| |
| CVEs fixed in 5.4-rc1: |
| CVE-2019-15099: 39d170b3cb62ba98567f5c4f40c27b5864b304e5 ath6kl: fix a NULL-ptr-deref bug in ath6kl_usb_alloc_urb_from_pipe() |
| |
| CVEs fixed in 5.4.1: |
| CVE-2019-15291: acfcb05fbdb8ee3aad4359372c1b238a366b5355 media: b2c2-flexcop-usb: add sanity checking |
| CVE-2019-18660: 79f6bca3bc524d8b2e29bbc96ad541d13d6d9547 powerpc/book3s64: Fix link stack flush on context switch |
| CVE-2019-18683: 5aa7ad7e991e6cb0c3a1825dbe7f78c2a8116ccc media: vivid: Fix wrong locking that causes race conditions on streaming stop |
| |
| CVEs fixed in 5.4.2: |
| CVE-2019-19241: 8387e3688aa9e06a12b58abbcfe2cbfd0cf0f589 io_uring: async workers should inherit the user creds |
| CVE-2019-19602: 4c1bb6bbc541a1961ac3605a5507236961983185 x86/fpu: Don't cache access to fpu_fpregs_owner_ctx |
| CVE-2019-19767: 69412e8ac6206e36aa09a6e3f5503be020b64ba8 ext4: add more paranoia checking in ext4_expand_extra_isize handling |
| |
| CVEs fixed in 5.4.3: |
| CVE-2019-19050: d8d63ea238cc34dd3874969b13d44a158cd0fdd0 crypto: user - fix memory leak in crypto_reportstat |
| CVE-2019-19062: b022e155ccbcfadeaf5543d5b4d99c3c6d260ced crypto: user - fix memory leak in crypto_report |
| CVE-2019-19071: 9f513166a8e773081f86b198371f6a80b4bd52ec rsi: release skb if rsi_prepare_beacon fails |
| CVE-2019-19252: 0b0923bb6d2808bc6f3b03028fec685144227ba8 vcs: prevent write access to vcsu devices |
| CVE-2019-19332: 8ad39a3b44c1b452e51c0fc996d65911e2545b84 KVM: x86: fix out-of-bounds write in KVM_GET_EMULATED_CPUID (CVE-2019-19332) |
| CVE-2019-19338: 52c8b0c6e11e139f0e27ea41a7444bfbf17aa2e1 KVM: x86: fix presentation of TSX feature in ARCH_CAPABILITIES |
| |
| CVEs fixed in 5.4.4: |
| CVE-2019-19447: a44a5939a4097c98481a5b873b7bd9f387e56f59 ext4: work around deleting a file with i_nlink == 0 safely |
| CVE-2020-0041: 34d8a89fe156b082823f438f8240e8d57291c9f2 binder: fix incorrect calculation for num_valid |
| |
| CVEs fixed in 5.4.5: |
| CVE-2020-1749: 48d58ae9e87aaa11814364ddb52b3461f9abac57 net: ipv6_stub: use ip6_dst_lookup_flow instead of ip6_dst_lookup |
| |
| CVEs fixed in 5.4.7: |
| CVE-2019-16229: fbeec1d0e552662539a1b72e2530a7006bd677fa drm/amdkfd: fix a potential NULL pointer dereference (v2) |
| CVE-2019-16230: fbeec1d0e552662539a1b72e2530a7006bd677fa drm/amdkfd: fix a potential NULL pointer dereference (v2) |
| CVE-2019-16232: 6ab523073f222e2e3a4545cbe436ef94a33bffff libertas: fix a potential NULL pointer dereference |
| CVE-2019-18786: 96d7c3cb33c591070d067b048129a4ddd9fb9346 media: rcar_drif: fix a memory disclosure |
| CVE-2019-19037: 6cc4ccdd0b975f5f4c334fac71fee47e564472bf ext4: fix ext4_empty_dir() for directories with holes |
| CVE-2019-19057: 01b987532b79828ca67efb63eeec2bf07f3099df mwifiex: pcie: Fix memory leak in mwifiex_pcie_init_evt_ring |
| CVE-2019-19063: 39a974f8970268e7a02933e5cd6fab3e2dd8228e rtlwifi: prevent memory leak in rtl_usb_probe |
| CVE-2019-19070: d7bb7d20a8bac687c16838f2b7b5629d595512d1 spi: gpio: prevent memory leak in spi_gpio_probe |
| CVE-2019-19947: 9562cdb0af47c4040c4e7e842b87a43f86845c7a can: kvaser_usb: kvaser_usb_leaf: Fix some info-leaks to USB devices |
| CVE-2019-20812: 772f76457932305e63e2b796228158b842830022 af_packet: set defaule value for tmo |
| CVE-2020-0427: f739a699db7d5a5cf39ca3ce2c84e4fe4a8f4c5d pinctrl: devicetree: Avoid taking direct reference to device name string |
| |
| CVEs fixed in 5.4.8: |
| CVE-2020-10690: bfa2e0cd3dfda64fde43c3dca3aeba298d2fe7ad ptp: fix the race between the release of ptp_clock and cdev |
| |
| CVEs fixed in 5.4.9: |
| CVE-2019-18809: 3dba6e50d09ee8c05d5ba68bd69624ac1ea0c814 media: usb: fix memory leak in af9005_identify_state |
| CVE-2019-19965: 55c89290c7948e62ceac9eb3ffe6dd1555aa38d6 scsi: libsas: stop discovering if oob mode is disconnected |
| |
| CVEs fixed in 5.4.11: |
| CVE-2019-14901: 389c0f743f9629392d119a11da780054456e9c49 mwifiex: Fix heap overflow in mmwifiex_process_tdls_action_frame() |
| |
| CVEs fixed in 5.4.12: |
| CVE-2019-14615: 53b9bd37af59d1def99b20707536105857eb9bd0 drm/i915/gen9: Clear residual context state on context switch |
| CVE-2019-14895: cbd6a85021a38ce3071fc50f2e11b709b0add8c7 mwifiex: fix possible heap overflow in mwifiex_process_country_ie() |
| CVE-2019-19053: 5bbe72cf486c3b983f739b3e1d98b61c8a205795 rpmsg: char: release allocated memory |
| CVE-2019-19056: 3fe1ced40e189e31c21f6723fbe4bdf8d2731922 mwifiex: pcie: Fix memory leak in mwifiex_pcie_alloc_cmdrsp_buf |
| CVE-2019-19066: 448fe0b67c68d36cb45c09444c6b8298130d4c5e scsi: bfa: release allocated memory in case of error |
| CVE-2019-19068: e380d974731502d24e0353df36a883fe232c866b rtl8xxxu: prevent leaking urb |
| CVE-2019-19078: ad1e0d1976b9061bf2aca99249b0187c9bbd3334 ath10k: fix memory leak |
| CVE-2019-20636: 39f711b69799c49e0e385494b9b8c0787f51293f Input: add safety guards to input_set_keycode() |
| CVE-2020-0305: 341464390512ed50d5e96cf8f5340dcfbebd837a chardev: Avoid potential use-after-free in 'chrdev_open()' |
| CVE-2020-0431: 4091fbf6cc143c8ccd8275eaa642b2f2afe7c4ab HID: hid-input: clear unmapped usages |
| |
| CVEs fixed in 5.4.13: |
| CVE-2019-19064: bf3b4bc7bb03a2b0e67078d42a1d43ce05a14b7b spi: lpspi: fix memory leak in fsl_lpspi_probe |
| |
| CVEs fixed in 5.4.14: |
| CVE-2019-19043: 97e81f01f03c25a03ca1699111323e3984c3779c i40e: prevent memory leak in i40e_setup_macvlans |
| CVE-2020-12652: b307a5e97483d72c4a18cc8755d362d88b50c6d1 scsi: mptfusion: Fix double fetch bug in ioctl |
| CVE-2021-3635: 8f4dc50b5c12e159ac846fdc00702c547fdf2e95 netfilter: nf_tables: fix flowtable list del corruption |
| |
| CVEs fixed in 5.4.15: |
| CVE-2019-19046: 57d748f43f0742f58b5cf01b2d7b9a0d2e113e3d ipmi: Fix memory leak in __ipmi_bmc_register |
| |
| CVEs fixed in 5.4.16: |
| CVE-2019-14896: 40b1747b03684f03827b6323a17e4aa67af1e307 libertas: Fix two buffer overflows at parsing bss descriptor |
| CVE-2019-14897: 40b1747b03684f03827b6323a17e4aa67af1e307 libertas: Fix two buffer overflows at parsing bss descriptor |
| CVE-2020-14416: 34545cad8e0476aa6843f132e1177fe1517b2814 can, slip: Protect tty->disc_data in write_wakeup and close with RCU |
| CVE-2020-8428: 454759886d0b463213fad0f1c733469e2c501ab9 do_last(): fetch directory ->i_mode and ->i_uid before it's too late |
| |
| CVEs fixed in 5.4.17: |
| CVE-2020-0432: b5e5d81230ec6a24b3ce452fc41d8260292c686a staging: most: net: fix buffer overflow |
| CVE-2020-12769: 7db4e6c728cbb4caf6708b0181bc11763d1e89a7 spi: spi-dw: Add lock protect dw_spi rx/tx to prevent concurrent calls |
| |
| CVEs fixed in 5.4.19: |
| CVE-2019-3016: 68460ceba319a46ea14b36129bfd0a152e0f00c3 x86/kvm: Be careful not to clear KVM_VCPU_FLUSH_TLB bit |
| CVE-2020-0404: 6fcbff54ded118b29ca05f56aea85825d24a5645 media: uvcvideo: Avoid cyclic entity chains due to malformed USB descriptors |
| |
| CVEs fixed in 5.4.20: |
| CVE-2020-12653: 3c822e1f31186767d6b7261c3c066f01907ecfca mwifiex: Fix possible buffer overflows in mwifiex_cmd_append_vsie_tlv() |
| CVE-2020-12654: c5b071e3f44d1125694ad4dcf1234fb9a78d0be6 mwifiex: Fix possible buffer overflows in mwifiex_ret_wmm_get_status() |
| |
| CVEs fixed in 5.4.21: |
| CVE-2020-8992: 94f0fe04da78adc214b51523499031664f9db408 ext4: add cond_resched() to ext4_protect_reserved_inode |
| CVE-2022-1419: 3ea7f138cec139be98f8bb9fc1a6b432003f834e drm/vgem: Close use-after-free race in vgem_gem_create |
| |
| CVEs fixed in 5.4.23: |
| CVE-2020-0009: 41a53f5b68ec36bcd100816554c31e3cff7b6c6e staging: android: ashmem: Disallow ashmem memory from being remapped |
| CVE-2020-0110: e61c236dcf3416211008774b6c2bfa01753a82c1 sched/psi: Fix OOB write when writing 0 bytes to PSI files |
| CVE-2020-2732: 24dfae91a23a55c9f4cbe8fd778ed229ee9cced1 KVM: nVMX: Don't emulate instructions in guest mode |
| CVE-2020-36558: 897d5aaf3397e64a56274f2176d9e1b13adcb92e vt: vt_ioctl: fix race in VT_RESIZEX |
| CVE-2020-9383: 1eb78bc92c847f9e1c01a01b2773fc2fe7b134cf floppy: check FDC index for errors before assigning it |
| CVE-2020-9391: 95236ae76bf8c5a71bcbb90a0c46a564613831d7 mm: Avoid creating virtual address aliases in brk()/mmap()/mremap() |
| |
| CVEs fixed in 5.4.24: |
| CVE-2019-19768: 6f9cff84dde800b4d9eab071810fbe284686601e blktrace: Protect q->blk_trace with RCU |
| CVE-2020-0444: 37f4c2775267c6fea23172f4d0461eb42c8497a6 audit: fix error handling in audit_data_to_entry() |
| CVE-2020-10942: f09fbb1175cffdbbb36b28e2ff7db96dcc90de08 vhost: Check docket sk_family instead of call getname |
| CVE-2020-27068: f0593f5b1b64d3e08c67ee756c4253080e52afb2 cfg80211: add missing policy for NL80211_ATTR_STATUS_CODE |
| |
| CVEs fixed in 5.4.25: |
| CVE-2020-27418: 5d230547476eea90b57ed9fda4bfe5307779abbb vgacon: Fix a UAF in vgacon_invert_region |
| CVE-2020-8647: 5d230547476eea90b57ed9fda4bfe5307779abbb vgacon: Fix a UAF in vgacon_invert_region |
| CVE-2020-8648: 4387bfa605206b57451e6f77af1287960981ffa2 vt: selection, close sel_buffer race |
| CVE-2020-8649: 5d230547476eea90b57ed9fda4bfe5307779abbb vgacon: Fix a UAF in vgacon_invert_region |
| |
| CVEs fixed in 5.4.26: |
| CVE-2020-12465: 02013734629bf57070525a3515509780092a63ab mt76: fix array overflow on receiving too many fragments for a packet |
| |
| CVEs fixed in 5.4.27: |
| CVE-2020-29370: ae119b7e12472517bc35c1c003d5abf26653674a mm: slub: add missing TID bump in kmem_cache_alloc_bulk() |
| |
| CVEs fixed in 5.4.28: |
| CVE-2019-19769: 384e15fc4226551a45b54226dc57bca7e23db9d8 locks: fix a potential use-after-free problem when wakeup a waiter |
| CVE-2020-14381: 553d46b07dc4813e1d8e6a3b3d6eb8603b4dda74 futex: Fix inode life-time issue |
| |
| CVEs fixed in 5.4.29: |
| CVE-2020-11608: e4af1cf37b901839320e40515d9a60a1c8b51f3a media: ov519: add missing endpoint sanity checks |
| CVE-2020-11609: 4490085a9e2d2cde69e865e3691223ea9e94513b media: stv06xx: add missing descriptor sanity checks |
| CVE-2020-11668: e7cd85f398cd1ffe3ce707ce7e2ec0e4a5010475 media: xirlink_cit: add missing descriptor sanity checks |
| CVE-2020-27066: 21af83e17ffae4955bbd8154a1e975826b8188a1 xfrm: policy: Fix doulbe free in xfrm_policy_timer |
| CVE-2021-3715: ff28c6195814bdbd4038b08d39e40f8d65d2025e net_sched: cls_route: remove the right filter from hashtable |
| |
| CVEs fixed in 5.4.30: |
| CVE-2020-36557: acf0e94019310a9e1c4b6807c208f49a25f74573 vt: vt_ioctl: fix VT_DISALLOCATE freeing in-use virtual console |
| |
| CVEs fixed in 5.4.31: |
| CVE-2020-11565: c3f87e03f90ff2901525cc99c0e3bfb6fcbfd184 mm: mempolicy: require at least one nodeid for MPOL_PREFERRED |
| |
| CVEs fixed in 5.4.32: |
| CVE-2020-11494: fdb6a094ba41e985d9fb14ae2bfc180e3e983720 slcan: Don't transmit uninitialized stack data in padding |
| |
| CVEs fixed in 5.4.33: |
| CVE-2019-19039: 941dabde6c1a56908696d6642229521a125dd77e btrfs: Don't submit any btree write bio if the fs has errors |
| CVE-2019-19377: 941dabde6c1a56908696d6642229521a125dd77e btrfs: Don't submit any btree write bio if the fs has errors |
| CVE-2020-12657: b37de1b1e882fa3741d252333e5745eea444483b block, bfq: fix use-after-free in bfq_idle_slice_timer_body |
| CVE-2020-12826: 5f2d04139aa5ed04eab54b84e8a25bab87a2449c signal: Extend exec_id to 64bits |
| |
| CVEs fixed in 5.4.35: |
| CVE-2020-12659: 25c9cdef57488578da21d99eb614b97ffcf6e59f xsk: Add missing check on user supplied headroom size |
| |
| CVEs fixed in 5.4.36: |
| CVE-2020-0067: 5811f24abd27a8a0791c6909c6ff803659060c84 f2fs: fix to avoid memory leakage in f2fs_listxattr |
| CVE-2020-11884: 44d9eb0ebe8fd04f46b18d10a18b2c543b379a0c s390/mm: fix page table upgrade vs 2ndary address mode accesses |
| CVE-2020-12464: b48193a7c303272d357b27dd7d72cbf89f7b2d35 USB: core: Fix free-while-in-use bug in the USB S-Glibrary |
| |
| CVEs fixed in 5.4.39: |
| CVE-2020-0255: eeef0d9fd40df3c033dca68bca8249e5951660ac selinux: properly handle multiple messages in selinux_netlink_send() |
| CVE-2020-10751: eeef0d9fd40df3c033dca68bca8249e5951660ac selinux: properly handle multiple messages in selinux_netlink_send() |
| |
| CVEs fixed in 5.4.42: |
| CVE-2020-10711: debcbc56fdfc2847804d3d00d43f68f3074c5987 netlabel: cope with NULL catmap |
| CVE-2020-12770: 2d6d0ce4de03832c8deedeb16c7af52868d7e99e scsi: sg: add sg_remove_request in sg_write |
| CVE-2020-13143: 6bb054f006c3df224cc382f1ebd81b7276dcfb1c USB: gadget: fix illegal array access in binding with UDC |
| CVE-2020-27786: 3fa58fc9f8c4d2b3557bca4363653464546e497e ALSA: rawmidi: Fix racy buffer resize under concurrent accesses |
| |
| CVEs fixed in 5.4.43: |
| CVE-2019-18814: 97d817b9ef13e2d52a86ea032b0df6a922e0e9df apparmor: Fix use-after-free in aa_audit_rule_init |
| CVE-2020-12768: ac46cea606d59be18a6afd4560c48bcca836c44c KVM: SVM: Fix potential memory leak in svm_cpu_init() |
| |
| CVEs fixed in 5.4.44: |
| CVE-2020-10732: a02c130efbbce91af1e9dd99a5a381dd43494e15 fs/binfmt_elf.c: allocate initialized memory in fill_thread_core_info() |
| |
| CVEs fixed in 5.4.45: |
| CVE-2019-19462: 1c44e6e09dc81dcc891a6ada446f86add73baa38 kernel/relay.c: handle alloc_percpu returning NULL in relay_open |
| CVE-2020-10757: df4988aa1c9618d9c612639e96002cd4e772def2 mm: Fix mremap not considering huge pmd devmap |
| |
| CVEs fixed in 5.4.46: |
| CVE-2020-0543: dab0161b8a0bc6a86319412e39b221670ca758ca x86/cpu: Add 'table' argument to cpu_matches() |
| CVE-2020-13974: 9619c2f746f7991486d556789e8675f1d1a0a67d vt: keyboard: avoid signed integer overflow in k_ascii |
| |
| CVEs fixed in 5.4.47: |
| CVE-2020-10766: 9d1dcba6dd48cf7c5801d8aee12852ca41110896 x86/speculation: Prevent rogue cross-process SSBD shutdown |
| CVE-2020-10767: 6d60d5462a91eb46fb88b016508edfa8ee0bc7c8 x86/speculation: Avoid force-disabling IBPB based on STIBP and enhanced IBRS. |
| CVE-2020-10768: e1545848ad5510e82eb75717c1f5757b984014cb x86/speculation: PR_SPEC_FORCE_DISABLE enforcement for indirect branches. |
| CVE-2020-29374: 1027dc04f557328eb7b7b7eea48698377a959157 gup: document and work around "COW can break either way" issue |
| CVE-2021-0342: 747d5bcb97eba1ecef0ceaa6b6234ba1aca87f60 tun: correct header offsets in napi frags mode |
| |
| CVEs fixed in 5.4.48: |
| CVE-2019-20810: 6e688a315acf9c2b9b6e8c3e3b7a0c2720f72cba media: go7007: fix a miss of snd_card_free |
| CVE-2020-29368: a88d8aaf9b8b5e0af163a235a3baa9fdcb7d430a mm: thp: make the THP mapcount atomic against __split_huge_pmd_locked() |
| |
| CVEs fixed in 5.4.49: |
| CVE-2020-12771: f651e94899ed08b1766bda30f410d33fdd3970ff bcache: fix potential deadlock problem in btree_gc_coalesce |
| CVE-2020-15436: b3dc33946a742256ad9d2ccac848c9e3c2aaafef block: Fix use-after-free in blkdev_get() |
| |
| CVEs fixed in 5.4.50: |
| CVE-2020-12655: ffd40b7962d463daa531a8110e5b708bcb5c6da7 xfs: add agf freeblocks verify in xfs_agf_verify |
| CVE-2020-15780: 824d0b6225f3fa2992704478a8df520537cfcb56 ACPI: configfs: Disallow loading ACPI tables when locked down |
| |
| CVEs fixed in 5.4.51: |
| CVE-2020-15393: 3dca0a299ff43204a69c9a7a00ce2b3e7ab3088c usb: usbtest: fix missing kfree(dev->buf) in usbtest_disconnect |
| CVE-2020-24394: fe05e114d0fde7f644ac9ab5edfce3fa65650875 nfsd: apply umask on fs without ACL support |
| |
| CVEs fixed in 5.4.53: |
| CVE-2020-10781: 72648019cd52488716891c2cbb096ad1023ab83e Revert "zram: convert remaining CLASS_ATTR() to CLASS_ATTR_RO()" |
| CVE-2020-14356: 94886c86e833dbc8995202b6c6aaff592b7abd24 cgroup: fix cgroup_sk_alloc() for sk_clone_lock() |
| CVE-2022-0812: c8a4452da9f4b09c28d904f70247b097d4c14932 xprtrdma: fix incorrect header size calculations |
| |
| CVEs fixed in 5.4.54: |
| CVE-2020-15437: af811869db0698b587aa5418eab05c9f7e0bea3c serial: 8250: fix null-ptr-deref in serial8250_start_tx() |
| CVE-2020-29369: 549bfc14270681cd776c6d9b78fe544cbd21673a mm/mmap.c: close race between munmap() and expand_upwards()/downwards() |
| |
| CVEs fixed in 5.4.56: |
| CVE-2019-18808: ecfa7fa198fc66731ded5dabefccc8e9e2f3b311 crypto: ccp - Release all allocated memory if sha type is invalid |
| CVE-2019-19054: 84da97713b9112c9529a941b230219b759e6f206 media: rc: prevent memory leak in cx23888_ir_probe |
| CVE-2020-12656: 98cef10fbcca40e70f9f389a4bea42384376376b sunrpc: check that domain table is empty at module unload. |
| CVE-2020-24490: 9acd96f14a49f59401478eefe158aec489e0161f Bluetooth: fix kernel oops in store_pending_adv_report |
| |
| CVEs fixed in 5.4.57: |
| CVE-2020-16166: c15a77bdda2c4f8acaa3e436128630a81f904ae7 random32: update the net random state on interrupt and activity |
| |
| CVEs fixed in 5.4.58: |
| CVE-2020-14331: 8c3215a0426c404f4b7b02a1e0fdb0f7f4f1e6d3 vgacon: Fix for missing check in scrollback handling |
| CVE-2020-36386: c26eaaf547b785ae98fa08607b599c7df0da51bc Bluetooth: Fix slab-out-of-bounds read in hci_extended_inquiry_result_evt() |
| |
| CVEs fixed in 5.4.59: |
| CVE-2019-19770: 6a291f9c21e4acf3429aacfa2e019d9965806c51 blktrace: fix debugfs use after free |
| CVE-2020-26088: 0b305f259ca9b85c48f9cb3159d034b7328ed225 net/nfc/rawsock.c: add CAP_NET_RAW check. |
| CVE-2021-20292: c6d2ddf1a30d524106265ad2c48b907cd7a083d4 drm/ttm/nouveau: don't call tt destroy callback on alloc failure. |
| |
| CVEs fixed in 5.4.60: |
| CVE-2019-19448: 7bbf647dbb5a28e754633512065146763a35ff77 btrfs: only search for left_info if there is no right_info in try_merge_free_space |
| CVE-2020-25212: 75cf7f895f563e14c82c1aeea0362dc155b5baf3 nfs: Fix getxattr kernel panic and memory overflow |
| |
| CVEs fixed in 5.4.61: |
| CVE-2020-0466: 42694912aaf1d7fa426bd02b0b313f05601b6488 do_epoll_ctl(): clean the failure exits up a bit |
| CVE-2020-14314: ea54176e5821936d109bb45dc2c19bd53559e735 ext4: fix potential negative array index in do_split() |
| CVE-2020-29371: 19a77c937a1914bdd655366e79a2a1b7d675f554 romfs: fix uninitialized memory leak in romfs_dev_read() |
| |
| CVEs fixed in 5.4.62: |
| CVE-2020-36766: 6734eeb6c2f07336f76bcf2c57e7bf8259ae0d40 cec-api: prevent leaking memory through hole in structure |
| CVE-2021-3428: 8e63c86f658005a9d8bc672642e587a787c53a72 ext4: handle error of ext4_setup_system_zone() on remount |
| |
| CVEs fixed in 5.4.63: |
| CVE-2020-0465: 4bae1afed43212ee3ec64f2bdc9e39e800974e7e HID: core: Sanitize event code and type when mapping input |
| CVE-2022-20565: 667514df10a08e4a65cb88f5fd5ffeccd027c4af HID: core: Correctly handle ReportSize being zero |
| |
| CVEs fixed in 5.4.64: |
| CVE-2020-12888: 8f747b0149c5a0c72626a87eb0dd2a5ec91f1a7d vfio-pci: Invalidate mmaps and block MMIO access on disabled memory |
| CVE-2020-14385: da7a1676d6c19971758976a84e87f5b1009409e7 xfs: fix boundary test in xfs_attr_shortform_verify |
| CVE-2020-14386: bc846b58fe5cecaa2632d566355e607954779d45 net/packet: fix overflow in tpacket_rcv |
| CVE-2020-25285: af7786b20c717ff13d9148161dad4b8e286bfd39 mm/hugetlb: fix a race between hugetlb sysctl handlers |
| CVE-2020-25641: 84c041c12442d233c9b3c593cbe9eb8a77875578 block: allow for_each_bvec to support zero len bvec |
| CVE-2021-1048: 88405cf0f2bd771670b76c42b169527ff86048da fix regression in "epoll: Keep a reference on files added to the check list" |
| |
| CVEs fixed in 5.4.66: |
| CVE-2020-14390: cf5a7ded53652c3d63d7243944c6a8ec1f0ef392 fbcon: remove soft scrollback code |
| CVE-2020-25284: ea3d3bf85669195247ad6a522f4e4209695edca2 rbd: require global CAP_SYS_ADMIN for mapping and unmapping |
| CVE-2020-28097: 087b6cb17df5834d395ab72da3f937380470ba15 vgacon: remove software scrollback support |
| CVE-2020-36312: 41b2ea7a6a11e2b1a7f2c29e1675a709a6b2b98d KVM: fix memory leak in kvm_io_bus_unregister_dev() |
| |
| CVEs fixed in 5.4.68: |
| CVE-2020-25643: c3de9daa662617132744731f1b4eb7b5cd1270a8 hdlc_ppp: add range checks in ppp_cp_parse_cr() |
| CVE-2020-25645: 745c24fd1d79b588a951d3c5beca43575907f881 geneve: add transport ports in route lookup for geneve |
| CVE-2021-0605: a769bff2333a8212cff4fd8bbe986979bf41c528 af_key: pfkey_dump needs parameter validation |
| |
| CVEs fixed in 5.4.70: |
| CVE-2020-25211: 253052b636e98083b1ecc3e9b0cf6f151e1cb8c6 netfilter: ctnetlink: add a range check for l3/l4 protonum |
| CVE-2021-0448: 253052b636e98083b1ecc3e9b0cf6f151e1cb8c6 netfilter: ctnetlink: add a range check for l3/l4 protonum |
| CVE-2021-39634: 8993da3d4d3a7ae721e9dafa140ba64c0e632a50 epoll: do not insert into poll queues until all sanity checks are done |
| |
| CVEs fixed in 5.4.71: |
| CVE-2020-28915: 1b2fcd82c0ca23f6fa01298c0d7b59eb4efbaf48 fbcon: Fix global-out-of-bounds read in fbcon_get_font() |
| |
| CVEs fixed in 5.4.72: |
| CVE-2020-10135: ed6c361e3229a2aa64b04617baa7f452bed28bcc Bluetooth: Consolidate encryption handling in hci_encrypt_cfm |
| CVE-2020-12351: 66a14350de9a4e3db7dedb524518b1394a5f7162 Bluetooth: L2CAP: Fix calling sk_filter on non-socket based channel |
| CVE-2020-12352: 0d9e9b6e1a26bb248c0afee754d5a577abd4376b Bluetooth: A2MP: Fix not initializing all members |
| |
| CVEs fixed in 5.4.73: |
| CVE-2020-0423: 401d4d79a8ed5ac1c78031a00f8ac414e6605a38 binder: fix UAF when releasing todo list |
| CVE-2020-25705: 8df0ffe2f32c09b4627cbce5cd5faf8e98a6a71e icmp: randomize the global rate limiter |
| CVE-2020-27784: e9e791f5c39ab30e374a3b1a9c25ca7ff24988f3 usb: gadget: function: printer: fix use-after-free in __lock_acquire |
| |
| CVEs fixed in 5.4.75: |
| CVE-2020-25656: 87d398f348b8a2d5246d3670a93fb63d4fd9f62a vt: keyboard, extend func_buf_lock to readers |
| CVE-2020-25668: c2313d7818b979f8b3751f052a8db34a7ed26780 tty: make FONTX ioctl use the tty pointer they were actually passed |
| CVE-2020-27673: 4bea575a10691a99b03d5e9055f3079040b59868 xen/events: add a proper barrier to 2-level uevent unmasking |
| CVE-2020-27675: a01379671d67d34f254cc81f42cf854aa628f3a3 xen/events: avoid removing an event channel while handling it |
| CVE-2020-27777: 240baebeda09e1e010fff58acc9183992f41f638 powerpc/rtas: Restrict RTAS requests from userspace |
| |
| CVEs fixed in 5.4.76: |
| CVE-2020-25704: b7f7474b392194530d1ec07203c8668e81b7fdb9 perf/core: Fix a memory leak in perf_event_parse_addr_filter() |
| CVE-2020-28974: 642181fe3567419d84d2457b58f262c37467f525 vt: Disable KD_FONT_OP_COPY |
| CVE-2020-35508: beeb658cfd3544ceca894375c36b6572e4ae7a5f fork: fix copy_process(CLONE_PARENT) race with the exiting ->real_parent |
| |
| CVEs fixed in 5.4.77: |
| CVE-2020-8694: 19f6d91bdad42200aac557a683c17b1f65ee6c94 powercap: restrict energy meter to root access |
| |
| CVEs fixed in 5.4.78: |
| CVE-2020-14351: c5cf5c7b585c7f48195892e44b76237010c0747a perf/core: Fix race in the perf_mmap_close() function |
| |
| CVEs fixed in 5.4.79: |
| CVE-2020-25669: df33054114475477b5e7810aa0efb26916220474 Input: sunkbd - avoid use-after-free in teardown paths |
| CVE-2020-4788: b65458b6be8032c5179d4f562038575d7b3a6be3 powerpc/64s: flush L1D on kernel entry |
| |
| CVEs fixed in 5.4.80: |
| CVE-2020-28941: 3b78db264675e47ad3cf9c1e809e85d02fe1de90 speakup: Do not let the line discipline be used several times |
| |
| CVEs fixed in 5.4.82: |
| CVE-2020-35519: 8bfe5b73b185d931b77c965002f84ad986aa94f1 net/x25: prevent a couple of overflows |
| |
| CVEs fixed in 5.4.83: |
| CVE-2020-27830: b0d4fa10bfcc3051e9426b6286fb2d80bad04d74 speakup: Reject setting the speakup line discipline outside of speakup |
| CVE-2020-28588: 867fbf2bb739bc7ba02cca09093f2d35ed7eadc5 lib/syscall: fix syscall registers retrieval on 32-bit platforms |
| CVE-2020-29660: 35ee9ac513280f46eeb1196bac82ed5320380412 tty: Fix ->session locking |
| CVE-2020-29661: c536ecd4856084604701b95bd7e3fb15f05634bf tty: Fix ->pgrp locking in tiocspgrp() |
| |
| CVEs fixed in 5.4.84: |
| CVE-2021-0938: c2c5dc84ac51da90cadcb12554c69bdd5ac7aeeb compiler.h: fix barrier_data() on clang |
| |
| CVEs fixed in 5.4.86: |
| CVE-2020-27815: cbeb61258186978c26f9ee738c86fe4812cc27af jfs: Fix array index bounds check in dbAdjTree |
| CVE-2020-29568: eac0c12e329d489ff36e85fed5ce2a8606e3124d xen/xenbus: Allow watches discard events before queueing |
| CVE-2020-29569: 8f3f6de44f7cc93a4723e63ea4381332826a6790 xen-blkback: set ring->xenblkd to NULL after kthread_stop() |
| CVE-2020-36694: b17244cebb24b30b886d46938cc5f798f7337574 netfilter: x_tables: Switch synchronization to RCU |
| |
| CVEs fixed in 5.4.88: |
| CVE-2020-36158: 0a49aaf4df2936bca119ee38fe5a570a7024efdc mwifiex: Fix possible buffer overflows in mwifiex_cmd_802_11_ad_hoc_start |
| CVE-2020-36322: 732251cabeb3bfd917d453a42274d769d6883fc4 fuse: fix bad inode |
| |
| CVEs fixed in 5.4.89: |
| CVE-2020-28374: 485e21729b1e1235e6075318225c09e76b376e81 scsi: target: Fix XCOPY NAA identifier lookup |
| CVE-2021-39648: bcffe2de9dde74174805d5f56a990353e33b8072 usb: gadget: configfs: Fix use-after-free issue with udc_name |
| |
| CVEs fixed in 5.4.92: |
| CVE-2021-3178: 4aef760c28e8bd1860a27fd78067b4ea77124987 nfsd4: readdirplus shouldn't return parent of export |
| CVE-2023-1390: 56e8947bcf814d195eb4954b4821868803d3dd67 tipc: fix NULL deref in tipc_link_xmit() |
| |
| CVEs fixed in 5.4.93: |
| CVE-2021-39657: 97853a7eae80a695a18ce432524eaa7432199a41 scsi: ufs: Correct the LUN used in eh_device_reset_handler() callback |
| |
| CVEs fixed in 5.4.94: |
| CVE-2020-27825: b899d5b2a42a963d6ca7e33d51a35b2eb25f6d10 tracing: Fix race in trace_open and buffer resize call |
| CVE-2021-3347: 0dae88a92596db9405fd4a341c1915cf7d8fbad4 futex: Ensure the correct return value from futex_lock_pi() |
| |
| CVEs fixed in 5.4.95: |
| CVE-2021-3348: 587c6b75d7fdd366ad7dc615471006ce73c03a51 nbd: freeze the queue while we're adding connections |
| |
| CVEs fixed in 5.4.98: |
| CVE-2021-3600: 78e2f71b89b22222583f74803d14f3d90cdf9d12 bpf: Fix 32 bit src register truncation on div/mod |
| |
| CVEs fixed in 5.4.99: |
| CVE-2021-21781: f49bff85b6dbb60a410c7f7dc53b52ee1dc22470 ARM: ensure the signal page contains defined contents |
| |
| CVEs fixed in 5.4.100: |
| CVE-2021-26930: 524a77aa5d69e726369b38813333f20c6511b66c xen-blkback: fix error handling in xen_blkbk_map() |
| CVE-2021-26931: 7109f61d25ff4dc2041f4be71042219869112e4c xen-blkback: don't "handle" error by BUG() |
| CVE-2021-26932: 104eef95231497cdb4e4de24a1ddef7c831a8b44 Xen/x86: don't bail early from clear_foreign_p2m_mapping() |
| |
| CVEs fixed in 5.4.101: |
| CVE-2021-0512: fce3654c648d8f92882d0dae117c20231b8b224f HID: make arrays usage and value to be the same |
| CVE-2021-3444: 185c2266c1df80bec001c987d64cae2d9cd13816 bpf: Fix truncation handling for mod32 dst reg wrt zero |
| |
| CVEs fixed in 5.4.102: |
| CVE-2020-25639: 0faef25462f886a77e0b397cca31d51163215332 drm/nouveau: bail out of nouveau_channel_new if channel init fails |
| CVE-2021-3612: 80168ba86034fc938970500b40c88b3914fede96 Input: joydev - prevent potential read overflow in ioctl |
| |
| CVEs fixed in 5.4.103: |
| CVE-2021-27363: ca3afdd0377379f5031f376aec4b0c1b0285b556 scsi: iscsi: Restrict sessions and handles to admin capabilities |
| CVE-2021-27364: ca3afdd0377379f5031f376aec4b0c1b0285b556 scsi: iscsi: Restrict sessions and handles to admin capabilities |
| CVE-2021-27365: 567a234a231db16a99067db3d31d351d9e770a82 scsi: iscsi: Ensure sysfs attributes are limited to PAGE_SIZE |
| CVE-2021-28038: 474773c42ffd89f7606b54443990ccf5086a4734 Xen/gnttab: handle p2m update errors on a per-slot basis |
| CVE-2021-30002: 027ddd67f68583a178a9bd65220611e9f978f014 media: v4l: ioctl: Fix memory leak in video_usercopy |
| |
| CVEs fixed in 5.4.106: |
| CVE-2021-28375: e4b52c7cbaaf4d11288d331b654b0fac450e4971 misc: fastrpc: restrict user apps from sending kernel RPC messages |
| CVE-2021-28660: da5abe369b03447b3df1e5816b9560cbae503993 staging: rtl8188eu: prevent ->ssid overflow in rtw_wx_set_scan() |
| CVE-2021-29265: 8698133003cfb67e0f04dd044c954198e421b152 usbip: fix stub_dev usbip_sockfd_store() races leading to gpf |
| CVE-2021-33033: b4800e7a1c9f80a1a0e417ab36a1da4959f8b399 cipso,calipso: resolve a number of problems with the DOI refcounts |
| CVE-2021-39656: 73aa6f93e1e980f392b3da4fee830b0e0a4a40ff configfs: fix a use-after-free in __configfs_open_file |
| |
| CVEs fixed in 5.4.108: |
| CVE-2021-28964: 5b3b99525c4f18e543f6ef17ef97c29f5694e8b4 btrfs: fix race when cloning extent buffer during rewind of an old root |
| CVE-2021-28971: da326ba3b84aae8ac0513aa4725a49843f2f871e perf/x86/intel: Fix a crash caused by zero PEBS status |
| CVE-2021-28972: 51a2b19b554c8c75ee2d253b87240309cd81f1fc PCI: rpadlpar: Fix potential drc_name corruption in store functions |
| |
| CVEs fixed in 5.4.109: |
| CVE-2021-28688: 057dd3e6986b260f0bec68bd1f2cd23a5d9dbda3 xen-blkback: don't leak persistent grants from xen_blkbk_map() |
| CVE-2021-29264: ec7ce1e337ec2b5641dcc639396e04a28454f21a gianfar: fix jumbo packets+napi+rx overrun crash |
| CVE-2021-29647: ae23957bd1fb3184a9935bd99c5ad2351a59d7c8 net: qrtr: fix a kernel-infoleak in qrtr_recvmsg() |
| CVE-2021-29650: 19a5fb4ceada903e692de96b8aa8494179abbf0b netfilter: x_tables: Use correct memory barriers. |
| CVE-2021-31916: e6587d142d0214eb466f9978e25f0575c19b1ea0 dm ioctl: fix out of bounds array access when no devices |
| |
| CVEs fixed in 5.4.110: |
| CVE-2021-0941: 42c83e3bca434d9f63c58f9cbf2881e635679fee bpf: Remove MTU check in __bpf_skb_max_len |
| CVE-2021-3483: 5ecfad1efbc31ab913f16ed60f0efff301aebfca firewire: nosy: Fix a use-after-free bug in nosy_ioctl() |
| |
| CVEs fixed in 5.4.111: |
| CVE-2021-29154: a0b3927a07be0c4cedd69970e082a8c23c92eb72 bpf, x86: Validate computation of branch displacements for x86-64 |
| |
| CVEs fixed in 5.4.112: |
| CVE-2020-25670: c89903c9eff219a4695e63715cf922748d743f65 nfc: fix refcount leak in llcp_sock_bind() |
| CVE-2020-25671: 41bc58ba0945d69578f60c6f06729d8e2dc327dc nfc: fix refcount leak in llcp_sock_connect() |
| CVE-2020-25672: 404daa4d62a364623b48349eb73a18579edf51ac nfc: fix memory leak in llcp_sock_connect() |
| CVE-2020-25673: aa0cff2e075152d474b0b01233ac0adfcfc0c0db nfc: Avoid endless loops caused by repeated llcp_sock_connect() |
| CVE-2021-3659: 38ea2b3ed00fb4632a706f2c796d6aa4a884f573 net: mac802154: Fix general protection fault |
| |
| CVEs fixed in 5.4.113: |
| CVE-2021-0937: cc59b872f2e1995b8cc819b9445c1198bfe83b2d netfilter: x_tables: fix compat match/target pad out-of-bound write |
| CVE-2021-22555: cc59b872f2e1995b8cc819b9445c1198bfe83b2d netfilter: x_tables: fix compat match/target pad out-of-bound write |
| |
| CVEs fixed in 5.4.114: |
| CVE-2021-23133: 6180d2274b17fc0473fb0764d3417c0bddb99b2e net/sctp: fix race condition in sctp_destroy_sock |
| |
| CVEs fixed in 5.4.117: |
| CVE-2021-31829: 53e0db429b37a32b8fc706d0d90eb4583ad13848 bpf: Fix masking negation logic upon negative dst register |
| |
| CVEs fixed in 5.4.118: |
| CVE-2021-3506: 27a130638406815eba083c632ee083f0c5e688c2 f2fs: fix to avoid out-of-bounds memory access |
| |
| CVEs fixed in 5.4.119: |
| CVE-2021-32399: eeec325c9944b4427f482018d00b737220c31fd9 bluetooth: eliminate the potential race condition when removing the HCI controller |
| CVE-2021-33034: 3a826ffa80d5c73ad7338fd98ace9c5b53844968 Bluetooth: verify AMP hci_chan before amp_destroy |
| CVE-2021-45486: fee81285bd09ec2080ce2cbb5063aad0e58eb272 inet: use bigger hash table for IP ID generation |
| |
| CVEs fixed in 5.4.120: |
| CVE-2021-4157: 89862bd77e9cf511628eb7a97fe7f8d246192eec pNFS/flexfiles: fix incorrect size check in decode_nfs_fh() |
| |
| CVEs fixed in 5.4.122: |
| CVE-2020-26555: f97257cde764ad6979a7dbeb460b9fb69276342e Bluetooth: SMP: Fail if remote and local public keys are identical |
| CVE-2020-26558: f97257cde764ad6979a7dbeb460b9fb69276342e Bluetooth: SMP: Fail if remote and local public keys are identical |
| CVE-2021-0129: f97257cde764ad6979a7dbeb460b9fb69276342e Bluetooth: SMP: Fail if remote and local public keys are identical |
| |
| CVEs fixed in 5.4.124: |
| CVE-2020-24586: 14f29a67f40496c832ca9fe8502e03b10cca6e59 mac80211: prevent mixed key and fragment cache attacks |
| CVE-2020-24587: 14f29a67f40496c832ca9fe8502e03b10cca6e59 mac80211: prevent mixed key and fragment cache attacks |
| CVE-2020-24588: fa00d4928eafe4fe8d854028f73f7af8fdbc9c3c cfg80211: mitigate A-MSDU aggregation attacks |
| CVE-2020-26139: 88664d5e5dc9eedddbea9cc8ebb3d57d933f9f8a mac80211: do not accept/forward invalid EAPOL frames |
| CVE-2020-26141: aee0121afee53cde39e49086317af5d029911857 ath10k: Fix TKIP Michael MIC verification for PCIe |
| CVE-2020-26145: 96d4d82652fa013d8b452871305a0c1e5f805d9e ath10k: drop fragments with multicast DA for PCIe |
| CVE-2020-26147: b90cf214e2bbb3f0a25d19937807238f646d1d72 mac80211: assure all fragments are encrypted |
| CVE-2021-33098: cf20c704a26eb763daf6bfb10369a4f11fef2d9a ixgbe: fix large MTU request from VF |
| CVE-2021-34981: fe201316ac36c48fc3cb2891dfdc8ab68058734d Bluetooth: cmtp: fix file refcount when cmtp_attach_device fails |
| |
| CVEs fixed in 5.4.125: |
| CVE-2021-3564: 8d3d0ac73a4a1d31e3d4f7c068312aba78470166 Bluetooth: fix the erroneous flush_work() order |
| CVE-2021-3573: b6f97555c71f78288682bc967121572f10715c89 Bluetooth: use correct lock to prevent UAF of hdev object |
| CVE-2021-3587: 5d4c4b06ed9fb7a69d0b2e2a73fc73226d25ab70 nfc: fix NULL ptr dereference in llcp_sock_getname() after failed connect |
| CVE-2021-38208: 5d4c4b06ed9fb7a69d0b2e2a73fc73226d25ab70 nfc: fix NULL ptr dereference in llcp_sock_getname() after failed connect |
| |
| CVEs fixed in 5.4.128: |
| CVE-2021-34693: c297559a2a2a6b6f0de61ed333a978a118b0e660 can: bcm: fix infoleak in struct bcm_msg_head |
| CVE-2021-3743: 26b8d10703a9be45d6097946b2b4011f7dd2c56f net: qrtr: fix OOB Read in qrtr_endpoint_post |
| |
| CVEs fixed in 5.4.129: |
| CVE-2020-26541: e20b90e4f81bb04e2b180824caae585928e24ba9 certs: Add EFI_CERT_X509_GUID support for dbx entries |
| CVE-2021-22543: bb85717e3797123ae7724751af21d0c9d605d61e KVM: do not allow mapping valid but non-reference-counted pages |
| CVE-2021-35039: e2dc07ca4e0148d75963e14d2b78afc12426a487 module: limit enabling module.sig_enforce |
| |
| CVEs fixed in 5.4.131: |
| CVE-2020-36311: abbd42939db646f7210e1473e9cb17c6bc6f184c KVM: SVM: Periodically schedule when unregistering regions on destroy |
| |
| CVEs fixed in 5.4.132: |
| CVE-2021-3609: 70a9116b9e5ccd5332d3a60b359fb5902d268fd0 can: bcm: delay release of struct bcm_op after synchronize_rcu() |
| CVE-2022-0850: ed628b2531196cc76d7c9b730abe4020cad26b0b ext4: fix kernel infoleak via ext4_extent_header |
| |
| CVEs fixed in 5.4.133: |
| CVE-2021-3655: 03a5e454614dc095a70d88c85ac45ba799c79971 sctp: validate from_addr_param return |
| CVE-2021-45485: ccde03a6a0fbdc3c0ba81930e629b8b14974cce4 ipv6: use prandom_u32() for ID generation |
| CVE-2023-28772: 33ab9138a13e379cf1c4ccd76b97ae2ee8c5421b seq_buf: Fix overflow in seq_buf_putmem_hex() |
| |
| CVEs fixed in 5.4.134: |
| CVE-2021-33909: c1dafbb26164f43f2bb70bee9e5c4e1cad228ca7 seq_file: disallow extremely large seq buffer allocations |
| CVE-2021-38160: 52bd1bce8624acb861fa96b7c8fc2e75422dc8f7 virtio_console: Assure used length from device is limited |
| CVE-2021-38199: 81e03fe5bf8f5f66b8a62429fb4832b11ec6b272 NFSv4: Initialise connection to the server in nfs4_alloc_client() |
| CVE-2021-4154: c17363ccd620c1a57ede00d5c777f0b8624debe6 cgroup: verify that source is a string |
| |
| CVEs fixed in 5.4.136: |
| CVE-2021-3679: f899f24d34d964593b16122a774c192a78e2ca56 tracing: Fix bug in rb_per_cpu_empty() that might cause deadloop. |
| CVE-2021-37576: 2b9ffddd70b449cdc42b943788dc82a6d7b0d175 KVM: PPC: Book3S: Fix H_RTAS rets buffer overflow |
| CVE-2021-38204: 863d071dbcd54dacf47192a1365faec46b7a68ca usb: max-3421: Prevent corruption of freed memory |
| |
| CVEs fixed in 5.4.137: |
| CVE-2021-0920: 85abe0d47fe65391ed41f78a66b5eff73987c086 af_unix: fix garbage collect vs MSG_PEEK |
| |
| CVEs fixed in 5.4.139: |
| CVE-2021-33624: 283d742988f6b304f32110f39e189a00d4e52b92 bpf: Inherit expanded/patched seen count from old aux data |
| |
| CVEs fixed in 5.4.141: |
| CVE-2021-3732: 812f39ed5b0b7f34868736de3055c92c7c4cf459 ovl: prevent private clone if bind mount is not allowed |
| CVE-2021-38198: d28adaabbbf4a6949d0f6f71daca6744979174e2 KVM: X86: MMU: Use the correct inherited permissions to get shadow page |
| CVE-2021-38205: 38b8485b72cbe4521fd2e0b8770e3d78f9b89e60 net: xilinx_emaclite: Do not print real IOMEM pointer |
| |
| CVEs fixed in 5.4.142: |
| CVE-2021-3653: 7c1c96ffb658fbfe66c5ebed6bcb5909837bc267 KVM: nSVM: avoid picking up unsupported bits from L2 in int_ctl (CVE-2021-3653) |
| CVE-2021-3656: a17f2f2c89494c0974529579f3552ecbd1bc2d52 KVM: nSVM: always intercept VMLOAD/VMSAVE when nested (CVE-2021-3656) |
| |
| CVEs fixed in 5.4.143: |
| CVE-2020-3702: 0c049ce432b37a51a0da005314ac32e5d9324ccf ath: Use safer key clearing with key cache entries |
| CVE-2021-42008: a73b9aa142691c2ae313980a8734997a78f74b22 net: 6pack: fix slab-out-of-bounds in decode_data |
| |
| CVEs fixed in 5.4.144: |
| CVE-2021-3739: d7f7eca72ecc08f0bb6897fda2290293fca63068 btrfs: fix NULL pointer dereference when deleting device by invalid id |
| CVE-2021-3753: f4418015201bdca0cd4e28b363d88096206e4ad0 vt_kdsetmode: extend console locking |
| CVE-2021-39633: 53b480e68c1c2c778b620cc7f45a2ba5dff518ca ip_gre: add validation for csum_start |
| |
| CVEs fixed in 5.4.145: |
| CVE-2021-40490: 9b3849ba667af99ee99a7853a021a7786851b9fd ext4: fix race writing to an inline_data file while its xattrs are changing |
| CVE-2022-20141: d84708451d9041dff8a81e3718f821f12d2eb6c5 igmp: Add ip_mc_list lock in ip_check_mc_rcu |
| |
| CVEs fixed in 5.4.146: |
| CVE-2021-20322: f73cbdd1b8e7ea32c66138426f826c8734b70c18 ipv6: make exception cache less predictible |
| CVE-2021-34556: e80c3533c354ede56146ab0e4fbb8304d0c1209f bpf: Introduce BPF nospec instruction for mitigating Spectre v4 |
| CVE-2021-35477: e80c3533c354ede56146ab0e4fbb8304d0c1209f bpf: Introduce BPF nospec instruction for mitigating Spectre v4 |
| |
| CVEs fixed in 5.4.148: |
| CVE-2020-16119: 5ab04a4ffed02f66e8e6310ba8261a43d1572343 dccp: don't duplicate ccid when cloning dccp sock |
| CVE-2021-20320: a5fc48000b0ed5c389d426c341b43f580faa7904 s390/bpf: Fix optimizing out zero-extensions |
| CVE-2021-42252: 2712f29c44f18db826c7e093915a727b6f3a20e4 soc: aspeed: lpc-ctrl: Fix boundary check for mmap |
| |
| CVEs fixed in 5.4.151: |
| CVE-2021-37159: fe57d53dd91d7823f1ceef5ea8e9458a4aeb47fa usb: hso: fix error handling code of hso_create_net_device |
| CVE-2021-3744: 24f3d2609114f1e1f6b487b511ce5fa36f21e0ae crypto: ccp - fix resource leaks in ccp_run_aes_gcm_cmd() |
| CVE-2021-3764: 24f3d2609114f1e1f6b487b511ce5fa36f21e0ae crypto: ccp - fix resource leaks in ccp_run_aes_gcm_cmd() |
| CVE-2021-4203: 0fcfaa8ed9d1dcbe377b202a1b3cdfd4e566114c af_unix: fix races in sk_peer_pid and sk_peer_cred accesses |
| |
| CVEs fixed in 5.4.153: |
| CVE-2021-20321: fab338f33c25c4816ca0b2d83a04a0097c2c4aaf ovl: fix missing negative dentry check in ovl_rename() |
| CVE-2021-38300: 1a0fe45501a273ac52252448e43f975f0c18811e bpf, mips: Validate conditional branch offsets |
| CVE-2021-41864: b14f28126c51533bb329379f65de5b0dd689b13a bpf: Fix integer overflow in prealloc_elems_and_freelist() |
| |
| CVEs fixed in 5.4.155: |
| CVE-2021-3894: d88774539539dcbf825a25e61234f110513f5963 sctp: account stream padding length for reconf chunk |
| CVE-2021-4149: 005a07c9acd6cf8a40555884f0650dfd4ec23fbe btrfs: unlock newly allocated extent buffer after error |
| CVE-2022-0322: d88774539539dcbf825a25e61234f110513f5963 sctp: account stream padding length for reconf chunk |
| |
| CVEs fixed in 5.4.156: |
| CVE-2021-3760: 1f75f8883b4fe9fe1856d71f055120315e758188 nfc: nci: fix the UAF of rf_conn_info object |
| CVE-2021-3896: 285e9210b1fab96a11c0be3ed5cea9dd48b6ac54 isdn: cpai: check ctr->cnr to avoid array index out of bound |
| CVE-2021-43056: d0148cfaf89ce2af0d76e39943e200365e7fc99a KVM: PPC: Book3S HV: Make idle_kvm_start_guest() return 0 if it went to guest |
| CVE-2021-43389: 285e9210b1fab96a11c0be3ed5cea9dd48b6ac54 isdn: cpai: check ctr->cnr to avoid array index out of bound |
| CVE-2022-0644: 0f218ba4c8aac7041cd8b81a5a893b0d121e6316 vfs: check fd has read access in kernel_read_file_from_fd() |
| |
| CVEs fixed in 5.4.157: |
| CVE-2021-3772: 5953ee99bab134d74c805a00eaa20fed33f54255 sctp: use init_tag from inithdr for ABORT chunk |
| |
| CVEs fixed in 5.4.158: |
| CVE-2021-42739: 2461f38384d50dd966e1db44fe165b1896f5df5a media: firewire: firedtv-avc: fix a buffer overflow in avc_ca_pmt() |
| |
| CVEs fixed in 5.4.160: |
| CVE-2021-3640: d416020f1a9cc5f903ae66649b2c56d9ad5256ab Bluetooth: sco: Fix lock_sock() blockage by memcpy_from_msg() |
| CVE-2021-3752: 67bd269a84ce29dfc543c1683a2553b4169f9a55 Bluetooth: fix use-after-free error in lock_sock_nested() |
| CVE-2021-39686: 28a1e470b000d45bcf6c05f18a01d07cdc0b3235 binder: use euid from cred instead of using task |
| CVE-2021-45868: 10b808307d37d09b132fc086002bc1aa9910d315 quota: check block number when reading the block in quota file |
| CVE-2023-0047: 66938ba1285778634276a4b4028de367d7f1e8c2 mm, oom: do not trigger out_of_memory from the #PF |
| |
| CVEs fixed in 5.4.162: |
| CVE-2020-27820: 1c4af56ffbfb2fc6bd222f5dc8cb210c5ffaab70 drm/nouveau: use drm_dev_unplug() during device removal |
| CVE-2021-4002: 201340ca4eb748c52062c5e938826ddfbe313088 hugetlbfs: flush TLBs correctly after huge_pmd_unshare |
| CVE-2021-4202: e418bb556ff801e11592851fd465415757a2ef68 NFC: reorganize the functions in nci_request |
| |
| CVEs fixed in 5.4.164: |
| CVE-2021-4083: 03d4462ba3bc8f830d9807e3c3fde54fad06e2e2 fget: check that the fd still exists after getting a ref to it |
| CVE-2021-43975: 89d15a2e40d7edaaa16da2763b349dd7b056cc09 atlantic: Fix OOB read and write in hw_atl_utils_fw_rpc_wait |
| |
| CVEs fixed in 5.4.165: |
| CVE-2021-39685: fd6de5a0cd42fc43810bd74ad129d98ab962ec6b USB: gadget: detect too-big endpoint 0 requests |
| CVE-2021-39698: e0c03d15cd03476dd698c1ae7fb32a16d3e87f5c wait: add wake_up_pollfree() |
| CVE-2022-20132: 6e1e0a01425810494ce00d7b800b69482790b198 HID: add hid_is_usb() function to make it simpler for USB detection |
| |
| CVEs fixed in 5.4.168: |
| CVE-2021-28711: 4ed9f5c511ce95cb8db05ff82026ea901f45fd76 xen/blkfront: harden blkfront against event channel storms |
| CVE-2021-28712: 3e68d099f09c260a7dee28b99af02fe6977a9e66 xen/netfront: harden netfront against event channel storms |
| CVE-2021-28713: 560e64413b4a6d9bd6630e350d5f2e6a05f6ffe3 xen/console: harden hvc_xen against event channel storms |
| CVE-2021-28714: 8bfcd0385211044627f93d170991da1ae5937245 xen/netback: fix rx queue stall detection |
| CVE-2021-28715: 0d99b3c6bd39a0a023e972d8f912fd47698bbbb8 xen/netback: don't queue unlimited number of packages |
| CVE-2021-4135: 699e794c12a3cd79045ff135bc87a53b97024e43 netdevsim: Zero-initialize memory for new map's value in function nsim_bpf_map_alloc |
| |
| CVEs fixed in 5.4.169: |
| CVE-2021-45469: b0406b5ef4e2c4fb21d9e7d5c36a0453b4279e9b f2fs: fix to do sanity check on last xattr entry in __f2fs_setxattr() |
| CVE-2022-1195: a5c6a13e9056d87805ba3042c208fbd4164ad22b hamradio: improve the incomplete fix to avoid NPD |
| |
| CVEs fixed in 5.4.170: |
| CVE-2021-44733: 940e68e57ab69248fabba5889e615305789db8a7 tee: handle lookup of shm with reference count 0 |
| CVE-2022-20154: 831de271452b87657fcf8d715ee20519b79caef5 sctp: use call_rcu to free endpoint |
| CVE-2023-23006: db484d35a9482d21a7f36da4dfc7a68aa2e9e1d6 net/mlx5: DR, Fix NULL vs IS_ERR checking in dr_domain_init_resources |
| |
| CVEs fixed in 5.4.171: |
| CVE-2021-3923: 5eb5d9c6591d7e58f32088ef848503a4a947fc46 RDMA/core: Don't infoleak GRH fields |
| CVE-2021-4155: 102af6edfd3a372db6e229177762a91f552e5f5e xfs: map unwritten blocks in XFS_IOC_{ALLOC,FREE}SP just like fallocate |
| CVE-2021-45095: 2a6a811a45fde5acb805ead4d1e942be3875b302 phonet: refcount leak in pep_sock_accep |
| CVE-2022-3105: 7646a340b25bb68cfb6d2e087a608802346d0f7b RDMA/uverbs: Check for null return of kmalloc_array |
| |
| CVEs fixed in 5.4.173: |
| CVE-2022-0185: bd2aed0464ae3d6e83ce064cd91fc1a7fec48826 vfs: fs_context: fix up param length parsing in legacy_parse_param |
| |
| CVEs fixed in 5.4.174: |
| CVE-2021-43976: ae56c5524a750fd8cf32565cb3902ce5baaeb4e6 mwifiex: Fix skb_over_panic in mwifiex_usb_recv() |
| |
| CVEs fixed in 5.4.175: |
| CVE-2022-0330: 1b5553c79d52f17e735cd924ff2178a2409e6d0b drm/i915: Flush TLBs before releasing backing store |
| CVE-2022-22942: 84b1259fe36ae0915f3d6ddcea6377779de48b82 drm/vmwgfx: Fix stale file descriptors on failed usercopy |
| |
| CVEs fixed in 5.4.176: |
| CVE-2020-36516: 1f748455a8f0e984dc91fc09e6dfe99f0e58cfbe ipv4: avoid using shared IP generator for connected sockets |
| CVE-2022-0617: 31136e5467f381cf18e2cfd467207dda7678c7a2 udf: Fix NULL ptr deref when converting from inline format |
| CVE-2022-24448: 0dfacee40021dcc0a9aa991edd965addc04b9370 NFSv4: Handle case where the lookup of a directory fails |
| CVE-2022-24959: 7afc09c8915b0735203ebcb8d766d7db37b794c0 yam: fix a memory leak in yam_siocdevprivate() |
| |
| CVEs fixed in 5.4.177: |
| CVE-2022-0492: 0e8283cbe4996ae046cd680b3ed598a8f2b0d5d8 cgroup-v1: Require capabilities to set release_agent |
| CVE-2022-1055: b1d17e920dfcd4b56fa2edced5710c191f7e50b5 net: sched: fix use-after-free in tc_new_tfilter() |
| CVE-2022-2938: 2fd752ed77ab9880da927257b73294f29a199f1a psi: Fix uaf issue when psi trigger is destroyed while being polled |
| |
| CVEs fixed in 5.4.179: |
| CVE-2022-0435: d692e3406e052dbf9f6d9da0cba36cb763272529 tipc: improve size validations for received domain records |
| CVE-2022-0487: 3a0a7ec5574b510b067cfc734b8bdb6564b31d4e moxart: fix potential use-after-free on remove path |
| |
| CVEs fixed in 5.4.180: |
| CVE-2022-25258: 38fd68f55a7ef57fb9cc3102ac65d1ac474a1a18 USB: gadget: validate interface OS descriptor requests |
| CVE-2022-25375: c9e952871ae47af784b4aef0a77db02e557074d6 usb: gadget: rndis: check size of RNDIS_MSG_SET command |
| CVE-2022-2964: a0fd5492ee769029a636f1fb521716b022b1423d net: usb: ax88179_178a: Fix out-of-bounds accesses in RX fixup |
| |
| CVEs fixed in 5.4.181: |
| CVE-2022-20008: 902528183f4d94945a0c1ed6048d4a5d4e1e712e mmc: block: fix read single on recovery logic |
| |
| CVEs fixed in 5.4.182: |
| CVE-2022-25636: 49c011a44edd14adb555dbcbaf757f52b1f2f748 netfilter: nf_tables_offload: incorrect flow offload action array size |
| CVE-2022-26966: b95d71abeb7d31d4d51cd836d80f99fd783fd6d5 sr9700: sanity check for packet length |
| CVE-2022-27223: 6b23eda989236fd75b4a9893cc816cd690c29dfc USB: gadget: validate endpoint index for xilinx udc |
| |
| CVEs fixed in 5.4.183: |
| CVE-2022-24958: ba6fdd55b16677dcc1d7011270c140d2a37e5f35 usb: gadget: don't release an existing dev->buf |
| |
| CVEs fixed in 5.4.184: |
| CVE-2021-26401: b1bacf22a847d21a12900bd6a1eacaecb5bca253 x86/speculation: Use generic retpoline by default on AMD |
| CVE-2022-0001: 41b50510e593541e2ee1537614652e91e71f6bf5 x86/speculation: Rename RETPOLINE_AMD to RETPOLINE_LFENCE |
| CVE-2022-0002: 41b50510e593541e2ee1537614652e91e71f6bf5 x86/speculation: Rename RETPOLINE_AMD to RETPOLINE_LFENCE |
| CVE-2022-23036: 44d86dccd2a5f02a66c6784378d1429412d84bf0 xen/grant-table: add gnttab_try_end_foreign_access() |
| CVE-2022-23037: b507879c1e2d2c55752f658439df71595f4adff2 xen/netfront: don't use gnttab_query_foreign_access() for mapped status |
| CVE-2022-23038: 44d86dccd2a5f02a66c6784378d1429412d84bf0 xen/grant-table: add gnttab_try_end_foreign_access() |
| CVE-2022-23039: d193785a4bc91c2b9e004d16d0c9ea5bc0a2f34d xen/gntalloc: don't use gnttab_query_foreign_access() |
| CVE-2022-23040: 95ff82383266a7720d596eb8b4499ed01746a730 xen/xenbus: don't let xenbus_grant_ring() remove grants in error case |
| CVE-2022-23041: be63ea883e56aacf9326e581b53dff9ac087ace1 xen/9p: use alloc/free_pages_exact() |
| CVE-2022-23042: 0e35f3ab69bcb01fdbf5aadc78f1731778963b1c xen/netfront: react properly to failing gnttab_end_foreign_access_ref() |
| CVE-2022-23960: fdfc0baf829dfb306a1ec45900d2cfbee265ae60 ARM: report Spectre v2 status through sysfs |
| |
| CVEs fixed in 5.4.185: |
| CVE-2022-1011: a9174077febfb1608ec3361622bf5f91e2668d7f fuse: fix pipe buffer lifetime for direct_io |
| CVE-2022-1199: 0a64aea5fe023cf1e4973676b11f49038b1f045b ax25: Fix NULL pointer dereference in ax25_kill_by_device |
| |
| CVEs fixed in 5.4.187: |
| CVE-2022-20158: 268dcf1f7b3193bc446ec3d14e08a240e9561e4d net/packet: fix slab-out-of-bounds access in packet_recvmsg() |
| CVE-2022-20368: 268dcf1f7b3193bc446ec3d14e08a240e9561e4d net/packet: fix slab-out-of-bounds access in packet_recvmsg() |
| CVE-2022-3107: b01e2df5fbf68719dfb8e766c1ca6089234144c2 hv_netvsc: Add check for kvmalloc_array |
| |
| CVEs fixed in 5.4.188: |
| CVE-2022-1016: 06f0ff82c70241a766a811ae1acf07d6e2734dcb netfilter: nf_tables: initialize registers in nft_do_chain() |
| CVE-2022-26490: 0aef7184630b599493a0dcad4eec6d42b3e68e91 nfc: st21nfca: Fix potential buffer overflows in EVT_TRANSACTION |
| CVE-2022-27666: fee4dfbda68ba10f3bbcf51c861d6aa32f08f9e4 esp: Fix possible buffer overflow in ESP transformation |
| CVE-2022-28356: 572f9a0d3f3feb8bd3422e88ad71882bc034b3ff llc: fix netdevice reference leaks in llc_ui_bind() |
| |
| CVEs fixed in 5.4.189: |
| CVE-2021-4197: 691a0fd625e06c138f7662286a87ffba48773f34 cgroup: Use open-time credentials for process migraton perm checks |
| CVE-2022-1158: 1553126eccf4fad17afaeaed08db9e5944aa2d55 KVM: x86/mmu: do compare-and-exchange of gPTE via the user address |
| CVE-2022-1198: 28c8fd84bea13cbf238d7b19d392de2fcc31331c drivers: hamradio: 6pack: fix UAF bug caused by mod_timer() |
| CVE-2022-1353: ef388db2fe351230ff7194b37d507784bef659ec af_key: add __GFP_ZERO flag for compose_sadb_supported in function pfkey_register |
| CVE-2022-2380: 478154be3a8c21ff106310bb1037b1fc9d81dc62 video: fbdev: sm712fb: Fix crash in smtcfb_read() |
| CVE-2022-28389: 2dfe9422d528630e2ce0d454147230cce113f814 can: mcba_usb: mcba_usb_start_xmit(): fix double dev_kfree_skb in error path |
| CVE-2022-28390: e27caad38b59b5b00b9c5228d04c13111229deec can: ems_usb: ems_usb_start_xmit(): fix double dev_kfree_skb() in error path |
| CVE-2022-2977: a27ed2f3695baf15f9b34d2d7a1f9fc105539a81 tpm: fix reference counting for struct tpm_chip |
| CVE-2022-30594: 2458ecd21f29a3e5571d7d97764c043083deed5e ptrace: Check PTRACE_O_SUSPEND_SECCOMP permission on PTRACE_SEIZE |
| CVE-2022-3111: 90bec38f6a4c81814775c7f3dfc9acf281d5dcfa power: supply: wm8350-power: Add missing free in free_charger_irq |
| CVE-2022-3202: e19c3149a80e4fc8df298d6546640e01601f3758 jfs: prevent NULL deref in diFree |
| CVE-2022-3239: 92f84aa82dfaa8382785874277b0c4bedec89a68 media: em28xx: initialize refcount before kref_get |
| CVE-2023-1637: 17f3e31c860371ff72db7f9b2fb44ab008a133e0 x86/speculation: Restore speculation related MSRs during S3 resume |
| |
| CVEs fixed in 5.4.190: |
| CVE-2022-1204: 9e1e088a57c23251f1cfe9601bbd90ade2ea73b9 ax25: Fix refcount leaks caused by ax25_cb_del() |
| CVE-2022-41858: d05cd68ed8460cb158cc62c41ffe39fe0ca16169 drivers: net: slip: fix NPD bug in sl_tx_timeout() |
| |
| CVEs fixed in 5.4.191: |
| CVE-2022-2639: aa70705560871725e963945a2d36ace7849c004e openvswitch: fix OOB access in reserve_sfa_size() |
| CVE-2022-28388: 660784e7194ac2953aebe874c1f75f2441ba3d19 can: usb_8dev: usb_8dev_start_xmit(): fix double dev_kfree_skb() in error path |
| CVE-2022-29581: 5a4f3eba211a532b2eb5045102ad3ceea5e9f0f9 net/sched: cls_u32: fix netns refcount changes in u32_change() |
| |
| CVEs fixed in 5.4.192: |
| CVE-2022-1836: 7dea5913000c6a2974a00d9af8e7ffb54e47eac1 floppy: disable FDRAWCMD by default |
| CVE-2022-33981: 7dea5913000c6a2974a00d9af8e7ffb54e47eac1 floppy: disable FDRAWCMD by default |
| |
| CVEs fixed in 5.4.193: |
| CVE-2022-0494: c7337efd1d11acb6f84c68ffee57d3f312e87b24 block-map: add __GFP_ZERO flag for alloc_page in function bio_copy_kern |
| CVE-2022-1048: fbeb492694ce0441053de57699e1e2b7bc148a69 ALSA: pcm: Fix races among concurrent hw_params and hw_free calls |
| CVE-2022-1734: 33d3e76fc7a7037f402246c824d750542e2eb37f nfc: nfcmrvl: main: reorder destructive operations in nfcmrvl_nci_unregister_dev to avoid bugs |
| CVE-2022-1974: 85aecdef77f9c5b5c0d8988db6681960f0d46ab3 nfc: replace improper check device_is_registered() in netlink related functions |
| CVE-2022-1975: 01d4363dd7176fd780066cd020f66c0f55c4b6f9 NFC: netlink: fix sleep in atomic bug when firmware download timeout |
| CVE-2023-3159: 34b9b91829111a7e44b593c790a22680c89cd402 firewire: fix potential uaf in outbound_phy_packet_callback() |
| |
| CVEs fixed in 5.4.196: |
| CVE-2022-1652: 67e2b62461b5d02a1e63103e8a02c0bca75e26c7 floppy: use a statically allocated error counter |
| CVE-2022-1729: dd0ea88b0a0f913f82500e988ef38158a9ad9885 perf: Fix sys_perf_event_open() race against self |
| CVE-2022-28893: 2f8f6c393b11b5da059b1fc10a69fc2f2b6c446a SUNRPC: Ensure we flush any closed sockets before xs_xprt_free() |
| CVE-2022-48619: bb83a744bc671804016e23861a892e9db2aee73f Input: add bounds checking to input_set_capability() |
| CVE-2023-1838: 3a12b2c413b20c17832ec51cb836a0b713b916ac Fix double fget() in vhost_net_set_backend() |
| CVE-2023-4387: 32f779e6fbbe0c0860a00777b7e3dee6b5ec0c1c net: vmxnet3: fix possible use-after-free bugs in vmxnet3_rq_alloc_rx_buf() |
| CVE-2023-4459: dc64e8874e87dc1c1c723a1c6da7efc3305c18da net: vmxnet3: fix possible NULL pointer dereference in vmxnet3_rq_cleanup() |
| |
| CVEs fixed in 5.4.197: |
| CVE-2022-1012: ab5b00cfe0500f5f5a3648ca945b892156b839fb secure_seq: use the 64 bits of the siphash for port offset calculation |
| CVE-2022-20572: fd2f7e9984850a0162bfb6948b98ffac9fb5fa58 dm verity: set DM_TARGET_IMMUTABLE feature flag |
| CVE-2022-21499: 8bb828229da903bb5710d21065e0a29f9afd30e0 lockdown: also lock down previous kgdb use |
| CVE-2022-2503: fd2f7e9984850a0162bfb6948b98ffac9fb5fa58 dm verity: set DM_TARGET_IMMUTABLE feature flag |
| |
| CVEs fixed in 5.4.198: |
| CVE-2022-1184: 17034d45ec443fb0e3c0e7297f9cd10f70446064 ext4: verify dir block before splitting it |
| CVE-2022-1966: f36736fbd48491a8d85cd22f4740d542c5a1546e netfilter: nf_tables: disallow non-stateful expression in sets earlier |
| CVE-2022-3115: fa0d7ba25a53ac2e4bb24ef31aec49ff3578b44f drm: mali-dp: potential dereference of null pointer |
| CVE-2022-32250: f36736fbd48491a8d85cd22f4740d542c5a1546e netfilter: nf_tables: disallow non-stateful expression in sets earlier |
| CVE-2022-32981: 0c4bc0a2f8257f79a70fe02b9a698eb14695a64b powerpc/32: Fix overread/overwrite of thread_struct via ptrace |
| CVE-2022-3577: 00771de7cc28e405f5ae19ca46facd83a534bb8f HID: bigben: fix slab-out-of-bounds Write in bigben_probe |
| CVE-2023-4385: e54fd01178ebd5b13ef9e2fc0f3006765f37ee3c fs: jfs: fix possible NULL pointer dereference in dbFree() |
| |
| CVEs fixed in 5.4.199: |
| CVE-2022-21123: 0800f1b45bf6d85e5a168db9ae91fb816f0a8c34 x86/speculation/mmio: Add mitigation for Processor MMIO Stale Data |
| CVE-2022-21125: d961592635932bd1ea32a534412a41fb794e2212 x86/speculation/mmio: Reuse SRBDS mitigation for SBDS |
| CVE-2022-21166: 8d25482fc96aa2cb24a221295fdd498f40565415 x86/speculation/mmio: Enable CPU Fill buffer clearing on idle |
| |
| CVEs fixed in 5.4.201: |
| CVE-2022-32296: c26e1addf15763ae404f4bbf131719a724e768ab tcp: increase source port perturb table to 2^16 |
| |
| CVEs fixed in 5.4.202: |
| CVE-2021-33656: c87e851b23e5cb2ba90a3049ef38340ed7d5746f vt: drop old FONT ioctls |
| CVE-2023-2008: c7bdaad9cbfe17c83e4f56c7bb7a2d87d944f0fb udmabuf: add back sanity check |
| |
| CVEs fixed in 5.4.204: |
| CVE-2022-2318: bb91556d2af066f8ca2e7fd8e334d652e731ee29 net: rose: fix UAF bugs caused by timer handler |
| CVE-2022-26365: 42112e8f94617d83943f8f3b8de2b66041905506 xen/blkfront: fix leaking data in shared pages |
| CVE-2022-33740: 04945b5beb73019145ac17a2565526afa7293c14 xen/netfront: fix leaking data in shared pages |
| CVE-2022-33741: ede57be88a5fff42cd00e6bcd071503194d398dd xen/netfront: force data bouncing when backend is untrusted |
| CVE-2022-33742: 60ac50daad36ef3fe9d70d89cfe3b95d381db997 xen/blkfront: force data bouncing when backend is untrusted |
| CVE-2022-33744: 5c03cad51b84fb26ccea7fd99130d8ec47949cfc xen/arm: Fix race in RB-tree based P2M accounting |
| |
| CVEs fixed in 5.4.205: |
| CVE-2021-33655: 4f34f380f952289e818c76617bbb5c9a3a9a9dd0 fbcon: Disallow setting font bigger than screen size |
| |
| CVEs fixed in 5.4.207: |
| CVE-2022-36123: a3c7c1a726a4c6b63b85e8c183f207543fd75e1b x86: Clear .brk area at early boot |
| |
| CVEs fixed in 5.4.208: |
| CVE-2022-1462: f7785092cb7f022f59ebdaa181651f7c877df132 tty: use new tty_insert_flip_string_and_push_buffer() in pty_write() |
| CVE-2022-21505: ed3fea55066b4e054c4d212e54f9965abcac9685 lockdown: Fix kexec lockdown bypass with ima policy |
| CVE-2022-36879: f4248bdb7d5c1150a2a6f8c3d3b6da0b71f62a20 xfrm: xfrm_policy: fix a possible double xfrm_pols_put() in xfrm_bundle_lookup() |
| |
| CVEs fixed in 5.4.209: |
| CVE-2022-20566: 098e07ef0059296e710a801cdbd74b59016e6624 Bluetooth: L2CAP: Fix use-after-free caused by l2cap_chan_put |
| CVE-2022-36946: 52be29e8b6455788a4d0f501bd87aa679ca3ba3c netfilter: nf_queue: do not allow packet truncation below transport header offset |
| CVE-2023-2177: 8d6dab81ee3d0309c09987ff76164a25486c43e0 sctp: leave the err path free in sctp_stream_init to sctp_stream_free |
| |
| CVEs fixed in 5.4.210: |
| CVE-2021-4159: 7c1134c7da997523e2834dd516e2ddc51920699a bpf: Verifer, adjust_scalar_min_max_vals to always call update_reg_bounds() |
| CVE-2022-20369: 54e1abbe856020522a7952140c26a4426f01dab6 media: v4l2-mem2mem: Apply DST_QUEUE_OFF_BASE on MMAP buffers across ioctls |
| CVE-2022-26373: f2f41ef0352db9679bfae250d7a44b3113f3a3cc x86/speculation: Add RSB VM Exit protections |
| |
| CVEs fixed in 5.4.211: |
| CVE-2022-1679: e9e21206b8ea62220b486310c61277e7ebfe7cec ath9k: fix use-after-free in ath9k_hif_usb_rx_cb |
| CVE-2022-20422: 04549063d5701976034d8c2bfda3d3a8cbf0409f arm64: fix oops in concurrently setting insn_emulation sysctls |
| CVE-2022-2153: 8cdba919acefdd6fea5dd2b77a119f54fb88ce11 KVM: x86: Avoid theoretical NULL pointer dereference in kvm_irq_delivery_to_apic_fast() |
| CVE-2022-2586: fab2f61cc3b0e441b1749f017cfee75f9bbaded7 netfilter: nf_tables: do not allow SET_ID to refer to another table |
| CVE-2022-2588: 1fcd691cc2e7f808eca2e644adee1f1c6c1527fd net_sched: cls_route: remove from list when handle is 0 |
| CVE-2022-3625: 1ad4ba9341f15412cf86dc6addbb73871a10212f devlink: Fix use-after-free after a failed reload |
| CVE-2022-3629: f82f1e2042b397277cd39f16349950f5abade58d vsock: Fix memory leak in vsock_connect() |
| CVE-2022-3633: 04e41b6bacf474f5431491f92e981096e8cc8e93 can: j1939: j1939_session_destroy(): fix memory leak of skbs |
| CVE-2022-3635: 9a6cbaa50f263b12df18a051b37f3f42f9fb5253 atm: idt77252: fix use-after-free bugs caused by tst_timer |
| CVE-2022-41222: 79e522101cf40735f1936a10312e17f937b8dcad mm/mremap: hold the rmap lock in write mode when moving page table entries. |
| CVE-2023-1095: a452bc3deb23bf93f8a13d3e24611b7ef39645dc netfilter: nf_tables: fix null deref due to zeroed list head |
| |
| CVEs fixed in 5.4.212: |
| CVE-2022-3028: 8ee27a4f0f1ad36d430221842767880df6494147 af_key: Do not call xfrm_probe_algs in parallel |
| CVE-2022-42703: 2fe3eee48899a890310177d54537d5b8e255eb31 mm/rmap: Fix anon_vma->degree ambiguity leading to double-reuse |
| |
| CVEs fixed in 5.4.213: |
| CVE-2022-20421: 30d0901b307f27d36b2655fb3048cf31ee0e89c0 binder: fix UAF of ref->proc caused by race condition |
| CVE-2022-2663: 36f7b71f8ad8e4d224b45f7d6ecfeff63b091547 netfilter: nf_conntrack_irc: Fix forged IP logic |
| CVE-2022-3586: 279c7668e354fa151d5fd2e8c42b5153a1de3135 sch_sfb: Don't assume the skb is still around after enqueueing to child |
| CVE-2022-40307: 8028ff4cdbb3f20d3c1c04be33a83bab0cb94997 efi: capsule-loader: Fix use-after-free in efi_capsule_write |
| CVE-2022-4095: d0aac7146e96bf39e79c65087d21dfa02ef8db38 staging: rtl8712: fix use after free bugs |
| CVE-2022-4662: df1875084898b15cbc42f712e93d7f113ae6271b USB: core: Prevent nested device-reset calls |
| CVE-2023-2860: 3df71e11a4773d775c3633c44319f7acdb89011c ipv6: sr: fix out-of-bounds read when setting HMAC data. |
| |
| CVEs fixed in 5.4.215: |
| CVE-2022-3303: 4051324a6dafd7053c74c475e80b3ba10ae672b0 ALSA: pcm: oss: Fix race at SNDCTL_DSP_SYNC |
| CVE-2022-39842: 1878eaf0edb8c9e58a6ca0cf31b7a647ca346be9 video: fbdev: pxa3xx-gcu: Fix integer overflow in pxa3xx_gcu_write |
| CVE-2022-42432: 721ea8ac063d70c2078c4e762212705de6151764 netfilter: nfnetlink_osf: fix possible bogus match in nf_osf_find() |
| |
| CVEs fixed in 5.4.217: |
| CVE-2022-23816: 893cd858b09ca20c8c919db8dc5b009895626da3 x86/kvm/vmx: Make noinstr clean |
| CVE-2022-29900: 893cd858b09ca20c8c919db8dc5b009895626da3 x86/kvm/vmx: Make noinstr clean |
| CVE-2022-29901: 893cd858b09ca20c8c919db8dc5b009895626da3 x86/kvm/vmx: Make noinstr clean |
| |
| CVEs fixed in 5.4.218: |
| CVE-2022-2978: 70e4f70d54e0225f91814e8610477d65f33cefe4 fs: fix UAF/GPF bug in nilfs_mdt_destroy |
| CVE-2022-3621: 792211333ad77fcea50a44bb7f695783159fc63c nilfs2: fix NULL pointer dereference at nilfs_bmap_lookup_at_level() |
| CVE-2022-3646: b7e409d11db9ce9f8bc05fcdfa24d143f60cd393 nilfs2: fix leak of nilfs_root in case of writer thread creation failure |
| CVE-2022-40768: 20a5bde605979af270f94b9151f753ec2caf8b05 scsi: stex: Properly zero out the passthrough command structure |
| CVE-2022-41674: 020402c7dd587a8a4725d32bbd172a5f7ecc5f8f wifi: cfg80211: fix u8 overflow in cfg80211_update_notlisted_nontrans() |
| CVE-2022-42720: 785eaabfe3103e8bfa36aebacff6e8f69f092ed7 wifi: cfg80211: fix BSS refcounting bugs |
| CVE-2022-42721: 77bb20ccb9dfc9ed4f9c93788c90d08cfd891cdc wifi: cfg80211: avoid nontransmitted BSS list corruption |
| CVE-2022-43750: 21446ad9cb9844b90d7d8e73d8fff03160e51ebc usb: mon: make mmapped memory read only |
| |
| CVEs fixed in 5.4.219: |
| CVE-2022-42719: 0cb5be43dc4b79da010522f79a06fa56f944d3cd wifi: mac80211: fix MBSSID parsing use-after-free |
| |
| CVEs fixed in 5.4.220: |
| CVE-2022-2602: 04df9719df1865f6770af9bc7880874af0e594b2 io_uring/af_unix: defer registered files gc to io_uring release |
| CVE-2022-3535: 72c0d361940aec02d114d6f8f351147b85190464 net: mvpp2: fix mvpp2 debugfs leak |
| CVE-2022-3542: 71e0ab5b7598d88001762fddbfeb331543c62841 bnx2x: fix potential memory leak in bnx2x_tpa_stop() |
| CVE-2022-3565: 466ed722f205c2cf8caba5982f3cd9729e767903 mISDN: fix use-after-free bugs in l1oip timer handlers |
| CVE-2022-3594: 61fd56b0a1a3e923aced4455071177778dd59e88 r8152: Rate limit overflow messages |
| CVE-2022-3649: d1c2d820a2cd73867b7d352e89e92fb3ac29e926 nilfs2: fix use-after-free bug of struct nilfs_root |
| CVE-2022-41849: 3742e9fd552e6c4193ebc5eb3d2cd02d429cad9c fbdev: smscufx: Fix use-after-free in ufx_ops_open() |
| CVE-2022-41850: e30c3a9a88818e5cf3df3fda6ab8388bef3bc6cd HID: roccat: Fix use-after-free in roccat_read() |
| |
| CVEs fixed in 5.4.223: |
| CVE-2023-0615: d8f479c777b413ba42c63e1a5ce6eee3d25b6714 media: vivid: dev->bitmap_cap wasn't freed in all cases |
| |
| CVEs fixed in 5.4.224: |
| CVE-2021-3759: bad83d55134e647a739ebef2082541963f2cbc92 memcg: enable accounting of ipc resources |
| CVE-2022-3524: 92aaa5e8fe90a008828a1207e66a30444bcb1cbd tcp/udp: Fix memory leak in ipv6_renew_options(). |
| CVE-2022-3564: 4cd094fd5d872862ca278e15b9b51b07e915ef3f Bluetooth: L2CAP: Fix use-after-free caused by l2cap_reassemble_sdu |
| CVE-2022-3628: a16415c8f156bec5399ef0345715ee4b90e5bb83 wifi: brcmfmac: Fix potential buffer overflow in brcmf_fweh_event_worker() |
| CVE-2022-42895: 6949400ec9feca7f88c0f6ca5cb5fdbcef419c89 Bluetooth: L2CAP: Fix attempting to access uninitialized memory |
| CVE-2023-3812: ca791952d42c5b40d548ff6c4a879216039b0ca1 net: tun: fix bugs for oversize packet when napi frags enabled |
| |
| CVEs fixed in 5.4.225: |
| CVE-2022-3521: ad39d09190a545d0f05ae0a82900eee96c5facea kcm: avoid potential race in kcm_tx_work |
| CVE-2023-26607: 0e2ce0954b39c8d60928f61217b72f352722a2cf ntfs: fix out-of-bounds read in ntfs_attr_find() |
| |
| CVEs fixed in 5.4.226: |
| CVE-2022-3169: 99c59256ea00ff7fab4914bb38e10a84850de514 nvme: ensure subsystem reset is single threaded |
| CVE-2022-42896: 0d87bb6070361e5d1d9cb391ba7ee73413bc109b Bluetooth: L2CAP: Fix accepting connection request for invalid SPSM |
| CVE-2023-1382: 30f91687fa2502abb0b4d79569b63d1381169ccf tipc: set con sock in tipc_conn_alloc |
| |
| CVEs fixed in 5.4.227: |
| CVE-2022-3643: 8fe1bf6f32cd5b96ddcd2a38110603fe34753e52 xen/netback: Ensure protocol headers don't fall in the non-linear area |
| CVE-2023-28327: c66d78aee55dab72c92020ebfbebc464d4f5dd2a af_unix: Get user_ns from in_skb in unix_diag_get_exact(). |
| |
| CVEs fixed in 5.4.228: |
| CVE-2022-3545: 3c837460f920a63165961d2b88b425703f59affb nfp: fix use-after-free in area_cache_get() |
| CVE-2022-3623: 176ba4c19d1bb153aa6baaa61d586e785b7d736c mm/hugetlb: fix races when looking up a CONT-PTE/PMD size hugetlb page |
| |
| CVEs fixed in 5.4.229: |
| CVE-2022-3424: 0078dd8758561540ed30b2c5daa1cb647e758977 misc: sgi-gru: fix use-after-free error in gru_set_context_option, gru_fault and gru_handle_user_call_os |
| CVE-2022-36280: 94b283341f9f3f0ed56a360533766377a01540e0 drm/vmwgfx: Validate the box size for the snooped cursor |
| CVE-2022-41218: a29d6213098816ed4574824b6adae94fb1c0457d media: dvb-core: Fix UAF due to refcount races at releasing |
| CVE-2022-45934: 9fdc79b571434af7bc742da40a3405f038b637a7 Bluetooth: L2CAP: Fix u8 overflow |
| CVE-2022-47929: 9b83ec63d0de7b1f379daa1571e128bc7b9570f8 net: sched: disallow noqueue for qdisc classes |
| CVE-2023-0045: 8cbd7f26438738238c245a9c0aaf7ebf43283fba x86/bugs: Flush IBP in ib_prctl_set() |
| CVE-2023-0266: eaa5580a74cc8355260caeb526cf49d34e7304a8 ALSA: pcm: Move rwsem lock inside snd_ctl_elem_read to prevent UAF |
| CVE-2023-0394: 3998dba0f78a59922b0ef333ccfeb58d9410cd3d ipv6: raw: Deduct extension header length in rawv6_push_pending_frames |
| CVE-2023-0461: c6d29a5ffdbc362314853462a0e24e63330a654d net/ulp: prevent ULP without clone op from entering the LISTEN status |
| CVE-2023-23454: 6b17b84634f932f4787f04578f5d030874b9ff32 net: sched: cbq: dont intepret cls results when asked to drop |
| CVE-2023-23455: 63e469cb54a87df53edcfd85bb5bcdd84327ae4a net: sched: atm: dont intepret cls results when asked to drop |
| CVE-2023-28328: 8b256d23361c51aa4b7fdb71176c1ca50966fb39 media: dvb-usb: az6027: fix null-ptr-deref in az6027_i2c_xfer() |
| |
| CVEs fixed in 5.4.230: |
| CVE-2022-4382: 9a39f4626b361ee7aa10fd990401c37ec3b466ae USB: gadgetfs: Fix race between mounting and unmounting |
| CVE-2023-0458: 96b02125dd68d77e28a29488e6f370a5eac7fb1c prlimit: do_prlimit needs to have a speculation check |
| |
| CVEs fixed in 5.4.231: |
| CVE-2022-4129: 7188c37f3c2527086aa46cbb37060fa73b144c65 l2tp: Serialize access to sk_user_data with sk_callback_lock |
| CVE-2023-1073: 89e7fe3999e057c91f157b6ba663264f4cdfcb55 HID: check empty report_list in hid_validate_values() |
| CVE-2023-1074: a7585028ac0a5836f39139c11594d79ede97d975 sctp: fail if no bound addresses can be used for a given scope |
| CVE-2023-23559: 9042a9a3f29c942387e6d6036551d90c9ae6ce4f wifi: rndis_wlan: Prevent buffer overflow in rndis_query_oid |
| CVE-2023-3358: 97445814efcd0ba7a347b1463ba86bdf3cdc65aa HID: intel_ish-hid: Add check for ishtp_dma_tx_map |
| |
| CVEs fixed in 5.4.232: |
| CVE-2023-1078: ba38eacade35dd2316d77b37494e6e0c01bab595 rds: rds_rm_zerocopy_callback() use list_first_entry() |
| CVE-2023-1513: 9f95a161a7deef62d6d2f57b1a69f94e0546d8d8 kvm: initialize all of the kvm_debugregs structure before sending it to userspace |
| CVE-2023-2162: d4d765f4761f9e3a2d62992f825aeee593bcb6b9 scsi: iscsi_tcp: Fix UAF during login when accessing the shost ipaddress |
| CVE-2023-26545: df099e65564aa47478eb1cacf81ba69024fb5c69 net: mpls: fix stale pointer if allocation fails during device rename |
| CVE-2023-3161: 4abcd352a0222cc807f6f87d2f58d59aeeb70340 fbcon: Check font dimension limits |
| CVE-2023-32269: 20355b9569bd1fd5a236898524b6dd4117e660d0 netrom: Fix use-after-free caused by accept on already connected socket |
| CVE-2023-3567: d0332cbf53dad06a22189cc341391237f4ea6d9f vc_screen: move load of struct vc_data pointer in vcs_read() to avoid UAF |
| |
| CVEs fixed in 5.4.233: |
| CVE-2022-3707: 787ef0db014085df8691e5aeb58ab0bb081e5ff0 drm/i915/gvt: fix double free bug in split_2MB_gtt_entry |
| CVE-2023-0459: 6c750ed0367f6bf1b09c0c353a701781ee05dd22 uaccess: Add speculation barrier to copy_from_user() |
| |
| CVEs fixed in 5.4.235: |
| CVE-2023-1076: d92d87000eda9884d49f1acec1c1fccd63cd9b11 tun: tun_chr_open(): correctly initialize socket uid |
| CVE-2023-1077: 084cd75643b61fb924f70cba98a71dea14942938 sched/rt: pick_next_rt_entity(): check list_entry |
| CVE-2023-1079: dd08e68d04d08d2f42b09162c939a0b0841216cc HID: asus: use spinlock to safely schedule workers |
| CVE-2023-1118: d120334278b370b6a1623a75ebe53b0c76cb247c media: rc: Fix use-after-free bugs caused by ene_tx_irqsim() |
| CVE-2023-1829: 7a6fb69bbcb21e9ce13bdf18c008c268874f0480 net/sched: Retire tcindex classifier |
| CVE-2023-2985: 3776ef785e1005355cdd86c751a8e838bac8e2e8 fs: hfsplus: fix UAF issue in hfsplus_put_super |
| CVE-2023-3220: dadd30fcc7e3e01561ef3624f6c0e323105ab523 drm/msm/dpu: Add check for pstates |
| CVE-2023-45862: da4e715a466ca982d4584da21ea385f28ca79ce6 USB: ene_usb6250: Allocate enough memory for full object |
| CVE-2023-7192: 5d0d38805d3234ca2cd6fbeb74d706348f4bbc43 netfilter: ctnetlink: fix possible refcount leak in ctnetlink_create_conntrack() |
| |
| CVEs fixed in 5.4.238: |
| CVE-2023-1855: 26c176ce902861a45f8d699e057245ed7e0bcdf2 hwmon: (xgene) Fix use after free bug in xgene_hwmon_remove due to race condition |
| CVE-2023-1990: b0c202a8dc63008205a5d546559736507a9aae66 nfc: st-nci: Fix use after free bug in ndlc_remove due to race condition |
| CVE-2023-30456: 65e4c9a6d0c9a8c81ce75576869d46fff5d7964f KVM: nVMX: add missing consistency checks for CR0 and CR4 |
| |
| CVEs fixed in 5.4.240: |
| CVE-2021-33631: 14b6ad56df25c3a4a50cfbc0638e176577a9fce9 ext4: fix kernel BUG in 'ext4_write_inline_data_end()' |
| CVE-2022-4744: 0c0e566f0387490d16f166808c72e9c772027681 tun: avoid double free in tun_free_netdev |
| CVE-2023-0590: 0f5c0e0a4c0b081e5f959578a8e56c7921e63a2d net: sched: fix race condition in qdisc_graft() |
| CVE-2023-1670: a07ec453e86abbd14e2d06d59367b4dd11437358 xirc2ps_cs: Fix use after free bug in xirc2ps_detach |
| CVE-2023-1989: a18fb433ceb56e0787546a9d77056dd0f215e762 Bluetooth: btsdio: fix use after free bug in btsdio_remove due to unfinished work |
| CVE-2023-2194: f8cbad984b1601435d087125ac760d3cae90213a i2c: xgene-slimpro: Fix out-of-bounds bug in xgene_slimpro_i2c_xfer() |
| CVE-2023-2483: 0e5c7d00ec4f2f359234044b809eb23b7032d9b0 net: qcom/emac: Fix use after free bug in emac_remove due to race condition |
| CVE-2023-28466: 754838aa02050ff3d8675bef79d172097218ea71 net: tls: fix possible race condition between do_tls_getsockopt_conf() and do_tls_setsockopt_conf() |
| CVE-2023-30772: 6fe078c2864b9defaa632733a5bae969b398b673 power: supply: da9150: Fix use after free bug in da9150_charger_remove due to race condition |
| CVE-2023-33203: 0e5c7d00ec4f2f359234044b809eb23b7032d9b0 net: qcom/emac: Fix use after free bug in emac_remove due to race condition |
| |
| CVEs fixed in 5.4.241: |
| CVE-2021-4037: e76bd6da51235ce86f5a8017dd6c056c76da64f9 xfs: fix up non-directory creation in SGID directories |
| CVE-2023-1859: fcd084e199b9a38490bfedd97885bbaba14475e5 9p/xen : Fix use after free bug in xen_9pfs_front_remove due to race condition |
| |
| CVEs fixed in 5.4.242: |
| CVE-2023-2163: 0f0a291cc5208dcc6436974246e8c18106e3c3d2 bpf: Fix incorrect verifier pruning due to missing register precision taints |
| CVE-2023-2248: 35dceaeab97c9e5f3fda3b10ce7f8110df0feecd net: sched: sch_qfq: prevent slab-out-of-bounds in qfq_activate_agg |
| CVE-2023-2513: 5a62248c58556c395c604d4161d53afae16b6fad ext4: fix use-after-free in ext4_xattr_set_entry |
| CVE-2023-31436: 35dceaeab97c9e5f3fda3b10ce7f8110df0feecd net: sched: sch_qfq: prevent slab-out-of-bounds in qfq_activate_agg |
| |
| CVEs fixed in 5.4.243: |
| CVE-2023-0160: c229821510dfe35e89899b00ec34f9f5876fbbd2 bpf, sockmap: fix deadlocks in the sockhash and sockmap |
| CVE-2023-1380: 425eea395f1f5ae349fb55f7fe51d833a5324bfe wifi: brcmfmac: slab-out-of-bounds read in brcmf_get_assoc_ies() |
| CVE-2023-2002: 48cdcb40d589d990ccc1a99fb76843484ce732a0 bluetooth: Perform careful capability checks in hci_sock_ioctl() |
| CVE-2023-2269: 29a1ef57c3be1d53ecadb749d45b0636e8245a89 dm ioctl: fix nested locking in table_clear() to remove deadlock concern |
| CVE-2023-32233: c8b6063f13add68f89540aa5030ceee875f48aa2 netfilter: nf_tables: deactivate anonymous set from preparation phase |
| CVE-2023-3268: bc0905a76531fa10fd12d661328636453a36f4ce relayfs: fix out-of-bounds access in relay_file_read |
| CVE-2023-34256: 4f4fd982d972a55dee129f7da517b81fa16c408d ext4: avoid a potential slab-out-of-bounds in ext4_group_desc_csum |
| CVE-2023-35823: a4b6ab360f56ccdcde29eab29f493d8c464c3ffb media: saa7134: fix use after free bug in saa7134_finidev due to race condition |
| CVE-2023-35824: cd1583caed7ea879ecb638ed876960e41363b7b6 media: dm1105: Fix use after free bug in dm1105_remove due to race condition |
| CVE-2023-35828: 0fee5030c09401818c17be0786f2684c1cc1e440 usb: gadget: udc: renesas_usb3: Fix use after free bug in renesas_usb3_remove due to race condition |
| CVE-2024-0775: 2dda2029067106f0835655a0417f1a5eaf3ba0b0 ext4: improve error recovery code paths in __ext4_remount() |
| |
| CVEs fixed in 5.4.244: |
| CVE-2022-34918: 05b4105e6852b584dd115d0a1f0fe96bde9c58c5 netfilter: nf_tables: stricter validation of element data |
| CVE-2022-39189: 1eb3e32de7b1f6ed927dfff3ab3651ce25f3d516 KVM: x86: do not report a vCPU as preempted outside instruction boundaries |
| CVE-2023-3090: 1aa872e967f2017041bb2284479b3c6ce8d121b5 ipvlan:Fix out-of-bounds caused by unclear skb->cb |
| CVE-2023-3141: a2a5d3a584bf86c9c09017381a8fc63cfaf5a9e6 memstick: r592: Fix UAF bug in r592_remove due to race condition |
| |
| CVEs fixed in 5.4.246: |
| CVE-2022-45886: ed47886a73dbc0477ae09a4a979e27317cf2b52d media: dvb-core: Fix use-after-free due on race condition at dvb_net |
| CVE-2022-45887: 08b20cb8e5b9d69bb3b83c1ad30a702767a9f0ef media: ttusb-dec: fix memory leak in ttusb_dec_exit_dvb() |
| CVE-2022-45919: 353fd22693a672efb337d399e610898c64f57b17 media: dvb-core: Fix use-after-free due to race condition at dvb_ca_en50221 |
| CVE-2023-35788: 94a00f1142c581fe01d17d7beca314592f85e83a net/sched: flower: fix possible OOB write in fl_set_geneve_opt() |
| |
| CVEs fixed in 5.4.247: |
| CVE-2023-3111: 8e546674031fc1576da501e27a8fd165222e5a37 btrfs: unset reloc control if transaction commit fails in prepare_to_relocate() |
| |
| CVEs fixed in 5.4.248: |
| CVE-2023-3338: 6b1203ae83c3d07bad90b6f38ebf2e4d5998dd28 Remove DECnet support from kernel |
| CVE-2023-3609: 46305daf8064598a4008af1728651296815a74ed net/sched: cls_u32: Fix reference counter leak leading to overflow |
| |
| CVEs fixed in 5.4.249: |
| CVE-2023-2124: c87439055174b31c51a89f8d66af2600033c664d xfs: verify buffer contents when we skip log replay |
| CVE-2023-34255: c87439055174b31c51a89f8d66af2600033c664d xfs: verify buffer contents when we skip log replay |
| |
| CVEs fixed in 5.4.250: |
| CVE-2023-20593: 00363ef30797211c247605464dc3daaa988531a2 x86/cpu/amd: Add a Zenbleed fix |
| |
| CVEs fixed in 5.4.251: |
| CVE-2023-3117: 1adb5c272b200c24e9a7dd3bff891ce6eb75b019 netfilter: nf_tables: incorrect error path handling with NFT_MSG_NEWRULE |
| CVE-2023-3212: 23f98fe887ce3e7c8bd111f37e62735c5018c534 gfs2: Don't deref jdesc in evict |
| CVE-2023-3390: 1adb5c272b200c24e9a7dd3bff891ce6eb75b019 netfilter: nf_tables: incorrect error path handling with NFT_MSG_NEWRULE |
| CVE-2023-35001: b7d636c924eb275651bfb036eb8eca49c3f7bc24 netfilter: nf_tables: prevent OOB access in nft_byteorder_eval |
| CVE-2023-3776: 808211a8d427404331e39e3b8c94ab5242eef8f5 net/sched: cls_fw: Fix improper refcount update leads to use-after-free |
| CVE-2023-3863: dd6ff3f3862709ab1a12566e73b9d6a9b8f6e548 net: nfc: Fix use-after-free caused by nfc_llcp_find_local |
| CVE-2023-39197: 337fdce450637ea663bc816edc2ba81e5cdad02e netfilter: conntrack: dccp: copy entire header to stack buffer, not just basic one |
| CVE-2023-4132: d485150c9a52167a6175f542397a098b4cd89dc9 media: usb: siano: Fix warning due to null work_func_t function pointer |
| CVE-2023-51043: 380c7ceabdde0ea5b4e709620f299bcd5c1c8abc drm/atomic: Fix potential use-after-free in nonblocking commits |
| |
| CVEs fixed in 5.4.252: |
| CVE-2022-40982: f68f9f2df68e246548bdc1a2279c55f98c4ca473 x86/speculation: Add Gather Data Sampling mitigation |
| CVE-2023-20569: 1f0618bb24563aaa51473f23863b1e09bbf2ff2c x86/bugs: Increase the x86 bugs vector size to two u32s |
| |
| CVEs fixed in 5.4.253: |
| CVE-2023-1206: d87d67c8bdd13b2d4f7414ba97c54ba825337c47 tcp: Reduce chance of collisions in inet6_hashfn(). |
| CVE-2023-1611: 0e0f324c259d87639bda61a0bdea9c32c4aecdc6 btrfs: fix race between quota disable and quota assign ioctls |
| CVE-2023-3006: f41cab7a4653a5b39e49f1385fca53c0b8f93324 arm64: Add AMPERE1 to the Spectre-BHB affected list |
| CVE-2023-3611: cf8ecd6ea68099a38e94e9b82cf58f6fd4cdf3c9 net/sched: sch_qfq: account for stab overhead in qfq_enqueue |
| CVE-2023-40283: a2da00d1ea1abfb04f846638e210b5b5166e3c9c Bluetooth: L2CAP: Fix use-after-free in l2cap_sock_ready_cb |
| CVE-2023-4128: be785808db32b595728c4042d002c83d0dd4b66f net/sched: cls_u32: No longer copy tcf_result on update to avoid use-after-free |
| CVE-2023-4206: 1c8262f31fd2d23d1cfd2539715d976c2a99e582 net/sched: cls_route: No longer copy tcf_result on update to avoid use-after-free |
| CVE-2023-4207: 83e3d4b0ae373dcba30c68bf28f8d179191a297a net/sched: cls_fw: No longer copy tcf_result on update to avoid use-after-free |
| CVE-2023-4208: be785808db32b595728c4042d002c83d0dd4b66f net/sched: cls_u32: No longer copy tcf_result on update to avoid use-after-free |
| |
| CVEs fixed in 5.4.255: |
| CVE-2023-3772: 8046beb890ebc83c5820188c650073e1c6066e67 xfrm: add NULL check in xfrm_update_ae_params |
| CVE-2023-39194: 373848d51fde9138cdc539b1d97dc6b301cc04d5 net: xfrm: Fix xfrm_address_filter OOB read |
| CVE-2023-51042: c6059af6bf5ed436b4aa5229e8113bd2546322d4 drm/amdgpu: Fix potential fence use-after-free v2 |
| |
| CVEs fixed in 5.4.257: |
| CVE-2023-39189: a44602888bbe89d9dd89cb84baed2e356aba7436 netfilter: nfnetlink_osf: avoid OOB read |
| CVE-2023-39192: 28ce8495b5599abaa4b4f0bbb45f1f8e89b07e15 netfilter: xt_u32: validate user space input |
| CVE-2023-39193: 64831fb6a2040c25473ff8c8e85b3a42bd38494c netfilter: xt_sctp: validate the flag_info count |
| CVE-2023-42752: 3d54e99499307c3e5613a2fe2a5c9b97eef95ff4 igmp: limit igmpv3_newpack() packet size to IP_MAX_MTU |
| CVE-2023-42753: 109e830585e89a03d554bf8ad0e668630d0a6260 netfilter: ipset: add the missing IP_SET_HASH_WITH_NET0 macro for ip_set_hash_netportnet.c |
| CVE-2023-42755: 42900fd140c8db99141b9f083bfe8de887190ed9 net/sched: Retire rsvp classifier |
| CVE-2023-45871: c2ad60ed38b872aa971408b8b8eaad7a91501b37 igb: set max size RX buffer when store bad packet is enabled |
| CVE-2023-4623: da13749d5ff70bb033a8f35da32cfd6e88246b2f net/sched: sch_hfsc: Ensure inner classes have fsc curve |
| CVE-2023-4921: a6d11571b91d34fd7ce8451c2dfd112194c79ae2 net: sched: sch_qfq: Fix UAF in qfq_dequeue() |
| |
| CVEs fixed in 5.4.258: |
| CVE-2023-31085: c6d358387632a6d45b3e5d4c310cfec1bde59423 ubi: Refuse attaching if mtd's erasesize is 0 |
| CVE-2023-42754: 810fd23d9715474aa27997584e8fc9396ef3cb67 ipv4: fix null-deref in ipv4_link_failure |
| |
| CVEs fixed in 5.4.259: |
| CVE-2023-35827: 65d34cfd4e347054eb4193bc95d9da7eaa72dee5 ravb: Fix use-after-free issue in ravb_tx_timeout_work() |
| CVE-2023-46343: 76050b0cc5a72e0c7493287b7e18e1cb9e3c4612 nfc: nci: fix possible NULL pointer dereference in send_acknowledge() |
| CVE-2023-5717: 7252c8b981853bb8930de44fab924f947362683f perf: Disallow mis-matched inherited group reads |
| |
| CVEs fixed in 5.4.260: |
| CVE-2021-44879: e9a988cd4c8baac7550aa0c2f1efc9533ed9da36 f2fs: fix to do sanity check on inode type during garbage collection |
| CVE-2023-45863: 5776aeee2a604ccc03e8269713624f9c8fd318e0 kobject: Fix slab-out-of-bounds in fill_kobj_path() |
| |
| CVEs fixed in 5.4.263: |
| CVE-2023-6121: afbedd6136cbff0b4412efd09d98d2cb7348563c nvmet: nul-terminate the NQNs passed in the connect command |
| CVE-2023-6932: 7ccf772a8bad7962d12d48723447c3605a6e23c1 ipv4: igmp: fix refcnt uaf issue when receiving igmp query packet |
| CVE-2024-0584: 7ccf772a8bad7962d12d48723447c3605a6e23c1 ipv4: igmp: fix refcnt uaf issue when receiving igmp query packet |
| |
| CVEs fixed in 5.4.264: |
| CVE-2023-6931: 152f51d159f35b2f64d7046429703500375becc9 perf: Fix perf_event_validate_size() |
| |
| CVEs fixed in 5.4.265: |
| CVE-2023-51780: b099c28847cfa33854731eeec9c64619d99a1255 atm: Fix Use-After-Free in do_vcc_ioctl |
| CVE-2023-51781: 9112bd107208cd6a4f0175ca36289ed170622cce appletalk: Fix Use-After-Free in atalk_ioctl |
| CVE-2023-51782: 3df812627e7d0bf557f3781c3448d42c8fe8313e net/rose: Fix Use-After-Free in rose_ioctl |
| |
| CVEs fixed in 5.4.266: |
| CVE-2023-6606: 508e2fdd978e4c26798eac2059f9520255904f82 smb: client: fix OOB in smbCalcSize() |
| |
| CVEs fixed in 5.4.267: |
| CVE-2023-52340: 584756c3d75a1722a868a1d22602251385bee798 ipv6: remove max_size check inline with ipv4 |
| CVE-2023-6040: 8711fa0c06d49ad3a45b60cc10ae72980df89b00 netfilter: nf_tables: Reject tables of unsupported family |
| CVE-2024-0646: c67bf30baf261b467988fd40668bc893b71586b9 net: tls, update curr on splice as well |
| |
| CVEs fixed in 5.4.268: |
| CVE-2023-46838: 4404c2b832cf0a842b6e3c63fb5749e97dc618ea xen-netback: don't produce zero-size SKB frags |
| CVE-2023-6915: ef7152f8705fed11796641d7644acc3c950b5967 ida: Fix crash in ida_free when the bitmap is empty |
| |
| Outstanding CVEs: |
| CVE-2005-3660: (unk) |
| CVE-2007-3719: (unk) |
| CVE-2008-2544: (unk) |
| CVE-2008-4609: (unk) |
| CVE-2010-4563: (unk) |
| CVE-2010-5321: (unk) |
| CVE-2011-4916: (unk) |
| CVE-2011-4917: (unk) |
| CVE-2012-4542: (unk) |
| CVE-2013-7445: (unk) |
| CVE-2015-2877: (unk) |
| CVE-2016-8660: (unk) |
| CVE-2017-13693: (unk) |
| CVE-2017-13694: (unk) |
| CVE-2018-1121: (unk) |
| CVE-2018-12928: (unk) |
| CVE-2018-12929: (unk) |
| CVE-2018-12930: (unk) |
| CVE-2018-12931: (unk) |
| CVE-2018-17977: (unk) |
| CVE-2019-12456: (unk) |
| CVE-2019-15239: (unk) unknown |
| CVE-2019-15290: (unk) |
| CVE-2019-15794: (unk) ovl: fix reference counting in ovl_mmap error path |
| CVE-2019-15902: (unk) unknown |
| CVE-2019-16089: (unk) |
| CVE-2019-19378: (unk) |
| CVE-2019-19449: (unk) f2fs: fix to do sanity check on segment/section count |
| CVE-2019-19814: (unk) |
| CVE-2019-20794: (unk) |
| CVE-2020-0347: (unk) |
| CVE-2020-10708: (unk) |
| CVE-2020-11725: (unk) |
| CVE-2020-12362: (unk) drm/i915/guc: Update to use firmware v49.0.1 |
| CVE-2020-12363: (unk) drm/i915/guc: Update to use firmware v49.0.1 |
| CVE-2020-12364: (unk) drm/i915/guc: Update to use firmware v49.0.1 |
| CVE-2020-14304: (unk) |
| CVE-2020-15802: (unk) |
| CVE-2020-16120: (unk) ovl: switch to mounter creds in readdir |
| CVE-2020-24502: (unk) |
| CVE-2020-24503: (unk) |
| CVE-2020-24504: (unk) ice: create scheduler aggregator node config and move VSIs |
| CVE-2020-26140: (unk) |
| CVE-2020-26142: (unk) |
| CVE-2020-26143: (unk) |
| CVE-2020-26556: (unk) |
| CVE-2020-26557: (unk) |
| CVE-2020-26559: (unk) |
| CVE-2020-26560: (unk) |
| CVE-2020-27835: (unk) IB/hfi1: Ensure correct mm is used at all times |
| CVE-2020-29373: (unk) io_uring: grab ->fs as part of async preparation |
| CVE-2020-29534: (unk) io_uring: don't rely on weak ->files references |
| CVE-2020-35501: (unk) |
| CVE-2020-36310: (unk) KVM: SVM: avoid infinite loop on NPF from bad address |
| CVE-2020-36313: (unk) KVM: Fix out of range accesses to memslots |
| CVE-2020-36385: (unk) RDMA/ucma: Rework ucma_migrate_id() to avoid races with destroy |
| CVE-2020-36691: (unk) netlink: limit recursion depth in policy validation |
| CVE-2021-0399: (unk) |
| CVE-2021-0929: (unk) staging/android/ion: delete dma_buf->kmap/unmap implemenation |
| CVE-2021-20177: (unk) netfilter: add and use nf_hook_slow_list() |
| CVE-2021-20239: (unk) net: pass a sockptr_t into ->setsockopt |
| CVE-2021-26934: (unk) |
| CVE-2021-29155: (unk) bpf: Use correct permission flag for mixed signed bounds arithmetic |
| CVE-2021-32078: (unk) ARM: footbridge: remove personal server platform |
| CVE-2021-33061: (unk) ixgbe: add improvement for MDD response functionality |
| CVE-2021-3542: (unk) |
| CVE-2021-3669: (unk) ipc: replace costly bailout check in sysvipc_find_ipc() |
| CVE-2021-3714: (unk) |
| CVE-2021-3847: (unk) |
| CVE-2021-3864: (unk) |
| CVE-2021-3892: (unk) |
| CVE-2021-39800: (unk) |
| CVE-2021-39801: (unk) |
| CVE-2021-4023: (unk) io-wq: fix cancellation on create-worker failure |
| CVE-2021-4148: (unk) mm: khugepaged: skip huge page collapse for special files |
| CVE-2021-4150: (unk) block: fix incorrect references to disk objects |
| CVE-2021-4218: (unk) sysctl: pass kernel pointers to ->proc_handler |
| CVE-2022-0168: (unk) cifs: fix NULL ptr dereference in smb2_ioctl_query_info() |
| CVE-2022-0382: (unk) net ticp:fix a kernel-infoleak in __tipc_sendmsg() |
| CVE-2022-0400: (unk) |
| CVE-2022-0480: (unk) memcg: enable accounting for file lock caches |
| CVE-2022-1116: (unk) |
| CVE-2022-1247: (unk) |
| CVE-2022-1263: (unk) KVM: avoid NULL pointer dereference in kvm_dirty_ring_push |
| CVE-2022-1280: (unk) drm: avoid circular locks in drm_mode_getconnector |
| CVE-2022-1786: (unk) io_uring: remove io_identity |
| CVE-2022-1789: (unk) KVM: x86/mmu: fix NULL pointer dereference on guest INVPCID |
| CVE-2022-20148: (unk) f2fs: fix UAF in f2fs_available_free_memory |
| CVE-2022-20166: (unk) drivers core: Use sysfs_emit and sysfs_emit_at for show(device *...) functions |
| CVE-2022-20424: (unk) io_uring: remove io_identity |
| CVE-2022-2209: (unk) |
| CVE-2022-23222: (unk) bpf: Replace PTR_TO_XXX_OR_NULL with PTR_TO_XXX | PTR_MAYBE_NULL |
| CVE-2022-2327: (unk) io_uring: remove any grabbing of context |
| CVE-2022-23825: (unk) |
| CVE-2022-25265: (unk) |
| CVE-2022-27672: (unk) x86/speculation: Identify processors vulnerable to SMT RSB predictions |
| CVE-2022-2961: (unk) |
| CVE-2022-2991: (unk) remove the lightnvm subsystem |
| CVE-2022-3061: (unk) video: fbdev: i740fb: Error out if 'pixclock' equals zero |
| CVE-2022-3108: (unk) drm/amdkfd: Check for null pointer after calling kmemdup |
| CVE-2022-3176: (unk) io_uring: fix UAF due to missing POLLFREE handling |
| CVE-2022-3344: (unk) KVM: x86: nSVM: harden svm_free_nested against freeing vmcb02 while still in use |
| CVE-2022-3522: (unk) mm/hugetlb: use hugetlb_pte_stable in migration race check |
| CVE-2022-3523: (unk) mm/memory.c: fix race when faulting a device private page |
| CVE-2022-3533: (unk) |
| CVE-2022-3534: (unk) libbpf: Fix use-after-free in btf_dump_name_dups |
| CVE-2022-3566: (unk) tcp: Fix data races around icsk->icsk_af_ops. |
| CVE-2022-3567: (unk) ipv6: Fix data races around sk->sk_prot. |
| CVE-2022-3595: (unk) cifs: fix double-fault crash during ntlmssp |
| CVE-2022-3606: (unk) |
| CVE-2022-3624: (unk) bonding: fix reference count leak in balance-alb mode |
| CVE-2022-3636: (unk) net: ethernet: mtk_eth_soc: use after free in __mtk_ppe_check_skb() |
| CVE-2022-36402: (unk) drm/vmwgfx: Fix shader stage validation |
| CVE-2022-3642: (unk) |
| CVE-2022-38096: (unk) |
| CVE-2022-38457: (unk) drm/vmwgfx: Remove rcu locks from user resources |
| CVE-2022-3903: (unk) media: mceusb: Use new usb_control_msg_*() routines |
| CVE-2022-39188: (unk) mmu_gather: Force tlb-flush VM_PFNMAP vmas |
| CVE-2022-40133: (unk) drm/vmwgfx: Remove rcu locks from user resources |
| CVE-2022-41848: (unk) |
| CVE-2022-4269: (unk) act_mirred: use the backlog for nested calls to mirred ingress |
| CVE-2022-44032: (unk) char: pcmcia: remove all the drivers |
| CVE-2022-44033: (unk) char: pcmcia: remove all the drivers |
| CVE-2022-44034: (unk) char: pcmcia: remove all the drivers |
| CVE-2022-4543: (unk) |
| CVE-2022-45884: (unk) |
| CVE-2022-45885: (unk) |
| CVE-2022-47520: (unk) wifi: wilc1000: validate pairwise and authentication suite offsets |
| CVE-2022-47946: (unk) io_uring: kill sqo_dead and sqo submission halting |
| CVE-2023-0240: (unk) io_uring: COW io_identity on mismatch |
| CVE-2023-0386: (unk) ovl: fail on invalid uid/gid mapping at copy up |
| CVE-2023-0597: (unk) x86/mm: Randomize per-cpu entry area |
| CVE-2023-1075: (unk) net/tls: tls_is_tx_ready() checked list_entry |
| CVE-2023-1249: (unk) coredump: Use the vma snapshot in fill_files_note |
| CVE-2023-1281: (unk) net/sched: tcindex: update imperfect hash filters respecting rcu |
| CVE-2023-1476: (unk) |
| CVE-2023-1582: (unk) fs/proc: task_mmu.c: don't read mapcount for migration entry |
| CVE-2023-2007: (unk) scsi: dpt_i2o: Remove obsolete driver |
| CVE-2023-20588: (unk) x86/CPU/AMD: Do not leak quotient data after a division by 0 |
| CVE-2023-20928: (unk) android: binder: stop saving a pointer to the VMA |
| CVE-2023-20941: (unk) |
| CVE-2023-21400: (unk) |
| CVE-2023-2176: (unk) RDMA/core: Refactor rdma_bind_addr |
| CVE-2023-22995: (unk) usb: dwc3: dwc3-qcom: Add missing platform_device_put() in dwc3_qcom_acpi_register_core |
| CVE-2023-23000: (unk) phy: tegra: xusb: Fix return value of tegra_xusb_find_port_node function |
| CVE-2023-23004: (unk) malidp: Fix NULL vs IS_ERR() checking |
| CVE-2023-23039: (unk) |
| CVE-2023-26242: (unk) |
| CVE-2023-31081: (unk) |
| CVE-2023-31082: (unk) |
| CVE-2023-31083: (unk) Bluetooth: hci_ldisc: check HCI_UART_PROTO_READY flag in HCIUARTGETPROTO |
| CVE-2023-31084: (unk) media: dvb-core: Fix kernel WARNING for blocking operation in wait_event*() |
| CVE-2023-33288: (unk) power: supply: bq24190: Fix use after free bug in bq24190_remove due to race condition |
| CVE-2023-3389: (unk) io_uring: mutex locked poll hashing |
| CVE-2023-3397: (unk) |
| CVE-2023-3640: (unk) |
| CVE-2023-37454: (unk) |
| CVE-2023-39198: (unk) drm/qxl: fix UAF on handle creation |
| CVE-2023-4010: (unk) |
| CVE-2023-4133: (unk) cxgb4: fix use after free bugs caused by circular dependency problem |
| CVE-2023-4134: (unk) Input: cyttsp4_core - change del_timer_sync() to timer_shutdown_sync() |
| CVE-2023-4622: (unk) unix: Convert unix_stream_sendpage() to use MSG_SPLICE_PAGES |
| CVE-2023-47233: (unk) |
| CVE-2023-4881: (unk) netfilter: nftables: exthdr: fix 4-byte stack OOB write |
| CVE-2023-50431: (unk) accel/habanalabs: fix information leak in sec_attest_info() |
| CVE-2023-51779: (unk) Bluetooth: af_bluetooth: Fix Use-After-Free in bt_sock_recvmsg |
| CVE-2023-6270: (unk) |
| CVE-2023-6356: (unk) |
| CVE-2023-6535: (unk) |
| CVE-2023-6536: (unk) |
| CVE-2023-6546: (unk) tty: n_gsm: fix the UAF caused by race condition in gsm_cleanup_mux |
| CVE-2023-6560: (unk) io_uring: don't allow discontig pages for IORING_SETUP_NO_MMAP |
| CVE-2023-6610: (unk) smb: client: fix potential OOB in smb2_dump_detail() |
| CVE-2023-7042: (unk) |
| CVE-2024-0340: (unk) vhost: use kzalloc() instead of kmalloc() followed by memset() |
| CVE-2024-0564: (unk) |
| CVE-2024-0565: (unk) smb: client: fix OOB in receive_encrypted_standard() |
| CVE-2024-0607: (unk) netfilter: nf_tables: fix pointer math issue in nft_byteorder_eval() |
| CVE-2024-0841: (unk) |
| CVE-2024-1086: (unk) netfilter: nf_tables: reject QUEUE/DROP verdict parameters |
| CVE-2024-21803: (unk) |
| CVE-2024-22099: (unk) |
| CVE-2024-22705: (unk) ksmbd: fix slab-out-of-bounds in smb_strndup_from_utf16() |
| CVE-2024-23307: (unk) |
| CVE-2024-23848: (unk) |
| CVE-2024-23849: (unk) |
| CVE-2024-23851: (unk) |