CVSS: -EPSS: %CPEs: 5EXPL: 0CVE-2022-49402 – ftrace: Clean up hash direct_functions on register failures
https://notcve.org/view.php?id=CVE-2022-49402
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: ftrace: Clean up hash direct_functions on register failures We see the following GPF when register_ftrace_direct fails: [ ] general protection fault, probably for non-canonical address \ 0x200000000000010: 0000 [#1] PREEMPT SMP DEBUG_PAGEALLOC PTI [...] [ ] RIP: 0010:ftrace_find_rec_direct+0x53/0x70 [ ] Code: 48 c1 e0 03 48 03 42 08 48 8b 10 31 c0 48 85 d2 74 [...] [ ] RSP: 0018:ffffc9000138bc10 EFLAGS: 00010206 [ ] RAX: 0000000000000000 RB... • https://git.kernel.org/stable/c/763e34e74bb7d5c316015e2e39fcc8520bfd071c •
CVSS: -EPSS: %CPEs: 2EXPL: 0CVE-2022-49401 – mm/page_owner: use strscpy() instead of strlcpy()
https://notcve.org/view.php?id=CVE-2022-49401
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: mm/page_owner: use strscpy() instead of strlcpy() current->comm[] is not a string (no guarantee for a zero byte in it). strlcpy(s1, s2, l) is calling strlen(s2), potentially causing out-of-bound access, as reported by syzbot: detected buffer overflow in __fortify_strlen ------------[ cut here ]------------ kernel BUG at lib/string_helpers.c:980! invalid opcode: 0000 [#1] PREEMPT SMP KASAN CPU: 0 PID: 4087 Comm: dhcpcd-run-hooks Not tainted ... • https://git.kernel.org/stable/c/865ed6a3278654ce4a55eb74c5283eeb82ad4699 •
CVSS: -EPSS: %CPEs: 5EXPL: 0CVE-2022-49400 – md: Don't set mddev private to NULL in raid0 pers->free
https://notcve.org/view.php?id=CVE-2022-49400
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: md: Don't set mddev private to NULL in raid0 pers->free In normal stop process, it does like this: do_md_stop | __md_stop (pers->free(); mddev->private=NULL) | md_free (free mddev) __md_stop sets mddev->private to NULL after pers->free. The raid device will be stopped and mddev memory is free. But in reshape, it doesn't free the mddev and mddev will still be used in new raid. In reshape, it first sets mddev->private to new_pers and then run... • https://git.kernel.org/stable/c/00e3d58f50a875343124bcf5a9637520a492b0d1 •
CVSS: -EPSS: %CPEs: 8EXPL: 0CVE-2022-49399 – tty: goldfish: Use tty_port_destroy() to destroy port
https://notcve.org/view.php?id=CVE-2022-49399
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: tty: goldfish: Use tty_port_destroy() to destroy port In goldfish_tty_probe(), the port initialized through tty_port_init() should be destroyed in error paths.In goldfish_tty_remove(), qtty->port also should be destroyed or else might leak resources. Fix the above by calling tty_port_destroy(). • https://git.kernel.org/stable/c/666b7793d4bfa9f150b5c2007ab48c755ddc53ca •
CVSS: -EPSS: %CPEs: 5EXPL: 0CVE-2022-49398 – usb: dwc3: gadget: Replace list_for_each_entry_safe() if using giveback
https://notcve.org/view.php?id=CVE-2022-49398
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: gadget: Replace list_for_each_entry_safe() if using giveback The list_for_each_entry_safe() macro saves the current item (n) and the item after (n+1), so that n can be safely removed without corrupting the list. However, when traversing the list and removing items using gadget giveback, the DWC3 lock is briefly released, allowing other routines to execute. There is a situation where, while items are being removed from the cancell... • https://git.kernel.org/stable/c/d4f1afe5e896c18ae01099a85dab5e1a198bd2a8 •
CVSS: -EPSS: %CPEs: 8EXPL: 0CVE-2022-49397 – phy: qcom-qmp: fix struct clk leak on probe errors
https://notcve.org/view.php?id=CVE-2022-49397
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: phy: qcom-qmp: fix struct clk leak on probe errors Make sure to release the pipe clock reference in case of a late probe error (e.g. probe deferral). • https://git.kernel.org/stable/c/e78f3d15e115e8e764d4b1562b4fa538f2e22f6b •
CVSS: -EPSS: %CPEs: 8EXPL: 0CVE-2022-49396 – phy: qcom-qmp: fix reset-controller leak on probe errors
https://notcve.org/view.php?id=CVE-2022-49396
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: phy: qcom-qmp: fix reset-controller leak on probe errors Make sure to release the lane reset controller in case of a late probe error (e.g. probe deferral). Note that due to the reset controller being defined in devicetree in "lane" child nodes, devm_reset_control_get_exclusive() cannot be used directly. • https://git.kernel.org/stable/c/e78f3d15e115e8e764d4b1562b4fa538f2e22f6b •
CVSS: -EPSS: %CPEs: 9EXPL: 0CVE-2022-49395 – um: Fix out-of-bounds read in LDT setup
https://notcve.org/view.php?id=CVE-2022-49395
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: um: Fix out-of-bounds read in LDT setup syscall_stub_data() expects the data_count parameter to be the number of longs, not bytes. ================================================================== BUG: KASAN: stack-out-of-bounds in syscall_stub_data+0x70/0xe0 Read of size 128 at addr 000000006411f6f0 by task swapper/1 CPU: 0 PID: 1 Comm: swapper Not tainted 5.18.0+ #18 Call Trace: show_stack.cold+0x166/0x2a7 __dump_stack+0x3a/0x43 dump_sta... • https://git.kernel.org/stable/c/858259cf7d1c443c836a2022b78cb281f0a9b95e •
CVSS: -EPSS: %CPEs: 8EXPL: 0CVE-2022-49394 – blk-iolatency: Fix inflight count imbalances and IO hangs on offline
https://notcve.org/view.php?id=CVE-2022-49394
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: blk-iolatency: Fix inflight count imbalances and IO hangs on offline iolatency needs to track the number of inflight IOs per cgroup. As this tracking can be expensive, it is disabled when no cgroup has iolatency configured for the device. To ensure that the inflight counters stay balanced, iolatency_set_limit() freezes the request_queue while manipulating the enabled counter, which ensures that no IO is in flight and thus all counters are z... • https://git.kernel.org/stable/c/6d482bc5697763eb1214f207286daa201b32d20a •
CVSS: -EPSS: %CPEs: 2EXPL: 0CVE-2022-49393 – misc: fastrpc: fix list iterator in fastrpc_req_mem_unmap_impl
https://notcve.org/view.php?id=CVE-2022-49393
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: misc: fastrpc: fix list iterator in fastrpc_req_mem_unmap_impl This is another instance of incorrect use of list iterator and checking it for NULL. The list iterator value 'map' will *always* be set and non-NULL by list_for_each_entry(), so it is incorrect to assume that the iterator value will be NULL if the list is empty (in this case, the check 'if (!map) {' will always be false and never exit as expected). To fix the bug, use a new vari... • https://git.kernel.org/stable/c/5c1b97c7d7b736e6439af4f43a65837bc72f56c1 •