CVSS: -EPSS: 0%CPEs: 9EXPL: 0CVE-2022-49298 – staging: rtl8712: fix uninit-value in r871xu_drv_init()
https://notcve.org/view.php?id=CVE-2022-49298
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: staging: rtl8712: fix uninit-value in r871xu_drv_init() When 'tmpU1b' returns from r8712_read8(padapter, EE_9346CR) is 0, 'mac[6]' will not be initialized. BUG: KMSAN: uninit-value in r871xu_drv_init+0x2d54/0x3070 drivers/staging/rtl8712/usb_intf.c:541 r871xu_drv_init+0x2d54/0x3070 drivers/staging/rtl8712/usb_intf.c:541 usb_probe_interface+0xf19/0x1600 drivers/usb/core/driver.c:396 really_probe+0x653/0x14b0 drivers/base/dd.c:596 __driver_pr... • https://git.kernel.org/stable/c/0b7371a22489cbb2e8e826ca03fb5ce92afb04fe •
CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2022-49297 – nbd: fix io hung while disconnecting device
https://notcve.org/view.php?id=CVE-2022-49297
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: nbd: fix io hung while disconnecting device In our tests, "qemu-nbd" triggers a io hung: INFO: task qemu-nbd:11445 blocked for more than 368 seconds. Not tainted 5.18.0-rc3-next-20220422-00003-g2176915513ca #884 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:qemu-nbd state:D stack: 0 pid:11445 ppid: 1 flags:0x00000000 Call Trace:
CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2022-49295 – nbd: call genl_unregister_family() first in nbd_cleanup()
https://notcve.org/view.php?id=CVE-2022-49295
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: nbd: call genl_unregister_family() first in nbd_cleanup() Otherwise there may be race between module removal and the handling of netlink command, which can lead to the oops as shown below: BUG: kernel NULL pointer dereference, address: 0000000000000098 Oops: 0002 [#1] SMP PTI CPU: 1 PID: 31299 Comm: nbd-client Tainted: G E 5.14.0-rc4 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996) RIP: 0010:down_write+0x1a/0x50 Call Trace: start_creat... • https://git.kernel.org/stable/c/8a1435c862ea09b06be7acda325128dc08458e25 •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2022-49294 – drm/amd/display: Check if modulo is 0 before dividing.
https://notcve.org/view.php?id=CVE-2022-49294
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Check if modulo is 0 before dividing. [How & Why] If a value of 0 is read, then this will cause a divide-by-0 panic. • https://git.kernel.org/stable/c/10ef82d6e0af5536ec64770c07f6bbabfdd6977c •
CVSS: -EPSS: 0%CPEs: 7EXPL: 0CVE-2022-49292 – ALSA: oss: Fix PCM OSS buffer allocation overflow
https://notcve.org/view.php?id=CVE-2022-49292
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: ALSA: oss: Fix PCM OSS buffer allocation overflow We've got syzbot reports hitting INT_MAX overflow at vmalloc() allocation that is called from snd_pcm_plug_alloc(). Although we apply the restrictions to input parameters, it's based only on the hw_params of the underlying PCM device. Since the PCM OSS layer allocates a temporary buffer for the data conversion, the size may become unexpectedly large when more channels or higher rates is give... • https://git.kernel.org/stable/c/a63af1baf0a5e11827db60e3127f87e437cab6e5 •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2022-49291 – ALSA: pcm: Fix races among concurrent hw_params and hw_free calls
https://notcve.org/view.php?id=CVE-2022-49291
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: ALSA: pcm: Fix races among concurrent hw_params and hw_free calls Currently we have neither proper check nor protection against the concurrent calls of PCM hw_params and hw_free ioctls, which may result in a UAF. Since the existing PCM stream lock can't be used for protecting the whole ioctl operations, we need a new mutex to protect those racy calls. This patch introduced a new mutex, runtime->buffer_mutex, and applies it to both hw_params... • https://git.kernel.org/stable/c/a42aa926843acca96c0dfbde2e835b8137f2f092 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2022-49288 – ALSA: pcm: Fix races among concurrent prealloc proc writes
https://notcve.org/view.php?id=CVE-2022-49288
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: ALSA: pcm: Fix races among concurrent prealloc proc writes We have no protection against concurrent PCM buffer preallocation changes via proc files, and it may potentially lead to UAF or some weird problem. This patch applies the PCM open_mutex to the proc write operation for avoiding the racy proc writes and the PCM stream open (and further operations). In the Linux kernel, the following vulnerability has been resolved: ALSA: pcm: Fix race... • https://git.kernel.org/stable/c/e7786c445bb67a9a6e64f66ebd6b7215b153ff7d • CWE-416: Use After Free •
CVSS: -EPSS: 0%CPEs: 6EXPL: 0CVE-2022-49286 – tpm: use try_get_ops() in tpm-space.c
https://notcve.org/view.php?id=CVE-2022-49286
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: tpm: use try_get_ops() in tpm-space.c As part of the series conversion to remove nested TPM operations: https://lore.kernel.org/all/20190205224723.19671-1-jarkko.sakkinen@linux.intel.com/ exposure of the chip->tpm_mutex was removed from much of the upper level code. In this conversion, tpm2_del_space() was missed. This didn't matter much because it's usually called closely after a converted operation, so there's only a very tiny race window... • https://git.kernel.org/stable/c/5b1d2561a03e534064b51c50c774657833d3d2cf •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2022-49281 – cifs: fix handlecache and multiuser
https://notcve.org/view.php?id=CVE-2022-49281
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: cifs: fix handlecache and multiuser In multiuser each individual user has their own tcon structure for the share and thus their own handle for a cached directory. When we umount such a share we much make sure to release the pinned down dentry for each such tcon and not just the master tcon. Otherwise we will get nasty warnings on umount that dentries are still in use: [ 3459.590047] BUG: Dentry 00000000115c6f41{i=12000000019d95,n=/} still i... • https://git.kernel.org/stable/c/2fafbc198613823943c106d1ec9b516da692059f •
CVSS: -EPSS: 0%CPEs: 9EXPL: 0CVE-2022-49280 – NFSD: prevent underflow in nfssvc_decode_writeargs()
https://notcve.org/view.php?id=CVE-2022-49280
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: NFSD: prevent underflow in nfssvc_decode_writeargs() Smatch complains: fs/nfsd/nfsxdr.c:341 nfssvc_decode_writeargs() warn: no lower bound on 'args->len' Change the type to unsigned to prevent this issue. • https://git.kernel.org/stable/c/1a33e0de60feda402d05ac8a6cf409c19ea3e0b3 •