The source project of this merge request has been removed.
Update data
Compare changes
This likely overlaps with @szlin's MR !26 (closed).
Adding this one to hold information I already gathered.
New CVEs:
CVE-2019-5108
mac80211 layer 2 update frame sent out before authorization. Fixed in mainline.
CVE-2019-19241
Possible incorrect permissions when executing io_uring actions. Fixed in mainline and 5.4.y. Doesn't apply to LTS branches since io_uring is relatively new.
CVE-2019-19807
use-after-free in sound/core/timer.c. Fixed in all branches.
CVE-2019-19813
CVE-2019-19814
CVE-2019-19815
CVE-2019-19816
CVE-2019-19927
Crafted FS image related issues found by fuzzing.
CVE-2019-19922
Incorrect CFS throttling. Fixed in mainline, 5.4.y, 4.19.y, and 4.14.y.
CVE-2019-19947
Info-leaks from CAN_KVASER_USB. Fixed in mainline, 5.4.y and 4.19.y.
CVE-2019-19965
Possible NULL pointer derefernece in libsas sas port discovery. Fixed in mainline.
CVE-2019-19966
Use-after-free in VIDEO_CPIA2. Fixed in all branches.
CVE-2019-20054
NULL pointer dereference in drop_sysctl_table(). Fixed in all branches.
CVE-2019-20095
Memory leak and DoS in net/wireless/marvell/mwifiex. Fixed in all branches except 4.4.y. Maybe it doesn't apply?
CVE-2019-20096
Memory leak in dccp. Fixed in mainline and 3.16.y.