CVSS: 9.0EPSS: %CPEs: 8EXPL: 0CVE-2022-49700 – mm/slub: add missing TID updates on slab deactivation
https://notcve.org/view.php?id=CVE-2022-49700
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: mm/slub: add missing TID updates on slab deactivation The fastpath in slab_alloc_node() assumes that c->slab is stable as long as the TID stays the same. However, two places in __slab_alloc() currently don't update the TID when deactivating the CPU slab. If multiple operations race the right way, this could lead to an object getting lost; or, in an even more unlikely situation, it could even lead to an object being freed onto the wrong slab... • https://git.kernel.org/stable/c/03e404af26dc2ea0d278d7a342de0aab394793ce •
CVSS: 5.5EPSS: %CPEs: 2EXPL: 0CVE-2022-49699 – filemap: Handle sibling entries in filemap_get_read_batch()
https://notcve.org/view.php?id=CVE-2022-49699
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: filemap: Handle sibling entries in filemap_get_read_batch() If a read races with an invalidation followed by another read, it is possible for a folio to be replaced with a higher-order folio. If that happens, we'll see a sibling entry for the new folio in the next iteration of the loop. This manifests as a NULL pointer dereference while holding the RCU read lock. Handle this by simply returning. The next call will find the new folio and han... • https://git.kernel.org/stable/c/cbd59c48ae2bcadc4a7599c29cf32fd3f9b78251 •
CVSS: 7.8EPSS: %CPEs: 4EXPL: 0CVE-2022-49698 – netfilter: use get_random_u32 instead of prandom
https://notcve.org/view.php?id=CVE-2022-49698
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: netfilter: use get_random_u32 instead of prandom bh might occur while updating per-cpu rnd_state from user context, ie. local_out path. BUG: using smp_processor_id() in preemptible [00000000] code: nginx/2725 caller is nft_ng_random_eval+0x24/0x54 [nft_numgen] Call Trace: check_preemption_disabled+0xde/0xe0 nft_ng_random_eval+0x24/0x54 [nft_numgen] Use the random driver instead, this also avoids need for local prandom state. Moreover, prand... • https://git.kernel.org/stable/c/978d8f9055c3a7c35db2ac99cd2580b993396e33 •
CVSS: 5.5EPSS: %CPEs: 5EXPL: 0CVE-2022-49697 – bpf: Fix request_sock leak in sk lookup helpers
https://notcve.org/view.php?id=CVE-2022-49697
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: bpf: Fix request_sock leak in sk lookup helpers A customer reported a request_socket leak in a Calico cloud environment. We found that a BPF program was doing a socket lookup with takes a refcnt on the socket and that it was finding the request_socket but returning the parent LISTEN socket via sk_to_full_sk() without decrementing the child request socket 1st, resulting in request_sock slab object leak. This patch retains the existing behavi... • https://git.kernel.org/stable/c/edbf8c01de5a104a71ed6df2bf6421ceb2836a8e •
CVSS: 7.1EPSS: %CPEs: 6EXPL: 0CVE-2022-49696 – tipc: fix use-after-free Read in tipc_named_reinit
https://notcve.org/view.php?id=CVE-2022-49696
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: tipc: fix use-after-free Read in tipc_named_reinit syzbot found the following issue on: ================================================================== BUG: KASAN: use-after-free in tipc_named_reinit+0x94f/0x9b0 net/tipc/name_distr.c:413 Read of size 8 at addr ffff88805299a000 by task kworker/1:9/23764 CPU: 1 PID: 23764 Comm: kworker/1:9 Not tainted 5.18.0-rc4-syzkaller-00878-g17d49e6e8012 #0 Hardware name: Google Compute Engine/Google C... • https://git.kernel.org/stable/c/d966ddcc38217a6110a6a0ff37ad2dee7d42e23e •
CVSS: 7.5EPSS: %CPEs: 4EXPL: 0CVE-2022-49695 – igb: fix a use-after-free issue in igb_clean_tx_ring
https://notcve.org/view.php?id=CVE-2022-49695
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: igb: fix a use-after-free issue in igb_clean_tx_ring Fix the following use-after-free bug in igb_clean_tx_ring routine when the NIC is running in XDP mode. The issue can be triggered redirecting traffic into the igb NIC and then closing the device while the traffic is flowing. [ 73.322719] CPU: 1 PID: 487 Comm: xdp_redirect Not tainted 5.18.3-apu2 #9 [ 73.330639] Hardware name: PC Engines APU2/APU2, BIOS 4.0.7 02/28/2017 [ 73.337434] RIP: 0... • https://git.kernel.org/stable/c/9cbc948b5a20c9c054d9631099c0426c16da546b •
CVSS: 7.1EPSS: %CPEs: 5EXPL: 0CVE-2022-49693 – drm/msm/mdp4: Fix refcount leak in mdp4_modeset_init_intf
https://notcve.org/view.php?id=CVE-2022-49693
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: drm/msm/mdp4: Fix refcount leak in mdp4_modeset_init_intf of_graph_get_remote_node() returns remote device node pointer with refcount incremented, we should use of_node_put() on it when not need anymore. Add missing of_node_put() to avoid refcount leak. Patchwork: https://patchwork.freedesktop.org/patch/488473/ In the Linux kernel, the following vulnerability has been resolved: drm/msm/mdp4: Fix refcount leak in mdp4_modeset_init_intf of_gr... • https://git.kernel.org/stable/c/86418f90a4c1a0073db65d8a1e2bf94421117a60 •
CVSS: 7.1EPSS: %CPEs: 6EXPL: 0CVE-2022-49691 – erspan: do not assume transport header is always set
https://notcve.org/view.php?id=CVE-2022-49691
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: erspan: do not assume transport header is always set Rewrite tests in ip6erspan_tunnel_xmit() and erspan_fb_xmit() to not assume transport header is set. syzbot reported: WARNING: CPU: 0 PID: 1350 at include/linux/skbuff.h:2911 skb_transport_header include/linux/skbuff.h:2911 [inline] WARNING: CPU: 0 PID: 1350 at include/linux/skbuff.h:2911 ip6erspan_tunnel_xmit+0x15af/0x2eb0 net/ipv6/ip6_gre.c:963 Modules linked in: CPU: 0 PID: 1350 Comm: ... • https://git.kernel.org/stable/c/d5db21a3e6977dcb42cee3d16cd69901fa66510a •
CVSS: 6.6EPSS: %CPEs: 7EXPL: 0CVE-2022-49688 – afs: Fix dynamic root getattr
https://notcve.org/view.php?id=CVE-2022-49688
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: afs: Fix dynamic root getattr The recent patch to make afs_getattr consult the server didn't account for the pseudo-inodes employed by the dynamic root-type afs superblock not having a volume or a server to access, and thus an oops occurs if such a directory is stat'd. Fix this by checking to see if the vnode->volume pointer actually points anywhere before following it in afs_getattr(). This can be tested by stat'ing a directory in /afs. It... • https://git.kernel.org/stable/c/b76ea7c06b24dcf97ea3379b6957d5b99c346ea0 •
CVSS: 7.1EPSS: %CPEs: 6EXPL: 0CVE-2022-49687 – virtio_net: fix xdp_rxq_info bug after suspend/resume
https://notcve.org/view.php?id=CVE-2022-49687
26 Feb 2025 — In the Linux kernel, the following vulnerability has been resolved: virtio_net: fix xdp_rxq_info bug after suspend/resume The following sequence currently causes a driver bug warning when using virtio_net: # ip link set eth0 up # echo mem > /sys/power/state (or e.g. # rtcwake -s 10 -m mem)