CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2022-49851 – riscv: fix reserved memory setup
https://notcve.org/view.php?id=CVE-2022-49851
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: riscv: fix reserved memory setup Currently, RISC-V sets up reserved memory using the "early" copy of the device tree. As a result, when trying to get a reserved memory region using of_reserved_mem_lookup(), the pointer to reserved memory regions is using the early, pre-virtual-memory address which causes a kernel panic when trying to use the buffer's name: Unable to handle kernel paging request at virtual address 00000000401c31ac Oops [#1] ... • https://git.kernel.org/stable/c/922b0375fc93fb1a20c5617e37c389c26bbccb70 •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2022-49850 – nilfs2: fix deadlock in nilfs_count_free_blocks()
https://notcve.org/view.php?id=CVE-2022-49850
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix deadlock in nilfs_count_free_blocks() A semaphore deadlock can occur if nilfs_get_block() detects metadata corruption while locating data blocks and a superblock writeback occurs at the same time: task 1 task 2 ------ ------ * A file operation * nilfs_truncate() nilfs_get_block() down_read(rwsem A) <-- nilfs_bmap_lookup_contig() ... generic_shutdown_super() nilfs_put_super() * Prepare to write superblock * down_write(rwsem B) <-... • https://git.kernel.org/stable/c/e828949e5b42bfd234ee537cdb7c5e3a577958a3 •
CVSS: 7.3EPSS: 0%CPEs: 8EXPL: 0CVE-2022-49846 – udf: Fix a slab-out-of-bounds write bug in udf_find_entry()
https://notcve.org/view.php?id=CVE-2022-49846
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: udf: Fix a slab-out-of-bounds write bug in udf_find_entry() Syzbot reported a slab-out-of-bounds Write bug: loop0: detected capacity change from 0 to 2048 ================================================================== BUG: KASAN: slab-out-of-bounds in udf_find_entry+0x8a5/0x14f0 fs/udf/namei.c:253 Write of size 105 at addr ffff8880123ff896 by task syz-executor323/3610 CPU: 0 PID: 3610 Comm: syz-executor323 Not tainted 6.1.0-rc2-syzkalle... • https://git.kernel.org/stable/c/066b9cded00b8e3212df74a417bb074f3f3a1fe0 •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2022-49845 – can: j1939: j1939_send_one(): fix missing CAN header initialization
https://notcve.org/view.php?id=CVE-2022-49845
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: can: j1939: j1939_send_one(): fix missing CAN header initialization The read access to struct canxl_frame::len inside of a j1939 created skbuff revealed a missing initialization of reserved and later filled elements in struct can_frame. This patch initializes the 8 byte CAN header with zero. In the Linux kernel, the following vulnerability has been resolved: can: j1939: j1939_send_one(): fix missing CAN header initialization The read access... • https://git.kernel.org/stable/c/9d71dd0c70099914fcd063135da3c580865e924c •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-49843 – drm/amdkfd: Migrate in CPU page fault use current mm
https://notcve.org/view.php?id=CVE-2022-49843
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Migrate in CPU page fault use current mm migrate_vma_setup shows below warning because we don't hold another process mm mmap_lock. We should use current vmf->vma->vm_mm instead, the caller already hold current mmap lock inside CPU page fault handler. WARNING: CPU: 10 PID: 3054 at include/linux/mmap_lock.h:155 find_vma Call Trace: walk_page_range+0x76/0x150 migrate_vma_setup+0x18a/0x640 svm_migrate_vram_to_ram+0x245/0xa10 [amdgpu... • https://git.kernel.org/stable/c/3a876060892ba52dd67d197c78b955e62657d906 •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2022-49842 – ASoC: core: Fix use-after-free in snd_soc_exit()
https://notcve.org/view.php?id=CVE-2022-49842
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: ASoC: core: Fix use-after-free in snd_soc_exit() KASAN reports a use-after-free: BUG: KASAN: use-after-free in device_del+0xb5b/0xc60 Read of size 8 at addr ffff888008655050 by task rmmod/387 CPU: 2 PID: 387 Comm: rmmod Hardware name: QEMU Standard PC (i440FX + PIIX, 1996) Call Trace:
CVSS: 7.1EPSS: 0%CPEs: 6EXPL: 0CVE-2022-49841 – serial: imx: Add missing .thaw_noirq hook
https://notcve.org/view.php?id=CVE-2022-49841
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: serial: imx: Add missing .thaw_noirq hook The following warning is seen with non-console UART instance when system hibernates. [ 37.371969] ------------[ cut here ]------------ [ 37.376599] uart3_root_clk already disabled [ 37.380810] WARNING: CPU: 0 PID: 296 at drivers/clk/clk.c:952 clk_core_disable+0xa4/0xb0 ... [ 37.506986] Call trace: [ 37.509432] clk_core_disable+0xa4/0xb0 [ 37.513270] clk_disable+0x34/0x50 [ 37.516672] imx_uart_thaw+0... • https://git.kernel.org/stable/c/09df0b3464e528c6a4ca2c48d9ff6d2fd7cbd775 •
CVSS: 7.1EPSS: 0%CPEs: 7EXPL: 0CVE-2022-49840 – bpf, test_run: Fix alignment problem in bpf_prog_test_run_skb()
https://notcve.org/view.php?id=CVE-2022-49840
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: bpf, test_run: Fix alignment problem in bpf_prog_test_run_skb() We got a syzkaller problem because of aarch64 alignment fault if KFENCE enabled. When the size from user bpf program is an odd number, like 399, 407, etc, it will cause the struct skb_shared_info's unaligned access. As seen below: BUG: KFENCE: use-after-free read in __skb_clone+0x23c/0x2a0 net/core/skbuff.c:1032 Use-after-free read at 0xffff6254fffac077 (in kfence-#213): __lse_... • https://git.kernel.org/stable/c/1cf1cae963c2e6032aebe1637e995bc2f5d330f4 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-49839 – scsi: scsi_transport_sas: Fix error handling in sas_phy_add()
https://notcve.org/view.php?id=CVE-2022-49839
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: scsi: scsi_transport_sas: Fix error handling in sas_phy_add() If transport_add_device() fails in sas_phy_add(), the kernel will crash trying to delete the device in transport_remove_device() called from sas_remove_host(). Unable to handle kernel NULL pointer dereference at virtual address 0000000000000108 CPU: 61 PID: 42829 Comm: rmmod Kdump: loaded Tainted: G W 6.1.0-rc1+ #173 pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)... • https://git.kernel.org/stable/c/c7ebbbce366c02e5657ac6b6059933fe0353b175 •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2022-49838 – sctp: clear out_curr if all frag chunks of current msg are pruned
https://notcve.org/view.php?id=CVE-2022-49838
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: sctp: clear out_curr if all frag chunks of current msg are pruned A crash was reported by Zhen Chen: list_del corruption, ffffa035ddf01c18->next is NULL WARNING: CPU: 1 PID: 250682 at lib/list_debug.c:49 __list_del_entry_valid+0x59/0xe0 RIP: 0010:__list_del_entry_valid+0x59/0xe0 Call Trace: sctp_sched_dequeue_common+0x17/0x70 [sctp] sctp_sched_fcfs_dequeue+0x37/0x50 [sctp] sctp_outq_flush_data+0x85/0x360 [sctp] sctp_outq_uncork+0x77/0xa0 [s... • https://git.kernel.org/stable/c/5bbbbe32a43199c2b9ea5ea66fab6241c64beb51 •