CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2022-49727 – ipv6: Fix signed integer overflow in l2tp_ip6_sendmsg
https://notcve.org/view.php?id=CVE-2022-49727
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: ipv6: Fix signed integer overflow in l2tp_ip6_sendmsg When len >= INT_MAX - transhdrlen, ulen = len + transhdrlen will be overflow. To fix, we can follow what udpv6 does and subtract the transhdrlen from the max. In the Linux kernel, the following vulnerability has been resolved: ipv6: Fix signed integer overflow in l2tp_ip6_sendmsg When len >= INT_MAX - transhdrlen, ulen = len + transhdrlen will be overflow. To fix, we can follow what udpv... • https://git.kernel.org/stable/c/2cf73c7cb6125083408d77f43d0e84d86aed0000 •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2022-49726 – clocksource: hyper-v: unexport __init-annotated hv_init_clocksource()
https://notcve.org/view.php?id=CVE-2022-49726
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: clocksource: hyper-v: unexport __init-annotated hv_init_clocksource() EXPORT_SYMBOL and __init is a bad combination because the .init.text section is freed up after the initialization. Hence, modules cannot use symbols annotated __init. The access to a freed symbol may end up with kernel panic. modpost used to detect it, but it has been broken for a decade. Recently, I fixed modpost so it started to warn it again, then this showed up in lin... • https://git.kernel.org/stable/c/dd2cb348613b44f9d948b068775e159aad298599 •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2022-49725 – i40e: Fix call trace in setup_tx_descriptors
https://notcve.org/view.php?id=CVE-2022-49725
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: i40e: Fix call trace in setup_tx_descriptors After PF reset and ethtool -t there was call trace in dmesg sometimes leading to panic. When there was some time, around 5 seconds, between reset and test there were no errors. Problem was that pf reset calls i40e_vsi_close in prep_for_reset and ethtool -t calls i40e_vsi_close in diag_test. If there was not enough time between those commands the second i40e_vsi_close starts before previous i40e_v... • https://git.kernel.org/stable/c/e17bc411aea8fbebc51857037f104ab09f765120 •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2022-49724 – tty: goldfish: Fix free_irq() on remove
https://notcve.org/view.php?id=CVE-2022-49724
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: tty: goldfish: Fix free_irq() on remove Pass the correct dev_id to free_irq() to fix this splat when the driver is unbound: WARNING: CPU: 0 PID: 30 at kernel/irq/manage.c:1895 free_irq Trying to free already-free IRQ 65 Call Trace: warn_slowpath_fmt free_irq goldfish_tty_remove platform_remove device_remove device_release_driver_internal device_driver_detach unbind_store drv_attr_store ... In the Linux kernel, the following vulnerability ha... • https://git.kernel.org/stable/c/465893e18878e119d8d0255439fad8debbd646fd •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-49723 – drm/i915/reset: Fix error_state_read ptr + offset use
https://notcve.org/view.php?id=CVE-2022-49723
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/i915/reset: Fix error_state_read ptr + offset use Fix our pointer offset usage in error_state_read when there is no i915_gpu_coredump but buf offset is non-zero. This fixes a kernel page fault can happen when multiple tests are running concurrently in a loop and one is producing engine resets and consuming the i915 error_state dump while the other is forcing full GT resets. (takes a while to trigger). The dmesg call trace: [ 5590.803000... • https://git.kernel.org/stable/c/0e39037b3165567660b0e03f67534da5269a0465 •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-49722 – ice: Fix memory corruption in VF driver
https://notcve.org/view.php?id=CVE-2022-49722
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: ice: Fix memory corruption in VF driver Disable VF's RX/TX queues, when it's disabled. VF can have queues enabled, when it requests a reset. If PF driver assumes that VF is disabled, while VF still has queues configured, VF may unmap DMA resources. In such scenario device still can map packets to memory, which ends up silently corrupting it. Previously, VF driver could experience memory corruption, which lead to crash: [ 5119.170157] BUG: u... • https://git.kernel.org/stable/c/ec4f5a436bdf0e5453ad15c4f34a59b9b675ff48 •
CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 0CVE-2022-49721 – arm64: ftrace: consistently handle PLTs.
https://notcve.org/view.php?id=CVE-2022-49721
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: arm64: ftrace: consistently handle PLTs. Sometimes it is necessary to use a PLT entry to call an ftrace trampoline. This is handled by ftrace_make_call() and ftrace_make_nop(), with each having *almost* identical logic, but this is not handled by ftrace_modify_call() since its introduction in commit: 3b23e4991fb66f6d ("arm64: implement ftrace with regs") Due to this, if we ever were to call ftrace_modify_call() for a callsite which requires... • https://git.kernel.org/stable/c/3b23e4991fb66f6d152f9055ede271a726ef9f21 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-49720 – block: Fix handling of offline queues in blk_mq_alloc_request_hctx()
https://notcve.org/view.php?id=CVE-2022-49720
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: block: Fix handling of offline queues in blk_mq_alloc_request_hctx() This patch prevents that test nvme/004 triggers the following: UBSAN: array-index-out-of-bounds in block/blk-mq.h:135:9 index 512 is out of range for type 'long unsigned int [512]' Call Trace: show_stack+0x52/0x58 dump_stack_lvl+0x49/0x5e dump_stack+0x10/0x12 ubsan_epilogue+0x9/0x3b __ubsan_handle_out_of_bounds.cold+0x44/0x49 blk_mq_alloc_request_hctx+0x304/0x310 __nvme_su... • https://git.kernel.org/stable/c/20e4d813931961fe26d26a1e98b3aba6ec00b130 •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2022-49719 – irqchip/gic/realview: Fix refcount leak in realview_gic_of_init
https://notcve.org/view.php?id=CVE-2022-49719
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: irqchip/gic/realview: Fix refcount leak in realview_gic_of_init of_find_matching_node_and_match() returns a node pointer with refcount incremented, we should use of_node_put() on it when not need anymore. Add missing of_node_put() to avoid refcount leak. In the Linux kernel, the following vulnerability has been resolved: irqchip/gic/realview: Fix refcount leak in realview_gic_of_init of_find_matching_node_and_match() returns a node pointer ... • https://git.kernel.org/stable/c/82b0a434b436f5da69ddd24bd6a6fa5dc4484310 •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-49718 – irqchip/apple-aic: Fix refcount leak in aic_of_ic_init
https://notcve.org/view.php?id=CVE-2022-49718
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: irqchip/apple-aic: Fix refcount leak in aic_of_ic_init of_get_child_by_name() returns a node pointer with refcount incremented, we should use of_node_put() on it when not need anymore. Add missing of_node_put() to avoid refcount leak. In the Linux kernel, the following vulnerability has been resolved: irqchip/apple-aic: Fix refcount leak in aic_of_ic_init of_get_child_by_name() returns a node pointer with refcount incremented, we should use... • https://git.kernel.org/stable/c/a5e8801202b318622ea526aa5625e5f7eceb4d26 •