> 020 SECURITY A missing range check in the vmm pvclock allows a guest to write to host memory.
> 019 SECURITY An incorrect check allows an attacker to trick mbox delivery into executing arbitrary commands as root and lmtp delivery into executing arbitrary commands as an unprivileged user.
> 018 RELIABILITY smtpd can crash on opportunistic TLS downgrade, causing a denial of service.
> 017 SECURITY Execution Unit state was not cleared on context switch with Intel Gen9 graphics hardware.
> 016 SECURITY ripd(8) fails to validate authentication lengths.
> 015 SECURITY ftp(1) will follow remote redirects to local files.
> 014 SECURITY ARM64 CPUs speculatively execute instructions after ERET.
> 013 SECURITY ld.so may fail to remove the LD_LIBRARY_PATH environment variable for set-user-ID and set-group-ID executables in low memory conditions.
> 012 SECURITY A user can log in with a different user’s login class.
> 011 SECURITY xenodm uses the libc authentication layer incorrectly.
> 010 SECURITY libc’s authentication layer performed insufficient username validation.
> 009 SECURITY Environment-provided paths are used for dlopen() in mesa, resulting in escalation to the auth group in xlock(1).
> 008 SECURITY Shared memory regions used by some Mesa drivers had permissions which allowed others to access that memory.
> 007 SECURITY A local user could cause the system to hang by reading specific registers when Intel Gen8/Gen9 graphics hardware is in a low power state. A local user could perform writes to memory that should be blocked with Intel Gen9 graphics hardware.
> 006 SECURITY A regular user could change some network interface parameters due to missing checks in the ioctl(2) system call.
> 005 RELIABILITY A new kernel may require newer firmware images when using sysupgrade.
> 004 RELIABILITY The kernel could crash due to a NULL pointer dereference in net80211.
> 003 RELIABILITY bgpd(8) can crash on nexthop changes or during startup in certain configurations.
> 002 RELIABILITY Various third party applications may crash due to symbol collision.
> 001 RELIABILITY bpf(4) has a race condition during device removal.