CVSS: 7.1EPSS: 0%CPEs: 6EXPL: 0CVE-2022-49852 – riscv: process: fix kernel info leakage
https://notcve.org/view.php?id=CVE-2022-49852
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: riscv: process: fix kernel info leakage thread_struct's s[12] may contain random kernel memory content, which may be finally leaked to userspace. This is a security hole. Fix it by clearing the s[12] array in thread_struct when fork. As for kthread case, it's better to clear the s[12] array as well. In the Linux kernel, the following vulnerability has been resolved: riscv: process: fix kernel info leakage thread_struct's s[12] may contain r... • https://git.kernel.org/stable/c/7db91e57a0acde126a162ababfb1e0ab190130cb •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2022-49851 – riscv: fix reserved memory setup
https://notcve.org/view.php?id=CVE-2022-49851
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: riscv: fix reserved memory setup Currently, RISC-V sets up reserved memory using the "early" copy of the device tree. As a result, when trying to get a reserved memory region using of_reserved_mem_lookup(), the pointer to reserved memory regions is using the early, pre-virtual-memory address which causes a kernel panic when trying to use the buffer's name: Unable to handle kernel paging request at virtual address 00000000401c31ac Oops [#1] ... • https://git.kernel.org/stable/c/922b0375fc93fb1a20c5617e37c389c26bbccb70 •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2022-49850 – nilfs2: fix deadlock in nilfs_count_free_blocks()
https://notcve.org/view.php?id=CVE-2022-49850
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix deadlock in nilfs_count_free_blocks() A semaphore deadlock can occur if nilfs_get_block() detects metadata corruption while locating data blocks and a superblock writeback occurs at the same time: task 1 task 2 ------ ------ * A file operation * nilfs_truncate() nilfs_get_block() down_read(rwsem A) <-- nilfs_bmap_lookup_contig() ... generic_shutdown_super() nilfs_put_super() * Prepare to write superblock * down_write(rwsem B) <-... • https://git.kernel.org/stable/c/e828949e5b42bfd234ee537cdb7c5e3a577958a3 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-49849 – btrfs: fix match incorrectly in dev_args_match_device
https://notcve.org/view.php?id=CVE-2022-49849
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: btrfs: fix match incorrectly in dev_args_match_device syzkaller found a failed assertion: assertion failed: (args->devid != (u64)-1) || args->missing, in fs/btrfs/volumes.c:6921 This can be triggered when we set devid to (u64)-1 by ioctl. In this case, the match of devid will be skipped and the match of device may succeed incorrectly. Patch 562d7b1512f7 introduced this function which is used to match device. This function contains two match... • https://git.kernel.org/stable/c/5578b681fbf2b22d61189a2539efd3009518b328 •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-49848 – phy: qcom-qmp-combo: fix NULL-deref on runtime resume
https://notcve.org/view.php?id=CVE-2022-49848
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: phy: qcom-qmp-combo: fix NULL-deref on runtime resume Commit fc64623637da ("phy: qcom-qmp-combo,usb: add support for separate PCS_USB region") started treating the PCS_USB registers as potentially separate from the PCS registers but used the wrong base when no PCS_USB offset has been provided. Fix the PCS_USB base used at runtime resume to prevent dereferencing a NULL pointer on platforms that do not provide a PCS_USB offset (e.g. SC7180). ... • https://git.kernel.org/stable/c/fc64623637da5e964566628bc0e660e93dc7a395 •
CVSS: 6.4EPSS: 0%CPEs: 2EXPL: 0CVE-2022-49847 – net: ethernet: ti: am65-cpsw: Fix segmentation fault at module unload
https://notcve.org/view.php?id=CVE-2022-49847
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: net: ethernet: ti: am65-cpsw: Fix segmentation fault at module unload Move am65_cpsw_nuss_phylink_cleanup() call to after am65_cpsw_nuss_cleanup_ndev() so phylink is still valid to prevent the below Segmentation fault on module remove when first slave link is up. [ 31.652944] Unable to handle kernel paging request at virtual address 00040008000005f4 [ 31.684627] Mem abort info: [ 31.687446] ESR = 0x0000000096000004 [ 31.704614] EC = 0x25: D... • https://git.kernel.org/stable/c/e8609e69470f369509b44d5f2619f94541fe9df6 •
CVSS: 7.3EPSS: 0%CPEs: 8EXPL: 0CVE-2022-49846 – udf: Fix a slab-out-of-bounds write bug in udf_find_entry()
https://notcve.org/view.php?id=CVE-2022-49846
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: udf: Fix a slab-out-of-bounds write bug in udf_find_entry() Syzbot reported a slab-out-of-bounds Write bug: loop0: detected capacity change from 0 to 2048 ================================================================== BUG: KASAN: slab-out-of-bounds in udf_find_entry+0x8a5/0x14f0 fs/udf/namei.c:253 Write of size 105 at addr ffff8880123ff896 by task syz-executor323/3610 CPU: 0 PID: 3610 Comm: syz-executor323 Not tainted 6.1.0-rc2-syzkalle... • https://git.kernel.org/stable/c/066b9cded00b8e3212df74a417bb074f3f3a1fe0 •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2022-49845 – can: j1939: j1939_send_one(): fix missing CAN header initialization
https://notcve.org/view.php?id=CVE-2022-49845
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: can: j1939: j1939_send_one(): fix missing CAN header initialization The read access to struct canxl_frame::len inside of a j1939 created skbuff revealed a missing initialization of reserved and later filled elements in struct can_frame. This patch initializes the 8 byte CAN header with zero. In the Linux kernel, the following vulnerability has been resolved: can: j1939: j1939_send_one(): fix missing CAN header initialization The read access... • https://git.kernel.org/stable/c/9d71dd0c70099914fcd063135da3c580865e924c •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2022-49844 – can: dev: fix skb drop check
https://notcve.org/view.php?id=CVE-2022-49844
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: can: dev: fix skb drop check In commit a6d190f8c767 ("can: skb: drop tx skb if in listen only mode") the priv->ctrlmode element is read even on virtual CAN interfaces that do not create the struct can_priv at startup. This out-of-bounds read may lead to CAN frame drops for virtual CAN interfaces like vcan and vxcan. This patch mainly reverts the original commit and adds a new helper for CAN interface drivers that provide the required inform... • https://git.kernel.org/stable/c/a6d190f8c7670068d8c154ef8477eca07b5e3574 •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-49843 – drm/amdkfd: Migrate in CPU page fault use current mm
https://notcve.org/view.php?id=CVE-2022-49843
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Migrate in CPU page fault use current mm migrate_vma_setup shows below warning because we don't hold another process mm mmap_lock. We should use current vmf->vma->vm_mm instead, the caller already hold current mmap lock inside CPU page fault handler. WARNING: CPU: 10 PID: 3054 at include/linux/mmap_lock.h:155 find_vma Call Trace: walk_page_range+0x76/0x150 migrate_vma_setup+0x18a/0x640 svm_migrate_vram_to_ram+0x245/0xa10 [amdgpu... • https://git.kernel.org/stable/c/3a876060892ba52dd67d197c78b955e62657d906 •