> 023 RELIABILITY Local outbound UDP broadcast or multicast packets sent by a spliced socket can crash the kernel.
> 022 RELIABILITY Missing input validation in sysctl(2) can be used to crash the kernel.
> 021 SECURITY An out of bounds read in smtpd allows an attacker to inject arbitrary commands into the envelope file which are then executed as root. Separately, missing privilege revocation in smtpctl allows arbitrary commands to be run with the _smtpq group.
> 020 SECURITY A missing range check in the vmm pvclock allows a guest to write to host memory.
> 019 SECURITY An incorrect check allows an attacker to trick mbox delivery into executing arbitrary commands as root and lmtp delivery into executing arbitrary commands as an unprivileged user.
> 018 RELIABILITY smtpd can crash on opportunistic TLS downgrade, causing a denial of service.
> 017 SECURITY Execution Unit state was not cleared on context switch with Intel Gen9 graphics hardware.
> 016 SECURITY ripd(8) fails to validate authentication lengths.
> 015 SECURITY ftp(1) will follow remote redirects to local files.
> 014 SECURITY ARM64 CPUs speculatively execute instructions after ERET.
> 013 SECURITY ld.so may fail to remove the LD_LIBRARY_PATH environment variable for set-user-ID and set-group-ID executables in low memory conditions.
> 012 SECURITY A user can log in with a different user’s login class.
> 011 SECURITY xenodm uses the libc authentication layer incorrectly.
> 010 SECURITY libc’s authentication layer performed insufficient username validation.
> 009 SECURITY Environment-provided paths are used for dlopen() in mesa, resulting in escalation to the auth group in xlock(1).
> 008 SECURITY Shared memory regions used by some Mesa drivers had permissions which allowed others to access that memory.
> 007 SECURITY A local user could cause the system to hang by reading specific registers when Intel Gen8/Gen9 graphics hardware is in a low power state. A local user could perform writes to memory that should be blocked with Intel Gen9 graphics hardware.
> 006 SECURITY A regular user could change some network interface parameters due to missing checks in the ioctl(2) system call.
> 005 RELIABILITY A new kernel may require newer firmware images when using sysupgrade.
> 004 RELIABILITY The kernel could crash due to a NULL pointer dereference in net80211.
> 003 RELIABILITY bgpd(8) can crash on nexthop changes or during startup in certain configurations.
> 002 RELIABILITY Various third party applications may crash due to symbol collision.
> 001 RELIABILITY bpf(4) has a race condition during device removal.