CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2022-49267 – mmc: core: use sysfs_emit() instead of sprintf()
https://notcve.org/view.php?id=CVE-2022-49267
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: mmc: core: use sysfs_emit() instead of sprintf() sprintf() (still used in the MMC core for the sysfs output) is vulnerable to the buffer overflow. Use the new-fangled sysfs_emit() instead. Found by Linux Verification Center (linuxtesting.org) with the SVACE static analysis tool. • https://git.kernel.org/stable/c/659ca56b5415c7a1d05e185c36fad80ba165d063 •
CVSS: -EPSS: 0%CPEs: 9EXPL: 0CVE-2022-49264 – exec: Force single empty string when argv is empty
https://notcve.org/view.php?id=CVE-2022-49264
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: exec: Force single empty string when argv is empty Quoting[1] Ariadne Conill: "In several other operating systems, it is a hard requirement that the second argument to execve(2) be the name of a program, thus prohibiting a scenario where argc < 1. POSIX 2017 also recommends this behaviour, but it is not an explicit requirement[2]: The argument arg0 should point to a filename string that is associated with the process being started by one of... • https://git.kernel.org/stable/c/41f6ea5b9aaa28b740d47ffe995a5013211fdbb0 •
CVSS: -EPSS: 0%CPEs: 9EXPL: 0CVE-2022-49197 – af_netlink: Fix shift out of bounds in group mask calculation
https://notcve.org/view.php?id=CVE-2022-49197
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: af_netlink: Fix shift out of bounds in group mask calculation When a netlink message is received, netlink_recvmsg() fills in the address of the sender. One of the fields is the 32-bit bitfield nl_groups, which carries the multicast group on which the message was received. The least significant bit corresponds to group 1, and therefore the highest group that the field can represent is 32. Above that, the UB sanitizer flags the out-of-bounds ... • https://git.kernel.org/stable/c/f7fa9b10edbb9391bdd4ec8e8b3d621d0664b198 •
CVSS: -EPSS: 0%CPEs: 6EXPL: 0CVE-2022-49180 – LSM: general protection fault in legacy_parse_param
https://notcve.org/view.php?id=CVE-2022-49180
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: LSM: general protection fault in legacy_parse_param The usual LSM hook "bail on fail" scheme doesn't work for cases where a security module may return an error code indicating that it does not recognize an input. In this particular case Smack sees a mount option that it recognizes, and returns 0. A call to a BPF hook follows, which returns -ENOPARAM, which confuses the caller because Smack has processed its data. The SELinux hook incorrectl... • https://git.kernel.org/stable/c/ddcdda888e14ca451b3ee83d11b65b2a9c8e783b •
CVSS: -EPSS: 0%CPEs: 6EXPL: 0CVE-2022-49179 – block, bfq: don't move oom_bfqq
https://notcve.org/view.php?id=CVE-2022-49179
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: block, bfq: don't move oom_bfqq Our test report a UAF: [ 2073.019181] ================================================================== [ 2073.019188] BUG: KASAN: use-after-free in __bfq_put_async_bfqq+0xa0/0x168 [ 2073.019191] Write of size 8 at addr ffff8000ccf64128 by task rmmod/72584 [ 2073.019192] [ 2073.019196] CPU: 0 PID: 72584 Comm: rmmod Kdump: loaded Not tainted 4.19.90-yk #5 [ 2073.019198] Hardware name: QEMU KVM Virtual Machine... • https://git.kernel.org/stable/c/c4f5a678add58a8a0e7ee5e038496b376ea6d205 •
CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2022-49178 – memstick/mspro_block: fix handling of read-only devices
https://notcve.org/view.php?id=CVE-2022-49178
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: memstick/mspro_block: fix handling of read-only devices Use set_disk_ro to propagate the read-only state to the block layer instead of checking for it in ->open and leaking a reference in case of a read-only device. • https://git.kernel.org/stable/c/057b53c4f87690d626203acef8b63d52a9bf2f43 •
CVSS: -EPSS: 0%CPEs: 2EXPL: 0CVE-2022-49177 – hwrng: cavium - fix NULL but dereferenced coccicheck error
https://notcve.org/view.php?id=CVE-2022-49177
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: hwrng: cavium - fix NULL but dereferenced coccicheck error Fix following coccicheck warning: ./drivers/char/hw_random/cavium-rng-vf.c:182:17-20: ERROR: pdev is NULL but dereferenced. • https://git.kernel.org/stable/c/e47b12f9415169eceda6770fcf45802e0c8d2a66 •
CVSS: -EPSS: 0%CPEs: 7EXPL: 0CVE-2022-49176 – bfq: fix use-after-free in bfq_dispatch_request
https://notcve.org/view.php?id=CVE-2022-49176
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: bfq: fix use-after-free in bfq_dispatch_request KASAN reports a use-after-free report when doing normal scsi-mq test [69832.239032] ================================================================== [69832.241810] BUG: KASAN: use-after-free in bfq_dispatch_request+0x1045/0x44b0 [69832.243267] Read of size 8 at addr ffff88802622ba88 by task kworker/3:1H/155 [69832.244656] [69832.245007] CPU: 3 PID: 155 Comm: kworker/3:1H Not tainted 5.10.0-1... • https://git.kernel.org/stable/c/74e610b5ee0d95e751280567100509eb11517efa •
CVSS: -EPSS: 0%CPEs: 9EXPL: 0CVE-2022-49175 – PM: core: keep irq flags in device_pm_check_callbacks()
https://notcve.org/view.php?id=CVE-2022-49175
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: PM: core: keep irq flags in device_pm_check_callbacks() The function device_pm_check_callbacks() can be called under the spin lock (in the reported case it happens from genpd_add_device() -> dev_pm_domain_set(), when the genpd uses spinlocks rather than mutexes. However this function uncoditionally uses spin_lock_irq() / spin_unlock_irq(), thus not preserving the CPU flags. Use the irqsave/irqrestore instead. The backtrace for the reference... • https://git.kernel.org/stable/c/3ec80d52b9b74b9e691997632a543c73eddfeba0 •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2022-49174 – ext4: fix ext4_mb_mark_bb() with flex_bg with fast_commit
https://notcve.org/view.php?id=CVE-2022-49174
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: ext4: fix ext4_mb_mark_bb() with flex_bg with fast_commit In case of flex_bg feature (which is by default enabled), extents for any given inode might span across blocks from two different block group. ext4_mb_mark_bb() only reads the buffer_head of block bitmap once for the starting block group, but it fails to read it again when the extent length boundary overflows to another block group. Then in this below loop it accesses memory beyond t... • https://git.kernel.org/stable/c/cd6d719534af993210306f8a13f9cb3e615f7c8d •