caused by timer handler |
| CVE-2022-26365: 7ed65a4ad8fa9f40bc3979b32c54243d6a684ec9 xen/blkfront: fix leaking data in shared pages |
| CVE-2022-33740: 5dd0993c36832d33820238fc8dc741ba801b7961 xen/netfront: fix leaking data in shared pages |
| CVE-2022-33741: ed3cfc690675d852c3416aedb271e0e7d179bf49 xen/netfront: force data bouncing when backend is untrusted |
| CVE-2022-33742: 6d0a9127279a4533815202e30ad1b3a39f560ba3 xen/blkfront: force data bouncing when backend is untrusted |
| CVE-2022-33743: 1052fc2b7391a43b25168ae69ad658fff5170f04 xen-netfront: restore __skb_queue_tail() positioning in xennet_get_responses() |
| CVE-2022-33744: 9f83c8f6ab14bbf4311b70bf1b7290d131059101 xen/arm: Fix race in RB-tree based P2M accounting |
| |
| CVEs fixed in 5.15.54: |
| CVE-2021-33655: 6886327780254ba749b770373653b6afc2a339fc fbcon: Disallow setting font bigger than screen size |
| CVE-2022-34918: c1784d2075138992b00c17ab4ffc6d855171fe6d netfilter: nf_tables: stricter validation of element data |
| |
| CVEs fixed in 5.15.56: |
| CVE-2022-36123: 26bb7afc027ce6ac8ab6747babec674d55689ff0 x86: Clear .brk area at early boot |
| |
| CVEs fixed in 5.15.57: |
| CVE-2022-23816: ccb25d7db1a29bc251692be745b000e6f0754048 x86/kvm/vmx: Make noinstr clean |
| CVE-2022-29900: ccb25d7db1a29bc251692be745b000e6f0754048 x86/kvm/vmx: Make noinstr clean |
| CVE-2022-29901: ccb25d7db1a29bc251692be745b000e6f0754048 x86/kvm/vmx: Make noinstr clean |
| |
| CVEs fixed in 5.15.58: |
| CVE-2022-1462: b2d1e4cd558cffec6bfe318f5d74e6cffc374d29 tty: use new tty_insert_flip_string_and_push_buffer() in pty_write() |
| CVE-2022-21505: 0e66932a9dc9ba47e60405b392e3782a332bc44e lockdown: Fix kexec lockdown bypass with ima policy |
| CVE-2022-36879: c8e32bca0676ac663266a3b16562cb017300adcd xfrm: xfrm_policy: fix a possible double xfrm_pols_put() in xfrm_bundle_lookup() |
| |
| CVEs fixed in 5.15.59: |
| CVE-2022-20566: f32d5615a78a1256c4f557ccc6543866e75d03f4 Bluetooth: L2CAP: Fix use-after-free caused by l2cap_chan_put |
| CVE-2022-36946: 91c11008aab0282957b8b8ccb0707d90e74cc3b9 netfilter: nf_queue: do not allow packet truncation below transport header offset |
| CVE-2023-2177: e796e1fe20ecaf6da419ef6a5841ba181bba7a0c sctp: leave the err path free in sctp_stream_init to sctp_stream_free |
| |
| CVEs fixed in 5.15.60: |
| CVE-2022-26373: 7fcd99e889c0634f8275ae7a6b06aec4a22c8715 x86/speculation: Add RSB VM Exit protections |
| CVE-2022-39189: 92343314d34e04da0923cefd3be67521d706fa35 KVM: x86: do not report a vCPU as preempted outside instruction boundaries |
| |
| CVEs fixed in 5.15.61: |
| CVE-2022-1679: 03ca957c5f7b55660957eda20b5db4110319ac7a ath9k: fix use-after-free in ath9k_hif_usb_rx_cb |
| CVE-2022-20422: cc69ef95988b9ef2fc730ec452a7441efb90ef5e arm64: fix oops in concurrently setting insn_emulation sysctls |
| CVE-2022-2585: 9e255ed238fc67058df87b0388ad6d4b2ef3a2bd posix-cpu-timers: Cleanup CPU timers before freeing them during exec |
| CVE-2022-2586: faafd9286f1355c76fe9ac3021c280297213330e netfilter: nf_tables: do not allow SET_ID to refer to another table |
| CVE-2022-2588: 57bbb691a93bd39d0644c5c879b354232d0e0eed net_sched: cls_route: remove from list when handle is 0 |
| CVE-2022-47938: 577619605556a90e64abc759ca3ad9d86bf51176 ksmbd: prevent out of bound read for SMB2_TREE_CONNNECT |
| CVE-2022-47939: a54c509c32adba9d136f2b9d6a075e8cae1b6d27 ksmbd: fix use-after-free bug in smb2_tree_disconect |
| CVE-2022-47941: dd4e4c811898410e6a3ae3b63207b7c542860907 ksmbd: fix memory leak in smb2_handle_negotiate |
| CVE-2023-1095: 8a2df34b5bf652566f2889d9fa321f3b398547ef netfilter: nf_tables: fix null deref due to zeroed list head |
| CVE-2023-2019: f671cf48f383fccba313346eddb4bd6bcbdb55a4 netdevsim: fib: Fix reference count leak on route deletion failure |
| CVE-2023-20928: 622ef885a89ad04cfb76ee478fb44f051125d1f1 android: binder: stop saving a pointer to the VMA |
| CVE-2023-22998: 72893aadc0017f0f2998b33e7fa5e6b3a3a72d02 drm/virtio: Fix NULL vs IS_ERR checking in virtio_gpu_object_shmem_init |
| CVE-2023-2513: 21f6bd5cbdab8ac7f7e9321de53668e1ef8f22a6 ext4: fix use-after-free in ext4_xattr_set_entry |
| |
| CVEs fixed in 5.15.62: |
| CVE-2022-47942: cb69d4d6f709f87c94afa28ae64c501576692171 ksmbd: fix heap-based overflow in set_ntacl_dacl() |
| CVE-2022-47943: c76b216753c9eb2950a091037c9976f389e73529 ksmbd: prevent out of bound read for SMB2_WRITE |
| |
| CVEs fixed in 5.15.63: |
| CVE-2022-3625: c4d09fd1e18bac11c2f7cf736048112568687301 devlink: Fix use-after-free after a failed reload |
| CVE-2022-3629: e4c0428f8a6fc8c218d7fd72bddd163f05b29795 vsock: Fix memory leak in vsock_connect() |
| CVE-2022-3633: 98dc8fb08299ab49e0b9c08daedadd2f4de1a2f2 can: j1939: j1939_session_destroy(): fix memory leak of skbs |
| CVE-2022-3635: a5d7ce086fe942c5ab422fd2c034968a152be4c4 atm: idt77252: fix use-after-free bugs caused by tst_timer |
| CVE-2023-3111: 78f8c2370e3d33e35f23bdc648653d779aeacb6e btrfs: unset reloc control if transaction commit fails in prepare_to_relocate() |
| |
| CVEs fixed in 5.15.64: |
| CVE-2022-2905: 4f672112f8665102a5842c170be1713f8ff95919 bpf: Don't use tnum_range on array range checking for poke descriptors |
| CVE-2022-3028: 103bd319c0fc90f1cb013c3a508615e6df8af823 af_key: Do not call xfrm_probe_algs in parallel |
| CVE-2022-39190: 51f192ae71c3431aa69a988449ee2fd288e57648 netfilter: nf_tables: disallow binding to already bound chain |
| |
| CVEs fixed in 5.15.65: |
| CVE-2022-3176: e9d7ca0c4640cbebe6840ee3bac66a25a9bacaf5 io_uring: fix UAF due to missing POLLFREE handling |
| CVE-2022-42703: c18a209b56e37b2a60414f714bd70b084ef25835 mm/rmap: Fix anon_vma->degree ambiguity leading to double-reuse |
| |
| CVEs fixed in 5.15.66: |
| CVE-2022-20421: c2a4b5dc8fa71af73bab704d0cac42ac39767ed6 binder: fix UAF of ref->proc caused by race condition |
| CVE-2022-4095: dc02aaf950015850e7589696521c7fca767cea77 staging: rtl8712: fix use after free bugs |
| CVE-2022-4662: c548b99e1c37db6f7df86ecfe9a1f895d6c5966e USB: core: Prevent nested device-reset calls |
| |
| CVEs fixed in 5.15.68: |
| CVE-2022-2663: 451c9ce1e2fc9b9e40303bef8e5a0dca1a923cc4 netfilter: nf_conntrack_irc: Fix forged IP logic |
| CVE-2022-3303: 8015ef9e8a0ee5cecfd0cb6805834d007ab26f86 ALSA: pcm: oss: Fix race at SNDCTL_DSP_SYNC |
| CVE-2022-3586: 1a889da60afc017050e1f517b3b976b462846668 sch_sfb: Don't assume the skb is still around after enqueueing to child |
| CVE-2022-40307: dd291e070be0eca8807476b022bda00c891d9066 efi: capsule-loader: Fix use-after-free in efi_capsule_write |
| CVE-2023-2860: 55195563ec29f80f984237b743de0e2b6ba4d093 ipv6: sr: fix out-of-bounds read when setting HMAC data. |
| |
| CVEs fixed in 5.15.70: |
| CVE-2022-0171: 39b0235284c7aa33a64e07b825add7a2c108094a KVM: SEV: add cache flush to solve SEV cache incoherency issues |
| CVE-2022-3061: 59b756da49bfa51a00a0b58b4147ce2652bc3d28 video: fbdev: i740fb: Error out if 'pixclock' equals zero |
| CVE-2022-39842: ab5140c6ddd7473509e12f468948de91138b124e video: fbdev: pxa3xx-gcu: Fix integer overflow in pxa3xx_gcu_write |
| |
| CVEs fixed in 5.15.71: |
| CVE-2022-42432: 816eab147e5c6f6621922b8515ad9010ceb1735e netfilter: nfnetlink_osf: fix possible bogus match in nf_osf_find() |
| |
| CVEs fixed in 5.15.72: |
| CVE-2022-2308: dc248ddf41eab4566e95b1ee2433c8a5134ad94a vduse: prevent uninitialized memory accesses |
| |
| CVEs fixed in 5.15.73: |
| CVE-2022-2978: 64b79e632869ad3ef6c098a4731d559381da1115 fs: fix UAF/GPF bug in nilfs_mdt_destroy |
| CVE-2022-43750: 5ff80339cdc3143b89eee2ad91ae44b4dbf65ad1 usb: mon: make mmapped memory read only |
| |
| CVEs fixed in 5.15.74: |
| CVE-2022-3621: 1e512c65b4adcdbdf7aead052f2162b079cc7f55 nilfs2: fix NULL pointer dereference at nilfs_bmap_lookup_at_level() |
| CVE-2022-3646: 44b1ee304bac03f1b879be5afe920e3a844e40fc nilfs2: fix leak of nilfs_root in case of writer thread creation failure |
| CVE-2022-3649: cb602c2b654e26763226d8bd27a702f79cff4006 nilfs2: fix use-after-free bug of struct nilfs_root |
| CVE-2022-40768: 76efb4897bc38b2f16176bae27ae801037ebf49a scsi: stex: Properly zero out the passthrough command structure |
| CVE-2022-41674: 9a8ef2030510a9d6ce86fd535b8d10720230811f wifi: cfg80211: fix u8 overflow in cfg80211_update_notlisted_nontrans() |
| CVE-2022-42719: de124365a7d2deed22cf706583930f28d537ff0f wifi: mac80211: fix MBSSID parsing use-after-free |
| CVE-2022-42720: bfe29873454f38eb1a511a76144ad1a4848ca176 wifi: cfg80211: fix BSS refcounting bugs |
| CVE-2022-42721: 0a8ee682e4f992eccce226b012bba600bb2251e2 wifi: cfg80211: avoid nontransmitted BSS list corruption |
| CVE-2022-42722: 93a3a32554079432b49cf87f326607b2a2fab4f2 wifi: mac80211: fix crash in beacon protection for P2P-device |
| |
| CVEs fixed in 5.15.75: |
| CVE-2022-2602: 813d8fe5d30388f73a21d3a2bf46b0a1fd72498c io_uring/af_unix: defer registered files gc to io_uring release |
| CVE-2022-3535: a624161ebe0c678c10c4c82b574fed6c04d552d8 net: mvpp2: fix mvpp2 debugfs leak |
| CVE-2022-3542: 0b6516a4e3eb0e2dc88a538458f3f732940f44fd bnx2x: fix potential memory leak in bnx2x_tpa_stop() |
| CVE-2022-3565: 7bfa18b05f381162c9d38192bbf0179f1142dd38 mISDN: fix use-after-free bugs in l1oip timer handlers |
| CVE-2022-3594: b3179865cf7e892b26eedab3d6c54b4747c774a2 r8152: Rate limit overflow messages |
| CVE-2022-41849: 2b0897e33682a332167b7d355eec28693b62119e fbdev: smscufx: Fix use-after-free in ufx_ops_open() |
| CVE-2022-41850: c61786dc727d1850336d12c85a032c9a36ae396d HID: roccat: Fix use-after-free in roccat_read() |
| CVE-2022-43945: dc7f225090c29a5f3b9419b1af32846a201555e7 NFSD: Protect against send buffer overflow in NFSv2 READDIR |
| |
| CVEs fixed in 5.15.76: |
| CVE-2023-0590: ce1234573d183db1ebcab524668ca2d85543bf80 net: sched: fix race condition in qdisc_graft() |
| |
| CVEs fixed in 5.15.77: |
| CVE-2022-3524: 1401e9336bebaa6dd5a320f83bddc17619d4e3a6 tcp/udp: Fix memory leak in ipv6_renew_options(). |
| CVE-2023-0615: 0f83edbe4fe95d9c68b32aebe07fe413bcf92afe media: vivid: dev->bitmap_cap wasn't freed in all cases |
| CVE-2023-3006: 52c2329147cf5d956dcaa3a91c886c550e7bdd39 arm64: Add AMPERE1 to the Spectre-BHB affected list |
| |
| CVEs fixed in 5.15.78: |
| CVE-2022-3543: 3975affcf55f93814a8ae14333d7fc7f183e60a4 af_unix: Fix memory leaks of the whole sk due to OOB skb. |
| CVE-2022-3564: 8278a87bb1eeea94350d675ef961ee5a03341fde Bluetooth: L2CAP: Fix use-after-free caused by l2cap_reassemble_sdu |
| CVE-2022-3619: aa16cac06b752e5f609c106735bd7838f444784c Bluetooth: L2CAP: Fix memory leak in vhci_write |
| CVE-2022-3623: 3a44ae4afaa5318baed3c6e2959f24454e0ae4ff mm/hugetlb: fix races when looking up a CONT-PTE/PMD size hugetlb page |
| CVE-2022-3628: 7038af4ce95105146d22e461eaa450829f28eeaf wifi: brcmfmac: Fix potential buffer overflow in brcmf_fweh_event_worker() |
| CVE-2022-42895: 3e4697ffdfbb38a2755012c4e571546c89ab6422 Bluetooth: L2CAP: Fix attempting to access uninitialized memory |
| CVE-2022-42896: 81035e1201e26d57d9733ac59140a3e29befbc5a Bluetooth: L2CAP: Fix accepting connection request for invalid SPSM |
| CVE-2023-3812: dcc79cf735b8ec4bedaa82c53bed8c62721c042b net: tun: fix bugs for oversize packet when napi frags enabled |
| |
| CVEs fixed in 5.15.80: |
| CVE-2022-3169: b1a27b2aad936746e6ef64c8a24bcb6dce6f926a nvme: ensure subsystem reset is single threaded |
| CVE-2022-3521: 27d706b0d394a907ff8c4f83ffef9d3e5817fa84 kcm: avoid potential race in kcm_tx_work |
| CVE-2023-26607: ab6a1bb17e3c2f6670020d7edeea2fbfe6466690 ntfs: fix out-of-bounds read in ntfs_attr_find() |
| |
| CVEs fixed in 5.15.81: |
| CVE-2022-3344: 3e87cb0caa25d667a9ca2fe15fef889e43ab8f95 KVM: x86: nSVM: harden svm_free_nested against freeing vmcb02 while still in use |
| CVE-2022-47518: 7aed1dd5d221dabe3fe258f13ecf5fc7df393cbb wifi: wilc1000: validate number of channels |
| CVE-2022-47519: 143232cb5a4c96d69a7d90b643568665463c6191 wifi: wilc1000: validate length of IEEE80211_P2P_ATTR_OPER_CHANNEL attribute |
| CVE-2022-47520: cd9c4869710bb6e38cfae4478c23e64e91438442 wifi: wilc1000: validate pairwise and authentication suite offsets |
| CVE-2022-47521: e9de501cf70d2b508b2793ed3e7d5d5ceabd7a74 wifi: wilc1000: validate length of IEEE80211_P2P_ATTR_CHANNEL_LIST attribute |
| CVE-2023-1382: 4ae907c45fcad4450423b8cdefa5a74bad772068 tipc: set con sock in tipc_conn_alloc |
| CVE-2023-2006: 38fe0988bd516f35c614ea9a5ff86c0d29f90c9a rxrpc: Fix race between conn bundle lookup and bundle removal [ZDI-CAN-15975] |
| |
| CVEs fixed in 5.15.82: |
| CVE-2022-4378: 48642f94311b0cf9667aa6833f9f5e3a87d2a0ce proc: proc_skip_spaces() shouldn't think it is working on C strings |
| CVE-2022-45869: f88a6977f8b981bfb5fddd18fbaa75e57e8af293 KVM: x86/mmu: Fix race condition in direct_page_fault |
| |
| CVEs fixed in 5.15.83: |
| CVE-2022-3643: 0fe29bd92594a747a2561589bd452c259451929e xen/netback: Ensure protocol headers don't fall in the non-linear area |
| CVE-2023-2166: c142cba37de29f740a3852f01f59876af8ae462a can: af_can: fix NULL pointer dereference in can_rcv_filter |
| CVE-2023-28327: 5c014eb0ed6c8c57f483e94cc6e90f34ce426d91 af_unix: Get user_ns from in_skb in unix_diag_get_exact(). |
| |
| CVEs fixed in 5.15.84: |
| CVE-2022-3545: 9d933af8fef33c32799b9f2d3ff6bf58a63d7f24 nfp: fix use-after-free in area_cache_get() |
| |
| CVEs fixed in 5.15.85: |
| CVE-2022-45934: 19a78143961a197de8502f4f29c453b913dc3c29 Bluetooth: L2CAP: Fix u8 overflow |
| |
| CVEs fixed in 5.15.86: |
| CVE-2022-3424: d5c8f9003a289ee2a9b564d109e021fc4d05d106 misc: sgi-gru: fix use-after-free error in gru_set_context_option, gru_fault and gru_handle_user_call_os |
| CVE-2022-3534: a733bf10198eb5bb927890940de8ab457491ed3b libbpf: Fix use-after-free in btf_dump_name_dups |
| CVE-2023-26606: ab53749c32db90eeb4495227c998d21dc07ad8c1 fs/ntfs3: Fix slab-out-of-bounds read in ntfs_trim_fs |
| CVE-2023-28328: 210fcf64be4db82c0e190e74b5111e4eef661a7a media: dvb-usb: az6027: fix null-ptr-deref in az6027_i2c_xfer() |
| CVE-2023-3357: d238f94b2b61c77dd60db820aa683ff6a58c1543 HID: amd_sfh: Add missing check for dma_alloc_coherent |
| |
| CVEs fixed in 5.15.87: |
| CVE-2022-36280: 6948e570f54f2044dd4da444b10471373a047eeb drm/vmwgfx: Validate the box size for the snooped cursor |
| CVE-2022-41218: 8b45a3b19a2e909e830d09a90a7e1ec8601927d9 media: dvb-core: Fix UAF due to refcount races at releasing |
| CVE-2022-48423: 3a52f17867727818ae8dbcfd9425033df32f92e0 fs/ntfs3: Validate resident attribute name |
| CVE-2022-48424: c878a915bcb992c12a97ebae1013e377158f560a fs/ntfs3: Validate attribute name offset |
| CVE-2023-0045: cb42aa7b5f726e3fddc8656b8f5c723537d654f1 x86/bugs: Flush IBP in ib_prctl_set() |
| CVE-2023-0210: e32f867b37da7902685c9a106bef819506aa1a92 ksmbd: check nt_len to be at least CIFS_ENCPWD_SIZE in ksmbd_decode_ntlmssp_auth_blob |
| CVE-2023-23454: 04dc4003e5df33fb38d3dd85568b763910c479d4 net: sched: cbq: dont intepret cls results when asked to drop |
| CVE-2023-23455: f02327a4877a06cbc8277e22d4834cb189565187 net: sched: atm: dont intepret cls results when asked to drop |
| CVE-2023-26544: 9c8471a17f1f15b18cb7b96cba86e6f9bd6aae1c fs/ntfs3: Fix slab-out-of-bounds read in run_unpack |
| |
| CVEs fixed in 5.15.88: |
| CVE-2022-47929: 04941c1d5bb59d64165e09813de2947bdf6f4f28 net: sched: disallow noqueue for qdisc classes |
| CVE-2023-0266: 26350c21bc5e97a805af878e092eb8125843fe2c ALSA: pcm: Move rwsem lock inside snd_ctl_elem_read to prevent UAF |
| CVE-2023-0461: dadd0dcaa67d27f550131de95c8e182643d2c9d6 net/ulp: prevent ULP without clone op from entering the LISTEN status |
| |
| CVEs fixed in 5.15.89: |
| CVE-2023-0179: a8acfe2c6fb99f9375a9325807a179cd8c32e6e3 netfilter: nft_payload: incorrect arithmetics when fetching VLAN header bits |
| CVE-2023-0394: 456e3794e08a0b59b259da666e31d0884b376bcf ipv6: raw: Deduct extension header length in rawv6_push_pending_frames |
| |
| CVEs fixed in 5.15.90: |
| CVE-2022-4382: a2e075f40122d8daf587db126c562a67abd69cf9 USB: gadgetfs: Fix race between mounting and unmounting |
| CVE-2022-4842: 9cca110cf8bb0653b423dba7a7c4cc23ccf91b28 fs/ntfs3: Fix attr_punch_hole() null pointer derenference |
| CVE-2023-0458: f01aefe374d32c4bb1e5fd1e9f931cf77fca621a prlimit: do_prlimit needs to have a speculation check |
| CVE-2023-21102: 7a993c1be595835acf578d0382bfd8f83475f301 efi: rt-wrapper: Add missing include |
| |
| CVEs fixed in 5.15.91: |
| CVE-2022-4129: 87d9205d9a57dfc1f39f840b32e38475c3f523f6 l2tp: Serialize access to sk_user_data with sk_callback_lock |
| CVE-2023-0386: e91308e63710574c4b6a0cadda3e042a3699666e ovl: fail on invalid uid/gid mapping at copy up |
| CVE-2023-1073: 2b49568254365c9c247beb0eabbaa15d0e279d64 HID: check empty report_list in hid_validate_values() |
| CVE-2023-1074: 3391bd42351be0beb14f438c7556912b9f96cb32 sctp: fail if no bound addresses can be used for a given scope |
| CVE-2023-1652: 0a27dcd5343026ac0cb168ee63304255372b7a36 NFSD: fix use-after-free in nfsd4_ssc_setup_dul() |
| CVE-2023-23559: 8cbf932c5c40b0c20597fa623c308d5bde0848b5 wifi: rndis_wlan: Prevent buffer overflow in rndis_query_oid |
| CVE-2023-3358: c4cb73febe35f92f7a401f4cbc84f94c764732a9 HID: intel_ish-hid: Add check for ishtp_dma_tx_map |
| |
| CVEs fixed in 5.15.93: |
| CVE-2023-2162: 0aaabdb900c7415caa2006ef580322f7eac5f6b6 scsi: iscsi_tcp: Fix UAF during login when accessing the shost ipaddress |
| CVE-2023-3161: dccbd062d71657648efc32fdc9919b33763cc68b fbcon: Check font dimension limits |
| CVE-2023-32269: c27e0eac568a008cdf04ae7e4ea2d3c18717e627 netrom: Fix use-after-free caused by accept on already connected socket |
| CVE-2023-3567: fc9e27f3ba083534b8bbf72ab0f5c810ffdc7d18 vc_screen: move load of struct vc_data pointer in vcs_read() to avoid UAF |
| |
| CVEs fixed in 5.15.94: |
| CVE-2022-27672: 8f12dcab90e886d0169a9cd372a8bb35339cfc19 x86/speculation: Identify processors vulnerable to SMT RSB predictions |
| CVE-2023-1078: 528e3f3a4b53df36dafd10cdf6b8c0fe2aa1c4ba rds: rds_rm_zerocopy_callback() use list_first_entry() |
| |
| CVEs fixed in 5.15.95: |
| CVE-2023-1281: becf55394f6acb60dd60634a1c797e73c747f9da net/sched: tcindex: update imperfect hash filters respecting rcu |
| CVE-2023-1513: 35351e3060d67eed8af1575d74b71347a87425d8 kvm: initialize all of the kvm_debugregs structure before sending it to userspace |
| CVE-2023-26545: 59a74da8da75bdfb464cbdb399e87ba4f7500e96 net: mpls: fix stale pointer if allocation fails during device rename |
| |
| CVEs fixed in 5.15.96: |
| CVE-2022-2196: 6b539a7dbb49250f92515c2ba60aea239efc9e35 KVM: VMX: Execute IBPB on emulated VM-exit when guest has IBRS |
| CVE-2022-3707: 0d3d5099a50badadad6837edda00e42149b2f657 drm/i915/gvt: fix double free bug in split_2MB_gtt_entry |
| CVE-2023-0459: 41d8b591d70a7517293b23958a18452baf22588f uaccess: Add speculation barrier to copy_from_user() |
| |
| CVEs fixed in 5.15.99: |
| CVE-2023-1076: 67f9f02928a34aad0a2c11dab5eea269f5ecf427 tun: tun_chr_open(): correctly initialize socket uid |
| CVE-2023-1077: 2c36c390a74981d03f04f01fe7ee9c3ac3ea11f7 sched/rt: pick_next_rt_entity(): check list_entry |
| CVE-2023-1079: 3959316f8ceb17866646abc6be4a332655407138 HID: asus: use spinlock to safely schedule workers |
| CVE-2023-1118: 29962c478e8b2e6a6154d8d84b8806dbe36f9c28 media: rc: Fix use-after-free bugs caused by ene_tx_irqsim() |
| CVE-2023-25012: 0fd9998052926ed24cfb30ab1a294cfeda4d0a8f HID: bigben: use spinlock to safely schedule workers |
| CVE-2023-2985: 05103d88482dc3757db108415342fdd86821a79b fs: hfsplus: fix UAF issue in hfsplus_put_super |
| CVE-2023-3220: c7ee1772e3c36fff8e13daa5ce1ac61426544a33 drm/msm/dpu: Add check for pstates |
| CVE-2023-3355: 436fb91cadb82da0b0b114baa4fc3b5ef7e6d557 drm/msm/gem: Add check for kmalloc |
| |
| CVEs fixed in 5.15.100: |
| CVE-2023-1829: 7c183dc0af472dec33d2c0786a5e356baa8cad19 net/sched: Retire tcindex classifier |
| CVE-2023-23004: 1c7988d5c79f72287177bb774cde15fde69f3c97 malidp: Fix NULL vs IS_ERR() checking |
| |
| CVEs fixed in 5.15.104: |
| CVE-2023-1855: 7091951c2ca9d3fbec75ef1d677cbd89eeac9793 hwmon: (xgene) Fix use after free bug in xgene_hwmon_remove due to race condition |
| CVE-2023-1990: 84dd9cc34014e3a3dcce0eb6d54b8a067e97676b nfc: st-nci: Fix use after free bug in ndlc_remove due to race condition |
| CVE-2023-2235: de3ef7ba684a25313c4b7405d007ab22912ef95a perf: Fix check before add_event_to_groups() in perf_group_detach() |
| CVE-2023-30456: 9c2f09add608a505f0e5fb694805f4766801583f KVM: nVMX: add missing consistency checks for CR0 and CR4 |
| |
| CVEs fixed in 5.15.105: |
| CVE-2022-4269: 169a41073993add6b0cfdc44e168e75f92f4834d act_mirred: use the backlog for nested calls to mirred ingress |
| CVE-2022-4379: ec5b7814353532243e8a9147d232a32549174909 NFSD: fix use-after-free in __nfs42_ssc_open() |
| CVE-2023-1670: 4ab9e85a5ce0b2ef6e63abf861179898da613d78 xirc2ps_cs: Fix use after free bug in xirc2ps_detach |
| CVE-2023-1989: 8efae2112d910d8e5166dd0a836791b08721eef1 Bluetooth: btsdio: fix use after free bug in btsdio_remove due to unfinished work |
| CVE-2023-2194: 272dc775a52f2b0d0d8e844e77fefa7df8ebc653 i2c: xgene-slimpro: Fix out-of-bounds bug in xgene_slimpro_i2c_xfer() |
| CVE-2023-2483: 8c4a180dc12303159592d15e8f077c20deeb1e55 net: qcom/emac: Fix use after free bug in emac_remove due to race condition |
| CVE-2023-28466: 0b54d75aa43a1edebc8a3770901f5c3557ee0daa net: tls: fix possible race condition between do_tls_getsockopt_conf() and do_tls_setsockopt_conf() |
| CVE-2023-30772: 0fdb1cc4fe5255d0198c332b961bc4c1f8787982 power: supply: da9150: Fix use after free bug in da9150_charger_remove due to race condition |
| CVE-2023-33203: 8c4a180dc12303159592d15e8f077c20deeb1e55 net: qcom/emac: Fix use after free bug in emac_remove due to race condition |
| CVE-2023-33288: 4ca3fd39c72efa250129d2af406c3bb56eec7dd9 power: supply: bq24190: Fix use after free bug in bq24190_remove due to race condition |
| |
| CVEs fixed in 5.15.106: |
| CVE-2023-1611: c976f9233ef926e090db5614a837824a0bcab3fb btrfs: fix race between quota disable and quota assign ioctls |
| |
| CVEs fixed in 5.15.108: |
| CVE-2023-1859: e35ae49bc198412c9294115677e5acdef95b1fb5 9p/xen : Fix use after free bug in xen_9pfs_front_remove due to race condition |
| |
| CVEs fixed in 5.15.109: |
| CVE-2023-2156: 4eee0d9d3c1117aa4a1c9f4c7f29287107e7c084 net: rpl: fix rpl header size calculation |
| CVE-2023-2163: e722ea6dae2cc042d1bb7090e2ef8456dd5a0e57 bpf: Fix incorrect verifier pruning due to missing register precision taints |
| CVE-2023-2248: 1ffc0e8105510cb826cb9d27ed1820a1131c82d4 net: sched: sch_qfq: prevent slab-out-of-bounds in qfq_activate_agg |
| CVE-2023-31436: 1ffc0e8105510cb826cb9d27ed1820a1131c82d4 net: sched: sch_qfq: prevent slab-out-of-bounds in qfq_activate_agg |
| |
| CVEs fixed in 5.15.110: |
| CVE-2023-1380: 936a23293bbb3332bdf4cdb9c1496e80cb0bc2c8 wifi: brcmfmac: slab-out-of-bounds read in brcmf_get_assoc_ies() |
| CVE-2023-2002: f1e6a14d5ae879d6ab6d90c58d2fde1b5716b389 bluetooth: Perform careful capability checks in hci_sock_ioctl() |
| |
| CVEs fixed in 5.15.111: |
| CVE-2023-0160: f333854dce4a079783f00c201869b9ee8f7ff3c3 bpf, sockmap: fix deadlocks in the sockhash and sockmap |
| CVE-2023-2269: e11765cea2050fa25fc3e03da858e83284c5ce79 dm ioctl: fix nested locking in table_clear() to remove deadlock concern |
| CVE-2023-32233: 21c2a454486d5e9c1517ecca19266b3be3df73ca netfilter: nf_tables: deactivate anonymous set from preparation phase |
| CVE-2023-32248: 227eb2689b44d0d60da3839b146983e73435924c ksmbd: fix NULL pointer dereference in smb2_get_info_filesystem() |
| CVE-2023-3268: 0b46ee654a9dcd330e8183856b88505a9f633f7d relayfs: fix out-of-bounds access in relay_file_read |
| CVE-2023-35823: 2f48c0a463a37ac76ac089ec7936f673b9a0a448 media: saa7134: fix use after free bug in saa7134_finidev due to race condition |
| CVE-2023-35824: c94388b5b9098db82d6ba4627ef6e41a35870818 media: dm1105: Fix use after free bug in dm1105_remove due to race condition |
| CVE-2023-35828: 1e58fb6b1cef4d5e552a0c3038bf946890af6f3b usb: gadget: udc: renesas_usb3: Fix use after free bug in renesas_usb3_remove due to race condition |
| CVE-2023-35829: cac0f4f36e226c79c83d01dddc049ac59d2de157 media: rkvdec: fix use after free bug in rkvdec_remove |
| |
| CVEs fixed in 5.15.112: |
| CVE-2023-34256: 6d9a705a653eb146b4991dbd198b258f787c70b1 ext4: avoid a potential slab-out-of-bounds in ext4_group_desc_csum |
| |
| CVEs fixed in 5.15.113: |
| CVE-2022-48425: 2a67f26f70ab344ae6ea78638890eebc1191a501 fs/ntfs3: Validate MFT flags before replaying logs |
| CVE-2023-1192: 2a67f26f70ab344ae6ea78638890eebc1191a501 fs/ntfs3: Validate MFT flags before replaying logs |
| CVE-2023-3090: 7c8be27727fe194b4625da442ee2b854db76b200 ipvlan:Fix out-of-bounds caused by unclear skb->cb |
| CVE-2023-3141: 162a9b321538972a260c7b178638c2368c071f77 memstick: r592: Fix UAF bug in r592_remove due to race condition |
| CVE-2023-38426: 865be1cff2c038984fe55c9deae5461a498cfdf9 ksmbd: fix global-out-of-bounds in smb2_find_context_vals |
| CVE-2023-38428: 7657321b2624197840ef2cfa4f29ccf873d7aa9b ksmbd: fix wrong UserName check in session_user |
| CVE-2023-38429: 61e043326e72b5abb02b5bc9132f2620a7faf8c5 ksmbd: allocate one more byte for implied bcc[0] |
| |
| CVEs fixed in 5.15.116: |
| CVE-2023-3212: fd8b4e28f400a067e6ef84569816967be1f0642b gfs2: Don't deref jdesc in evict |
| CVE-2023-35788: 45f47d2cf1142fbfe5d6fc39ad78f4aac058907c net/sched: flower: fix possible OOB write in fl_set_geneve_opt() |
| |
| CVEs fixed in 5.15.117: |
| CVE-2023-2124: 6cfe9ddb6aa698464fa16fb77a0233f68c13360c xfs: verify buffer contents when we skip log replay |
| CVE-2023-34255: 6cfe9ddb6aa698464fa16fb77a0233f68c13360c xfs: verify buffer contents when we skip log replay |
| |
| CVEs fixed in 5.15.118: |
| CVE-2023-3117: 44ebe988cb38e720b91826f4d7c31692061ca04a netfilter: nf_tables: incorrect error path handling with NFT_MSG_NEWRULE |
| CVE-2023-3338: 2a974abc09761c05fef697fe229d1b85a7ce3918 Remove DECnet support from kernel |
| CVE-2023-3390: 44ebe988cb38e720b91826f4d7c31692061ca04a netfilter: nf_tables: incorrect error path handling with NFT_MSG_NEWRULE |
| CVE-2023-3609: 0e1098d72fa462944c68262e1b5cca045dcb555e net/sched: cls_u32: Fix reference counter leak leading to overflow |
| |
| CVEs fixed in 5.15.119: |
| CVE-2023-3610: 314a8697d08092df6d00521450d44c352c602943 netfilter: nf_tables: fix chain binding transaction logic |
| |
| CVEs fixed in 5.15.121: |
| CVE-2022-48502: 333feb7ba84f69f9b423422417aaac54fd9e7c84 fs/ntfs3: Check fields while reading |
| CVE-2023-2898: 982c29e0d27a48d65fd0fa0d1bcee501eeb06e76 f2fs: fix to avoid NULL pointer dereference f2fs_write_end_io() |
| CVE-2023-31248: 041e2ac88caef286b39064e83e825e3f53113d36 netfilter: nf_tables: do not ignore genmask when looking up chain by id |
| CVE-2023-35001: 870dcc31c0cf47cb15a568ade4168dc644b3ccfb netfilter: nf_tables: prevent OOB access in nft_byteorder_eval |
| CVE-2023-3611: 91d3554ab1fc2804c36a815c0f79502d727a41e6 net/sched: sch_qfq: account for stab overhead in qfq_enqueue |
| CVE-2023-3776: 5b55f2d6ef403fcda93ae4eb4d8c1ba164c66e92 net/sched: cls_fw: Fix improper refcount update leads to use-after-free |
| CVE-2023-38432: 35f450f54dca1519bb24faacd0428db09f89a11f ksmbd: validate command payload size |
| CVE-2023-3863: fc8429f8d86801f092fbfbd257c3af821ac0dcd3 net: nfc: Fix use-after-free caused by nfc_llcp_find_local |
| CVE-2023-4132: 784a8027b8ac5a876d71cb3d3d4d97b2b6cb5920 media: usb: siano: Fix warning due to null work_func_t function pointer |
| |
| CVEs fixed in 5.15.122: |
| CVE-2023-20593: be824fdb827dc06f77a31122949fe1bc011e3e1e x86/cpu/amd: Add a Zenbleed fix |
| |
| CVEs fixed in 5.15.123: |
| CVE-2023-4004: 706ce3c81b5c8e262a8bcf116ea689d0710c3a13 netfilter: nft_set_pipapo: fix improper element removal |
| |
| CVEs fixed in 5.15.124: |
| CVE-2023-1206: ecb741a17cb2abf693b34d8e05a1e7e40494afb6 tcp: Reduce chance of collisions in inet6_hashfn(). |
| CVE-2023-4147: 5bee91121ccea8d69cea51632e9a1dd348ee49a1 netfilter: nf_tables: disallow rule addition to bound chain via NFTA_RULE_CHAIN_ID |
| |
| CVEs fixed in 5.15.125: |
| CVE-2022-40982: 348a89e2018428c3e55a87cdd9ae3cbd6cc8248a x86/speculation: Add Gather Data Sampling mitigation |
| CVE-2023-20569: 236dd7133394bfe30275191e3aefcc6b3b09962b x86/bugs: Increase the x86 bugs vector size to two u32s |
| |
| CVEs fixed in 5.15.126: |
| CVE-2023-20588: a74878207b02060c5feaf88b5566208ed08eb78d x86/CPU/AMD: Do not leak quotient data after a division by 0 |
| CVE-2023-40283: fbe5a2fed8156cc19eb3b956602b0a1dd46a302d Bluetooth: L2CAP: Fix use-after-free in l2cap_sock_ready_cb |
| CVE-2023-4128: 262430dfc618509246e07acd26211cb4cca79ecc net/sched: cls_u32: No longer copy tcf_result on update to avoid use-after-free |
| |
| Outstanding CVEs: |
| CVE-2005-3660: (unk) |
| CVE-2007-3719: (unk) |
| CVE-2008-2544: (unk) |
| CVE-2008-4609: (unk) |
| CVE-2010-4563: (unk) |
| CVE-2010-5321: (unk) |
| CVE-2011-4916: (unk) |
| CVE-2011-4917: (unk) |
| CVE-2012-4542: (unk) |
| CVE-2013-7445: (unk) |
| CVE-2015-2877: (unk) |
| CVE-2016-8660: (unk) |
| CVE-2017-13693: (unk) |
| CVE-2017-13694: (unk) |
| CVE-2018-1121: (unk) |
| CVE-2018-12928: (unk) |
| CVE-2018-12929: (unk) |
| CVE-2018-12930: (unk) |
| CVE-2018-12931: (unk) |
| CVE-2018-17977: (unk) |
| CVE-2019-12456: (unk) |
| CVE-2019-15239: (unk) unknown |
| CVE-2019-15290: (unk) |
| CVE-2019-15902: (unk) unknown |
| CVE-2019-16089: (unk) |
| CVE-2019-19378: (unk) |
| CVE-2019-19814: (unk) |
| CVE-2019-20794: (unk) |
| CVE-2020-0347: (unk) |
| CVE-2020-10708: (unk) |
| CVE-2020-11725: (unk) |
| CVE-2020-14304: (unk) |
| CVE-2020-15802: (unk) |
| CVE-2020-24502: (unk) |
| CVE-2020-24503: (unk) |
| CVE-2020-25220: (unk) |
| CVE-2020-26140: (unk) |
| CVE-2020-26142: (unk) |
| CVE-2020-26143: (unk) |
| CVE-2020-26556: (unk) |
| CVE-2020-26557: (unk) |
| CVE-2020-26559: (unk) |
| CVE-2020-26560: (unk) |
| CVE-2020-27418: (unk) |
| CVE-2020-35501: (unk) |
| CVE-2021-0399: (unk) |
| CVE-2021-26934: (unk) |
| CVE-2021-33061: (unk) ixgbe: add improvement for MDD response functionality |
| CVE-2021-3542: (unk) |
| CVE-2021-3714: (unk) |
| CVE-2021-3847: (unk) |
| CVE-2021-3864: (unk) |
| CVE-2021-3892: (unk) |
| CVE-2021-39800: (unk) |
| CVE-2021-39801: (unk) |
| CVE-2021-4095: (unk) KVM: x86: Fix wall clock writes in Xen shared_info not to mark page dirty |
| CVE-2021-4204: (unk) bpf: Generalize check_ctx_reg for reuse with other types |
| CVE-2022-0400: (unk) |
| CVE-2022-0998: (unk) vdpa: clean up get_config_size ret value handling |
| CVE-2022-1116: (unk) |
| CVE-2022-1247: (unk) |
| CVE-2022-2209: (unk) |
| CVE-2022-23825: (unk) |
| CVE-2022-25265: (unk) |
| CVE-2022-26878: (unk) |
| CVE-2022-2961: (unk) |
| CVE-2022-3114: (unk) clk: imx: Add check for kcalloc |
| CVE-2022-3238: (unk) |
| CVE-2022-3522: (unk) mm/hugetlb: use hugetlb_pte_stable in migration race check |
| CVE-2022-3523: (unk) mm/memory.c: fix race when faulting a device private page |
| CVE-2022-3533: (unk) |
| CVE-2022-3566: (unk) tcp: Fix data races around icsk->icsk_af_ops. |
| CVE-2022-3567: (unk) ipv6: Fix data races around sk->sk_prot. |
| CVE-2022-3595: (unk) cifs: fix double-fault crash during ntlmssp |
| CVE-2022-3606: (unk) |
| CVE-2022-3624: (unk) bonding: fix reference count leak in balance-alb mode |
| CVE-2022-3636: (unk) net: ethernet: mtk_eth_soc: use after free in __mtk_ppe_check_skb() |
| CVE-2022-36402: (unk) |
| CVE-2022-3642: (unk) |
| CVE-2022-38096: (unk) |
| CVE-2022-38457: (unk) drm/vmwgfx: Remove rcu locks from user resources |
| CVE-2022-3903: (unk) media: mceusb: Use new usb_control_msg_*() routines |
| CVE-2022-39188: (unk) mmu_gather: Force tlb-flush VM_PFNMAP vmas |
| CVE-2022-40133: (unk) drm/vmwgfx: Remove rcu locks from user resources |
| CVE-2022-41848: (unk) |
| CVE-2022-44032: (unk) |
| CVE-2022-44033: (unk) |
| CVE-2022-44034: (unk) |
| CVE-2022-4543: (unk) |
| CVE-2022-45884: (unk) |
| CVE-2022-45885: (unk) |
| CVE-2022-45886: (unk) |
| CVE-2022-45887: (unk) |
| CVE-2022-45888: (unk) char: xillybus: Prevent use-after-free due to race condition |
| CVE-2022-45919: (unk) |
| CVE-2022-47940: (unk) ksmbd: validate length in smb2_write() |
| CVE-2023-0597: (unk) x86/mm: Randomize per-cpu entry area |
| CVE-2023-1075: (unk) net/tls: tls_is_tx_ready() checked list_entry |
| CVE-2023-1193: (unk) |
| CVE-2023-1194: (unk) |
| CVE-2023-1872: (unk) io_uring: propagate issue_flags state down to file assignment |
| CVE-2023-2007: (unk) scsi: dpt_i2o: Remove obsolete driver |
| CVE-2023-20941: (unk) |
| CVE-2023-21400: (unk) |
| CVE-2023-2176: (unk) RDMA/core: Refactor rdma_bind_addr |
| CVE-2023-22995: (unk) usb: dwc3: dwc3-qcom: Add missing platform_device_put() in dwc3_qcom_acpi_register_core |
| CVE-2023-23000: (unk) phy: tegra: xusb: Fix return value of tegra_xusb_find_port_node function |
| CVE-2023-23039: (unk) |
| CVE-2023-2430: (unk) io_uring/msg_ring: fix missing lock on overflow for IOPOLL |
| CVE-2023-26242: (unk) |
| CVE-2023-31081: (unk) |
| CVE-2023-31082: (unk) |
| CVE-2023-31083: (unk) |
| CVE-2023-31084: (unk) media: dvb-core: Fix kernel WARNING for blocking operation in wait_event*() |
| CVE-2023-31085: (unk) |
| CVE-2023-32247: (unk) ksmbd: destroy expired sessions |
| CVE-2023-32250: (unk) ksmbd: fix racy issue from session setup and logoff |
| CVE-2023-32252: (unk) ksmbd: fix racy issue from session setup and logoff |
| CVE-2023-32254: (unk) ksmbd: fix racy issue under cocurrent smb2 tree disconnect |
| CVE-2023-32257: (unk) ksmbd: fix racy issue from session setup and logoff |
| CVE-2023-32258: (unk) ksmbd: fix racy issue from smb2 close and logoff with multichannel |
| CVE-2023-3389: (unk) io_uring: mutex locked poll hashing |
| CVE-2023-3397: (unk) |
| CVE-2023-3439: (unk) mctp: defer the kfree of object mdev->addrs |
| CVE-2023-35827: (unk) |
| CVE-2023-3640: (unk) |
| CVE-2023-37453: (unk) |
| CVE-2023-37454: (unk) |
| CVE-2023-3772: (unk) xfrm: add NULL check in xfrm_update_ae_params |
| CVE-2023-3773: (unk) xfrm: add forgotten nla_policy for XFRMA_MTIMER_THRESH |
| CVE-2023-38427: (unk) ksmbd: fix out-of-bound read in deassemble_neg_contexts() |
| CVE-2023-38430: (unk) ksmbd: validate smb request protocol id |
| CVE-2023-38431: (unk) ksmbd: check the validation of pdu_size in ksmbd_conn_handler_loop |
| CVE-2023-4010: (unk) |
| CVE-2023-4133: (unk) cxgb4: fix use after free bugs caused by circular dependency problem |
| CVE-2023-4134: (unk) Input: cyttsp4_core - change del_timer_sync() to timer_shutdown_sync() |
| CVE-2023-4155: (unk) KVM: SEV: only access GHCB fields once |
| CVE-2023-4273: (unk) exfat: check if filename entries exceeds max filename length |
