CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-49889 – ring-buffer: Check for NULL cpu_buffer in ring_buffer_wake_waiters()
https://notcve.org/view.php?id=CVE-2022-49889
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: ring-buffer: Check for NULL cpu_buffer in ring_buffer_wake_waiters() On some machines the number of listed CPUs may be bigger than the actual CPUs that exist. The tracing subsystem allocates a per_cpu directory with access to the per CPU ring buffer via a cpuX file. But to save space, the ring buffer will only allocate buffers for online CPUs, even though the CPU array will be as big as the nr_cpu_ids. With the addition of waking waiters on... • https://git.kernel.org/stable/c/2475de2bc0de17fb1b24c5e90194f84b5ca70d3e •
CVSS: 7.2EPSS: 0%CPEs: 3EXPL: 0CVE-2022-49888 – arm64: entry: avoid kprobe recursion
https://notcve.org/view.php?id=CVE-2022-49888
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: arm64: entry: avoid kprobe recursion The cortex_a76_erratum_1463225_debug_handler() function is called when handling debug exceptions (and synchronous exceptions from BRK instructions), and so is called when a probed function executes. If the compiler does not inline cortex_a76_erratum_1463225_debug_handler(), it can be probed. If cortex_a76_erratum_1463225_debug_handler() is probed, any debug exception or software breakpoint exception will... • https://git.kernel.org/stable/c/6459b8469753e9feaa8b34691d097cffad905931 •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2022-49887 – media: meson: vdec: fix possible refcount leak in vdec_probe()
https://notcve.org/view.php?id=CVE-2022-49887
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: media: meson: vdec: fix possible refcount leak in vdec_probe() v4l2_device_unregister need to be called to put the refcount got by v4l2_device_register when vdec_probe fails or vdec_remove is called. In the Linux kernel, the following vulnerability has been resolved: media: meson: vdec: fix possible refcount leak in vdec_probe() v4l2_device_unregister need to be called to put the refcount got by v4l2_device_register when vdec_probe fails or... • https://git.kernel.org/stable/c/70119756311a0be3b95bec2e1ba714673e90feba •
CVSS: 6.6EPSS: 0%CPEs: 2EXPL: 0CVE-2022-49886 – x86/tdx: Panic on bad configs that #VE on "private" memory access
https://notcve.org/view.php?id=CVE-2022-49886
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: x86/tdx: Panic on bad configs that #VE on "private" memory access All normal kernel memory is "TDX private memory". This includes everything from kernel stacks to kernel text. Handling exceptions on arbitrary accesses to kernel memory is essentially impossible because they can happen in horribly nasty places like kernel entry/exit. But, TDX hardware can theoretically _deliver_ a virtualization exception (#VE) on any access to private memory... • https://git.kernel.org/stable/c/9a22bf6debbf5169f750af53c7f86eb4e3cd6712 •
CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 0CVE-2022-49885 – ACPI: APEI: Fix integer overflow in ghes_estatus_pool_init()
https://notcve.org/view.php?id=CVE-2022-49885
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: ACPI: APEI: Fix integer overflow in ghes_estatus_pool_init() Change num_ghes from int to unsigned int, preventing an overflow and causing subsequent vmalloc() to fail. The overflow happens in ghes_estatus_pool_init() when calculating len during execution of the statement below as both multiplication operands here are signed int: len += (num_ghes * GHES_ESOURCE_PREALLOC_MAX_SIZE); The following call trace is observed because of this bug: [ 9... • https://git.kernel.org/stable/c/9edf20e5a1d805855e78f241cf221d741b50d482 •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-49884 – KVM: Initialize gfn_to_pfn_cache locks in dedicated helper
https://notcve.org/view.php?id=CVE-2022-49884
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: KVM: Initialize gfn_to_pfn_cache locks in dedicated helper Move the gfn_to_pfn_cache lock initialization to another helper and call the new helper during VM/vCPU creation. There are race conditions possible due to kvm_gfn_to_pfn_cache_init()'s ability to re-initialize the cache's locks. For example: a race between ioctl(KVM_XEN_HVM_EVTCHN_SEND) and kvm_gfn_to_pfn_cache_init() leads to a corrupted shinfo gpc lock. (thread 1) | (thread 2) | k... • https://git.kernel.org/stable/c/982ed0de4753ed6e71dbd40f82a5a066baf133ed •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2022-49883 – KVM: x86: smm: number of GPRs in the SMRAM image depends on the image format
https://notcve.org/view.php?id=CVE-2022-49883
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: KVM: x86: smm: number of GPRs in the SMRAM image depends on the image format On 64 bit host, if the guest doesn't have X86_FEATURE_LM, KVM will access 16 gprs to 32-bit smram image, causing out-ouf-bound ram access. On 32 bit host, the rsm_load_state_64/enter_smm_save_state_64 is compiled out, thus access overflow can't happen. In the Linux kernel, the following vulnerability has been resolved: KVM: x86: smm: number of GPRs in the SMRAM ima... • https://git.kernel.org/stable/c/b443183a25ab61840a12de92f8822849e017b9c8 •
CVSS: 4.7EPSS: 0%CPEs: 2EXPL: 0CVE-2022-49882 – KVM: Reject attempts to consume or refresh inactive gfn_to_pfn_cache
https://notcve.org/view.php?id=CVE-2022-49882
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: KVM: Reject attempts to consume or refresh inactive gfn_to_pfn_cache Reject kvm_gpc_check() and kvm_gpc_refresh() if the cache is inactive. Not checking the active flag during refresh is particularly egregious, as KVM can end up with a valid, inactive cache, which can lead to a variety of use-after-free bugs, e.g. consuming a NULL kernel pointer or missing an mmu_notifier invalidation due to the cache not being on the list of gfns to invali... • https://git.kernel.org/stable/c/982ed0de4753ed6e71dbd40f82a5a066baf133ed •
CVSS: 8.5EPSS: 0%CPEs: 6EXPL: 0CVE-2022-49881 – wifi: cfg80211: fix memory leak in query_regdb_file()
https://notcve.org/view.php?id=CVE-2022-49881
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: fix memory leak in query_regdb_file() In the function query_regdb_file() the alpha2 parameter is duplicated using kmemdup() and subsequently freed in regdb_fw_cb(). However, request_firmware_nowait() can fail without calling regdb_fw_cb() and thus leak memory. In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: fix memory leak in query_regdb_file() In the function query_regdb_file() the alpha2... • https://git.kernel.org/stable/c/007f6c5e6eb45c81ee89368a5f226572ae638831 •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2022-49880 – ext4: fix warning in 'ext4_da_release_space'
https://notcve.org/view.php?id=CVE-2022-49880
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: ext4: fix warning in 'ext4_da_release_space' Syzkaller report issue as follows: EXT4-fs (loop0): Free/Dirty block details EXT4-fs (loop0): free_blocks=0 EXT4-fs (loop0): dirty_blocks=0 EXT4-fs (loop0): Block reservation details EXT4-fs (loop0): i_reserved_data_blocks=0 EXT4-fs warning (device loop0): ext4_da_release_space:1527: ext4_da_release_space: ino 18, to_free 1 with only 0 reserved data blocks ------------[ cut here ]------------ WAR... • https://git.kernel.org/stable/c/0de5ee103747fd3a24f1c010c79caabe35e8f0bb •