CVSS: -EPSS: 0%CPEs: 6EXPL: 0CVE-2022-49067 – powerpc: Fix virt_addr_valid() for 64-bit Book3E & 32-bit
https://notcve.org/view.php?id=CVE-2022-49067
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: powerpc: Fix virt_addr_valid() for 64-bit Book3E & 32-bit mpe: On 64-bit Book3E vmalloc space starts at 0x8000000000000000. Because of the way __pa() works we have: __pa(0x8000000000000000) == 0, and therefore virt_to_pfn(0x8000000000000000) == 0, and therefore virt_addr_valid(0x8000000000000000) == true Which is wrong, virt_addr_valid() should be false for vmalloc space. In fact all vmalloc addresses that alias with a valid PFN will return... • https://git.kernel.org/stable/c/deab81144d5a043f42804207fb76cfbd8a806978 •
CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2022-49055 – drm/amdkfd: Check for potential null return of kmalloc_array()
https://notcve.org/view.php?id=CVE-2022-49055
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Check for potential null return of kmalloc_array() As the kmalloc_array() may return null, the 'event_waiters[i].wait' would lead to null-pointer dereference. Therefore, it is better to check the return value of kmalloc_array() to avoid this confusion. • https://git.kernel.org/stable/c/32cf90a521dcc0f136db7ee5ba32bfe5f79e460e •
CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2022-49054 – Drivers: hv: vmbus: Deactivate sysctl_record_panic_msg by default in isolated guests
https://notcve.org/view.php?id=CVE-2022-49054
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: Drivers: hv: vmbus: Deactivate sysctl_record_panic_msg by default in isolated guests hv_panic_page might contain guest-sensitive information, do not dump it over to Hyper-V by default in isolated guests. While at it, update some comments in hyperv_{panic,die}_event(). • https://git.kernel.org/stable/c/1b576e81d31b56b248316b8ff816b1cc5c4407c7 •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2022-49053 – scsi: target: tcmu: Fix possible page UAF
https://notcve.org/view.php?id=CVE-2022-49053
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: scsi: target: tcmu: Fix possible page UAF tcmu_try_get_data_page() looks up pages under cmdr_lock, but it does not take refcount properly and just returns page pointer. When tcmu_try_get_data_page() returns, the returned page may have been freed by tcmu_blocks_release(). We need to get_page() under cmdr_lock to avoid concurrent tcmu_blocks_release(). In the Linux kernel, the following vulnerability has been resolved: scsi: target: tcmu: Fix... • https://git.kernel.org/stable/c/d7c5d79e50be6e06b669141e3db1f977a0dd4e8e • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2021-47656 – jffs2: fix use-after-free in jffs2_clear_xattr_subsystem
https://notcve.org/view.php?id=CVE-2021-47656
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: jffs2: fix use-after-free in jffs2_clear_xattr_subsystem When we mount a jffs2 image, assume that the first few blocks of the image are normal and contain at least one xattr-related inode, but the next block is abnormal. As a result, an error is returned in jffs2_scan_eraseblock(). jffs2_clear_xattr_subsystem() is then called in jffs2_build_filesystem() and then again in jffs2_do_fill_super(). Finally we can observe the following report: ==... • https://git.kernel.org/stable/c/aa98d7cf59b5b0764d3502662053489585faf2fe • CWE-416: Use After Free •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2021-47645 – media: staging: media: zoran: calculate the right buffer number for zoran_reap_stat_com
https://notcve.org/view.php?id=CVE-2021-47645
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: media: staging: media: zoran: calculate the right buffer number for zoran_reap_stat_com On the case tmp_dcim=1, the index of buffer is miscalculated. This generate a NULL pointer dereference later. So let's fix the calcul and add a check to prevent this to reappear. • https://git.kernel.org/stable/c/bafec1a6ba4b187a7fcdcfce0faebdc623d4ef8e •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2021-47644 – media: staging: media: zoran: move videodev alloc
https://notcve.org/view.php?id=CVE-2021-47644
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: media: staging: media: zoran: move videodev alloc Move some code out of zr36057_init() and create new functions for handling zr->video_dev. This permit to ease code reading and fix a zr->video_dev memory leak. • https://git.kernel.org/stable/c/bd01629315ffd5b63da91d0bd529a77d30e55028 •
CVSS: -EPSS: 0%CPEs: 9EXPL: 0CVE-2021-47642 – video: fbdev: nvidiafb: Use strscpy() to prevent buffer overflow
https://notcve.org/view.php?id=CVE-2021-47642
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: video: fbdev: nvidiafb: Use strscpy() to prevent buffer overflow Coverity complains of a possible buffer overflow. However, given the 'static' scope of nvidia_setup_i2c_bus() it looks like that can't happen after examiniing the call sites. CID 19036 (#1 of 1): Copy into fixed size buffer (STRING_OVERFLOW) 1. fixed_size_dest: You might overrun the 48-character fixed-size string chan->adapter.name by copying name without checking the length. ... • https://git.kernel.org/stable/c/47e5533adf118afaf06d25a3e2aaaab89371b1c5 •
CVSS: -EPSS: 0%CPEs: 9EXPL: 0CVE-2021-47641 – video: fbdev: cirrusfb: check pixclock to avoid divide by zero
https://notcve.org/view.php?id=CVE-2021-47641
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: video: fbdev: cirrusfb: check pixclock to avoid divide by zero Do a sanity check on pixclock value to avoid divide by zero. If the pixclock value is zero, the cirrusfb driver will round up pixclock to get the derived frequency as close to maxclock as possible. Syzkaller reported a divide error in cirrusfb_check_pixclock. divide error: 0000 [#1] SMP KASAN PTI CPU: 0 PID: 14938 Comm: cirrusfb_test Not tainted 5.15.0-rc6 #1 Hardware name: QEMU... • https://git.kernel.org/stable/c/c656d04247a2654ede5cead2ecbf83431dad5261 •
CVSS: -EPSS: 0%CPEs: 9EXPL: 0CVE-2021-47633 – ath5k: fix OOB in ath5k_eeprom_read_pcal_info_5111
https://notcve.org/view.php?id=CVE-2021-47633
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: ath5k: fix OOB in ath5k_eeprom_read_pcal_info_5111 The bug was found during fuzzing. Stacktrace locates it in ath5k_eeprom_convert_pcal_info_5111. When none of the curve is selected in the loop, idx can go up to AR5K_EEPROM_N_PD_CURVES. The line makes pd out of bound. pd = &chinfo[pier].pd_curves[idx]; There are many OOB writes using pd later in the code. So I added a sanity check for idx. Checks for other loops involving AR5K_EEPROM_N_PD_C... • https://git.kernel.org/stable/c/f4de974019a0adf34d0e7de6b86252f1bd266b06 •