diff options
author | Lee Jones <lee@kernel.org> | 2024-03-26 12:56:43 +0000 |
---|---|---|
committer | Lee Jones <lee@kernel.org> | 2024-03-26 12:56:43 +0000 |
commit | 69e4ee2c5e280c011899c8f5613b8aeedff5d0e6 (patch) | |
tree | 98d19f8096d32cd1a01b3b48df0671a847a334dd | |
parent | 80fc6120ae7022cedfaba1f47433cd3a6cdb7f20 (diff) | |
download | vulns-69e4ee2c5e280c011899c8f5613b8aeedff5d0e6.tar.gz |
done: Mark v6.7.2 as complete
Signed-off-by: Lee Jones <lee@kernel.org>
-rw-r--r-- | cve/review/done/v6.7.2-annotated-greg (renamed from cve/review/proposed/v6.7.2-annotated-greg) | 0 | ||||
-rw-r--r-- | cve/review/done/v6.7.2-annotated-lee (renamed from cve/review/proposed/v6.7.2-annotated-lee) | 0 | ||||
-rw-r--r-- | cve/review/done/v6.7.2-greg (renamed from cve/review/proposed/v6.7.2-greg) | 0 | ||||
-rw-r--r-- | cve/review/done/v6.7.2-lee (renamed from cve/review/proposed/v6.7.2-lee) | 0 | ||||
-rw-r--r-- | cve/review/done/v6.7.2-sasha (renamed from cve/review/proposed/v6.7.2-sasha) | 0 | ||||
-rw-r--r-- | cve/review/proposed/v6.7.2-results | 168 |
6 files changed, 0 insertions, 168 deletions
diff --git a/cve/review/proposed/v6.7.2-annotated-greg b/cve/review/done/v6.7.2-annotated-greg index 0603b92f..0603b92f 100644 --- a/cve/review/proposed/v6.7.2-annotated-greg +++ b/cve/review/done/v6.7.2-annotated-greg diff --git a/cve/review/proposed/v6.7.2-annotated-lee b/cve/review/done/v6.7.2-annotated-lee index e701e180..e701e180 100644 --- a/cve/review/proposed/v6.7.2-annotated-lee +++ b/cve/review/done/v6.7.2-annotated-lee diff --git a/cve/review/proposed/v6.7.2-greg b/cve/review/done/v6.7.2-greg index 3fb8e467..3fb8e467 100644 --- a/cve/review/proposed/v6.7.2-greg +++ b/cve/review/done/v6.7.2-greg diff --git a/cve/review/proposed/v6.7.2-lee b/cve/review/done/v6.7.2-lee index 736a3fd7..736a3fd7 100644 --- a/cve/review/proposed/v6.7.2-lee +++ b/cve/review/done/v6.7.2-lee diff --git a/cve/review/proposed/v6.7.2-sasha b/cve/review/done/v6.7.2-sasha index 3861ddb1..3861ddb1 100644 --- a/cve/review/proposed/v6.7.2-sasha +++ b/cve/review/done/v6.7.2-sasha diff --git a/cve/review/proposed/v6.7.2-results b/cve/review/proposed/v6.7.2-results deleted file mode 100644 index aaa6ed73..00000000 --- a/cve/review/proposed/v6.7.2-results +++ /dev/null @@ -1,168 +0,0 @@ -Already assigned a CVE - 483ae90d8f976 mlxsw: spectrum_acl_tcam: Fix stack corruption - efeb7dfea8ee1 mlxsw: spectrum_acl_tcam: Fix NULL pointer dereference in error path - ea937f7720832 net: netdevsim: don't try to destroy PHC on VFs - 36a87385e31c9 LoongArch: BPF: Prevent out-of-bounds memory access - 22c7fa171a02d bpf: Reject variable offset alu on PTR_TO_FLOW_KEYS - 118a8cf504d7d erofs: fix inconsistent per-file compression format - 844f104790bd6 net: dsa: fix netdev_priv() dereference before check on non-DSA netdevice events - b33fb5b801c6d net: qualcomm: rmnet: fix global oob in rmnet_policy - be12ad45e15b5 hisi_acc_vfio_pci: Update migration data pointer correctly on saving/resume - 55a8210c9e7d2 apparmor: avoid crash when parsed profile name is empty - efa56305908ba nvmet-tcp: Fix a kernel panic when host sends an invalid H2C PDU length - 88f04bc3e7371 power: supply: Fix null pointer dereference in smb2_probe - bb57f6705960b iommu: Don't reserve 0-length IOVA region - 78d60dae9a0c9 serial: imx: fix tx statemachine deadlock - ad90d0358bd3b serial: 8250: omap: Don't skip resource freeing if pm_runtime_resume_and_get() failed - 3171e46d677a6 PCI: Avoid potential out-of-bounds read in pci_dev_for_each_resource() - 41673c66b3d0c mfd: syscon: Fix null pointer dereference in of_syscon_register() - ad362fe07fecf KVM: arm64: vgic-its: Avoid potential UAF in LPI translation cache - 715d82ba636cb bpf: Fix re-attachment branch in bpf_tracing_prog_attach - a297d07b9a1e4 pwm: Fix out-of-bounds access in of_pwm_single_xlate() - 6f64f866aa1ae block: add check that partition length needs to be aligned with block size - 38d20c62903d6 ksmbd: fix UAF issue in ksmbd_tcp_new_connection() - 93ec4a3b76404 class: fix use-after-free in class_register() - 28dd788382c43 drivers/amd/pm: fix a use-after-free in kv_parse_power_table - 7a2464fac80d4 drm/radeon: check the alloc_workqueue return value in radeon_crtc_init() - 3de6ee94aae70 media: v4l: async: Fix duplicated list deletion - b719a9c15d52d drm/amd/display: Fix NULL pointer dereference at hibernate - 53edb549565f5 f2fs: fix to avoid dirent corruption - 2bbe6ab2be538 drm/sched: Fix bounds limiting when given a malformed entity - ded85b0c0edd8 media: pvrusb2: fix use after free on context disconnection - 3027e7b15b02d ice: Fix some null pointer dereference issues in ice_ptp.c - 59e5791f59dd8 bpf: Fix a race condition between btf_put() and map_free() - 6b4a64bafd107 bpf: Fix accesses to uninit stack slots - ab125ed3ec1c1 bpf: fix check for attempt to corrupt spilled pointer - 876673364161d bpf: Defer the free of inner map when necessary - 8877243beafa7 gfs2: Fix kernel NULL pointer dereference in gfs2_rgrp_dump - d872ca165cb67 crypto: rsa - add a check for allocation failure - a43bdc376deab mtd: Fix gluebi NULL pointer dereference caused by ftl notifier - 04e6ccfc93c5a thermal: core: Fix NULL pointer dereference in zone registration error path - 0e8d2444168dd efivarfs: force RO when remounting if SetVariable is not supported - 1692cf434ba13 perf/x86/intel/uncore: Fix NULL pointer dereference issue in upi_fill_topology() - bd68ffce69f6c powerpc/pseries/memhp: Fix access beyond end of drmem array - 475c58e1a471e EDAC/thunderx: Fix possible out-of-bounds string access - -Everyone agrees - -Greg and Lee agree - 2e7ef287f07c7 ipv6: mcast: fix data-race in ipv6_mc_down / mld_ifc_work - cc6fc55c7ae04 ARM: dts: qcom: sdx55: Fix the base address of PCIe PHY - 7bed6f3d08b7a block: Fix iterating over an empty bio with bio_for_each_folio_all - 9a9ab0d963621 binder: fix race between mmput() and do_exit() - d375b98e02489 ip6_tunnel: fix NEXTHDR_FRAGMENT handling in ip6_tnl_parse_tlv_enc_lim() - 3f14b377d01d8 net/sched: act_ct: fix skb leak and crash on ooo frags - 00384f565a91c wifi: rtw88: sdio: Honor the host max_req_size in the RX path - 744e1885922a9 crypto: scomp - fix req->dst buffer overflow - 15ef92e9c4112 drivers/thermal/loongson2_thermal: Fix incorrect PTR_ERR() judgment - -Greg and Sasha agree - -Lee and Sasha agree - 1e24ce402c97d perf db-export: Fix missing reference count get in call_path_from_sample() - 9c51f8788b5d4 perf env: Avoid recursively taking env->bpf_progs.lock - 2dd23cc4d0e6a usb: mon: Fix atomicity violation in mon_bin_vma_fault - - [lee] Promoted to 2/3 - 08e4c8c5919fd netfilter: nf_tables: mark newset as dead on transaction abort - - [lee] Promoted to 2/3 - -Greg only - 62bef63646c19 mlxsw: spectrum_router: Register netdevice notifier before nexthop - - [lee] Not sure of the security implications of this - 6d6eeabcfaba2 mlxsw: spectrum_acl_erp: Fix error flow of pool allocation failure - - [lee] Double free leading to a BUG() - baa7d536077dc loop: fix the the direct I/O support check when used on top of block devices - - [lee] Can't see the security implication - 3ce67e3793f48 netfilter: nf_tables: do not allow mismatch field size and set key length - - [lee] Not able to crash - 2242fd537fab5 bpf: Avoid iter->offset making backward progress in bpf_iter_udp - - [lee] Security implication unseen - 9181d6f8a2bb3 net: add more sanity check in virtio_net_hdr_to_skb() - - [lee] Reading uninitialised value - 482521d8e0c65 udp: annotate data-races around up->pending - - [lee] Incorrect data value - 66ff70df1a919 mptcp: use OPTION_MPTCP_MPJ_SYN in subflow_check_req() - - [lee] Reading uninitialised value - 017dbfc05c312 usb: xhci-mtk: fix a short packet issue of gen1 isoc-in transfer - - [lee] Results in an exeption on the device - 64057f051f20c Bluetooth: btmtkuart: fix recv_buf() return value - - [lee] Can't see any security implications - 94d0539425440 Bluetooth: btnxpuart: fix recv_buf() return value - - [lee] Can't see any security implications - d6d1e6c17cab2 bpf: Limit the number of kprobes when attaching program to multiple kprobes - - [lee] Can't see any security implications - 8b2efe51ba85c bpf: Limit the number of uprobes when attaching program to multiple uprobes - - [lee] Can't see any security implications - a833a17aeac73 bpf: Fix verification of indirect var-off stack access - - [lee] Can't see anything in the description that says this was causing OOB - 0acd03a5bd188 bpf: enforce precision of R0 on callback return - - [lee] Can't see any security implications - a10a9233073d9 NFS: Use parent's objective cred in nfs_access_login_time() - - [lee] Promoted to 2/3 - d1d6351e37aac crypto: sahara - handle zero-length aes requests - - [lee] Can't see any security implications - 71733b4922007 gfs2: fix kernel BUG in gfs2_quota_cleanup - - [lee] Misfired BUG - is this a concern? - 93d6fda7f9264 erofs: fix memory leak on short-lived bounced pages - - [lee] Memory leak - 2ff0ad847951d crypto: hisilicon/zip - save capability registers in probe process - - [lee] Can't see any security implications - f1115b0096c31 crypto: hisilicon/sec2 - save capability registers in probe process - - [lee] Can't see any security implications - cf8b5156bbc8c crypto: hisilicon/hpre - save capability registers in probe process - - [lee] Can't see any security implications - cabe13d0bd2ef crypto: hisilicon/qm - save capability registers in qm init process - - [lee] Can't see any security implications - 5b8668ce34528 crypto: sahara - fix processing requests with cryptlen < sg->length - - [lee] Can't see any security implications - afffcf3db98b9 crypto: sahara - fix ahash selftest failure - - [lee] Can't see any security implications - 9f10bc28c0fb6 crypto: sahara - fix cbc selftest failure - - [lee] Can't see any security implications - 8fd183435728b crypto: sahara - remove FLAGS_NEW_KEY logic - - [lee] Can't see any security implications - 67b164a871af1 crypto: af_alg - Disallow multiple in-flight AIO requests - - [lee] Can't see any security implications - bbf5a1d0e5d0f selinux: Fix error priority for bind with AF_UNSPEC on PF_INET6 socket - - [lee] Can't see any security implications - -Lee only - 4f41d30cd6dc8 kdb: Fix a potential buffer overflow in kdb_local() - 0849a5441358c nvmet-tcp: fix a crash in nvmet_req_complete() - b84fc2e0139ba selftests/sgx: Fix uninitialized pointer dereferences in encl_get_entry - 79eba8c924f7d selftests/sgx: Fix uninitialized pointer dereference in error path - f9c4289883038 staging: vc04_services: vchiq_core: Log through struct vchiq_instance - b55d073e6501d power: supply: bq256xx: fix some problem in bq256xx_hw_init - 3c1e5abcda64b MIPS: Alchemy: Fix an out-of-bound access in db1550_dev_setup() - 89c4b588d11e9 MIPS: Alchemy: Fix an out-of-bound access in db1200_dev_setup() - a25a7df518fc7 iio: adc: ad7091r: Pass iio_dev to event handler - 0f35b0a7b8fa4 Revert "drm/amdkfd: Relocate TBA/TMA to opposite side of VM hole" - a9f07790a4b22 accel/habanalabs: fix information leak in sec_attest_info() - 9d7c8c066916f Revert "drm/omapdrm: Annotate dma-fence critical section in commit path" - ca34d816558c3 Revert "drm/tidss: Annotate dma-fence critical section in commit path" - cb2dfacb197be wifi: iwlwifi: fix out of bound copy_from_user - 8dd10296be856 scsi: hisi_sas: Check before using pointer variables - 706e83b33103f wifi: mt76: mt7996: fix uninitialized variable in parsing txfree - 20c20bd11a070 bpf: Add map and need_defer parameters to .map_fd_put_ptr() - a643212c9f28d crypto: qat - add NULL pointer check - 6627f03c21cb7 crypto: qat - fix error path in add_update_sla() - 1557e89d3af51 kunit: debugfs: Handle errors from alloc_string_stream() - 34dfd5bb2e550 kunit: debugfs: Fix unchecked dereference in debugfs_print_results() - -Sasha only - b7c510d049049 arm64/ptrace: Don't flush ZA/ZT storage when writing ZA via ptrace - - [lee] It's unclear what corrupting the ZT0 value could do? - c12ca110c613a PCI: keystone: Fix race condition when initializing PHYs - - [lee] Is the system affected by the race? Looks device related. - f200fff8d019f spmi: mtk-pmif: Serialize PMIF status check and command submission - - [lee] Affects seem to be "slowing down the system" - da9065caa594d Bluetooth: Fix atomicity violation in {min,max}_key_size_set - - [lee] What are the security ramifications of not being atomic? - 86d7d57a3f096 f2fs: fix to check return value of f2fs_recover_xattr_data - - [lee] No security issues seen - a2dd235df435a media: dvbdev: drop refcount on error path in dvb_device_open() - - [lee] Looks like a leak rather than a security issue - d8212c5c87c14 media: mtk-jpeg: Remove cancel worker in mtk_jpeg_remove to avoid the crash of multi-core JPEG devices - - [lee] Is crashing a co-processor(?) a security concern? - 16b2f264983dc bpf: sockmap, fix proto update hook to avoid dup calls - - [lee] This talks about a UAF fix in a previous commit |