CVSS: 7.1EPSS: %CPEs: 5EXPL: 0CVE-2022-49790 – Input: iforce - invert valid length check when fetching device IDs
https://notcve.org/view.php?id=CVE-2022-49790
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: Input: iforce - invert valid length check when fetching device IDs syzbot is reporting uninitialized value at iforce_init_device() [1], for commit 6ac0aec6b0a6 ("Input: iforce - allow callers supply data buffer when fetching device IDs") is checking that valid length is shorter than bytes to read. Since iforce_get_id_packet() stores valid length when returning 0, the caller needs to check that valid length is longer than or equals to bytes ... • https://git.kernel.org/stable/c/6ac0aec6b0a651d64eef759fddf17d9145b51033 •
CVSS: 7.8EPSS: %CPEs: 5EXPL: 0CVE-2022-49789 – scsi: zfcp: Fix double free of FSF request when qdio send fails
https://notcve.org/view.php?id=CVE-2022-49789
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: scsi: zfcp: Fix double free of FSF request when qdio send fails We used to use the wrong type of integer in 'zfcp_fsf_req_send()' to cache the FSF request ID when sending a new FSF request. This is used in case the sending fails and we need to remove the request from our internal hash table again (so we don't keep an invalid reference and use it when we free the request again). In 'zfcp_fsf_req_send()' we used to cache the ID as 'int' (sign... • https://git.kernel.org/stable/c/e60a6d69f1f84c2ef1cc63aefaadfe7ae9f12934 •
CVSS: 7.1EPSS: %CPEs: 8EXPL: 0CVE-2022-49788 – misc/vmw_vmci: fix an infoleak in vmci_host_do_receive_datagram()
https://notcve.org/view.php?id=CVE-2022-49788
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: misc/vmw_vmci: fix an infoleak in vmci_host_do_receive_datagram() `struct vmci_event_qp` allocated by qp_notify_peer() contains padding, which may carry uninitialized data to the userspace, as observed by KMSAN: BUG: KMSAN: kernel-infoleak in instrument_copy_to_user ./include/linux/instrumented.h:121 instrument_copy_to_user ./include/linux/instrumented.h:121 _copy_to_user+0x5f/0xb0 lib/usercopy.c:33 copy_to_user ./include/linux/uaccess.h:16... • https://git.kernel.org/stable/c/06164d2b72aa752ce4633184b3e0d97601017135 •
CVSS: 5.5EPSS: %CPEs: 7EXPL: 0CVE-2022-49787 – mmc: sdhci-pci: Fix possible memory leak caused by missing pci_dev_put()
https://notcve.org/view.php?id=CVE-2022-49787
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: mmc: sdhci-pci: Fix possible memory leak caused by missing pci_dev_put() pci_get_device() will increase the reference count for the returned pci_dev. We need to use pci_dev_put() to decrease the reference count before amd_probe() returns. There is no problem for the 'smbus_dev == NULL' branch because pci_dev_put() can also handle the NULL input parameter case. In the Linux kernel, the following vulnerability has been resolved: mmc: sdhci-pc... • https://git.kernel.org/stable/c/659c9bc114a810b3a3c1e50585cc57f1312a6d60 •
CVSS: 7.1EPSS: %CPEs: 2EXPL: 0CVE-2022-49786 – blk-cgroup: properly pin the parent in blkcg_css_online
https://notcve.org/view.php?id=CVE-2022-49786
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: blk-cgroup: properly pin the parent in blkcg_css_online blkcg_css_online is supposed to pin the blkcg of the parent, but 397c9f46ee4d refactored things and along the way, changed it to pin the css instead. This results in extra pins, and we end up leaking blkcgs and cgroups. In the Linux kernel, the following vulnerability has been resolved: blk-cgroup: properly pin the parent in blkcg_css_online blkcg_css_online is supposed to pin the blkc... • https://git.kernel.org/stable/c/397c9f46ee4d99024c64954b007c1b5762d01cb4 •
CVSS: 7.8EPSS: %CPEs: 3EXPL: 0CVE-2022-49785 – x86/sgx: Add overflow check in sgx_validate_offset_length()
https://notcve.org/view.php?id=CVE-2022-49785
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: x86/sgx: Add overflow check in sgx_validate_offset_length() sgx_validate_offset_length() function verifies "offset" and "length" arguments provided by userspace, but was missing an overflow check on their addition. Add it. In the Linux kernel, the following vulnerability has been resolved: x86/sgx: Add overflow check in sgx_validate_offset_length() sgx_validate_offset_length() function verifies "offset" and "length" arguments provided by us... • https://git.kernel.org/stable/c/c6d26d370767fa227fc44b98a8bdad112efdf563 •
CVSS: 7.1EPSS: %CPEs: 2EXPL: 0CVE-2022-49784 – perf/x86/amd/uncore: Fix memory leak for events array
https://notcve.org/view.php?id=CVE-2022-49784
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: perf/x86/amd/uncore: Fix memory leak for events array When a CPU comes online, the per-CPU NB and LLC uncore contexts are freed but not the events array within the context structure. This causes a memory leak as identified by the kmemleak detector. [...] unreferenced object 0xffff8c5944b8e320 (size 32): comm "swapper/0", pid 1, jiffies 4294670387 (age 151.072s) hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ........ • https://git.kernel.org/stable/c/39621c5808f5dda75d03dc4b2d4d2b13a5a1c34b •
CVSS: 5.5EPSS: %CPEs: 2EXPL: 0CVE-2022-49783 – x86/fpu: Drop fpregs lock before inheriting FPU permissions
https://notcve.org/view.php?id=CVE-2022-49783
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: x86/fpu: Drop fpregs lock before inheriting FPU permissions Mike Galbraith reported the following against an old fork of preempt-rt but the same issue also applies to the current preempt-rt tree. BUG: sleeping function called from invalid context at kernel/locking/spinlock_rt.c:46 in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 1, name: systemd preempt_count: 1, expected: 0 RCU nest depth: 0, expected: 0 Preemption disabled at: fpu_c... • https://git.kernel.org/stable/c/9e798e9aa14c45fb94e47b30bf6347b369ce9df7 •
CVSS: 6.6EPSS: %CPEs: 2EXPL: 0CVE-2022-49782 – perf: Improve missing SIGTRAP checking
https://notcve.org/view.php?id=CVE-2022-49782
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: perf: Improve missing SIGTRAP checking To catch missing SIGTRAP we employ a WARN in __perf_event_overflow(), which fires if pending_sigtrap was already set: returning to user space without consuming pending_sigtrap, and then having the event fire again would re-enter the kernel and trigger the WARN. This, however, seemed to miss the case where some events not associated with progress in the user space task can fire and the interrupt handler... • https://git.kernel.org/stable/c/ca7b0a10287e2733bdafb01ef0d4038536625fe3 •
CVSS: 5.5EPSS: %CPEs: 2EXPL: 0CVE-2022-49781 – perf/x86/amd: Fix crash due to race between amd_pmu_enable_all, perf NMI and throttling
https://notcve.org/view.php?id=CVE-2022-49781
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: perf/x86/amd: Fix crash due to race between amd_pmu_enable_all, perf NMI and throttling amd_pmu_enable_all() does: if (!test_bit(idx, cpuc->active_mask)) continue; amd_pmu_enable_event(cpuc->events[idx]); A perf NMI of another event can come between these two steps. Perf NMI handler internally disables and enables _all_ events, including the one which nmi-intercepted amd_pmu_enable_all() was in process of enabling. If that unintentionally e... • https://git.kernel.org/stable/c/ada543459cab7f653dcacdaba4011a8bb19c627c •