CVSS: 6.6EPSS: 0%CPEs: 2EXPL: 0CVE-2022-49886 – x86/tdx: Panic on bad configs that #VE on "private" memory access
https://notcve.org/view.php?id=CVE-2022-49886
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: x86/tdx: Panic on bad configs that #VE on "private" memory access All normal kernel memory is "TDX private memory". This includes everything from kernel stacks to kernel text. Handling exceptions on arbitrary accesses to kernel memory is essentially impossible because they can happen in horribly nasty places like kernel entry/exit. But, TDX hardware can theoretically _deliver_ a virtualization exception (#VE) on any access to private memory... • https://git.kernel.org/stable/c/9a22bf6debbf5169f750af53c7f86eb4e3cd6712 •
CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 0CVE-2022-49885 – ACPI: APEI: Fix integer overflow in ghes_estatus_pool_init()
https://notcve.org/view.php?id=CVE-2022-49885
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: ACPI: APEI: Fix integer overflow in ghes_estatus_pool_init() Change num_ghes from int to unsigned int, preventing an overflow and causing subsequent vmalloc() to fail. The overflow happens in ghes_estatus_pool_init() when calculating len during execution of the statement below as both multiplication operands here are signed int: len += (num_ghes * GHES_ESOURCE_PREALLOC_MAX_SIZE); The following call trace is observed because of this bug: [ 9... • https://git.kernel.org/stable/c/9edf20e5a1d805855e78f241cf221d741b50d482 •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-49884 – KVM: Initialize gfn_to_pfn_cache locks in dedicated helper
https://notcve.org/view.php?id=CVE-2022-49884
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: KVM: Initialize gfn_to_pfn_cache locks in dedicated helper Move the gfn_to_pfn_cache lock initialization to another helper and call the new helper during VM/vCPU creation. There are race conditions possible due to kvm_gfn_to_pfn_cache_init()'s ability to re-initialize the cache's locks. For example: a race between ioctl(KVM_XEN_HVM_EVTCHN_SEND) and kvm_gfn_to_pfn_cache_init() leads to a corrupted shinfo gpc lock. (thread 1) | (thread 2) | k... • https://git.kernel.org/stable/c/982ed0de4753ed6e71dbd40f82a5a066baf133ed •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2022-49883 – KVM: x86: smm: number of GPRs in the SMRAM image depends on the image format
https://notcve.org/view.php?id=CVE-2022-49883
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: KVM: x86: smm: number of GPRs in the SMRAM image depends on the image format On 64 bit host, if the guest doesn't have X86_FEATURE_LM, KVM will access 16 gprs to 32-bit smram image, causing out-ouf-bound ram access. On 32 bit host, the rsm_load_state_64/enter_smm_save_state_64 is compiled out, thus access overflow can't happen. In the Linux kernel, the following vulnerability has been resolved: KVM: x86: smm: number of GPRs in the SMRAM ima... • https://git.kernel.org/stable/c/b443183a25ab61840a12de92f8822849e017b9c8 •
CVSS: 4.7EPSS: 0%CPEs: 2EXPL: 0CVE-2022-49882 – KVM: Reject attempts to consume or refresh inactive gfn_to_pfn_cache
https://notcve.org/view.php?id=CVE-2022-49882
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: KVM: Reject attempts to consume or refresh inactive gfn_to_pfn_cache Reject kvm_gpc_check() and kvm_gpc_refresh() if the cache is inactive. Not checking the active flag during refresh is particularly egregious, as KVM can end up with a valid, inactive cache, which can lead to a variety of use-after-free bugs, e.g. consuming a NULL kernel pointer or missing an mmu_notifier invalidation due to the cache not being on the list of gfns to invali... • https://git.kernel.org/stable/c/982ed0de4753ed6e71dbd40f82a5a066baf133ed •
CVSS: 8.5EPSS: 0%CPEs: 6EXPL: 0CVE-2022-49881 – wifi: cfg80211: fix memory leak in query_regdb_file()
https://notcve.org/view.php?id=CVE-2022-49881
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: fix memory leak in query_regdb_file() In the function query_regdb_file() the alpha2 parameter is duplicated using kmemdup() and subsequently freed in regdb_fw_cb(). However, request_firmware_nowait() can fail without calling regdb_fw_cb() and thus leak memory. In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: fix memory leak in query_regdb_file() In the function query_regdb_file() the alpha2... • https://git.kernel.org/stable/c/007f6c5e6eb45c81ee89368a5f226572ae638831 •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2022-49880 – ext4: fix warning in 'ext4_da_release_space'
https://notcve.org/view.php?id=CVE-2022-49880
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: ext4: fix warning in 'ext4_da_release_space' Syzkaller report issue as follows: EXT4-fs (loop0): Free/Dirty block details EXT4-fs (loop0): free_blocks=0 EXT4-fs (loop0): dirty_blocks=0 EXT4-fs (loop0): Block reservation details EXT4-fs (loop0): i_reserved_data_blocks=0 EXT4-fs warning (device loop0): ext4_da_release_space:1527: ext4_da_release_space: ino 18, to_free 1 with only 0 reserved data blocks ------------[ cut here ]------------ WAR... • https://git.kernel.org/stable/c/0de5ee103747fd3a24f1c010c79caabe35e8f0bb •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2022-49879 – ext4: fix BUG_ON() when directory entry has invalid rec_len
https://notcve.org/view.php?id=CVE-2022-49879
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: ext4: fix BUG_ON() when directory entry has invalid rec_len The rec_len field in the directory entry has to be a multiple of 4. A corrupted filesystem image can be used to hit a BUG() in ext4_rec_len_to_disk(), called from make_indexed_dir(). ------------[ cut here ]------------ kernel BUG at fs/ext4/ext4.h:2413! ... RIP: 0010:make_indexed_dir+0x53f/0x5f0 ... Call Trace: <TASK> ? • https://git.kernel.org/stable/c/2fa24d0274fbf913b56ee31f15bc01168669d909 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-49878 – bpf, verifier: Fix memory leak in array reallocation for stack state
https://notcve.org/view.php?id=CVE-2022-49878
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: bpf, verifier: Fix memory leak in array reallocation for stack state If an error (NULL) is returned by krealloc(), callers of realloc_array() were setting their allocation pointers to NULL, but on error krealloc() does not touch the original allocation. This would result in a memory resource leak. Instead, free the old allocation on the error handling path. The memory leak information is as follows as also reported by Zhengchao: unreference... • https://git.kernel.org/stable/c/c69431aab67a912836e5831f03d99a819c14c9c3 •
CVSS: 6.6EPSS: 0%CPEs: 7EXPL: 0CVE-2022-49877 – bpf, sockmap: Fix the sk->sk_forward_alloc warning of sk_stream_kill_queues
https://notcve.org/view.php?id=CVE-2022-49877
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: bpf, sockmap: Fix the sk->sk_forward_alloc warning of sk_stream_kill_queues When running `test_sockmap` selftests, the following warning appears: WARNING: CPU: 2 PID: 197 at net/core/stream.c:205 sk_stream_kill_queues+0xd3/0xf0 Call Trace: