diff options
author | Sasha Levin <sashal@kernel.org> | 2024-04-16 11:57:16 -0400 |
---|---|---|
committer | Sasha Levin <sashal@kernel.org> | 2024-04-16 11:57:16 -0400 |
commit | 4f3b64f96e6eb46305b37a1c3faa9a775a6dd203 (patch) | |
tree | 098ec88842ed2c5c8b24e2a895a32a72e16e87a5 | |
parent | 48928d5969492180c6cc600237e0113efa54a763 (diff) | |
download | vulns-4f3b64f96e6eb46305b37a1c3faa9a775a6dd203.tar.gz |
Reviews from Sasha
Signed-off-by: Sasha Levin <sashal@kernel.org>
-rw-r--r-- | cve/review/proposed/v6.7.10-sasha | 13 | ||||
-rw-r--r-- | cve/review/proposed/v6.7.11-sasha | 187 | ||||
-rw-r--r-- | cve/review/proposed/v6.7.6-sasha | 112 | ||||
-rw-r--r-- | cve/review/proposed/v6.7.7-sasha | 99 | ||||
-rw-r--r-- | cve/review/proposed/v6.7.8-sasha | 0 | ||||
-rw-r--r-- | cve/review/proposed/v6.7.9-sasha | 58 |
6 files changed, 469 insertions, 0 deletions
diff --git a/cve/review/proposed/v6.7.10-sasha b/cve/review/proposed/v6.7.10-sasha new file mode 100644 index 00000000..32c87f71 --- /dev/null +++ b/cve/review/proposed/v6.7.10-sasha @@ -0,0 +1,13 @@ +767146637efc5 netfilter: nf_conntrack_h323: Add protection for bmp length out of range +c055fc00c07be net/rds: fix WARNING in rds_conn_connect_if_down +685f7d5312645 net/ipv6: avoid possible UAF in ip6_route_mpath_notify() +ef27f655b438b igc: avoid returning frame twice in XDP_REDIRECT +9224fc86f1776 ice: fix uninitialized dplls mutex usage +06e456a05d669 net: ice: Fix potential NULL pointer dereference in ice_bridge_setlink() +2652b99e43403 ice: virtchnl: stop pretending to support RSS over AQ or registers +89d72d4125e94 net: sparx5: Fix use after free inside sparx5_del_mact_entry +1ca1ba465e55b geneve: make sure to pull inner header in geneve_rx() +51270d573a8d9 tracing/net_sched: Fix tracepoints that save qdisc_dev() as a string +b7cf07586c40f net/mlx5e: Use a memory barrier to enforce PTP WQ xmit submission tracking occurs after populating the metadata_map +1eecc7ab82c42 net: lan78xx: fix runtime PM count underflow on link stop +8076fcde016c9 x86/rfds: Mitigate Register File Data Sampling (RFDS) diff --git a/cve/review/proposed/v6.7.11-sasha b/cve/review/proposed/v6.7.11-sasha new file mode 100644 index 00000000..b11b8dd8 --- /dev/null +++ b/cve/review/proposed/v6.7.11-sasha @@ -0,0 +1,187 @@ +df7ecce842b84 x86/efistub: Don't clear BSS twice in mixed mode +a20ad45008a7c spi: spi-mt65xx: Fix NULL pointer access in interrupt handler +7eaf837a4eb5f netfilter: nf_tables: Fix a memory leak in nf_tables_updchain +50e60de381c34 octeontx2-af: Use separate handlers for interrupts +a88e0f936ba9a octeontx2: Detect the mbox up or down message via register +d27e2da94a426 net/bnx2x: Prevent access to a freed page in page_pool +55e565c42dce8 dm-integrity: fix a memory leak when rechecking the data +32fa4366cc4da net: phy: fix phy_read_poll_timeout argument type in genphy_loopback +bba045dc4d996 wireguard: receive: annotate data-race around receiving_counter.counter +d5c0ed17fea60 virtio: packed: fix unmap leak for indirect desc table +6ebfad33161af packet: annotate data-races around ignore_outgoing +de105068fead5 nvme: fix reconnection fail due to reserved tag allocation +e30cef001da25 net: txgbe: fix clk_name exceed MAX_DEV_ID limits +ddbec99f58571 hsr: Fix uninit-value access in hsr_get_node() +04d9d1fc428ac tcp: Fix refcnt handling in __inet_hash_connect(). +72ebb41b88f9d soc: fsl: dpio: fix kcalloc() argument order +343041b59b781 net/sched: taprio: proper TCA_TAPRIO_TC_ENTRY_INDEX check +2a750d6a5b365 rds: tcp: Fix use-after-free of net in reqsk_timer_handler(). +2ae0ab0143fcc spi: lpspi: Avoid potential use-after-free in probe() +ca93bf607a44c thermal/drivers/mediatek/lvts_thermal: Fix a memory leak in an error handling path +f31e0d0c2cad2 ASoC: tlv320adc3xxx: Don't strip remove function when driver is builtin +2b4b90e053a29 x86/hyperv: Use per cpu initial stack for vtl context +f53641a6e8490 comedi: comedi_test: Prevent timers rescheduling during deletion +cfa9ba1ae0bef comedi: comedi_8255: Correct error in subdevice initialization +dd839f31d7cd5 bcachefs: install fd later to avoid race with close +719fcafe07c12 nfs: fix panic when nfs4_ff_layout_prepare_ds() fails +9f0c4a46be1fe f2fs: fix to truncate meta inode pages forcely +fd5860ab63415 NFS: Fix nfs_netfs_issue_read() xarray locking for writeback interrupt +992cf65674778 Input: iqs7222 - add support for IQS7222D v1.1 and v1.2 +251a658bbfcea NFSv4.2: fix nfs4_listxattr kernel BUG at mm/usercopy.c:102 +7a8bccd8b29c3 RDMA/device: Fix a race between mad_client and cm_client init +21ec68234826b f2fs: fix to avoid potential panic during recovery +2f9420d3a94ae f2fs: compress: fix to cover f2fs_disable_compressed_file() w/ i_sem +c2034ef6192a6 f2fs: fix NULL pointer dereference in f2fs_submit_page_write() +b896e302f7967 f2fs: fix to remove unnecessary f2fs_bug_on() to avoid panic +fd244524c2cf0 f2fs: compress: fix to cover normal cluster write with cp_rwsem +8a430dd49e9cb f2fs: compress: fix to guarantee persisting compressed blocks by CP +c21a8870c9861 RDMA/srpt: Do not register event handler until srpt device is fully setup +3c4f53b2c341e scsi: hisi_sas: Fix a deadlock issue related to automatic dump +c062166995c9e ALSA: hda/realtek: fix ALC285 issues on HP Envy x360 laptops +f3dc1bdb6b0b0 cifs: Fix writeback data corruption +c40497d823871 cifs: Don't use certain unnecessary folio_*() functions +a9540e35624d1 smb: do not test the return value of folio_start_writeback() +7938e9ce39d67 clk: zynq: Prevent null pointer dereference caused by kmalloc failure +24338a6ae13cb sparc32: Fix section mismatch in leon_pci_grpci +551ee0f210991 drm/msm/dpu: add division of drm_display_mode's hskew parameter +7d474b43087aa clk: qcom: gcc-ipq5018: fix register offset for GCC_UBI0_AXI_ARES reset +11b752ac5a07c clk: qcom: gcc-ipq5018: fix 'halt_reg' offset of 'gcc_pcie1_pipe_clk' +f982adcc1b1c0 clk: qcom: gcc-ipq5018: fix 'enable_reg' offset of 'gcc_gmac0_sys_clk' +ad86d7ee43b22 powerpc/hv-gpci: Fix the H_GET_PERF_COUNTER_INFO hcall return value checks +cda9c0d556283 powerpc/pseries: Fix potential memleak in papr_get_attr() +c958e86e9cc1b drm/mediatek: Fix a null pointer crash in mtk_drm_crtc_finish_page_flip +73984daf07a1a drm/tests: helpers: Include missing drm_drv header +d0b07f712bf61 media: ttpci: fix two memleaks in budget_av_attach +b9b683844b01d media: go7007: fix a memleak in go7007_load_encoder +7a4cf27d1f053 media: dvb-frontends: avoid stack overflow warnings with clang +0a0b79ea55de8 media: pvrusb2: fix uaf in pvr2_context_set_notify +c1db0073212ef HID: amd_sfh: Avoid disabling the interrupt +ef5de1613d7d9 perf pmu: Fix a potential memory leak in perf_pmu__lookup() +e63df1ec9a16d crypto: jitter - fix CRYPTO_JITTERENTROPY help text +32e5a120a5105 drm/tegra: put drm_gem_object ref on error in tegra_fb_create +aeedaee5ef546 drm/bridge: adv7511: fix crash on irq during probe +baf67aefbe7d7 PCI: Mark 3ware-9650SE Root Port Extended Tags as broken +49e27d3c9cd67 drm/msm/dpu: finalise global state object +a106ed98af684 drm/msm/dpu: use devres-managed allocation for HW blocks +1e897dcc4c673 drm/msm/dpu: use devres-managed allocation for MDP TOP +f6aed043ee5d7 drm/amd/display: Add 'replay' NULL check in 'edp_set_replay_allow_active()' +30baa4a96b23a media: pvrusb2: fix pvr2_stream_callback casts +95ac1210fb275 media: pvrusb2: remove redundant NULL check +0b70530ee7408 media: go7007: add check of return value of go7007_read_addr() +4797a3dd46f22 media: imx: csc/scaler: fix v4l2_ctrl_handler memory leak +3a11887f7f11a media: cedrus: h265: Fix configuring bitstream size +aebfdfe39b932 NTB: fix possible name leak in ntb_register_device() +aa1267e673fe5 drm: ci: use clk_ignore_unused for apq8016 +98f681b0f84cf ASoC: SOF: Add some bounds checking to firmware data +2a3cfb9a24a28 drm/amd/display: fix NULL checks for adev->dm.dc in amdgpu_dm_fini() +c4891d979c766 drm/radeon/ni: Fix wrong firmware size logging in ni_init_microcode() +06267d22f9ee6 drm/msm/dpu: Only enable DSC_MODE_MULTIPLEX if dsc_merge is enabled +2f4a67a3894e1 drm/msm/dpu: fix the programming of INTF_CFG2_DATA_HCTL_EN +3b63880de42bd dt-bindings: msm: qcom, mdss: Include ommited fam-b compatible +a853450bf4c75 crypto: xilinx - call finalize with bh disabled +d0aa72604fbd8 quota: Fix potential NULL pointer dereference +8c64f4cdf4e6c media: edia: dvbdev: fix a use-after-free +8f94b49a5b5d3 media: v4l2-mem2mem: fix a memleak in v4l2_m2m_register_entity +8cf9c5051076e media: v4l2-tpg: fix some memleaks in tpg_alloc +ba535bce57e71 clk: meson: Add missing clocks to axg_clk_regmaps +9ccfe80d022df drm/amd/display: Fix potential NULL pointer dereferences in 'dcn10_set_output_transfer_func()' +4b09715f1504f drm/amd/display: Fix a potential buffer overflow in 'dp_dsc_clock_en_read()' +2814646f76f85 HID: lenovo: Add middleclick_workaround sysfs knob for cptkbd +222be59e5eed1 ASoC: SOF: amd: Fix memory leak in amd_sof_acp_probe() +04ae3eb470e52 drm/lima: fix a memleak in lima_heap_alloc +89709105a6091 drm/vmwgfx: fix a memleak in vmw_gmrid_man_get_node +47a145c03484d drm/rockchip: inno_hdmi: Fix video timing +643ae131b8598 drm/tegra: hdmi: Fix some error handling paths in tegra_hdmi_probe() +afe6fcb977588 drm/tegra: dsi: Add missing check for of_find_device_by_node +65e8fbde64520 dm: call the resume method on internal suspend +84e95149bd341 nfp: flower: handle acti_netdevs allocation failure +28330ceb953e3 OPP: debugfs: Fix warning around icc_get_name() +0f28be64d132a erofs: fix lockdep false positives on initializing erofs_pseudo_mnt +2c88c16dc20e8 erofs: fix handling kern_mount() failure +0fbcf2366ba98 net: hns3: fix kernel crash when 1588 is received on HIP08 devices +4469c0c5b14a0 net: phy: fix phy_get_internal_delay accessing an empty array +b0ec2abf98267 net: ip_tunnel: make sure to pull inner header in ip_tunnel_rcv() +7a4b21250bf79 bpf: Fix stackmap overflow check on 32-bit arches +6787d916c2cf9 bpf: Fix hashtab overflow check on 32-bit arches +281d464a34f54 bpf: Fix DEVMAP_HASH overflow check on 32-bit arches +947ec0d002dce Bluetooth: fix use-after-free in accessing skb after sending it +f7b94bdc1ec10 Bluetooth: af_bluetooth: Fix deadlock +79f4127a502c5 Bluetooth: btusb: Fix memory leak +a6e06258f4c31 Bluetooth: msft: Fix memory leak +81137162bfaa7 Bluetooth: hci_core: Fix possible buffer overflow +de4e88ec58c42 Bluetooth: btrtl: fix out of bounds memory access +4fc82cd907ac0 iommu/vt-d: Don't issue ATS Invalidation request when device is disconnected +b4152222e04cb wifi: brcm80211: handle pmk_op allocation failure +a51ab63b297ce ACPI: CPPC: enable AMD CPPC V2 support for family 17h processors +3cfcfc102a5e5 SUNRPC: fix some memleaks in gssx_dec_option_array +e67b652d8e859 SUNRPC: fix a memleak in gss_import_v2_context +aaa8736370db1 x86, relocs: Ignore relocations in .notes section +021a67d096154 ACPI: resource: Add MAIBENBEN X577 to irq1_edge_low_force_override +0d776cfd5e5b5 gpiolib: Pass consumer device through to core in devm_fwnode_gpiod_get_index() +0ff08803eca41 arm64: dts: imx8mp-evk: Fix hdmi@3d node +a5a5f4413d91f wifi: mt76: mt7925e: fix use-after-free in free_irq() +c957280ef6ab6 wifi: mt76: mt7921e: fix use-after-free in free_irq() +8536ef0aeae11 wifi: mt76: mt7925: add support to set ifs time by mcu command +f1d71576d2c9e firmware: arm_scmi: Fix double free in SMC transport cleanup path +0feda94c868d3 iommu/amd: Mark interrupt as managed +e18afcb7b2a12 ACPI: processor_idle: Fix memory leak in acpi_processor_power_exit() +cb5942b77c05d wifi: wilc1000: prevent use-after-free on vif when cleaning up all interfaces +178c54666f9c4 bpf: Mark bpf_spin_{lock,unlock}() helpers with notrace correctly +d5bd4041cd70f wifi: iwlwifi: mvm: don't set replay counters to 0xff +903fad4394666 tools/resolve_btfids: Fix cross-compilation to non-host endianness +d04d5882cd678 printk: Disable passing console lock owner completely during panic() +b1c4c67a5e90d printk: ringbuffer: Skip non-finalized records in panic +584528d621459 printk: ringbuffer: Cleanup reader terminology +36652d0f3bf34 printk: Add this_cpu_in_panic() +95d739ed962c9 arm64: dts: qcom: sm6115: declare VLS CLAMP register for USB3 PHY +acb94d67f5a23 arm64: dts: qcom: qcm2290: declare VLS CLAMP register for USB3 PHY +b8cfb7c819dd3 wifi: wfx: fix memory leak when starting AP +92a871ab9fa59 libbpf: Use OPTS_SET() macro in bpf_xdp_query() +cfdb4f7ffdb85 arm64: dts: ti: k3-am69-sk: remove assigned-clock-parents for unused VP +5f0e4aede01cb wifi: libertas: fix some memleaks in lbs_allocate_cmd_buffer() +296f3e926716d wifi: iwlwifi: acpi: fix WPFC reading +24355fcb0d4cb wifi: ath9k: delay all of ath9k_wmi_event_tasklet() until init is complete +5136ea6b109de arm64: dts: imx8qm: Correct edma3 power-domains and interrupt numbers +2ef61296d2844 selftests/bpf: Disable IPv6 for lwt_redirect test +fd5821a1a83c9 arm64: dts: qcom: sa8540p: Drop gfx.lvl as power-domain for gpucc +883957bee580b pmdomain: qcom: rpmhpd: Drop SA8540P gfx.lvl +5155e48128826 soc: qcom: socinfo: rename PM2250 to PM4125 +f661017e6d326 cpufreq: brcmstb-avs-cpufreq: add check for cpufreq_cpu_get's return value +328efda22af81 wifi: wilc1000: do not realloc workqueue everytime an interface is added +1213acb478a71 wifi: rtl8xxxu: add cancel_work_sync() for c2hcmd_work +9636951e4468f wifi: b43: Stop/wake correct queue in DMA Tx path when QoS is disabled +ad25ee36f0017 wifi: ath10k: fix NULL pointer dereference in ath10k_wmi_tlv_op_pull_mgmt_tx_compl_ev() +14274d0bd31b4 timekeeping: Fix cross-timestamp interpolation for non-x86 +54e35eb8611cc x86/resctrl: Read supported bandwidth sources from CPUID +0976783bb123f x86/resctrl: Remove hard-coded memory bandwidth limit +f98364e926626 aoe: fix the potential use-after-free problem in aoecmd_cfg_pkts +8ede3db5061bb io_uring/net: fix overflow check in io_recvmsg_mshot_prep() +c55978024d123 io_uring/net: move receive multishot out of the generic msghdr path +52307ac4f2b50 io_uring/net: unify how recvmsg and sendmsg copy in the msghdr +03f12122b20b6 block: fix deadlock between bd_link_disk_holder and partition scan +6cf3506587366 md: fix kmemleak of rdev->serial +c3116e62ddeff s390/dasd: fix double module refcount decrement +15930da42f898 workqueue: Don't call cpumask_test_cpu() with -1 CPU in wq_update_node_max_active() +5797b1c18919c workqueue: Implement system-wide nr_active enforcement for unbound workqueues +3948abaa4e2be do_sys_name_to_handle(): use kzalloc() to fix kernel-infoleak +963465a33141d Input: gpio_keys_polled - suppress deferred probe error for gpio +b3a51137607ce ASoC: amd: yc: Add HP Pavilion Aero Laptop 13-be2xxx(8BD6) into DMI quirk table +6214e24cae9b1 ALSA: hda/realtek: Add quirks for Lenovo Thinkbook 16P laptops +f8b0127aca8c6 ASoC: Intel: bytcr_rt5640: Add an extra entry for the Chuwi Vi8 tablet +34b567868777e perf: RISCV: Fix panic on pmu overflow handler +2535b848fa0f4 Bluetooth: rfcomm: Fix null-ptr-deref in rfcomm_check_security +ed00a6945dc32 ASoC: amd: yc: Fix non-functional mic on Lenovo 21J2 +50ee641643dd0 ASoC: amd: yc: Add Lenovo ThinkBook 21J0 into DMI quirk table +45532b21dc2a6 net: smsc95xx: add support for SYS TEC USB-SPEmodule1 +c7bb26b847e5b btrfs: fix data race at btrfs_use_block_rsv() when accessing block reserve +e06cc89475edd btrfs: fix data races when accessing the reserved amount of block reserves +32019c659ecfe x86/mm: Disallow vsyscall page read for copy_from_kernel_nofault() +4d5e86a56615c RDMA/mlx5: Fix fortify source warning while accessing Eth segment +c40aad7c81e5f ASoC: SOF: ipc4-pcm: Workaround for crashed firmware on system suspend +1741a8269e1c5 HID: multitouch: Add required quirk for Synaptics 0xcddc device +3693bb4465e6e x86/xen: Add some null pointer checking to smp.c +f7fe85b229bc3 ASoC: amd: yc: Fix non-functional mic on Lenovo 82UU +8f44e3808200c spi: intel-pci: Add support for Lunar Lake-M SPI serial flash +551539a8606e2 ASoC: rt5645: Make LattePanda board DMI match more precise +b979f2d50a099 soc: qcom: pmic_glink_altmode: fix drm bridge use-after-free +aec7d25b497ce platform/x86: p2sb: On Goldmont only cache P2SB and SPI devfn BAR diff --git a/cve/review/proposed/v6.7.6-sasha b/cve/review/proposed/v6.7.6-sasha new file mode 100644 index 00000000..f3e3a8c8 --- /dev/null +++ b/cve/review/proposed/v6.7.6-sasha @@ -0,0 +1,112 @@ +bd504bcfec41a dm: limit the number of targets and parameter size area +5bc09b397cbf1 nilfs2: fix potential bug in end_buffer_async_write +27c5a095e2518 netfilter: ipset: Missing gc cancellations fixed +97f7cf1cd80ee netfilter: ipset: fix performance regression in swap operation +2394ac4145ea9 tracing: Inform kmemleak of saved_cmdlines allocation +bdbddb109c753 tracing: Fix HAVE_DYNAMIC_FTRACE_WITH_REGS ifdef +efe7cf828039a can: j1939: Fix UAF in j1939_sk_match_filter during setsockopt(SO_J1939_FILTER) +6cdedc18ba7b9 can: j1939: prevent deadlock by changing j1939_socks_lock to rwlock +fa765c4b4aed2 xen/events: close evtchn after mapping cleanup +79d72c68c5878 fs,hugetlb: fix NULL pointer dereference in hugetlbs_fill_super +cda4672da1c26 ceph: prevent use-after-free in encode_cap_msg() +9cae43da98674 hv_netvsc: Register VF in netvsc_probe if NET_DEVICE_REGISTER missed +46f5ab762d048 fs: relax mount_setattr() permission checks +30369084ac6e2 tools/rtla: Fix clang warning about mount_point var size +610010737f744 ASoC: amd: yc: Add DMI quirk for Lenovo Ideapad Pro 5 16ARP8 +fe752331d4b36 KVM: s390: vsie: fix race during shadow creation +4860abb91f3d7 smb: Fix regression in writes when non-standard maximum write size negotiated +4508ec1735709 smb: client: set correct id, uid and cruid for multiuser automounts +8b02da04ad978 irqchip/gic-v3-its: Restore quirk probing for ACPI-based systems +24c890dd712f6 crypto: algif_hash - Remove bogus SGL free on zero-length error path +ccb88e9549e7c crypto: ccp - Fix null pointer dereference in __sev_platform_shutdown_locked +38296afe3c6ee nilfs2: fix hang in nilfs_lookup_dirty_data_buffers() +67b8bcbaed477 nilfs2: fix data corruption in dsync block recovery for small block sizes +4639c5021029d ALSA: hda/conexant: Add quirk for SWS JS201D +32f03f4002c5d ALSA: hda/realtek: fix mute/micmute LED For HP mt645 +a37ee9e117ef7 io_uring/net: fix multishot accept overflow handling +a8b9cf62ade1b ftrace: Fix DIRECT_CALLS to use SAVE_REGS by default +66bbea9ed6446 ring-buffer: Clean ring_buffer_poll_wait() error return +e0526ec5360a4 hv_netvsc: Fix race condition between netvsc_probe and netvsc_remove +deb110292180c drm/amd/display: Preserve original aspect ratio in create stream +e6a7df96facdc drm/amd/display: Fix MST Null Ptr for RV +8746c6c9dfa31 drm/buddy: Fix alloc_range() error handling code +042b5f83841fb drm/nouveau: fix several DMA buffer leaks +108a020c64434 ksmbd: free aux buffer if ksmbd_iov_pin_rsp_read fails +ca185770db914 eventfs: Keep all directory links at 1 +12d823b31fadf eventfs: Remove fsnotify*() functions from lookup() +264424dfdd5cb eventfs: Restructure eventfs_inode structure to be more condensed +5a49f996046ba eventfs: Warn if an eventfs_inode is freed without is_freed being set +43aa6f97c2d03 eventfs: Get rid of dentry pointers without refcounts +8dce06e98c70a eventfs: Clean up dentry ops and add revalidate function +408600be78cdb eventfs: Remove unused d_parent pointer field +49304c2b93e4f tracefs: dentry lookup crapectomy +99c001cb617df tracefs: Avoid using the ei->dentry pointer unnecessarily +4fa4b010b83fb eventfs: Initialize the tracefs inode properly +d81786f53aec1 tracefs: Zero out the tracefs_inode when allocating it +834bf76add3e6 eventfs: Save directory inodes in the eventfs_inode structure +1057066009c43 eventfs: Use kcalloc() instead of kzalloc() +852e46e239ee6 eventfs: Do not create dentries nor inodes in iterate_shared +53c41052ba312 eventfs: Have the inodes all for files and directories all be the same +1de94b52d5e8d eventfs: Shortcut eventfs_iterate() by skipping entries already read +704f960dbee2f eventfs: Read ei->entries before ei->children in eventfs_iterate() +1e4624eb5a0ec eventfs: Do ctx->pos update for all iterations in eventfs_iterate() +e109deadb7331 eventfs: Have eventfs_iterate() stop immediately if ei->is_freed is set +493ec81a8fb8e eventfs: Stop using dcache_readdir() for getdents() +b0f7e2d739b4a eventfs: Remove "lookup" parameter from create_dir/file_dentry() +6a9d552483d50 media: rc: bpf attach/detach requires write permission +c41336f4d6905 pmdomain: mediatek: fix race conditions with genpd +95a0d596bbd05 iio: core: fix memleak in iio_device_register_sysfs +9b6326354cf9a tracing/synthetic: Fix trace_string() return value +44dc5c41b5b12 tracing: Fix wasted memory in saved_cmdlines logic +1389358bb008e tracing/timerlat: Move hrtimer_init to timerlat_fd open() +1513664f34028 ALSA: hda/realtek: fix mute/micmute LEDs for HP ZBook Power +fcfc9f711d1e2 ALSA: hda/realtek - Add speaker pin verbtable for Dell dual speaker platform +c7de2d9bb68a5 ALSA: hda/realtek: Enable headset mic on Vaio VJFE-ADL +8b1d72395635a parisc: Fix random data corruption from exception handler +37e8c97e53901 net: hsr: remove WARN_ONCE() in send_hsr_supervision_frame() +bfb007aebe6bf nfc: nci: free rx_data_reassembly skb on NCI device cleanup +2468e8922d2f6 ALSA: hda/realtek: Apply headset jack quirk for non-bass alc287 thinkpads +99b817c173cd2 lsm: fix the logic in security_inode_getsecctx() +faf51b201bc42 drm/amd/display: Fix dcn35 8k30 Underflow/Corruption Issue +39079fe8e6608 drm/amd/display: fix incorrect mpc_combine array size +7330256268664 drm/amdgpu: Reset IH OVERFLOW_CLEAR bit +9c64e749cebd9 drm/virtio: Set segment size for virtio_gpu device +9163616853190 Revert "drm/amd: flush any delayed gfxoff on suspend entry" +977fe773dcc70 scsi: Revert "scsi: fcoe: Fix potential deadlock on &fip->ctlr_lock" +337cebbd850f9 mptcp: really cope with fastopen race +013e3179dbd2b mptcp: fix rcv space initialization +b6c620dc43ccb mptcp: fix data re-injection from stale subflow +0846dd77c8349 powerpc/iommu: Fix the missing iommu_group_put() during platform domain attach +f1acb109505d9 powerpc/kasan: Limit KASAN thread size increase to 32KB +83ef106fa732a i2c: qcom-geni: Correct I2C TRE sequence +cffe487026be1 cifs: fix underflow in parse_server_interfaces() +41044d5360685 PCI: Fix active state requirement in PME polling +ed8b94f6e0acd powerpc/pseries/iommu: Fix iommu initialisation during DLPAR add +dc9ceb90c4b42 media: ir_toy: fix a memleak in irtoy_tx +61a348857e869 usb: dwc3: gadget: Fix NULL pointer dereference in dwc3_gadget_suspend +12783c0b9e2c7 usb: core: Prevent null pointer dereference in update_port_device_state +cc509b6a47e7c usb: chipidea: core: handle power lost in workqueue +b2d2d7ea0dd09 usb: f_mass_storage: forbid async queue when shutdown happen +3caf2b2ad7334 usb: ulpi: Fix debugfs directory leak +c1d6708bf0d3d HID: wacom: Do not register input devices until after hid_hw_start +f0d78972f27dc ALSA: hda/realtek: Enable Mute LED on HP Laptop 14-fq0xxx +c6dce23ec993f ASoC: amd: yc: Add DMI quirk for MSI Bravo 15 C7VF +0a9bab391e336 dm-crypt, dm-verity: disable tasklets +39126abc5e206 nouveau: offload fence uevents work to workqueue +0958b33ef5a04 tracing/trigger: Fix to return error if failed to alloc snapshot +73d9629e1c8c1 i40e: Do not allow untrusted VF to remove administratively set MAC +962ac2dce56bb drm/i915/dsc: Fix the macro that calculates DSCC_/DSCA_ PPS reg address +6ef5d5b92f711 ASoC: rt5645: Fix deadlock in rt5645_jack_detect_work() +32b55c5ff9103 net: tls: fix use-after-free with partial reads and async decrypt +e01e3934a1b2d tls: fix race between tx work scheduling and socket close +aec7961916f3f tls: fix race between async notify and socket close +c57ca512f3b68 net: tls: factor out tls_*crypt_async_wait() +15faa1f67ab40 lan966x: Fix crash when adding interface under a lag +4e1d71cabb19e net/handshake: Fix handshake_req_destroy_test1 +aa1eec2f546f2 net/mlx5: DPLL, Fix possible use after free after delayed work timer triggers +53c0441dd2c44 dpll: fix possible deadlock during netlink dump operation +bb6f4dbe2639d selftests/landlock: Fix capability for net_test +5571e41ec6e56 btrfs: don't drop extent_map for free space inode on write error +e03ee2fe873eb btrfs: do not ASSERT() if the newly created subvolume already got read +68fb3ca0e408e update workarounds for gcc "asm goto" issue +4356e9f841f7f work around gcc bugs with 'asm goto' with outputs diff --git a/cve/review/proposed/v6.7.7-sasha b/cve/review/proposed/v6.7.7-sasha new file mode 100644 index 00000000..0dcb9a88 --- /dev/null +++ b/cve/review/proposed/v6.7.7-sasha @@ -0,0 +1,99 @@ +e3b63e966cac0 mm: zswap: fix missing folio cleanup in writeback race path +9671761792156 drm/amd/display: fix null-pointer dereference on edid reading +bae67893578d6 drm/amd/display: Fix memory leak in dm_sw_fini() +d2b48f340d9e4 drm/amd/display: Fix potential null pointer dereference in dc_dmub_srv +7d2a894d7f487 phonet/pep: fix racy skb_queue_empty() use +5d78b73e85145 tools: ynl: don't leak mcast_groups on init error +8762785f459be netfilter: nft_flow_offload: release dst in case direct xmit path is used +9e0f0430389be netfilter: nft_flow_offload: reset dst in route object after setting up flow +bccebf6470173 netfilter: nf_tables: set dormant flag on hook register failure +4cd12c6065dfc bpf, sockmap: Fix NULL pointer dereference in sk_psock_verdict_data_ready() +56667da7399eb net: implement lockless setsockopt(SO_PEEK_OFF) +a7d6027790ace arp: Prevent overflow in arp_req_get(). +def689fc26b9a devlink: fix possible use-after-free and memory leaks in devlink_init() +5559cea2d5aa3 ipv6: sr: fix possible use-after-free and null-ptr-deref +6ea38e2aeb723 afs: Increase buffer size in afs_update_volume_status() +6f7d0f5fd8e44 platform/x86: think-lmi: Fix password opcode ordering for workstations +0281b919e175b bpf: Fix racing between bpf_timer_cancel_and_free and bpf_timer_cancel +a5c57fd2e9bd1 powerpc/pseries/iommu: DLPAR add doesn't completely initialize pci_controller +97dde84026339 net: stmmac: Fix incorrect dereference in interrupt handlers +166c2c8a6a4dc net/sched: act_mirred: don't override retval if we already lost the skb +52f671db18823 net/sched: act_mirred: use the backlog for mirred ingress +66b60b0c8c4a1 dccp/tcp: Unhash sk from ehash for tb2 alloc failure after check_estalblished(). +dc489f86257ca net: bridge: switchdev: Skip MDB replays of deferred events on offload +5761eb9761d2d scsi: smartpqi: Fix disable_managed_interrupts +2127c60438366 xsk: Add truesize to skb_add_rx_frag(). +5ba4e6d5863c5 RDMA/qedr: Fix qedr_create_user_qp error flow +fdfa083549de5 RDMA/srpt: Support specifying the srpt_service_guid parameter +666047f3ece9f RDMA/irdma: Set the CQ read threshold for GEN 1 +bd97cea7b18a0 RDMA/irdma: Fix KASAN issue with tasklet +809aa64ebff51 IB/hfi1: Fix a memleak in init_credit_return +a538dabf772c1 Revert "drm/amd/display: increased min_dcfclk_mhz and min_fclk_mhz" +97cba232549b9 drm/amd/display: Fix buffer overflow in 'get_host_router_total_dp_tunnel_bw()' +45be0882c5f91 smb3: add missing null server pointer check +51af8f255bdac ahci: Extend ASM1061 43-bit DMA address quirk to other ASM106x parts +967d3c27127e7 mptcp: fix data races on remote_id +1c9be13846c0b usb: roles: fix NULL pointer issue when put module's reference +76c51146820c5 usb: gadget: ncm: Avoid dropping datagrams of properly parsed NTBs +5fd9e45f1ebcd usb: cdns3: fix memory double free when handle zero packet +cd45f99034b0c usb: cdns3: fixed memory use after free at cdns3_gadget_ep_disable() +b191a18cb5c47 usb: dwc3: gadget: Don't disconnect if not started +66ad2fbcdbeab dm-integrity, dm-verity: reduce stack usage for recheck +359e54a93ab43 l2tp: pass correct message length to ip6_append_data +fb33a46cd75e1 irqchip/mbigen: Don't use bus_get_dev_root() to find the parent +c0ec2a712daf1 crypto: virtio/akcipher - Fix stack overflow on memcpy +136cfaca22567 gtp: fix use-after-free and null-ptr-deref in gtp_genl_dump_pdp() +9e46c70e829bd md: Don't suspend the array for interrupted reshape +e21a2f17566cb cachefiles: fix memory leak in cachefiles_add_cache() +dbcbfd662a725 platform/x86: touchscreen_dmi: Allow partial (prefix) matches for ACPI names +13ddaf26be324 mm/swap: fix race when skipping swapcache +de959094eb219 scsi: target: pscsi: Fix bio_put() for error case +eef5c7b28dbec cxl/pci: Skip to handle RAS errors if CXL.mem device is detached +50c70240097ce dm-crypt: don't modify the data when using authenticated encryption +1eb1e984379e2 lib/Kconfig.debug: TEST_IOV_ITER depends on MMU +b820de741ae48 fs/aio: Restrict kiocb_set_cancel_fn() to I/O submitted via libaio +bd915ae73a2d7 drm/meson: Don't remove bridges which are created by other drivers +e42b9d8b9ea26 btrfs: defrag: avoid unnecessary defrag caused by incorrect extent size +752cd08da320a LoongArch: Update cpu_sibling_map when disabling nonboot CPUs +1001db6c42e40 LoongArch: Disable IRQ before init_fn() for nonboot CPUs +baf8361e54550 x86/bugs: Add asm helpers for executing VERW +e6f57c6881916 IB/hfi1: Fix sdma.h tx->num_descs off-by-one error +5f3bce13266e6 drm/amd/display: Request usb4 bw for mst streams +cca5efe77a6a2 LoongArch: vDSO: Disable UBSAN instrumentation +4551b30525cf3 LoongArch: Change acpi_core_pic[NR_CPUS] to acpi_core_pic[MAX_CORE_PIC] +b513d30d59bb3 scsi: ufs: core: Fix shift issue in ufshcd_clear_cmd() +de1034b38a346 efi: runtime: Fix potential overflow of soft-reserved region size +731ab1f982880 fs/ntfs3: Fix oob in ntfs_listxattr +652cfeb43d6b9 fs/ntfs3: Fixed overflow check in mi_enum_attr() +aaab47f204aaf fs/ntfs3: Add NULL ptr dereference checking at the end of attr_allocate_frame() +4255447ad34c5 Input: i8042 - add Fujitsu Lifebook U728 to i8042 quirk table +710c69dbaccda nvmet-fc: avoid deadlock on delete association path +70fbfc47a392b nvme-fc: do not wait in vain when unloading module +eaa1b01fe709d ALSA: usb-audio: Ignore clock selector errors for single connection +daf3f0f99cde9 ASoC: wm_adsp: Don't overwrite fwf_name with the default +2ff33c759a424 drm/amd/display: increased min_dcfclk_mhz and min_fclk_mhz +80441f76ee670 Input: xpad - add Lenovo Legion Go controllers +6500ad28fd5d6 spi: sh-msiof: avoid integer overflow in constants +346f59d1e8ed0 ALSA: usb-audio: Check presence of valid altsetting control +f3be347ea42db usb: ucsi_acpi: Quirk to ack a connector change ack cmd +47c5dd66c1840 nvmet-tcp: fix nvme tcp ida memory leak +b6eda11c44dc8 HID: nvidia-shield: Add missing null pointer checks to LED initialization +6e2276203ac9f dmaengine: ti: edma: Add some null pointer checks to the edma_probe +180a8f12c21f4 Input: goodix - accept ACPI resources with gpio_count == 3 && gpio_int_idx == 0 +832698373a259 ext4: avoid allocating blocks from corrupted group in ext4_mb_find_by_goal() +4530b3660d396 ext4: avoid allocating blocks from corrupted group in ext4_mb_try_best_found() +993bf0f4c393b ext4: avoid dividing by 0 in mb_update_avg_fragment_size() when block bitmap corrupt +1abdf288b0ef5 platform/x86: touchscreen_dmi: Add info for the TECLAST X16 Plus tablet +20730e9b27787 ahci: add 43-bit DMA address quirk for ASMedia ASM1061 controllers +e169bd4fb2b36 aoe: avoid potential deadlock at set_capacity +0077a504e1a44 ahci: asm1166: correct count of reported ports +8deb05c84b63b smb: Work around Clang __bdos() type confusion +13f3956eb5681 block: Fix WARNING in _copy_from_iter +de8b6e1c231a9 spi: hisi-sfc-v3xx: Return IRQ_NONE if no interrupts were detected +8afe3c7fcaf72 spi: intel-pci: Add support for Arrow Lake SPI serial flash +bcbc84af1183c wifi: mac80211: fix race condition on enabling fast-xmit +6386f6c995b3a dmaengine: fsl-qdma: increase size of 'irq_name' +83ab68168a3d9 scsi: target: core: Add TMF to tmr_list handling +12c16919652b5 tools: selftests: riscv: Fix compile warnings in mm tests +fb4cece17b458 scsi: smartpqi: Fix logical volume rescan race condition +c6d5aa44eaf6d scsi: smartpqi: Add new controller PCI IDs diff --git a/cve/review/proposed/v6.7.8-sasha b/cve/review/proposed/v6.7.8-sasha new file mode 100644 index 00000000..e69de29b --- /dev/null +++ b/cve/review/proposed/v6.7.8-sasha diff --git a/cve/review/proposed/v6.7.9-sasha b/cve/review/proposed/v6.7.9-sasha new file mode 100644 index 00000000..87e1d799 --- /dev/null +++ b/cve/review/proposed/v6.7.9-sasha @@ -0,0 +1,58 @@ +fad87dbd48156 powerpc/rtas: use correct function name for resetting TCE tables +09a3c1e461421 powerpc/pseries/iommu: IOMMU table is not initialized for kdump over SR-IOV +d3ea125df37dc dmaengine: idxd: Ensure safe user copy of completion record +d4c08d8b23b22 phy: qcom-qmp-usb: fix v3 offsets data +bbcc1c83f343e dmaengine: dw-edma: eDMA: Add sync read before starting the DMA transfer in remote setup +712a92a48158e dmaengine: dw-edma: HDMA: Add sync read before starting the DMA transfer in remote setup +aa82ac51d6332 af_unix: Drop oob_skb ref before purging queue in GC. +25236c91b5ab4 af_unix: Fix task hung while purging oob_skb in GC. +5fa917a67a034 NFS: Fix data corruption caused by congestion. +d6a9608af9a75 mptcp: fix possible deadlock in subflow diag +10048689def7e mptcp: fix double-free on socket dismantle +2774f256e7c02 mm/vmscan: fix a bug calling wakeup_kswapd() with a wrong zone index +720da1e593b85 mm/debug_vm_pgtable: fix BUG_ON with pud advanced test +2a93c6cbd5a70 pmdomain: qcom: rpmhpd: Fix enabled_corner aggregation +eb5555d422d0f pmdomain: arm: Fix NULL dereference on scmi_perf_domain removal +f45812cc23fb7 efivarfs: Request at most 512 bytes for variable names +cf7c2789822db iommufd: Fix protection fault in iommufd_test_syz_conv_iova +aeb004c0cd695 iommufd: Fix iopt_access_list_id overwrite bug +6b1ba3f9040be mmc: mmci: stm32: fix DMA API overlapping mappings warning +87a39071e0b63 dmaengine: fsl-qdma: init irq after reg initialization +1c0cf6d196901 crypto: arm64/neonbs - fix out-of-bounds access on short input +9d739bccf261d dmaengine: fsl-qdma: fix SoC may hang on 16 byte unaligned read +f79ee78767ca6 soc: qcom: pmic_glink: Fix boot when QRTR=m +9845664b9ee47 btrfs: dev-replace: properly validate device names +e2b54eaf28df0 btrfs: fix double free of anonymous device after snapshot creation failure +f78c1375339a2 wifi: nl80211: reject iftype change with mesh ID change +616d82c3cfa2a gtp: fix use-after-free and null-ptr-deref in gtp_newlink() +c17d2a7b216e1 Bluetooth: hci_bcm4377: do not mark valid bd_addr as invalid +0ac32a396e4f4 ALSA: hda/realtek: Add special fixup for Lenovo 14IRP8 +67c3d7717efbd ALSA: hda/realtek: fix mute/micmute LED For HP mt440 +1fdf4e8be7059 ALSA: hda/realtek: Enable Mute LED on HP 840 G8 (MB 8AB8) +c1947ce61ff4c ALSA: hda/realtek: tas2781: enable subwoofer volume control +2f03fc340cac9 tomoyo: fix UAF write bug in tomoyo_write_control() +f6ecfdad359a0 drm/nouveau: keep DMA buffers required for suspend/resume +a1a4a9ca77f14 btrfs: fix race between ordered extent completion and fiemap +682dc133f83e0 drivers: perf: ctr_get_width function for legacy is not defined +0f8ca019544a2 drm/amd/display: Prevent potential buffer overflow in map_hw_resources +5f7a07646655f afs: Fix endless loop in directory parsing +00d6a284fcf3f fbcon: always restore the old font data in fbcon_do_set_font() +c14f09f010cc5 ASoC: cs35l56: Fix deadlock in ASP1 mixer register initialization +1fa8d07ae1a5f gpu: host1x: Skip reset assert on Tegra186 +2df70149e73e7 power: supply: bq27xxx-i2c: Do not free non existing IRQ +13114dc554306 tls: fix use-after-free on failed backlog decryption +41532b785e9d7 tls: separate no-async decryption request handling from async +743ad091fb46e rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing back +62e7151ae3eb4 netfilter: bridge: confirm multicast packets before passing them up the stack +7dcd3e014aa7f Bluetooth: hci_qca: Set BDA quirk bit if fwnode exists in DT +7e74aa53a68bf Bluetooth: hci_event: Fix handling of HCI_EV_IO_CAPA_REQUEST +2449007d3f73b Bluetooth: Avoid potential use-after-free in hci_error_reset +8af411bbba1f4 stmmac: Clear variable when destroying workqueue +10bfd453da64a ipv6: fix potential "struct net" leak in inet6_rtm_getaddr() +fe9f801355f0b net: veth: clear GRO when clearing XDP even when down +3773d65ae5154 net: mctp: take ownership of skb in mctp_local_output +5ae1e9922bbdb net: ip_tunnel: prevent perpetual headroom growth +9a0d18853c280 netlink: add nla be16/32 types to minlen array +661779e1fcafe netlink: Fix kernel-infoleak-after-free in __skb_datagram_iter +959043afe53ae spi: cadence-qspi: remove system-wide suspend helper calls from runtime PM hooks +32ce3bb57b6b4 spi: cadence-qspi: fix pointer reference in runtime PM hooks |