CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-49985 – bpf: Don't use tnum_range on array range checking for poke descriptors
https://notcve.org/view.php?id=CVE-2022-49985
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: bpf: Don't use tnum_range on array range checking for poke descriptors Hsin-Wei reported a KASAN splat triggered by their BPF runtime fuzzer which is based on a customized syzkaller: BUG: KASAN: slab-out-of-bounds in bpf_int_jit_compile+0x1257/0x13f0 Read of size 8 at addr ffff888004e90b58 by task syz-executor.0/1489 CPU: 1 PID: 1489 Comm: syz-executor.0 Not tainted 5.19.0 #1 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.13.... • https://git.kernel.org/stable/c/d2e4c1e6c2947269346054ac8937ccfe9e0bcc6b •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2022-49984 – HID: steam: Prevent NULL pointer dereference in steam_{recv,send}_report
https://notcve.org/view.php?id=CVE-2022-49984
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: HID: steam: Prevent NULL pointer dereference in steam_{recv,send}_report It is possible for a malicious device to forgo submitting a Feature Report. The HID Steam driver presently makes no prevision for this and de-references the 'struct hid_report' pointer obtained from the HID devices without first checking its validity. Let's change that. In the Linux kernel, the following vulnerability has been resolved: HID: steam: Prevent NULL pointer... • https://git.kernel.org/stable/c/c164d6abf3841ffacfdb757c10616f9cb1f67276 •
CVSS: 7.1EPSS: 0%CPEs: 5EXPL: 0CVE-2022-49983 – udmabuf: Set the DMA mask for the udmabuf device (v2)
https://notcve.org/view.php?id=CVE-2022-49983
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: udmabuf: Set the DMA mask for the udmabuf device (v2) If the DMA mask is not set explicitly, the following warning occurs when the userspace tries to access the dma-buf via the CPU as reported by syzbot here: WARNING: CPU: 1 PID: 3595 at kernel/dma/mapping.c:188 __dma_map_sg_attrs+0x181/0x1f0 kernel/dma/mapping.c:188 Modules linked in: CPU: 0 PID: 3595 Comm: syz-executor249 Not tainted 5.17.0-rc2-syzkaller-00316-g0457e5153e0e #0 Hardware na... • https://git.kernel.org/stable/c/fbb0de795078190a9834b3409e4b009cfb18a6d4 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2022-49982 – media: pvrusb2: fix memory leak in pvr_probe
https://notcve.org/view.php?id=CVE-2022-49982
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: media: pvrusb2: fix memory leak in pvr_probe The error handling code in pvr2_hdw_create forgets to unregister the v4l2 device. When pvr2_hdw_create returns back to pvr2_context_create, it calls pvr2_context_destroy to destroy context, but mp->hdw is NULL, which leads to that pvr2_hdw_destroy directly returns. Fix this by adding v4l2_device_unregister to decrease the refcount of usb interface. In the Linux kernel, the following vulnerability... • https://git.kernel.org/stable/c/2fe46195d2f0d5d09ea65433aefe47a4d0d0ff4d •
CVSS: 6.3EPSS: 0%CPEs: 8EXPL: 0CVE-2022-49981 – HID: hidraw: fix memory leak in hidraw_release()
https://notcve.org/view.php?id=CVE-2022-49981
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: HID: hidraw: fix memory leak in hidraw_release() Free the buffered reports before deleting the list entry. BUG: memory leak unreferenced object 0xffff88810e72f180 (size 32): comm "softirq", pid 0, jiffies 4294945143 (age 16.080s) hex dump (first 32 bytes): 64 f3 c6 6a d1 88 07 04 00 00 00 00 00 00 00 00 d..j............ 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace: [
CVSS: 6.3EPSS: 0%CPEs: 2EXPL: 0CVE-2022-49980 – USB: gadget: Fix use-after-free Read in usb_udc_uevent()
https://notcve.org/view.php?id=CVE-2022-49980
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: USB: gadget: Fix use-after-free Read in usb_udc_uevent() The syzbot fuzzer found a race between uevent callbacks and gadget driver unregistration that can cause a use-after-free bug: --------------------------------------------------------------- BUG: KASAN: use-after-free in usb_udc_uevent+0x11f/0x130 drivers/usb/gadget/udc/core.c:1732 Read of size 8 at addr ffff888078ce2050 by task udevd/2968 CPU: 1 PID: 2968 Comm: udevd Not tainted 5.19.... • https://git.kernel.org/stable/c/f44b0b95d50fffeca036e1ba36770390e0b519dd •
CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 0CVE-2022-49979 – net: fix refcount bug in sk_psock_get (2)
https://notcve.org/view.php?id=CVE-2022-49979
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: net: fix refcount bug in sk_psock_get (2) Syzkaller reports refcount bug as follows: ------------[ cut here ]------------ refcount_t: saturated; leaking memory. WARNING: CPU: 1 PID: 3605 at lib/refcount.c:19 refcount_warn_saturate+0xf4/0x1e0 lib/refcount.c:19 Modules linked in: CPU: 1 PID: 3605 Comm: syz-executor208 Not tainted 5.18.0-syzkaller-03023-g7e062cda7d90 #0
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2022-49978 – fbdev: fb_pm2fb: Avoid potential divide by zero error
https://notcve.org/view.php?id=CVE-2022-49978
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: fbdev: fb_pm2fb: Avoid potential divide by zero error In `do_fb_ioctl()` of fbmem.c, if cmd is FBIOPUT_VSCREENINFO, var will be copied from user, then go through `fb_set_var()` and `info->fbops->fb_check_var()` which could may be `pm2fb_check_var()`. Along the path, `var->pixclock` won't be modified. This function checks whether reciprocal of `var->pixclock` is too high. If `var->pixclock` is zero, there will be a divide by zero error. So, ... • https://git.kernel.org/stable/c/0f1174f4972ea9fad6becf8881d71adca8e9ca91 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2022-49977 – ftrace: Fix NULL pointer dereference in is_ftrace_trampoline when ftrace is dead
https://notcve.org/view.php?id=CVE-2022-49977
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: ftrace: Fix NULL pointer dereference in is_ftrace_trampoline when ftrace is dead ftrace_startup does not remove ops from ftrace_ops_list when ftrace_startup_enable fails: register_ftrace_function ftrace_startup __register_ftrace_function ... add_ftrace_ops(&ftrace_ops_list, ops) ... ... ftrace_startup_enable // if ftrace failed to modify, ftrace_disabled is set to 1 ... return 0 // ops is in the ftrace_ops_list. When ftrace_disabled = 1, un... • https://git.kernel.org/stable/c/8569b4ada1e0b9bfaa125bd0c0967918b6560fa2 •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2022-49976 – platform/x86: x86-android-tablets: Fix broken touchscreen on Chuwi Hi8 with Windows BIOS
https://notcve.org/view.php?id=CVE-2022-49976
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: platform/x86: x86-android-tablets: Fix broken touchscreen on Chuwi Hi8 with Windows BIOS The x86-android-tablets handling for the Chuwi Hi8 is only necessary with the Android BIOS and it is causing problems with the Windows BIOS version. Specifically when trying to register the already present touchscreen x86_acpi_irq_helper_get() calls acpi_unregister_gsi(), this breaks the working of the touchscreen and also leads to an oops: [ 14.248946]... • https://git.kernel.org/stable/c/84c2dcdd475f3f5d1d30c87404cafba4dd4b75ec •