data/5.17/5.17_security.txt - mirrors/github.com/nluedtke/linux_kernel_cves - Git at Google


 CVEs fixed in 5.17:
   CVE-2022-1353: 9a564bccb78a76740ea9d75a259942df8143d02c af_key: add __GFP_ZERO flag for compose_sadb_supported in function pfkey_register

 CVEs fixed in 5.17.1:
   CVE-2022-1015: afdc3f4b81f0ec9f97f0910476af4620a2481a6d netfilter: nf_tables: validate registers coming from userspace.
   CVE-2022-1016: dd03640529204ef4b8189fbdea08217d8d98271f netfilter: nf_tables: initialize registers in nft_do_chain()
   CVE-2022-1048: 1bbf82d9f961414d6c76a08f7f843ea068e0ab7b ALSA: pcm: Fix races among concurrent hw_params and hw_free calls
   CVE-2022-28356: ef1a6fe3563cf47ce4fd555727ca80085cf18884 llc: fix netdevice reference leaks in llc_ui_bind()
   CVE-2022-28796: bff94c57bd130e3062afa94414c2294871314096 jbd2: fix use-after-free of transaction_t race

 CVEs fixed in 5.17.2:
   CVE-2022-0168: 49bef50e585d738e957060f669e872b4ad15eb87 cifs: fix NULL ptr dereference in smb2_ioctl_query_info()
   CVE-2022-1158: 5051c04d70c6e035c2c923c04fbe015a4468b08d KVM: x86/mmu: do compare-and-exchange of gPTE via the user address
   CVE-2022-1204: 534156dd4ed768e30a43de0036f45dca7c54818f ax25: Fix refcount leaks caused by ax25_cb_del()
   CVE-2022-1205: a45dba71849a963c427637b3330e2ccf098f42d1 ax25: Fix NULL pointer dereferences in ax25 timers
   CVE-2022-1516: 671529db75e6be777bb1c76aa07c2bdd2992be6d net/x25: Fix null-ptr-deref caused by x25_disconnect
   CVE-2022-1651: f8e6e18d117e461110c849a11c6a396dcccdbd4e virt: acrn: fix a memory leak in acrn_dev_ioctl()
   CVE-2022-1671: 4e1f670e1b440dc783dbeb881d575bca31474f73 rxrpc: fix some null-ptr-deref bugs in server_key.c
   CVE-2022-28388: 29d6c06168faa23ce23db3321981c8fde576c95c can: usb_8dev: usb_8dev_start_xmit(): fix double dev_kfree_skb() in error path
   CVE-2022-28389: 42a4b0dfd365c4f77f96fd1f73a64b47ae443a38 can: mcba_usb: mcba_usb_start_xmit(): fix double dev_kfree_skb in error path
   CVE-2022-28390: 3f71f499395545119383f10760b8b19703d2a7dd can: ems_usb: ems_usb_start_xmit(): fix double dev_kfree_skb() in error path
   CVE-2022-30594: 4d51bbc8a3799febf50471eb6888b1b58e87111e ptrace: Check PTRACE_O_SUSPEND_SECCOMP permission on PTRACE_SEIZE

 CVEs fixed in 5.17.3:
   CVE-2022-1263: e8d7f0dad29e634e26d4614cfbd081514c16e042 KVM: avoid NULL pointer dereference in kvm_dirty_ring_push
   CVE-2022-28893: d21287d8a4589dd8513038f887ece980fbc399cf SUNRPC: Ensure we flush any closed sockets before xs_xprt_free()
   CVE-2022-29582: 11cd7959400258beb1dc17c8680055966263f316 io_uring: fix race between timeout flush and removal

 CVEs fixed in 5.17.5:
   CVE-2022-29581: 64c87076791198b23da730186b0c141d9a6ce80c net/sched: cls_u32: fix netns refcount changes in u32_change()

 CVEs fixed in 5.17.6:
   CVE-2022-1836: d91ca05d52fabf68c0376bcfeed1a52be68a8e1b floppy: disable FDRAWCMD by default
   CVE-2022-29968: 77089e6ff273f43c42e99a690ae45ee39a6a62de io_uring: fix uninitialized field in rw io_kiocb

 CVEs fixed in 5.17.7:
   CVE-2022-1734: f4bfbac45121c8638db5eacb1ebbb61ee956c668 nfc: nfcmrvl: main: reorder destructive operations in nfcmrvl_nci_unregister_dev to avoid bugs
   CVE-2022-1974: 8b58d6e565d83443c51b3fc076bd4472674aca0c nfc: replace improper check device_is_registered() in netlink related functions
   CVE-2022-1975: 63a545103b77091f2309b44a8975cdf255bb99b2 NFC: netlink: fix sleep in atomic bug when firmware download timeout

 CVEs fixed in 5.17.8:
   CVE-2022-1943: cfd64b858cb2b56969138df7970cb0b7f2388fb0 udf: Avoid using stale lengthOfImpUse

 CVEs fixed in 5.17.9:
   CVE-2022-1012: 6976724355f5fdada89de528730f9a7b4928f2e3 secure_seq: use the 64 bits of the siphash for port offset calculation
   CVE-2022-32296: e3ee7bb47d6509c3e8a3e96e5d8e3bf21549b6e8 tcp: increase source port perturb table to 2^16

 CVEs fixed in 5.17.10:
   CVE-2022-1729: 22fb2974224c9836eeaf0d24fdd481fcdaa0aea8 perf: Fix sys_perf_event_open() race against self
   CVE-2022-21499: 281d356a035132f2603724ee0f04767d70e2e98e lockdown: also lock down previous kgdb use

 CVEs fixed in 5.17.12:
   CVE-2022-1789: 19a66796d1f0dd4ce4b05f76d53ce1d0a7dc817d KVM: x86/mmu: fix NULL pointer dereference on guest INVPCID

 CVEs fixed in 5.17.13:
   CVE-2022-1852: dca5ea67a3e627a3022fe58722a2807c1ef61c29 KVM: x86: avoid calling x86 emulator without a decoded instruction
   CVE-2022-1966: d8db0465bcc4d4b54ecfb67b820ed26eb1440da7 netfilter: nf_tables: disallow non-stateful expression in sets earlier
   CVE-2022-1972: c88f3e3d243d701586239c5b69356ec2b1fd05f1 netfilter: nf_tables: sanitize nft_set_desc_concat_parse()
   CVE-2022-2078: c88f3e3d243d701586239c5b69356ec2b1fd05f1 netfilter: nf_tables: sanitize nft_set_desc_concat_parse()

 CVEs fixed in 5.17.14:
   CVE-2022-1973: 2088cc00491e8d25a99d0f247df843e9c3df2040 fs/ntfs3: Fix invalid free in log_replay

 CVEs fixed in 5.17.15:
   CVE-2022-32981: 638556430658eca42501271edb38154264767ff5 powerpc/32: Fix overread/overwrite of thread_struct via ptrace

 Outstanding CVEs:
   CVE-2005-3660: (unk)
   CVE-2007-3719: (unk)
   CVE-2008-2544: (unk)
   CVE-2008-4609: (unk)
   CVE-2010-4563: (unk)
   CVE-2010-5321: (unk)
   CVE-2011-4917: (unk)
   CVE-2012-4542: (unk)
   CVE-2013-7445: (unk)
   CVE-2015-2877: (unk)
   CVE-2016-8660: (unk)
   CVE-2017-13693: (unk)
   CVE-2017-13694: (unk)
   CVE-2018-1121: (unk)
   CVE-2018-12928: (unk)
   CVE-2018-12929: (unk)
   CVE-2018-12930: (unk)
   CVE-2018-12931: (unk)
   CVE-2018-17977: (unk)
   CVE-2019-0146: (unk)
   CVE-2019-12456: (unk)
   CVE-2019-15239: (unk) unknown
   CVE-2019-15290: (unk)
   CVE-2019-15902: (unk) unknown
   CVE-2019-16089: (unk)
   CVE-2019-19378: (unk)
   CVE-2019-19814: (unk)
   CVE-2019-20794: (unk)
   CVE-2020-0347: (unk)
   CVE-2020-10708: (unk)
   CVE-2020-11725: (unk)
   CVE-2020-14304: (unk)
   CVE-2020-15802: (unk)
   CVE-2020-24502: (unk)
   CVE-2020-24503: (unk)
   CVE-2020-25220: (unk)
   CVE-2020-26140: (unk)
   CVE-2020-26142: (unk)
   CVE-2020-26143: (unk)
   CVE-2020-26555: (unk)
   CVE-2020-26556: (unk)
   CVE-2020-26557: (unk)
   CVE-2020-26559: (unk)
   CVE-2020-26560: (unk)
   CVE-2020-35501: (unk)
   CVE-2020-36516: (unk)
   CVE-2021-0399: (unk)
   CVE-2021-0695: (unk)
   CVE-2021-26934: (unk)
   CVE-2021-33061: (unk) ixgbe: add improvement for MDD response functionality
   CVE-2021-33135: (unk)
   CVE-2021-3542: (unk)
   CVE-2021-3714: (unk)
   CVE-2021-3847: (unk)
   CVE-2021-3864: (unk)
   CVE-2021-3892: (unk)
   CVE-2021-39800: (unk)
   CVE-2021-39801: (unk)
   CVE-2021-39802: (unk)
   CVE-2022-0171: (unk)
   CVE-2022-0400: (unk)
   CVE-2022-1116: (unk)
   CVE-2022-1184: (unk)
   CVE-2022-1247: (unk)
   CVE-2022-1462: (unk)
   CVE-2022-1652: (unk)
   CVE-2022-1679: (unk)
   CVE-2022-1882: (unk)
   CVE-2022-1976: (unk) io_uring: reinstate the inflight tracking
   CVE-2022-25265: (unk)
   CVE-2022-26878: (unk)

	CVEs fixed in 5.17:
	CVE-2022-1353: 9a564bccb78a76740ea9d75a259942df8143d02c af_key: add __GFP_ZERO flag for compose_sadb_supported in function pfkey_register

	CVEs fixed in 5.17.1:
	CVE-2022-1015: afdc3f4b81f0ec9f97f0910476af4620a2481a6d netfilter: nf_tables: validate registers coming from userspace.
	CVE-2022-1016: dd03640529204ef4b8189fbdea08217d8d98271f netfilter: nf_tables: initialize registers in nft_do_chain()
	CVE-2022-1048: 1bbf82d9f961414d6c76a08f7f843ea068e0ab7b ALSA: pcm: Fix races among concurrent hw_params and hw_free calls
	CVE-2022-28356: ef1a6fe3563cf47ce4fd555727ca80085cf18884 llc: fix netdevice reference leaks in llc_ui_bind()
	CVE-2022-28796: bff94c57bd130e3062afa94414c2294871314096 jbd2: fix use-after-free of transaction_t race

	CVEs fixed in 5.17.2:
	CVE-2022-0168: 49bef50e585d738e957060f669e872b4ad15eb87 cifs: fix NULL ptr dereference in smb2_ioctl_query_info()
	CVE-2022-1158: 5051c04d70c6e035c2c923c04fbe015a4468b08d KVM: x86/mmu: do compare-and-exchange of gPTE via the user address
	CVE-2022-1204: 534156dd4ed768e30a43de0036f45dca7c54818f ax25: Fix refcount leaks caused by ax25_cb_del()
	CVE-2022-1205: a45dba71849a963c427637b3330e2ccf098f42d1 ax25: Fix NULL pointer dereferences in ax25 timers
	CVE-2022-1516: 671529db75e6be777bb1c76aa07c2bdd2992be6d net/x25: Fix null-ptr-deref caused by x25_disconnect
	CVE-2022-1651: f8e6e18d117e461110c849a11c6a396dcccdbd4e virt: acrn: fix a memory leak in acrn_dev_ioctl()
	CVE-2022-1671: 4e1f670e1b440dc783dbeb881d575bca31474f73 rxrpc: fix some null-ptr-deref bugs in server_key.c
	CVE-2022-28388: 29d6c06168faa23ce23db3321981c8fde576c95c can: usb_8dev: usb_8dev_start_xmit(): fix double dev_kfree_skb() in error path
	CVE-2022-28389: 42a4b0dfd365c4f77f96fd1f73a64b47ae443a38 can: mcba_usb: mcba_usb_start_xmit(): fix double dev_kfree_skb in error path
	CVE-2022-28390: 3f71f499395545119383f10760b8b19703d2a7dd can: ems_usb: ems_usb_start_xmit(): fix double dev_kfree_skb() in error path
	CVE-2022-30594: 4d51bbc8a3799febf50471eb6888b1b58e87111e ptrace: Check PTRACE_O_SUSPEND_SECCOMP permission on PTRACE_SEIZE

	CVEs fixed in 5.17.3:
	CVE-2022-1263: e8d7f0dad29e634e26d4614cfbd081514c16e042 KVM: avoid NULL pointer dereference in kvm_dirty_ring_push
	CVE-2022-28893: d21287d8a4589dd8513038f887ece980fbc399cf SUNRPC: Ensure we flush any closed sockets before xs_xprt_free()
	CVE-2022-29582: 11cd7959400258beb1dc17c8680055966263f316 io_uring: fix race between timeout flush and removal

	CVEs fixed in 5.17.5:
	CVE-2022-29581: 64c87076791198b23da730186b0c141d9a6ce80c net/sched: cls_u32: fix netns refcount changes in u32_change()

	CVEs fixed in 5.17.6:
	CVE-2022-1836: d91ca05d52fabf68c0376bcfeed1a52be68a8e1b floppy: disable FDRAWCMD by default
	CVE-2022-29968: 77089e6ff273f43c42e99a690ae45ee39a6a62de io_uring: fix uninitialized field in rw io_kiocb

	CVEs fixed in 5.17.7:
	CVE-2022-1734: f4bfbac45121c8638db5eacb1ebbb61ee956c668 nfc: nfcmrvl: main: reorder destructive operations in nfcmrvl_nci_unregister_dev to avoid bugs
	CVE-2022-1974: 8b58d6e565d83443c51b3fc076bd4472674aca0c nfc: replace improper check device_is_registered() in netlink related functions
	CVE-2022-1975: 63a545103b77091f2309b44a8975cdf255bb99b2 NFC: netlink: fix sleep in atomic bug when firmware download timeout

	CVEs fixed in 5.17.8:
	CVE-2022-1943: cfd64b858cb2b56969138df7970cb0b7f2388fb0 udf: Avoid using stale lengthOfImpUse

	CVEs fixed in 5.17.9:
	CVE-2022-1012: 6976724355f5fdada89de528730f9a7b4928f2e3 secure_seq: use the 64 bits of the siphash for port offset calculation
	CVE-2022-32296: e3ee7bb47d6509c3e8a3e96e5d8e3bf21549b6e8 tcp: increase source port perturb table to 2^16

	CVEs fixed in 5.17.10:
	CVE-2022-1729: 22fb2974224c9836eeaf0d24fdd481fcdaa0aea8 perf: Fix sys_perf_event_open() race against self
	CVE-2022-21499: 281d356a035132f2603724ee0f04767d70e2e98e lockdown: also lock down previous kgdb use

	CVEs fixed in 5.17.12:
	CVE-2022-1789: 19a66796d1f0dd4ce4b05f76d53ce1d0a7dc817d KVM: x86/mmu: fix NULL pointer dereference on guest INVPCID

	CVEs fixed in 5.17.13:
	CVE-2022-1852: dca5ea67a3e627a3022fe58722a2807c1ef61c29 KVM: x86: avoid calling x86 emulator without a decoded instruction
	CVE-2022-1966: d8db0465bcc4d4b54ecfb67b820ed26eb1440da7 netfilter: nf_tables: disallow non-stateful expression in sets earlier
	CVE-2022-1972: c88f3e3d243d701586239c5b69356ec2b1fd05f1 netfilter: nf_tables: sanitize nft_set_desc_concat_parse()
	CVE-2022-2078: c88f3e3d243d701586239c5b69356ec2b1fd05f1 netfilter: nf_tables: sanitize nft_set_desc_concat_parse()

	CVEs fixed in 5.17.14:
	CVE-2022-1973: 2088cc00491e8d25a99d0f247df843e9c3df2040 fs/ntfs3: Fix invalid free in log_replay

	CVEs fixed in 5.17.15:
	CVE-2022-32981: 638556430658eca42501271edb38154264767ff5 powerpc/32: Fix overread/overwrite of thread_struct via ptrace

	Outstanding CVEs:
	CVE-2005-3660: (unk)
	CVE-2007-3719: (unk)
	CVE-2008-2544: (unk)
	CVE-2008-4609: (unk)
	CVE-2010-4563: (unk)
	CVE-2010-5321: (unk)
	CVE-2011-4917: (unk)
	CVE-2012-4542: (unk)
	CVE-2013-7445: (unk)
	CVE-2015-2877: (unk)
	CVE-2016-8660: (unk)
	CVE-2017-13693: (unk)
	CVE-2017-13694: (unk)
	CVE-2018-1121: (unk)
	CVE-2018-12928: (unk)
	CVE-2018-12929: (unk)
	CVE-2018-12930: (unk)
	CVE-2018-12931: (unk)
	CVE-2018-17977: (unk)
	CVE-2019-0146: (unk)
	CVE-2019-12456: (unk)
	CVE-2019-15239: (unk) unknown
	CVE-2019-15290: (unk)
	CVE-2019-15902: (unk) unknown
	CVE-2019-16089: (unk)
	CVE-2019-19378: (unk)
	CVE-2019-19814: (unk)
	CVE-2019-20794: (unk)
	CVE-2020-0347: (unk)
	CVE-2020-10708: (unk)
	CVE-2020-11725: (unk)
	CVE-2020-14304: (unk)
	CVE-2020-15802: (unk)
	CVE-2020-24502: (unk)
	CVE-2020-24503: (unk)
	CVE-2020-25220: (unk)
	CVE-2020-26140: (unk)
	CVE-2020-26142: (unk)
	CVE-2020-26143: (unk)
	CVE-2020-26555: (unk)
	CVE-2020-26556: (unk)
	CVE-2020-26557: (unk)
	CVE-2020-26559: (unk)
	CVE-2020-26560: (unk)
	CVE-2020-35501: (unk)
	CVE-2020-36516: (unk)
	CVE-2021-0399: (unk)
	CVE-2021-0695: (unk)
	CVE-2021-26934: (unk)
	CVE-2021-33061: (unk) ixgbe: add improvement for MDD response functionality
	CVE-2021-33135: (unk)
	CVE-2021-3542: (unk)
	CVE-2021-3714: (unk)
	CVE-2021-3847: (unk)
	CVE-2021-3864: (unk)
	CVE-2021-3892: (unk)
	CVE-2021-39800: (unk)
	CVE-2021-39801: (unk)
	CVE-2021-39802: (unk)
	CVE-2022-0171: (unk)
	CVE-2022-0400: (unk)
	CVE-2022-1116: (unk)
	CVE-2022-1184: (unk)
	CVE-2022-1247: (unk)
	CVE-2022-1462: (unk)
	CVE-2022-1652: (unk)
	CVE-2022-1679: (unk)
	CVE-2022-1882: (unk)
	CVE-2022-1976: (unk) io_uring: reinstate the inflight tracking
	CVE-2022-25265: (unk)
	CVE-2022-26878: (unk)