CVSS: 3.3EPSS: 0%CPEs: 4EXPL: 0CVE-2022-48939 – bpf: Add schedule points in batch ops
https://notcve.org/view.php?id=CVE-2022-48939
22 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: bpf: Add schedule points in batch ops syzbot reported various soft lockups caused by bpf batch operations. INFO: task kworker/1:1:27 blocked for more than 140 seconds. INFO: task hung in rcu_barrier Nothing prevents batch ops to process huge amount of data, we need to add schedule points in them. Note that maybe_wait_bpf_programs(map) calls from generic_map_delete_batch() can be factorized by moving the call after the loop. This will be don... • https://git.kernel.org/stable/c/aa2e93b8e58e18442edfb2427446732415bc215e • CWE-834: Excessive Iteration •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2022-48938 – CDC-NCM: avoid overflow in sanity checking
https://notcve.org/view.php?id=CVE-2022-48938
22 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: CDC-NCM: avoid overflow in sanity checking A broken device may give an extreme offset like 0xFFF0 and a reasonable length for a fragment. In the sanity check as formulated now, this will create an integer overflow, defeating the sanity check. Both offset and offset + len need to be checked in such a manner that no overflow can occur. And those quantities should be unsigned. In the Linux kernel, the following vulnerability has been resolved:... • https://git.kernel.org/stable/c/a612395c7631918e0e10ea48b9ce5ab4340f26a6 •
CVSS: 3.3EPSS: 0%CPEs: 4EXPL: 0CVE-2022-48937 – io_uring: add a schedule point in io_add_buffers()
https://notcve.org/view.php?id=CVE-2022-48937
22 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: io_uring: add a schedule point in io_add_buffers() Looping ~65535 times doing kmalloc() calls can trigger soft lockups, especially with DEBUG features (like KASAN). [ 253.536212] watchdog: BUG: soft lockup - CPU#64 stuck for 26s! [b219417889:12575] [ 253.544433] Modules linked in: vfat fat i2c_mux_pca954x i2c_mux spidev cdc_acm xhci_pci xhci_hcd sha3_generic gq(O) [ 253.544451] CPU: 64 PID: 12575 Comm: b219417889 Tainted: G S O 5.17.0-smp-D... • https://git.kernel.org/stable/c/ddf0322db79c5984dc1a1db890f946dd19b7d6d9 •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2022-48935 – netfilter: nf_tables: unregister flowtable hooks on netns exit
https://notcve.org/view.php?id=CVE-2022-48935
22 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: unregister flowtable hooks on netns exit Unregister flowtable hooks before they are releases via nf_tables_flowtable_destroy() otherwise hook core reports UAF. BUG: KASAN: use-after-free in nf_hook_entries_grow+0x5a7/0x700 net/netfilter/core.c:142 net/netfilter/core.c:142 Read of size 4 at addr ffff8880736f7438 by task syz-executor579/3666 CPU: 0 PID: 3666 Comm: syz-executor579 Not tainted 5.16.0-rc5-syzkaller #0 Hardw... • https://git.kernel.org/stable/c/ff4bf2f42a40e7dff28379f085b64df322c70b45 •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2022-48934 – nfp: flower: Fix a potential leak in nfp_tunnel_add_shared_mac()
https://notcve.org/view.php?id=CVE-2022-48934
22 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: nfp: flower: Fix a potential leak in nfp_tunnel_add_shared_mac() ida_simple_get() returns an id between min (0) and max (NFP_MAX_MAC_INDEX) inclusive. So NFP_MAX_MAC_INDEX (0xff) is a valid id. In order for the error handling path to work correctly, the 'invalid' value for 'ida_idx' should not be in the 0..NFP_MAX_MAC_INDEX range, inclusive. So set it to -1. In the Linux kernel, the following vulnerability has been resolved: nfp: flower: Fi... • https://git.kernel.org/stable/c/20cce88650981ec504d328dbbdd004d991eb8535 • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2022-48933 – netfilter: nf_tables: fix memory leak during stateful obj update
https://notcve.org/view.php?id=CVE-2022-48933
22 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: fix memory leak during stateful obj update stateful objects can be updated from the control plane. The transaction logic allocates a temporary object for this purpose. The ->init function was called for this object, so plain kfree() leaks resources. We must call ->destroy function of the object. nft_obj_destroy does this, but it also decrements the module refcount, but the update path doesn't increment it. To avoid spe... • https://git.kernel.org/stable/c/d62d0ba97b5803183e70cfded7f7b9da76893bf5 •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-48932 – net/mlx5: DR, Fix slab-out-of-bounds in mlx5_cmd_dr_create_fte
https://notcve.org/view.php?id=CVE-2022-48932
22 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: net/mlx5: DR, Fix slab-out-of-bounds in mlx5_cmd_dr_create_fte When adding a rule with 32 destinations, we hit the following out-of-band access issue: BUG: KASAN: slab-out-of-bounds in mlx5_cmd_dr_create_fte+0x18ee/0x1e70 This patch fixes the issue by both increasing the allocated buffers to accommodate for the needed actions and by checking the number of actions to prevent this issue when a rule with too many actions is provided. In the Li... • https://git.kernel.org/stable/c/1ffd498901c1134a7cbecf5409e12c064c39cef9 •
CVSS: 4.7EPSS: 0%CPEs: 8EXPL: 0CVE-2022-48931 – configfs: fix a race in configfs_{,un}register_subsystem()
https://notcve.org/view.php?id=CVE-2022-48931
22 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: configfs: fix a race in configfs_{,un}register_subsystem() When configfs_register_subsystem() or configfs_unregister_subsystem() is executing link_group() or unlink_group(), it is possible that two processes add or delete list concurrently. Some unfortunate interleavings of them can cause kernel panic. One of cases is: A --> B --> C --> D A <-- B <-- C <-- D delete list_head *B | delete list_head *C --------------------------------|--------... • https://git.kernel.org/stable/c/7063fbf2261194f72ee75afca67b3b38b554b5fa •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2022-48930 – RDMA/ib_srp: Fix a deadlock
https://notcve.org/view.php?id=CVE-2022-48930
22 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: RDMA/ib_srp: Fix a deadlock Remove the flush_workqueue(system_long_wq) call since flushing system_long_wq is deadlock-prone and since that call is redundant with a preceding cancel_work_sync() In the Linux kernel, the following vulnerability has been resolved: RDMA/ib_srp: Fix a deadlock Remove the flush_workqueue(system_long_wq) call since flushing system_long_wq is deadlock-prone and since that call is redundant with a preceding cancel_wo... • https://git.kernel.org/stable/c/ef6c49d87c3418c442a22e55e3ce2f91b163d69e •
CVSS: 6.7EPSS: 0%CPEs: 1EXPL: 0CVE-2022-48929 – bpf: Fix crash due to out of bounds access into reg2btf_ids.
https://notcve.org/view.php?id=CVE-2022-48929
22 Aug 2024 — In the Linux kernel, the following vulnerability has been resolved: bpf: Fix crash due to out of bounds access into reg2btf_ids. When commit e6ac2450d6de ("bpf: Support bpf program calling kernel function") added kfunc support, it defined reg2btf_ids as a cheap way to translate the verifier reg type to the appropriate btf_vmlinux BTF ID, however commit c25b2ae13603 ("bpf: Replace PTR_TO_XXX_OR_NULL with PTR_TO_XXX | PTR_MAYBE_NULL") moved the __BPF_REG_TYPE_MAX from the last member of bpf_reg_type enum to a... • https://git.kernel.org/stable/c/77459bc4d5e2c6f24db845780b4d9d60cf82d06a • CWE-125: Out-of-bounds Read •