CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2022-49890 – capabilities: fix potential memleak on error path from vfs_getxattr_alloc()
https://notcve.org/view.php?id=CVE-2022-49890
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: capabilities: fix potential memleak on error path from vfs_getxattr_alloc() In cap_inode_getsecurity(), we will use vfs_getxattr_alloc() to complete the memory allocation of tmpbuf, if we have completed the memory allocation of tmpbuf, but failed to call handler->get(...), there will be a memleak in below logic: |-- ret = (int)vfs_getxattr_alloc(mnt_userns, ...) | /* ^^^ alloc for tmpbuf */ |-- value = krealloc(*xattr_value, error + 1, flag... • https://git.kernel.org/stable/c/8db6c34f1dbc8e06aa016a9b829b06902c3e1340 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-49889 – ring-buffer: Check for NULL cpu_buffer in ring_buffer_wake_waiters()
https://notcve.org/view.php?id=CVE-2022-49889
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: ring-buffer: Check for NULL cpu_buffer in ring_buffer_wake_waiters() On some machines the number of listed CPUs may be bigger than the actual CPUs that exist. The tracing subsystem allocates a per_cpu directory with access to the per CPU ring buffer via a cpuX file. But to save space, the ring buffer will only allocate buffers for online CPUs, even though the CPU array will be as big as the nr_cpu_ids. With the addition of waking waiters on... • https://git.kernel.org/stable/c/2475de2bc0de17fb1b24c5e90194f84b5ca70d3e •
CVSS: 7.2EPSS: 0%CPEs: 3EXPL: 0CVE-2022-49888 – arm64: entry: avoid kprobe recursion
https://notcve.org/view.php?id=CVE-2022-49888
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: arm64: entry: avoid kprobe recursion The cortex_a76_erratum_1463225_debug_handler() function is called when handling debug exceptions (and synchronous exceptions from BRK instructions), and so is called when a probed function executes. If the compiler does not inline cortex_a76_erratum_1463225_debug_handler(), it can be probed. If cortex_a76_erratum_1463225_debug_handler() is probed, any debug exception or software breakpoint exception will... • https://git.kernel.org/stable/c/6459b8469753e9feaa8b34691d097cffad905931 •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2022-49887 – media: meson: vdec: fix possible refcount leak in vdec_probe()
https://notcve.org/view.php?id=CVE-2022-49887
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: media: meson: vdec: fix possible refcount leak in vdec_probe() v4l2_device_unregister need to be called to put the refcount got by v4l2_device_register when vdec_probe fails or vdec_remove is called. In the Linux kernel, the following vulnerability has been resolved: media: meson: vdec: fix possible refcount leak in vdec_probe() v4l2_device_unregister need to be called to put the refcount got by v4l2_device_register when vdec_probe fails or... • https://git.kernel.org/stable/c/70119756311a0be3b95bec2e1ba714673e90feba •
CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 0CVE-2022-49885 – ACPI: APEI: Fix integer overflow in ghes_estatus_pool_init()
https://notcve.org/view.php?id=CVE-2022-49885
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: ACPI: APEI: Fix integer overflow in ghes_estatus_pool_init() Change num_ghes from int to unsigned int, preventing an overflow and causing subsequent vmalloc() to fail. The overflow happens in ghes_estatus_pool_init() when calculating len during execution of the statement below as both multiplication operands here are signed int: len += (num_ghes * GHES_ESOURCE_PREALLOC_MAX_SIZE); The following call trace is observed because of this bug: [ 9... • https://git.kernel.org/stable/c/9edf20e5a1d805855e78f241cf221d741b50d482 •
CVSS: 8.5EPSS: 0%CPEs: 6EXPL: 0CVE-2022-49881 – wifi: cfg80211: fix memory leak in query_regdb_file()
https://notcve.org/view.php?id=CVE-2022-49881
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: fix memory leak in query_regdb_file() In the function query_regdb_file() the alpha2 parameter is duplicated using kmemdup() and subsequently freed in regdb_fw_cb(). However, request_firmware_nowait() can fail without calling regdb_fw_cb() and thus leak memory. In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: fix memory leak in query_regdb_file() In the function query_regdb_file() the alpha2... • https://git.kernel.org/stable/c/007f6c5e6eb45c81ee89368a5f226572ae638831 •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2022-49880 – ext4: fix warning in 'ext4_da_release_space'
https://notcve.org/view.php?id=CVE-2022-49880
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: ext4: fix warning in 'ext4_da_release_space' Syzkaller report issue as follows: EXT4-fs (loop0): Free/Dirty block details EXT4-fs (loop0): free_blocks=0 EXT4-fs (loop0): dirty_blocks=0 EXT4-fs (loop0): Block reservation details EXT4-fs (loop0): i_reserved_data_blocks=0 EXT4-fs warning (device loop0): ext4_da_release_space:1527: ext4_da_release_space: ino 18, to_free 1 with only 0 reserved data blocks ------------[ cut here ]------------ WAR... • https://git.kernel.org/stable/c/0de5ee103747fd3a24f1c010c79caabe35e8f0bb •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2022-49879 – ext4: fix BUG_ON() when directory entry has invalid rec_len
https://notcve.org/view.php?id=CVE-2022-49879
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: ext4: fix BUG_ON() when directory entry has invalid rec_len The rec_len field in the directory entry has to be a multiple of 4. A corrupted filesystem image can be used to hit a BUG() in ext4_rec_len_to_disk(), called from make_indexed_dir(). ------------[ cut here ]------------ kernel BUG at fs/ext4/ext4.h:2413! ... RIP: 0010:make_indexed_dir+0x53f/0x5f0 ... Call Trace: <TASK> ? • https://git.kernel.org/stable/c/2fa24d0274fbf913b56ee31f15bc01168669d909 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-49878 – bpf, verifier: Fix memory leak in array reallocation for stack state
https://notcve.org/view.php?id=CVE-2022-49878
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: bpf, verifier: Fix memory leak in array reallocation for stack state If an error (NULL) is returned by krealloc(), callers of realloc_array() were setting their allocation pointers to NULL, but on error krealloc() does not touch the original allocation. This would result in a memory resource leak. Instead, free the old allocation on the error handling path. The memory leak information is as follows as also reported by Zhengchao: unreference... • https://git.kernel.org/stable/c/c69431aab67a912836e5831f03d99a819c14c9c3 •
CVSS: 6.6EPSS: 0%CPEs: 7EXPL: 0CVE-2022-49877 – bpf, sockmap: Fix the sk->sk_forward_alloc warning of sk_stream_kill_queues
https://notcve.org/view.php?id=CVE-2022-49877
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: bpf, sockmap: Fix the sk->sk_forward_alloc warning of sk_stream_kill_queues When running `test_sockmap` selftests, the following warning appears: WARNING: CPU: 2 PID: 197 at net/core/stream.c:205 sk_stream_kill_queues+0xd3/0xf0 Call Trace: