
CVE-2022-49420 – net: annotate races around sk->sk_bound_dev_if
https://notcve.org/view.php?id=CVE-2022-49420
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: net: annotate races around sk->sk_bound_dev_if UDP sendmsg() is lockless, and reads sk->sk_bound_dev_if while this field can be changed by another thread. ... In the Linux kernel, the following vulnerability has been resolved: net: annotate races around sk->sk_bound_dev_if UDP sendmsg() is lockless, and reads sk->sk_bound_dev_if while this field can be changed by another thread. • https://git.kernel.org/stable/c/20b2f61797873a2b18b5ff1a304ad2674fa1e0a5 •

CVE-2022-49419 – video: fbdev: vesafb: Fix a use-after-free due early fb_info cleanup
https://notcve.org/view.php?id=CVE-2022-49419
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: video: fbdev: vesafb: Fix a use-after-free due early fb_info cleanup Commit b3c9a924aab6 ("fbdev: vesafb: Cleanup fb_info in .fb_destroy rather than .remove") fixed a use-after-free error due the vesafb driver freeing the fb_info in the .remove handler instead of doing it in .fb_destroy. In the Linux kernel, the following vulnerability has been resolved: video: fbdev: vesafb: Fix a use-after-free due early fb_info cleanup Comm... • https://git.kernel.org/stable/c/f94aa46efaa087ec075c83e4508f943fb5e43977 • CWE-416: Use After Free •

CVE-2022-49418 – NFSv4: Fix free of uninitialized nfs4_label on referral lookup.
https://notcve.org/view.php?id=CVE-2022-49418
26 Feb 2025 — We end up growing two more allocations, but this fixes up a crash as: PID: 790 TASK: ffff88811b43c000 CPU: 0 COMMAND: "ls" #0 [ffffc90000857920] panic at ffffffff81b9bfde #1 [ffffc900008579c0] do_trap at ffffffff81023a9b #2 [ffffc90000857a10] do_error_trap at ffffffff81023b78 #3 [ffffc90000857a58] exc_stack_segment at ffffffff81be1f45 #4 [ffffc90000857a80] asm_exc_stack_segment at ffffffff81c009de #5 [ffffc90000857b08] nfs_lookup at ffffffffa0302322 [nfs] #6 [ffffc90000857b70] __lookup_slow at ffffffff813a4... • https://git.kernel.org/stable/c/9558a007dbc383d48e7f5a123d0b5ff656c71068 •

CVE-2022-49417 – iwlwifi: mei: fix potential NULL-ptr deref
https://notcve.org/view.php?id=CVE-2022-49417
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: iwlwifi: mei: fix potential NULL-ptr deref If SKB allocation fails, continue rather than using the NULL pointer. Coverity CID: 1497650 In the Linux kernel, the following vulnerability has been resolved: iwlwifi: mei: fix potential NULL-ptr deref If SKB allocation fails, continue rather than using the NULL pointer. • https://git.kernel.org/stable/c/2da4366f9e2c44afedec4acad65a99a3c7da1a35 •

CVE-2022-49416 – wifi: mac80211: fix use-after-free in chanctx code
https://notcve.org/view.php?id=CVE-2022-49416
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: fix use-after-free in chanctx code In ieee80211_vif_use_reserved_context(), when we have an old context and the new context's replace_state is set to IEEE80211_CHANCTX_REPLACE_NONE, we free the old context in ieee80211_vif_use_reserved_reassign(). In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: fix use-after-free in chanctx code In ieee80211_vif_use_reserved_context(), when w... • https://git.kernel.org/stable/c/5bcae31d9cb1ebfad3ad5a3eea04c8cdc329a04f • CWE-416: Use After Free •

CVE-2022-49415 – ipmi:ipmb: Fix refcount leak in ipmi_ipmb_probe
https://notcve.org/view.php?id=CVE-2022-49415
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: ipmi:ipmb: Fix refcount leak in ipmi_ipmb_probe of_parse_phandle() returns a node pointer with refcount incremented, we should use of_node_put() on it when done. In the Linux kernel, the following vulnerability has been resolved: ipmi:ipmb: Fix refcount leak in ipmi_ipmb_probe of_parse_phandle() returns a node pointer with refcount incremented, we should use of_node_put() on it when done. • https://git.kernel.org/stable/c/00d93611f00219bd142aa119c5121793cac30ff0 •

CVE-2022-49414 – ext4: fix race condition between ext4_write and ext4_convert_inline_data
https://notcve.org/view.php?id=CVE-2022-49414
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: ext4: fix race condition between ext4_write and ext4_convert_inline_data Hulk Robot reported a BUG_ON: ================================================================== EXT4-fs error (device loop3): ext4_mb_generate_buddy:805: group 0, block bitmap and bg descriptor inconsistent: 25 vs 31513 free clusters kernel BUG at fs/ext4/ext4_jbd2.c:53! In the Linux kernel, the following vulnerability has been resolved: ext4: fix race c... • https://git.kernel.org/stable/c/0c8d414f163f5d35e43a4de7a6e5ee8c253fcccf •

CVE-2022-49413 – bfq: Update cgroup information before merging bio
https://notcve.org/view.php?id=CVE-2022-49413
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: bfq: Update cgroup information before merging bio When the process is migrated to a different cgroup (or in case of writeback just starts submitting bios associated with a different cgroup) bfq_merge_bio() can operate with stale cgroup information in bic. In the Linux kernel, the following vulnerability has been resolved: bfq: Update cgroup information before merging bio When the process is migrated to a different cgroup (or i... • https://git.kernel.org/stable/c/e21b7a0b988772e82e7147e1c659a5afe2ae003c • CWE-416: Use After Free •

CVE-2022-49412 – bfq: Avoid merging queues with different parents
https://notcve.org/view.php?id=CVE-2022-49412
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: bfq: Avoid merging queues with different parents It can happen that the parent of a bfqq changes between the moment we decide two queues are worth to merge (and set bic->stable_merge_bfqq) and the moment bfq_setup_merge() is called. In the Linux kernel, the following vulnerability has been resolved: bfq: Avoid merging queues with different parents It can happen that the parent of a bfqq changes between the moment we decide two... • https://git.kernel.org/stable/c/430a67f9d6169a7b3e328bceb2ef9542e4153c7c • CWE-416: Use After Free •

CVE-2022-49411 – bfq: Make sure bfqg for which we are queueing requests is online
https://notcve.org/view.php?id=CVE-2022-49411
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: bfq: Make sure bfqg for which we are queueing requests is online Bios queued into BFQ IO scheduler can be associated with a cgroup that was already offlined. ... In the Linux kernel, the following vulnerability has been resolved: bfq: Make sure bfqg for which we are queueing requests is online Bios queued into BFQ IO scheduler can be associated with a cgroup that was already offlined. • https://git.kernel.org/stable/c/e21b7a0b988772e82e7147e1c659a5afe2ae003c • CWE-416: Use After Free •