diff options
author | Sasha Levin <sashal@kernel.org> | 2024-04-17 11:00:46 -0400 |
---|---|---|
committer | Sasha Levin <sashal@kernel.org> | 2024-04-17 11:00:46 -0400 |
commit | 2a783754b289405ae5c47aea340f564d65e2cf3b (patch) | |
tree | 1c4b7b8117e128a339aa4e983e359243eebcc36f | |
parent | b09a2f9785f54e9a39dde6d75b408be2640184f8 (diff) | |
download | vulns-2a783754b289405ae5c47aea340f564d65e2cf3b.tar.gz |
Fix up pushed draft of my reviews
Signed-off-by: Sasha Levin <sashal@kernel.org>
-rw-r--r-- | cve/review/proposed/v6.7.10-sasha | 3 | ||||
-rw-r--r-- | cve/review/proposed/v6.7.11-sasha | 57 | ||||
-rw-r--r-- | cve/review/proposed/v6.7.6-sasha | 50 | ||||
-rw-r--r-- | cve/review/proposed/v6.7.7-sasha | 17 | ||||
-rw-r--r-- | cve/review/proposed/v6.7.9-sasha | 12 |
5 files changed, 0 insertions, 139 deletions
diff --git a/cve/review/proposed/v6.7.10-sasha b/cve/review/proposed/v6.7.10-sasha index 32c87f71..dfbd2e5c 100644 --- a/cve/review/proposed/v6.7.10-sasha +++ b/cve/review/proposed/v6.7.10-sasha @@ -4,10 +4,7 @@ c055fc00c07be net/rds: fix WARNING in rds_conn_connect_if_down ef27f655b438b igc: avoid returning frame twice in XDP_REDIRECT 9224fc86f1776 ice: fix uninitialized dplls mutex usage 06e456a05d669 net: ice: Fix potential NULL pointer dereference in ice_bridge_setlink() -2652b99e43403 ice: virtchnl: stop pretending to support RSS over AQ or registers 89d72d4125e94 net: sparx5: Fix use after free inside sparx5_del_mact_entry 1ca1ba465e55b geneve: make sure to pull inner header in geneve_rx() -51270d573a8d9 tracing/net_sched: Fix tracepoints that save qdisc_dev() as a string b7cf07586c40f net/mlx5e: Use a memory barrier to enforce PTP WQ xmit submission tracking occurs after populating the metadata_map 1eecc7ab82c42 net: lan78xx: fix runtime PM count underflow on link stop -8076fcde016c9 x86/rfds: Mitigate Register File Data Sampling (RFDS) diff --git a/cve/review/proposed/v6.7.11-sasha b/cve/review/proposed/v6.7.11-sasha index b11b8dd8..27397619 100644 --- a/cve/review/proposed/v6.7.11-sasha +++ b/cve/review/proposed/v6.7.11-sasha @@ -5,15 +5,12 @@ a20ad45008a7c spi: spi-mt65xx: Fix NULL pointer access in interrupt handler a88e0f936ba9a octeontx2: Detect the mbox up or down message via register d27e2da94a426 net/bnx2x: Prevent access to a freed page in page_pool 55e565c42dce8 dm-integrity: fix a memory leak when rechecking the data -32fa4366cc4da net: phy: fix phy_read_poll_timeout argument type in genphy_loopback bba045dc4d996 wireguard: receive: annotate data-race around receiving_counter.counter d5c0ed17fea60 virtio: packed: fix unmap leak for indirect desc table 6ebfad33161af packet: annotate data-races around ignore_outgoing de105068fead5 nvme: fix reconnection fail due to reserved tag allocation -e30cef001da25 net: txgbe: fix clk_name exceed MAX_DEV_ID limits ddbec99f58571 hsr: Fix uninit-value access in hsr_get_node() 04d9d1fc428ac tcp: Fix refcnt handling in __inet_hash_connect(). -72ebb41b88f9d soc: fsl: dpio: fix kcalloc() argument order 343041b59b781 net/sched: taprio: proper TCA_TAPRIO_TC_ENTRY_INDEX check 2a750d6a5b365 rds: tcp: Fix use-after-free of net in reqsk_timer_handler(). 2ae0ab0143fcc spi: lpspi: Avoid potential use-after-free in probe() @@ -26,7 +23,6 @@ dd839f31d7cd5 bcachefs: install fd later to avoid race with close 719fcafe07c12 nfs: fix panic when nfs4_ff_layout_prepare_ds() fails 9f0c4a46be1fe f2fs: fix to truncate meta inode pages forcely fd5860ab63415 NFS: Fix nfs_netfs_issue_read() xarray locking for writeback interrupt -992cf65674778 Input: iqs7222 - add support for IQS7222D v1.1 and v1.2 251a658bbfcea NFSv4.2: fix nfs4_listxattr kernel BUG at mm/usercopy.c:102 7a8bccd8b29c3 RDMA/device: Fix a race between mad_client and cm_client init 21ec68234826b f2fs: fix to avoid potential panic during recovery @@ -37,47 +33,23 @@ fd244524c2cf0 f2fs: compress: fix to cover normal cluster write with cp_rwsem 8a430dd49e9cb f2fs: compress: fix to guarantee persisting compressed blocks by CP c21a8870c9861 RDMA/srpt: Do not register event handler until srpt device is fully setup 3c4f53b2c341e scsi: hisi_sas: Fix a deadlock issue related to automatic dump -c062166995c9e ALSA: hda/realtek: fix ALC285 issues on HP Envy x360 laptops f3dc1bdb6b0b0 cifs: Fix writeback data corruption c40497d823871 cifs: Don't use certain unnecessary folio_*() functions a9540e35624d1 smb: do not test the return value of folio_start_writeback() 7938e9ce39d67 clk: zynq: Prevent null pointer dereference caused by kmalloc failure -24338a6ae13cb sparc32: Fix section mismatch in leon_pci_grpci -551ee0f210991 drm/msm/dpu: add division of drm_display_mode's hskew parameter -7d474b43087aa clk: qcom: gcc-ipq5018: fix register offset for GCC_UBI0_AXI_ARES reset -11b752ac5a07c clk: qcom: gcc-ipq5018: fix 'halt_reg' offset of 'gcc_pcie1_pipe_clk' -f982adcc1b1c0 clk: qcom: gcc-ipq5018: fix 'enable_reg' offset of 'gcc_gmac0_sys_clk' -ad86d7ee43b22 powerpc/hv-gpci: Fix the H_GET_PERF_COUNTER_INFO hcall return value checks cda9c0d556283 powerpc/pseries: Fix potential memleak in papr_get_attr() c958e86e9cc1b drm/mediatek: Fix a null pointer crash in mtk_drm_crtc_finish_page_flip -73984daf07a1a drm/tests: helpers: Include missing drm_drv header d0b07f712bf61 media: ttpci: fix two memleaks in budget_av_attach b9b683844b01d media: go7007: fix a memleak in go7007_load_encoder 7a4cf27d1f053 media: dvb-frontends: avoid stack overflow warnings with clang 0a0b79ea55de8 media: pvrusb2: fix uaf in pvr2_context_set_notify -c1db0073212ef HID: amd_sfh: Avoid disabling the interrupt ef5de1613d7d9 perf pmu: Fix a potential memory leak in perf_pmu__lookup() -e63df1ec9a16d crypto: jitter - fix CRYPTO_JITTERENTROPY help text -32e5a120a5105 drm/tegra: put drm_gem_object ref on error in tegra_fb_create aeedaee5ef546 drm/bridge: adv7511: fix crash on irq during probe -baf67aefbe7d7 PCI: Mark 3ware-9650SE Root Port Extended Tags as broken -49e27d3c9cd67 drm/msm/dpu: finalise global state object -a106ed98af684 drm/msm/dpu: use devres-managed allocation for HW blocks -1e897dcc4c673 drm/msm/dpu: use devres-managed allocation for MDP TOP f6aed043ee5d7 drm/amd/display: Add 'replay' NULL check in 'edp_set_replay_allow_active()' -30baa4a96b23a media: pvrusb2: fix pvr2_stream_callback casts -95ac1210fb275 media: pvrusb2: remove redundant NULL check -0b70530ee7408 media: go7007: add check of return value of go7007_read_addr() 4797a3dd46f22 media: imx: csc/scaler: fix v4l2_ctrl_handler memory leak -3a11887f7f11a media: cedrus: h265: Fix configuring bitstream size aebfdfe39b932 NTB: fix possible name leak in ntb_register_device() -aa1267e673fe5 drm: ci: use clk_ignore_unused for apq8016 98f681b0f84cf ASoC: SOF: Add some bounds checking to firmware data 2a3cfb9a24a28 drm/amd/display: fix NULL checks for adev->dm.dc in amdgpu_dm_fini() -c4891d979c766 drm/radeon/ni: Fix wrong firmware size logging in ni_init_microcode() -06267d22f9ee6 drm/msm/dpu: Only enable DSC_MODE_MULTIPLEX if dsc_merge is enabled -2f4a67a3894e1 drm/msm/dpu: fix the programming of INTF_CFG2_DATA_HCTL_EN -3b63880de42bd dt-bindings: msm: qcom, mdss: Include ommited fam-b compatible a853450bf4c75 crypto: xilinx - call finalize with bh disabled d0aa72604fbd8 quota: Fix potential NULL pointer dereference 8c64f4cdf4e6c media: edia: dvbdev: fix a use-after-free @@ -86,12 +58,9 @@ d0aa72604fbd8 quota: Fix potential NULL pointer dereference ba535bce57e71 clk: meson: Add missing clocks to axg_clk_regmaps 9ccfe80d022df drm/amd/display: Fix potential NULL pointer dereferences in 'dcn10_set_output_transfer_func()' 4b09715f1504f drm/amd/display: Fix a potential buffer overflow in 'dp_dsc_clock_en_read()' -2814646f76f85 HID: lenovo: Add middleclick_workaround sysfs knob for cptkbd 222be59e5eed1 ASoC: SOF: amd: Fix memory leak in amd_sof_acp_probe() 04ae3eb470e52 drm/lima: fix a memleak in lima_heap_alloc 89709105a6091 drm/vmwgfx: fix a memleak in vmw_gmrid_man_get_node -47a145c03484d drm/rockchip: inno_hdmi: Fix video timing -643ae131b8598 drm/tegra: hdmi: Fix some error handling paths in tegra_hdmi_probe() afe6fcb977588 drm/tegra: dsi: Add missing check for of_find_device_by_node 65e8fbde64520 dm: call the resume method on internal suspend 84e95149bd341 nfp: flower: handle acti_netdevs allocation failure @@ -112,18 +81,13 @@ a6e06258f4c31 Bluetooth: msft: Fix memory leak de4e88ec58c42 Bluetooth: btrtl: fix out of bounds memory access 4fc82cd907ac0 iommu/vt-d: Don't issue ATS Invalidation request when device is disconnected b4152222e04cb wifi: brcm80211: handle pmk_op allocation failure -a51ab63b297ce ACPI: CPPC: enable AMD CPPC V2 support for family 17h processors 3cfcfc102a5e5 SUNRPC: fix some memleaks in gssx_dec_option_array e67b652d8e859 SUNRPC: fix a memleak in gss_import_v2_context aaa8736370db1 x86, relocs: Ignore relocations in .notes section -021a67d096154 ACPI: resource: Add MAIBENBEN X577 to irq1_edge_low_force_override -0d776cfd5e5b5 gpiolib: Pass consumer device through to core in devm_fwnode_gpiod_get_index() -0ff08803eca41 arm64: dts: imx8mp-evk: Fix hdmi@3d node a5a5f4413d91f wifi: mt76: mt7925e: fix use-after-free in free_irq() c957280ef6ab6 wifi: mt76: mt7921e: fix use-after-free in free_irq() 8536ef0aeae11 wifi: mt76: mt7925: add support to set ifs time by mcu command f1d71576d2c9e firmware: arm_scmi: Fix double free in SMC transport cleanup path -0feda94c868d3 iommu/amd: Mark interrupt as managed e18afcb7b2a12 ACPI: processor_idle: Fix memory leak in acpi_processor_power_exit() cb5942b77c05d wifi: wilc1000: prevent use-after-free on vif when cleaning up all interfaces 178c54666f9c4 bpf: Mark bpf_spin_{lock,unlock}() helpers with notrace correctly @@ -133,27 +97,18 @@ d04d5882cd678 printk: Disable passing console lock owner completely during panic b1c4c67a5e90d printk: ringbuffer: Skip non-finalized records in panic 584528d621459 printk: ringbuffer: Cleanup reader terminology 36652d0f3bf34 printk: Add this_cpu_in_panic() -95d739ed962c9 arm64: dts: qcom: sm6115: declare VLS CLAMP register for USB3 PHY -acb94d67f5a23 arm64: dts: qcom: qcm2290: declare VLS CLAMP register for USB3 PHY b8cfb7c819dd3 wifi: wfx: fix memory leak when starting AP 92a871ab9fa59 libbpf: Use OPTS_SET() macro in bpf_xdp_query() -cfdb4f7ffdb85 arm64: dts: ti: k3-am69-sk: remove assigned-clock-parents for unused VP 5f0e4aede01cb wifi: libertas: fix some memleaks in lbs_allocate_cmd_buffer() 296f3e926716d wifi: iwlwifi: acpi: fix WPFC reading 24355fcb0d4cb wifi: ath9k: delay all of ath9k_wmi_event_tasklet() until init is complete 5136ea6b109de arm64: dts: imx8qm: Correct edma3 power-domains and interrupt numbers 2ef61296d2844 selftests/bpf: Disable IPv6 for lwt_redirect test -fd5821a1a83c9 arm64: dts: qcom: sa8540p: Drop gfx.lvl as power-domain for gpucc -883957bee580b pmdomain: qcom: rpmhpd: Drop SA8540P gfx.lvl -5155e48128826 soc: qcom: socinfo: rename PM2250 to PM4125 -f661017e6d326 cpufreq: brcmstb-avs-cpufreq: add check for cpufreq_cpu_get's return value 328efda22af81 wifi: wilc1000: do not realloc workqueue everytime an interface is added 1213acb478a71 wifi: rtl8xxxu: add cancel_work_sync() for c2hcmd_work 9636951e4468f wifi: b43: Stop/wake correct queue in DMA Tx path when QoS is disabled ad25ee36f0017 wifi: ath10k: fix NULL pointer dereference in ath10k_wmi_tlv_op_pull_mgmt_tx_compl_ev() 14274d0bd31b4 timekeeping: Fix cross-timestamp interpolation for non-x86 -54e35eb8611cc x86/resctrl: Read supported bandwidth sources from CPUID -0976783bb123f x86/resctrl: Remove hard-coded memory bandwidth limit f98364e926626 aoe: fix the potential use-after-free problem in aoecmd_cfg_pkts 8ede3db5061bb io_uring/net: fix overflow check in io_recvmsg_mshot_prep() c55978024d123 io_uring/net: move receive multishot out of the generic msghdr path @@ -164,24 +119,12 @@ c3116e62ddeff s390/dasd: fix double module refcount decrement 15930da42f898 workqueue: Don't call cpumask_test_cpu() with -1 CPU in wq_update_node_max_active() 5797b1c18919c workqueue: Implement system-wide nr_active enforcement for unbound workqueues 3948abaa4e2be do_sys_name_to_handle(): use kzalloc() to fix kernel-infoleak -963465a33141d Input: gpio_keys_polled - suppress deferred probe error for gpio -b3a51137607ce ASoC: amd: yc: Add HP Pavilion Aero Laptop 13-be2xxx(8BD6) into DMI quirk table -6214e24cae9b1 ALSA: hda/realtek: Add quirks for Lenovo Thinkbook 16P laptops -f8b0127aca8c6 ASoC: Intel: bytcr_rt5640: Add an extra entry for the Chuwi Vi8 tablet 34b567868777e perf: RISCV: Fix panic on pmu overflow handler 2535b848fa0f4 Bluetooth: rfcomm: Fix null-ptr-deref in rfcomm_check_security -ed00a6945dc32 ASoC: amd: yc: Fix non-functional mic on Lenovo 21J2 -50ee641643dd0 ASoC: amd: yc: Add Lenovo ThinkBook 21J0 into DMI quirk table -45532b21dc2a6 net: smsc95xx: add support for SYS TEC USB-SPEmodule1 c7bb26b847e5b btrfs: fix data race at btrfs_use_block_rsv() when accessing block reserve e06cc89475edd btrfs: fix data races when accessing the reserved amount of block reserves 32019c659ecfe x86/mm: Disallow vsyscall page read for copy_from_kernel_nofault() 4d5e86a56615c RDMA/mlx5: Fix fortify source warning while accessing Eth segment c40aad7c81e5f ASoC: SOF: ipc4-pcm: Workaround for crashed firmware on system suspend -1741a8269e1c5 HID: multitouch: Add required quirk for Synaptics 0xcddc device 3693bb4465e6e x86/xen: Add some null pointer checking to smp.c -f7fe85b229bc3 ASoC: amd: yc: Fix non-functional mic on Lenovo 82UU -8f44e3808200c spi: intel-pci: Add support for Lunar Lake-M SPI serial flash -551539a8606e2 ASoC: rt5645: Make LattePanda board DMI match more precise b979f2d50a099 soc: qcom: pmic_glink_altmode: fix drm bridge use-after-free -aec7d25b497ce platform/x86: p2sb: On Goldmont only cache P2SB and SPI devfn BAR diff --git a/cve/review/proposed/v6.7.6-sasha b/cve/review/proposed/v6.7.6-sasha index f3e3a8c8..857b8779 100644 --- a/cve/review/proposed/v6.7.6-sasha +++ b/cve/review/proposed/v6.7.6-sasha @@ -3,74 +3,34 @@ bd504bcfec41a dm: limit the number of targets and parameter size area 27c5a095e2518 netfilter: ipset: Missing gc cancellations fixed 97f7cf1cd80ee netfilter: ipset: fix performance regression in swap operation 2394ac4145ea9 tracing: Inform kmemleak of saved_cmdlines allocation -bdbddb109c753 tracing: Fix HAVE_DYNAMIC_FTRACE_WITH_REGS ifdef efe7cf828039a can: j1939: Fix UAF in j1939_sk_match_filter during setsockopt(SO_J1939_FILTER) 6cdedc18ba7b9 can: j1939: prevent deadlock by changing j1939_socks_lock to rwlock fa765c4b4aed2 xen/events: close evtchn after mapping cleanup 79d72c68c5878 fs,hugetlb: fix NULL pointer dereference in hugetlbs_fill_super cda4672da1c26 ceph: prevent use-after-free in encode_cap_msg() 9cae43da98674 hv_netvsc: Register VF in netvsc_probe if NET_DEVICE_REGISTER missed -46f5ab762d048 fs: relax mount_setattr() permission checks 30369084ac6e2 tools/rtla: Fix clang warning about mount_point var size -610010737f744 ASoC: amd: yc: Add DMI quirk for Lenovo Ideapad Pro 5 16ARP8 fe752331d4b36 KVM: s390: vsie: fix race during shadow creation 4860abb91f3d7 smb: Fix regression in writes when non-standard maximum write size negotiated -4508ec1735709 smb: client: set correct id, uid and cruid for multiuser automounts -8b02da04ad978 irqchip/gic-v3-its: Restore quirk probing for ACPI-based systems 24c890dd712f6 crypto: algif_hash - Remove bogus SGL free on zero-length error path ccb88e9549e7c crypto: ccp - Fix null pointer dereference in __sev_platform_shutdown_locked 38296afe3c6ee nilfs2: fix hang in nilfs_lookup_dirty_data_buffers() 67b8bcbaed477 nilfs2: fix data corruption in dsync block recovery for small block sizes -4639c5021029d ALSA: hda/conexant: Add quirk for SWS JS201D -32f03f4002c5d ALSA: hda/realtek: fix mute/micmute LED For HP mt645 a37ee9e117ef7 io_uring/net: fix multishot accept overflow handling -a8b9cf62ade1b ftrace: Fix DIRECT_CALLS to use SAVE_REGS by default -66bbea9ed6446 ring-buffer: Clean ring_buffer_poll_wait() error return e0526ec5360a4 hv_netvsc: Fix race condition between netvsc_probe and netvsc_remove -deb110292180c drm/amd/display: Preserve original aspect ratio in create stream e6a7df96facdc drm/amd/display: Fix MST Null Ptr for RV 8746c6c9dfa31 drm/buddy: Fix alloc_range() error handling code 042b5f83841fb drm/nouveau: fix several DMA buffer leaks -108a020c64434 ksmbd: free aux buffer if ksmbd_iov_pin_rsp_read fails -ca185770db914 eventfs: Keep all directory links at 1 -12d823b31fadf eventfs: Remove fsnotify*() functions from lookup() -264424dfdd5cb eventfs: Restructure eventfs_inode structure to be more condensed -5a49f996046ba eventfs: Warn if an eventfs_inode is freed without is_freed being set -43aa6f97c2d03 eventfs: Get rid of dentry pointers without refcounts -8dce06e98c70a eventfs: Clean up dentry ops and add revalidate function -408600be78cdb eventfs: Remove unused d_parent pointer field -49304c2b93e4f tracefs: dentry lookup crapectomy -99c001cb617df tracefs: Avoid using the ei->dentry pointer unnecessarily -4fa4b010b83fb eventfs: Initialize the tracefs inode properly -d81786f53aec1 tracefs: Zero out the tracefs_inode when allocating it -834bf76add3e6 eventfs: Save directory inodes in the eventfs_inode structure 1057066009c43 eventfs: Use kcalloc() instead of kzalloc() -852e46e239ee6 eventfs: Do not create dentries nor inodes in iterate_shared -53c41052ba312 eventfs: Have the inodes all for files and directories all be the same -1de94b52d5e8d eventfs: Shortcut eventfs_iterate() by skipping entries already read -704f960dbee2f eventfs: Read ei->entries before ei->children in eventfs_iterate() -1e4624eb5a0ec eventfs: Do ctx->pos update for all iterations in eventfs_iterate() -e109deadb7331 eventfs: Have eventfs_iterate() stop immediately if ei->is_freed is set -493ec81a8fb8e eventfs: Stop using dcache_readdir() for getdents() -b0f7e2d739b4a eventfs: Remove "lookup" parameter from create_dir/file_dentry() -6a9d552483d50 media: rc: bpf attach/detach requires write permission c41336f4d6905 pmdomain: mediatek: fix race conditions with genpd 95a0d596bbd05 iio: core: fix memleak in iio_device_register_sysfs -9b6326354cf9a tracing/synthetic: Fix trace_string() return value -44dc5c41b5b12 tracing: Fix wasted memory in saved_cmdlines logic 1389358bb008e tracing/timerlat: Move hrtimer_init to timerlat_fd open() -1513664f34028 ALSA: hda/realtek: fix mute/micmute LEDs for HP ZBook Power -fcfc9f711d1e2 ALSA: hda/realtek - Add speaker pin verbtable for Dell dual speaker platform -c7de2d9bb68a5 ALSA: hda/realtek: Enable headset mic on Vaio VJFE-ADL 8b1d72395635a parisc: Fix random data corruption from exception handler 37e8c97e53901 net: hsr: remove WARN_ONCE() in send_hsr_supervision_frame() bfb007aebe6bf nfc: nci: free rx_data_reassembly skb on NCI device cleanup -2468e8922d2f6 ALSA: hda/realtek: Apply headset jack quirk for non-bass alc287 thinkpads -99b817c173cd2 lsm: fix the logic in security_inode_getsecctx() faf51b201bc42 drm/amd/display: Fix dcn35 8k30 Underflow/Corruption Issue 39079fe8e6608 drm/amd/display: fix incorrect mpc_combine array size 7330256268664 drm/amdgpu: Reset IH OVERFLOW_CLEAR bit -9c64e749cebd9 drm/virtio: Set segment size for virtio_gpu device 9163616853190 Revert "drm/amd: flush any delayed gfxoff on suspend entry" 977fe773dcc70 scsi: Revert "scsi: fcoe: Fix potential deadlock on &fip->ctlr_lock" 337cebbd850f9 mptcp: really cope with fastopen race @@ -78,23 +38,16 @@ faf51b201bc42 drm/amd/display: Fix dcn35 8k30 Underflow/Corruption Issue b6c620dc43ccb mptcp: fix data re-injection from stale subflow 0846dd77c8349 powerpc/iommu: Fix the missing iommu_group_put() during platform domain attach f1acb109505d9 powerpc/kasan: Limit KASAN thread size increase to 32KB -83ef106fa732a i2c: qcom-geni: Correct I2C TRE sequence cffe487026be1 cifs: fix underflow in parse_server_interfaces() 41044d5360685 PCI: Fix active state requirement in PME polling ed8b94f6e0acd powerpc/pseries/iommu: Fix iommu initialisation during DLPAR add dc9ceb90c4b42 media: ir_toy: fix a memleak in irtoy_tx 61a348857e869 usb: dwc3: gadget: Fix NULL pointer dereference in dwc3_gadget_suspend 12783c0b9e2c7 usb: core: Prevent null pointer dereference in update_port_device_state -cc509b6a47e7c usb: chipidea: core: handle power lost in workqueue -b2d2d7ea0dd09 usb: f_mass_storage: forbid async queue when shutdown happen 3caf2b2ad7334 usb: ulpi: Fix debugfs directory leak -c1d6708bf0d3d HID: wacom: Do not register input devices until after hid_hw_start -f0d78972f27dc ALSA: hda/realtek: Enable Mute LED on HP Laptop 14-fq0xxx -c6dce23ec993f ASoC: amd: yc: Add DMI quirk for MSI Bravo 15 C7VF 0a9bab391e336 dm-crypt, dm-verity: disable tasklets 39126abc5e206 nouveau: offload fence uevents work to workqueue 0958b33ef5a04 tracing/trigger: Fix to return error if failed to alloc snapshot -73d9629e1c8c1 i40e: Do not allow untrusted VF to remove administratively set MAC 962ac2dce56bb drm/i915/dsc: Fix the macro that calculates DSCC_/DSCA_ PPS reg address 6ef5d5b92f711 ASoC: rt5645: Fix deadlock in rt5645_jack_detect_work() 32b55c5ff9103 net: tls: fix use-after-free with partial reads and async decrypt @@ -105,8 +58,5 @@ c57ca512f3b68 net: tls: factor out tls_*crypt_async_wait() 4e1d71cabb19e net/handshake: Fix handshake_req_destroy_test1 aa1eec2f546f2 net/mlx5: DPLL, Fix possible use after free after delayed work timer triggers 53c0441dd2c44 dpll: fix possible deadlock during netlink dump operation -bb6f4dbe2639d selftests/landlock: Fix capability for net_test 5571e41ec6e56 btrfs: don't drop extent_map for free space inode on write error e03ee2fe873eb btrfs: do not ASSERT() if the newly created subvolume already got read -68fb3ca0e408e update workarounds for gcc "asm goto" issue -4356e9f841f7f work around gcc bugs with 'asm goto' with outputs diff --git a/cve/review/proposed/v6.7.7-sasha b/cve/review/proposed/v6.7.7-sasha index 0dcb9a88..1c483ebc 100644 --- a/cve/review/proposed/v6.7.7-sasha +++ b/cve/review/proposed/v6.7.7-sasha @@ -13,10 +13,8 @@ a7d6027790ace arp: Prevent overflow in arp_req_get(). def689fc26b9a devlink: fix possible use-after-free and memory leaks in devlink_init() 5559cea2d5aa3 ipv6: sr: fix possible use-after-free and null-ptr-deref 6ea38e2aeb723 afs: Increase buffer size in afs_update_volume_status() -6f7d0f5fd8e44 platform/x86: think-lmi: Fix password opcode ordering for workstations 0281b919e175b bpf: Fix racing between bpf_timer_cancel_and_free and bpf_timer_cancel a5c57fd2e9bd1 powerpc/pseries/iommu: DLPAR add doesn't completely initialize pci_controller -97dde84026339 net: stmmac: Fix incorrect dereference in interrupt handlers 166c2c8a6a4dc net/sched: act_mirred: don't override retval if we already lost the skb 52f671db18823 net/sched: act_mirred: use the backlog for mirred ingress 66b60b0c8c4a1 dccp/tcp: Unhash sk from ehash for tb2 alloc failure after check_estalblished(). @@ -31,7 +29,6 @@ bd97cea7b18a0 RDMA/irdma: Fix KASAN issue with tasklet a538dabf772c1 Revert "drm/amd/display: increased min_dcfclk_mhz and min_fclk_mhz" 97cba232549b9 drm/amd/display: Fix buffer overflow in 'get_host_router_total_dp_tunnel_bw()' 45be0882c5f91 smb3: add missing null server pointer check -51af8f255bdac ahci: Extend ASM1061 43-bit DMA address quirk to other ASM106x parts 967d3c27127e7 mptcp: fix data races on remote_id 1c9be13846c0b usb: roles: fix NULL pointer issue when put module's reference 76c51146820c5 usb: gadget: ncm: Avoid dropping datagrams of properly parsed NTBs @@ -45,20 +42,17 @@ c0ec2a712daf1 crypto: virtio/akcipher - Fix stack overflow on memcpy 136cfaca22567 gtp: fix use-after-free and null-ptr-deref in gtp_genl_dump_pdp() 9e46c70e829bd md: Don't suspend the array for interrupted reshape e21a2f17566cb cachefiles: fix memory leak in cachefiles_add_cache() -dbcbfd662a725 platform/x86: touchscreen_dmi: Allow partial (prefix) matches for ACPI names 13ddaf26be324 mm/swap: fix race when skipping swapcache de959094eb219 scsi: target: pscsi: Fix bio_put() for error case eef5c7b28dbec cxl/pci: Skip to handle RAS errors if CXL.mem device is detached 50c70240097ce dm-crypt: don't modify the data when using authenticated encryption 1eb1e984379e2 lib/Kconfig.debug: TEST_IOV_ITER depends on MMU b820de741ae48 fs/aio: Restrict kiocb_set_cancel_fn() to I/O submitted via libaio -bd915ae73a2d7 drm/meson: Don't remove bridges which are created by other drivers e42b9d8b9ea26 btrfs: defrag: avoid unnecessary defrag caused by incorrect extent size 752cd08da320a LoongArch: Update cpu_sibling_map when disabling nonboot CPUs 1001db6c42e40 LoongArch: Disable IRQ before init_fn() for nonboot CPUs baf8361e54550 x86/bugs: Add asm helpers for executing VERW e6f57c6881916 IB/hfi1: Fix sdma.h tx->num_descs off-by-one error -5f3bce13266e6 drm/amd/display: Request usb4 bw for mst streams cca5efe77a6a2 LoongArch: vDSO: Disable UBSAN instrumentation 4551b30525cf3 LoongArch: Change acpi_core_pic[NR_CPUS] to acpi_core_pic[MAX_CORE_PIC] b513d30d59bb3 scsi: ufs: core: Fix shift issue in ufshcd_clear_cmd() @@ -66,34 +60,23 @@ de1034b38a346 efi: runtime: Fix potential overflow of soft-reserved region size 731ab1f982880 fs/ntfs3: Fix oob in ntfs_listxattr 652cfeb43d6b9 fs/ntfs3: Fixed overflow check in mi_enum_attr() aaab47f204aaf fs/ntfs3: Add NULL ptr dereference checking at the end of attr_allocate_frame() -4255447ad34c5 Input: i8042 - add Fujitsu Lifebook U728 to i8042 quirk table 710c69dbaccda nvmet-fc: avoid deadlock on delete association path 70fbfc47a392b nvme-fc: do not wait in vain when unloading module -eaa1b01fe709d ALSA: usb-audio: Ignore clock selector errors for single connection daf3f0f99cde9 ASoC: wm_adsp: Don't overwrite fwf_name with the default 2ff33c759a424 drm/amd/display: increased min_dcfclk_mhz and min_fclk_mhz -80441f76ee670 Input: xpad - add Lenovo Legion Go controllers 6500ad28fd5d6 spi: sh-msiof: avoid integer overflow in constants -346f59d1e8ed0 ALSA: usb-audio: Check presence of valid altsetting control -f3be347ea42db usb: ucsi_acpi: Quirk to ack a connector change ack cmd 47c5dd66c1840 nvmet-tcp: fix nvme tcp ida memory leak b6eda11c44dc8 HID: nvidia-shield: Add missing null pointer checks to LED initialization 6e2276203ac9f dmaengine: ti: edma: Add some null pointer checks to the edma_probe -180a8f12c21f4 Input: goodix - accept ACPI resources with gpio_count == 3 && gpio_int_idx == 0 832698373a259 ext4: avoid allocating blocks from corrupted group in ext4_mb_find_by_goal() 4530b3660d396 ext4: avoid allocating blocks from corrupted group in ext4_mb_try_best_found() 993bf0f4c393b ext4: avoid dividing by 0 in mb_update_avg_fragment_size() when block bitmap corrupt -1abdf288b0ef5 platform/x86: touchscreen_dmi: Add info for the TECLAST X16 Plus tablet -20730e9b27787 ahci: add 43-bit DMA address quirk for ASMedia ASM1061 controllers e169bd4fb2b36 aoe: avoid potential deadlock at set_capacity -0077a504e1a44 ahci: asm1166: correct count of reported ports 8deb05c84b63b smb: Work around Clang __bdos() type confusion 13f3956eb5681 block: Fix WARNING in _copy_from_iter de8b6e1c231a9 spi: hisi-sfc-v3xx: Return IRQ_NONE if no interrupts were detected -8afe3c7fcaf72 spi: intel-pci: Add support for Arrow Lake SPI serial flash bcbc84af1183c wifi: mac80211: fix race condition on enabling fast-xmit 6386f6c995b3a dmaengine: fsl-qdma: increase size of 'irq_name' 83ab68168a3d9 scsi: target: core: Add TMF to tmr_list handling 12c16919652b5 tools: selftests: riscv: Fix compile warnings in mm tests fb4cece17b458 scsi: smartpqi: Fix logical volume rescan race condition -c6d5aa44eaf6d scsi: smartpqi: Add new controller PCI IDs diff --git a/cve/review/proposed/v6.7.9-sasha b/cve/review/proposed/v6.7.9-sasha index 87e1d799..2288cc55 100644 --- a/cve/review/proposed/v6.7.9-sasha +++ b/cve/review/proposed/v6.7.9-sasha @@ -1,7 +1,6 @@ fad87dbd48156 powerpc/rtas: use correct function name for resetting TCE tables 09a3c1e461421 powerpc/pseries/iommu: IOMMU table is not initialized for kdump over SR-IOV d3ea125df37dc dmaengine: idxd: Ensure safe user copy of completion record -d4c08d8b23b22 phy: qcom-qmp-usb: fix v3 offsets data bbcc1c83f343e dmaengine: dw-edma: eDMA: Add sync read before starting the DMA transfer in remote setup 712a92a48158e dmaengine: dw-edma: HDMA: Add sync read before starting the DMA transfer in remote setup aa82ac51d6332 af_unix: Drop oob_skb ref before purging queue in GC. @@ -11,40 +10,29 @@ d6a9608af9a75 mptcp: fix possible deadlock in subflow diag 10048689def7e mptcp: fix double-free on socket dismantle 2774f256e7c02 mm/vmscan: fix a bug calling wakeup_kswapd() with a wrong zone index 720da1e593b85 mm/debug_vm_pgtable: fix BUG_ON with pud advanced test -2a93c6cbd5a70 pmdomain: qcom: rpmhpd: Fix enabled_corner aggregation eb5555d422d0f pmdomain: arm: Fix NULL dereference on scmi_perf_domain removal -f45812cc23fb7 efivarfs: Request at most 512 bytes for variable names cf7c2789822db iommufd: Fix protection fault in iommufd_test_syz_conv_iova aeb004c0cd695 iommufd: Fix iopt_access_list_id overwrite bug 6b1ba3f9040be mmc: mmci: stm32: fix DMA API overlapping mappings warning 87a39071e0b63 dmaengine: fsl-qdma: init irq after reg initialization 1c0cf6d196901 crypto: arm64/neonbs - fix out-of-bounds access on short input 9d739bccf261d dmaengine: fsl-qdma: fix SoC may hang on 16 byte unaligned read -f79ee78767ca6 soc: qcom: pmic_glink: Fix boot when QRTR=m 9845664b9ee47 btrfs: dev-replace: properly validate device names e2b54eaf28df0 btrfs: fix double free of anonymous device after snapshot creation failure f78c1375339a2 wifi: nl80211: reject iftype change with mesh ID change 616d82c3cfa2a gtp: fix use-after-free and null-ptr-deref in gtp_newlink() -c17d2a7b216e1 Bluetooth: hci_bcm4377: do not mark valid bd_addr as invalid -0ac32a396e4f4 ALSA: hda/realtek: Add special fixup for Lenovo 14IRP8 -67c3d7717efbd ALSA: hda/realtek: fix mute/micmute LED For HP mt440 -1fdf4e8be7059 ALSA: hda/realtek: Enable Mute LED on HP 840 G8 (MB 8AB8) -c1947ce61ff4c ALSA: hda/realtek: tas2781: enable subwoofer volume control 2f03fc340cac9 tomoyo: fix UAF write bug in tomoyo_write_control() f6ecfdad359a0 drm/nouveau: keep DMA buffers required for suspend/resume a1a4a9ca77f14 btrfs: fix race between ordered extent completion and fiemap 682dc133f83e0 drivers: perf: ctr_get_width function for legacy is not defined 0f8ca019544a2 drm/amd/display: Prevent potential buffer overflow in map_hw_resources -5f7a07646655f afs: Fix endless loop in directory parsing 00d6a284fcf3f fbcon: always restore the old font data in fbcon_do_set_font() c14f09f010cc5 ASoC: cs35l56: Fix deadlock in ASP1 mixer register initialization -1fa8d07ae1a5f gpu: host1x: Skip reset assert on Tegra186 2df70149e73e7 power: supply: bq27xxx-i2c: Do not free non existing IRQ 13114dc554306 tls: fix use-after-free on failed backlog decryption 41532b785e9d7 tls: separate no-async decryption request handling from async 743ad091fb46e rtnetlink: fix error logic of IFLA_BRIDGE_FLAGS writing back 62e7151ae3eb4 netfilter: bridge: confirm multicast packets before passing them up the stack -7dcd3e014aa7f Bluetooth: hci_qca: Set BDA quirk bit if fwnode exists in DT 7e74aa53a68bf Bluetooth: hci_event: Fix handling of HCI_EV_IO_CAPA_REQUEST 2449007d3f73b Bluetooth: Avoid potential use-after-free in hci_error_reset 8af411bbba1f4 stmmac: Clear variable when destroying workqueue |