CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0CVE-2022-49834 – nilfs2: fix use-after-free bug of ns_writer on remount
https://notcve.org/view.php?id=CVE-2022-49834
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix use-after-free bug of ns_writer on remount If a nilfs2 filesystem is downgraded to read-only due to metadata corruption on disk and is remounted read/write, or if emergency read-only remount is performed, detaching a log writer and synchronizing the filesystem can be done at the same time. In these cases, use-after-free of the log writer (hereinafter nilfs->ns_writer) can happen as shown in the scenario below: Task1 Task2 ------... • https://git.kernel.org/stable/c/b2fbf10040216ef5ee270773755fc2f5da65b749 •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2022-49831 – btrfs: zoned: initialize device's zone info for seeding
https://notcve.org/view.php?id=CVE-2022-49831
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: btrfs: zoned: initialize device's zone info for seeding When performing seeding on a zoned filesystem it is necessary to initialize each zoned device's btrfs_zoned_device_info structure, otherwise mounting the filesystem will cause a NULL pointer dereference. This was uncovered by fstests' testcase btrfs/163. In the Linux kernel, the following vulnerability has been resolved: btrfs: zoned: initialize device's zone info for seeding When perf... • https://git.kernel.org/stable/c/91c38504e589dadbcde47b1cacdfc5b684154d44 •
CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 0CVE-2022-49828 – hugetlbfs: don't delete error page from pagecache
https://notcve.org/view.php?id=CVE-2022-49828
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: hugetlbfs: don't delete error page from pagecache This change is very similar to the change that was made for shmem [1], and it solves the same problem but for HugeTLBFS instead. Currently, when poison is found in a HugeTLB page, the page is removed from the page cache. That means that attempting to map or read that hugepage in the future will result in a new hugepage being allocated instead of notifying the user that the page was poisoned.... • https://git.kernel.org/stable/c/30571f28bb35c826219971c63bcf60d2517112ed •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-49825 – ata: libata-transport: fix error handling in ata_tport_add()
https://notcve.org/view.php?id=CVE-2022-49825
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: ata: libata-transport: fix error handling in ata_tport_add() In ata_tport_add(), the return value of transport_add_device() is not checked. As a result, it causes null-ptr-deref while removing the module, because transport_remove_device() is called to remove the device that was not added. Unable to handle kernel NULL pointer dereference at virtual address 00000000000000d0 CPU: 12 PID: 13605 Comm: rmmod Kdump: loaded Tainted: G W 6.1.0-rc3+ ... • https://git.kernel.org/stable/c/d9027470b88631d0956ac37cdadfdeb9cdcf2c99 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-49824 – ata: libata-transport: fix error handling in ata_tlink_add()
https://notcve.org/view.php?id=CVE-2022-49824
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: ata: libata-transport: fix error handling in ata_tlink_add() In ata_tlink_add(), the return value of transport_add_device() is not checked. As a result, it causes null-ptr-deref while removing the module, because transport_remove_device() is called to remove the device that was not added. Unable to handle kernel NULL pointer dereference at virtual address 00000000000000d0 CPU: 33 PID: 13850 Comm: rmmod Kdump: loaded Tainted: G W 6.1.0-rc3+ ... • https://git.kernel.org/stable/c/d9027470b88631d0956ac37cdadfdeb9cdcf2c99 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-49823 – ata: libata-transport: fix error handling in ata_tdev_add()
https://notcve.org/view.php?id=CVE-2022-49823
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: ata: libata-transport: fix error handling in ata_tdev_add() In ata_tdev_add(), the return value of transport_add_device() is not checked. As a result, it causes null-ptr-deref while removing the module, because transport_remove_device() is called to remove the device that was not added. Unable to handle kernel NULL pointer dereference at virtual address 00000000000000d0 CPU: 13 PID: 13603 Comm: rmmod Kdump: loaded Tainted: G W 6.1.0-rc3+ #3... • https://git.kernel.org/stable/c/d9027470b88631d0956ac37cdadfdeb9cdcf2c99 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2022-49821 – mISDN: fix possible memory leak in mISDN_dsp_element_register()
https://notcve.org/view.php?id=CVE-2022-49821
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: mISDN: fix possible memory leak in mISDN_dsp_element_register() Afer commit 1fa5ae857bb1 ("driver core: get rid of struct device's bus_id string array"), the name of device is allocated dynamically, use put_device() to give up the reference, so that the name can be freed in kobject_cleanup() when the refcount is 0. The 'entry' is going to be freed in mISDN_dsp_dev_release(), so the kfree() is removed. list_del() is called in mISDN_dsp_dev_r... • https://git.kernel.org/stable/c/1fa5ae857bb14f6046205171d98506d8112dd74e •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2022-49793 – iio: trigger: sysfs: fix possible memory leak in iio_sysfs_trig_init()
https://notcve.org/view.php?id=CVE-2022-49793
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: iio: trigger: sysfs: fix possible memory leak in iio_sysfs_trig_init() dev_set_name() allocates memory for name, it need be freed when device_add() fails, call put_device() to give up the reference that hold in device_initialize(), so that it can be freed in kobject_cleanup() when the refcount hit to 0. Fault injection test can trigger this: unreferenced object 0xffff8e8340a7b4c0 (size 32): comm "modprobe", pid 243, jiffies 4294678145 (age ... • https://git.kernel.org/stable/c/1f785681a87068f123d3e23da13b2c55ab4f93ac •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2022-49789 – scsi: zfcp: Fix double free of FSF request when qdio send fails
https://notcve.org/view.php?id=CVE-2022-49789
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: scsi: zfcp: Fix double free of FSF request when qdio send fails We used to use the wrong type of integer in 'zfcp_fsf_req_send()' to cache the FSF request ID when sending a new FSF request. This is used in case the sending fails and we need to remove the request from our internal hash table again (so we don't keep an invalid reference and use it when we free the request again). In 'zfcp_fsf_req_send()' we used to cache the ID as 'int' (sign... • https://git.kernel.org/stable/c/e60a6d69f1f84c2ef1cc63aefaadfe7ae9f12934 •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2022-49780 – scsi: target: tcm_loop: Fix possible name leak in tcm_loop_setup_hba_bus()
https://notcve.org/view.php?id=CVE-2022-49780
01 May 2025 — In the Linux kernel, the following vulnerability has been resolved: scsi: target: tcm_loop: Fix possible name leak in tcm_loop_setup_hba_bus() If device_register() fails in tcm_loop_setup_hba_bus(), the name allocated by dev_set_name() need be freed. As comment of device_register() says, it should use put_device() to give up the reference in the error path. So fix this by calling put_device(), then the name can be freed in kobject_cleanup(). The 'tl_hba' will be freed in tcm_loop_release_adapter(), so it do... • https://git.kernel.org/stable/c/3703b2c5d041a68095cdd22380c23ce27d449ad7 •