CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-49833 – btrfs: zoned: clone zoned device info when cloning a device
https://notcve.org/view.php?id=CVE-2022-49833
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: btrfs: zoned: clone zoned device info when cloning a device When cloning a btrfs_device, we're not cloning the associated btrfs_zoned_device_info structure of the device in case of a zoned filesystem. Later on this leads to a NULL pointer dereference when accessing the device's zone_info for instance when setting a zone as active. This was uncovered by fstests' testcase btrfs/161. In the Linux kernel, the following vulnerability has been re... • https://git.kernel.org/stable/c/ad88cabcec942c033f980cd1e28d56ecdaf5f3b8 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2022-49832 – pinctrl: devicetree: fix null pointer dereferencing in pinctrl_dt_to_map
https://notcve.org/view.php?id=CVE-2022-49832
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: pinctrl: devicetree: fix null pointer dereferencing in pinctrl_dt_to_map Here is the BUG report by KASAN about null pointer dereference: BUG: KASAN: null-ptr-deref in strcmp+0x2e/0x50 Read of size 1 at addr 0000000000000000 by task python3/2640 Call Trace: strcmp __of_find_property of_find_property pinctrl_dt_to_map kasprintf() would return NULL pointer when kmalloc() fail to allocate. So directly return ENOMEM, if kasprintf() return NULL p... • https://git.kernel.org/stable/c/57291ce295c0aca738dd284c4a9c591c09ebee71 •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2022-49831 – btrfs: zoned: initialize device's zone info for seeding
https://notcve.org/view.php?id=CVE-2022-49831
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: btrfs: zoned: initialize device's zone info for seeding When performing seeding on a zoned filesystem it is necessary to initialize each zoned device's btrfs_zoned_device_info structure, otherwise mounting the filesystem will cause a NULL pointer dereference. This was uncovered by fstests' testcase btrfs/163. In the Linux kernel, the following vulnerability has been resolved: btrfs: zoned: initialize device's zone info for seeding When perf... • https://git.kernel.org/stable/c/91c38504e589dadbcde47b1cacdfc5b684154d44 •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2022-49829 – drm/scheduler: fix fence ref counting
https://notcve.org/view.php?id=CVE-2022-49829
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/scheduler: fix fence ref counting We leaked dependency fences when processes were beeing killed. Additional to that grab a reference to the last scheduled fence. • https://git.kernel.org/stable/c/e5f4b38362df93594cb426b04979d8834122f159 •
CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 0CVE-2022-49828 – hugetlbfs: don't delete error page from pagecache
https://notcve.org/view.php?id=CVE-2022-49828
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: hugetlbfs: don't delete error page from pagecache This change is very similar to the change that was made for shmem [1], and it solves the same problem but for HugeTLBFS instead. Currently, when poison is found in a HugeTLB page, the page is removed from the page cache. That means that attempting to map or read that hugepage in the future will result in a new hugepage being allocated instead of notifying the user that the page was poisoned.... • https://git.kernel.org/stable/c/30571f28bb35c826219971c63bcf60d2517112ed •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-49825 – ata: libata-transport: fix error handling in ata_tport_add()
https://notcve.org/view.php?id=CVE-2022-49825
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: ata: libata-transport: fix error handling in ata_tport_add() In ata_tport_add(), the return value of transport_add_device() is not checked. As a result, it causes null-ptr-deref while removing the module, because transport_remove_device() is called to remove the device that was not added. Unable to handle kernel NULL pointer dereference at virtual address 00000000000000d0 CPU: 12 PID: 13605 Comm: rmmod Kdump: loaded Tainted: G W 6.1.0-rc3+ ... • https://git.kernel.org/stable/c/d9027470b88631d0956ac37cdadfdeb9cdcf2c99 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-49824 – ata: libata-transport: fix error handling in ata_tlink_add()
https://notcve.org/view.php?id=CVE-2022-49824
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: ata: libata-transport: fix error handling in ata_tlink_add() In ata_tlink_add(), the return value of transport_add_device() is not checked. As a result, it causes null-ptr-deref while removing the module, because transport_remove_device() is called to remove the device that was not added. Unable to handle kernel NULL pointer dereference at virtual address 00000000000000d0 CPU: 33 PID: 13850 Comm: rmmod Kdump: loaded Tainted: G W 6.1.0-rc3+ ... • https://git.kernel.org/stable/c/d9027470b88631d0956ac37cdadfdeb9cdcf2c99 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-49823 – ata: libata-transport: fix error handling in ata_tdev_add()
https://notcve.org/view.php?id=CVE-2022-49823
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: ata: libata-transport: fix error handling in ata_tdev_add() In ata_tdev_add(), the return value of transport_add_device() is not checked. As a result, it causes null-ptr-deref while removing the module, because transport_remove_device() is called to remove the device that was not added. Unable to handle kernel NULL pointer dereference at virtual address 00000000000000d0 CPU: 13 PID: 13603 Comm: rmmod Kdump: loaded Tainted: G W 6.1.0-rc3+ #3... • https://git.kernel.org/stable/c/d9027470b88631d0956ac37cdadfdeb9cdcf2c99 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2022-49821 – mISDN: fix possible memory leak in mISDN_dsp_element_register()
https://notcve.org/view.php?id=CVE-2022-49821
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: mISDN: fix possible memory leak in mISDN_dsp_element_register() Afer commit 1fa5ae857bb1 ("driver core: get rid of struct device's bus_id string array"), the name of device is allocated dynamically, use put_device() to give up the reference, so that the name can be freed in kobject_cleanup() when the refcount is 0. The 'entry' is going to be freed in mISDN_dsp_dev_release(), so the kfree() is removed. list_del() is called in mISDN_dsp_dev_r... • https://git.kernel.org/stable/c/1fa5ae857bb14f6046205171d98506d8112dd74e •
CVSS: 6.3EPSS: 0%CPEs: 7EXPL: 0CVE-2022-49814 – kcm: close race conditions on sk_receive_queue
https://notcve.org/view.php?id=CVE-2022-49814
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: kcm: close race conditions on sk_receive_queue sk->sk_receive_queue is protected by skb queue lock, but for KCM sockets its RX path takes mux->rx_lock to protect more than just skb queue. However, kcm_recvmsg() still only grabs the skb queue lock, so race conditions still exist. We can teach kcm_recvmsg() to grab mux->rx_lock too but this would introduce a potential performance regression as struct kcm_mux can be shared by multiple KCM sock... • https://git.kernel.org/stable/c/ab7ac4eb9832e32a09f4e8042705484d2fb0aad3 •