CVSS: 5.5EPSS: 0%CPEs: 10EXPL: 0CVE-2022-49957 – kcm: fix strp_init() order and cleanup
https://notcve.org/view.php?id=CVE-2022-49957
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: kcm: fix strp_init() order and cleanup strp_init() is called just a few lines above this csk->sk_user_data check, it also initializes strp->work etc., therefore, it is unnecessary to call strp_done() to cancel the freshly initialized work. And if sk_user_data is already used by KCM, psock->strp should not be touched, particularly strp->work state, so we need to move strp_init() after the csk->sk_user_data check. This also makes a lockdep wa... • https://git.kernel.org/stable/c/44890e9ff771ef11777b2d1ebf8589255eb12502 •
CVSS: 7.5EPSS: 0%CPEs: 8EXPL: 0CVE-2022-49956 – staging: rtl8712: fix use after free bugs
https://notcve.org/view.php?id=CVE-2022-49956
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: staging: rtl8712: fix use after free bugs _Read/Write_MACREG callbacks are NULL so the read/write_macreg_hdl() functions don't do anything except free the "pcmd" pointer. It results in a use after free. Delete them. In the Linux kernel, the following vulnerability has been resolved: staging: rtl8712: fix use after free bugs _Read/Write_MACREG callbacks are NULL so the read/write_macreg_hdl() functions don't do anything except free the "pcmd... • https://git.kernel.org/stable/c/2865d42c78a9121caad52cb02d1fbb7f5cdbc4ef •
CVSS: 6.6EPSS: 0%CPEs: 5EXPL: 0CVE-2022-49955 – powerpc/rtas: Fix RTAS MSR[HV] handling for Cell
https://notcve.org/view.php?id=CVE-2022-49955
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: powerpc/rtas: Fix RTAS MSR[HV] handling for Cell The semi-recent changes to MSR handling when entering RTAS (firmware) cause crashes on IBM Cell machines. An example trace: kernel tried to execute user page (2fff01a8) - exploit attempt? (uid: 0) BUG: Unable to handle kernel instruction fetch Faulting instruction address: 0x2fff01a8 Oops: Kernel access of bad area, sig: 11 [#1] BE PAGE_SIZE=64K MMU=Hash SMP NR_CPUS=4 NUMA Cell Modules linked... • https://git.kernel.org/stable/c/b6b1c3ce06ca438eb24e0f45bf0e63ecad0369f5 •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2022-49954 – Input: iforce - wake up after clearing IFORCE_XMIT_RUNNING flag
https://notcve.org/view.php?id=CVE-2022-49954
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: Input: iforce - wake up after clearing IFORCE_XMIT_RUNNING flag syzbot is reporting hung task at __input_unregister_device() [1], for iforce_close() waiting at wait_event_interruptible() with dev->mutex held is blocking input_disconnect_device() from __input_unregister_device(). It seems that the cause is simply that commit c2b27ef672992a20 ("Input: iforce - wait for command completion when closing the device") forgot to call wake_up() afte... • https://git.kernel.org/stable/c/c2b27ef672992a206e5b221b8676972dd840ffa5 •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-49953 – iio: light: cm3605: Fix an error handling path in cm3605_probe()
https://notcve.org/view.php?id=CVE-2022-49953
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: iio: light: cm3605: Fix an error handling path in cm3605_probe() The commit in Fixes also introduced a new error handling path which should goto the existing error handling path. Otherwise some resources leak. In the Linux kernel, the following vulnerability has been resolved: iio: light: cm3605: Fix an error handling path in cm3605_probe() The commit in Fixes also introduced a new error handling path which should goto the existing error ha... • https://git.kernel.org/stable/c/0d31d91e614505803a0788b92f9f1a83178d8a9a •
CVSS: 9.0EPSS: 0%CPEs: 5EXPL: 0CVE-2022-49952 – misc: fastrpc: fix memory corruption on probe
https://notcve.org/view.php?id=CVE-2022-49952
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: misc: fastrpc: fix memory corruption on probe Add the missing sanity check on the probed-session count to avoid corrupting memory beyond the fixed-size slab-allocated session array when there are more than FASTRPC_MAX_SESSIONS sessions defined in the devicetree. In the Linux kernel, the following vulnerability has been resolved: misc: fastrpc: fix memory corruption on probe Add the missing sanity check on the probed-session count to avoid c... • https://git.kernel.org/stable/c/f6f9279f2bf0e37e2f1fb119d8832b8568536a04 •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-49951 – firmware_loader: Fix use-after-free during unregister
https://notcve.org/view.php?id=CVE-2022-49951
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: firmware_loader: Fix use-after-free during unregister In the following code within firmware_upload_unregister(), the call to device_unregister() could result in the dev_release function freeing the fw_upload_priv structure before it is dereferenced for the call to module_put(). This bug was found by the kernel test robot using CONFIG_KASAN while running the firmware selftests. device_unregister(&fw_sysfs->dev); module_put(fw_upload_priv->mo... • https://git.kernel.org/stable/c/97730bbb242cde22b7140acd202ffd88823886c9 •
CVSS: 9.0EPSS: 0%CPEs: 5EXPL: 0CVE-2022-49950 – misc: fastrpc: fix memory corruption on open
https://notcve.org/view.php?id=CVE-2022-49950
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: misc: fastrpc: fix memory corruption on open The probe session-duplication overflow check incremented the session count also when there were no more available sessions so that memory beyond the fixed-size slab-allocated session array could be corrupted in fastrpc_session_alloc() on open(). In the Linux kernel, the following vulnerability has been resolved: misc: fastrpc: fix memory corruption on open The probe session-duplication overflow c... • https://git.kernel.org/stable/c/f6f9279f2bf0e37e2f1fb119d8832b8568536a04 •
CVSS: 8.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-49949 – firmware_loader: Fix memory leak in firmware upload
https://notcve.org/view.php?id=CVE-2022-49949
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: firmware_loader: Fix memory leak in firmware upload In the case of firmware-upload, an instance of struct fw_upload is allocated in firmware_upload_register(). This data needs to be freed in fw_dev_release(). Create a new fw_upload_free() function in sysfs_upload.c to handle the firmware-upload specific memory frees and incorporate the missing kfree call for the fw_upload structure. In the Linux kernel, the following vulnerability has been ... • https://git.kernel.org/stable/c/97730bbb242cde22b7140acd202ffd88823886c9 •
CVSS: 7.1EPSS: 0%CPEs: 16EXPL: 0CVE-2022-49948 – vt: Clear selection before changing the font
https://notcve.org/view.php?id=CVE-2022-49948
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: vt: Clear selection before changing the font When changing the console font with ioctl(KDFONTOP) the new font size can be bigger than the previous font. A previous selection may thus now be outside of the new screen size and thus trigger out-of-bounds accesses to graphics memory if the selection is removed in vc_do_resize(). Prevent such out-of-memory accesses by dropping the selection before the various con_font_set() console handlers are ... • https://git.kernel.org/stable/c/009e39ae44f4191188aeb6dfbf661b771dbbe515 •