CVSS: 7.1EPSS: 0%CPEs: 5EXPL: 0CVE-2022-49983 – udmabuf: Set the DMA mask for the udmabuf device (v2)
https://notcve.org/view.php?id=CVE-2022-49983
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: udmabuf: Set the DMA mask for the udmabuf device (v2) If the DMA mask is not set explicitly, the following warning occurs when the userspace tries to access the dma-buf via the CPU as reported by syzbot here: WARNING: CPU: 1 PID: 3595 at kernel/dma/mapping.c:188 __dma_map_sg_attrs+0x181/0x1f0 kernel/dma/mapping.c:188 Modules linked in: CPU: 0 PID: 3595 Comm: syz-executor249 Not tainted 5.17.0-rc2-syzkaller-00316-g0457e5153e0e #0 Hardware na... • https://git.kernel.org/stable/c/fbb0de795078190a9834b3409e4b009cfb18a6d4 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2022-49982 – media: pvrusb2: fix memory leak in pvr_probe
https://notcve.org/view.php?id=CVE-2022-49982
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: media: pvrusb2: fix memory leak in pvr_probe The error handling code in pvr2_hdw_create forgets to unregister the v4l2 device. When pvr2_hdw_create returns back to pvr2_context_create, it calls pvr2_context_destroy to destroy context, but mp->hdw is NULL, which leads to that pvr2_hdw_destroy directly returns. Fix this by adding v4l2_device_unregister to decrease the refcount of usb interface. In the Linux kernel, the following vulnerability... • https://git.kernel.org/stable/c/2fe46195d2f0d5d09ea65433aefe47a4d0d0ff4d •
CVSS: 6.3EPSS: 0%CPEs: 8EXPL: 0CVE-2022-49981 – HID: hidraw: fix memory leak in hidraw_release()
https://notcve.org/view.php?id=CVE-2022-49981
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: HID: hidraw: fix memory leak in hidraw_release() Free the buffered reports before deleting the list entry. BUG: memory leak unreferenced object 0xffff88810e72f180 (size 32): comm "softirq", pid 0, jiffies 4294945143 (age 16.080s) hex dump (first 32 bytes): 64 f3 c6 6a d1 88 07 04 00 00 00 00 00 00 00 00 d..j............ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace: [
CVSS: 6.3EPSS: 0%CPEs: 2EXPL: 0CVE-2022-49980 – USB: gadget: Fix use-after-free Read in usb_udc_uevent()
https://notcve.org/view.php?id=CVE-2022-49980
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: USB: gadget: Fix use-after-free Read in usb_udc_uevent() The syzbot fuzzer found a race between uevent callbacks and gadget driver unregistration that can cause a use-after-free bug: --------------------------------------------------------------- BUG: KASAN: use-after-free in usb_udc_uevent+0x11f/0x130 drivers/usb/gadget/udc/core.c:1732 Read of size 8 at addr ffff888078ce2050 by task udevd/2968 CPU: 1 PID: 2968 Comm: udevd Not tainted 5.19.... • https://git.kernel.org/stable/c/f44b0b95d50fffeca036e1ba36770390e0b519dd •
CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 0CVE-2022-49979 – net: fix refcount bug in sk_psock_get (2)
https://notcve.org/view.php?id=CVE-2022-49979
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: net: fix refcount bug in sk_psock_get (2) Syzkaller reports refcount bug as follows: ------------[ cut here ]------------ refcount_t: saturated; leaking memory. WARNING: CPU: 1 PID: 3605 at lib/refcount.c:19 refcount_warn_saturate+0xf4/0x1e0 lib/refcount.c:19 Modules linked in: CPU: 1 PID: 3605 Comm: syz-executor208 Not tainted 5.18.0-syzkaller-03023-g7e062cda7d90 #0
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2022-49978 – fbdev: fb_pm2fb: Avoid potential divide by zero error
https://notcve.org/view.php?id=CVE-2022-49978
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: fbdev: fb_pm2fb: Avoid potential divide by zero error In `do_fb_ioctl()` of fbmem.c, if cmd is FBIOPUT_VSCREENINFO, var will be copied from user, then go through `fb_set_var()` and `info->fbops->fb_check_var()` which could may be `pm2fb_check_var()`. Along the path, `var->pixclock` won't be modified. This function checks whether reciprocal of `var->pixclock` is too high. If `var->pixclock` is zero, there will be a divide by zero error. So, ... • https://git.kernel.org/stable/c/0f1174f4972ea9fad6becf8881d71adca8e9ca91 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2022-49977 – ftrace: Fix NULL pointer dereference in is_ftrace_trampoline when ftrace is dead
https://notcve.org/view.php?id=CVE-2022-49977
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: ftrace: Fix NULL pointer dereference in is_ftrace_trampoline when ftrace is dead ftrace_startup does not remove ops from ftrace_ops_list when ftrace_startup_enable fails: register_ftrace_function ftrace_startup __register_ftrace_function ... add_ftrace_ops(&ftrace_ops_list, ops) ... ... ftrace_startup_enable // if ftrace failed to modify, ftrace_disabled is set to 1 ... return 0 // ops is in the ftrace_ops_list. When ftrace_disabled = 1, un... • https://git.kernel.org/stable/c/8569b4ada1e0b9bfaa125bd0c0967918b6560fa2 •
CVSS: 6.4EPSS: 0%CPEs: 5EXPL: 0CVE-2022-49975 – bpf: Don't redirect packets with invalid pkt_len
https://notcve.org/view.php?id=CVE-2022-49975
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: bpf: Don't redirect packets with invalid pkt_len Syzbot found an issue [1]: fq_codel_drop() try to drop a flow whitout any skbs, that is, the flow->head is null. The root cause, as the [2] says, is because that bpf_prog_test_run_skb() run a bpf prog which redirects empty skbs. So we should determine whether the length of the packet modified by bpf prog or others like bpf_prog_test is valid before forwarding it directly. In the Linux kernel,... • https://git.kernel.org/stable/c/8b68e53d56697a59b5c53893b53f508bbdf272a0 •
CVSS: 8.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-49973 – skmsg: Fix wrong last sg check in sk_msg_recvmsg()
https://notcve.org/view.php?id=CVE-2022-49973
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: skmsg: Fix wrong last sg check in sk_msg_recvmsg() Fix one kernel NULL pointer dereference as below: [ 224.462334] Call Trace: [ 224.462394] __tcp_bpf_recvmsg+0xd3/0x380 [ 224.462441] ? sock_has_perm+0x78/0xa0 [ 224.462463] tcp_bpf_recvmsg+0x12e/0x220 [ 224.462494] inet_recvmsg+0x5b/0xd0 [ 224.462534] __sys_recvfrom+0xc8/0x130 [ 224.462574] ? syscall_trace_enter+0x1df/0x2e0 [ 224.462606] ? __do_page_fault+0x2de/0x500 [ 224.462635] __x64_sys... • https://git.kernel.org/stable/c/293c53b7dbf9073cbcc488f938bc053ff4caeec0 •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2022-49970 – bpf, cgroup: Fix kernel BUG in purge_effective_progs
https://notcve.org/view.php?id=CVE-2022-49970
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: bpf, cgroup: Fix kernel BUG in purge_effective_progs Syzkaller reported a triggered kernel BUG as follows: ------------[ cut here ]------------ kernel BUG at kernel/bpf/cgroup.c:925! invalid opcode: 0000 [#1] PREEMPT SMP NOPTI CPU: 1 PID: 194 Comm: detach Not tainted 5.19.0-14184-g69dac8e431af #8 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.0-0-gd239552ce722-prebuilt.qemu.org 04/01/2014 RIP: 0010:__cgroup_bpf_detach+... • https://git.kernel.org/stable/c/3527e3cbb84d8868c4d4e91ba55915f96d39ec3d •