D7net
Home
Console
Upload
information
Create File
Create Folder
About
Tools
:
/
var
/
cache
/
kcare
/
patches
/
none-a96b1d2de8acf651fb2fead02b14f15acc2d3ac6-85-default
/
Filename :
kpatch.info
back
Copy
OS: centos7 kernel: kernel-3.10.0-1062.9.1.el7 time: 2024-09-10 11:54:13 kpatch-name: 3.10.0/cve-2019-14816-mwifiex-fix-three-heap-overflow.patch kpatch-description: mwifiex: Fix three heap overflow at parsing element in cfg80211_ap_settings kpatch-kernel: kernel-3.10.0-1062.12.1.el7 kpatch-cve: CVE-2019-14816 kpatch-cvss: 8.0 kpatch-cve-url: https://nvd.nist.gov/vuln/detail/CVE-2019-14816 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=7caac62ed598a196d6ddf8d9c121e12e082cac3a kpatch-name: 3.10.0/cve-2019-14895-mwifiex-fix-possible-heap-overflow.patch kpatch-description: Heap Overflow in mwifiex_process_country_ie() function of Marvell Wifi Driver kpatch-kernel: kernel-3.10.0-1062.12.1.el7 kpatch-cve: CVE-2019-14895 kpatch-cvss: 8.0 kpatch-cve-url: https://nvd.nist.gov/vuln/detail/CVE-2019-14895 kpatch-patch-url: https://patchwork.kernel.org/patch/11256477/ kpatch-name: 3.10.0/cve-2019-14901-mwifiex-heap-overflow-in-tdls.patch kpatch-description: mwifiex: Fix heap overflow in mmwifiex_process_tdls_action_frame() kpatch-kernel: kernel-3.10.0-1062.12.1.el7 kpatch-cve: CVE-2019-14901 kpatch-cvss: 8.8 kpatch-cve-url: https://nvd.nist.gov/vuln/detail/CVE-2019-14901 kpatch-patch-url: https://patchwork.kernel.org/patch/11257535/ kpatch-name: 3.10.0/cve-2019-17133-cfg80211-wext-avoid-copying-malformed-SSID.patch kpatch-description: cfg80211: wext: avoid copying malformed SSIDs kpatch-kernel: kernel-3.10.0-1062.12.1.el7 kpatch-cve: CVE-2019-17133 kpatch-cvss: 8.8 kpatch-cve-url: https://nvd.nist.gov/vuln/detail/CVE-2019-17133 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=4ac2813cc867ae563a1ba5a9414bfb554e5796fa kpatch-name: 3.10.0/9112-fs-userfaultfd_release-always-remove-uffd-flags-and-.patch kpatch-description: [fs] userfaultfd_release: always remove uffd flags and clear vm_userfaultfd_ctx kpatch-kernel: kernel-3.10.0-1062.12.1.el7 kpatch-cve: CVE-2019-14898 kpatch-cvss: 7.0 kpatch-cve-url: https://access.redhat.com/security/cve/cve-2019-14898 kpatch-patch-url: https://git.kernel.org/linus/46d0b24c5ee10a15dfb25e20642f5a5ed59c5003 kpatch-name: 3.10.0/CVE-2019-17666-0001-rtlwifi-Fix-potential-overflow-on-P2P-code.patch kpatch-description: [wireless] rtlwifi: Fix potential overflow on P2P code kpatch-kernel: 3.10.0-1062.18.1.el7 kpatch-cve: CVE-2019-17666 kpatch-cvss: 6.3 kpatch-cve-url: https://access.redhat.com/security/cve/cve-2019-17666 kpatch-patch-url: https://git.kernel.org/linus/8c55dedb795be8ec0cf488f98c03a1c2176f7fb1 kpatch-name: 3.10.0/CVE-2019-19338-0001-kvm-x86-Export-MDS_NO-0-to-guests-when-TSX-is-enable.patch kpatch-description: [x86] kvm/x86: Export MDS_NO=0 to guests when TSX is enabled kpatch-kernel: 3.10.0-1062.18.1.el7 kpatch-cve: CVE-2019-19338 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/cve-2019-19338 kpatch-patch-url: https://git.kernel.org/linus/e1d38b63acd843cfdd4222bf19a26700fd5c699e kpatch-name: 3.10.0/CVE-2019-19338-0002-KVM-x86-fix-presentation-of-TSX-feature-in-ARCH_CAPA.patch kpatch-description: [x86] kvm: x86: fix presentation of TSX feature in ARCH_CAPABILITIES kpatch-kernel: 3.10.0-1062.18.1.el7 kpatch-cve: CVE-2019-19338 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/cve-2019-19338 kpatch-patch-url: https://git.kernel.org/linus/1389309c811b0c954bf3b591b761d79b1700283d kpatch-name: 3.10.0/CVE-2019-19338-0003-KVM-x86-do-not-modify-masked-bits-of-shared-MSRs.patch kpatch-description: [x86] kvm: x86: do not modify masked bits of shared MSRs kpatch-kernel: 3.10.0-1062.18.1.el7 kpatch-cve: CVE-2019-19338 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/cve-2019-19338 kpatch-patch-url: https://git.kernel.org/linus/de1fca5d6e0105c9d33924e1247e2f386efc3ece kpatch-name: 3.10.0/CVE-2019-11487-0003-mm-hugetlb.c-__get_user_pages-ignores-certain-follow.patch kpatch-description: [mm] mm/hugetlb.c: __get_user_pages ignores certain follow_hugetlb_page errors kpatch-kernel: 3.10.0-1062.18.1.el7 kpatch-cve: CVE-2019-11487 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/cve-2019-11487 kpatch-patch-url: https://git.kernel.org/linus/2be7cfed995e25de1ffaffe14cc065b7ffb528e0 kpatch-name: 3.10.0/CVE-2019-11487-0004-mm-prevent-get_user_pages-from-overflowing-page-refc.patch kpatch-description: [mm] mm: prevent get_user_pages() from overflowing page refcount kpatch-kernel: 3.10.0-1062.18.1.el7 kpatch-cve: CVE-2019-11487 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/cve-2019-11487 kpatch-patch-url: https://git.kernel.org/linus/8fde12ca79aff9b5ba951fce1a2641901b8d8e64 kpatch-name: 3.10.0/0007-netdrv-brcmfmac-add-subtype-check-for-event-handling.patch kpatch-description: [netdrv] brcmfmac: add subtype check for event handling in data path kpatch-kernel: kernel-3.10.0-1127.el7 kpatch-cve: CVE-2019-9503 kpatch-cvss: 5.9 kpatch-cve-url: https://access.redhat.com/security/cve/cve-2019-9503 kpatch-patch-url: https://git.kernel.org/linus/a4176ec356c73a46c07c181c6d04039fafa34a9f kpatch-name: 3.10.0/0105-usb-check-usb_get_extra_descriptor-for-proper-size.patch kpatch-description: [usb] check usb_get_extra_descriptor for proper size kpatch-kernel: kernel-3.10.0-1127.el7 kpatch-cve: CVE-2018-19985 CVE-2018-20169 kpatch-cvss: 6.4 kpatch-cve-url: https://access.redhat.com/security/cve/cve-2018-19985 kpatch-cve-url: https://access.redhat.com/security/cve/cve-2018-20169 kpatch-patch-url: https://git.kernel.org/linus/704620afc70cf47abb9d6a1a57f3825d2bca49cf kpatch-name: 3.10.0/0106-usb-hso-Fix-OOB-memory-access-in-hso_probe-hso_get_c.patch kpatch-description: [usb] hso: Fix OOB memory access in hso_probe/hso_get_config_data kpatch-kernel: kernel-3.10.0-1127.el7 kpatch-cve: CVE-2018-19985 CVE-2018-20169 kpatch-cvss: 6.4 kpatch-cve-url: https://access.redhat.com/security/cve/cve-2018-19985 kpatch-cve-url: https://access.redhat.com/security/cve/cve-2018-20169 kpatch-patch-url: https://git.kernel.org/linus/5146f95df782b0ac61abde36567e718692725c89 kpatch-name: 3.10.0/0128-x86-insn-eval-Fix-use-after-free-access-to-LDT-entry.patch kpatch-description: [x86] insn-eval: Fix use-after-free access to LDT entry kpatch-kernel: kernel-3.10.0-1127.el7 kpatch-cve: CVE-2019-13233 kpatch-cvss: 5.1 kpatch-cve-url: https://access.redhat.com/security/cve/cve-2019-13233 kpatch-patch-url: https://git.kernel.org/linus/de9f869616dd95e95c00bdd6b0fcd3421e8a4323 kpatch-name: 3.10.0/0135-net-bluetooth-hidp-fix-buffer-overflow.patch kpatch-description: [net] bluetooth: hidp: fix buffer overflow kpatch-kernel: kernel-3.10.0-1127.el7 kpatch-cve: CVE-2019-11884 kpatch-cvss: 6.8 kpatch-cve-url: https://access.redhat.com/security/cve/cve-2019-11884 kpatch-patch-url: https://git.kernel.org/linus/a1616a5ac99ede5d605047a9012481ce7ff18b16 kpatch-name: 3.10.0/1107-block-floppy-fix-out-of-bounds-read-in-copy_buffer.patch kpatch-description: [block] floppy: fix out-of-bounds read in copy_buffer kpatch-kernel: kernel-3.10.0-1127.el7 kpatch-cve: CVE-2019-14283 kpatch-cvss: 5.6 kpatch-cve-url: https://access.redhat.com/security/cve/cve-2019-14283 kpatch-patch-url: https://git.kernel.org/linus/da99466ac243f15fbba65bd261bfc75ffa1532b6 kpatch-name: 3.10.0/1478-sound-ALSA-info-Fix-racy-addition-deletion-of-nodes.patch kpatch-description: [sound] ALSA: info: Fix racy addition/deletion of nodes kpatch-kernel: kernel-3.10.0-1127.el7 kpatch-cve: CVE-2019-15214 kpatch-cvss: 6.4 kpatch-cve-url: https://access.redhat.com/security/cve/cve-2019-15214 kpatch-patch-url: https://git.kernel.org/linus/8c2f870890fd28e023b0fcf49dcee333f2c8bad7 kpatch-name: 3.10.0/1479-sound-ALSA-core-Fix-card-races-between-register-and-.patch kpatch-description: [sound] ALSA: core: Fix card races between register and disconnect kpatch-kernel: kernel-3.10.0-1127.el7 kpatch-cve: CVE-2019-15214 kpatch-cvss: 6.4 kpatch-cve-url: https://access.redhat.com/security/cve/cve-2019-15214 kpatch-patch-url: https://git.kernel.org/linus/2a3f7221acddfe1caa9ff09b3a8158c39b2fdeac kpatch-name: 3.10.0/1590-sound-ALSA-line6-Fix-write-on-zero-sized-buffer.patch kpatch-description: [sound] ALSA: line6: Fix write on zero-sized buffer kpatch-kernel: kernel-3.10.0-1127.el7 kpatch-cve: CVE-2019-15221 kpatch-cvss: 4.6 kpatch-cve-url: https://access.redhat.com/security/cve/cve-2019-15221 kpatch-patch-url: https://git.kernel.org/linus/3450121997ce872eb7f1248417225827ea249710 kpatch-name: 3.10.0/1607-sound-ALSA-line6-Fix-memory-leak-at-line6_init_pcm-e.patch kpatch-description: [sound] ALSA: line6: Fix memory leak at line6_init_pcm() error path kpatch-kernel: kernel-3.10.0-1127.el7 kpatch-cve: CVE-2019-15221 kpatch-cvss: 4.6 kpatch-cve-url: https://access.redhat.com/security/cve/cve-2019-15221 kpatch-patch-url: https://git.kernel.org/linus/1bc8d18c75fef3b478dbdfef722aae09e2a9fde7 kpatch-name: 3.10.0/1694-net-tun-call-dev_get_valid_name-before-register_netd.patch kpatch-description: [net] tun: call dev_get_valid_name() before register_netdevice() kpatch-kernel: kernel-3.10.0-1127.el7 kpatch-cve: CVE-2018-7191 kpatch-cvss: 6.2 kpatch-cve-url: https://access.redhat.com/security/cve/cve-2018-7191 kpatch-patch-url: https://git.kernel.org/linus/0ad646c81b2182f7fa67ec0c8c825e0ee165696d kpatch-name: 3.10.0/1695-net-tun-allow-positive-return-values-on-dev_get_vali.patch kpatch-description: [net] tun: allow positive return values on dev_get_valid_name() call kpatch-kernel: kernel-3.10.0-1127.el7 kpatch-cve: CVE-2018-7191 kpatch-cvss: 6.2 kpatch-cve-url: https://access.redhat.com/security/cve/cve-2018-7191 kpatch-patch-url: https://git.kernel.org/linus/5c25f65fd1e42685f7ccd80e0621829c105785d9 kpatch-name: 3.10.0/1696-fs-dcache-allow-word-at-a-time-name-hashing-with-big.patch kpatch-description: [fs] dcache: allow word-at-a-time name hashing with big-endian CPUs kpatch-kernel: kernel-3.10.0-1127.el7 kpatch-cve: CVE-2019-10638 kpatch-cvss: 3.7 kpatch-cve-url: https://access.redhat.com/security/cve/cve-2019-10638 kpatch-patch-url: https://git.kernel.org/linus/a5c21dcefa1c3d759457a604b3cfc4af29c8713f kpatch-name: 3.10.0/1697-lib-siphash-add-cryptographically-secure-PRF.patch kpatch-description: [lib] siphash: add cryptographically secure PRF kpatch-kernel: kernel-3.10.0-1127.el7 kpatch-cve: CVE-2019-10638 kpatch-cvss: 3.7 kpatch-cve-url: https://access.redhat.com/security/cve/cve-2019-10638 kpatch-patch-url: https://git.kernel.org/linus/2c956a60778cbb6a27e0c7a8a52a91378c90e1d1 kpatch-name: 3.10.0/1698-net-inet-switch-IP-ID-generator-to-siphash.patch kpatch-description: [net] inet: switch IP ID generator to siphash kpatch-kernel: kernel-3.10.0-1127.el7 kpatch-cve: CVE-2019-10638 CVE-2019-10639 kpatch-cvss: 3.7 kpatch-cve-url: https://access.redhat.com/security/cve/cve-2019-10638 kpatch-patch-url: https://git.kernel.org/linus/df453700e8d81b1bdafdf684365ee2b9431fb702 kpatch-name: 3.10.0/1721-security-KEYS-Strip-trailing-spaces.patch kpatch-description: [security] KEYS: Strip trailing spaces kpatch-kernel: kernel-3.10.0-1127.el7 kpatch-cve: CVE-2017-17807 kpatch-cvss: 3.3 kpatch-cve-url: https://access.redhat.com/security/cve/cve-2017-17807 kpatch-patch-url: https://git.kernel.org/linus/965475acca2cbcc1d748a8b6a05f8c7cf57d075a kpatch-name: 3.10.0/1722-security-KEYS-remove-unnecessary-get-put-of-explicit.patch kpatch-description: [security] KEYS: remove unnecessary get/put of explicit dest_keyring kpatch-kernel: kernel-3.10.0-1127.el7 kpatch-cve: CVE-2017-17807 kpatch-cvss: 3.3 kpatch-cve-url: https://access.redhat.com/security/cve/cve-2017-17807 kpatch-patch-url: https://git.kernel.org/linus/a2d8737d5c781d388b553dd085b56d7295fffc6c kpatch-name: 3.10.0/1723-security-KEYS-add-missing-permission-check-for-reque.patch kpatch-description: [security] KEYS: add missing permission check for request_key() destination kpatch-kernel: kernel-3.10.0-1127.el7 kpatch-cve: CVE-2017-17807 kpatch-cvss: 3.3 kpatch-cve-url: https://access.redhat.com/security/cve/cve-2017-17807 kpatch-patch-url: https://git.kernel.org/linus/4dca6ea1d9432052afb06baf2e3ae78188a4410b kpatch-name: 3.10.0/1963-drm-drm-edid-Fix-a-missing-check-bug-in-drm_load_edi.patch kpatch-description: [drm] drm/edid: Fix a missing-check bug in drm_load_edid_firmware() kpatch-kernel: kernel-3.10.0-1127.el7 kpatch-cve: CVE-2019-12382 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/cve-2019-12382 kpatch-patch-url: https://git.kernel.org/linus/9f1f1a2dab38d4ce87a13565cf4dc1b73bef3a5f kpatch-name: 3.10.0/CVE-2019-11190.patch kpatch-description: binfmt_elf: switch to new creds when switching to new mm kpatch-kernel: >4.8 kpatch-cve: CVE-2019-11190 kpatch-cvss: 4.7 kpatch-cve-url: https://nvd.nist.gov/vuln/detail/CVE-2019-11190 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/stable/stable-queue.git/diff/queue-3.18/binfmt_elf-switch-to-new-creds-when-switching-to-new-mm.patch?id=a5b5352558f6808db0589644ea5401b3e3148a0d kpatch-name: 3.10.0/2070-kernel-perf-core-Fix-perf_event_open-vs.-execve-race.patch kpatch-description: [kernel] perf/core: Fix perf_event_open() vs. execve() race kpatch-kernel: kernel-3.10.0-1127.el7 kpatch-cve: CVE-2019-3901 kpatch-cvss: 5.6 kpatch-cve-url: https://access.redhat.com/security/cve/cve-2019-3901 kpatch-patch-url: https://git.kernel.org/linus/79c9ce57eb2d5f1497546a3946b4ae21b6fdc438 kpatch-name: 3.10.0/2160-net-sysfs-Fix-mem-leak-in-netdev_register_kobject.patch kpatch-description: [net] sysfs: Fix mem leak in netdev_register_kobject kpatch-kernel: kernel-3.10.0-1127.el7 kpatch-cve: CVE-2019-15916 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/cve-2019-15916 kpatch-patch-url: https://git.kernel.org/linus/895a5e96dbd6386c8e78e5b78e067dcc67b7f0ab kpatch-name: 3.10.0/CVE-2019-16746-0001-cfg80211-add-and-use-strongly-typed-element-iteratio.patch kpatch-description: cfg80211: add and use strongly typed element iteration macros kpatch-kernel: kernel-3.10.0-1127.el7 kpatch-cve: CVE-2019-16746 kpatch-cvss: 8.4 kpatch-cve-url: https://access.redhat.com/security/cve/cve-2019-16746 kpatch-patch-url: https://git.kernel.org/linus/0f3b07f027f87a38ebe5c436490095df762819be kpatch-name: 3.10.0/CVE-2019-16746-0002-ieee80211-fix-for_each_element_extid.patch kpatch-description: ieee80211: fix for_each_element_extid() kpatch-kernel: kernel-3.10.0-1127.el7 kpatch-cve: CVE-2019-16746 kpatch-cvss: 8.4 kpatch-cve-url: https://access.redhat.com/security/cve/cve-2019-16746 kpatch-patch-url: https://git.kernel.org/linus/61edb116cab9bf7d623e31bf7455a82bc042c087 kpatch-name: 3.10.0/CVE-2019-16746-0003-cfg80211-Use-const-more-consistently-in-for_each_ele.patch kpatch-description: cfg80211: Use const more consistently in for_each_element macros kpatch-kernel: kernel-3.10.0-1127.el7 kpatch-cve: CVE-2019-16746 kpatch-cvss: 8.4 kpatch-cve-url: https://access.redhat.com/security/cve/cve-2019-16746 kpatch-patch-url: https://git.kernel.org/linus/7388afe09143210f555bdd6c75035e9acc1fab96 kpatch-name: 3.10.0/2275-net-mac80211-Do-not-send-Layer-2-Update-frame-before.patch kpatch-description: [net] mac80211: Do not send Layer 2 Update frame before authorization kpatch-kernel: kernel-3.10.0-1127.el7 kpatch-cve: CVE-2019-5108 kpatch-cvss: 6.5 kpatch-cve-url: https://access.redhat.com/security/cve/cve-2019-5108 kpatch-patch-url: https://git.kernel.org/linus/3e493173b7841259a08c5c8e5cbe90adb349da7e kpatch-name: 3.10.0/2282-net-nl80211-validate-beacon-head.patch kpatch-description: [net] nl80211: validate beacon head kpatch-kernel: kernel-3.10.0-1127.el7 kpatch-cve: CVE-2019-16746 kpatch-cvss: 8.4 kpatch-cve-url: https://access.redhat.com/security/cve/cve-2019-16746 kpatch-patch-url: https://git.kernel.org/linus/f88eb7c0d002a67ef31aeb7850b42ff69abc46dc kpatch-name: 3.10.0/2347-media-cx24116-fix-a-buffer-overflow-when-checking-us.patch kpatch-description: [media] cx24116: fix a buffer overflow when checking userspace params kpatch-kernel: kernel-3.10.0-1127.el7 kpatch-cve: CVE-2015-9289 kpatch-cvss: 3.3 kpatch-cve-url: https://access.redhat.com/security/cve/cve-2015-9289 kpatch-patch-url: https://git.kernel.org/linus/1fa2337a315a2448c5434f41e00d56b01a22283c kpatch-name: 3.10.0/1192-scsi-scsi-qedi-remove-memset-memcpy-to-nfunc-and-use.patch kpatch-description: scsi: qedi: remove memset/memcpy to nfunc and use func instead kpatch-kernel: kernel-3.10.0-1127.el7 kpatch-cve: CVE-2019-15090 kpatch-cvss: 6.7 kpatch-cve-url: https://access.redhat.com/security/cve/cve-2019-15090 kpatch-patch-url: https://git.launchpad.net/~ubuntu-kernel/ubuntu/+source/linux/+git/bionic/commit/?id=bcfee90750d764c28e9fcc4e17375486ab9545c3 kpatch-name: 3.10.0/CVE-2020-10711.patch kpatch-description: netlabel: cope with NULL catmap kpatch-kernel: kernel-3.10.0-1127.8.2.el7 kpatch-cve: CVE-2020-10711 kpatch-cvss: 5.9 kpatch-cve-url: https://access.redhat.com/security/cve/cve-2020-10711 kpatch-patch-url: https://lore.kernel.org/netdev/07d99ae197bfdb2964931201db67b6cd0b38db5b.1589276729.git.pabeni@redhat.com/T/#u kpatch-name: 3.10.0/CVE-2017-18595.patch kpatch-description: tracing: Fix possible double free on failure of allocating trace buffer kpatch-kernel: kernel-3.10.0-1127.8.2.el7 kpatch-cve: CVE-2017-18595 kpatch-cvss: 7.8 kpatch-cve-url: https://nvd.nist.gov/vuln/detail/CVE-2017-18595 kpatch-patch-url: https://github.com/torvalds/linux/commit/4397f04575c44e1440ec2e49b6302785c95fd2f8 kpatch-name: 3.10.0/CVE-2019-19768.patch kpatch-description: blktrace: fix dereference after null check kpatch-kernel: kernel-3.10.0-1127.8.2.el7 kpatch-cve: CVE-2019-19768 kpatch-cvss: 7.5 kpatch-cve-url: https://nvd.nist.gov/vuln/detail/CVE-2019-19768 kpatch-patch-url: https://github.com/torvalds/linux/commit/c780e86dd48ef6467a1146cf7d0fe1e05a635039 kpatch-name: srbds-enable.patch kpatch-description: x86/speculation: Add Special Register Buffer Data Sampling (SRBDS) mitigation kpatch-kernel: N/A kpatch-cve: CVE-2020-0543 kpatch-cvss: 6.5 kpatch-cve-url: https://www.vusec.net/projects/crosstalk/ kpatch-patch-url: http://git.kernel.org/linus/7e5b3c267d256822407a22fdce6afdf9cd13f9fb kpatch-name: 3.10.0/cve-2020-12888-1127.patch kpatch-description: vfio: access to disabled MMIO space of some devices may lead to DoS scenario kpatch-kernel: kernel-3.10.0-1127.13.1.el7 kpatch-cve: CVE-2020-12888 kpatch-cvss: 5.3 kpatch-cve-url: https://access.redhat.com/security/cve/cve-2020-12888 kpatch-patch-url: https://lore.kernel.org/kvm/158871570274.15589.10563806532874116326.stgit@gimli.home/ kpatch-name: 3.10.0/cve-2020-12888-kpatch-1.patch kpatch-description: vfio: access to disabled MMIO space of some devices may lead to DoS scenario kpatch-kernel: kernel-3.10.0-1127.13.1.el7 kpatch-cve: CVE-2020-12888 kpatch-cvss: 5.3 kpatch-cve-url: https://access.redhat.com/security/cve/cve-2020-12888 kpatch-patch-url: https://lore.kernel.org/kvm/158871570274.15589.10563806532874116326.stgit@gimli.home/ kpatch-name: 3.10.0/CVE-2020-10757.patch kpatch-description: mm: Fix mremap not considering huge pmd devmap kpatch-kernel: 3.10.0-1127.18.2 kpatch-cve: CVE-2020-10757 kpatch-cvss: 7.8 kpatch-cve-url: https://security-tracker.debian.org/tracker/CVE-2020-10757 kpatch-patch-url: https://git.kernel.org/linus/5bfea2d9b17f1034a68147a8b03b9789af5700f9 kpatch-name: 3.16.0/cve-2019-19527-usb-hid-avoid-opening-disconnected-device.patch kpatch-description: HID: hiddev: avoid opening a disconnected device kpatch-kernel: 3.16.81-1 kpatch-cve: CVE-2019-19527 kpatch-cvss: 4.6 kpatch-cve-url: https://security-tracker.debian.org/tracker/CVE-2019-19527 kpatch-patch-url: https://git.kernel.org/linus/9c09b214f30e3c11f9b0b03f89442df03643794d kpatch-name: 3.10.0/CVE-2020-12653-mwifiex-fix-possible-buffer-overflows-in-mwifiex_cmd-post-514.patch kpatch-description: mwifiex: Fix possible buffer overflows in mwifiex_cmd_append_vsie_tlv() kpatch-kernel: 3.10.0-1127.18.2 kpatch-cve: CVE-2020-12653 kpatch-cvss: 7.8 kpatch-cve-url: https://security-tracker.debian.org/tracker/CVE-2020-12653 kpatch-patch-url: https://git.kernel.org/linus/b70261a288ea4d2f4ac7cd04be08a9f0f2de4f4d kpatch-name: 3.10.0/CVE-2020-12654-mwifiex-fix-possible-buffer-overflows-in-mwifiex_ret-post-514.patch kpatch-description: mwifiex: Fix possible buffer overflows in mwifiex_ret_wmm_get_status() kpatch-kernel: 3.10.0-1127.18.2 kpatch-cve: CVE-2020-12654 kpatch-cvss: 7.1 kpatch-cve-url: https://security-tracker.debian.org/tracker/CVE-2020-12654 kpatch-patch-url: https://git.kernel.org/linus/3a9b153c5591548612c3955c9600a98150c81875 kpatch-name: 3.10.0/CVE-2019-0136-mac80211-drop-robust-management-frames-from-unknown-TA.patch kpatch-description: mac80211: drop robust management frames from unknown TA kpatch-kernel: 3.10.0-1127.el7 kpatch-cve: CVE-2019-0136 kpatch-cvss: 7.4 kpatch-cve-url: https://security-tracker.debian.org/tracker/CVE-2019-0136 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=588f7d39b3592a36fb7702ae3b8bdd9be4621e2f kpatch-name: 3.10.0/CVE-2019-0136-mac80211-handle-deauthentication-disassociation-from-TDLS-peer.patch kpatch-description: mac80211: handle deauthentication/disassociation from TDLS peer kpatch-kernel: 3.10.0-1127.el7 kpatch-cve: CVE-2019-0136 kpatch-cvss: 7.4 kpatch-cve-url: https://security-tracker.debian.org/tracker/CVE-2019-0136 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=79c92ca42b5a3e0ea172ea2ce8df8e125af237da kpatch-name: 3.10.0/CVE-2020-14305.patch kpatch-description: kernel: memory corruption in Voice over IP nf_conntrack_h323 module kpatch-kernel: kernel-3.10.0-1160.el7 kpatch-cve: CVE-2020-14305 kpatch-cvss: 8.1 kpatch-cve-url: https://access.redhat.com/security/cve/cve-2020-14305 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=555fb3091f3ad6252a96cecb838ecf55e2960fd9 kpatch-name: 3.10.0/0162-virt-kvm-fix-overflow-of-zero-page-refcount-with-ksm.patch kpatch-description: KVM: fix overflow of zero page refcount with ksm running kpatch-kernel: 3.10.0-1160.el7 kpatch-cve: n/a kpatch-cvss: n/a kpatch-cve-url: https://access.redhat.com/solutions/5624631 kpatch-patch-url: https://git.kernel.org/linus/7df003c85218b5f5b10a7f6418208f31e813f38f kpatch-name: 3.10.0/CVE-2020-9383-0314-block-floppy-check-floppy-check-FDC-index-for-errors-before-assig.patch kpatch-description: floppy: check FDC index for errors before assigning it kpatch-kernel: kernel-3.10.0-1160.el7 kpatch-cve: CVE-2020-9383 kpatch-cvss: 7.1 kpatch-cve-url: https://access.redhat.com/security/cve/cve-2020-9383 kpatch-patch-url: https://git.kernel.org/linus/2e90ca68b0d2f5548804f22f0dd61145516171e3 kpatch-name: 3.10.0/CVE-2019-20095-0410-wireless-mwifiex-Fix-mem-leak-in-mwifiex_tm_cmd.patch kpatch-description: mwifiex: Fix mem leak in mwifiex_tm_cmd kpatch-kernel: kernel-3.10.0-1160.el7 kpatch-cve: CVE-2019-20095 kpatch-cvss: 5.2 kpatch-cve-url: https://access.redhat.com/security/cve/cve-2019-20095 kpatch-patch-url: https://git.kernel.org/linus/003b686ace820ce2d635a83f10f2d7f9c147dabc kpatch-name: 3.10.0/CVE-2020-8647-CVE-2020-8649-0363-video-vgacon-Fix-a-UAF-in-vgacon_invert_region.patch kpatch-description: vgacon: Fix a UAF in vgacon_invert_region kpatch-kernel: kernel-3.10.0-1160.el7 kpatch-cve: CVE-2020-8647 CVE-2020-8649 kpatch-cvss: 6.1 kpatch-cve-url: https://access.redhat.com/security/cve/cve-2020-8647 kpatch-patch-url: https://git.kernel.org/linus/513dc792d6060d5ef572e43852683097a8420f56 kpatch-name: 3.10.0/CVE-2020-1749-0250-net-ipv6-constify-ip6_dst_lookup_-flow-tail-sock-arg.patch kpatch-description: ipv6: constify ip6_dst_lookup_{flow|tail}() sock arguments kpatch-kernel: kernel-3.10.0-1160.el7 kpatch-cve: CVE-2020-1749 kpatch-cvss: 7.5 kpatch-cve-url: https://access.redhat.com/security/cve/cve-2020-1749 kpatch-patch-url: https://git.kernel.org/linus/3aef934f4d4b97532c333d9c1f5f73fb80aeb459 kpatch-name: 3.10.0/CVE-2020-1749-0251-net-ipv6-add-argument-to-ip6_dst_lookup_flow-1062.18.1.patch kpatch-description: net: ipv6: add net argument to ip6_dst_lookup_flow kpatch-kernel: kernel-3.10.0-1160.el7 kpatch-cve: CVE-2020-1749 kpatch-cvss: 7.5 kpatch-cve-url: https://access.redhat.com/security/cve/cve-2020-1749 kpatch-patch-url: https://git.kernel.org/linus/c4e85f73afb6384123e5ef1bba3315b2e3ad031e kpatch-name: 3.10.0/CVE-2020-1749-0252-net-ipv6_stub-use-ip6_dst_lookup_flow-instead-of-ip6.patch kpatch-description: net: ipv6_stub: use ip6_dst_lookup_flow instead of ip6_dst_lookup kpatch-kernel: kernel-3.10.0-1160.el7 kpatch-cve: CVE-2020-1749 kpatch-cvss: 7.5 kpatch-cve-url: https://access.redhat.com/security/cve/cve-2020-1749 kpatch-patch-url: https://git.kernel.org/linus/6c8991f41546c3c472503dff1ea9daaddf9331c2 kpatch-name: 3.10.0/CVE-2020-1749-kpatch.patch kpatch-description: net: ipv6_stub: ip6_dst_lookup_flow (adaptation) kpatch-kernel: kernel-3.10.0-1160.el7 kpatch-cve: cve-2020-1749 kpatch-cvss: 7.5 kpatch-cve-url: https://access.redhat.com/security/cve/cve-2020-1749 kpatch-patch-url: - kpatch-name: 3.10.0/CVE-2020-2732-0267-x86-kvm-nvmx-Don-t-emulate-instructions-in-guest-mod.patch kpatch-description: KVM: nVMX: Don't emulate instructions in guest mode kpatch-kernel: kernel-3.10.0-1160.el7 kpatch-cve: CVE-2020-2732 kpatch-cvss: 5.8 kpatch-cve-url: https://access.redhat.com/security/cve/cve-2020-2732 kpatch-patch-url: https://git.kernel.org/linus/07721feee46b4b248402133228235318199b05ec kpatch-name: 3.10.0/CVE-2020-2732-0268-x86-kvm-nvmx-Refactor-IO-bitmap-checks-into-helper-f.patch kpatch-description: KVM: nVMX: Refactor IO bitmap checks into helper function kpatch-kernel: kernel-3.10.0-1160.el7 kpatch-cve: CVE-2020-2732 kpatch-cvss: 5.8 kpatch-cve-url: https://access.redhat.com/security/cve/cve-2020-2732 kpatch-patch-url: https://git.kernel.org/linus/e71237d3ff1abf9f3388337cfebf53b96df2020d kpatch-name: 3.10.0/CVE-2020-2732-0269-x86-kvm-nvmx-Check-IO-instruction-VM-exit-conditions.patch kpatch-description: KVM: nVMX: Check IO instruction VM-exit conditions kpatch-kernel: kernel-3.10.0-1160.el7 kpatch-cve: CVE-2020-2732 kpatch-cvss: 5.8 kpatch-cve-url: https://access.redhat.com/security/cve/cve-2020-2732 kpatch-patch-url: https://git.kernel.org/linus/35a571346a94fb93b5b3b6a599675ef3384bc75c kpatch-name: 3.10.0/CVE-2020-2732-0270-x86-kvm-vmx-check-descriptor-table-exits-on-instruct.patch kpatch-description: KVM: VMX: check descriptor table exits on instruction emulation kpatch-kernel: kernel-3.10.0-1160.el7 kpatch-cve: CVE-2020-2732 kpatch-cvss: 5.8 kpatch-cve-url: https://access.redhat.com/security/cve/cve-2020-2732 kpatch-patch-url: https://git.kernel.org/linus/86f7e90ce840aa1db407d3ea6e9b3a52b2ce923c kpatch-name: 3.10.0/CVE-2020-2732-0271-x86-kvm-x86-clear-state-x86_emulate_ctxt-intercept-v.patch kpatch-description: KVM: x86: clear stale x86_emulate_ctxt->intercept value kpatch-kernel: kernel-3.10.0-1160.el7 kpatch-cve: CVE-2020-2732 kpatch-cvss: 5.8 kpatch-cve-url: https://access.redhat.com/security/cve/cve-2020-2732 kpatch-patch-url: https://git.kernel.org/linus/342993f96ab24d5864ab1216f46c0b199c2baf8e kpatch-name: 3.10.0/CVE-2020-10942-0728-vhost-vhost-Check-docket-sk_family-instead-of-call-g.patch kpatch-description: vhost: Check docket sk_family instead of call getname kpatch-kernel: kernel-3.10.0-1160.el7 kpatch-cve: CVE-2020-10942 kpatch-cvss: 5.3 kpatch-cve-url: https://access.redhat.com/security/cve/cve-2020-10942 kpatch-patch-url: https://git.kernel.org/linus/42d84c8490f9f0931786f1623191fcab397c3d64 kpatch-name: 3.10.0/CVE-2020-11565-0564-mm-mm-mempolicy-require-at-least-one-nedeid-for-MPOL.patch kpatch-description: mm: mempolicy: require at least one nodeid for MPOL_PREFERRED kpatch-kernel: kernel-3.10.0-1160.el7 kpatch-cve: CVE-2020-11565 kpatch-cvss: 6.0 kpatch-cve-url: https://access.redhat.com/security/cve/cve-2020-11565 kpatch-patch-url: https://git.kernel.org/linus/aa9f7d5172fac9bf1f09e678c35e287a40a7b7dd kpatch-name: 3.10.0/CVE-2019-20636-0469-input-Input-add-safety-guards-to-input_set_keycode.patch kpatch-description: Input: add safety guards to input_set_keycode kpatch-kernel: kernel-3.10.0-1160.el7 kpatch-cve: CVE-2019-20636 kpatch-cvss: 6.7 kpatch-cve-url: https://access.redhat.com/security/cve/cve-2019-20636 kpatch-patch-url: https://git.kernel.org/linus/cb222aed03d798fc074be55e59d9a112338ee784 kpatch-name: skipped/CVE-2020-10690.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2020-10690 kpatch-skip-reason: Incorrect version of patch were initially used. Work on correct fix is in progress. kpatch-cvss: kpatch-name: 3.10.0/CVE-2020-10732-0756-fs-fs-binfmt_elf.c-allocate-initialized-memory-in-fi.patch kpatch-description: fs/binfmt_elf.c: allocate initialized memory in fill_thread_core_info kpatch-kernel: kernel-3.10.0-1160.el7 kpatch-cve: CVE-2020-10732 kpatch-cvss: 3.3 kpatch-cve-url: https://access.redhat.com/security/cve/cve-2020-10732 kpatch-patch-url: https://git.kernel.org/linus/1d605416fb7175e1adf094251466caa52093b413 kpatch-name: 3.10.0/CVE-2020-12826-0707-fs-signal-Extend-exec_id-to-64bits.patch kpatch-description: signal: Extend exec_id to 64bits kpatch-kernel: kernel-3.10.0-1160.el7 kpatch-cve: CVE-2020-12826 kpatch-cvss: 5.3 kpatch-cve-url: https://access.redhat.com/security/cve/cve-2020-12826 kpatch-patch-url: https://git.kernel.org/linus/d1e7fd6462ca9fc76650fbe6ca800e35b24267da kpatch-name: 3.10.0/CVE-2020-12826-kpatch.patch kpatch-description: signal: Extend exec_id to 64bits (adaptation) kpatch-kernel: kernel-3.10.0-1160.el7 kpatch-cve: CVE-2020-12826 kpatch-cvss: 5.3 kpatch-cve-url: https://access.redhat.com/security/cve/cve-2020-12826 kpatch-patch-url: - kpatch-name: 3.10.0/CVE-2020-12770-0757-scsi-scsi-sg-add-sg_remove_request-in-sg_write.patch kpatch-description: scsi: sg: add sg_remove_request in sg_write kpatch-kernel: kernel-3.10.0-1160.el7 kpatch-cve: CVE-2020-12770 kpatch-cvss: 6.7 kpatch-cve-url: https://access.redhat.com/security/cve/cve-2020-12770 kpatch-patch-url: https://git.kernel.org/linus/83c6f2390040f188cc25b270b4befeb5628c1aee kpatch-name: 3.10.0/CVE-2020-10742-0462-fs-nfs-Correct-an-nfs-page-array-calculation-error.patch kpatch-description: nfs: Correct an nfs page array calculation error kpatch-kernel: kernel-3.10.0-1160.el7 kpatch-cve: CVE-2020-10742 kpatch-cvss: 6.0 kpatch-cve-url: https://access.redhat.com/security/cve/cve-2020-10742 kpatch-patch-url: https://bugzilla.redhat.com/show_bug.cgi?id=1824270 kpatch-name: 3.10.0/CVE-2020-10751-0749-security-selinux-properly-handle-multiple-messages-i.patch kpatch-description: selinux: properly handle multiple messages in selinux_netlink_send kpatch-kernel: kernel-3.10.0-1160.el7 kpatch-cve: CVE-2020-10751 kpatch-cvss: 6.1 kpatch-cve-url: https://access.redhat.com/security/cve/cve-2020-10751 kpatch-patch-url: https://git.kernel.org/linus/fb73974172ffaaf57a7c42f35424d9aece1a5af6 kpatch-name: 3.10.0/CVE-2019-19046-0308-char-ipmi-Fix-memory-leak-in-__ipmi_bmc_register.patch kpatch-description: ipmi: Fix memory leak in __ipmi_bmc_register kpatch-kernel: kernel-3.10.0-1160.el7 kpatch-cve: CVE-2019-19046 kpatch-cvss: 6.5 kpatch-cve-url: https://access.redhat.com/security/cve/cve-2019-19046 kpatch-patch-url: https://git.kernel.org/linus/4aa7afb0ee20a97fbf0c5bab3df028d5fb85fdab kpatch-name: 3.10.0/CVE-2019-18808-0600-crypto-ccp-Release-all-allocate-memory-if-sh.patch kpatch-description: crypto: ccp - Release all allocated memory kpatch-kernel: kernel-3.10.0-1160.el7 kpatch-cve: CVE-2019-18808 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/cve-2019-18808 kpatch-patch-url: https://git.kernel.org/linus/128c66429247add5128c03dc1e144ca56f05a4e2 kpatch-name: 3.10.0/CVE-2019-17055-0329-isdn-mISDN-enforce-CAP_NET_RAW-for-raw-sockets.patch kpatch-description: mISDN: enforce CAP_NET_RAW for raw sockets kpatch-kernel: kernel-3.10.0-1160.el7 kpatch-cve: CVE-2019-17055 kpatch-cvss: 4.0 kpatch-cve-url: https://access.redhat.com/security/cve/cve-2019-17055 kpatch-patch-url: https://git.kernel.org/linus/b91ee4aa2a2199ba4d4650706c272985a5a32d80 kpatch-name: 3.10.0/CVE-2019-17053-0248-net-ieee802154-enforce-CAP_NET_RAW-for-raw-sockets.patch kpatch-description: ieee802154: enforce CAP_NET_RAW for raw sockets kpatch-kernel: kernel-3.10.0-1160.el7 kpatch-cve: CVE-2019-17053 kpatch-cvss: 4.0 kpatch-cve-url: https://access.redhat.com/security/cve/cve-2019-17053 kpatch-patch-url: https://git.kernel.org/linus/e69dbd4619e7674c1679cba49afd9dd9ac347eef kpatch-name: 3.10.0/CVE-2019-16994-0574-net-sit-fix-memory-leak-in-sit_init_net.patch kpatch-description: net: sit: fix memory leak in sit_init_net() kpatch-kernel: kernel-3.10.0-1160.el7 kpatch-cve: CVE-2019-16994 kpatch-cvss: 4.7 kpatch-cve-url: https://access.redhat.com/security/cve/cve-2019-16994 kpatch-patch-url: https://git.kernel.org/linus/07f12b26e21ab359261bf75cfcb424fdc7daeb6d kpatch-name: 3.10.0/CVE-2019-16233-0442-scsi-scsi-qla2xxx-fix-a-potential-NULL-pointer-deref.patch kpatch-description: scsi: qla2xxx: fix a potential NULL pointer dereference kpatch-kernel: kernel-3.10.0-1160.el7 kpatch-cve: CVE-2019-16233 kpatch-cvss: 4.1 kpatch-cve-url: https://access.redhat.com/security/cve/cve-2019-16233 kpatch-patch-url: https://git.kernel.org/linus/35a79a63517981a8aea395497c548776347deda8 kpatch-name: 3.10.0/CVE-2019-16231-0566-netdrv-fjes-Handle-workqueue-allocation-failure.patch kpatch-description: fjes: Handle workqueue allocation failure. kpatch-kernel: kernel-3.10.0-1160.el7 kpatch-cve: CVE-2019-16231 kpatch-cvss: 4.1 kpatch-cve-url: https://access.redhat.com/security/cve/cve-2019-16231 kpatch-patch-url: https://git.kernel.org/linus/85ac30fa2e24f628e9f4f9344460f4015d33fd7d kpatch-name: 3.10.0/CVE-2019-15917-0273-bluetooth-Bluetooth-hci_ldsc-Postpone-HCI_UART_PROT.patch kpatch-description: Bluetooth: hci_ldisc: Postpone HCI_UART_PROTO_READY bit set in hci_uart_set_proto() kpatch-kernel: kernel-3.10.0-1160.el7 kpatch-cve: CVE-2019-15917 kpatch-cvss: 7.0 kpatch-cve-url: https://access.redhat.com/security/cve/cve-2019-15917 kpatch-patch-url: https://git.kernel.org/linus/56897b217a1d0a91c9920cb418d6b3fe922f590a kpatch-name: 3.10.0/CVE-2019-15807-0468-scsi-scsi-libsas-delete-sas-port-if-expander-discove.patch kpatch-description: scsi: libsas: delete sas port if expander discover failed kpatch-kernel: kernel-3.10.0-1160.el7 kpatch-cve: CVE-2019-15807 kpatch-cvss: 4.7 kpatch-cve-url: https://access.redhat.com/security/cve/cve-2019-15807 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3b0541791453fbe7f42867e310e0c9eb6295364d kpatch-name: 3.10.0/CVE-2019-15217-0621-media-media-usb-zr364xx-Fix-KASAN-null-ptr-deref-Rea.patch kpatch-description: media: usb:zr364xx:Fix KASAN:null-ptr-deref Read in zr364xx_vidioc_querycap kpatch-kernel: kernel-3.10.0-1160.el7 kpatch-cve: CVE-2019-15217 kpatch-cvss: 4.6 kpatch-cve-url: https://access.redhat.com/security/cve/cve-2019-15217 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5d2e73a5f80a5b5aff3caf1ec6d39b5b3f54b26e kpatch-name: 3.10.0/CVE-2018-20836-0184-scsi-scsi-lbsas-fix-a-race-condition-when-smp-task-.patch kpatch-description: scsi: libsas: fix a race condition when smp task timeout kpatch-kernel: kernel-3.10.0-1160.el7 kpatch-cve: CVE-2018-20836 kpatch-cvss: 7.0 kpatch-cve-url: https://access.redhat.com/security/cve/cve-2018-20836 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b90cd6f2b905905fb42671009dc0e27c310a16ae kpatch-name: 3.10.0/CVE-2019-20054-0071-fs-fs-proc-proc_sysctl.c-fix-NULL-pointer-dereferenc.patch kpatch-description: fs/proc/proc_sysctl.c: fix NULL pointer dereference in put_links kpatch-kernel: kernel-3.10.0-1160.el7 kpatch-cve: CVE-2019-20054 kpatch-cvss: 5.1 kpatch-cve-url: https://access.redhat.com/security/cve/cve-2019-20054 kpatch-patch-url: https://git.kernel.org/linus/23da9588037ecdd4901db76a5b79a42b529c4ec3 kpatch-name: 3.10.0/CVE-2019-20054-0072-fs-fs-proc-proc_sysctl.c-Fix-a-NULL-pointer-derefere.patch kpatch-description: fs/proc/proc_sysctl.c: Fix a NULL pointer dereference kpatch-kernel: kernel-3.10.0-1160.el7 kpatch-cve: CVE-2019-20054 kpatch-cvss: 5.1 kpatch-cve-url: https://access.redhat.com/security/cve/cve-2019-20054 kpatch-patch-url: https://git.kernel.org/linus/23da9588037ecdd4901db76a5b79a42b529c4ec3 kpatch-name: 3.10.0/CVE-2019-19534-0183-netdrv-can-peak_usb-fix-slab-info-leak.patch kpatch-description: can: peak_usb: fix slab info leak kpatch-kernel: kernel-3.10.0-1160.el7 kpatch-cve: CVE-2019-19534 kpatch-cvss: 4.6 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2019-19534 kpatch-patch-url: https://git.kernel.org/linus/f7a1337f0d29b98733c8824e165fca3371d7d4fd kpatch-name: 3.10.0/CVE-2019-19447-0197-fs-ext4-work-around-deleting-a-file-with-i_nlink-O-s.patch kpatch-description: ext4: work around deleting a file with i_nlink == 0 safely kpatch-kernel: kernel-3.10.0-1160.el7 kpatch-cve: CVE-2019-19447 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2019-19447 kpatch-patch-url: https://git.kernel.org/linus/c7df4a1ecb8579838ec8c56b2bb6a6716e974f37 kpatch-name: 3.10.0/CVE-2019-19332-0203-x86-kvm-OOB-memory-write-via-kvm_dev_ioctl_get_cpuid.patch kpatch-description: KVM: x86: fix out-of-bounds write in KVM_GET_EMULATED_CPUID (CVE-2019-19332) kpatch-kernel: kernel-3.10.0-1160.el7 kpatch-cve: CVE-2019-19332 kpatch-cvss: 6.1 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2019-19332 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=433f4ba1904100da65a311033f17a9bf586b287e kpatch-name: 3.10.0/CVE-2017-18551-CVE-2019-9454-0413-i2c-i2c-core-smbus-prevent-stack-corruption-on-read-.patch kpatch-description: i2c: core-smbus: prevent stack corruption on read I2C_BLOCK_DATA kpatch-kernel: kernel-3.10.0-1160.el7 kpatch-cve: CVE-2019-9454 CVE-2017-18551 kpatch-cvss: 6.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2019-9454 kpatch-patch-url: https://github.com/torvalds/linux/commit/89c6efa61f5709327ecfa24bff18e57a4e80c7fa kpatch-name: 3.10.0/CVE-2019-19524-0443-input-Input-ff-memless-kill-timer-in-destroy.patch kpatch-description: Input: ff-memless - kill timer in destroy() kpatch-kernel: kernel-3.10.0-1160.el7 kpatch-cve: CVE-2019-19524 kpatch-cvss: 4.6 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2019-19524 kpatch-patch-url: https://git.kernel.org/linus/fa3a5a1880c91bb92594ad42dfe9eedad7996b86 kpatch-name: 3.10.0/CVE-2019-19058-0487-wireless-iwlwifi-dbg_ini-fix-memory-leaks-in-alloc_sg.patch kpatch-description: iwlwifi: dbg_ini: fix memory leak in alloc_sgtable kpatch-kernel: kernel-3.10.0-1160.el7 kpatch-cve: CVE-2019-19058 kpatch-cvss: 4.7 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2019-19058 kpatch-patch-url: https://github.com/torvalds/linux/commit/b4b814fec1a5a849383f7b3886b654a13abbda7d/ kpatch-name: 3.10.0/CVE-2019-19063-0488-wireless-rtlwifi-prevent-memory-leak-in-rtl_usb_prob.patch kpatch-description: rtlwifi: prevent memory leak in rtl_usb_probe kpatch-kernel: kernel-3.10.0-1160.el7 kpatch-cve: CVE-2019-19063 kpatch-cvss: 4.6 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2019-19063 kpatch-patch-url: https://github.com/torvalds/linux/commit/3f93616951138a598d930dcaec40f2bfd9ce43bb/ kpatch-name: 3.10.0/CVE-2019-19062-0601-crypto-crypto-user-fix-memory-leak-in-crypto_report.patch kpatch-description: crypto: user - fix memory leak in crypto_report kpatch-kernel: kernel-3.10.0-1160.el7 kpatch-cve: CVE-2019-19062 kpatch-cvss: 4.7 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2019-19062 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ffdde5932042600c6807d46c1550b28b0db6a3bc kpatch-name: 3.10.0/CVE-2019-9458-0604-media-media-v4l-event-Prevent-freeing-event-subscrip.patch kpatch-description: media: v4l: event: Prevent freeing event subscriptions while accessed kpatch-kernel: kernel-3.10.0-1160.el7 kpatch-cve: CVE-2019-9458 kpatch-cvss: 7.0 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2019-9458 kpatch-patch-url: https://github.com/torvalds/linux/commit/a37099499a019538386ef53ca1485cafa6095e0b kpatch-name: 3.10.0/CVE-2019-9458-kpatch.patch kpatch-description: media: v4l: event: Prevent freeing event subscriptions while accessed (adaptation) kpatch-kernel: kernel-3.10.0-1160.el7 kpatch-cve: CVE-2019-9458 kpatch-cvss: 7.0 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2019-9458 kpatch-patch-url: https://github.com/torvalds/linux/commit/a37099499a019538386ef53ca1485cafa6095e0b kpatch-name: 3.10.0/CVE-2019-19767-0608-fs-ext4-validate-the-debug_want_extra_isize-mount-op.patch kpatch-description: ext4: validate the debug_want_extra_isize mount option at parse time kpatch-kernel: kernel-3.10.0-1160.el7 kpatch-cve: CVE-2019-19767 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2019-19767 kpatch-patch-url: https://github.com/torvalds/linux/commit/9803387c55f7d2ce69aa64340c5fdc6b3027dbc8/ kpatch-name: 3.10.0/CVE-2019-19767-0609-fs-ext4-forbid-i_extra_isize-not-divisible-by-4.patch kpatch-description: ext4: forbid i_extra_isize not divisible by 4 kpatch-kernel: kernel-3.10.0-1160.el7 kpatch-cve: CVE-2019-19767 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2019-19767 kpatch-patch-url: https://github.com/torvalds/linux/commit/2dc8d9e19b0d891b0d3675b5ac82be9be3875e36/ kpatch-name: 3.10.0/CVE-2019-19767-0610-fs-ext4-add-more-paranoia-checking-in-ext4_expand_ex.patch kpatch-description: ext4: add more paranoia checking in ext4_expand_extra_isize handling kpatch-kernel: kernel-3.10.0-1160.el7 kpatch-cve: CVE-2019-19767 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2019-19767 kpatch-patch-url: https://github.com/torvalds/linux/commit/4ea99936a1630f51fc3a2d61a58ec4a1c4b7d55a kpatch-name: 3.10.0/CVE-2019-19767-0611-ext4-fix-support-for-inode-sizes-1024-bytes.patch kpatch-description: ext4: fix support for inode sizes > 1024 bytes kpatch-kernel: kernel-3.10.0-1160.el7 kpatch-cve: CVE-2019-19767 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2019-19767 kpatch-patch-url: https://github.com/torvalds/linux/commit/4f97a68192bd33b9963b400759cef0ca5963af00 kpatch-name: 3.10.0/CVE-2019-19523-0622-usb-USB-adutux-fix-use-after-free-on-disconnect.patch kpatch-description: USB: adutux: fix use-after-free on disconnect kpatch-kernel: kernel-3.10.0-1160.el7 kpatch-cve: CVE-2019-19523 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2019-19523 kpatch-patch-url: https://git.kernel.org/linus/44efc269db7929f6275a1fa927ef082e533ecde0 kpatch-name: 3.10.0/CVE-2019-19530-0623-usb-usb-cdc-acm-make-sure-a-refcount-is-taken-early-.patch kpatch-description: usb: cdc-acm: make sure a refcount is taken early enough kpatch-kernel: kernel-3.10.0-1160.el7 kpatch-cve: CVE-2019-19530 kpatch-cvss: 5.7 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2019-19530 kpatch-patch-url: https://git.kernel.org/linus/c52873e5a1ef72f845526d9f6a50704433f9c625 kpatch-name: 3.10.0/CVE-2019-19537-0624-usb-USB-core-Fix-races-in-character-device-registrat.patch kpatch-description: USB: core: Fix races in character device registration and deregistraion kpatch-kernel: kernel-3.10.0-1160.el7 kpatch-cve: CVE-2019-19537 kpatch-cvss: 4.2 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2019-19537 kpatch-patch-url: https://git.kernel.org/linus/303911cfc5b95d33687d9046133ff184cf5043ff kpatch-name: 3.10.0/CVE-2020-12351-Bluetooth-L2CAP-Fix-calling-sk_filter-on-non-socket-.patch kpatch-description: Bluetooth: L2CAP: Fix calling sk_filter on non-socket based channel kpatch-kernel: 3.10.0-1160.2.2.el7 kpatch-cve: CVE-2020-12351 kpatch-cvss: 7.5 kpatch-cve-url: https://access.redhat.com/security/cve/cve-2020-12351 kpatch-patch-url: https://git.kernel.org/linus/f19425641cb2572a33cb074d5e30283720bd4d22 kpatch-name: 3.10.0/CVE-2020-12352-Bluetooth-A2MP-Fix-not-initializing-all-members.patch kpatch-description: Bluetooth: A2MP: Fix not initializing all members kpatch-kernel: 3.10.0-1160.2.2.el7 kpatch-cve: CVE-2020-12352 kpatch-cvss: 5.3 kpatch-cve-url: https://access.redhat.com/security/cve/cve-2020-12352 kpatch-patch-url: https://git.kernel.org/linus/eddb7732119d53400f48a02536a84c509692faa8 kpatch-name: 3.10.0/cve-2019-20811-call-dev_hold-if-kobject_init_and_add-success.patch kpatch-description: net-sysfs: call dev_hold if kobject_init_and_add success kpatch-kernel: kernel-3.10.0-1160.6.1 kpatch-cve: CVE-2019-20811 kpatch-cvss: 3.3 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2019-20811 kpatch-patch-url: https://git.kernel.org/linus/a3e23f719f5c4a38ffb3d30c8d7632a4ed8ccd9e kpatch-name: 3.10.0/cve-2019-20811-call-dev_hold-always-in-netdev_queue_add_kobject.patch kpatch-description: net-sysfs: Call dev_hold always in netdev_queue_add_kobject kpatch-kernel: kernel-3.10.0-1160.6.1 kpatch-cve: CVE-2019-20811 kpatch-cvss: 3.3 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2019-20811 kpatch-patch-url: https://git.kernel.org/linus/e0b60903b434a7ee21ba8d8659f207ed84101e89 kpatch-name: 3.10.0/cve-2019-20811-call-dev_hold-always-in-rx_queue_add_kobject.patch kpatch-description: net-sysfs: Call dev_hold always in rx_queue_add_kobject kpatch-kernel: kernel-3.10.0-1160.6.1 kpatch-cve: CVE-2019-20811 kpatch-cvss: 3.3 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2019-20811 kpatch-patch-url: https://git.kernel.org/linus/ddd9b5e3e765d8ed5a35786a6cb00111713fe161 kpatch-name: 3.10.0/cve-2020-14331-vgacon-overflow-fix.patch kpatch-description: Fix for missing check in vgacon scrollback handling kpatch-kernel: kernel-3.10.0-1160.6.1 kpatch-cve: CVE-2020-14331 kpatch-cvss: 6.6 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2020-14331 kpatch-patch-url: https://git.kernel.org/linus/ebfdfeeae8c01fcb2b3b74ffaf03876e20835d2d kpatch-name: 3.10.0/CVE-2019-18282.patch kpatch-description: net/flow_dissector: switch to siphash kpatch-kernel: 3.10.0-1160.11.1.el7 kpatch-cve: CVE-2019-18282 kpatch-cvss: 5.3 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2019-18282 kpatch-patch-url: https://git.kernel.org/linus/55667441c84fa5e0911a0aac44fb059c15ba6da2 kpatch-name: 3.10.0/CVE-2019-18282-kpatch.patch kpatch-description: net/flow_dissector: switch to siphash (adaptation) kpatch-kernel: 3.10.0-1160.11.1.el7 kpatch-cve: CVE-2019-18282 kpatch-cvss: 5.3 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2019-18282 kpatch-patch-url: https://git.kernel.org/linus/55667441c84fa5e0911a0aac44fb059c15ba6da2 kpatch-name: 3.10.0/CVE-2020-10769.patch kpatch-description: crypto: authenc - fix parsing key with misaligned rta_len kpatch-kernel: 3.10.0-1160.11.1.el7 kpatch-cve: CVE-2020-10769 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2020-10769 kpatch-patch-url: https://git.kernel.org/linus/8f9c469348487844328e162db57112f7d347c49f kpatch-name: 3.10.0/CVE-2020-14314.patch kpatch-description: ext4: fix potential negative array index in do_split() kpatch-kernel: 3.10.0-1160.11.1.el7 kpatch-cve: CVE-2020-14314 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2020-14314 kpatch-patch-url: https://git.kernel.org/linus/5872331b3d91820e14716632ebb56b1399b34fe1 kpatch-name: 3.10.0/CVE-2020-24394.patch kpatch-description: nfsd: apply umask on fs without ACL support kpatch-kernel: 3.10.0-1160.11.1.el7 kpatch-cve: CVE-2020-24394 kpatch-cvss: 7.1 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2020-24394 kpatch-patch-url: https://git.kernel.org/linus/22cf8419f1319ff87ec759d0ebdff4cbafaee832 kpatch-name: 3.10.0/CVE-2020-25212.patch kpatch-description: nfs: Fix getxattr kernel panic and memory overflow kpatch-kernel: 3.10.0-1160.11.1.el7 kpatch-cve: CVE-2020-25212 kpatch-cvss: 7.0 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2020-25212 kpatch-patch-url: https://git.kernel.org/linus/b4487b93545214a9db8cbf32e86411677b0cca21 kpatch-name: 3.10.0/CVE-2020-25643.patch kpatch-description: hdlc_ppp: add range checks in ppp_cp_parse_cr() kpatch-kernel: 3.10.0-1160.11.1.el7 kpatch-cve: CVE-2020-25643 kpatch-cvss: 6.6 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2020-25643 kpatch-patch-url: https://git.kernel.org/linus/66d42ed8b25b64eb63111a2b8582c5afc8bf1105 kpatch-name: 3.10.0/CVE-2020-15436-block-fix-use-after-free-in-blkdev_get.patch kpatch-description: block: Fix use-after-free in blkdev_get() kpatch-kernel: 3.10.0-1160.15.2.el7 kpatch-cve: CVE-2020-15436 kpatch-cvss: 6.7 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2020-15436 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=2d3a8e2deddea6c89961c422ec0c5b851e648c14 kpatch-name: 3.10.0/CVE-2020-35513-nfsd-fix-incorrect-umasks.patch kpatch-description: nfsd: fix incorrect umasks kpatch-kernel: 3.10.0-1160.15.2.el7 kpatch-cve: CVE-2020-35513 kpatch-cvss: 4.9 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2020-35513 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=880a3a5325489a143269a8e172e7563ebf9897bc kpatch-name: 3.10.0/CVE-2020-35513-kpatch.patch kpatch-description: nfsd: fix incorrect umasks (adaptation) kpatch-kernel: 3.10.0-1160.15.2.el7 kpatch-cve: CVE-2020-35513 kpatch-cvss: 4.9 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2020-35513 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=880a3a5325489a143269a8e172e7563ebf9897bc kpatch-name: 3.10.0/icmp-randomize-the-global-rate-limiter.patch kpatch-description: icmp: randomize the global rate limiter kpatch-kernel: >3.10.0-1160.2.2.el7 kpatch-cve: CVE-2020-25705 kpatch-cvss: 7.4 kpatch-cve-url: https://www.saddns.net/ kpatch-patch-url: https://git.kernel.org/linus/b38e7819cae946e2edf869e604af1e65a5d241c5 kpatch-name: 3.10.0/CVE-2019-19532-HID-Fix-assumption-that-devices-have-inputs.patch kpatch-description: HID: Fix assumption that devices have inputs kpatch-kernel: kernel-3.10.0-1160.21.1.el7 kpatch-cve: CVE-2019-19532 kpatch-cvss: 6.8 kpatch-cve-url: https://access.redhat.com/security/cve/cve-2019-19532 kpatch-patch-url: https://git.kernel.org/linus/d9d4b1e46d9543a82c23f6df03f4ad697dab361b kpatch-name: 3.10.0/CVE-2020-0427-0001-pinctrl-Delete-an-error-message.patch kpatch-description: pinctrl: Delete an error message kpatch-kernel: kernel-3.10.0-1160.21.1.el7 kpatch-cve: CVE-2020-0427 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/cve-2020-0427 kpatch-patch-url: https://git.kernel.org/linus/9b21e72e8ce7f70f53f3cc3d2d47568e7f6029d2 kpatch-name: 3.10.0/CVE-2020-0427-0002-pinctrl-devicetree-Avoid-taking-direct-reference-to-.patch kpatch-description: pinctrl: devicetree: Avoid taking direct reference to device name string kpatch-kernel: kernel-3.10.0-1160.21.1.el7 kpatch-cve: CVE-2020-0427 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/cve-2020-0427 kpatch-patch-url: https://git.kernel.org/linus/be4c60b563edee3712d392aaeb0943a768df7023 kpatch-name: 3.10.0/CVE-2020-14351-0001-perf-core-Fix-race-in-the-perf_mmap_close-function.patch kpatch-description: perf/core: Fix race in the perf_mmap_close() function kpatch-kernel: kernel-3.10.0-1160.21.1.el7 kpatch-cve: CVE-2020-14351 kpatch-cvss: 7.0 kpatch-cve-url: https://access.redhat.com/security/cve/cve-2020-14351 kpatch-patch-url: https://git.kernel.org/linus/f91072ed1b7283b13ca57fcfbece5a3b92726143 kpatch-name: 3.10.0/CVE-2020-25211-0001-netfilter-ctnetlink-add-a-range-check-for-l3-l4-prot.patch kpatch-description: netfilter: ctnetlink: add a range check for l3/l4 protonum kpatch-kernel: kernel-3.10.0-1160.21.1.el7 kpatch-cve: CVE-2020-25211 kpatch-cvss: 6.7 kpatch-cve-url: https://access.redhat.com/security/cve/cve-2020-25211 kpatch-patch-url: https://git.kernel.org/linus/1cc5ef91d2ff94d2bf2de3b3585423e8a1051cb6 kpatch-name: 3.10.0/CVE-2020-25645-0001-geneve-add-transport-ports-in-route-lookup-for-genev.patch kpatch-description: geneve: add transport ports in route lookup for geneve kpatch-kernel: kernel-3.10.0-1160.21.1.el7 kpatch-cve: CVE-2020-25645 kpatch-cvss: 7.5 kpatch-cve-url: https://access.redhat.com/security/cve/cve-2020-25645 kpatch-patch-url: https://git.kernel.org/linus/b38e7819cae946e2edf869e604af1e65a5d241c5 kpatch-name: 3.10.0/CVE-2020-25656-0001-tty-vt-fix-write-write-race-in-ioctl-KDSKBSENT-handl.patch kpatch-description: tty/vt: fix write/write race in ioctl(KDSKBSENT) handler kpatch-kernel: kernel-3.10.0-1160.21.1.el7 kpatch-cve: CVE-2020-25656 kpatch-cvss: 4.1 kpatch-cve-url: https://access.redhat.com/security/cve/cve-2020-25656 kpatch-patch-url: https://git.kernel.org/linus/46ca3f735f345c9d87383dd3a09fa5d43870770e kpatch-name: 3.10.0/CVE-2020-25656-0002-tty-keyboard-do-not-speculate-on-func_table-index.patch kpatch-description: tty: keyboard, do not speculate on func_table index kpatch-kernel: kernel-3.10.0-1160.21.1.el7 kpatch-cve: CVE-2020-25656 kpatch-cvss: 4.1 kpatch-cve-url: https://access.redhat.com/security/cve/cve-2020-25656 kpatch-patch-url: https://git.kernel.org/linus/f3af1b68fc96b14b93d1013ce7965723dc53ebbc kpatch-name: 3.10.0/CVE-2020-25656-0003-vt-keyboard-simplify-vt_kdgkbsent.patch kpatch-description: vt: keyboard, simplify vt_kdgkbsent kpatch-kernel: kernel-3.10.0-1160.21.1.el7 kpatch-cve: CVE-2020-25656 kpatch-cvss: 4.1 kpatch-cve-url: https://access.redhat.com/security/cve/cve-2020-25656 kpatch-patch-url: https://git.kernel.org/linus/6ca03f90527e499dd5e32d6522909e2ad390896b kpatch-name: 3.10.0/CVE-2020-25656-0004-vt-keyboard-extend-func_buf_lock-to-readers.patch kpatch-description: vt: keyboard, extend func_buf_lock to readers kpatch-kernel: kernel-3.10.0-1160.21.1.el7 kpatch-cve: CVE-2020-25656 kpatch-cvss: 4.1 kpatch-cve-url: https://access.redhat.com/security/cve/cve-2020-25656 kpatch-patch-url: https://git.kernel.org/linus/82e61c3909db51d91b9d3e2071557b6435018b80 kpatch-name: 3.10.0/CVE-2020-25656-0005-vt-keyboard-rename-i-to-kb_func-in-vt_do_kdgkb_ioctl.patch kpatch-description: vt: keyboard, rename i to kb_func in vt_do_kdgkb_ioctl kpatch-kernel: kernel-3.10.0-1160.21.1.el7 kpatch-cve: CVE-2020-25656 kpatch-cvss: 4.1 kpatch-cve-url: https://access.redhat.com/security/cve/cve-2020-25656 kpatch-patch-url: https://git.kernel.org/linus/9788c950ed4ad2020a7f2e8231abaf77e49d871a kpatch-name: 3.10.0/CVE-2020-25656-0006-vt-keyboard-reorder-user-buffer-handling-in-vt_do_kd.patch kpatch-description: vt: keyboard, reorder user buffer handling in vt_do_kdgkb_ioctl kpatch-kernel: kernel-3.10.0-1160.21.1.el7 kpatch-cve: CVE-2020-25656 kpatch-cvss: 4.1 kpatch-cve-url: https://access.redhat.com/security/cve/cve-2020-25656 kpatch-patch-url: https://git.kernel.org/linus/07edff9265204e15c9fc8d07cc69e38c4c484e15 kpatch-name: 3.10.0/CVE-2020-28374-0001-scsi-target-Fix-XCOPY-NAA-identifier-lookup.patch kpatch-description: scsi: target: Fix XCOPY NAA identifier lookup kpatch-kernel: kernel-3.10.0-1160.21.1.el7 kpatch-cve: CVE-2020-28374 kpatch-cvss: 8.1 kpatch-cve-url: https://access.redhat.com/security/cve/cve-2020-28374 kpatch-patch-url: https://git.kernel.org/linus/2896c93811e39d63a4d9b63ccf12a8fbc226e5e4 kpatch-name: 3.10.0/CVE-2020-28374-0001-scsi-target-Fix-XCOPY-NAA-identifier-lookup-kpatch-1.patch kpatch-description: scsi: target: Fix XCOPY NAA identifier lookup kpatch-kernel: kernel-3.10.0-1160.21.1.el7 kpatch-cve: CVE-2020-28374 kpatch-cvss: 8.1 kpatch-cve-url: https://access.redhat.com/security/cve/cve-2020-28374 kpatch-patch-url: https://git.kernel.org/linus/2896c93811e39d63a4d9b63ccf12a8fbc226e5e4 kpatch-name: 3.10.0/CVE-2020-29661-0001-tty-Fix-pgrp-locking-in-tiocspgrp.patch kpatch-description: tty: Fix ->pgrp locking in tiocspgrp() kpatch-kernel: kernel-3.10.0-1160.21.1.el7 kpatch-cve: CVE-2020-29661 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/cve-2020-29661 kpatch-patch-url: https://git.kernel.org/linus/54ffccbf053b5b6ca4f6e45094b942fab92a25fc kpatch-name: 3.10.0/CVE-2020-7053-0001-drm-i915-Fix-use-after-free-when-destroying-GEM-cont.patch kpatch-description: drm/i915: Fix use-after-free when destroying GEM context kpatch-kernel: kernel-3.10.0-1160.21.1.el7 kpatch-cve: CVE-2020-7053 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/cve-2020-7053 kpatch-patch-url: https://git.kernel.org/stable/c/573e1fe003c1e2016bc40cc4f2b231e3b8c990f8 kpatch-name: 3.10.0/CVE-2021-20265-0001-af_unix-fix-struct-pid-memory-leak-1062.patch kpatch-description: af_unix: fix struct pid memory leak kpatch-kernel: kernel-3.10.0-1160.21.1.el7 kpatch-cve: CVE-2021-20265 kpatch-cvss: 5.1 kpatch-cve-url: https://access.redhat.com/security/cve/cve-2021-20265 kpatch-patch-url: https://git.kernel.org/linus/fa0dc04df259ba2df3ce1920e9690c7842f8fa4b kpatch-name: 3.10.0/CVE-2021-20265-kpatch-1.patch kpatch-description: af_unix: fix struct pid memory leak (adaptation) kpatch-kernel: kernel-3.10.0-1160.21.1.el7 kpatch-cve: CVE-2021-20265 kpatch-cvss: 5.1 kpatch-cve-url: https://access.redhat.com/security/cve/cve-2021-20265 kpatch-patch-url: https://git.kernel.org/linus/fa0dc04df259ba2df3ce1920e9690c7842f8fa4b kpatch-name: 3.10.0/CVE-2021-27363_27364-iscsi-Restrict-sessions-and-handles-to-admin-capabilities.patch kpatch-description: scsi: iscsi: Restrict sessions and handles to admin capabilities kpatch-kernel: >3.10.0-1160.15.2.el7 kpatch-cve: CVE-2021-27363 CVE-2021-27364 kpatch-cvss: 6.3 kpatch-cve-url: https://access.redhat.com/security/cve/cve-2021-27363 kpatch-cve-url: https://access.redhat.com/security/cve/cve-2021-27364 kpatch-patch-url: https://git.kernel.org/linus/688e8128b7a92df982709a4137ea4588d16f24aa kpatch-name: 3.10.0/CVE-2021-27365-sysfs-Add-sysfs_emit-and-sysfs_emit_at-to-format-sysfs-output.patch kpatch-description: sysfs: Add sysfs_emit and sysfs_emit_at to format sysfs output (CVE-2021-27365 dependency) kpatch-kernel: >3.10.0-1160.15.2.el7 kpatch-cve: n/a kpatch-cvss: n/a kpatch-cve-url: n/a kpatch-patch-url: https://git.kernel.org/linus/2efc459d06f1630001e3984854848a5647086232 kpatch-name: 3.10.0/CVE-2021-27365-iscsi-Ensure-sysfs-attributes-are-limited-to-PAGE_SIZE.patch kpatch-description: scsi: iscsi: Ensure sysfs attributes are limited to PAGE_SIZE kpatch-kernel: >3.10.0-1160.15.2.el7 kpatch-cve: CVE-2021-27365 kpatch-cvss: 7.0 kpatch-cve-url: https://access.redhat.com/security/cve/cve-2021-27365 kpatch-patch-url: https://git.kernel.org/linus/ec98ea7070e94cc25a422ec97d1421e28d97b7ee kpatch-name: 3.10.0/CVE-2021-27365-iscsi-Verify-lengths-on-passthrough-PDUs.patch kpatch-description: scsi: iscsi: Verify lengths on passthrough PDUs kpatch-kernel: >3.10.0-1160.15.2.el7 kpatch-cve: CVE-2021-27365 kpatch-cvss: 7.0 kpatch-cve-url: https://access.redhat.com/security/cve/cve-2021-27365 kpatch-patch-url: https://git.kernel.org/linus/f9dbdf97a5bd92b1a49cee3d591b55b11fd7a6d5 kpatch-name: 3.10.0/CVE-2021-3347-0001-futex-Replace-pointless-printk-in-fixup_owner.patch kpatch-description: futex: Replace pointless printk in fixup_owner() kpatch-kernel: >3.10.0-1160.15.2.el7 kpatch-cve: CVE-2021-3347 kpatch-cvss: 7.4 kpatch-cve-url: https://access.redhat.com/security/cve/cve-2021-3347 kpatch-patch-url: http://git.kernel.org/linus/04b79c55201f02ffd675e1231d731365e335c307 kpatch-name: 3.10.0/CVE-2021-3347-0002-futex-Provide-and-use-pi_state_update_owner.patch kpatch-description: futex: Provide and use pi_state_update_owner() kpatch-kernel: >3.10.0-1160.15.2.el7 kpatch-cve: CVE-2021-3347 kpatch-cvss: 7.4 kpatch-cve-url: https://access.redhat.com/security/cve/cve-2021-3347 kpatch-patch-url: http://git.kernel.org/linus/c5cade200ab9a2a3be9e7f32a752c8d86b502ec7 kpatch-name: 3.10.0/CVE-2021-3347-0003-futex-Handle-faults-correctly-for-PI-futexes.patch kpatch-description: futex: Handle faults correctly for PI futexes kpatch-kernel: >3.10.0-1160.15.2.el7 kpatch-cve: CVE-2021-3347 kpatch-cvss: 7.4 kpatch-cve-url: https://access.redhat.com/security/cve/cve-2021-3347 kpatch-patch-url: http://git.kernel.org/linus/34b1a1ce1458f50ef27c54e28eb9b1947012907a kpatch-name: 3.10.0/CVE-2020-27171-bpf-fix-sanitation-of-alu-op-with-pointer-scalar-type.patch kpatch-description: bpf: fix sanitation of alu op with pointer / scalar type from different paths kpatch-kernel: >3.10.0-1160.15.2.el7 kpatch-cve: CVE-2020-27171 kpatch-cvss: 9.8 kpatch-cve-url: https://www.vicarius.io/research-center/vulnerability/cve-2021-27171-id271858 kpatch-patch-url: https://git.kernel.org/linus/d3bd7413e0ca40b60cf60d4003246d067cafdeda kpatch-name: 3.10.0/CVE-2020-27170-bpf-Prohibit-alu-ops-for-pointer-types-not-defining-ptr_limit.patch kpatch-description: bpf: Prohibit alu ops for pointer types not defining ptr_limit kpatch-kernel: >3.10.0-1160.15.2.el7 kpatch-cve: CVE-2020-27170 kpatch-cvss: 9.8 kpatch-cve-url: https://www.vicarius.io/research-center/vulnerability/cve-2021-27170-id271859 kpatch-patch-url: https://git.kernel.org/linus/f232326f6966cf2a1d1db7bc917a4ce5f9f55f76 kpatch-name: 3.10.0/CVE-2020-27171-bpf-Fix-off-by-one-for-area-size-in-creating-mask-to-left.patch kpatch-description: bpf: Fix off-by-one for area size in creating mask to left kpatch-kernel: >3.10.0-1160.15.2.el7 kpatch-cve: CVE-2020-27171 kpatch-cvss: 9.8 kpatch-cve-url: https://www.vicarius.io/research-center/vulnerability/cve-2021-27171-id271858 kpatch-patch-url: https://git.kernel.org/linus/10d2bb2e6b1d8c4576c56a748f697dbeb8388899 kpatch-name: 3.10.0/CVE-2020-27170-CVE-2020-27171-bpf-Simplify-alu_limit-masking-for-pointer-arithmetic.patch kpatch-description: bpf: Simplify alu_limit masking for pointer arithmetic kpatch-kernel: >3.10.0-1160.15.2.el7 kpatch-cve: CVE-2020-27171 CVE-2020-27170 kpatch-cvss: 9.8 kpatch-cve-url: https://www.vicarius.io/research-center/vulnerability/cve-2021-27171-id271858 kpatch-cve-url: https://www.vicarius.io/research-center/vulnerability/cve-2021-27170-id271859 kpatch-patch-url: https://git.kernel.org/linus/b5871dca250cd391885218b99cc015aca1a51aea kpatch-name: 3.10.0/CVE-2020-27170-CVE-2020-27171-bpf-Add-sanity-check-for-upper-ptr_limit.patch kpatch-description: bpf: Add sanity check for upper ptr_limit kpatch-kernel: >3.10.0-1160.15.2.el7 kpatch-cve: CVE-2020-27171 CVE-2020-27170 kpatch-cvss: 9.8 kpatch-cve-url: https://www.vicarius.io/research-center/vulnerability/cve-2021-27171-id271858 kpatch-cve-url: https://www.vicarius.io/research-center/vulnerability/cve-2021-27170-id271859 kpatch-patch-url: https://git.kernel.org/linus/1b1597e64e1a610c7a96710fc4717158e98a08b3 kpatch-name: 3.10.0/CVE-2020-8648-vt-selection-close-sel_buffer-race.patch kpatch-description: vt: selection, close sel_buffer race kpatch-kernel: 3.10.0-1160.31.1.el7 kpatch-cve: CVE-2020-8648 kpatch-cvss: 7.1 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2020-8648 kpatch-patch-url: https://git.kernel.org/linus/07e6124a1a46b4b5a9b3cacc0c306b50da87abf5 kpatch-name: skipped/CVE-2020-12362.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2020-12362 kpatch-skip-reason: Mitigation is made with intel firmware update, el8 kernels also need 'i915.enable_guc' specified in cmdline to be affected kpatch-cvss: kpatch-name: skipped/CVE-2020-12363.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2020-12363 kpatch-skip-reason: Mitigation is made with intel firmware update, el-kernels also need 'i915.enable_guc' specified in cmdline to be affected kpatch-cvss: kpatch-name: skipped/CVE-2020-12364.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2020-12364 kpatch-skip-reason: Mitigation is made with intel firmware update, el-kernels also need 'i915.enable_guc' specified in cmdline to be affected kpatch-cvss: kpatch-name: 3.10.0/CVE-2021-33909.patch kpatch-description: seq_file: Disallow extremely large seq buffer allocations kpatch-kernel: 3.10.0-1160.36.2.el7 kpatch-cve: CVE-2021-33909 kpatch-cvss: 7.0 kpatch-cve-url: https://access.redhat.com/security/cve/cve-2021-33909 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=8cae8cd89f05f6de223d63e6d15e31c8ba9cf53b kpatch-name: 3.10.0/CVE-2020-11668-media-xirlink-cit-add-missing-descriptor-sanity-checks.patch kpatch-description: media: xirlink_cit: add missing descriptor sanity checks kpatch-kernel: 3.10.0-1160.36.2.el7 kpatch-cve: CVE-2020-11668 kpatch-cvss: 7.1 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2020-11668 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=a246b4d547708f33ff4d4b9a7a5dbac741dc89d8 kpatch-name: 3.10.0/CVE-2021-33033-cipso-calipso-resolve-a-number-of-problems-with-the-doi-refcounts.patch kpatch-description: cipso,calipso: resolve a number of problems with the DOI refcounts kpatch-kernel: 3.10.0-1160.36.2.el7 kpatch-cve: CVE-2021-33033 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2021-33033 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=ad5d07f4a9cd671233ae20983848874731102c08 kpatch-name: 3.10.0/CVE-2021-33033-net-mac802154-fix-general-protection-fault.patch kpatch-description: net: mac802154: Fix general protection fault kpatch-kernel: 3.10.0-1160.36.2.el7 kpatch-cve: CVE-2021-33033 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2021-33033 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=1165affd484889d4986cf3b724318935a0b120d8 kpatch-name: 3.10.0/CVE-2021-33034-bluetooth-verify-amp-hci-chan-before-amp-destroy.patch kpatch-description: Bluetooth: verify AMP hci_chan before amp_destroy kpatch-kernel: 3.10.0-1160.36.2.el7 kpatch-cve: CVE-2021-33034 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2021-33034 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=5c4c8c9544099bb9043a10a5318130a943e32fc3 kpatch-name: 4.18.0/CVE-2021-33034-kpatch.patch kpatch-description: Bluetooth: verify AMP hci_chan before amp_destroy (kcare adaptation) kpatch-kernel: 4.18.0-305.7.1.el8_4 kpatch-cve: CVE-2021-33034 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2021-33034 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=5c4c8c9544099bb9043a10a5318130a943e32fc3 kpatch-name: skipped/CVE-2020-27777.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2020-27777 kpatch-skip-reason: Out of scope as the patch is for powerpc arch only, x86_64 is not affected kpatch-cvss: kpatch-name: 3.10.0/CVE-2021-22555.patch kpatch-description: netfilter: x_tables: fix compat match/target pad out-of-bound write kpatch-kernel: 3.10.0-1160.41.1.el7 kpatch-cve: CVE-2021-22555 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2021-22555 kpatch-patch-url: https://git.kernel.org/linus/b29c457a6511435960115c0f548c4360d5f4801d kpatch-name: 3.10.0/CVE-2021-29154-bpf-x86-Validate-computation-of-branch-displacements-for-x86-64.patch kpatch-description: bpf, x86: Validate computation of branch displacements for x86-64 kpatch-kernel: 3.10.0-1160.41.1.el7 kpatch-cve: CVE-2021-29154 kpatch-cvss: 7.0 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2021-29154 kpatch-patch-url: https://git.kernel.org/linus/e4d4d456436bfb2fe412ee2cd489f7658449b098 kpatch-name: 3.10.0/CVE-2021-29650-netfilter-x-tables-use-correct-memory-barriers.patch kpatch-description: netfilter: x_tables: Use correct memory barriers. kpatch-kernel: 3.10.0-1160.41.1.el7 kpatch-cve: CVE-2021-29650 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2021-29650 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=175e476b8cdf2a4de7432583b49c871345e4f8a1 kpatch-name: 3.10.0/CVE-2021-32399-bluetooth-eliminate-the-potential-race-condition-when-removing-the.patch kpatch-description: bluetooth: eliminate the potential race condition when removing the kpatch-kernel: 3.10.0-1160.41.1.el7 kpatch-cve: CVE-2021-32399 kpatch-cvss: 7.0 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2021-32399 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=e2cb6b891ad2b8caa9131e3be70f45243df82a80 kpatch-name: 3.10.0/CVE-2021-3715-net-sched-cls-route-remove-the-right-filter-from-hashtable.patch kpatch-description: net_sched: cls_route: remove the right filter from hashtable kpatch-kernel: 3.10.0-1160.42.2.el7 kpatch-cve: CVE-2021-3715 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2021-3715 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=ef299cc3fa1a9e1288665a9fdc8bff55629fd359 kpatch-name: 3.10.0/CVE-2021-3653-KVM-nSVM-avoid-picking-up-unsupported-bits-from-L2-i.patch kpatch-description: KVM: nSVM: avoid picking up unsupported bits from L2 in int_ctl kpatch-kernel: 3.10.0-1160.45.1.el7 kpatch-cve: CVE-2021-3653 kpatch-cvss: 8.8 kpatch-cve-url: https://access.redhat.com/security/cve/cve-2021-3653 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/commit?id=c0883f693187c646c0972d73e525523f9486c2e3 kpatch-name: ubuntu-bionic/4.15.0-156.163/CVE-2021-3653-kpatch.patch kpatch-description: KVM: nSVM: avoid picking up unsupported bits from L2 in int_ctl (adaptation) kpatch-kernel: 4.15.0-156.163 kpatch-cve: CVE-2021-3653 kpatch-cvss: 8.8 kpatch-cve-url: https://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-3653 kpatch-patch-url: https://git.kernel.org/pub/scm/virt/kvm/kvm.git/patch/?id=0f923e07124df069ba68d8bb12324398f4b6b709 kpatch-name: 3.10.0/CVE-2021-3656-KVM-nSVM-always-intercept-VMLOAD-VMSAVE.patch kpatch-description: KVM: nSVM: always intercept VMLOAD/VMSAVE when nested kpatch-kernel: 3.10.0-1160.45.1.el7 kpatch-cve: CVE-2021-3656 kpatch-cvss: 8.8 kpatch-cve-url: https://access.redhat.com/security/cve/cve-2021-3656 kpatch-patch-url: https://git.kernel.org/pub/scm/virt/kvm/kvm.git/patch/?id=c7dfa4009965a9b2d7b329ee970eb8da0d32f0bc kpatch-name: skipped/CVE-2021-37576.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2021-37576 kpatch-skip-reason: Out of scope as the patch is for powerpc arch only, x86_64 is not affected kpatch-cvss: kpatch-name: 3.10.0/CVE-2020-36385-1202-RDMA-cma-Add-missing-locking-to-rdma_accept.patch kpatch-description: RDMA/cma: Add missing locking to rdma_accept() kpatch-kernel: 3.10.0-1160.49.1.el7 kpatch-cve: CVE-2020-36385 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2020-36385 kpatch-patch-url: https://git.kernel.org/linus/d114c6feedfe0600c19b9f9479a4026354d1f7fd kpatch-name: 3.10.0/CVE-2020-36385-1203-RDMA-ucma-Fix-the-locking-of-ctx-file.patch kpatch-description: RDMA/ucma: Fix the locking of ctx->file kpatch-kernel: 3.10.0-1160.49.1.el7 kpatch-cve: CVE-2020-36385 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2020-36385 kpatch-patch-url: https://git.kernel.org/linus/09e328e47a695b0d346598f5d6593ee598e64885 kpatch-name: 3.10.0/CVE-2020-36385-1204-RDMA-ucma-Fix-locking-for-ctx-events_reported.patch kpatch-description: RDMA/ucma: Fix locking for ctx->events_reported kpatch-kernel: 3.10.0-1160.49.1.el7 kpatch-cve: CVE-2020-36385 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2020-36385 kpatch-patch-url: https://git.kernel.org/linus/98837c6c3d7285f6eca86480b6f7fac6880e27a8 kpatch-name: 3.10.0/CVE-2020-36385-1205-RDMA-ucma-Rework-ucma_migrate_id-to-avoid-races-with.patch kpatch-description: RDMA/ucma: Rework ucma_migrate_id() to avoid races with destroy kpatch-kernel: 3.10.0-1160.49.1.el7 kpatch-cve: CVE-2020-36385 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2020-36385 kpatch-patch-url: https://git.kernel.org/linus/f5449e74802c1112dea984aec8af7a33c4516af1 kpatch-name: 3.10.0/CVE-2020-25704-perf-core-Fix-a-memory-leak-in-perf_event_parse_addr_filter.patch kpatch-description: perf/core: Fix a memory leak in perf_event_parse_addr_filter() kpatch-kernel: 3.10.0-1160.53.1.el7 kpatch-cve: CVE-2020-25704 kpatch-cvss: 6.2 kpatch-cve-url: https://nvd.nist.gov/vuln/detail/CVE-2020-25704 kpatch-patch-url: https://git.kernel.org/linus/7bdb157cdebbf95a1cd94ed2e01b338714075d00 kpatch-name: 3.10.0/CVE-2021-42739-media-firewire-firedtv-avc-potential-buffer-overflow.patch kpatch-description: firewire: firedtv-avc: potential buffer overflow kpatch-kernel: 3.10.0-1160.53.1.el7 kpatch-cve: CVE-2021-42739 kpatch-cvss: 6.7 kpatch-cve-url: https://nvd.nist.gov/vuln/detail/CVE-2021-42739 kpatch-patch-url: https://git.kernel.org/linus/3011e5e592a2d31556cc3eff335a1ecccd473fa0 kpatch-name: 3.10.0/CVE-2021-42739-media-firewire-firedtv-avc-fix-more-potential-buffer.patch kpatch-description: media: firewire: firedtv-avc: fix a buffer overflow kpatch-kernel: 3.10.0-1160.53.1.el7 kpatch-cve: CVE-2021-42739 kpatch-cvss: 6.7 kpatch-cve-url: https://nvd.nist.gov/vuln/detail/CVE-2021-42739 kpatch-patch-url: https://git.kernel.org/linus/7ac95cf59d59473e680937319594ce0719497e98 kpatch-name: 3.10.0/CVE-2021-42739-media-firewire-don-t-break-long-lines.patch kpatch-description: [media] firewire: don't break long lines kpatch-kernel: 3.10.0-1160.53.1.el7 kpatch-cve: CVE-2021-42739 kpatch-cvss: 6.7 kpatch-cve-url: https://nvd.nist.gov/vuln/detail/CVE-2021-42739 kpatch-patch-url: https://git.kernel.org/linus/4c481739afeb806f7ecfbfb2087f8c2afba00e74 kpatch-name: 3.10.0/CVE-2021-42739-media-firewire-firedtv-avc-fix-a-buffer-overflow-in-.patch kpatch-description: media: firewire: firedtv-avc: fix a buffer overflow kpatch-kernel: 3.10.0-1160.53.1.el7 kpatch-cve: CVE-2021-42739 kpatch-cvss: 6.7 kpatch-cve-url: https://nvd.nist.gov/vuln/detail/CVE-2021-42739 kpatch-patch-url: https://git.kernel.org/linus/35d2969ea3c7d32aee78066b1f3cf61a0d935a4e kpatch-name: 3.10.0/CVE-2020-36322-750669-fuse-fix-bad-inode.patch kpatch-description: fuse: fix bad inode kpatch-kernel: 3.10.0-1160.53.1.el7 kpatch-cve: CVE-2020-36322 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2020-36322 kpatch-patch-url: http://git.kernel.org/linus/5d069dbe8aaf2a197142558b6fb2978189ba3454 kpatch-name: 3.10.0/CVE-2020-0465-HID-core-Sanitize-event-code-and-type-when-mapping-input.patch kpatch-description: HID: core: Sanitize event code and type when mapping input kpatch-kernel: 3.10.0-1169.59.1 kpatch-cve: CVE-2020-0465 kpatch-cvss: 6.6 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2020-0465 kpatch-patch-url: https://github.com/oracle/linux-uek/commit/89a263343f28b842f792cacf67dfd3b6394a1c41 kpatch-name: 3.10.0/CVE-2020-0466-do_epoll_ctl-clean-the-failure-exits-up-a-bit.patch kpatch-description: do_epoll_ctl(): clean the failure exits up a bit kpatch-kernel: 3.10.0-1160.59.1 kpatch-cve: CVE-2020-0466 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2020-0466 kpatch-patch-url: https://git.kernel.org/linus/52c479697c9b73f628140dcdfcd39ea302d05482 kpatch-name: 3.10.0/CVE-2021-0920-af_unix-fix-garbage-collect-vs-MSG_PEEK.patch kpatch-description: af_unix: fix garbage collect vs MSG_PEEK kpatch-kernel: 3.10.0-1160.59.1 kpatch-cve: CVE-2021-0920 kpatch-cvss: 6.4 kpatch-cve-url: https://security-tracker.debian.org/tracker/CVE-2021-0920 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=cbcf01128d0a92e131bd09f1688fe032480b65ca kpatch-name: 3.10.0/CVE-2021-0920-kpatch.patch kpatch-description: af_unix: fix garbage collect vs MSG_PEEK (adaptation) kpatch-kernel: 4.1.12-124.59.1.2 kpatch-cve: CVE-2021-0920 kpatch-cvss: 6.4 kpatch-cve-url: https://security-tracker.debian.org/tracker/CVE-2021-0920 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=cbcf01128d0a92e131bd09f1688fe032480b65ca kpatch-name: 3.10.0/CVE-2021-3564-Bluetooth-fix-the-erroneous-flush_work-order.patch kpatch-description: Bluetooth: fix the erroneous flush_work() order kpatch-kernel: 3.10.0-1160.59.1 kpatch-cve: CVE-2021-3564 kpatch-cvss: 5.5 kpatch-cve-url: https://nvd.nist.gov/vuln/detail/CVE-2021-3564 kpatch-patch-url: https://git.kernel.org/linus/75aa7baab3e18a98f232f14dd9cc6965bcf9b31a kpatch-name: 3.10.0/CVE-2021-3573-Bluetooth-use-correct-lock-to-prevent-UAF-of-hdev-object.patch kpatch-description: Bluetooth: use correct lock to prevent UAF of hdev object kpatch-kernel: 3.10.0-1160.59.1 kpatch-cve: CVE-2021-3573 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2021-3573 kpatch-patch-url: https://git.kernel.org/linus/3c62132da179fd30531958d51c68ba4915996556 kpatch-name: 3.10.0/CVE-2021-4155-xfs-map-unwritten-blocks-in-XFS_IOC_ALLOC-FREESP-just-like.patch kpatch-description: xfs: map unwritten blocks in XFS_IOC_{ALLOC,FREE}SP just like kpatch-kernel: 3.10.0-1160.59.1 kpatch-cve: CVE-2021-4155 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2021-4155 kpatch-patch-url: https://git.kernel.org/linus/983d8e60f50806f90534cc5373d0ce867e5aaf79 kpatch-name: 3.10.0/CVE-2022-22942.patch kpatch-description: drm/vmwgfx: Fix stale file descriptors on failed usercopy kpatch-kernel: 3.10.0-1160.59.1 kpatch-cve: CVE-2022-22942 kpatch-cvss: 7.0 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2022-22942 kpatch-patch-url: https://git.kernel.org/linus/a0f90c8815706981c483a652a6aefca51a5e191c kpatch-name: 3.10.0/CVE-2022-0330-drm-i915-Flush-TLBs-before-releasing-backing-store-kpatch-1.patch kpatch-description: drm/i915: Flush TLBs before releasing backing store kpatch-kernel: 3.10.0-1160.59.1 kpatch-cve: CVE-2022-0330 kpatch-cvss: 7.0 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2022-0330 kpatch-patch-url: https://git.kernel.org/linus/7938d61591d33394a21bdd7797a245b65428f44c kpatch-name: 3.10.0/CVE-2021-4028-RDMA-cma-Do-not-change-route.addr.src_addr.ss_family.patch kpatch-description: RDMA/cma: Do not change route.addr.src_addr.ss_family kpatch-kernel: 3.10.0-1160.62.1 kpatch-cve: CVE-2021-4028 kpatch-cvss: 7.0 kpatch-cve-url: https://security-tracker.debian.org/tracker/CVE-2021-4028 kpatch-patch-url: https://git.kernel.org/stable/c/bc0bdc5afaa740d782fbf936aaeebd65e5c2921d kpatch-name: 3.10.0/CVE-2022-1016-ge-1062.patch kpatch-description: Initialize registers to avoid stack leak into userspace. kpatch-kernel: >kernel-3.10.0-1160.62.1.el7 kpatch-cve: CVE-2022-1016 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/cve-2022-1016 kpatch-patch-url: https://git.kernel.org/linus/4c905f6740a3 kpatch-name: 3.10.0/CVE-2022-1015.patch kpatch-description: Bail out in case userspace uses unsupported registers. kpatch-kernel: >kernel-3.10.0-1160.62.1.el7 kpatch-cve: CVE-2022-1015 kpatch-cvss: 6.6 kpatch-cve-url: https://access.redhat.com/security/cve/cve-2022-1015 kpatch-patch-url: https://git.kernel.org/linus/6e1acfa387b9 kpatch-name: 3.10.0/CVE-2022-0492-cgroup-v1-Require-capabilities-to-set-release_agent.patch kpatch-description: cgroup-v1: Require capabilities to set release_agent kpatch-kernel: 3.10.0-1160.66.1.el7 kpatch-cve: CVE-2022-0492 kpatch-cvss: 7.0 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2022-0492 kpatch-patch-url: https://git.kernel.org/linus/0e8283cbe4996ae046cd680b3ed598a8f2b0d5d8 kpatch-name: 3.10.0/CVE-2022-1729-perf-Fix-sys-perf-event-open-race-against-itself.patch kpatch-description: perf: Fix sys_perf_event_open() race against self kpatch-kernel: 5.4.17-2136.307.3.2.el8uek kpatch-cve: CVE-2022-1729 kpatch-cvss: 7.0 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2022-1729 kpatch-patch-url: https://github.com/torvalds/linux/commit/3ac6487e584a1eb54071dbe1212e05b884136704 kpatch-name: 3.10.0/CVE-2022-32250-nf_tables-disallow-non-stateful-expression-in-sets-earlier.patch kpatch-description: netfilter: nf_tables: disallow non-stateful expression in kpatch-kernel: 3.10.0-1160.71.1 kpatch-cve: CVE-2022-32250 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2022-32250 kpatch-patch-url: https://github.com/torvalds/linux/commit/f36736fbd48491a8d85cd22f4740d542c5a1546e kpatch-name: skipped/CVE-2022-21499.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2022-21499 kpatch-skip-reason: Not affected without certain conditions - Secure Boot, configured kgdb/kdb. Complex adaptation kpatch-cvss: kpatch-name: mmio-enable.patch kpatch-description: x86/speculation/mmio: Add mitigation for Processor MMIO Stale Data kpatch-kernel: 5.18 kpatch-cve: CVE-2022-21123 CVE-2022-21125 CVE-2022-21166 CVE-2022-21127 kpatch-cvss: 6.1 kpatch-cve-url: https://access.redhat.com/security/cve/cve-2022-21123 kpatch-cve-url: https://access.redhat.com/security/cve/cve-2022-21125 kpatch-cve-url: https://access.redhat.com/security/cve/cve-2022-21166 kpatch-cve-url: https://access.redhat.com/security/cve/cve-2022-21127 kpatch-patch-url: https://git.kernel.org/linus/51802186158c74a0304f51ab963e7c2b3a2b046f kpatch-name: 3.10.0/CVE-2022-2588.patch kpatch-description: net_sched: cls_route: remove from list when handle is 0 kpatch-kernel: 3.10.0-1160.80.1.el7 kpatch-cve: CVE-2022-2588 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/cve-2022-2588 kpatch-patch-url: https://git.kernel.org/linus/9ad36309e2719a884f946678e0296be10f0bb4c1 kpatch-name: skipped/CVE-2022-23816.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2022-23816 kpatch-skip-reason: Livepatching Retbleed may decrease kernel stability and performance. This vulnerability has medium security impact and applies to certain hardware environments only. kpatch-cvss: kpatch-name: skipped/CVE-2022-23825.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2022-23825 kpatch-skip-reason: Livepatching Retbleed may decrease kernel stability and performance. This vulnerability has medium security impact and applies to certain hardware environments only. kpatch-cvss: kpatch-name: skipped/CVE-2022-26373.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2022-26373 kpatch-skip-reason: Livepatching Retbleed may decrease the stability and performance of the kernel, while vulnerability has a medium security impact and only for a certain hardware environment. kpatch-cvss: kpatch-name: skipped/CVE-2022-29900.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2022-29900 kpatch-skip-reason: Livepatching Retbleed may decrease kernel stability and performance. This vulnerability has medium security impact and applies to certain hardware environments only. kpatch-cvss: kpatch-name: skipped/CVE-2022-29901.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2022-29901 kpatch-skip-reason: Livepatching Retbleed may decrease the stability and performance of the kernel, while vulnerability has a medium security impact and only for a certain hardware environment. kpatch-cvss: kpatch-name: 3.10.0/CVE-2022-2964-1510-net-usb-ax88179_178a-fix-packet-alignment-padding.patch kpatch-description: net: usb: ax88179_178a: fix packet alignment padding kpatch-kernel: kernel-3.10.0-1160.83.1.el7 kpatch-cve: CVE-2022-2964 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2022-2964 kpatch-patch-url: https://git.kernel.org/linus/e869e7a17798d85829fa7d4f9bbe1eebd4b2d3f6 kpatch-name: 3.10.0/CVE-2022-2964-1511-ax88179_178a-Merge-memcpy-le32_to_cpus-to-get_unalig.patch kpatch-description: ax88179_178a: Merge memcpy + le32_to_cpus to get_unaligned_le32 kpatch-kernel: kernel-3.10.0-1160.83.1.el7 kpatch-cve: CVE-2022-2964 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2022-2964 kpatch-patch-url: https://git.kernel.org/linus/d1854d509d61d36af44f2130423bff8836e1592e kpatch-name: 3.10.0/CVE-2022-2964-1512-net-usb-Merge-cpu_to_le32s-memcpy-to-put_unaligned_l.patch kpatch-description: net: usb: Merge cpu_to_le32s + memcpy to put_unaligned_le32 kpatch-kernel: kernel-3.10.0-1160.83.1.el7 kpatch-cve: CVE-2022-2964 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2022-2964 kpatch-patch-url: https://git.kernel.org/linus/7e24b4ed5ac4321e41415b0c6f0f8a8ac14852b2 kpatch-name: 3.10.0/CVE-2022-2964-1518-net-usb-ax88179_178a-Fix-out-of-bounds-accesses-in-R.patch kpatch-description: net: usb: ax88179_178a: Fix out-of-bounds accesses in RX fixup kpatch-kernel: kernel-3.10.0-1160.83.1.el7 kpatch-cve: CVE-2022-2964 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2022-2964 kpatch-patch-url: https://git.kernel.org/linus/57bc3d3ae8c14df3ceb4e17d26ddf9eeab304581 kpatch-name: 3.10.0/CVE-2022-2964-1519-net-usb-ax88179_178a-Fix-packet-receiving.patch kpatch-description: net: usb: ax88179_178a: Fix packet receiving kpatch-kernel: kernel-3.10.0-1160.83.1.el7 kpatch-cve: CVE-2022-2964 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2022-2964 kpatch-patch-url: https://git.kernel.org/linus/f8ebb3ac881b17712e1d5967c97ab1806b16d3d6 kpatch-name: skipped/CVE-2021-26401.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2021-26401 kpatch-skip-reason: An introduction of required changes through KernelCare could cause unavoidable problems to applications which use unprivileged eBPF. kpatch-cvss: kpatch-name: 3.10.0/CVE-2022-4378-1-proc-avoid-integer-type-confusion-in-get_proc_long.patch kpatch-description: proc: avoid integer type confusion in get_proc_long kpatch-kernel: 3.10.0-1160.88.1.el7 kpatch-cve: CVE-2022-4378 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2022-4378 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=e6cfaf34be9fcd1a8285a294e18986bfc41a409c kpatch-name: 3.10.0/CVE-2022-4378-2-proc-sysctl-fix-return-error-for-proc_doulongvec_min.patch kpatch-description: proc: proc_skip_spaces() shouldn't think it is working on C strings kpatch-kernel: 3.10.0-1160.88.1.el7 kpatch-cve: CVE-2022-4378 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2022-4378 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=bce9332220bd677d83b19d21502776ad555a0e73 kpatch-name: 3.10.0/CVE-2022-43750-usb-mon-make-mmapped-memory-read-only.patch kpatch-description: usb: mon: make mmapped memory read only kpatch-kernel: 3.10.0-1160.90.1 kpatch-cve: CVE-2022-43750 kpatch-cvss: 6.7 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2022-43750 kpatch-patch-url: https://git.kernel.org/linus/a659daf63d16aa883be42f3f34ff84235c302198 kpatch-name: 3.10.0/CVE-2022-3564-Bluetooth-L2CAP-Fix-use-after-free-caused-by-l2cap_reassemble_sdu.patch kpatch-description: Bluetooth: L2CAP: Fix use-after-free caused by l2cap_reassemble_sdu kpatch-kernel: 3.10.0-1160.95.1.el7 kpatch-cve: CVE-2022-3564 kpatch-cvss: 7.1 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2022-3564 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth-next.git/patch/?id=89f9f3cb86b1c63badaf392a83dd661d56cc50b1 kpatch-name: rhel7/3.10.0-1160.99.1.el7/CVE-2023-35788-net-sched-flower-fix-possible-oob-write-in-fl-set-geneve-opt.patch kpatch-description: net/sched: flower: fix possible OOB write in fl_set_geneve_opt() kpatch-kernel: 3.10.0-1160.99.1.el7 kpatch-cve: CVE-2023-35788 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-35788 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=4d56304e5827c8cc8cc18c75343d283af7c4825c kpatch-name: rhel7/3.10.0-1160.99.1.el7/CVE-2023-20593-zenbleed.patch kpatch-description: hw: amd: Cross-Process Information Leak kpatch-kernel: 3.10.0-1160.99.1.el7 kpatch-cve: CVE-2023-20593 kpatch-cvss: 6.5 kpatch-cve-url: https://access.redhat.com/security/cve/cve-2023-20593 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=522b1d69219d8f083173819fde04f994aa051a98 kpatch-name: rhel7/3.10.0-1160.102.1.el7/CVE-2023-32233-1.patch kpatch-description: netfilter: nf_tables: deactivate anonymous set from preparation phase kpatch-kernel: 3.10.0-1160.102.1.el7 kpatch-cve: CVE-2023-32233 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-32233 kpatch-patch-url: https://git.kernel.org/linus/c1592a89942e9678f7d9c8030efa777c0d57edab kpatch-name: rhel7/3.10.0-1160.102.1.el7/CVE-2023-32233-1-kpatch.patch kpatch-description: netfilter: nf_tables: deactivate anonymous set from preparation phase (adaptation) kpatch-kernel: 3.10.0-1160.102.1.el7 kpatch-cve: CVE-2023-32233 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-32233 kpatch-patch-url: https://git.kernel.org/linus/c1592a89942e9678f7d9c8030efa777c0d57edab kpatch-name: rhel7/3.10.0-1160.102.1.el7/CVE-2023-32233-2.patch kpatch-description: netfilter: nf_tables: do not allow SET_ID to refer to another table kpatch-kernel: 3.10.0-1160.102.1.el7 kpatch-cve: CVE-2023-32233 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-32233 kpatch-patch-url: https://git.kernel.org/linus/470ee20e069a6d05ae549f7d0ef2bdbcee6a81b2 kpatch-name: rhel7/3.10.0-1160.102.1.el7/CVE-2023-32233-3.patch kpatch-description: netfilter: nf_tables: skip deactivated anonymous sets during lookups kpatch-kernel: 3.10.0-1160.102.1.el7 kpatch-cve: CVE-2023-32233 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-32233 kpatch-patch-url: https://git.kernel.org/linus/c1592a89942e9678f7d9c8030efa777c0d57edab kpatch-name: rhel7/3.10.0-1160.102.1.el7/CVE-2023-35001.patch kpatch-description: netfilter: nf_tables: prevent OOB access in nft_byteorder_eval kpatch-kernel: 3.10.0-1160.102.1.el7 kpatch-cve: CVE-2023-35001 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-35001 kpatch-patch-url: https://git.kernel.org/linus/caf3ef7468f7534771b5c44cd8dbd6f7f87c2cbd kpatch-name: rhel7/3.10.0-1160.102.1.el7/CVE-2023-3609-smart-backport-for-net-sched-cls-u32-c.patch kpatch-description: Smart Patch for net/sched: cls_u32: Fix reference counter leak leading to overflow kpatch-kernel: 3.10.0-1160.102.1.el7 kpatch-cve: CVE-2023-3609 kpatch-cvss: 7.0 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-3609 kpatch-patch-url: https://git.kernel.org/linus/04c55383fa5689357bcdd2c8036725a55ed632bc kpatch-name: rhel7/3.10.0-1160.102.1.el7/CVE-2023-4208-smart-patch-for-net-sched-cls-u32-c.patch kpatch-description: Smart Patch for net/sched/cls_u32.c kpatch-kernel: kernel-3.10.0-1160.105.1.el7 kpatch-cve: CVE-2023-4208 CVE-2023-4128 kpatch-cvss: kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-4208 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3044b16e7c6fe5d24b1cdbcf1bd0a9d92d1ebd81 kpatch-name: rhel7/3.10.0-1160.105.1.el7/CVE-2023-4207-net-sched-cls-fw-no-longer-copy-tcf-result-on-update-to-avoid.patch kpatch-description: net/sched: cls_fw: No longer copy tcf_result on update to avoid use-after-free kpatch-kernel: kernel-3.10.0-1160.105.1.el7 kpatch-cve: CVE-2023-4207 CVE-2023-4128 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-4207 kpatch-name: rhel7/3.10.0-1160.105.1.el7/CVE-2023-4206-net-sched-cls-route-no-longer-copy-tcf-result-on-update-to-avoid.patch kpatch-description: net/sched: cls_route: No longer copy tcf_result on update to avoid use-after-free kpatch-kernel: kernel-3.10.0-1160.105.1.el7 kpatch-cve: CVE-2023-4206 CVE-2023-4128 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-4206 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b80b829e9e2c1b3f7aae34855e04d8f6ecaf13c8 kpatch-name: rhel7/3.10.0-1160.105.1.el7/CVE-2023-3776-net-sched-cls-fw-fix-improper-refcount-update-leads-to.patch kpatch-description: net/sched: cls_fw: Fix improper refcount update leads to use-after-free kpatch-kernel: kernel-3.10.0-1160.105.1.el7 kpatch-cve: CVE-2023-3776 kpatch-cvss: 7.0 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-3776 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=1240eb93f0616b21c675416516ff3d74798fdc97 kpatch-name: rhel7/3.10.0-1160.105.1.el7/CVE-2023-3611-net-sched-sch-qfq-account-for-stab-overhead-in-qfq-enqueue.patch kpatch-description: net/sched: sch_qfq: account for stab overhead in qfq_enqueue kpatch-kernel: kernel-3.10.0-1160.105.1.el7 kpatch-cve: CVE-2023-3611 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-3611 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=3e337087c3b5805fe0b8a46ba622a962880b5d64 kpatch-name: skipped/CVE-2022-40982.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2022-40982 kpatch-skip-reason: Complex adaptation required. kpatch-cvss: kpatch-name: rhel7/3.10.0-1160.105.1.el7/CVE-2023-31436-net-sched-sch_qfq-prevent-slab-out-of-bounds-in-qfq_.patch kpatch-description: net/sched: sch_qfq: prevent slab-out-of-bounds in qfq_activate_agg kpatch-kernel: kernel-3.10.0-1160.105.1.el7 kpatch-cve: CVE-2023-31436 kpatch-cvss: 7.0 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-31436 kpatch-patch-url: https://git.kernel.org/linus/3037933448f60f9acb705997eae62013ecb81e0d kpatch-name: rhel7/3.10.0-1160.108.1.el7/CVE-2023-42753-REVERT-net-netfilter-ipset-actually-allow-allowable-CIDR-0-.patch kpatch-description: revert of: netfilter: ipset: actually allow allowable CIDR 0 in hash:net, port, net kpatch-kernel: 3.10.0-1160.108.1.el7 kpatch-cve: CVE-2023-42753 kpatch-cvss: 7.0 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-42753 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=050d91c03b28ca479df13dfb02bcd2c60dd6a878 kpatch-name: rhel7/3.10.0-1160.114.2.el7/CVE-2022-42896-Bluetooth-L2CAP-Fix-accepting-connection-request-for-invalid-SPSM.patch kpatch-description: Bluetooth: L2CAP: Fix accepting connection request for invalid SPSM kpatch-kernel: 3.10.0-1160.114.2.el7 kpatch-cve: CVE-2022-42896 kpatch-cvss: 8.1 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2022-42896 kpatch-patch-url: https://github.com/torvalds/linux/commit/711f8c3fb3db61897080468586b970c87c61d9e4 kpatch-name: rhel7/3.10.0-1160.114.2.el7/CVE-2022-42896-Bluetooth-L2CAP-Fix-l2cap_global_chan_by_psm.patch kpatch-description: Bluetooth: L2CAP: Fix l2cap_global_chan_by_psm kpatch-kernel: 3.10.0-1160.114.2.el7 kpatch-cve: CVE-2022-42896 kpatch-cvss: 8.1 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2022-42896 kpatch-patch-url: https://github.com/torvalds/linux/commit/f937b758a188d6fd328a81367087eddbb2fce50f kpatch-name: rhel7/3.10.0-1160.114.2.el7/CVE-2023-4921-net-sched-sch-qfq-fix-uaf-in-qfq-dequeue.patch kpatch-description: net: sched: sch_qfq: Fix UAF in qfq_dequeue() kpatch-kernel: 3.10.0-1160.114.2.el7 kpatch-cve: CVE-2023-4921 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-4921 kpatch-patch-url: https://github.com/torvalds/linux/commit/8fc134fee27f2263988ae38920bc03da416b03d8 kpatch-name: rhel7/3.10.0-1160.114.2.el7/CVE-2023-4921-net-sched-sch-qfq-fix-uaf-in-qfq-dequeue-kpatch.patch kpatch-description: net: sched: sch_qfq: Fix UAF in qfq_dequeue() (adaptation) kpatch-kernel: 3.10.0-1160.114.2.el7 kpatch-cve: CVE-2023-4921 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-4921 kpatch-patch-url: https://github.com/torvalds/linux/commit/8fc134fee27f2263988ae38920bc03da416b03d8 kpatch-name: skipped/CVE-2023-38409.patch kpatch-description: kpatch-kernel: kpatch-cve: CVE-2023-38409 kpatch-skip-reason: fbcon driver was updated and patched in the same kernel 3.10.0-1160.111.1.el7. Older versions don't contain vulnerabilities b07db3958485 and d443d9386472 kpatch-cvss: kpatch-name: rhel7/3.10.0-1160.114.2.el7/CVE-2023-45871-igb-set-max-size-rx-buffer-when-store-bad-packet-is-enabled.patch kpatch-description: igb: set max size RX buffer when store bad packet is enabled kpatch-kernel: 3.10.0-1160.114.2.el7 kpatch-cve: CVE-2023-45871 kpatch-cvss: 7.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-45871 kpatch-patch-url: https://git.kernel.org/linus/bb5ed01cd2428cd25b1c88a3a9cba87055eb289f kpatch-name: rhel7/3.10.0-1160.114.2.el7/CVE-2023-45871-igb-set-max-size-rx-buffer-when-store-bad-packet-is-enabled-kpatch.patch kpatch-description: igb: set max size RX buffer when store bad packet is enabled (adaptation) kpatch-kernel: 3.10.0-1160.114.2.el7 kpatch-cve: CVE-2023-45871 kpatch-cvss: 7.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-45871 kpatch-patch-url: https://git.kernel.org/linus/bb5ed01cd2428cd25b1c88a3a9cba87055eb289f kpatch-name: rhel7/3.10.0-1160.114.2.el7/CVE-2024-1086-netfilter-nf-tables-reject-queue-drop-verdict-parameters.patch kpatch-description: netfilter: nf_tables: reject QUEUE/DROP verdict parameters kpatch-kernel: 3.10.0-1160.114.2.el7 kpatch-cve: CVE-2024-1086 kpatch-cvss: 7.0 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-1086 kpatch-patch-url: https://github.com/torvalds/linux/commit/f342de4e2f33e0e39165d8639387aa6c19dff660 kpatch-name: rhel7/3.10.0-1160.114.2.el7/CVE-2024-26602-sched-membarrier-reduce-the-ability-to-hammer-on-sys_membarrier.patch kpatch-description: sched/membarrier: reduce the ability to hammer on sys_membarrier kpatch-kernel: 3.10.0-1160.114.2.el7 kpatch-cve: CVE-2024-26602 kpatch-cvss: 5.5 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-26602 kpatch-patch-url: https://github.com/torvalds/linux/commit/3cd139875e9a7688b3fc715264032620812a5fa3 kpatch-name: rhel7/3.10.0-1160.118.1.el7/CVE-2023-4622-patch-1681-1699-af-unix-fix-null-ptr-deref-in-pre-1127.patch kpatch-description: [PATCH 1681/1699] af_unix: Fix null-ptr-deref in kpatch-kernel: 3.10.0-1160.118.1.el7 kpatch-cve: CVE-2023-4622 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-4622 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/patch/?h=linux-6.1.y&id=790c2f9d15b594350ae9bca7b236f2b1859de02c kpatch-name: rhel7/3.10.0-1160.118.1.el7/CVE-2023-4623-patch-1658-1699-net-sched-sch-hfsc-ensure-inner-classes-have-fsc.patch kpatch-description: [PATCH 1658/1699] net/sched: sch_hfsc: Ensure inner classes have fsc kpatch-kernel: 3.10.0-1160.118.1.el7 kpatch-cve: CVE-2023-4623 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-4623 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=b3d26c5702c7d6c45456326e56d2ccf3f103e60f kpatch-name: rhel7/3.10.0-1160.118.1.el7/CVE-2023-4623-patch-1659-1699-net-sched-sch-hfsc-upgrade-rt-to-sc-when-it.patch kpatch-description: [PATCH 1659/1699] net/sched: sch_hfsc: upgrade 'rt' to 'sc' when it kpatch-kernel: 3.10.0-1160.118.1.el7 kpatch-cve: CVE-2023-4623 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-4623 kpatch-name: rhel7/3.10.0-1160.118.1.el7/CVE-2023-2002-patch-1686-1699-bluetooth-perform-careful-capability-checks-in.patch kpatch-description: [PATCH 1686/1699] bluetooth: Perform careful capability checks in kpatch-kernel: 3.10.0-1160.118.1.el7 kpatch-cve: CVE-2023-2002 kpatch-cvss: 6.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-2002 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=25c150ac103a4ebeed0319994c742a90634ddf18 kpatch-name: rhel7/3.10.0-1160.118.1.el7/CVE-2023-2002-patch-1689-1699-bluetooth-add-cmd-validity-checks-at-the-start-of.patch kpatch-description: [PATCH 1689/1699] bluetooth: Add cmd validity checks at the start of kpatch-kernel: 3.10.0-1160.118.1.el7 kpatch-cve: CVE-2023-2002 kpatch-cvss: 6.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-2002 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=000c2fa2c144c499c881a101819cf1936a1f7cf2 kpatch-name: rhel7/3.10.0-1160.118.1.el7/CVE-2020-36558-patch-1696-1699-vt-vt-ioctl-fix-race-in-vt-resizex.patch kpatch-description: [PATCH 1696/1699] vt: vt_ioctl: fix race in VT_RESIZEX kpatch-kernel: 3.10.0-1160.118.1.el7 kpatch-cve: CVE-2020-36558 kpatch-cvss: 5.1 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2020-36558 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=6cd1ed50efd88261298577cd92a14f2768eddeeb kpatch-name: rhel7/3.10.0-1160.118.1.el7/CVE-2023-25775-patch-1643-1699-rdma-i40iw-prevent-zero-length-stag-registration.patch kpatch-description: [PATCH 1643/1699] RDMA/i40iw: Prevent zero-length STAG registration kpatch-kernel: 3.10.0-1160.118.1.el7 kpatch-cve: CVE-2023-25775 kpatch-cvss: 9.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2023-25775 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/patch/?id=bb6d73d9add6 kpatch-name: rhel7/3.10.0-1160.118.1.el7/CVE-2023-25775-patch-1643-1699-rdma-i40iw-prevent-zero-length-stag-registration-kpatch.patch kpatch-description: RDMA/irdma: Prevent zero-length STAG registration (adaptation) kpatch-kernel: 5.15.0-89.99 kpatch-cve: CVE-2023-25775 kpatch-cvss: 9.8 kpatch-cve-url: https://ubuntu.com/security/CVE-2023-25775 kpatch-patch-url: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/patch/?id=bb6d73d9add68ad270888db327514384dfa44958 kpatch-name: rhel7/3.10.0-1160.123.1.el7/CVE-2024-36971-ELSCVE-27162-net-fix-__dst_negative_advice-race.patch kpatch-description: net: fix __dst_negative_advice() race kpatch-kernel: 3.10.0-1160.123.1.el7 kpatch-cve: CVE-2024-36971 kpatch-cvss: 7.8 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2024-36971 kpatch-patch-url: https://git.kernel.org/linus/92f1655aa2b2294d0b49925f3b875a634bd3b59e kpatch-name: rhel7/3.10.0-1160.123.1.el7/CVE-2022-1011-ELSCVE-14458-fuse-fix-pipe-buffer-lifetime-for-direc.patch kpatch-description: fuse: fix pipe buffer lifetime for direct_io kpatch-kernel: 3.10.0-1160.123.1.el7 kpatch-cve: CVE-2022-1011 kpatch-cvss: 7.0 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2022-1011 kpatch-patch-url: https://git.kernel.org/linus/0c4bcfdecb1ac0967619ee7ff44871d93c08c909 kpatch-name: rhel7/3.10.0-1160.123.1.el7/CVE-2022-1011-ELSCVE-14458-fuse-fix-pipe-buffer-lifetime-for-direc-kpatch.patch kpatch-description: fuse: fix pipe buffer lifetime for direct_io kpatch-kernel: 3.10.0-1160.123.1.el7 kpatch-cve: CVE-2022-1011 kpatch-cvss: 7.0 kpatch-cve-url: https://access.redhat.com/security/cve/CVE-2022-1011 kpatch-patch-url: https://git.kernel.org/linus/0c4bcfdecb1ac0967619ee7ff44871d93c08c909 kpatch-name: 3.10.0/proc-restrict-pagemap-access-1062.patch kpatch-description: Restrict access to pagemap/kpageflags/kpagecount kpatch-kernel: N/A kpatch-cve: N/A kpatch-cvss: N/A kpatch-cve-url: http://googleprojectzero.blogspot.ru/2015/03/exploiting-dram-rowhammer-bug-to-gain.html kpatch-patch-url: N/A uname: 3.10.0-1160.119.1.el7