CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2022-49429 – RDMA/hfi1: Prevent panic when SDMA is disabled
https://notcve.org/view.php?id=CVE-2022-49429
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: RDMA/hfi1: Prevent panic when SDMA is disabled If the hfi1 module is loaded with HFI1_CAP_SDMA off, a call to hfi1_write_iter() will dereference a NULL pointer and panic. A typical stack frame is: sdma_select_user_engine [hfi1] hfi1_user_sdma_process_request [hfi1] hfi1_write_iter [hfi1] do_iter_readv_writev do_iter_write vfs_writev do_writev do_syscall_64 The fix is to test for SDMA in hfi1_write_iter() and fail the I/O with EINVAL. In the... • https://git.kernel.org/stable/c/33794e8e9bcb4affc0ebff9cdec85acc8b8a1762 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-49428 – f2fs: fix to do sanity check on inline_dots inode
https://notcve.org/view.php?id=CVE-2022-49428
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to do sanity check on inline_dots inode As Wenqing reported in bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=215765 It will cause a kernel panic with steps: - mkdir mnt - mount tmp40.img mnt - ls mnt folio_mark_dirty+0x33/0x50 f2fs_add_regular_entry+0x541/0xad0 [f2fs] f2fs_add_dentry+0x6c/0xb0 [f2fs] f2fs_do_add_link+0x182/0x230 [f2fs] __recover_dot_dentries+0x2d6/0x470 [f2fs] f2fs_lookup+0x5af/0x6a0 [f2fs] __lookup_slow+0... • https://git.kernel.org/stable/c/510022a85839a8409d1e6a519bb86ce71a84f30a •
CVSS: 7.1EPSS: 0%CPEs: 9EXPL: 0CVE-2022-49421 – video: fbdev: clcdfb: Fix refcount leak in clcdfb_of_vram_setup
https://notcve.org/view.php?id=CVE-2022-49421
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: video: fbdev: clcdfb: Fix refcount leak in clcdfb_of_vram_setup of_parse_phandle() returns a node pointer with refcount incremented, we should use of_node_put() on it when not need anymore. Add missing of_node_put() to avoid refcount leak. In the Linux kernel, the following vulnerability has been resolved: video: fbdev: clcdfb: Fix refcount leak in clcdfb_of_vram_setup of_parse_phandle() returns a node pointer with refcount incremented, we ... • https://git.kernel.org/stable/c/d10715be03bd8bad59ddc50236cb140c3bd73c7b •
CVSS: 6.3EPSS: 0%CPEs: 2EXPL: 0CVE-2022-49420 – net: annotate races around sk->sk_bound_dev_if
https://notcve.org/view.php?id=CVE-2022-49420
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: net: annotate races around sk->sk_bound_dev_if UDP sendmsg() is lockless, and reads sk->sk_bound_dev_if while this field can be changed by another thread. Adds minimal annotations to avoid KCSAN splats for UDP. Following patches will add more annotations to potential lockless readers. BUG: KCSAN: data-race in __ip6_datagram_connect / udpv6_sendmsg write to 0xffff888136d47a94 of 4 bytes by task 7681 on cpu 0: __ip6_datagram_connect+0x6e2/0x9... • https://git.kernel.org/stable/c/20b2f61797873a2b18b5ff1a304ad2674fa1e0a5 •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2022-49416 – wifi: mac80211: fix use-after-free in chanctx code
https://notcve.org/view.php?id=CVE-2022-49416
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: fix use-after-free in chanctx code In ieee80211_vif_use_reserved_context(), when we have an old context and the new context's replace_state is set to IEEE80211_CHANCTX_REPLACE_NONE, we free the old context in ieee80211_vif_use_reserved_reassign(). Therefore, we cannot check the old_ctx anymore, so we should set it to NULL after this point. However, since the new_ctx replace state is clearly not IEEE80211_CHANCTX_REPLACES_OTH... • https://git.kernel.org/stable/c/5bcae31d9cb1ebfad3ad5a3eea04c8cdc329a04f • CWE-416: Use After Free •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2022-49414 – ext4: fix race condition between ext4_write and ext4_convert_inline_data
https://notcve.org/view.php?id=CVE-2022-49414
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: ext4: fix race condition between ext4_write and ext4_convert_inline_data Hulk Robot reported a BUG_ON: ================================================================== EXT4-fs error (device loop3): ext4_mb_generate_buddy:805: group 0, block bitmap and bg descriptor inconsistent: 25 vs 31513 free clusters kernel BUG at fs/ext4/ext4_jbd2.c:53! invalid opcode: 0000 [#1] SMP KASAN PTI CPU: 0 PID: 25371 Comm: syz-executor.3 Not tainted 5.10.0+... • https://git.kernel.org/stable/c/0c8d414f163f5d35e43a4de7a6e5ee8c253fcccf •
CVSS: 7.8EPSS: 0%CPEs: 10EXPL: 0CVE-2022-49409 – ext4: fix bug_on in __es_tree_search
https://notcve.org/view.php?id=CVE-2022-49409
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: ext4: fix bug_on in __es_tree_search Hulk Robot reported a BUG_ON: ================================================================== kernel BUG at fs/ext4/extents_status.c:199! [...] RIP: 0010:ext4_es_end fs/ext4/extents_status.c:199 [inline] RIP: 0010:__es_tree_search+0x1e0/0x260 fs/ext4/extents_status.c:217 [...] Call Trace: ext4_es_cache_extent+0x109/0x340 fs/ext4/extents_status.c:766 ext4_cache_extents+0x239/0x2e0 fs/ext4/extents.c:561... • https://git.kernel.org/stable/c/5946d089379a35dda0e531710b48fca05446a196 •
CVSS: 7.1EPSS: 0%CPEs: 9EXPL: 0CVE-2022-49407 – dlm: fix plock invalid read
https://notcve.org/view.php?id=CVE-2022-49407
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: dlm: fix plock invalid read This patch fixes an invalid read showed by KASAN. A unlock will allocate a "struct plock_op" and a followed send_op() will append it to a global send_list data structure. In some cases a followed dev_read() moves it to recv_list and dev_write() will cast it to "struct plock_xop" and access fields which are only available in those structures. At this point an invalid read happens by accessing those fields. To fix ... • https://git.kernel.org/stable/c/586759f03e2e9031ac5589912a51a909ed53c30a •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2022-49399 – tty: goldfish: Use tty_port_destroy() to destroy port
https://notcve.org/view.php?id=CVE-2022-49399
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: tty: goldfish: Use tty_port_destroy() to destroy port In goldfish_tty_probe(), the port initialized through tty_port_init() should be destroyed in error paths.In goldfish_tty_remove(), qtty->port also should be destroyed or else might leak resources. Fix the above by calling tty_port_destroy(). In the Linux kernel, the following vulnerability has been resolved: tty: goldfish: Use tty_port_destroy() to destroy port In goldfish_tty_probe(), t... • https://git.kernel.org/stable/c/666b7793d4bfa9f150b5c2007ab48c755ddc53ca •
CVSS: 7.1EPSS: 0%CPEs: 9EXPL: 0CVE-2022-49395 – um: Fix out-of-bounds read in LDT setup
https://notcve.org/view.php?id=CVE-2022-49395
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: um: Fix out-of-bounds read in LDT setup syscall_stub_data() expects the data_count parameter to be the number of longs, not bytes. ================================================================== BUG: KASAN: stack-out-of-bounds in syscall_stub_data+0x70/0xe0 Read of size 128 at addr 000000006411f6f0 by task swapper/1 CPU: 0 PID: 1 Comm: swapper Not tainted 5.18.0+ #18 Call Trace: show_stack.cold+0x166/0x2a7 __dump_stack+0x3a/0x43 dump_sta... • https://git.kernel.org/stable/c/858259cf7d1c443c836a2022b78cb281f0a9b95e •