Google Git
Sign in
cos / mirrors / github.com / nluedtke / linux_kernel_cves / f57d3d346e464c80434308ec825417e6b097b6ea / . / data / 5.11 / 5.11_security.txt
blob: cac648e541d975f5c479f8f5880c1856fef19463 [file] [log] [blame]
CVEs fixed in 5.11:
CVE-2021-3600: e88b2c6e5a4d9ce30d75391e4d950da74bb2bd90 bpf: Fix 32 bit src register truncation on div/mod
CVEs fixed in 5.11.1:
CVE-2021-26930: 1ef2744ab96362188ec61b5f9243161bab462126 xen-blkback: fix error handling in xen_blkbk_map()
CVE-2021-26931: ea26c8d0f31a7fd14c3e150474b5befb9757555e xen-blkback: don't "handle" error by BUG()
CVE-2021-26932: 76b0be126b8a7448892d851a3c0a304d91c9ee58 Xen/x86: don't bail early from clear_foreign_p2m_mapping()
CVEs fixed in 5.11.2:
CVE-2021-0512: 018cbb2b4472f741eef20b790b13900146ccf224 HID: make arrays usage and value to be the same
CVE-2021-3444: 55c262ea5d0f754648cd25aa73de081adaab07d9 bpf: Fix truncation handling for mod32 dst reg wrt zero
CVEs fixed in 5.11.3:
CVE-2020-25639: 22be6292f9334b2b6d8e39942c4d65e02859156c drm/nouveau: bail out of nouveau_channel_new if channel init fails
CVE-2021-30002: f2523d1008b1f5ab5aed3cf1f0c435a1cb719150 media: v4l: ioctl: Fix memory leak in video_usercopy
CVE-2021-3612: c026ddcfd67948c7184a7effdfd62344f0d26644 Input: joydev - prevent potential read overflow in ioctl
CVEs fixed in 5.11.4:
CVE-2021-27363: 3ada197fece73a5cab673427b960546b09bbef31 scsi: iscsi: Restrict sessions and handles to admin capabilities
CVE-2021-27364: 3ada197fece73a5cab673427b960546b09bbef31 scsi: iscsi: Restrict sessions and handles to admin capabilities
CVE-2021-27365: 99cfc479b678d3e8e86013d17a082308a215fa0e scsi: iscsi: Ensure sysfs attributes are limited to PAGE_SIZE
CVE-2021-28038: 267c4911c9114e6e30be52546bf62a624a814da4 Xen/gnttab: handle p2m update errors on a per-slot basis
CVE-2021-28039: 1b357dd6f062ed343f0300c04a0531f35f338ab2 xen: fix p2m size in dom0 for disabled memory hotplug case
CVEs fixed in 5.11.7:
CVE-2021-28375: 2754ab0efc08a9ab6f50d4ad592967db37dd38cc misc: fastrpc: restrict user apps from sending kernel RPC messages
CVE-2021-28660: 1cdd069f7080acf6370250853c1211890f4ff38f staging: rtl8188eu: prevent ->ssid overflow in rtw_wx_set_scan()
CVE-2021-29265: f11d195b505d47d0442c59981efa41c47d0a8c9c usbip: fix stub_dev usbip_sockfd_store() races leading to gpf
CVE-2021-33033: 00d566df2cceb8591913b3ea3b43d2918915f7e3 cipso,calipso: resolve a number of problems with the DOI refcounts
CVE-2021-39656: 92204ad2df5460d8b43fb15b0c3111079e938455 configfs: fix a use-after-free in __configfs_open_file
CVEs fixed in 5.11.8:
CVE-2020-27170: 6bf7609666f6b2a9169c39c79a47ef8d6082afae bpf: Prohibit alu ops for pointer types not defining ptr_limit
CVE-2020-27171: c4f3aa4343deccf5b8e1bfcc7c36224aaf3a8b26 bpf: Fix off-by-one for area size in creating mask to left
CVE-2021-28950: 5676df54d7d44f497b8dbf7bff04f2f1b165da93 fuse: fix live lock in fuse_iget()
CVEs fixed in 5.11.9:
CVE-2021-28951: 5db13876d06d7bd23ed59ff81f41259fa6ed58ae io_uring: ensure that SQPOLL thread is started for exit
CVE-2021-28952: bfbae16b23dfbc74fd25c11e7364b8a8137e5b15 ASoC: qcom: sdm845: Fix array out of bounds access
CVE-2021-28964: f8505933e76d021eab704c434cfd9cdd337b66c6 btrfs: fix race when cloning extent buffer during rewind of an old root
CVE-2021-28971: 948aa695eaf6524d4890319c1bfe84a42b7edb95 perf/x86/intel: Fix a crash caused by zero PEBS status
CVE-2021-28972: a2afad32503aac2ef64a26bcc6de394efda3122e PCI: rpadlpar: Fix potential drc_name corruption in store functions
CVE-2021-29266: 873c8f1654f5da2c70f8616850e019c30f471ff7 vhost-vdpa: fix use-after-free of v->config_ctx
CVEs fixed in 5.11.11:
CVE-2021-28688: 632b046bb6120afe1df1bfa06943bee338dd97db xen-blkback: don't leak persistent grants from xen_blkbk_map()
CVE-2021-29264: 5b54b18449d8f7302bc2e16d52121f6f87a81c3c gianfar: fix jumbo packets+napi+rx overrun crash
CVE-2021-29646: ea9f7fa30ba71c2550bd556de30eabed6f1b0c6e tipc: better validate user input in tipc_nl_retrieve_key()
CVE-2021-29647: 59050436a732e9d8e95544962dfe346489004240 net: qrtr: fix a kernel-infoleak in qrtr_recvmsg()
CVE-2021-29648: a9b2ab5db842da37e0f8d830d2a57688d77e3556 bpf: Dont allow vmlinux BTF to be used in map_create and prog_load.
CVE-2021-29649: 5f8cad9fb1f36beacbdaaeb9f3d6e36d8e04100d bpf: Fix umd memory leak in copy_process()
CVE-2021-29650: 4c2d548cefe0d5defa2750f128712c00912a975a netfilter: x_tables: Use correct memory barriers.
CVE-2021-31916: 45dc10644f03455f472efc366df4024eb62d38df dm ioctl: fix out of bounds array access when no devices
CVEs fixed in 5.11.12:
CVE-2021-0941: 70e923f30e0c07cf6335e0875dbcd1bd83d14fd7 bpf: Remove MTU check in __bpf_skb_max_len
CVE-2021-29657: c90804920978faba6b5fa91e82edc58e5ffd7d30 KVM: SVM: load control fields from VMCB12 before checking them
CVE-2021-3483: 8936e89ffea69bc1e3bc9f4837b793d3231313c0 firewire: nosy: Fix a use-after-free bug in nosy_ioctl()
CVEs fixed in 5.11.13:
CVE-2021-29154: b85b10dc8af463b59a732f299ade2612a8b950c9 bpf, x86: Validate computation of branch displacements for x86-64
CVEs fixed in 5.11.14:
CVE-2020-25670: 8c9e4971e142e2899606a2490b77a1208c1f4638 nfc: fix refcount leak in llcp_sock_bind()
CVE-2020-25671: b42800750b07893f2993214c3f777892eb06ad16 nfc: fix refcount leak in llcp_sock_connect()
CVE-2020-25672: 596ad6296f07c63bed3cbd573de42f99b7984599 nfc: fix memory leak in llcp_sock_connect()
CVE-2020-25673: 820d46654348863bf6b359ab1cc978eb1126bcac nfc: Avoid endless loops caused by repeated llcp_sock_connect()
CVE-2021-3659: 743c9072afafd1919b41ae319044513ed014a58f net: mac802154: Fix general protection fault
CVEs fixed in 5.11.15:
CVE-2021-0937: b4c4e4660b37a57011677809205a3f36725b70ae netfilter: x_tables: fix compat match/target pad out-of-bound write
CVE-2021-22555: b4c4e4660b37a57011677809205a3f36725b70ae netfilter: x_tables: fix compat match/target pad out-of-bound write
CVEs fixed in 5.11.16:
CVE-2021-23133: 59b5f3e478dbcb4c384cf0888d6cc9f5cad79f2f net/sctp: fix race condition in sctp_destroy_sock
CVE-2021-29155: 4ccdc6c6cae38b91c871293fb0ed8c6845a61b51 bpf: Use correct permission flag for mixed signed bounds arithmetic
CVE-2021-3501: ce541d7b59566a0d94c7c99bfb5d34b050e6af70 KVM: VMX: Don't use vcpu->run->internal.ndata as an array index
CVEs fixed in 5.11.17:
CVE-2019-15794: f65c0fdb7db2750677bf2cb53e62d7d205c20ab5 ovl: fix reference counting in ovl_mmap error path
CVEs fixed in 5.11.19:
CVE-2021-31829: 6eba92a4d4be8feb4dc33976abac544fa99d6ecc bpf: Fix masking negation logic upon negative dst register
CVE-2021-38209: fbf85a34ce17c4cf0a37ee253f4c582bbfb8231b netfilter: conntrack: Make global sysctls readonly in non-init netns
CVEs fixed in 5.11.20:
CVE-2021-3506: 7fe4c47161c21f3b1c3581c2653147281ca0e4fa f2fs: fix to avoid out-of-bounds memory access
CVE-2021-3543: 5f4a8ccfc15c1498d897139e5dbff82a35005144 nitro_enclaves: Fix stale file descriptors on failed usercopy
CVEs fixed in 5.11.21:
CVE-2021-31440: d11e645725e9850109a40031997fc05b7dda34c7 bpf: Fix propagation of 32 bit unsigned bounds from 64 bit bounds
CVE-2021-32399: c20a95f000bc369176d1698fce2515656b5db924 bluetooth: eliminate the potential race condition when removing the HCI controller
CVE-2021-33034: 7064d5651ba08adbcd3d8a2fc78f8a117a768935 Bluetooth: verify AMP hci_chan before amp_destroy
CVE-2021-3489: 646f2a9b0ecc57817352830d4efa409d89542e1d bpf, ringbuf: Deny reserve of buffers larger than ringbuf
CVE-2021-3490: 3a0066086a338f99205b1c38c9fbefaeb5cd6d28 bpf: Fix alu32 const subreg bound tracking on bitwise operations
CVE-2021-3491: 7a8411015f744e68013d77432d869be5ad34208f io_uring: truncate lengths larger than MAX_RW_COUNT on provide buffers
CVE-2021-45486: 4bfdd8b53f7440ac0f6290720c6e1ad5952377ec inet: use bigger hash table for IP ID generation
CVEs fixed in 5.11.22:
CVE-2021-4157: fd02a794aaeac693c7c092a4b482f87256d151fc pNFS/flexfiles: fix incorrect size check in decode_nfs_fh()
Outstanding CVEs:
CVE-2005-3660: (unk)
CVE-2007-3719: (unk)
CVE-2008-2544: (unk)
CVE-2008-4609: (unk)
CVE-2010-4563: (unk)
CVE-2010-5321: (unk)
CVE-2011-4917: (unk)
CVE-2012-4542: (unk)
CVE-2013-7445: (unk)
CVE-2015-2877: (unk)
CVE-2016-8660: (unk)
CVE-2017-13693: (unk)
CVE-2017-13694: (unk)
CVE-2018-1121: (unk)
CVE-2018-12928: (unk)
CVE-2018-12929: (unk)
CVE-2018-12930: (unk)
CVE-2018-12931: (unk)
CVE-2018-17977: (unk)
CVE-2019-0146: (unk)
CVE-2019-12456: (unk)
CVE-2019-15239: (unk) unknown
CVE-2019-15290: (unk)
CVE-2019-15902: (unk) unknown
CVE-2019-16089: (unk)
CVE-2019-19378: (unk)
CVE-2019-19814: (unk)
CVE-2019-20794: (unk)
CVE-2020-0347: (unk)
CVE-2020-10708: (unk)
CVE-2020-11725: (unk)
CVE-2020-14304: (unk)
CVE-2020-15802: (unk)
CVE-2020-16119: (unk) dccp: don't duplicate ccid when cloning dccp sock
CVE-2020-24502: (unk)
CVE-2020-24503: (unk)
CVE-2020-24504: (unk) ice: create scheduler aggregator node config and move VSIs
CVE-2020-24586: (unk) mac80211: prevent mixed key and fragment cache attacks
CVE-2020-24587: (unk) mac80211: prevent mixed key and fragment cache attacks
CVE-2020-24588: (unk) cfg80211: mitigate A-MSDU aggregation attacks
CVE-2020-25220: (unk)
CVE-2020-26139: (unk) mac80211: do not accept/forward invalid EAPOL frames
CVE-2020-26140: (unk)
CVE-2020-26141: (unk) ath10k: Fix TKIP Michael MIC verification for PCIe
CVE-2020-26142: (unk)
CVE-2020-26143: (unk)
CVE-2020-26145: (unk) ath10k: drop fragments with multicast DA for PCIe
CVE-2020-26147: (unk) mac80211: assure all fragments are encrypted
CVE-2020-26541: (unk) certs: Add EFI_CERT_X509_GUID support for dbx entries
CVE-2020-26555: (unk)
CVE-2020-26556: (unk)
CVE-2020-26557: (unk)
CVE-2020-26558: (unk) Bluetooth: SMP: Fail if remote and local public keys are identical
CVE-2020-26559: (unk)
CVE-2020-26560: (unk)
CVE-2020-27820: (unk) drm/nouveau: use drm_dev_unplug() during device removal
CVE-2020-35501: (unk)
CVE-2020-36516: (unk)
CVE-2020-3702: (unk) ath: Use safer key clearing with key cache entries
CVE-2021-0129: (unk) Bluetooth: SMP: Fail if remote and local public keys are identical
CVE-2021-0399: (unk)
CVE-2021-0695: (unk)
CVE-2021-0920: (unk) af_unix: fix garbage collect vs MSG_PEEK
CVE-2021-20320: (unk) s390/bpf: Fix optimizing out zero-extensions
CVE-2021-20321: (unk) ovl: fix missing negative dentry check in ovl_rename()
CVE-2021-20322: (unk) ipv6: make exception cache less predictible
CVE-2021-22543: (unk) KVM: do not allow mapping valid but non-reference-counted pages
CVE-2021-22600: (unk) net/packet: rx_owner_map depends on pg_vec
CVE-2021-26401: (unk) x86/speculation: Use generic retpoline by default on AMD
CVE-2021-26934: (unk)
CVE-2021-28691: (unk) xen-netback: take a reference to the RX task thread
CVE-2021-28711: (unk) xen/blkfront: harden blkfront against event channel storms
CVE-2021-28712: (unk) xen/netfront: harden netfront against event channel storms
CVE-2021-28713: (unk) xen/console: harden hvc_xen against event channel storms
CVE-2021-28714: (unk) xen/netback: fix rx queue stall detection
CVE-2021-28715: (unk) xen/netback: don't queue unlimited number of packages
CVE-2021-32078: (unk) ARM: footbridge: remove personal server platform
CVE-2021-32606: (unk) can: isotp: prevent race between isotp_bind() and isotp_setsockopt()
CVE-2021-33061: (unk) ixgbe: add improvement for MDD response functionality
CVE-2021-33098: (unk) ixgbe: fix large MTU request from VF
CVE-2021-33135: (unk)
CVE-2021-33624: (unk) bpf: Inherit expanded/patched seen count from old aux data
CVE-2021-33909: (unk) seq_file: disallow extremely large seq buffer allocations
CVE-2021-34556: (unk) bpf: Introduce BPF nospec instruction for mitigating Spectre v4
CVE-2021-34693: (unk) can: bcm: fix infoleak in struct bcm_msg_head
CVE-2021-34866: (unk) bpf: Fix ringbuf helper function compatibility
CVE-2021-34981: (unk) Bluetooth: cmtp: fix file refcount when cmtp_attach_device fails
CVE-2021-35039: (unk) module: limit enabling module.sig_enforce
CVE-2021-3542: (unk)
CVE-2021-35477: (unk) bpf: Introduce BPF nospec instruction for mitigating Spectre v4
CVE-2021-3564: (unk) Bluetooth: fix the erroneous flush_work() order
CVE-2021-3573: (unk) Bluetooth: use correct lock to prevent UAF of hdev object
CVE-2021-3587: (unk) nfc: fix NULL ptr dereference in llcp_sock_getname() after failed connect
CVE-2021-3609: (unk) can: bcm: delay release of struct bcm_op after synchronize_rcu()
CVE-2021-3640: (unk) Bluetooth: sco: Fix lock_sock() blockage by memcpy_from_msg()
CVE-2021-3653: (unk) KVM: nSVM: avoid picking up unsupported bits from L2 in int_ctl (CVE-2021-3653)
CVE-2021-3655: (unk) sctp: validate from_addr_param return
CVE-2021-3656: (unk) KVM: nSVM: always intercept VMLOAD/VMSAVE when nested (CVE-2021-3656)
CVE-2021-3669: (unk) ipc: replace costly bailout check in sysvipc_find_ipc()
CVE-2021-3679: (unk) tracing: Fix bug in rb_per_cpu_empty() that might cause deadloop.
CVE-2021-3714: (unk)
CVE-2021-37159: (unk) usb: hso: fix error handling code of hso_create_net_device
CVE-2021-3732: (unk) ovl: prevent private clone if bind mount is not allowed
CVE-2021-3739: (unk) btrfs: fix NULL pointer dereference when deleting device by invalid id
CVE-2021-3743: (unk) net: qrtr: fix OOB Read in qrtr_endpoint_post
CVE-2021-3744: (unk) crypto: ccp - fix resource leaks in ccp_run_aes_gcm_cmd()
CVE-2021-3752: (unk) Bluetooth: fix use-after-free error in lock_sock_nested()
CVE-2021-3753: (unk) vt_kdsetmode: extend console locking
CVE-2021-37576: (unk) KVM: PPC: Book3S: Fix H_RTAS rets buffer overflow
CVE-2021-3759: (unk) memcg: enable accounting of ipc resources
CVE-2021-3760: (unk) nfc: nci: fix the UAF of rf_conn_info object
CVE-2021-3764: (unk) crypto: ccp - fix resource leaks in ccp_run_aes_gcm_cmd()
CVE-2021-3772: (unk) sctp: use init_tag from inithdr for ABORT chunk
CVE-2021-38160: (unk) virtio_console: Assure used length from device is limited
CVE-2021-38166: (unk) bpf: Fix integer overflow involving bucket_size
CVE-2021-38198: (unk) KVM: X86: MMU: Use the correct inherited permissions to get shadow page
CVE-2021-38199: (unk) NFSv4: Initialise connection to the server in nfs4_alloc_client()
CVE-2021-38200: (unk) powerpc/perf: Fix crash in perf_instruction_pointer() when ppmu is not set
CVE-2021-38201: (unk) sunrpc: Avoid a KASAN slab-out-of-bounds bug in xdr_set_page_base()
CVE-2021-38204: (unk) usb: max-3421: Prevent corruption of freed memory
CVE-2021-38205: (unk) net: xilinx_emaclite: Do not print real IOMEM pointer
CVE-2021-38206: (unk) mac80211: Fix NULL ptr deref for injected rate info
CVE-2021-38207: (unk) net: ll_temac: Fix TX BD buffer overwrite
CVE-2021-38208: (unk) nfc: fix NULL ptr dereference in llcp_sock_getname() after failed connect
CVE-2021-38300: (unk) bpf, mips: Validate conditional branch offsets
CVE-2021-3847: (unk)
CVE-2021-3864: (unk)
CVE-2021-3892: (unk)
CVE-2021-3894: (unk) sctp: account stream padding length for reconf chunk
CVE-2021-3896: (unk) isdn: cpai: check ctr->cnr to avoid array index out of bound
CVE-2021-39633: (unk) ip_gre: add validation for csum_start
CVE-2021-39685: (unk) USB: gadget: detect too-big endpoint 0 requests
CVE-2021-39686: (unk) binder: use euid from cred instead of using task
CVE-2021-39698: (unk) wait: add wake_up_pollfree()
CVE-2021-39800: (unk)
CVE-2021-39801: (unk)
CVE-2021-39802: (unk)
CVE-2021-4001: (unk) bpf: Fix toctou on read-only map's constant scalar tracking
CVE-2021-4002: (unk) hugetlbfs: flush TLBs correctly after huge_pmd_unshare
CVE-2021-4023: (unk) io-wq: fix cancellation on create-worker failure
CVE-2021-4028: (unk) RDMA/cma: Do not change route.addr.src_addr.ss_family
CVE-2021-4037: (unk) xfs: fix up non-directory creation in SGID directories
CVE-2021-40490: (unk) ext4: fix race writing to an inline_data file while its xattrs are changing
CVE-2021-4083: (unk) fget: check that the fd still exists after getting a ref to it
CVE-2021-4090: (unk) NFSD: Fix exposure in nfsd4_decode_bitmap()
CVE-2021-4093: (unk) KVM: SEV-ES: go over the sev_pio_data buffer in multiple passes if needed
CVE-2021-41073: (unk) io_uring: ensure symmetry in handling iter types in loop_rw_iter()
CVE-2021-4135: (unk) netdevsim: Zero-initialize memory for new map's value in function nsim_bpf_map_alloc
CVE-2021-4148: (unk) mm: khugepaged: skip huge page collapse for special files
CVE-2021-4149: (unk) btrfs: unlock newly allocated extent buffer after error
CVE-2021-4150: (unk) block: fix incorrect references to disk objects
CVE-2021-4154: (unk) cgroup: verify that source is a string
CVE-2021-4155: (unk) xfs: map unwritten blocks in XFS_IOC_{ALLOC,FREE}SP just like fallocate
CVE-2021-41864: (unk) bpf: Fix integer overflow in prealloc_elems_and_freelist()
CVE-2021-4197: (unk) cgroup: Use open-time credentials for process migraton perm checks
CVE-2021-42008: (unk) net: 6pack: fix slab-out-of-bounds in decode_data
CVE-2021-4202: (unk) NFC: reorganize the functions in nci_request
CVE-2021-4203: (unk) af_unix: fix races in sk_peer_pid and sk_peer_cred accesses
CVE-2021-4204: (unk) bpf: Generalize check_ctx_reg for reuse with other types
CVE-2021-42252: (unk) soc: aspeed: lpc-ctrl: Fix boundary check for mmap
CVE-2021-42327: (unk) drm/amdgpu: fix out of bounds write
CVE-2021-42739: (unk) media: firewire: firedtv-avc: fix a buffer overflow in avc_ca_pmt()
CVE-2021-43056: (unk) KVM: PPC: Book3S HV: Make idle_kvm_start_guest() return 0 if it went to guest
CVE-2021-43267: (unk) tipc: fix size validations for the MSG_CRYPTO type
CVE-2021-43389: (unk) isdn: cpai: check ctr->cnr to avoid array index out of bound
CVE-2021-43975: (unk) atlantic: Fix OOB read and write in hw_atl_utils_fw_rpc_wait
CVE-2021-43976: (unk) mwifiex: Fix skb_over_panic in mwifiex_usb_recv()
CVE-2021-44733: (unk) tee: handle lookup of shm with reference count 0
CVE-2021-44879: (unk) f2fs: fix to do sanity check on inode type during garbage collection
CVE-2021-45095: (unk) phonet: refcount leak in pep_sock_accep
CVE-2021-45402: (unk) bpf: Fix signed bounds propagation after mov32
CVE-2021-45469: (unk) f2fs: fix to do sanity check on last xattr entry in __f2fs_setxattr()
CVE-2021-45485: (unk) ipv6: use prandom_u32() for ID generation
CVE-2021-45868: (unk) quota: check block number when reading the block in quota file
CVE-2021-46283: (unk) netfilter: nf_tables: initialize set before expression setup
CVE-2022-0001: (unk) x86/speculation: Rename RETPOLINE_AMD to RETPOLINE_LFENCE
CVE-2022-0002: (unk) x86/speculation: Rename RETPOLINE_AMD to RETPOLINE_LFENCE
CVE-2022-0168: (unk) cifs: fix NULL ptr dereference in smb2_ioctl_query_info()
CVE-2022-0171: (unk)
CVE-2022-0185: (unk) vfs: fs_context: fix up param length parsing in legacy_parse_param
CVE-2022-0286: (unk) bonding: fix null dereference in bond_ipsec_add_sa()
CVE-2022-0322: (unk) sctp: account stream padding length for reconf chunk
CVE-2022-0330: (unk) drm/i915: Flush TLBs before releasing backing store
CVE-2022-0382: (unk) net ticp:fix a kernel-infoleak in __tipc_sendmsg()
CVE-2022-0400: (unk)
CVE-2022-0435: (unk) tipc: improve size validations for received domain records
CVE-2022-0480: (unk) memcg: enable accounting for file lock caches
CVE-2022-0487: (unk) moxart: fix potential use-after-free on remove path
CVE-2022-0492: (unk) cgroup-v1: Require capabilities to set release_agent
CVE-2022-0494: (unk) block-map: add __GFP_ZERO flag for alloc_page in function bio_copy_kern
CVE-2022-0500: (unk) bpf: Introduce MEM_RDONLY flag
CVE-2022-0516: (unk) KVM: s390: Return error on SIDA memop on normal guest
CVE-2022-0617: (unk) udf: Fix NULL ptr deref when converting from inline format
CVE-2022-0644: (unk) vfs: check fd has read access in kernel_read_file_from_fd()
CVE-2022-0742: (unk) ipv6: fix skb drops in igmp6_event_query() and igmp6_event_report()
CVE-2022-0847: (unk) lib/iov_iter: initialize "flags" in new pipe_buffer
CVE-2022-0850: (unk) ext4: fix kernel infoleak via ext4_extent_header
CVE-2022-0854: (unk) swiotlb: rework "fix info leak with DMA_FROM_DEVICE"
CVE-2022-0995: (unk) watch_queue: Fix filter limit check
CVE-2022-0998: (unk) vdpa: clean up get_config_size ret value handling
CVE-2022-1011: (unk) fuse: fix pipe buffer lifetime for direct_io
CVE-2022-1012: (unk) secure_seq: use the 64 bits of the siphash for port offset calculation
CVE-2022-1015: (unk) netfilter: nf_tables: validate registers coming from userspace.
CVE-2022-1016: (unk) netfilter: nf_tables: initialize registers in nft_do_chain()
CVE-2022-1043: (unk) io_uring: fix xa_alloc_cycle() error return value check
CVE-2022-1048: (unk) ALSA: pcm: Fix races among concurrent hw_params and hw_free calls
CVE-2022-1055: (unk) net: sched: fix use-after-free in tc_new_tfilter()
CVE-2022-1116: (unk)
CVE-2022-1158: (unk) KVM: x86/mmu: do compare-and-exchange of gPTE via the user address
CVE-2022-1184: (unk)
CVE-2022-1195: (unk) hamradio: improve the incomplete fix to avoid NPD
CVE-2022-1198: (unk) drivers: hamradio: 6pack: fix UAF bug caused by mod_timer()
CVE-2022-1199: (unk) ax25: Fix NULL pointer dereference in ax25_kill_by_device
CVE-2022-1204: (unk) ax25: Fix refcount leaks caused by ax25_cb_del()
CVE-2022-1205: (unk) ax25: Fix NULL pointer dereferences in ax25 timers
CVE-2022-1247: (unk)
CVE-2022-1263: (unk) KVM: avoid NULL pointer dereference in kvm_dirty_ring_push
CVE-2022-1280: (unk) drm: avoid circular locks in drm_mode_getconnector
CVE-2022-1353: (unk) af_key: add __GFP_ZERO flag for compose_sadb_supported in function pfkey_register
CVE-2022-1462: (unk)
CVE-2022-1508: (unk) io_uring: reexpand under-reexpanded iters
CVE-2022-1516: (unk) net/x25: Fix null-ptr-deref caused by x25_disconnect
CVE-2022-1651: (unk) virt: acrn: fix a memory leak in acrn_dev_ioctl()
CVE-2022-1652: (unk)
CVE-2022-1671: (unk) rxrpc: fix some null-ptr-deref bugs in server_key.c
CVE-2022-1679: (unk)
CVE-2022-1729: (unk) perf: Fix sys_perf_event_open() race against self
CVE-2022-1734: (unk) nfc: nfcmrvl: main: reorder destructive operations in nfcmrvl_nci_unregister_dev to avoid bugs
CVE-2022-1786: (unk) io_uring: remove io_identity
CVE-2022-1789: (unk) KVM: x86/mmu: fix NULL pointer dereference on guest INVPCID
CVE-2022-1836: (unk) floppy: disable FDRAWCMD by default
CVE-2022-1852: (unk) KVM: x86: avoid calling x86 emulator without a decoded instruction
CVE-2022-1882: (unk)
CVE-2022-1943: (unk) udf: Avoid using stale lengthOfImpUse
CVE-2022-1966: (unk) netfilter: nf_tables: disallow non-stateful expression in sets earlier
CVE-2022-1972: (unk) netfilter: nf_tables: sanitize nft_set_desc_concat_parse()
CVE-2022-1973: (unk) fs/ntfs3: Fix invalid free in log_replay
CVE-2022-1974: (unk) nfc: replace improper check device_is_registered() in netlink related functions
CVE-2022-1975: (unk) NFC: netlink: fix sleep in atomic bug when firmware download timeout
CVE-2022-1976: (unk) io_uring: reinstate the inflight tracking
CVE-2022-1998: (unk) fanotify: Fix stale file descriptor in copy_event_to_user()
CVE-2022-20008: (unk) mmc: block: fix read single on recovery logic
CVE-2022-20132: (unk) HID: add hid_is_usb() function to make it simpler for USB detection
CVE-2022-20141: (unk) igmp: Add ip_mc_list lock in ip_check_mc_rcu
CVE-2022-20148: (unk) f2fs: fix UAF in f2fs_available_free_memory
CVE-2022-20153: (unk) io_uring: return back safer resurrect
CVE-2022-20154: (unk) sctp: use call_rcu to free endpoint
CVE-2022-2078: (unk) netfilter: nf_tables: sanitize nft_set_desc_concat_parse()
CVE-2022-21499: (unk) lockdown: also lock down previous kgdb use
CVE-2022-22942: (unk) drm/vmwgfx: Fix stale file descriptors on failed usercopy
CVE-2022-23036: (unk) xen/grant-table: add gnttab_try_end_foreign_access()
CVE-2022-23037: (unk) xen/netfront: don't use gnttab_query_foreign_access() for mapped status
CVE-2022-23038: (unk) xen/grant-table: add gnttab_try_end_foreign_access()
CVE-2022-23039: (unk) xen/gntalloc: don't use gnttab_query_foreign_access()
CVE-2022-23040: (unk) xen/xenbus: don't let xenbus_grant_ring() remove grants in error case
CVE-2022-23041: (unk) xen/9p: use alloc/free_pages_exact()
CVE-2022-23042: (unk) xen/netfront: react properly to failing gnttab_end_foreign_access_ref()
CVE-2022-23222: (unk) bpf: Replace PTR_TO_XXX_OR_NULL with PTR_TO_XXX | PTR_MAYBE_NULL
CVE-2022-23960: (unk) ARM: report Spectre v2 status through sysfs
CVE-2022-24448: (unk) NFSv4: Handle case where the lookup of a directory fails
CVE-2022-24958: (unk) usb: gadget: don't release an existing dev->buf
CVE-2022-24959: (unk) yam: fix a memory leak in yam_siocdevprivate()
CVE-2022-25258: (unk) USB: gadget: validate interface OS descriptor requests
CVE-2022-25265: (unk)
CVE-2022-25375: (unk) usb: gadget: rndis: check size of RNDIS_MSG_SET command
CVE-2022-25636: (unk) netfilter: nf_tables_offload: incorrect flow offload action array size
CVE-2022-26490: (unk) nfc: st21nfca: Fix potential buffer overflows in EVT_TRANSACTION
CVE-2022-26878: (unk)
CVE-2022-26966: (unk) sr9700: sanity check for packet length
CVE-2022-27223: (unk) USB: gadget: validate endpoint index for xilinx udc
CVE-2022-27666: (unk) esp: Fix possible buffer overflow in ESP transformation
CVE-2022-27950: (unk) HID: elo: fix memory leak in elo_probe
CVE-2022-28356: (unk) llc: fix netdevice reference leaks in llc_ui_bind()
CVE-2022-28388: (unk) can: usb_8dev: usb_8dev_start_xmit(): fix double dev_kfree_skb() in error path
CVE-2022-28389: (unk) can: mcba_usb: mcba_usb_start_xmit(): fix double dev_kfree_skb in error path
CVE-2022-28390: (unk) can: ems_usb: ems_usb_start_xmit(): fix double dev_kfree_skb() in error path
CVE-2022-28796: (unk) jbd2: fix use-after-free of transaction_t race
CVE-2022-28893: (unk) SUNRPC: Ensure we flush any closed sockets before xs_xprt_free()
CVE-2022-29156: (unk) RDMA/rtrs-clt: Fix possible double free in error case
CVE-2022-29581: (unk) net/sched: cls_u32: fix netns refcount changes in u32_change()
CVE-2022-29582: (unk) io_uring: fix race between timeout flush and removal
CVE-2022-29968: (unk) io_uring: fix uninitialized field in rw io_kiocb
CVE-2022-30594: (unk) ptrace: Check PTRACE_O_SUSPEND_SECCOMP permission on PTRACE_SEIZE
CVE-2022-32296: (unk) tcp: increase source port perturb table to 2^16
CVE-2022-32981: (unk) powerpc/32: Fix overread/overwrite of thread_struct via ptrace