CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2022-49343 – ext4: avoid cycles in directory h-tree
https://notcve.org/view.php?id=CVE-2022-49343
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: ext4: avoid cycles in directory h-tree A maliciously corrupted filesystem can contain cycles in the h-tree stored inside a directory. That can easily lead to the kernel corrupting tree nodes that were already verified under its hands while doing a node split and consequently accessing unallocated memory. Fix the problem by verifying traversed block numbers are unique. In the Linux kernel, the following vulnerability has been resolved: ext4:... • https://git.kernel.org/stable/c/24b8206fec1db21d7e82f21f0b2ff5e5672cf5b3 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-49342 – net: ethernet: bgmac: Fix refcount leak in bcma_mdio_mii_register
https://notcve.org/view.php?id=CVE-2022-49342
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: net: ethernet: bgmac: Fix refcount leak in bcma_mdio_mii_register of_get_child_by_name() returns a node pointer with refcount incremented, we should use of_node_put() on it when not need anymore. Add missing of_node_put() to avoid refcount leak. In the Linux kernel, the following vulnerability has been resolved: net: ethernet: bgmac: Fix refcount leak in bcma_mdio_mii_register of_get_child_by_name() returns a node pointer with refcount incr... • https://git.kernel.org/stable/c/55954f3bfdacc5908515b0c306cea23e77fab740 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2022-49339 – net: ipv6: unexport __init-annotated seg6_hmac_init()
https://notcve.org/view.php?id=CVE-2022-49339
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: net: ipv6: unexport __init-annotated seg6_hmac_init() EXPORT_SYMBOL and __init is a bad combination because the .init.text section is freed up after the initialization. Hence, modules cannot use symbols annotated __init. The access to a freed symbol may end up with kernel panic. modpost used to detect it, but it has been broken for a decade. Recently, I fixed modpost so it started to warn it again, then this showed up in linux-next builds. ... • https://git.kernel.org/stable/c/bf355b8d2c30a289232042cacc1cfaea4923936c •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2022-49337 – ocfs2: dlmfs: fix error handling of user_dlm_destroy_lock
https://notcve.org/view.php?id=CVE-2022-49337
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: ocfs2: dlmfs: fix error handling of user_dlm_destroy_lock When user_dlm_destroy_lock failed, it didn't clean up the flags it set before exit. For USER_LOCK_IN_TEARDOWN, if this function fails because of lock is still in used, next time when unlink invokes this function, it will return succeed, and then unlink will remove inode and dentry if lock is not in used(file closed), but the dlm lock is still linked in dlm lock resource, then when ba... • https://git.kernel.org/stable/c/1434cd71ad9f3a6beda3036972983b6c4869207c •
CVSS: 7.1EPSS: 0%CPEs: 6EXPL: 0CVE-2022-49336 – drm/etnaviv: check for reaped mapping in etnaviv_iommu_unmap_gem
https://notcve.org/view.php?id=CVE-2022-49336
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/etnaviv: check for reaped mapping in etnaviv_iommu_unmap_gem When the mapping is already reaped the unmap must be a no-op, as we would otherwise try to remove the mapping twice, corrupting the involved data structures. In the Linux kernel, the following vulnerability has been resolved: drm/etnaviv: check for reaped mapping in etnaviv_iommu_unmap_gem When the mapping is already reaped the unmap must be a no-op, as we would otherwise try ... • https://git.kernel.org/stable/c/19323b3671a85788569d15685c8f83a05ec48cbb •
CVSS: 7.1EPSS: 0%CPEs: 9EXPL: 0CVE-2022-49335 – drm/amdgpu/cs: make commands with 0 chunks illegal behaviour.
https://notcve.org/view.php?id=CVE-2022-49335
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu/cs: make commands with 0 chunks illegal behaviour. Submitting a cs with 0 chunks, causes an oops later, found trying to execute the wrong userspace driver. MESA_LOADER_DRIVER_OVERRIDE=v3d glxinfo [172536.665184] BUG: kernel NULL pointer dereference, address: 00000000000001d8 [172536.665188] #PF: supervisor read access in kernel mode [172536.665189] #PF: error_code(0x0000) - not-present page [172536.665191] PGD 6712a0067 P4D 6712a... • https://git.kernel.org/stable/c/8189f44270db1be78169e11eec51a3eeb980bc63 •
CVSS: 5.6EPSS: 0%CPEs: 9EXPL: 0CVE-2022-49331 – nfc: st21nfca: fix memory leaks in EVT_TRANSACTION handling
https://notcve.org/view.php?id=CVE-2022-49331
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: nfc: st21nfca: fix memory leaks in EVT_TRANSACTION handling Error paths do not free previously allocated memory. Add devm_kfree() to those failure paths. In the Linux kernel, the following vulnerability has been resolved: nfc: st21nfca: fix memory leaks in EVT_TRANSACTION handling Error paths do not free previously allocated memory. Add devm_kfree() to those failure paths. • https://git.kernel.org/stable/c/26fc6c7f02cb26c39c4733de3dbc3c0646fc1074 •
CVSS: 8.5EPSS: 0%CPEs: 9EXPL: 0CVE-2022-49330 – tcp: fix tcp_mtup_probe_success vs wrong snd_cwnd
https://notcve.org/view.php?id=CVE-2022-49330
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: tcp: fix tcp_mtup_probe_success vs wrong snd_cwnd syzbot got a new report [1] finally pointing to a very old bug, added in initial support for MTU probing. tcp_mtu_probe() has checks about starting an MTU probe if tcp_snd_cwnd(tp) >= 11. But nothing prevents tcp_snd_cwnd(tp) to be reduced later and before the MTU probe succeeds. This bug would lead to potential zero-divides. Debugging added in commit 40570375356c ("tcp: add accessors to rea... • https://git.kernel.org/stable/c/5d424d5a674f782d0659a3b66d951f412901faee •
CVSS: 6.3EPSS: 0%CPEs: 5EXPL: 0CVE-2022-49327 – bcache: avoid journal no-space deadlock by reserving 1 journal bucket
https://notcve.org/view.php?id=CVE-2022-49327
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: bcache: avoid journal no-space deadlock by reserving 1 journal bucket The journal no-space deadlock was reported time to time. Such deadlock can happen in the following situation. When all journal buckets are fully filled by active jset with heavy write I/O load, the cache set registration (after a reboot) will load all active jsets and inserting them into the btree again (which is called journal replay). If a journaled bkey is inserted int... • https://git.kernel.org/stable/c/59afd4f287900c8187e968a4153ed35e6b48efce •
CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0CVE-2022-49326 – rtl818x: Prevent using not initialized queues
https://notcve.org/view.php?id=CVE-2022-49326
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: rtl818x: Prevent using not initialized queues Using not existing queues can panic the kernel with rtl8180/rtl8185 cards. Ignore the skb priority for those cards, they only have one tx queue. Pierre Asselin (pa@panix.com) reported the kernel crash in the Gentoo forum: https://forums.gentoo.org/viewtopic-t-1147832-postdays-0-postorder-asc-start-25.html He also confirmed that this patch fixes the issue. In summary this happened: After updating... • https://git.kernel.org/stable/c/b5dca2cd3f0239512da808598b4e70557eb4c2a1 •