CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2022-49295 – nbd: call genl_unregister_family() first in nbd_cleanup()
https://notcve.org/view.php?id=CVE-2022-49295
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: nbd: call genl_unregister_family() first in nbd_cleanup() Otherwise there may be race between module removal and the handling of netlink command, which can lead to the oops as shown below: BUG: kernel NULL pointer dereference, address: 0000000000000098 Oops: 0002 [#1] SMP PTI CPU: 1 PID: 31299 Comm: nbd-client Tainted: G E 5.14.0-rc4 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996) RIP: 0010:down_write+0x1a/0x50 Call Trace: start_creat... • https://git.kernel.org/stable/c/8a1435c862ea09b06be7acda325128dc08458e25 •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2022-49294 – drm/amd/display: Check if modulo is 0 before dividing.
https://notcve.org/view.php?id=CVE-2022-49294
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Check if modulo is 0 before dividing. [How & Why] If a value of 0 is read, then this will cause a divide-by-0 panic. • https://git.kernel.org/stable/c/10ef82d6e0af5536ec64770c07f6bbabfdd6977c •
CVSS: -EPSS: 0%CPEs: 7EXPL: 0CVE-2022-49292 – ALSA: oss: Fix PCM OSS buffer allocation overflow
https://notcve.org/view.php?id=CVE-2022-49292
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: ALSA: oss: Fix PCM OSS buffer allocation overflow We've got syzbot reports hitting INT_MAX overflow at vmalloc() allocation that is called from snd_pcm_plug_alloc(). Although we apply the restrictions to input parameters, it's based only on the hw_params of the underlying PCM device. Since the PCM OSS layer allocates a temporary buffer for the data conversion, the size may become unexpectedly large when more channels or higher rates is give... • https://git.kernel.org/stable/c/a63af1baf0a5e11827db60e3127f87e437cab6e5 •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2022-49291 – ALSA: pcm: Fix races among concurrent hw_params and hw_free calls
https://notcve.org/view.php?id=CVE-2022-49291
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: ALSA: pcm: Fix races among concurrent hw_params and hw_free calls Currently we have neither proper check nor protection against the concurrent calls of PCM hw_params and hw_free ioctls, which may result in a UAF. Since the existing PCM stream lock can't be used for protecting the whole ioctl operations, we need a new mutex to protect those racy calls. This patch introduced a new mutex, runtime->buffer_mutex, and applies it to both hw_params... • https://git.kernel.org/stable/c/a42aa926843acca96c0dfbde2e835b8137f2f092 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2022-49288 – ALSA: pcm: Fix races among concurrent prealloc proc writes
https://notcve.org/view.php?id=CVE-2022-49288
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: ALSA: pcm: Fix races among concurrent prealloc proc writes We have no protection against concurrent PCM buffer preallocation changes via proc files, and it may potentially lead to UAF or some weird problem. This patch applies the PCM open_mutex to the proc write operation for avoiding the racy proc writes and the PCM stream open (and further operations). In the Linux kernel, the following vulnerability has been resolved: ALSA: pcm: Fix race... • https://git.kernel.org/stable/c/e7786c445bb67a9a6e64f66ebd6b7215b153ff7d • CWE-416: Use After Free •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2022-49281 – cifs: fix handlecache and multiuser
https://notcve.org/view.php?id=CVE-2022-49281
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: cifs: fix handlecache and multiuser In multiuser each individual user has their own tcon structure for the share and thus their own handle for a cached directory. When we umount such a share we much make sure to release the pinned down dentry for each such tcon and not just the master tcon. Otherwise we will get nasty warnings on umount that dentries are still in use: [ 3459.590047] BUG: Dentry 00000000115c6f41{i=12000000019d95,n=/} still i... • https://git.kernel.org/stable/c/2fafbc198613823943c106d1ec9b516da692059f •
CVSS: -EPSS: 0%CPEs: 9EXPL: 0CVE-2022-49280 – NFSD: prevent underflow in nfssvc_decode_writeargs()
https://notcve.org/view.php?id=CVE-2022-49280
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: NFSD: prevent underflow in nfssvc_decode_writeargs() Smatch complains: fs/nfsd/nfsxdr.c:341 nfssvc_decode_writeargs() warn: no lower bound on 'args->len' Change the type to unsigned to prevent this issue. • https://git.kernel.org/stable/c/1a33e0de60feda402d05ac8a6cf409c19ea3e0b3 •
CVSS: -EPSS: 0%CPEs: 7EXPL: 0CVE-2022-49279 – NFSD: prevent integer overflow on 32 bit systems
https://notcve.org/view.php?id=CVE-2022-49279
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: NFSD: prevent integer overflow on 32 bit systems On a 32 bit system, the "len * sizeof(*p)" operation can have an integer overflow. • https://git.kernel.org/stable/c/3a2789e8ccb4a3e2a631f6817a2d3bb98b8c4fd8 •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2022-49271 – cifs: prevent bad output lengths in smb2_ioctl_query_info()
https://notcve.org/view.php?id=CVE-2022-49271
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: cifs: prevent bad output lengths in smb2_ioctl_query_info() When calling smb2_ioctl_query_info() with smb_query_info::flags=PASSTHRU_FSCTL and smb_query_info::output_buffer_length=0, the following would return 0x10 buffer = memdup_user(arg + sizeof(struct smb_query_info), qi.output_buffer_length); if (IS_ERR(buffer)) { kfree(vars); return PTR_ERR(buffer); } rather than a valid pointer thus making IS_ERR() check fail. This would then cause a... • https://git.kernel.org/stable/c/9963ccea6087268e1275b992dca5d0dd4b938765 •
CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2022-49267 – mmc: core: use sysfs_emit() instead of sprintf()
https://notcve.org/view.php?id=CVE-2022-49267
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: mmc: core: use sysfs_emit() instead of sprintf() sprintf() (still used in the MMC core for the sysfs output) is vulnerable to the buffer overflow. Use the new-fangled sysfs_emit() instead. Found by Linux Verification Center (linuxtesting.org) with the SVACE static analysis tool. • https://git.kernel.org/stable/c/659ca56b5415c7a1d05e185c36fad80ba165d063 •