CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2022-49695 – igb: fix a use-after-free issue in igb_clean_tx_ring
https://notcve.org/view.php?id=CVE-2022-49695
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: igb: fix a use-after-free issue in igb_clean_tx_ring Fix the following use-after-free bug in igb_clean_tx_ring routine when the NIC is running in XDP mode. The issue can be triggered redirecting traffic into the igb NIC and then closing the device while the traffic is flowing. [ 73.322719] CPU: 1 PID: 487 Comm: xdp_redirect Not tainted 5.18.3-apu2 #9 [ 73.330639] Hardware name: PC Engines APU2/APU2, BIOS 4.0.7 02/28/2017 [ 73.337434] RIP: 0... • https://git.kernel.org/stable/c/9cbc948b5a20c9c054d9631099c0426c16da546b • CWE-416: Use After Free •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-49694 – block: disable the elevator int del_gendisk
https://notcve.org/view.php?id=CVE-2022-49694
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: block: disable the elevator int del_gendisk The elevator is only used for file system requests, which are stopped in del_gendisk. Move disabling the elevator and freeing the scheduler tags to the end of del_gendisk instead of doing that work in disk_release and blk_cleanup_queue to avoid a use after free on q->tag_set from disk_release as the tag_set might not be alive at that point. Move the blk_qos_exit call as well, as it just depends on... • https://git.kernel.org/stable/c/e155b0c238b20f0a866f4334d292656665836c8a •
CVSS: 7.1EPSS: 0%CPEs: 5EXPL: 0CVE-2022-49693 – drm/msm/mdp4: Fix refcount leak in mdp4_modeset_init_intf
https://notcve.org/view.php?id=CVE-2022-49693
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/msm/mdp4: Fix refcount leak in mdp4_modeset_init_intf of_graph_get_remote_node() returns remote device node pointer with refcount incremented, we should use of_node_put() on it when not need anymore. Add missing of_node_put() to avoid refcount leak. Patchwork: https://patchwork.freedesktop.org/patch/488473/ In the Linux kernel, the following vulnerability has been resolved: drm/msm/mdp4: Fix refcount leak in mdp4_modeset_init_intf of_gr... • https://git.kernel.org/stable/c/86418f90a4c1a0073db65d8a1e2bf94421117a60 •
CVSS: 7.1EPSS: 0%CPEs: 6EXPL: 0CVE-2022-49691 – erspan: do not assume transport header is always set
https://notcve.org/view.php?id=CVE-2022-49691
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: erspan: do not assume transport header is always set Rewrite tests in ip6erspan_tunnel_xmit() and erspan_fb_xmit() to not assume transport header is set. syzbot reported: WARNING: CPU: 0 PID: 1350 at include/linux/skbuff.h:2911 skb_transport_header include/linux/skbuff.h:2911 [inline] WARNING: CPU: 0 PID: 1350 at include/linux/skbuff.h:2911 ip6erspan_tunnel_xmit+0x15af/0x2eb0 net/ipv6/ip6_gre.c:963 Modules linked in: CPU: 0 PID: 1350 Comm: ... • https://git.kernel.org/stable/c/d5db21a3e6977dcb42cee3d16cd69901fa66510a •
CVSS: 6.6EPSS: 0%CPEs: 7EXPL: 0CVE-2022-49688 – afs: Fix dynamic root getattr
https://notcve.org/view.php?id=CVE-2022-49688
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: afs: Fix dynamic root getattr The recent patch to make afs_getattr consult the server didn't account for the pseudo-inodes employed by the dynamic root-type afs superblock not having a volume or a server to access, and thus an oops occurs if such a directory is stat'd. Fix this by checking to see if the vnode->volume pointer actually points anywhere before following it in afs_getattr(). This can be tested by stat'ing a directory in /afs. It... • https://git.kernel.org/stable/c/b76ea7c06b24dcf97ea3379b6957d5b99c346ea0 •
CVSS: 7.1EPSS: 0%CPEs: 6EXPL: 0CVE-2022-49687 – virtio_net: fix xdp_rxq_info bug after suspend/resume
https://notcve.org/view.php?id=CVE-2022-49687
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: virtio_net: fix xdp_rxq_info bug after suspend/resume The following sequence currently causes a driver bug warning when using virtio_net: # ip link set eth0 up # echo mem > /sys/power/state (or e.g. # rtcwake -s 10 -m mem)
CVSS: 5.6EPSS: 0%CPEs: 2EXPL: 0CVE-2022-49686 – usb: gadget: uvc: fix list double add in uvcg_video_pump
https://notcve.org/view.php?id=CVE-2022-49686
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: usb: gadget: uvc: fix list double add in uvcg_video_pump A panic can occur if the endpoint becomes disabled and the uvcg_video_pump adds the request back to the req_free list after it has already been queued to the endpoint. The endpoint complete will add the request back to the req_free list. Invalidate the local request handle once it's been queued. <6>[ 246.796704][T13726] configfs-gadget gadget: uvc: uvc_function_set_alt(1, 0) <3>[ 246.... • https://git.kernel.org/stable/c/f9897ec0f6d34e8b2bc2f4c8ab8789351090f3d2 •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2022-49685 – iio: trigger: sysfs: fix use-after-free on remove
https://notcve.org/view.php?id=CVE-2022-49685
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: iio: trigger: sysfs: fix use-after-free on remove Ensure that the irq_work has completed before the trigger is freed. ================================================================== BUG: KASAN: use-after-free in irq_work_run_list Read of size 8 at addr 0000000064702248 by task python3/25 Call Trace: irq_work_run_list irq_work_tick update_process_times tick_sched_handle tick_sched_timer __hrtimer_run_queues hrtimer_interrupt Allocated by ... • https://git.kernel.org/stable/c/f38bc926d022ebd67baad6ac7fc22c95fbc6238c • CWE-416: Use After Free •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2022-49684 – iio: adc: aspeed: Fix refcount leak in aspeed_adc_set_trim_data
https://notcve.org/view.php?id=CVE-2022-49684
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: iio: adc: aspeed: Fix refcount leak in aspeed_adc_set_trim_data of_find_node_by_name() returns a node pointer with refcount incremented, we should use of_node_put() on it when done. Add missing of_node_put() to avoid refcount leak. In the Linux kernel, the following vulnerability has been resolved: iio: adc: aspeed: Fix refcount leak in aspeed_adc_set_trim_data of_find_node_by_name() returns a node pointer with refcount incremented, we shou... • https://git.kernel.org/stable/c/d0a4c17b40736b368f1f26602ad162e24b4108e7 •
CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 0CVE-2022-49683 – iio: adc: adi-axi-adc: Fix refcount leak in adi_axi_adc_attach_client
https://notcve.org/view.php?id=CVE-2022-49683
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: iio: adc: adi-axi-adc: Fix refcount leak in adi_axi_adc_attach_client of_parse_phandle() returns a node pointer with refcount incremented, we should use of_node_put() on it when not need anymore. Add missing of_node_put() to avoid refcount leak. In the Linux kernel, the following vulnerability has been resolved: iio: adc: adi-axi-adc: Fix refcount leak in adi_axi_adc_attach_client of_parse_phandle() returns a node pointer with refcount incr... • https://git.kernel.org/stable/c/ef04070692a21633ec6a60f80c19b6af44b3cf47 •