CVSS: 5.5EPSS: %CPEs: 6EXPL: 0CVE-2022-49571 – tcp: Fix data-races around sysctl_tcp_max_reordering.
https://notcve.org/view.php?id=CVE-2022-49571
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: tcp: Fix data-races around sysctl_tcp_max_reordering. While reading sysctl_tcp_max_reordering, it can be changed concurrently. Thus, we need to add READ_ONCE() to its readers. In the Linux kernel, the following vulnerability has been resolved: tcp: Fix data-races around sysctl_tcp_max_reordering. While reading sysctl_tcp_max_reordering, it can be changed concurrently. • https://git.kernel.org/stable/c/dca145ffaa8d39ea1904491ac81b92b7049372c0 •
CVSS: 5.5EPSS: %CPEs: 5EXPL: 0CVE-2022-49569 – spi: bcm2835: bcm2835_spi_handle_err(): fix NULL pointer deref for non DMA transfers
https://notcve.org/view.php?id=CVE-2022-49569
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: spi: bcm2835: bcm2835_spi_handle_err(): fix NULL pointer deref for non DMA transfers In case a IRQ based transfer times out the bcm2835_spi_handle_err() function is called. Since commit 1513ceee70f2 ("spi: bcm2835: Drop dma_pending flag") the TX and RX DMA transfers are unconditionally canceled, leading to NULL pointer derefs if ctlr->dma_tx or ctlr->dma_rx are not set. Fix the NULL pointer deref by checking that ctlr->dma_tx and ctlr->dma_... • https://git.kernel.org/stable/c/1513ceee70f2bd523e025efe0c715328e1a43ffd •
CVSS: 5.5EPSS: %CPEs: 5EXPL: 0CVE-2022-49568 – KVM: Don't null dereference ops->destroy
https://notcve.org/view.php?id=CVE-2022-49568
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: KVM: Don't null dereference ops->destroy A KVM device cleanup happens in either of two callbacks: 1) destroy() which is called when the VM is being destroyed; 2) release() which is called when a device fd is closed. Most KVM devices use 1) but Book3s's interrupt controller KVM devices (XICS, XIVE, XIVE-native) use 2) as they need to close and reopen during the machine execution. The error handling in kvm_ioctl_create_device() assumes destro... • https://git.kernel.org/stable/c/170465715a60cbb7876e6b961b21bd3225469da8 •
CVSS: 7.0EPSS: %CPEs: 8EXPL: 0CVE-2022-49567 – mm/mempolicy: fix uninit-value in mpol_rebind_policy()
https://notcve.org/view.php?id=CVE-2022-49567
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: mm/mempolicy: fix uninit-value in mpol_rebind_policy() mpol_set_nodemask()(mm/mempolicy.c) does not set up nodemask when pol->mode is MPOL_LOCAL. Check pol->mode before access pol->w.cpuset_mems_allowed in mpol_rebind_policy()(mm/mempolicy.c). BUG: KMSAN: uninit-value in mpol_rebind_policy mm/mempolicy.c:352 [inline] BUG: KMSAN: uninit-value in mpol_rebind_task+0x2ac/0x2c0 mm/mempolicy.c:368 mpol_rebind_policy mm/mempolicy.c:352 [inline] mp... • https://git.kernel.org/stable/c/5735845906fb1d90fe597f8b503fc0a857d475e3 •
CVSS: 7.1EPSS: %CPEs: 3EXPL: 0CVE-2022-49566 – crypto: qat - fix memory leak in RSA
https://notcve.org/view.php?id=CVE-2022-49566
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: crypto: qat - fix memory leak in RSA When an RSA key represented in form 2 (as defined in PKCS #1 V2.1) is used, some components of the private key persist even after the TFM is released. Replace the explicit calls to free the buffers in qat_rsa_exit_tfm() with a call to qat_rsa_clear_ctx() which frees all buffers referenced in the TFM context. In the Linux kernel, the following vulnerability has been resolved: crypto: qat - fix memory leak... • https://git.kernel.org/stable/c/879f77e9071f029e1c9bd5a75814ecf51370f846 •
CVSS: 7.8EPSS: %CPEs: 3EXPL: 0CVE-2022-49564 – crypto: qat - add param check for DH
https://notcve.org/view.php?id=CVE-2022-49564
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: crypto: qat - add param check for DH Reject requests with a source buffer that is bigger than the size of the key. This is to prevent a possible integer underflow that might happen when copying the source scatterlist into a linear buffer. In the Linux kernel, the following vulnerability has been resolved: crypto: qat - add param check for DH Reject requests with a source buffer that is bigger than the size of the key. This is to prevent a p... • https://git.kernel.org/stable/c/e7f979ed51f96495328157df663c835b17db1e30 •
CVSS: 7.8EPSS: %CPEs: 3EXPL: 0CVE-2022-49563 – crypto: qat - add param check for RSA
https://notcve.org/view.php?id=CVE-2022-49563
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: crypto: qat - add param check for RSA Reject requests with a source buffer that is bigger than the size of the key. This is to prevent a possible integer underflow that might happen when copying the source scatterlist into a linear buffer. In the Linux kernel, the following vulnerability has been resolved: crypto: qat - add param check for RSA Reject requests with a source buffer that is bigger than the size of the key. This is to prevent a... • https://git.kernel.org/stable/c/4d6d2adce08788b7667a6e58002682ea1bbf6a79 •
CVSS: 7.8EPSS: %CPEs: 3EXPL: 0CVE-2022-49562 – KVM: x86: Use __try_cmpxchg_user() to update guest PTE A/D bits
https://notcve.org/view.php?id=CVE-2022-49562
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Use __try_cmpxchg_user() to update guest PTE A/D bits Use the recently introduced __try_cmpxchg_user() to update guest PTE A/D bits instead of mapping the PTE into kernel address space. The VM_PFNMAP path is broken as it assumes that vm_pgoff is the base pfn of the mapped VMA range, which is conceptually wrong as vm_pgoff is the offset relative to the file and has nothing to do with the pfn. The horrific hack worked for the origin... • https://git.kernel.org/stable/c/bd53cb35a3e9adb73a834a36586e9ad80e877767 •
CVSS: 6.3EPSS: %CPEs: 8EXPL: 0CVE-2022-49561 – netfilter: conntrack: re-fetch conntrack after insertion
https://notcve.org/view.php?id=CVE-2022-49561
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: netfilter: conntrack: re-fetch conntrack after insertion In case the conntrack is clashing, insertion can free skb->_nfct and set skb->_nfct to the already-confirmed entry. This wasn't found before because the conntrack entry and the extension space used to free'd after an rcu grace period, plus the race needs events enabled to trigger. In the Linux kernel, the following vulnerability has been resolved: netfilter: conntrack: re-fetch conntr... • https://git.kernel.org/stable/c/71d8c47fc653711c41bc3282e5b0e605b3727956 •
CVSS: 5.6EPSS: %CPEs: 7EXPL: 0CVE-2022-49558 – netfilter: nf_tables: double hook unregistration in netns path
https://notcve.org/view.php?id=CVE-2022-49558
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: double hook unregistration in netns path __nft_release_hooks() is called from pre_netns exit path which unregisters the hooks, then the NETDEV_UNREGISTER event is triggered which unregisters the hooks again. [ 565.221461] WARNING: CPU: 18 PID: 193 at net/netfilter/core.c:495 __nf_unregister_net_hook+0x247/0x270 [...] [ 565.246890] CPU: 18 PID: 193 Comm: kworker/u64:1 Tainted: G E 5.18.0-rc7+ #27 [ 565.253682] Workqueue... • https://git.kernel.org/stable/c/767d1216bff82507c945e92fe719dff2083bb2f4 •