Description
memcg does not limit the number of POSIX file locks allowing memory exhaustion.
vmwgfx: NULL pointer dereference in vmw_cmd_dx_define_query.
use-after-free in smb2_is_status_io_timeout().
nfp: use-after-free in area_cache_get().
NULL pointer dereference in can_rcv_filter.
Slab-out-of-bound read in compare_netdev_and_ip.
UAF in nftables when nft_set_lookup_global triggered after handling named and anonymous sets in batch requests.
out-of-bounds access in relay_file_read.
vmxnet3: NULL pointer dereference in vmxnet3_rq_cleanup().
Gather Data Sampling (GDS) side channel vulnerability (CVE-2022-40982,Downfall).
net/sched: cls_u32 component reference counter leak if tcf_change_indev() fails.
fbcon: out-of-sync arrays in fbcon_mode_deleted due to wrong con2fb_map assignment.
Race Condition leading to UAF in Unix Socket could happen in sk_receive_queue ().
use-after-free in l2cap_sock_release in net/bluetooth/l2cap_sock.c.
use after free in unix_stream_sendpage.
bpf: Incorrect verifier pruning leads to unsafe code paths being incorrectly marked as safe.
A heap out-of-bounds write when function perf_read_group is called and sibling_list is smaller than its child's sibling_list.
ktls overwrites readonly memory pages when using function splice with a ktls socket as destination.
use-after-free in IPv4 IGMP.
GSM multiplexing race condition leads to privilege escalation (CVE-2023-6546,ZDI-CAN-20527).
refcount leak in ctnetlink_create_conntrack().
fbcon: out-of-sync arrays in fbcon_mode_deleted due to wrong con2fb_map assignment (JIRA:RHEL-1107).
out-of-bounds access in relay_file_read (JIRA:RHEL-1749).
vmxnet3: NULL pointer dereference in vmxnet3_rq_cleanup() (JIRA:RHEL-18085).
NULL pointer dereference in can_rcv_filter (JIRA:RHEL-19524).
update RT source tree to the latest RHEL-9.0.z Batch 15 (JIRA:RHEL-21555).
Gather Data Sampling (GDS) side channel vulnerability (JIRA:RHEL-9285).
A heap out-of-bounds write (JIRA:RHEL-18011).
Slab-out-of-bound read in compare_netdev_and_ip (JIRA:RHEL-19398).
A flaw leading to a use-after-free in area_cache_get() (JIRA:RHEL-19534).
Incorrect verifier pruning leads to unsafe code paths being incorrectly marked as safe (JIRA:RHEL-8980).
various flaws (JIRA:RHEL-16150).
refcount leak in ctnetlink_create_conntrack() (JIRA:RHEL-20311).
use-after-free in l2cap_sock_release in net/bluetooth/l2cap_sock.c (JIRA:RHEL-20502).
ktls overwrites readonly memory pages when using function splice with a ktls socket as destination (JIRA:RHEL-22095).
use-after-free in smb2_is_status_io_timeout() (JIRA:RHEL-15171).
use-after-free in IPv4 IGMP (JIRA:RHEL-21658).
memcg does not limit the number of POSIX file locks allowing memory exhaustion (JIRA:RHEL-8996).
GSM multiplexing race condition leads to privilege escalation (JIRA:RHEL-19968).
NULL pointer dereference in vmw_cmd_dx_define_query (JIRA:RHEL-22751).
kernel: sched/membarrier: reduce the ability to hammer on sys_membarrier.