CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2022-49159 – scsi: qla2xxx: Implement ref count for SRB
https://notcve.org/view.php?id=CVE-2022-49159
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Implement ref count for SRB The timeout handler and the done function are racing. When qla2x00_async_iocb_timeout() starts to run it can be preempted by the normal response path (via the firmware?). qla24xx_async_gpsc_sp_done() releases the SRB unconditionally. When scheduling back to qla2x00_async_iocb_timeout() qla24xx_async_abort_cmd() will access an freed sp->qpair pointer: qla2xxx [0000:83:00.0]-2871:0: Async-gpsc timeou... • https://git.kernel.org/stable/c/e17111dd2fda81c35f309b1e5b6ab35809a375e7 •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2022-49158 – scsi: qla2xxx: Fix warning message due to adisc being flushed
https://notcve.org/view.php?id=CVE-2022-49158
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix warning message due to adisc being flushed Fix warning message due to adisc being flushed. Linux kernel triggered a warning message where a different error code type is not matching up with the expected type. Add additional translation of one error code type to another. WARNING: CPU: 2 PID: 1131623 at drivers/scsi/qla2xxx/qla_init.c:498 qla2x00_async_adisc_sp_done+0x294/0x2b0 [qla2xxx] CPU: 2 PID: 1131623 Comm: drmgr Not ... • https://git.kernel.org/stable/c/7a3457777c4f700c64836e78dc71e6ce459f62b8 •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2022-49157 – scsi: qla2xxx: Fix premature hw access after PCI error
https://notcve.org/view.php?id=CVE-2022-49157
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix premature hw access after PCI error After a recoverable PCI error has been detected and recovered, qla driver needs to check to see if the error condition still persist and/or wait for the OS to give the resume signal. Sep 8 22:26:03 localhost kernel: WARNING: CPU: 9 PID: 124606 at qla_tmpl.c:440 qla27xx_fwdt_entry_t266+0x55/0x60 [qla2xxx] Sep 8 22:26:03 localhost kernel: RIP: 0010:qla27xx_fwdt_entry_t266+0x55/0x60 [qla2x... • https://git.kernel.org/stable/c/5ef6319f9882699613d5182fbd7929b017e8c5ab •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2022-49156 – scsi: qla2xxx: Fix scheduling while atomic
https://notcve.org/view.php?id=CVE-2022-49156
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix scheduling while atomic The driver makes a call into midlayer (fc_remote_port_delete) which can put the thread to sleep. The thread that originates the call is in interrupt context. The combination of the two trigger a crash. Schedule the call in non-interrupt context where it is more safe. kernel: BUG: scheduling while atomic: swapper/7/0/0x00010000 kernel: Call Trace: kernel:
CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2022-49155 – scsi: qla2xxx: Suppress a kernel complaint in qla_create_qpair()
https://notcve.org/view.php?id=CVE-2022-49155
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Suppress a kernel complaint in qla_create_qpair() [ 12.323788] BUG: using smp_processor_id() in preemptible [00000000] code: systemd-udevd/1020 [ 12.332297] caller is qla2xxx_create_qpair+0x32a/0x5d0 [qla2xxx] [ 12.338417] CPU: 7 PID: 1020 Comm: systemd-udevd Tainted: G I --------- --- 5.14.0-29.el9.x86_64 #1 [ 12.348827] Hardware name: Dell Inc. PowerEdge R610/0F0XJ6, BIOS 6.6.0 05/22/2018 [ 12.356356] Call Trace: [ 12.35882... • https://git.kernel.org/stable/c/43195a0c620761fbb88db04e2475313855b948a4 •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2022-49154 – KVM: SVM: fix panic on out-of-bounds guest IRQ
https://notcve.org/view.php?id=CVE-2022-49154
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: KVM: SVM: fix panic on out-of-bounds guest IRQ As guest_irq is coming from KVM_IRQFD API call, it may trigger crash in svm_update_pi_irte() due to out-of-bounds: crash> bt PID: 22218 TASK: ffff951a6ad74980 CPU: 73 COMMAND: "vcpu8" #0 [ffffb1ba6707fa40] machine_kexec at ffffffff8565b397 #1 [ffffb1ba6707fa90] __crash_kexec at ffffffff85788a6d #2 [ffffb1ba6707fb58] crash_kexec at ffffffff8578995d #3 [ffffb1ba6707fb70] oops_end at ffffffff85623... • https://git.kernel.org/stable/c/0fb470eb48892e131d10aa3be6915239e65758f3 •
CVSS: -EPSS: 0%CPEs: 9EXPL: 0CVE-2022-49145 – ACPI: CPPC: Avoid out of bounds access when parsing _CPC data
https://notcve.org/view.php?id=CVE-2022-49145
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: ACPI: CPPC: Avoid out of bounds access when parsing _CPC data If the NumEntries field in the _CPC return package is less than 2, do not attempt to access the "Revision" element of that package, because it may not be present then. BugLink: https://lore.kernel.org/lkml/20220322143534.GC32582@xsang-OptiPlex-9020/ • https://git.kernel.org/stable/c/337aadff8e4567e39669e07d9a88b789d78458b5 •
CVSS: -EPSS: 0%CPEs: 11EXPL: 0CVE-2022-49142 – net: preserve skb_end_offset() in skb_unclone_keeptruesize()
https://notcve.org/view.php?id=CVE-2022-49142
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: net: preserve skb_end_offset() in skb_unclone_keeptruesize() syzbot found another way to trigger the infamous WARN_ON_ONCE(delta < len) in skb_try_coalesce() [1] I was able to root cause the issue to kfence. When kfence is in action, the following assertion is no longer true: int size = xxxx; void *ptr1 = kmalloc(size, gfp); void *ptr2 = kmalloc(size, gfp); if (ptr1 && ptr2) ASSERT(ksize(ptr1) == ksize(ptr2)); We attempted to fix these issu... • https://git.kernel.org/stable/c/097b9146c0e26aabaa6ff3e5ea536a53f5254a79 •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2022-49139 – Bluetooth: fix null ptr deref on hci_sync_conn_complete_evt
https://notcve.org/view.php?id=CVE-2022-49139
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: fix null ptr deref on hci_sync_conn_complete_evt This event is just specified for SCO and eSCO link types. On the reception of a HCI_Synchronous_Connection_Complete for a BDADDR of an existing LE connection, LE link type and a status that triggers the second case of the packet processing a NULL pointer dereference happens, as conn->link is NULL. • https://git.kernel.org/stable/c/1c1291a84e94f6501644634c97544bb8291e9a1a •
CVSS: -EPSS: 0%CPEs: 2EXPL: 0CVE-2022-49138 – Bluetooth: hci_event: Ignore multiple conn complete events
https://notcve.org/view.php?id=CVE-2022-49138
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_event: Ignore multiple conn complete events When one of the three connection complete events is received multiple times for the same handle, the device is registered multiple times which leads to memory corruptions. Therefore, consequent events for a single connection are ignored. The conn->state can hold different values, therefore HCI_CONN_HANDLE_UNSET is introduced to identify new connections. To make sure the events do no... • https://git.kernel.org/stable/c/aa1ca580e3ffe62a2c5ea1c095b609b2943c5269 •