CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2022-49563 – crypto: qat - add param check for RSA
https://notcve.org/view.php?id=CVE-2022-49563
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: crypto: qat - add param check for RSA Reject requests with a source buffer that is bigger than the size of the key. This is to prevent a possible integer underflow that might happen when copying the source scatterlist into a linear buffer. In the Linux kernel, the following vulnerability has been resolved: crypto: qat - add param check for RSA Reject requests with a source buffer that is bigger than the size of the key. This is to prevent a... • https://git.kernel.org/stable/c/4d6d2adce08788b7667a6e58002682ea1bbf6a79 •
CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2021-4453 – drm/amd/pm: fix a potential gpu_metrics_table memory leak
https://notcve.org/view.php?id=CVE-2021-4453
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/amd/pm: fix a potential gpu_metrics_table memory leak Memory is allocated for gpu_metrics_table in renoir_init_smc_tables(), but not freed in int smu_v12_0_fini_smc_tables(). Free it! • https://git.kernel.org/stable/c/95868b85764aff2dcbf78d3054076df75446ad15 •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2022-49562 – KVM: x86: Use __try_cmpxchg_user() to update guest PTE A/D bits
https://notcve.org/view.php?id=CVE-2022-49562
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Use __try_cmpxchg_user() to update guest PTE A/D bits Use the recently introduced __try_cmpxchg_user() to update guest PTE A/D bits instead of mapping the PTE into kernel address space. The VM_PFNMAP path is broken as it assumes that vm_pgoff is the base pfn of the mapped VMA range, which is conceptually wrong as vm_pgoff is the offset relative to the file and has nothing to do with the pfn. The horrific hack worked for the origin... • https://git.kernel.org/stable/c/bd53cb35a3e9adb73a834a36586e9ad80e877767 •
CVSS: 6.3EPSS: 0%CPEs: 8EXPL: 0CVE-2022-49561 – netfilter: conntrack: re-fetch conntrack after insertion
https://notcve.org/view.php?id=CVE-2022-49561
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: netfilter: conntrack: re-fetch conntrack after insertion In case the conntrack is clashing, insertion can free skb->_nfct and set skb->_nfct to the already-confirmed entry. This wasn't found before because the conntrack entry and the extension space used to free'd after an rcu grace period, plus the race needs events enabled to trigger. In the Linux kernel, the following vulnerability has been resolved: netfilter: conntrack: re-fetch conntr... • https://git.kernel.org/stable/c/71d8c47fc653711c41bc3282e5b0e605b3727956 •
CVSS: 7.1EPSS: 0%CPEs: 5EXPL: 0CVE-2022-49560 – exfat: check if cluster num is valid
https://notcve.org/view.php?id=CVE-2022-49560
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: exfat: check if cluster num is valid Syzbot reported slab-out-of-bounds read in exfat_clear_bitmap. This was triggered by reproducer calling truncute with size 0, which causes the following trace: BUG: KASAN: slab-out-of-bounds in exfat_clear_bitmap+0x147/0x490 fs/exfat/balloc.c:174 Read of size 8 at addr ffff888115aa9508 by task syz-executor251/365 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack_lvl+0x1e2/0x24b lib/dump_st... • https://git.kernel.org/stable/c/1e49a94cf707204b66a3fb242f2814712c941f52 •
CVSS: 5.6EPSS: 0%CPEs: 7EXPL: 0CVE-2022-49558 – netfilter: nf_tables: double hook unregistration in netns path
https://notcve.org/view.php?id=CVE-2022-49558
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: double hook unregistration in netns path __nft_release_hooks() is called from pre_netns exit path which unregisters the hooks, then the NETDEV_UNREGISTER event is triggered which unregisters the hooks again. [ 565.221461] WARNING: CPU: 18 PID: 193 at net/netfilter/core.c:495 __nf_unregister_net_hook+0x247/0x270 [...] [ 565.246890] CPU: 18 PID: 193 Comm: kworker/u64:1 Tainted: G E 5.18.0-rc7+ #27 [ 565.253682] Workqueue... • https://git.kernel.org/stable/c/767d1216bff82507c945e92fe719dff2083bb2f4 •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2022-49556 – KVM: SVM: Use kzalloc for sev ioctl interfaces to prevent kernel data leak
https://notcve.org/view.php?id=CVE-2022-49556
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: KVM: SVM: Use kzalloc for sev ioctl interfaces to prevent kernel data leak For some sev ioctl interfaces, the length parameter that is passed maybe less than or equal to SEV_FW_BLOB_MAX_SIZE, but larger than the data that PSP firmware returns. In this case, kmalloc will allocate memory that is the size of the input rather than the size of the data. Since PSP firmware doesn't fully overwrite the allocated buffer, these sev ioctl interface ma... • https://git.kernel.org/stable/c/eaf78265a4ab33935d3a0f1407ce4a91aac4d4d5 •
CVSS: 5.6EPSS: 0%CPEs: 5EXPL: 0CVE-2022-49555 – Bluetooth: hci_qca: Use del_timer_sync() before freeing
https://notcve.org/view.php?id=CVE-2022-49555
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_qca: Use del_timer_sync() before freeing While looking at a crash report on a timer list being corrupted, which usually happens when a timer is freed while still active. This is commonly triggered by code calling del_timer() instead of del_timer_sync() just before freeing. One possible culprit is the hci_qca driver, which does exactly that. Eric mentioned that wake_retrans_timer could be rearmed via the work queue, so also mo... • https://git.kernel.org/stable/c/0ff252c1976da5d80db1377eb39b551931e61826 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2022-49554 – zsmalloc: fix races between asynchronous zspage free and page migration
https://notcve.org/view.php?id=CVE-2022-49554
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: zsmalloc: fix races between asynchronous zspage free and page migration The asynchronous zspage free worker tries to lock a zspage's entire page list without defending against page migration. Since pages which haven't yet been locked can concurrently migrate off the zspage page list while lock_zspage() churns away, lock_zspage() can suffer from a few different lethal races. It can lock a page which no longer belongs to the zspage and unsafe... • https://git.kernel.org/stable/c/77ff465799c60294e248000cd22ae8171da3304c •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2022-49549 – x86/MCE/AMD: Fix memory leak when threshold_create_bank() fails
https://notcve.org/view.php?id=CVE-2022-49549
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: x86/MCE/AMD: Fix memory leak when threshold_create_bank() fails In mce_threshold_create_device(), if threshold_create_bank() fails, the previously allocated threshold banks array @bp will be leaked because the call to mce_threshold_remove_device() will not free it. This happens because mce_threshold_remove_device() fetches the pointer through the threshold_banks per-CPU variable but bp is written there only after the bank creation is succes... • https://git.kernel.org/stable/c/6458de97fc15530b54477c4e2b70af653e8ac3d9 •