CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2022-49872 – net: gso: fix panic on frag_list with mixed head alloc types
https://notcve.org/view.php?id=CVE-2022-49872
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: net: gso: fix panic on frag_list with mixed head alloc types Since commit 3dcbdb134f32 ("net: gso: Fix skb_segment splat when splitting gso_size mangled skb having linear-headed frag_list"), it is allowed to change gso_size of a GRO packet. However, that commit assumes that "checking the first list_skb member suffices; i.e if either of the list_skb members have non head_frag head, then the first one has too". It turns out this assumption do... • https://git.kernel.org/stable/c/162a5a8c3aff15c449e6b38355cdf80ab4f77a5a •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2022-49871 – net: tun: Fix memory leaks of napi_get_frags
https://notcve.org/view.php?id=CVE-2022-49871
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: net: tun: Fix memory leaks of napi_get_frags kmemleak reports after running test_progs: unreferenced object 0xffff8881b1672dc0 (size 232): comm "test_progs", pid 394388, jiffies 4354712116 (age 841.975s) hex dump (first 32 bytes): e0 84 d7 a8 81 88 ff ff 80 2c 67 b1 81 88 ff ff .........,g..... 00 40 c5 9b 81 88 ff ff 00 00 00 00 00 00 00 00 .@.............. backtrace: [<00000000c8f01748>] napi_skb_cache_get+0xd4/0x150 [<0000000041c7fc09>] ... • https://git.kernel.org/stable/c/90e33d45940793def6f773b2d528e9f3c84ffdc7 •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2022-49870 – capabilities: fix undefined behavior in bit shift for CAP_TO_MASK
https://notcve.org/view.php?id=CVE-2022-49870
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: capabilities: fix undefined behavior in bit shift for CAP_TO_MASK Shifting signed 32-bit value by 31 bits is undefined, so changing significant bit to unsigned. The UBSAN warning calltrace like below: UBSAN: shift-out-of-bounds in security/commoncap.c:1252:2 left shift of 1 by 31 places cannot be represented in type 'int' Call Trace:
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2022-49869 – bnxt_en: Fix possible crash in bnxt_hwrm_set_coal()
https://notcve.org/view.php?id=CVE-2022-49869
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: bnxt_en: Fix possible crash in bnxt_hwrm_set_coal() During the error recovery sequence, the rtnl_lock is not held for the entire duration and some datastructures may be freed during the sequence. Check for the BNXT_STATE_OPEN flag instead of netif_running() to ensure that the device is fully operational before proceeding to reconfigure the coalescing settings. This will fix a possible crash like this: BUG: unable to handle kernel NULL point... • https://git.kernel.org/stable/c/2151fe0830fdb951f8ecfcfe67306fdef2366aa0 •
CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 0CVE-2022-49868 – phy: ralink: mt7621-pci: add sentinel to quirks table
https://notcve.org/view.php?id=CVE-2022-49868
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: phy: ralink: mt7621-pci: add sentinel to quirks table With mt7621 soc_dev_attr fixed to register the soc as a device, kernel will experience an oops in soc_device_match_attr This quirk test was introduced in the staging driver in commit 9445ccb3714c ("staging: mt7621-pci-phy: add quirks for 'E2' revision using 'soc_device_attribute'"). The staging driver was removed, and later re-added in commit d87da32372a0 ("phy: ralink: Add PHY driver fo... • https://git.kernel.org/stable/c/d87da32372a03ce121fc65ccd2c9a43edf56b364 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-49867 – net: wwan: iosm: fix memory leak in ipc_wwan_dellink
https://notcve.org/view.php?id=CVE-2022-49867
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: net: wwan: iosm: fix memory leak in ipc_wwan_dellink IOSM driver registers network device without setting the needs_free_netdev flag, and does NOT call free_netdev() when unregisters network device, which causes a memory leak. This patch sets needs_free_netdev to true when registers network device, which makes netdev subsystem call free_netdev() automatically after unregister_netdevice(). In the Linux kernel, the following vulnerability has... • https://git.kernel.org/stable/c/2a54f2c7793409736f2e5ea101e050b3f1997088 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-49866 – net: wwan: mhi: fix memory leak in mhi_mbim_dellink
https://notcve.org/view.php?id=CVE-2022-49866
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: net: wwan: mhi: fix memory leak in mhi_mbim_dellink MHI driver registers network device without setting the needs_free_netdev flag, and does NOT call free_netdev() when unregisters network device, which causes a memory leak. This patch sets needs_free_netdev to true when registers network device, which makes netdev subsystem call free_netdev() automatically after unregister_netdevice(). In the Linux kernel, the following vulnerability has b... • https://git.kernel.org/stable/c/aa730a9905b7b079ef2fffdab7f15dbb842f5c7c •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2022-49865 – ipv6: addrlabel: fix infoleak when sending struct ifaddrlblmsg to network
https://notcve.org/view.php?id=CVE-2022-49865
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: ipv6: addrlabel: fix infoleak when sending struct ifaddrlblmsg to network When copying a `struct ifaddrlblmsg` to the network, __ifal_reserved remained uninitialized, resulting in a 1-byte infoleak: BUG: KMSAN: kernel-network-infoleak in __netdev_start_xmit ./include/linux/netdevice.h:4841 __netdev_start_xmit ./include/linux/netdevice.h:4841 netdev_start_xmit ./include/linux/netdevice.h:4857 xmit_one net/core/dev.c:3590 dev_hard_start_xmit+... • https://git.kernel.org/stable/c/2a8cc6c89039e0530a3335954253b76ed0f9339a •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-49864 – drm/amdkfd: Fix NULL pointer dereference in svm_migrate_to_ram()
https://notcve.org/view.php?id=CVE-2022-49864
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Fix NULL pointer dereference in svm_migrate_to_ram() ./drivers/gpu/drm/amd/amdkfd/kfd_migrate.c:985:58-62: ERROR: p is NULL but dereferenced. • https://git.kernel.org/stable/c/3c1bb6187e566143f15dbf0367ae671584aead5b •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2022-49863 – can: af_can: fix NULL pointer dereference in can_rx_register()
https://notcve.org/view.php?id=CVE-2022-49863
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: can: af_can: fix NULL pointer dereference in can_rx_register() It causes NULL pointer dereference when testing as following: (a) use syscall(__NR_socket, 0x10ul, 3ul, 0) to create netlink socket. (b) use syscall(__NR_sendmsg, ...) to create bond link device and vxcan link device, and bind vxcan device to bond device (can also use ifenslave command to bind vxcan device to bond device). (c) use syscall(__NR_socket, 0x1dul, 3ul, 1) to create C... • https://git.kernel.org/stable/c/4ac1feff6ea6495cbfd336f4438a6c6d140544a6 •