CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2022-49707 – ext4: add reserved GDT blocks check
https://notcve.org/view.php?id=CVE-2022-49707
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: ext4: add reserved GDT blocks check We capture a NULL pointer issue when resizing a corrupt ext4 image which is freshly clear resize_inode feature (not run e2fsck). It could be simply reproduced by following steps. The problem is because of the resize_inode feature was cleared, and it will convert the filesystem to meta_bg mode in ext4_resize_fs(), but the es->s_reserved_gdt_blocks was not reduced to zero, so could we mistakenly call reserv... • https://git.kernel.org/stable/c/0dc2fca8e4f9ac4a40e8424a10163369cca0cc06 •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2022-49706 – zonefs: fix zonefs_iomap_begin() for reads
https://notcve.org/view.php?id=CVE-2022-49706
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: zonefs: fix zonefs_iomap_begin() for reads If a readahead is issued to a sequential zone file with an offset exactly equal to the current file size, the iomap type is set to IOMAP_UNWRITTEN, which will prevent an IO, but the iomap length is calculated as 0. This causes a WARN_ON() in iomap_iter(): [17309.548939] WARNING: CPU: 3 PID: 2137 at fs/iomap/iter.c:34 iomap_iter+0x9cf/0xe80 [...] [17309.650907] RIP: 0010:iomap_iter+0x9cf/0xe80 [...]... • https://git.kernel.org/stable/c/8dcc1a9d90c10fa4143e5c17821082e5e60e46a1 •
CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 0CVE-2022-49705 – 9p: fix fid refcount leak in v9fs_vfs_atomic_open_dotl
https://notcve.org/view.php?id=CVE-2022-49705
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: 9p: fix fid refcount leak in v9fs_vfs_atomic_open_dotl We need to release directory fid if we fail halfway through open This fixes fid leaking with xfstests generic 531 • https://git.kernel.org/stable/c/6636b6dcc3db2258cd0585b8078c1c225c4b6dde •
CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 0CVE-2022-49704 – 9p: fix fid refcount leak in v9fs_vfs_get_link
https://notcve.org/view.php?id=CVE-2022-49704
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: 9p: fix fid refcount leak in v9fs_vfs_get_link we check for protocol version later than required, after a fid has been obtained. Just move the version check earlier. In the Linux kernel, the following vulnerability has been resolved: 9p: fix fid refcount leak in v9fs_vfs_get_link we check for protocol version later than required, after a fid has been obtained. Just move the version check earlier. • https://git.kernel.org/stable/c/6636b6dcc3db2258cd0585b8078c1c225c4b6dde •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-49703 – scsi: ibmvfc: Store vhost pointer during subcrq allocation
https://notcve.org/view.php?id=CVE-2022-49703
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: scsi: ibmvfc: Store vhost pointer during subcrq allocation Currently the back pointer from a queue to the vhost adapter isn't set until after subcrq interrupt registration. The value is available when a queue is first allocated and can/should be also set for primary and async queues as well as subcrqs. This fixes a crash observed during kexec/kdump on Power 9 with legacy XICS interrupt controller where a pending subcrq interrupt from the pr... • https://git.kernel.org/stable/c/3034ebe26389740bb6b4a463e05afb51dc93c336 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-49702 – btrfs: fix hang during unmount when block group reclaim task is running
https://notcve.org/view.php?id=CVE-2022-49702
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: btrfs: fix hang during unmount when block group reclaim task is running When we start an unmount, at close_ctree(), if we have the reclaim task running and in the middle of a data block group relocation, we can trigger a deadlock when stopping an async reclaim task, producing a trace like the following: [629724.498185] task:kworker/u16:7 state:D stack: 0 pid:681170 ppid: 2 flags:0x00004000 [629724.499760] Workqueue: events_unbound btrfs_asy... • https://git.kernel.org/stable/c/18bb8bbf13c1839b43c9e09e76d397b753989af2 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-49701 – scsi: ibmvfc: Allocate/free queue resource only during probe/remove
https://notcve.org/view.php?id=CVE-2022-49701
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: scsi: ibmvfc: Allocate/free queue resource only during probe/remove Currently, the sub-queues and event pool resources are allocated/freed for every CRQ connection event such as reset and LPM. This exposes the driver to a couple issues. First the inefficiency of freeing and reallocating memory that can simply be resued after being sanitized. Further, a system under memory pressue runs the risk of allocation failures that could result in a c... • https://git.kernel.org/stable/c/3034ebe26389740bb6b4a463e05afb51dc93c336 •
CVSS: 9.0EPSS: 0%CPEs: 8EXPL: 0CVE-2022-49700 – mm/slub: add missing TID updates on slab deactivation
https://notcve.org/view.php?id=CVE-2022-49700
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: mm/slub: add missing TID updates on slab deactivation The fastpath in slab_alloc_node() assumes that c->slab is stable as long as the TID stays the same. However, two places in __slab_alloc() currently don't update the TID when deactivating the CPU slab. If multiple operations race the right way, this could lead to an object getting lost; or, in an even more unlikely situation, it could even lead to an object being freed onto the wrong slab... • https://git.kernel.org/stable/c/03e404af26dc2ea0d278d7a342de0aab394793ce •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-49699 – filemap: Handle sibling entries in filemap_get_read_batch()
https://notcve.org/view.php?id=CVE-2022-49699
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: filemap: Handle sibling entries in filemap_get_read_batch() If a read races with an invalidation followed by another read, it is possible for a folio to be replaced with a higher-order folio. If that happens, we'll see a sibling entry for the new folio in the next iteration of the loop. This manifests as a NULL pointer dereference while holding the RCU read lock. Handle this by simply returning. The next call will find the new folio and han... • https://git.kernel.org/stable/c/cbd59c48ae2bcadc4a7599c29cf32fd3f9b78251 •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2022-49698 – netfilter: use get_random_u32 instead of prandom
https://notcve.org/view.php?id=CVE-2022-49698
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: netfilter: use get_random_u32 instead of prandom bh might occur while updating per-cpu rnd_state from user context, ie. local_out path. BUG: using smp_processor_id() in preemptible [00000000] code: nginx/2725 caller is nft_ng_random_eval+0x24/0x54 [nft_numgen] Call Trace: check_preemption_disabled+0xde/0xe0 nft_ng_random_eval+0x24/0x54 [nft_numgen] Use the random driver instead, this also avoids need for local prandom state. Moreover, prand... • https://git.kernel.org/stable/c/978d8f9055c3a7c35db2ac99cd2580b993396e33 •