
CVE-2022-49562 – KVM: x86: Use __try_cmpxchg_user() to update guest PTE A/D bits
https://notcve.org/view.php?id=CVE-2022-49562
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Use __try_cmpxchg_user() to update guest PTE A/D bits Use the recently introduced __try_cmpxchg_user() to update guest PTE A/D bits instead of mapping the PTE into kernel address space. In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Use __try_cmpxchg_user() to update guest PTE A/D bits Use the recently introduced __try_cmpxchg_user() to update guest PTE A/D bits instead of mapping the P... • https://git.kernel.org/stable/c/bd53cb35a3e9adb73a834a36586e9ad80e877767 •

CVE-2022-49561 – netfilter: conntrack: re-fetch conntrack after insertion
https://notcve.org/view.php?id=CVE-2022-49561
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: netfilter: conntrack: re-fetch conntrack after insertion In case the conntrack is clashing, insertion can free skb->_nfct and set skb->_nfct to the already-confirmed entry. ... In the Linux kernel, the following vulnerability has been resolved: netfilter: conntrack: re-fetch conntrack after insertion In case the conntrack is clashing, insertion can free skb->_nfct and set skb->_nfct to the already-confirmed entry. • https://git.kernel.org/stable/c/71d8c47fc653711c41bc3282e5b0e605b3727956 •

CVE-2022-49560 – exfat: check if cluster num is valid
https://notcve.org/view.php?id=CVE-2022-49560
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: exfat: check if cluster num is valid Syzbot reported slab-out-of-bounds read in exfat_clear_bitmap. In the Linux kernel, the following vulnerability has been resolved: exfat: check if cluster num is valid Syzbot reported slab-out-of-bounds read in exfat_clear_bitmap. • https://git.kernel.org/stable/c/1e49a94cf707204b66a3fb242f2814712c941f52 •

CVE-2022-49559 – KVM: x86: Drop WARNs that assert a triple fault never "escapes" from L2
https://notcve.org/view.php?id=CVE-2022-49559
26 Feb 2025 — ------------[ cut here ]------------ WARNING: CPU: 7 PID: 1399 at arch/x86/kvm/vmx/nested.c:4522 nested_vmx_vmexit+0x7fe/0xd90 [kvm_intel] Modules linked in: kvm_intel kvm irqbypass CPU: 7 PID: 1399 Comm: state_test Not tainted 5.17.0-rc3+ #808 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 0.0.0 02/06/2015 RIP: 0010:nested_vmx_vmexit+0x7fe/0xd90 [kvm_intel] Call Trace:

CVE-2022-49558 – netfilter: nf_tables: double hook unregistration in netns path
https://notcve.org/view.php?id=CVE-2022-49558
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: double hook unregistration in netns path __nft_release_hooks() is called from pre_netns exit path which unregisters the hooks, then the NETDEV_UNREGISTER event is triggered which unregisters the hooks again. In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: double hook unregistration in netns path __nft_release_hooks() is called from pre_netns exit path which unregi... • https://git.kernel.org/stable/c/b110391d1e806167254d3c7ae5d637191d913175 •

CVE-2022-49557 – x86/fpu: KVM: Set the base guest FPU uABI size to sizeof(struct kvm_xsave)
https://notcve.org/view.php?id=CVE-2022-49557
26 Feb 2025 — ================================================================== BUG: KASAN: slab-out-of-bounds in fpu_copy_uabi_to_guest_fpstate+0x86/0x130 Read of size 8 at addr ffff888011e33a00 by task qemu-build/681 CPU: 1 PID: 681 Comm: qemu-build Not tainted 5.18.0-rc5-KASAN-amd64 #1 Hardware name: /DG35EC, BIOS ECG3510M.86A.0118.2010.0113.1426 01/13/2010 Call Trace:

CVE-2022-49556 – KVM: SVM: Use kzalloc for sev ioctl interfaces to prevent kernel data leak
https://notcve.org/view.php?id=CVE-2022-49556
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: KVM: SVM: Use kzalloc for sev ioctl interfaces to prevent kernel data leak For some sev ioctl interfaces, the length parameter that is passed maybe less than or equal to SEV_FW_BLOB_MAX_SIZE, but larger than the data that PSP firmware returns. In the Linux kernel, the following vulnerability has been resolved: KVM: SVM: Use kzalloc for sev ioctl interfaces to prevent kernel data leak For some sev ioctl interfaces, the length p... • https://git.kernel.org/stable/c/eaf78265a4ab33935d3a0f1407ce4a91aac4d4d5 •

CVE-2022-49555 – Bluetooth: hci_qca: Use del_timer_sync() before freeing
https://notcve.org/view.php?id=CVE-2022-49555
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_qca: Use del_timer_sync() before freeing While looking at a crash report on a timer list being corrupted, which usually happens when a timer is freed while still active. In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_qca: Use del_timer_sync() before freeing While looking at a crash report on a timer list being corrupted, which usually happens when a timer is freed while still ... • https://git.kernel.org/stable/c/0ff252c1976da5d80db1377eb39b551931e61826 •

CVE-2022-49554 – zsmalloc: fix races between asynchronous zspage free and page migration
https://notcve.org/view.php?id=CVE-2022-49554
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: zsmalloc: fix races between asynchronous zspage free and page migration The asynchronous zspage free worker tries to lock a zspage's entire page list without defending against page migration. In the Linux kernel, the following vulnerability has been resolved: zsmalloc: fix races between asynchronous zspage free and page migration The asynchronous zspage free worker tries to lock a zspage's entire page list without defending ag... • https://git.kernel.org/stable/c/77ff465799c60294e248000cd22ae8171da3304c •

CVE-2022-49553 – fs/ntfs3: validate BOOT sectors_per_clusters
https://notcve.org/view.php?id=CVE-2022-49553
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: validate BOOT sectors_per_clusters When the NTFS BOOT sectors_per_clusters field is > 0x80, it represents a shift value. ... /fs/ntfs3/super.c:673:16 shift exponent -192 is negative In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: validate BOOT sectors_per_clusters When the NTFS BOOT sectors_per_clusters field is > 0x80, it represents a shift value. • https://git.kernel.org/stable/c/82cae269cfa953032fbb8980a7d554d60fb00b17 •