-
Tue Dec 05 2023 Alok Tiwari <alok.a.tiwari@oracle.com> [4.1.12-124.81.2.el7uek]
- rebuild bumping release
-
Tue Nov 21 2023 Alok Tiwari <alok.a.tiwari@oracle.com> [4.1.12-124.81.1.el7uek]
- netfilter: xt_sctp: validate the flag_info count (Wander Lairson Costa) [Orabug: 35923500] {CVE-2023-39193}
- USB: ene_usb6250: Allocate enough memory for full object (Kees Cook) [Orabug: 35924058] {CVE-2023-45862}
- netfilter: xt_u32: validate user space input (Wander Lairson Costa) [Orabug: 35923470] {CVE-2023-39192}
- net/sched: cls_fw: No longer copy tcf_result on update to avoid use-after-free (valis) [Orabug: 35707466] {CVE-2023-4207}
-
Mon Oct 09 2023 Alok Tiwari <alok.a.tiwari@oracle.com> [4.1.12-124.80.1.el7uek]
- Bluetooth: L2CAP: Fix use-after-free in l2cap_sock_ready_cb (Sungwoo Kim) [Orabug: 35814478] {CVE-2023-40283}
- net/sched: cls_u32: No longer copy tcf_result on update to avoid use-after-free (valis) [Orabug: 35814297] {CVE-2023-4208}
- RDMA/core: net: fix kernel NULL error (Zhu Yanjun) [Orabug: 35723252]
-
Wed Sep 20 2023 Alok Tiwari <alok.a.tiwari@oracle.com> [4.1.12-124.79.2.el7uek]
- net/sched: cls_route: No longer copy tcf_result on update to avoid use-after-free (valis) [Orabug: 35814273] {CVE-2023-4206}
- net/sched: sch_qfq: account for stab overhead in qfq_enqueue (Pedro Tammela) [Orabug: 35636291] {CVE-2023-3611}
- rds: Fix lack of reentrancy for connection reset with dst addr zero (HÃ¥kon Bugge) [Orabug: 35741584] [Orabug: 35818110] {CVE-2023-22024}
-
Tue Sep 12 2023 Alok Tiwari <alok.a.tiwari@oracle.com> [4.1.12-124.79.1.el7uek]
- xfrm: add NULL check in xfrm_update_ae_params (Lin Ma) [Orabug: 35754509] {CVE-2023-3772}
- net: vmxnet3: fix possible NULL pointer dereference in vmxnet3_rq_cleanup() (Zixuan Fu) [Orabug: 35732892] {CVE-2023-4459}
- net: vmxnet3: fix possible use-after-free bugs in vmxnet3_rq_alloc_rx_buf() (Zixuan Fu) [Orabug: 35732764] {CVE-2023-4387}
- net/sched: cls_fw: Fix improper refcount update leads to use-after-free (M A Ramdhan) [Orabug: 35636313] {CVE-2023-3776}
- netfilter: nf_tables: prevent OOB access in nft_byteorder_eval (Thadeu Lima de Souza Cascardo) [Orabug: 35609787] {CVE-2023-35001}
- ext4: fix use-after-free in ext4_xattr_set_entry (Baokun Li) [Orabug: 35382025] {CVE-2023-2513}
- ext4: add EXT4_INODE_HAS_XATTR_SPACE macro in xattr.h (Baokun Li) [Orabug: 35382025] {CVE-2023-2513}
- netfilter: nf_tables: stricter validation of element data (Pablo Neira Ayuso) [Orabug: 34362008] {CVE-2022-34918}
-
Thu Sep 07 2023 Alok Tiwari <alok.a.tiwari@oracle.com> [4.1.12-124.78.4.el7uek]
- netfilter: nf_tables: verify registers coming from userspace (Harshvardhan Jha) [Orabug: 35776867]
-
Fri Sep 01 2023 Alok Tiwari <alok.a.tiwari@oracle.com> [4.1.12-124.78.3.el7uek]
- vc_screen: Fix a backport in vcs_read() (Harshit Mogalapalli) [Orabug: 35768682]
-
Tue Aug 22 2023 Alok Tiwari <alok.a.tiwari@oracle.com> [4.1.12-124.78.2.el7uek]
- xfrm: fix crash in XFRM_MSG_GETSA netlink handler (Vegard Nossum) [Orabug: 35598955] {CVE-2023-3106}
- netfilter: nf_tables: validate registers coming from userspace (Harshvardhan Jha) [Orabug: 34012909] {CVE-2022-1015}
-
Wed Aug 16 2023 Alok Tiwari <alok.a.tiwari@oracle.com> [4.1.12-124.78.1.el7uek]
- vc_screen: move load of struct vc_data pointer in vcs_read() to avoid UAF (George Kennedy) [Orabug: 35649493] {CVE-2023-3567}
-
Wed Jul 12 2023 Alok Tiwari <alok.a.tiwari@oracle.com> [4.1.12-124.77.2.el7uek]
- media: dm1105: Fix use after free bug in dm1105_remove due to race condition (Zheng Wang) [Orabug: 35514108] {CVE-2023-35824}
- media: dvb-core: Fix kernel WARNING for blocking operation in wait_event*() (Takashi Iwai) [Orabug: 35477742] {CVE-2023-31084}
- media: dvb_frontend: fix locking issues at dvb_frontend_get_event() (Mauro Carvalho Chehab) [Orabug: 35477742] {CVE-2023-31084}
- media: dvb-core: Fix UAF due to refcount races at releasing (Takashi Iwai) [Orabug: 34820632] {CVE-2022-41218}
- media: dvb: dmx: fixed coding style issues of spacing (devendra sharma) [Orabug: 34820632]