data/6.3/6.3_security.txt - mirrors/github.com/nluedtke/linux_kernel_cves - Git at Google


 CVEs fixed in 6.3:
   CVE-2023-2156: 4e006c7a6dac0ead4c1bf606000aa90a372fc253 net: rpl: fix rpl header size calculation
   CVE-2023-2163: 71b547f561247897a0a14f3082730156c0533fed bpf: Fix incorrect verifier pruning due to missing register precision taints
   CVE-2023-2248: 3037933448f60f9acb705997eae62013ecb81e0d net: sched: sch_qfq: prevent slab-out-of-bounds in qfq_activate_agg
   CVE-2023-31436: 3037933448f60f9acb705997eae62013ecb81e0d net: sched: sch_qfq: prevent slab-out-of-bounds in qfq_activate_agg
   CVE-2023-4133: e50b9b9e8610d47b7c22529443e45a16b1ea3a15 cxgb4: fix use after free bugs caused by circular dependency problem

 CVEs fixed in 6.3-rc1:
   CVE-2023-33951: a950b989ea29ab3b38ea7f6e3d2540700a3c54e8 drm/vmwgfx: Do not drop the reference to the handle too soon
   CVE-2023-33952: a950b989ea29ab3b38ea7f6e3d2540700a3c54e8 drm/vmwgfx: Do not drop the reference to the handle too soon

 CVEs fixed in 6.3.1:
   CVE-2023-1380: 21bee3e649d87f78fe8aef6ae02edd3d6f310fd0 wifi: brcmfmac: slab-out-of-bounds read in brcmf_get_assoc_ies()
   CVE-2023-2002: dd30f9da333748488d96b7cb3c5a17bbaf86b32d bluetooth: Perform careful capability checks in hci_sock_ioctl()

 CVEs fixed in 6.3.2:
   CVE-2023-0160: d2b8cf384c39ddb6fdb9e9034cd9b9887e09e735 bpf, sockmap: fix deadlocks in the sockhash and sockmap
   CVE-2023-2269: a554e6ec3626d4c11f55d7eef8d6aa93fb211c24 dm ioctl: fix nested locking in table_clear() to remove deadlock concern
   CVE-2023-2598: 3a0a9211d7d0138d55aecd209b05e6d4a9eec383 io_uring/rsrc: check for nonconsecutive pages
   CVE-2023-32233: f8486683ffa30456e0be4290282a44c4459a3287 netfilter: nf_tables: deactivate anonymous set from preparation phase
   CVE-2023-32247: 6775ee7ef4b37c521aa4cf3730f54554c4875542 ksmbd: destroy expired sessions
   CVE-2023-32248: 1636e09779f83e10e6ed57d91ef94abcefdd206b ksmbd: fix NULL pointer dereference in smb2_get_info_filesystem()
   CVE-2023-32250: 02f41d88f15d6b7d523e52cc3f87488f57e9265b ksmbd: fix racy issue from session setup and logoff
   CVE-2023-32252: 02f41d88f15d6b7d523e52cc3f87488f57e9265b ksmbd: fix racy issue from session setup and logoff
   CVE-2023-32254: 39366b47a59d46af15ac57beb0996268bf911f6a ksmbd: fix racy issue under cocurrent smb2 tree disconnect
   CVE-2023-32257: 02f41d88f15d6b7d523e52cc3f87488f57e9265b ksmbd: fix racy issue from session setup and logoff
   CVE-2023-32258: 920d5dd2d041484bf001c9713c2e3bcc6de79726 ksmbd: fix racy issue from smb2 close and logoff with multichannel
   CVE-2023-3268: 35ca4fb494c0c9f226fbcfa1c1688e6cc1e5062e relayfs: fix out-of-bounds access in relay_file_read
   CVE-2023-3312: d9bad836cf156ee87d577f0bd1ed01501b31a253 cpufreq: qcom-cpufreq-hw: fix double IO unmap and resource release on exit
   CVE-2023-35823: 3a60e51489a3ec61565f5bc53f726ac9ccc6083c media: saa7134: fix use after free bug in saa7134_finidev due to race condition
   CVE-2023-35824: d730bc84064364cafdb20c6ee7fda2cd7416407a media: dm1105: Fix use after free bug in dm1105_remove due to race condition
   CVE-2023-35826: 565c863bd982584aa4393f7bdb345dbccb3ad488 media: cedrus: fix use after free bug in cedrus_remove due to race condition
   CVE-2023-35828: 231598b40a070a6bf780c0df1ff5ae3e57102900 usb: gadget: udc: renesas_usb3: Fix use after free bug in renesas_usb3_remove due to race condition
   CVE-2023-35829: 2115e94838adc9d1e7b75043c9f26abcc910f6fb media: rkvdec: fix use after free bug in rkvdec_remove

 CVEs fixed in 6.3.3:
   CVE-2023-34256: be7b6374a2ee8a59c1ff5addcbe25ebc1b4efd9f ext4: avoid a potential slab-out-of-bounds in ext4_group_desc_csum

 CVEs fixed in 6.3.4:
   CVE-2022-48425: e6f4b1c32d6d6047958d7700d12fed6d91f441e7 fs/ntfs3: Validate MFT flags before replaying logs
   CVE-2023-1192: e6f4b1c32d6d6047958d7700d12fed6d91f441e7 fs/ntfs3: Validate MFT flags before replaying logs
   CVE-2023-3090: 3cd16c6a6a6b68bba02fbbc54b9906f44640ffde ipvlan:Fix out-of-bounds caused by unclear skb->cb
   CVE-2023-3141: 76fec5f01c9c70e11b85fdeb3f2707589c9238ca memstick: r592: Fix UAF bug in r592_remove due to race condition
   CVE-2023-38426: 0adcdc220fa555935bb37a273f08956616f8601a ksmbd: fix global-out-of-bounds in smb2_find_context_vals
   CVE-2023-38428: 3df195fbddfae60ca24a9bbc209402d9fccdef68 ksmbd: fix wrong UserName check in session_user
   CVE-2023-38429: 778aae5a513ea09aa5addfa352bd70a5b71dda85 ksmbd: allocate one more byte for implied bcc[0]

 CVEs fixed in 6.3.5:
   CVE-2023-21255: c9e6aae1f26758f3e87b93cff18d79dfd80f2f25 binder: fix UAF caused by faulty buffer cleanup

 CVEs fixed in 6.3.7:
   CVE-2022-45886: 8bade849b15b3ecb62893f328b2cc4cdc65ac0c6 media: dvb-core: Fix use-after-free due on race condition at dvb_net
   CVE-2022-45887: dbef7d1ffea0ccc95446c5383e0be65babedf667 media: ttusb-dec: fix memory leak in ttusb_dec_exit_dvb()
   CVE-2022-45919: 59918dd7a6d1ad098550ca6fcf154c1ae6842bc7 media: dvb-core: Fix use-after-free due to race condition at dvb_ca_en50221
   CVE-2023-2124: 69ebe82c73f4f9f4b49ed3b35ce347af20716d0a xfs: verify buffer contents when we skip log replay
   CVE-2023-21264: c3cd33abe63f0ea32c3966ae67a7efc48e86c3e0 KVM: arm64: Prevent unconditional donation of unmapped regions from the host
   CVE-2023-3212: 14c454764a37b194dc916c07488ce7339c82bc4f gfs2: Don't deref jdesc in evict
   CVE-2023-34255: 69ebe82c73f4f9f4b49ed3b35ce347af20716d0a xfs: verify buffer contents when we skip log replay
   CVE-2023-35788: 900fab73a9cd3dd6a3a69f89980f8f3c9a738d5a net/sched: flower: fix possible OOB write in fl_set_geneve_opt()

 CVEs fixed in 6.3.8:
   CVE-2023-1194: 61dfe01204daf5469f21cc639f710f9e28e929c8 ksmbd: fix out-of-bound read in parse_lease_state()
   CVE-2023-38427: 205279b96b5c40c60c6de4f9342416e02ee279f1 ksmbd: fix out-of-bound read in deassemble_neg_contexts()
   CVE-2023-38431: e9cb7be2fcbaee9e808b729e92948d38d52e5add ksmbd: check the validation of pdu_size in ksmbd_conn_handler_loop

 CVEs fixed in 6.3.9:
   CVE-2023-3117: bdace3b1a51887211d3e49417a18fdbd315a313b netfilter: nf_tables: incorrect error path handling with NFT_MSG_NEWRULE
   CVE-2023-3390: bdace3b1a51887211d3e49417a18fdbd315a313b netfilter: nf_tables: incorrect error path handling with NFT_MSG_NEWRULE
   CVE-2023-3609: 4efd555a43dc24f3342bcc036522c430f5869e6f net/sched: cls_u32: Fix reference counter leak leading to overflow
   CVE-2023-38430: 75e7d81679ef7995422adc84ef597fded99c24a6 ksmbd: validate smb request protocol id
   CVE-2024-0443: 0f6090d90f627d8c58f939067d6c6821ce1b3c68 blk-cgroup: Flush stats before releasing blkcg_gq

 CVEs fixed in 6.3.10:
   CVE-2023-3610: a1547f81341f14b1b355df04218152e8b5d4b264 netfilter: nf_tables: fix chain binding transaction logic
   CVE-2023-38432: 768caf4019f0391c0b6452afe34cea1704133f7b ksmbd: validate command payload size
   CVE-2023-3865: 58a9c41064df27632e780c5a3ae3e0e4284957d1 ksmbd: fix out-of-bound read in smb2_write
   CVE-2023-3866: d1066c1b3663401cd23c0d6e60cdae750ce00c0f ksmbd: validate session id and tree id in the compound request

 CVEs fixed in 6.3.11:
   CVE-2023-3269: bce721f87edd54379120ffb85111357923f4f326 mm: introduce new 'lock_mm_and_find_vma()' page fault helper

 CVEs fixed in 6.3.13:
   CVE-2023-33250: 1d2b603d938c898b5fd8da6e3d80184366ca6ea0 iommufd: Call iopt_area_contig_done() under the lock
   CVE-2023-3863: b3ad46e155a6d91b36c6e892019a43e3ef3c696d net: nfc: Fix use-after-free caused by nfc_llcp_find_local
   CVE-2023-39197: 26bd1f210d3783a691052c51d76bb8a8bbd24c67 netfilter: conntrack: dccp: copy entire header to stack buffer, not just basic one
   CVE-2023-4134: c261139c1df65c9c4bf00e96c91183bcfc1919ec Input: cyttsp4_core - change del_timer_sync() to timer_shutdown_sync()

 Outstanding CVEs:
   CVE-2005-3660: (unk)
   CVE-2007-3719: (unk)
   CVE-2008-2544: (unk)
   CVE-2008-4609: (unk)
   CVE-2010-4563: (unk)
   CVE-2010-5321: (unk)
   CVE-2011-4916: (unk)
   CVE-2011-4917: (unk)
   CVE-2012-4542: (unk)
   CVE-2013-7445: (unk)
   CVE-2015-2877: (unk)
   CVE-2016-8660: (unk)
   CVE-2017-13693: (unk)
   CVE-2017-13694: (unk)
   CVE-2018-1121: (unk)
   CVE-2018-12928: (unk)
   CVE-2018-12929: (unk)
   CVE-2018-12930: (unk)
   CVE-2018-12931: (unk)
   CVE-2018-17977: (unk)
   CVE-2019-12456: (unk)
   CVE-2019-15239: (unk) unknown
   CVE-2019-15290: (unk)
   CVE-2019-15902: (unk) unknown
   CVE-2019-16089: (unk)
   CVE-2019-19378: (unk)
   CVE-2019-19814: (unk)
   CVE-2019-20794: (unk)
   CVE-2020-0347: (unk)
   CVE-2020-10708: (unk)
   CVE-2020-11725: (unk)
   CVE-2020-14304: (unk)
   CVE-2020-15802: (unk)
   CVE-2020-24502: (unk)
   CVE-2020-24503: (unk)
   CVE-2020-25220: (unk)
   CVE-2020-26140: (unk)
   CVE-2020-26142: (unk)
   CVE-2020-26143: (unk)
   CVE-2020-26556: (unk)
   CVE-2020-26557: (unk)
   CVE-2020-26559: (unk)
   CVE-2020-26560: (unk)
   CVE-2020-35501: (unk)
   CVE-2021-0399: (unk)
   CVE-2021-26934: (unk)
   CVE-2021-3542: (unk)
   CVE-2021-3714: (unk)
   CVE-2021-3847: (unk)
   CVE-2021-3864: (unk)
   CVE-2021-3892: (unk)
   CVE-2021-39800: (unk)
   CVE-2021-39801: (unk)
   CVE-2022-0400: (unk)
   CVE-2022-1116: (unk)
   CVE-2022-1247: (unk)
   CVE-2022-2209: (unk)
   CVE-2022-23825: (unk)
   CVE-2022-25265: (unk)
   CVE-2022-26878: (unk)
   CVE-2022-2961: (unk)
   CVE-2022-3238: (unk)
   CVE-2022-3533: (unk)
   CVE-2022-3544: (unk)
   CVE-2022-3606: (unk)
   CVE-2022-36402: (unk)
   CVE-2022-3642: (unk)
   CVE-2022-38096: (unk)
   CVE-2022-40982: (unk) x86/speculation: Add Gather Data Sampling mitigation
   CVE-2022-41848: (unk)
   CVE-2022-44032: (unk) char: pcmcia: remove all the drivers
   CVE-2022-44033: (unk) char: pcmcia: remove all the drivers
   CVE-2022-44034: (unk) char: pcmcia: remove all the drivers
   CVE-2022-4543: (unk)
   CVE-2022-45884: (unk)
   CVE-2022-45885: (unk)
   CVE-2023-1206: (unk) tcp: Reduce chance of collisions in inet6_hashfn().
   CVE-2023-20569: (unk) x86/bugs: Increase the x86 bugs vector size to two u32s
   CVE-2023-20588: (unk) x86/CPU/AMD: Do not leak quotient data after a division by 0
   CVE-2023-20593: (unk) x86/cpu/amd: Add a Zenbleed fix
   CVE-2023-20941: (unk)
   CVE-2023-21400: (unk)
   CVE-2023-23039: (unk)
   CVE-2023-25775: (unk) RDMA/irdma: Prevent zero-length STAG registration
   CVE-2023-26242: (unk)
   CVE-2023-2640: (unk)
   CVE-2023-2898: (unk) f2fs: fix to avoid NULL pointer dereference f2fs_write_end_io()
   CVE-2023-31081: (unk)
   CVE-2023-31082: (unk)
   CVE-2023-31083: (unk) Bluetooth: hci_ldisc: check HCI_UART_PROTO_READY flag in HCIUARTGETPROTO
   CVE-2023-31084: (unk) media: dvb-core: Fix kernel WARNING for blocking operation in wait_event*()
   CVE-2023-31085: (unk) ubi: Refuse attaching if mtd's erasesize is 0
   CVE-2023-31248: (unk) netfilter: nf_tables: do not ignore genmask when looking up chain by id
   CVE-2023-32629: (unk)
   CVE-2023-3397: (unk)
   CVE-2023-34319: (unk) xen/netback: Fix buffer overrun triggered by unusual packet
   CVE-2023-34324: (unk) xen/events: replace evtchn_rwlock with RCU
   CVE-2023-35001: (unk) netfilter: nf_tables: prevent OOB access in nft_byteorder_eval
   CVE-2023-35827: (unk) ravb: Fix use-after-free issue in ravb_tx_timeout_work()
   CVE-2023-3611: (unk) net/sched: sch_qfq: account for stab overhead in qfq_enqueue
   CVE-2023-3640: (unk)
   CVE-2023-37453: (unk) USB: core: Fix race by not overwriting udev->descriptor in hub_port_init()
   CVE-2023-37454: (unk)
   CVE-2023-3772: (unk) xfrm: add NULL check in xfrm_update_ae_params
   CVE-2023-3773: (unk) xfrm: add forgotten nla_policy for XFRMA_MTIMER_THRESH
   CVE-2023-3776: (unk) net/sched: cls_fw: Fix improper refcount update leads to use-after-free
   CVE-2023-3777: (unk) netfilter: nf_tables: skip bound chain on rule flush
   CVE-2023-3867: (unk) ksmbd: add missing compound request handing in some commands
   CVE-2023-39189: (unk) netfilter: nfnetlink_osf: avoid OOB read
   CVE-2023-39192: (unk) netfilter: xt_u32: validate user space input
   CVE-2023-39193: (unk) netfilter: xt_sctp: validate the flag_info count
   CVE-2023-39194: (unk) net: xfrm: Fix xfrm_address_filter OOB read
   CVE-2023-39198: (unk) drm/qxl: fix UAF on handle creation
   CVE-2023-4004: (unk) netfilter: nft_set_pipapo: fix improper element removal
   CVE-2023-4010: (unk)
   CVE-2023-4015: (unk) netfilter: nf_tables: skip immediate deactivate in _PREPARE_ERROR
   CVE-2023-40283: (unk) Bluetooth: L2CAP: Fix use-after-free in l2cap_sock_ready_cb
   CVE-2023-40791: (unk) crypto, cifs: fix error handling in extract_iter_to_sg()
   CVE-2023-4128: (unk) net/sched: cls_u32: No longer copy tcf_result on update to avoid use-after-free
   CVE-2023-4132: (unk) media: usb: siano: Fix warning due to null work_func_t function pointer
   CVE-2023-4147: (unk) netfilter: nf_tables: disallow rule addition to bound chain via NFTA_RULE_CHAIN_ID
   CVE-2023-4155: (unk) KVM: SEV: only access GHCB fields once
   CVE-2023-4194: (unk) net: tun_chr_open(): set sk_uid from current_fsuid()
   CVE-2023-4206: (unk) net/sched: cls_route: No longer copy tcf_result on update to avoid use-after-free
   CVE-2023-4207: (unk) net/sched: cls_fw: No longer copy tcf_result on update to avoid use-after-free
   CVE-2023-4208: (unk) net/sched: cls_u32: No longer copy tcf_result on update to avoid use-after-free
   CVE-2023-4244: (unk) netfilter: nf_tables: fix GC transaction races with netns and netlink event exit path
   CVE-2023-4273: (unk) exfat: check if filename entries exceeds max filename length
   CVE-2023-42752: (unk) igmp: limit igmpv3_newpack() packet size to IP_MAX_MTU
   CVE-2023-42753: (unk) netfilter: ipset: add the missing IP_SET_HASH_WITH_NET0 macro for ip_set_hash_netportnet.c
   CVE-2023-42754: (unk) ipv4: fix null-deref in ipv4_link_failure
   CVE-2023-44466: (unk) libceph: harden msgr2.1 frame segment length checks
   CVE-2023-4563: (unk) netfilter: nf_tables: don't skip expired elements during walk
   CVE-2023-4569: (unk) netfilter: nf_tables: deactivate catchall elements in next generation
   CVE-2023-45871: (unk) igb: set max size RX buffer when store bad packet is enabled
   CVE-2023-4610: (unk) Revert "mm: vmscan: make global slab shrink lockless"
   CVE-2023-4622: (unk) unix: Convert unix_stream_sendpage() to use MSG_SPLICE_PAGES
   CVE-2023-4623: (unk) net/sched: sch_hfsc: Ensure inner classes have fsc curve
   CVE-2023-46813: (unk) x86/sev: Check for user-space IOIO pointing to kernel space
   CVE-2023-46862: (unk) io_uring/fdinfo: lock SQ thread while retrieving thread cpu/pid
   CVE-2023-47233: (unk)
   CVE-2023-4881: (unk) netfilter: nftables: exthdr: fix 4-byte stack OOB write
   CVE-2023-4921: (unk) net: sched: sch_qfq: Fix UAF in qfq_dequeue()
   CVE-2023-50431: (unk)
   CVE-2023-5090: (unk) x86: KVM: SVM: always update the x2avic msr interception
   CVE-2023-5158: (unk) vringh: don't use vringh_kiov_advance() in vringh_iov_xfer()
   CVE-2023-51779: (unk) Bluetooth: af_bluetooth: Fix Use-After-Free in bt_sock_recvmsg
   CVE-2023-51780: (unk) atm: Fix Use-After-Free in do_vcc_ioctl
   CVE-2023-51781: (unk) appletalk: Fix Use-After-Free in atalk_ioctl
   CVE-2023-51782: (unk) net/rose: Fix Use-After-Free in rose_ioctl
   CVE-2023-5197: (unk) netfilter: nf_tables: disallow rule removal from chain binding
   CVE-2023-5345: (unk) fs/smb/client: Reset password pointer to NULL
   CVE-2023-5633: (unk) drm/vmwgfx: Keep a gem reference to user bos in surfaces
   CVE-2023-5717: (unk) perf: Disallow mis-matched inherited group reads
   CVE-2023-5972: (unk) nf_tables: fix NULL pointer dereference in nft_expr_inner_parse()
   CVE-2023-6039: (unk) net: usb: lan78xx: reorder cleanup operations to avoid UAF bugs
   CVE-2023-6121: (unk) nvmet: nul-terminate the NQNs passed in the connect command
   CVE-2023-6176: (unk) net/tls: do not free tls_rec on async operation in bpf_exec_tx_verdict()
   CVE-2023-6238: (unk)
   CVE-2023-6270: (unk)
   CVE-2023-6356: (unk)
   CVE-2023-6531: (unk) io_uring/af_unix: disable sending io_uring over sockets
   CVE-2023-6535: (unk)
   CVE-2023-6536: (unk)
   CVE-2023-6546: (unk) tty: n_gsm: fix the UAF caused by race condition in gsm_cleanup_mux
   CVE-2023-6560: (unk) io_uring: don't allow discontig pages for IORING_SETUP_NO_MMAP
   CVE-2023-6606: (unk) smb: client: fix OOB in smbCalcSize()
   CVE-2023-6610: (unk) smb: client: fix potential OOB in smb2_dump_detail()
   CVE-2023-6622: (unk) netfilter: nf_tables: bail out on mismatching dynset and set expressions
   CVE-2023-6817: (unk) netfilter: nft_set_pipapo: skip inactive elements during set walk
   CVE-2023-6931: (unk) perf: Fix perf_event_validate_size()
   CVE-2023-6932: (unk) ipv4: igmp: fix refcnt uaf issue when receiving igmp query packet
   CVE-2023-7042: (unk)
   CVE-2024-0193: (unk) netfilter: nf_tables: skip set commit for deleted/destroyed sets
   CVE-2024-0340: (unk) vhost: use kzalloc() instead of kmalloc() followed by memset()

	CVEs fixed in 6.3:
	CVE-2023-2156: 4e006c7a6dac0ead4c1bf606000aa90a372fc253 net: rpl: fix rpl header size calculation
	CVE-2023-2163: 71b547f561247897a0a14f3082730156c0533fed bpf: Fix incorrect verifier pruning due to missing register precision taints
	CVE-2023-2248: 3037933448f60f9acb705997eae62013ecb81e0d net: sched: sch_qfq: prevent slab-out-of-bounds in qfq_activate_agg
	CVE-2023-31436: 3037933448f60f9acb705997eae62013ecb81e0d net: sched: sch_qfq: prevent slab-out-of-bounds in qfq_activate_agg
	CVE-2023-4133: e50b9b9e8610d47b7c22529443e45a16b1ea3a15 cxgb4: fix use after free bugs caused by circular dependency problem

	CVEs fixed in 6.3-rc1:
	CVE-2023-33951: a950b989ea29ab3b38ea7f6e3d2540700a3c54e8 drm/vmwgfx: Do not drop the reference to the handle too soon
	CVE-2023-33952: a950b989ea29ab3b38ea7f6e3d2540700a3c54e8 drm/vmwgfx: Do not drop the reference to the handle too soon

	CVEs fixed in 6.3.1:
	CVE-2023-1380: 21bee3e649d87f78fe8aef6ae02edd3d6f310fd0 wifi: brcmfmac: slab-out-of-bounds read in brcmf_get_assoc_ies()
	CVE-2023-2002: dd30f9da333748488d96b7cb3c5a17bbaf86b32d bluetooth: Perform careful capability checks in hci_sock_ioctl()

	CVEs fixed in 6.3.2:
	CVE-2023-0160: d2b8cf384c39ddb6fdb9e9034cd9b9887e09e735 bpf, sockmap: fix deadlocks in the sockhash and sockmap
	CVE-2023-2269: a554e6ec3626d4c11f55d7eef8d6aa93fb211c24 dm ioctl: fix nested locking in table_clear() to remove deadlock concern
	CVE-2023-2598: 3a0a9211d7d0138d55aecd209b05e6d4a9eec383 io_uring/rsrc: check for nonconsecutive pages
	CVE-2023-32233: f8486683ffa30456e0be4290282a44c4459a3287 netfilter: nf_tables: deactivate anonymous set from preparation phase
	CVE-2023-32247: 6775ee7ef4b37c521aa4cf3730f54554c4875542 ksmbd: destroy expired sessions
	CVE-2023-32248: 1636e09779f83e10e6ed57d91ef94abcefdd206b ksmbd: fix NULL pointer dereference in smb2_get_info_filesystem()
	CVE-2023-32250: 02f41d88f15d6b7d523e52cc3f87488f57e9265b ksmbd: fix racy issue from session setup and logoff
	CVE-2023-32252: 02f41d88f15d6b7d523e52cc3f87488f57e9265b ksmbd: fix racy issue from session setup and logoff
	CVE-2023-32254: 39366b47a59d46af15ac57beb0996268bf911f6a ksmbd: fix racy issue under cocurrent smb2 tree disconnect
	CVE-2023-32257: 02f41d88f15d6b7d523e52cc3f87488f57e9265b ksmbd: fix racy issue from session setup and logoff
	CVE-2023-32258: 920d5dd2d041484bf001c9713c2e3bcc6de79726 ksmbd: fix racy issue from smb2 close and logoff with multichannel
	CVE-2023-3268: 35ca4fb494c0c9f226fbcfa1c1688e6cc1e5062e relayfs: fix out-of-bounds access in relay_file_read
	CVE-2023-3312: d9bad836cf156ee87d577f0bd1ed01501b31a253 cpufreq: qcom-cpufreq-hw: fix double IO unmap and resource release on exit
	CVE-2023-35823: 3a60e51489a3ec61565f5bc53f726ac9ccc6083c media: saa7134: fix use after free bug in saa7134_finidev due to race condition
	CVE-2023-35824: d730bc84064364cafdb20c6ee7fda2cd7416407a media: dm1105: Fix use after free bug in dm1105_remove due to race condition
	CVE-2023-35826: 565c863bd982584aa4393f7bdb345dbccb3ad488 media: cedrus: fix use after free bug in cedrus_remove due to race condition
	CVE-2023-35828: 231598b40a070a6bf780c0df1ff5ae3e57102900 usb: gadget: udc: renesas_usb3: Fix use after free bug in renesas_usb3_remove due to race condition
	CVE-2023-35829: 2115e94838adc9d1e7b75043c9f26abcc910f6fb media: rkvdec: fix use after free bug in rkvdec_remove

	CVEs fixed in 6.3.3:
	CVE-2023-34256: be7b6374a2ee8a59c1ff5addcbe25ebc1b4efd9f ext4: avoid a potential slab-out-of-bounds in ext4_group_desc_csum

	CVEs fixed in 6.3.4:
	CVE-2022-48425: e6f4b1c32d6d6047958d7700d12fed6d91f441e7 fs/ntfs3: Validate MFT flags before replaying logs
	CVE-2023-1192: e6f4b1c32d6d6047958d7700d12fed6d91f441e7 fs/ntfs3: Validate MFT flags before replaying logs
	CVE-2023-3090: 3cd16c6a6a6b68bba02fbbc54b9906f44640ffde ipvlan:Fix out-of-bounds caused by unclear skb->cb
	CVE-2023-3141: 76fec5f01c9c70e11b85fdeb3f2707589c9238ca memstick: r592: Fix UAF bug in r592_remove due to race condition
	CVE-2023-38426: 0adcdc220fa555935bb37a273f08956616f8601a ksmbd: fix global-out-of-bounds in smb2_find_context_vals
	CVE-2023-38428: 3df195fbddfae60ca24a9bbc209402d9fccdef68 ksmbd: fix wrong UserName check in session_user
	CVE-2023-38429: 778aae5a513ea09aa5addfa352bd70a5b71dda85 ksmbd: allocate one more byte for implied bcc[0]

	CVEs fixed in 6.3.5:
	CVE-2023-21255: c9e6aae1f26758f3e87b93cff18d79dfd80f2f25 binder: fix UAF caused by faulty buffer cleanup

	CVEs fixed in 6.3.7:
	CVE-2022-45886: 8bade849b15b3ecb62893f328b2cc4cdc65ac0c6 media: dvb-core: Fix use-after-free due on race condition at dvb_net
	CVE-2022-45887: dbef7d1ffea0ccc95446c5383e0be65babedf667 media: ttusb-dec: fix memory leak in ttusb_dec_exit_dvb()
	CVE-2022-45919: 59918dd7a6d1ad098550ca6fcf154c1ae6842bc7 media: dvb-core: Fix use-after-free due to race condition at dvb_ca_en50221
	CVE-2023-2124: 69ebe82c73f4f9f4b49ed3b35ce347af20716d0a xfs: verify buffer contents when we skip log replay
	CVE-2023-21264: c3cd33abe63f0ea32c3966ae67a7efc48e86c3e0 KVM: arm64: Prevent unconditional donation of unmapped regions from the host
	CVE-2023-3212: 14c454764a37b194dc916c07488ce7339c82bc4f gfs2: Don't deref jdesc in evict
	CVE-2023-34255: 69ebe82c73f4f9f4b49ed3b35ce347af20716d0a xfs: verify buffer contents when we skip log replay
	CVE-2023-35788: 900fab73a9cd3dd6a3a69f89980f8f3c9a738d5a net/sched: flower: fix possible OOB write in fl_set_geneve_opt()

	CVEs fixed in 6.3.8:
	CVE-2023-1194: 61dfe01204daf5469f21cc639f710f9e28e929c8 ksmbd: fix out-of-bound read in parse_lease_state()
	CVE-2023-38427: 205279b96b5c40c60c6de4f9342416e02ee279f1 ksmbd: fix out-of-bound read in deassemble_neg_contexts()
	CVE-2023-38431: e9cb7be2fcbaee9e808b729e92948d38d52e5add ksmbd: check the validation of pdu_size in ksmbd_conn_handler_loop

	CVEs fixed in 6.3.9:
	CVE-2023-3117: bdace3b1a51887211d3e49417a18fdbd315a313b netfilter: nf_tables: incorrect error path handling with NFT_MSG_NEWRULE
	CVE-2023-3390: bdace3b1a51887211d3e49417a18fdbd315a313b netfilter: nf_tables: incorrect error path handling with NFT_MSG_NEWRULE
	CVE-2023-3609: 4efd555a43dc24f3342bcc036522c430f5869e6f net/sched: cls_u32: Fix reference counter leak leading to overflow
	CVE-2023-38430: 75e7d81679ef7995422adc84ef597fded99c24a6 ksmbd: validate smb request protocol id
	CVE-2024-0443: 0f6090d90f627d8c58f939067d6c6821ce1b3c68 blk-cgroup: Flush stats before releasing blkcg_gq

	CVEs fixed in 6.3.10:
	CVE-2023-3610: a1547f81341f14b1b355df04218152e8b5d4b264 netfilter: nf_tables: fix chain binding transaction logic
	CVE-2023-38432: 768caf4019f0391c0b6452afe34cea1704133f7b ksmbd: validate command payload size
	CVE-2023-3865: 58a9c41064df27632e780c5a3ae3e0e4284957d1 ksmbd: fix out-of-bound read in smb2_write
	CVE-2023-3866: d1066c1b3663401cd23c0d6e60cdae750ce00c0f ksmbd: validate session id and tree id in the compound request

	CVEs fixed in 6.3.11:
	CVE-2023-3269: bce721f87edd54379120ffb85111357923f4f326 mm: introduce new 'lock_mm_and_find_vma()' page fault helper

	CVEs fixed in 6.3.13:
	CVE-2023-33250: 1d2b603d938c898b5fd8da6e3d80184366ca6ea0 iommufd: Call iopt_area_contig_done() under the lock
	CVE-2023-3863: b3ad46e155a6d91b36c6e892019a43e3ef3c696d net: nfc: Fix use-after-free caused by nfc_llcp_find_local
	CVE-2023-39197: 26bd1f210d3783a691052c51d76bb8a8bbd24c67 netfilter: conntrack: dccp: copy entire header to stack buffer, not just basic one
	CVE-2023-4134: c261139c1df65c9c4bf00e96c91183bcfc1919ec Input: cyttsp4_core - change del_timer_sync() to timer_shutdown_sync()

	Outstanding CVEs:
	CVE-2005-3660: (unk)
	CVE-2007-3719: (unk)
	CVE-2008-2544: (unk)
	CVE-2008-4609: (unk)
	CVE-2010-4563: (unk)
	CVE-2010-5321: (unk)
	CVE-2011-4916: (unk)
	CVE-2011-4917: (unk)
	CVE-2012-4542: (unk)
	CVE-2013-7445: (unk)
	CVE-2015-2877: (unk)
	CVE-2016-8660: (unk)
	CVE-2017-13693: (unk)
	CVE-2017-13694: (unk)
	CVE-2018-1121: (unk)
	CVE-2018-12928: (unk)
	CVE-2018-12929: (unk)
	CVE-2018-12930: (unk)
	CVE-2018-12931: (unk)
	CVE-2018-17977: (unk)
	CVE-2019-12456: (unk)
	CVE-2019-15239: (unk) unknown
	CVE-2019-15290: (unk)
	CVE-2019-15902: (unk) unknown
	CVE-2019-16089: (unk)
	CVE-2019-19378: (unk)
	CVE-2019-19814: (unk)
	CVE-2019-20794: (unk)
	CVE-2020-0347: (unk)
	CVE-2020-10708: (unk)
	CVE-2020-11725: (unk)
	CVE-2020-14304: (unk)
	CVE-2020-15802: (unk)
	CVE-2020-24502: (unk)
	CVE-2020-24503: (unk)
	CVE-2020-25220: (unk)
	CVE-2020-26140: (unk)
	CVE-2020-26142: (unk)
	CVE-2020-26143: (unk)
	CVE-2020-26556: (unk)
	CVE-2020-26557: (unk)
	CVE-2020-26559: (unk)
	CVE-2020-26560: (unk)
	CVE-2020-35501: (unk)
	CVE-2021-0399: (unk)
	CVE-2021-26934: (unk)
	CVE-2021-3542: (unk)
	CVE-2021-3714: (unk)
	CVE-2021-3847: (unk)
	CVE-2021-3864: (unk)
	CVE-2021-3892: (unk)
	CVE-2021-39800: (unk)
	CVE-2021-39801: (unk)
	CVE-2022-0400: (unk)
	CVE-2022-1116: (unk)
	CVE-2022-1247: (unk)
	CVE-2022-2209: (unk)
	CVE-2022-23825: (unk)
	CVE-2022-25265: (unk)
	CVE-2022-26878: (unk)
	CVE-2022-2961: (unk)
	CVE-2022-3238: (unk)
	CVE-2022-3533: (unk)
	CVE-2022-3544: (unk)
	CVE-2022-3606: (unk)
	CVE-2022-36402: (unk)
	CVE-2022-3642: (unk)
	CVE-2022-38096: (unk)
	CVE-2022-40982: (unk) x86/speculation: Add Gather Data Sampling mitigation
	CVE-2022-41848: (unk)
	CVE-2022-44032: (unk) char: pcmcia: remove all the drivers
	CVE-2022-44033: (unk) char: pcmcia: remove all the drivers
	CVE-2022-44034: (unk) char: pcmcia: remove all the drivers
	CVE-2022-4543: (unk)
	CVE-2022-45884: (unk)
	CVE-2022-45885: (unk)
	CVE-2023-1206: (unk) tcp: Reduce chance of collisions in inet6_hashfn().
	CVE-2023-20569: (unk) x86/bugs: Increase the x86 bugs vector size to two u32s
	CVE-2023-20588: (unk) x86/CPU/AMD: Do not leak quotient data after a division by 0
	CVE-2023-20593: (unk) x86/cpu/amd: Add a Zenbleed fix
	CVE-2023-20941: (unk)
	CVE-2023-21400: (unk)
	CVE-2023-23039: (unk)
	CVE-2023-25775: (unk) RDMA/irdma: Prevent zero-length STAG registration
	CVE-2023-26242: (unk)
	CVE-2023-2640: (unk)
	CVE-2023-2898: (unk) f2fs: fix to avoid NULL pointer dereference f2fs_write_end_io()
	CVE-2023-31081: (unk)
	CVE-2023-31082: (unk)
	CVE-2023-31083: (unk) Bluetooth: hci_ldisc: check HCI_UART_PROTO_READY flag in HCIUARTGETPROTO
	CVE-2023-31084: (unk) media: dvb-core: Fix kernel WARNING for blocking operation in wait_event*()
	CVE-2023-31085: (unk) ubi: Refuse attaching if mtd's erasesize is 0
	CVE-2023-31248: (unk) netfilter: nf_tables: do not ignore genmask when looking up chain by id
	CVE-2023-32629: (unk)
	CVE-2023-3397: (unk)
	CVE-2023-34319: (unk) xen/netback: Fix buffer overrun triggered by unusual packet
	CVE-2023-34324: (unk) xen/events: replace evtchn_rwlock with RCU
	CVE-2023-35001: (unk) netfilter: nf_tables: prevent OOB access in nft_byteorder_eval
	CVE-2023-35827: (unk) ravb: Fix use-after-free issue in ravb_tx_timeout_work()
	CVE-2023-3611: (unk) net/sched: sch_qfq: account for stab overhead in qfq_enqueue
	CVE-2023-3640: (unk)
	CVE-2023-37453: (unk) USB: core: Fix race by not overwriting udev->descriptor in hub_port_init()
	CVE-2023-37454: (unk)
	CVE-2023-3772: (unk) xfrm: add NULL check in xfrm_update_ae_params
	CVE-2023-3773: (unk) xfrm: add forgotten nla_policy for XFRMA_MTIMER_THRESH
	CVE-2023-3776: (unk) net/sched: cls_fw: Fix improper refcount update leads to use-after-free
	CVE-2023-3777: (unk) netfilter: nf_tables: skip bound chain on rule flush
	CVE-2023-3867: (unk) ksmbd: add missing compound request handing in some commands
	CVE-2023-39189: (unk) netfilter: nfnetlink_osf: avoid OOB read
	CVE-2023-39192: (unk) netfilter: xt_u32: validate user space input
	CVE-2023-39193: (unk) netfilter: xt_sctp: validate the flag_info count
	CVE-2023-39194: (unk) net: xfrm: Fix xfrm_address_filter OOB read
	CVE-2023-39198: (unk) drm/qxl: fix UAF on handle creation
	CVE-2023-4004: (unk) netfilter: nft_set_pipapo: fix improper element removal
	CVE-2023-4010: (unk)
	CVE-2023-4015: (unk) netfilter: nf_tables: skip immediate deactivate in _PREPARE_ERROR
	CVE-2023-40283: (unk) Bluetooth: L2CAP: Fix use-after-free in l2cap_sock_ready_cb
	CVE-2023-40791: (unk) crypto, cifs: fix error handling in extract_iter_to_sg()
	CVE-2023-4128: (unk) net/sched: cls_u32: No longer copy tcf_result on update to avoid use-after-free
	CVE-2023-4132: (unk) media: usb: siano: Fix warning due to null work_func_t function pointer
	CVE-2023-4147: (unk) netfilter: nf_tables: disallow rule addition to bound chain via NFTA_RULE_CHAIN_ID
	CVE-2023-4155: (unk) KVM: SEV: only access GHCB fields once
	CVE-2023-4194: (unk) net: tun_chr_open(): set sk_uid from current_fsuid()
	CVE-2023-4206: (unk) net/sched: cls_route: No longer copy tcf_result on update to avoid use-after-free
	CVE-2023-4207: (unk) net/sched: cls_fw: No longer copy tcf_result on update to avoid use-after-free
	CVE-2023-4208: (unk) net/sched: cls_u32: No longer copy tcf_result on update to avoid use-after-free
	CVE-2023-4244: (unk) netfilter: nf_tables: fix GC transaction races with netns and netlink event exit path
	CVE-2023-4273: (unk) exfat: check if filename entries exceeds max filename length
	CVE-2023-42752: (unk) igmp: limit igmpv3_newpack() packet size to IP_MAX_MTU
	CVE-2023-42753: (unk) netfilter: ipset: add the missing IP_SET_HASH_WITH_NET0 macro for ip_set_hash_netportnet.c
	CVE-2023-42754: (unk) ipv4: fix null-deref in ipv4_link_failure
	CVE-2023-44466: (unk) libceph: harden msgr2.1 frame segment length checks
	CVE-2023-4563: (unk) netfilter: nf_tables: don't skip expired elements during walk
	CVE-2023-4569: (unk) netfilter: nf_tables: deactivate catchall elements in next generation
	CVE-2023-45871: (unk) igb: set max size RX buffer when store bad packet is enabled
	CVE-2023-4610: (unk) Revert "mm: vmscan: make global slab shrink lockless"
	CVE-2023-4622: (unk) unix: Convert unix_stream_sendpage() to use MSG_SPLICE_PAGES
	CVE-2023-4623: (unk) net/sched: sch_hfsc: Ensure inner classes have fsc curve
	CVE-2023-46813: (unk) x86/sev: Check for user-space IOIO pointing to kernel space
	CVE-2023-46862: (unk) io_uring/fdinfo: lock SQ thread while retrieving thread cpu/pid
	CVE-2023-47233: (unk)
	CVE-2023-4881: (unk) netfilter: nftables: exthdr: fix 4-byte stack OOB write
	CVE-2023-4921: (unk) net: sched: sch_qfq: Fix UAF in qfq_dequeue()
	CVE-2023-50431: (unk)
	CVE-2023-5090: (unk) x86: KVM: SVM: always update the x2avic msr interception
	CVE-2023-5158: (unk) vringh: don't use vringh_kiov_advance() in vringh_iov_xfer()
	CVE-2023-51779: (unk) Bluetooth: af_bluetooth: Fix Use-After-Free in bt_sock_recvmsg
	CVE-2023-51780: (unk) atm: Fix Use-After-Free in do_vcc_ioctl
	CVE-2023-51781: (unk) appletalk: Fix Use-After-Free in atalk_ioctl
	CVE-2023-51782: (unk) net/rose: Fix Use-After-Free in rose_ioctl
	CVE-2023-5197: (unk) netfilter: nf_tables: disallow rule removal from chain binding
	CVE-2023-5345: (unk) fs/smb/client: Reset password pointer to NULL
	CVE-2023-5633: (unk) drm/vmwgfx: Keep a gem reference to user bos in surfaces
	CVE-2023-5717: (unk) perf: Disallow mis-matched inherited group reads
	CVE-2023-5972: (unk) nf_tables: fix NULL pointer dereference in nft_expr_inner_parse()
	CVE-2023-6039: (unk) net: usb: lan78xx: reorder cleanup operations to avoid UAF bugs
	CVE-2023-6121: (unk) nvmet: nul-terminate the NQNs passed in the connect command
	CVE-2023-6176: (unk) net/tls: do not free tls_rec on async operation in bpf_exec_tx_verdict()
	CVE-2023-6238: (unk)
	CVE-2023-6270: (unk)
	CVE-2023-6356: (unk)
	CVE-2023-6531: (unk) io_uring/af_unix: disable sending io_uring over sockets
	CVE-2023-6535: (unk)
	CVE-2023-6536: (unk)
	CVE-2023-6546: (unk) tty: n_gsm: fix the UAF caused by race condition in gsm_cleanup_mux
	CVE-2023-6560: (unk) io_uring: don't allow discontig pages for IORING_SETUP_NO_MMAP
	CVE-2023-6606: (unk) smb: client: fix OOB in smbCalcSize()
	CVE-2023-6610: (unk) smb: client: fix potential OOB in smb2_dump_detail()
	CVE-2023-6622: (unk) netfilter: nf_tables: bail out on mismatching dynset and set expressions
	CVE-2023-6817: (unk) netfilter: nft_set_pipapo: skip inactive elements during set walk
	CVE-2023-6931: (unk) perf: Fix perf_event_validate_size()
	CVE-2023-6932: (unk) ipv4: igmp: fix refcnt uaf issue when receiving igmp query packet
	CVE-2023-7042: (unk)
	CVE-2024-0193: (unk) netfilter: nf_tables: skip set commit for deleted/destroyed sets
	CVE-2024-0340: (unk) vhost: use kzalloc() instead of kmalloc() followed by memset()