CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-49992 – mm/mprotect: only reference swap pfn page if type match
https://notcve.org/view.php?id=CVE-2022-49992
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: mm/mprotect: only reference swap pfn page if type match Yu Zhao reported a bug after the commit "mm/swap: Add swp_offset_pfn() to fetch PFN from swap entry" added a check in swp_offset_pfn() for swap type [1]: kernel BUG at include/linux/swapops.h:117! CPU: 46 PID: 5245 Comm: EventManager_De Tainted: G S O L 6.0.0-dbg-DEV #2 RIP: 0010:pfn_swap_entry_to_page+0x72/0xf0 Code: c6 48 8b 36 48 83 fe ff 74 53 48 01 d1 48 83 c1 08 48 8b 09 f6 c1 01... • https://git.kernel.org/stable/c/6c287605fd56466e645693eff3ae7c08fba56e0a •
CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 0CVE-2022-49991 – mm/hugetlb: avoid corrupting page->mapping in hugetlb_mcopy_atomic_pte
https://notcve.org/view.php?id=CVE-2022-49991
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: mm/hugetlb: avoid corrupting page->mapping in hugetlb_mcopy_atomic_pte In MCOPY_ATOMIC_CONTINUE case with a non-shared VMA, pages in the page cache are installed in the ptes. But hugepage_add_new_anon_rmap is called for them mistakenly because they're not vm_shared. This will corrupt the page->mapping used by page cache code. In the Linux kernel, the following vulnerability has been resolved: mm/hugetlb: avoid corrupting page->mapping in hu... • https://git.kernel.org/stable/c/f619147104c8ea71e120e4936d2b68ec11a1e527 •
CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2022-49990 – s390: fix double free of GS and RI CBs on fork() failure
https://notcve.org/view.php?id=CVE-2022-49990
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: s390: fix double free of GS and RI CBs on fork() failure The pointers for guarded storage and runtime instrumentation control blocks are stored in the thread_struct of the associated task. These pointers are initially copied on fork() via arch_dup_task_struct() and then cleared via copy_thread() before fork() returns. If fork() happens to fail after the initial task dup and before copy_thread(), the newly allocated task and associated threa... • https://git.kernel.org/stable/c/8d9047f8b967ce6181fd824ae922978e1b055cc0 •
CVSS: 5.6EPSS: 0%CPEs: 4EXPL: 0CVE-2022-49989 – xen/privcmd: fix error exit of privcmd_ioctl_dm_op()
https://notcve.org/view.php?id=CVE-2022-49989
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: xen/privcmd: fix error exit of privcmd_ioctl_dm_op() The error exit of privcmd_ioctl_dm_op() is calling unlock_pages() potentially with pages being NULL, leading to a NULL dereference. Additionally lock_pages() doesn't check for pin_user_pages_fast() having been completely successful, resulting in potentially not locking all pages into memory. This could result in sporadic failures when using the related memory in user mode. Fix all of that... • https://git.kernel.org/stable/c/ab520be8cd5d56867fc95cfbc34b90880faf1f9d •
CVSS: 7.1EPSS: 0%CPEs: 7EXPL: 0CVE-2022-49987 – md: call __md_stop_writes in md_stop
https://notcve.org/view.php?id=CVE-2022-49987
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: md: call __md_stop_writes in md_stop From the link [1], we can see raid1d was running even after the path raid_dtr -> md_stop -> __md_stop. Let's stop write first in destructor to align with normal md-raid to fix the KASAN issue. [1]. https://lore.kernel.org/linux-raid/CAPhsuW5gc4AakdGNdF8ubpezAuDLFOYUO_sfMZcec6hQFm8nhg@mail.gmail.com/T/#m7f12bf90481c02c6d2da68c64aeed4779b7df74a In the Linux kernel, the following vulnerability has been reso... • https://git.kernel.org/stable/c/48df498daf62e1292868005675331929305067f0 •
CVSS: 6.3EPSS: 0%CPEs: 6EXPL: 0CVE-2022-49986 – scsi: storvsc: Remove WQ_MEM_RECLAIM from storvsc_error_wq
https://notcve.org/view.php?id=CVE-2022-49986
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: scsi: storvsc: Remove WQ_MEM_RECLAIM from storvsc_error_wq storvsc_error_wq workqueue should not be marked as WQ_MEM_RECLAIM as it doesn't need to make forward progress under memory pressure. Marking this workqueue as WQ_MEM_RECLAIM may cause deadlock while flushing a non-WQ_MEM_RECLAIM workqueue. In the current state it causes the following warning: [ 14.506347] ------------[ cut here ]------------ [ 14.506354] workqueue: WQ_MEM_RECLAIM st... • https://git.kernel.org/stable/c/436ad941335386c5fc7faa915a8fbdfe8c908084 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-49985 – bpf: Don't use tnum_range on array range checking for poke descriptors
https://notcve.org/view.php?id=CVE-2022-49985
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: bpf: Don't use tnum_range on array range checking for poke descriptors Hsin-Wei reported a KASAN splat triggered by their BPF runtime fuzzer which is based on a customized syzkaller: BUG: KASAN: slab-out-of-bounds in bpf_int_jit_compile+0x1257/0x13f0 Read of size 8 at addr ffff888004e90b58 by task syz-executor.0/1489 CPU: 1 PID: 1489 Comm: syz-executor.0 Not tainted 5.19.0 #1 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.13.... • https://git.kernel.org/stable/c/d2e4c1e6c2947269346054ac8937ccfe9e0bcc6b •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2022-49984 – HID: steam: Prevent NULL pointer dereference in steam_{recv,send}_report
https://notcve.org/view.php?id=CVE-2022-49984
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: HID: steam: Prevent NULL pointer dereference in steam_{recv,send}_report It is possible for a malicious device to forgo submitting a Feature Report. The HID Steam driver presently makes no prevision for this and de-references the 'struct hid_report' pointer obtained from the HID devices without first checking its validity. Let's change that. In the Linux kernel, the following vulnerability has been resolved: HID: steam: Prevent NULL pointer... • https://git.kernel.org/stable/c/c164d6abf3841ffacfdb757c10616f9cb1f67276 •
CVSS: 7.1EPSS: 0%CPEs: 5EXPL: 0CVE-2022-49983 – udmabuf: Set the DMA mask for the udmabuf device (v2)
https://notcve.org/view.php?id=CVE-2022-49983
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: udmabuf: Set the DMA mask for the udmabuf device (v2) If the DMA mask is not set explicitly, the following warning occurs when the userspace tries to access the dma-buf via the CPU as reported by syzbot here: WARNING: CPU: 1 PID: 3595 at kernel/dma/mapping.c:188 __dma_map_sg_attrs+0x181/0x1f0 kernel/dma/mapping.c:188 Modules linked in: CPU: 0 PID: 3595 Comm: syz-executor249 Not tainted 5.17.0-rc2-syzkaller-00316-g0457e5153e0e #0 Hardware na... • https://git.kernel.org/stable/c/fbb0de795078190a9834b3409e4b009cfb18a6d4 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2022-49982 – media: pvrusb2: fix memory leak in pvr_probe
https://notcve.org/view.php?id=CVE-2022-49982
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: media: pvrusb2: fix memory leak in pvr_probe The error handling code in pvr2_hdw_create forgets to unregister the v4l2 device. When pvr2_hdw_create returns back to pvr2_context_create, it calls pvr2_context_destroy to destroy context, but mp->hdw is NULL, which leads to that pvr2_hdw_destroy directly returns. Fix this by adding v4l2_device_unregister to decrease the refcount of usb interface. In the Linux kernel, the following vulnerability... • https://git.kernel.org/stable/c/2fe46195d2f0d5d09ea65433aefe47a4d0d0ff4d •