CVSS: -EPSS: %CPEs: 6EXPL: 0CVE-2022-49380 – f2fs: fix to avoid f2fs_bug_on() in dec_valid_node_count()
https://notcve.org/view.php?id=CVE-2022-49380
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid f2fs_bug_on() in dec_valid_node_count() As Yanming reported in bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=215897 I have encountered a bug in F2FS file system in kernel v5.17. The kernel should enable CONFIG_KASAN=y and CONFIG_KASAN_INLINE=y. You can reproduce the bug by running the following commands: The kernel message is shown below: kernel BUG at fs/f2fs/f2fs.h:2511! Call Trace: f2fs_remove_inode_page+0x2a2/... • https://git.kernel.org/stable/c/f8b3c3fcf33105bc1ee7788e3b51b0a1ae42ae53 •
CVSS: -EPSS: %CPEs: 5EXPL: 0CVE-2022-49379 – driver core: Fix wait_for_device_probe() & deferred_probe_timeout interaction
https://notcve.org/view.php?id=CVE-2022-49379
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: driver core: Fix wait_for_device_probe() & deferred_probe_timeout interaction Mounting NFS rootfs was timing out when deferred_probe_timeout was non-zero [1]. This was because ip_auto_config() initcall times out waiting for the network interfaces to show up when deferred_probe_timeout was non-zero. While ip_auto_config() calls wait_for_device_probe() to make sure any currently running deferred probe work or asynchronous probe finishes, that... • https://git.kernel.org/stable/c/35a672363ab3e8dfe4ebcadb4dd0b2d06bb85ebe •
CVSS: -EPSS: %CPEs: 5EXPL: 0CVE-2022-49378 – sfc: fix considering that all channels have TX queues
https://notcve.org/view.php?id=CVE-2022-49378
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: sfc: fix considering that all channels have TX queues Normally, all channels have RX and TX queues, but this is not true if modparam efx_separate_tx_channels=1 is used. In that cases, some channels only have RX queues and others only TX queues (or more preciselly, they have them allocated, but not initialized). Fix efx_channel_has_tx_queues to return the correct value for this case too. Messages shown at probe time before the fix: sfc 0000:... • https://git.kernel.org/stable/c/8700aff089843399f95bc7701ae87b642b35a716 •
CVSS: -EPSS: %CPEs: 4EXPL: 0CVE-2022-49377 – blk-mq: don't touch ->tagset in blk_mq_get_sq_hctx
https://notcve.org/view.php?id=CVE-2022-49377
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: blk-mq: don't touch ->tagset in blk_mq_get_sq_hctx blk_mq_run_hw_queues() could be run when there isn't queued request and after queue is cleaned up, at that time tagset is freed, because tagset lifetime is covered by driver, and often freed after blk_cleanup_queue() returns. So don't touch ->tagset for figuring out current default hctx by the mapping built in request queue, so use-after-free on tagset can be avoided. Meantime this way shou... • https://git.kernel.org/stable/c/b6e68ee82585f2ee890b0a897a6aacbf49a467bb •
CVSS: -EPSS: %CPEs: 5EXPL: 0CVE-2022-49376 – scsi: sd: Fix potential NULL pointer dereference
https://notcve.org/view.php?id=CVE-2022-49376
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: scsi: sd: Fix potential NULL pointer dereference If sd_probe() sees an early error before sdkp->device is initialized, sd_zbc_release_disk() is called. This causes a NULL pointer dereference when sd_is_zoned() is called inside that function. Avoid this by removing the call to sd_zbc_release_disk() in sd_probe() error path. This change is safe and does not result in zone information memory leakage because the zone information for a zoned dis... • https://git.kernel.org/stable/c/89d9475610771b5e5fe1879075f0fc9ba6e3755f •
CVSS: -EPSS: %CPEs: 9EXPL: 0CVE-2022-49375 – rtc: mt6397: check return value after calling platform_get_resource()
https://notcve.org/view.php?id=CVE-2022-49375
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: rtc: mt6397: check return value after calling platform_get_resource() It will cause null-ptr-deref if platform_get_resource() returns NULL, we need check the return value. • https://git.kernel.org/stable/c/fc2979118f3f5193475cb53d5df7bdaa7e358a42 •
CVSS: -EPSS: %CPEs: 7EXPL: 0CVE-2022-49374 – tipc: check attribute length for bearer name
https://notcve.org/view.php?id=CVE-2022-49374
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: tipc: check attribute length for bearer name syzbot reported uninit-value: ===================================================== BUG: KMSAN: uninit-value in string_nocheck lib/vsprintf.c:644 [inline] BUG: KMSAN: uninit-value in string+0x4f9/0x6f0 lib/vsprintf.c:725 string_nocheck lib/vsprintf.c:644 [inline] string+0x4f9/0x6f0 lib/vsprintf.c:725 vsnprintf+0x2222/0x3650 lib/vsprintf.c:2806 vprintk_store+0x537/0x2150 kernel/printk/printk.c:215... • https://git.kernel.org/stable/c/cb30a63384bc91d5da06e1cede1115f666a29271 •
CVSS: -EPSS: %CPEs: 6EXPL: 0CVE-2022-49373 – watchdog: ts4800_wdt: Fix refcount leak in ts4800_wdt_probe
https://notcve.org/view.php?id=CVE-2022-49373
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: watchdog: ts4800_wdt: Fix refcount leak in ts4800_wdt_probe of_parse_phandle() returns a node pointer with refcount incremented, we should use of_node_put() on it when done. Add missing of_node_put() in some error paths. • https://git.kernel.org/stable/c/bf9006399939762e6cd32445e848e56727df9d98 •
CVSS: -EPSS: %CPEs: 9EXPL: 0CVE-2022-49372 – tcp: tcp_rtx_synack() can be called from process context
https://notcve.org/view.php?id=CVE-2022-49372
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: tcp: tcp_rtx_synack() can be called from process context Laurent reported the enclosed report [1] This bug triggers with following coditions: 0) Kernel built with CONFIG_DEBUG_PREEMPT=y 1) A new passive FastOpen TCP socket is created. This FO socket waits for an ACK coming from client to be a complete ESTABLISHED one. 2) A socket operation on this socket goes through lock_sock() release_sock() dance. 3) While the socket is owned by the user... • https://git.kernel.org/stable/c/168a8f58059a22feb9e9a2dcc1b8053dbbbc12ef •
CVSS: -EPSS: %CPEs: 6EXPL: 0CVE-2022-49371 – driver core: fix deadlock in __device_attach
https://notcve.org/view.php?id=CVE-2022-49371
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: driver core: fix deadlock in __device_attach In __device_attach function, The lock holding logic is as follows: ... __device_attach device_lock(dev) // get lock dev async_schedule_dev(__device_attach_async_helper, dev); // func async_schedule_node async_schedule_node_domain(func) entry = kzalloc(sizeof(struct async_entry), GFP_ATOMIC); /* when fail or work limit, sync to execute func, but __device_attach_async_helper will get lock dev as we... • https://git.kernel.org/stable/c/765230b5f084863183aa8adb3405ab3f32c0b16e •