| |
| CVEs fixed in 5.7: |
| CVE-2020-10732: 1d605416fb7175e1adf094251466caa52093b413 fs/binfmt_elf.c: allocate initialized memory in fill_thread_core_info() |
| |
| CVEs fixed in 5.7.1: |
| CVE-2019-19462: 8c20f4355ab55fc07facacb1cd99bdb6fc5ebc1d kernel/relay.c: handle alloc_percpu returning NULL in relay_open |
| CVE-2020-10757: e98a6a24baae41cc3632a0bf343fe844eff53cea mm: Fix mremap not considering huge pmd devmap |
| |
| CVEs fixed in 5.7.2: |
| CVE-2020-0543: 468e86c304bd2e32307b438b67d61c0075a9beb9 x86/cpu: Add 'table' argument to cpu_matches() |
| CVE-2020-13974: 7ca8cd811dcc6550be059813caf4f2cf888a7616 vt: keyboard: avoid signed integer overflow in k_ascii |
| |
| CVEs fixed in 5.7.3: |
| CVE-2020-10766: 18f82da06ec6653646fd2670765aac24275f4833 x86/speculation: Prevent rogue cross-process SSBD shutdown |
| CVE-2020-10767: 862442343c016befe654c1f3f8d9d5791071df4c x86/speculation: Avoid force-disabling IBPB based on STIBP and enhanced IBRS. |
| CVE-2020-10768: 69e93896809da49f0946044bd31daf9a7482b440 x86/speculation: PR_SPEC_FORCE_DISABLE enforcement for indirect branches. |
| CVE-2020-29374: 8e45fdafdecc8436c5b6e1620c30726056e6b29c gup: document and work around "COW can break either way" issue |
| CVE-2021-0342: ab5e1d8d91872d6d80119a560255ff549985cff9 tun: correct header offsets in napi frags mode |
| |
| CVEs fixed in 5.7.5: |
| CVE-2020-29368: 114b91ff0861de531e412aebe8c4dfda21291c7b mm: thp: make the THP mapcount atomic against __split_huge_pmd_locked() |
| |
| CVEs fixed in 5.7.6: |
| CVE-2020-12771: 4813dd656732207ad9df7738652bbbbde4c7c928 bcache: fix potential deadlock problem in btree_gc_coalesce |
| CVE-2020-15436: 4f8d723f871edb95a05d43ad88faf406c66393db block: Fix use-after-free in blkdev_get() |
| |
| CVEs fixed in 5.7.7: |
| CVE-2020-15780: 63897052acc5a97e6cd0ffecda0a8d05aab6f85b ACPI: configfs: Disallow loading ACPI tables when locked down |
| |
| CVEs fixed in 5.7.8: |
| CVE-2020-15393: 4c424f6d0af716110dd7d78e89afce4d99f16815 usb: usbtest: fix missing kfree(dev->buf) in usbtest_disconnect |
| CVE-2020-24394: fb17be570b470fd56ccb2db7c1b0beb4d0d590d7 nfsd: apply umask on fs without ACL support |
| |
| CVEs fixed in 5.7.10: |
| CVE-2020-10781: 8fd782b2376168717dddfbcae0786b47e61777bb Revert "zram: convert remaining CLASS_ATTR() to CLASS_ATTR_RO()" |
| CVE-2020-14356: 26d0bcfcf7150bc7c115f2d3f2f1459e64029b98 cgroup: fix cgroup_sk_alloc() for sk_clone_lock() |
| CVE-2020-15852: 3bbf8195e79707268f4fd072d7575ced0207e4ef x86/ioperm: Fix io bitmap invalidation on Xen PV |
| CVE-2022-0812: fe3b01c6588829a4a5d89e4b6d4254087aa40f20 xprtrdma: fix incorrect header size calculations |
| |
| CVEs fixed in 5.7.11: |
| CVE-2020-15437: eb710a1ac0b2c5d46917563b78ebef429b0e8738 serial: 8250: fix null-ptr-deref in serial8250_start_tx() |
| CVE-2020-29369: b6afd2a9f2839a60a6cd6a0cac740019f90c35eb mm/mmap.c: close race between munmap() and expand_upwards()/downwards() |
| |
| CVEs fixed in 5.7.13: |
| CVE-2020-12656: ec25aabaffe687774165ae491cc797d7d8a79454 sunrpc: check that domain table is empty at module unload. |
| CVE-2020-24490: 15a9441c207a546ae7cadfe092aea5ae9751c967 Bluetooth: fix kernel oops in store_pending_adv_report |
| |
| CVEs fixed in 5.7.14: |
| CVE-2020-16166: 378a4d2215334fa4d3c5888a008f8896066bc231 random32: update the net random state on interrupt and activity |
| |
| CVEs fixed in 5.7.15: |
| CVE-2020-14331: b2f1d746c96a16ae97099b9f454d01a9b730c26a vgacon: Fix for missing check in scrollback handling |
| CVE-2020-36386: 886a27c346901b6b5a3d5b12ca50ca821817185d Bluetooth: Fix slab-out-of-bounds read in hci_extended_inquiry_result_evt() |
| |
| CVEs fixed in 5.7.16: |
| CVE-2019-19770: 4470c2949a07883cda4de6899ce8507b0fc6aa5d blktrace: fix debugfs use after free |
| CVE-2020-26088: f8093f0d1ababcb1a1ea859e1638a14fa5627e42 net/nfc/rawsock.c: add CAP_NET_RAW check. |
| CVE-2020-36387: f93bc10c64afceb019ccdc7b5424ecedbd613f64 io_uring: hold 'ctx' reference around task_work queue + execute |
| CVE-2021-20292: 7387ad86fe8ef830e88a586b021b322eef316211 drm/ttm/nouveau: don't call tt destroy callback on alloc failure. |
| |
| CVEs fixed in 5.7.17: |
| CVE-2019-19448: 7726619a51873ac0ac73d31f7852e0eb01a0833b btrfs: only search for left_info if there is no right_info in try_merge_free_space |
| CVE-2020-25212: 4476b8282f0bdbf21c8a1e5d783ee11a0edfcaf2 nfs: Fix getxattr kernel panic and memory overflow |
| |
| CVEs fixed in 5.7.18: |
| CVE-2020-0466: 7d6b91e878c590f471db7ed0ddb1952f40146cec do_epoll_ctl(): clean the failure exits up a bit |
| CVE-2020-14314: e50fe43e3062e18846e99d9646b9c07b097eb1ed ext4: fix potential negative array index in do_split() |
| CVE-2020-29371: ec5713663214ae0cc9821c0a40b6c6022fcaa4d8 romfs: fix uninitialized memory leak in romfs_dev_read() |
| |
| Outstanding CVEs: |
| CVE-2005-3660: (unk) |
| CVE-2007-3719: (unk) |
| CVE-2008-2544: (unk) |
| CVE-2008-4609: (unk) |
| CVE-2010-4563: (unk) |
| CVE-2010-5321: (unk) |
| CVE-2011-4916: (unk) |
| CVE-2011-4917: (unk) |
| CVE-2012-4542: (unk) |
| CVE-2013-7445: (unk) |
| CVE-2015-2877: (unk) |
| CVE-2016-8660: (unk) |
| CVE-2017-13693: (unk) |
| CVE-2017-13694: (unk) |
| CVE-2018-1121: (unk) |
| CVE-2018-12928: (unk) |
| CVE-2018-12929: (unk) |
| CVE-2018-12930: (unk) |
| CVE-2018-12931: (unk) |
| CVE-2018-17977: (unk) |
| CVE-2019-12456: (unk) |
| CVE-2019-15239: (unk) unknown |
| CVE-2019-15290: (unk) |
| CVE-2019-15794: (unk) ovl: fix reference counting in ovl_mmap error path |
| CVE-2019-15902: (unk) unknown |
| CVE-2019-16089: (unk) |
| CVE-2019-19378: (unk) |
| CVE-2019-19449: (unk) f2fs: fix to do sanity check on segment/section count |
| CVE-2019-19814: (unk) |
| CVE-2019-20794: (unk) |
| CVE-2020-0347: (unk) |
| CVE-2020-0423: (unk) binder: fix UAF when releasing todo list |
| CVE-2020-0465: (unk) HID: core: Sanitize event code and type when mapping input |
| CVE-2020-10135: (unk) Bluetooth: Consolidate encryption handling in hci_encrypt_cfm |
| CVE-2020-10708: (unk) |
| CVE-2020-11725: (unk) |
| CVE-2020-12351: (unk) Bluetooth: L2CAP: Fix calling sk_filter on non-socket based channel |
| CVE-2020-12352: (unk) Bluetooth: A2MP: Fix not initializing all members |
| CVE-2020-12362: (unk) drm/i915/guc: Update to use firmware v49.0.1 |
| CVE-2020-12363: (unk) drm/i915/guc: Update to use firmware v49.0.1 |
| CVE-2020-12364: (unk) drm/i915/guc: Update to use firmware v49.0.1 |
| CVE-2020-12888: (unk) vfio-pci: Invalidate mmaps and block MMIO access on disabled memory |
| CVE-2020-14304: (unk) |
| CVE-2020-14351: (unk) perf/core: Fix race in the perf_mmap_close() function |
| CVE-2020-14385: (unk) xfs: fix boundary test in xfs_attr_shortform_verify |
| CVE-2020-14386: (unk) net/packet: fix overflow in tpacket_rcv |
| CVE-2020-14390: (unk) fbcon: remove soft scrollback code |
| CVE-2020-15802: (unk) |
| CVE-2020-16119: (unk) dccp: don't duplicate ccid when cloning dccp sock |
| CVE-2020-16120: (unk) ovl: switch to mounter creds in readdir |
| CVE-2020-24502: (unk) |
| CVE-2020-24503: (unk) |
| CVE-2020-24504: (unk) ice: create scheduler aggregator node config and move VSIs |
| CVE-2020-24586: (unk) mac80211: prevent mixed key and fragment cache attacks |
| CVE-2020-24587: (unk) mac80211: prevent mixed key and fragment cache attacks |
| CVE-2020-24588: (unk) cfg80211: mitigate A-MSDU aggregation attacks |
| CVE-2020-25211: (unk) netfilter: ctnetlink: add a range check for l3/l4 protonum |
| CVE-2020-25221: (unk) mm: fix pin vs. gup mismatch with gate pages |
| CVE-2020-25284: (unk) rbd: require global CAP_SYS_ADMIN for mapping and unmapping |
| CVE-2020-25285: (unk) mm/hugetlb: fix a race between hugetlb sysctl handlers |
| CVE-2020-25639: (unk) drm/nouveau: bail out of nouveau_channel_new if channel init fails |
| CVE-2020-25641: (unk) block: allow for_each_bvec to support zero len bvec |
| CVE-2020-25643: (unk) hdlc_ppp: add range checks in ppp_cp_parse_cr() |
| CVE-2020-25645: (unk) geneve: add transport ports in route lookup for geneve |
| CVE-2020-25656: (unk) vt: keyboard, extend func_buf_lock to readers |
| CVE-2020-25668: (unk) tty: make FONTX ioctl use the tty pointer they were actually passed |
| CVE-2020-25669: (unk) Input: sunkbd - avoid use-after-free in teardown paths |
| CVE-2020-25670: (unk) nfc: fix refcount leak in llcp_sock_bind() |
| CVE-2020-25671: (unk) nfc: fix refcount leak in llcp_sock_connect() |
| CVE-2020-25672: (unk) nfc: fix memory leak in llcp_sock_connect() |
| CVE-2020-25673: (unk) nfc: Avoid endless loops caused by repeated llcp_sock_connect() |
| CVE-2020-25704: (unk) perf/core: Fix a memory leak in perf_event_parse_addr_filter() |
| CVE-2020-25705: (unk) icmp: randomize the global rate limiter |
| CVE-2020-26139: (unk) mac80211: do not accept/forward invalid EAPOL frames |
| CVE-2020-26140: (unk) |
| CVE-2020-26141: (unk) ath10k: Fix TKIP Michael MIC verification for PCIe |
| CVE-2020-26142: (unk) |
| CVE-2020-26143: (unk) |
| CVE-2020-26145: (unk) ath10k: drop fragments with multicast DA for PCIe |
| CVE-2020-26147: (unk) mac80211: assure all fragments are encrypted |
| CVE-2020-26541: (unk) certs: Add EFI_CERT_X509_GUID support for dbx entries |
| CVE-2020-26555: (unk) Bluetooth: SMP: Fail if remote and local public keys are identical |
| CVE-2020-26556: (unk) |
| CVE-2020-26557: (unk) |
| CVE-2020-26558: (unk) Bluetooth: SMP: Fail if remote and local public keys are identical |
| CVE-2020-26559: (unk) |
| CVE-2020-26560: (unk) |
| CVE-2020-27152: (unk) KVM: ioapic: break infinite recursion on lazy EOI |
| CVE-2020-27194: (unk) bpf: Fix scalar32_min_max_or bounds tracking |
| CVE-2020-27673: (unk) xen/events: add a proper barrier to 2-level uevent unmasking |
| CVE-2020-27675: (unk) xen/events: avoid removing an event channel while handling it |
| CVE-2020-27777: (unk) powerpc/rtas: Restrict RTAS requests from userspace |
| CVE-2020-27784: (unk) usb: gadget: function: printer: fix use-after-free in __lock_acquire |
| CVE-2020-27815: (unk) jfs: Fix array index bounds check in dbAdjTree |
| CVE-2020-27820: (unk) drm/nouveau: use drm_dev_unplug() during device removal |
| CVE-2020-27825: (unk) tracing: Fix race in trace_open and buffer resize call |
| CVE-2020-27830: (unk) speakup: Reject setting the speakup line discipline outside of speakup |
| CVE-2020-27835: (unk) IB/hfi1: Ensure correct mm is used at all times |
| CVE-2020-28097: (unk) vgacon: remove software scrollback support |
| CVE-2020-28374: (unk) scsi: target: Fix XCOPY NAA identifier lookup |
| CVE-2020-28588: (unk) lib/syscall: fix syscall registers retrieval on 32-bit platforms |
| CVE-2020-28915: (unk) fbcon: Fix global-out-of-bounds read in fbcon_get_font() |
| CVE-2020-28941: (unk) speakup: Do not let the line discipline be used several times |
| CVE-2020-28974: (unk) vt: Disable KD_FONT_OP_COPY |
| CVE-2020-29534: (unk) io_uring: don't rely on weak ->files references |
| CVE-2020-29568: (unk) xen/xenbus: Allow watches discard events before queueing |
| CVE-2020-29569: (unk) xen-blkback: set ring->xenblkd to NULL after kthread_stop() |
| CVE-2020-29660: (unk) tty: Fix ->session locking |
| CVE-2020-29661: (unk) tty: Fix ->pgrp locking in tiocspgrp() |
| CVE-2020-35501: (unk) |
| CVE-2020-35508: (unk) fork: fix copy_process(CLONE_PARENT) race with the exiting ->real_parent |
| CVE-2020-35519: (unk) net/x25: prevent a couple of overflows |
| CVE-2020-36158: (unk) mwifiex: Fix possible buffer overflows in mwifiex_cmd_802_11_ad_hoc_start |
| CVE-2020-36310: (unk) KVM: SVM: avoid infinite loop on NPF from bad address |
| CVE-2020-36311: (unk) KVM: SVM: Periodically schedule when unregistering regions on destroy |
| CVE-2020-36312: (unk) KVM: fix memory leak in kvm_io_bus_unregister_dev() |
| CVE-2020-36322: (unk) fuse: fix bad inode |
| CVE-2020-36385: (unk) RDMA/ucma: Rework ucma_migrate_id() to avoid races with destroy |
| CVE-2020-36516: (unk) |
| CVE-2020-3702: (unk) ath: Use safer key clearing with key cache entries |
| CVE-2020-4788: (unk) powerpc/64s: flush L1D on kernel entry |
| CVE-2020-8694: (unk) powercap: restrict energy meter to root access |
| CVE-2021-0129: (unk) Bluetooth: SMP: Fail if remote and local public keys are identical |
| CVE-2021-0399: (unk) |
| CVE-2021-0448: (unk) netfilter: ctnetlink: add a range check for l3/l4 protonum |
| CVE-2021-0512: (unk) HID: make arrays usage and value to be the same |
| CVE-2021-0605: (unk) af_key: pfkey_dump needs parameter validation |
| CVE-2021-0695: (unk) |
| CVE-2021-0920: (unk) af_unix: fix garbage collect vs MSG_PEEK |
| CVE-2021-0937: (unk) netfilter: x_tables: fix compat match/target pad out-of-bound write |
| CVE-2021-0938: (unk) compiler.h: fix barrier_data() on clang |
| CVE-2021-0941: (unk) bpf: Remove MTU check in __bpf_skb_max_len |
| CVE-2021-1048: (unk) fix regression in "epoll: Keep a reference on files added to the check list" |
| CVE-2021-20194: (unk) io_uring: don't rely on weak ->files references |
| CVE-2021-20226: (unk) io_uring: don't rely on weak ->files references |
| CVE-2021-20239: (unk) net: pass a sockptr_t into ->setsockopt |
| CVE-2021-20268: (unk) bpf: Fix signed_{sub,add32}_overflows type handling |
| CVE-2021-20320: (unk) s390/bpf: Fix optimizing out zero-extensions |
| CVE-2021-20321: (unk) ovl: fix missing negative dentry check in ovl_rename() |
| CVE-2021-20322: (unk) ipv6: make exception cache less predictible |
| CVE-2021-21781: (unk) ARM: ensure the signal page contains defined contents |
| CVE-2021-22543: (unk) KVM: do not allow mapping valid but non-reference-counted pages |
| CVE-2021-22555: (unk) netfilter: x_tables: fix compat match/target pad out-of-bound write |
| CVE-2021-22600: (unk) net/packet: rx_owner_map depends on pg_vec |
| CVE-2021-23133: (unk) net/sctp: fix race condition in sctp_destroy_sock |
| CVE-2021-26401: (unk) x86/speculation: Use generic retpoline by default on AMD |
| CVE-2021-26708: (unk) vsock: fix the race conditions in multi-transport support |
| CVE-2021-26930: (unk) xen-blkback: fix error handling in xen_blkbk_map() |
| CVE-2021-26931: (unk) xen-blkback: don't "handle" error by BUG() |
| CVE-2021-26932: (unk) Xen/x86: don't bail early from clear_foreign_p2m_mapping() |
| CVE-2021-26934: (unk) |
| CVE-2021-27363: (unk) scsi: iscsi: Restrict sessions and handles to admin capabilities |
| CVE-2021-27364: (unk) scsi: iscsi: Restrict sessions and handles to admin capabilities |
| CVE-2021-27365: (unk) scsi: iscsi: Ensure sysfs attributes are limited to PAGE_SIZE |
| CVE-2021-28038: (unk) Xen/gnttab: handle p2m update errors on a per-slot basis |
| CVE-2021-28375: (unk) misc: fastrpc: restrict user apps from sending kernel RPC messages |
| CVE-2021-28660: (unk) staging: rtl8188eu: prevent ->ssid overflow in rtw_wx_set_scan() |
| CVE-2021-28688: (unk) xen-blkback: don't leak persistent grants from xen_blkbk_map() |
| CVE-2021-28691: (unk) xen-netback: take a reference to the RX task thread |
| CVE-2021-28711: (unk) xen/blkfront: harden blkfront against event channel storms |
| CVE-2021-28712: (unk) xen/netfront: harden netfront against event channel storms |
| CVE-2021-28713: (unk) xen/console: harden hvc_xen against event channel storms |
| CVE-2021-28714: (unk) xen/netback: fix rx queue stall detection |
| CVE-2021-28715: (unk) xen/netback: don't queue unlimited number of packages |
| CVE-2021-28951: (unk) io_uring: ensure that SQPOLL thread is started for exit |
| CVE-2021-28952: (unk) ASoC: qcom: sdm845: Fix array out of bounds access |
| CVE-2021-28964: (unk) btrfs: fix race when cloning extent buffer during rewind of an old root |
| CVE-2021-28971: (unk) perf/x86/intel: Fix a crash caused by zero PEBS status |
| CVE-2021-28972: (unk) PCI: rpadlpar: Fix potential drc_name corruption in store functions |
| CVE-2021-29154: (unk) bpf, x86: Validate computation of branch displacements for x86-64 |
| CVE-2021-29155: (unk) bpf: Use correct permission flag for mixed signed bounds arithmetic |
| CVE-2021-29264: (unk) gianfar: fix jumbo packets+napi+rx overrun crash |
| CVE-2021-29265: (unk) usbip: fix stub_dev usbip_sockfd_store() races leading to gpf |
| CVE-2021-29646: (unk) tipc: better validate user input in tipc_nl_retrieve_key() |
| CVE-2021-29647: (unk) net: qrtr: fix a kernel-infoleak in qrtr_recvmsg() |
| CVE-2021-29650: (unk) netfilter: x_tables: Use correct memory barriers. |
| CVE-2021-30002: (unk) media: v4l: ioctl: Fix memory leak in video_usercopy |
| CVE-2021-31440: (unk) bpf: Fix propagation of 32 bit unsigned bounds from 64 bit bounds |
| CVE-2021-3178: (unk) nfsd4: readdirplus shouldn't return parent of export |
| CVE-2021-31829: (unk) bpf: Fix masking negation logic upon negative dst register |
| CVE-2021-31916: (unk) dm ioctl: fix out of bounds array access when no devices |
| CVE-2021-32078: (unk) ARM: footbridge: remove personal server platform |
| CVE-2021-32399: (unk) bluetooth: eliminate the potential race condition when removing the HCI controller |
| CVE-2021-33033: (unk) cipso,calipso: resolve a number of problems with the DOI refcounts |
| CVE-2021-33034: (unk) Bluetooth: verify AMP hci_chan before amp_destroy |
| CVE-2021-33061: (unk) ixgbe: add improvement for MDD response functionality |
| CVE-2021-33098: (unk) ixgbe: fix large MTU request from VF |
| CVE-2021-3347: (unk) futex: Ensure the correct return value from futex_lock_pi() |
| CVE-2021-3348: (unk) nbd: freeze the queue while we're adding connections |
| CVE-2021-33624: (unk) bpf: Inherit expanded/patched seen count from old aux data |
| CVE-2021-33655: (unk) fbcon: Disallow setting font bigger than screen size |
| CVE-2021-33656: (unk) vt: drop old FONT ioctls |
| CVE-2021-33909: (unk) seq_file: disallow extremely large seq buffer allocations |
| CVE-2021-3411: (unk) x86/kprobes: Fix optprobe to detect INT3 padding correctly |
| CVE-2021-3428: (unk) ext4: handle error of ext4_setup_system_zone() on remount |
| CVE-2021-3444: (unk) bpf: Fix truncation handling for mod32 dst reg wrt zero |
| CVE-2021-34556: (unk) bpf: Introduce BPF nospec instruction for mitigating Spectre v4 |
| CVE-2021-34693: (unk) can: bcm: fix infoleak in struct bcm_msg_head |
| CVE-2021-3483: (unk) firewire: nosy: Fix a use-after-free bug in nosy_ioctl() |
| CVE-2021-3490: (unk) bpf: Fix alu32 const subreg bound tracking on bitwise operations |
| CVE-2021-3491: (unk) io_uring: truncate lengths larger than MAX_RW_COUNT on provide buffers |
| CVE-2021-34981: (unk) Bluetooth: cmtp: fix file refcount when cmtp_attach_device fails |
| CVE-2021-35039: (unk) module: limit enabling module.sig_enforce |
| CVE-2021-3506: (unk) f2fs: fix to avoid out-of-bounds memory access |
| CVE-2021-3542: (unk) |
| CVE-2021-35477: (unk) bpf: Introduce BPF nospec instruction for mitigating Spectre v4 |
| CVE-2021-3564: (unk) Bluetooth: fix the erroneous flush_work() order |
| CVE-2021-3573: (unk) Bluetooth: use correct lock to prevent UAF of hdev object |
| CVE-2021-3587: (unk) nfc: fix NULL ptr dereference in llcp_sock_getname() after failed connect |
| CVE-2021-3600: (unk) bpf: Fix 32 bit src register truncation on div/mod |
| CVE-2021-3609: (unk) can: bcm: delay release of struct bcm_op after synchronize_rcu() |
| CVE-2021-3612: (unk) Input: joydev - prevent potential read overflow in ioctl |
| CVE-2021-3640: (unk) Bluetooth: sco: Fix lock_sock() blockage by memcpy_from_msg() |
| CVE-2021-3653: (unk) KVM: nSVM: avoid picking up unsupported bits from L2 in int_ctl (CVE-2021-3653) |
| CVE-2021-3655: (unk) sctp: validate from_addr_param return |
| CVE-2021-3656: (unk) KVM: nSVM: always intercept VMLOAD/VMSAVE when nested (CVE-2021-3656) |
| CVE-2021-3659: (unk) net: mac802154: Fix general protection fault |
| CVE-2021-3669: (unk) ipc: replace costly bailout check in sysvipc_find_ipc() |
| CVE-2021-3679: (unk) tracing: Fix bug in rb_per_cpu_empty() that might cause deadloop. |
| CVE-2021-3714: (unk) |
| CVE-2021-37159: (unk) usb: hso: fix error handling code of hso_create_net_device |
| CVE-2021-3732: (unk) ovl: prevent private clone if bind mount is not allowed |
| CVE-2021-3739: (unk) btrfs: fix NULL pointer dereference when deleting device by invalid id |
| CVE-2021-3743: (unk) net: qrtr: fix OOB Read in qrtr_endpoint_post |
| CVE-2021-3744: (unk) crypto: ccp - fix resource leaks in ccp_run_aes_gcm_cmd() |
| CVE-2021-3752: (unk) Bluetooth: fix use-after-free error in lock_sock_nested() |
| CVE-2021-3753: (unk) vt_kdsetmode: extend console locking |
| CVE-2021-37576: (unk) KVM: PPC: Book3S: Fix H_RTAS rets buffer overflow |
| CVE-2021-3759: (unk) memcg: enable accounting of ipc resources |
| CVE-2021-3760: (unk) nfc: nci: fix the UAF of rf_conn_info object |
| CVE-2021-3764: (unk) crypto: ccp - fix resource leaks in ccp_run_aes_gcm_cmd() |
| CVE-2021-3772: (unk) sctp: use init_tag from inithdr for ABORT chunk |
| CVE-2021-38160: (unk) virtio_console: Assure used length from device is limited |
| CVE-2021-38166: (unk) bpf: Fix integer overflow involving bucket_size |
| CVE-2021-38198: (unk) KVM: X86: MMU: Use the correct inherited permissions to get shadow page |
| CVE-2021-38199: (unk) NFSv4: Initialise connection to the server in nfs4_alloc_client() |
| CVE-2021-38204: (unk) usb: max-3421: Prevent corruption of freed memory |
| CVE-2021-38205: (unk) net: xilinx_emaclite: Do not print real IOMEM pointer |
| CVE-2021-38207: (unk) net: ll_temac: Fix TX BD buffer overwrite |
| CVE-2021-38208: (unk) nfc: fix NULL ptr dereference in llcp_sock_getname() after failed connect |
| CVE-2021-38209: (unk) netfilter: conntrack: Make global sysctls readonly in non-init netns |
| CVE-2021-38300: (unk) bpf, mips: Validate conditional branch offsets |
| CVE-2021-3847: (unk) |
| CVE-2021-3864: (unk) |
| CVE-2021-3892: (unk) |
| CVE-2021-3894: (unk) sctp: account stream padding length for reconf chunk |
| CVE-2021-3896: (unk) isdn: cpai: check ctr->cnr to avoid array index out of bound |
| CVE-2021-39633: (unk) ip_gre: add validation for csum_start |
| CVE-2021-39634: (unk) epoll: do not insert into poll queues until all sanity checks are done |
| CVE-2021-39648: (unk) usb: gadget: configfs: Fix use-after-free issue with udc_name |
| CVE-2021-39656: (unk) configfs: fix a use-after-free in __configfs_open_file |
| CVE-2021-39657: (unk) scsi: ufs: Correct the LUN used in eh_device_reset_handler() callback |
| CVE-2021-39685: (unk) USB: gadget: detect too-big endpoint 0 requests |
| CVE-2021-39686: (unk) binder: use euid from cred instead of using task |
| CVE-2021-39698: (unk) wait: add wake_up_pollfree() |
| CVE-2021-39800: (unk) |
| CVE-2021-39801: (unk) |
| CVE-2021-39802: (unk) |
| CVE-2021-4001: (unk) bpf: Fix toctou on read-only map's constant scalar tracking |
| CVE-2021-4002: (unk) hugetlbfs: flush TLBs correctly after huge_pmd_unshare |
| CVE-2021-4023: (unk) io-wq: fix cancellation on create-worker failure |
| CVE-2021-4037: (unk) xfs: fix up non-directory creation in SGID directories |
| CVE-2021-40490: (unk) ext4: fix race writing to an inline_data file while its xattrs are changing |
| CVE-2021-4083: (unk) fget: check that the fd still exists after getting a ref to it |
| CVE-2021-4135: (unk) netdevsim: Zero-initialize memory for new map's value in function nsim_bpf_map_alloc |
| CVE-2021-4148: (unk) mm: khugepaged: skip huge page collapse for special files |
| CVE-2021-4149: (unk) btrfs: unlock newly allocated extent buffer after error |
| CVE-2021-4150: (unk) block: fix incorrect references to disk objects |
| CVE-2021-4154: (unk) cgroup: verify that source is a string |
| CVE-2021-4155: (unk) xfs: map unwritten blocks in XFS_IOC_{ALLOC,FREE}SP just like fallocate |
| CVE-2021-4157: (unk) pNFS/flexfiles: fix incorrect size check in decode_nfs_fh() |
| CVE-2021-41864: (unk) bpf: Fix integer overflow in prealloc_elems_and_freelist() |
| CVE-2021-4197: (unk) cgroup: Use open-time credentials for process migraton perm checks |
| CVE-2021-42008: (unk) net: 6pack: fix slab-out-of-bounds in decode_data |
| CVE-2021-4202: (unk) NFC: reorganize the functions in nci_request |
| CVE-2021-4203: (unk) af_unix: fix races in sk_peer_pid and sk_peer_cred accesses |
| CVE-2021-4218: (unk) sysctl: pass kernel pointers to ->proc_handler |
| CVE-2021-42252: (unk) soc: aspeed: lpc-ctrl: Fix boundary check for mmap |
| CVE-2021-42739: (unk) media: firewire: firedtv-avc: fix a buffer overflow in avc_ca_pmt() |
| CVE-2021-43056: (unk) KVM: PPC: Book3S HV: Make idle_kvm_start_guest() return 0 if it went to guest |
| CVE-2021-43389: (unk) isdn: cpai: check ctr->cnr to avoid array index out of bound |
| CVE-2021-43975: (unk) atlantic: Fix OOB read and write in hw_atl_utils_fw_rpc_wait |
| CVE-2021-43976: (unk) mwifiex: Fix skb_over_panic in mwifiex_usb_recv() |
| CVE-2021-44733: (unk) tee: handle lookup of shm with reference count 0 |
| CVE-2021-44879: (unk) f2fs: fix to do sanity check on inode type during garbage collection |
| CVE-2021-45095: (unk) phonet: refcount leak in pep_sock_accep |
| CVE-2021-45402: (unk) bpf: Fix signed bounds propagation after mov32 |
| CVE-2021-45469: (unk) f2fs: fix to do sanity check on last xattr entry in __f2fs_setxattr() |
| CVE-2021-45485: (unk) ipv6: use prandom_u32() for ID generation |
| CVE-2021-45486: (unk) inet: use bigger hash table for IP ID generation |
| CVE-2021-45868: (unk) quota: check block number when reading the block in quota file |
| CVE-2021-46283: (unk) netfilter: nf_tables: initialize set before expression setup |
| CVE-2022-0001: (unk) x86/speculation: Rename RETPOLINE_AMD to RETPOLINE_LFENCE |
| CVE-2022-0002: (unk) x86/speculation: Rename RETPOLINE_AMD to RETPOLINE_LFENCE |
| CVE-2022-0168: (unk) cifs: fix NULL ptr dereference in smb2_ioctl_query_info() |
| CVE-2022-0185: (unk) vfs: fs_context: fix up param length parsing in legacy_parse_param |
| CVE-2022-0322: (unk) sctp: account stream padding length for reconf chunk |
| CVE-2022-0330: (unk) drm/i915: Flush TLBs before releasing backing store |
| CVE-2022-0382: (unk) net ticp:fix a kernel-infoleak in __tipc_sendmsg() |
| CVE-2022-0400: (unk) |
| CVE-2022-0435: (unk) tipc: improve size validations for received domain records |
| CVE-2022-0480: (unk) memcg: enable accounting for file lock caches |
| CVE-2022-0487: (unk) moxart: fix potential use-after-free on remove path |
| CVE-2022-0492: (unk) cgroup-v1: Require capabilities to set release_agent |
| CVE-2022-0494: (unk) block-map: add __GFP_ZERO flag for alloc_page in function bio_copy_kern |
| CVE-2022-0516: (unk) KVM: s390: Return error on SIDA memop on normal guest |
| CVE-2022-0617: (unk) udf: Fix NULL ptr deref when converting from inline format |
| CVE-2022-0644: (unk) vfs: check fd has read access in kernel_read_file_from_fd() |
| CVE-2022-0850: (unk) ext4: fix kernel infoleak via ext4_extent_header |
| CVE-2022-0998: (unk) vdpa: clean up get_config_size ret value handling |
| CVE-2022-1011: (unk) fuse: fix pipe buffer lifetime for direct_io |
| CVE-2022-1012: (unk) secure_seq: use the 64 bits of the siphash for port offset calculation |
| CVE-2022-1016: (unk) netfilter: nf_tables: initialize registers in nft_do_chain() |
| CVE-2022-1048: (unk) ALSA: pcm: Fix races among concurrent hw_params and hw_free calls |
| CVE-2022-1055: (unk) net: sched: fix use-after-free in tc_new_tfilter() |
| CVE-2022-1116: (unk) |
| CVE-2022-1158: (unk) KVM: x86/mmu: do compare-and-exchange of gPTE via the user address |
| CVE-2022-1184: (unk) ext4: verify dir block before splitting it |
| CVE-2022-1195: (unk) hamradio: improve the incomplete fix to avoid NPD |
| CVE-2022-1198: (unk) drivers: hamradio: 6pack: fix UAF bug caused by mod_timer() |
| CVE-2022-1199: (unk) ax25: Fix NULL pointer dereference in ax25_kill_by_device |
| CVE-2022-1204: (unk) ax25: Fix refcount leaks caused by ax25_cb_del() |
| CVE-2022-1247: (unk) |
| CVE-2022-1263: (unk) KVM: avoid NULL pointer dereference in kvm_dirty_ring_push |
| CVE-2022-1280: (unk) drm: avoid circular locks in drm_mode_getconnector |
| CVE-2022-1353: (unk) af_key: add __GFP_ZERO flag for compose_sadb_supported in function pfkey_register |
| CVE-2022-1462: (unk) tty: use new tty_insert_flip_string_and_push_buffer() in pty_write() |
| CVE-2022-1508: (unk) io_uring: reexpand under-reexpanded iters |
| CVE-2022-1516: (unk) net/x25: Fix null-ptr-deref caused by x25_disconnect |
| CVE-2022-1652: (unk) floppy: use a statically allocated error counter |
| CVE-2022-1679: (unk) ath9k: fix use-after-free in ath9k_hif_usb_rx_cb |
| CVE-2022-1729: (unk) perf: Fix sys_perf_event_open() race against self |
| CVE-2022-1734: (unk) nfc: nfcmrvl: main: reorder destructive operations in nfcmrvl_nci_unregister_dev to avoid bugs |
| CVE-2022-1786: (unk) io_uring: remove io_identity |
| CVE-2022-1789: (unk) KVM: x86/mmu: fix NULL pointer dereference on guest INVPCID |
| CVE-2022-1836: (unk) floppy: disable FDRAWCMD by default |
| CVE-2022-1966: (unk) netfilter: nf_tables: disallow non-stateful expression in sets earlier |
| CVE-2022-1972: (unk) netfilter: nf_tables: sanitize nft_set_desc_concat_parse() |
| CVE-2022-1974: (unk) nfc: replace improper check device_is_registered() in netlink related functions |
| CVE-2022-1975: (unk) NFC: netlink: fix sleep in atomic bug when firmware download timeout |
| CVE-2022-20008: (unk) mmc: block: fix read single on recovery logic |
| CVE-2022-20132: (unk) HID: add hid_is_usb() function to make it simpler for USB detection |
| CVE-2022-20141: (unk) igmp: Add ip_mc_list lock in ip_check_mc_rcu |
| CVE-2022-20148: (unk) f2fs: fix UAF in f2fs_available_free_memory |
| CVE-2022-20154: (unk) sctp: use call_rcu to free endpoint |
| CVE-2022-20158: (unk) net/packet: fix slab-out-of-bounds access in packet_recvmsg() |
| CVE-2022-20166: (unk) drivers core: Use sysfs_emit and sysfs_emit_at for show(device *...) functions |
| CVE-2022-20368: (unk) net/packet: fix slab-out-of-bounds access in packet_recvmsg() |
| CVE-2022-20369: (unk) media: v4l2-mem2mem: Apply DST_QUEUE_OFF_BASE on MMAP buffers across ioctls |
| CVE-2022-20421: (unk) binder: fix UAF of ref->proc caused by race condition |
| CVE-2022-20422: (unk) arm64: fix oops in concurrently setting insn_emulation sysctls |
| CVE-2022-20424: (unk) io_uring: remove io_identity |
| CVE-2022-2078: (unk) netfilter: nf_tables: sanitize nft_set_desc_concat_parse() |
| CVE-2022-21123: (unk) x86/speculation/mmio: Add mitigation for Processor MMIO Stale Data |
| CVE-2022-21125: (unk) x86/speculation/mmio: Reuse SRBDS mitigation for SBDS |
| CVE-2022-21166: (unk) x86/speculation/mmio: Enable CPU Fill buffer clearing on idle |
| CVE-2022-21499: (unk) lockdown: also lock down previous kgdb use |
| CVE-2022-21505: (unk) lockdown: Fix kexec lockdown bypass with ima policy |
| CVE-2022-2153: (unk) KVM: x86: Avoid theoretical NULL pointer dereference in kvm_irq_delivery_to_apic_fast() |
| CVE-2022-2209: (unk) |
| CVE-2022-22942: (unk) drm/vmwgfx: Fix stale file descriptors on failed usercopy |
| CVE-2022-23036: (unk) xen/grant-table: add gnttab_try_end_foreign_access() |
| CVE-2022-23037: (unk) xen/netfront: don't use gnttab_query_foreign_access() for mapped status |
| CVE-2022-23038: (unk) xen/grant-table: add gnttab_try_end_foreign_access() |
| CVE-2022-23039: (unk) xen/gntalloc: don't use gnttab_query_foreign_access() |
| CVE-2022-23040: (unk) xen/xenbus: don't let xenbus_grant_ring() remove grants in error case |
| CVE-2022-23041: (unk) xen/9p: use alloc/free_pages_exact() |
| CVE-2022-23042: (unk) xen/netfront: react properly to failing gnttab_end_foreign_access_ref() |
| CVE-2022-2318: (unk) net: rose: fix UAF bugs caused by timer handler |
| CVE-2022-23222: (unk) bpf: Replace PTR_TO_XXX_OR_NULL with PTR_TO_XXX | PTR_MAYBE_NULL |
| CVE-2022-2327: (unk) io_uring: remove any grabbing of context |
| CVE-2022-2380: (unk) video: fbdev: sm712fb: Fix crash in smtcfb_read() |
| CVE-2022-23816: (unk) x86/kvm/vmx: Make noinstr clean |
| CVE-2022-23825: (unk) |
| CVE-2022-23960: (unk) ARM: report Spectre v2 status through sysfs |
| CVE-2022-24448: (unk) NFSv4: Handle case where the lookup of a directory fails |
| CVE-2022-24958: (unk) usb: gadget: don't release an existing dev->buf |
| CVE-2022-24959: (unk) yam: fix a memory leak in yam_siocdevprivate() |
| CVE-2022-2503: (unk) dm verity: set DM_TARGET_IMMUTABLE feature flag |
| CVE-2022-25258: (unk) USB: gadget: validate interface OS descriptor requests |
| CVE-2022-25265: (unk) |
| CVE-2022-25375: (unk) usb: gadget: rndis: check size of RNDIS_MSG_SET command |
| CVE-2022-25636: (unk) netfilter: nf_tables_offload: incorrect flow offload action array size |
| CVE-2022-2585: (unk) posix-cpu-timers: Cleanup CPU timers before freeing them during exec |
| CVE-2022-2586: (unk) netfilter: nf_tables: do not allow SET_ID to refer to another table |
| CVE-2022-2588: (unk) net_sched: cls_route: remove from list when handle is 0 |
| CVE-2022-2602: (unk) io_uring/af_unix: defer registered files gc to io_uring release |
| CVE-2022-26365: (unk) xen/blkfront: fix leaking data in shared pages |
| CVE-2022-26373: (unk) x86/speculation: Add RSB VM Exit protections |
| CVE-2022-2639: (unk) openvswitch: fix OOB access in reserve_sfa_size() |
| CVE-2022-26490: (unk) nfc: st21nfca: Fix potential buffer overflows in EVT_TRANSACTION |
| CVE-2022-2663: (unk) netfilter: nf_conntrack_irc: Fix forged IP logic |
| CVE-2022-26966: (unk) sr9700: sanity check for packet length |
| CVE-2022-27223: (unk) USB: gadget: validate endpoint index for xilinx udc |
| CVE-2022-27666: (unk) esp: Fix possible buffer overflow in ESP transformation |
| CVE-2022-28356: (unk) llc: fix netdevice reference leaks in llc_ui_bind() |
| CVE-2022-28388: (unk) can: usb_8dev: usb_8dev_start_xmit(): fix double dev_kfree_skb() in error path |
| CVE-2022-28389: (unk) can: mcba_usb: mcba_usb_start_xmit(): fix double dev_kfree_skb in error path |
| CVE-2022-28390: (unk) can: ems_usb: ems_usb_start_xmit(): fix double dev_kfree_skb() in error path |
| CVE-2022-28893: (unk) SUNRPC: Ensure we flush any closed sockets before xs_xprt_free() |
| CVE-2022-2905: (unk) bpf: Don't use tnum_range on array range checking for poke descriptors |
| CVE-2022-2938: (unk) psi: Fix uaf issue when psi trigger is destroyed while being polled |
| CVE-2022-29581: (unk) net/sched: cls_u32: fix netns refcount changes in u32_change() |
| CVE-2022-29582: (unk) io_uring: fix race between timeout flush and removal |
| CVE-2022-2961: (unk) |
| CVE-2022-2964: (unk) net: usb: ax88179_178a: Fix out-of-bounds accesses in RX fixup |
| CVE-2022-2977: (unk) tpm: fix reference counting for struct tpm_chip |
| CVE-2022-2978: (unk) |
| CVE-2022-29900: (unk) x86/kvm/vmx: Make noinstr clean |
| CVE-2022-29901: (unk) x86/kvm/vmx: Make noinstr clean |
| CVE-2022-2991: (unk) remove the lightnvm subsystem |
| CVE-2022-3028: (unk) af_key: Do not call xfrm_probe_algs in parallel |
| CVE-2022-30594: (unk) ptrace: Check PTRACE_O_SUSPEND_SECCOMP permission on PTRACE_SEIZE |
| CVE-2022-3061: (unk) video: fbdev: i740fb: Error out if 'pixclock' equals zero |
| CVE-2022-3169: (unk) |
| CVE-2022-3176: (unk) io_uring: fix UAF due to missing POLLFREE handling |
| CVE-2022-3202: (unk) jfs: prevent NULL deref in diFree |
| CVE-2022-32250: (unk) netfilter: nf_tables: disallow non-stateful expression in sets earlier |
| CVE-2022-32296: (unk) tcp: increase source port perturb table to 2^16 |
| CVE-2022-3238: (unk) |
| CVE-2022-3239: (unk) media: em28xx: initialize refcount before kref_get |
| CVE-2022-32981: (unk) powerpc/32: Fix overread/overwrite of thread_struct via ptrace |
| CVE-2022-3303: (unk) ALSA: pcm: oss: Fix race at SNDCTL_DSP_SYNC |
| CVE-2022-3344: (unk) |
| CVE-2022-33740: (unk) xen/netfront: fix leaking data in shared pages |
| CVE-2022-33741: (unk) xen/netfront: force data bouncing when backend is untrusted |
| CVE-2022-33742: (unk) xen/blkfront: force data bouncing when backend is untrusted |
| CVE-2022-33744: (unk) xen/arm: Fix race in RB-tree based P2M accounting |
| CVE-2022-33981: (unk) floppy: disable FDRAWCMD by default |
| CVE-2022-3424: (unk) |
| CVE-2022-3435: (unk) |
| CVE-2022-34918: (unk) netfilter: nf_tables: stricter validation of element data |
| CVE-2022-3521: (unk) kcm: avoid potential race in kcm_tx_work |
| CVE-2022-3522: (unk) mm/hugetlb: use hugetlb_pte_stable in migration race check |
| CVE-2022-3523: (unk) mm/memory.c: fix race when faulting a device private page |
| CVE-2022-3524: (unk) tcp/udp: Fix memory leak in ipv6_renew_options(). |
| CVE-2022-3526: (unk) macvlan: Fix leaking skb in source mode with nodst option |
| CVE-2022-3531: (unk) |
| CVE-2022-3532: (unk) |
| CVE-2022-3535: (unk) net: mvpp2: fix mvpp2 debugfs leak |
| CVE-2022-3541: (unk) eth: sp7021: fix use after free bug in spl2sw_nvmem_get_mac_address |
| CVE-2022-3542: (unk) bnx2x: fix potential memory leak in bnx2x_tpa_stop() |
| CVE-2022-3543: (unk) af_unix: Fix memory leaks of the whole sk due to OOB skb. |
| CVE-2022-3544: (unk) |
| CVE-2022-3545: (unk) nfp: fix use-after-free in area_cache_get() |
| CVE-2022-3564: (unk) |
| CVE-2022-3565: (unk) mISDN: fix use-after-free bugs in l1oip timer handlers |
| CVE-2022-3566: (unk) tcp: Fix data races around icsk->icsk_af_ops. |
| CVE-2022-3567: (unk) ipv6: Fix data races around sk->sk_prot. |
| CVE-2022-3577: (unk) HID: bigben: fix slab-out-of-bounds Write in bigben_probe |
| CVE-2022-3586: (unk) sch_sfb: Don't assume the skb is still around after enqueueing to child |
| CVE-2022-3594: (unk) r8152: Rate limit overflow messages |
| CVE-2022-3595: (unk) cifs: fix double-fault crash during ntlmssp |
| CVE-2022-36123: (unk) x86: Clear .brk area at early boot |
| CVE-2022-3619: (unk) |
| CVE-2022-3621: (unk) nilfs2: fix NULL pointer dereference at nilfs_bmap_lookup_at_level() |
| CVE-2022-3623: (unk) mm/hugetlb: fix races when looking up a CONT-PTE/PMD size hugetlb page |
| CVE-2022-3624: (unk) bonding: fix reference count leak in balance-alb mode |
| CVE-2022-3625: (unk) devlink: Fix use-after-free after a failed reload |
| CVE-2022-36280: (unk) |
| CVE-2022-3629: (unk) vsock: Fix memory leak in vsock_connect() |
| CVE-2022-3630: (unk) fscache: don't leak cookie access refs if invalidation is in progress or failed |
| CVE-2022-3633: (unk) can: j1939: j1939_session_destroy(): fix memory leak of skbs |
| CVE-2022-3635: (unk) atm: idt77252: fix use-after-free bugs caused by tst_timer |
| CVE-2022-3636: (unk) net: ethernet: mtk_eth_soc: use after free in __mtk_ppe_check_skb() |
| CVE-2022-3640: (unk) |
| CVE-2022-36402: (unk) |
| CVE-2022-3642: (unk) |
| CVE-2022-3646: (unk) nilfs2: fix leak of nilfs_root in case of writer thread creation failure |
| CVE-2022-3649: (unk) nilfs2: fix use-after-free bug of struct nilfs_root |
| CVE-2022-36879: (unk) xfrm: xfrm_policy: fix a possible double xfrm_pols_put() in xfrm_bundle_lookup() |
| CVE-2022-36946: (unk) netfilter: nf_queue: do not allow packet truncation below transport header offset |
| CVE-2022-38096: (unk) |
| CVE-2022-38457: (unk) |
| CVE-2022-39188: (unk) mmu_gather: Force tlb-flush VM_PFNMAP vmas |
| CVE-2022-39189: (unk) KVM: x86: do not report a vCPU as preempted outside instruction boundaries |
| CVE-2022-39842: (unk) video: fbdev: pxa3xx-gcu: Fix integer overflow in pxa3xx_gcu_write |
| CVE-2022-40133: (unk) |
| CVE-2022-40307: (unk) efi: capsule-loader: Fix use-after-free in efi_capsule_write |
| CVE-2022-40768: (unk) scsi: stex: Properly zero out the passthrough command structure |
| CVE-2022-41218: (unk) |
| CVE-2022-41222: (unk) mm/mremap: hold the rmap lock in write mode when moving page table entries. |
| CVE-2022-41674: (unk) wifi: cfg80211: fix u8 overflow in cfg80211_update_notlisted_nontrans() |
| CVE-2022-41848: (unk) |
| CVE-2022-41849: (unk) |
| CVE-2022-41850: (unk) |
| CVE-2022-42703: (unk) mm/rmap: Fix anon_vma->degree ambiguity leading to double-reuse |
| CVE-2022-42719: (unk) wifi: mac80211: fix MBSSID parsing use-after-free |
| CVE-2022-42720: (unk) wifi: cfg80211: fix BSS refcounting bugs |
| CVE-2022-42721: (unk) wifi: cfg80211: avoid nontransmitted BSS list corruption |