CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 0CVE-2022-49885 – ACPI: APEI: Fix integer overflow in ghes_estatus_pool_init()
https://notcve.org/view.php?id=CVE-2022-49885
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: ACPI: APEI: Fix integer overflow in ghes_estatus_pool_init() Change num_ghes from int to unsigned int, preventing an overflow and causing subsequent vmalloc() to fail. The overflow happens in ghes_estatus_pool_init() when calculating len during execution of the statement below as both multiplication operands here are signed int: len += (num_ghes * GHES_ESOURCE_PREALLOC_MAX_SIZE); The following call trace is observed because of this bug: [ 9... • https://git.kernel.org/stable/c/9edf20e5a1d805855e78f241cf221d741b50d482 •
CVSS: 8.5EPSS: 0%CPEs: 6EXPL: 0CVE-2022-49881 – wifi: cfg80211: fix memory leak in query_regdb_file()
https://notcve.org/view.php?id=CVE-2022-49881
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: fix memory leak in query_regdb_file() In the function query_regdb_file() the alpha2 parameter is duplicated using kmemdup() and subsequently freed in regdb_fw_cb(). However, request_firmware_nowait() can fail without calling regdb_fw_cb() and thus leak memory. In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: fix memory leak in query_regdb_file() In the function query_regdb_file() the alpha2... • https://git.kernel.org/stable/c/007f6c5e6eb45c81ee89368a5f226572ae638831 •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2022-49880 – ext4: fix warning in 'ext4_da_release_space'
https://notcve.org/view.php?id=CVE-2022-49880
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: ext4: fix warning in 'ext4_da_release_space' Syzkaller report issue as follows: EXT4-fs (loop0): Free/Dirty block details EXT4-fs (loop0): free_blocks=0 EXT4-fs (loop0): dirty_blocks=0 EXT4-fs (loop0): Block reservation details EXT4-fs (loop0): i_reserved_data_blocks=0 EXT4-fs warning (device loop0): ext4_da_release_space:1527: ext4_da_release_space: ino 18, to_free 1 with only 0 reserved data blocks ------------[ cut here ]------------ WAR... • https://git.kernel.org/stable/c/0de5ee103747fd3a24f1c010c79caabe35e8f0bb •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2022-49879 – ext4: fix BUG_ON() when directory entry has invalid rec_len
https://notcve.org/view.php?id=CVE-2022-49879
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: ext4: fix BUG_ON() when directory entry has invalid rec_len The rec_len field in the directory entry has to be a multiple of 4. A corrupted filesystem image can be used to hit a BUG() in ext4_rec_len_to_disk(), called from make_indexed_dir(). ------------[ cut here ]------------ kernel BUG at fs/ext4/ext4.h:2413! ... RIP: 0010:make_indexed_dir+0x53f/0x5f0 ... Call Trace: <TASK> ? • https://git.kernel.org/stable/c/2fa24d0274fbf913b56ee31f15bc01168669d909 •
CVSS: 6.6EPSS: 0%CPEs: 7EXPL: 0CVE-2022-49877 – bpf, sockmap: Fix the sk->sk_forward_alloc warning of sk_stream_kill_queues
https://notcve.org/view.php?id=CVE-2022-49877
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: bpf, sockmap: Fix the sk->sk_forward_alloc warning of sk_stream_kill_queues When running `test_sockmap` selftests, the following warning appears: WARNING: CPU: 2 PID: 197 at net/core/stream.c:205 sk_stream_kill_queues+0xd3/0xf0 Call Trace:
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2022-49874 – HID: hyperv: fix possible memory leak in mousevsc_probe()
https://notcve.org/view.php?id=CVE-2022-49874
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: HID: hyperv: fix possible memory leak in mousevsc_probe() If hid_add_device() returns error, it should call hid_destroy_device() to free hid_dev which is allocated in hid_allocate_device(). In the Linux kernel, the following vulnerability has been resolved: HID: hyperv: fix possible memory leak in mousevsc_probe() If hid_add_device() returns error, it should call hid_destroy_device() to free hid_dev which is allocated in hid_allocate_device... • https://git.kernel.org/stable/c/74c4fb058083b47571a4f76dcfce95085f2d8098 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-49873 – bpf: Fix wrong reg type conversion in release_reference()
https://notcve.org/view.php?id=CVE-2022-49873
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: bpf: Fix wrong reg type conversion in release_reference() Some helper functions will allocate memory. To avoid memory leaks, the verifier requires the eBPF program to release these memories by calling the corresponding helper functions. When a resource is released, all pointer registers corresponding to the resource should be invalidated. The verifier use release_references() to do this job, by apply __mark_reg_unknown() to each relevant re... • https://git.kernel.org/stable/c/fd978bf7fd312581a7ca454a991f0ffb34c4204b •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2022-49872 – net: gso: fix panic on frag_list with mixed head alloc types
https://notcve.org/view.php?id=CVE-2022-49872
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: net: gso: fix panic on frag_list with mixed head alloc types Since commit 3dcbdb134f32 ("net: gso: Fix skb_segment splat when splitting gso_size mangled skb having linear-headed frag_list"), it is allowed to change gso_size of a GRO packet. However, that commit assumes that "checking the first list_skb member suffices; i.e if either of the list_skb members have non head_frag head, then the first one has too". It turns out this assumption do... • https://git.kernel.org/stable/c/162a5a8c3aff15c449e6b38355cdf80ab4f77a5a •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2022-49871 – net: tun: Fix memory leaks of napi_get_frags
https://notcve.org/view.php?id=CVE-2022-49871
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: net: tun: Fix memory leaks of napi_get_frags kmemleak reports after running test_progs: unreferenced object 0xffff8881b1672dc0 (size 232): comm "test_progs", pid 394388, jiffies 4354712116 (age 841.975s) hex dump (first 32 bytes): e0 84 d7 a8 81 88 ff ff 80 2c 67 b1 81 88 ff ff .........,g..... 00 40 c5 9b 81 88 ff ff 00 00 00 00 00 00 00 00 .@.............. backtrace: [<00000000c8f01748>] napi_skb_cache_get+0xd4/0x150 [<0000000041c7fc09>] ... • https://git.kernel.org/stable/c/90e33d45940793def6f773b2d528e9f3c84ffdc7 •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2022-49870 – capabilities: fix undefined behavior in bit shift for CAP_TO_MASK
https://notcve.org/view.php?id=CVE-2022-49870
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: capabilities: fix undefined behavior in bit shift for CAP_TO_MASK Shifting signed 32-bit value by 31 bits is undefined, so changing significant bit to unsigned. The UBSAN warning calltrace like below: UBSAN: shift-out-of-bounds in security/commoncap.c:1252:2 left shift of 1 by 31 places cannot be represented in type 'int' Call Trace: