CVSS: -EPSS: 0%CPEs: 8EXPL: 0CVE-2022-49075 – btrfs: fix qgroup reserve overflow the qgroup limit
https://notcve.org/view.php?id=CVE-2022-49075
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: btrfs: fix qgroup reserve overflow the qgroup limit We use extent_changeset->bytes_changed in qgroup_reserve_data() to record how many bytes we set for EXTENT_QGROUP_RESERVED state. Currently the bytes_changed is set as "unsigned int", and it will overflow if we try to fallocate a range larger than 4GiB. The result is we reserve less bytes and eventually break the qgroup limit. Unlike regular buffered/direct write, which we use one changese... • https://git.kernel.org/stable/c/0355387ea5b02d353c9415613fab908fac5c52a6 •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2022-49072 – gpio: Restrict usage of GPIO chip irq members before initialization
https://notcve.org/view.php?id=CVE-2022-49072
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: gpio: Restrict usage of GPIO chip irq members before initialization GPIO chip irq members are exposed before they could be completely initialized and this leads to race conditions. One such issue was observed for the gc->irq.domain variable which was accessed through the I2C interface in gpiochip_to_irq() before it could be initialized by gpiochip_add_irqchip(). This resulted in Kernel NULL pointer dereference. Following are the logs for re... • https://git.kernel.org/stable/c/7e88a50704b0c49ad3f2d11e8b963341cf68a89f • CWE-476: NULL Pointer Dereference •
CVSS: -EPSS: 0%CPEs: 6EXPL: 0CVE-2022-49067 – powerpc: Fix virt_addr_valid() for 64-bit Book3E & 32-bit
https://notcve.org/view.php?id=CVE-2022-49067
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: powerpc: Fix virt_addr_valid() for 64-bit Book3E & 32-bit mpe: On 64-bit Book3E vmalloc space starts at 0x8000000000000000. Because of the way __pa() works we have: __pa(0x8000000000000000) == 0, and therefore virt_to_pfn(0x8000000000000000) == 0, and therefore virt_addr_valid(0x8000000000000000) == true Which is wrong, virt_addr_valid() should be false for vmalloc space. In fact all vmalloc addresses that alias with a valid PFN will return... • https://git.kernel.org/stable/c/deab81144d5a043f42804207fb76cfbd8a806978 •
CVSS: -EPSS: 0%CPEs: 3EXPL: 0CVE-2022-49054 – Drivers: hv: vmbus: Deactivate sysctl_record_panic_msg by default in isolated guests
https://notcve.org/view.php?id=CVE-2022-49054
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: Drivers: hv: vmbus: Deactivate sysctl_record_panic_msg by default in isolated guests hv_panic_page might contain guest-sensitive information, do not dump it over to Hyper-V by default in isolated guests. While at it, update some comments in hyperv_{panic,die}_event(). • https://git.kernel.org/stable/c/1b576e81d31b56b248316b8ff816b1cc5c4407c7 •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2021-47645 – media: staging: media: zoran: calculate the right buffer number for zoran_reap_stat_com
https://notcve.org/view.php?id=CVE-2021-47645
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: media: staging: media: zoran: calculate the right buffer number for zoran_reap_stat_com On the case tmp_dcim=1, the index of buffer is miscalculated. This generate a NULL pointer dereference later. So let's fix the calcul and add a check to prevent this to reappear. • https://git.kernel.org/stable/c/bafec1a6ba4b187a7fcdcfce0faebdc623d4ef8e •
CVSS: -EPSS: 0%CPEs: 5EXPL: 0CVE-2021-47644 – media: staging: media: zoran: move videodev alloc
https://notcve.org/view.php?id=CVE-2021-47644
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: media: staging: media: zoran: move videodev alloc Move some code out of zr36057_init() and create new functions for handling zr->video_dev. This permit to ease code reading and fix a zr->video_dev memory leak. • https://git.kernel.org/stable/c/bd01629315ffd5b63da91d0bd529a77d30e55028 •
CVSS: -EPSS: 0%CPEs: 9EXPL: 0CVE-2021-47642 – video: fbdev: nvidiafb: Use strscpy() to prevent buffer overflow
https://notcve.org/view.php?id=CVE-2021-47642
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: video: fbdev: nvidiafb: Use strscpy() to prevent buffer overflow Coverity complains of a possible buffer overflow. However, given the 'static' scope of nvidia_setup_i2c_bus() it looks like that can't happen after examiniing the call sites. CID 19036 (#1 of 1): Copy into fixed size buffer (STRING_OVERFLOW) 1. fixed_size_dest: You might overrun the 48-character fixed-size string chan->adapter.name by copying name without checking the length. ... • https://git.kernel.org/stable/c/47e5533adf118afaf06d25a3e2aaaab89371b1c5 •
CVSS: -EPSS: 0%CPEs: 9EXPL: 0CVE-2021-47641 – video: fbdev: cirrusfb: check pixclock to avoid divide by zero
https://notcve.org/view.php?id=CVE-2021-47641
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: video: fbdev: cirrusfb: check pixclock to avoid divide by zero Do a sanity check on pixclock value to avoid divide by zero. If the pixclock value is zero, the cirrusfb driver will round up pixclock to get the derived frequency as close to maxclock as possible. Syzkaller reported a divide error in cirrusfb_check_pixclock. divide error: 0000 [#1] SMP KASAN PTI CPU: 0 PID: 14938 Comm: cirrusfb_test Not tainted 5.15.0-rc6 #1 Hardware name: QEMU... • https://git.kernel.org/stable/c/c656d04247a2654ede5cead2ecbf83431dad5261 •
CVSS: -EPSS: 0%CPEs: 4EXPL: 0CVE-2021-47632 – powerpc/set_memory: Avoid spinlock recursion in change_page_attr()
https://notcve.org/view.php?id=CVE-2021-47632
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: powerpc/set_memory: Avoid spinlock recursion in change_page_attr() Commit 1f9ad21c3b38 ("powerpc/mm: Implement set_memory() routines") included a spin_lock() to change_page_attr() in order to safely perform the three step operations. But then commit 9f7853d7609d ("powerpc/mm: Fix set_memory_*() against concurrent accesses") modify it to use pte_update() and do the operation safely against concurrent access. In the meantime, Maxime reported ... • https://git.kernel.org/stable/c/6def4eaf0391f24be541633a954c0e4876858b1e •
CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0CVE-2025-21699 – gfs2: Truncate address space when flipping GFS2_DIF_JDATA flag
https://notcve.org/view.php?id=CVE-2025-21699
12 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: gfs2: Truncate address space when flipping GFS2_DIF_JDATA flag Truncate an inode's address space when flipping the GFS2_DIF_JDATA flag: depending on that flag, the pages in the address space will either use buffer heads or iomap_folio_state structs, and we cannot mix the two. In the Linux kernel, the following vulnerability has been resolved: gfs2: Truncate address space when flipping GFS2_DIF_JDATA flag Truncate an inode's address space wh... • https://git.kernel.org/stable/c/2b0bd5051ad1c1e9ef4879f18e15a7712c974f3e •