CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2022-49167 – btrfs: do not double complete bio on errors during compressed reads
https://notcve.org/view.php?id=CVE-2022-49167
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: btrfs: do not double complete bio on errors during compressed reads I hit some weird panics while fixing up the error handling from btrfs_lookup_bio_sums(). Turns out the compression path will complete the bio we use if we set up any of the compression bios and then return an error, and then btrfs_submit_data_bio() will also call bio_endio() on the bio. Fix this by making btrfs_submit_compressed_read() responsible for calling bio_endio() on... • https://git.kernel.org/stable/c/4a4ceb2b990771c374d85d496a1a45255dde48e3 •
CVSS: -EPSS: 0%CPEs: 9EXPL: 0CVE-2022-49166 – ntfs: add sanity check on allocation size
https://notcve.org/view.php?id=CVE-2022-49166
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: ntfs: add sanity check on allocation size ntfs_read_inode_mount invokes ntfs_malloc_nofs with zero allocation size. It triggers one BUG in the __ntfs_malloc function. Fix this by adding sanity check on ni->attr_list_size. • https://git.kernel.org/stable/c/bd8d7daa0e53b184a2f3c6e0d47330780d0a0650 •
CVSS: -EPSS: 0%CPEs: 9EXPL: 0CVE-2022-49162 – video: fbdev: sm712fb: Fix crash in smtcfb_write()
https://notcve.org/view.php?id=CVE-2022-49162
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: video: fbdev: sm712fb: Fix crash in smtcfb_write() When the sm712fb driver writes three bytes to the framebuffer, the driver will crash: BUG: unable to handle page fault for address: ffffc90001ffffff RIP: 0010:smtcfb_write+0x454/0x5b0 Call Trace: vfs_write+0x291/0xd60 ? do_sys_openat2+0x27d/0x350 ? __fget_light+0x54/0x340 ksys_write+0xce/0x190 do_syscall_64+0x43/0x90 entry_SYSCALL_64_after_hwframe+0x44/0xae Fix it by removing the open-coded... • https://git.kernel.org/stable/c/fb791514acf9070225eed46e1ccbb0aa7aae5da5 •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2022-49158 – scsi: qla2xxx: Fix warning message due to adisc being flushed
https://notcve.org/view.php?id=CVE-2022-49158
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix warning message due to adisc being flushed Fix warning message due to adisc being flushed. Linux kernel triggered a warning message where a different error code type is not matching up with the expected type. Add additional translation of one error code type to another. WARNING: CPU: 2 PID: 1131623 at drivers/scsi/qla2xxx/qla_init.c:498 qla2x00_async_adisc_sp_done+0x294/0x2b0 [qla2xxx] CPU: 2 PID: 1131623 Comm: drmgr Not ... • https://git.kernel.org/stable/c/7a3457777c4f700c64836e78dc71e6ce459f62b8 •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2022-49157 – scsi: qla2xxx: Fix premature hw access after PCI error
https://notcve.org/view.php?id=CVE-2022-49157
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix premature hw access after PCI error After a recoverable PCI error has been detected and recovered, qla driver needs to check to see if the error condition still persist and/or wait for the OS to give the resume signal. Sep 8 22:26:03 localhost kernel: WARNING: CPU: 9 PID: 124606 at qla_tmpl.c:440 qla27xx_fwdt_entry_t266+0x55/0x60 [qla2xxx] Sep 8 22:26:03 localhost kernel: RIP: 0010:qla27xx_fwdt_entry_t266+0x55/0x60 [qla2x... • https://git.kernel.org/stable/c/5ef6319f9882699613d5182fbd7929b017e8c5ab •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2022-49156 – scsi: qla2xxx: Fix scheduling while atomic
https://notcve.org/view.php?id=CVE-2022-49156
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix scheduling while atomic The driver makes a call into midlayer (fc_remote_port_delete) which can put the thread to sleep. The thread that originates the call is in interrupt context. The combination of the two trigger a crash. Schedule the call in non-interrupt context where it is more safe. kernel: BUG: scheduling while atomic: swapper/7/0/0x00010000 kernel: Call Trace: kernel:
CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2022-49155 – scsi: qla2xxx: Suppress a kernel complaint in qla_create_qpair()
https://notcve.org/view.php?id=CVE-2022-49155
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Suppress a kernel complaint in qla_create_qpair() [ 12.323788] BUG: using smp_processor_id() in preemptible [00000000] code: systemd-udevd/1020 [ 12.332297] caller is qla2xxx_create_qpair+0x32a/0x5d0 [qla2xxx] [ 12.338417] CPU: 7 PID: 1020 Comm: systemd-udevd Tainted: G I --------- --- 5.14.0-29.el9.x86_64 #1 [ 12.348827] Hardware name: Dell Inc. PowerEdge R610/0F0XJ6, BIOS 6.6.0 05/22/2018 [ 12.356356] Call Trace: [ 12.35882... • https://git.kernel.org/stable/c/43195a0c620761fbb88db04e2475313855b948a4 •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2022-49154 – KVM: SVM: fix panic on out-of-bounds guest IRQ
https://notcve.org/view.php?id=CVE-2022-49154
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: KVM: SVM: fix panic on out-of-bounds guest IRQ As guest_irq is coming from KVM_IRQFD API call, it may trigger crash in svm_update_pi_irte() due to out-of-bounds: crash> bt PID: 22218 TASK: ffff951a6ad74980 CPU: 73 COMMAND: "vcpu8" #0 [ffffb1ba6707fa40] machine_kexec at ffffffff8565b397 #1 [ffffb1ba6707fa90] __crash_kexec at ffffffff85788a6d #2 [ffffb1ba6707fb58] crash_kexec at ffffffff8578995d #3 [ffffb1ba6707fb70] oops_end at ffffffff85623... • https://git.kernel.org/stable/c/0fb470eb48892e131d10aa3be6915239e65758f3 •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2022-49139 – Bluetooth: fix null ptr deref on hci_sync_conn_complete_evt
https://notcve.org/view.php?id=CVE-2022-49139
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: fix null ptr deref on hci_sync_conn_complete_evt This event is just specified for SCO and eSCO link types. On the reception of a HCI_Synchronous_Connection_Complete for a BDADDR of an existing LE connection, LE link type and a status that triggers the second case of the packet processing a NULL pointer dereference happens, as conn->link is NULL. • https://git.kernel.org/stable/c/1c1291a84e94f6501644634c97544bb8291e9a1a •
CVSS: -EPSS: 0%CPEs: 2EXPL: 0CVE-2022-49138 – Bluetooth: hci_event: Ignore multiple conn complete events
https://notcve.org/view.php?id=CVE-2022-49138
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_event: Ignore multiple conn complete events When one of the three connection complete events is received multiple times for the same handle, the device is registered multiple times which leads to memory corruptions. Therefore, consequent events for a single connection are ignored. The conn->state can hold different values, therefore HCI_CONN_HANDLE_UNSET is introduced to identify new connections. To make sure the events do no... • https://git.kernel.org/stable/c/aa1ca580e3ffe62a2c5ea1c095b609b2943c5269 •