CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2022-49592 – net: stmmac: fix dma queue left shift overflow issue
https://notcve.org/view.php?id=CVE-2022-49592
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: net: stmmac: fix dma queue left shift overflow issue When queue number is > 4, left shift overflows due to 32 bits integer variable. Mask calculation is wrong for MTL_RXQ_DMA_MAP1. If CONFIG_UBSAN is enabled, kernel dumps below warning: [ 10.363842] ================================================================== [ 10.363882] UBSAN: shift-out-of-bounds in /build/linux-intel-iotg-5.15-8e6Tf4/ linux-intel-iotg-5.15-5.15.0/drivers/net/ethern... • https://git.kernel.org/stable/c/d43042f4da3e1c2e4ccac3b1d9153cb0798533a4 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2022-49590 – igmp: Fix data-races around sysctl_igmp_llm_reports.
https://notcve.org/view.php?id=CVE-2022-49590
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: igmp: Fix data-races around sysctl_igmp_llm_reports. While reading sysctl_igmp_llm_reports, it can be changed concurrently. Thus, we need to add READ_ONCE() to its readers. This test can be packed into a helper, so such changes will be in the follow-up series after net is merged into net-next. if (ipv4_is_local_multicast(pmc->multiaddr) && !READ_ONCE(net->ipv4.sysctl_igmp_llm_reports)) In the Linux kernel, the following vulnerability has be... • https://git.kernel.org/stable/c/df2cf4a78e488d26728590cb3c6b4fe4c4862c77 •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2022-49589 – igmp: Fix data-races around sysctl_igmp_qrv.
https://notcve.org/view.php?id=CVE-2022-49589
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: igmp: Fix data-races around sysctl_igmp_qrv. While reading sysctl_igmp_qrv, it can be changed concurrently. Thus, we need to add READ_ONCE() to its readers. This test can be packed into a helper, so such changes will be in the follow-up series after net is merged into net-next. qrv ?: READ_ONCE(net->ipv4.sysctl_igmp_qrv); In the Linux kernel, the following vulnerability has been resolved: igmp: Fix data-races around sysctl_igmp_qrv. While r... • https://git.kernel.org/stable/c/a9fe8e29945d56f35235a3a0fba99b4cf181d211 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2022-49587 – tcp: Fix a data-race around sysctl_tcp_notsent_lowat.
https://notcve.org/view.php?id=CVE-2022-49587
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: tcp: Fix a data-race around sysctl_tcp_notsent_lowat. While reading sysctl_tcp_notsent_lowat, it can be changed concurrently. Thus, we need to add READ_ONCE() to its reader. In the Linux kernel, the following vulnerability has been resolved: tcp: Fix a data-race around sysctl_tcp_notsent_lowat. While reading sysctl_tcp_notsent_lowat, it can be changed concurrently. Thus, we need to add READ_ONCE() to its reader. • https://git.kernel.org/stable/c/c9bee3b7fdecb0c1d070c7b54113b3bdfb9a3d36 •
CVSS: 7.1EPSS: 0%CPEs: 6EXPL: 0CVE-2022-49586 – tcp: Fix data-races around sysctl_tcp_fastopen.
https://notcve.org/view.php?id=CVE-2022-49586
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: tcp: Fix data-races around sysctl_tcp_fastopen. While reading sysctl_tcp_fastopen, it can be changed concurrently. Thus, we need to add READ_ONCE() to its readers. In the Linux kernel, the following vulnerability has been resolved: tcp: Fix data-races around sysctl_tcp_fastopen. While reading sysctl_tcp_fastopen, it can be changed concurrently. Thus, we need to add READ_ONCE() to its readers. • https://git.kernel.org/stable/c/2100c8d2d9db23c0a09901a782bb4e3b21bee298 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-49585 – tcp: Fix data-races around sysctl_tcp_fastopen_blackhole_timeout.
https://notcve.org/view.php?id=CVE-2022-49585
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: tcp: Fix data-races around sysctl_tcp_fastopen_blackhole_timeout. While reading sysctl_tcp_fastopen_blackhole_timeout, it can be changed concurrently. Thus, we need to add READ_ONCE() to its readers. In the Linux kernel, the following vulnerability has been resolved: tcp: Fix data-races around sysctl_tcp_fastopen_blackhole_timeout. While reading sysctl_tcp_fastopen_blackhole_timeout, it can be changed concurrently. • https://git.kernel.org/stable/c/cf1ef3f0719b4dcb74810ed507e2a2540f9811b4 •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2022-49584 – ixgbe: Add locking to prevent panic when setting sriov_numvfs to zero
https://notcve.org/view.php?id=CVE-2022-49584
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: ixgbe: Add locking to prevent panic when setting sriov_numvfs to zero It is possible to disable VFs while the PF driver is processing requests from the VF driver. This can result in a panic. BUG: unable to handle kernel paging request at 000000000000106c PGD 0 P4D 0 Oops: 0000 [#1] SMP NOPTI CPU: 8 PID: 0 Comm: swapper/8 Kdump: loaded Tainted: G I --------- - Hardware name: Dell Inc. PowerEdge R740/06WXJT, BIOS 2.8.2 08/27/2020 RIP: 0010:ix... • https://git.kernel.org/stable/c/d773d1310625be3b040b436178ad59a0af8888f1 •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2022-49583 – iavf: Fix handling of dummy receive descriptors
https://notcve.org/view.php?id=CVE-2022-49583
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: iavf: Fix handling of dummy receive descriptors Fix memory leak caused by not handling dummy receive descriptor properly. iavf_get_rx_buffer now sets the rx_buffer return value for dummy receive descriptors. Without this patch, when the hardware writes a dummy descriptor, iavf would not free the page allocated for the previous receive buffer. This is an unlikely event but can still happen. [Jesse: massaged commit message] In the Linux kerne... • https://git.kernel.org/stable/c/efa14c3985828da3163f5372137cb64d992b0f79 •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2022-49581 – be2net: Fix buffer overflow in be_get_module_eeprom
https://notcve.org/view.php?id=CVE-2022-49581
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: be2net: Fix buffer overflow in be_get_module_eeprom be_cmd_read_port_transceiver_data assumes that it is given a buffer that is at least PAGE_DATA_LEN long, or twice that if the module supports SFF 8472. However, this is not always the case. Fix this by passing the desired offset and length to be_cmd_read_port_transceiver_data so that we only copy the bytes once. In the Linux kernel, the following vulnerability has been resolved: be2net: Fi... • https://git.kernel.org/stable/c/e36edd9d26cf257511548edaf2b7a56eb4fed854 •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2022-49580 – ipv4: Fix a data-race around sysctl_fib_multipath_use_neigh.
https://notcve.org/view.php?id=CVE-2022-49580
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: ipv4: Fix a data-race around sysctl_fib_multipath_use_neigh. While reading sysctl_fib_multipath_use_neigh, it can be changed concurrently. Thus, we need to add READ_ONCE() to its reader. In the Linux kernel, the following vulnerability has been resolved: ipv4: Fix a data-race around sysctl_fib_multipath_use_neigh. While reading sysctl_fib_multipath_use_neigh, it can be changed concurrently. • https://git.kernel.org/stable/c/a6db4494d218c2e559173661ee972e048dc04fdd •