CVSS: 7.8EPSS: 0%CPEs: 9EXPL: 0CVE-2022-49111 – Bluetooth: Fix use after free in hci_send_acl
https://notcve.org/view.php?id=CVE-2022-49111
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Fix use after free in hci_send_acl This fixes the following trace caused by receiving HCI_EV_DISCONN_PHY_LINK_COMPLETE which does call hci_conn_del without first checking if conn->type is in fact AMP_LINK and in case it is do properly cleanup upper layers with hci_disconn_cfm: ================================================================== BUG: KASAN: use-after-free in hci_send_acl+0xaba/0xc50 Read of size 8 at addr ffff88800e... • https://git.kernel.org/stable/c/c41de54b0a963e59e4dd04c029a4a6d73f45ef9c • CWE-416: Use After Free •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2022-49110 – netfilter: conntrack: revisit gc autotuning
https://notcve.org/view.php?id=CVE-2022-49110
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: netfilter: conntrack: revisit gc autotuning as of commit 4608fdfc07e1 ("netfilter: conntrack: collect all entries in one cycle") conntrack gc was changed to run every 2 minutes. On systems where conntrack hash table is set to large value, most evictions happen from gc worker rather than the packet path due to hash table distribution. This causes netlink event overflows when events are collected. This change collects average expiry of scanne... • https://git.kernel.org/stable/c/58d52743ae85d28c9335c6034d6ce350b8689951 •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2022-49109 – ceph: fix inode reference leakage in ceph_get_snapdir()
https://notcve.org/view.php?id=CVE-2022-49109
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: ceph: fix inode reference leakage in ceph_get_snapdir() The ceph_get_inode() will search for or insert a new inode into the hash for the given vino, and return a reference to it. If new is non-NULL, its reference is consumed. We should release the reference when in error handing cases. • https://git.kernel.org/stable/c/9030aaf9bf0a1eee47a154c316c789e959638b0f •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2022-49107 – ceph: fix memory leak in ceph_readdir when note_last_dentry returns error
https://notcve.org/view.php?id=CVE-2022-49107
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: ceph: fix memory leak in ceph_readdir when note_last_dentry returns error Reset the last_readdir at the same time, and add a comment explaining why we don't free last_readdir when dir_emit returns false. • https://git.kernel.org/stable/c/9030aaf9bf0a1eee47a154c316c789e959638b0f •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2022-49103 – NFSv4.2: fix reference count leaks in _nfs42_proc_copy_notify()
https://notcve.org/view.php?id=CVE-2022-49103
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: NFSv4.2: fix reference count leaks in _nfs42_proc_copy_notify() [You don't often get email from xiongx18@fudan.edu.cn. Learn why this is important at http://aka.ms/LearnAboutSenderIdentification.] The reference counting issue happens in two error paths in the function _nfs42_proc_copy_notify(). In both error paths, the function simply returns the error code and forgets to balance the refcount of object `ctx`, bumped by get_nfs_open_context(... • https://git.kernel.org/stable/c/9b9feec97c1fc7dd9bb69f62c4905cddf1801599 •
CVSS: -EPSS: 0%CPEs: 9EXPL: 0CVE-2022-49100 – virtio_console: eliminate anonymous module_init & module_exit
https://notcve.org/view.php?id=CVE-2022-49100
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: virtio_console: eliminate anonymous module_init & module_exit Eliminate anonymous module_init() and module_exit(), which can lead to confusion or ambiguity when reading System.map, crashes/oops/bugs, or an initcall_debug log. Give each of these init and exit functions unique driver-specific names to eliminate the anonymous names. Example 1: (System.map) ffffffff832fc78c t init ffffffff832fc79e t init ffffffff832fc8f8 t init Example 2: (init... • https://git.kernel.org/stable/c/93e3d88321d2274fa4e26b006e19cc10fec331c2 •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2022-49097 – NFS: Avoid writeback threads getting stuck in mempool_alloc()
https://notcve.org/view.php?id=CVE-2022-49097
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: NFS: Avoid writeback threads getting stuck in mempool_alloc() In a low memory situation, allow the NFS writeback code to fail without getting stuck in infinite loops in mempool_alloc(). • https://git.kernel.org/stable/c/c74e2f6ecc51bd08bb5b0335477dba954a50592e •
CVSS: -EPSS: 0%CPEs: 9EXPL: 0CVE-2022-49095 – scsi: zorro7xx: Fix a resource leak in zorro7xx_remove_one()
https://notcve.org/view.php?id=CVE-2022-49095
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: scsi: zorro7xx: Fix a resource leak in zorro7xx_remove_one() The error handling path of the probe releases a resource that is not freed in the remove function. In some cases, a ioremap() must be undone. Add the missing iounmap() call in the remove function. • https://git.kernel.org/stable/c/45804fbb00eea27bdf4d62751681228a9e2844e9 •
CVSS: -EPSS: 0%CPEs: 9EXPL: 0CVE-2022-49080 – mm/mempolicy: fix mpol_new leak in shared_policy_replace
https://notcve.org/view.php?id=CVE-2022-49080
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: mm/mempolicy: fix mpol_new leak in shared_policy_replace If mpol_new is allocated but not used in restart loop, mpol_new will be freed via mpol_put before returning to the caller. But refcnt is not initialized yet, so mpol_put could not do the right things and might leak the unused mpol_new. This would happen if mempolicy was updated on the shared shmem file while the sp->lock has been dropped during the memory allocation. This issue could ... • https://git.kernel.org/stable/c/42288fe366c4f1ce7522bc9f27d0bc2a81c55264 •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2022-49078 – lz4: fix LZ4_decompress_safe_partial read out of bound
https://notcve.org/view.php?id=CVE-2022-49078
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: lz4: fix LZ4_decompress_safe_partial read out of bound When partialDecoding, it is EOF if we've either filled the output buffer or can't proceed with reading an offset for following match. In some extreme corner cases when compressed data is suitably corrupted, UAF will occur. As reported by KASAN [1], LZ4_decompress_safe_partial may lead to read out of bound problem during decoding. lz4 upstream has fixed it [2] and this issue has been dis... • https://git.kernel.org/stable/c/73953dfa9d50e5c9fe98ee13fd1d3427aa12a0a3 • CWE-416: Use After Free •