diff options
author | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2024-02-19 21:59:07 +0100 |
---|---|---|
committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2024-02-19 21:59:07 +0100 |
commit | 26d70f7e02333fd89e700b84da93bfd342990468 (patch) | |
tree | e72ade578731a7e2d929df94f3d892ba7dd4ebdb | |
parent | cb74b041d04d4a9e5d655069e64114d2be215226 (diff) | |
download | vulns-26d70f7e02333fd89e700b84da93bfd342990468.tar.gz |
add initial 6.7 proposed changes to review
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-rw-r--r-- | cve/review/6.7.proposed | 205 |
1 files changed, 205 insertions, 0 deletions
diff --git a/cve/review/6.7.proposed b/cve/review/6.7.proposed new file mode 100644 index 00000000..016eeefb --- /dev/null +++ b/cve/review/6.7.proposed @@ -0,0 +1,205 @@ +560ea72c76eb drm/i915/dp_mst: Fix race between connector registration and setup +a11d965a218f wifi: rt2x00: restart beacon queue when hardware reset +5f99f312bd3b bpf: add register bounds sanity checks and sanitization +d872ca165cb6 crypto: rsa - add a check for allocation failure +3171e46d677a PCI: Avoid potential out-of-bounds read in pci_dev_for_each_resource() +9862ec7ac1cb FS:JFS:UBSAN:array-index-out-of-bounds in dbAdjTree +27e56f59bab5 UBSAN: array-index-out-of-bounds in dtSplitRoot +fa5492ee8946 jfs: fix slab-out-of-bounds Read in dtSearch +74ecdda68242 jfs: fix array-index-out-of-bounds in dbAdjTree +e0e1958f4c36 jfs: fix uaf in jfs_evict_inode +cca974daeb6c jfs: fix shift-out-of-bounds in dbJoin +aeb686a98a9e usb: gadget: uvc: Allocate uvc_requests one at a time +da324ffce34c usb: gadget: uvc: Fix use-after-free for inflight usb_requests +ded85b0c0edd media: pvrusb2: fix use after free on context disconnection +d8212c5c87c1 media: mtk-jpeg: Remove cancel worker in mtk_jpeg_remove to avoid the crash of multi-core JPEG devices +206c857dd17d media: mtk-jpeg: Fix use after free bug due to error path handling in mtk_jpeg_dec_device_run +475c58e1a471 EDAC/thunderx: Fix possible out-of-bounds string access +ad90d0358bd3 serial: 8250: omap: Don't skip resource freeing if pm_runtime_resume_and_get() failed +5bfa0e45e9e7 x86/cpu/intel_epb: Don't rely on link order +2bbe6ab2be53 drm/sched: Fix bounds limiting when given a malformed entity +49db9b1b86a8 reiserfs: Avoid touching renamed directory if parent does not change +9d618d19b29c ocfs2: Avoid touching renamed directory if parent does not change +a8b0026847b8 rename(): avoid a deadlock in the case of parents having no common ancestor +df99da19c6c2 powerpc/lib: Avoid array bounds warnings in vec ops +8f9abaa6d7de powerpc/lib: Validate size for vector operations +53edb549565f f2fs: fix to avoid dirent corruption +2adc886244df wifi: ath9k: Fix potential array-index-out-of-bounds read in ath9k_htc_txstatus() +3cc12bb83e67 firmware: arm_scmi: Fix NULL pointer dereference during fastchannel init +1692cf434ba1 perf/x86/intel/uncore: Fix NULL pointer dereference issue in upi_fill_topology() +5082b3e3027e wifi: ath11k: fix race due to setting ATH11K_FLAG_EXT_IRQ_ENABLED too early +f9893fdac319 net: page_pool: fix general protection fault in page_pool_unlist +b719a9c15d52 drm/amd/display: Fix NULL pointer dereference at hibernate +bd68ffce69f6 powerpc/pseries/memhp: Fix access beyond end of drmem array +e2e2aacf042f xhci: fix possible null pointer deref during xhci urb enqueue +3de6ee94aae7 media: v4l: async: Fix duplicated list deletion +3f489c2067c5 binder: fix use-after-free in shinker's callback +876673364161 bpf: Defer the free of inner map when necessary +730651268664 fs: use do_splice_direct() for nfsd/ksmbd server-side-copy +ab125ed3ec1c bpf: fix check for attempt to corrupt spilled pointer +18a433b62061 bpf: track aligned STACK_ZERO cases as imprecise spilled registers +d87c49377d5b x86: intel_epb: Don't rely on link order +72d9b9747e78 ACPI: extlog: fix NULL pointer dereference check +514a1cc940c2 drm/amd/display: Fix array-index-out-of-bounds in dml2 +7a2464fac80d drm/radeon: check the alloc_workqueue return value in radeon_crtc_init() +5759aa4f9560 xfs: update dir3 leaf block metadata after swap +76385d493c21 drm/debugfs: fix potential NULL pointer dereference +41673c66b3d0 mfd: syscon: Fix null pointer dereference in of_syscon_register() +c4fb7d2eac9f soc: qcom: pmic_glink_altmode: fix port sanity check +c692696fc51c media: saa6752hs: Don't set format in sub-device state +dff1eebf2be3 media: adv7183: Don't set format in sub-device state +72c8cb48a4cc media: mt9t112: Don't set format in sub-device state +09aee3995f9e media: rj54n1cb0c: Don't set format in sub-device state +843750fb85fd media: tw9910: Don't set format in sub-device state +e55a9482888d media: ov9640: Don't set format in sub-device state +fca9448ae2f5 drm/imagination: Move dereference after NULL check in pvr_mmu_backing_page_init() +78d60dae9a0c serial: imx: fix tx statemachine deadlock +6b4a64bafd10 bpf: Fix accesses to uninit stack slots +a3c205d0560f ipv6: do not check fib6_has_expires() in fib6_info_release() +870565f063a5 media: rkisp1: Fix IRQ disable race issue +12427de9439d Squashfs: fix variable overflow triggered by sysbot +584db20c181f nilfs2: move page release outside of nilfs_delete_entry and nilfs_set_link +8cf57c6df818 nilfs2: eliminate staggered calls to kunmap in nilfs_rename +0e8d2444168d efivarfs: force RO when remounting if SetVariable is not supported +8b13601d19c5 s390/ptrace: handle setting of fpc register correctly +b988b1bb0053 KVM: s390: fix setting of fpc register +4961acdd65c9 f2fs: fix to tag gcing flag on page during block migration +4f973e211b3b IB/ipoib: Fix mcast list locking +fe0a7776d4d1 wifi: wfx: fix possible NULL pointer dereference in wfx_set_mfp_ap() +39042079a0c2 kmemleak: avoid RCU stalls when freeing metadata for per-CPU pointers +60694edf668a drm/xe: Ensure VMA not userptr before calling xe_bo_is_stolen +a2dd235df435 media: dvbdev: drop refcount on error path in dvb_device_open() +669acc7eec22 powerpc/rtas: Fall back to linear search on failed token->function lookup +e7582edb7861 powerpc/rtas: Move token validation from block_rtas_call() to sys_rtas() +f46c8a75263f powerpc/mm: Fix null-pointer dereference in pgtable_cache_add +6f64f866aa1a block: add check that partition length needs to be aligned with block size +eff9704f5332 bus: mhi: host: Add alignment check for event ring read pointer +45284ff733e4 drm/msm/dpu: Add mutex lock in control vblank irq +a7d84a2e7663 mtd: maps: vmu-flash: Fix the (mtd core) switch to ref counters +3c12466b6b7b erofs: fix lz4 inplace decompression +28dd788382c4 drivers/amd/pm: fix a use-after-free in kv_parse_power_table +59e5791f59dd bpf: Fix a race condition between btf_put() and map_free() +dbf4ab821804 serial: sc16is7xx: convert from _raw_ to _noinc_ regmap functions for FIFO +f200fff8d019 spmi: mtk-pmif: Serialize PMIF status check and command submission +e821d50ab5b9 spmi: mediatek: Fix UAF on device remove +65a618dd7321 drm/amdkfd: svm range always mapped flag not working on APU +04e6ccfc93c5 thermal: core: Fix NULL pointer dereference in zone registration error path +80602b6b5a23 xhci: Fix null pointer dereference during S4 resume when resetting ep0 +86d7d57a3f09 f2fs: fix to check return value of f2fs_recover_xattr_data +01bd694ac2f6 bus: mhi: host: Drop chan lock before queuing buffers +8877243beafa gfs2: Fix kernel NULL pointer dereference in gfs2_rgrp_dump +6914968a0b52 drm/bridge: properly refcount DT nodes in aux bridge drivers +bb57f6705960 iommu: Don't reserve 0-length IOVA region +8892780834ae drm/amd/display: Wake DMCUB before sending a command +b4eecedc75c1 drm/xe: Fix potential deadlock handling page faults +1a545ed74b33 drm/xe: fix pvc unload issue +2988cf02ee30 drm/xe: Fix memory use after free +fc3a5534e2a8 libbpf: Fix NULL pointer dereference in bpf_object__collect_prog_relos +f5c24d94512f dmaengine: fix NULL pointer in channel unregistration function +5db4afe1db56 drm/xe: Fix unreffed ptr leak on engine lookup +7f38e1e1063e drm/xe: fix bounds checking for 'len' in xe_engine_create_ioctl +a00b8f1aae43 drm/xe: fix xe_device_mem_access_get() races +fd84041d094c drm/xe: Make bind engines safe +ca8656a2eb09 drm/xe: skip rebind_list if vma destroyed +07431945d8ae drm/xe: Avoid 64-bit register reads +3a13c2de442d drm/xe/hwmon: fix uaf on unload +8c54ee8a8606 drm/xe: Ensure that we don't access the placements array out-of-bounds +08e4c8c5919f netfilter: nf_tables: mark newset as dead on transaction abort +a43bdc376dea mtd: Fix gluebi NULL pointer dereference caused by ftl notifier +da9065caa594 Bluetooth: Fix atomicity violation in {min,max}_key_size_set +cb4daf271302 drm: Don't unref the same fb many times by mistake due to deadlock handling +88f04bc3e737 power: supply: Fix null pointer dereference in smb2_probe +75cbe49f9e2f drm/xe: Fix UBSAN splat in add_preempt_fences() +ab7a781fd6f8 OPP: Fix _set_required_opps when opp is NULL +315552310c7d sysctl: Fix out of bounds access for empty sysctl registers +4f6ac47b55e3 xfs: fix a use after free in xfs_defer_finish_recovery +d1adb25df711 mm: migrate: fix getting incorrect page mapping during page migration +5ec8e8ea8b77 mm/sparsemem: fix race in accessing memory_section->usage +fea153a84557 bcachefs: rcu protect trans->paths +49f9637aafa6 jfs: fix array-index-out-of-bounds in diNewExt +3027e7b15b02 ice: Fix some null pointer dereference issues in ice_ptp.c +efa56305908b nvmet-tcp: Fix a kernel panic when host sends an invalid H2C PDU length +7839d0078e0d PM: sleep: Fix possible deadlocks in core system-wide PM code +4b5c5f5ad38b drm/amdgpu/gfx11: need acquire mutex before access CP_VMID_RESET v2 +a0b84213f947 kunit: Fix NULL-dereference in kunit_init_suite() if suite->log is NULL +b8d55a90fd55 drm/amdgpu: Fix possible NULL dereference in amdgpu_ras_query_error_status_helper() +9c51f8788b5d perf env: Avoid recursively taking env->bpf_progs.lock +16b2f264983d bpf: sockmap, fix proto update hook to avoid dup calls +fb4cece17b45 scsi: smartpqi: Fix logical volume rescan race condition +55a8210c9e7d apparmor: avoid crash when parsed profile name is empty +0c9ae0b86050 uio: Fix use-after-free in uio_open +93ec4a3b7640 class: fix use-after-free in class_register() +ad362fe07fec KVM: arm64: vgic-its: Avoid potential UAF in LPI translation cache +1e24ce402c97 perf db-export: Fix missing reference count get in call_path_from_sample() +715d82ba636c bpf: Fix re-attachment branch in bpf_tracing_prog_attach +2dd23cc4d0e6 usb: mon: Fix atomicity violation in mon_bin_vma_fault +be12ad45e15b hisi_acc_vfio_pci: Update migration data pointer correctly on saving/resume +59b946ea3080 ASoC: Intel: bxt_da7219_max98357a: Fix kernel ops due to COMP_DUMMY change +3ec71290db4d ASoC: Intel: bxt_rt298: Fix kernel ops due to COMP_DUMMY change +c12ca110c613 PCI: keystone: Fix race condition when initializing PHYs +47bf0f83fc86 drm/amdkfd: Fix lock dependency warning +78996eee79eb riscv: Fix module loading free order +2ad62d16cd24 drm/v3d: Free the job and assign it to NULL if initialization fails +b33fb5b801c6 net: qualcomm: rmnet: fix global oob in rmnet_policy +844f104790bd net: dsa: fix netdev_priv() dereference before check on non-DSA netdevice events +a297d07b9a1e pwm: Fix out-of-bounds access in of_pwm_single_xlate() +4cccb6221cae fs/proc/task_mmu: move mmu notification mechanism inside mm lock +118a8cf504d7 erofs: fix inconsistent per-file compression format +38d20c62903d ksmbd: fix UAF issue in ksmbd_tcp_new_connection() +1f1626ac0428 drm/ttm: fix ttm pool initialization for no-dma-device drivers +19c022252424 drm/xe: Fix modifying exec_queue priority in xe_migrate_init +8049e3954aea drm/xe: Fix bounds checking in __xe_bo_placement_for_flags() +b493ad718b1f ceph: fix deadlock or deadcode of misusing dget() +08ac6f132dd7 drm/bridge: sii902x: Fix probing race issue +22c7fa171a02 bpf: Reject variable offset alu on PTR_TO_FLOW_KEYS +36a87385e31c LoongArch: BPF: Prevent out-of-bounds memory access +ea937f772083 net: netdevsim: don't try to destroy PHC on VFs +850fb7fa8c68 s390/vfio-ap: always filter entire AP matrix +b7c510d04904 arm64/ptrace: Don't flush ZA/ZT storage when writing ZA via ptrace +dc7eb8755797 arm64/sme: Always exit sme_alloc() early with existing storage +cf4a0d840ecc wifi: iwlwifi: fix a memory corruption +bcbc84af1183 wifi: mac80211: fix race condition on enabling fast-xmit +172202152a12 ext4: do not trim the group with corrupted block bitmap +c9b528c35795 ext4: regenerate buddy after block freeing failed if under fc replay +993bf0f4c393 ext4: avoid dividing by 0 in mb_update_avg_fragment_size() when block bitmap corrupt +4530b3660d39 ext4: avoid allocating blocks from corrupted group in ext4_mb_try_best_found() +832698373a25 ext4: avoid allocating blocks from corrupted group in ext4_mb_find_by_goal() +c5f3a3821de4 ext4: mark the group block bitmap as corrupted before reporting an error +efeb7dfea8ee mlxsw: spectrum_acl_tcam: Fix NULL pointer dereference in error path +483ae90d8f97 mlxsw: spectrum_acl_tcam: Fix stack corruption +f546c4282673 btrfs: scrub: avoid use-after-free when chunk length is not 64K aligned +dbc153fd3c14 net/smc: fix illegal rmb_desc access in SMC-D connection dump +76025cc2285d smb: client: fix parsing of SMB3.1.1 POSIX create context +198bc90e0e73 tcp: make sure init the accept_queue's spinlocks once +467739baf636 bnxt_en: Fix possible crash after creating sw mqprio TCs +437a310b2224 firmware: arm_scmi: Check mailbox/SMT channel for consistency +13e788deb734 net/rds: Fix UBSAN: array-index-out-of-bounds in rds_cmsg_recv +3be0b3ed1d76 netfs, fscache: Prevent Oops in fscache_put_cache() +c3d6569a4332 cachefiles, erofs: Fix NULL deref in when cachefiles is not doing ondemand-mode +7ed2632ec7d7 drm/ttm: fix ttm pool initialization for no-dma-device drivers +de8b6e1c231a spi: hisi-sfc-v3xx: Return IRQ_NONE if no interrupts were detected +4373534a9850 scsi: core: Move scsi_host_busy() out of host lock for waking up EH handler +d76fdd31f953 net/mlx5e: Fix peer flow lists handling +edcf9725150e nfsd: fix RELEASE_LOCKOWNER +e169bd4fb2b3 aoe: avoid potential deadlock at set_capacity +f342de4e2f33 netfilter: nf_tables: reject QUEUE/DROP verdict parameters +c5114710c8ce xsk: fix usage of multi-buffer BPF helpers for ZC XDP +ebeae8adf89d ksmbd: fix global oob in ksmbd_nl_policy +9319b647902c mm/writeback: fix possible divide-by-zero in wb_dirty_limits(), again +00aab7dcb226 HID: i2c-hid-of: fix NULL-deref on failed power up +e622502c310f ipmr: fix kernel panic when forwarding mcast packets +a54a594d72f2 xhci: fix possible null pointer dereference at secondary interrupter removal +12783c0b9e2c usb: core: Prevent null pointer dereference in update_port_device_state +61a348857e86 usb: dwc3: gadget: Fix NULL pointer dereference in dwc3_gadget_suspend +30926783a468 serial: core: Fix atomicity violation in uart_tiocmget +881f78f47255 xfs: remove conditional building of rt geometry validator functions +aa2b2eb39348 llc: call sock_orphan() at release time +8b1d72395635 parisc: Fix random data corruption from exception handler +7104ba0f1958 phy: ti: phy-omap-usb2: Fix NULL pointer dereference for SRP +1e560864159d PCI/ASPM: Fix deadlock when enabling ASPM +faf51b201bc4 drm/amd/display: Fix dcn35 8k30 Underflow/Corruption Issue +9c29282ecbee drm/amdkfd: reserve the BO before validating it +4d322dce82a1 af_unix: fix lockdep positive in sk_diag_dump_icons() +7e82a8745b95 pds_core: Prevent race issues involving the adminq +710c69dbaccd nvmet-fc: avoid deadlock on delete association path +e0526ec5360a hv_netvsc: Fix race condition between netvsc_probe and netvsc_remove
\ No newline at end of file |