CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2022-48941 – ice: fix concurrent reset and removal of VFs
https://notcve.org/view.php?id=CVE-2022-48941
In the Linux kernel, the following vulnerability has been resolved: ice: fix concurrent reset and removal of VFs Commit c503e63200c6 ("ice: Stop processing VF messages during teardown") introduced a driver state flag, ICE_VF_DEINIT_IN_PROGRESS, which is intended to prevent some issues with concurrently handling messages from VFs while tearing down the VFs. This change was motivated by crashes caused while tearing down and bringing up VFs in rapid succession. It turns out that the fix actually introduces issues with the VF driver caused because the PF no longer responds to any messages sent by the VF during its .remove routine. • https://git.kernel.org/stable/c/c503e63200c679e362afca7aca9d3dc63a0f45ed https://git.kernel.org/stable/c/8a08142433624fd1088bc8c13639408cf4e1707c https://git.kernel.org/stable/c/05ae1f0fe9c6c5ead08b306e665763a352d20716 https://git.kernel.org/stable/c/3c805fce07c9dbc47d8a9129c7c5458025951957 https://git.kernel.org/stable/c/2a3e61de89bab6696aa28b70030eb119968c5586 https://git.kernel.org/stable/c/fadead80fe4c033b5e514fcbadd20b55c4494112 •
CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2022-48940 – bpf: Fix crash due to incorrect copy_map_value
https://notcve.org/view.php?id=CVE-2022-48940
In the Linux kernel, the following vulnerability has been resolved: bpf: Fix crash due to incorrect copy_map_value When both bpf_spin_lock and bpf_timer are present in a BPF map value, copy_map_value needs to skirt both objects when copying a value into and out of the map. • https://git.kernel.org/stable/c/68134668c17f31f51930478f75495b552a411550 https://git.kernel.org/stable/c/719d1c2524c89ada78c4c9202641c1d9e942a322 https://git.kernel.org/stable/c/eca9bd215d2233de79d930fa97aefbce03247a98 https://git.kernel.org/stable/c/a8abb0c3dc1e28454851a00f8b7333d9695d566c •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2022-48939 – bpf: Add schedule points in batch ops
https://notcve.org/view.php?id=CVE-2022-48939
In the Linux kernel, the following vulnerability has been resolved: bpf: Add schedule points in batch ops syzbot reported various soft lockups caused by bpf batch operations. INFO: task kworker/1:1:27 blocked for more than 140 seconds. INFO: task hung in rcu_barrier Nothing prevents batch ops to process huge amount of data, we need to add schedule points in them. Note that maybe_wait_bpf_programs(map) calls from generic_map_delete_batch() can be factorized by moving the call after the loop. This will be done later in -next tree once we get this fix merged, unless there is strong opinion doing this optimization sooner. • https://git.kernel.org/stable/c/aa2e93b8e58e18442edfb2427446732415bc215e https://git.kernel.org/stable/c/7ef94bfb08fb9e73defafbd5ddef6b5a0e2ee12b https://git.kernel.org/stable/c/8628f489b749a4f9767991631921dbe3fbcdc784 https://git.kernel.org/stable/c/7e8099967d0e3ff9d1ae043e80b27fbe46c08417 https://git.kernel.org/stable/c/75134f16e7dd0007aa474b281935c5f42e79f2c8 •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2022-48938 – CDC-NCM: avoid overflow in sanity checking
https://notcve.org/view.php?id=CVE-2022-48938
In the Linux kernel, the following vulnerability has been resolved: CDC-NCM: avoid overflow in sanity checking A broken device may give an extreme offset like 0xFFF0 and a reasonable length for a fragment. • https://git.kernel.org/stable/c/69560efa001397ebb8dc1c3e6a3ce00302bb9f7f https://git.kernel.org/stable/c/49909c9f8458cacb5b241106cba65aba5a6d8f4c https://git.kernel.org/stable/c/7b737e47b87589031f0d4657f6d7b0b770474925 https://git.kernel.org/stable/c/8d2b1a1ec9f559d30b724877da4ce592edc41fdc •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2022-48937 – io_uring: add a schedule point in io_add_buffers()
https://notcve.org/view.php?id=CVE-2022-48937
In the Linux kernel, the following vulnerability has been resolved: io_uring: add a schedule point in io_add_buffers() Looping ~65535 times doing kmalloc() calls can trigger soft lockups, especially with DEBUG features (like KASAN). [ 253.536212] watchdog: BUG: soft lockup - CPU#64 stuck for 26s! ... /include/linux/kallsyms.h:29 kernel/extable.c:67 kernel/extable.c:98) [ 253.544464] Code: 0f 93 c0 48 c7 c1 e0 63 d7 a4 48 39 cb 0f 92 c1 20 c1 0f b6 c1 5b 5d c3 90 0f 1f 44 00 00 55 48 89 e5 41 57 41 56 53 48 89 fb <48> c7 c0 00 00 80 a0 41 be 01 00 00 00 48 39 c7 72 0c 48 c7 c0 40 [ 253.544468] RSP: 0018:ffff8882d8baf4c0 EFLAGS: 00000246 [ 253.544471] RAX: 1ffff1105b175e00 RBX: ffffffffa13ef09a RCX: 00000000a13ef001 [ 253.544474] RDX: ffffffffa13ef09a RSI: ffff8882d8baf558 RDI: ffffffffa13ef09a [ 253.544476] RBP: ffff8882d8baf4d8 R08: ffff8882d8baf5e0 R09: 0000000000000004 [ 253.544479] R10: ffff8882d8baf5e8 R11: ffffffffa0d59a50 R12: ffff8882eab20380 [ 253.544481] R13: ffffffffa0d59a50 R14: dffffc0000000000 R15: 1ffff1105b175eb0 [ 253.544483] FS: 00000000016d3380(0000) GS:ffff88af48c00000(0000) knlGS:0000000000000000 [ 253.544486] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 253.544488] CR2: 00000000004af0f0 CR3: 00000002eabfa004 CR4: 00000000003706e0 [ 253.544491] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 253.544492] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 253.544494] Call Trace: [ 253.544496] <TASK> [ 253.544498] ? ... /include/linux/kasan.h:270 mm/slab.c:3567) [ 253.544541] ? ... /include/linux/kasan.h:270 mm/slab.c:3567) [ 253.544556] ? • https://git.kernel.org/stable/c/ddf0322db79c5984dc1a1db890f946dd19b7d6d9 https://git.kernel.org/stable/c/4a93c6594613c3429b6f30136fff115c7f803af4 https://git.kernel.org/stable/c/c718ea4e7382e18957ed0e88a5f855e2122d9c00 https://git.kernel.org/stable/c/8f3cc3c5bc43d03b5748ac4fb8d180084952c36a https://git.kernel.org/stable/c/f240762f88b4b1b58561939ffd44837759756477 •