- kvm: initialize all of the kvm_debugregs structure before sending it to userspace {CVE-2023-1513} - wifi: mac80211: fix MBSSID parsing use-after-free {CVE-2022-42719} - mac80211: always allocate struct ieee802_11_elems {CVE-2022-42719} - netfilter: nf_tables: initialize registers in nft_do_chain() {CVE-2022-1016} - xprtrdma: fix incorrect header size calculations {CVE-2022-0812} - net: usb: fix memory leak in smsc75xx_bind {CVE-2021-47171} - i2c: i801: Don't generate an interrupt on bus reset {CVE-2021-47153} - pid: take a reference when initializing `cad_pid` {CVE-2021-47118} - Input: appletouch - initialize work before device registration {CVE-2021-46932} - HID: usbhid: fix info leak in hid_submit_ctrl {CVE-2021-46906} - quota: check block number when reading the block in quota file {CVE-2021-45868} - mwifiex: Fix skb_over_panic in mwifiex_usb_recv() {CVE-2021-43976} - atlantic: Fix OOB read and write in hw_atl_utils_fw_rpc_wait {CVE-2021-43975} - isdn: cpai: check ctr->cnr to avoid array index out of bound {CVE-2021-43389} - usb: hso: fix error handling code of hso_create_net_device {CVE-2021-37159} - can: bcm: fix infoleak in struct bcm_msg_head {CVE-2021-34693} - dm ioctl: fix out of bounds array access when no devices {CVE-2021-31916} - KVM: x86: hyper-v: Fix Hyper-V context null-ptr-deref {CVE-2021-30178} - perf/x86/intel: Fix a crash caused by zero PEBS status {CVE-2021-28971} - btrfs: fix race when cloning extent buffer during rewind of an old root {CVE-2021-28964} - ovl: fix missing negative dentry check in ovl_rename() {CVE-2021-20321} - drm/ttm/nouveau: don't call tt destroy callback on alloc failure. {CVE-2021-20292} - bpf: Verifer, adjust_scalar_min_max_vals to always call update_reg_bounds() {CVE-2021-4159} - btrfs: unlock newly allocated extent buffer after error {CVE-2021-4149} - tracing: Fix bug in rb_per_cpu_empty() that might cause deadloop. {CVE-2021-3679} - net: mac802154: Fix general protection fault {CVE-2021-3659} - nfsd4: readdirplus shouldn't return parent of export {CVE-2021-3178} - Bluetooth: SMP: Fail if remote and local public keys are identical {CVE-2021-0129} - drm/nouveau: clean up all clients on device removal {CVE-2020-27820} - drm/nouveau: Add a dedicated mutex for the clients list {CVE-2020-27820} - drm/nouveau: use drm_dev_unplug() during device removal {CVE-2020-27820} - Bluetooth: SMP: Fail if remote and local public keys are identical {CVE-2020-26555} - vsock: Fix memory leak in vsock_connect() {CVE-2022-3629} - RDMA/core: Don't infoleak GRH fields {CVE-2021-3923} - xen/netfront: force data bouncing when backend is untrusted {CVE-2022-33741} - net: Rename and export copy_skb_header - floppy: use a statically allocated error counter {CVE-2022-1652} - fuse: fix pipe buffer lifetime for direct_io {CVE-2022-1011} - aoe: fix the potential use-after-free problem in aoecmd_cfg_pkts {CVE-2024-26898} - smb: client: fix use-after-free bug in cifs_debug_data_proc_show() {CVE-2023-52752} - media: pvrusb2: fix use after free on context disconnection {CVE-2023-52445} - media: dm1105: Fix use after free bug in dm1105_remove due to race condition {CVE-2023-35824} - perf: Fix perf_event_validate_size() lockdep splat {CVE-2023-6931} - perf: Fix perf_event_validate_size() {CVE-2023-6931} - net/sched: sch_hfsc: Ensure inner classes have fsc curve {CVE-2023-4623} - relayfs: fix out-of-bounds access in relay_file_read {CVE-2023-3268} - xfs: verify buffer contents when we skip log replay {CVE-2023-2124} - Bluetooth: btsdio: fix use after free bug in btsdio_remove due to race condition {CVE-2023-1989} - Fix double fget() in vhost_net_set_backend() {CVE-2023-1838} - net/sched: cls_tcindex: downgrade to imperfect hash {CVE-2023-1829} - xen/netfront: fix leaking data in shared pages {CVE-2022-33740} - can: ems_usb: ems_usb_start_xmit(): fix double dev_kfree_skb() in error path {CVE-2022-28390} - xen/blkfront: fix leaking data in shared pages {CVE-2022-26365} - mISDN: fix use-after-free bugs in l1oip timer handlers {CVE-2022-3565} - drm/vgem: Close use-after-free race in vgem_gem_create {CVE-2022-1419} - cfg80211: call cfg80211_stop_ap when switch from P2P_GO type {CVE-2021-47194} - net: fix use-after-free in tw_timer_handler {CVE-2021-46936} - ext4: fix race writing to an inline_data file while its xattrs are changing {CVE-2021-40490} - virtio_console: Assure used length from device is limited {CVE-2021-38160} - pNFS/flexfiles: fix incorrect size check in decode_nfs_fh() {CVE-2021-4157} - Bluetooth: sco: Fix lock_sock() blockage by memcpy_from_msg() {CVE-2021-3640} - Input: joydev - prevent use of not validated data in JSIOCSBTNMAP ioctl {CVE-2021-3612} - Input: joydev - prevent potential read overflow in ioctl {CVE-2021-3612} - can: bcm: delay release of struct bcm_op after synchronize_rcu() {CVE-2021-3609} - vt: keyboard: avoid signed integer overflow in k_ascii {CVE-2020-13974} - i2c: Fix a potential use after free {CVE-2019-25162} - drivers: net: slip: fix NPD bug in sl_tx_timeout() {CVE-2022-41858} - Bluetooth: L2CAP: Fix u8 overflow {CVE-2022-45934} - btrfs: unset reloc control if transaction commit fails in prepare_to_relocate() {CVE-2023-3111} - memstick: r592: Fix UAF bug in r592_remove due to race condition {CVE-2023-3141} - media: rc: Fix use-after-free bugs caused by ene_tx_irqsim() {CVE-2023-1118} - vc_screen: move load of struct vc_data pointer in vcs_read() to avoid UAF {CVE-2023-3567} - Bluetooth: L2CAP: Fix use-after-free in l2cap_sock_ready_cb {CVE-2023-40283} - wifi: brcmfmac: slab-out-of-bounds read in brcmf_get_assoc_ies() {CVE-2023-1380} - tcp: Fix data races around icsk->icsk_af_ops. {CVE-2022-3566} - staging: rtl8712: fix use after free bugs {CVE-2022-4095} - ext4: fix kernel infoleak via ext4_extent_header {CVE-2022-0850} - af_key: add __GFP_ZERO flag for compose_sadb_supported in function pfkey_register {CVE-2022-1353} - misc: sgi-gru: fix use-after-free error in gru_set_context_option, gru_fault and gru_handle_user_call_os {CVE-2022-3424} - x86/elf: Disable automatic READ_IMPLIES_EXEC on 64-bit {CVE-2022-25265} - x86/elf: Split READ_IMPLIES_EXEC from executable PT_GNU_STACK {CVE-2022-25265} - x86/elf: Add table to document READ_IMPLIES_EXEC {CVE-2022-25265} - ipv6: use prandom_u32() for ID generation {CVE-2021-45485} - bpf: Fix integer overflow in prealloc_elems_and_freelist() {CVE-2021-41864} - ipv4: make exception cache less predictible {CVE-2021-20322} - ipv4: use siphash instead of Jenkins in fnhe_hashfun() {CVE-2021-20322} - net: vmxnet3: fix possible use-after-free bugs in vmxnet3_rq_alloc_rx_buf() {CVE-2023-4387} - netfilter: conntrack: dccp: copy entire header to stack buffer, not just basic one {CVE-2023-39197} - ipv4: igmp: fix refcnt uaf issue when receiving igmp query packet {CVE-2023-6932} - smb: client: fix potential OOB in smb2_dump_detail() {CVE-2023-6610} - smb: client: fix OOB in smbCalcSize() {CVE-2023-6606} - atm: Fix Use-After-Free in do_vcc_ioctl {CVE-2023-51780} - drm/amdgpu: Fix potential fence use-after-free v2 {CVE-2023-51042} - sched/rt: pick_next_rt_entity(): check list_entry {CVE-2023-1077} - ath9k: fix use-after-free in ath9k_hif_usb_rx_cb {CVE-2022-1679} - net: prevent mss overflow in skb_segment() {CVE-2023-52435} - drm/atomic: Fix potential use-after-free in nonblocking commits {CVE-2023-42753} - debug: Lock down kgdb {CVE-2022-21499}