CVSS: -EPSS: 0%CPEs: 6EXPL: 0CVE-2022-49067 – powerpc: Fix virt_addr_valid() for 64-bit Book3E & 32-bit
https://notcve.org/view.php?id=CVE-2022-49067
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: powerpc: Fix virt_addr_valid() for 64-bit Book3E & 32-bit mpe: On 64-bit Book3E vmalloc space starts at 0x8000000000000000. Because of the way __pa() works we have: __pa(0x8000000000000000) == 0, and therefore virt_to_pfn(0x8000000000000000) == 0, and therefore virt_addr_valid(0x8000000000000000) == true Which is wrong, virt_addr_valid() should be false for vmalloc space. In fact all vmalloc addresses that alias with a valid PFN will return... • https://git.kernel.org/stable/c/deab81144d5a043f42804207fb76cfbd8a806978 •
CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2022-49066 – veth: Ensure eth header is in skb's linear part
https://notcve.org/view.php?id=CVE-2022-49066
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: veth: Ensure eth header is in skb's linear part After feeding a decapsulated packet to a veth device with act_mirred, skb_headlen() may be 0. But veth_xmit() calls __dev_forward_skb(), which expects at least ETH_HLEN byte of linear data (as __dev_forward_skb2() calls eth_type_trans(), which pulls ETH_HLEN bytes unconditionally). Use pskb_may_pull() to ensure veth_xmit() respects this constraint. kernel BUG at include/linux/skbuff.h:2328! RI... • https://git.kernel.org/stable/c/e314dbdc1c0dc6a548ecf0afce28ecfd538ff568 •
CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2022-49055 – drm/amdkfd: Check for potential null return of kmalloc_array()
https://notcve.org/view.php?id=CVE-2022-49055
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Check for potential null return of kmalloc_array() As the kmalloc_array() may return null, the 'event_waiters[i].wait' would lead to null-pointer dereference. Therefore, it is better to check the return value of kmalloc_array() to avoid this confusion. • https://git.kernel.org/stable/c/32cf90a521dcc0f136db7ee5ba32bfe5f79e460e •
CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2022-49054 – Drivers: hv: vmbus: Deactivate sysctl_record_panic_msg by default in isolated guests
https://notcve.org/view.php?id=CVE-2022-49054
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: Drivers: hv: vmbus: Deactivate sysctl_record_panic_msg by default in isolated guests hv_panic_page might contain guest-sensitive information, do not dump it over to Hyper-V by default in isolated guests. While at it, update some comments in hyperv_{panic,die}_event(). • https://git.kernel.org/stable/c/1b576e81d31b56b248316b8ff816b1cc5c4407c7 •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2022-49053 – scsi: target: tcmu: Fix possible page UAF
https://notcve.org/view.php?id=CVE-2022-49053
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: scsi: target: tcmu: Fix possible page UAF tcmu_try_get_data_page() looks up pages under cmdr_lock, but it does not take refcount properly and just returns page pointer. When tcmu_try_get_data_page() returns, the returned page may have been freed by tcmu_blocks_release(). We need to get_page() under cmdr_lock to avoid concurrent tcmu_blocks_release(). In the Linux kernel, the following vulnerability has been resolved: scsi: target: tcmu: Fix... • https://git.kernel.org/stable/c/d7c5d79e50be6e06b669141e3db1f977a0dd4e8e • CWE-416: Use After Free •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2022-49051 – net: usb: aqc111: Fix out-of-bounds accesses in RX fixup
https://notcve.org/view.php?id=CVE-2022-49051
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: net: usb: aqc111: Fix out-of-bounds accesses in RX fixup aqc111_rx_fixup() contains several out-of-bounds accesses that can be triggered by a malicious (or defective) USB device, in particular: - The metadata array (desc_offset..desc_offset+2*pkt_count) can be out of bounds, causing OOB reads and (on big-endian systems) OOB endianness flips. - A packet can overlap the metadata array, causing a later OOB endianness flip to corrupt data used ... • https://git.kernel.org/stable/c/404998a137bcb8a926f7c949030afbe285472593 •
CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2022-49045 – ALSA: pcm: Test for "silence" field in struct "pcm_format_data"
https://notcve.org/view.php?id=CVE-2022-49045
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: ALSA: pcm: Test for "silence" field in struct "pcm_format_data" Syzbot reports "KASAN: null-ptr-deref Write in snd_pcm_format_set_silence".[1] It is due to missing validation of the "silence" field of struct "pcm_format_data" in "pcm_formats" array. Add a test for valid "pat" and, if it is not so, return -EINVAL. [1] https://lore.kernel.org/lkml/000000000000d188ef05dc2c7279@google.com/ • https://git.kernel.org/stable/c/77af45df08768401602472f3e3879dce14f55497 •
CVSS: -EPSS: 0%CPEs: 6EXPL: 0CVE-2022-49044 – dm integrity: fix memory corruption when tag_size is less than digest size
https://notcve.org/view.php?id=CVE-2022-49044
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: dm integrity: fix memory corruption when tag_size is less than digest size It is possible to set up dm-integrity in such a way that the "tag_size" parameter is less than the actual digest size. In this situation, a part of the digest beyond tag_size is ignored. In this case, dm-integrity would write beyond the end of the ic->recalc_tags array and corrupt memory. The corruption happened in integrity_recalc->integrity_sector_checksum->crypto_... • https://git.kernel.org/stable/c/6a95d91c0b315c965198f6ab7dec7c94129e17e0 •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2021-47656 – jffs2: fix use-after-free in jffs2_clear_xattr_subsystem
https://notcve.org/view.php?id=CVE-2021-47656
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: jffs2: fix use-after-free in jffs2_clear_xattr_subsystem When we mount a jffs2 image, assume that the first few blocks of the image are normal and contain at least one xattr-related inode, but the next block is abnormal. As a result, an error is returned in jffs2_scan_eraseblock(). jffs2_clear_xattr_subsystem() is then called in jffs2_build_filesystem() and then again in jffs2_do_fill_super(). Finally we can observe the following report: ==... • https://git.kernel.org/stable/c/aa98d7cf59b5b0764d3502662053489585faf2fe • CWE-416: Use After Free •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2021-47654 – samples/landlock: Fix path_list memory leak
https://notcve.org/view.php?id=CVE-2021-47654
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: samples/landlock: Fix path_list memory leak Clang static analysis reports this error sandboxer.c:134:8: warning: Potential leak of memory pointed to by 'path_list' ret = 0; ^ path_list is allocated in parse_path() but never freed. • https://git.kernel.org/stable/c/20fbf100f84b9aeb9c91421abe1927bc152bc32b •