CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2022-49761 – btrfs: always report error in run_one_delayed_ref()
https://notcve.org/view.php?id=CVE-2022-49761
27 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: btrfs: always report error in run_one_delayed_ref() Currently we have a btrfs_debug() for run_one_delayed_ref() failure, but if end users hit such problem, there will be no chance that btrfs_debug() is enabled. This can lead to very little useful info for debugging. This patch will: - Add extra info for error reporting Including: * logical bytenr * num_bytes * type * action * ref_mod - Replace the btrfs_debug() with btrfs_err() - Move the e... • https://git.kernel.org/stable/c/18bd1c9c02e64a3567f90c83c2c8b855531c8098 • CWE-416: Use After Free •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2022-49760 – mm/hugetlb: fix PTE marker handling in hugetlb_change_protection()
https://notcve.org/view.php?id=CVE-2022-49760
27 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: mm/hugetlb: fix PTE marker handling in hugetlb_change_protection() Patch series "mm/hugetlb: uffd-wp fixes for hugetlb_change_protection()". Playing with virtio-mem and background snapshots (using uffd-wp) on hugetlb in QEMU, I managed to trigger a VM_BUG_ON(). Looking into the details, hugetlb_change_protection() seems to not handle uffd-wp correctly in all cases. Patch #1 fixes my test case. I don't have reproducers for patch #2, as it re... • https://git.kernel.org/stable/c/60dfaad65aa97fb6755b9798a6b3c9e79bcd5930 •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-49759 – VMCI: Use threaded irqs instead of tasklets
https://notcve.org/view.php?id=CVE-2022-49759
27 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: VMCI: Use threaded irqs instead of tasklets The vmci_dispatch_dgs() tasklet function calls vmci_read_data() which uses wait_event() resulting in invalid sleep in an atomic context (and therefore potentially in a deadlock). Use threaded irqs to fix this issue and completely remove usage of tasklets. [ 20.264639] BUG: sleeping function called from invalid context at drivers/misc/vmw_vmci/vmci_guest.c:145 [ 20.264643] in_atomic(): 1, irqs_disa... • https://git.kernel.org/stable/c/463713eb6164b6577f8e91447c7745628215531b •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-49758 – reset: uniphier-glue: Fix possible null-ptr-deref
https://notcve.org/view.php?id=CVE-2022-49758
27 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: reset: uniphier-glue: Fix possible null-ptr-deref It will cause null-ptr-deref when resource_size(res) invoked, if platform_get_resource() returns NULL. In the Linux kernel, the following vulnerability has been resolved: reset: uniphier-glue: Fix possible null-ptr-deref It will cause null-ptr-deref when resource_size(res) invoked, if platform_get_resource() returns NULL. • https://git.kernel.org/stable/c/499fef09a3237497906084da3eede0185fc9abb8 •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2022-49757 – EDAC/highbank: Fix memory leak in highbank_mc_probe()
https://notcve.org/view.php?id=CVE-2022-49757
27 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: EDAC/highbank: Fix memory leak in highbank_mc_probe() When devres_open_group() fails, it returns -ENOMEM without freeing memory allocated by edac_mc_alloc(). Call edac_mc_free() on the error handling path to avoid a memory leak. [ bp: Massage commit message. ] In the Linux kernel, the following vulnerability has been resolved: EDAC/highbank: Fix memory leak in highbank_mc_probe() When devres_open_group() fails, it returns -ENOMEM without fr... • https://git.kernel.org/stable/c/a1b01edb274518c7da6d69b84e7558c092282aad •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-49756 – phy: usb: sunplus: Fix potential null-ptr-deref in sp_usb_phy_probe()
https://notcve.org/view.php?id=CVE-2022-49756
27 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: phy: usb: sunplus: Fix potential null-ptr-deref in sp_usb_phy_probe() sp_usb_phy_probe() will call platform_get_resource_byname() that may fail and return NULL. devm_ioremap() will use usbphy->moon4_res_mem->start as input, which may causes null-ptr-deref. Check the ret value of platform_get_resource_byname() to avoid the null-ptr-deref. In the Linux kernel, the following vulnerability has been resolved: phy: usb: sunplus: Fix potential nul... • https://git.kernel.org/stable/c/99d9ccd97385208b78b3d88e756451f4b70119fc •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2022-49755 – usb: gadget: f_fs: Prevent race during ffs_ep0_queue_wait
https://notcve.org/view.php?id=CVE-2022-49755
27 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: usb: gadget: f_fs: Prevent race during ffs_ep0_queue_wait While performing fast composition switch, there is a possibility that the process of ffs_ep0_write/ffs_ep0_read get into a race condition due to ep0req being freed up from functionfs_unbind. Consider the scenario that the ffs_ep0_write calls the ffs_ep0_queue_wait by taking a lock &ffs->ev.waitq.lock. However, the functionfs_unbind isn't bounded so it can go ahead and mark the ep0req... • https://git.kernel.org/stable/c/ddf8abd2599491cbad959c700b90ba72a5dce8d0 • CWE-416: Use After Free •
CVSS: -EPSS: 0%CPEs: 2EXPL: 0CVE-2022-49754 – Bluetooth: Fix a buffer overflow in mgmt_mesh_add()
https://notcve.org/view.php?id=CVE-2022-49754
27 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Fix a buffer overflow in mgmt_mesh_add() Smatch Warning: net/bluetooth/mgmt_util.c:375 mgmt_mesh_add() error: __memcpy() 'mesh_tx->param' too small (48 vs 50) Analysis: 'mesh_tx->param' is array of size 48. This is the destination. u8 param[sizeof(struct mgmt_cp_mesh_send) + 29]; // 19 + 29 = 48. But in the caller 'mesh_send' we reject only when len > 50. len > (MGMT_MESH_SEND_SIZE + 31) // 19 + 31 = 50. In the Linux kernel, the ... • https://git.kernel.org/stable/c/b338d91703fae6f6afd67f3f75caa3b8f36ddef3 •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2022-49753 – dmaengine: Fix double increment of client_count in dma_chan_get()
https://notcve.org/view.php?id=CVE-2022-49753
27 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: dmaengine: Fix double increment of client_count in dma_chan_get() The first time dma_chan_get() is called for a channel the channel client_count is incorrectly incremented twice for public channels, first in balance_ref_count(), and again prior to returning. This results in an incorrect client count which will lead to the channel resources not being freed when they should be. A simple test of repeated module load and unload of async_tx on a... • https://git.kernel.org/stable/c/d2f4f99db3e9ec8b063cf2e45704e2bb95428317 • CWE-416: Use After Free •
CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 0CVE-2022-49752 – device property: fix of node refcount leak in fwnode_graph_get_next_endpoint()
https://notcve.org/view.php?id=CVE-2022-49752
27 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: device property: fix of node refcount leak in fwnode_graph_get_next_endpoint() The 'parent' returned by fwnode_graph_get_port_parent() with refcount incremented when 'prev' is not NULL, it needs be put when finish using it. Because the parent is const, introduce a new variable to store the returned fwnode, then put it before returning from fwnode_graph_get_next_endpoint(). In the Linux kernel, the following vulnerability has been resolved: ... • https://git.kernel.org/stable/c/b5b41ab6b0c1bb70fe37a0d193006c969e3b5909 •