CVSS: 5.5EPSS: %CPEs: 8EXPL: 0CVE-2022-49707 – ext4: add reserved GDT blocks check
https://notcve.org/view.php?id=CVE-2022-49707
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: ext4: add reserved GDT blocks check We capture a NULL pointer issue when resizing a corrupt ext4 image which is freshly clear resize_inode feature (not run e2fsck). It could be simply reproduced by following steps. The problem is because of the resize_inode feature was cleared, and it will convert the filesystem to meta_bg mode in ext4_resize_fs(), but the es->s_reserved_gdt_blocks was not reduced to zero, so could we mistakenly call reserv... • https://git.kernel.org/stable/c/0dc2fca8e4f9ac4a40e8424a10163369cca0cc06 •
CVSS: -EPSS: %CPEs: 4EXPL: 0CVE-2022-49706 – zonefs: fix zonefs_iomap_begin() for reads
https://notcve.org/view.php?id=CVE-2022-49706
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: zonefs: fix zonefs_iomap_begin() for reads If a readahead is issued to a sequential zone file with an offset exactly equal to the current file size, the iomap type is set to IOMAP_UNWRITTEN, which will prevent an IO, but the iomap length is calculated as 0. This causes a WARN_ON() in iomap_iter(): [17309.548939] WARNING: CPU: 3 PID: 2137 at fs/iomap/iter.c:34 iomap_iter+0x9cf/0xe80 [...] [17309.650907] RIP: 0010:iomap_iter+0x9cf/0xe80 [...]... • https://git.kernel.org/stable/c/8dcc1a9d90c10fa4143e5c17821082e5e60e46a1 •
CVSS: 9.0EPSS: %CPEs: 8EXPL: 0CVE-2022-49700 – mm/slub: add missing TID updates on slab deactivation
https://notcve.org/view.php?id=CVE-2022-49700
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: mm/slub: add missing TID updates on slab deactivation The fastpath in slab_alloc_node() assumes that c->slab is stable as long as the TID stays the same. However, two places in __slab_alloc() currently don't update the TID when deactivating the CPU slab. If multiple operations race the right way, this could lead to an object getting lost; or, in an even more unlikely situation, it could even lead to an object being freed onto the wrong slab... • https://git.kernel.org/stable/c/03e404af26dc2ea0d278d7a342de0aab394793ce •
CVSS: 7.8EPSS: %CPEs: 4EXPL: 0CVE-2022-49698 – netfilter: use get_random_u32 instead of prandom
https://notcve.org/view.php?id=CVE-2022-49698
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: netfilter: use get_random_u32 instead of prandom bh might occur while updating per-cpu rnd_state from user context, ie. local_out path. BUG: using smp_processor_id() in preemptible [00000000] code: nginx/2725 caller is nft_ng_random_eval+0x24/0x54 [nft_numgen] Call Trace: check_preemption_disabled+0xde/0xe0 nft_ng_random_eval+0x24/0x54 [nft_numgen] Use the random driver instead, this also avoids need for local prandom state. Moreover, prand... • https://git.kernel.org/stable/c/978d8f9055c3a7c35db2ac99cd2580b993396e33 •
CVSS: 5.5EPSS: %CPEs: 5EXPL: 0CVE-2022-49697 – bpf: Fix request_sock leak in sk lookup helpers
https://notcve.org/view.php?id=CVE-2022-49697
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: bpf: Fix request_sock leak in sk lookup helpers A customer reported a request_socket leak in a Calico cloud environment. We found that a BPF program was doing a socket lookup with takes a refcnt on the socket and that it was finding the request_socket but returning the parent LISTEN socket via sk_to_full_sk() without decrementing the child request socket 1st, resulting in request_sock slab object leak. This patch retains the existing behavi... • https://git.kernel.org/stable/c/edbf8c01de5a104a71ed6df2bf6421ceb2836a8e •
CVSS: 7.1EPSS: %CPEs: 6EXPL: 0CVE-2022-49696 – tipc: fix use-after-free Read in tipc_named_reinit
https://notcve.org/view.php?id=CVE-2022-49696
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: tipc: fix use-after-free Read in tipc_named_reinit syzbot found the following issue on: ================================================================== BUG: KASAN: use-after-free in tipc_named_reinit+0x94f/0x9b0 net/tipc/name_distr.c:413 Read of size 8 at addr ffff88805299a000 by task kworker/1:9/23764 CPU: 1 PID: 23764 Comm: kworker/1:9 Not tainted 5.18.0-rc4-syzkaller-00878-g17d49e6e8012 #0 Hardware name: Google Compute Engine/Google C... • https://git.kernel.org/stable/c/d966ddcc38217a6110a6a0ff37ad2dee7d42e23e •
CVSS: 7.1EPSS: %CPEs: 5EXPL: 0CVE-2022-49693 – drm/msm/mdp4: Fix refcount leak in mdp4_modeset_init_intf
https://notcve.org/view.php?id=CVE-2022-49693
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/msm/mdp4: Fix refcount leak in mdp4_modeset_init_intf of_graph_get_remote_node() returns remote device node pointer with refcount incremented, we should use of_node_put() on it when not need anymore. Add missing of_node_put() to avoid refcount leak. Patchwork: https://patchwork.freedesktop.org/patch/488473/ In the Linux kernel, the following vulnerability has been resolved: drm/msm/mdp4: Fix refcount leak in mdp4_modeset_init_intf of_gr... • https://git.kernel.org/stable/c/86418f90a4c1a0073db65d8a1e2bf94421117a60 •
CVSS: 7.1EPSS: %CPEs: 6EXPL: 0CVE-2022-49691 – erspan: do not assume transport header is always set
https://notcve.org/view.php?id=CVE-2022-49691
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: erspan: do not assume transport header is always set Rewrite tests in ip6erspan_tunnel_xmit() and erspan_fb_xmit() to not assume transport header is set. syzbot reported: WARNING: CPU: 0 PID: 1350 at include/linux/skbuff.h:2911 skb_transport_header include/linux/skbuff.h:2911 [inline] WARNING: CPU: 0 PID: 1350 at include/linux/skbuff.h:2911 ip6erspan_tunnel_xmit+0x15af/0x2eb0 net/ipv6/ip6_gre.c:963 Modules linked in: CPU: 0 PID: 1350 Comm: ... • https://git.kernel.org/stable/c/d5db21a3e6977dcb42cee3d16cd69901fa66510a •
CVSS: 6.6EPSS: %CPEs: 7EXPL: 0CVE-2022-49688 – afs: Fix dynamic root getattr
https://notcve.org/view.php?id=CVE-2022-49688
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: afs: Fix dynamic root getattr The recent patch to make afs_getattr consult the server didn't account for the pseudo-inodes employed by the dynamic root-type afs superblock not having a volume or a server to access, and thus an oops occurs if such a directory is stat'd. Fix this by checking to see if the vnode->volume pointer actually points anywhere before following it in afs_getattr(). This can be tested by stat'ing a directory in /afs. It... • https://git.kernel.org/stable/c/b76ea7c06b24dcf97ea3379b6957d5b99c346ea0 •
CVSS: 7.1EPSS: %CPEs: 6EXPL: 0CVE-2022-49687 – virtio_net: fix xdp_rxq_info bug after suspend/resume
https://notcve.org/view.php?id=CVE-2022-49687
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: virtio_net: fix xdp_rxq_info bug after suspend/resume The following sequence currently causes a driver bug warning when using virtio_net: # ip link set eth0 up # echo mem > /sys/power/state (or e.g. # rtcwake -s 10 -m mem)