CVSS: 7.0EPSS: 0%CPEs: 8EXPL: 0CVE-2022-49567 – mm/mempolicy: fix uninit-value in mpol_rebind_policy()
https://notcve.org/view.php?id=CVE-2022-49567
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: mm/mempolicy: fix uninit-value in mpol_rebind_policy() mpol_set_nodemask()(mm/mempolicy.c) does not set up nodemask when pol->mode is MPOL_LOCAL. Check pol->mode before access pol->w.cpuset_mems_allowed in mpol_rebind_policy()(mm/mempolicy.c). BUG: KMSAN: uninit-value in mpol_rebind_policy mm/mempolicy.c:352 [inline] BUG: KMSAN: uninit-value in mpol_rebind_task+0x2ac/0x2c0 mm/mempolicy.c:368 mpol_rebind_policy mm/mempolicy.c:352 [inline] mp... • https://git.kernel.org/stable/c/5735845906fb1d90fe597f8b503fc0a857d475e3 •
CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 0CVE-2022-49566 – crypto: qat - fix memory leak in RSA
https://notcve.org/view.php?id=CVE-2022-49566
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: crypto: qat - fix memory leak in RSA When an RSA key represented in form 2 (as defined in PKCS #1 V2.1) is used, some components of the private key persist even after the TFM is released. Replace the explicit calls to free the buffers in qat_rsa_exit_tfm() with a call to qat_rsa_clear_ctx() which frees all buffers referenced in the TFM context. In the Linux kernel, the following vulnerability has been resolved: crypto: qat - fix memory leak... • https://git.kernel.org/stable/c/879f77e9071f029e1c9bd5a75814ecf51370f846 •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2022-49564 – crypto: qat - add param check for DH
https://notcve.org/view.php?id=CVE-2022-49564
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: crypto: qat - add param check for DH Reject requests with a source buffer that is bigger than the size of the key. This is to prevent a possible integer underflow that might happen when copying the source scatterlist into a linear buffer. In the Linux kernel, the following vulnerability has been resolved: crypto: qat - add param check for DH Reject requests with a source buffer that is bigger than the size of the key. This is to prevent a p... • https://git.kernel.org/stable/c/e7f979ed51f96495328157df663c835b17db1e30 •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2022-49563 – crypto: qat - add param check for RSA
https://notcve.org/view.php?id=CVE-2022-49563
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: crypto: qat - add param check for RSA Reject requests with a source buffer that is bigger than the size of the key. This is to prevent a possible integer underflow that might happen when copying the source scatterlist into a linear buffer. In the Linux kernel, the following vulnerability has been resolved: crypto: qat - add param check for RSA Reject requests with a source buffer that is bigger than the size of the key. This is to prevent a... • https://git.kernel.org/stable/c/4d6d2adce08788b7667a6e58002682ea1bbf6a79 •
CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2021-4453 – drm/amd/pm: fix a potential gpu_metrics_table memory leak
https://notcve.org/view.php?id=CVE-2021-4453
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/amd/pm: fix a potential gpu_metrics_table memory leak Memory is allocated for gpu_metrics_table in renoir_init_smc_tables(), but not freed in int smu_v12_0_fini_smc_tables(). Free it! • https://git.kernel.org/stable/c/95868b85764aff2dcbf78d3054076df75446ad15 •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2022-49562 – KVM: x86: Use __try_cmpxchg_user() to update guest PTE A/D bits
https://notcve.org/view.php?id=CVE-2022-49562
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Use __try_cmpxchg_user() to update guest PTE A/D bits Use the recently introduced __try_cmpxchg_user() to update guest PTE A/D bits instead of mapping the PTE into kernel address space. The VM_PFNMAP path is broken as it assumes that vm_pgoff is the base pfn of the mapped VMA range, which is conceptually wrong as vm_pgoff is the offset relative to the file and has nothing to do with the pfn. The horrific hack worked for the origin... • https://git.kernel.org/stable/c/bd53cb35a3e9adb73a834a36586e9ad80e877767 •
CVSS: 6.3EPSS: 0%CPEs: 8EXPL: 0CVE-2022-49561 – netfilter: conntrack: re-fetch conntrack after insertion
https://notcve.org/view.php?id=CVE-2022-49561
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: netfilter: conntrack: re-fetch conntrack after insertion In case the conntrack is clashing, insertion can free skb->_nfct and set skb->_nfct to the already-confirmed entry. This wasn't found before because the conntrack entry and the extension space used to free'd after an rcu grace period, plus the race needs events enabled to trigger. In the Linux kernel, the following vulnerability has been resolved: netfilter: conntrack: re-fetch conntr... • https://git.kernel.org/stable/c/71d8c47fc653711c41bc3282e5b0e605b3727956 •
CVSS: 7.1EPSS: 0%CPEs: 5EXPL: 0CVE-2022-49560 – exfat: check if cluster num is valid
https://notcve.org/view.php?id=CVE-2022-49560
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: exfat: check if cluster num is valid Syzbot reported slab-out-of-bounds read in exfat_clear_bitmap. This was triggered by reproducer calling truncute with size 0, which causes the following trace: BUG: KASAN: slab-out-of-bounds in exfat_clear_bitmap+0x147/0x490 fs/exfat/balloc.c:174 Read of size 8 at addr ffff888115aa9508 by task syz-executor251/365 Call Trace: __dump_stack lib/dump_stack.c:77 [inline] dump_stack_lvl+0x1e2/0x24b lib/dump_st... • https://git.kernel.org/stable/c/1e49a94cf707204b66a3fb242f2814712c941f52 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-49559 – KVM: x86: Drop WARNs that assert a triple fault never "escapes" from L2
https://notcve.org/view.php?id=CVE-2022-49559
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Drop WARNs that assert a triple fault never "escapes" from L2 Remove WARNs that sanity check that KVM never lets a triple fault for L2 escape and incorrectly end up in L1. In normal operation, the sanity check is perfectly valid, but it incorrectly assumes that it's impossible for userspace to induce KVM_REQ_TRIPLE_FAULT without bouncing through KVM_RUN (which guarantees kvm_check_nested_state() will see and handle the triple faul... • https://git.kernel.org/stable/c/cb6a32c2b8777ad31a02e585584d869251a790e3 •
CVSS: 5.6EPSS: 0%CPEs: 7EXPL: 0CVE-2022-49558 – netfilter: nf_tables: double hook unregistration in netns path
https://notcve.org/view.php?id=CVE-2022-49558
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: double hook unregistration in netns path __nft_release_hooks() is called from pre_netns exit path which unregisters the hooks, then the NETDEV_UNREGISTER event is triggered which unregisters the hooks again. [ 565.221461] WARNING: CPU: 18 PID: 193 at net/netfilter/core.c:495 __nf_unregister_net_hook+0x247/0x270 [...] [ 565.246890] CPU: 18 PID: 193 Comm: kworker/u64:1 Tainted: G E 5.18.0-rc7+ #27 [ 565.253682] Workqueue... • https://git.kernel.org/stable/c/767d1216bff82507c945e92fe719dff2083bb2f4 •