CVSS: 9.0EPSS: 0%CPEs: 9EXPL: 0CVE-2022-49478 – media: pvrusb2: fix array-index-out-of-bounds in pvr2_i2c_core_init
https://notcve.org/view.php?id=CVE-2022-49478
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: media: pvrusb2: fix array-index-out-of-bounds in pvr2_i2c_core_init Syzbot reported that -1 is used as array index. The problem was in missing validation check. hdw->unit_number is initialized with -1 and then if init table walk fails this value remains unchanged. Since code blindly uses this member for array indexing adding sanity check is the easiest fix for that. hdw->workpoll initialization moved upper to prevent warning in __flush_work... • https://git.kernel.org/stable/c/d855497edbfbf9e19a17f4a1154bca69cb4bd9ba • CWE-129: Improper Validation of Array Index •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2022-49431 – powerpc/iommu: Add missing of_node_put in iommu_init_early_dart
https://notcve.org/view.php?id=CVE-2022-49431
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: powerpc/iommu: Add missing of_node_put in iommu_init_early_dart The device_node pointer is returned by of_find_compatible_node with refcount incremented. We should use of_node_put() to avoid the refcount leak. In the Linux kernel, the following vulnerability has been resolved: powerpc/iommu: Add missing of_node_put in iommu_init_early_dart The device_node pointer is returned by of_find_compatible_node with refcount incremented. We should us... • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 •
CVSS: 6.3EPSS: 0%CPEs: 2EXPL: 0CVE-2022-49420 – net: annotate races around sk->sk_bound_dev_if
https://notcve.org/view.php?id=CVE-2022-49420
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: net: annotate races around sk->sk_bound_dev_if UDP sendmsg() is lockless, and reads sk->sk_bound_dev_if while this field can be changed by another thread. Adds minimal annotations to avoid KCSAN splats for UDP. Following patches will add more annotations to potential lockless readers. BUG: KCSAN: data-race in __ip6_datagram_connect / udpv6_sendmsg write to 0xffff888136d47a94 of 4 bytes by task 7681 on cpu 0: __ip6_datagram_connect+0x6e2/0x9... • https://git.kernel.org/stable/c/20b2f61797873a2b18b5ff1a304ad2674fa1e0a5 •
CVSS: 7.1EPSS: 0%CPEs: 9EXPL: 0CVE-2022-49395 – um: Fix out-of-bounds read in LDT setup
https://notcve.org/view.php?id=CVE-2022-49395
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: um: Fix out-of-bounds read in LDT setup syscall_stub_data() expects the data_count parameter to be the number of longs, not bytes. ================================================================== BUG: KASAN: stack-out-of-bounds in syscall_stub_data+0x70/0xe0 Read of size 128 at addr 000000006411f6f0 by task swapper/1 CPU: 0 PID: 1 Comm: swapper Not tainted 5.18.0+ #18 Call Trace: show_stack.cold+0x166/0x2a7 __dump_stack+0x3a/0x43 dump_sta... • https://git.kernel.org/stable/c/858259cf7d1c443c836a2022b78cb281f0a9b95e • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2022-49381 – jffs2: fix memory leak in jffs2_do_fill_super
https://notcve.org/view.php?id=CVE-2022-49381
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: jffs2: fix memory leak in jffs2_do_fill_super If jffs2_iget() or d_make_root() in jffs2_do_fill_super() returns an error, we can observe the following kmemleak report: -------------------------------------------- unreferenced object 0xffff888105a65340 (size 64): comm "mount", pid 710, jiffies 4302851558 (age 58.239s) hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 00 00 00 00 00 00 00 00 00 00 ... • https://git.kernel.org/stable/c/e631ddba588783edd521c5a89f7b2902772fb691 • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2022-49343 – ext4: avoid cycles in directory h-tree
https://notcve.org/view.php?id=CVE-2022-49343
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: ext4: avoid cycles in directory h-tree A maliciously corrupted filesystem can contain cycles in the h-tree stored inside a directory. That can easily lead to the kernel corrupting tree nodes that were already verified under its hands while doing a node split and consequently accessing unallocated memory. Fix the problem by verifying traversed block numbers are unique. In the Linux kernel, the following vulnerability has been resolved: ext4:... • https://git.kernel.org/stable/c/ac27a0ec112a089f1a5102bc8dffc79c8c815571 •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2022-49337 – ocfs2: dlmfs: fix error handling of user_dlm_destroy_lock
https://notcve.org/view.php?id=CVE-2022-49337
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: ocfs2: dlmfs: fix error handling of user_dlm_destroy_lock When user_dlm_destroy_lock failed, it didn't clean up the flags it set before exit. For USER_LOCK_IN_TEARDOWN, if this function fails because of lock is still in used, next time when unlink invokes this function, it will return succeed, and then unlink will remove inode and dentry if lock is not in used(file closed), but the dlm lock is still linked in dlm lock resource, then when ba... • https://git.kernel.org/stable/c/2cd9888590c52ac7592e3607d0a3174ccd57ef86 •
CVSS: 8.5EPSS: 0%CPEs: 9EXPL: 0CVE-2022-49330 – tcp: fix tcp_mtup_probe_success vs wrong snd_cwnd
https://notcve.org/view.php?id=CVE-2022-49330
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: tcp: fix tcp_mtup_probe_success vs wrong snd_cwnd syzbot got a new report [1] finally pointing to a very old bug, added in initial support for MTU probing. tcp_mtu_probe() has checks about starting an MTU probe if tcp_snd_cwnd(tp) >= 11. But nothing prevents tcp_snd_cwnd(tp) to be reduced later and before the MTU probe succeeds. This bug would lead to potential zero-divides. Debugging added in commit 40570375356c ("tcp: add accessors to rea... • https://git.kernel.org/stable/c/5d424d5a674f782d0659a3b66d951f412901faee •
CVSS: 8.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-49325 – tcp: add accessors to read/set tp->snd_cwnd
https://notcve.org/view.php?id=CVE-2022-49325
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: tcp: add accessors to read/set tp->snd_cwnd We had various bugs over the years with code breaking the assumption that tp->snd_cwnd is greater than zero. Lately, syzbot reported the WARN_ON_ONCE(!tp->prior_cwnd) added in commit 8b8a321ff72c ("tcp: fix zero cwnd in tcp_cwnd_reduction") can trigger, and without a repro we would have to spend considerable time finding the bug. Instead of complaining too late, we want to catch where and when tp-... • https://git.kernel.org/stable/c/5d424d5a674f782d0659a3b66d951f412901faee • CWE-99: Improper Control of Resource Identifiers ('Resource Injection') •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2022-49314 – tty: Fix a possible resource leak in icom_probe
https://notcve.org/view.php?id=CVE-2022-49314
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: tty: Fix a possible resource leak in icom_probe When pci_read_config_dword failed, call pci_release_regions() and pci_disable_device() to recycle the resource previously allocated. The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security bugfixes. The following security bugs were fixed. • https://git.kernel.org/stable/c/1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 •