CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2023-52992 – bpf: Skip task with pid=1 in send_signal_common()
https://notcve.org/view.php?id=CVE-2023-52992
27 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: bpf: Skip task with pid=1 in send_signal_common() The following kernel panic can be triggered when a task with pid=1 attaches a prog that attempts to send killing signal to itself, also see [1] for more details: Kernel panic - not syncing: Attempted to kill init! exitcode=0x0000000b CPU: 3 PID: 1 Comm: systemd Not tainted 6.1.0-09652-g59fe41b5255f #148 Call Trace:
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2023-52975 – scsi: iscsi_tcp: Fix UAF during logout when accessing the shost ipaddress
https://notcve.org/view.php?id=CVE-2023-52975
27 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: scsi: iscsi_tcp: Fix UAF during logout when accessing the shost ipaddress Bug report and analysis from Ding Hui. During iSCSI session logout, if another task accesses the shost ipaddress attr, we can get a KASAN UAF report like this: [ 276.942144] BUG: KASAN: use-after-free in _raw_spin_lock_bh+0x78/0xe0 [ 276.942535] Write of size 4 at addr ffff8881053b45b8 by task cat/4088 [ 276.943511] CPU: 2 PID: 4088 Comm: cat Tainted: G E 6.1.0-rc8+ #... • https://git.kernel.org/stable/c/17b738590b97fb3fc287289971d1519ff9b875a1 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2023-52974 – scsi: iscsi_tcp: Fix UAF during login when accessing the shost ipaddress
https://notcve.org/view.php?id=CVE-2023-52974
27 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: scsi: iscsi_tcp: Fix UAF during login when accessing the shost ipaddress If during iscsi_sw_tcp_session_create() iscsi_tcp_r2tpool_alloc() fails, userspace could be accessing the host's ipaddress attr. If we then free the session via iscsi_session_teardown() while userspace is still accessing the session we will hit a use after free bug. Set the tcp_sw_host->session after we have completed session creation and can no longer fail. In the Lin... • https://git.kernel.org/stable/c/496af9d3682ed4c28fb734342a09e6cc0c056ea4 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2022-49761 – btrfs: always report error in run_one_delayed_ref()
https://notcve.org/view.php?id=CVE-2022-49761
27 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: btrfs: always report error in run_one_delayed_ref() Currently we have a btrfs_debug() for run_one_delayed_ref() failure, but if end users hit such problem, there will be no chance that btrfs_debug() is enabled. This can lead to very little useful info for debugging. This patch will: - Add extra info for error reporting Including: * logical bytenr * num_bytes * type * action * ref_mod - Replace the btrfs_debug() with btrfs_err() - Move the e... • https://git.kernel.org/stable/c/18bd1c9c02e64a3567f90c83c2c8b855531c8098 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-49750 – cpufreq: CPPC: Add u64 casts to avoid overflowing
https://notcve.org/view.php?id=CVE-2022-49750
27 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: cpufreq: CPPC: Add u64 casts to avoid overflowing The fields of the _CPC object are unsigned 32-bits values. To avoid overflows while using _CPC's values, add 'u64' casts. In the Linux kernel, the following vulnerability has been resolved: cpufreq: CPPC: Add u64 casts to avoid overflowing The fields of the _CPC object are unsigned 32-bits values. To avoid overflows while using _CPC's values, add 'u64' casts. • https://git.kernel.org/stable/c/7d596bbc66a52ff2c7a83d7e0ee840cb07e2a045 •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2022-49746 – dmaengine: imx-sdma: Fix a possible memory leak in sdma_transfer_init
https://notcve.org/view.php?id=CVE-2022-49746
27 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: dmaengine: imx-sdma: Fix a possible memory leak in sdma_transfer_init If the function sdma_load_context() fails, the sdma_desc will be freed, but the allocated desc->bd is forgot to be freed. We already met the sdma_load_context() failure case and the log as below: [ 450.699064] imx-sdma 30bd0000.dma-controller: Timeout waiting for CH0 ready ... In this case, the desc->bd will not be freed without this change. In the Linux kernel, the follo... • https://git.kernel.org/stable/c/80ee99e52936b2c04cc37b17a14b2ae2f9d282ac •
CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2022-49743 – ovl: Use "buf" flexible array for memcpy() destination
https://notcve.org/view.php?id=CVE-2022-49743
27 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: ovl: Use "buf" flexible array for memcpy() destination The "buf" flexible array needs to be the memcpy() destination to avoid false positive run-time warning from the recent FORTIFY_SOURCE hardening: memcpy: detected field-spanning write (size 93) of single field "&fh->fb" at fs/overlayfs/export.c:799 (size 21) In the Linux kernel, the following vulnerability has been resolved: ovl: Use "buf" flexible array for memcpy() destination The "buf... • https://git.kernel.org/stable/c/a77141a06367825d639ac51b04703d551163e36c •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-49742 – f2fs: initialize locks earlier in f2fs_fill_super()
https://notcve.org/view.php?id=CVE-2022-49742
27 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: f2fs: initialize locks earlier in f2fs_fill_super() syzbot is reporting lockdep warning at f2fs_handle_error() [1], for spin_lock(&sbi->error_lock) is called before spin_lock_init() is called. For safe locking in error handling, move initialization of locks (and obvious structures) in f2fs_fill_super() to immediately after memory allocation. In the Linux kernel, the following vulnerability has been resolved: f2fs: initialize locks earlier i... • https://git.kernel.org/stable/c/ddeff03bb33810fcf2f0c18e03d099cf0aacda62 •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2022-49741 – fbdev: smscufx: fix error handling code in ufx_usb_probe
https://notcve.org/view.php?id=CVE-2022-49741
27 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: fbdev: smscufx: fix error handling code in ufx_usb_probe The current error handling code in ufx_usb_probe have many unmatching issues, e.g., missing ufx_free_usb_list, destroy_modedb label should only include framebuffer_release, fb_dealloc_cmap only matches fb_alloc_cmap. My local syzkaller reports a memory leak bug: memory leak in ufx_usb_probe BUG: memory leak unreferenced object 0xffff88802f879580 (size 128): comm "kworker/0:7", pid 174... • https://git.kernel.org/stable/c/3b3d3127f5b4291ae4caaf50f7b66089ad600480 •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2022-49740 – wifi: brcmfmac: Check the count value of channel spec to prevent out-of-bounds reads
https://notcve.org/view.php?id=CVE-2022-49740
27 Mar 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: brcmfmac: Check the count value of channel spec to prevent out-of-bounds reads This patch fixes slab-out-of-bounds reads in brcmfmac that occur in brcmf_construct_chaninfo() and brcmf_enable_bw40_2g() when the count value of channel specifications provided by the device is greater than the length of 'list->element[]', decided by the size of the 'list' allocated with kzalloc(). The patch adds checks that make the functions free the buf... • https://git.kernel.org/stable/c/9cf5e99c1ae1a85286a76c9a970202750538394c •