CVSS: 5.5EPSS: %CPEs: 8EXPL: 0CVE-2022-49712 – usb: gadget: lpc32xx_udc: Fix refcount leak in lpc32xx_udc_probe
https://notcve.org/view.php?id=CVE-2022-49712
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: usb: gadget: lpc32xx_udc: Fix refcount leak in lpc32xx_udc_probe of_parse_phandle() returns a node pointer with refcount incremented, we should use of_node_put() on it when not need anymore. Add missing of_node_put() to avoid refcount leak. of_node_put() will check NULL pointer. In the Linux kernel, the following vulnerability has been resolved: usb: gadget: lpc32xx_udc: Fix refcount leak in lpc32xx_udc_probe of_parse_phandle() returns a no... • https://git.kernel.org/stable/c/24a28e4283510dcd58890379a42b8a7d3201d9d3 •
CVSS: 7.8EPSS: %CPEs: 3EXPL: 0CVE-2022-49711 – bus: fsl-mc-bus: fix KASAN use-after-free in fsl_mc_bus_remove()
https://notcve.org/view.php?id=CVE-2022-49711
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: bus: fsl-mc-bus: fix KASAN use-after-free in fsl_mc_bus_remove() In fsl_mc_bus_remove(), mc->root_mc_bus_dev->mc_io is passed to fsl_destroy_mc_io(). However, mc->root_mc_bus_dev is already freed in fsl_mc_device_remove(). Then reference to mc->root_mc_bus_dev->mc_io triggers KASAN use-after-free. To avoid the use-after-free, keep the reference to mc->root_mc_bus_dev->mc_io in a local variable and pass to fsl_destroy_mc_io(). This patch nee... • https://git.kernel.org/stable/c/f93627146f0e371093966ed3d44c065aa077cfb1 •
CVSS: 7.1EPSS: %CPEs: 5EXPL: 0CVE-2022-49710 – dm mirror log: round up region bitmap size to BITS_PER_LONG
https://notcve.org/view.php?id=CVE-2022-49710
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: dm mirror log: round up region bitmap size to BITS_PER_LONG The code in dm-log rounds up bitset_size to 32 bits. It then uses find_next_zero_bit_le on the allocated region. find_next_zero_bit_le accesses the bitmap using unsigned long pointers. So, on 64-bit architectures, it may access 4 bytes beyond the allocated size. Fix this bug by rounding up bitset_size to BITS_PER_LONG. This bug was found by running the lvm2 testsuite with kasan. • https://git.kernel.org/stable/c/29121bd0b00ebb9524971a583fea4a2f7afe8041 •
CVSS: 5.5EPSS: %CPEs: 3EXPL: 0CVE-2022-49709 – cfi: Fix __cfi_slowpath_diag RCU usage with cpuidle
https://notcve.org/view.php?id=CVE-2022-49709
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: cfi: Fix __cfi_slowpath_diag RCU usage with cpuidle RCU_NONIDLE usage during __cfi_slowpath_diag can result in an invalid RCU state in the cpuidle code path: WARNING: CPU: 1 PID: 0 at kernel/rcu/tree.c:613 rcu_eqs_enter+0xe4/0x138 ... Call trace: rcu_eqs_enter+0xe4/0x138 rcu_idle_enter+0xa8/0x100 cpuidle_enter_state+0x154/0x3a8 cpuidle_enter+0x3c/0x58 do_idle.llvm.6590768638138871020+0x1f4/0x2ec cpu_startup_entry+0x28/0x2c secondary_start_k... • https://git.kernel.org/stable/c/cf68fffb66d60d96209446bfc4a15291dc5a5d41 •
CVSS: 5.5EPSS: %CPEs: 15EXPL: 0CVE-2022-49708 – ext4: fix bug_on ext4_mb_use_inode_pa
https://notcve.org/view.php?id=CVE-2022-49708
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: ext4: fix bug_on ext4_mb_use_inode_pa Hulk Robot reported a BUG_ON: ================================================================== kernel BUG at fs/ext4/mballoc.c:3211! [...] RIP: 0010:ext4_mb_mark_diskspace_used.cold+0x85/0x136f [...] Call Trace: ext4_mb_new_blocks+0x9df/0x5d30 ext4_ext_map_blocks+0x1803/0x4d80 ext4_map_blocks+0x3a4/0x1a10 ext4_writepages+0x126d/0x2c30 do_writepages+0x7f/0x1b0 __filemap_fdatawrite_range+0x285/0x3b0 fil... • https://git.kernel.org/stable/c/fc6c2da174edd7a7b760b12c60d432d300e05cca •
CVSS: 5.5EPSS: %CPEs: 8EXPL: 0CVE-2022-49707 – ext4: add reserved GDT blocks check
https://notcve.org/view.php?id=CVE-2022-49707
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: ext4: add reserved GDT blocks check We capture a NULL pointer issue when resizing a corrupt ext4 image which is freshly clear resize_inode feature (not run e2fsck). It could be simply reproduced by following steps. The problem is because of the resize_inode feature was cleared, and it will convert the filesystem to meta_bg mode in ext4_resize_fs(), but the es->s_reserved_gdt_blocks was not reduced to zero, so could we mistakenly call reserv... • https://git.kernel.org/stable/c/0dc2fca8e4f9ac4a40e8424a10163369cca0cc06 •
CVSS: -EPSS: %CPEs: 4EXPL: 0CVE-2022-49706 – zonefs: fix zonefs_iomap_begin() for reads
https://notcve.org/view.php?id=CVE-2022-49706
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: zonefs: fix zonefs_iomap_begin() for reads If a readahead is issued to a sequential zone file with an offset exactly equal to the current file size, the iomap type is set to IOMAP_UNWRITTEN, which will prevent an IO, but the iomap length is calculated as 0. This causes a WARN_ON() in iomap_iter(): [17309.548939] WARNING: CPU: 3 PID: 2137 at fs/iomap/iter.c:34 iomap_iter+0x9cf/0xe80 [...] [17309.650907] RIP: 0010:iomap_iter+0x9cf/0xe80 [...]... • https://git.kernel.org/stable/c/8dcc1a9d90c10fa4143e5c17821082e5e60e46a1 •
CVSS: 7.1EPSS: %CPEs: 3EXPL: 0CVE-2022-49705 – 9p: fix fid refcount leak in v9fs_vfs_atomic_open_dotl
https://notcve.org/view.php?id=CVE-2022-49705
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: 9p: fix fid refcount leak in v9fs_vfs_atomic_open_dotl We need to release directory fid if we fail halfway through open This fixes fid leaking with xfstests generic 531 • https://git.kernel.org/stable/c/6636b6dcc3db2258cd0585b8078c1c225c4b6dde •
CVSS: 7.1EPSS: %CPEs: 3EXPL: 0CVE-2022-49704 – 9p: fix fid refcount leak in v9fs_vfs_get_link
https://notcve.org/view.php?id=CVE-2022-49704
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: 9p: fix fid refcount leak in v9fs_vfs_get_link we check for protocol version later than required, after a fid has been obtained. Just move the version check earlier. In the Linux kernel, the following vulnerability has been resolved: 9p: fix fid refcount leak in v9fs_vfs_get_link we check for protocol version later than required, after a fid has been obtained. Just move the version check earlier. • https://git.kernel.org/stable/c/6636b6dcc3db2258cd0585b8078c1c225c4b6dde •
CVSS: 5.5EPSS: %CPEs: 3EXPL: 0CVE-2022-49703 – scsi: ibmvfc: Store vhost pointer during subcrq allocation
https://notcve.org/view.php?id=CVE-2022-49703
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: scsi: ibmvfc: Store vhost pointer during subcrq allocation Currently the back pointer from a queue to the vhost adapter isn't set until after subcrq interrupt registration. The value is available when a queue is first allocated and can/should be also set for primary and async queues as well as subcrqs. This fixes a crash observed during kexec/kdump on Power 9 with legacy XICS interrupt controller where a pending subcrq interrupt from the pr... • https://git.kernel.org/stable/c/3034ebe26389740bb6b4a463e05afb51dc93c336 •