CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 0CVE-2022-49705 – 9p: fix fid refcount leak in v9fs_vfs_atomic_open_dotl
https://notcve.org/view.php?id=CVE-2022-49705
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: 9p: fix fid refcount leak in v9fs_vfs_atomic_open_dotl We need to release directory fid if we fail halfway through open This fixes fid leaking with xfstests generic 531 • https://git.kernel.org/stable/c/6636b6dcc3db2258cd0585b8078c1c225c4b6dde •
CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 0CVE-2022-49704 – 9p: fix fid refcount leak in v9fs_vfs_get_link
https://notcve.org/view.php?id=CVE-2022-49704
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: 9p: fix fid refcount leak in v9fs_vfs_get_link we check for protocol version later than required, after a fid has been obtained. Just move the version check earlier. In the Linux kernel, the following vulnerability has been resolved: 9p: fix fid refcount leak in v9fs_vfs_get_link we check for protocol version later than required, after a fid has been obtained. Just move the version check earlier. • https://git.kernel.org/stable/c/6636b6dcc3db2258cd0585b8078c1c225c4b6dde •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-49703 – scsi: ibmvfc: Store vhost pointer during subcrq allocation
https://notcve.org/view.php?id=CVE-2022-49703
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: scsi: ibmvfc: Store vhost pointer during subcrq allocation Currently the back pointer from a queue to the vhost adapter isn't set until after subcrq interrupt registration. The value is available when a queue is first allocated and can/should be also set for primary and async queues as well as subcrqs. This fixes a crash observed during kexec/kdump on Power 9 with legacy XICS interrupt controller where a pending subcrq interrupt from the pr... • https://git.kernel.org/stable/c/3034ebe26389740bb6b4a463e05afb51dc93c336 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-49702 – btrfs: fix hang during unmount when block group reclaim task is running
https://notcve.org/view.php?id=CVE-2022-49702
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: btrfs: fix hang during unmount when block group reclaim task is running When we start an unmount, at close_ctree(), if we have the reclaim task running and in the middle of a data block group relocation, we can trigger a deadlock when stopping an async reclaim task, producing a trace like the following: [629724.498185] task:kworker/u16:7 state:D stack: 0 pid:681170 ppid: 2 flags:0x00004000 [629724.499760] Workqueue: events_unbound btrfs_asy... • https://git.kernel.org/stable/c/18bb8bbf13c1839b43c9e09e76d397b753989af2 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-49701 – scsi: ibmvfc: Allocate/free queue resource only during probe/remove
https://notcve.org/view.php?id=CVE-2022-49701
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: scsi: ibmvfc: Allocate/free queue resource only during probe/remove Currently, the sub-queues and event pool resources are allocated/freed for every CRQ connection event such as reset and LPM. This exposes the driver to a couple issues. First the inefficiency of freeing and reallocating memory that can simply be resued after being sanitized. Further, a system under memory pressue runs the risk of allocation failures that could result in a c... • https://git.kernel.org/stable/c/3034ebe26389740bb6b4a463e05afb51dc93c336 •
CVSS: 9.0EPSS: 0%CPEs: 8EXPL: 0CVE-2022-49700 – mm/slub: add missing TID updates on slab deactivation
https://notcve.org/view.php?id=CVE-2022-49700
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: mm/slub: add missing TID updates on slab deactivation The fastpath in slab_alloc_node() assumes that c->slab is stable as long as the TID stays the same. However, two places in __slab_alloc() currently don't update the TID when deactivating the CPU slab. If multiple operations race the right way, this could lead to an object getting lost; or, in an even more unlikely situation, it could even lead to an object being freed onto the wrong slab... • https://git.kernel.org/stable/c/03e404af26dc2ea0d278d7a342de0aab394793ce • CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-49699 – filemap: Handle sibling entries in filemap_get_read_batch()
https://notcve.org/view.php?id=CVE-2022-49699
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: filemap: Handle sibling entries in filemap_get_read_batch() If a read races with an invalidation followed by another read, it is possible for a folio to be replaced with a higher-order folio. If that happens, we'll see a sibling entry for the new folio in the next iteration of the loop. This manifests as a NULL pointer dereference while holding the RCU read lock. Handle this by simply returning. The next call will find the new folio and han... • https://git.kernel.org/stable/c/cbd59c48ae2bcadc4a7599c29cf32fd3f9b78251 •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2022-49698 – netfilter: use get_random_u32 instead of prandom
https://notcve.org/view.php?id=CVE-2022-49698
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: netfilter: use get_random_u32 instead of prandom bh might occur while updating per-cpu rnd_state from user context, ie. local_out path. BUG: using smp_processor_id() in preemptible [00000000] code: nginx/2725 caller is nft_ng_random_eval+0x24/0x54 [nft_numgen] Call Trace: check_preemption_disabled+0xde/0xe0 nft_ng_random_eval+0x24/0x54 [nft_numgen] Use the random driver instead, this also avoids need for local prandom state. Moreover, prand... • https://git.kernel.org/stable/c/978d8f9055c3a7c35db2ac99cd2580b993396e33 •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2022-49697 – bpf: Fix request_sock leak in sk lookup helpers
https://notcve.org/view.php?id=CVE-2022-49697
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: bpf: Fix request_sock leak in sk lookup helpers A customer reported a request_socket leak in a Calico cloud environment. We found that a BPF program was doing a socket lookup with takes a refcnt on the socket and that it was finding the request_socket but returning the parent LISTEN socket via sk_to_full_sk() without decrementing the child request socket 1st, resulting in request_sock slab object leak. This patch retains the existing behavi... • https://git.kernel.org/stable/c/edbf8c01de5a104a71ed6df2bf6421ceb2836a8e •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2022-49696 – tipc: fix use-after-free Read in tipc_named_reinit
https://notcve.org/view.php?id=CVE-2022-49696
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: tipc: fix use-after-free Read in tipc_named_reinit syzbot found the following issue on: ================================================================== BUG: KASAN: use-after-free in tipc_named_reinit+0x94f/0x9b0 net/tipc/name_distr.c:413 Read of size 8 at addr ffff88805299a000 by task kworker/1:9/23764 CPU: 1 PID: 23764 Comm: kworker/1:9 Not tainted 5.18.0-rc4-syzkaller-00878-g17d49e6e8012 #0 Hardware name: Google Compute Engine/Google C... • https://git.kernel.org/stable/c/d966ddcc38217a6110a6a0ff37ad2dee7d42e23e • CWE-416: Use After Free •