CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2022-49977 – ftrace: Fix NULL pointer dereference in is_ftrace_trampoline when ftrace is dead
https://notcve.org/view.php?id=CVE-2022-49977
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: ftrace: Fix NULL pointer dereference in is_ftrace_trampoline when ftrace is dead ftrace_startup does not remove ops from ftrace_ops_list when ftrace_startup_enable fails: register_ftrace_function ftrace_startup __register_ftrace_function ... add_ftrace_ops(&ftrace_ops_list, ops) ... ... ftrace_startup_enable // if ftrace failed to modify, ftrace_disabled is set to 1 ... return 0 // ops is in the ftrace_ops_list. When ftrace_disabled = 1, un... • https://git.kernel.org/stable/c/8569b4ada1e0b9bfaa125bd0c0967918b6560fa2 •
CVSS: 6.4EPSS: 0%CPEs: 5EXPL: 0CVE-2022-49975 – bpf: Don't redirect packets with invalid pkt_len
https://notcve.org/view.php?id=CVE-2022-49975
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: bpf: Don't redirect packets with invalid pkt_len Syzbot found an issue [1]: fq_codel_drop() try to drop a flow whitout any skbs, that is, the flow->head is null. The root cause, as the [2] says, is because that bpf_prog_test_run_skb() run a bpf prog which redirects empty skbs. So we should determine whether the length of the packet modified by bpf prog or others like bpf_prog_test is valid before forwarding it directly. In the Linux kernel,... • https://git.kernel.org/stable/c/8b68e53d56697a59b5c53893b53f508bbdf272a0 •
CVSS: 7.1EPSS: 0%CPEs: 6EXPL: 0CVE-2022-49969 – drm/amd/display: clear optc underflow before turn off odm clock
https://notcve.org/view.php?id=CVE-2022-49969
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: clear optc underflow before turn off odm clock [Why] After ODM clock off, optc underflow bit will be kept there always and clear not work. We need to clear that before clock off. [How] Clear that if have when clock off. In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: clear optc underflow before turn off odm clock [Why] After ODM clock off, optc underflow bit will be kept there always and... • https://git.kernel.org/stable/c/443687798d6f094412b7312b64b3bb4d99aedff7 •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2022-49967 – bpf: Fix a data-race around bpf_jit_limit.
https://notcve.org/view.php?id=CVE-2022-49967
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: bpf: Fix a data-race around bpf_jit_limit. While reading bpf_jit_limit, it can be changed concurrently via sysctl, WRITE_ONCE() in __do_proc_doulongvec_minmax(). The size of bpf_jit_limit is long, so we need to add a paired READ_ONCE() to avoid load-tearing. In the Linux kernel, the following vulnerability has been resolved: bpf: Fix a data-race around bpf_jit_limit. While reading bpf_jit_limit, it can be changed concurrently via sysctl, WR... • https://git.kernel.org/stable/c/ede95a63b5e84ddeea6b0c473b36ab8bfd8c6ce3 •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2022-49964 – arm64: cacheinfo: Fix incorrect assignment of signed error value to unsigned fw_level
https://notcve.org/view.php?id=CVE-2022-49964
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: arm64: cacheinfo: Fix incorrect assignment of signed error value to unsigned fw_level Though acpi_find_last_cache_level() always returned signed value and the document states it will return any errors caused by lack of a PPTT table, it never returned negative values before. Commit 0c80f9e165f8 ("ACPI: PPTT: Leave the table mapped for the runtime usage") however changed it by returning -ENOENT if no PPTT was found. The value returned from ac... • https://git.kernel.org/stable/c/1668c38ef2e5bb80dbee88afcecfcdc3e7abc2aa •
CVSS: 5.5EPSS: 0%CPEs: 10EXPL: 0CVE-2022-49957 – kcm: fix strp_init() order and cleanup
https://notcve.org/view.php?id=CVE-2022-49957
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: kcm: fix strp_init() order and cleanup strp_init() is called just a few lines above this csk->sk_user_data check, it also initializes strp->work etc., therefore, it is unnecessary to call strp_done() to cancel the freshly initialized work. And if sk_user_data is already used by KCM, psock->strp should not be touched, particularly strp->work state, so we need to move strp_init() after the csk->sk_user_data check. This also makes a lockdep wa... • https://git.kernel.org/stable/c/44890e9ff771ef11777b2d1ebf8589255eb12502 •
CVSS: 7.5EPSS: 0%CPEs: 8EXPL: 0CVE-2022-49956 – staging: rtl8712: fix use after free bugs
https://notcve.org/view.php?id=CVE-2022-49956
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: staging: rtl8712: fix use after free bugs _Read/Write_MACREG callbacks are NULL so the read/write_macreg_hdl() functions don't do anything except free the "pcmd" pointer. It results in a use after free. Delete them. In the Linux kernel, the following vulnerability has been resolved: staging: rtl8712: fix use after free bugs _Read/Write_MACREG callbacks are NULL so the read/write_macreg_hdl() functions don't do anything except free the "pcmd... • https://git.kernel.org/stable/c/2865d42c78a9121caad52cb02d1fbb7f5cdbc4ef •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2022-49954 – Input: iforce - wake up after clearing IFORCE_XMIT_RUNNING flag
https://notcve.org/view.php?id=CVE-2022-49954
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: Input: iforce - wake up after clearing IFORCE_XMIT_RUNNING flag syzbot is reporting hung task at __input_unregister_device() [1], for iforce_close() waiting at wait_event_interruptible() with dev->mutex held is blocking input_disconnect_device() from __input_unregister_device(). It seems that the cause is simply that commit c2b27ef672992a20 ("Input: iforce - wait for command completion when closing the device") forgot to call wake_up() afte... • https://git.kernel.org/stable/c/c2b27ef672992a206e5b221b8676972dd840ffa5 •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2022-49948 – vt: Clear selection before changing the font
https://notcve.org/view.php?id=CVE-2022-49948
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: vt: Clear selection before changing the font When changing the console font with ioctl(KDFONTOP) the new font size can be bigger than the previous font. A previous selection may thus now be outside of the new screen size and thus trigger out-of-bounds accesses to graphics memory if the selection is removed in vc_do_resize(). Prevent such out-of-memory accesses by dropping the selection before the various con_font_set() console handlers are ... • https://git.kernel.org/stable/c/c555cf04684fde39b5b0dd9fd80730030ee10c4a •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2022-49945 – hwmon: (gpio-fan) Fix array out of bounds access
https://notcve.org/view.php?id=CVE-2022-49945
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: hwmon: (gpio-fan) Fix array out of bounds access The driver does not check if the cooling state passed to gpio_fan_set_cur_state() exceeds the maximum cooling state as stored in fan_data->num_speeds. Since the cooling state is later used as an array index in set_fan_speed(), an array out of bounds access can occur. This can be exploited by setting the state of the thermal cooling device to arbitrary values, causing for example a kernel oops... • https://git.kernel.org/stable/c/b5cf88e46badea6d600d8515edea23814e03444d •