From 3ad4487e93fcbfeead0a29457e803b43c2e38468 Mon Sep 17 00:00:00 2001 From: Andreas Wellving Date: Thu, 23 May 2019 12:29:36 +0200 Subject: Add SCC description file for kernel patches Change-Id: Ib09b81bcc07ce5bba45f0d93470c5c27ea118664 Signed-off-by: Andreas Wellving --- patches/cve/4.14.x.scc | 97 ++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 97 insertions(+) create mode 100644 patches/cve/4.14.x.scc diff --git a/patches/cve/4.14.x.scc b/patches/cve/4.14.x.scc new file mode 100644 index 0000000..17fc79d --- /dev/null +++ b/patches/cve/4.14.x.scc @@ -0,0 +1,97 @@ +#CVEs fixed in 4.14.1: +patch CVE-2017-16537-media-imon-Fix-null-ptr-deref-in-imon_probe.patch +patch CVE-2017-16646-media-dib0700-fix-invalid-dvb_detach-argument.patch +#CVEs fixed in 4.14.3: +patch CVE-2017-16536-cx231xx-cards-fix-NULL-deref-on-missing-association-.patch +#CVEs fixed in 4.14.4: +patch CVE-2017-18202-mm-oom_reaper-gather-each-vma-to-prevent-leaking-TLB.patch +patch CVE-2017-18208-mm-madvise.c-fix-madvise-infinite-loop-under-special.patch +#CVEs fixed in 4.14.7: +patch CVE-2018-18559-net-packet-fix-a-race-in-packet_bind-and-packet_noti.patch +#CVEs fixed in 4.14.8: +patch CVE-2017-16912-usbip-fix-stub_rx-get_pipe-to-validate-endpoint-numb.patch +patch CVE-2017-16913-usbip-fix-stub_rx-harden-CMD_SUBMIT-path-to-handle-m.patch +patch CVE-2017-16914-usbip-fix-stub_send_ret_submit-vulnerability-to-null.patch +patch CVE-2017-17558-USB-core-prevent-malicious-bNumInterfaces-overflow.patch +patch CVE-2017-17805-crypto-salsa20-fix-blkcipher_walk-API-usage.patch +patch CVE-2017-17806-crypto-hmac-require-that-the-underlying-hash-algorit.patch +patch CVE-2018-14619-crypto-algif_aead-fix-reference-counting-of-null-skc.patch +#CVEs fixed in 4.14.9: +patch CVE-2017-16995-bpf-fix-incorrect-sign-extension-in-check_alu_op.patch +patch CVE-2017-16996-bpf-fix-incorrect-tracking-of-register-size-truncati.patch +patch CVE-2017-17852-bpf-fix-32-bit-ALU-op-verification.patch +patch CVE-2017-17853-bpf-verifier-fix-bounds-calculation-on-BPF_RSH.patch +patch CVE-2017-17854-bpf-fix-integer-overflows.patch +patch CVE-2017-17855-bpf-don-t-prune-branches-when-a-scalar-is-replaced-w.patch +patch CVE-2017-17856-bpf-force-strict-alignment-checks-for-stack-pointers.patch +patch CVE-2017-17857-bpf-fix-missing-error-return-in-check_stack_boundary.patch +patch CVE-2017-17862-bpf-fix-branch-pruning-logic.patch +#CVEs fixed in 4.14.11: +patch CVE-2017-15129-net-Fix-double-free-and-memory-corruption-in-get_net.patch +patch CVE-2017-17712-net-ipv4-fix-for-a-race-condition-in-raw_sendmsg.patch +#CVEs fixed in 4.14.13: +patch CVE-2017-18075-crypto-pcrypt-fix-freeing-pcrypt-instances.patch +#CVEs fixed in 4.14.14: +patch CVE-2018-5333-RDS-null-pointer-dereference-in-rds_atomic_free_op.patch +#CVEs fixed in 4.14.15: +patch CVE-2018-6927-futex-Prevent-overflow-by-strengthen-input-validatio.patch +#CVEs fixed in 4.14.16: +patch CVE-2017-17448-netfilter-nfnetlink_cthelper-Add-missing-permission-.patch +#CVEs fixed in 4.14.17: +patch CVE-2018-5344-loop-fix-concurrent-lo_open-lo_release.patch +#CVEs fixed in 4.14.20: +patch CVE-2017-16538-media-dvb-usb-v2-lmedm04-Improve-logic-checking-of-w.patch +patch CVE-2017-16644-media-hdpvr-Fix-an-error-handling-path-in-hdpvr_prob.patch +patch CVE-2017-8824-dccp-CVE-2017-8824-use-after-free-in-DCCP-code.patch +#CVEs fixed in 4.14.25: +patch CVE-2018-5803-sctp-verify-size-of-a-new-chunk-in-_sctp_make_chunk.patch +#CVEs fixed in 4.14.27: +patch CVE-2018-1065-netfilter-add-back-stackpointer-size-checks.patch +patch CVE-2018-1068-netfilter-ebtables-CONFIG_COMPAT-don-t-trust-userlan.patch +#CVEs fixed in 4.14.31: +patch CVE-2018-7740-hugetlbfs-check-for-pgoff-value-overflow.patch +#CVEs fixed in 4.14.36: +patch CVE-2018-1092-ext4-fail-ext4_iget-for-root-directory-if-unallocate.patch +patch CVE-2018-1094-ext4-always-initialize-the-crc32c-checksum-driver.patch +patch CVE-2018-1095-ext4-limit-xattr-size-to-INT_MAX.patch +patch CVE-2018-1108-random-fix-crng_ready-test.patch +#CVEs fixed in 4.14.39: +patch CVE-2018-1093-ext4-add-validity-checks-for-bitmap-block-numbers.patch +#CVEs fixed in 4.14.52: +patch CVE-2018-10840-ext4-correctly-handle-a-zero-length-xattr-with-a-non.patch +patch CVE-2018-11412-ext4-do-not-allow-external-inodes-for-inline-data.patch +patch CVE-2018-12232-socket-close-race-condition-between-sock_close-and-s.patch +#CVEs fixed in 4.14.55: +patch CVE-2018-10877-ext4-verify-the-depth-of-extent-tree-in-ext4_find_ex.patch +patch CVE-2018-10878-ext4-always-check-block-group-bounds-in-ext4_init_bl.patch +patch CVE-2018-10879-ext4-make-sure-bitmaps-and-the-inode-table-don-t-ove.patch +patch CVE-2018-10880-ext4-never-move-the-system.data-xattr-out-of-the-ino.patch +patch CVE-2018-10881-ext4-clear-i_data-in-ext4_inode_info-when-removing-i.patch +patch CVE-2018-10882-ext4-add-more-inode-number-paranoia-checks.patch +patch CVE-2018-10883-jbd2-don-t-mark-block-as-modified-if-the-handle-is-o.patch +#CVEs fixed in 4.14.56: +patch CVE-2018-13405-Fix-up-non-directory-creation-in-SGID-directories.patch +patch CVE-2018-16276-USB-yurex-fix-out-of-bounds-uaccess-in-read-handler.patch +#CVEs fixed in 4.14.59: +patch CVE-2018-5390-tcp-free-batches-of-packets-in-tcp_prune_ofo_queue.patch +#CVEs fixed in 4.14.62: +patch CVE-2018-12233-jfs-Fix-inconsistency-between-memory-allocation-and-.patch +#CVEs fixed in 4.14.70: +patch CVE-2018-14609-btrfs-relocation-Only-remove-reloc-rb_trees-if-reloc.patch +patch CVE-2018-14617-hfsplus-fix-NULL-dereference-in-hfsplus_lookup.patch +#CVEs fixed in 4.14.71: +patch CVE-2018-13099-f2fs-fix-to-do-sanity-check-with-reserved-blkaddr-of.patch +#CVEs fixed in 4.14.75: +patch CVE-2018-17972-proc-restrict-kernel-stack-dumps-to-root.patch +#CVEs fixed in 4.14.78: +patch CVE-2018-18281-mremap-properly-flush-TLB-before-releasing-the-page.patch +#CVEs fixed in 4.14.88: +patch CVE-2018-20169-USB-check-usb_get_extra_descriptor-for-proper-size.patch +#CVEs fixed in 4.14.94: +patch CVE-2018-16884-sunrpc-use-after-free-in-svc_process_common.patch +#CVEs fixed in 4.14.105: +patch CVE-2019-9213-mm-enforce-min-addr-even-if-capable-in-expand_downwa.patch +#CVEs fixed in 4.14.106: +patch CVE-2019-8980-exec-Fix-mem-leak-in-kernel_read_file.patch +#CVEs fixed in 4.14.112: +patch CVE-2019-11486-tty-mark-Siemens-R3964-line-discipline-as-BROKEN.patch -- cgit v1.2.3-54-g00ecf