CVSS: 4.1EPSS: 0%CPEs: 4EXPL: 0CVE-2022-48763 – KVM: x86: Forcibly leave nested virt when SMM state is toggled
https://notcve.org/view.php?id=CVE-2022-48763
20 Jun 2024 — /virt/kvm/kvm_main.c:1273 __fput+0x286/0x9f0 fs/file_table.c:311 task_work_run+0xdd/0x1a0 kernel/task_work.c:164 exit_task_work include/linux/task_work.h:32 [inline] do_exit+0xb29/0x2a30 kernel/exit.c:806 do_group_exit+0xd2/0x2f0 kernel/exit.c:935 get_signal+0x4b0/0x28c0 kernel/signal.c:2862 arch_do_signal_or_restart+0x2a9/0x1c40 arch/x86/kernel/signal.c:868 handle_signal_work kernel/entry/common.c:148 [inline] exit_to_user_mode_loop kernel/entry/common.c:172 [inline] exit_to_user_mode_prepare+0x17d/... • https://git.kernel.org/stable/c/080dbe7e9b86a0392d8dffc00d9971792afc121f •
CVSS: 6.2EPSS: 0%CPEs: 2EXPL: 0CVE-2022-48762 – arm64: extable: fix load_unaligned_zeropad() reg indices
https://notcve.org/view.php?id=CVE-2022-48762
20 Jun 2024 — On an MTE-enabled QEMU image we are hitting the following crash: Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000 Call trace: fixup_exception+0xc4/0x108 __do_kernel_fault+0x3c/0x268 do_tag_check_fault+0x3c/0x104 do_mem_abort+0x44/0xf4 el1_abort+0x40/0x64 el1h_64_sync_handler+0x60/0xa0 el1h_64_sync+0x7c/0x80 link_path_walk+0x150/0x344 path_openat+0xa0/0x7dc do_filp_open+0xb8/0x168 do_sys_openat2+0x88/0x17c __arm64_sys_openat+0x74/0xa0 invoke_syscall+0x48/0x148 el0_svc_comm... • https://git.kernel.org/stable/c/753b32368705c396000f95f33c3b7018474e33ad •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-48761 – usb: xhci-plat: fix crash when suspend if remote wake enable
https://notcve.org/view.php?id=CVE-2022-48761
20 Jun 2024 — In the Linux kernel, the following vulnerability has been resolved: usb: xhci-plat: fix crash when suspend if remote wake enable Crashed at i.mx8qm platform when suspend if enable remote wakeup Internal error: synchronous external abort: 96000210 [#1] PREEMPT SMP Modules linked in: CPU: 2 PID: 244 Comm: kworker/u12:6 Not tainted 5.15.5-dirty #12 Hardware name: Freescale i.MX8QM MEK (DT) Workqueue: events_unbound async_run_entry_fn pstate: 600000c5 (nZCv daIF -PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : x... • https://git.kernel.org/stable/c/20c51a4c52208f98e27308c456a1951778f41fa5 •
CVSS: 4.6EPSS: 0%CPEs: 9EXPL: 0CVE-2022-48760 – USB: core: Fix hang in usb_kill_urb by adding memory barriers
https://notcve.org/view.php?id=CVE-2022-48760
20 Jun 2024 — In the Linux kernel, the following vulnerability has been resolved: USB: core: Fix hang in usb_kill_urb by adding memory barriers The syzbot fuzzer has identified a bug in which processes hang waiting for usb_kill_urb() to return. ... In the Linux kernel, the following vulnerability has been resolved: USB: core: Fix hang in usb_kill_urb by adding memory barriers The syzbot fuzzer has identified a bug in which processes hang waiting for usb_kill_urb() to return. • https://git.kernel.org/stable/c/5f138ef224dffd15d5e5c5b095859719e0038427 • CWE-820: Missing Synchronization •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2022-48759 – rpmsg: char: Fix race between the release of rpmsg_ctrldev and cdev
https://notcve.org/view.php?id=CVE-2022-48759
20 Jun 2024 — In the Linux kernel, the following vulnerability has been resolved: rpmsg: char: Fix race between the release of rpmsg_ctrldev and cdev struct rpmsg_ctrldev contains a struct cdev. ... In the Linux kernel, the following vulnerability has been resolved: rpmsg: char: Fix race between the release of rpmsg_ctrldev and cdev struct rpmsg_ctrldev contains a struct cdev. • https://git.kernel.org/stable/c/c0cdc19f84a4712cf74888f83af286e3c2e14efd •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2022-48758 – scsi: bnx2fc: Flush destroy_work queue before calling bnx2fc_interface_put()
https://notcve.org/view.php?id=CVE-2022-48758
20 Jun 2024 — In the Linux kernel, the following vulnerability has been resolved: scsi: bnx2fc: Flush destroy_work queue before calling bnx2fc_interface_put() The bnx2fc_destroy() functions are removing the interface before calling destroy_work. ... set_kthread_struct+0x40/0x40 [ 584.662909] ret_from_fork+0x22/0x30 [ 584.680002] ---[ end trace 53575ecefa942ece ]--- In the Linux kernel, the following vulnerability has been resolved: scsi: bnx2fc: Flush destroy_work queue before calling bnx2fc_interface_put()... • https://git.kernel.org/stable/c/0cbf32e1681d870632a1772601cbaadd996dc978 •
CVSS: 3.3EPSS: 0%CPEs: 9EXPL: 0CVE-2022-48757 – net: fix information leakage in /proc/net/ptype
https://notcve.org/view.php?id=CVE-2022-48757
20 Jun 2024 — In the Linux kernel, the following vulnerability has been resolved: net: fix information leakage in /proc/net/ptype In one net namespace, after creating a packet socket without binding it to a device, users in other net namespaces can observe the new `packet_type` added by this packet socket by reading `/proc/net/ptype` file. In the Linux kernel, the following vulnerability has been resolved: net: fix information leakage in /proc/net/ptype In one net namespace, after creating a packet socket w... • https://git.kernel.org/stable/c/2feb27dbe00cbb4f7d31f90acf6bd0d751dd0a50 • CWE-276: Incorrect Default Permissions •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2022-48756 – drm/msm/dsi: invalid parameter check in msm_dsi_phy_enable
https://notcve.org/view.php?id=CVE-2022-48756
20 Jun 2024 — In the Linux kernel, the following vulnerability has been resolved: drm/msm/dsi: invalid parameter check in msm_dsi_phy_enable The function performs a check on the "phy" input parameter, however, it is used before the check. ... Addresses-Coverity-ID: 1493860 ("Null pointer dereference") In the Linux kernel, the following vulnerability has been resolved: drm/msm/dsi: invalid parameter check in msm_dsi_phy_enable The function performs a check on the "phy" input parameter, however, it is used be... • https://git.kernel.org/stable/c/5c8290284402bf7d2c12269402b3177b899c78b7 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-48755 – powerpc64/bpf: Limit 'ldbrx' to processors compliant with ISA v2.06
https://notcve.org/view.php?id=CVE-2022-48755
20 Jun 2024 — In the Linux kernel, the following vulnerability has been resolved: powerpc64/bpf: Limit 'ldbrx' to processors compliant with ISA v2.06 Johan reported the below crash with test_bpf on ppc64 e5500: test_bpf: #296 ALU_END_FROM_LE 64: 0x0123456789abcdef -> 0x67452301 jited:1 Oops: Exception in kernel mode, sig: 4 [#1] BE PAGE_SIZE=4K SMP NR_CPUS=24 QEMU e500 Modules linked in: test_bpf(+) CPU: 0 PID: 76 Comm: insmod Not tainted 5.14.0-03771-g98c2059e008a-dirty #1 NIP: 8000000000061c3c LR: 80000000006dea... • https://git.kernel.org/stable/c/156d0e290e969caba25f1851c52417c14d141b24 •
CVSS: 8.4EPSS: 0%CPEs: 6EXPL: 0CVE-2022-48754 – phylib: fix potential use-after-free
https://notcve.org/view.php?id=CVE-2022-48754
20 Jun 2024 — In the Linux kernel, the following vulnerability has been resolved: phylib: fix potential use-after-free Commit bafbdd527d56 ("phylib: Add device reset GPIO support") added call to phy_device_reset(phydev) after the put_device() call in phy_detach(). In the Linux kernel, the following vulnerability has been resolved: phylib: fix potential use-after-free Commit bafbdd527d56 ("phylib: Add device reset GPIO support") added call to phy_device_reset(phydev) after the put_device() call in phy_detach... • https://git.kernel.org/stable/c/bafbdd527d569c8200521f2f7579f65a044271be • CWE-416: Use After Free •