CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2022-49573 – tcp: Fix a data-race around sysctl_tcp_early_retrans.
https://notcve.org/view.php?id=CVE-2022-49573
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: tcp: Fix a data-race around sysctl_tcp_early_retrans. While reading sysctl_tcp_early_retrans, it can be changed concurrently. Thus, we need to add READ_ONCE() to its reader. In the Linux kernel, the following vulnerability has been resolved: tcp: Fix a data-race around sysctl_tcp_early_retrans. While reading sysctl_tcp_early_retrans, it can be changed concurrently. Thus, we need to add READ_ONCE() to its reader. • https://git.kernel.org/stable/c/eed530b6c67624db3f2cf477bac7c4d005d8f7ba •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2022-49572 – tcp: Fix data-races around sysctl_tcp_slow_start_after_idle.
https://notcve.org/view.php?id=CVE-2022-49572
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: tcp: Fix data-races around sysctl_tcp_slow_start_after_idle. While reading sysctl_tcp_slow_start_after_idle, it can be changed concurrently. Thus, we need to add READ_ONCE() to its readers. In the Linux kernel, the following vulnerability has been resolved: tcp: Fix data-races around sysctl_tcp_slow_start_after_idle. While reading sysctl_tcp_slow_start_after_idle, it can be changed concurrently. • https://git.kernel.org/stable/c/35089bb203f44e33b6bbb6c4de0b0708f9a48921 •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2022-49571 – tcp: Fix data-races around sysctl_tcp_max_reordering.
https://notcve.org/view.php?id=CVE-2022-49571
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: tcp: Fix data-races around sysctl_tcp_max_reordering. While reading sysctl_tcp_max_reordering, it can be changed concurrently. Thus, we need to add READ_ONCE() to its readers. In the Linux kernel, the following vulnerability has been resolved: tcp: Fix data-races around sysctl_tcp_max_reordering. While reading sysctl_tcp_max_reordering, it can be changed concurrently. • https://git.kernel.org/stable/c/dca145ffaa8d39ea1904491ac81b92b7049372c0 •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2022-49568 – KVM: Don't null dereference ops->destroy
https://notcve.org/view.php?id=CVE-2022-49568
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: KVM: Don't null dereference ops->destroy A KVM device cleanup happens in either of two callbacks: 1) destroy() which is called when the VM is being destroyed; 2) release() which is called when a device fd is closed. Most KVM devices use 1) but Book3s's interrupt controller KVM devices (XICS, XIVE, XIVE-native) use 2) as they need to close and reopen during the machine execution. The error handling in kvm_ioctl_create_device() assumes destro... • https://git.kernel.org/stable/c/170465715a60cbb7876e6b961b21bd3225469da8 •
CVSS: 7.0EPSS: 0%CPEs: 8EXPL: 0CVE-2022-49567 – mm/mempolicy: fix uninit-value in mpol_rebind_policy()
https://notcve.org/view.php?id=CVE-2022-49567
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: mm/mempolicy: fix uninit-value in mpol_rebind_policy() mpol_set_nodemask()(mm/mempolicy.c) does not set up nodemask when pol->mode is MPOL_LOCAL. Check pol->mode before access pol->w.cpuset_mems_allowed in mpol_rebind_policy()(mm/mempolicy.c). BUG: KMSAN: uninit-value in mpol_rebind_policy mm/mempolicy.c:352 [inline] BUG: KMSAN: uninit-value in mpol_rebind_task+0x2ac/0x2c0 mm/mempolicy.c:368 mpol_rebind_policy mm/mempolicy.c:352 [inline] mp... • https://git.kernel.org/stable/c/5735845906fb1d90fe597f8b503fc0a857d475e3 •
CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 0CVE-2022-49566 – crypto: qat - fix memory leak in RSA
https://notcve.org/view.php?id=CVE-2022-49566
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: crypto: qat - fix memory leak in RSA When an RSA key represented in form 2 (as defined in PKCS #1 V2.1) is used, some components of the private key persist even after the TFM is released. Replace the explicit calls to free the buffers in qat_rsa_exit_tfm() with a call to qat_rsa_clear_ctx() which frees all buffers referenced in the TFM context. In the Linux kernel, the following vulnerability has been resolved: crypto: qat - fix memory leak... • https://git.kernel.org/stable/c/879f77e9071f029e1c9bd5a75814ecf51370f846 •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2022-49564 – crypto: qat - add param check for DH
https://notcve.org/view.php?id=CVE-2022-49564
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: crypto: qat - add param check for DH Reject requests with a source buffer that is bigger than the size of the key. This is to prevent a possible integer underflow that might happen when copying the source scatterlist into a linear buffer. In the Linux kernel, the following vulnerability has been resolved: crypto: qat - add param check for DH Reject requests with a source buffer that is bigger than the size of the key. This is to prevent a p... • https://git.kernel.org/stable/c/e7f979ed51f96495328157df663c835b17db1e30 •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2022-49563 – crypto: qat - add param check for RSA
https://notcve.org/view.php?id=CVE-2022-49563
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: crypto: qat - add param check for RSA Reject requests with a source buffer that is bigger than the size of the key. This is to prevent a possible integer underflow that might happen when copying the source scatterlist into a linear buffer. In the Linux kernel, the following vulnerability has been resolved: crypto: qat - add param check for RSA Reject requests with a source buffer that is bigger than the size of the key. This is to prevent a... • https://git.kernel.org/stable/c/4d6d2adce08788b7667a6e58002682ea1bbf6a79 •
CVSS: 6.3EPSS: 0%CPEs: 8EXPL: 0CVE-2022-49561 – netfilter: conntrack: re-fetch conntrack after insertion
https://notcve.org/view.php?id=CVE-2022-49561
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: netfilter: conntrack: re-fetch conntrack after insertion In case the conntrack is clashing, insertion can free skb->_nfct and set skb->_nfct to the already-confirmed entry. This wasn't found before because the conntrack entry and the extension space used to free'd after an rcu grace period, plus the race needs events enabled to trigger. In the Linux kernel, the following vulnerability has been resolved: netfilter: conntrack: re-fetch conntr... • https://git.kernel.org/stable/c/71d8c47fc653711c41bc3282e5b0e605b3727956 •
CVSS: 5.6EPSS: 0%CPEs: 5EXPL: 0CVE-2022-49555 – Bluetooth: hci_qca: Use del_timer_sync() before freeing
https://notcve.org/view.php?id=CVE-2022-49555
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_qca: Use del_timer_sync() before freeing While looking at a crash report on a timer list being corrupted, which usually happens when a timer is freed while still active. This is commonly triggered by code calling del_timer() instead of del_timer_sync() just before freeing. One possible culprit is the hci_qca driver, which does exactly that. Eric mentioned that wake_retrans_timer could be rearmed via the work queue, so also mo... • https://git.kernel.org/stable/c/0ff252c1976da5d80db1377eb39b551931e61826 •