CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2022-49416 – wifi: mac80211: fix use-after-free in chanctx code
https://notcve.org/view.php?id=CVE-2022-49416
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: fix use-after-free in chanctx code In ieee80211_vif_use_reserved_context(), when we have an old context and the new context's replace_state is set to IEEE80211_CHANCTX_REPLACE_NONE, we free the old context in ieee80211_vif_use_reserved_reassign(). Therefore, we cannot check the old_ctx anymore, so we should set it to NULL after this point. However, since the new_ctx replace state is clearly not IEEE80211_CHANCTX_REPLACES_OTH... • https://git.kernel.org/stable/c/5bcae31d9cb1ebfad3ad5a3eea04c8cdc329a04f • CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2022-49414 – ext4: fix race condition between ext4_write and ext4_convert_inline_data
https://notcve.org/view.php?id=CVE-2022-49414
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: ext4: fix race condition between ext4_write and ext4_convert_inline_data Hulk Robot reported a BUG_ON: ================================================================== EXT4-fs error (device loop3): ext4_mb_generate_buddy:805: group 0, block bitmap and bg descriptor inconsistent: 25 vs 31513 free clusters kernel BUG at fs/ext4/ext4_jbd2.c:53! invalid opcode: 0000 [#1] SMP KASAN PTI CPU: 0 PID: 25371 Comm: syz-executor.3 Not tainted 5.10.0+... • https://git.kernel.org/stable/c/0c8d414f163f5d35e43a4de7a6e5ee8c253fcccf •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2022-49413 – bfq: Update cgroup information before merging bio
https://notcve.org/view.php?id=CVE-2022-49413
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: bfq: Update cgroup information before merging bio When the process is migrated to a different cgroup (or in case of writeback just starts submitting bios associated with a different cgroup) bfq_merge_bio() can operate with stale cgroup information in bic. Thus the bio can be merged to a request from a different cgroup or it can result in merging of bfqqs for different cgroups or bfqqs of already dead cgroups and causing possible use-after-f... • https://git.kernel.org/stable/c/e21b7a0b988772e82e7147e1c659a5afe2ae003c • CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2022-49411 – bfq: Make sure bfqg for which we are queueing requests is online
https://notcve.org/view.php?id=CVE-2022-49411
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: bfq: Make sure bfqg for which we are queueing requests is online Bios queued into BFQ IO scheduler can be associated with a cgroup that was already offlined. This may then cause insertion of this bfq_group into a service tree. But this bfq_group will get freed as soon as last bio associated with it is completed leading to use after free issues for service tree users. Fix the problem by making sure we always operate on online bfq_group. If t... • https://git.kernel.org/stable/c/e21b7a0b988772e82e7147e1c659a5afe2ae003c •
CVSS: 7.8EPSS: 0%CPEs: 10EXPL: 0CVE-2022-49409 – ext4: fix bug_on in __es_tree_search
https://notcve.org/view.php?id=CVE-2022-49409
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: ext4: fix bug_on in __es_tree_search Hulk Robot reported a BUG_ON: ================================================================== kernel BUG at fs/ext4/extents_status.c:199! [...] RIP: 0010:ext4_es_end fs/ext4/extents_status.c:199 [inline] RIP: 0010:__es_tree_search+0x1e0/0x260 fs/ext4/extents_status.c:217 [...] Call Trace: ext4_es_cache_extent+0x109/0x340 fs/ext4/extents_status.c:766 ext4_cache_extents+0x239/0x2e0 fs/ext4/extents.c:561... • https://git.kernel.org/stable/c/5946d089379a35dda0e531710b48fca05446a196 •
CVSS: 7.1EPSS: 0%CPEs: 9EXPL: 0CVE-2022-49407 – dlm: fix plock invalid read
https://notcve.org/view.php?id=CVE-2022-49407
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: dlm: fix plock invalid read This patch fixes an invalid read showed by KASAN. A unlock will allocate a "struct plock_op" and a followed send_op() will append it to a global send_list data structure. In some cases a followed dev_read() moves it to recv_list and dev_write() will cast it to "struct plock_xop" and access fields which are only available in those structures. At this point an invalid read happens by accessing those fields. To fix ... • https://git.kernel.org/stable/c/586759f03e2e9031ac5589912a51a909ed53c30a •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2022-49404 – RDMA/hfi1: Fix potential integer multiplication overflow errors
https://notcve.org/view.php?id=CVE-2022-49404
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: RDMA/hfi1: Fix potential integer multiplication overflow errors When multiplying of different types, an overflow is possible even when storing the result in a larger type. This is because the conversion is done after the multiplication. So arithmetic overflow and thus in incorrect value is possible. Correct an instance of this in the inter packet delay calculation. Fix by ensuring one of the operands is u64 which will promote the other to u... • https://git.kernel.org/stable/c/7724105686e718ac476a6ad3304fea2fbcfcffde •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2022-49399 – tty: goldfish: Use tty_port_destroy() to destroy port
https://notcve.org/view.php?id=CVE-2022-49399
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: tty: goldfish: Use tty_port_destroy() to destroy port In goldfish_tty_probe(), the port initialized through tty_port_init() should be destroyed in error paths.In goldfish_tty_remove(), qtty->port also should be destroyed or else might leak resources. Fix the above by calling tty_port_destroy(). In the Linux kernel, the following vulnerability has been resolved: tty: goldfish: Use tty_port_destroy() to destroy port In goldfish_tty_probe(), t... • https://git.kernel.org/stable/c/666b7793d4bfa9f150b5c2007ab48c755ddc53ca •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2022-49397 – phy: qcom-qmp: fix struct clk leak on probe errors
https://notcve.org/view.php?id=CVE-2022-49397
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: phy: qcom-qmp: fix struct clk leak on probe errors Make sure to release the pipe clock reference in case of a late probe error (e.g. probe deferral). In the Linux kernel, the following vulnerability has been resolved: phy: qcom-qmp: fix struct clk leak on probe errors Make sure to release the pipe clock reference in case of a late probe error (e.g. probe deferral). • https://git.kernel.org/stable/c/e78f3d15e115e8e764d4b1562b4fa538f2e22f6b •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2022-49396 – phy: qcom-qmp: fix reset-controller leak on probe errors
https://notcve.org/view.php?id=CVE-2022-49396
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: phy: qcom-qmp: fix reset-controller leak on probe errors Make sure to release the lane reset controller in case of a late probe error (e.g. probe deferral). Note that due to the reset controller being defined in devicetree in "lane" child nodes, devm_reset_control_get_exclusive() cannot be used directly. In the Linux kernel, the following vulnerability has been resolved: phy: qcom-qmp: fix reset-controller leak on probe errors Make sure to ... • https://git.kernel.org/stable/c/e78f3d15e115e8e764d4b1562b4fa538f2e22f6b •