CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-50003 – ice: xsk: prohibit usage of non-balanced queue id
https://notcve.org/view.php?id=CVE-2022-50003
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: ice: xsk: prohibit usage of non-balanced queue id Fix the following scenario: 1. ethtool -L $IFACE rx 8 tx 96 2. xdpsock -q 10 -t -z Above refers to a case where user would like to attach XSK socket in txonly mode at a queue id that does not have a corresponding Rx queue. At this moment ice's XSK logic is tightly bound to act on a "queue pair", e.g. both Tx and Rx queues at a given queue id are disabled/enabled and both of them will get XSK... • https://git.kernel.org/stable/c/2d4238f5569722197612656163d824098208519c •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2022-50001 – netfilter: nft_tproxy: restrict to prerouting hook
https://notcve.org/view.php?id=CVE-2022-50001
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_tproxy: restrict to prerouting hook TPROXY is only allowed from prerouting, but nft_tproxy doesn't check this. This fixes a crash (null dereference) when using tproxy from e.g. output. In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_tproxy: restrict to prerouting hook TPROXY is only allowed from prerouting, but nft_tproxy doesn't check this. This fixes a crash (null dereference) when using t... • https://git.kernel.org/stable/c/4ed8eb6570a49931c705512060acd50058d61616 •
CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 0CVE-2022-50000 – netfilter: flowtable: fix stuck flows on cleanup due to pending work
https://notcve.org/view.php?id=CVE-2022-50000
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: netfilter: flowtable: fix stuck flows on cleanup due to pending work To clear the flow table on flow table free, the following sequence normally happens in order: 1) gc_step work is stopped to disable any further stats/del requests. 2) All flow table entries are set to teardown state. 3) Run gc_step which will queue HW del work for each flow table entry. 4) Waiting for the above del work to finish (flush). 5) Run gc_step again, deleting all... • https://git.kernel.org/stable/c/c29f74e0df7a02b8303bcdce93a7c0132d62577a •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-49998 – rxrpc: Fix locking in rxrpc's sendmsg
https://notcve.org/view.php?id=CVE-2022-49998
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix locking in rxrpc's sendmsg Fix three bugs in the rxrpc's sendmsg implementation: (1) rxrpc_new_client_call() should release the socket lock when returning an error from rxrpc_get_call_slot(). (2) rxrpc_wait_for_tx_window_intr() will return without the call mutex held in the event that we're interrupted by a signal whilst waiting for tx space on the socket or relocking the call mutex afterwards. Fix this by: (a) moving the unlock/... • https://git.kernel.org/stable/c/bc5e3a546d553e5223851fc199e69040eb70f68b •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2022-49997 – net: lantiq_xrx200: restore buffer if memory allocation failed
https://notcve.org/view.php?id=CVE-2022-49997
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: net: lantiq_xrx200: restore buffer if memory allocation failed In a situation where memory allocation fails, an invalid buffer address is stored. When this descriptor is used again, the system panics in the build_skb() function when accessing memory. In the Linux kernel, the following vulnerability has been resolved: net: lantiq_xrx200: restore buffer if memory allocation failed In a situation where memory allocation fails, an invalid buffe... • https://git.kernel.org/stable/c/7ea6cd16f1599c1eac6018751eadbc5fc736b99a •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2022-49993 – loop: Check for overflow while configuring loop
https://notcve.org/view.php?id=CVE-2022-49993
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: loop: Check for overflow while configuring loop The userspace can configure a loop using an ioctl call, wherein a configuration of type loop_config is passed (see lo_ioctl()'s case on line 1550 of drivers/block/loop.c). This proceeds to call loop_configure() which in turn calls loop_set_status_from_info() (see line 1050 of loop.c), passing &config->info which is of type loop_info64*. This function then sets the appropriate values, like the ... • https://git.kernel.org/stable/c/18e28817cb516b39de6281f6db9b0618b2cc7b42 •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2022-49990 – s390: fix double free of GS and RI CBs on fork() failure
https://notcve.org/view.php?id=CVE-2022-49990
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: s390: fix double free of GS and RI CBs on fork() failure The pointers for guarded storage and runtime instrumentation control blocks are stored in the thread_struct of the associated task. These pointers are initially copied on fork() via arch_dup_task_struct() and then cleared via copy_thread() before fork() returns. If fork() happens to fail after the initial task dup and before copy_thread(), the newly allocated task and associated threa... • https://git.kernel.org/stable/c/8d9047f8b967ce6181fd824ae922978e1b055cc0 •
CVSS: 5.6EPSS: 0%CPEs: 4EXPL: 0CVE-2022-49989 – xen/privcmd: fix error exit of privcmd_ioctl_dm_op()
https://notcve.org/view.php?id=CVE-2022-49989
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: xen/privcmd: fix error exit of privcmd_ioctl_dm_op() The error exit of privcmd_ioctl_dm_op() is calling unlock_pages() potentially with pages being NULL, leading to a NULL dereference. Additionally lock_pages() doesn't check for pin_user_pages_fast() having been completely successful, resulting in potentially not locking all pages into memory. This could result in sporadic failures when using the related memory in user mode. Fix all of that... • https://git.kernel.org/stable/c/ab520be8cd5d56867fc95cfbc34b90880faf1f9d •
CVSS: 7.1EPSS: 0%CPEs: 7EXPL: 0CVE-2022-49987 – md: call __md_stop_writes in md_stop
https://notcve.org/view.php?id=CVE-2022-49987
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: md: call __md_stop_writes in md_stop From the link [1], we can see raid1d was running even after the path raid_dtr -> md_stop -> __md_stop. Let's stop write first in destructor to align with normal md-raid to fix the KASAN issue. [1]. https://lore.kernel.org/linux-raid/CAPhsuW5gc4AakdGNdF8ubpezAuDLFOYUO_sfMZcec6hQFm8nhg@mail.gmail.com/T/#m7f12bf90481c02c6d2da68c64aeed4779b7df74a In the Linux kernel, the following vulnerability has been reso... • https://git.kernel.org/stable/c/48df498daf62e1292868005675331929305067f0 •
CVSS: 6.3EPSS: 0%CPEs: 6EXPL: 0CVE-2022-49986 – scsi: storvsc: Remove WQ_MEM_RECLAIM from storvsc_error_wq
https://notcve.org/view.php?id=CVE-2022-49986
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: scsi: storvsc: Remove WQ_MEM_RECLAIM from storvsc_error_wq storvsc_error_wq workqueue should not be marked as WQ_MEM_RECLAIM as it doesn't need to make forward progress under memory pressure. Marking this workqueue as WQ_MEM_RECLAIM may cause deadlock while flushing a non-WQ_MEM_RECLAIM workqueue. In the current state it causes the following warning: [ 14.506347] ------------[ cut here ]------------ [ 14.506354] workqueue: WQ_MEM_RECLAIM st... • https://git.kernel.org/stable/c/436ad941335386c5fc7faa915a8fbdfe8c908084 •