CVSS: -EPSS: 0%CPEs: 9EXPL: 0CVE-2022-49166 – ntfs: add sanity check on allocation size
https://notcve.org/view.php?id=CVE-2022-49166
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: ntfs: add sanity check on allocation size ntfs_read_inode_mount invokes ntfs_malloc_nofs with zero allocation size. It triggers one BUG in the __ntfs_malloc function. Fix this by adding sanity check on ni->attr_list_size. • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 •
CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2022-49164 – powerpc/tm: Fix more userspace r13 corruption
https://notcve.org/view.php?id=CVE-2022-49164
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: powerpc/tm: Fix more userspace r13 corruption Commit cf13435b730a ("powerpc/tm: Fix userspace r13 corruption") fixes a problem in treclaim where a SLB miss can occur on the thread_struct->ckpt_regs while SCRATCH0 is live with the saved user r13 value, clobbering it with the kernel r13 and ultimately resulting in kernel r13 being stored in ckpt_regs. There is an equivalent problem in trechkpt where the user r13 value is loaded into r13 from ... • https://git.kernel.org/stable/c/98ae22e15b430bfed5def01ac1a88ec9396284c8 •
CVSS: -EPSS: 0%CPEs: 9EXPL: 0CVE-2022-49162 – video: fbdev: sm712fb: Fix crash in smtcfb_write()
https://notcve.org/view.php?id=CVE-2022-49162
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: video: fbdev: sm712fb: Fix crash in smtcfb_write() When the sm712fb driver writes three bytes to the framebuffer, the driver will crash: BUG: unable to handle page fault for address: ffffc90001ffffff RIP: 0010:smtcfb_write+0x454/0x5b0 Call Trace: vfs_write+0x291/0xd60 ? do_sys_openat2+0x27d/0x350 ? __fget_light+0x54/0x340 ksys_write+0xce/0x190 do_syscall_64+0x43/0x90 entry_SYSCALL_64_after_hwframe+0x44/0xae Fix it by removing the open-coded... • https://git.kernel.org/stable/c/d7edf47947f9d921be6ca5fc8e83049124466f98 •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2022-49157 – scsi: qla2xxx: Fix premature hw access after PCI error
https://notcve.org/view.php?id=CVE-2022-49157
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix premature hw access after PCI error After a recoverable PCI error has been detected and recovered, qla driver needs to check to see if the error condition still persist and/or wait for the OS to give the resume signal. Sep 8 22:26:03 localhost kernel: WARNING: CPU: 9 PID: 124606 at qla_tmpl.c:440 qla27xx_fwdt_entry_t266+0x55/0x60 [qla2xxx] Sep 8 22:26:03 localhost kernel: RIP: 0010:qla27xx_fwdt_entry_t266+0x55/0x60 [qla2x... • https://git.kernel.org/stable/c/858808019313f217d63ec4ad26686e6fb7b08c19 •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2022-49139 – Bluetooth: fix null ptr deref on hci_sync_conn_complete_evt
https://notcve.org/view.php?id=CVE-2022-49139
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: fix null ptr deref on hci_sync_conn_complete_evt This event is just specified for SCO and eSCO link types. On the reception of a HCI_Synchronous_Connection_Complete for a BDADDR of an existing LE connection, LE link type and a status that triggers the second case of the packet processing a NULL pointer dereference happens, as conn->link is NULL. This update provides the initial livepatch for this kernel update. This update does n... • https://git.kernel.org/stable/c/efc7688b557dd1be10eead7399b315efcb1dbc74 • CWE-476: NULL Pointer Dereference •
CVSS: 5.7EPSS: 0%CPEs: 2EXPL: 0CVE-2022-49138 – Bluetooth: hci_event: Ignore multiple conn complete events
https://notcve.org/view.php?id=CVE-2022-49138
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_event: Ignore multiple conn complete events When one of the three connection complete events is received multiple times for the same handle, the device is registered multiple times which leads to memory corruptions. Therefore, consequent events for a single connection are ignored. The conn->state can hold different values, therefore HCI_CONN_HANDLE_UNSET is introduced to identify new connections. To make sure the events do no... • https://git.kernel.org/stable/c/7d0db0a373195385a2e0b19d1f5e4b186fdcffac •
CVSS: 4.4EPSS: 0%CPEs: 2EXPL: 0CVE-2022-49124 – x86/mce: Work around an erratum on fast string copy instructions
https://notcve.org/view.php?id=CVE-2022-49124
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: x86/mce: Work around an erratum on fast string copy instructions A rare kernel panic scenario can happen when the following conditions are met due to an erratum on fast string copy instructions: 1) An uncorrected error. 2) That error must be in first cache line of a page. 3) Kernel must execute page_copy from the page immediately before that page. The fast string copy instructions ("REP; MOVS*") could consume an uncorrectable memory error i... • https://git.kernel.org/stable/c/27fbe5b28a2ffef171c6005f304ea4f80fcdcc01 • CWE-99: Improper Control of Resource Identifiers ('Resource Injection') •
CVSS: 7.3EPSS: 0%CPEs: 9EXPL: 0CVE-2022-49122 – dm ioctl: prevent potential spectre v1 gadget
https://notcve.org/view.php?id=CVE-2022-49122
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: dm ioctl: prevent potential spectre v1 gadget It appears like cmd could be a Spectre v1 gadget as it's supplied by a user and used as an array index. Prevent the contents of kernel memory from being leaked to userspace via speculative execution by using array_index_nospec. A vulnerability was found in the Linux kernel's `dm-ioctl` interface in the `lookup_ioctl()` function, which accepts a user-provided `cmd` value that is used to index the... • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2022-49121 – scsi: pm8001: Fix tag leaks on error
https://notcve.org/view.php?id=CVE-2022-49121
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: scsi: pm8001: Fix tag leaks on error In pm8001_chip_set_dev_state_req(), pm8001_chip_fw_flash_update_req(), pm80xx_chip_phy_ctl_req() and pm8001_chip_reg_dev_req() add missing calls to pm8001_tag_free() to free the allocated tag when pm8001_mpi_build_cmd() fails. Similarly, in pm8001_exec_internal_task_abort(), if the chip ->task_abort method fails, the tag allocated for the abort request task must be freed. Add the missing call to pm8001_t... • https://git.kernel.org/stable/c/dbf9bfe615717d1145f263c0049fe2328e6ed395 •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2022-49120 – scsi: pm8001: Fix task leak in pm8001_send_abort_all()
https://notcve.org/view.php?id=CVE-2022-49120
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: scsi: pm8001: Fix task leak in pm8001_send_abort_all() In pm8001_send_abort_all(), make sure to free the allocated sas task if pm8001_tag_alloc() or pm8001_mpi_build_cmd() fail. • https://git.kernel.org/stable/c/c6b9ef5779c3e1edfa9de949d2a51252bc347663 •