data/6.1/6.1_security.txt - mirrors/github.com/nluedtke/linux_kernel_cves - Git at Google


 CVEs fixed in 6.1:
   CVE-2022-3643: ad7f402ae4f466647c3a669b8a6f3e5d4271c84a xen/netback: Ensure protocol headers don't fall in the non-linear area
   CVE-2022-42328: 74e7e1efdad45580cc3839f2a155174cf158f9b5 xen/netback: don't call kfree_skb() with interrupts disabled
   CVE-2022-42329: 74e7e1efdad45580cc3839f2a155174cf158f9b5 xen/netback: don't call kfree_skb() with interrupts disabled
   CVE-2022-4378: bce9332220bd677d83b19d21502776ad555a0e73 proc: proc_skip_spaces() shouldn't think it is working on C strings
   CVE-2022-45934: bcd70260ef56e0aee8a4fc6cd214a419900b0765 Bluetooth: L2CAP: Fix u8 overflow
   CVE-2023-2166: 0acc442309a0a1b01bcdaa135e56e6398a49439c can: af_can: fix NULL pointer dereference in can_rcv_filter
   CVE-2023-28327: b3abe42e94900bdd045c472f9c9be620ba5ce553 af_unix: Get user_ns from in_skb in unix_diag_get_exact().

 CVEs fixed in 6.1.2:
   CVE-2022-3424: 4e947fc71bec7c7da791f8562d5da233b235ba5e misc: sgi-gru: fix use-after-free error in gru_set_context_option, gru_fault and gru_handle_user_call_os
   CVE-2022-3531: 661e952bc9ef798d1d33ba67f2950a3e0bea455f selftest/bpf: Fix memory leak in kprobe_multi_test
   CVE-2022-3532: d7dc8fad67fab906530c50155b12cf6117e99299 selftests/bpf: Fix memory leak caused by not destroying skeleton
   CVE-2022-3534: fbe08093fb2334549859829ef81d42570812597d libbpf: Fix use-after-free in btf_dump_name_dups
   CVE-2023-22997: 7a779e84b3c451ce4713456a413d3300143747a7 module: Fix NULL vs IS_ERR checking for module_get_next_page
   CVE-2023-26606: f2e58e95273ce072ca95a2afa1f274825a1e1772 fs/ntfs3: Fix slab-out-of-bounds read in ntfs_trim_fs
   CVE-2023-28328: 6b60cf73a931af34b7a0a3f467a79d9fe0df2d70 media: dvb-usb: az6027: fix null-ptr-deref in az6027_i2c_xfer()

 CVEs fixed in 6.1.3:
   CVE-2022-4379: 650b69b17cfd79f51476d93c2c63bfb73280a77a NFSD: fix use-after-free in __nfs42_ssc_open()
   CVE-2022-48423: 2f041a19f4eb72bcc851f9e3a15f3cfd1ae1addf fs/ntfs3: Validate resident attribute name
   CVE-2022-48424: b343c40bb7ff9095430c3f31468a59f8a760dabd fs/ntfs3: Validate attribute name offset
   CVE-2023-26544: d34485d40b6a263d65bc476554299c42b2ec0187 fs/ntfs3: Fix slab-out-of-bounds read in run_unpack

 CVEs fixed in 6.1.4:
   CVE-2022-36280: 622d527decaac0eb65512acada935a0fdc1d0202 drm/vmwgfx: Validate the box size for the snooped cursor
   CVE-2022-41218: 530ca64b44625f7d39eb1d5efb6f9ff21da991e2 media: dvb-core: Fix UAF due to refcount races at releasing

 CVEs fixed in 6.1.5:
   CVE-2022-3707: 1022519da69d99d455c58ca181a6c499c562c70e drm/i915/gvt: fix double free bug in split_2MB_gtt_entry
   CVE-2023-0045: e8377f0456fb6738a4668d4df16c13d7599925fd x86/bugs: Flush IBP in ib_prctl_set()
   CVE-2023-0210: 5e7d97dbae25ab4cb0ac1b1b98aebc4915689a86 ksmbd: check nt_len to be at least CIFS_ENCPWD_SIZE in ksmbd_decode_ntlmssp_auth_blob
   CVE-2023-0461: 7d242f4a0c8319821548c7176c09a6e0e71f223c net/ulp: prevent ULP without clone op from entering the LISTEN status
   CVE-2023-23454: dc46e39b727fddc5aacc0272ef83ee872d51be16 net: sched: cbq: dont intepret cls results when asked to drop
   CVE-2023-23455: 85655c63877aeafdc23226510ea268a9fa0af807 net: sched: atm: dont intepret cls results when asked to drop

 CVEs fixed in 6.1.6:
   CVE-2022-47929: e8988e878af693ac13b0fa80ba2e72d22d68f2dd net: sched: disallow noqueue for qdisc classes
   CVE-2023-0266: d6ad4bd1d896ae1daffd7628cd50f124280fb8b1 ALSA: pcm: Move rwsem lock inside snd_ctl_elem_read to prevent UAF

 CVEs fixed in 6.1.7:
   CVE-2022-38457: 7ac9578e45b20e3f3c0c8eb71f5417a499a7226a drm/vmwgfx: Remove rcu locks from user resources
   CVE-2022-40133: 7ac9578e45b20e3f3c0c8eb71f5417a499a7226a drm/vmwgfx: Remove rcu locks from user resources
   CVE-2023-0179: 76ef74d4a379faa451003621a84e3498044e7aa3 netfilter: nft_payload: incorrect arithmetics when fetching VLAN header bits
   CVE-2023-0394: 0afa5f0736584411771299074bbeca8c1f9706d4 ipv6: raw: Deduct extension header length in rawv6_push_pending_frames

 CVEs fixed in 6.1.8:
   CVE-2022-4382: 616fd34d017000ecf9097368b13d8a266f4920b3 USB: gadgetfs: Fix race between mounting and unmounting
   CVE-2022-4842: ff3b1a624380c14b81f4e51c48e404a45f047aab fs/ntfs3: Fix attr_punch_hole() null pointer derenference
   CVE-2023-0458: 91185568c99d60534bacf38439846103962d1e2c prlimit: do_prlimit needs to have a speculation check
   CVE-2023-21102: 72b0e5faa5149f09c6a7a74e4012f29e33509bab efi: rt-wrapper: Add missing include

 CVEs fixed in 6.1.9:
   CVE-2023-0386: 42fea1c35254c49cce07c600d026cbc00c6d3c81 ovl: fail on invalid uid/gid mapping at copy up
   CVE-2023-1073: cdcdc0531a51659527fea4b4d064af343452062d HID: check empty report_list in hid_validate_values()
   CVE-2023-1074: 9f08bb650078dca24a13fea1c375358ed6292df3 sctp: fail if no bound addresses can be used for a given scope
   CVE-2023-1652: 32d5eb95f8f0e362e37c393310b13b9e95404560 NFSD: fix use-after-free in nfsd4_ssc_setup_dul()
   CVE-2023-21106: 8103d53f25ec7b9aa99c134642c6e840e896be71 drm/msm/gpu: Fix potential double-free
   CVE-2023-23559: 7794efa358bca8b8a2a80070c6e088a74945f018 wifi: rndis_wlan: Prevent buffer overflow in rndis_query_oid

 CVEs fixed in 6.1.11:
   CVE-2023-1075: 37c0cdf7e4919e5f76381ac60817b67bcbdacb50 net/tls: tls_is_tx_ready() checked list_entry
   CVE-2023-2162: 61e43ebfd243bcbad11be26bd921723027b77441 scsi: iscsi_tcp: Fix UAF during login when accessing the shost ipaddress
   CVE-2023-32269: 5c2227f3f17782d5262ee0979ad30609b3e01f6e netrom: Fix use-after-free caused by accept on already connected socket

 CVEs fixed in 6.1.12:
   CVE-2022-27672: cc95b5d240b631e42e2863e1dcb6ad83920cc449 x86/speculation: Identify processors vulnerable to SMT RSB predictions
   CVE-2023-1078: 1d52bbfd469af69fbcae88c67f160ce1b968e7f3 rds: rds_rm_zerocopy_callback() use list_first_entry()

 CVEs fixed in 6.1.13:
   CVE-2023-1281: bd662ba56187b5ef8a62a3511371cd38299a507f net/sched: tcindex: update imperfect hash filters respecting rcu
   CVE-2023-1513: 747ca7c8a0c7bce004709143d1cd6596b79b1deb kvm: initialize all of the kvm_debugregs structure before sending it to userspace
   CVE-2023-26545: c376227845eef8f2e62e2c29c3cf2140d35dd8e8 net: mpls: fix stale pointer if allocation fails during device rename

 CVEs fixed in 6.1.14:
   CVE-2022-2196: 63fada296062e91ad9f871970d4e7f19e21a6a15 KVM: VMX: Execute IBPB on emulated VM-exit when guest has IBRS
   CVE-2023-0459: 684db631a15779c8f3b2235d507efdfe6bb10278 uaccess: Add speculation barrier to copy_from_user()

 CVEs fixed in 6.1.16:
   CVE-2023-1032: 7c7570791b15c3b78e3229ae97825e7eb869c7da net: avoid double iput when sock_alloc_file fails
   CVE-2023-1076: b4ada752eaf1341f47bfa3d8ada377eca75a8d44 tun: tun_chr_open(): correctly initialize socket uid
   CVE-2023-1077: 6b4fcc4e8a3016e85766c161daf0732fca16c3a3 sched/rt: pick_next_rt_entity(): check list_entry
   CVE-2023-1079: ee907829b36949c452c6f89485cb2a58e97c048e HID: asus: use spinlock to safely schedule workers
   CVE-2023-1118: 029c1410e345ce579db5c007276340d072aac54a media: rc: Fix use-after-free bugs caused by ene_tx_irqsim()
   CVE-2023-1998: 08d87c87d6461d16827c9b88d84c48c26b6c994a x86/speculation: Allow enabling STIBP with legacy IBRS
   CVE-2023-25012: f2bf592ebd5077661e00aa11e12e054c4c8f6dd0 HID: bigben: use spinlock to safely schedule workers

 CVEs fixed in 6.1.18:
   CVE-2023-1829: 3abebc503a5148072052c229c6b04b329a420ecd net/sched: Retire tcindex classifier

 CVEs fixed in 6.1.20:
   CVE-2023-28466: 14c17c673e1bba08032d245d5fb025d1cbfee123 net: tls: fix possible race condition between do_tls_getsockopt_conf() and do_tls_setsockopt_conf()

 CVEs fixed in 6.1.21:
   CVE-2023-1855: b2ae1f15cd6fe0cb36e432a179ae7d479ae2e6e0 hwmon: (xgene) Fix use after free bug in xgene_hwmon_remove due to race condition
   CVE-2023-1990: 5e331022b448fbc5e76f24349cd0246844dcad25 nfc: st-nci: Fix use after free bug in ndlc_remove due to race condition
   CVE-2023-2235: 529546ea2834ce58aa075837d57918740accf713 perf: Fix check before add_event_to_groups() in perf_group_detach()
   CVE-2023-30456: 4bba9c8adec804f03d12dc762e50d083ee88b6b0 KVM: nVMX: add missing consistency checks for CR0 and CR4

 CVEs fixed in 6.1.22:
   CVE-2022-4269: 4c8fc3fe28e47e2a495444347375f7354c24b018 act_mirred: use the backlog for nested calls to mirred ingress
   CVE-2023-1583: 7b100a45dc19ffd708f364ba66601efaca1ccf56 io_uring/rsrc: fix null-ptr-deref in io_file_bitmap_get()
   CVE-2023-1670: 9d882229d365f68f74028252261ab14a8de7faed xirc2ps_cs: Fix use after free bug in xirc2ps_detach
   CVE-2023-1989: cbf8deacb7053ce3e3fed64b277c6c6989e65bba Bluetooth: btsdio: fix use after free bug in btsdio_remove due to unfinished work
   CVE-2023-2194: 7c64e839585eac8048bf67b1c6dcb7a5ca189a2e i2c: xgene-slimpro: Fix out-of-bounds bug in xgene_slimpro_i2c_xfer()
   CVE-2023-2483: 5fc2c4e311a9341a2b0e044ab5f33afa37b56226 net: qcom/emac: Fix use after free bug in emac_remove due to race condition
   CVE-2023-28866: b3168abd24245aa0775c5a387dcf94d36ca7e738 Bluetooth: HCI: Fix global-out-of-bounds
   CVE-2023-30772: 47b2e1a67e6da172bb4cf69ef9dafde4458bde5f power: supply: da9150: Fix use after free bug in da9150_charger_remove due to race condition
   CVE-2023-33203: 5fc2c4e311a9341a2b0e044ab5f33afa37b56226 net: qcom/emac: Fix use after free bug in emac_remove due to race condition

 CVEs fixed in 6.1.23:
   CVE-2023-1611: a38ff2024805a30d9b96f52557c6ea0bbc31252a btrfs: fix race between quota disable and quota assign ioctls

 CVEs fixed in 6.1.25:
   CVE-2023-1859: c4002b9d5e837f152a40d1333c56ccb84975147b 9p/xen : Fix use after free bug in xen_9pfs_front_remove due to race condition

 CVEs fixed in 6.1.26:
   CVE-2023-2248: ce729b06dc33b01f8a6ac84da5ef54154326bf7e net: sched: sch_qfq: prevent slab-out-of-bounds in qfq_activate_agg
   CVE-2023-31436: ce729b06dc33b01f8a6ac84da5ef54154326bf7e net: sched: sch_qfq: prevent slab-out-of-bounds in qfq_activate_agg

 CVEs fixed in 6.1.27:
   CVE-2023-1380: e29661611e6e71027159a3140e818ef3b99f32dd wifi: brcmfmac: slab-out-of-bounds read in brcmf_get_assoc_ies()
   CVE-2023-2002: 47e6893a5b0ad14c0b1c25983a1facb1cf667b6e bluetooth: Perform careful capability checks in hci_sock_ioctl()

 CVEs fixed in 6.1.28:
   CVE-2023-2269: 9a94ebc74c3540aba5aa2c7b05032da4610a08c9 dm ioctl: fix nested locking in table_clear() to remove deadlock concern
   CVE-2023-32233: 4507918cd1f8b80f21a396fa0531d53e372bed66 netfilter: nf_tables: deactivate anonymous set from preparation phase

 Outstanding CVEs:
   CVE-2005-3660: (unk)
   CVE-2007-3719: (unk)
   CVE-2008-2544: (unk)
   CVE-2008-4609: (unk)
   CVE-2010-4563: (unk)
   CVE-2010-5321: (unk)
   CVE-2011-4916: (unk)
   CVE-2011-4917: (unk)
   CVE-2012-4542: (unk)
   CVE-2013-7445: (unk)
   CVE-2015-2877: (unk)
   CVE-2016-8660: (unk)
   CVE-2017-13693: (unk)
   CVE-2017-13694: (unk)
   CVE-2018-1121: (unk)
   CVE-2018-12928: (unk)
   CVE-2018-12929: (unk)
   CVE-2018-12930: (unk)
   CVE-2018-12931: (unk)
   CVE-2018-17977: (unk)
   CVE-2019-12456: (unk)
   CVE-2019-15239: (unk) unknown
   CVE-2019-15290: (unk)
   CVE-2019-15902: (unk) unknown
   CVE-2019-16089: (unk)
   CVE-2019-19378: (unk)
   CVE-2019-19814: (unk)
   CVE-2019-20794: (unk)
   CVE-2020-0347: (unk)
   CVE-2020-10708: (unk)
   CVE-2020-11725: (unk)
   CVE-2020-14304: (unk)
   CVE-2020-15802: (unk)
   CVE-2020-24502: (unk)
   CVE-2020-24503: (unk)
   CVE-2020-25220: (unk)
   CVE-2020-26140: (unk)
   CVE-2020-26142: (unk)
   CVE-2020-26143: (unk)
   CVE-2020-26556: (unk)
   CVE-2020-26557: (unk)
   CVE-2020-26559: (unk)
   CVE-2020-26560: (unk)
   CVE-2020-35501: (unk)
   CVE-2021-0399: (unk)
   CVE-2021-26934: (unk)
   CVE-2021-3542: (unk)
   CVE-2021-3714: (unk)
   CVE-2021-3847: (unk)
   CVE-2021-3864: (unk)
   CVE-2021-3892: (unk)
   CVE-2021-39800: (unk)
   CVE-2021-39801: (unk)
   CVE-2022-0400: (unk)
   CVE-2022-1116: (unk)
   CVE-2022-1247: (unk)
   CVE-2022-2209: (unk)
   CVE-2022-23825: (unk)
   CVE-2022-25265: (unk)
   CVE-2022-26878: (unk)
   CVE-2022-2961: (unk)
   CVE-2022-3238: (unk)
   CVE-2022-3544: (unk)
   CVE-2022-36402: (unk)
   CVE-2022-3642: (unk)
   CVE-2022-38096: (unk)
   CVE-2022-41848: (unk)
   CVE-2022-44032: (unk)
   CVE-2022-44033: (unk)
   CVE-2022-44034: (unk)
   CVE-2022-4543: (unk)
   CVE-2022-45884: (unk)
   CVE-2022-45885: (unk)
   CVE-2022-45886: (unk)
   CVE-2022-45887: (unk)
   CVE-2022-45888: (unk) char: xillybus: Prevent use-after-free due to race condition
   CVE-2022-45919: (unk)
   CVE-2022-48425: (unk) fs/ntfs3: Validate MFT flags before replaying logs
   CVE-2023-0160: (unk)
   CVE-2023-0597: (unk) x86/mm: Randomize per-cpu entry area
   CVE-2023-0615: (unk)
   CVE-2023-1192: (unk)
   CVE-2023-1193: (unk)
   CVE-2023-1194: (unk)
   CVE-2023-20941: (unk)
   CVE-2023-2124: (unk) xfs: verify buffer contents when we skip log replay
   CVE-2023-2156: (unk)
   CVE-2023-2176: (unk) RDMA/core: Refactor rdma_bind_addr
   CVE-2023-23005: (unk) mm/demotion: fix NULL vs IS_ERR checking in memory_tier_init
   CVE-2023-23039: (unk)
   CVE-2023-2430: (unk) io_uring/msg_ring: fix missing lock on overflow for IOPOLL
   CVE-2023-26242: (unk)
   CVE-2023-28410: (unk)
   CVE-2023-31081: (unk)
   CVE-2023-31082: (unk)
   CVE-2023-31083: (unk)
   CVE-2023-31084: (unk)
   CVE-2023-31085: (unk)

	CVEs fixed in 6.1:
	CVE-2022-3643: ad7f402ae4f466647c3a669b8a6f3e5d4271c84a xen/netback: Ensure protocol headers don't fall in the non-linear area
	CVE-2022-42328: 74e7e1efdad45580cc3839f2a155174cf158f9b5 xen/netback: don't call kfree_skb() with interrupts disabled
	CVE-2022-42329: 74e7e1efdad45580cc3839f2a155174cf158f9b5 xen/netback: don't call kfree_skb() with interrupts disabled
	CVE-2022-4378: bce9332220bd677d83b19d21502776ad555a0e73 proc: proc_skip_spaces() shouldn't think it is working on C strings
	CVE-2022-45934: bcd70260ef56e0aee8a4fc6cd214a419900b0765 Bluetooth: L2CAP: Fix u8 overflow
	CVE-2023-2166: 0acc442309a0a1b01bcdaa135e56e6398a49439c can: af_can: fix NULL pointer dereference in can_rcv_filter
	CVE-2023-28327: b3abe42e94900bdd045c472f9c9be620ba5ce553 af_unix: Get user_ns from in_skb in unix_diag_get_exact().

	CVEs fixed in 6.1.2:
	CVE-2022-3424: 4e947fc71bec7c7da791f8562d5da233b235ba5e misc: sgi-gru: fix use-after-free error in gru_set_context_option, gru_fault and gru_handle_user_call_os
	CVE-2022-3531: 661e952bc9ef798d1d33ba67f2950a3e0bea455f selftest/bpf: Fix memory leak in kprobe_multi_test
	CVE-2022-3532: d7dc8fad67fab906530c50155b12cf6117e99299 selftests/bpf: Fix memory leak caused by not destroying skeleton
	CVE-2022-3534: fbe08093fb2334549859829ef81d42570812597d libbpf: Fix use-after-free in btf_dump_name_dups
	CVE-2023-22997: 7a779e84b3c451ce4713456a413d3300143747a7 module: Fix NULL vs IS_ERR checking for module_get_next_page
	CVE-2023-26606: f2e58e95273ce072ca95a2afa1f274825a1e1772 fs/ntfs3: Fix slab-out-of-bounds read in ntfs_trim_fs
	CVE-2023-28328: 6b60cf73a931af34b7a0a3f467a79d9fe0df2d70 media: dvb-usb: az6027: fix null-ptr-deref in az6027_i2c_xfer()

	CVEs fixed in 6.1.3:
	CVE-2022-4379: 650b69b17cfd79f51476d93c2c63bfb73280a77a NFSD: fix use-after-free in __nfs42_ssc_open()
	CVE-2022-48423: 2f041a19f4eb72bcc851f9e3a15f3cfd1ae1addf fs/ntfs3: Validate resident attribute name
	CVE-2022-48424: b343c40bb7ff9095430c3f31468a59f8a760dabd fs/ntfs3: Validate attribute name offset
	CVE-2023-26544: d34485d40b6a263d65bc476554299c42b2ec0187 fs/ntfs3: Fix slab-out-of-bounds read in run_unpack

	CVEs fixed in 6.1.4:
	CVE-2022-36280: 622d527decaac0eb65512acada935a0fdc1d0202 drm/vmwgfx: Validate the box size for the snooped cursor
	CVE-2022-41218: 530ca64b44625f7d39eb1d5efb6f9ff21da991e2 media: dvb-core: Fix UAF due to refcount races at releasing

	CVEs fixed in 6.1.5:
	CVE-2022-3707: 1022519da69d99d455c58ca181a6c499c562c70e drm/i915/gvt: fix double free bug in split_2MB_gtt_entry
	CVE-2023-0045: e8377f0456fb6738a4668d4df16c13d7599925fd x86/bugs: Flush IBP in ib_prctl_set()
	CVE-2023-0210: 5e7d97dbae25ab4cb0ac1b1b98aebc4915689a86 ksmbd: check nt_len to be at least CIFS_ENCPWD_SIZE in ksmbd_decode_ntlmssp_auth_blob
	CVE-2023-0461: 7d242f4a0c8319821548c7176c09a6e0e71f223c net/ulp: prevent ULP without clone op from entering the LISTEN status
	CVE-2023-23454: dc46e39b727fddc5aacc0272ef83ee872d51be16 net: sched: cbq: dont intepret cls results when asked to drop
	CVE-2023-23455: 85655c63877aeafdc23226510ea268a9fa0af807 net: sched: atm: dont intepret cls results when asked to drop

	CVEs fixed in 6.1.6:
	CVE-2022-47929: e8988e878af693ac13b0fa80ba2e72d22d68f2dd net: sched: disallow noqueue for qdisc classes
	CVE-2023-0266: d6ad4bd1d896ae1daffd7628cd50f124280fb8b1 ALSA: pcm: Move rwsem lock inside snd_ctl_elem_read to prevent UAF

	CVEs fixed in 6.1.7:
	CVE-2022-38457: 7ac9578e45b20e3f3c0c8eb71f5417a499a7226a drm/vmwgfx: Remove rcu locks from user resources
	CVE-2022-40133: 7ac9578e45b20e3f3c0c8eb71f5417a499a7226a drm/vmwgfx: Remove rcu locks from user resources
	CVE-2023-0179: 76ef74d4a379faa451003621a84e3498044e7aa3 netfilter: nft_payload: incorrect arithmetics when fetching VLAN header bits
	CVE-2023-0394: 0afa5f0736584411771299074bbeca8c1f9706d4 ipv6: raw: Deduct extension header length in rawv6_push_pending_frames

	CVEs fixed in 6.1.8:
	CVE-2022-4382: 616fd34d017000ecf9097368b13d8a266f4920b3 USB: gadgetfs: Fix race between mounting and unmounting
	CVE-2022-4842: ff3b1a624380c14b81f4e51c48e404a45f047aab fs/ntfs3: Fix attr_punch_hole() null pointer derenference
	CVE-2023-0458: 91185568c99d60534bacf38439846103962d1e2c prlimit: do_prlimit needs to have a speculation check
	CVE-2023-21102: 72b0e5faa5149f09c6a7a74e4012f29e33509bab efi: rt-wrapper: Add missing include

	CVEs fixed in 6.1.9:
	CVE-2023-0386: 42fea1c35254c49cce07c600d026cbc00c6d3c81 ovl: fail on invalid uid/gid mapping at copy up
	CVE-2023-1073: cdcdc0531a51659527fea4b4d064af343452062d HID: check empty report_list in hid_validate_values()
	CVE-2023-1074: 9f08bb650078dca24a13fea1c375358ed6292df3 sctp: fail if no bound addresses can be used for a given scope
	CVE-2023-1652: 32d5eb95f8f0e362e37c393310b13b9e95404560 NFSD: fix use-after-free in nfsd4_ssc_setup_dul()
	CVE-2023-21106: 8103d53f25ec7b9aa99c134642c6e840e896be71 drm/msm/gpu: Fix potential double-free
	CVE-2023-23559: 7794efa358bca8b8a2a80070c6e088a74945f018 wifi: rndis_wlan: Prevent buffer overflow in rndis_query_oid

	CVEs fixed in 6.1.11:
	CVE-2023-1075: 37c0cdf7e4919e5f76381ac60817b67bcbdacb50 net/tls: tls_is_tx_ready() checked list_entry
	CVE-2023-2162: 61e43ebfd243bcbad11be26bd921723027b77441 scsi: iscsi_tcp: Fix UAF during login when accessing the shost ipaddress
	CVE-2023-32269: 5c2227f3f17782d5262ee0979ad30609b3e01f6e netrom: Fix use-after-free caused by accept on already connected socket

	CVEs fixed in 6.1.12:
	CVE-2022-27672: cc95b5d240b631e42e2863e1dcb6ad83920cc449 x86/speculation: Identify processors vulnerable to SMT RSB predictions
	CVE-2023-1078: 1d52bbfd469af69fbcae88c67f160ce1b968e7f3 rds: rds_rm_zerocopy_callback() use list_first_entry()

	CVEs fixed in 6.1.13:
	CVE-2023-1281: bd662ba56187b5ef8a62a3511371cd38299a507f net/sched: tcindex: update imperfect hash filters respecting rcu
	CVE-2023-1513: 747ca7c8a0c7bce004709143d1cd6596b79b1deb kvm: initialize all of the kvm_debugregs structure before sending it to userspace
	CVE-2023-26545: c376227845eef8f2e62e2c29c3cf2140d35dd8e8 net: mpls: fix stale pointer if allocation fails during device rename

	CVEs fixed in 6.1.14:
	CVE-2022-2196: 63fada296062e91ad9f871970d4e7f19e21a6a15 KVM: VMX: Execute IBPB on emulated VM-exit when guest has IBRS
	CVE-2023-0459: 684db631a15779c8f3b2235d507efdfe6bb10278 uaccess: Add speculation barrier to copy_from_user()

	CVEs fixed in 6.1.16:
	CVE-2023-1032: 7c7570791b15c3b78e3229ae97825e7eb869c7da net: avoid double iput when sock_alloc_file fails
	CVE-2023-1076: b4ada752eaf1341f47bfa3d8ada377eca75a8d44 tun: tun_chr_open(): correctly initialize socket uid
	CVE-2023-1077: 6b4fcc4e8a3016e85766c161daf0732fca16c3a3 sched/rt: pick_next_rt_entity(): check list_entry
	CVE-2023-1079: ee907829b36949c452c6f89485cb2a58e97c048e HID: asus: use spinlock to safely schedule workers
	CVE-2023-1118: 029c1410e345ce579db5c007276340d072aac54a media: rc: Fix use-after-free bugs caused by ene_tx_irqsim()
	CVE-2023-1998: 08d87c87d6461d16827c9b88d84c48c26b6c994a x86/speculation: Allow enabling STIBP with legacy IBRS
	CVE-2023-25012: f2bf592ebd5077661e00aa11e12e054c4c8f6dd0 HID: bigben: use spinlock to safely schedule workers

	CVEs fixed in 6.1.18:
	CVE-2023-1829: 3abebc503a5148072052c229c6b04b329a420ecd net/sched: Retire tcindex classifier

	CVEs fixed in 6.1.20:
	CVE-2023-28466: 14c17c673e1bba08032d245d5fb025d1cbfee123 net: tls: fix possible race condition between do_tls_getsockopt_conf() and do_tls_setsockopt_conf()

	CVEs fixed in 6.1.21:
	CVE-2023-1855: b2ae1f15cd6fe0cb36e432a179ae7d479ae2e6e0 hwmon: (xgene) Fix use after free bug in xgene_hwmon_remove due to race condition
	CVE-2023-1990: 5e331022b448fbc5e76f24349cd0246844dcad25 nfc: st-nci: Fix use after free bug in ndlc_remove due to race condition
	CVE-2023-2235: 529546ea2834ce58aa075837d57918740accf713 perf: Fix check before add_event_to_groups() in perf_group_detach()
	CVE-2023-30456: 4bba9c8adec804f03d12dc762e50d083ee88b6b0 KVM: nVMX: add missing consistency checks for CR0 and CR4

	CVEs fixed in 6.1.22:
	CVE-2022-4269: 4c8fc3fe28e47e2a495444347375f7354c24b018 act_mirred: use the backlog for nested calls to mirred ingress
	CVE-2023-1583: 7b100a45dc19ffd708f364ba66601efaca1ccf56 io_uring/rsrc: fix null-ptr-deref in io_file_bitmap_get()
	CVE-2023-1670: 9d882229d365f68f74028252261ab14a8de7faed xirc2ps_cs: Fix use after free bug in xirc2ps_detach
	CVE-2023-1989: cbf8deacb7053ce3e3fed64b277c6c6989e65bba Bluetooth: btsdio: fix use after free bug in btsdio_remove due to unfinished work
	CVE-2023-2194: 7c64e839585eac8048bf67b1c6dcb7a5ca189a2e i2c: xgene-slimpro: Fix out-of-bounds bug in xgene_slimpro_i2c_xfer()
	CVE-2023-2483: 5fc2c4e311a9341a2b0e044ab5f33afa37b56226 net: qcom/emac: Fix use after free bug in emac_remove due to race condition
	CVE-2023-28866: b3168abd24245aa0775c5a387dcf94d36ca7e738 Bluetooth: HCI: Fix global-out-of-bounds
	CVE-2023-30772: 47b2e1a67e6da172bb4cf69ef9dafde4458bde5f power: supply: da9150: Fix use after free bug in da9150_charger_remove due to race condition
	CVE-2023-33203: 5fc2c4e311a9341a2b0e044ab5f33afa37b56226 net: qcom/emac: Fix use after free bug in emac_remove due to race condition

	CVEs fixed in 6.1.23:
	CVE-2023-1611: a38ff2024805a30d9b96f52557c6ea0bbc31252a btrfs: fix race between quota disable and quota assign ioctls

	CVEs fixed in 6.1.25:
	CVE-2023-1859: c4002b9d5e837f152a40d1333c56ccb84975147b 9p/xen : Fix use after free bug in xen_9pfs_front_remove due to race condition

	CVEs fixed in 6.1.26:
	CVE-2023-2248: ce729b06dc33b01f8a6ac84da5ef54154326bf7e net: sched: sch_qfq: prevent slab-out-of-bounds in qfq_activate_agg
	CVE-2023-31436: ce729b06dc33b01f8a6ac84da5ef54154326bf7e net: sched: sch_qfq: prevent slab-out-of-bounds in qfq_activate_agg

	CVEs fixed in 6.1.27:
	CVE-2023-1380: e29661611e6e71027159a3140e818ef3b99f32dd wifi: brcmfmac: slab-out-of-bounds read in brcmf_get_assoc_ies()
	CVE-2023-2002: 47e6893a5b0ad14c0b1c25983a1facb1cf667b6e bluetooth: Perform careful capability checks in hci_sock_ioctl()

	CVEs fixed in 6.1.28:
	CVE-2023-2269: 9a94ebc74c3540aba5aa2c7b05032da4610a08c9 dm ioctl: fix nested locking in table_clear() to remove deadlock concern
	CVE-2023-32233: 4507918cd1f8b80f21a396fa0531d53e372bed66 netfilter: nf_tables: deactivate anonymous set from preparation phase

	Outstanding CVEs:
	CVE-2005-3660: (unk)
	CVE-2007-3719: (unk)
	CVE-2008-2544: (unk)
	CVE-2008-4609: (unk)
	CVE-2010-4563: (unk)
	CVE-2010-5321: (unk)
	CVE-2011-4916: (unk)
	CVE-2011-4917: (unk)
	CVE-2012-4542: (unk)
	CVE-2013-7445: (unk)
	CVE-2015-2877: (unk)
	CVE-2016-8660: (unk)
	CVE-2017-13693: (unk)
	CVE-2017-13694: (unk)
	CVE-2018-1121: (unk)
	CVE-2018-12928: (unk)
	CVE-2018-12929: (unk)
	CVE-2018-12930: (unk)
	CVE-2018-12931: (unk)
	CVE-2018-17977: (unk)
	CVE-2019-12456: (unk)
	CVE-2019-15239: (unk) unknown
	CVE-2019-15290: (unk)
	CVE-2019-15902: (unk) unknown
	CVE-2019-16089: (unk)
	CVE-2019-19378: (unk)
	CVE-2019-19814: (unk)
	CVE-2019-20794: (unk)
	CVE-2020-0347: (unk)
	CVE-2020-10708: (unk)
	CVE-2020-11725: (unk)
	CVE-2020-14304: (unk)
	CVE-2020-15802: (unk)
	CVE-2020-24502: (unk)
	CVE-2020-24503: (unk)
	CVE-2020-25220: (unk)
	CVE-2020-26140: (unk)
	CVE-2020-26142: (unk)
	CVE-2020-26143: (unk)
	CVE-2020-26556: (unk)
	CVE-2020-26557: (unk)
	CVE-2020-26559: (unk)
	CVE-2020-26560: (unk)
	CVE-2020-35501: (unk)
	CVE-2021-0399: (unk)
	CVE-2021-26934: (unk)
	CVE-2021-3542: (unk)
	CVE-2021-3714: (unk)
	CVE-2021-3847: (unk)
	CVE-2021-3864: (unk)
	CVE-2021-3892: (unk)
	CVE-2021-39800: (unk)
	CVE-2021-39801: (unk)
	CVE-2022-0400: (unk)
	CVE-2022-1116: (unk)
	CVE-2022-1247: (unk)
	CVE-2022-2209: (unk)
	CVE-2022-23825: (unk)
	CVE-2022-25265: (unk)
	CVE-2022-26878: (unk)
	CVE-2022-2961: (unk)
	CVE-2022-3238: (unk)
	CVE-2022-3544: (unk)
	CVE-2022-36402: (unk)
	CVE-2022-3642: (unk)
	CVE-2022-38096: (unk)
	CVE-2022-41848: (unk)
	CVE-2022-44032: (unk)
	CVE-2022-44033: (unk)
	CVE-2022-44034: (unk)
	CVE-2022-4543: (unk)
	CVE-2022-45884: (unk)
	CVE-2022-45885: (unk)
	CVE-2022-45886: (unk)
	CVE-2022-45887: (unk)
	CVE-2022-45888: (unk) char: xillybus: Prevent use-after-free due to race condition
	CVE-2022-45919: (unk)
	CVE-2022-48425: (unk) fs/ntfs3: Validate MFT flags before replaying logs
	CVE-2023-0160: (unk)
	CVE-2023-0597: (unk) x86/mm: Randomize per-cpu entry area
	CVE-2023-0615: (unk)
	CVE-2023-1192: (unk)
	CVE-2023-1193: (unk)
	CVE-2023-1194: (unk)
	CVE-2023-20941: (unk)
	CVE-2023-2124: (unk) xfs: verify buffer contents when we skip log replay
	CVE-2023-2156: (unk)
	CVE-2023-2176: (unk) RDMA/core: Refactor rdma_bind_addr
	CVE-2023-23005: (unk) mm/demotion: fix NULL vs IS_ERR checking in memory_tier_init
	CVE-2023-23039: (unk)
	CVE-2023-2430: (unk) io_uring/msg_ring: fix missing lock on overflow for IOPOLL
	CVE-2023-26242: (unk)
	CVE-2023-28410: (unk)
	CVE-2023-31081: (unk)
	CVE-2023-31082: (unk)
	CVE-2023-31083: (unk)
	CVE-2023-31084: (unk)
	CVE-2023-31085: (unk)