CVSS: 5.5EPSS: %CPEs: 7EXPL: 0CVE-2022-49647 – cgroup: Use separate src/dst nodes when preloading css_sets for migration
https://notcve.org/view.php?id=CVE-2022-49647
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: cgroup: Use separate src/dst nodes when preloading css_sets for migration Each cset (css_set) is pinned by its tasks. When we're moving tasks around across csets for a migration, we need to hold the source and destination csets to ensure that they don't go away while we're moving tasks about. This is done by linking cset->mg_preload_node on either the mgctx->preloaded_src_csets or mgctx->preloaded_dst_csets list. Using the same cset->mg_pre... • https://git.kernel.org/stable/c/f817de98513d060023be4fa1d061b29a6515273e •
CVSS: 7.1EPSS: %CPEs: 5EXPL: 0CVE-2022-49646 – wifi: mac80211: fix queue selection for mesh/OCB interfaces
https://notcve.org/view.php?id=CVE-2022-49646
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: fix queue selection for mesh/OCB interfaces When using iTXQ, the code assumes that there is only one vif queue for broadcast packets, using the BE queue. Allowing non-BE queue marking violates that assumption and txq->ac == skb_queue_mapping is no longer guaranteed. This can cause issues with queue handling in the driver and also causes issues with the recent ATF change, resulting in an AQL underflow warning. In the Linux ke... • https://git.kernel.org/stable/c/444be5a02b77f3b7a8ac9c1a0b074fbb3bd89cd0 •
CVSS: 4.7EPSS: %CPEs: 6EXPL: 0CVE-2022-49641 – sysctl: Fix data races in proc_douintvec().
https://notcve.org/view.php?id=CVE-2022-49641
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: sysctl: Fix data races in proc_douintvec(). A sysctl variable is accessed concurrently, and there is always a chance of data-race. So, all readers and writers need some basic protection to avoid load/store-tearing. This patch changes proc_douintvec() to use READ_ONCE() and WRITE_ONCE() internally to fix data-races on the sysctl side. For now, proc_douintvec() itself is tolerant to a data-race, but we still need to add annotations on the oth... • https://git.kernel.org/stable/c/e7d316a02f683864a12389f8808570e37fb90aa3 •
CVSS: 7.1EPSS: %CPEs: 8EXPL: 0CVE-2022-49639 – cipso: Fix data-races around sysctl.
https://notcve.org/view.php?id=CVE-2022-49639
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: cipso: Fix data-races around sysctl. While reading cipso sysctl variables, they can be changed concurrently. So, we need to add READ_ONCE() to avoid data-races. In the Linux kernel, the following vulnerability has been resolved: cipso: Fix data-races around sysctl. While reading cipso sysctl variables, they can be changed concurrently. So, we need to add READ_ONCE() to avoid data-races. • https://git.kernel.org/stable/c/446fda4f26822b2d42ab3396aafcedf38a9ff2b6 •
CVSS: 5.5EPSS: %CPEs: 8EXPL: 0CVE-2022-49638 – icmp: Fix data-races around sysctl.
https://notcve.org/view.php?id=CVE-2022-49638
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: icmp: Fix data-races around sysctl. While reading icmp sysctl variables, they can be changed concurrently. So, we need to add READ_ONCE() to avoid data-races. In the Linux kernel, the following vulnerability has been resolved: icmp: Fix data-races around sysctl. While reading icmp sysctl variables, they can be changed concurrently. So, we need to add READ_ONCE() to avoid data-races. • https://git.kernel.org/stable/c/4cdf507d54525842dfd9f6313fdafba039084046 •
CVSS: 5.5EPSS: %CPEs: 3EXPL: 0CVE-2022-49632 – icmp: Fix a data-race around sysctl_icmp_errors_use_inbound_ifaddr.
https://notcve.org/view.php?id=CVE-2022-49632
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: icmp: Fix a data-race around sysctl_icmp_errors_use_inbound_ifaddr. While reading sysctl_icmp_errors_use_inbound_ifaddr, it can be changed concurrently. Thus, we need to add READ_ONCE() to its reader. In the Linux kernel, the following vulnerability has been resolved: icmp: Fix a data-race around sysctl_icmp_errors_use_inbound_ifaddr. While reading sysctl_icmp_errors_use_inbound_ifaddr, it can be changed concurrently. • https://git.kernel.org/stable/c/1c2fb7f93cb20621772bf304f3dba0849942e5db •
CVSS: 5.5EPSS: %CPEs: 3EXPL: 0CVE-2022-49630 – tcp: Fix a data-race around sysctl_tcp_ecn_fallback.
https://notcve.org/view.php?id=CVE-2022-49630
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: tcp: Fix a data-race around sysctl_tcp_ecn_fallback. While reading sysctl_tcp_ecn_fallback, it can be changed concurrently. Thus, we need to add READ_ONCE() to its reader. In the Linux kernel, the following vulnerability has been resolved: tcp: Fix a data-race around sysctl_tcp_ecn_fallback. While reading sysctl_tcp_ecn_fallback, it can be changed concurrently. Thus, we need to add READ_ONCE() to its reader. • https://git.kernel.org/stable/c/492135557dc090a1abb2cfbe1a412757e3ed68ab •
CVSS: 7.1EPSS: %CPEs: 8EXPL: 0CVE-2022-49626 – sfc: fix use after free when disabling sriov
https://notcve.org/view.php?id=CVE-2022-49626
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: sfc: fix use after free when disabling sriov Use after free is detected by kfence when disabling sriov. What was read after being freed was vf->pci_dev: it was freed from pci_disable_sriov and later read in efx_ef10_sriov_free_vf_vports, called from efx_ef10_sriov_free_vf_vswitching. Set the pointer to NULL at release time to not trying to read it later. Reproducer and dmesg log (note that kfence doesn't detect it every time): $ echo 1 > /s... • https://git.kernel.org/stable/c/3c5eb87605e85146a78de589b5070a37862425db •
CVSS: 5.5EPSS: %CPEs: 8EXPL: 0CVE-2022-49625 – sfc: fix kernel panic when creating VF
https://notcve.org/view.php?id=CVE-2022-49625
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: sfc: fix kernel panic when creating VF When creating VFs a kernel panic can happen when calling to efx_ef10_try_update_nic_stats_vf. When releasing a DMA coherent buffer, sometimes, I don't know in what specific circumstances, it has to unmap memory with vunmap. It is disallowed to do that in IRQ context or with BH disabled. Otherwise, we hit this line in vunmap, causing the crash: BUG_ON(in_interrupt()); This patch reenables BH to release ... • https://git.kernel.org/stable/c/d778819609a27efd5358da8151a0ad3507243e19 •
CVSS: 7.7EPSS: %CPEs: 3EXPL: 0CVE-2022-49623 – powerpc/xive/spapr: correct bitmap allocation size
https://notcve.org/view.php?id=CVE-2022-49623
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: powerpc/xive/spapr: correct bitmap allocation size kasan detects access beyond the end of the xibm->bitmap allocation: BUG: KASAN: slab-out-of-bounds in _find_first_zero_bit+0x40/0x140 Read of size 8 at addr c00000001d1d0118 by task swapper/0/1 CPU: 0 PID: 1 Comm: swapper/0 Not tainted 5.19.0-rc2-00001-g90df023b36dd #28 Call Trace: [c00000001d98f770] [c0000000012baab8] dump_stack_lvl+0xac/0x108 (unreliable) [c00000001d98f7b0] [c00000000068f... • https://git.kernel.org/stable/c/10f2cd373e65bcd3be8f3cdc71c330c25763dfd8 •