kernel 发行版 - Gitee.com

4.19.90-2303.3.0

2023-03-14 21:21

# 1TASK
-------
# 4.19.90-2303.1.0~1...4.19.90-2303.3.0
-------
| TASK | COMMIT |
|:----:|:------:|
| bugzilla: 188150, https://gitee.com/openeuler/kernel/issues/I643OL | c0c09f907b82 scsi: cancel the inflight async device probe when remove scsi_target |
| bugzilla: 188355, https://gitee.com/openeuler/kernel/issues/I6E4JF | 74313e96e2ba scsi: fix use-after-free problem in scsi_remove_target |
| bugzilla: https://gitee.com/src-openeuler/kernel/issues/I6I7U9 | a418baf88350 HID: asus: use spinlock to safely schedule workers 28cadeaeeb9b HID: asus: use spinlock to protect concurrent accesses 11bda74e6195 HID: asus: Remove check for same LED brightness on set |
| bugzilla: https://gitee.com/openeuler/kernel/issues/I6HOKY | 3b104ae105cf blk-wbt: don't enable throttling if default elevator is bfq 5974d33c8b97 block: Fix kabi broken by "block: split .sysfs_lock into two locks" 696831814f81 block: fix comment and add lockdep assert 3326f40a3e87 block: don't release queue's sysfs lock during switching elevator 5596d82c8583 block: fix race between switching elevator and removing queues e5264f986cae block: split .sysfs_lock into two locks |
| bugzilla: https://gitee.com/openeuler/kernel/issues/I6ETWH | 7dc6d3e91263 crypto: rsa-pkcs1pad - restore signature length check |
| bugzilla: https://gitee.com/openeuler/kernel/issues/I6EVUJ | 52c0780d79d5 fs/proc: task_mmu.c: don't read mapcount for migration entry |
| bugzilla: https://gitee.com/openeuler/kernel/issues/I6KOHU | 031a45a606b4 migrate: hugetlb: check for hugetlb shared PMD in node migration f5870e5919d3 mm: hugetlb: proc: check for hugetlb shared PMD in /proc/PID/smaps f1d875559c49 ipv6: Fix tcp socket connection with DSCP. 67e3c16be73a ipv6: Fix datagram socket connection with DSCP. e1429d265e36 aio: fix mremap after fork null-deref 30d362dcbd2e bpf: Always return target ifindex in bpf_fib_lookup 5e65706cb2ee serial: 8250_dma: Fix DMA Rx rearm race 8812dbbec994 serial: 8250_dma: Fix DMA Rx completion race af83cc7d80e7 x86/i8259: Mark legacy PIC interrupts with IRQ_LEVEL 16478563e10f ipv4: prevent potential spectre v1 gadget in ip_metrics_convert() 802895f02273 netlink: annotate data races around sk_state 72f0879dc14d netlink: annotate data races around dst_portid and dst_group cff1c1271e72 netlink: annotate data races around nlk->portid 85d4f5676846 netlink: remove hash::nelems check in netlink_insert 4f88522fe0e4 net: fix UaF in netns ops registration error path 3cc926ed33eb netfilter: conntrack: do not renew entry stuck in tcp SYN_SENT state |
| bugzilla: 188431, https://gitee.com/src-openeuler/kernel/issues/I6DKVG | f39ea04fab0b binder: Gracefully handle BINDER_TYPE_FDA objects with num_fds=0 4369d76d38f4 binder: Address corner cases in deferred copy and fixup aeb72290f074 binder: fix pointer cast warning 10b7fd8d39c9 binder: defer copies of pre-patched txn data fca2d3509780 binder: read pre-translated fds from sender buffer cdd8f6bfd494 binder: avoid potential data leakage when copying txn 84b65739b82d binder: fix handling of error during copy 24a7578b626e binder: use cred instead of task for getsecid bb295d94f6f4 binder: don't detect sender/target during buffer cleanup c31c1b8518d4 binder: make sure fd closes complete c1f73bbb7d46 binder: Remove bogus warning on failed same-process transaction 08f9c4234f65 binder: fix incorrect calculation for num_valid 819938038fb5 binder: Prevent repeated use of ->mmap() via NULL mapping 629bb8dcfe87 binder: Don't modify VMA bounds in ->mmap handler f3547f7a9dc3 binder: Set end of SG buffer area properly. 2672b43c0fa8 binder: return errors from buffer copy functions 0ee6c2a3b69b binder: check for overflow when alloc for security context e8311e88b526 binder: fix BUG_ON found by selinux-testsuite 33ec204f9424 binder: fix handling of misaligned binder object d549e609b868 binder: use userspace pointer as base of buffer space 31ef55d24c2c binder: remove user_buffer_offset 42338d030eca binder: remove kernel vm_area for buffer space 71e99420f63e binder: avoid kernel vm_area for buffer fixups 5a7cf16a73cb binder: add function to copy binder object from buffer f39c7856abb0 binder: add functions to copy to/from binder buffers da280e85b89b binder: create userspace-to-binder-buffer copy function a1da4e72bbf9 binder: fix use-after-free due to ksys_close() during fdget() f219ab951f97 binder: fix kerneldoc header for struct binder_buffer 1f2026c67acb binder: create node flag to request sender's security context 589e7699ecf0 binder: Add BINDER_GET_NODE_INFO_FOR_REF ioctl. 1ff383528290 binder: use standard functions to allocate fds |
| bugzilla: https://gitee.com/openeuler/kernel/issues/I53Q6M | e556e4408096 block: fix kabi change since add bd_write_openers and bd_part_write_openers 756985f38aed block: add info when opening an exclusive opened block device for write af291b1906f1 block: add info when opening a write opend block device exclusively 681d2a461112 Revert "block: add info when opening an exclusive opened block device for write" 729f7e4df3a1 Revert "block: add info when opening a write opend block device exclusively" |
| bugzilla: https://gitee.com/src-openeuler/kernel/issues/I6K53I | fb114c547d4f ext4: fix WARNING in mb_find_extent |
| bugzilla: https://gitee.com/src-openeuler/kernel/issues/I6I7U3 | c281f437f9d3 sctp: fail if no bound addresses can be used for a given scope |
# 2CVE
-------
| CVE | issue |
|:---:|:-----:|
| CVE-2023-1074 | #I6I7U3 |
| CVE-2023-1079 | #I6I7U9 |
| CVE-2023-20938 | #I6DKVG |
| CVE-2023-1582 | #I6PDF4 |

最后提交信息为： scsi: cancel the inflight async device probe when remove scsi_target

4.19.90-2303.1.0

9098709

2023-03-07 22:14

openEuler 20.03 update 4.19.90-2303.1.0

最后提交信息为： HID: check empty report_list in hid_validate_values()

4.19.90-2302.5.0

fe71e58

2023-02-28 22:33

openEuler 20.03 update 4.19.90-2302.5.0

# 1TASK
-------

# 4.19.90-2302.4.0~1...4.19.90-2302.5.0
-------
| TASK | COMMIT |
|:----:|:------:|
| bugzilla: https://gitee.com/openeuler/kernel/issues/I6BO2R | 2e14980575f2 genirq: Remove irqd_irq_disabled in __irq_move_irq |
| bugzilla: 188443, https://gitee.com/openeuler/kernel/issues/I6I8YD | cc6fb9a67b31 scsi: iscsi_tcp: Fix UAF during login when accessing the shost ipaddress 3835c5e97f02 scsi: iscsi_tcp: Fix UAF during logout when accessing the shost ipaddress 6ef38034c01a !420 backport CVEs and bugfixes 18e32b667b26 !415 mainline bugfix backport |
| bugzilla: https://gitee.com/src-openeuler/kernel/issues/I6HZHU | 387bf44c2b6f net: mpls: fix stale pointer if allocation fails during device rename |
| bugzilla: 188413, https://gitee.com/openeuler/kernel/issues/I6GWYG | 659039b1e0be nbd: fix assignment error for first_minor in nbd_dev_add |
| bugzilla: https://gitee.com/src-openeuler/kernel/issues/I6DRJ1 | 2a72e51db13a selinux: further adjust init order for cred_* hooks 5e10c473f431 selinux: further adjust init order for file_alloc_security hook 18e32b667b26 !415 mainline bugfix backport |
| bugzilla: https://gitee.com/src-openeuler/kernel/issues/I6DRJ1 | 87d41806ccde selinux: reorder hooks to make runtime disable less broken |
| bugzilla: https://gitee.com/src-openeuler/kernel/issues/I6AAU7 | 2de20782d714 evm: Fix a small race in init_desc() 57911670b7b3 evm: Check also if *tfm is an error pointer in init_desc() |
| bugzilla: 34842, https://gitee.com/openeuler/kernel/issues/I6H9U5 | d00796bcdb13 iommu: Properly export iommu_group_get_for_dev() |
| bugzilla: 20547, https://gitee.com/openeuler/kernel/issues/I6H9U5 | 4d84d9c9d5c3 of: resolver: Add of_node_put() before return and break |
| bugzilla: 22762, https://gitee.com/openeuler/kernel/issues/I6H9U5 | a08d7b29bcc5 of: unittest: Add of_node_put() before return |
| bugzilla: 30226, https://gitee.com/openeuler/kernel/issues/I6H9U5 | 7675ff81e96a drivers/iommu: Allow IOMMU bus ops to be unregistered |
| bugzilla: 30237, https://gitee.com/openeuler/kernel/issues/I6H9U5 | 00834beff78d drivers/iommu: Export core IOMMU API symbols to permit modular drivers |
| bugzilla: 29297, https://gitee.com/openeuler/kernel/issues/I6H9U5 | 4eb17f9b6e08 component: do not dereference opaque pointer in debugfs |
| bugzilla: https://gitee.com/openeuler/kernel/issues/I69WIO | aa8b0c753dcd ipmi: use %*ph to print small buffer |
| bugzilla: https://gitee.com/openeuler/kernel/issues/I6F049 | 565c35a828cc crypto: algif_skcipher - Use chunksize instead of blocksize |
| bugzilla: https://gitee.com/openeuler/kernel/issues/I6FMKH | a14fdf71ecec crypto: algif_skcipher - EBUSY on aio should be an error |
| bugzilla: https://gitee.com/openeuler/kernel/issues/I6HB6T | e49619d52c9c crypto: rsa-pkcs1pad - fix buffer overread in pkcs1pad_verify_complete() |
| bugzilla: 46904, https://gitee.com/openeuler/kernel/issues/I6GSKP | d755712ec805 dhugetlb: isolate hwpoison hugepage when release |
| bugzilla: https://gitee.com/openeuler/kernel/issues/I6G76L | 77978cd7dac4 mm/sharepool: Fix null-pointer-deference in sp_free_area |

# 2CVE
-------

| CVE | issue |
|:---:|:-----:|
| CVE-2023-26545 | #I6HZHU |

最后提交信息为： !423 genirq bugfix for arm64

4.19.90-2302.4.0

e830f79

2023-02-21 19:38

openEuler 20.03 update 4.19.90-2302.4.0

# 1TASK
-------

# 4.19.90-2302.3.0~1...4.19.90-2302.4.0
-------
| TASK | COMMIT |
|:----:|:------:|
| bugzilla: https://gitee.com/openeuler/kernel/issues/I5Z32F | e830f7951c39 net: bonding: Inherit MPLS features from slave devices |
| bugzilla: 187818, https://gitee.com/openeuler/kernel/issues/I6DK3O | be8cb43b5af0 x86/unwind: Fix check_paravirt() calls orc_find() before declaration |
| bugzilla: 46904, https://gitee.com/openeuler/kernel/issues/I6FCQZ | 7d9032b0a196 dhugetlb: set hpool to NULL for cont-bit hugepage |
| bugzilla: https://gitee.com/openeuler/kernel/issues/I6FK2R | 062d53793327 arm64/ascend: Delete CONFIG_ASCEND_AUTO_TUNING_HUGEPAGE in hulk_defconfig 9fb6a430b0b6 arm64/ascend: Delete unused feature auto-tuning hugepage |
| bugzilla: https://gitee.com/openeuler/kernel/issues/I6AXGS | fbae61552ee6 mm/memcg_memfs_info: fix potential oom_lock recursion deadlock |
| bugzilla: https://gitee.com/openeuler/kernel/issues/I6DKZJ | d582b6e04f57 net: bridge: mcast: add and enforce query interval minimum c89e66bf5be4 net: bridge: mcast: add and enforce startup query interval minimum |
| bugzilla: https://gitee.com/openeuler/kernel/issues/I6DZIB | 9f64d49e3b12 block, bfq: switch 'bfqg->ref' to use atomic refcount apis 278253ce9c0e x86/bugs: Flush IBP in ib_prctl_set() 561722c0d702 media: vivid: fix compose size exceed boundary |
| bugzilla: https://gitee.com/openeuler/kernel/issues/I697AN | 701a586ea523 anolis: bond: broadcast ARP or ND messages to all slaves |

# 2CVE
-------
NA

最后提交信息为： !213 net: bonding: Inherit MPLS features from slave devices

4.19.90-2302.3.0

9f64d49

2023-02-14 19:16

openEuler 20.03 update 4.19.90-2302.3.0

# 1TASK
-------

# 4.19.90-2302.1.0~1...4.19.90-2302.3.0
-------
| TASK | COMMIT |
|:----:|:------:|
| bugzilla: https://gitee.com/openeuler/kernel/issues/I6DZIB | 9f64d49e3b12 block, bfq: switch 'bfqg->ref' to use atomic refcount apis |
| bugzilla: https://gitee.com/src-openeuler/kernel/issues/I6CU98 | 278253ce9c0e x86/bugs: Flush IBP in ib_prctl_set() |
| bugzilla: https://gitee.com/src-openeuler/risc-v-kernel/issues/I6CIGU | 561722c0d702 media: vivid: fix compose size exceed boundary |
| bugzilla: https://gitee.com/openeuler/kernel/issues/I6DPF8 | 381166036dcc cifs: do not include page data when checking signature 40124251c4b4 SUNRPC: Don't leak netobj memory when gss_read_proxy_verf() fails 8512d06632d6 net: stream: purge sk_error_queue in sk_stream_kill_queues() d47b2f0c06b4 net: stream: don't purge sk_error_queue in sk_stream_kill_queues() 34b18eb0287a ext4: fix deadlock due to mbcache entry corruption 5ae65557eaf8 mbcache: automatically delete entries from cache on freeing 4cd9f02e7d64 mm/khugepaged: invoke MMU notifiers in shmem/file collapse paths 5fc2a8086e6e mm/khugepaged: fix GUP-fast interaction by sending IPI ca1eb2d47a8f mm: gup: fix the fast GUP race against THP collapse b3701e78a24b prlimit: do_prlimit needs to have a speculation check 89d288a07000 arm64: cmpxchg_double*: hazard against entire exchange variable aeb315d840e5 net/ulp: prevent ULP without clone op from entering the LISTEN status 7798e957909c driver core: Fix bus_type.match() error handling in __driver_attach() 10fddc40e87c md: fix a crash in mempool_free 1bd6a4c1c438 bpf: pull before calling skb_postpull_rcsum() 3839e5832975 SUNRPC: ensure the matching upcall is in-flight upon downcall ef39593e3409 ovl: Use ovl mounter's fsuid and fsgid in ovl_link() 302deb4b70c5 pnode: terminate at peers of source c35e430fb783 cifs: Fix uninitialized memory read for smb311 posix symlink create 29a747a1615a device_cgroup: Roll back to original exceptions after copy failure 5112aa6b6b9c PCI/sysfs: Fix double free in error path b142a0a71168 PCI: Fix pci_device_is_present() for VFs by checking PF 2f5f822e3a67 ipmi: fix use after free in _ipmi_destroy_user() c6ad76f1593c ima: Fix a potential NULL pointer access in ima_restore_measurement_list 6084ee2dfa48 ipmi: fix long wait in unload when IPMI disconnect 3c37b9ffb9c8 binfmt: Fix error return code in load_elf_fdpic_binary() d493c90bb0eb chardev: fix error handling in cdev_device_add() f4db575236be mrp: introduce active flags to prevent UAF when applicant uninit d14c4e41f7dd bpf: make sure skb->len != 0 when redirecting to a tunneling device ea64e5af1ecf ipmi: fix memleak when unload ipmi driver e91098594d1c ACPICA: Fix error code path in acpi_ds_call_control_method() 8b13cf177744 skbuff: Account for tail adjustment during pull operations 6c4ef1eab910 serial: pl011: Do not clear RX FIFO & RX interrupt in unthrottle. 7bac3beadbea serial: amba-pl011: avoid SBSA UART accessing DMACR register 45fdebf6aa35 class: fix possible memory leak in __class_register() bf0e65e2b1fe crypto: tcrypt - Fix multibuffer skcipher speed test mem leak 41ee72beaccc blktrace: Fix output non-blktrace event when blk_classic option enabled 90d323ef4966 SUNRPC: Fix missing release socket in rpc_sockname() a0d020cabbbb bonding: uninitialized variable in bond_miimon_inspect() e6ef75f8bce3 pinctrl: pinconf-generic: add missing of_node_put() ae4122ce7ca8 ima: Fix misuse of dereference of pointer in template_desc_init_fields() 27e4b5d9f3cb ACPICA: Fix use-after-free in acpi_ut_copy_ipackage_to_ipackage() 3b4d0937c81c md/raid1: stop mdx_raid1 thread when raid1 array run failed bd54f47b403b blk-mq: fix possible memleak when register 'hctx' failed 928b58de6538 perf: Fix possible memleak in pmu_dev_alloc() 815c58efcb59 cpuidle: dt: Return the correct numbers of parsed idle states a8a7d816de9b pstore: Avoid kcore oops by vmap()ing with VM_IOREMAP 37d38fa423c9 pstore/ram: Fix error return code in ramoops_probe() 3d1f51395dd9 perf: arm_dsu: Fix hotplug callback leak in dsu_pmu_init() |
| bugzilla: https://gitee.com/openeuler/kernel/issues/I6DZRO | 4cf97d6f5799 sched/rt: Optimize checking group RT scheduler constraints |
| bugzilla: 188227, https://gitee.com/openeuler/kernel/issues/I6AG8P | 390b7ab520a2 md: protect md_unregister_thread from reentrancy |
| bugzilla: https://gitee.com/openeuler/kernel/issues/I6BE56 | 9ebfa4f9d8d4 hugetlbfs: fix off-by-one error in hugetlb_vmdelete_list() |
| bugzilla: https://gitee.com/openeuler/kernel/issues/I6C67X | 3927ee8111f1 lib/list_debug.c: Detect uninitialized lists |
| bugzilla: 188240 | 52973ec4c5d3 crypto: tcrypt - avoid signed overflow in byte count |
| bugzilla: https://gitee.com/openeuler/kernel/issues/I5RO2H | ba34d9d30784 mm: sharepool: fix hugepage_rsvd count increase error |
| bugzilla: https://gitee.com/openeuler/kernel/issues/I6BO2R | eca55c5ae657 config: enbale irq pending config for openeuler 16073a1932c7 genirq: introduce CONFIG_GENERIC_PENDING_IRQ_FIX_KABI 6ea5519695b2 irqchip/gic-v3-its: introduce CONFIG_GENERIC_PENDING_IRQ |
| bugzilla: 188227, https://gitee.com/openeuler/kernel/issues/I6AG8P | 98cd4a577bb7 md: fix uaf in md_wakeup_thread |
| bugzilla: https://gitee.com/openeuler/kernel/issues/I6BO2R | db0bbc90d1fc genirq: add printk safe in irq context |
| bugzilla: https://gitee.com/src-openeuler/kernel/issues/I6C5HV | e2c9c2573ecb jbd2: Fix data missing when reusing bh which is ready to be checkpointed |
| bugzilla: 187818, https://gitee.com/openeuler/kernel/issues/I6DK3O | 98ce3754136a x86/unwind: Fix orc entry for paravirt {save,restore}_fl |
| bugzilla: https://gitee.com/openeuler/kernel/issues/I6D6RL | 22792bc88cee cifs: sanitize multiple delimiters in prepath |
| bugzilla: https://gitee.com/src-openeuler/kernel/issues/I5XXFF | 1a1bee2fd2f0 drm/i915/gvt: fix double free bug in split_2MB_gtt_entry |

# 2CVE
-------

| CVE | issue |
|:---:|:-----:|
| CVE-2022-3707 | #I5XXFF |
| CVE-2023-0045 | #I6CU98 |
| CVE-2023-0615 | #I6CIF8 |

最后提交信息为： block, bfq: switch 'bfqg->ref' to use atomic refcount apis

4.19.90-2302.1.0

ac59b83

2023-02-07 21:00

openEuler 20.03 update 4.19.90-2302.1.0

# 1TASK
-------

# 4.19.90-2301.6.0~1...4.19.90-2302.1.0
-------
| TASK | COMMIT |
|:----:|:------:|
| bugzilla: https://gitee.com/openeuler/kernel/issues/I6CE9I | ac59b83e5b01 ring-buffer: Fix race between reset page and reading page |
| bugzilla: https://gitee.com/openeuler/kernel/issues/I6B4N7 | 920e093b4b9a block: don't allow a disk link holder to itself |
| bugzilla: 187904,https://gitee.com/openeuler/kernel/issues/I6BJAR | 7f6d120a3b83 ext4: fix use-after-free in ext4_orphan_cleanup eed57abe5e59 ext4: lost matching-pair of trace in ext4_truncate |
| bugzilla: 188291, https://gitee.com/src-openeuler/kernel/issues/I6B1V2 | 34d18a87e565 ipv6: raw: Deduct extension header length in rawv6_push_pending_frames |
| bugzilla: https://gitee.com/openeuler/kernel/issues/I6AWEO | a0fd3ba4fdbd mm/swapfile: add cond_resched() in get_swap_pages() |
| bugzilla: https://gitee.com/openeuler/kernel/issues/I6AR36 | e9b25ed0117e hugetlbfs: don't delete error page from pagecache e759fdf58083 mm: hwpoison: refactor refcount check handling |
| bugzilla: 46904, https://gitee.com/openeuler/kernel/issues/I6BDME | db1c58801858 dhugetlb: set DYNAMIC_HUGETLB to y for hulk_defconfig 20bd30cdeb29 dhugetlb: use enable_dhugetlb to disable huge_memory 20f0535e57da dhugetlb: skip dissolve hugepage belonging to dynamic hugetlb f15774c66bcd dhugetlb: only support 1G/2M hugepage and ARM64_4K_PAGES 1cca8ee58207 dhugetlb: isolate dynamic hugetlb code 0bc0d0d57eda dhugetlb: backport dynamic hugetlb feature |
| bugzilla: https://gitee.com/openeuler/kernel/issues/I69PY0 | b8042a6b91ce mm: fix false-positive OVERCOMMIT_GUESS failures |
| bugzilla: https://gitee.com/src-openeuler/kernel/issues/I6CGZN | ecf818a5ca64 cfq: fix memory leak for cfqq |

# 2CVE
-------

| CVE | issue |
|:---:|:-----:|
| CVE-2023-0394 | #I6B1V2 |

最后提交信息为： ring-buffer: Fix race between reset page and reading page

4.19.90-2301.6.0

ea2f18c

2023-01-31 21:18

openEuler 20.03 update 4.19.90-2301.6.0

# 1TASK
-------

# 4.19.90-2301.5.0~1...4.19.90-2301.6.0
-------
| TASK | COMMIT |
|:----:|:------:|
| bugzilla: https://gitee.com/openeuler/kernel/issues/I6AXHU | ea2f18c2a6f5 bus: hisi_lpc: Fixup IO ports addresses to avoid use-after-free in host removal e007b6e3e16b of/fdt: Don't calculate initrd size from DT if start > end d61c6b1d5738 lib/cmdline: avoid page fault in next_arg |
| bugzilla: https://gitee.com/openeuler/kernel/issues/I6BO2R | bdc370d64dc4 genirq: Introduce warn log when irq be reentrant |
| bugzilla: https://gitee.com/src-openeuler/kernel/issues/I6B0FA | 9b7fffe98c70 net: sched: disallow noqueue for qdisc classes |
| bugzilla: 188250, https://gitee.com/src-openeuler/kernel/issues/I6AQG9 | 2b3a2023f0fb net: sched: atm: dont intepret cls results when asked to drop |
| bugzilla: https://gitee.com/openeuler/kernel/issues/I6BHNT | 00f206947a6c block: check 'bd_super' before rescanning partition |
| bugzilla: https://gitee.com/src-openeuler/kernel/issues/I6AQIL | 6398c1f104c5 net: sched: cbq: dont intepret cls results when asked to drop |
| bugzilla: https://gitee.com/openeuler/kernel/issues/I6AWEO | 92100397dfd0 swapfile: fix soft lockup in scan_swap_map_slots |
| bugzilla: https://gitee.com/openeuler/kernel/issues/I67J42 | 22c4847a5ab9 Huawei BMA: Fix iBMA driver bug |

# 2CVE
-------

| CVE | issue |
|:---:|:-----:|
| CVE-2022-47929 | #I6B0FA |
| CVE-2023-23454 | #I6AQIL |
| CVE-2023-23455 | #I6AQG9 |

最后提交信息为： bus: hisi_lpc: Fixup IO ports addresses to avoid use-after-free in ...

4.19.90-2301.3.0

6a14585

2023-01-11 11:31

openEuler 20.03 update 4.19.90-2301.3.0

最后提交信息为： arm64: Kconfig: default unset ARCH_LLC_128_LINE_SIZE

4.19.90-2301.2.0

71fef78

2023-01-10 20:08

openEuler 20.03 update 4.19.90-2301.2.0

# 1TASK
-------

# 4.19.90-2212.4.0~1...4.19.90-2301.2.0
-------
| TASK | COMMIT |
|:----:|:------:|
| bugzilla: https://gitee.com/openeuler/kernel/issues/I47W8L | 71fef78b2b10 timekeeping: Avoiding false sharing in field access of tk_core |
| bugzilla: 188200, https://gitee.com/openeuler/kernel/issues/I68OOI | cc4d1b26671f mm/hwpoison: put page in already hwpoisoned case with MF_COUNT_INCREASED 626d06a2854f mm/memory-failure.c: fix race with changing page more robustly f0c2fbe9cf1c mm,memory_failure: always pin the page in madvise_inject_error |
| bugzilla: https://gitee.com/openeuler/kernel/issues/I697JG | 95e62156c8ee kobject: Fix slab-out-of-bounds in fill_kobj_path() |
| bugzilla: https://gitee.com/openeuler/kernel/issues/I69283 | 3a3089ec2bc9 tracing: Fix infinite loop in tracing_read_pipe on overflowed print_trace_line |
| bugzilla: https://gitee.com/src-openeuler/kernel/issues/I5MZPE | 85460c6b693a i2c: ismt: Fix an out-of-bounds bug in ismt_access() |
| bugzilla: https://gitee.com/src-openeuler/kernel/issues/I5UBUF | be3cb013fa1c misc: sgi-gru: fix use-after-free error in gru_set_context_option, gru_fault and gru_handle_user_call_os |
| bugzilla: https://gitee.com/src-openeuler/kernel/issues/I67NC1 | 0886320b8187 mm/sharepool: Charge Buddy hugepage to memcg |

# 2CVE
-------
| CVE | issue |
|:---:|:-----:|
| CVE-2022-2873 | #I5MZPE |
| CVE-2022-3424 | #I5UBUF |

最后提交信息为： timekeeping: Avoiding false sharing in field access of tk_core

4.19.90-2212.4.0

97e4e6f

2022-12-27 19:38

openEuler 20.03 update 4.19.90-2212.4.0

# 1TASK
-------

# 4.19.90-2212.3.0~1...4.19.90-2212.4.0
-------
| TASK | COMMIT |
|:----:|:------:|
| bugzilla: https://gitee.com/openeuler/kernel/issues/I65M32 | 97e4e6f4618a dm thin: Use last transaction's pmd->root when commit failed |
| bugzilla: https://gitee.com/src-openeuler/kernel/issues/I6698V | e9dbf67a2286 drm: mali-dp: potential dereference of null pointer |
| bugzilla: https://gitee.com/src-openeuler/kernel/issues/I6694F | e16cbba1266f power: supply: wm8350-power: Add missing free in free_charger_irq |
| bugzilla: https://gitee.com/openeuler/kernel/issues/I67BL1 | 3a44e838d0e4 sched: Reinit task's vruntime if a task sleep over 200 days |
| bugzilla: https://gitee.com/src-openeuler/kernel/issues/I5SDE4 | 3d8caf7a3c71 media: dvb-core: Fix UAF due to refcount races at releasing |
| bugzilla: https://gitee.com/src-openeuler/kernel/issues/I6694U | f4db9e013b11 drm/amdkfd: Check for null pointer after calling kmemdup |
| bugzilla: https://gitee.com/openeuler/kernel/issues/I66COX | 7b1b5d4d8e52 Support enabling dirty log gradually in small chunks |

# 2CVE
-------

| CVE | issue |
|:---:|:-----:|
| CVE-2022-3108 | #I6694U |
| CVE-2022-3111 | #I6694F |
| CVE-2022-3115 | #I6698V |
| CVE-2022-41218 | #I5SDE4 |

最后提交信息为： dm thin: Use last transaction's pmd->root when commit failed

4.19.90-2212.3.0

1e68435

2022-12-20 17:44

openEuler 20.03 update 4.19.90-2212.3.0

# 1TASK
-------

# 4.19.90-2212.2.0~1...4.19.90-2212.3.0
-------
| TASK | COMMIT |
|:----:|:------:|
| bugzilla: https://gitee.com/src-openeuler/kernel/issues/I64WCC | 1e684350f1a7 Bluetooth: L2CAP: fix use-after-free in l2cap_conn_del() 54677fc82e0f Bluetooth: L2CAP: Fix build errors in some archs 5c5ae8df85ab Bluetooth: L2CAP: Fix l2cap_global_chan_by_psm regression 8e40d6940884 Bluetooth: L2CAP: Fix use-after-free caused by l2cap_chan_put |
| bugzilla: https://gitee.com/src-openeuler/kernel/issues/I6694H | d61c2cb2d44f hv_netvsc: Add check for kvmalloc_array |
| bugzilla: https://gitee.com/src-openeuler/kernel/issues/I651DP | 6271646d8314 xen/netback: don't call kfree_skb() with interrupts disabled |
| bugzilla: https://gitee.com/src-openeuler/kernel/issues/I651EB | fa44095a4060 xen/netback: fix build warning 885cfe765996 xen/netback: Ensure protocol headers don't fall in the non-linear area |
| bugzilla: https://gitee.com/openeuler/kernel/issues/I65T0J | f676dd4c0faf arm64: fix a concurrency issue in emulation_proc_handler() |
| bugzilla: https://gitee.com/openeuler/kernel/issues/I65I9A | 6ae2a8a99c99 dm thin: Fix ABBA deadlock between shrink_slab and dm_pool_abort_metadata |
| bugzilla: https://gitee.com/openeuler/kernel/issues/I64OUS | fbea24f5894e sched/qos: Don't unthrottle cfs_rq when cfs_rq is throttled by qos |
| bugzilla: 188090, https://gitee.com/src-openeuler/kernel/issues/I6068W | bfb698eb06b0 media: mceusb: Use new usb_control_msg_*() routines 36f6fb470aed media: mceusb: fix control-message timeouts 15f5117ed3bd USB: add usb_control_msg_send() and usb_control_msg_recv() |
| bugzilla: https://gitee.com/openeuler/kernel/issues/I62V77 | ed9df17ad9b72 Fix mouse enumeration issue after wakeup from s4 |

# 2CVE
-------

| CVE | issue |
|:---:|:-----:|
| CVE-2022-20566 | #I64WCC |
| CVE-2022-3107 | #I6694H |
| CVE-2022-3643 | #I651EB |
| CVE-2022-3903 | #I6068W |
| CVE-2022-42328 | #I651DP |
| CVE-2022-42329 | #I651DV |

最后提交信息为： Bluetooth: L2CAP: fix use-after-free in l2cap_conn_del()

4.19.90-2212.2.0

e716298

2022-12-13 14:11

openEuler 20.03 update 4.19.90-2212.2.0

# 1TASK
-------

# 4.19.90-2212.1.0~1...4.19.90-2212.2.0
-------
| TASK | COMMIT |
|:----:|:------:|
| bugzilla: https://gitee.com/openeuler/kernel/issues/I64Y5Y | e71629898d67 mm/sharepool: Fix a double free problem caused by init_local_group |
| bugzilla: https://gitee.com/openeuler/kernel/issues/I63UEU | 12f3b19c7b67 bpf, test_run: Fix alignment problem in bpf_prog_test_run_skb() 8364d44b6365 macvlan: enforce a consistent minimal mtu aa800fa80ba8 net: macvlan: fix memory leaks of macvlan_common_newlink ebaa932a1b4a ipv6: addrlabel: fix infoleak when sending struct ifaddrlblmsg to network d6f805edaf05 net: gso: fix panic on frag_list with mixed head alloc types 41b39f2bc44c tcp/udp: Make early_demux back namespacified. 05a9ea5927ec ipv6: fix WARNING in ip6_route_net_exit_late() d31519a49dbb net, neigh: Fix null-ptr-deref in neigh_table_clear() e6d23a4b0db0 tcp: fix indefinite deferral of RTO with SACK reneging c50c877992bb net: fix UAF issue in nfqnl_nf_hook_drop() when ops_init() failed 176d2de6c437 serial: 8250: Flush DMA Rx on RLSI 80703cbe9a81 serial: 8250: Fall back to non-DMA Rx if IIR_RDI occurs 779c11cb5393 capabilities: fix potential memleak on error path from vfs_getxattr_alloc() 7e2d8bfc7a2c security: commoncap: fix -Wstringop-overread warning ee1cf85bbd88 ring_buffer: Do not deactivate non-existant pages 33ffa638a627 ftrace: Fix null pointer dereference in ftrace_add_mod() 3d193fb10227 ftrace: Optimize the allocation for mcount entries 041509231b95 kprobe: reverse kp->flags when arm_kprobe failed c01f46a9b062 mm: fs: initialize fsdata passed to write_begin/write_end interface 920f74acec23 nfs4: Fix kmemleak when allocate slot failed a1a691b4ef80 kernfs: fix use-after-free in __kernfs_remove 7a5b09555114 mm,hugetlb: take hugetlb_lock before decrementing h->resv_huge_pages 33213b46e324 mm: /proc/pid/smaps_rollup: fix no vma's null-deref |
| bugzilla: 187828, https://gitee.com/openeuler/kernel/issues/I63UEU | a2f889939449 signal handling: don't use BUG_ON() for debugging |
| bugzilla: 188002, https://gitee.com/openeuler/kernel/issues/I63UEU | eaab6483a9cc ida: don't use BUG_ON() for debugging |

# 2CVE
-------

null

最后提交信息为： mm/sharepool: Fix a double free problem caused by init_local_group

4.19.90-2212.1.0

75ea48a

2022-12-06 18:51

openEuler 20.03 update 4.19.90-2212.1.0

# 1TASK
-------

# 4.19.90-2211.6.0~1...4.19.90-2212.1.0
-------
| TASK | COMMIT |
|:----:|:------:|
| bugzilla: https://gitee.com/src-openeuler/kernel/issues/I63D3E | dde9a0f90627 Bluetooth: L2CAP: Fix u8 overflow |
| bugzilla: 188056, https://gitee.com/src-openeuler/kernel/issues/I62RNU | 08d3ac9ed682 l2tp: Don't sleep and disable BH under writer-side sk_callback_lock 9e00bd66a2b6 l2tp: Serialize access to sk_user_data with sk_callback_lock |
| bugzilla: https://gitee.com/openeuler/kernel/issues/I63MQP | a42e2dc56a1d net/mlx5: Update the list of the PCI supported devices 4975dd57b0d4 net/mlx5: Update the list of the PCI supported devices |
| bugzilla: https://gitee.com/src-openeuler/kernel/issues/I62KQZ | 599915d80f51 drivers: net: slip: fix NPD bug in sl_tx_timeout() |
| bugzilla: https://gitee.com/src-openeuler/kernel/issues/I62AX2 | 3e0deabf9f45 staging: rtl8712: fix use after free bugs |
| bugzilla: https://gitee.com/openeuler/kernel/issues/I62TOM | 75ea48ace145 Add MWAIT Cx support for Zhaoxin CPUs. |

# 2CVE
-------

| CVE | issue |
|:---:|:-----:|
| CVE-2022-4095 | #I62AX2 |
| CVE-2022-4129 | #I62RNU |
| CVE-2022-41858 | #I62KQZ |
| CVE-2022-45934 | #I63D3E |

最后提交信息为： !272 [openEuler-1.0-LTS] Add MWAIT Cx support for Zhaoxin CPUs.

4.19.90-2211.6.0

4f283ab

2022-11-29 10:59

openEuler 20.03 update 4.19.90-2211.6.0

最后提交信息为： x86/tsc: use topology_max_packages() in tsc watchdog check

4.19.90-2211.5.0

ace4dc0

2022-11-22 11:01

openEuler 20.03 update 4.19.90-2211.5.0

最后提交信息为： svm: Delete unused ioctl command

4.19.90-2211.4.0

0eb4401

2022-11-15 09:05

openEuler 20.03 update 4.19.90-2211.4.0

# 1TASK
-------

# 4.19.90-2211.2.0~1...4.19.90-2211.4.0
-------
| TASK | COMMIT |
|:----:|:------:|
| bugzilla: https://gitee.com/openeuler/kernel/issues/I60QE9 | 0eb440122f89 block: fix use after free for bd_holder_dir 9237bc1d70b1 Revert "block: Fix UAF in bd_link_disk_holder()" |
| bugzilla: https://gitee.com/openeuler/kernel/issues/I5X41F | d484e83399de init/main.c: return 1 from handled __setup() functions 47477ca72cfa x86/pm: Save the MSR validity status at context setup 2b91784db1e6 x86/speculation: Restore speculation related MSRs during S3 resume 27dd57ae7b30 x86/cpu: Load microcode during restore_processor_state() 950faec0dd86 genirq: Synchronize interrupt thread startup |
| bugzilla: https://gitee.com/openeuler/kernel/issues/I5ZXGL | 3b23e85f65cd nvme: Fix IOC_PR_CLEAR and IOC_PR_RELEASE ioctls for nvme devices 3743e9b52c60 once: add DO_ONCE_SLOW() for sleepable contexts 4c4298bf24dd inet: fully convert sk->sk_rx_dst to RCU rules 3b8b0d3f4de6 ext4: continue to expand file system when the target size doesn't reach 8f5816c21876 nvme: copy firmware_rev on each init 86774965b813 net: If sock is dead don't access sock's sk_wq in sk_stream_wait_memory 4b29a1491aec can: bcm: check the result of can_send() in bcm_can_tx() 16cebfda541f xfrm: Update ipcomp_scratches with NULL when freed e68b9f9b6472 tcp: annotate data-race around tcp_md5sig_pool_populated 4e3f7a2592a1 tcp: fix tcp_cwnd_validate() to not forget is_cwnd_limited 4700f752441a ext4: fix null-ptr-deref in ext4_write_info d5e86eaff74f Revert "fs: check FMODE_LSEEK to control internal pipe splicing" a8e008b993ef ima: Free the entire rule if it fails to parse f51a4e071b8b ima: Free the entire rule when deleting a list of rules 5fb445c239d2 ima: Have the LSM free its audit rule 926a1eb4f68b mm/migrate_device.c: flush TLB while holding PTL d6bd3a36e7ae mm: prevent page_frag_alloc() from corrupting the memory 36abbf06f4f0 mm/page_alloc: fix race condition between build_all_zonelists and page allocation 925e2f5b6521 net: team: Unsync device addresses on ndo_stop 7fd0525c8f2c mm/slub: fix to return errno if kmalloc() fails 44707038074d of: fdt: fix off-by-one error in unflatten_dt_nodes() |

最后提交信息为： block: fix use after free for bd_holder_dir

4.19.90-2211.2.0

60a7c8b

2022-11-08 10:04

openEuler 20.03 update 4.19.90-2211.2.0

# 1TASK
-------

# 4.19.90-2211.1.0~1...4.19.90-2211.2.0
-------
| TASK | COMMIT |
|:----:|:------:|
| bugzilla: https://gitee.com/openeuler/kernel/issues/I5Z86E | 60a7c8b50e1a net: tun: fix bugs for oversize packet when napi frags enabled |
| bugzilla: https://gitee.com/openeuler/kernel/issues/I5XG7S | 544a0e3150df tcp: fix a signed-integer-overflow bug in tcp_add_backlog() |
| bugzilla: 187792, https://gitee.com/openeuler/kernel/issues/I5ZG7O | 30879a10469d tcp: prohibit TCP_REPAIR_OPTIONS if data was already sent |
| bugzilla: 187935,https://gitee.com/src-openeuler/kernel/issues/I5ZR8Z | 5a8f271fe23d ext4: fix bad checksum after online resize |
| bugzilla: https://gitee.com/openeuler/kernel/issues/I5Z7DK | d7514ed360b6 blktrace: remove unnessary stop block trace in 'blk_trace_shutdown' 47e0fd5aa1e8 blktrace: fix possible memleak in '__blk_trace_remove' 6b5d9b4aec63 blktrace: introduce 'blk_trace_{start,stop}' helper |
| bugzilla: https://gitee.com/src-openeuler/kernel/issues/I5WFKI | 4ba3d7f28c8b kabi: net: fix kabi broken in sk_buff 0b56e323cdca io_uring/af_unix: defer registered files gc to io_uring release |
| bugzilla: 187706, https://gitee.com/openeuler/kernel/issues/I5XEBX | e053aefe9a1d nbd: refactor size updates 32a5f63bd0be nbd: move the task_recv check into nbd_size_update f46ceb12250f nbd: remove the call to set_blocksize |
| bugzilla: https://gitee.com/src-openeuler/kernel/issues/I5YGD6 | 55af2a071aaf wifi: Fix potential buffer overflow in 'brcmf_fweh_event_worker' |
| bugzilla: 187543, https://gitee.com/src-openeuler/kernel/issues/I5NZ98 | 6b3f824fb8f5 fs: fix UAF/GPF bug in nilfs_mdt_destroy |
| bugzilla: https://gitee.com/openeuler/kernel/issues/I5WBID | e9d9d62293dd dm: Fix UAF in run_timer_softirq() |
| bugzilla: 187908, https://gitee.com/src-openeuler/kernel/issues/I44HKK | ea55cd555f5f Bluetooth: sco: Fix lock_sock() blockage by memcpy_from_msg() |
| bugzilla: https://gitee.com/openeuler/kernel/issues/I5Z79B | b1979fbc7e62 ext4: record error information when insert extent failed in 'ext4_split_extent_at' |
| bugzilla: https://gitee.com/openeuler/kernel/issues/I5WF0G | d088eefaf077 livepatch/core: Fix livepatch/state leak on error path |
| bugzilla: https://gitee.com/openeuler/kernel/issues/I5VVP6 | 98b3569ae76a uacce: add the reference counter protection |

# 2CVE
-------

| CVE | issue |
|:---:|:-----:|
| CVE-2021-3640 | #I44HKK |
| CVE-2022-2602 | #I5WFKI |
| CVE-2022-2978 | #I5NZ98 |
| CVE-2022-3628 | #I5YGD6 |

最后提交信息为： net: tun: fix bugs for oversize packet when napi frags enabled

4.19.90-2211.1.0

98b3569

2022-11-02 14:39

openEuler 20.03 update 4.19.90-2211.1.0

# 1TASK
-------

# 4.19.90-2210.5.0~1...4.19.90-2211.1.0
-------
| TASK | COMMIT |
|:----:|:------:|
| bugzilla: https://gitee.com/openeuler/kernel/issues/I5VVP6 | 98b3569ae76a uacce: add the reference counter protection |
| bugzilla: https://gitee.com/src-openeuler/kernel/issues/I5X1Z4 | 1260ac5c815a nilfs2: fix NULL pointer dereference at nilfs_bmap_lookup_at_level() |
| bugzilla: https://gitee.com/src-openeuler/kernel/issues/I5XTU4 | 4fb588e2cd72 usb: mon: make mmapped memory read only |
| bugzilla: 187821,https://gitee.com/openeuler/kernel/issues/I5X9U0 | 8d2972d4c83f ext4: fix bug_on in __es_tree_search caused by bad boot loader inode 31ef411870f2 ext4: add EXT4_IGET_BAD flag to prevent unexpected bad inode 495de54176ff ext4: add helper to check quota inums bc4c14c2c104 ext4: fix bug_on in __es_tree_search caused by bad quota inode |
| bugzilla: 187909, https://gitee.com/src-openeuler/kernel/issues/I5X3ML | 23ee06d0c0a2 atm: idt77252: fix use-after-free bugs caused by tst_timer |
| bugzilla: 187414, https://gitee.com/openeuler/kernel/issues/I5XZ6O | c0a8ad0fb978 ext4: ext4_read_bh_lock() should submit IO if the buffer isn't uptodate |
| bugzilla: https://gitee.com/src-openeuler/kernel/issues/I5ROPX | 0f6fcb8c9a8c scsi: stex: Properly zero out the passthrough command structure |
| bugzilla: 187884, https://gitee.com/src-openeuler/kernel/issues/I5X2OB | 8ad0934c91e6 nilfs2: fix leak of nilfs_root in case of writer thread creation failure |
| bugzilla: 187891, https://gitee.com/src-openeuler/kernel/issues/I5WYLL | e6db4754fe68 vsock: Fix memory leak in vsock_connect() |
| bugzilla: 187862, https://gitee.com/src-openeuler/kernel/issues/I5WF14 | 62daba85c0c8 sch_sfb: Also store skb len before calling child enqueue bd2d1f5de34f sch_sfb: Don't assume the skb is still around after enqueueing to child |
| bugzilla: https://gitee.com/openeuler/kernel/issues/I5Y4BR | ed49ea9e81f0 x86/apic/vector: Fix ordering in vector assignment |
| bugzilla: https://gitee.com/openeuler/kernel/issues/I54V2K | 8e6741d887ea Add support for PxSCT.LPM set based on actual LPM circumstances |
| bugzilla: https://gitee.com/openeuler/kernel/issues/I54V27 | 7bf3957153a9 Add support for disabling PhyRdy Change Interrupt based on actual LPM capability |
| bugzilla: https://gitee.com/openeuler/kernel/issues/I5J763 | d1a49c2d666e Driver for Zhaoxin CPU core temperature monitoring |
| bugzilla: https://gitee.com/openeuler/kernel/issues/I54V04 | e4a4ab2a0ae8 rtc: Fix set RTC time delay 500ms on some Zhaoxin SOCs |
| bugzilla: https://gitee.com/openeuler/kernel/issues/I54V2W | 27c5740821c1 x86/tsc: Make cur->adjusted values in package#1 to be the same |
| bugzilla: https://gitee.com/openeuler/kernel/issues/I54V1P | fbb10e33b67d EHCI: Clear wakeup signal locked in S0 state when device plug in |

# 2CVE
-------

| CVE | issue |
|:---:|:-----:|
| CVE-2022-3621 | #I5X1Z4 |
| CVE-2022-3629 | #I5WYLL |
| CVE-2022-3629 | #I5Y4MJ |
| CVE-2022-3635 | #I5X3ML |
| CVE-2022-3646 | #I5X2OB |
| CVE-2022-40768 | #I5ROPX |
| CVE-2022-43750 | #I5XTU4 |

最后提交信息为： uacce: add the reference counter protection

4.19.90-2210.5.0

62daba8

2022-10-27 20:15

openEuler 20.03 update 4.19.90-2210.5.0

最后提交信息为： sch_sfb: Also store skb len before calling child enqueue

4.19.90-2210.4.0

187e173

2022-10-25 17:27

openEuler 20.03 update 4.19.90-2210.4.0

# 1TASK
-------

# 4.19.90-2210.3.0~1...4.19.90-2210.4.0
-------
| TASK | COMMIT |
|:----:|:------:|
| bugzilla: 187867, https://gitee.com/src-openeuler/kernel/issues/I5W7B5 | 187e173a47cc nfp: fix use-after-free in area_cache_get() |
| bugzilla: https://gitee.com/src-openeuler/kernel/issues/I5W7YH | 20fb5fafab62 mISDN: fix use-after-free bugs in l1oip timer handlers |
| bugzilla: https://gitee.com/src-openeuler/kernel/issues/I5W7ZF | 1ae8a44b0107 tcp: Fix data races around icsk->icsk_af_ops. |
| bugzilla: https://gitee.com/src-openeuler/kernel/issues/I5W7XW | 1c1e7cf5f472 Bluetooth: L2CAP: Fix use-after-free caused by l2cap_reassemble_sdu |
| bugzilla: 187839, https://gitee.com/src-openeuler/kernel/issues/I5W7B1 | c3844d5ad5f9 bnx2x: fix potential memory leak in bnx2x_tpa_stop() |
| bugzilla: 187847, https://gitee.com/src-openeuler/kernel/issues/I5WFKR | 4302727af81f r8152: Rate limit overflow messages |
| bugzilla: https://gitee.com/openeuler/kernel/issues/I5WW82 | cafd261d0428 scsi: megaraid_sas: Add support for MegaRAID Aero controllers |
| bugzilla: https://gitee.com/openeuler/kernel/issues/I5WW3D | c1ebe562b7fb vfio-pci: Mask cap zero |
| bugzilla: 187825, https://gitee.com/src-openeuler/kernel/issues/I5VZ0J | 0724868f7c1a tcp/udp: Fix memory leak in ipv6_renew_options(). |
| bugzilla: https://gitee.com/src-openeuler/kernel/issues/I5W7AX | 92febc730135 net: mvpp2: fix mvpp2 debugfs leak |
| bugzilla: 187823, https://gitee.com/src-openeuler/kernel/issues/I5VZ0N | a4c35ce0dab6 kcm: avoid potential race in kcm_tx_work |
| bugzilla: https://gitee.com/openeuler/kernel/issues/I5UY5E | 1eefd25aa8f5 net: bonding: Add support for IPV6 ns/na to balance-alb/balance-tlb mode |
| bugzilla: 187798, https://gitee.com/src-openeuler/kernel/issues/I5U1NZ | 4b472e21a9dc fbdev: smscufx: Fix use-after-free in ufx_ops_open() |
| bugzilla: https://gitee.com/openeuler/kernel/issues/I5986O | 1e83e42b007c nvme: fix controller instance leak |
| bugzilla:https://gitee.com/openeuler/kernel/issues/I5986O | 7d574b4c65c7 nvme: Assign subsys instance from first ctrl |
| bugzilla: 187805, https://gitee.com/src-openeuler/kernel/issues/I5U713 | edb25e44f5d5 binder: fix UAF of ref->proc caused by race condition |

# 2CVE
-------
| CVE | issue |
|:---:|:-----:|
| CVE-2022-3521 | #I5VZ0N |
| CVE-2022-3524 | #I5VZ0J |
| CVE-2022-3535 | #I5W7AX |
| CVE-2022-3542 | #I5W7B1 |
| CVE-2022-3545 | #I5W7B5 |
| CVE-2022-3564 | #I5W7XW |
| CVE-2022-3565 | #I5W7YH |
| CVE-2022-3566 | #I5W7ZF |
| CVE-2022-3594 | #I5WFKR |
| CVE-2022-41849 | #I5U1NZ |

最后提交信息为： nfp: fix use-after-free in area_cache_get()

GVPopenEuler/kernel关闭

搜索帮助

GVP openEuler/kernel
关闭