CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2022-49977 – ftrace: Fix NULL pointer dereference in is_ftrace_trampoline when ftrace is dead
https://notcve.org/view.php?id=CVE-2022-49977
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: ftrace: Fix NULL pointer dereference in is_ftrace_trampoline when ftrace is dead ftrace_startup does not remove ops from ftrace_ops_list when ftrace_startup_enable fails: register_ftrace_function ftrace_startup __register_ftrace_function ... add_ftrace_ops(&ftrace_ops_list, ops) ... ... ftrace_startup_enable // if ftrace failed to modify, ftrace_disabled is set to 1 ... return 0 // ops is in the ftrace_ops_list. When ftrace_disabled = 1, un... • https://git.kernel.org/stable/c/8569b4ada1e0b9bfaa125bd0c0967918b6560fa2 •
CVSS: 6.4EPSS: 0%CPEs: 5EXPL: 0CVE-2022-49975 – bpf: Don't redirect packets with invalid pkt_len
https://notcve.org/view.php?id=CVE-2022-49975
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: bpf: Don't redirect packets with invalid pkt_len Syzbot found an issue [1]: fq_codel_drop() try to drop a flow whitout any skbs, that is, the flow->head is null. The root cause, as the [2] says, is because that bpf_prog_test_run_skb() run a bpf prog which redirects empty skbs. So we should determine whether the length of the packet modified by bpf prog or others like bpf_prog_test is valid before forwarding it directly. In the Linux kernel,... • https://git.kernel.org/stable/c/8b68e53d56697a59b5c53893b53f508bbdf272a0 •
CVSS: 8.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-49973 – skmsg: Fix wrong last sg check in sk_msg_recvmsg()
https://notcve.org/view.php?id=CVE-2022-49973
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: skmsg: Fix wrong last sg check in sk_msg_recvmsg() Fix one kernel NULL pointer dereference as below: [ 224.462334] Call Trace: [ 224.462394] __tcp_bpf_recvmsg+0xd3/0x380 [ 224.462441] ? sock_has_perm+0x78/0xa0 [ 224.462463] tcp_bpf_recvmsg+0x12e/0x220 [ 224.462494] inet_recvmsg+0x5b/0xd0 [ 224.462534] __sys_recvfrom+0xc8/0x130 [ 224.462574] ? syscall_trace_enter+0x1df/0x2e0 [ 224.462606] ? __do_page_fault+0x2de/0x500 [ 224.462635] __x64_sys... • https://git.kernel.org/stable/c/293c53b7dbf9073cbcc488f938bc053ff4caeec0 •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2022-49970 – bpf, cgroup: Fix kernel BUG in purge_effective_progs
https://notcve.org/view.php?id=CVE-2022-49970
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: bpf, cgroup: Fix kernel BUG in purge_effective_progs Syzkaller reported a triggered kernel BUG as follows: ------------[ cut here ]------------ kernel BUG at kernel/bpf/cgroup.c:925! invalid opcode: 0000 [#1] PREEMPT SMP NOPTI CPU: 1 PID: 194 Comm: detach Not tainted 5.19.0-14184-g69dac8e431af #8 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.0-0-gd239552ce722-prebuilt.qemu.org 04/01/2014 RIP: 0010:__cgroup_bpf_detach+... • https://git.kernel.org/stable/c/3527e3cbb84d8868c4d4e91ba55915f96d39ec3d •
CVSS: 7.1EPSS: 0%CPEs: 6EXPL: 0CVE-2022-49969 – drm/amd/display: clear optc underflow before turn off odm clock
https://notcve.org/view.php?id=CVE-2022-49969
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: clear optc underflow before turn off odm clock [Why] After ODM clock off, optc underflow bit will be kept there always and clear not work. We need to clear that before clock off. [How] Clear that if have when clock off. In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: clear optc underflow before turn off odm clock [Why] After ODM clock off, optc underflow bit will be kept there always and... • https://git.kernel.org/stable/c/443687798d6f094412b7312b64b3bb4d99aedff7 •
CVSS: 6.9EPSS: 0%CPEs: 7EXPL: 0CVE-2022-49968 – ieee802154/adf7242: defer destroy_workqueue call
https://notcve.org/view.php?id=CVE-2022-49968
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: ieee802154/adf7242: defer destroy_workqueue call There is a possible race condition (use-after-free) like below (FREE) | (USE) adf7242_remove | adf7242_channel cancel_delayed_work_sync | destroy_workqueue (1) | adf7242_cmd_rx | mod_delayed_work (2) | The root cause for this race is that the upper layer (ieee802154) is unaware of this detaching event and the function adf7242_channel can be called without any checks. To fix this, we can add a... • https://git.kernel.org/stable/c/58e9683d14752debc6f22daf6b23e031787df31f •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2022-49967 – bpf: Fix a data-race around bpf_jit_limit.
https://notcve.org/view.php?id=CVE-2022-49967
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: bpf: Fix a data-race around bpf_jit_limit. While reading bpf_jit_limit, it can be changed concurrently via sysctl, WRITE_ONCE() in __do_proc_doulongvec_minmax(). The size of bpf_jit_limit is long, so we need to add a paired READ_ONCE() to avoid load-tearing. In the Linux kernel, the following vulnerability has been resolved: bpf: Fix a data-race around bpf_jit_limit. While reading bpf_jit_limit, it can be changed concurrently via sysctl, WR... • https://git.kernel.org/stable/c/ede95a63b5e84ddeea6b0c473b36ab8bfd8c6ce3 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2022-49966 – drm/amd/pm: add missing ->fini_microcode interface for Sienna Cichlid
https://notcve.org/view.php?id=CVE-2022-49966
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/amd/pm: add missing ->fini_microcode interface for Sienna Cichlid To avoid any potential memory leak. • https://git.kernel.org/stable/c/b455159c053130d0658e9e7f8cb61e9bf6603f22 •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2022-49964 – arm64: cacheinfo: Fix incorrect assignment of signed error value to unsigned fw_level
https://notcve.org/view.php?id=CVE-2022-49964
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: arm64: cacheinfo: Fix incorrect assignment of signed error value to unsigned fw_level Though acpi_find_last_cache_level() always returned signed value and the document states it will return any errors caused by lack of a PPTT table, it never returned negative values before. Commit 0c80f9e165f8 ("ACPI: PPTT: Leave the table mapped for the runtime usage") however changed it by returning -ENOENT if no PPTT was found. The value returned from ac... • https://git.kernel.org/stable/c/1668c38ef2e5bb80dbee88afcecfcdc3e7abc2aa •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2022-49961 – bpf: Do mark_chain_precision for ARG_CONST_ALLOC_SIZE_OR_ZERO
https://notcve.org/view.php?id=CVE-2022-49961
18 Jun 2025 — In the Linux kernel, the following vulnerability has been resolved: bpf: Do mark_chain_precision for ARG_CONST_ALLOC_SIZE_OR_ZERO Precision markers need to be propagated whenever we have an ARG_CONST_* style argument, as the verifier cannot consider imprecise scalars to be equivalent for the purposes of states_equal check when such arguments refine the return value (in this case, set mem_size for PTR_TO_MEM). The resultant mem_size for the R0 is derived from the constant value, and if the verifier incorrect... • https://git.kernel.org/stable/c/457f44363a8894135c85b7a9afd2bd8196db24ab •